Upgrade to 6.3p1.
Approved by: re (gjb)
This commit is contained in:
commit
e4a9863fb7
@ -1,11 +1,628 @@
|
||||
20130913
|
||||
- (djm) [channels.c] Fix unaligned access on sparc machines in SOCKS5 code;
|
||||
ok dtucker@
|
||||
- (djm) [channels.c] sigh, typo s/buffet_/buffer_/
|
||||
- (djm) Release 6.3p1
|
||||
|
||||
20130808
|
||||
- (dtucker) [regress/Makefile regress/test-exec.sh] Don't try to use test -nt
|
||||
since some platforms (eg really old FreeBSD) don't have it. Instead,
|
||||
run "make clean" before a complete regress run. ok djm.
|
||||
- (dtucker) [misc.c] Fall back to time(2) at runtime if clock_gettime(
|
||||
CLOCK_MONOTONIC...) fails. Some older versions of RHEL have the
|
||||
CLOCK_MONOTONIC define but don't actually support it. Found and tested
|
||||
by Kevin Brott, ok djm.
|
||||
- (dtucker) [misc.c] Remove define added for fallback testing that was
|
||||
mistakenly included in the previous commit.
|
||||
- (dtucker) [regress/Makefile regress/test-exec.sh] Roll back the -nt
|
||||
removal. The "make clean" removes modpipe which is built by the top-level
|
||||
directory before running the tests. Spotted by tim@
|
||||
|
||||
20130804
|
||||
- (dtucker) [auth-krb5.c configure.ac openbsd-compat/bsd-misc.h] Add support
|
||||
for building with older Heimdal versions. ok djm.
|
||||
|
||||
20130801
|
||||
- (djm) [channels.c channels.h] bz#2135: On Solaris, isatty() on a non-
|
||||
blocking connecting socket will clear any stored errno that might
|
||||
otherwise have been retrievable via getsockopt(). A hack to limit writes
|
||||
to TTYs on AIX was triggering this. Since only AIX needs the hack, wrap
|
||||
it in an #ifdef. Diagnosis and patch from Ivo Raisr.
|
||||
- (djm) [sshlogin.h] Fix prototype merge botch from 2006; bz#2134
|
||||
|
||||
20130725
|
||||
- (djm) OpenBSD CVS Sync
|
||||
- djm@cvs.openbsd.org 2013/07/20 22:20:42
|
||||
[krl.c]
|
||||
fix verification error in (as-yet usused) KRL signature checking path
|
||||
- djm@cvs.openbsd.org 2013/07/22 05:00:17
|
||||
[umac.c]
|
||||
make MAC key, data to be hashed and nonce for final hash const;
|
||||
checked with -Wcast-qual
|
||||
- djm@cvs.openbsd.org 2013/07/22 12:20:02
|
||||
[umac.h]
|
||||
oops, forgot to commit corresponding header change;
|
||||
spotted by jsg and jasper
|
||||
- djm@cvs.openbsd.org 2013/07/25 00:29:10
|
||||
[ssh.c]
|
||||
daemonise backgrounded (ControlPersist'ed) multiplexing master to ensure
|
||||
it is fully detached from its controlling terminal. based on debugging
|
||||
- djm@cvs.openbsd.org 2013/07/25 00:56:52
|
||||
[sftp-client.c sftp-client.h sftp.1 sftp.c]
|
||||
sftp support for resuming partial downloads; patch mostly by Loganaden
|
||||
Velvindron/AfriNIC with some tweaks by me; feedback and ok dtucker@
|
||||
"Just be careful" deraadt@
|
||||
- djm@cvs.openbsd.org 2013/07/25 00:57:37
|
||||
[version.h]
|
||||
openssh-6.3 for release
|
||||
- dtucker@cvs.openbsd.org 2013/05/30 20:12:32
|
||||
[regress/test-exec.sh]
|
||||
use ssh and sshd as testdata since it needs to be >256k for the rekey test
|
||||
- dtucker@cvs.openbsd.org 2013/06/10 21:56:43
|
||||
[regress/forwarding.sh]
|
||||
Add test for forward config parsing
|
||||
- djm@cvs.openbsd.org 2013/06/21 02:26:26
|
||||
[regress/sftp-cmds.sh regress/test-exec.sh]
|
||||
unbreak sftp-cmds for renamed test data (s/ls/data/)
|
||||
- (tim) [sftp-client.c] Use of a gcc extension trips up native compilers on
|
||||
Solaris and UnixWare. Feedback and OK djm@
|
||||
- (tim) [regress/forwarding.sh] Fix for building outside source tree.
|
||||
|
||||
20130720
|
||||
- (djm) OpenBSD CVS Sync
|
||||
- markus@cvs.openbsd.org 2013/07/19 07:37:48
|
||||
[auth.h kex.h kexdhs.c kexecdhs.c kexgexs.c monitor.c servconf.c]
|
||||
[servconf.h session.c sshd.c sshd_config.5]
|
||||
add ssh-agent(1) support to sshd(8); allows encrypted hostkeys,
|
||||
or hostkeys on smartcards; most of the work by Zev Weiss; bz #1974
|
||||
ok djm@
|
||||
- djm@cvs.openbsd.org 2013/07/20 01:43:46
|
||||
[umac.c]
|
||||
use a union to ensure correct alignment; ok deraadt
|
||||
- djm@cvs.openbsd.org 2013/07/20 01:44:37
|
||||
[ssh-keygen.c ssh.c]
|
||||
More useful error message on missing current user in /etc/passwd
|
||||
- djm@cvs.openbsd.org 2013/07/20 01:50:20
|
||||
[ssh-agent.c]
|
||||
call cleanup_handler on SIGINT when in debug mode to ensure sockets
|
||||
are cleaned up on manual exit; bz#2120
|
||||
- djm@cvs.openbsd.org 2013/07/20 01:55:13
|
||||
[auth-krb5.c gss-serv-krb5.c gss-serv.c]
|
||||
fix kerberos/GSSAPI deprecation warnings and linking; "looks okay" millert@
|
||||
|
||||
20130718
|
||||
- (djm) OpenBSD CVS Sync
|
||||
- dtucker@cvs.openbsd.org 2013/06/10 19:19:44
|
||||
[readconf.c]
|
||||
revert 1.203 while we investigate crashes reported by okan@
|
||||
- guenther@cvs.openbsd.org 2013/06/17 04:48:42
|
||||
[scp.c]
|
||||
Handle time_t values as long long's when formatting them and when
|
||||
parsing them from remote servers.
|
||||
Improve error checking in parsing of 'T' lines.
|
||||
ok dtucker@ deraadt@
|
||||
- markus@cvs.openbsd.org 2013/06/20 19:15:06
|
||||
[krl.c]
|
||||
don't leak the rdata blob on errors; ok djm@
|
||||
- djm@cvs.openbsd.org 2013/06/21 00:34:49
|
||||
[auth-rsa.c auth.h auth2-hostbased.c auth2-pubkey.c monitor.c]
|
||||
for hostbased authentication, print the client host and user on
|
||||
the auth success/failure line; bz#2064, ok dtucker@
|
||||
- djm@cvs.openbsd.org 2013/06/21 00:37:49
|
||||
[ssh_config.5]
|
||||
explicitly mention that IdentitiesOnly can be used with IdentityFile
|
||||
to control which keys are offered from an agent.
|
||||
- djm@cvs.openbsd.org 2013/06/21 05:42:32
|
||||
[dh.c]
|
||||
sprinkle in some error() to explain moduli(5) parse failures
|
||||
- djm@cvs.openbsd.org 2013/06/21 05:43:10
|
||||
[scp.c]
|
||||
make this -Wsign-compare clean after time_t conversion
|
||||
- djm@cvs.openbsd.org 2013/06/22 06:31:57
|
||||
[scp.c]
|
||||
improved time_t overflow check suggested by guenther@
|
||||
- jmc@cvs.openbsd.org 2013/06/27 14:05:37
|
||||
[ssh-keygen.1 ssh.1 ssh_config.5 sshd.8 sshd_config.5]
|
||||
do not use Sx for sections outwith the man page - ingo informs me that
|
||||
stuff like html will render with broken links;
|
||||
issue reported by Eric S. Raymond, via djm
|
||||
- markus@cvs.openbsd.org 2013/07/02 12:31:43
|
||||
[dh.c]
|
||||
remove extra whitespace
|
||||
- djm@cvs.openbsd.org 2013/07/12 00:19:59
|
||||
[auth-options.c auth-rsa.c bufaux.c buffer.h channels.c hostfile.c]
|
||||
[hostfile.h mux.c packet.c packet.h roaming_common.c serverloop.c]
|
||||
fix pointer-signedness warnings from clang/llvm-3.3; "seems nice" deraadt@
|
||||
- djm@cvs.openbsd.org 2013/07/12 00:20:00
|
||||
[sftp.c ssh-keygen.c ssh-pkcs11.c]
|
||||
fix pointer-signedness warnings from clang/llvm-3.3; "seems nice" deraadt@
|
||||
- djm@cvs.openbsd.org 2013/07/12 00:43:50
|
||||
[misc.c]
|
||||
in ssh_gai_strerror() don't fallback to strerror for EAI_SYSTEM when
|
||||
errno == 0. Avoids confusing error message in some broken resolver
|
||||
cases. bz#2122 patch from plautrba AT redhat.com; ok dtucker
|
||||
- djm@cvs.openbsd.org 2013/07/12 05:42:03
|
||||
[ssh-keygen.c]
|
||||
do_print_resource_record() can never be called with a NULL filename, so
|
||||
don't attempt (and bungle) asking for one if it has not been specified
|
||||
bz#2127 ok dtucker@
|
||||
- djm@cvs.openbsd.org 2013/07/12 05:48:55
|
||||
[ssh.c]
|
||||
set TCP nodelay for connections started with -N; bz#2124 ok dtucker@
|
||||
- schwarze@cvs.openbsd.org 2013/07/16 00:07:52
|
||||
[scp.1 sftp-server.8 ssh-keyscan.1 ssh-keysign.8 ssh-pkcs11-helper.8]
|
||||
use .Mt for email addresses; from Jan Stary <hans at stare dot cz>; ok jmc@
|
||||
- djm@cvs.openbsd.org 2013/07/18 01:12:26
|
||||
[ssh.1]
|
||||
be more exact wrt perms for ~/.ssh/config; bz#2078
|
||||
|
||||
20130702
|
||||
- (dtucker) [contrib/cygwin/README contrib/cygwin/ssh-host-config
|
||||
contrib/cygwin/ssh-user-config] Modernizes and improve readability of
|
||||
the Cygwin README file (which hasn't been updated for ages), drop
|
||||
unsupported OSes from the ssh-host-config help text, and drop an
|
||||
unneeded option from ssh-user-config. Patch from vinschen at redhat com.
|
||||
|
||||
20130610
|
||||
- (djm) OpenBSD CVS Sync
|
||||
- dtucker@cvs.openbsd.org 2013/06/07 15:37:52
|
||||
[channels.c channels.h clientloop.c]
|
||||
Add an "ABANDONED" channel state and use for mux sessions that are
|
||||
disconnected via the ~. escape sequence. Channels in this state will
|
||||
be able to close if the server responds, but do not count as active channels.
|
||||
This means that if you ~. all of the mux clients when using ControlPersist
|
||||
on a broken network, the backgrounded mux master will exit when the
|
||||
Control Persist time expires rather than hanging around indefinitely.
|
||||
bz#1917, also reported and tested by tedu@. ok djm@ markus@.
|
||||
- (dtucker) [Makefile.in configure.ac fixalgorithms] Remove unsupported
|
||||
algorithms (Ciphers, MACs and HostKeyAlgorithms) from man pages.
|
||||
- (dtucker) [myproposal.h] Do not advertise AES GSM ciphers if we don't have
|
||||
the required OpenSSL support. Patch from naddy at freebsd.
|
||||
- (dtucker) [myproposal.h] Make the conditional algorithm support consistent
|
||||
and add some comments so it's clear what goes where.
|
||||
|
||||
20130605
|
||||
- (dtucker) [myproposal.h] Enable sha256 kex methods based on the presence of
|
||||
the necessary functions, not from the openssl version.
|
||||
- (dtucker) [contrib/ssh-copy-id] bz#2117: Use portable operator in test.
|
||||
Patch from cjwatson at debian.
|
||||
- (dtucker) [regress/forwarding.sh] For (as yet unknown) reason, the
|
||||
forwarding test is extremely slow copying data on some machines so switch
|
||||
back to copying the much smaller ls binary until we can figure out why
|
||||
this is.
|
||||
- (dtucker) [Makefile.in] append $CFLAGS to compiler options when building
|
||||
modpipe in case there's anything in there we need.
|
||||
- (dtucker) OpenBSD CVS Sync
|
||||
- dtucker@cvs.openbsd.org 2013/06/02 21:01:51
|
||||
[channels.h]
|
||||
typo in comment
|
||||
- dtucker@cvs.openbsd.org 2013/06/02 23:36:29
|
||||
[clientloop.h clientloop.c mux.c]
|
||||
No need for the mux cleanup callback to be visible so restore it to static
|
||||
and call it through the detach_user function pointer. ok djm@
|
||||
- dtucker@cvs.openbsd.org 2013/06/03 00:03:18
|
||||
[mac.c]
|
||||
force the MAC output to be 64-bit aligned so umac won't see unaligned
|
||||
accesses on strict-alignment architectures. bz#2101, patch from
|
||||
tomas.kuthan at oracle.com, ok djm@
|
||||
- dtucker@cvs.openbsd.org 2013/06/04 19:12:23
|
||||
[scp.c]
|
||||
use MAXPATHLEN for buffer size instead of fixed value. ok markus
|
||||
- dtucker@cvs.openbsd.org 2013/06/04 20:42:36
|
||||
[sftp.c]
|
||||
Make sftp's libedit interface marginally multibyte aware by building up
|
||||
the quoted string by character instead of by byte. Prevents failures
|
||||
when linked against a libedit built with wide character support (bz#1990).
|
||||
"looks ok" djm
|
||||
- dtucker@cvs.openbsd.org 2013/06/05 02:07:29
|
||||
[mux.c]
|
||||
fix leaks in mux error paths, from Zhenbo Xu, found by Melton. bz#1967,
|
||||
ok djm
|
||||
- dtucker@cvs.openbsd.org 2013/06/05 02:27:50
|
||||
[sshd.c]
|
||||
When running sshd -D, close stderr unless we have explicitly requesting
|
||||
logging to stderr. From james.hunt at ubuntu.com via bz#1976, djm's patch
|
||||
so, err, ok dtucker.
|
||||
- dtucker@cvs.openbsd.org 2013/06/05 12:52:38
|
||||
[sshconnect2.c]
|
||||
Fix memory leaks found by Zhenbo Xu and the Melton tool. bz#1967, ok djm
|
||||
- dtucker@cvs.openbsd.org 2013/06/05 22:00:28
|
||||
[readconf.c]
|
||||
plug another memleak. bz#1967, from Zhenbo Xu, detected by Melton, ok djm
|
||||
- (dtucker) [configure.ac sftp.c openbsd-compat/openbsd-compat.h] Cater for
|
||||
platforms that don't have multibyte character support (specifically,
|
||||
mblen).
|
||||
|
||||
20130602
|
||||
- (tim) [Makefile.in] Make Solaris, UnixWare, & OpenServer linkers happy
|
||||
linking regress/modpipe.
|
||||
- (dtucker) OpenBSD CVS Sync
|
||||
- dtucker@cvs.openbsd.org 2013/06/02 13:33:05
|
||||
[progressmeter.c]
|
||||
Add misc.h for monotime prototype. (ID sync only).
|
||||
- dtucker@cvs.openbsd.org 2013/06/02 13:35:58
|
||||
[ssh-agent.c]
|
||||
Make parent_alive_interval time_t to avoid signed/unsigned comparison
|
||||
- (dtucker) [configure.ac] sys/un.h needs sys/socket.h on some platforms
|
||||
to prevent noise from configure. Patch from Nathan Osman. (bz#2114).
|
||||
- (dtucker) [configure.ac] bz#2111: don't try to use lastlog on Android.
|
||||
Patch from Nathan Osman.
|
||||
- (tim) [configure.ac regress/Makefile] With rev 1.47 of test-exec.sh we
|
||||
need a shell that can handle "[ file1 -nt file2 ]". Rather than keep
|
||||
dealing with shell portability issues in regression tests, we let
|
||||
configure find us a capable shell on those platforms with an old /bin/sh.
|
||||
- (tim) [aclocal.m4] Enhance OSSH_CHECK_CFLAG_COMPILE to check stderr.
|
||||
feedback and ok dtucker
|
||||
- (tim) [regress/sftp-chroot.sh] skip if no sudo. ok dtucker
|
||||
- (dtucker) [configure.ac] Some platforms need sys/types.h before sys/un.h.
|
||||
- (dtucker) [configure.ac] Some other platforms need sys/types.h before
|
||||
sys/socket.h.
|
||||
|
||||
20130601
|
||||
- (dtucker) [configure.ac openbsd-compat/xcrypt.c] bz#2112: fall back to
|
||||
using openssl's DES_crypt function on platorms that don't have a native
|
||||
one, eg Android. Based on a patch from Nathan Osman.
|
||||
- (dtucker) [configure.ac defines.h] Test for fd_mask, howmany and NFDBITS
|
||||
rather than trying to enumerate the plaforms that don't have them.
|
||||
Based on a patch from Nathan Osman, with help from tim@.
|
||||
- (dtucker) OpenBSD CVS Sync
|
||||
- djm@cvs.openbsd.org 2013/05/17 00:13:13
|
||||
[xmalloc.h cipher.c sftp-glob.c ssh-keyscan.c ssh.c sftp-common.c
|
||||
ssh-ecdsa.c auth2-chall.c compat.c readconf.c kexgexs.c monitor.c
|
||||
gss-genr.c cipher-3des1.c kex.c monitor_wrap.c ssh-pkcs11-client.c
|
||||
auth-options.c rsa.c auth2-pubkey.c sftp.c hostfile.c auth2.c
|
||||
servconf.c auth.c authfile.c xmalloc.c uuencode.c sftp-client.c
|
||||
auth2-gss.c sftp-server.c bufaux.c mac.c session.c jpake.c kexgexc.c
|
||||
sshconnect.c auth-chall.c auth2-passwd.c sshconnect1.c buffer.c
|
||||
kexecdhs.c kexdhs.c ssh-rsa.c auth1.c ssh-pkcs11.c auth2-kbdint.c
|
||||
kexdhc.c sshd.c umac.c ssh-dss.c auth2-jpake.c bufbn.c clientloop.c
|
||||
monitor_mm.c scp.c roaming_client.c serverloop.c key.c auth-rsa.c
|
||||
ssh-pkcs11-helper.c ssh-keysign.c ssh-keygen.c match.c channels.c
|
||||
sshconnect2.c addrmatch.c mux.c canohost.c kexecdhc.c schnorr.c
|
||||
ssh-add.c misc.c auth2-hostbased.c ssh-agent.c bufec.c groupaccess.c
|
||||
dns.c packet.c readpass.c authfd.c moduli.c]
|
||||
bye, bye xfree(); ok markus@
|
||||
- djm@cvs.openbsd.org 2013/05/19 02:38:28
|
||||
[auth2-pubkey.c]
|
||||
fix failure to recognise cert-authority keys if a key of a different type
|
||||
appeared in authorized_keys before it; ok markus@
|
||||
- djm@cvs.openbsd.org 2013/05/19 02:42:42
|
||||
[auth.h auth.c key.c monitor.c auth-rsa.c auth2.c auth1.c key.h]
|
||||
Standardise logging of supplemental information during userauth. Keys
|
||||
and ruser is now logged in the auth success/failure message alongside
|
||||
the local username, remote host/port and protocol in use. Certificates
|
||||
contents and CA are logged too.
|
||||
Pushing all logging onto a single line simplifies log analysis as it is
|
||||
no longer necessary to relate information scattered across multiple log
|
||||
entries. "I like it" markus@
|
||||
- dtucker@cvs.openbsd.org 2013/05/31 12:28:10
|
||||
[ssh-agent.c]
|
||||
Use time_t where appropriate. ok djm
|
||||
- dtucker@cvs.openbsd.org 2013/06/01 13:15:52
|
||||
[ssh-agent.c clientloop.c misc.h packet.c progressmeter.c misc.c
|
||||
channels.c sandbox-systrace.c]
|
||||
Use clock_gettime(CLOCK_MONOTONIC ...) for ssh timers so that things like
|
||||
keepalives and rekeying will work properly over clock steps. Suggested by
|
||||
markus@, "looks good" djm@.
|
||||
- dtucker@cvs.openbsd.org 2013/06/01 20:59:25
|
||||
[scp.c sftp-client.c]
|
||||
Replace S_IWRITE, which isn't standardized, with S_IWUSR, which is. Patch
|
||||
from Nathan Osman via bz#2085. ok deraadt.
|
||||
- dtucker@cvs.openbsd.org 2013/06/01 22:34:50
|
||||
[sftp-client.c]
|
||||
Update progressmeter when data is acked, not when it's sent. bz#2108, from
|
||||
Debian via Colin Watson, ok djm@
|
||||
- (dtucker) [M auth-chall.c auth-krb5.c auth-pam.c cipher-aes.c cipher-ctr.c
|
||||
groupaccess.c loginrec.c monitor.c monitor_wrap.c session.c sshd.c
|
||||
sshlogin.c uidswap.c openbsd-compat/bsd-cygwin_util.c
|
||||
openbsd-compat/getrrsetbyname-ldns.c openbsd-compat/port-aix.c
|
||||
openbsd-compat/port-linux.c] Replace portable-specific instances of xfree
|
||||
with the equivalent calls to free.
|
||||
- (dtucker) [configure.ac misc.c] Look for clock_gettime in librt and fall
|
||||
back to time(NULL) if we can't find it anywhere.
|
||||
- (dtucker) [sandbox-seccomp-filter.c] Allow clock_gettimeofday.
|
||||
|
||||
20130529
|
||||
- (dtucker) [configure.ac openbsd-compat/bsd-misc.h] bz#2087: Add a null
|
||||
implementation of endgrent for platforms that don't have it (eg Android).
|
||||
Loosely based on a patch from Nathan Osman, ok djm
|
||||
|
||||
20130517
|
||||
- (dtucker) OpenBSD CVS Sync
|
||||
- djm@cvs.openbsd.org 2013/03/07 00:20:34
|
||||
[regress/proxy-connect.sh]
|
||||
repeat test with a style appended to the username
|
||||
- dtucker@cvs.openbsd.org 2013/03/23 11:09:43
|
||||
[regress/test-exec.sh]
|
||||
Only regenerate host keys if they don't exist or if ssh-keygen has changed
|
||||
since they were. Reduces test runtime by 5-30% depending on machine
|
||||
speed.
|
||||
- dtucker@cvs.openbsd.org 2013/04/06 06:00:22
|
||||
[regress/rekey.sh regress/test-exec.sh regress/integrity.sh
|
||||
regress/multiplex.sh Makefile regress/cfgmatch.sh]
|
||||
Split the regress log into 3 parts: the debug output from ssh, the debug
|
||||
log from sshd and the output from the client command (ssh, scp or sftp).
|
||||
Somewhat functional now, will become more useful when ssh/sshd -E is added.
|
||||
- dtucker@cvs.openbsd.org 2013/04/07 02:16:03
|
||||
[regress/Makefile regress/rekey.sh regress/integrity.sh
|
||||
regress/sshd-log-wrapper.sh regress/forwarding.sh regress/test-exec.sh]
|
||||
use -E option for ssh and sshd to write debuging logs to ssh{,d}.log and
|
||||
save the output from any failing tests. If a test fails the debug output
|
||||
from ssh and sshd for the failing tests (and only the failing tests) should
|
||||
be available in failed-ssh{,d}.log.
|
||||
- djm@cvs.openbsd.org 2013/04/18 02:46:12
|
||||
[regress/Makefile regress/sftp-chroot.sh]
|
||||
test sshd ChrootDirectory+internal-sftp; feedback & ok dtucker@
|
||||
- dtucker@cvs.openbsd.org 2013/04/22 07:23:08
|
||||
[regress/multiplex.sh]
|
||||
Write mux master logs to regress.log instead of ssh.log to keep separate
|
||||
- djm@cvs.openbsd.org 2013/05/10 03:46:14
|
||||
[regress/modpipe.c]
|
||||
sync some portability changes from portable OpenSSH (id sync only)
|
||||
- dtucker@cvs.openbsd.org 2013/05/16 02:10:35
|
||||
[regress/rekey.sh]
|
||||
Add test for time-based rekeying
|
||||
- dtucker@cvs.openbsd.org 2013/05/16 03:33:30
|
||||
[regress/rekey.sh]
|
||||
test rekeying when there's no data being transferred
|
||||
- dtucker@cvs.openbsd.org 2013/05/16 04:26:10
|
||||
[regress/rekey.sh]
|
||||
add server-side rekey test
|
||||
- dtucker@cvs.openbsd.org 2013/05/16 05:48:31
|
||||
[regress/rekey.sh]
|
||||
add tests for RekeyLimit parsing
|
||||
- dtucker@cvs.openbsd.org 2013/05/17 00:37:40
|
||||
[regress/agent.sh regress/keytype.sh regress/cfgmatch.sh
|
||||
regress/forcecommand.sh regress/proto-version.sh regress/test-exec.sh
|
||||
regress/cipher-speed.sh regress/cert-hostkey.sh regress/cert-userkey.sh
|
||||
regress/ssh-com.sh]
|
||||
replace 'echo -n' with 'printf' since it's more portable
|
||||
also remove "echon" hack.
|
||||
- dtucker@cvs.openbsd.org 2013/05/17 01:16:09
|
||||
[regress/agent-timeout.sh]
|
||||
Pull back some portability changes from -portable:
|
||||
- TIMEOUT is a read-only variable in some shells
|
||||
- not all greps have -q so redirect to /dev/null instead.
|
||||
(ID sync only)
|
||||
- dtucker@cvs.openbsd.org 2013/05/17 01:32:11
|
||||
[regress/integrity.sh]
|
||||
don't print output from ssh before getting it (it's available in ssh.log)
|
||||
- dtucker@cvs.openbsd.org 2013/05/17 04:29:14
|
||||
[regress/sftp.sh regress/putty-ciphers.sh regress/cipher-speed.sh
|
||||
regress/test-exec.sh regress/sftp-batch.sh regress/dynamic-forward.sh
|
||||
regress/putty-transfer.sh regress/conch-ciphers.sh regress/sftp-cmds.sh
|
||||
regress/scp.sh regress/ssh-com-sftp.sh regress/rekey.sh
|
||||
regress/putty-kex.sh regress/stderr-data.sh regress/stderr-after-eof.sh
|
||||
regress/sftp-badcmds.sh regress/reexec.sh regress/ssh-com-client.sh
|
||||
regress/sftp-chroot.sh regress/forwarding.sh regress/transfer.sh
|
||||
regress/multiplex.sh]
|
||||
Move the setting of DATA and COPY into test-exec.sh
|
||||
- dtucker@cvs.openbsd.org 2013/05/17 10:16:26
|
||||
[regress/try-ciphers.sh]
|
||||
use expr for math to keep diffs vs portable down
|
||||
(id sync only)
|
||||
- dtucker@cvs.openbsd.org 2013/05/17 10:23:52
|
||||
[regress/login-timeout.sh regress/reexec.sh regress/test-exec.sh]
|
||||
Use SUDO when cat'ing pid files and running the sshd log wrapper so that
|
||||
it works with a restrictive umask and the pid files are not world readable.
|
||||
Changes from -portable. (id sync only)
|
||||
- dtucker@cvs.openbsd.org 2013/05/17 10:24:48
|
||||
[regress/localcommand.sh]
|
||||
use backticks for portability. (id sync only)
|
||||
- dtucker@cvs.openbsd.org 2013/05/17 10:26:26
|
||||
[regress/sftp-badcmds.sh]
|
||||
remove unused BATCH variable. (id sync only)
|
||||
- dtucker@cvs.openbsd.org 2013/05/17 10:28:11
|
||||
[regress/sftp.sh]
|
||||
only compare copied data if sftp succeeds. from portable (id sync only)
|
||||
- dtucker@cvs.openbsd.org 2013/05/17 10:30:07
|
||||
[regress/test-exec.sh]
|
||||
wait a bit longer for startup and use case for absolute path.
|
||||
from portable (id sync only)
|
||||
- dtucker@cvs.openbsd.org 2013/05/17 10:33:09
|
||||
[regress/agent-getpeereid.sh]
|
||||
don't redirect stdout from sudo. from portable (id sync only)
|
||||
- dtucker@cvs.openbsd.org 2013/05/17 10:34:30
|
||||
[regress/portnum.sh]
|
||||
use a more portable negated if structure. from portable (id sync only)
|
||||
- dtucker@cvs.openbsd.org 2013/05/17 10:35:43
|
||||
[regress/scp.sh]
|
||||
use a file extention that's not special on some platforms. from portable
|
||||
(id sync only)
|
||||
- (dtucker) [regress/bsd.regress.mk] Remove unused file. We've never used it
|
||||
in portable and it's long gone in openbsd.
|
||||
- (dtucker) [regress/integrity.sh]. Force fixed Diffie-Hellman key exchange
|
||||
methods. When the openssl version doesn't support ECDH then next one on
|
||||
the list is DH group exchange, but that causes a bit more traffic which can
|
||||
mean that the tests flip bits in the initial exchange rather than the MACed
|
||||
traffic and we get different errors to what the tests look for.
|
||||
- (dtucker) [openbsd-compat/getopt.h] Remove unneeded bits.
|
||||
- (dtucker) [regress/cfgmatch.sh] Resync config file setup with openbsd.
|
||||
- (dtucker) [regress/agent-getpeereid.sh] Resync spaces with openbsd.
|
||||
- (dtucker) [regress/integrity.sh regress/krl.sh regress/test-exec.sh]
|
||||
Move the jot helper function to portable-specific part of test-exec.sh.
|
||||
- (dtucker) [regress/test-exec.sh] Move the portable-specific functions
|
||||
together and add a couple of missing lines from openbsd.
|
||||
- (dtucker) [regress/stderr-after-eof.sh regress/test-exec.sh] Move the md5
|
||||
helper function to the portable part of test-exec.sh.
|
||||
- (dtucker) [regress/runtests.sh] Remove obsolete test driver script.
|
||||
- (dtucker) [regress/cfgmatch.sh] Remove unneeded sleep renderd obsolete by
|
||||
rev 1.6 which calls wait.
|
||||
|
||||
20130516
|
||||
- (djm) [contrib/ssh-copy-id] Fix bug that could cause "rm *" to be
|
||||
executed if mktemp failed; bz#2105 ok dtucker@
|
||||
- (dtucker) OpenBSD CVS Sync
|
||||
- tedu@cvs.openbsd.org 2013/04/23 17:49:45
|
||||
[misc.c]
|
||||
use xasprintf instead of a series of strlcats and strdup. ok djm
|
||||
- tedu@cvs.openbsd.org 2013/04/24 16:01:46
|
||||
[misc.c]
|
||||
remove extra parens noticed by nicm
|
||||
- dtucker@cvs.openbsd.org 2013/05/06 07:35:12
|
||||
[sftp-server.8]
|
||||
Reference the version of the sftp draft we actually implement. ok djm@
|
||||
- djm@cvs.openbsd.org 2013/05/10 03:40:07
|
||||
[sshconnect2.c]
|
||||
fix bzero(ptr_to_struct, sizeof(ptr_to_struct)); bz#2100 from
|
||||
Colin Watson
|
||||
- djm@cvs.openbsd.org 2013/05/10 04:08:01
|
||||
[key.c]
|
||||
memleak in cert_free(), wasn't actually freeing the struct;
|
||||
bz#2096 from shm AT digitalsun.pl
|
||||
- dtucker@cvs.openbsd.org 2013/05/10 10:13:50
|
||||
[ssh-pkcs11-helper.c]
|
||||
remove unused extern optarg. ok markus@
|
||||
- dtucker@cvs.openbsd.org 2013/05/16 02:00:34
|
||||
[ssh_config sshconnect2.c packet.c readconf.h readconf.c clientloop.c
|
||||
ssh_config.5 packet.h]
|
||||
Add an optional second argument to RekeyLimit in the client to allow
|
||||
rekeying based on elapsed time in addition to amount of traffic.
|
||||
with djm@ jmc@, ok djm
|
||||
- dtucker@cvs.openbsd.org 2013/05/16 04:09:14
|
||||
[sshd_config.5 servconf.c servconf.h packet.c serverloop.c monitor.c sshd_config
|
||||
sshd.c] Add RekeyLimit to sshd with the same syntax as the client allowing
|
||||
rekeying based on traffic volume or time. ok djm@, help & ok jmc@ for the man
|
||||
page.
|
||||
- djm@cvs.openbsd.org 2013/05/16 04:27:50
|
||||
[ssh_config.5 readconf.h readconf.c]
|
||||
add the ability to ignore specific unrecognised ssh_config options;
|
||||
bz#866; ok markus@
|
||||
- jmc@cvs.openbsd.org 2013/05/16 06:28:45
|
||||
[ssh_config.5]
|
||||
put IgnoreUnknown in the right place;
|
||||
- jmc@cvs.openbsd.org 2013/05/16 06:30:06
|
||||
[sshd_config.5]
|
||||
oops! avoid Xr to self;
|
||||
- dtucker@cvs.openbsd.org 2013/05/16 09:08:41
|
||||
[log.c scp.c sshd.c serverloop.c schnorr.c sftp.c]
|
||||
Fix some "unused result" warnings found via clang and -portable.
|
||||
ok markus@
|
||||
- dtucker@cvs.openbsd.org 2013/05/16 09:12:31
|
||||
[readconf.c servconf.c]
|
||||
switch RekeyLimit traffic volume parsing to scan_scaled. ok djm@
|
||||
- dtucker@cvs.openbsd.org 2013/05/16 10:43:34
|
||||
[servconf.c readconf.c]
|
||||
remove now-unused variables
|
||||
- dtucker@cvs.openbsd.org 2013/05/16 10:44:06
|
||||
[servconf.c]
|
||||
remove another now-unused variable
|
||||
- (dtucker) [configure.ac readconf.c servconf.c
|
||||
openbsd-compat/openbsd-compat.h] Add compat bits for scan_scaled.
|
||||
|
||||
20130510
|
||||
- (djm) OpenBSD CVS Cherrypick
|
||||
- (dtucker) [configure.ac] Enable -Wsizeof-pointer-memaccess if the compiler
|
||||
supports it. Mentioned by Colin Watson in bz#2100, ok djm.
|
||||
- (dtucker) [openbsd-compat/getopt.c] Factor out portibility changes to
|
||||
getopt.c. Preprocessed source is identical other than line numbers.
|
||||
- (dtucker) [openbsd-compat/getopt_long.c] Import from OpenBSD. No
|
||||
portability changes yet.
|
||||
- (dtucker) [openbsd-compat/Makefile.in openbsd-compat/getopt.c
|
||||
openbsd-compat/getopt_long.c regress/modpipe.c] Remove getopt.c, add
|
||||
portability code to getopt_long.c and switch over Makefile and the ugly
|
||||
hack in modpipe.c. Fixes bz#1448.
|
||||
- (dtucker) [openbsd-compat/getopt.h openbsd-compat/getopt_long.c
|
||||
openbsd-compat/openbsd-compat.h] pull in getopt.h from openbsd and plumb
|
||||
in to use it when we're using our own getopt.
|
||||
- (dtucker) [kex.c] Only include sha256 and ECC key exchange methods when the
|
||||
underlying libraries support them.
|
||||
- (dtucker) [configure.ac] Add -Werror to the -Qunused-arguments test so
|
||||
we don't get a warning on compilers that *don't* support it. Add
|
||||
-Wno-unknown-warning-option. Move both to the start of the list for
|
||||
maximum noise suppression. Tested with gcc 4.6.3, gcc 2.95.4 and clang 2.9.
|
||||
|
||||
20130423
|
||||
- (djm) [auth.c configure.ac misc.c monitor.c monitor_wrap.c] Support
|
||||
platforms, such as Android, that lack struct passwd.pw_gecos. Report
|
||||
and initial patch from Nathan Osman bz#2086; feedback tim@ ok dtucker@
|
||||
- (djm) OpenBSD CVS Sync
|
||||
- markus@cvs.openbsd.org 2013/03/05 20:16:09
|
||||
[sshconnect2.c]
|
||||
reset pubkey order on partial success; ok djm@
|
||||
- djm@cvs.openbsd.org 2013/03/06 23:35:23
|
||||
[session.c]
|
||||
fatal() when ChrootDirectory specified by running without root privileges;
|
||||
ok markus@
|
||||
- djm@cvs.openbsd.org 2013/03/06 23:36:53
|
||||
[readconf.c]
|
||||
g/c unused variable (-Wunused)
|
||||
- djm@cvs.openbsd.org 2013/03/07 00:19:59
|
||||
[auth2-pubkey.c monitor.c]
|
||||
reconstruct the original username that was sent by the client, which may
|
||||
have included a style (e.g. "root:skey") when checking public key
|
||||
signatures. Fixes public key and hostbased auth when the client specified
|
||||
a style; ok markus@
|
||||
- markus@cvs.openbsd.org 2013/03/07 19:27:25
|
||||
[auth.h auth2-chall.c auth2.c monitor.c sshd_config.5]
|
||||
add submethod support to AuthenticationMethods; ok and freedback djm@
|
||||
- djm@cvs.openbsd.org 2013/03/08 06:32:58
|
||||
[ssh.c]
|
||||
allow "ssh -f none ..." ok markus@
|
||||
- djm@cvs.openbsd.org 2013/04/05 00:14:00
|
||||
[auth2-gss.c krl.c sshconnect2.c]
|
||||
hush some {unused, printf type} warnings
|
||||
- djm@cvs.openbsd.org 2013/04/05 00:31:49
|
||||
[pathnames.h]
|
||||
use the existing _PATH_SSH_USER_RC define to construct the other
|
||||
pathnames; bz#2077, ok dtucker@ (no binary change)
|
||||
- djm@cvs.openbsd.org 2013/04/05 00:58:51
|
||||
[mux.c]
|
||||
cleanup mux-created channels that are in SSH_CHANNEL_OPENING state too
|
||||
(in addition to ones already in OPEN); bz#2079, ok dtucker@
|
||||
- markus@cvs.openbsd.org 2013/04/06 16:07:00
|
||||
[channels.c sshd.c]
|
||||
handle ECONNABORTED for accept(); ok deraadt some time ago...
|
||||
- dtucker@cvs.openbsd.org 2013/04/07 02:10:33
|
||||
[log.c log.h ssh.1 ssh.c sshd.8 sshd.c]
|
||||
Add -E option to ssh and sshd to append debugging logs to a specified file
|
||||
instead of stderr or syslog. ok markus@, man page help jmc@
|
||||
- dtucker@cvs.openbsd.org 2013/04/07 09:40:27
|
||||
[sshd.8]
|
||||
clarify -e text. suggested by & ok jmc@
|
||||
- djm@cvs.openbsd.org 2013/04/11 02:27:50
|
||||
[packet.c]
|
||||
quiet disconnect notifications on the server from error() back to logit()
|
||||
if it is a normal client closure; bz#2057 ok+feedback dtucker@
|
||||
- (djm) [version.h contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
|
||||
[contrib/suse/openssh.spec] Crank version numbers for release.
|
||||
- dtucker@cvs.openbsd.org 2013/04/17 09:04:09
|
||||
[session.c]
|
||||
revert rev 1.262; it fails because uid is already set here. ok djm@
|
||||
- djm@cvs.openbsd.org 2013/04/18 02:16:07
|
||||
[sftp.c]
|
||||
make "sftp -q" do what it says on the sticker: hush everything but errors;
|
||||
ok dtucker@
|
||||
- djm@cvs.openbsd.org 2013/04/19 01:00:10
|
||||
[sshd_config.5]
|
||||
document the requirment that the AuthorizedKeysCommand be owned by root;
|
||||
ok dtucker@ markus@
|
||||
- djm@cvs.openbsd.org 2013/04/19 01:01:00
|
||||
[ssh-keygen.c]
|
||||
fix some memory leaks; bz#2088 ok dtucker@
|
||||
- djm@cvs.openbsd.org 2013/04/19 01:03:01
|
||||
[session.c]
|
||||
reintroduce 1.262 without the connection-killing bug:
|
||||
fatal() when ChrootDirectory specified by running without root privileges;
|
||||
ok markus@
|
||||
- djm@cvs.openbsd.org 2013/04/19 01:06:50
|
||||
[authfile.c cipher.c cipher.h kex.c kex.h kexecdh.c kexecdhc.c kexecdhs.c]
|
||||
[key.c key.h mac.c mac.h packet.c ssh.1 ssh.c]
|
||||
add the ability to query supported ciphers, MACs, key type and KEX
|
||||
algorithms to ssh. Includes some refactoring of KEX and key type handling
|
||||
to be table-driven; ok markus@
|
||||
- djm@cvs.openbsd.org 2013/04/19 11:10:18
|
||||
[ssh.c]
|
||||
add -Q to usage; reminded by jmc@
|
||||
- djm@cvs.openbsd.org 2013/04/19 12:07:08
|
||||
[kex.c]
|
||||
remove duplicated list entry pointed out by naddy@
|
||||
- dtucker@cvs.openbsd.org 2013/04/22 01:17:18
|
||||
[mux.c]
|
||||
typo in debug output: evitval->exitval
|
||||
|
||||
20130418
|
||||
- (djm) [config.guess config.sub] Update to last versions before they switch
|
||||
to GPL3. ok dtucker@
|
||||
- (dtucker) [configure.ac] Use -Qunused-arguments to suppress warnings from
|
||||
unused argument warnings (in particular, -fno-builtin-memset) from clang.
|
||||
|
||||
20130404
|
||||
- (dtucker) OpenBSD CVS Sync
|
||||
@ -34,10 +651,16 @@
|
||||
to avoid conflicting definitions of __int64, adding the required bits.
|
||||
Patch from Corinna Vinschen.
|
||||
|
||||
20120323
|
||||
- (tim) [Makefile.in] remove some duplication introduced in 20130220 commit.
|
||||
|
||||
20120322
|
||||
- (djm) [contrib/ssh-copy-id contrib/ssh-copy-id.1] Updated to Phil
|
||||
Hands' greatly revised version.
|
||||
- (djm) Release 6.2p1
|
||||
- (dtucker) [configure.ac] Add stdlib.h to zlib check for exit() prototype.
|
||||
- (dtucker) [includes.h] Check if _GNU_SOURCE is already defined before
|
||||
defining it again. Prevents warnings if someone, eg, sets it in CFLAGS.
|
||||
|
||||
20120318
|
||||
- (djm) [configure.ac log.c scp.c sshconnect2.c openbsd-compat/vis.c]
|
||||
|
@ -1,4 +1,4 @@
|
||||
See http://www.openssh.com/txt/release-6.2p2 for the release notes.
|
||||
See http://www.openssh.com/txt/release-6.3 for the release notes.
|
||||
|
||||
- A Japanese translation of this document and of the OpenSSH FAQ is
|
||||
- available at http://www.unixuser.org/~haruyama/security/openssh/index.html
|
||||
@ -62,4 +62,4 @@ References -
|
||||
[6] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9
|
||||
[7] http://www.openssh.com/faq.html
|
||||
|
||||
$Id: README,v 1.82.2.1 2013/05/10 06:12:54 djm Exp $
|
||||
$Id: README,v 1.83 2013/07/25 02:34:00 djm Exp $
|
||||
|
13
crypto/openssh/aclocal.m4
vendored
13
crypto/openssh/aclocal.m4
vendored
@ -1,4 +1,4 @@
|
||||
dnl $Id: aclocal.m4,v 1.8 2011/05/20 01:45:25 djm Exp $
|
||||
dnl $Id: aclocal.m4,v 1.9 2013/06/02 21:31:27 tim Exp $
|
||||
dnl
|
||||
dnl OpenSSH-specific autoconf macros
|
||||
dnl
|
||||
@ -14,8 +14,15 @@ AC_DEFUN([OSSH_CHECK_CFLAG_COMPILE], [{
|
||||
_define_flag="$2"
|
||||
test "x$_define_flag" = "x" && _define_flag="$1"
|
||||
AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int main(void) { return 0; }]])],
|
||||
[ AC_MSG_RESULT([yes])
|
||||
CFLAGS="$saved_CFLAGS $_define_flag"],
|
||||
[
|
||||
if `grep -i "unrecognized option" conftest.err >/dev/null`
|
||||
then
|
||||
AC_MSG_RESULT([no])
|
||||
CFLAGS="$saved_CFLAGS"
|
||||
else
|
||||
AC_MSG_RESULT([yes])
|
||||
CFLAGS="$saved_CFLAGS $_define_flag"
|
||||
fi],
|
||||
[ AC_MSG_RESULT([no])
|
||||
CFLAGS="$saved_CFLAGS" ]
|
||||
)
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: addrmatch.c,v 1.6 2012/06/21 00:16:07 dtucker Exp $ */
|
||||
/* $OpenBSD: addrmatch.c,v 1.7 2013/05/17 00:13:13 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2004-2008 Damien Miller <djm@mindrot.org>
|
||||
@ -420,7 +420,7 @@ addr_match_list(const char *addr, const char *_list)
|
||||
goto foundit;
|
||||
}
|
||||
}
|
||||
xfree(o);
|
||||
free(o);
|
||||
|
||||
return ret;
|
||||
}
|
||||
@ -494,7 +494,7 @@ addr_match_cidr_list(const char *addr, const char *_list)
|
||||
continue;
|
||||
}
|
||||
}
|
||||
xfree(o);
|
||||
free(o);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: auth-chall.c,v 1.12 2006/08/03 03:34:41 deraadt Exp $ */
|
||||
/* $OpenBSD: auth-chall.c,v 1.13 2013/05/17 00:13:13 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2001 Markus Friedl. All rights reserved.
|
||||
*
|
||||
@ -69,11 +69,11 @@ get_challenge(Authctxt *authctxt)
|
||||
fatal("get_challenge: numprompts < 1");
|
||||
challenge = xstrdup(prompts[0]);
|
||||
for (i = 0; i < numprompts; i++)
|
||||
xfree(prompts[i]);
|
||||
xfree(prompts);
|
||||
xfree(name);
|
||||
xfree(echo_on);
|
||||
xfree(info);
|
||||
free(prompts[i]);
|
||||
free(prompts);
|
||||
free(name);
|
||||
free(echo_on);
|
||||
free(info);
|
||||
|
||||
return (challenge);
|
||||
}
|
||||
@ -102,11 +102,11 @@ verify_response(Authctxt *authctxt, const char *response)
|
||||
authenticated = 1;
|
||||
|
||||
for (i = 0; i < numprompts; i++)
|
||||
xfree(prompts[i]);
|
||||
xfree(prompts);
|
||||
xfree(name);
|
||||
xfree(echo_on);
|
||||
xfree(info);
|
||||
free(prompts[i]);
|
||||
free(prompts);
|
||||
free(name);
|
||||
free(echo_on);
|
||||
free(info);
|
||||
break;
|
||||
}
|
||||
device->free_ctx(authctxt->kbdintctxt);
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: auth-krb5.c,v 1.19 2006/08/03 03:34:41 deraadt Exp $ */
|
||||
/* $OpenBSD: auth-krb5.c,v 1.20 2013/07/20 01:55:13 djm Exp $ */
|
||||
/*
|
||||
* Kerberos v5 authentication and ticket-passing routines.
|
||||
*
|
||||
@ -79,6 +79,7 @@ auth_krb5_password(Authctxt *authctxt, const char *password)
|
||||
krb5_ccache ccache = NULL;
|
||||
int len;
|
||||
char *client, *platform_client;
|
||||
const char *errmsg;
|
||||
|
||||
/* get platform-specific kerberos client principal name (if it exists) */
|
||||
platform_client = platform_krb5_get_principal_name(authctxt->pw->pw_name);
|
||||
@ -96,7 +97,12 @@ auth_krb5_password(Authctxt *authctxt, const char *password)
|
||||
goto out;
|
||||
|
||||
#ifdef HEIMDAL
|
||||
# ifdef HAVE_KRB5_CC_NEW_UNIQUE
|
||||
problem = krb5_cc_new_unique(authctxt->krb5_ctx,
|
||||
krb5_mcc_ops.prefix, NULL, &ccache);
|
||||
# else
|
||||
problem = krb5_cc_gen_new(authctxt->krb5_ctx, &krb5_mcc_ops, &ccache);
|
||||
# endif
|
||||
if (problem)
|
||||
goto out;
|
||||
|
||||
@ -115,8 +121,13 @@ auth_krb5_password(Authctxt *authctxt, const char *password)
|
||||
if (problem)
|
||||
goto out;
|
||||
|
||||
# ifdef HAVE_KRB5_CC_NEW_UNIQUE
|
||||
problem = krb5_cc_new_unique(authctxt->krb5_ctx,
|
||||
krb5_fcc_ops.prefix, NULL, &authctxt->krb5_fwd_ccache);
|
||||
# else
|
||||
problem = krb5_cc_gen_new(authctxt->krb5_ctx, &krb5_fcc_ops,
|
||||
&authctxt->krb5_fwd_ccache);
|
||||
# endif
|
||||
if (problem)
|
||||
goto out;
|
||||
|
||||
@ -181,17 +192,19 @@ auth_krb5_password(Authctxt *authctxt, const char *password)
|
||||
out:
|
||||
restore_uid();
|
||||
|
||||
if (platform_client != NULL)
|
||||
xfree(platform_client);
|
||||
free(platform_client);
|
||||
|
||||
if (problem) {
|
||||
if (ccache)
|
||||
krb5_cc_destroy(authctxt->krb5_ctx, ccache);
|
||||
|
||||
if (authctxt->krb5_ctx != NULL && problem!=-1)
|
||||
debug("Kerberos password authentication failed: %s",
|
||||
krb5_get_err_text(authctxt->krb5_ctx, problem));
|
||||
else
|
||||
if (authctxt->krb5_ctx != NULL && problem!=-1) {
|
||||
errmsg = krb5_get_error_message(authctxt->krb5_ctx,
|
||||
problem);
|
||||
debug("Kerberos password authentication failed: %s",
|
||||
errmsg);
|
||||
krb5_free_error_message(authctxt->krb5_ctx, errmsg);
|
||||
} else
|
||||
debug("Kerberos password authentication failed: %d",
|
||||
problem);
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: auth-options.c,v 1.57 2012/12/02 20:46:11 djm Exp $ */
|
||||
/* $OpenBSD: auth-options.c,v 1.59 2013/07/12 00:19:58 djm Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
@ -72,15 +72,15 @@ auth_clear_options(void)
|
||||
while (custom_environment) {
|
||||
struct envstring *ce = custom_environment;
|
||||
custom_environment = ce->next;
|
||||
xfree(ce->s);
|
||||
xfree(ce);
|
||||
free(ce->s);
|
||||
free(ce);
|
||||
}
|
||||
if (forced_command) {
|
||||
xfree(forced_command);
|
||||
free(forced_command);
|
||||
forced_command = NULL;
|
||||
}
|
||||
if (authorized_principals) {
|
||||
xfree(authorized_principals);
|
||||
free(authorized_principals);
|
||||
authorized_principals = NULL;
|
||||
}
|
||||
forced_tun_device = -1;
|
||||
@ -149,7 +149,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
|
||||
if (strncasecmp(opts, cp, strlen(cp)) == 0) {
|
||||
opts += strlen(cp);
|
||||
if (forced_command != NULL)
|
||||
xfree(forced_command);
|
||||
free(forced_command);
|
||||
forced_command = xmalloc(strlen(opts) + 1);
|
||||
i = 0;
|
||||
while (*opts) {
|
||||
@ -167,7 +167,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
|
||||
file, linenum);
|
||||
auth_debug_add("%.100s, line %lu: missing end quote",
|
||||
file, linenum);
|
||||
xfree(forced_command);
|
||||
free(forced_command);
|
||||
forced_command = NULL;
|
||||
goto bad_option;
|
||||
}
|
||||
@ -180,7 +180,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
|
||||
if (strncasecmp(opts, cp, strlen(cp)) == 0) {
|
||||
opts += strlen(cp);
|
||||
if (authorized_principals != NULL)
|
||||
xfree(authorized_principals);
|
||||
free(authorized_principals);
|
||||
authorized_principals = xmalloc(strlen(opts) + 1);
|
||||
i = 0;
|
||||
while (*opts) {
|
||||
@ -198,7 +198,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
|
||||
file, linenum);
|
||||
auth_debug_add("%.100s, line %lu: missing end quote",
|
||||
file, linenum);
|
||||
xfree(authorized_principals);
|
||||
free(authorized_principals);
|
||||
authorized_principals = NULL;
|
||||
goto bad_option;
|
||||
}
|
||||
@ -232,7 +232,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
|
||||
file, linenum);
|
||||
auth_debug_add("%.100s, line %lu: missing end quote",
|
||||
file, linenum);
|
||||
xfree(s);
|
||||
free(s);
|
||||
goto bad_option;
|
||||
}
|
||||
s[i] = '\0';
|
||||
@ -269,7 +269,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
|
||||
file, linenum);
|
||||
auth_debug_add("%.100s, line %lu: missing end quote",
|
||||
file, linenum);
|
||||
xfree(patterns);
|
||||
free(patterns);
|
||||
goto bad_option;
|
||||
}
|
||||
patterns[i] = '\0';
|
||||
@ -277,7 +277,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
|
||||
switch (match_host_and_ip(remote_host, remote_ip,
|
||||
patterns)) {
|
||||
case 1:
|
||||
xfree(patterns);
|
||||
free(patterns);
|
||||
/* Host name matches. */
|
||||
goto next_option;
|
||||
case -1:
|
||||
@ -287,7 +287,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
|
||||
"invalid criteria", file, linenum);
|
||||
/* FALLTHROUGH */
|
||||
case 0:
|
||||
xfree(patterns);
|
||||
free(patterns);
|
||||
logit("Authentication tried for %.100s with "
|
||||
"correct key but not from a permitted "
|
||||
"host (host=%.200s, ip=%.200s).",
|
||||
@ -323,7 +323,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
|
||||
file, linenum);
|
||||
auth_debug_add("%.100s, line %lu: missing "
|
||||
"end quote", file, linenum);
|
||||
xfree(patterns);
|
||||
free(patterns);
|
||||
goto bad_option;
|
||||
}
|
||||
patterns[i] = '\0';
|
||||
@ -337,7 +337,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
|
||||
auth_debug_add("%.100s, line %lu: "
|
||||
"Bad permitopen specification", file,
|
||||
linenum);
|
||||
xfree(patterns);
|
||||
free(patterns);
|
||||
goto bad_option;
|
||||
}
|
||||
host = cleanhostname(host);
|
||||
@ -346,12 +346,12 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
|
||||
"<%.100s>", file, linenum, p ? p : "");
|
||||
auth_debug_add("%.100s, line %lu: "
|
||||
"Bad permitopen port", file, linenum);
|
||||
xfree(patterns);
|
||||
free(patterns);
|
||||
goto bad_option;
|
||||
}
|
||||
if ((options.allow_tcp_forwarding & FORWARD_LOCAL) != 0)
|
||||
channel_add_permitted_opens(host, port);
|
||||
xfree(patterns);
|
||||
free(patterns);
|
||||
goto next_option;
|
||||
}
|
||||
cp = "tunnel=\"";
|
||||
@ -370,13 +370,13 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
|
||||
file, linenum);
|
||||
auth_debug_add("%.100s, line %lu: missing end quote",
|
||||
file, linenum);
|
||||
xfree(tun);
|
||||
free(tun);
|
||||
forced_tun_device = -1;
|
||||
goto bad_option;
|
||||
}
|
||||
tun[i] = '\0';
|
||||
forced_tun_device = a2tun(tun, NULL);
|
||||
xfree(tun);
|
||||
free(tun);
|
||||
if (forced_tun_device == SSH_TUNID_ERR) {
|
||||
debug("%.100s, line %lu: invalid tun device",
|
||||
file, linenum);
|
||||
@ -432,7 +432,8 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw,
|
||||
{
|
||||
char *command, *allowed;
|
||||
const char *remote_ip;
|
||||
u_char *name = NULL, *data_blob = NULL;
|
||||
char *name = NULL;
|
||||
u_char *data_blob = NULL;
|
||||
u_int nlen, dlen, clen;
|
||||
Buffer c, data;
|
||||
int ret = -1, found;
|
||||
@ -484,7 +485,7 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw,
|
||||
if (*cert_forced_command != NULL) {
|
||||
error("Certificate has multiple "
|
||||
"force-command options");
|
||||
xfree(command);
|
||||
free(command);
|
||||
goto out;
|
||||
}
|
||||
*cert_forced_command = command;
|
||||
@ -500,7 +501,7 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw,
|
||||
if ((*cert_source_address_done)++) {
|
||||
error("Certificate has multiple "
|
||||
"source-address options");
|
||||
xfree(allowed);
|
||||
free(allowed);
|
||||
goto out;
|
||||
}
|
||||
remote_ip = get_remote_ipaddr();
|
||||
@ -508,7 +509,7 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw,
|
||||
allowed)) {
|
||||
case 1:
|
||||
/* accepted */
|
||||
xfree(allowed);
|
||||
free(allowed);
|
||||
break;
|
||||
case 0:
|
||||
/* no match */
|
||||
@ -521,12 +522,12 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw,
|
||||
"is not permitted to use this "
|
||||
"certificate for login.",
|
||||
remote_ip);
|
||||
xfree(allowed);
|
||||
free(allowed);
|
||||
goto out;
|
||||
case -1:
|
||||
error("Certificate source-address "
|
||||
"contents invalid");
|
||||
xfree(allowed);
|
||||
free(allowed);
|
||||
goto out;
|
||||
}
|
||||
found = 1;
|
||||
@ -548,9 +549,10 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw,
|
||||
goto out;
|
||||
}
|
||||
buffer_clear(&data);
|
||||
xfree(name);
|
||||
xfree(data_blob);
|
||||
name = data_blob = NULL;
|
||||
free(name);
|
||||
free(data_blob);
|
||||
name = NULL;
|
||||
data_blob = NULL;
|
||||
}
|
||||
/* successfully parsed all options */
|
||||
ret = 0;
|
||||
@ -559,13 +561,13 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw,
|
||||
if (ret != 0 &&
|
||||
cert_forced_command != NULL &&
|
||||
*cert_forced_command != NULL) {
|
||||
xfree(*cert_forced_command);
|
||||
free(*cert_forced_command);
|
||||
*cert_forced_command = NULL;
|
||||
}
|
||||
if (name != NULL)
|
||||
xfree(name);
|
||||
free(name);
|
||||
if (data_blob != NULL)
|
||||
xfree(data_blob);
|
||||
free(data_blob);
|
||||
buffer_free(&data);
|
||||
buffer_free(&c);
|
||||
return ret;
|
||||
@ -627,7 +629,7 @@ auth_cert_options(Key *k, struct passwd *pw)
|
||||
/* CA-specified forced command supersedes key option */
|
||||
if (cert_forced_command != NULL) {
|
||||
if (forced_command != NULL)
|
||||
xfree(forced_command);
|
||||
free(forced_command);
|
||||
forced_command = cert_forced_command;
|
||||
}
|
||||
return 0;
|
||||
|
@ -412,10 +412,9 @@ sshpam_thread_conv(int n, sshpam_const struct pam_message **msg,
|
||||
|
||||
fail:
|
||||
for(i = 0; i < n; i++) {
|
||||
if (reply[i].resp != NULL)
|
||||
xfree(reply[i].resp);
|
||||
free(reply[i].resp);
|
||||
}
|
||||
xfree(reply);
|
||||
free(reply);
|
||||
buffer_free(&buffer);
|
||||
return (PAM_CONV_ERR);
|
||||
}
|
||||
@ -586,10 +585,9 @@ sshpam_store_conv(int n, sshpam_const struct pam_message **msg,
|
||||
|
||||
fail:
|
||||
for(i = 0; i < n; i++) {
|
||||
if (reply[i].resp != NULL)
|
||||
xfree(reply[i].resp);
|
||||
free(reply[i].resp);
|
||||
}
|
||||
xfree(reply);
|
||||
free(reply);
|
||||
return (PAM_CONV_ERR);
|
||||
}
|
||||
|
||||
@ -693,7 +691,7 @@ sshpam_init_ctx(Authctxt *authctxt)
|
||||
/* Start the authentication thread */
|
||||
if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, socks) == -1) {
|
||||
error("PAM: failed create sockets: %s", strerror(errno));
|
||||
xfree(ctxt);
|
||||
free(ctxt);
|
||||
return (NULL);
|
||||
}
|
||||
ctxt->pam_psock = socks[0];
|
||||
@ -703,7 +701,7 @@ sshpam_init_ctx(Authctxt *authctxt)
|
||||
strerror(errno));
|
||||
close(socks[0]);
|
||||
close(socks[1]);
|
||||
xfree(ctxt);
|
||||
free(ctxt);
|
||||
return (NULL);
|
||||
}
|
||||
cleanup_ctxt = ctxt;
|
||||
@ -742,7 +740,7 @@ sshpam_query(void *ctx, char **name, char **info,
|
||||
strlcpy(**prompts + plen, msg, len - plen);
|
||||
plen += mlen;
|
||||
**echo_on = (type == PAM_PROMPT_ECHO_ON);
|
||||
xfree(msg);
|
||||
free(msg);
|
||||
return (0);
|
||||
case PAM_ERROR_MSG:
|
||||
case PAM_TEXT_INFO:
|
||||
@ -753,7 +751,7 @@ sshpam_query(void *ctx, char **name, char **info,
|
||||
plen += mlen;
|
||||
strlcat(**prompts + plen, "\n", len - plen);
|
||||
plen++;
|
||||
xfree(msg);
|
||||
free(msg);
|
||||
break;
|
||||
case PAM_ACCT_EXPIRED:
|
||||
sshpam_account_status = 0;
|
||||
@ -766,7 +764,7 @@ sshpam_query(void *ctx, char **name, char **info,
|
||||
*num = 0;
|
||||
**echo_on = 0;
|
||||
ctxt->pam_done = -1;
|
||||
xfree(msg);
|
||||
free(msg);
|
||||
return 0;
|
||||
}
|
||||
/* FALLTHROUGH */
|
||||
@ -776,7 +774,7 @@ sshpam_query(void *ctx, char **name, char **info,
|
||||
debug("PAM: %s", **prompts);
|
||||
buffer_append(&loginmsg, **prompts,
|
||||
strlen(**prompts));
|
||||
xfree(**prompts);
|
||||
free(**prompts);
|
||||
**prompts = NULL;
|
||||
}
|
||||
if (type == PAM_SUCCESS) {
|
||||
@ -790,7 +788,7 @@ sshpam_query(void *ctx, char **name, char **info,
|
||||
*num = 0;
|
||||
**echo_on = 0;
|
||||
ctxt->pam_done = 1;
|
||||
xfree(msg);
|
||||
free(msg);
|
||||
return (0);
|
||||
}
|
||||
error("PAM: %s for %s%.100s from %.100s", msg,
|
||||
@ -801,7 +799,7 @@ sshpam_query(void *ctx, char **name, char **info,
|
||||
default:
|
||||
*num = 0;
|
||||
**echo_on = 0;
|
||||
xfree(msg);
|
||||
free(msg);
|
||||
ctxt->pam_done = -1;
|
||||
return (-1);
|
||||
}
|
||||
@ -852,7 +850,7 @@ sshpam_free_ctx(void *ctxtp)
|
||||
|
||||
debug3("PAM: %s entering", __func__);
|
||||
sshpam_thread_cleanup();
|
||||
xfree(ctxt);
|
||||
free(ctxt);
|
||||
/*
|
||||
* We don't call sshpam_cleanup() here because we may need the PAM
|
||||
* handle at a later stage, e.g. when setting up a session. It's
|
||||
@ -1006,10 +1004,9 @@ sshpam_tty_conv(int n, sshpam_const struct pam_message **msg,
|
||||
|
||||
fail:
|
||||
for(i = 0; i < n; i++) {
|
||||
if (reply[i].resp != NULL)
|
||||
xfree(reply[i].resp);
|
||||
free(reply[i].resp);
|
||||
}
|
||||
xfree(reply);
|
||||
free(reply);
|
||||
return (PAM_CONV_ERR);
|
||||
}
|
||||
|
||||
@ -1081,7 +1078,7 @@ do_pam_putenv(char *name, char *value)
|
||||
|
||||
snprintf(compound, len, "%s=%s", name, value);
|
||||
ret = pam_putenv(sshpam_handle, compound);
|
||||
xfree(compound);
|
||||
free(compound);
|
||||
#endif
|
||||
|
||||
return (ret);
|
||||
@ -1108,8 +1105,8 @@ free_pam_environment(char **env)
|
||||
return;
|
||||
|
||||
for (envp = env; *envp; envp++)
|
||||
xfree(*envp);
|
||||
xfree(env);
|
||||
free(*envp);
|
||||
free(env);
|
||||
}
|
||||
|
||||
/*
|
||||
@ -1165,10 +1162,9 @@ sshpam_passwd_conv(int n, sshpam_const struct pam_message **msg,
|
||||
|
||||
fail:
|
||||
for(i = 0; i < n; i++) {
|
||||
if (reply[i].resp != NULL)
|
||||
xfree(reply[i].resp);
|
||||
free(reply[i].resp);
|
||||
}
|
||||
xfree(reply);
|
||||
free(reply);
|
||||
return (PAM_CONV_ERR);
|
||||
}
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: auth-rsa.c,v 1.81 2012/10/30 21:29:54 djm Exp $ */
|
||||
/* $OpenBSD: auth-rsa.c,v 1.85 2013/07/12 00:19:58 djm Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
@ -164,9 +164,8 @@ static int
|
||||
rsa_key_allowed_in_file(struct passwd *pw, char *file,
|
||||
const BIGNUM *client_n, Key **rkey)
|
||||
{
|
||||
char line[SSH_MAX_PUBKEY_BYTES];
|
||||
int allowed = 0;
|
||||
u_int bits;
|
||||
char *fp, line[SSH_MAX_PUBKEY_BYTES];
|
||||
int allowed = 0, bits;
|
||||
FILE *f;
|
||||
u_long linenum = 0;
|
||||
Key *key;
|
||||
@ -227,11 +226,16 @@ rsa_key_allowed_in_file(struct passwd *pw, char *file,
|
||||
|
||||
/* check the real bits */
|
||||
keybits = BN_num_bits(key->rsa->n);
|
||||
if (keybits < 0 || bits != (u_int)keybits)
|
||||
if (keybits < 0 || bits != keybits)
|
||||
logit("Warning: %s, line %lu: keysize mismatch: "
|
||||
"actual %d vs. announced %d.",
|
||||
file, linenum, BN_num_bits(key->rsa->n), bits);
|
||||
|
||||
fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
|
||||
debug("matching key found: file %s, line %lu %s %s",
|
||||
file, linenum, key_type(key), fp);
|
||||
free(fp);
|
||||
|
||||
/* Never accept a revoked key */
|
||||
if (auth_key_is_revoked(key))
|
||||
break;
|
||||
@ -281,7 +285,7 @@ auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey)
|
||||
file = expand_authorized_keys(
|
||||
options.authorized_keys_files[i], pw);
|
||||
allowed = rsa_key_allowed_in_file(pw, file, client_n, rkey);
|
||||
xfree(file);
|
||||
free(file);
|
||||
}
|
||||
|
||||
restore_uid();
|
||||
@ -298,7 +302,6 @@ int
|
||||
auth_rsa(Authctxt *authctxt, BIGNUM *client_n)
|
||||
{
|
||||
Key *key;
|
||||
char *fp;
|
||||
struct passwd *pw = authctxt->pw;
|
||||
|
||||
/* no user given */
|
||||
@ -328,11 +331,7 @@ auth_rsa(Authctxt *authctxt, BIGNUM *client_n)
|
||||
* options; this will be reset if the options cause the
|
||||
* authentication to be rejected.
|
||||
*/
|
||||
fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
|
||||
verbose("Found matching %s key: %s",
|
||||
key_type(key), fp);
|
||||
xfree(fp);
|
||||
key_free(key);
|
||||
pubkey_auth_info(authctxt, key, NULL);
|
||||
|
||||
packet_send_debug("RSA authentication accepted.");
|
||||
return (1);
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: auth.c,v 1.101 2013/02/06 00:22:21 dtucker Exp $ */
|
||||
/* $OpenBSD: auth.c,v 1.103 2013/05/19 02:42:42 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||
*
|
||||
@ -73,6 +73,7 @@ __RCSID("$FreeBSD$");
|
||||
#include "authfile.h"
|
||||
#include "monitor_wrap.h"
|
||||
#include "krl.h"
|
||||
#include "compat.h"
|
||||
|
||||
/* import */
|
||||
extern ServerOptions options;
|
||||
@ -166,17 +167,17 @@ allowed_user(struct passwd * pw)
|
||||
if (stat(shell, &st) != 0) {
|
||||
logit("User %.100s not allowed because shell %.100s "
|
||||
"does not exist", pw->pw_name, shell);
|
||||
xfree(shell);
|
||||
free(shell);
|
||||
return 0;
|
||||
}
|
||||
if (S_ISREG(st.st_mode) == 0 ||
|
||||
(st.st_mode & (S_IXOTH|S_IXUSR|S_IXGRP)) == 0) {
|
||||
logit("User %.100s not allowed because shell %.100s "
|
||||
"is not executable", pw->pw_name, shell);
|
||||
xfree(shell);
|
||||
free(shell);
|
||||
return 0;
|
||||
}
|
||||
xfree(shell);
|
||||
free(shell);
|
||||
}
|
||||
|
||||
if (options.num_deny_users > 0 || options.num_allow_users > 0 ||
|
||||
@ -252,9 +253,26 @@ allowed_user(struct passwd * pw)
|
||||
return 1;
|
||||
}
|
||||
|
||||
void
|
||||
auth_info(Authctxt *authctxt, const char *fmt, ...)
|
||||
{
|
||||
va_list ap;
|
||||
int i;
|
||||
|
||||
free(authctxt->info);
|
||||
authctxt->info = NULL;
|
||||
|
||||
va_start(ap, fmt);
|
||||
i = vasprintf(&authctxt->info, fmt, ap);
|
||||
va_end(ap);
|
||||
|
||||
if (i < 0 || authctxt->info == NULL)
|
||||
fatal("vasprintf failed");
|
||||
}
|
||||
|
||||
void
|
||||
auth_log(Authctxt *authctxt, int authenticated, int partial,
|
||||
const char *method, const char *submethod, const char *info)
|
||||
const char *method, const char *submethod)
|
||||
{
|
||||
void (*authlog) (const char *fmt,...) = verbose;
|
||||
char *authmsg;
|
||||
@ -276,7 +294,7 @@ auth_log(Authctxt *authctxt, int authenticated, int partial,
|
||||
else
|
||||
authmsg = authenticated ? "Accepted" : "Failed";
|
||||
|
||||
authlog("%s %s%s%s for %s%.100s from %.200s port %d%s",
|
||||
authlog("%s %s%s%s for %s%.100s from %.200s port %d %s%s%s",
|
||||
authmsg,
|
||||
method,
|
||||
submethod != NULL ? "/" : "", submethod == NULL ? "" : submethod,
|
||||
@ -284,7 +302,11 @@ auth_log(Authctxt *authctxt, int authenticated, int partial,
|
||||
authctxt->user,
|
||||
get_remote_ipaddr(),
|
||||
get_remote_port(),
|
||||
info);
|
||||
compat20 ? "ssh2" : "ssh1",
|
||||
authctxt->info != NULL ? ": " : "",
|
||||
authctxt->info != NULL ? authctxt->info : "");
|
||||
free(authctxt->info);
|
||||
authctxt->info = NULL;
|
||||
|
||||
#ifdef CUSTOM_FAILED_LOGIN
|
||||
if (authenticated == 0 && !authctxt->postponed &&
|
||||
@ -356,7 +378,7 @@ expand_authorized_keys(const char *filename, struct passwd *pw)
|
||||
i = snprintf(ret, sizeof(ret), "%s/%s", pw->pw_dir, file);
|
||||
if (i < 0 || (size_t)i >= sizeof(ret))
|
||||
fatal("expand_authorized_keys: path too long");
|
||||
xfree(file);
|
||||
free(file);
|
||||
return (xstrdup(ret));
|
||||
}
|
||||
|
||||
@ -398,7 +420,7 @@ check_key_in_hostfiles(struct passwd *pw, Key *key, const char *host,
|
||||
load_hostkeys(hostkeys, host, user_hostfile);
|
||||
restore_uid();
|
||||
}
|
||||
xfree(user_hostfile);
|
||||
free(user_hostfile);
|
||||
}
|
||||
host_status = check_key_in_hostkeys(hostkeys, key, &found);
|
||||
if (host_status == HOST_REVOKED)
|
||||
@ -667,7 +689,7 @@ auth_key_is_revoked(Key *key)
|
||||
key_fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
|
||||
error("WARNING: authentication attempt with a revoked "
|
||||
"%s key %s ", key_type(key), key_fp);
|
||||
xfree(key_fp);
|
||||
free(key_fp);
|
||||
return 1;
|
||||
}
|
||||
fatal("key_in_file returned junk");
|
||||
@ -698,7 +720,7 @@ auth_debug_send(void)
|
||||
while (buffer_len(&auth_debug)) {
|
||||
msg = buffer_get_string(&auth_debug, NULL);
|
||||
packet_send_debug("%s", msg);
|
||||
xfree(msg);
|
||||
free(msg);
|
||||
}
|
||||
}
|
||||
|
||||
@ -722,10 +744,12 @@ fakepw(void)
|
||||
fake.pw_name = "NOUSER";
|
||||
fake.pw_passwd =
|
||||
"$2a$06$r3.juUaHZDlIbQaO2dS9FuYxL1W9M81R1Tc92PoSNmzvpEqLkLGrK";
|
||||
#ifdef HAVE_STRUCT_PASSWD_PW_GECOS
|
||||
fake.pw_gecos = "NOUSER";
|
||||
#endif
|
||||
fake.pw_uid = privsep_pw == NULL ? (uid_t)-1 : privsep_pw->pw_uid;
|
||||
fake.pw_gid = privsep_pw == NULL ? (gid_t)-1 : privsep_pw->pw_gid;
|
||||
#ifdef HAVE_PW_CLASS_IN_PASSWD
|
||||
#ifdef HAVE_STRUCT_PASSWD_PW_CLASS
|
||||
fake.pw_class = "";
|
||||
#endif
|
||||
fake.pw_dir = "/nonexist";
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: auth.h,v 1.72 2012/12/02 20:34:09 djm Exp $ */
|
||||
/* $OpenBSD: auth.h,v 1.76 2013/07/19 07:37:48 markus Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||
@ -60,6 +60,7 @@ struct Authctxt {
|
||||
struct passwd *pw; /* set if 'valid' */
|
||||
char *style;
|
||||
void *kbdintctxt;
|
||||
char *info; /* Extra info for next auth_log */
|
||||
void *jpake_ctx;
|
||||
#ifdef BSD_AUTH
|
||||
auth_session_t *as;
|
||||
@ -121,6 +122,8 @@ int auth_rsa_key_allowed(struct passwd *, BIGNUM *, Key **);
|
||||
int auth_rhosts_rsa_key_allowed(struct passwd *, char *, char *, Key *);
|
||||
int hostbased_key_allowed(struct passwd *, const char *, char *, Key *);
|
||||
int user_key_allowed(struct passwd *, Key *);
|
||||
void pubkey_auth_info(Authctxt *, const Key *, const char *, ...)
|
||||
__attribute__((__format__ (printf, 3, 4)));
|
||||
|
||||
struct stat;
|
||||
int auth_secure_path(const char *, struct stat *, const char *, uid_t,
|
||||
@ -148,8 +151,10 @@ void disable_forwarding(void);
|
||||
void do_authentication(Authctxt *);
|
||||
void do_authentication2(Authctxt *);
|
||||
|
||||
void auth_log(Authctxt *, int, int, const char *, const char *,
|
||||
const char *);
|
||||
void auth_info(Authctxt *authctxt, const char *, ...)
|
||||
__attribute__((__format__ (printf, 2, 3)))
|
||||
__attribute__((__nonnull__ (2)));
|
||||
void auth_log(Authctxt *, int, int, const char *, const char *);
|
||||
void userauth_finish(Authctxt *, int, const char *, const char *);
|
||||
int auth_root_allowed(const char *);
|
||||
|
||||
@ -157,8 +162,9 @@ void userauth_send_banner(const char *);
|
||||
|
||||
char *auth2_read_banner(void);
|
||||
int auth2_methods_valid(const char *, int);
|
||||
int auth2_update_methods_lists(Authctxt *, const char *);
|
||||
int auth2_update_methods_lists(Authctxt *, const char *, const char *);
|
||||
int auth2_setup_methods_lists(Authctxt *);
|
||||
int auth2_method_allowed(Authctxt *, const char *, const char *);
|
||||
|
||||
void privsep_challenge_enable(void);
|
||||
|
||||
@ -192,10 +198,12 @@ check_key_in_hostfiles(struct passwd *, Key *, const char *,
|
||||
|
||||
/* hostkey handling */
|
||||
Key *get_hostkey_by_index(int);
|
||||
Key *get_hostkey_public_by_index(int);
|
||||
Key *get_hostkey_public_by_type(int);
|
||||
Key *get_hostkey_private_by_type(int);
|
||||
int get_hostkey_index(Key *);
|
||||
int ssh1_session_key(BIGNUM *);
|
||||
void sshd_hostkey_sign(Key *, Key *, u_char **, u_int *, u_char *, u_int);
|
||||
|
||||
/* debug messages during authentication */
|
||||
void auth_debug_add(const char *fmt,...) __attribute__((format(printf, 1, 2)));
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: auth1.c,v 1.77 2012/12/02 20:34:09 djm Exp $ */
|
||||
/* $OpenBSD: auth1.c,v 1.79 2013/05/19 02:42:42 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
* All rights reserved
|
||||
@ -45,11 +45,11 @@
|
||||
extern ServerOptions options;
|
||||
extern Buffer loginmsg;
|
||||
|
||||
static int auth1_process_password(Authctxt *, char *, size_t);
|
||||
static int auth1_process_rsa(Authctxt *, char *, size_t);
|
||||
static int auth1_process_rhosts_rsa(Authctxt *, char *, size_t);
|
||||
static int auth1_process_tis_challenge(Authctxt *, char *, size_t);
|
||||
static int auth1_process_tis_response(Authctxt *, char *, size_t);
|
||||
static int auth1_process_password(Authctxt *);
|
||||
static int auth1_process_rsa(Authctxt *);
|
||||
static int auth1_process_rhosts_rsa(Authctxt *);
|
||||
static int auth1_process_tis_challenge(Authctxt *);
|
||||
static int auth1_process_tis_response(Authctxt *);
|
||||
|
||||
static char *client_user = NULL; /* Used to fill in remote user for PAM */
|
||||
|
||||
@ -57,7 +57,7 @@ struct AuthMethod1 {
|
||||
int type;
|
||||
char *name;
|
||||
int *enabled;
|
||||
int (*method)(Authctxt *, char *, size_t);
|
||||
int (*method)(Authctxt *);
|
||||
};
|
||||
|
||||
const struct AuthMethod1 auth1_methods[] = {
|
||||
@ -112,7 +112,7 @@ get_authname(int type)
|
||||
|
||||
/*ARGSUSED*/
|
||||
static int
|
||||
auth1_process_password(Authctxt *authctxt, char *info, size_t infolen)
|
||||
auth1_process_password(Authctxt *authctxt)
|
||||
{
|
||||
int authenticated = 0;
|
||||
char *password;
|
||||
@ -130,14 +130,14 @@ auth1_process_password(Authctxt *authctxt, char *info, size_t infolen)
|
||||
authenticated = PRIVSEP(auth_password(authctxt, password));
|
||||
|
||||
memset(password, 0, dlen);
|
||||
xfree(password);
|
||||
free(password);
|
||||
|
||||
return (authenticated);
|
||||
}
|
||||
|
||||
/*ARGSUSED*/
|
||||
static int
|
||||
auth1_process_rsa(Authctxt *authctxt, char *info, size_t infolen)
|
||||
auth1_process_rsa(Authctxt *authctxt)
|
||||
{
|
||||
int authenticated = 0;
|
||||
BIGNUM *n;
|
||||
@ -155,7 +155,7 @@ auth1_process_rsa(Authctxt *authctxt, char *info, size_t infolen)
|
||||
|
||||
/*ARGSUSED*/
|
||||
static int
|
||||
auth1_process_rhosts_rsa(Authctxt *authctxt, char *info, size_t infolen)
|
||||
auth1_process_rhosts_rsa(Authctxt *authctxt)
|
||||
{
|
||||
int keybits, authenticated = 0;
|
||||
u_int bits;
|
||||
@ -187,14 +187,14 @@ auth1_process_rhosts_rsa(Authctxt *authctxt, char *info, size_t infolen)
|
||||
client_host_key);
|
||||
key_free(client_host_key);
|
||||
|
||||
snprintf(info, infolen, " ruser %.100s", client_user);
|
||||
auth_info(authctxt, "ruser %.100s", client_user);
|
||||
|
||||
return (authenticated);
|
||||
}
|
||||
|
||||
/*ARGSUSED*/
|
||||
static int
|
||||
auth1_process_tis_challenge(Authctxt *authctxt, char *info, size_t infolen)
|
||||
auth1_process_tis_challenge(Authctxt *authctxt)
|
||||
{
|
||||
char *challenge;
|
||||
|
||||
@ -204,7 +204,7 @@ auth1_process_tis_challenge(Authctxt *authctxt, char *info, size_t infolen)
|
||||
debug("sending challenge '%s'", challenge);
|
||||
packet_start(SSH_SMSG_AUTH_TIS_CHALLENGE);
|
||||
packet_put_cstring(challenge);
|
||||
xfree(challenge);
|
||||
free(challenge);
|
||||
packet_send();
|
||||
packet_write_wait();
|
||||
|
||||
@ -213,7 +213,7 @@ auth1_process_tis_challenge(Authctxt *authctxt, char *info, size_t infolen)
|
||||
|
||||
/*ARGSUSED*/
|
||||
static int
|
||||
auth1_process_tis_response(Authctxt *authctxt, char *info, size_t infolen)
|
||||
auth1_process_tis_response(Authctxt *authctxt)
|
||||
{
|
||||
int authenticated = 0;
|
||||
char *response;
|
||||
@ -223,7 +223,7 @@ auth1_process_tis_response(Authctxt *authctxt, char *info, size_t infolen)
|
||||
packet_check_eom();
|
||||
authenticated = verify_response(authctxt, response);
|
||||
memset(response, 'r', dlen);
|
||||
xfree(response);
|
||||
free(response);
|
||||
|
||||
return (authenticated);
|
||||
}
|
||||
@ -236,7 +236,6 @@ static void
|
||||
do_authloop(Authctxt *authctxt)
|
||||
{
|
||||
int authenticated = 0;
|
||||
char info[1024];
|
||||
int prev = 0, type = 0;
|
||||
const struct AuthMethod1 *meth;
|
||||
|
||||
@ -254,7 +253,7 @@ do_authloop(Authctxt *authctxt)
|
||||
#endif
|
||||
{
|
||||
auth_log(authctxt, 1, 0, "without authentication",
|
||||
NULL, "");
|
||||
NULL);
|
||||
return;
|
||||
}
|
||||
}
|
||||
@ -268,7 +267,6 @@ do_authloop(Authctxt *authctxt)
|
||||
/* default to fail */
|
||||
authenticated = 0;
|
||||
|
||||
info[0] = '\0';
|
||||
|
||||
/* Get a packet from the client. */
|
||||
prev = type;
|
||||
@ -298,7 +296,7 @@ do_authloop(Authctxt *authctxt)
|
||||
goto skip;
|
||||
}
|
||||
|
||||
authenticated = meth->method(authctxt, info, sizeof(info));
|
||||
authenticated = meth->method(authctxt);
|
||||
if (authenticated == -1)
|
||||
continue; /* "postponed" */
|
||||
|
||||
@ -353,13 +351,10 @@ do_authloop(Authctxt *authctxt)
|
||||
|
||||
skip:
|
||||
/* Log before sending the reply */
|
||||
auth_log(authctxt, authenticated, 0, get_authname(type),
|
||||
NULL, info);
|
||||
auth_log(authctxt, authenticated, 0, get_authname(type), NULL);
|
||||
|
||||
if (client_user != NULL) {
|
||||
xfree(client_user);
|
||||
client_user = NULL;
|
||||
}
|
||||
free(client_user);
|
||||
client_user = NULL;
|
||||
|
||||
if (authenticated)
|
||||
return;
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: auth2-chall.c,v 1.36 2012/12/03 00:14:06 djm Exp $ */
|
||||
/* $OpenBSD: auth2-chall.c,v 1.38 2013/05/17 00:13:13 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2001 Markus Friedl. All rights reserved.
|
||||
* Copyright (c) 2001 Per Allansson. All rights reserved.
|
||||
@ -147,15 +147,13 @@ kbdint_free(KbdintAuthctxt *kbdintctxt)
|
||||
{
|
||||
if (kbdintctxt->device)
|
||||
kbdint_reset_device(kbdintctxt);
|
||||
if (kbdintctxt->devices) {
|
||||
xfree(kbdintctxt->devices);
|
||||
kbdintctxt->devices = NULL;
|
||||
}
|
||||
xfree(kbdintctxt);
|
||||
free(kbdintctxt->devices);
|
||||
bzero(kbdintctxt, sizeof(*kbdintctxt));
|
||||
free(kbdintctxt);
|
||||
}
|
||||
/* get next device */
|
||||
static int
|
||||
kbdint_next_device(KbdintAuthctxt *kbdintctxt)
|
||||
kbdint_next_device(Authctxt *authctxt, KbdintAuthctxt *kbdintctxt)
|
||||
{
|
||||
size_t len;
|
||||
char *t;
|
||||
@ -169,12 +167,16 @@ kbdint_next_device(KbdintAuthctxt *kbdintctxt)
|
||||
|
||||
if (len == 0)
|
||||
break;
|
||||
for (i = 0; devices[i]; i++)
|
||||
for (i = 0; devices[i]; i++) {
|
||||
if (!auth2_method_allowed(authctxt,
|
||||
"keyboard-interactive", devices[i]->name))
|
||||
continue;
|
||||
if (strncmp(kbdintctxt->devices, devices[i]->name, len) == 0)
|
||||
kbdintctxt->device = devices[i];
|
||||
}
|
||||
t = kbdintctxt->devices;
|
||||
kbdintctxt->devices = t[len] ? xstrdup(t+len+1) : NULL;
|
||||
xfree(t);
|
||||
free(t);
|
||||
debug2("kbdint_next_device: devices %s", kbdintctxt->devices ?
|
||||
kbdintctxt->devices : "<empty>");
|
||||
} while (kbdintctxt->devices && !kbdintctxt->device);
|
||||
@ -221,7 +223,7 @@ auth2_challenge_start(Authctxt *authctxt)
|
||||
debug2("auth2_challenge_start: devices %s",
|
||||
kbdintctxt->devices ? kbdintctxt->devices : "<empty>");
|
||||
|
||||
if (kbdint_next_device(kbdintctxt) == 0) {
|
||||
if (kbdint_next_device(authctxt, kbdintctxt) == 0) {
|
||||
auth2_challenge_stop(authctxt);
|
||||
return 0;
|
||||
}
|
||||
@ -268,11 +270,11 @@ send_userauth_info_request(Authctxt *authctxt)
|
||||
packet_write_wait();
|
||||
|
||||
for (i = 0; i < kbdintctxt->nreq; i++)
|
||||
xfree(prompts[i]);
|
||||
xfree(prompts);
|
||||
xfree(echo_on);
|
||||
xfree(name);
|
||||
xfree(instr);
|
||||
free(prompts[i]);
|
||||
free(prompts);
|
||||
free(echo_on);
|
||||
free(name);
|
||||
free(instr);
|
||||
return 1;
|
||||
}
|
||||
|
||||
@ -311,10 +313,9 @@ input_userauth_info_response(int type, u_int32_t seq, void *ctxt)
|
||||
|
||||
for (i = 0; i < nresp; i++) {
|
||||
memset(response[i], 'r', strlen(response[i]));
|
||||
xfree(response[i]);
|
||||
free(response[i]);
|
||||
}
|
||||
if (response)
|
||||
xfree(response);
|
||||
free(response);
|
||||
|
||||
switch (res) {
|
||||
case 0:
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: auth2-gss.c,v 1.18 2012/12/02 20:34:09 djm Exp $ */
|
||||
/* $OpenBSD: auth2-gss.c,v 1.20 2013/05/17 00:13:13 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
|
||||
@ -81,8 +81,7 @@ userauth_gssapi(Authctxt *authctxt)
|
||||
do {
|
||||
mechs--;
|
||||
|
||||
if (doid)
|
||||
xfree(doid);
|
||||
free(doid);
|
||||
|
||||
present = 0;
|
||||
doid = packet_get_string(&len);
|
||||
@ -101,7 +100,7 @@ userauth_gssapi(Authctxt *authctxt)
|
||||
gss_release_oid_set(&ms, &supported);
|
||||
|
||||
if (!present) {
|
||||
xfree(doid);
|
||||
free(doid);
|
||||
authctxt->server_caused_failure = 1;
|
||||
return (0);
|
||||
}
|
||||
@ -109,7 +108,7 @@ userauth_gssapi(Authctxt *authctxt)
|
||||
if (GSS_ERROR(PRIVSEP(ssh_gssapi_server_ctx(&ctxt, &goid)))) {
|
||||
if (ctxt != NULL)
|
||||
ssh_gssapi_delete_ctx(&ctxt);
|
||||
xfree(doid);
|
||||
free(doid);
|
||||
authctxt->server_caused_failure = 1;
|
||||
return (0);
|
||||
}
|
||||
@ -122,7 +121,7 @@ userauth_gssapi(Authctxt *authctxt)
|
||||
packet_put_string(doid, len);
|
||||
|
||||
packet_send();
|
||||
xfree(doid);
|
||||
free(doid);
|
||||
|
||||
dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, &input_gssapi_token);
|
||||
dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, &input_gssapi_errtok);
|
||||
@ -153,7 +152,7 @@ input_gssapi_token(int type, u_int32_t plen, void *ctxt)
|
||||
maj_status = PRIVSEP(ssh_gssapi_accept_ctx(gssctxt, &recv_tok,
|
||||
&send_tok, &flags));
|
||||
|
||||
xfree(recv_tok.value);
|
||||
free(recv_tok.value);
|
||||
|
||||
if (GSS_ERROR(maj_status)) {
|
||||
if (send_tok.length != 0) {
|
||||
@ -208,7 +207,7 @@ input_gssapi_errtok(int type, u_int32_t plen, void *ctxt)
|
||||
maj_status = PRIVSEP(ssh_gssapi_accept_ctx(gssctxt, &recv_tok,
|
||||
&send_tok, NULL));
|
||||
|
||||
xfree(recv_tok.value);
|
||||
free(recv_tok.value);
|
||||
|
||||
/* We can't return anything to the client, even if we wanted to */
|
||||
dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
|
||||
@ -229,14 +228,11 @@ static void
|
||||
input_gssapi_exchange_complete(int type, u_int32_t plen, void *ctxt)
|
||||
{
|
||||
Authctxt *authctxt = ctxt;
|
||||
Gssctxt *gssctxt;
|
||||
int authenticated;
|
||||
|
||||
if (authctxt == NULL || (authctxt->methoddata == NULL && !use_privsep))
|
||||
fatal("No authentication or GSSAPI context");
|
||||
|
||||
gssctxt = authctxt->methoddata;
|
||||
|
||||
/*
|
||||
* We don't need to check the status, because we're only enabled in
|
||||
* the dispatcher once the exchange is complete
|
||||
@ -284,7 +280,7 @@ input_gssapi_mic(int type, u_int32_t plen, void *ctxt)
|
||||
logit("GSSAPI MIC check failed");
|
||||
|
||||
buffer_free(&b);
|
||||
xfree(mic.value);
|
||||
free(mic.value);
|
||||
|
||||
authctxt->postponed = 0;
|
||||
dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: auth2-hostbased.c,v 1.14 2010/08/04 05:42:47 djm Exp $ */
|
||||
/* $OpenBSD: auth2-hostbased.c,v 1.16 2013/06/21 00:34:49 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||
*
|
||||
@ -116,6 +116,10 @@ userauth_hostbased(Authctxt *authctxt)
|
||||
#ifdef DEBUG_PK
|
||||
buffer_dump(&b);
|
||||
#endif
|
||||
|
||||
pubkey_auth_info(authctxt, key,
|
||||
"client user \"%.100s\", client host \"%.100s\"", cuser, chost);
|
||||
|
||||
/* test for allowed key and correct signature */
|
||||
authenticated = 0;
|
||||
if (PRIVSEP(hostbased_key_allowed(authctxt->pw, cuser, chost, key)) &&
|
||||
@ -128,11 +132,11 @@ userauth_hostbased(Authctxt *authctxt)
|
||||
debug2("userauth_hostbased: authenticated %d", authenticated);
|
||||
if (key != NULL)
|
||||
key_free(key);
|
||||
xfree(pkalg);
|
||||
xfree(pkblob);
|
||||
xfree(cuser);
|
||||
xfree(chost);
|
||||
xfree(sig);
|
||||
free(pkalg);
|
||||
free(pkblob);
|
||||
free(cuser);
|
||||
free(chost);
|
||||
free(sig);
|
||||
return authenticated;
|
||||
}
|
||||
|
||||
@ -207,7 +211,7 @@ hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost,
|
||||
verbose("Accepted %s public key %s from %s@%s",
|
||||
key_type(key), fp, cuser, lookup);
|
||||
}
|
||||
xfree(fp);
|
||||
free(fp);
|
||||
}
|
||||
|
||||
return (host_status == HOST_OK);
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: auth2-jpake.c,v 1.5 2012/12/02 20:34:09 djm Exp $ */
|
||||
/* $OpenBSD: auth2-jpake.c,v 1.6 2013/05/17 00:13:13 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2008 Damien Miller. All rights reserved.
|
||||
*
|
||||
@ -179,7 +179,7 @@ derive_rawsalt(const char *username, u_char *rawsalt, u_int len)
|
||||
__func__, len, digest_len);
|
||||
memcpy(rawsalt, digest, len);
|
||||
bzero(digest, digest_len);
|
||||
xfree(digest);
|
||||
free(digest);
|
||||
}
|
||||
|
||||
/* ASCII an integer [0, 64) for inclusion in a password/salt */
|
||||
@ -258,7 +258,7 @@ fake_salt_and_scheme(Authctxt *authctxt, char **salt, char **scheme)
|
||||
makesalt(22, authctxt->user));
|
||||
*scheme = xstrdup("bcrypt");
|
||||
}
|
||||
xfree(style);
|
||||
free(style);
|
||||
debug3("%s: fake %s salt for user %s: %s",
|
||||
__func__, *scheme, authctxt->user, *salt);
|
||||
}
|
||||
@ -361,7 +361,7 @@ auth2_jpake_get_pwdata(Authctxt *authctxt, BIGNUM **s,
|
||||
JPAKE_DEBUG_BN((*s, "%s: s = ", __func__));
|
||||
#endif
|
||||
bzero(secret, secret_len);
|
||||
xfree(secret);
|
||||
free(secret);
|
||||
}
|
||||
|
||||
/*
|
||||
@ -403,12 +403,12 @@ auth2_jpake_start(Authctxt *authctxt)
|
||||
|
||||
bzero(hash_scheme, strlen(hash_scheme));
|
||||
bzero(salt, strlen(salt));
|
||||
xfree(hash_scheme);
|
||||
xfree(salt);
|
||||
free(hash_scheme);
|
||||
free(salt);
|
||||
bzero(x3_proof, x3_proof_len);
|
||||
bzero(x4_proof, x4_proof_len);
|
||||
xfree(x3_proof);
|
||||
xfree(x4_proof);
|
||||
free(x3_proof);
|
||||
free(x4_proof);
|
||||
|
||||
/* Expect step 1 packet from peer */
|
||||
dispatch_set(SSH2_MSG_USERAUTH_JPAKE_CLIENT_STEP1,
|
||||
@ -455,8 +455,8 @@ input_userauth_jpake_client_step1(int type, u_int32_t seq, void *ctxt)
|
||||
|
||||
bzero(x1_proof, x1_proof_len);
|
||||
bzero(x2_proof, x2_proof_len);
|
||||
xfree(x1_proof);
|
||||
xfree(x2_proof);
|
||||
free(x1_proof);
|
||||
free(x2_proof);
|
||||
|
||||
if (!use_privsep)
|
||||
JPAKE_DEBUG_CTX((pctx, "step 2 sending in %s", __func__));
|
||||
@ -469,7 +469,7 @@ input_userauth_jpake_client_step1(int type, u_int32_t seq, void *ctxt)
|
||||
packet_write_wait();
|
||||
|
||||
bzero(x4_s_proof, x4_s_proof_len);
|
||||
xfree(x4_s_proof);
|
||||
free(x4_s_proof);
|
||||
|
||||
/* Expect step 2 packet from peer */
|
||||
dispatch_set(SSH2_MSG_USERAUTH_JPAKE_CLIENT_STEP2,
|
||||
@ -510,7 +510,7 @@ input_userauth_jpake_client_step2(int type, u_int32_t seq, void *ctxt)
|
||||
&pctx->h_k_sid_sessid, &pctx->h_k_sid_sessid_len));
|
||||
|
||||
bzero(x2_s_proof, x2_s_proof_len);
|
||||
xfree(x2_s_proof);
|
||||
free(x2_s_proof);
|
||||
|
||||
if (!use_privsep)
|
||||
JPAKE_DEBUG_CTX((pctx, "confirm sending in %s", __func__));
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: auth2-kbdint.c,v 1.5 2006/08/03 03:34:41 deraadt Exp $ */
|
||||
/* $OpenBSD: auth2-kbdint.c,v 1.6 2013/05/17 00:13:13 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||
*
|
||||
@ -56,8 +56,8 @@ userauth_kbdint(Authctxt *authctxt)
|
||||
if (options.challenge_response_authentication)
|
||||
authenticated = auth2_challenge(authctxt, devs);
|
||||
|
||||
xfree(devs);
|
||||
xfree(lang);
|
||||
free(devs);
|
||||
free(lang);
|
||||
return authenticated;
|
||||
}
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: auth2-passwd.c,v 1.9 2006/08/03 03:34:41 deraadt Exp $ */
|
||||
/* $OpenBSD: auth2-passwd.c,v 1.10 2013/05/17 00:13:13 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||
*
|
||||
@ -60,7 +60,7 @@ userauth_passwd(Authctxt *authctxt)
|
||||
/* discard new password from packet */
|
||||
newpass = packet_get_string(&newlen);
|
||||
memset(newpass, 0, newlen);
|
||||
xfree(newpass);
|
||||
free(newpass);
|
||||
}
|
||||
packet_check_eom();
|
||||
|
||||
@ -69,7 +69,7 @@ userauth_passwd(Authctxt *authctxt)
|
||||
else if (PRIVSEP(auth_password(authctxt, password)) == 1)
|
||||
authenticated = 1;
|
||||
memset(password, 0, len);
|
||||
xfree(password);
|
||||
free(password);
|
||||
return authenticated;
|
||||
}
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: auth2-pubkey.c,v 1.34 2013/02/14 21:35:59 djm Exp $ */
|
||||
/* $OpenBSD: auth2-pubkey.c,v 1.38 2013/06/21 00:34:49 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||
*
|
||||
@ -75,7 +75,7 @@ userauth_pubkey(Authctxt *authctxt)
|
||||
{
|
||||
Buffer b;
|
||||
Key *key = NULL;
|
||||
char *pkalg;
|
||||
char *pkalg, *userstyle;
|
||||
u_char *pkblob, *sig;
|
||||
u_int alen, blen, slen;
|
||||
int have_sig, pktype;
|
||||
@ -127,7 +127,11 @@ userauth_pubkey(Authctxt *authctxt)
|
||||
}
|
||||
/* reconstruct packet */
|
||||
buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
|
||||
buffer_put_cstring(&b, authctxt->user);
|
||||
xasprintf(&userstyle, "%s%s%s", authctxt->user,
|
||||
authctxt->style ? ":" : "",
|
||||
authctxt->style ? authctxt->style : "");
|
||||
buffer_put_cstring(&b, userstyle);
|
||||
free(userstyle);
|
||||
buffer_put_cstring(&b,
|
||||
datafellows & SSH_BUG_PKSERVICE ?
|
||||
"ssh-userauth" :
|
||||
@ -143,6 +147,8 @@ userauth_pubkey(Authctxt *authctxt)
|
||||
#ifdef DEBUG_PK
|
||||
buffer_dump(&b);
|
||||
#endif
|
||||
pubkey_auth_info(authctxt, key, NULL);
|
||||
|
||||
/* test for correct signature */
|
||||
authenticated = 0;
|
||||
if (PRIVSEP(user_key_allowed(authctxt->pw, key)) &&
|
||||
@ -150,7 +156,7 @@ userauth_pubkey(Authctxt *authctxt)
|
||||
buffer_len(&b))) == 1)
|
||||
authenticated = 1;
|
||||
buffer_free(&b);
|
||||
xfree(sig);
|
||||
free(sig);
|
||||
} else {
|
||||
debug("test whether pkalg/pkblob are acceptable");
|
||||
packet_check_eom();
|
||||
@ -178,11 +184,45 @@ userauth_pubkey(Authctxt *authctxt)
|
||||
debug2("userauth_pubkey: authenticated %d pkalg %s", authenticated, pkalg);
|
||||
if (key != NULL)
|
||||
key_free(key);
|
||||
xfree(pkalg);
|
||||
xfree(pkblob);
|
||||
free(pkalg);
|
||||
free(pkblob);
|
||||
return authenticated;
|
||||
}
|
||||
|
||||
void
|
||||
pubkey_auth_info(Authctxt *authctxt, const Key *key, const char *fmt, ...)
|
||||
{
|
||||
char *fp, *extra;
|
||||
va_list ap;
|
||||
int i;
|
||||
|
||||
extra = NULL;
|
||||
if (fmt != NULL) {
|
||||
va_start(ap, fmt);
|
||||
i = vasprintf(&extra, fmt, ap);
|
||||
va_end(ap);
|
||||
if (i < 0 || extra == NULL)
|
||||
fatal("%s: vasprintf failed", __func__);
|
||||
}
|
||||
|
||||
if (key_is_cert(key)) {
|
||||
fp = key_fingerprint(key->cert->signature_key,
|
||||
SSH_FP_MD5, SSH_FP_HEX);
|
||||
auth_info(authctxt, "%s ID %s (serial %llu) CA %s %s%s%s",
|
||||
key_type(key), key->cert->key_id,
|
||||
(unsigned long long)key->cert->serial,
|
||||
key_type(key->cert->signature_key), fp,
|
||||
extra == NULL ? "" : ", ", extra == NULL ? "" : extra);
|
||||
free(fp);
|
||||
} else {
|
||||
fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
|
||||
auth_info(authctxt, "%s %s%s%s", key_type(key), fp,
|
||||
extra == NULL ? "" : ", ", extra == NULL ? "" : extra);
|
||||
free(fp);
|
||||
}
|
||||
free(extra);
|
||||
}
|
||||
|
||||
static int
|
||||
match_principals_option(const char *principal_list, struct KeyCert *cert)
|
||||
{
|
||||
@ -196,7 +236,7 @@ match_principals_option(const char *principal_list, struct KeyCert *cert)
|
||||
principal_list, NULL)) != NULL) {
|
||||
debug3("matched principal from key options \"%.100s\"",
|
||||
result);
|
||||
xfree(result);
|
||||
free(result);
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
@ -276,11 +316,13 @@ check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw)
|
||||
char *fp;
|
||||
|
||||
found_key = 0;
|
||||
found = key_new(key_is_cert(key) ? KEY_UNSPEC : key->type);
|
||||
|
||||
found = NULL;
|
||||
while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) {
|
||||
char *cp, *key_options = NULL;
|
||||
|
||||
if (found != NULL)
|
||||
key_free(found);
|
||||
found = key_new(key_is_cert(key) ? KEY_UNSPEC : key->type);
|
||||
auth_clear_options();
|
||||
|
||||
/* Skip leading whitespace, empty and comment lines. */
|
||||
@ -332,7 +374,7 @@ check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw)
|
||||
reason = "Certificate does not contain an "
|
||||
"authorized principal";
|
||||
fail_reason:
|
||||
xfree(fp);
|
||||
free(fp);
|
||||
error("%s", reason);
|
||||
auth_debug_add("%s", reason);
|
||||
continue;
|
||||
@ -342,13 +384,13 @@ check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw)
|
||||
&reason) != 0)
|
||||
goto fail_reason;
|
||||
if (auth_cert_options(key, pw) != 0) {
|
||||
xfree(fp);
|
||||
free(fp);
|
||||
continue;
|
||||
}
|
||||
verbose("Accepted certificate ID \"%s\" "
|
||||
"signed by %s CA %s via %s", key->cert->key_id,
|
||||
key_type(found), fp, file);
|
||||
xfree(fp);
|
||||
free(fp);
|
||||
found_key = 1;
|
||||
break;
|
||||
} else if (key_equal(found, key)) {
|
||||
@ -358,16 +400,15 @@ check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw)
|
||||
if (key_is_cert_authority)
|
||||
continue;
|
||||
found_key = 1;
|
||||
debug("matching key found: file %s, line %lu",
|
||||
file, linenum);
|
||||
fp = key_fingerprint(found, SSH_FP_MD5, SSH_FP_HEX);
|
||||
verbose("Found matching %s key: %s",
|
||||
key_type(found), fp);
|
||||
xfree(fp);
|
||||
debug("matching key found: file %s, line %lu %s %s",
|
||||
file, linenum, key_type(found), fp);
|
||||
free(fp);
|
||||
break;
|
||||
}
|
||||
}
|
||||
key_free(found);
|
||||
if (found != NULL)
|
||||
key_free(found);
|
||||
if (!found_key)
|
||||
debug2("key not found");
|
||||
return found_key;
|
||||
@ -421,10 +462,8 @@ user_cert_trusted_ca(struct passwd *pw, Key *key)
|
||||
ret = 1;
|
||||
|
||||
out:
|
||||
if (principals_file != NULL)
|
||||
xfree(principals_file);
|
||||
if (ca_fp != NULL)
|
||||
xfree(ca_fp);
|
||||
free(principals_file);
|
||||
free(ca_fp);
|
||||
return ret;
|
||||
}
|
||||
|
||||
@ -629,7 +668,7 @@ user_key_allowed(struct passwd *pw, Key *key)
|
||||
options.authorized_keys_files[i], pw);
|
||||
|
||||
success = user_key_allowed2(pw, key, file);
|
||||
xfree(file);
|
||||
free(file);
|
||||
}
|
||||
|
||||
return success;
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: auth2.c,v 1.126 2012/12/02 20:34:09 djm Exp $ */
|
||||
/* $OpenBSD: auth2.c,v 1.129 2013/05/19 02:42:42 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||
*
|
||||
@ -100,8 +100,12 @@ static void input_userauth_request(int, u_int32_t, void *);
|
||||
/* helper */
|
||||
static Authmethod *authmethod_lookup(Authctxt *, const char *);
|
||||
static char *authmethods_get(Authctxt *authctxt);
|
||||
static int method_allowed(Authctxt *, const char *);
|
||||
static int list_starts_with(const char *, const char *);
|
||||
|
||||
#define MATCH_NONE 0 /* method or submethod mismatch */
|
||||
#define MATCH_METHOD 1 /* method matches (no submethod specified) */
|
||||
#define MATCH_BOTH 2 /* method and submethod match */
|
||||
#define MATCH_PARTIAL 3 /* method matches, submethod can't be checked */
|
||||
static int list_starts_with(const char *, const char *, const char *);
|
||||
|
||||
char *
|
||||
auth2_read_banner(void)
|
||||
@ -128,7 +132,7 @@ auth2_read_banner(void)
|
||||
close(fd);
|
||||
|
||||
if (n != len) {
|
||||
xfree(banner);
|
||||
free(banner);
|
||||
return (NULL);
|
||||
}
|
||||
banner[n] = '\0';
|
||||
@ -164,8 +168,7 @@ userauth_banner(void)
|
||||
userauth_send_banner(banner);
|
||||
|
||||
done:
|
||||
if (banner)
|
||||
xfree(banner);
|
||||
free(banner);
|
||||
}
|
||||
|
||||
/*
|
||||
@ -210,7 +213,7 @@ input_service_request(int type, u_int32_t seq, void *ctxt)
|
||||
debug("bad service request %s", service);
|
||||
packet_disconnect("bad service request %s", service);
|
||||
}
|
||||
xfree(service);
|
||||
free(service);
|
||||
}
|
||||
|
||||
/*ARGSUSED*/
|
||||
@ -318,9 +321,9 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
|
||||
}
|
||||
userauth_finish(authctxt, authenticated, method, NULL);
|
||||
|
||||
xfree(service);
|
||||
xfree(user);
|
||||
xfree(method);
|
||||
free(service);
|
||||
free(user);
|
||||
free(method);
|
||||
}
|
||||
|
||||
void
|
||||
@ -346,14 +349,14 @@ userauth_finish(Authctxt *authctxt, int authenticated, const char *method,
|
||||
}
|
||||
|
||||
if (authenticated && options.num_auth_methods != 0) {
|
||||
if (!auth2_update_methods_lists(authctxt, method)) {
|
||||
if (!auth2_update_methods_lists(authctxt, method, submethod)) {
|
||||
authenticated = 0;
|
||||
partial = 1;
|
||||
}
|
||||
}
|
||||
|
||||
/* Log before sending the reply */
|
||||
auth_log(authctxt, authenticated, partial, method, submethod, " ssh2");
|
||||
auth_log(authctxt, authenticated, partial, method, submethod);
|
||||
|
||||
if (authctxt->postponed)
|
||||
return;
|
||||
@ -408,7 +411,7 @@ userauth_finish(Authctxt *authctxt, int authenticated, const char *method,
|
||||
packet_put_char(partial);
|
||||
packet_send();
|
||||
packet_write_wait();
|
||||
xfree(methods);
|
||||
free(methods);
|
||||
}
|
||||
}
|
||||
|
||||
@ -417,8 +420,9 @@ userauth_finish(Authctxt *authctxt, int authenticated, const char *method,
|
||||
* methods list. Returns 1 if allowed, or no methods lists configured.
|
||||
* 0 otherwise.
|
||||
*/
|
||||
static int
|
||||
method_allowed(Authctxt *authctxt, const char *method)
|
||||
int
|
||||
auth2_method_allowed(Authctxt *authctxt, const char *method,
|
||||
const char *submethod)
|
||||
{
|
||||
u_int i;
|
||||
|
||||
@ -429,7 +433,8 @@ method_allowed(Authctxt *authctxt, const char *method)
|
||||
if (options.num_auth_methods == 0)
|
||||
return 1;
|
||||
for (i = 0; i < authctxt->num_auth_methods; i++) {
|
||||
if (list_starts_with(authctxt->auth_methods[i], method))
|
||||
if (list_starts_with(authctxt->auth_methods[i], method,
|
||||
submethod) != MATCH_NONE)
|
||||
return 1;
|
||||
}
|
||||
return 0;
|
||||
@ -449,7 +454,8 @@ authmethods_get(Authctxt *authctxt)
|
||||
if (authmethods[i]->enabled == NULL ||
|
||||
*(authmethods[i]->enabled) == 0)
|
||||
continue;
|
||||
if (!method_allowed(authctxt, authmethods[i]->name))
|
||||
if (!auth2_method_allowed(authctxt, authmethods[i]->name,
|
||||
NULL))
|
||||
continue;
|
||||
if (buffer_len(&b) > 0)
|
||||
buffer_append(&b, ",", 1);
|
||||
@ -472,7 +478,8 @@ authmethod_lookup(Authctxt *authctxt, const char *name)
|
||||
if (authmethods[i]->enabled != NULL &&
|
||||
*(authmethods[i]->enabled) != 0 &&
|
||||
strcmp(name, authmethods[i]->name) == 0 &&
|
||||
method_allowed(authctxt, authmethods[i]->name))
|
||||
auth2_method_allowed(authctxt,
|
||||
authmethods[i]->name, NULL))
|
||||
return authmethods[i];
|
||||
debug2("Unrecognized authentication method name: %s",
|
||||
name ? name : "NULL");
|
||||
@ -487,7 +494,7 @@ authmethod_lookup(Authctxt *authctxt, const char *name)
|
||||
int
|
||||
auth2_methods_valid(const char *_methods, int need_enable)
|
||||
{
|
||||
char *methods, *omethods, *method;
|
||||
char *methods, *omethods, *method, *p;
|
||||
u_int i, found;
|
||||
int ret = -1;
|
||||
|
||||
@ -498,6 +505,8 @@ auth2_methods_valid(const char *_methods, int need_enable)
|
||||
omethods = methods = xstrdup(_methods);
|
||||
while ((method = strsep(&methods, ",")) != NULL) {
|
||||
for (found = i = 0; !found && authmethods[i] != NULL; i++) {
|
||||
if ((p = strchr(method, ':')) != NULL)
|
||||
*p = '\0';
|
||||
if (strcmp(method, authmethods[i]->name) != 0)
|
||||
continue;
|
||||
if (need_enable) {
|
||||
@ -563,15 +572,30 @@ auth2_setup_methods_lists(Authctxt *authctxt)
|
||||
}
|
||||
|
||||
static int
|
||||
list_starts_with(const char *methods, const char *method)
|
||||
list_starts_with(const char *methods, const char *method,
|
||||
const char *submethod)
|
||||
{
|
||||
size_t l = strlen(method);
|
||||
int match;
|
||||
const char *p;
|
||||
|
||||
if (strncmp(methods, method, l) != 0)
|
||||
return 0;
|
||||
if (methods[l] != ',' && methods[l] != '\0')
|
||||
return 0;
|
||||
return 1;
|
||||
return MATCH_NONE;
|
||||
p = methods + l;
|
||||
match = MATCH_METHOD;
|
||||
if (*p == ':') {
|
||||
if (!submethod)
|
||||
return MATCH_PARTIAL;
|
||||
l = strlen(submethod);
|
||||
p += 1;
|
||||
if (strncmp(submethod, p, l))
|
||||
return MATCH_NONE;
|
||||
p += l;
|
||||
match = MATCH_BOTH;
|
||||
}
|
||||
if (*p != ',' && *p != '\0')
|
||||
return MATCH_NONE;
|
||||
return match;
|
||||
}
|
||||
|
||||
/*
|
||||
@ -580,14 +604,21 @@ list_starts_with(const char *methods, const char *method)
|
||||
* if it did.
|
||||
*/
|
||||
static int
|
||||
remove_method(char **methods, const char *method)
|
||||
remove_method(char **methods, const char *method, const char *submethod)
|
||||
{
|
||||
char *omethods = *methods;
|
||||
char *omethods = *methods, *p;
|
||||
size_t l = strlen(method);
|
||||
int match;
|
||||
|
||||
if (!list_starts_with(omethods, method))
|
||||
match = list_starts_with(omethods, method, submethod);
|
||||
if (match != MATCH_METHOD && match != MATCH_BOTH)
|
||||
return 0;
|
||||
*methods = xstrdup(omethods + l + (omethods[l] == ',' ? 1 : 0));
|
||||
p = omethods + l;
|
||||
if (submethod && match == MATCH_BOTH)
|
||||
p += 1 + strlen(submethod); /* include colon */
|
||||
if (*p == ',')
|
||||
p++;
|
||||
*methods = xstrdup(p);
|
||||
free(omethods);
|
||||
return 1;
|
||||
}
|
||||
@ -599,13 +630,15 @@ remove_method(char **methods, const char *method)
|
||||
* Returns 1 if the method completed any authentication list or 0 otherwise.
|
||||
*/
|
||||
int
|
||||
auth2_update_methods_lists(Authctxt *authctxt, const char *method)
|
||||
auth2_update_methods_lists(Authctxt *authctxt, const char *method,
|
||||
const char *submethod)
|
||||
{
|
||||
u_int i, found = 0;
|
||||
|
||||
debug3("%s: updating methods list after \"%s\"", __func__, method);
|
||||
for (i = 0; i < authctxt->num_auth_methods; i++) {
|
||||
if (!remove_method(&(authctxt->auth_methods[i]), method))
|
||||
if (!remove_method(&(authctxt->auth_methods[i]), method,
|
||||
submethod))
|
||||
continue;
|
||||
found = 1;
|
||||
if (*authctxt->auth_methods[i] == '\0') {
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: authfd.c,v 1.86 2011/07/06 18:09:21 tedu Exp $ */
|
||||
/* $OpenBSD: authfd.c,v 1.87 2013/05/17 00:13:13 djm Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
@ -224,7 +224,7 @@ ssh_close_authentication_connection(AuthenticationConnection *auth)
|
||||
{
|
||||
buffer_free(&auth->identities);
|
||||
close(auth->fd);
|
||||
xfree(auth);
|
||||
free(auth);
|
||||
}
|
||||
|
||||
/* Lock/unlock agent */
|
||||
@ -343,7 +343,7 @@ ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int versio
|
||||
blob = buffer_get_string(&auth->identities, &blen);
|
||||
*comment = buffer_get_string(&auth->identities, NULL);
|
||||
key = key_from_blob(blob, blen);
|
||||
xfree(blob);
|
||||
free(blob);
|
||||
break;
|
||||
default:
|
||||
return NULL;
|
||||
@ -436,7 +436,7 @@ ssh_agent_sign(AuthenticationConnection *auth,
|
||||
buffer_put_string(&msg, blob, blen);
|
||||
buffer_put_string(&msg, data, datalen);
|
||||
buffer_put_int(&msg, flags);
|
||||
xfree(blob);
|
||||
free(blob);
|
||||
|
||||
if (ssh_request_reply(auth, &msg, &msg) == 0) {
|
||||
buffer_free(&msg);
|
||||
@ -612,7 +612,7 @@ ssh_remove_identity(AuthenticationConnection *auth, Key *key)
|
||||
key_to_blob(key, &blob, &blen);
|
||||
buffer_put_char(&msg, SSH2_AGENTC_REMOVE_IDENTITY);
|
||||
buffer_put_string(&msg, blob, blen);
|
||||
xfree(blob);
|
||||
free(blob);
|
||||
} else {
|
||||
buffer_free(&msg);
|
||||
return 0;
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: authfile.c,v 1.95 2013/01/08 18:49:04 markus Exp $ */
|
||||
/* $OpenBSD: authfile.c,v 1.97 2013/05/17 00:13:13 djm Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
@ -89,7 +89,7 @@ key_private_rsa1_to_blob(Key *key, Buffer *blob, const char *passphrase,
|
||||
u_char buf[100], *cp;
|
||||
int i, cipher_num;
|
||||
CipherContext ciphercontext;
|
||||
Cipher *cipher;
|
||||
const Cipher *cipher;
|
||||
u_int32_t rnd;
|
||||
|
||||
/*
|
||||
@ -421,7 +421,7 @@ key_parse_private_rsa1(Buffer *blob, const char *passphrase, char **commentp)
|
||||
Buffer decrypted;
|
||||
u_char *cp;
|
||||
CipherContext ciphercontext;
|
||||
Cipher *cipher;
|
||||
const Cipher *cipher;
|
||||
Key *prv = NULL;
|
||||
Buffer copy;
|
||||
|
||||
@ -509,8 +509,8 @@ key_parse_private_rsa1(Buffer *blob, const char *passphrase, char **commentp)
|
||||
return prv;
|
||||
|
||||
fail:
|
||||
if (commentp)
|
||||
xfree(*commentp);
|
||||
if (commentp != NULL)
|
||||
free(*commentp);
|
||||
key_free(prv);
|
||||
return NULL;
|
||||
}
|
||||
@ -832,10 +832,10 @@ key_load_cert(const char *filename)
|
||||
pub = key_new(KEY_UNSPEC);
|
||||
xasprintf(&file, "%s-cert.pub", filename);
|
||||
if (key_try_load_public(pub, file, NULL) == 1) {
|
||||
xfree(file);
|
||||
free(file);
|
||||
return pub;
|
||||
}
|
||||
xfree(file);
|
||||
free(file);
|
||||
key_free(pub);
|
||||
return NULL;
|
||||
}
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: bufaux.c,v 1.50 2010/08/31 09:58:37 djm Exp $ */
|
||||
/* $OpenBSD: bufaux.c,v 1.52 2013/07/12 00:19:58 djm Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
@ -181,7 +181,7 @@ buffer_get_string_ret(Buffer *buffer, u_int *length_ptr)
|
||||
/* Get the string. */
|
||||
if (buffer_get_ret(buffer, value, len) == -1) {
|
||||
error("buffer_get_string_ret: buffer_get failed");
|
||||
xfree(value);
|
||||
free(value);
|
||||
return (NULL);
|
||||
}
|
||||
/* Append a null character to make processing easier. */
|
||||
@ -216,7 +216,7 @@ buffer_get_cstring_ret(Buffer *buffer, u_int *length_ptr)
|
||||
error("buffer_get_cstring_ret: string contains \\0");
|
||||
else {
|
||||
bzero(ret, length);
|
||||
xfree(ret);
|
||||
free(ret);
|
||||
return NULL;
|
||||
}
|
||||
}
|
||||
@ -285,7 +285,7 @@ buffer_put_cstring(Buffer *buffer, const char *s)
|
||||
* Returns a character from the buffer (0 - 255).
|
||||
*/
|
||||
int
|
||||
buffer_get_char_ret(char *ret, Buffer *buffer)
|
||||
buffer_get_char_ret(u_char *ret, Buffer *buffer)
|
||||
{
|
||||
if (buffer_get_ret(buffer, ret, 1) == -1) {
|
||||
error("buffer_get_char_ret: buffer_get_ret failed");
|
||||
@ -297,11 +297,11 @@ buffer_get_char_ret(char *ret, Buffer *buffer)
|
||||
int
|
||||
buffer_get_char(Buffer *buffer)
|
||||
{
|
||||
char ch;
|
||||
u_char ch;
|
||||
|
||||
if (buffer_get_char_ret(&ch, buffer) == -1)
|
||||
fatal("buffer_get_char: buffer error");
|
||||
return (u_char) ch;
|
||||
return ch;
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: bufbn.c,v 1.6 2007/06/02 09:04:58 djm Exp $*/
|
||||
/* $OpenBSD: bufbn.c,v 1.7 2013/05/17 00:13:13 djm Exp $*/
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
@ -69,7 +69,7 @@ buffer_put_bignum_ret(Buffer *buffer, const BIGNUM *value)
|
||||
if (oi != bin_size) {
|
||||
error("buffer_put_bignum_ret: BN_bn2bin() failed: oi %d != bin_size %d",
|
||||
oi, bin_size);
|
||||
xfree(buf);
|
||||
free(buf);
|
||||
return (-1);
|
||||
}
|
||||
|
||||
@ -80,7 +80,7 @@ buffer_put_bignum_ret(Buffer *buffer, const BIGNUM *value)
|
||||
buffer_append(buffer, buf, oi);
|
||||
|
||||
memset(buf, 0, bin_size);
|
||||
xfree(buf);
|
||||
free(buf);
|
||||
|
||||
return (0);
|
||||
}
|
||||
@ -167,13 +167,13 @@ buffer_put_bignum2_ret(Buffer *buffer, const BIGNUM *value)
|
||||
if (oi < 0 || (u_int)oi != bytes - 1) {
|
||||
error("buffer_put_bignum2_ret: BN_bn2bin() failed: "
|
||||
"oi %d != bin_size %d", oi, bytes);
|
||||
xfree(buf);
|
||||
free(buf);
|
||||
return (-1);
|
||||
}
|
||||
hasnohigh = (buf[1] & 0x80) ? 0 : 1;
|
||||
buffer_put_string(buffer, buf+hasnohigh, bytes-hasnohigh);
|
||||
memset(buf, 0, bytes);
|
||||
xfree(buf);
|
||||
free(buf);
|
||||
return (0);
|
||||
}
|
||||
|
||||
@ -197,21 +197,21 @@ buffer_get_bignum2_ret(Buffer *buffer, BIGNUM *value)
|
||||
|
||||
if (len > 0 && (bin[0] & 0x80)) {
|
||||
error("buffer_get_bignum2_ret: negative numbers not supported");
|
||||
xfree(bin);
|
||||
free(bin);
|
||||
return (-1);
|
||||
}
|
||||
if (len > 8 * 1024) {
|
||||
error("buffer_get_bignum2_ret: cannot handle BN of size %d",
|
||||
len);
|
||||
xfree(bin);
|
||||
free(bin);
|
||||
return (-1);
|
||||
}
|
||||
if (BN_bin2bn(bin, len, value) == NULL) {
|
||||
error("buffer_get_bignum2_ret: BN_bin2bn failed");
|
||||
xfree(bin);
|
||||
free(bin);
|
||||
return (-1);
|
||||
}
|
||||
xfree(bin);
|
||||
free(bin);
|
||||
return (0);
|
||||
}
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: bufec.c,v 1.1 2010/08/31 11:54:45 djm Exp $ */
|
||||
/* $OpenBSD: bufec.c,v 1.2 2013/05/17 00:13:13 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2010 Damien Miller <djm@mindrot.org>
|
||||
*
|
||||
@ -78,7 +78,7 @@ buffer_put_ecpoint_ret(Buffer *buffer, const EC_GROUP *curve,
|
||||
out:
|
||||
if (buf != NULL) {
|
||||
bzero(buf, len);
|
||||
xfree(buf);
|
||||
free(buf);
|
||||
}
|
||||
BN_CTX_free(bnctx);
|
||||
return ret;
|
||||
@ -131,7 +131,7 @@ buffer_get_ecpoint_ret(Buffer *buffer, const EC_GROUP *curve,
|
||||
out:
|
||||
BN_CTX_free(bnctx);
|
||||
bzero(buf, len);
|
||||
xfree(buf);
|
||||
free(buf);
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: buffer.c,v 1.32 2010/02/09 03:56:28 djm Exp $ */
|
||||
/* $OpenBSD: buffer.c,v 1.33 2013/05/17 00:13:13 djm Exp $ */
|
||||
/* $FreeBSD$ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
@ -51,7 +51,7 @@ buffer_free(Buffer *buffer)
|
||||
if (buffer->alloc > 0) {
|
||||
memset(buffer->buf, 0, buffer->alloc);
|
||||
buffer->alloc = 0;
|
||||
xfree(buffer->buf);
|
||||
free(buffer->buf);
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: buffer.h,v 1.21 2010/08/31 11:54:45 djm Exp $ */
|
||||
/* $OpenBSD: buffer.h,v 1.22 2013/07/12 00:19:58 djm Exp $ */
|
||||
/* $FreeBSD$ */
|
||||
|
||||
/*
|
||||
@ -87,7 +87,7 @@ int buffer_get_int64_ret(u_int64_t *, Buffer *);
|
||||
void *buffer_get_string_ret(Buffer *, u_int *);
|
||||
char *buffer_get_cstring_ret(Buffer *, u_int *);
|
||||
void *buffer_get_string_ptr_ret(Buffer *, u_int *);
|
||||
int buffer_get_char_ret(char *, Buffer *);
|
||||
int buffer_get_char_ret(u_char *, Buffer *);
|
||||
|
||||
#ifdef OPENSSL_HAS_ECC
|
||||
#include <openssl/ec.h>
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: canohost.c,v 1.66 2010/01/13 01:20:20 dtucker Exp $ */
|
||||
/* $OpenBSD: canohost.c,v 1.67 2013/05/17 00:13:13 djm Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
@ -41,7 +41,7 @@ static int cached_port = -1;
|
||||
|
||||
/*
|
||||
* Return the canonical name of the host at the other end of the socket. The
|
||||
* caller should free the returned string with xfree.
|
||||
* caller should free the returned string.
|
||||
*/
|
||||
|
||||
static char *
|
||||
@ -323,10 +323,8 @@ get_local_name(int fd)
|
||||
void
|
||||
clear_cached_addr(void)
|
||||
{
|
||||
if (canonical_host_ip != NULL) {
|
||||
xfree(canonical_host_ip);
|
||||
canonical_host_ip = NULL;
|
||||
}
|
||||
free(canonical_host_ip);
|
||||
canonical_host_ip = NULL;
|
||||
cached_port = -1;
|
||||
}
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: channels.c,v 1.319 2012/12/02 20:46:11 djm Exp $ */
|
||||
/* $OpenBSD: channels.c,v 1.324 2013/07/12 00:19:58 djm Exp $ */
|
||||
/* $FreeBSD$ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
@ -219,6 +219,7 @@ channel_lookup(int id)
|
||||
case SSH_CHANNEL_OPEN:
|
||||
case SSH_CHANNEL_INPUT_DRAINING:
|
||||
case SSH_CHANNEL_OUTPUT_DRAINING:
|
||||
case SSH_CHANNEL_ABANDONED:
|
||||
return (c);
|
||||
}
|
||||
logit("Non-public channel %d, type %d.", id, c->type);
|
||||
@ -253,7 +254,10 @@ channel_register_fds(Channel *c, int rfd, int wfd, int efd,
|
||||
|
||||
if ((c->isatty = is_tty) != 0)
|
||||
debug2("channel %d: rfd %d isatty", c->self, c->rfd);
|
||||
#ifdef _AIX
|
||||
/* XXX: Later AIX versions can't push as much data to tty */
|
||||
c->wfd_isatty = is_tty || isatty(c->wfd);
|
||||
#endif
|
||||
|
||||
/* enable nonblocking mode */
|
||||
if (nonblock) {
|
||||
@ -408,7 +412,7 @@ channel_free(Channel *c)
|
||||
|
||||
s = channel_open_message();
|
||||
debug3("channel %d: status: %s", c->self, s);
|
||||
xfree(s);
|
||||
free(s);
|
||||
|
||||
if (c->sock != -1)
|
||||
shutdown(c->sock, SHUT_RDWR);
|
||||
@ -416,29 +420,23 @@ channel_free(Channel *c)
|
||||
buffer_free(&c->input);
|
||||
buffer_free(&c->output);
|
||||
buffer_free(&c->extended);
|
||||
if (c->remote_name) {
|
||||
xfree(c->remote_name);
|
||||
c->remote_name = NULL;
|
||||
}
|
||||
if (c->path) {
|
||||
xfree(c->path);
|
||||
c->path = NULL;
|
||||
}
|
||||
if (c->listening_addr) {
|
||||
xfree(c->listening_addr);
|
||||
c->listening_addr = NULL;
|
||||
}
|
||||
free(c->remote_name);
|
||||
c->remote_name = NULL;
|
||||
free(c->path);
|
||||
c->path = NULL;
|
||||
free(c->listening_addr);
|
||||
c->listening_addr = NULL;
|
||||
while ((cc = TAILQ_FIRST(&c->status_confirms)) != NULL) {
|
||||
if (cc->abandon_cb != NULL)
|
||||
cc->abandon_cb(c, cc->ctx);
|
||||
TAILQ_REMOVE(&c->status_confirms, cc, entry);
|
||||
bzero(cc, sizeof(*cc));
|
||||
xfree(cc);
|
||||
free(cc);
|
||||
}
|
||||
if (c->filter_cleanup != NULL && c->filter_ctx != NULL)
|
||||
c->filter_cleanup(c->self, c->filter_ctx);
|
||||
channels[c->self] = NULL;
|
||||
xfree(c);
|
||||
free(c);
|
||||
}
|
||||
|
||||
void
|
||||
@ -543,6 +541,7 @@ channel_still_open(void)
|
||||
case SSH_CHANNEL_DYNAMIC:
|
||||
case SSH_CHANNEL_CONNECTING:
|
||||
case SSH_CHANNEL_ZOMBIE:
|
||||
case SSH_CHANNEL_ABANDONED:
|
||||
continue;
|
||||
case SSH_CHANNEL_LARVAL:
|
||||
if (!compat20)
|
||||
@ -588,6 +587,7 @@ channel_find_open(void)
|
||||
case SSH_CHANNEL_OPENING:
|
||||
case SSH_CHANNEL_CONNECTING:
|
||||
case SSH_CHANNEL_ZOMBIE:
|
||||
case SSH_CHANNEL_ABANDONED:
|
||||
continue;
|
||||
case SSH_CHANNEL_LARVAL:
|
||||
case SSH_CHANNEL_AUTH_SOCKET:
|
||||
@ -635,6 +635,7 @@ channel_open_message(void)
|
||||
case SSH_CHANNEL_CLOSED:
|
||||
case SSH_CHANNEL_AUTH_SOCKET:
|
||||
case SSH_CHANNEL_ZOMBIE:
|
||||
case SSH_CHANNEL_ABANDONED:
|
||||
case SSH_CHANNEL_MUX_CLIENT:
|
||||
case SSH_CHANNEL_MUX_LISTENER:
|
||||
continue;
|
||||
@ -1122,10 +1123,8 @@ channel_decode_socks4(Channel *c, fd_set *readset, fd_set *writeset)
|
||||
strlcpy(username, p, sizeof(username));
|
||||
buffer_consume(&c->input, len);
|
||||
|
||||
if (c->path != NULL) {
|
||||
xfree(c->path);
|
||||
c->path = NULL;
|
||||
}
|
||||
free(c->path);
|
||||
c->path = NULL;
|
||||
if (need == 1) { /* SOCKS4: one string */
|
||||
host = inet_ntoa(s4_req.dest_addr);
|
||||
c->path = xstrdup(host);
|
||||
@ -1185,7 +1184,8 @@ channel_decode_socks5(Channel *c, fd_set *readset, fd_set *writeset)
|
||||
u_int8_t atyp;
|
||||
} s5_req, s5_rsp;
|
||||
u_int16_t dest_port;
|
||||
u_char *p, dest_addr[255+1], ntop[INET6_ADDRSTRLEN];
|
||||
char dest_addr[255+1], ntop[INET6_ADDRSTRLEN];
|
||||
u_char *p;
|
||||
u_int have, need, i, found, nmethods, addrlen, af;
|
||||
|
||||
debug2("channel %d: decode socks5", c->self);
|
||||
@ -1255,13 +1255,11 @@ channel_decode_socks5(Channel *c, fd_set *readset, fd_set *writeset)
|
||||
buffer_consume(&c->input, sizeof(s5_req));
|
||||
if (s5_req.atyp == SSH_SOCKS5_DOMAIN)
|
||||
buffer_consume(&c->input, 1); /* host string length */
|
||||
buffer_get(&c->input, (char *)&dest_addr, addrlen);
|
||||
buffer_get(&c->input, &dest_addr, addrlen);
|
||||
buffer_get(&c->input, (char *)&dest_port, 2);
|
||||
dest_addr[addrlen] = '\0';
|
||||
if (c->path != NULL) {
|
||||
xfree(c->path);
|
||||
c->path = NULL;
|
||||
}
|
||||
free(c->path);
|
||||
c->path = NULL;
|
||||
if (s5_req.atyp == SSH_SOCKS5_DOMAIN) {
|
||||
if (addrlen >= NI_MAXHOST) {
|
||||
error("channel %d: dynamic request: socks5 hostname "
|
||||
@ -1283,11 +1281,10 @@ channel_decode_socks5(Channel *c, fd_set *readset, fd_set *writeset)
|
||||
s5_rsp.command = SSH_SOCKS5_SUCCESS;
|
||||
s5_rsp.reserved = 0; /* ignored */
|
||||
s5_rsp.atyp = SSH_SOCKS5_IPV4;
|
||||
((struct in_addr *)&dest_addr)->s_addr = INADDR_ANY;
|
||||
dest_port = 0; /* ignored */
|
||||
|
||||
buffer_append(&c->output, &s5_rsp, sizeof(s5_rsp));
|
||||
buffer_append(&c->output, &dest_addr, sizeof(struct in_addr));
|
||||
buffer_put_int(&c->output, ntohl(INADDR_ANY)); /* bind address */
|
||||
buffer_append(&c->output, &dest_port, sizeof(dest_port));
|
||||
return 1;
|
||||
}
|
||||
@ -1366,7 +1363,7 @@ channel_post_x11_listener(Channel *c, fd_set *readset, fd_set *writeset)
|
||||
{
|
||||
Channel *nc;
|
||||
struct sockaddr_storage addr;
|
||||
int newsock;
|
||||
int newsock, oerrno;
|
||||
socklen_t addrlen;
|
||||
char buf[16384], *remote_ipaddr;
|
||||
int remote_port;
|
||||
@ -1376,14 +1373,18 @@ channel_post_x11_listener(Channel *c, fd_set *readset, fd_set *writeset)
|
||||
addrlen = sizeof(addr);
|
||||
newsock = accept(c->sock, (struct sockaddr *)&addr, &addrlen);
|
||||
if (c->single_connection) {
|
||||
oerrno = errno;
|
||||
debug2("single_connection: closing X11 listener.");
|
||||
channel_close_fd(&c->sock);
|
||||
chan_mark_dead(c);
|
||||
errno = oerrno;
|
||||
}
|
||||
if (newsock < 0) {
|
||||
error("accept: %.100s", strerror(errno));
|
||||
if (errno != EINTR && errno != EWOULDBLOCK &&
|
||||
errno != ECONNABORTED)
|
||||
error("accept: %.100s", strerror(errno));
|
||||
if (errno == EMFILE || errno == ENFILE)
|
||||
c->notbefore = time(NULL) + 1;
|
||||
c->notbefore = monotime() + 1;
|
||||
return;
|
||||
}
|
||||
set_nodelay(newsock);
|
||||
@ -1417,7 +1418,7 @@ channel_post_x11_listener(Channel *c, fd_set *readset, fd_set *writeset)
|
||||
packet_put_cstring(buf);
|
||||
packet_send();
|
||||
}
|
||||
xfree(remote_ipaddr);
|
||||
free(remote_ipaddr);
|
||||
}
|
||||
}
|
||||
|
||||
@ -1431,7 +1432,7 @@ port_open_helper(Channel *c, char *rtype)
|
||||
|
||||
if (remote_port == -1) {
|
||||
/* Fake addr/port to appease peers that validate it (Tectia) */
|
||||
xfree(remote_ipaddr);
|
||||
free(remote_ipaddr);
|
||||
remote_ipaddr = xstrdup("127.0.0.1");
|
||||
remote_port = 65535;
|
||||
}
|
||||
@ -1444,7 +1445,7 @@ port_open_helper(Channel *c, char *rtype)
|
||||
rtype, c->listening_port, c->path, c->host_port,
|
||||
remote_ipaddr, remote_port);
|
||||
|
||||
xfree(c->remote_name);
|
||||
free(c->remote_name);
|
||||
c->remote_name = xstrdup(buf);
|
||||
|
||||
if (compat20) {
|
||||
@ -1476,7 +1477,7 @@ port_open_helper(Channel *c, char *rtype)
|
||||
packet_put_cstring(c->remote_name);
|
||||
packet_send();
|
||||
}
|
||||
xfree(remote_ipaddr);
|
||||
free(remote_ipaddr);
|
||||
}
|
||||
|
||||
static void
|
||||
@ -1526,9 +1527,11 @@ channel_post_port_listener(Channel *c, fd_set *readset, fd_set *writeset)
|
||||
addrlen = sizeof(addr);
|
||||
newsock = accept(c->sock, (struct sockaddr *)&addr, &addrlen);
|
||||
if (newsock < 0) {
|
||||
error("accept: %.100s", strerror(errno));
|
||||
if (errno != EINTR && errno != EWOULDBLOCK &&
|
||||
errno != ECONNABORTED)
|
||||
error("accept: %.100s", strerror(errno));
|
||||
if (errno == EMFILE || errno == ENFILE)
|
||||
c->notbefore = time(NULL) + 1;
|
||||
c->notbefore = monotime() + 1;
|
||||
return;
|
||||
}
|
||||
set_nodelay(newsock);
|
||||
@ -1564,7 +1567,7 @@ channel_post_auth_listener(Channel *c, fd_set *readset, fd_set *writeset)
|
||||
error("accept from auth socket: %.100s",
|
||||
strerror(errno));
|
||||
if (errno == EMFILE || errno == ENFILE)
|
||||
c->notbefore = time(NULL) + 1;
|
||||
c->notbefore = monotime() + 1;
|
||||
return;
|
||||
}
|
||||
nc = channel_new("accepted auth socket",
|
||||
@ -1727,7 +1730,7 @@ channel_handle_wfd(Channel *c, fd_set *readset, fd_set *writeset)
|
||||
if (c->datagram) {
|
||||
/* ignore truncated writes, datagrams might get lost */
|
||||
len = write(c->wfd, buf, dlen);
|
||||
xfree(data);
|
||||
free(data);
|
||||
if (len < 0 && (errno == EINTR || errno == EAGAIN ||
|
||||
errno == EWOULDBLOCK))
|
||||
return 1;
|
||||
@ -1979,7 +1982,7 @@ channel_post_mux_listener(Channel *c, fd_set *readset, fd_set *writeset)
|
||||
&addrlen)) == -1) {
|
||||
error("%s accept: %s", __func__, strerror(errno));
|
||||
if (errno == EMFILE || errno == ENFILE)
|
||||
c->notbefore = time(NULL) + 1;
|
||||
c->notbefore = monotime() + 1;
|
||||
return;
|
||||
}
|
||||
|
||||
@ -2142,7 +2145,7 @@ channel_handler(chan_fn *ftab[], fd_set *readset, fd_set *writeset,
|
||||
channel_handler_init();
|
||||
did_init = 1;
|
||||
}
|
||||
now = time(NULL);
|
||||
now = monotime();
|
||||
if (unpause_secs != NULL)
|
||||
*unpause_secs = 0;
|
||||
for (i = 0, oalloc = channels_alloc; i < oalloc; i++) {
|
||||
@ -2272,7 +2275,7 @@ channel_output_poll(void)
|
||||
debug("channel %d: datagram "
|
||||
"too big for channel",
|
||||
c->self);
|
||||
xfree(data);
|
||||
free(data);
|
||||
continue;
|
||||
}
|
||||
packet_start(SSH2_MSG_CHANNEL_DATA);
|
||||
@ -2280,7 +2283,7 @@ channel_output_poll(void)
|
||||
packet_put_string(data, dlen);
|
||||
packet_send();
|
||||
c->remote_window -= dlen + 4;
|
||||
xfree(data);
|
||||
free(data);
|
||||
}
|
||||
continue;
|
||||
}
|
||||
@ -2452,13 +2455,13 @@ channel_input_extended_data(int type, u_int32_t seq, void *ctxt)
|
||||
if (data_len > c->local_window) {
|
||||
logit("channel %d: rcvd too much extended_data %d, win %d",
|
||||
c->self, data_len, c->local_window);
|
||||
xfree(data);
|
||||
free(data);
|
||||
return;
|
||||
}
|
||||
debug2("channel %d: rcvd ext data %d", c->self, data_len);
|
||||
c->local_window -= data_len;
|
||||
buffer_append(&c->extended, data, data_len);
|
||||
xfree(data);
|
||||
free(data);
|
||||
}
|
||||
|
||||
/* ARGSUSED */
|
||||
@ -2548,7 +2551,7 @@ channel_input_close_confirmation(int type, u_int32_t seq, void *ctxt)
|
||||
if (c == NULL)
|
||||
packet_disconnect("Received close confirmation for "
|
||||
"out-of-range channel %d.", id);
|
||||
if (c->type != SSH_CHANNEL_CLOSED)
|
||||
if (c->type != SSH_CHANNEL_CLOSED && c->type != SSH_CHANNEL_ABANDONED)
|
||||
packet_disconnect("Received close confirmation for "
|
||||
"non-closed channel %d (type %d).", id, c->type);
|
||||
channel_free(c);
|
||||
@ -2624,10 +2627,8 @@ channel_input_open_failure(int type, u_int32_t seq, void *ctxt)
|
||||
}
|
||||
logit("channel %d: open failed: %s%s%s", id,
|
||||
reason2txt(reason), msg ? ": ": "", msg ? msg : "");
|
||||
if (msg != NULL)
|
||||
xfree(msg);
|
||||
if (lang != NULL)
|
||||
xfree(lang);
|
||||
free(msg);
|
||||
free(lang);
|
||||
if (c->open_confirm) {
|
||||
debug2("callback start");
|
||||
c->open_confirm(c->self, 0, c->open_confirm_ctx);
|
||||
@ -2685,8 +2686,8 @@ channel_input_port_open(int type, u_int32_t seq, void *ctxt)
|
||||
packet_check_eom();
|
||||
c = channel_connect_to(host, host_port,
|
||||
"connected socket", originator_string);
|
||||
xfree(originator_string);
|
||||
xfree(host);
|
||||
free(originator_string);
|
||||
free(host);
|
||||
if (c == NULL) {
|
||||
packet_start(SSH_MSG_CHANNEL_OPEN_FAILURE);
|
||||
packet_put_int(remote_id);
|
||||
@ -2721,7 +2722,7 @@ channel_input_status_confirm(int type, u_int32_t seq, void *ctxt)
|
||||
cc->cb(type, c, cc->ctx);
|
||||
TAILQ_REMOVE(&c->status_confirms, cc, entry);
|
||||
bzero(cc, sizeof(*cc));
|
||||
xfree(cc);
|
||||
free(cc);
|
||||
}
|
||||
|
||||
/* -- tcp forwarding */
|
||||
@ -3117,7 +3118,7 @@ channel_request_rforward_cancel(const char *host, u_short port)
|
||||
|
||||
permitted_opens[i].listen_port = 0;
|
||||
permitted_opens[i].port_to_connect = 0;
|
||||
xfree(permitted_opens[i].host_to_connect);
|
||||
free(permitted_opens[i].host_to_connect);
|
||||
permitted_opens[i].host_to_connect = NULL;
|
||||
|
||||
return 0;
|
||||
@ -3158,7 +3159,7 @@ channel_input_port_forward_request(int is_root, int gateway_ports)
|
||||
host_port, gateway_ports);
|
||||
|
||||
/* Free the argument string. */
|
||||
xfree(hostname);
|
||||
free(hostname);
|
||||
|
||||
return (success ? 0 : -1);
|
||||
}
|
||||
@ -3213,7 +3214,7 @@ channel_update_permitted_opens(int idx, int newport)
|
||||
} else {
|
||||
permitted_opens[idx].listen_port = 0;
|
||||
permitted_opens[idx].port_to_connect = 0;
|
||||
xfree(permitted_opens[idx].host_to_connect);
|
||||
free(permitted_opens[idx].host_to_connect);
|
||||
permitted_opens[idx].host_to_connect = NULL;
|
||||
}
|
||||
}
|
||||
@ -3246,12 +3247,9 @@ channel_clear_permitted_opens(void)
|
||||
int i;
|
||||
|
||||
for (i = 0; i < num_permitted_opens; i++)
|
||||
if (permitted_opens[i].host_to_connect != NULL)
|
||||
xfree(permitted_opens[i].host_to_connect);
|
||||
if (num_permitted_opens > 0) {
|
||||
xfree(permitted_opens);
|
||||
permitted_opens = NULL;
|
||||
}
|
||||
free(permitted_opens[i].host_to_connect);
|
||||
free(permitted_opens);
|
||||
permitted_opens = NULL;
|
||||
num_permitted_opens = 0;
|
||||
}
|
||||
|
||||
@ -3261,12 +3259,9 @@ channel_clear_adm_permitted_opens(void)
|
||||
int i;
|
||||
|
||||
for (i = 0; i < num_adm_permitted_opens; i++)
|
||||
if (permitted_adm_opens[i].host_to_connect != NULL)
|
||||
xfree(permitted_adm_opens[i].host_to_connect);
|
||||
if (num_adm_permitted_opens > 0) {
|
||||
xfree(permitted_adm_opens);
|
||||
permitted_adm_opens = NULL;
|
||||
}
|
||||
free(permitted_adm_opens[i].host_to_connect);
|
||||
free(permitted_adm_opens);
|
||||
permitted_adm_opens = NULL;
|
||||
num_adm_permitted_opens = 0;
|
||||
}
|
||||
|
||||
@ -3360,7 +3355,7 @@ connect_next(struct channel_connect *cctx)
|
||||
static void
|
||||
channel_connect_ctx_free(struct channel_connect *cctx)
|
||||
{
|
||||
xfree(cctx->host);
|
||||
free(cctx->host);
|
||||
if (cctx->aitop)
|
||||
freeaddrinfo(cctx->aitop);
|
||||
bzero(cctx, sizeof(*cctx));
|
||||
@ -3761,7 +3756,7 @@ x11_input_open(int type, u_int32_t seq, void *ctxt)
|
||||
c->remote_id = remote_id;
|
||||
c->force_drain = 1;
|
||||
}
|
||||
xfree(remote_host);
|
||||
free(remote_host);
|
||||
if (c == NULL) {
|
||||
/* Send refusal to the remote host. */
|
||||
packet_start(SSH_MSG_CHANNEL_OPEN_FAILURE);
|
||||
@ -3869,7 +3864,7 @@ x11_request_forwarding_with_spoofing(int client_session_id, const char *disp,
|
||||
packet_put_int(screen_number);
|
||||
packet_send();
|
||||
packet_write_wait();
|
||||
xfree(new_data);
|
||||
free(new_data);
|
||||
}
|
||||
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: channels.h,v 1.111 2012/04/11 13:16:19 djm Exp $ */
|
||||
/* $OpenBSD: channels.h,v 1.113 2013/06/07 15:37:52 dtucker Exp $ */
|
||||
/* $FreeBSD$ */
|
||||
|
||||
/*
|
||||
@ -56,7 +56,8 @@
|
||||
#define SSH_CHANNEL_ZOMBIE 14 /* Almost dead. */
|
||||
#define SSH_CHANNEL_MUX_LISTENER 15 /* Listener for mux conn. */
|
||||
#define SSH_CHANNEL_MUX_CLIENT 16 /* Conn. to mux slave */
|
||||
#define SSH_CHANNEL_MAX_TYPE 17
|
||||
#define SSH_CHANNEL_ABANDONED 17 /* Abandoned session, eg mux */
|
||||
#define SSH_CHANNEL_MAX_TYPE 18
|
||||
|
||||
#define CHANNEL_CANCEL_PORT_STATIC -1
|
||||
|
||||
@ -103,7 +104,9 @@ struct Channel {
|
||||
int sock; /* sock fd */
|
||||
int ctl_chan; /* control channel (multiplexed connections) */
|
||||
int isatty; /* rfd is a tty */
|
||||
#ifdef _AIX
|
||||
int wfd_isatty; /* wfd is a tty */
|
||||
#endif
|
||||
int client_tty; /* (client) TTY has been requested */
|
||||
int force_drain; /* force close on iEOF */
|
||||
time_t notbefore; /* Pause IO until deadline (time_t) */
|
||||
@ -111,7 +114,7 @@ struct Channel {
|
||||
* channels are delayed until the first call
|
||||
* to a matching pre-select handler.
|
||||
* this way post-select handlers are not
|
||||
* accidenly called if a FD gets reused */
|
||||
* accidentally called if a FD gets reused */
|
||||
Buffer input; /* data read from socket, to be sent over
|
||||
* encrypted connection */
|
||||
Buffer output; /* data received over encrypted connection for
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: cipher-3des1.c,v 1.7 2010/10/01 23:05:32 djm Exp $ */
|
||||
/* $OpenBSD: cipher-3des1.c,v 1.8 2013/05/17 00:13:13 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2003 Markus Friedl. All rights reserved.
|
||||
*
|
||||
@ -94,7 +94,7 @@ ssh1_3des_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv,
|
||||
EVP_CipherInit(&c->k2, EVP_des_cbc(), k2, NULL, !enc) == 0 ||
|
||||
EVP_CipherInit(&c->k3, EVP_des_cbc(), k3, NULL, enc) == 0) {
|
||||
memset(c, 0, sizeof(*c));
|
||||
xfree(c);
|
||||
free(c);
|
||||
EVP_CIPHER_CTX_set_app_data(ctx, NULL);
|
||||
return (0);
|
||||
}
|
||||
@ -135,7 +135,7 @@ ssh1_3des_cleanup(EVP_CIPHER_CTX *ctx)
|
||||
EVP_CIPHER_CTX_cleanup(&c->k2);
|
||||
EVP_CIPHER_CTX_cleanup(&c->k3);
|
||||
memset(c, 0, sizeof(*c));
|
||||
xfree(c);
|
||||
free(c);
|
||||
EVP_CIPHER_CTX_set_app_data(ctx, NULL);
|
||||
}
|
||||
return (1);
|
||||
|
@ -120,7 +120,7 @@ ssh_rijndael_cleanup(EVP_CIPHER_CTX *ctx)
|
||||
|
||||
if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) != NULL) {
|
||||
memset(c, 0, sizeof(*c));
|
||||
xfree(c);
|
||||
free(c);
|
||||
EVP_CIPHER_CTX_set_app_data(ctx, NULL);
|
||||
}
|
||||
return (1);
|
||||
|
@ -104,7 +104,7 @@ ssh_aes_ctr_cleanup(EVP_CIPHER_CTX *ctx)
|
||||
|
||||
if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) != NULL) {
|
||||
memset(c, 0, sizeof(*c));
|
||||
xfree(c);
|
||||
free(c);
|
||||
EVP_CIPHER_CTX_set_app_data(ctx, NULL);
|
||||
}
|
||||
return (1);
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: cipher.c,v 1.87 2013/01/26 06:11:05 djm Exp $ */
|
||||
/* $OpenBSD: cipher.c,v 1.89 2013/05/17 00:13:13 djm Exp $ */
|
||||
/* $FreeBSD$ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
@ -66,7 +66,9 @@ struct Cipher {
|
||||
u_int discard_len;
|
||||
u_int cbc_mode;
|
||||
const EVP_CIPHER *(*evptype)(void);
|
||||
} ciphers[] = {
|
||||
};
|
||||
|
||||
static const struct Cipher ciphers[] = {
|
||||
{ "none", SSH_CIPHER_NONE, 8, 0, 0, 0, 0, 0, EVP_enc_null },
|
||||
{ "des", SSH_CIPHER_DES, 8, 8, 0, 0, 0, 1, EVP_des_cbc },
|
||||
{ "3des", SSH_CIPHER_3DES, 8, 16, 0, 0, 0, 1, evp_ssh1_3des },
|
||||
@ -99,6 +101,27 @@ struct Cipher {
|
||||
|
||||
/*--*/
|
||||
|
||||
/* Returns a comma-separated list of supported ciphers. */
|
||||
char *
|
||||
cipher_alg_list(void)
|
||||
{
|
||||
char *ret = NULL;
|
||||
size_t nlen, rlen = 0;
|
||||
const Cipher *c;
|
||||
|
||||
for (c = ciphers; c->name != NULL; c++) {
|
||||
if (c->number != SSH_CIPHER_SSH2)
|
||||
continue;
|
||||
if (ret != NULL)
|
||||
ret[rlen++] = '\n';
|
||||
nlen = strlen(c->name);
|
||||
ret = xrealloc(ret, 1, rlen + nlen + 2);
|
||||
memcpy(ret + rlen, c->name, nlen + 1);
|
||||
rlen += nlen;
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
|
||||
u_int
|
||||
cipher_blocksize(const Cipher *c)
|
||||
{
|
||||
@ -147,20 +170,20 @@ cipher_mask_ssh1(int client)
|
||||
return mask;
|
||||
}
|
||||
|
||||
Cipher *
|
||||
const Cipher *
|
||||
cipher_by_name(const char *name)
|
||||
{
|
||||
Cipher *c;
|
||||
const Cipher *c;
|
||||
for (c = ciphers; c->name != NULL; c++)
|
||||
if (strcmp(c->name, name) == 0)
|
||||
return c;
|
||||
return NULL;
|
||||
}
|
||||
|
||||
Cipher *
|
||||
const Cipher *
|
||||
cipher_by_number(int id)
|
||||
{
|
||||
Cipher *c;
|
||||
const Cipher *c;
|
||||
for (c = ciphers; c->name != NULL; c++)
|
||||
if (c->number == id)
|
||||
return c;
|
||||
@ -171,7 +194,7 @@ cipher_by_number(int id)
|
||||
int
|
||||
ciphers_valid(const char *names)
|
||||
{
|
||||
Cipher *c;
|
||||
const Cipher *c;
|
||||
char *cipher_list, *cp;
|
||||
char *p;
|
||||
|
||||
@ -188,14 +211,14 @@ ciphers_valid(const char *names)
|
||||
if (c == NULL || (c->number != SSH_CIPHER_SSH2)) {
|
||||
#endif
|
||||
debug("bad cipher %s [%s]", p, names);
|
||||
xfree(cipher_list);
|
||||
free(cipher_list);
|
||||
return 0;
|
||||
} else {
|
||||
debug3("cipher ok: %s [%s]", p, names);
|
||||
}
|
||||
}
|
||||
debug3("ciphers ok: [%s]", names);
|
||||
xfree(cipher_list);
|
||||
free(cipher_list);
|
||||
return 1;
|
||||
}
|
||||
|
||||
@ -207,7 +230,7 @@ ciphers_valid(const char *names)
|
||||
int
|
||||
cipher_number(const char *name)
|
||||
{
|
||||
Cipher *c;
|
||||
const Cipher *c;
|
||||
if (name == NULL)
|
||||
return -1;
|
||||
for (c = ciphers; c->name != NULL; c++)
|
||||
@ -219,12 +242,12 @@ cipher_number(const char *name)
|
||||
char *
|
||||
cipher_name(int id)
|
||||
{
|
||||
Cipher *c = cipher_by_number(id);
|
||||
const Cipher *c = cipher_by_number(id);
|
||||
return (c==NULL) ? "<unknown>" : c->name;
|
||||
}
|
||||
|
||||
void
|
||||
cipher_init(CipherContext *cc, Cipher *cipher,
|
||||
cipher_init(CipherContext *cc, const Cipher *cipher,
|
||||
const u_char *key, u_int keylen, const u_char *iv, u_int ivlen,
|
||||
int do_encrypt)
|
||||
{
|
||||
@ -297,8 +320,8 @@ cipher_init(CipherContext *cc, Cipher *cipher,
|
||||
cipher->discard_len) == 0)
|
||||
fatal("evp_crypt: EVP_Cipher failed during discard");
|
||||
memset(discard, 0, cipher->discard_len);
|
||||
xfree(junk);
|
||||
xfree(discard);
|
||||
free(junk);
|
||||
free(discard);
|
||||
}
|
||||
}
|
||||
|
||||
@ -370,7 +393,7 @@ cipher_cleanup(CipherContext *cc)
|
||||
*/
|
||||
|
||||
void
|
||||
cipher_set_key_string(CipherContext *cc, Cipher *cipher,
|
||||
cipher_set_key_string(CipherContext *cc, const Cipher *cipher,
|
||||
const char *passphrase, int do_encrypt)
|
||||
{
|
||||
MD5_CTX md;
|
||||
@ -395,7 +418,7 @@ cipher_set_key_string(CipherContext *cc, Cipher *cipher,
|
||||
int
|
||||
cipher_get_keyiv_len(const CipherContext *cc)
|
||||
{
|
||||
Cipher *c = cc->cipher;
|
||||
const Cipher *c = cc->cipher;
|
||||
int ivlen;
|
||||
|
||||
if (c->number == SSH_CIPHER_3DES)
|
||||
@ -408,7 +431,7 @@ cipher_get_keyiv_len(const CipherContext *cc)
|
||||
void
|
||||
cipher_get_keyiv(CipherContext *cc, u_char *iv, u_int len)
|
||||
{
|
||||
Cipher *c = cc->cipher;
|
||||
const Cipher *c = cc->cipher;
|
||||
int evplen;
|
||||
|
||||
switch (c->number) {
|
||||
@ -447,7 +470,7 @@ cipher_get_keyiv(CipherContext *cc, u_char *iv, u_int len)
|
||||
void
|
||||
cipher_set_keyiv(CipherContext *cc, u_char *iv)
|
||||
{
|
||||
Cipher *c = cc->cipher;
|
||||
const Cipher *c = cc->cipher;
|
||||
int evplen = 0;
|
||||
|
||||
switch (c->number) {
|
||||
@ -483,7 +506,7 @@ cipher_set_keyiv(CipherContext *cc, u_char *iv)
|
||||
int
|
||||
cipher_get_keycontext(const CipherContext *cc, u_char *dat)
|
||||
{
|
||||
Cipher *c = cc->cipher;
|
||||
const Cipher *c = cc->cipher;
|
||||
int plen = 0;
|
||||
|
||||
if (c->evptype == EVP_rc4) {
|
||||
@ -498,7 +521,7 @@ cipher_get_keycontext(const CipherContext *cc, u_char *dat)
|
||||
void
|
||||
cipher_set_keycontext(CipherContext *cc, u_char *dat)
|
||||
{
|
||||
Cipher *c = cc->cipher;
|
||||
const Cipher *c = cc->cipher;
|
||||
int plen;
|
||||
|
||||
if (c->evptype == EVP_rc4) {
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: cipher.h,v 1.39 2013/01/08 18:49:04 markus Exp $ */
|
||||
/* $OpenBSD: cipher.h,v 1.40 2013/04/19 01:06:50 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
@ -66,21 +66,22 @@ struct CipherContext {
|
||||
int plaintext;
|
||||
int encrypt;
|
||||
EVP_CIPHER_CTX evp;
|
||||
Cipher *cipher;
|
||||
const Cipher *cipher;
|
||||
};
|
||||
|
||||
u_int cipher_mask_ssh1(int);
|
||||
Cipher *cipher_by_name(const char *);
|
||||
Cipher *cipher_by_number(int);
|
||||
const Cipher *cipher_by_name(const char *);
|
||||
const Cipher *cipher_by_number(int);
|
||||
int cipher_number(const char *);
|
||||
char *cipher_name(int);
|
||||
int ciphers_valid(const char *);
|
||||
void cipher_init(CipherContext *, Cipher *, const u_char *, u_int,
|
||||
char *cipher_alg_list(void);
|
||||
void cipher_init(CipherContext *, const Cipher *, const u_char *, u_int,
|
||||
const u_char *, u_int, int);
|
||||
void cipher_crypt(CipherContext *, u_char *, const u_char *,
|
||||
u_int, u_int, u_int);
|
||||
void cipher_cleanup(CipherContext *);
|
||||
void cipher_set_key_string(CipherContext *, Cipher *, const char *, int);
|
||||
void cipher_set_key_string(CipherContext *, const Cipher *, const char *, int);
|
||||
u_int cipher_blocksize(const Cipher *);
|
||||
u_int cipher_keylen(const Cipher *);
|
||||
u_int cipher_authlen(const Cipher *);
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: clientloop.c,v 1.248 2013/01/02 00:32:07 djm Exp $ */
|
||||
/* $OpenBSD: clientloop.c,v 1.253 2013/06/07 15:37:52 dtucker Exp $ */
|
||||
/* $FreeBSD$ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
@ -274,7 +274,7 @@ set_control_persist_exit_time(void)
|
||||
control_persist_exit_time = 0;
|
||||
} else if (control_persist_exit_time <= 0) {
|
||||
/* a client connection has recently closed */
|
||||
control_persist_exit_time = time(NULL) +
|
||||
control_persist_exit_time = monotime() +
|
||||
(time_t)options.control_persist_timeout;
|
||||
debug2("%s: schedule exit in %d seconds", __func__,
|
||||
options.control_persist_timeout);
|
||||
@ -357,7 +357,7 @@ client_x11_get_proto(const char *display, const char *xauth_path,
|
||||
if (system(cmd) == 0)
|
||||
generated = 1;
|
||||
if (x11_refuse_time == 0) {
|
||||
now = time(NULL) + 1;
|
||||
now = monotime() + 1;
|
||||
if (UINT_MAX - timeout < now)
|
||||
x11_refuse_time = UINT_MAX;
|
||||
else
|
||||
@ -394,10 +394,8 @@ client_x11_get_proto(const char *display, const char *xauth_path,
|
||||
unlink(xauthfile);
|
||||
rmdir(xauthdir);
|
||||
}
|
||||
if (xauthdir)
|
||||
xfree(xauthdir);
|
||||
if (xauthfile)
|
||||
xfree(xauthfile);
|
||||
free(xauthdir);
|
||||
free(xauthfile);
|
||||
|
||||
/*
|
||||
* If we didn't get authentication data, just make up some
|
||||
@ -553,7 +551,7 @@ client_global_request_reply(int type, u_int32_t seq, void *ctxt)
|
||||
if (--gc->ref_count <= 0) {
|
||||
TAILQ_REMOVE(&global_confirms, gc, entry);
|
||||
bzero(gc, sizeof(*gc));
|
||||
xfree(gc);
|
||||
free(gc);
|
||||
}
|
||||
|
||||
packet_set_alive_timeouts(0);
|
||||
@ -584,7 +582,7 @@ client_wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp,
|
||||
{
|
||||
struct timeval tv, *tvp;
|
||||
int timeout_secs;
|
||||
time_t minwait_secs = 0;
|
||||
time_t minwait_secs = 0, server_alive_time = 0, now = monotime();
|
||||
int ret;
|
||||
|
||||
/* Add any selections by the channel mechanism. */
|
||||
@ -633,12 +631,16 @@ client_wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp,
|
||||
*/
|
||||
|
||||
timeout_secs = INT_MAX; /* we use INT_MAX to mean no timeout */
|
||||
if (options.server_alive_interval > 0 && compat20)
|
||||
if (options.server_alive_interval > 0 && compat20) {
|
||||
timeout_secs = options.server_alive_interval;
|
||||
server_alive_time = now + options.server_alive_interval;
|
||||
}
|
||||
if (options.rekey_interval > 0 && compat20 && !rekeying)
|
||||
timeout_secs = MIN(timeout_secs, packet_get_rekey_timeout());
|
||||
set_control_persist_exit_time();
|
||||
if (control_persist_exit_time > 0) {
|
||||
timeout_secs = MIN(timeout_secs,
|
||||
control_persist_exit_time - time(NULL));
|
||||
control_persist_exit_time - now);
|
||||
if (timeout_secs < 0)
|
||||
timeout_secs = 0;
|
||||
}
|
||||
@ -670,8 +672,15 @@ client_wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp,
|
||||
snprintf(buf, sizeof buf, "select: %s\r\n", strerror(errno));
|
||||
buffer_append(&stderr_buffer, buf, strlen(buf));
|
||||
quit_pending = 1;
|
||||
} else if (ret == 0)
|
||||
server_alive_check();
|
||||
} else if (ret == 0) {
|
||||
/*
|
||||
* Timeout. Could have been either keepalive or rekeying.
|
||||
* Keepalive we check here, rekeying is checked in clientloop.
|
||||
*/
|
||||
if (server_alive_time != 0 && server_alive_time <= monotime())
|
||||
server_alive_check();
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
static void
|
||||
@ -816,13 +825,13 @@ client_status_confirm(int type, Channel *c, void *ctx)
|
||||
chan_write_failed(c);
|
||||
}
|
||||
}
|
||||
xfree(cr);
|
||||
free(cr);
|
||||
}
|
||||
|
||||
static void
|
||||
client_abandon_status_confirm(Channel *c, void *ctx)
|
||||
{
|
||||
xfree(ctx);
|
||||
free(ctx);
|
||||
}
|
||||
|
||||
void
|
||||
@ -989,12 +998,9 @@ process_cmdline(void)
|
||||
out:
|
||||
signal(SIGINT, handler);
|
||||
enter_raw_mode(options.request_tty == REQUEST_TTY_FORCE);
|
||||
if (cmd)
|
||||
xfree(cmd);
|
||||
if (fwd.listen_host != NULL)
|
||||
xfree(fwd.listen_host);
|
||||
if (fwd.connect_host != NULL)
|
||||
xfree(fwd.connect_host);
|
||||
free(cmd);
|
||||
free(fwd.listen_host);
|
||||
free(fwd.connect_host);
|
||||
}
|
||||
|
||||
/* reasons to suppress output of an escape command in help output */
|
||||
@ -1104,8 +1110,11 @@ process_escapes(Channel *c, Buffer *bin, Buffer *bout, Buffer *berr,
|
||||
if (c && c->ctl_chan != -1) {
|
||||
chan_read_failed(c);
|
||||
chan_write_failed(c);
|
||||
mux_master_session_cleanup_cb(c->self,
|
||||
NULL);
|
||||
if (c->detach_user)
|
||||
c->detach_user(c->self, NULL);
|
||||
c->type = SSH_CHANNEL_ABANDONED;
|
||||
buffer_clear(&c->input);
|
||||
chan_ibuf_empty(c);
|
||||
return 0;
|
||||
} else
|
||||
quit_pending = 1;
|
||||
@ -1251,7 +1260,7 @@ process_escapes(Channel *c, Buffer *bin, Buffer *bout, Buffer *berr,
|
||||
buffer_append(berr, string, strlen(string));
|
||||
s = channel_open_message();
|
||||
buffer_append(berr, s, strlen(s));
|
||||
xfree(s);
|
||||
free(s);
|
||||
continue;
|
||||
|
||||
case 'C':
|
||||
@ -1440,7 +1449,7 @@ client_new_escape_filter_ctx(int escape_char)
|
||||
void
|
||||
client_filter_cleanup(int cid, void *ctx)
|
||||
{
|
||||
xfree(ctx);
|
||||
free(ctx);
|
||||
}
|
||||
|
||||
int
|
||||
@ -1645,16 +1654,14 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id)
|
||||
* connections, then quit.
|
||||
*/
|
||||
if (control_persist_exit_time > 0) {
|
||||
if (time(NULL) >= control_persist_exit_time) {
|
||||
if (monotime() >= control_persist_exit_time) {
|
||||
debug("ControlPersist timeout expired");
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
if (readset)
|
||||
xfree(readset);
|
||||
if (writeset)
|
||||
xfree(writeset);
|
||||
free(readset);
|
||||
free(writeset);
|
||||
|
||||
/* Terminate the session. */
|
||||
|
||||
@ -1756,7 +1763,7 @@ client_input_stdout_data(int type, u_int32_t seq, void *ctxt)
|
||||
packet_check_eom();
|
||||
buffer_append(&stdout_buffer, data, data_len);
|
||||
memset(data, 0, data_len);
|
||||
xfree(data);
|
||||
free(data);
|
||||
}
|
||||
static void
|
||||
client_input_stderr_data(int type, u_int32_t seq, void *ctxt)
|
||||
@ -1766,7 +1773,7 @@ client_input_stderr_data(int type, u_int32_t seq, void *ctxt)
|
||||
packet_check_eom();
|
||||
buffer_append(&stderr_buffer, data, data_len);
|
||||
memset(data, 0, data_len);
|
||||
xfree(data);
|
||||
free(data);
|
||||
}
|
||||
static void
|
||||
client_input_exit_status(int type, u_int32_t seq, void *ctxt)
|
||||
@ -1846,8 +1853,8 @@ client_request_forwarded_tcpip(const char *request_type, int rchan)
|
||||
c = channel_connect_by_listen_address(listen_port,
|
||||
"forwarded-tcpip", originator_address);
|
||||
|
||||
xfree(originator_address);
|
||||
xfree(listen_address);
|
||||
free(originator_address);
|
||||
free(listen_address);
|
||||
return c;
|
||||
}
|
||||
|
||||
@ -1865,7 +1872,7 @@ client_request_x11(const char *request_type, int rchan)
|
||||
"malicious server.");
|
||||
return NULL;
|
||||
}
|
||||
if (x11_refuse_time != 0 && time(NULL) >= x11_refuse_time) {
|
||||
if (x11_refuse_time != 0 && monotime() >= x11_refuse_time) {
|
||||
verbose("Rejected X11 connection after ForwardX11Timeout "
|
||||
"expired");
|
||||
return NULL;
|
||||
@ -1881,7 +1888,7 @@ client_request_x11(const char *request_type, int rchan)
|
||||
/* XXX check permission */
|
||||
debug("client_request_x11: request from %s %d", originator,
|
||||
originator_port);
|
||||
xfree(originator);
|
||||
free(originator);
|
||||
sock = x11_connect_display();
|
||||
if (sock < 0)
|
||||
return NULL;
|
||||
@ -2025,7 +2032,7 @@ client_input_channel_open(int type, u_int32_t seq, void *ctxt)
|
||||
}
|
||||
packet_send();
|
||||
}
|
||||
xfree(ctype);
|
||||
free(ctype);
|
||||
}
|
||||
static void
|
||||
client_input_channel_req(int type, u_int32_t seq, void *ctxt)
|
||||
@ -2071,7 +2078,7 @@ client_input_channel_req(int type, u_int32_t seq, void *ctxt)
|
||||
packet_put_int(c->remote_id);
|
||||
packet_send();
|
||||
}
|
||||
xfree(rtype);
|
||||
free(rtype);
|
||||
}
|
||||
static void
|
||||
client_input_global_request(int type, u_int32_t seq, void *ctxt)
|
||||
@ -2090,7 +2097,7 @@ client_input_global_request(int type, u_int32_t seq, void *ctxt)
|
||||
packet_send();
|
||||
packet_write_wait();
|
||||
}
|
||||
xfree(rtype);
|
||||
free(rtype);
|
||||
}
|
||||
|
||||
void
|
||||
@ -2140,7 +2147,7 @@ client_session2_setup(int id, int want_tty, int want_subsystem,
|
||||
/* Split */
|
||||
name = xstrdup(env[i]);
|
||||
if ((val = strchr(name, '=')) == NULL) {
|
||||
xfree(name);
|
||||
free(name);
|
||||
continue;
|
||||
}
|
||||
*val++ = '\0';
|
||||
@ -2154,7 +2161,7 @@ client_session2_setup(int id, int want_tty, int want_subsystem,
|
||||
}
|
||||
if (!matched) {
|
||||
debug3("Ignored env %s", name);
|
||||
xfree(name);
|
||||
free(name);
|
||||
continue;
|
||||
}
|
||||
|
||||
@ -2163,7 +2170,7 @@ client_session2_setup(int id, int want_tty, int want_subsystem,
|
||||
packet_put_cstring(name);
|
||||
packet_put_cstring(val);
|
||||
packet_send();
|
||||
xfree(name);
|
||||
free(name);
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: clientloop.h,v 1.30 2012/08/17 00:45:45 dtucker Exp $ */
|
||||
/* $OpenBSD: clientloop.h,v 1.31 2013/06/02 23:36:29 dtucker Exp $ */
|
||||
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
@ -76,5 +76,4 @@ void muxserver_listen(void);
|
||||
void muxclient(const char *);
|
||||
void mux_exit_message(Channel *, int);
|
||||
void mux_tty_alloc_failed(Channel *);
|
||||
void mux_master_session_cleanup_cb(int, void *);
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: compat.c,v 1.80 2012/08/17 01:30:00 djm Exp $ */
|
||||
/* $OpenBSD: compat.c,v 1.81 2013/05/17 00:13:13 djm Exp $ */
|
||||
/* $FreeBSD$ */
|
||||
/*
|
||||
* Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved.
|
||||
@ -215,7 +215,7 @@ proto_spec(const char *spec)
|
||||
break;
|
||||
}
|
||||
}
|
||||
xfree(s);
|
||||
free(s);
|
||||
return ret;
|
||||
}
|
||||
|
||||
@ -241,7 +241,7 @@ compat_cipher_proposal(char *cipher_prop)
|
||||
buffer_append(&b, "\0", 1);
|
||||
fix_ciphers = xstrdup(buffer_ptr(&b));
|
||||
buffer_free(&b);
|
||||
xfree(orig_prop);
|
||||
free(orig_prop);
|
||||
debug2("Original cipher proposal: %s", cipher_prop);
|
||||
debug2("Compat cipher proposal: %s", fix_ciphers);
|
||||
if (!*fix_ciphers)
|
||||
|
262
crypto/openssh/config.guess
vendored
262
crypto/openssh/config.guess
vendored
@ -2,9 +2,9 @@
|
||||
# Attempt to guess a canonical system name.
|
||||
# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
|
||||
# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010,
|
||||
# 2011 Free Software Foundation, Inc.
|
||||
# 2011, 2012, 2013 Free Software Foundation, Inc.
|
||||
|
||||
timestamp='2011-01-23'
|
||||
timestamp='2012-12-23'
|
||||
|
||||
# This file is free software; you can redistribute it and/or modify it
|
||||
# under the terms of the GNU General Public License as published by
|
||||
@ -17,9 +17,7 @@ timestamp='2011-01-23'
|
||||
# General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, write to the Free Software
|
||||
# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA
|
||||
# 02110-1301, USA.
|
||||
# along with this program; if not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
# As a special exception to the GNU General Public License, if you
|
||||
# distribute this file as part of a program that contains a
|
||||
@ -57,8 +55,8 @@ GNU config.guess ($timestamp)
|
||||
|
||||
Originally written by Per Bothner.
|
||||
Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000,
|
||||
2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free
|
||||
Software Foundation, Inc.
|
||||
2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011,
|
||||
2012, 2013 Free Software Foundation, Inc.
|
||||
|
||||
This is free software; see the source for copying conditions. There is NO
|
||||
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
|
||||
@ -145,7 +143,7 @@ UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown
|
||||
case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
|
||||
*:NetBSD:*:*)
|
||||
# NetBSD (nbsd) targets should (where applicable) match one or
|
||||
# more of the tupples: *-*-netbsdelf*, *-*-netbsdaout*,
|
||||
# more of the tuples: *-*-netbsdelf*, *-*-netbsdaout*,
|
||||
# *-*-netbsdecoff* and *-*-netbsd*. For targets that recently
|
||||
# switched to ELF, *-*-netbsd* would select the old
|
||||
# object file format. This provides both forward
|
||||
@ -181,7 +179,7 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
|
||||
fi
|
||||
;;
|
||||
*)
|
||||
os=netbsd
|
||||
os=netbsd
|
||||
;;
|
||||
esac
|
||||
# The OS release
|
||||
@ -202,6 +200,10 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
|
||||
# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used.
|
||||
echo "${machine}-${os}${release}"
|
||||
exit ;;
|
||||
*:Bitrig:*:*)
|
||||
UNAME_MACHINE_ARCH=`arch | sed 's/Bitrig.//'`
|
||||
echo ${UNAME_MACHINE_ARCH}-unknown-bitrig${UNAME_RELEASE}
|
||||
exit ;;
|
||||
*:OpenBSD:*:*)
|
||||
UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'`
|
||||
echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE}
|
||||
@ -224,7 +226,7 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
|
||||
UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'`
|
||||
;;
|
||||
*5.*)
|
||||
UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'`
|
||||
UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'`
|
||||
;;
|
||||
esac
|
||||
# According to Compaq, /usr/sbin/psrinfo has been available on
|
||||
@ -299,12 +301,12 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
|
||||
echo s390-ibm-zvmoe
|
||||
exit ;;
|
||||
*:OS400:*:*)
|
||||
echo powerpc-ibm-os400
|
||||
echo powerpc-ibm-os400
|
||||
exit ;;
|
||||
arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*)
|
||||
echo arm-acorn-riscix${UNAME_RELEASE}
|
||||
exit ;;
|
||||
arm:riscos:*:*|arm:RISCOS:*:*)
|
||||
arm*:riscos:*:*|arm*:RISCOS:*:*)
|
||||
echo arm-unknown-riscos
|
||||
exit ;;
|
||||
SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*)
|
||||
@ -398,23 +400,23 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
|
||||
# MiNT. But MiNT is downward compatible to TOS, so this should
|
||||
# be no problem.
|
||||
atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*)
|
||||
echo m68k-atari-mint${UNAME_RELEASE}
|
||||
echo m68k-atari-mint${UNAME_RELEASE}
|
||||
exit ;;
|
||||
atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*)
|
||||
echo m68k-atari-mint${UNAME_RELEASE}
|
||||
exit ;;
|
||||
exit ;;
|
||||
*falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*)
|
||||
echo m68k-atari-mint${UNAME_RELEASE}
|
||||
echo m68k-atari-mint${UNAME_RELEASE}
|
||||
exit ;;
|
||||
milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*)
|
||||
echo m68k-milan-mint${UNAME_RELEASE}
|
||||
exit ;;
|
||||
echo m68k-milan-mint${UNAME_RELEASE}
|
||||
exit ;;
|
||||
hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*)
|
||||
echo m68k-hades-mint${UNAME_RELEASE}
|
||||
exit ;;
|
||||
echo m68k-hades-mint${UNAME_RELEASE}
|
||||
exit ;;
|
||||
*:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*)
|
||||
echo m68k-unknown-mint${UNAME_RELEASE}
|
||||
exit ;;
|
||||
echo m68k-unknown-mint${UNAME_RELEASE}
|
||||
exit ;;
|
||||
m68k:machten:*:*)
|
||||
echo m68k-apple-machten${UNAME_RELEASE}
|
||||
exit ;;
|
||||
@ -484,8 +486,8 @@ EOF
|
||||
echo m88k-motorola-sysv3
|
||||
exit ;;
|
||||
AViiON:dgux:*:*)
|
||||
# DG/UX returns AViiON for all architectures
|
||||
UNAME_PROCESSOR=`/usr/bin/uname -p`
|
||||
# DG/UX returns AViiON for all architectures
|
||||
UNAME_PROCESSOR=`/usr/bin/uname -p`
|
||||
if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ]
|
||||
then
|
||||
if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \
|
||||
@ -498,7 +500,7 @@ EOF
|
||||
else
|
||||
echo i586-dg-dgux${UNAME_RELEASE}
|
||||
fi
|
||||
exit ;;
|
||||
exit ;;
|
||||
M88*:DolphinOS:*:*) # DolphinOS (SVR3)
|
||||
echo m88k-dolphin-sysv3
|
||||
exit ;;
|
||||
@ -598,52 +600,52 @@ EOF
|
||||
9000/[678][0-9][0-9])
|
||||
if [ -x /usr/bin/getconf ]; then
|
||||
sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null`
|
||||
sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null`
|
||||
case "${sc_cpu_version}" in
|
||||
523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0
|
||||
528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1
|
||||
532) # CPU_PA_RISC2_0
|
||||
case "${sc_kernel_bits}" in
|
||||
32) HP_ARCH="hppa2.0n" ;;
|
||||
64) HP_ARCH="hppa2.0w" ;;
|
||||
sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null`
|
||||
case "${sc_cpu_version}" in
|
||||
523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0
|
||||
528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1
|
||||
532) # CPU_PA_RISC2_0
|
||||
case "${sc_kernel_bits}" in
|
||||
32) HP_ARCH="hppa2.0n" ;;
|
||||
64) HP_ARCH="hppa2.0w" ;;
|
||||
'') HP_ARCH="hppa2.0" ;; # HP-UX 10.20
|
||||
esac ;;
|
||||
esac
|
||||
esac ;;
|
||||
esac
|
||||
fi
|
||||
if [ "${HP_ARCH}" = "" ]; then
|
||||
eval $set_cc_for_build
|
||||
sed 's/^ //' << EOF >$dummy.c
|
||||
sed 's/^ //' << EOF >$dummy.c
|
||||
|
||||
#define _HPUX_SOURCE
|
||||
#include <stdlib.h>
|
||||
#include <unistd.h>
|
||||
#define _HPUX_SOURCE
|
||||
#include <stdlib.h>
|
||||
#include <unistd.h>
|
||||
|
||||
int main ()
|
||||
{
|
||||
#if defined(_SC_KERNEL_BITS)
|
||||
long bits = sysconf(_SC_KERNEL_BITS);
|
||||
#endif
|
||||
long cpu = sysconf (_SC_CPU_VERSION);
|
||||
int main ()
|
||||
{
|
||||
#if defined(_SC_KERNEL_BITS)
|
||||
long bits = sysconf(_SC_KERNEL_BITS);
|
||||
#endif
|
||||
long cpu = sysconf (_SC_CPU_VERSION);
|
||||
|
||||
switch (cpu)
|
||||
{
|
||||
case CPU_PA_RISC1_0: puts ("hppa1.0"); break;
|
||||
case CPU_PA_RISC1_1: puts ("hppa1.1"); break;
|
||||
case CPU_PA_RISC2_0:
|
||||
#if defined(_SC_KERNEL_BITS)
|
||||
switch (bits)
|
||||
{
|
||||
case 64: puts ("hppa2.0w"); break;
|
||||
case 32: puts ("hppa2.0n"); break;
|
||||
default: puts ("hppa2.0"); break;
|
||||
} break;
|
||||
#else /* !defined(_SC_KERNEL_BITS) */
|
||||
puts ("hppa2.0"); break;
|
||||
#endif
|
||||
default: puts ("hppa1.0"); break;
|
||||
}
|
||||
exit (0);
|
||||
}
|
||||
switch (cpu)
|
||||
{
|
||||
case CPU_PA_RISC1_0: puts ("hppa1.0"); break;
|
||||
case CPU_PA_RISC1_1: puts ("hppa1.1"); break;
|
||||
case CPU_PA_RISC2_0:
|
||||
#if defined(_SC_KERNEL_BITS)
|
||||
switch (bits)
|
||||
{
|
||||
case 64: puts ("hppa2.0w"); break;
|
||||
case 32: puts ("hppa2.0n"); break;
|
||||
default: puts ("hppa2.0"); break;
|
||||
} break;
|
||||
#else /* !defined(_SC_KERNEL_BITS) */
|
||||
puts ("hppa2.0"); break;
|
||||
#endif
|
||||
default: puts ("hppa1.0"); break;
|
||||
}
|
||||
exit (0);
|
||||
}
|
||||
EOF
|
||||
(CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy`
|
||||
test -z "$HP_ARCH" && HP_ARCH=hppa
|
||||
@ -734,22 +736,22 @@ EOF
|
||||
exit ;;
|
||||
C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*)
|
||||
echo c1-convex-bsd
|
||||
exit ;;
|
||||
exit ;;
|
||||
C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*)
|
||||
if getsysinfo -f scalar_acc
|
||||
then echo c32-convex-bsd
|
||||
else echo c2-convex-bsd
|
||||
fi
|
||||
exit ;;
|
||||
exit ;;
|
||||
C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*)
|
||||
echo c34-convex-bsd
|
||||
exit ;;
|
||||
exit ;;
|
||||
C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*)
|
||||
echo c38-convex-bsd
|
||||
exit ;;
|
||||
exit ;;
|
||||
C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*)
|
||||
echo c4-convex-bsd
|
||||
exit ;;
|
||||
exit ;;
|
||||
CRAY*Y-MP:*:*:*)
|
||||
echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
|
||||
exit ;;
|
||||
@ -773,14 +775,14 @@ EOF
|
||||
exit ;;
|
||||
F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*)
|
||||
FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
|
||||
FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
|
||||
FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'`
|
||||
echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
|
||||
exit ;;
|
||||
FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
|
||||
FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'`
|
||||
echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
|
||||
exit ;;
|
||||
5000:UNIX_System_V:4.*:*)
|
||||
FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
|
||||
FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'`
|
||||
echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
|
||||
FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
|
||||
FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'`
|
||||
echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
|
||||
exit ;;
|
||||
i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*)
|
||||
echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE}
|
||||
@ -792,30 +794,35 @@ EOF
|
||||
echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE}
|
||||
exit ;;
|
||||
*:FreeBSD:*:*)
|
||||
case ${UNAME_MACHINE} in
|
||||
pc98)
|
||||
echo i386-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
|
||||
UNAME_PROCESSOR=`/usr/bin/uname -p`
|
||||
case ${UNAME_PROCESSOR} in
|
||||
amd64)
|
||||
echo x86_64-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
|
||||
*)
|
||||
echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
|
||||
echo ${UNAME_PROCESSOR}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
|
||||
esac
|
||||
exit ;;
|
||||
i*:CYGWIN*:*)
|
||||
echo ${UNAME_MACHINE}-pc-cygwin
|
||||
exit ;;
|
||||
*:MINGW64*:*)
|
||||
echo ${UNAME_MACHINE}-pc-mingw64
|
||||
exit ;;
|
||||
*:MINGW*:*)
|
||||
echo ${UNAME_MACHINE}-pc-mingw32
|
||||
exit ;;
|
||||
i*:MSYS*:*)
|
||||
echo ${UNAME_MACHINE}-pc-msys
|
||||
exit ;;
|
||||
i*:windows32*:*)
|
||||
# uname -m includes "-pc" on this system.
|
||||
echo ${UNAME_MACHINE}-mingw32
|
||||
# uname -m includes "-pc" on this system.
|
||||
echo ${UNAME_MACHINE}-mingw32
|
||||
exit ;;
|
||||
i*:PW*:*)
|
||||
echo ${UNAME_MACHINE}-pc-pw32
|
||||
exit ;;
|
||||
*:Interix*:*)
|
||||
case ${UNAME_MACHINE} in
|
||||
case ${UNAME_MACHINE} in
|
||||
x86)
|
||||
echo i586-pc-interix${UNAME_RELEASE}
|
||||
exit ;;
|
||||
@ -861,6 +868,13 @@ EOF
|
||||
i*86:Minix:*:*)
|
||||
echo ${UNAME_MACHINE}-pc-minix
|
||||
exit ;;
|
||||
aarch64:Linux:*:*)
|
||||
echo ${UNAME_MACHINE}-unknown-linux-gnu
|
||||
exit ;;
|
||||
aarch64_be:Linux:*:*)
|
||||
UNAME_MACHINE=aarch64_be
|
||||
echo ${UNAME_MACHINE}-unknown-linux-gnu
|
||||
exit ;;
|
||||
alpha:Linux:*:*)
|
||||
case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in
|
||||
EV5) UNAME_MACHINE=alphaev5 ;;
|
||||
@ -870,7 +884,7 @@ EOF
|
||||
EV6) UNAME_MACHINE=alphaev6 ;;
|
||||
EV67) UNAME_MACHINE=alphaev67 ;;
|
||||
EV68*) UNAME_MACHINE=alphaev68 ;;
|
||||
esac
|
||||
esac
|
||||
objdump --private-headers /bin/sh | grep -q ld.so.1
|
||||
if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi
|
||||
echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC}
|
||||
@ -882,20 +896,29 @@ EOF
|
||||
then
|
||||
echo ${UNAME_MACHINE}-unknown-linux-gnu
|
||||
else
|
||||
echo ${UNAME_MACHINE}-unknown-linux-gnueabi
|
||||
if echo __ARM_PCS_VFP | $CC_FOR_BUILD -E - 2>/dev/null \
|
||||
| grep -q __ARM_PCS_VFP
|
||||
then
|
||||
echo ${UNAME_MACHINE}-unknown-linux-gnueabi
|
||||
else
|
||||
echo ${UNAME_MACHINE}-unknown-linux-gnueabihf
|
||||
fi
|
||||
fi
|
||||
exit ;;
|
||||
avr32*:Linux:*:*)
|
||||
echo ${UNAME_MACHINE}-unknown-linux-gnu
|
||||
exit ;;
|
||||
cris:Linux:*:*)
|
||||
echo cris-axis-linux-gnu
|
||||
echo ${UNAME_MACHINE}-axis-linux-gnu
|
||||
exit ;;
|
||||
crisv32:Linux:*:*)
|
||||
echo crisv32-axis-linux-gnu
|
||||
echo ${UNAME_MACHINE}-axis-linux-gnu
|
||||
exit ;;
|
||||
frv:Linux:*:*)
|
||||
echo frv-unknown-linux-gnu
|
||||
echo ${UNAME_MACHINE}-unknown-linux-gnu
|
||||
exit ;;
|
||||
hexagon:Linux:*:*)
|
||||
echo ${UNAME_MACHINE}-unknown-linux-gnu
|
||||
exit ;;
|
||||
i*86:Linux:*:*)
|
||||
LIBC=gnu
|
||||
@ -937,7 +960,7 @@ EOF
|
||||
test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; }
|
||||
;;
|
||||
or32:Linux:*:*)
|
||||
echo or32-unknown-linux-gnu
|
||||
echo ${UNAME_MACHINE}-unknown-linux-gnu
|
||||
exit ;;
|
||||
padre:Linux:*:*)
|
||||
echo sparc-unknown-linux-gnu
|
||||
@ -963,7 +986,7 @@ EOF
|
||||
echo ${UNAME_MACHINE}-ibm-linux
|
||||
exit ;;
|
||||
sh64*:Linux:*:*)
|
||||
echo ${UNAME_MACHINE}-unknown-linux-gnu
|
||||
echo ${UNAME_MACHINE}-unknown-linux-gnu
|
||||
exit ;;
|
||||
sh*:Linux:*:*)
|
||||
echo ${UNAME_MACHINE}-unknown-linux-gnu
|
||||
@ -972,16 +995,16 @@ EOF
|
||||
echo ${UNAME_MACHINE}-unknown-linux-gnu
|
||||
exit ;;
|
||||
tile*:Linux:*:*)
|
||||
echo ${UNAME_MACHINE}-tilera-linux-gnu
|
||||
echo ${UNAME_MACHINE}-unknown-linux-gnu
|
||||
exit ;;
|
||||
vax:Linux:*:*)
|
||||
echo ${UNAME_MACHINE}-dec-linux-gnu
|
||||
exit ;;
|
||||
x86_64:Linux:*:*)
|
||||
echo x86_64-unknown-linux-gnu
|
||||
echo ${UNAME_MACHINE}-unknown-linux-gnu
|
||||
exit ;;
|
||||
xtensa*:Linux:*:*)
|
||||
echo ${UNAME_MACHINE}-unknown-linux-gnu
|
||||
echo ${UNAME_MACHINE}-unknown-linux-gnu
|
||||
exit ;;
|
||||
i*86:DYNIX/ptx:4*:*)
|
||||
# ptx 4.0 does uname -s correctly, with DYNIX/ptx in there.
|
||||
@ -990,11 +1013,11 @@ EOF
|
||||
echo i386-sequent-sysv4
|
||||
exit ;;
|
||||
i*86:UNIX_SV:4.2MP:2.*)
|
||||
# Unixware is an offshoot of SVR4, but it has its own version
|
||||
# number series starting with 2...
|
||||
# I am not positive that other SVR4 systems won't match this,
|
||||
# Unixware is an offshoot of SVR4, but it has its own version
|
||||
# number series starting with 2...
|
||||
# I am not positive that other SVR4 systems won't match this,
|
||||
# I just have to hope. -- rms.
|
||||
# Use sysv4.2uw... so that sysv4* matches it.
|
||||
# Use sysv4.2uw... so that sysv4* matches it.
|
||||
echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION}
|
||||
exit ;;
|
||||
i*86:OS/2:*:*)
|
||||
@ -1026,7 +1049,7 @@ EOF
|
||||
fi
|
||||
exit ;;
|
||||
i*86:*:5:[678]*)
|
||||
# UnixWare 7.x, OpenUNIX and OpenServer 6.
|
||||
# UnixWare 7.x, OpenUNIX and OpenServer 6.
|
||||
case `/bin/uname -X | grep "^Machine"` in
|
||||
*486*) UNAME_MACHINE=i486 ;;
|
||||
*Pentium) UNAME_MACHINE=i586 ;;
|
||||
@ -1054,13 +1077,13 @@ EOF
|
||||
exit ;;
|
||||
pc:*:*:*)
|
||||
# Left here for compatibility:
|
||||
# uname -m prints for DJGPP always 'pc', but it prints nothing about
|
||||
# the processor, so we play safe by assuming i586.
|
||||
# uname -m prints for DJGPP always 'pc', but it prints nothing about
|
||||
# the processor, so we play safe by assuming i586.
|
||||
# Note: whatever this is, it MUST be the same as what config.sub
|
||||
# prints for the "djgpp" host, or else GDB configury will decide that
|
||||
# this is a cross-build.
|
||||
echo i586-pc-msdosdjgpp
|
||||
exit ;;
|
||||
exit ;;
|
||||
Intel:Mach:3*:*)
|
||||
echo i386-pc-mach3
|
||||
exit ;;
|
||||
@ -1095,8 +1118,8 @@ EOF
|
||||
/bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \
|
||||
&& { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;;
|
||||
3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*)
|
||||
/bin/uname -p 2>/dev/null | grep 86 >/dev/null \
|
||||
&& { echo i486-ncr-sysv4; exit; } ;;
|
||||
/bin/uname -p 2>/dev/null | grep 86 >/dev/null \
|
||||
&& { echo i486-ncr-sysv4; exit; } ;;
|
||||
NCR*:*:4.2:* | MPRAS*:*:4.2:*)
|
||||
OS_REL='.3'
|
||||
test -r /etc/.relid \
|
||||
@ -1139,10 +1162,10 @@ EOF
|
||||
echo ns32k-sni-sysv
|
||||
fi
|
||||
exit ;;
|
||||
PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort
|
||||
# says <Richard.M.Bartel@ccMail.Census.GOV>
|
||||
echo i586-unisys-sysv4
|
||||
exit ;;
|
||||
PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort
|
||||
# says <Richard.M.Bartel@ccMail.Census.GOV>
|
||||
echo i586-unisys-sysv4
|
||||
exit ;;
|
||||
*:UNIX_System_V:4*:FTX*)
|
||||
# From Gerald Hewes <hewes@openmarket.com>.
|
||||
# How about differentiating between stratus architectures? -djm
|
||||
@ -1168,11 +1191,11 @@ EOF
|
||||
exit ;;
|
||||
R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*)
|
||||
if [ -d /usr/nec ]; then
|
||||
echo mips-nec-sysv${UNAME_RELEASE}
|
||||
echo mips-nec-sysv${UNAME_RELEASE}
|
||||
else
|
||||
echo mips-unknown-sysv${UNAME_RELEASE}
|
||||
echo mips-unknown-sysv${UNAME_RELEASE}
|
||||
fi
|
||||
exit ;;
|
||||
exit ;;
|
||||
BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only.
|
||||
echo powerpc-be-beos
|
||||
exit ;;
|
||||
@ -1185,6 +1208,9 @@ EOF
|
||||
BePC:Haiku:*:*) # Haiku running on Intel PC compatible.
|
||||
echo i586-pc-haiku
|
||||
exit ;;
|
||||
x86_64:Haiku:*:*)
|
||||
echo x86_64-unknown-haiku
|
||||
exit ;;
|
||||
SX-4:SUPER-UX:*:*)
|
||||
echo sx4-nec-superux${UNAME_RELEASE}
|
||||
exit ;;
|
||||
@ -1240,7 +1266,7 @@ EOF
|
||||
NEO-?:NONSTOP_KERNEL:*:*)
|
||||
echo neo-tandem-nsk${UNAME_RELEASE}
|
||||
exit ;;
|
||||
NSE-?:NONSTOP_KERNEL:*:*)
|
||||
NSE-*:NONSTOP_KERNEL:*:*)
|
||||
echo nse-tandem-nsk${UNAME_RELEASE}
|
||||
exit ;;
|
||||
NSR-?:NONSTOP_KERNEL:*:*)
|
||||
@ -1285,13 +1311,13 @@ EOF
|
||||
echo pdp10-unknown-its
|
||||
exit ;;
|
||||
SEI:*:*:SEIUX)
|
||||
echo mips-sei-seiux${UNAME_RELEASE}
|
||||
echo mips-sei-seiux${UNAME_RELEASE}
|
||||
exit ;;
|
||||
*:DragonFly:*:*)
|
||||
echo ${UNAME_MACHINE}-unknown-dragonfly`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`
|
||||
exit ;;
|
||||
*:*VMS:*:*)
|
||||
UNAME_MACHINE=`(uname -p) 2>/dev/null`
|
||||
UNAME_MACHINE=`(uname -p) 2>/dev/null`
|
||||
case "${UNAME_MACHINE}" in
|
||||
A*) echo alpha-dec-vms ; exit ;;
|
||||
I*) echo ia64-dec-vms ; exit ;;
|
||||
@ -1309,11 +1335,11 @@ EOF
|
||||
i*86:AROS:*:*)
|
||||
echo ${UNAME_MACHINE}-pc-aros
|
||||
exit ;;
|
||||
x86_64:VMkernel:*:*)
|
||||
echo ${UNAME_MACHINE}-unknown-esx
|
||||
exit ;;
|
||||
esac
|
||||
|
||||
#echo '(No uname command or uname output not recognized.)' 1>&2
|
||||
#echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2
|
||||
|
||||
eval $set_cc_for_build
|
||||
cat >$dummy.c <<EOF
|
||||
#ifdef _SEQUENT_
|
||||
@ -1331,11 +1357,11 @@ main ()
|
||||
#include <sys/param.h>
|
||||
printf ("m68k-sony-newsos%s\n",
|
||||
#ifdef NEWSOS4
|
||||
"4"
|
||||
"4"
|
||||
#else
|
||||
""
|
||||
""
|
||||
#endif
|
||||
); exit (0);
|
||||
); exit (0);
|
||||
#endif
|
||||
#endif
|
||||
|
||||
|
@ -157,7 +157,7 @@
|
||||
/* #undef GLOB_HAS_GL_STATV */
|
||||
|
||||
/* Define this if you want GSSAPI support in the version 2 protocol */
|
||||
/* #undef GSSAPI */
|
||||
#define GSSAPI 1
|
||||
|
||||
/* Define if you want to use shadow password expire field */
|
||||
/* #undef HAS_SHADOW_EXPIRE */
|
||||
@ -231,6 +231,9 @@
|
||||
/* Define to 1 if you have the `clock' function. */
|
||||
#define HAVE_CLOCK 1
|
||||
|
||||
/* Have clock_gettime */
|
||||
#define HAVE_CLOCK_GETTIME 1
|
||||
|
||||
/* define if you have clock_t data type */
|
||||
#define HAVE_CLOCK_T 1
|
||||
|
||||
@ -243,6 +246,9 @@
|
||||
/* Define if your system uses ancillary data style file descriptor passing */
|
||||
#define HAVE_CONTROL_IN_MSGHDR 1
|
||||
|
||||
/* Define to 1 if you have the `crypt' function. */
|
||||
#define HAVE_CRYPT 1
|
||||
|
||||
/* Define to 1 if you have the <crypto/sha2.h> header file. */
|
||||
/* #undef HAVE_CRYPTO_SHA2_H */
|
||||
|
||||
@ -265,7 +271,11 @@
|
||||
|
||||
/* Define to 1 if you have the declaration of `GSS_C_NT_HOSTBASED_SERVICE',
|
||||
and to 0 if you don't. */
|
||||
/* #undef HAVE_DECL_GSS_C_NT_HOSTBASED_SERVICE */
|
||||
#define HAVE_DECL_GSS_C_NT_HOSTBASED_SERVICE 1
|
||||
|
||||
/* Define to 1 if you have the declaration of `howmany', and to 0 if you
|
||||
don't. */
|
||||
#define HAVE_DECL_HOWMANY 1
|
||||
|
||||
/* Define to 1 if you have the declaration of `h_errno', and to 0 if you
|
||||
don't. */
|
||||
@ -287,6 +297,10 @@
|
||||
don't. */
|
||||
#define HAVE_DECL_MAXSYMLINKS 1
|
||||
|
||||
/* Define to 1 if you have the declaration of `NFDBITS', and to 0 if you
|
||||
don't. */
|
||||
#define HAVE_DECL_NFDBITS 1
|
||||
|
||||
/* Define to 1 if you have the declaration of `offsetof', and to 0 if you
|
||||
don't. */
|
||||
#define HAVE_DECL_OFFSETOF 1
|
||||
@ -319,6 +333,9 @@
|
||||
don't. */
|
||||
#define HAVE_DECL__GETSHORT 0
|
||||
|
||||
/* Define to 1 if you have the `DES_crypt' function. */
|
||||
#define HAVE_DES_CRYPT 1
|
||||
|
||||
/* Define if you have /dev/ptmx */
|
||||
/* #undef HAVE_DEV_PTMX */
|
||||
|
||||
@ -340,6 +357,9 @@
|
||||
/* Define to 1 if you have the <elf.h> header file. */
|
||||
#define HAVE_ELF_H 1
|
||||
|
||||
/* Define to 1 if you have the `endgrent' function. */
|
||||
#define HAVE_ENDGRENT 1
|
||||
|
||||
/* Define to 1 if you have the <endian.h> header file. */
|
||||
/* #undef HAVE_ENDIAN_H */
|
||||
|
||||
@ -373,6 +393,9 @@
|
||||
/* Define to 1 if you have the <fcntl.h> header file. */
|
||||
#define HAVE_FCNTL_H 1
|
||||
|
||||
/* Define to 1 if the system has the type `fd_mask'. */
|
||||
#define HAVE_FD_MASK 1
|
||||
|
||||
/* Define to 1 if you have the <features.h> header file. */
|
||||
/* #undef HAVE_FEATURES_H */
|
||||
|
||||
@ -512,10 +535,10 @@
|
||||
/* #undef HAVE_GSSAPI_GSSAPI_GENERIC_H */
|
||||
|
||||
/* Define to 1 if you have the <gssapi/gssapi.h> header file. */
|
||||
/* #undef HAVE_GSSAPI_GSSAPI_H */
|
||||
#define HAVE_GSSAPI_GSSAPI_H 1
|
||||
|
||||
/* Define to 1 if you have the <gssapi/gssapi_krb5.h> header file. */
|
||||
/* #undef HAVE_GSSAPI_GSSAPI_KRB5_H */
|
||||
#define HAVE_GSSAPI_GSSAPI_KRB5_H 1
|
||||
|
||||
/* Define to 1 if you have the <gssapi.h> header file. */
|
||||
/* #undef HAVE_GSSAPI_H */
|
||||
@ -577,6 +600,15 @@
|
||||
/* Define if you have isblank(3C). */
|
||||
#define HAVE_ISBLANK 1
|
||||
|
||||
/* Define to 1 if you have the `krb5_cc_new_unique' function. */
|
||||
#define HAVE_KRB5_CC_NEW_UNIQUE 1
|
||||
|
||||
/* Define to 1 if you have the `krb5_free_error_message' function. */
|
||||
#define HAVE_KRB5_FREE_ERROR_MESSAGE 1
|
||||
|
||||
/* Define to 1 if you have the `krb5_get_error_message' function. */
|
||||
#define HAVE_KRB5_GET_ERROR_MESSAGE 1
|
||||
|
||||
/* Define to 1 if you have the <lastlog.h> header file. */
|
||||
/* #undef HAVE_LASTLOG_H */
|
||||
|
||||
@ -637,6 +669,9 @@
|
||||
/* Define to 1 if you have the <linux/seccomp.h> header file. */
|
||||
/* #undef HAVE_LINUX_SECCOMP_H */
|
||||
|
||||
/* Define to 1 if you have the <locale.h> header file. */
|
||||
#define HAVE_LOCALE_H 1
|
||||
|
||||
/* Define to 1 if you have the `login' function. */
|
||||
/* #undef HAVE_LOGIN */
|
||||
|
||||
@ -664,6 +699,9 @@
|
||||
/* Define to 1 if you have the <maillock.h> header file. */
|
||||
/* #undef HAVE_MAILLOCK_H */
|
||||
|
||||
/* Define to 1 if you have the `mblen' function. */
|
||||
#define HAVE_MBLEN 1
|
||||
|
||||
/* Define to 1 if you have the `md5_crypt' function. */
|
||||
/* #undef HAVE_MD5_CRYPT */
|
||||
|
||||
@ -770,15 +808,6 @@
|
||||
/* Define to 1 if you have the `pututxline' function. */
|
||||
#define HAVE_PUTUTXLINE 1
|
||||
|
||||
/* Define if your password has a pw_change field */
|
||||
#define HAVE_PW_CHANGE_IN_PASSWD 1
|
||||
|
||||
/* Define if your password has a pw_class field */
|
||||
#define HAVE_PW_CLASS_IN_PASSWD 1
|
||||
|
||||
/* Define if your password has a pw_expire field */
|
||||
#define HAVE_PW_EXPIRE_IN_PASSWD 1
|
||||
|
||||
/* Define to 1 if you have the `readpassphrase' function. */
|
||||
#define HAVE_READPASSPHRASE 1
|
||||
|
||||
@ -815,6 +844,9 @@
|
||||
/* define if you have sa_family_t data type */
|
||||
#define HAVE_SA_FAMILY_T 1
|
||||
|
||||
/* Define to 1 if you have the `scan_scaled' function. */
|
||||
/* #undef HAVE_SCAN_SCALED */
|
||||
|
||||
/* Define if you have SecureWare-based protected password database */
|
||||
/* #undef HAVE_SECUREWARE */
|
||||
|
||||
@ -1004,6 +1036,18 @@
|
||||
/* define if you have struct in6_addr data type */
|
||||
#define HAVE_STRUCT_IN6_ADDR 1
|
||||
|
||||
/* Define to 1 if `pw_change' is a member of `struct passwd'. */
|
||||
#define HAVE_STRUCT_PASSWD_PW_CHANGE 1
|
||||
|
||||
/* Define to 1 if `pw_class' is a member of `struct passwd'. */
|
||||
#define HAVE_STRUCT_PASSWD_PW_CLASS 1
|
||||
|
||||
/* Define to 1 if `pw_expire' is a member of `struct passwd'. */
|
||||
#define HAVE_STRUCT_PASSWD_PW_EXPIRE 1
|
||||
|
||||
/* Define to 1 if `pw_gecos' is a member of `struct passwd'. */
|
||||
#define HAVE_STRUCT_PASSWD_PW_GECOS 1
|
||||
|
||||
/* define if you have struct sockaddr_in6 data type */
|
||||
#define HAVE_STRUCT_SOCKADDR_IN6 1
|
||||
|
||||
@ -1266,7 +1310,7 @@
|
||||
#define HAVE___func__ 1
|
||||
|
||||
/* Define this if you are using the Heimdal version of Kerberos V5 */
|
||||
/* #undef HEIMDAL */
|
||||
#define HEIMDAL 1
|
||||
|
||||
/* Define if you need to use IP address instead of hostname in $DISPLAY */
|
||||
/* #undef IPADDR_IN_DISPLAY */
|
||||
@ -1278,7 +1322,7 @@
|
||||
/* #undef IP_TOS_IS_BROKEN */
|
||||
|
||||
/* Define if you want Kerberos 5 support */
|
||||
/* #undef KRB5 */
|
||||
#define KRB5 1
|
||||
|
||||
/* Define if pututxline updates lastlog too */
|
||||
/* #undef LASTLOG_WRITE_PUTUTXLINE */
|
||||
@ -1324,15 +1368,6 @@
|
||||
/* Set this to your mail directory if you do not have _PATH_MAILDIR */
|
||||
/* #undef MAIL_DIRECTORY */
|
||||
|
||||
/* Define on *nto-qnx systems */
|
||||
/* #undef MISSING_FD_MASK */
|
||||
|
||||
/* Define on *nto-qnx systems */
|
||||
/* #undef MISSING_HOWMANY */
|
||||
|
||||
/* Define on *nto-qnx systems */
|
||||
/* #undef MISSING_NFDBITS */
|
||||
|
||||
/* Need setpgrp to acquire controlling tty */
|
||||
/* #undef NEED_SETPGRP */
|
||||
|
||||
@ -1434,7 +1469,7 @@
|
||||
#define SIZEOF_INT 4
|
||||
|
||||
/* The size of `long int', as computed by sizeof. */
|
||||
#define SIZEOF_LONG_INT 4
|
||||
#define SIZEOF_LONG_INT 8
|
||||
|
||||
/* The size of `long long int', as computed by sizeof. */
|
||||
#define SIZEOF_LONG_LONG_INT 8
|
||||
@ -1570,11 +1605,6 @@
|
||||
/* Define if xauth is found in your path */
|
||||
/* #undef XAUTH_PATH */
|
||||
|
||||
/* Enable large inode numbers on Mac OS X 10.5. */
|
||||
#ifndef _DARWIN_USE_64_BIT_INODE
|
||||
# define _DARWIN_USE_64_BIT_INODE 1
|
||||
#endif
|
||||
|
||||
/* Number of bits in a file offset, on hosts where this is settable. */
|
||||
/* #undef _FILE_OFFSET_BITS */
|
||||
|
||||
|
@ -230,6 +230,9 @@
|
||||
/* Define to 1 if you have the `clock' function. */
|
||||
#undef HAVE_CLOCK
|
||||
|
||||
/* Have clock_gettime */
|
||||
#undef HAVE_CLOCK_GETTIME
|
||||
|
||||
/* define if you have clock_t data type */
|
||||
#undef HAVE_CLOCK_T
|
||||
|
||||
@ -242,6 +245,9 @@
|
||||
/* Define if your system uses ancillary data style file descriptor passing */
|
||||
#undef HAVE_CONTROL_IN_MSGHDR
|
||||
|
||||
/* Define to 1 if you have the `crypt' function. */
|
||||
#undef HAVE_CRYPT
|
||||
|
||||
/* Define to 1 if you have the <crypto/sha2.h> header file. */
|
||||
#undef HAVE_CRYPTO_SHA2_H
|
||||
|
||||
@ -266,6 +272,10 @@
|
||||
and to 0 if you don't. */
|
||||
#undef HAVE_DECL_GSS_C_NT_HOSTBASED_SERVICE
|
||||
|
||||
/* Define to 1 if you have the declaration of `howmany', and to 0 if you
|
||||
don't. */
|
||||
#undef HAVE_DECL_HOWMANY
|
||||
|
||||
/* Define to 1 if you have the declaration of `h_errno', and to 0 if you
|
||||
don't. */
|
||||
#undef HAVE_DECL_H_ERRNO
|
||||
@ -286,6 +296,10 @@
|
||||
don't. */
|
||||
#undef HAVE_DECL_MAXSYMLINKS
|
||||
|
||||
/* Define to 1 if you have the declaration of `NFDBITS', and to 0 if you
|
||||
don't. */
|
||||
#undef HAVE_DECL_NFDBITS
|
||||
|
||||
/* Define to 1 if you have the declaration of `offsetof', and to 0 if you
|
||||
don't. */
|
||||
#undef HAVE_DECL_OFFSETOF
|
||||
@ -318,6 +332,9 @@
|
||||
don't. */
|
||||
#undef HAVE_DECL__GETSHORT
|
||||
|
||||
/* Define to 1 if you have the `DES_crypt' function. */
|
||||
#undef HAVE_DES_CRYPT
|
||||
|
||||
/* Define if you have /dev/ptmx */
|
||||
#undef HAVE_DEV_PTMX
|
||||
|
||||
@ -339,6 +356,9 @@
|
||||
/* Define to 1 if you have the <elf.h> header file. */
|
||||
#undef HAVE_ELF_H
|
||||
|
||||
/* Define to 1 if you have the `endgrent' function. */
|
||||
#undef HAVE_ENDGRENT
|
||||
|
||||
/* Define to 1 if you have the <endian.h> header file. */
|
||||
#undef HAVE_ENDIAN_H
|
||||
|
||||
@ -372,6 +392,9 @@
|
||||
/* Define to 1 if you have the <fcntl.h> header file. */
|
||||
#undef HAVE_FCNTL_H
|
||||
|
||||
/* Define to 1 if the system has the type `fd_mask'. */
|
||||
#undef HAVE_FD_MASK
|
||||
|
||||
/* Define to 1 if you have the <features.h> header file. */
|
||||
#undef HAVE_FEATURES_H
|
||||
|
||||
@ -576,6 +599,15 @@
|
||||
/* Define if you have isblank(3C). */
|
||||
#undef HAVE_ISBLANK
|
||||
|
||||
/* Define to 1 if you have the `krb5_cc_new_unique' function. */
|
||||
#undef HAVE_KRB5_CC_NEW_UNIQUE
|
||||
|
||||
/* Define to 1 if you have the `krb5_free_error_message' function. */
|
||||
#undef HAVE_KRB5_FREE_ERROR_MESSAGE
|
||||
|
||||
/* Define to 1 if you have the `krb5_get_error_message' function. */
|
||||
#undef HAVE_KRB5_GET_ERROR_MESSAGE
|
||||
|
||||
/* Define to 1 if you have the <lastlog.h> header file. */
|
||||
#undef HAVE_LASTLOG_H
|
||||
|
||||
@ -636,6 +668,9 @@
|
||||
/* Define to 1 if you have the <linux/seccomp.h> header file. */
|
||||
#undef HAVE_LINUX_SECCOMP_H
|
||||
|
||||
/* Define to 1 if you have the <locale.h> header file. */
|
||||
#undef HAVE_LOCALE_H
|
||||
|
||||
/* Define to 1 if you have the `login' function. */
|
||||
#undef HAVE_LOGIN
|
||||
|
||||
@ -663,6 +698,9 @@
|
||||
/* Define to 1 if you have the <maillock.h> header file. */
|
||||
#undef HAVE_MAILLOCK_H
|
||||
|
||||
/* Define to 1 if you have the `mblen' function. */
|
||||
#undef HAVE_MBLEN
|
||||
|
||||
/* Define to 1 if you have the `md5_crypt' function. */
|
||||
#undef HAVE_MD5_CRYPT
|
||||
|
||||
@ -769,15 +807,6 @@
|
||||
/* Define to 1 if you have the `pututxline' function. */
|
||||
#undef HAVE_PUTUTXLINE
|
||||
|
||||
/* Define if your password has a pw_change field */
|
||||
#undef HAVE_PW_CHANGE_IN_PASSWD
|
||||
|
||||
/* Define if your password has a pw_class field */
|
||||
#undef HAVE_PW_CLASS_IN_PASSWD
|
||||
|
||||
/* Define if your password has a pw_expire field */
|
||||
#undef HAVE_PW_EXPIRE_IN_PASSWD
|
||||
|
||||
/* Define to 1 if you have the `readpassphrase' function. */
|
||||
#undef HAVE_READPASSPHRASE
|
||||
|
||||
@ -814,6 +843,9 @@
|
||||
/* define if you have sa_family_t data type */
|
||||
#undef HAVE_SA_FAMILY_T
|
||||
|
||||
/* Define to 1 if you have the `scan_scaled' function. */
|
||||
#undef HAVE_SCAN_SCALED
|
||||
|
||||
/* Define if you have SecureWare-based protected password database */
|
||||
#undef HAVE_SECUREWARE
|
||||
|
||||
@ -1003,6 +1035,18 @@
|
||||
/* define if you have struct in6_addr data type */
|
||||
#undef HAVE_STRUCT_IN6_ADDR
|
||||
|
||||
/* Define to 1 if `pw_change' is a member of `struct passwd'. */
|
||||
#undef HAVE_STRUCT_PASSWD_PW_CHANGE
|
||||
|
||||
/* Define to 1 if `pw_class' is a member of `struct passwd'. */
|
||||
#undef HAVE_STRUCT_PASSWD_PW_CLASS
|
||||
|
||||
/* Define to 1 if `pw_expire' is a member of `struct passwd'. */
|
||||
#undef HAVE_STRUCT_PASSWD_PW_EXPIRE
|
||||
|
||||
/* Define to 1 if `pw_gecos' is a member of `struct passwd'. */
|
||||
#undef HAVE_STRUCT_PASSWD_PW_GECOS
|
||||
|
||||
/* define if you have struct sockaddr_in6 data type */
|
||||
#undef HAVE_STRUCT_SOCKADDR_IN6
|
||||
|
||||
@ -1323,15 +1367,6 @@
|
||||
/* Set this to your mail directory if you do not have _PATH_MAILDIR */
|
||||
#undef MAIL_DIRECTORY
|
||||
|
||||
/* Define on *nto-qnx systems */
|
||||
#undef MISSING_FD_MASK
|
||||
|
||||
/* Define on *nto-qnx systems */
|
||||
#undef MISSING_HOWMANY
|
||||
|
||||
/* Define on *nto-qnx systems */
|
||||
#undef MISSING_NFDBITS
|
||||
|
||||
/* Need setpgrp to acquire controlling tty */
|
||||
#undef NEED_SETPGRP
|
||||
|
||||
|
@ -25,7 +25,7 @@
|
||||
#ifndef _DEFINES_H
|
||||
#define _DEFINES_H
|
||||
|
||||
/* $Id: defines.h,v 1.171 2013/03/07 09:06:13 dtucker Exp $ */
|
||||
/* $Id: defines.h,v 1.172 2013/06/01 21:18:48 dtucker Exp $ */
|
||||
|
||||
|
||||
/* Constants */
|
||||
@ -171,11 +171,6 @@ enum
|
||||
# define MAP_FAILED ((void *)-1)
|
||||
#endif
|
||||
|
||||
/* *-*-nto-qnx doesn't define this constant in the system headers */
|
||||
#ifdef MISSING_NFDBITS
|
||||
# define NFDBITS (8 * sizeof(unsigned long))
|
||||
#endif
|
||||
|
||||
/*
|
||||
SCO Open Server 3 has INADDR_LOOPBACK defined in rpc/rpc.h but
|
||||
including rpc/rpc.h breaks Solaris 6
|
||||
@ -355,11 +350,19 @@ struct winsize {
|
||||
};
|
||||
#endif
|
||||
|
||||
/* *-*-nto-qnx does not define this type in the system headers */
|
||||
#ifdef MISSING_FD_MASK
|
||||
/* bits needed for select that may not be in the system headers */
|
||||
#ifndef HAVE_FD_MASK
|
||||
typedef unsigned long int fd_mask;
|
||||
#endif
|
||||
|
||||
#if defined(HAVE_DECL_NFDBITS) && HAVE_DECL_NFDBITS == 0
|
||||
# define NFDBITS (8 * sizeof(unsigned long))
|
||||
#endif
|
||||
|
||||
#if defined(HAVE_DECL_HOWMANY) && HAVE_DECL_HOWMANY == 0
|
||||
# define howmany(x,y) (((x)+((y)-1))/(y))
|
||||
#endif
|
||||
|
||||
/* Paths */
|
||||
|
||||
#ifndef _PATH_BSHELL
|
||||
@ -484,11 +487,6 @@ struct winsize {
|
||||
# define __nonnull__(x)
|
||||
#endif
|
||||
|
||||
/* *-*-nto-qnx doesn't define this macro in the system headers */
|
||||
#ifdef MISSING_HOWMANY
|
||||
# define howmany(x,y) (((x)+((y)-1))/(y))
|
||||
#endif
|
||||
|
||||
#ifndef OSSH_ALIGNBYTES
|
||||
#define OSSH_ALIGNBYTES (sizeof(int) - 1)
|
||||
#endif
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: dh.c,v 1.49 2011/12/07 05:44:38 djm Exp $ */
|
||||
/* $OpenBSD: dh.c,v 1.51 2013/07/02 12:31:43 markus Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2000 Niels Provos. All rights reserved.
|
||||
*
|
||||
@ -48,6 +48,7 @@ parse_prime(int linenum, char *line, struct dhgroup *dhg)
|
||||
const char *errstr = NULL;
|
||||
long long n;
|
||||
|
||||
dhg->p = dhg->g = NULL;
|
||||
cp = line;
|
||||
if ((arg = strdelim(&cp)) == NULL)
|
||||
return 0;
|
||||
@ -59,66 +60,85 @@ parse_prime(int linenum, char *line, struct dhgroup *dhg)
|
||||
|
||||
/* time */
|
||||
if (cp == NULL || *arg == '\0')
|
||||
goto fail;
|
||||
goto truncated;
|
||||
arg = strsep(&cp, " "); /* type */
|
||||
if (cp == NULL || *arg == '\0')
|
||||
goto fail;
|
||||
goto truncated;
|
||||
/* Ensure this is a safe prime */
|
||||
n = strtonum(arg, 0, 5, &errstr);
|
||||
if (errstr != NULL || n != MODULI_TYPE_SAFE)
|
||||
if (errstr != NULL || n != MODULI_TYPE_SAFE) {
|
||||
error("moduli:%d: type is not %d", linenum, MODULI_TYPE_SAFE);
|
||||
goto fail;
|
||||
}
|
||||
arg = strsep(&cp, " "); /* tests */
|
||||
if (cp == NULL || *arg == '\0')
|
||||
goto fail;
|
||||
goto truncated;
|
||||
/* Ensure prime has been tested and is not composite */
|
||||
n = strtonum(arg, 0, 0x1f, &errstr);
|
||||
if (errstr != NULL ||
|
||||
(n & MODULI_TESTS_COMPOSITE) || !(n & ~MODULI_TESTS_COMPOSITE))
|
||||
(n & MODULI_TESTS_COMPOSITE) || !(n & ~MODULI_TESTS_COMPOSITE)) {
|
||||
error("moduli:%d: invalid moduli tests flag", linenum);
|
||||
goto fail;
|
||||
}
|
||||
arg = strsep(&cp, " "); /* tries */
|
||||
if (cp == NULL || *arg == '\0')
|
||||
goto fail;
|
||||
goto truncated;
|
||||
n = strtonum(arg, 0, 1<<30, &errstr);
|
||||
if (errstr != NULL || n == 0)
|
||||
if (errstr != NULL || n == 0) {
|
||||
error("moduli:%d: invalid primality trial count", linenum);
|
||||
goto fail;
|
||||
}
|
||||
strsize = strsep(&cp, " "); /* size */
|
||||
if (cp == NULL || *strsize == '\0' ||
|
||||
(dhg->size = (int)strtonum(strsize, 0, 64*1024, &errstr)) == 0 ||
|
||||
errstr)
|
||||
errstr) {
|
||||
error("moduli:%d: invalid prime length", linenum);
|
||||
goto fail;
|
||||
}
|
||||
/* The whole group is one bit larger */
|
||||
dhg->size++;
|
||||
gen = strsep(&cp, " "); /* gen */
|
||||
if (cp == NULL || *gen == '\0')
|
||||
goto fail;
|
||||
goto truncated;
|
||||
prime = strsep(&cp, " "); /* prime */
|
||||
if (cp != NULL || *prime == '\0')
|
||||
if (cp != NULL || *prime == '\0') {
|
||||
truncated:
|
||||
error("moduli:%d: truncated", linenum);
|
||||
goto fail;
|
||||
}
|
||||
|
||||
if ((dhg->g = BN_new()) == NULL)
|
||||
fatal("parse_prime: BN_new failed");
|
||||
if ((dhg->p = BN_new()) == NULL)
|
||||
fatal("parse_prime: BN_new failed");
|
||||
if (BN_hex2bn(&dhg->g, gen) == 0)
|
||||
goto failclean;
|
||||
if (BN_hex2bn(&dhg->g, gen) == 0) {
|
||||
error("moduli:%d: could not parse generator value", linenum);
|
||||
goto fail;
|
||||
}
|
||||
if (BN_hex2bn(&dhg->p, prime) == 0) {
|
||||
error("moduli:%d: could not parse prime value", linenum);
|
||||
goto fail;
|
||||
}
|
||||
if (BN_num_bits(dhg->p) != dhg->size) {
|
||||
error("moduli:%d: prime has wrong size: actual %d listed %d",
|
||||
linenum, BN_num_bits(dhg->p), dhg->size - 1);
|
||||
goto fail;
|
||||
}
|
||||
if (BN_cmp(dhg->g, BN_value_one()) <= 0) {
|
||||
error("moduli:%d: generator is invalid", linenum);
|
||||
goto fail;
|
||||
}
|
||||
|
||||
if (BN_hex2bn(&dhg->p, prime) == 0)
|
||||
goto failclean;
|
||||
return 1;
|
||||
|
||||
if (BN_num_bits(dhg->p) != dhg->size)
|
||||
goto failclean;
|
||||
|
||||
if (BN_is_zero(dhg->g) || BN_is_one(dhg->g))
|
||||
goto failclean;
|
||||
|
||||
return (1);
|
||||
|
||||
failclean:
|
||||
BN_clear_free(dhg->g);
|
||||
BN_clear_free(dhg->p);
|
||||
fail:
|
||||
if (dhg->g != NULL)
|
||||
BN_clear_free(dhg->g);
|
||||
if (dhg->p != NULL)
|
||||
BN_clear_free(dhg->p);
|
||||
dhg->g = dhg->p = NULL;
|
||||
error("Bad prime description in line %d", linenum);
|
||||
return (0);
|
||||
return 0;
|
||||
}
|
||||
|
||||
DH *
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: dns.c,v 1.28 2012/05/23 03:28:28 djm Exp $ */
|
||||
/* $OpenBSD: dns.c,v 1.29 2013/05/17 00:13:13 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2003 Wesley Griffin. All rights reserved.
|
||||
@ -261,7 +261,7 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address,
|
||||
|
||||
if (hostkey_digest_type != dnskey_digest_type) {
|
||||
hostkey_digest_type = dnskey_digest_type;
|
||||
xfree(hostkey_digest);
|
||||
free(hostkey_digest);
|
||||
|
||||
/* Initialize host key parameters */
|
||||
if (!dns_read_key(&hostkey_algorithm,
|
||||
@ -281,10 +281,10 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address,
|
||||
hostkey_digest_len) == 0)
|
||||
*flags |= DNS_VERIFY_MATCH;
|
||||
}
|
||||
xfree(dnskey_digest);
|
||||
free(dnskey_digest);
|
||||
}
|
||||
|
||||
xfree(hostkey_digest); /* from key_fingerprint_raw() */
|
||||
free(hostkey_digest); /* from key_fingerprint_raw() */
|
||||
freerrset(fingerprints);
|
||||
|
||||
if (*flags & DNS_VERIFY_FOUND)
|
||||
@ -327,7 +327,7 @@ export_dns_rr(const char *hostname, Key *key, FILE *f, int generic)
|
||||
for (i = 0; i < rdata_digest_len; i++)
|
||||
fprintf(f, "%02x", rdata_digest[i]);
|
||||
fprintf(f, "\n");
|
||||
xfree(rdata_digest); /* from key_fingerprint_raw() */
|
||||
free(rdata_digest); /* from key_fingerprint_raw() */
|
||||
success = 1;
|
||||
}
|
||||
}
|
||||
|
26
crypto/openssh/fixalgorithms
Executable file
26
crypto/openssh/fixalgorithms
Executable file
@ -0,0 +1,26 @@
|
||||
#!/bin/sh
|
||||
#
|
||||
# fixciphers - remove unsupported ciphers from man pages.
|
||||
# Usage: fixpaths /path/to/sed cipher1 [cipher2] <infile >outfile
|
||||
#
|
||||
# Author: Darren Tucker (dtucker at zip com.au). Placed in the public domain.
|
||||
|
||||
die() {
|
||||
echo $*
|
||||
exit -1
|
||||
}
|
||||
|
||||
SED=$1
|
||||
shift
|
||||
|
||||
for c in $*; do
|
||||
subs="$subs -e /.Dq.$c.*$/d"
|
||||
subs="$subs -e s/$c,//g"
|
||||
done
|
||||
|
||||
# now remove any entirely empty lines
|
||||
subs="$subs -e /^$/d"
|
||||
|
||||
${SED} $subs
|
||||
|
||||
exit 0
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: groupaccess.c,v 1.13 2008/07/04 03:44:59 djm Exp $ */
|
||||
/* $OpenBSD: groupaccess.c,v 1.14 2013/05/17 00:13:13 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2001 Kevin Steves. All rights reserved.
|
||||
*
|
||||
@ -31,6 +31,7 @@
|
||||
#include <grp.h>
|
||||
#include <unistd.h>
|
||||
#include <stdarg.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
|
||||
#include "xmalloc.h"
|
||||
@ -68,7 +69,7 @@ ga_init(const char *user, gid_t base)
|
||||
for (i = 0, j = 0; i < ngroups; i++)
|
||||
if ((gr = getgrgid(groups_bygid[i])) != NULL)
|
||||
groups_byname[j++] = xstrdup(gr->gr_name);
|
||||
xfree(groups_bygid);
|
||||
free(groups_bygid);
|
||||
return (ngroups = j);
|
||||
}
|
||||
|
||||
@ -122,8 +123,8 @@ ga_free(void)
|
||||
|
||||
if (ngroups > 0) {
|
||||
for (i = 0; i < ngroups; i++)
|
||||
xfree(groups_byname[i]);
|
||||
free(groups_byname[i]);
|
||||
ngroups = 0;
|
||||
xfree(groups_byname);
|
||||
free(groups_byname);
|
||||
}
|
||||
}
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: gss-genr.c,v 1.20 2009/06/22 05:39:28 dtucker Exp $ */
|
||||
/* $OpenBSD: gss-genr.c,v 1.21 2013/05/17 00:13:13 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2001-2007 Simon Wilkinson. All rights reserved.
|
||||
@ -59,8 +59,8 @@ void
|
||||
ssh_gssapi_set_oid_data(Gssctxt *ctx, void *data, size_t len)
|
||||
{
|
||||
if (ctx->oid != GSS_C_NO_OID) {
|
||||
xfree(ctx->oid->elements);
|
||||
xfree(ctx->oid);
|
||||
free(ctx->oid->elements);
|
||||
free(ctx->oid);
|
||||
}
|
||||
ctx->oid = xmalloc(sizeof(gss_OID_desc));
|
||||
ctx->oid->length = len;
|
||||
@ -83,7 +83,7 @@ ssh_gssapi_error(Gssctxt *ctxt)
|
||||
|
||||
s = ssh_gssapi_last_error(ctxt, NULL, NULL);
|
||||
debug("%s", s);
|
||||
xfree(s);
|
||||
free(s);
|
||||
}
|
||||
|
||||
char *
|
||||
@ -164,8 +164,8 @@ ssh_gssapi_delete_ctx(Gssctxt **ctx)
|
||||
if ((*ctx)->name != GSS_C_NO_NAME)
|
||||
gss_release_name(&ms, &(*ctx)->name);
|
||||
if ((*ctx)->oid != GSS_C_NO_OID) {
|
||||
xfree((*ctx)->oid->elements);
|
||||
xfree((*ctx)->oid);
|
||||
free((*ctx)->oid->elements);
|
||||
free((*ctx)->oid);
|
||||
(*ctx)->oid = GSS_C_NO_OID;
|
||||
}
|
||||
if ((*ctx)->creds != GSS_C_NO_CREDENTIAL)
|
||||
@ -175,7 +175,7 @@ ssh_gssapi_delete_ctx(Gssctxt **ctx)
|
||||
if ((*ctx)->client_creds != GSS_C_NO_CREDENTIAL)
|
||||
gss_release_cred(&ms, &(*ctx)->client_creds);
|
||||
|
||||
xfree(*ctx);
|
||||
free(*ctx);
|
||||
*ctx = NULL;
|
||||
}
|
||||
|
||||
@ -222,7 +222,7 @@ ssh_gssapi_import_name(Gssctxt *ctx, const char *host)
|
||||
&gssbuf, GSS_C_NT_HOSTBASED_SERVICE, &ctx->name)))
|
||||
ssh_gssapi_error(ctx);
|
||||
|
||||
xfree(gssbuf.value);
|
||||
free(gssbuf.value);
|
||||
return (ctx->major);
|
||||
}
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: gss-serv-krb5.c,v 1.7 2006/08/03 03:34:42 deraadt Exp $ */
|
||||
/* $OpenBSD: gss-serv-krb5.c,v 1.8 2013/07/20 01:55:13 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
|
||||
@ -48,12 +48,11 @@ extern ServerOptions options;
|
||||
|
||||
#ifdef HEIMDAL
|
||||
# include <krb5.h>
|
||||
#else
|
||||
# ifdef HAVE_GSSAPI_KRB5_H
|
||||
# include <gssapi_krb5.h>
|
||||
# elif HAVE_GSSAPI_GSSAPI_KRB5_H
|
||||
# include <gssapi/gssapi_krb5.h>
|
||||
# endif
|
||||
#endif
|
||||
#ifdef HAVE_GSSAPI_KRB5_H
|
||||
# include <gssapi_krb5.h>
|
||||
#elif HAVE_GSSAPI_GSSAPI_KRB5_H
|
||||
# include <gssapi/gssapi_krb5.h>
|
||||
#endif
|
||||
|
||||
static krb5_context krb_context = NULL;
|
||||
@ -87,14 +86,16 @@ ssh_gssapi_krb5_userok(ssh_gssapi_client *client, char *name)
|
||||
{
|
||||
krb5_principal princ;
|
||||
int retval;
|
||||
const char *errmsg;
|
||||
|
||||
if (ssh_gssapi_krb5_init() == 0)
|
||||
return 0;
|
||||
|
||||
if ((retval = krb5_parse_name(krb_context, client->exportedname.value,
|
||||
&princ))) {
|
||||
logit("krb5_parse_name(): %.100s",
|
||||
krb5_get_err_text(krb_context, retval));
|
||||
errmsg = krb5_get_error_message(krb_context, retval);
|
||||
logit("krb5_parse_name(): %.100s", errmsg);
|
||||
krb5_free_error_message(krb_context, errmsg);
|
||||
return 0;
|
||||
}
|
||||
if (krb5_kuserok(krb_context, princ, name)) {
|
||||
@ -120,6 +121,7 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client)
|
||||
krb5_principal princ;
|
||||
OM_uint32 maj_status, min_status;
|
||||
int len;
|
||||
const char *errmsg;
|
||||
|
||||
if (client->creds == NULL) {
|
||||
debug("No credentials stored");
|
||||
@ -130,30 +132,34 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client)
|
||||
return;
|
||||
|
||||
#ifdef HEIMDAL
|
||||
if ((problem = krb5_cc_gen_new(krb_context, &krb5_fcc_ops, &ccache))) {
|
||||
logit("krb5_cc_gen_new(): %.100s",
|
||||
krb5_get_err_text(krb_context, problem));
|
||||
if ((problem = krb5_cc_new_unique(krb_context, krb5_fcc_ops.prefix,
|
||||
NULL, &ccache)) != 0) {
|
||||
errmsg = krb5_get_error_message(krb_context, problem);
|
||||
logit("krb5_cc_new_unique(): %.100s", errmsg);
|
||||
krb5_free_error_message(krb_context, errmsg);
|
||||
return;
|
||||
}
|
||||
#else
|
||||
if ((problem = ssh_krb5_cc_gen(krb_context, &ccache))) {
|
||||
logit("ssh_krb5_cc_gen(): %.100s",
|
||||
krb5_get_err_text(krb_context, problem));
|
||||
errmsg = krb5_get_error_message(krb_context, problem);
|
||||
logit("ssh_krb5_cc_gen(): %.100s", errmsg);
|
||||
krb5_free_error_message(krb_context, errmsg);
|
||||
return;
|
||||
}
|
||||
#endif /* #ifdef HEIMDAL */
|
||||
|
||||
if ((problem = krb5_parse_name(krb_context,
|
||||
client->exportedname.value, &princ))) {
|
||||
logit("krb5_parse_name(): %.100s",
|
||||
krb5_get_err_text(krb_context, problem));
|
||||
krb5_cc_destroy(krb_context, ccache);
|
||||
errmsg = krb5_get_error_message(krb_context, problem);
|
||||
logit("krb5_parse_name(): %.100s", errmsg);
|
||||
krb5_free_error_message(krb_context, errmsg);
|
||||
return;
|
||||
}
|
||||
|
||||
if ((problem = krb5_cc_initialize(krb_context, ccache, princ))) {
|
||||
logit("krb5_cc_initialize(): %.100s",
|
||||
krb5_get_err_text(krb_context, problem));
|
||||
errmsg = krb5_get_error_message(krb_context, problem);
|
||||
logit("krb5_cc_initialize(): %.100s", errmsg);
|
||||
krb5_free_error_message(krb_context, errmsg);
|
||||
krb5_free_principal(krb_context, princ);
|
||||
krb5_cc_destroy(krb_context, ccache);
|
||||
return;
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: gss-serv.c,v 1.23 2011/08/01 19:18:15 markus Exp $ */
|
||||
/* $OpenBSD: gss-serv.c,v 1.24 2013/07/20 01:55:13 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
|
||||
@ -50,7 +50,7 @@
|
||||
|
||||
static ssh_gssapi_client gssapi_client =
|
||||
{ GSS_C_EMPTY_BUFFER, GSS_C_EMPTY_BUFFER,
|
||||
GSS_C_NO_CREDENTIAL, NULL, {NULL, NULL, NULL}};
|
||||
GSS_C_NO_CREDENTIAL, NULL, {NULL, NULL, NULL, NULL}};
|
||||
|
||||
ssh_gssapi_mech gssapi_null_mech =
|
||||
{ NULL, NULL, {0, NULL}, NULL, NULL, NULL, NULL};
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: hostfile.c,v 1.50 2010/12/04 13:31:37 djm Exp $ */
|
||||
/* $OpenBSD: hostfile.c,v 1.52 2013/07/12 00:19:58 djm Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
@ -64,7 +64,7 @@ struct hostkeys {
|
||||
};
|
||||
|
||||
static int
|
||||
extract_salt(const char *s, u_int l, char *salt, size_t salt_len)
|
||||
extract_salt(const char *s, u_int l, u_char *salt, size_t salt_len)
|
||||
{
|
||||
char *p, *b64salt;
|
||||
u_int b64len;
|
||||
@ -96,7 +96,7 @@ extract_salt(const char *s, u_int l, char *salt, size_t salt_len)
|
||||
b64salt[b64len] = '\0';
|
||||
|
||||
ret = __b64_pton(b64salt, salt, salt_len);
|
||||
xfree(b64salt);
|
||||
free(b64salt);
|
||||
if (ret == -1) {
|
||||
debug2("extract_salt: salt decode error");
|
||||
return (-1);
|
||||
@ -115,7 +115,8 @@ host_hash(const char *host, const char *name_from_hostfile, u_int src_len)
|
||||
{
|
||||
const EVP_MD *md = EVP_sha1();
|
||||
HMAC_CTX mac_ctx;
|
||||
char salt[256], result[256], uu_salt[512], uu_result[512];
|
||||
u_char salt[256], result[256];
|
||||
char uu_salt[512], uu_result[512];
|
||||
static char encoded[1024];
|
||||
u_int i, len;
|
||||
|
||||
@ -133,7 +134,7 @@ host_hash(const char *host, const char *name_from_hostfile, u_int src_len)
|
||||
}
|
||||
|
||||
HMAC_Init(&mac_ctx, salt, len, md);
|
||||
HMAC_Update(&mac_ctx, host, strlen(host));
|
||||
HMAC_Update(&mac_ctx, (u_char *)host, strlen(host));
|
||||
HMAC_Final(&mac_ctx, result, NULL);
|
||||
HMAC_cleanup(&mac_ctx);
|
||||
|
||||
@ -153,7 +154,7 @@ host_hash(const char *host, const char *name_from_hostfile, u_int src_len)
|
||||
*/
|
||||
|
||||
int
|
||||
hostfile_read_key(char **cpp, u_int *bitsp, Key *ret)
|
||||
hostfile_read_key(char **cpp, int *bitsp, Key *ret)
|
||||
{
|
||||
char *cp;
|
||||
|
||||
@ -170,8 +171,10 @@ hostfile_read_key(char **cpp, u_int *bitsp, Key *ret)
|
||||
|
||||
/* Return results. */
|
||||
*cpp = cp;
|
||||
if (bitsp != NULL)
|
||||
*bitsp = key_size(ret);
|
||||
if (bitsp != NULL) {
|
||||
if ((*bitsp = key_size(ret)) <= 0)
|
||||
return 0;
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
@ -327,16 +330,14 @@ free_hostkeys(struct hostkeys *hostkeys)
|
||||
u_int i;
|
||||
|
||||
for (i = 0; i < hostkeys->num_entries; i++) {
|
||||
xfree(hostkeys->entries[i].host);
|
||||
xfree(hostkeys->entries[i].file);
|
||||
free(hostkeys->entries[i].host);
|
||||
free(hostkeys->entries[i].file);
|
||||
key_free(hostkeys->entries[i].key);
|
||||
bzero(hostkeys->entries + i, sizeof(*hostkeys->entries));
|
||||
}
|
||||
if (hostkeys->entries != NULL)
|
||||
xfree(hostkeys->entries);
|
||||
hostkeys->entries = NULL;
|
||||
hostkeys->num_entries = 0;
|
||||
xfree(hostkeys);
|
||||
free(hostkeys->entries);
|
||||
bzero(hostkeys, sizeof(*hostkeys));
|
||||
free(hostkeys);
|
||||
}
|
||||
|
||||
static int
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: hostfile.h,v 1.19 2010/11/29 23:45:51 djm Exp $ */
|
||||
/* $OpenBSD: hostfile.h,v 1.20 2013/07/12 00:19:58 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
@ -40,7 +40,7 @@ HostStatus check_key_in_hostkeys(struct hostkeys *, Key *,
|
||||
int lookup_key_in_hostkeys_by_type(struct hostkeys *, int,
|
||||
const struct hostkey_entry **);
|
||||
|
||||
int hostfile_read_key(char **, u_int *, Key *);
|
||||
int hostfile_read_key(char **, int *, Key *);
|
||||
int add_host_to_hostfile(const char *, const char *, const Key *, int);
|
||||
|
||||
#define HASH_MAGIC "|1|"
|
||||
|
@ -18,7 +18,9 @@
|
||||
|
||||
#include "config.h"
|
||||
|
||||
#ifndef _GNU_SOURCE
|
||||
#define _GNU_SOURCE /* activate extra prototypes for glibc */
|
||||
#endif
|
||||
|
||||
#include <sys/types.h>
|
||||
#include <sys/socket.h> /* For CMSG_* */
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: jpake.c,v 1.7 2012/06/18 11:43:53 dtucker Exp $ */
|
||||
/* $OpenBSD: jpake.c,v 1.8 2013/05/17 00:13:13 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2008 Damien Miller. All rights reserved.
|
||||
*
|
||||
@ -106,7 +106,7 @@ jpake_free(struct jpake_ctx *pctx)
|
||||
do { \
|
||||
if ((v) != NULL) { \
|
||||
bzero((v), (l)); \
|
||||
xfree(v); \
|
||||
free(v); \
|
||||
(v) = NULL; \
|
||||
(l) = 0; \
|
||||
} \
|
||||
@ -134,7 +134,7 @@ jpake_free(struct jpake_ctx *pctx)
|
||||
#undef JPAKE_BUF_CLEAR_FREE
|
||||
|
||||
bzero(pctx, sizeof(*pctx));
|
||||
xfree(pctx);
|
||||
free(pctx);
|
||||
}
|
||||
|
||||
/* dump entire jpake_ctx. NB. includes private values! */
|
||||
@ -445,7 +445,7 @@ jpake_check_confirm(const BIGNUM *k,
|
||||
expected_confirm_hash_len) == 0)
|
||||
success = 1;
|
||||
bzero(expected_confirm_hash, expected_confirm_hash_len);
|
||||
xfree(expected_confirm_hash);
|
||||
free(expected_confirm_hash);
|
||||
debug3("%s: success = %d", __func__, success);
|
||||
return success;
|
||||
}
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: kex.c,v 1.88 2013/01/08 18:49:04 markus Exp $ */
|
||||
/* $OpenBSD: kex.c,v 1.91 2013/05/17 00:13:13 djm Exp $ */
|
||||
/* $FreeBSD$ */
|
||||
/*
|
||||
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
|
||||
@ -63,6 +63,57 @@ extern const EVP_MD *evp_ssh_sha256(void);
|
||||
static void kex_kexinit_finish(Kex *);
|
||||
static void kex_choose_conf(Kex *);
|
||||
|
||||
struct kexalg {
|
||||
char *name;
|
||||
int type;
|
||||
int ec_nid;
|
||||
const EVP_MD *(*mdfunc)(void);
|
||||
};
|
||||
static const struct kexalg kexalgs[] = {
|
||||
{ KEX_DH1, KEX_DH_GRP1_SHA1, 0, EVP_sha1 },
|
||||
{ KEX_DH14, KEX_DH_GRP14_SHA1, 0, EVP_sha1 },
|
||||
{ KEX_DHGEX_SHA1, KEX_DH_GEX_SHA1, 0, EVP_sha1 },
|
||||
#ifdef HAVE_EVP_SHA256
|
||||
{ KEX_DHGEX_SHA256, KEX_DH_GEX_SHA256, 0, EVP_sha256 },
|
||||
#endif
|
||||
#ifdef OPENSSL_HAS_ECC
|
||||
{ KEX_ECDH_SHA2_NISTP256, KEX_ECDH_SHA2, NID_X9_62_prime256v1, EVP_sha256 },
|
||||
{ KEX_ECDH_SHA2_NISTP384, KEX_ECDH_SHA2, NID_secp384r1, EVP_sha384 },
|
||||
{ KEX_ECDH_SHA2_NISTP521, KEX_ECDH_SHA2, NID_secp521r1, EVP_sha512 },
|
||||
#endif
|
||||
{ NULL, -1, -1, NULL},
|
||||
};
|
||||
|
||||
char *
|
||||
kex_alg_list(void)
|
||||
{
|
||||
char *ret = NULL;
|
||||
size_t nlen, rlen = 0;
|
||||
const struct kexalg *k;
|
||||
|
||||
for (k = kexalgs; k->name != NULL; k++) {
|
||||
if (ret != NULL)
|
||||
ret[rlen++] = '\n';
|
||||
nlen = strlen(k->name);
|
||||
ret = xrealloc(ret, 1, rlen + nlen + 2);
|
||||
memcpy(ret + rlen, k->name, nlen + 1);
|
||||
rlen += nlen;
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
|
||||
static const struct kexalg *
|
||||
kex_alg_by_name(const char *name)
|
||||
{
|
||||
const struct kexalg *k;
|
||||
|
||||
for (k = kexalgs; k->name != NULL; k++) {
|
||||
if (strcmp(k->name, name) == 0)
|
||||
return k;
|
||||
}
|
||||
return NULL;
|
||||
}
|
||||
|
||||
/* Validate KEX method name list */
|
||||
int
|
||||
kex_names_valid(const char *names)
|
||||
@ -74,20 +125,14 @@ kex_names_valid(const char *names)
|
||||
s = cp = xstrdup(names);
|
||||
for ((p = strsep(&cp, ",")); p && *p != '\0';
|
||||
(p = strsep(&cp, ","))) {
|
||||
if (strcmp(p, KEX_DHGEX_SHA256) != 0 &&
|
||||
strcmp(p, KEX_DHGEX_SHA1) != 0 &&
|
||||
strcmp(p, KEX_DH14) != 0 &&
|
||||
strcmp(p, KEX_DH1) != 0 &&
|
||||
(strncmp(p, KEX_ECDH_SHA2_STEM,
|
||||
sizeof(KEX_ECDH_SHA2_STEM) - 1) != 0 ||
|
||||
kex_ecdh_name_to_nid(p) == -1)) {
|
||||
if (kex_alg_by_name(p) == NULL) {
|
||||
error("Unsupported KEX algorithm \"%.100s\"", p);
|
||||
xfree(s);
|
||||
free(s);
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
debug3("kex names ok: [%s]", names);
|
||||
xfree(s);
|
||||
free(s);
|
||||
return 1;
|
||||
}
|
||||
|
||||
@ -152,8 +197,8 @@ kex_prop_free(char **proposal)
|
||||
u_int i;
|
||||
|
||||
for (i = 0; i < PROPOSAL_MAX; i++)
|
||||
xfree(proposal[i]);
|
||||
xfree(proposal);
|
||||
free(proposal[i]);
|
||||
free(proposal);
|
||||
}
|
||||
|
||||
/* ARGSUSED */
|
||||
@ -190,7 +235,7 @@ kex_finish(Kex *kex)
|
||||
buffer_clear(&kex->peer);
|
||||
/* buffer_clear(&kex->my); */
|
||||
kex->flags &= ~KEX_INIT_SENT;
|
||||
xfree(kex->name);
|
||||
free(kex->name);
|
||||
kex->name = NULL;
|
||||
}
|
||||
|
||||
@ -247,7 +292,7 @@ kex_input_kexinit(int type, u_int32_t seq, void *ctxt)
|
||||
for (i = 0; i < KEX_COOKIE_LEN; i++)
|
||||
packet_get_char();
|
||||
for (i = 0; i < PROPOSAL_MAX; i++)
|
||||
xfree(packet_get_string(NULL));
|
||||
free(packet_get_string(NULL));
|
||||
/*
|
||||
* XXX RFC4253 sec 7: "each side MAY guess" - currently no supported
|
||||
* KEX method has the server move first, but a server might be using
|
||||
@ -354,29 +399,16 @@ choose_comp(Comp *comp, char *client, char *server)
|
||||
static void
|
||||
choose_kex(Kex *k, char *client, char *server)
|
||||
{
|
||||
const struct kexalg *kexalg;
|
||||
|
||||
k->name = match_list(client, server, NULL);
|
||||
if (k->name == NULL)
|
||||
fatal("Unable to negotiate a key exchange method");
|
||||
if (strcmp(k->name, KEX_DH1) == 0) {
|
||||
k->kex_type = KEX_DH_GRP1_SHA1;
|
||||
k->evp_md = EVP_sha1();
|
||||
} else if (strcmp(k->name, KEX_DH14) == 0) {
|
||||
k->kex_type = KEX_DH_GRP14_SHA1;
|
||||
k->evp_md = EVP_sha1();
|
||||
} else if (strcmp(k->name, KEX_DHGEX_SHA1) == 0) {
|
||||
k->kex_type = KEX_DH_GEX_SHA1;
|
||||
k->evp_md = EVP_sha1();
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x00907000L
|
||||
} else if (strcmp(k->name, KEX_DHGEX_SHA256) == 0) {
|
||||
k->kex_type = KEX_DH_GEX_SHA256;
|
||||
k->evp_md = evp_ssh_sha256();
|
||||
} else if (strncmp(k->name, KEX_ECDH_SHA2_STEM,
|
||||
sizeof(KEX_ECDH_SHA2_STEM) - 1) == 0) {
|
||||
k->kex_type = KEX_ECDH_SHA2;
|
||||
k->evp_md = kex_ecdh_name_to_evpmd(k->name);
|
||||
#endif
|
||||
} else
|
||||
fatal("bad kex alg %s", k->name);
|
||||
if ((kexalg = kex_alg_by_name(k->name)) == NULL)
|
||||
fatal("unsupported kex alg %s", k->name);
|
||||
k->kex_type = kexalg->type;
|
||||
k->evp_md = kexalg->mdfunc();
|
||||
k->ec_nid = kexalg->ec_nid;
|
||||
}
|
||||
|
||||
static void
|
||||
@ -388,7 +420,7 @@ choose_hostkeyalg(Kex *k, char *client, char *server)
|
||||
k->hostkey_type = key_type_from_name(hostkeyalg);
|
||||
if (k->hostkey_type == KEY_UNSPEC)
|
||||
fatal("bad hostkey alg '%s'", hostkeyalg);
|
||||
xfree(hostkeyalg);
|
||||
free(hostkeyalg);
|
||||
}
|
||||
|
||||
static int
|
||||
@ -445,7 +477,7 @@ kex_choose_conf(Kex *kex)
|
||||
roaming = match_list(KEX_RESUME, peer[PROPOSAL_KEX_ALGS], NULL);
|
||||
if (roaming) {
|
||||
kex->roaming = 1;
|
||||
xfree(roaming);
|
||||
free(roaming);
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: kex.h,v 1.54 2013/01/08 18:49:04 markus Exp $ */
|
||||
/* $OpenBSD: kex.h,v 1.56 2013/07/19 07:37:48 markus Exp $ */
|
||||
/* $FreeBSD$ */
|
||||
|
||||
/*
|
||||
@ -41,8 +41,9 @@
|
||||
#define KEX_DHGEX_SHA1 "diffie-hellman-group-exchange-sha1"
|
||||
#define KEX_DHGEX_SHA256 "diffie-hellman-group-exchange-sha256"
|
||||
#define KEX_RESUME "resume@appgate.com"
|
||||
/* The following represents the family of ECDH methods */
|
||||
#define KEX_ECDH_SHA2_STEM "ecdh-sha2-"
|
||||
#define KEX_ECDH_SHA2_NISTP256 "ecdh-sha2-nistp256"
|
||||
#define KEX_ECDH_SHA2_NISTP384 "ecdh-sha2-nistp384"
|
||||
#define KEX_ECDH_SHA2_NISTP521 "ecdh-sha2-nistp521"
|
||||
|
||||
#define COMP_NONE 0
|
||||
#define COMP_ZLIB 1
|
||||
@ -87,7 +88,7 @@ typedef struct Newkeys Newkeys;
|
||||
|
||||
struct Enc {
|
||||
char *name;
|
||||
Cipher *cipher;
|
||||
const Cipher *cipher;
|
||||
int enabled;
|
||||
u_int key_len;
|
||||
u_int iv_len;
|
||||
@ -132,16 +133,19 @@ struct Kex {
|
||||
sig_atomic_t done;
|
||||
int flags;
|
||||
const EVP_MD *evp_md;
|
||||
int ec_nid;
|
||||
char *client_version_string;
|
||||
char *server_version_string;
|
||||
int (*verify_host_key)(Key *);
|
||||
Key *(*load_host_public_key)(int);
|
||||
Key *(*load_host_private_key)(int);
|
||||
int (*host_key_index)(Key *);
|
||||
void (*sign)(Key *, Key *, u_char **, u_int *, u_char *, u_int);
|
||||
void (*kex[KEX_MAX])(Kex *);
|
||||
};
|
||||
|
||||
int kex_names_valid(const char *);
|
||||
char *kex_alg_list(void);
|
||||
|
||||
#ifdef NONE_CIPHER_ENABLED
|
||||
void kex_prop2buf(Buffer *, char *[PROPOSAL_MAX]);
|
||||
@ -175,11 +179,6 @@ void
|
||||
kex_ecdh_hash(const EVP_MD *, const EC_GROUP *, char *, char *, char *, int,
|
||||
char *, int, u_char *, int, const EC_POINT *, const EC_POINT *,
|
||||
const BIGNUM *, u_char **, u_int *);
|
||||
int kex_ecdh_name_to_nid(const char *);
|
||||
const EVP_MD *kex_ecdh_name_to_evpmd(const char *);
|
||||
#else
|
||||
# define kex_ecdh_name_to_nid(x) (-1)
|
||||
# define kex_ecdh_name_to_evpmd(x) (NULL)
|
||||
#endif
|
||||
|
||||
void
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: kexdhc.c,v 1.12 2010/11/10 01:33:07 djm Exp $ */
|
||||
/* $OpenBSD: kexdhc.c,v 1.13 2013/05/17 00:13:13 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2001 Markus Friedl. All rights reserved.
|
||||
*
|
||||
@ -125,7 +125,7 @@ kexdh_client(Kex *kex)
|
||||
if (BN_bin2bn(kbuf, kout, shared_secret) == NULL)
|
||||
fatal("kexdh_client: BN_bin2bn failed");
|
||||
memset(kbuf, 0, klen);
|
||||
xfree(kbuf);
|
||||
free(kbuf);
|
||||
|
||||
/* calc and verify H */
|
||||
kex_dh_hash(
|
||||
@ -139,14 +139,14 @@ kexdh_client(Kex *kex)
|
||||
shared_secret,
|
||||
&hash, &hashlen
|
||||
);
|
||||
xfree(server_host_key_blob);
|
||||
free(server_host_key_blob);
|
||||
BN_clear_free(dh_server_pub);
|
||||
DH_free(dh);
|
||||
|
||||
if (key_verify(server_host_key, signature, slen, hash, hashlen) != 1)
|
||||
fatal("key_verify failed for server_host_key");
|
||||
key_free(server_host_key);
|
||||
xfree(signature);
|
||||
free(signature);
|
||||
|
||||
/* save session id */
|
||||
if (kex->session_id == NULL) {
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: kexdhs.c,v 1.12 2010/11/10 01:33:07 djm Exp $ */
|
||||
/* $OpenBSD: kexdhs.c,v 1.14 2013/07/19 07:37:48 markus Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2001 Markus Friedl. All rights reserved.
|
||||
*
|
||||
@ -80,9 +80,6 @@ kexdh_server(Kex *kex)
|
||||
if (server_host_public == NULL)
|
||||
fatal("Unsupported hostkey type %d", kex->hostkey_type);
|
||||
server_host_private = kex->load_host_private_key(kex->hostkey_type);
|
||||
if (server_host_private == NULL)
|
||||
fatal("Missing private key for hostkey type %d",
|
||||
kex->hostkey_type);
|
||||
|
||||
/* key, cert */
|
||||
if ((dh_client_pub = BN_new()) == NULL)
|
||||
@ -118,7 +115,7 @@ kexdh_server(Kex *kex)
|
||||
if (BN_bin2bn(kbuf, kout, shared_secret) == NULL)
|
||||
fatal("kexdh_server: BN_bin2bn failed");
|
||||
memset(kbuf, 0, klen);
|
||||
xfree(kbuf);
|
||||
free(kbuf);
|
||||
|
||||
key_to_blob(server_host_public, &server_host_key_blob, &sbloblen);
|
||||
|
||||
@ -144,9 +141,8 @@ kexdh_server(Kex *kex)
|
||||
}
|
||||
|
||||
/* sign H */
|
||||
if (PRIVSEP(key_sign(server_host_private, &signature, &slen, hash,
|
||||
hashlen)) < 0)
|
||||
fatal("kexdh_server: key_sign failed");
|
||||
kex->sign(server_host_private, server_host_public, &signature, &slen,
|
||||
hash, hashlen);
|
||||
|
||||
/* destroy_sensitive_data(); */
|
||||
|
||||
@ -157,8 +153,8 @@ kexdh_server(Kex *kex)
|
||||
packet_put_string(signature, slen);
|
||||
packet_send();
|
||||
|
||||
xfree(signature);
|
||||
xfree(server_host_key_blob);
|
||||
free(signature);
|
||||
free(server_host_key_blob);
|
||||
/* have keys, free DH */
|
||||
DH_free(dh);
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: kexecdh.c,v 1.3 2010/09/22 05:01:29 djm Exp $ */
|
||||
/* $OpenBSD: kexecdh.c,v 1.4 2013/04/19 01:06:50 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2001 Markus Friedl. All rights reserved.
|
||||
* Copyright (c) 2010 Damien Miller. All rights reserved.
|
||||
@ -45,24 +45,6 @@
|
||||
#include "kex.h"
|
||||
#include "log.h"
|
||||
|
||||
int
|
||||
kex_ecdh_name_to_nid(const char *kexname)
|
||||
{
|
||||
if (strlen(kexname) < sizeof(KEX_ECDH_SHA2_STEM) - 1)
|
||||
fatal("%s: kexname too short \"%s\"", __func__, kexname);
|
||||
return key_curve_name_to_nid(kexname + sizeof(KEX_ECDH_SHA2_STEM) - 1);
|
||||
}
|
||||
|
||||
const EVP_MD *
|
||||
kex_ecdh_name_to_evpmd(const char *kexname)
|
||||
{
|
||||
int nid = kex_ecdh_name_to_nid(kexname);
|
||||
|
||||
if (nid == -1)
|
||||
fatal("%s: unsupported ECDH curve \"%s\"", __func__, kexname);
|
||||
return key_ec_nid_to_evpmd(nid);
|
||||
}
|
||||
|
||||
void
|
||||
kex_ecdh_hash(
|
||||
const EVP_MD *evp_md,
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: kexecdhc.c,v 1.2 2010/09/22 05:01:29 djm Exp $ */
|
||||
/* $OpenBSD: kexecdhc.c,v 1.4 2013/05/17 00:13:13 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2001 Markus Friedl. All rights reserved.
|
||||
* Copyright (c) 2010 Damien Miller. All rights reserved.
|
||||
@ -57,11 +57,8 @@ kexecdh_client(Kex *kex)
|
||||
u_char *server_host_key_blob = NULL, *signature = NULL;
|
||||
u_char *kbuf, *hash;
|
||||
u_int klen, slen, sbloblen, hashlen;
|
||||
int curve_nid;
|
||||
|
||||
if ((curve_nid = kex_ecdh_name_to_nid(kex->name)) == -1)
|
||||
fatal("%s: unsupported ECDH curve \"%s\"", __func__, kex->name);
|
||||
if ((client_key = EC_KEY_new_by_curve_name(curve_nid)) == NULL)
|
||||
if ((client_key = EC_KEY_new_by_curve_name(kex->ec_nid)) == NULL)
|
||||
fatal("%s: EC_KEY_new_by_curve_name failed", __func__);
|
||||
if (EC_KEY_generate_key(client_key) != 1)
|
||||
fatal("%s: EC_KEY_generate_key failed", __func__);
|
||||
@ -123,7 +120,7 @@ kexecdh_client(Kex *kex)
|
||||
if (BN_bin2bn(kbuf, klen, shared_secret) == NULL)
|
||||
fatal("%s: BN_bin2bn failed", __func__);
|
||||
memset(kbuf, 0, klen);
|
||||
xfree(kbuf);
|
||||
free(kbuf);
|
||||
|
||||
/* calc and verify H */
|
||||
kex_ecdh_hash(
|
||||
@ -139,14 +136,14 @@ kexecdh_client(Kex *kex)
|
||||
shared_secret,
|
||||
&hash, &hashlen
|
||||
);
|
||||
xfree(server_host_key_blob);
|
||||
free(server_host_key_blob);
|
||||
EC_POINT_clear_free(server_public);
|
||||
EC_KEY_free(client_key);
|
||||
|
||||
if (key_verify(server_host_key, signature, slen, hash, hashlen) != 1)
|
||||
fatal("key_verify failed for server_host_key");
|
||||
key_free(server_host_key);
|
||||
xfree(signature);
|
||||
free(signature);
|
||||
|
||||
/* save session id */
|
||||
if (kex->session_id == NULL) {
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: kexecdhs.c,v 1.2 2010/09/22 05:01:29 djm Exp $ */
|
||||
/* $OpenBSD: kexecdhs.c,v 1.5 2013/07/19 07:37:48 markus Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2001 Markus Friedl. All rights reserved.
|
||||
* Copyright (c) 2010 Damien Miller. All rights reserved.
|
||||
@ -59,11 +59,8 @@ kexecdh_server(Kex *kex)
|
||||
u_char *server_host_key_blob = NULL, *signature = NULL;
|
||||
u_char *kbuf, *hash;
|
||||
u_int klen, slen, sbloblen, hashlen;
|
||||
int curve_nid;
|
||||
|
||||
if ((curve_nid = kex_ecdh_name_to_nid(kex->name)) == -1)
|
||||
fatal("%s: unsupported ECDH curve \"%s\"", __func__, kex->name);
|
||||
if ((server_key = EC_KEY_new_by_curve_name(curve_nid)) == NULL)
|
||||
if ((server_key = EC_KEY_new_by_curve_name(kex->ec_nid)) == NULL)
|
||||
fatal("%s: EC_KEY_new_by_curve_name failed", __func__);
|
||||
if (EC_KEY_generate_key(server_key) != 1)
|
||||
fatal("%s: EC_KEY_generate_key failed", __func__);
|
||||
@ -81,9 +78,6 @@ kexecdh_server(Kex *kex)
|
||||
if (server_host_public == NULL)
|
||||
fatal("Unsupported hostkey type %d", kex->hostkey_type);
|
||||
server_host_private = kex->load_host_private_key(kex->hostkey_type);
|
||||
if (server_host_private == NULL)
|
||||
fatal("Missing private key for hostkey type %d",
|
||||
kex->hostkey_type);
|
||||
|
||||
debug("expecting SSH2_MSG_KEX_ECDH_INIT");
|
||||
packet_read_expect(SSH2_MSG_KEX_ECDH_INIT);
|
||||
@ -115,7 +109,7 @@ kexecdh_server(Kex *kex)
|
||||
if (BN_bin2bn(kbuf, klen, shared_secret) == NULL)
|
||||
fatal("%s: BN_bin2bn failed", __func__);
|
||||
memset(kbuf, 0, klen);
|
||||
xfree(kbuf);
|
||||
free(kbuf);
|
||||
|
||||
/* calc H */
|
||||
key_to_blob(server_host_public, &server_host_key_blob, &sbloblen);
|
||||
@ -142,9 +136,8 @@ kexecdh_server(Kex *kex)
|
||||
}
|
||||
|
||||
/* sign H */
|
||||
if (PRIVSEP(key_sign(server_host_private, &signature, &slen,
|
||||
hash, hashlen)) < 0)
|
||||
fatal("kexdh_server: key_sign failed");
|
||||
kex->sign(server_host_private, server_host_public, &signature, &slen,
|
||||
hash, hashlen);
|
||||
|
||||
/* destroy_sensitive_data(); */
|
||||
|
||||
@ -155,8 +148,8 @@ kexecdh_server(Kex *kex)
|
||||
packet_put_string(signature, slen);
|
||||
packet_send();
|
||||
|
||||
xfree(signature);
|
||||
xfree(server_host_key_blob);
|
||||
free(signature);
|
||||
free(server_host_key_blob);
|
||||
/* have keys, free server key */
|
||||
EC_KEY_free(server_key);
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: kexgexc.c,v 1.12 2010/11/10 01:33:07 djm Exp $ */
|
||||
/* $OpenBSD: kexgexc.c,v 1.13 2013/05/17 00:13:13 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2000 Niels Provos. All rights reserved.
|
||||
* Copyright (c) 2001 Markus Friedl. All rights reserved.
|
||||
@ -163,7 +163,7 @@ kexgex_client(Kex *kex)
|
||||
if (BN_bin2bn(kbuf, kout, shared_secret) == NULL)
|
||||
fatal("kexgex_client: BN_bin2bn failed");
|
||||
memset(kbuf, 0, klen);
|
||||
xfree(kbuf);
|
||||
free(kbuf);
|
||||
|
||||
if (datafellows & SSH_OLD_DHGEX)
|
||||
min = max = -1;
|
||||
@ -186,13 +186,13 @@ kexgex_client(Kex *kex)
|
||||
|
||||
/* have keys, free DH */
|
||||
DH_free(dh);
|
||||
xfree(server_host_key_blob);
|
||||
free(server_host_key_blob);
|
||||
BN_clear_free(dh_server_pub);
|
||||
|
||||
if (key_verify(server_host_key, signature, slen, hash, hashlen) != 1)
|
||||
fatal("key_verify failed for server_host_key");
|
||||
key_free(server_host_key);
|
||||
xfree(signature);
|
||||
free(signature);
|
||||
|
||||
/* save session id */
|
||||
if (kex->session_id == NULL) {
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: kexgexs.c,v 1.14 2010/11/10 01:33:07 djm Exp $ */
|
||||
/* $OpenBSD: kexgexs.c,v 1.16 2013/07/19 07:37:48 markus Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2000 Niels Provos. All rights reserved.
|
||||
* Copyright (c) 2001 Markus Friedl. All rights reserved.
|
||||
@ -68,10 +68,6 @@ kexgex_server(Kex *kex)
|
||||
if (server_host_public == NULL)
|
||||
fatal("Unsupported hostkey type %d", kex->hostkey_type);
|
||||
server_host_private = kex->load_host_private_key(kex->hostkey_type);
|
||||
if (server_host_private == NULL)
|
||||
fatal("Missing private key for hostkey type %d",
|
||||
kex->hostkey_type);
|
||||
|
||||
|
||||
type = packet_read();
|
||||
switch (type) {
|
||||
@ -155,7 +151,7 @@ kexgex_server(Kex *kex)
|
||||
if (BN_bin2bn(kbuf, kout, shared_secret) == NULL)
|
||||
fatal("kexgex_server: BN_bin2bn failed");
|
||||
memset(kbuf, 0, klen);
|
||||
xfree(kbuf);
|
||||
free(kbuf);
|
||||
|
||||
key_to_blob(server_host_public, &server_host_key_blob, &sbloblen);
|
||||
|
||||
@ -187,9 +183,8 @@ kexgex_server(Kex *kex)
|
||||
}
|
||||
|
||||
/* sign H */
|
||||
if (PRIVSEP(key_sign(server_host_private, &signature, &slen, hash,
|
||||
hashlen)) < 0)
|
||||
fatal("kexgex_server: key_sign failed");
|
||||
kex->sign(server_host_private, server_host_public, &signature, &slen,
|
||||
hash, hashlen);
|
||||
|
||||
/* destroy_sensitive_data(); */
|
||||
|
||||
@ -201,8 +196,8 @@ kexgex_server(Kex *kex)
|
||||
packet_put_string(signature, slen);
|
||||
packet_send();
|
||||
|
||||
xfree(signature);
|
||||
xfree(server_host_key_blob);
|
||||
free(signature);
|
||||
free(server_host_key_blob);
|
||||
/* have keys, free DH */
|
||||
DH_free(dh);
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: key.c,v 1.100 2013/01/17 23:00:01 djm Exp $ */
|
||||
/* $OpenBSD: key.c,v 1.104 2013/05/19 02:42:42 djm Exp $ */
|
||||
/*
|
||||
* read_bignum():
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
@ -187,14 +187,13 @@ cert_free(struct KeyCert *cert)
|
||||
buffer_free(&cert->certblob);
|
||||
buffer_free(&cert->critical);
|
||||
buffer_free(&cert->extensions);
|
||||
if (cert->key_id != NULL)
|
||||
xfree(cert->key_id);
|
||||
free(cert->key_id);
|
||||
for (i = 0; i < cert->nprincipals; i++)
|
||||
xfree(cert->principals[i]);
|
||||
if (cert->principals != NULL)
|
||||
xfree(cert->principals);
|
||||
free(cert->principals[i]);
|
||||
free(cert->principals);
|
||||
if (cert->signature_key != NULL)
|
||||
key_free(cert->signature_key);
|
||||
free(cert);
|
||||
}
|
||||
|
||||
void
|
||||
@ -238,7 +237,7 @@ key_free(Key *k)
|
||||
k->cert = NULL;
|
||||
}
|
||||
|
||||
xfree(k);
|
||||
free(k);
|
||||
}
|
||||
|
||||
static int
|
||||
@ -388,7 +387,7 @@ key_fingerprint_raw(const Key *k, enum fp_type dgst_type,
|
||||
EVP_DigestUpdate(&ctx, blob, len);
|
||||
EVP_DigestFinal(&ctx, retval, dgst_raw_length);
|
||||
memset(blob, 0, len);
|
||||
xfree(blob);
|
||||
free(blob);
|
||||
} else {
|
||||
fatal("key_fingerprint_raw: blob is null");
|
||||
}
|
||||
@ -570,7 +569,7 @@ key_fingerprint_randomart(u_char *dgst_raw, u_int dgst_raw_len, const Key *k)
|
||||
}
|
||||
|
||||
char *
|
||||
key_fingerprint(Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep)
|
||||
key_fingerprint(const Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep)
|
||||
{
|
||||
char *retval = NULL;
|
||||
u_char *dgst_raw;
|
||||
@ -595,7 +594,7 @@ key_fingerprint(Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep)
|
||||
break;
|
||||
}
|
||||
memset(dgst_raw, 0, dgst_raw_len);
|
||||
xfree(dgst_raw);
|
||||
free(dgst_raw);
|
||||
return retval;
|
||||
}
|
||||
|
||||
@ -740,11 +739,11 @@ key_read(Key *ret, char **cpp)
|
||||
n = uudecode(cp, blob, len);
|
||||
if (n < 0) {
|
||||
error("key_read: uudecode %s failed", cp);
|
||||
xfree(blob);
|
||||
free(blob);
|
||||
return -1;
|
||||
}
|
||||
k = key_from_blob(blob, (u_int)n);
|
||||
xfree(blob);
|
||||
free(blob);
|
||||
if (k == NULL) {
|
||||
error("key_read: key_from_blob %s failed", cp);
|
||||
return -1;
|
||||
@ -885,42 +884,12 @@ key_write(const Key *key, FILE *f)
|
||||
fprintf(f, "%s %s", key_ssh_name(key), uu);
|
||||
success = 1;
|
||||
}
|
||||
xfree(blob);
|
||||
xfree(uu);
|
||||
free(blob);
|
||||
free(uu);
|
||||
|
||||
return success;
|
||||
}
|
||||
|
||||
const char *
|
||||
key_type(const Key *k)
|
||||
{
|
||||
switch (k->type) {
|
||||
case KEY_RSA1:
|
||||
return "RSA1";
|
||||
case KEY_RSA:
|
||||
return "RSA";
|
||||
case KEY_DSA:
|
||||
return "DSA";
|
||||
#ifdef OPENSSL_HAS_ECC
|
||||
case KEY_ECDSA:
|
||||
return "ECDSA";
|
||||
#endif
|
||||
case KEY_RSA_CERT_V00:
|
||||
return "RSA-CERT-V00";
|
||||
case KEY_DSA_CERT_V00:
|
||||
return "DSA-CERT-V00";
|
||||
case KEY_RSA_CERT:
|
||||
return "RSA-CERT";
|
||||
case KEY_DSA_CERT:
|
||||
return "DSA-CERT";
|
||||
#ifdef OPENSSL_HAS_ECC
|
||||
case KEY_ECDSA_CERT:
|
||||
return "ECDSA-CERT";
|
||||
#endif
|
||||
}
|
||||
return "unknown";
|
||||
}
|
||||
|
||||
const char *
|
||||
key_cert_type(const Key *k)
|
||||
{
|
||||
@ -934,48 +903,59 @@ key_cert_type(const Key *k)
|
||||
}
|
||||
}
|
||||
|
||||
struct keytype {
|
||||
char *name;
|
||||
char *shortname;
|
||||
int type;
|
||||
int nid;
|
||||
int cert;
|
||||
};
|
||||
static const struct keytype keytypes[] = {
|
||||
{ NULL, "RSA1", KEY_RSA1, 0, 0 },
|
||||
{ "ssh-rsa", "RSA", KEY_RSA, 0, 0 },
|
||||
{ "ssh-dss", "DSA", KEY_DSA, 0, 0 },
|
||||
#ifdef OPENSSL_HAS_ECC
|
||||
{ "ecdsa-sha2-nistp256", "ECDSA", KEY_ECDSA, NID_X9_62_prime256v1, 0 },
|
||||
{ "ecdsa-sha2-nistp384", "ECDSA", KEY_ECDSA, NID_secp384r1, 0 },
|
||||
{ "ecdsa-sha2-nistp521", "ECDSA", KEY_ECDSA, NID_secp521r1, 0 },
|
||||
#endif /* OPENSSL_HAS_ECC */
|
||||
{ "ssh-rsa-cert-v01@openssh.com", "RSA-CERT", KEY_RSA_CERT, 0, 1 },
|
||||
{ "ssh-dss-cert-v01@openssh.com", "DSA-CERT", KEY_DSA_CERT, 0, 1 },
|
||||
#ifdef OPENSSL_HAS_ECC
|
||||
{ "ecdsa-sha2-nistp256-cert-v01@openssh.com", "ECDSA-CERT",
|
||||
KEY_ECDSA_CERT, NID_X9_62_prime256v1, 1 },
|
||||
{ "ecdsa-sha2-nistp384-cert-v01@openssh.com", "ECDSA-CERT",
|
||||
KEY_ECDSA_CERT, NID_secp384r1, 1 },
|
||||
{ "ecdsa-sha2-nistp521-cert-v01@openssh.com", "ECDSA-CERT",
|
||||
KEY_ECDSA_CERT, NID_secp521r1, 1 },
|
||||
#endif /* OPENSSL_HAS_ECC */
|
||||
{ "ssh-rsa-cert-v00@openssh.com", "RSA-CERT-V00",
|
||||
KEY_RSA_CERT_V00, 0, 1 },
|
||||
{ "ssh-dss-cert-v00@openssh.com", "DSA-CERT-V00",
|
||||
KEY_DSA_CERT_V00, 0, 1 },
|
||||
{ NULL, NULL, -1, -1, 0 }
|
||||
};
|
||||
|
||||
const char *
|
||||
key_type(const Key *k)
|
||||
{
|
||||
const struct keytype *kt;
|
||||
|
||||
for (kt = keytypes; kt->type != -1; kt++) {
|
||||
if (kt->type == k->type)
|
||||
return kt->shortname;
|
||||
}
|
||||
return "unknown";
|
||||
}
|
||||
|
||||
static const char *
|
||||
key_ssh_name_from_type_nid(int type, int nid)
|
||||
{
|
||||
switch (type) {
|
||||
case KEY_RSA:
|
||||
return "ssh-rsa";
|
||||
case KEY_DSA:
|
||||
return "ssh-dss";
|
||||
case KEY_RSA_CERT_V00:
|
||||
return "ssh-rsa-cert-v00@openssh.com";
|
||||
case KEY_DSA_CERT_V00:
|
||||
return "ssh-dss-cert-v00@openssh.com";
|
||||
case KEY_RSA_CERT:
|
||||
return "ssh-rsa-cert-v01@openssh.com";
|
||||
case KEY_DSA_CERT:
|
||||
return "ssh-dss-cert-v01@openssh.com";
|
||||
#ifdef OPENSSL_HAS_ECC
|
||||
case KEY_ECDSA:
|
||||
switch (nid) {
|
||||
case NID_X9_62_prime256v1:
|
||||
return "ecdsa-sha2-nistp256";
|
||||
case NID_secp384r1:
|
||||
return "ecdsa-sha2-nistp384";
|
||||
case NID_secp521r1:
|
||||
return "ecdsa-sha2-nistp521";
|
||||
default:
|
||||
break;
|
||||
}
|
||||
break;
|
||||
case KEY_ECDSA_CERT:
|
||||
switch (nid) {
|
||||
case NID_X9_62_prime256v1:
|
||||
return "ecdsa-sha2-nistp256-cert-v01@openssh.com";
|
||||
case NID_secp384r1:
|
||||
return "ecdsa-sha2-nistp384-cert-v01@openssh.com";
|
||||
case NID_secp521r1:
|
||||
return "ecdsa-sha2-nistp521-cert-v01@openssh.com";
|
||||
default:
|
||||
break;
|
||||
}
|
||||
break;
|
||||
#endif /* OPENSSL_HAS_ECC */
|
||||
const struct keytype *kt;
|
||||
|
||||
for (kt = keytypes; kt->type != -1; kt++) {
|
||||
if (kt->type == type && (kt->nid == 0 || kt->nid == nid))
|
||||
return kt->name;
|
||||
}
|
||||
return "ssh-unknown";
|
||||
}
|
||||
@ -993,6 +973,56 @@ key_ssh_name_plain(const Key *k)
|
||||
k->ecdsa_nid);
|
||||
}
|
||||
|
||||
int
|
||||
key_type_from_name(char *name)
|
||||
{
|
||||
const struct keytype *kt;
|
||||
|
||||
for (kt = keytypes; kt->type != -1; kt++) {
|
||||
/* Only allow shortname matches for plain key types */
|
||||
if ((kt->name != NULL && strcmp(name, kt->name) == 0) ||
|
||||
(!kt->cert && strcasecmp(kt->shortname, name) == 0))
|
||||
return kt->type;
|
||||
}
|
||||
debug2("key_type_from_name: unknown key type '%s'", name);
|
||||
return KEY_UNSPEC;
|
||||
}
|
||||
|
||||
int
|
||||
key_ecdsa_nid_from_name(const char *name)
|
||||
{
|
||||
const struct keytype *kt;
|
||||
|
||||
for (kt = keytypes; kt->type != -1; kt++) {
|
||||
if (kt->type != KEY_ECDSA && kt->type != KEY_ECDSA_CERT)
|
||||
continue;
|
||||
if (kt->name != NULL && strcmp(name, kt->name) == 0)
|
||||
return kt->nid;
|
||||
}
|
||||
debug2("%s: unknown/non-ECDSA key type '%s'", __func__, name);
|
||||
return -1;
|
||||
}
|
||||
|
||||
char *
|
||||
key_alg_list(void)
|
||||
{
|
||||
char *ret = NULL;
|
||||
size_t nlen, rlen = 0;
|
||||
const struct keytype *kt;
|
||||
|
||||
for (kt = keytypes; kt->type != -1; kt++) {
|
||||
if (kt->name == NULL)
|
||||
continue;
|
||||
if (ret != NULL)
|
||||
ret[rlen++] = '\n';
|
||||
nlen = strlen(kt->name);
|
||||
ret = xrealloc(ret, 1, rlen + nlen + 2);
|
||||
memcpy(ret + rlen, kt->name, nlen + 1);
|
||||
rlen += nlen;
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
|
||||
u_int
|
||||
key_size(const Key *k)
|
||||
{
|
||||
@ -1247,65 +1277,6 @@ key_from_private(const Key *k)
|
||||
return n;
|
||||
}
|
||||
|
||||
int
|
||||
key_type_from_name(char *name)
|
||||
{
|
||||
if (strcmp(name, "rsa1") == 0) {
|
||||
return KEY_RSA1;
|
||||
} else if (strcmp(name, "rsa") == 0) {
|
||||
return KEY_RSA;
|
||||
} else if (strcmp(name, "dsa") == 0) {
|
||||
return KEY_DSA;
|
||||
} else if (strcmp(name, "ssh-rsa") == 0) {
|
||||
return KEY_RSA;
|
||||
} else if (strcmp(name, "ssh-dss") == 0) {
|
||||
return KEY_DSA;
|
||||
#ifdef OPENSSL_HAS_ECC
|
||||
} else if (strcmp(name, "ecdsa") == 0 ||
|
||||
strcmp(name, "ecdsa-sha2-nistp256") == 0 ||
|
||||
strcmp(name, "ecdsa-sha2-nistp384") == 0 ||
|
||||
strcmp(name, "ecdsa-sha2-nistp521") == 0) {
|
||||
return KEY_ECDSA;
|
||||
#endif
|
||||
} else if (strcmp(name, "ssh-rsa-cert-v00@openssh.com") == 0) {
|
||||
return KEY_RSA_CERT_V00;
|
||||
} else if (strcmp(name, "ssh-dss-cert-v00@openssh.com") == 0) {
|
||||
return KEY_DSA_CERT_V00;
|
||||
} else if (strcmp(name, "ssh-rsa-cert-v01@openssh.com") == 0) {
|
||||
return KEY_RSA_CERT;
|
||||
} else if (strcmp(name, "ssh-dss-cert-v01@openssh.com") == 0) {
|
||||
return KEY_DSA_CERT;
|
||||
#ifdef OPENSSL_HAS_ECC
|
||||
} else if (strcmp(name, "ecdsa-sha2-nistp256-cert-v01@openssh.com") == 0 ||
|
||||
strcmp(name, "ecdsa-sha2-nistp384-cert-v01@openssh.com") == 0 ||
|
||||
strcmp(name, "ecdsa-sha2-nistp521-cert-v01@openssh.com") == 0) {
|
||||
return KEY_ECDSA_CERT;
|
||||
#endif
|
||||
}
|
||||
|
||||
debug2("key_type_from_name: unknown key type '%s'", name);
|
||||
return KEY_UNSPEC;
|
||||
}
|
||||
|
||||
int
|
||||
key_ecdsa_nid_from_name(const char *name)
|
||||
{
|
||||
#ifdef OPENSSL_HAS_ECC
|
||||
if (strcmp(name, "ecdsa-sha2-nistp256") == 0 ||
|
||||
strcmp(name, "ecdsa-sha2-nistp256-cert-v01@openssh.com") == 0)
|
||||
return NID_X9_62_prime256v1;
|
||||
if (strcmp(name, "ecdsa-sha2-nistp384") == 0 ||
|
||||
strcmp(name, "ecdsa-sha2-nistp384-cert-v01@openssh.com") == 0)
|
||||
return NID_secp384r1;
|
||||
if (strcmp(name, "ecdsa-sha2-nistp521") == 0 ||
|
||||
strcmp(name, "ecdsa-sha2-nistp521-cert-v01@openssh.com") == 0)
|
||||
return NID_secp521r1;
|
||||
#endif /* OPENSSL_HAS_ECC */
|
||||
|
||||
debug2("%s: unknown/non-ECDSA key type '%s'", __func__, name);
|
||||
return -1;
|
||||
}
|
||||
|
||||
int
|
||||
key_names_valid2(const char *names)
|
||||
{
|
||||
@ -1319,12 +1290,12 @@ key_names_valid2(const char *names)
|
||||
switch (key_type_from_name(p)) {
|
||||
case KEY_RSA1:
|
||||
case KEY_UNSPEC:
|
||||
xfree(s);
|
||||
free(s);
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
debug3("key names ok: [%s]", names);
|
||||
xfree(s);
|
||||
free(s);
|
||||
return 1;
|
||||
}
|
||||
|
||||
@ -1446,16 +1417,11 @@ cert_parse(Buffer *b, Key *key, const u_char *blob, u_int blen)
|
||||
|
||||
out:
|
||||
buffer_free(&tmp);
|
||||
if (principals != NULL)
|
||||
xfree(principals);
|
||||
if (critical != NULL)
|
||||
xfree(critical);
|
||||
if (exts != NULL)
|
||||
xfree(exts);
|
||||
if (sig_key != NULL)
|
||||
xfree(sig_key);
|
||||
if (sig != NULL)
|
||||
xfree(sig);
|
||||
free(principals);
|
||||
free(critical);
|
||||
free(exts);
|
||||
free(sig_key);
|
||||
free(sig);
|
||||
return ret;
|
||||
}
|
||||
|
||||
@ -1575,10 +1541,8 @@ key_from_blob(const u_char *blob, u_int blen)
|
||||
if (key != NULL && rlen != 0)
|
||||
error("key_from_blob: remaining bytes in key blob %d", rlen);
|
||||
out:
|
||||
if (ktype != NULL)
|
||||
xfree(ktype);
|
||||
if (curve != NULL)
|
||||
xfree(curve);
|
||||
free(ktype);
|
||||
free(curve);
|
||||
#ifdef OPENSSL_HAS_ECC
|
||||
if (q != NULL)
|
||||
EC_POINT_free(q);
|
||||
@ -1928,7 +1892,7 @@ key_certify(Key *k, Key *ca)
|
||||
default:
|
||||
error("%s: key has incorrect type %s", __func__, key_type(k));
|
||||
buffer_clear(&k->cert->certblob);
|
||||
xfree(ca_blob);
|
||||
free(ca_blob);
|
||||
return -1;
|
||||
}
|
||||
|
||||
@ -1964,7 +1928,7 @@ key_certify(Key *k, Key *ca)
|
||||
|
||||
buffer_put_string(&k->cert->certblob, NULL, 0); /* reserved */
|
||||
buffer_put_string(&k->cert->certblob, ca_blob, ca_len);
|
||||
xfree(ca_blob);
|
||||
free(ca_blob);
|
||||
|
||||
/* Sign the whole mess */
|
||||
if (key_sign(ca, &sig_blob, &sig_len, buffer_ptr(&k->cert->certblob),
|
||||
@ -1975,7 +1939,7 @@ key_certify(Key *k, Key *ca)
|
||||
}
|
||||
/* Append signature and we are done */
|
||||
buffer_put_string(&k->cert->certblob, sig_blob, sig_len);
|
||||
xfree(sig_blob);
|
||||
free(sig_blob);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: key.h,v 1.35 2013/01/17 23:00:01 djm Exp $ */
|
||||
/* $OpenBSD: key.h,v 1.37 2013/05/19 02:42:42 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
|
||||
@ -95,7 +95,7 @@ void key_free(Key *);
|
||||
Key *key_demote(const Key *);
|
||||
int key_equal_public(const Key *, const Key *);
|
||||
int key_equal(const Key *, const Key *);
|
||||
char *key_fingerprint(Key *, enum fp_type, enum fp_rep);
|
||||
char *key_fingerprint(const Key *, enum fp_type, enum fp_rep);
|
||||
u_char *key_fingerprint_raw(const Key *, enum fp_type, u_int *);
|
||||
const char *key_type(const Key *);
|
||||
const char *key_cert_type(const Key *);
|
||||
@ -118,15 +118,16 @@ int key_cert_is_legacy(const Key *);
|
||||
|
||||
int key_ecdsa_nid_from_name(const char *);
|
||||
int key_curve_name_to_nid(const char *);
|
||||
const char * key_curve_nid_to_name(int);
|
||||
const char *key_curve_nid_to_name(int);
|
||||
u_int key_curve_nid_to_bits(int);
|
||||
int key_ecdsa_bits_to_nid(int);
|
||||
#ifdef OPENSSL_HAS_ECC
|
||||
int key_ecdsa_key_to_nid(EC_KEY *);
|
||||
const EVP_MD * key_ec_nid_to_evpmd(int nid);
|
||||
const EVP_MD *key_ec_nid_to_evpmd(int nid);
|
||||
int key_ec_validate_public(const EC_GROUP *, const EC_POINT *);
|
||||
int key_ec_validate_private(const EC_KEY *);
|
||||
#endif
|
||||
char *key_alg_list(void);
|
||||
|
||||
Key *key_from_blob(const u_char *, u_int);
|
||||
int key_to_blob(const Key *, u_char **, u_int *);
|
||||
|
@ -14,7 +14,7 @@
|
||||
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
/* $OpenBSD: krl.c,v 1.10 2013/02/19 02:12:47 dtucker Exp $ */
|
||||
/* $OpenBSD: krl.c,v 1.13 2013/07/20 22:20:42 djm Exp $ */
|
||||
|
||||
#include "includes.h"
|
||||
|
||||
@ -502,11 +502,11 @@ choose_next_state(int current_state, u_int64_t contig, int final,
|
||||
}
|
||||
debug3("%s: contig %llu last_gap %llu next_gap %llu final %d, costs:"
|
||||
"list %llu range %llu bitmap %llu new bitmap %llu, "
|
||||
"selected 0x%02x%s", __func__, (unsigned long long)contig,
|
||||
(unsigned long long)last_gap, (unsigned long long)next_gap, final,
|
||||
(unsigned long long)cost_list, (unsigned long long)cost_range,
|
||||
(unsigned long long)cost_bitmap,
|
||||
(unsigned long long)cost_bitmap_restart, new_state,
|
||||
"selected 0x%02x%s", __func__, (long long unsigned)contig,
|
||||
(long long unsigned)last_gap, (long long unsigned)next_gap, final,
|
||||
(long long unsigned)cost_list, (long long unsigned)cost_range,
|
||||
(long long unsigned)cost_bitmap,
|
||||
(long long unsigned)cost_bitmap_restart, new_state,
|
||||
*force_new_section ? " restart" : "");
|
||||
return new_state;
|
||||
}
|
||||
@ -542,7 +542,7 @@ revoked_certs_generate(struct revoked_certs *rc, Buffer *buf)
|
||||
rs != NULL;
|
||||
rs = RB_NEXT(revoked_serial_tree, &rc->revoked_serials, rs)) {
|
||||
debug3("%s: serial %llu:%llu state 0x%02x", __func__,
|
||||
(unsigned long long)rs->lo, (unsigned long long)rs->hi,
|
||||
(long long unsigned)rs->lo, (long long unsigned)rs->hi,
|
||||
state);
|
||||
|
||||
/* Check contiguous length and gap to next section (if any) */
|
||||
@ -887,9 +887,10 @@ ssh_krl_from_blob(Buffer *buf, struct ssh_krl **krlp,
|
||||
char timestamp[64];
|
||||
int ret = -1, r, sig_seen;
|
||||
Key *key = NULL, **ca_used = NULL;
|
||||
u_char type, *blob;
|
||||
u_int i, j, sig_off, sects_off, blen, format_version, nca_used = 0;
|
||||
u_char type, *blob, *rdata = NULL;
|
||||
u_int i, j, sig_off, sects_off, rlen, blen, format_version, nca_used;
|
||||
|
||||
nca_used = 0;
|
||||
*krlp = NULL;
|
||||
if (buffer_len(buf) < sizeof(KRL_MAGIC) - 1 ||
|
||||
memcmp(buffer_ptr(buf), KRL_MAGIC, sizeof(KRL_MAGIC) - 1) != 0) {
|
||||
@ -933,7 +934,7 @@ ssh_krl_from_blob(Buffer *buf, struct ssh_krl **krlp,
|
||||
|
||||
format_timestamp(krl->generated_date, timestamp, sizeof(timestamp));
|
||||
debug("KRL version %llu generated at %s%s%s",
|
||||
(unsigned long long)krl->krl_version, timestamp,
|
||||
(long long unsigned)krl->krl_version, timestamp,
|
||||
*krl->comment ? ": " : "", krl->comment);
|
||||
|
||||
/*
|
||||
@ -972,7 +973,7 @@ ssh_krl_from_blob(Buffer *buf, struct ssh_krl **krlp,
|
||||
}
|
||||
/* Check signature over entire KRL up to this point */
|
||||
if (key_verify(key, blob, blen,
|
||||
buffer_ptr(buf), buffer_len(buf) - sig_off) == -1) {
|
||||
buffer_ptr(buf), buffer_len(buf) - sig_off) != 1) {
|
||||
error("bad signaure on KRL");
|
||||
goto out;
|
||||
}
|
||||
@ -1015,21 +1016,22 @@ ssh_krl_from_blob(Buffer *buf, struct ssh_krl **krlp,
|
||||
case KRL_SECTION_EXPLICIT_KEY:
|
||||
case KRL_SECTION_FINGERPRINT_SHA1:
|
||||
while (buffer_len(§) > 0) {
|
||||
if ((blob = buffer_get_string_ret(§,
|
||||
&blen)) == NULL) {
|
||||
if ((rdata = buffer_get_string_ret(§,
|
||||
&rlen)) == NULL) {
|
||||
error("%s: buffer error", __func__);
|
||||
goto out;
|
||||
}
|
||||
if (type == KRL_SECTION_FINGERPRINT_SHA1 &&
|
||||
blen != 20) {
|
||||
rlen != 20) {
|
||||
error("%s: bad SHA1 length", __func__);
|
||||
goto out;
|
||||
}
|
||||
if (revoke_blob(
|
||||
type == KRL_SECTION_EXPLICIT_KEY ?
|
||||
&krl->revoked_keys : &krl->revoked_sha1s,
|
||||
blob, blen) != 0)
|
||||
goto out; /* revoke_blob frees blob */
|
||||
rdata, rlen) != 0)
|
||||
goto out;
|
||||
rdata = NULL; /* revoke_blob frees blob */
|
||||
}
|
||||
break;
|
||||
case KRL_SECTION_SIGNATURE:
|
||||
@ -1095,6 +1097,7 @@ ssh_krl_from_blob(Buffer *buf, struct ssh_krl **krlp,
|
||||
key_free(ca_used[i]);
|
||||
}
|
||||
free(ca_used);
|
||||
free(rdata);
|
||||
if (key != NULL)
|
||||
key_free(key);
|
||||
buffer_free(©);
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: log.c,v 1.43 2012/09/06 04:37:39 dtucker Exp $ */
|
||||
/* $OpenBSD: log.c,v 1.45 2013/05/16 09:08:41 dtucker Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
@ -38,6 +38,7 @@
|
||||
|
||||
#include <sys/types.h>
|
||||
|
||||
#include <fcntl.h>
|
||||
#include <stdarg.h>
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
@ -54,6 +55,7 @@
|
||||
|
||||
static LogLevel log_level = SYSLOG_LEVEL_INFO;
|
||||
static int log_on_stderr = 1;
|
||||
static int log_stderr_fd = STDERR_FILENO;
|
||||
static int log_facility = LOG_AUTH;
|
||||
static char *argv0;
|
||||
static log_handler_fn *log_handler;
|
||||
@ -344,6 +346,20 @@ log_is_on_stderr(void)
|
||||
return log_on_stderr;
|
||||
}
|
||||
|
||||
/* redirect what would usually get written to stderr to specified file */
|
||||
void
|
||||
log_redirect_stderr_to(const char *logfile)
|
||||
{
|
||||
int fd;
|
||||
|
||||
if ((fd = open(logfile, O_WRONLY|O_CREAT|O_APPEND, 0600)) == -1) {
|
||||
fprintf(stderr, "Couldn't open logfile %s: %s\n", logfile,
|
||||
strerror(errno));
|
||||
exit(1);
|
||||
}
|
||||
log_stderr_fd = fd;
|
||||
}
|
||||
|
||||
#define MSGBUFSIZ 1024
|
||||
|
||||
void
|
||||
@ -429,7 +445,7 @@ do_log(LogLevel level, const char *fmt, va_list args)
|
||||
log_handler = tmp_handler;
|
||||
} else if (log_on_stderr) {
|
||||
snprintf(msgbuf, sizeof msgbuf, "%s\r\n", fmtbuf);
|
||||
write(STDERR_FILENO, msgbuf, strlen(msgbuf));
|
||||
(void)write(log_stderr_fd, msgbuf, strlen(msgbuf));
|
||||
} else {
|
||||
#if defined(HAVE_OPENLOG_R) && defined(SYSLOG_DATA_INIT)
|
||||
openlog_r(argv0 ? argv0 : __progname, LOG_PID, log_facility, &sdata);
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: log.h,v 1.19 2012/09/06 04:37:39 dtucker Exp $ */
|
||||
/* $OpenBSD: log.h,v 1.20 2013/04/07 02:10:33 dtucker Exp $ */
|
||||
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
@ -51,6 +51,7 @@ typedef void (log_handler_fn)(LogLevel, const char *, void *);
|
||||
void log_init(char *, LogLevel, SyslogFacility, int);
|
||||
void log_change_level(LogLevel);
|
||||
int log_is_on_stderr(void);
|
||||
void log_redirect_stderr_to(const char *);
|
||||
|
||||
SyslogFacility log_facility_number(char *);
|
||||
const char * log_facility_name(SyslogFacility);
|
||||
|
@ -347,7 +347,7 @@ logininfo *login_alloc_entry(pid_t pid, const char *username,
|
||||
void
|
||||
login_free_entry(struct logininfo *li)
|
||||
{
|
||||
xfree(li);
|
||||
free(li);
|
||||
}
|
||||
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: mac.c,v 1.21 2012/12/11 22:51:45 sthen Exp $ */
|
||||
/* $OpenBSD: mac.c,v 1.24 2013/06/03 00:03:18 dtucker Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2001 Markus Friedl. All rights reserved.
|
||||
*
|
||||
@ -50,7 +50,7 @@
|
||||
#define SSH_UMAC 2 /* UMAC (not integrated with OpenSSL) */
|
||||
#define SSH_UMAC128 3
|
||||
|
||||
struct {
|
||||
struct macalg {
|
||||
char *name;
|
||||
int type;
|
||||
const EVP_MD * (*mdfunc)(void);
|
||||
@ -58,7 +58,9 @@ struct {
|
||||
int key_len; /* just for UMAC */
|
||||
int len; /* just for UMAC */
|
||||
int etm; /* Encrypt-then-MAC */
|
||||
} macs[] = {
|
||||
};
|
||||
|
||||
static const struct macalg macs[] = {
|
||||
/* Encrypt-and-MAC (encrypt-and-authenticate) variants */
|
||||
{ "hmac-sha1", SSH_EVP, EVP_sha1, 0, 0, 0, 0 },
|
||||
{ "hmac-sha1-96", SSH_EVP, EVP_sha1, 96, 0, 0, 0 },
|
||||
@ -89,38 +91,58 @@ struct {
|
||||
{ NULL, 0, NULL, 0, 0, 0, 0 }
|
||||
};
|
||||
|
||||
/* Returns a comma-separated list of supported MACs. */
|
||||
char *
|
||||
mac_alg_list(void)
|
||||
{
|
||||
char *ret = NULL;
|
||||
size_t nlen, rlen = 0;
|
||||
const struct macalg *m;
|
||||
|
||||
for (m = macs; m->name != NULL; m++) {
|
||||
if (ret != NULL)
|
||||
ret[rlen++] = '\n';
|
||||
nlen = strlen(m->name);
|
||||
ret = xrealloc(ret, 1, rlen + nlen + 2);
|
||||
memcpy(ret + rlen, m->name, nlen + 1);
|
||||
rlen += nlen;
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
|
||||
static void
|
||||
mac_setup_by_id(Mac *mac, int which)
|
||||
mac_setup_by_alg(Mac *mac, const struct macalg *macalg)
|
||||
{
|
||||
int evp_len;
|
||||
mac->type = macs[which].type;
|
||||
|
||||
mac->type = macalg->type;
|
||||
if (mac->type == SSH_EVP) {
|
||||
mac->evp_md = (*macs[which].mdfunc)();
|
||||
mac->evp_md = macalg->mdfunc();
|
||||
if ((evp_len = EVP_MD_size(mac->evp_md)) <= 0)
|
||||
fatal("mac %s len %d", mac->name, evp_len);
|
||||
mac->key_len = mac->mac_len = (u_int)evp_len;
|
||||
} else {
|
||||
mac->mac_len = macs[which].len / 8;
|
||||
mac->key_len = macs[which].key_len / 8;
|
||||
mac->mac_len = macalg->len / 8;
|
||||
mac->key_len = macalg->key_len / 8;
|
||||
mac->umac_ctx = NULL;
|
||||
}
|
||||
if (macs[which].truncatebits != 0)
|
||||
mac->mac_len = macs[which].truncatebits / 8;
|
||||
mac->etm = macs[which].etm;
|
||||
if (macalg->truncatebits != 0)
|
||||
mac->mac_len = macalg->truncatebits / 8;
|
||||
mac->etm = macalg->etm;
|
||||
}
|
||||
|
||||
int
|
||||
mac_setup(Mac *mac, char *name)
|
||||
{
|
||||
int i;
|
||||
const struct macalg *m;
|
||||
|
||||
for (i = 0; macs[i].name; i++) {
|
||||
if (strcmp(name, macs[i].name) == 0) {
|
||||
if (mac != NULL)
|
||||
mac_setup_by_id(mac, i);
|
||||
debug2("mac_setup: found %s", name);
|
||||
return (0);
|
||||
}
|
||||
for (m = macs; m->name != NULL; m++) {
|
||||
if (strcmp(name, m->name) != 0)
|
||||
continue;
|
||||
if (mac != NULL)
|
||||
mac_setup_by_alg(mac, m);
|
||||
debug2("mac_setup: found %s", name);
|
||||
return (0);
|
||||
}
|
||||
debug2("mac_setup: unknown %s", name);
|
||||
return (-1);
|
||||
@ -152,12 +174,15 @@ mac_init(Mac *mac)
|
||||
u_char *
|
||||
mac_compute(Mac *mac, u_int32_t seqno, u_char *data, int datalen)
|
||||
{
|
||||
static u_char m[EVP_MAX_MD_SIZE];
|
||||
static union {
|
||||
u_char m[EVP_MAX_MD_SIZE];
|
||||
u_int64_t for_align;
|
||||
} u;
|
||||
u_char b[4], nonce[8];
|
||||
|
||||
if (mac->mac_len > sizeof(m))
|
||||
if (mac->mac_len > sizeof(u))
|
||||
fatal("mac_compute: mac too long %u %lu",
|
||||
mac->mac_len, (u_long)sizeof(m));
|
||||
mac->mac_len, (u_long)sizeof(u));
|
||||
|
||||
switch (mac->type) {
|
||||
case SSH_EVP:
|
||||
@ -166,22 +191,22 @@ mac_compute(Mac *mac, u_int32_t seqno, u_char *data, int datalen)
|
||||
HMAC_Init(&mac->evp_ctx, NULL, 0, NULL);
|
||||
HMAC_Update(&mac->evp_ctx, b, sizeof(b));
|
||||
HMAC_Update(&mac->evp_ctx, data, datalen);
|
||||
HMAC_Final(&mac->evp_ctx, m, NULL);
|
||||
HMAC_Final(&mac->evp_ctx, u.m, NULL);
|
||||
break;
|
||||
case SSH_UMAC:
|
||||
put_u64(nonce, seqno);
|
||||
umac_update(mac->umac_ctx, data, datalen);
|
||||
umac_final(mac->umac_ctx, m, nonce);
|
||||
umac_final(mac->umac_ctx, u.m, nonce);
|
||||
break;
|
||||
case SSH_UMAC128:
|
||||
put_u64(nonce, seqno);
|
||||
umac128_update(mac->umac_ctx, data, datalen);
|
||||
umac128_final(mac->umac_ctx, m, nonce);
|
||||
umac128_final(mac->umac_ctx, u.m, nonce);
|
||||
break;
|
||||
default:
|
||||
fatal("mac_compute: unknown MAC type");
|
||||
}
|
||||
return (m);
|
||||
return (u.m);
|
||||
}
|
||||
|
||||
void
|
||||
@ -213,13 +238,13 @@ mac_valid(const char *names)
|
||||
(p = strsep(&cp, MAC_SEP))) {
|
||||
if (mac_setup(NULL, p) < 0) {
|
||||
debug("bad mac %s [%s]", p, names);
|
||||
xfree(maclist);
|
||||
free(maclist);
|
||||
return (0);
|
||||
} else {
|
||||
debug3("mac ok: %s [%s]", p, names);
|
||||
}
|
||||
}
|
||||
debug3("macs ok: [%s]", names);
|
||||
xfree(maclist);
|
||||
free(maclist);
|
||||
return (1);
|
||||
}
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: mac.h,v 1.6 2007/06/07 19:37:34 pvalchev Exp $ */
|
||||
/* $OpenBSD: mac.h,v 1.7 2013/04/19 01:06:50 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2001 Markus Friedl. All rights reserved.
|
||||
*
|
||||
@ -24,6 +24,7 @@
|
||||
*/
|
||||
|
||||
int mac_valid(const char *);
|
||||
char *mac_alg_list(void);
|
||||
int mac_setup(Mac *, char *);
|
||||
int mac_init(Mac *);
|
||||
u_char *mac_compute(Mac *, u_int32_t, u_char *, int);
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: match.c,v 1.27 2008/06/10 23:06:19 djm Exp $ */
|
||||
/* $OpenBSD: match.c,v 1.28 2013/05/17 00:13:13 djm Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
@ -40,6 +40,7 @@
|
||||
#include <sys/types.h>
|
||||
|
||||
#include <ctype.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
|
||||
#include "xmalloc.h"
|
||||
@ -226,14 +227,14 @@ match_user(const char *user, const char *host, const char *ipaddr,
|
||||
|
||||
if ((ret = match_pattern(user, pat)) == 1)
|
||||
ret = match_host_and_ip(host, ipaddr, p);
|
||||
xfree(pat);
|
||||
free(pat);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
/*
|
||||
* Returns first item from client-list that is also supported by server-list,
|
||||
* caller must xfree() returned string.
|
||||
* caller must free the returned string.
|
||||
*/
|
||||
#define MAX_PROP 40
|
||||
#define SEP ","
|
||||
@ -264,15 +265,15 @@ match_list(const char *client, const char *server, u_int *next)
|
||||
if (next != NULL)
|
||||
*next = (cp == NULL) ?
|
||||
strlen(c) : (u_int)(cp - c);
|
||||
xfree(c);
|
||||
xfree(s);
|
||||
free(c);
|
||||
free(s);
|
||||
return ret;
|
||||
}
|
||||
}
|
||||
}
|
||||
if (next != NULL)
|
||||
*next = strlen(c);
|
||||
xfree(c);
|
||||
xfree(s);
|
||||
free(c);
|
||||
free(s);
|
||||
return NULL;
|
||||
}
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: misc.c,v 1.86 2011/09/05 05:59:08 djm Exp $ */
|
||||
/* $OpenBSD: misc.c,v 1.91 2013/07/12 00:43:50 djm Exp $ */
|
||||
/* $FreeBSD$ */
|
||||
/*
|
||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||
@ -128,7 +128,7 @@ unset_nonblock(int fd)
|
||||
const char *
|
||||
ssh_gai_strerror(int gaierr)
|
||||
{
|
||||
if (gaierr == EAI_SYSTEM)
|
||||
if (gaierr == EAI_SYSTEM && errno != 0)
|
||||
return strerror(errno);
|
||||
return gai_strerror(gaierr);
|
||||
}
|
||||
@ -207,16 +207,18 @@ pwcopy(struct passwd *pw)
|
||||
|
||||
copy->pw_name = xstrdup(pw->pw_name);
|
||||
copy->pw_passwd = xstrdup(pw->pw_passwd);
|
||||
#ifdef HAVE_STRUCT_PASSWD_PW_GECOS
|
||||
copy->pw_gecos = xstrdup(pw->pw_gecos);
|
||||
#endif
|
||||
copy->pw_uid = pw->pw_uid;
|
||||
copy->pw_gid = pw->pw_gid;
|
||||
#ifdef HAVE_PW_EXPIRE_IN_PASSWD
|
||||
#ifdef HAVE_STRUCT_PASSWD_PW_EXPIRE
|
||||
copy->pw_expire = pw->pw_expire;
|
||||
#endif
|
||||
#ifdef HAVE_PW_CHANGE_IN_PASSWD
|
||||
#ifdef HAVE_STRUCT_PASSWD_PW_CHANGE
|
||||
copy->pw_change = pw->pw_change;
|
||||
#endif
|
||||
#ifdef HAVE_PW_CLASS_IN_PASSWD
|
||||
#ifdef HAVE_STRUCT_PASSWD_PW_CLASS
|
||||
copy->pw_class = xstrdup(pw->pw_class);
|
||||
#endif
|
||||
copy->pw_dir = xstrdup(pw->pw_dir);
|
||||
@ -252,13 +254,13 @@ a2tun(const char *s, int *remote)
|
||||
*remote = SSH_TUNID_ANY;
|
||||
sp = xstrdup(s);
|
||||
if ((ep = strchr(sp, ':')) == NULL) {
|
||||
xfree(sp);
|
||||
free(sp);
|
||||
return (a2tun(s, NULL));
|
||||
}
|
||||
ep[0] = '\0'; ep++;
|
||||
*remote = a2tun(ep, NULL);
|
||||
tun = a2tun(sp, NULL);
|
||||
xfree(sp);
|
||||
free(sp);
|
||||
return (*remote == SSH_TUNID_ERR ? *remote : tun);
|
||||
}
|
||||
|
||||
@ -491,7 +493,7 @@ replacearg(arglist *args, u_int which, char *fmt, ...)
|
||||
if (which >= args->num)
|
||||
fatal("replacearg: tried to replace invalid arg %d >= %d",
|
||||
which, args->num);
|
||||
xfree(args->list[which]);
|
||||
free(args->list[which]);
|
||||
args->list[which] = cp;
|
||||
}
|
||||
|
||||
@ -502,8 +504,8 @@ freeargs(arglist *args)
|
||||
|
||||
if (args->list != NULL) {
|
||||
for (i = 0; i < args->num; i++)
|
||||
xfree(args->list[i]);
|
||||
xfree(args->list);
|
||||
free(args->list[i]);
|
||||
free(args->list);
|
||||
args->nalloc = args->num = 0;
|
||||
args->list = NULL;
|
||||
}
|
||||
@ -516,8 +518,8 @@ freeargs(arglist *args)
|
||||
char *
|
||||
tilde_expand_filename(const char *filename, uid_t uid)
|
||||
{
|
||||
const char *path;
|
||||
char user[128], ret[MAXPATHLEN];
|
||||
const char *path, *sep;
|
||||
char user[128], *ret;
|
||||
struct passwd *pw;
|
||||
u_int len, slash;
|
||||
|
||||
@ -537,22 +539,21 @@ tilde_expand_filename(const char *filename, uid_t uid)
|
||||
} else if ((pw = getpwuid(uid)) == NULL) /* ~/path */
|
||||
fatal("tilde_expand_filename: No such uid %ld", (long)uid);
|
||||
|
||||
if (strlcpy(ret, pw->pw_dir, sizeof(ret)) >= sizeof(ret))
|
||||
fatal("tilde_expand_filename: Path too long");
|
||||
|
||||
/* Make sure directory has a trailing '/' */
|
||||
len = strlen(pw->pw_dir);
|
||||
if ((len == 0 || pw->pw_dir[len - 1] != '/') &&
|
||||
strlcat(ret, "/", sizeof(ret)) >= sizeof(ret))
|
||||
fatal("tilde_expand_filename: Path too long");
|
||||
if (len == 0 || pw->pw_dir[len - 1] != '/')
|
||||
sep = "/";
|
||||
else
|
||||
sep = "";
|
||||
|
||||
/* Skip leading '/' from specified path */
|
||||
if (path != NULL)
|
||||
filename = path + 1;
|
||||
if (strlcat(ret, filename, sizeof(ret)) >= sizeof(ret))
|
||||
|
||||
if (xasprintf(&ret, "%s%s%s", pw->pw_dir, sep, filename) >= MAXPATHLEN)
|
||||
fatal("tilde_expand_filename: Path too long");
|
||||
|
||||
return (xstrdup(ret));
|
||||
return (ret);
|
||||
}
|
||||
|
||||
/*
|
||||
@ -854,6 +855,24 @@ ms_to_timeval(struct timeval *tv, int ms)
|
||||
tv->tv_usec = (ms % 1000) * 1000;
|
||||
}
|
||||
|
||||
time_t
|
||||
monotime(void)
|
||||
{
|
||||
#if defined(HAVE_CLOCK_GETTIME) && defined(CLOCK_MONOTONIC)
|
||||
struct timespec ts;
|
||||
static int gettime_failed = 0;
|
||||
|
||||
if (!gettime_failed) {
|
||||
if (clock_gettime(CLOCK_MONOTONIC, &ts) == 0)
|
||||
return (ts.tv_sec);
|
||||
debug3("clock_gettime: %s", strerror(errno));
|
||||
gettime_failed = 1;
|
||||
}
|
||||
#endif
|
||||
|
||||
return time(NULL);
|
||||
}
|
||||
|
||||
void
|
||||
bandwidth_limit_init(struct bwlimit *bw, u_int64_t kbps, size_t buflen)
|
||||
{
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: misc.h,v 1.48 2011/03/29 18:54:17 stevesk Exp $ */
|
||||
/* $OpenBSD: misc.h,v 1.49 2013/06/01 13:15:52 dtucker Exp $ */
|
||||
/* $FreeBSD$ */
|
||||
|
||||
/*
|
||||
@ -36,6 +36,7 @@ char *tohex(const void *, size_t);
|
||||
void sanitise_stdfd(void);
|
||||
void ms_subtract_diff(struct timeval *, int *);
|
||||
void ms_to_timeval(struct timeval *, int);
|
||||
time_t monotime(void);
|
||||
void sock_set_v6only(int);
|
||||
void sock_get_rcvbuf(int *, int);
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: moduli.c,v 1.26 2012/07/06 00:41:59 dtucker Exp $ */
|
||||
/* $OpenBSD: moduli.c,v 1.27 2013/05/17 00:13:13 djm Exp $ */
|
||||
/*
|
||||
* Copyright 1994 Phil Karn <karn@qualcomm.com>
|
||||
* Copyright 1996-1998, 2003 William Allen Simpson <wsimpson@greendragon.com>
|
||||
@ -433,9 +433,9 @@ gen_candidates(FILE *out, u_int32_t memory, u_int32_t power, BIGNUM *start)
|
||||
|
||||
time(&time_stop);
|
||||
|
||||
xfree(LargeSieve);
|
||||
xfree(SmallSieve);
|
||||
xfree(TinySieve);
|
||||
free(LargeSieve);
|
||||
free(SmallSieve);
|
||||
free(TinySieve);
|
||||
|
||||
logit("%.24s Found %u candidates", ctime(&time_stop), r);
|
||||
|
||||
@ -709,7 +709,7 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted,
|
||||
}
|
||||
|
||||
time(&time_stop);
|
||||
xfree(lp);
|
||||
free(lp);
|
||||
BN_free(p);
|
||||
BN_free(q);
|
||||
BN_CTX_free(ctx);
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: monitor.c,v 1.120 2012/12/11 22:16:21 markus Exp $ */
|
||||
/* $OpenBSD: monitor.c,v 1.127 2013/07/19 07:37:48 markus Exp $ */
|
||||
/*
|
||||
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
|
||||
* Copyright 2002 Markus Friedl <markus@openbsd.org>
|
||||
@ -97,6 +97,7 @@
|
||||
#include "ssh2.h"
|
||||
#include "jpake.h"
|
||||
#include "roaming.h"
|
||||
#include "authfd.h"
|
||||
|
||||
#ifdef GSSAPI
|
||||
static Gssctxt *gsscontext = NULL;
|
||||
@ -392,7 +393,7 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor)
|
||||
"with SSH protocol 1");
|
||||
if (authenticated &&
|
||||
!auth2_update_methods_lists(authctxt,
|
||||
auth_method)) {
|
||||
auth_method, auth_submethod)) {
|
||||
debug3("%s: method %s: partial", __func__,
|
||||
auth_method);
|
||||
authenticated = 0;
|
||||
@ -422,8 +423,7 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor)
|
||||
}
|
||||
if (ent->flags & (MON_AUTHDECIDE|MON_ALOG)) {
|
||||
auth_log(authctxt, authenticated, partial,
|
||||
auth_method, auth_submethod,
|
||||
compat20 ? " ssh2" : "");
|
||||
auth_method, auth_submethod);
|
||||
if (!authenticated)
|
||||
authctxt->failures++;
|
||||
}
|
||||
@ -551,7 +551,7 @@ monitor_read_log(struct monitor *pmonitor)
|
||||
do_log2(level, "%s [preauth]", msg);
|
||||
|
||||
buffer_free(&logmsg);
|
||||
xfree(msg);
|
||||
free(msg);
|
||||
|
||||
return 0;
|
||||
}
|
||||
@ -642,12 +642,9 @@ static void
|
||||
monitor_reset_key_state(void)
|
||||
{
|
||||
/* reset state */
|
||||
if (key_blob != NULL)
|
||||
xfree(key_blob);
|
||||
if (hostbased_cuser != NULL)
|
||||
xfree(hostbased_cuser);
|
||||
if (hostbased_chost != NULL)
|
||||
xfree(hostbased_chost);
|
||||
free(key_blob);
|
||||
free(hostbased_cuser);
|
||||
free(hostbased_chost);
|
||||
key_blob = NULL;
|
||||
key_bloblen = 0;
|
||||
key_blobtype = MM_NOKEY;
|
||||
@ -690,6 +687,8 @@ mm_answer_moduli(int sock, Buffer *m)
|
||||
return (0);
|
||||
}
|
||||
|
||||
extern AuthenticationConnection *auth_conn;
|
||||
|
||||
int
|
||||
mm_answer_sign(int sock, Buffer *m)
|
||||
{
|
||||
@ -718,18 +717,24 @@ mm_answer_sign(int sock, Buffer *m)
|
||||
memcpy(session_id2, p, session_id2_len);
|
||||
}
|
||||
|
||||
if ((key = get_hostkey_by_index(keyid)) == NULL)
|
||||
if ((key = get_hostkey_by_index(keyid)) != NULL) {
|
||||
if (key_sign(key, &signature, &siglen, p, datlen) < 0)
|
||||
fatal("%s: key_sign failed", __func__);
|
||||
} else if ((key = get_hostkey_public_by_index(keyid)) != NULL &&
|
||||
auth_conn != NULL) {
|
||||
if (ssh_agent_sign(auth_conn, key, &signature, &siglen, p,
|
||||
datlen) < 0)
|
||||
fatal("%s: ssh_agent_sign failed", __func__);
|
||||
} else
|
||||
fatal("%s: no hostkey from index %d", __func__, keyid);
|
||||
if (key_sign(key, &signature, &siglen, p, datlen) < 0)
|
||||
fatal("%s: key_sign failed", __func__);
|
||||
|
||||
debug3("%s: signature %p(%u)", __func__, signature, siglen);
|
||||
|
||||
buffer_clear(m);
|
||||
buffer_put_string(m, signature, siglen);
|
||||
|
||||
xfree(p);
|
||||
xfree(signature);
|
||||
free(p);
|
||||
free(signature);
|
||||
|
||||
mm_request_send(sock, MONITOR_ANS_SIGN, m);
|
||||
|
||||
@ -760,7 +765,7 @@ mm_answer_pwnamallow(int sock, Buffer *m)
|
||||
|
||||
authctxt->user = xstrdup(username);
|
||||
setproctitle("%s [priv]", pwent ? username : "unknown");
|
||||
xfree(username);
|
||||
free(username);
|
||||
|
||||
buffer_clear(m);
|
||||
|
||||
@ -778,8 +783,10 @@ mm_answer_pwnamallow(int sock, Buffer *m)
|
||||
buffer_put_string(m, pwent, sizeof(struct passwd));
|
||||
buffer_put_cstring(m, pwent->pw_name);
|
||||
buffer_put_cstring(m, "*");
|
||||
#ifdef HAVE_STRUCT_PASSWD_PW_GECOS
|
||||
buffer_put_cstring(m, pwent->pw_gecos);
|
||||
#ifdef HAVE_PW_CLASS_IN_PASSWD
|
||||
#endif
|
||||
#ifdef HAVE_STRUCT_PASSWD_PW_CLASS
|
||||
buffer_put_cstring(m, pwent->pw_class);
|
||||
#endif
|
||||
buffer_put_cstring(m, pwent->pw_dir);
|
||||
@ -838,9 +845,7 @@ int mm_answer_auth2_read_banner(int sock, Buffer *m)
|
||||
banner = auth2_read_banner();
|
||||
buffer_put_cstring(m, banner != NULL ? banner : "");
|
||||
mm_request_send(sock, MONITOR_ANS_AUTH2_READ_BANNER, m);
|
||||
|
||||
if (banner != NULL)
|
||||
xfree(banner);
|
||||
free(banner);
|
||||
|
||||
return (0);
|
||||
}
|
||||
@ -856,7 +861,7 @@ mm_answer_authserv(int sock, Buffer *m)
|
||||
__func__, authctxt->service, authctxt->style);
|
||||
|
||||
if (strlen(authctxt->style) == 0) {
|
||||
xfree(authctxt->style);
|
||||
free(authctxt->style);
|
||||
authctxt->style = NULL;
|
||||
}
|
||||
|
||||
@ -876,7 +881,7 @@ mm_answer_authpassword(int sock, Buffer *m)
|
||||
authenticated = options.password_authentication &&
|
||||
auth_password(authctxt, passwd);
|
||||
memset(passwd, 0, strlen(passwd));
|
||||
xfree(passwd);
|
||||
free(passwd);
|
||||
|
||||
buffer_clear(m);
|
||||
buffer_put_int(m, authenticated);
|
||||
@ -916,10 +921,10 @@ mm_answer_bsdauthquery(int sock, Buffer *m)
|
||||
mm_request_send(sock, MONITOR_ANS_BSDAUTHQUERY, m);
|
||||
|
||||
if (success) {
|
||||
xfree(name);
|
||||
xfree(infotxt);
|
||||
xfree(prompts);
|
||||
xfree(echo_on);
|
||||
free(name);
|
||||
free(infotxt);
|
||||
free(prompts);
|
||||
free(echo_on);
|
||||
}
|
||||
|
||||
return (0);
|
||||
@ -939,7 +944,7 @@ mm_answer_bsdauthrespond(int sock, Buffer *m)
|
||||
auth_userresponse(authctxt->as, response, 0);
|
||||
authctxt->as = NULL;
|
||||
debug3("%s: <%s> = <%d>", __func__, response, authok);
|
||||
xfree(response);
|
||||
free(response);
|
||||
|
||||
buffer_clear(m);
|
||||
buffer_put_int(m, authok);
|
||||
@ -947,9 +952,10 @@ mm_answer_bsdauthrespond(int sock, Buffer *m)
|
||||
debug3("%s: sending authenticated: %d", __func__, authok);
|
||||
mm_request_send(sock, MONITOR_ANS_BSDAUTHRESPOND, m);
|
||||
|
||||
if (compat20)
|
||||
auth_method = "keyboard-interactive"; /* XXX auth_submethod */
|
||||
else
|
||||
if (compat20) {
|
||||
auth_method = "keyboard-interactive";
|
||||
auth_submethod = "bsdauth";
|
||||
} else
|
||||
auth_method = "bsdauth";
|
||||
|
||||
return (authok != 0);
|
||||
@ -991,7 +997,7 @@ mm_answer_skeyrespond(int sock, Buffer *m)
|
||||
skey_haskey(authctxt->pw->pw_name) == 0 &&
|
||||
skey_passcheck(authctxt->pw->pw_name, response) != -1);
|
||||
|
||||
xfree(response);
|
||||
free(response);
|
||||
|
||||
buffer_clear(m);
|
||||
buffer_put_int(m, authok);
|
||||
@ -1076,19 +1082,17 @@ mm_answer_pam_query(int sock, Buffer *m)
|
||||
buffer_clear(m);
|
||||
buffer_put_int(m, ret);
|
||||
buffer_put_cstring(m, name);
|
||||
xfree(name);
|
||||
free(name);
|
||||
buffer_put_cstring(m, info);
|
||||
xfree(info);
|
||||
free(info);
|
||||
buffer_put_int(m, num);
|
||||
for (i = 0; i < num; ++i) {
|
||||
buffer_put_cstring(m, prompts[i]);
|
||||
xfree(prompts[i]);
|
||||
free(prompts[i]);
|
||||
buffer_put_int(m, echo_on[i]);
|
||||
}
|
||||
if (prompts != NULL)
|
||||
xfree(prompts);
|
||||
if (echo_on != NULL)
|
||||
xfree(echo_on);
|
||||
free(prompts);
|
||||
free(echo_on);
|
||||
auth_method = "keyboard-interactive";
|
||||
auth_submethod = "pam";
|
||||
mm_request_send(sock, MONITOR_ANS_PAM_QUERY, m);
|
||||
@ -1111,8 +1115,8 @@ mm_answer_pam_respond(int sock, Buffer *m)
|
||||
resp[i] = buffer_get_string(m, NULL);
|
||||
ret = (sshpam_device.respond)(sshpam_ctxt, num, resp);
|
||||
for (i = 0; i < num; ++i)
|
||||
xfree(resp[i]);
|
||||
xfree(resp);
|
||||
free(resp[i]);
|
||||
free(resp);
|
||||
} else {
|
||||
ret = (sshpam_device.respond)(sshpam_ctxt, num, NULL);
|
||||
}
|
||||
@ -1170,6 +1174,7 @@ mm_answer_keyallowed(int sock, Buffer *m)
|
||||
case MM_USERKEY:
|
||||
allowed = options.pubkey_authentication &&
|
||||
user_key_allowed(authctxt->pw, key);
|
||||
pubkey_auth_info(authctxt, key, NULL);
|
||||
auth_method = "publickey";
|
||||
if (options.pubkey_authentication && allowed != 1)
|
||||
auth_clear_options();
|
||||
@ -1178,6 +1183,9 @@ mm_answer_keyallowed(int sock, Buffer *m)
|
||||
allowed = options.hostbased_authentication &&
|
||||
hostbased_key_allowed(authctxt->pw,
|
||||
cuser, chost, key);
|
||||
pubkey_auth_info(authctxt, key,
|
||||
"client user \"%.100s\", client host \"%.100s\"",
|
||||
cuser, chost);
|
||||
auth_method = "hostbased";
|
||||
break;
|
||||
case MM_RSAHOSTKEY:
|
||||
@ -1209,11 +1217,10 @@ mm_answer_keyallowed(int sock, Buffer *m)
|
||||
hostbased_chost = chost;
|
||||
} else {
|
||||
/* Log failed attempt */
|
||||
auth_log(authctxt, 0, 0, auth_method, NULL,
|
||||
compat20 ? " ssh2" : "");
|
||||
xfree(blob);
|
||||
xfree(cuser);
|
||||
xfree(chost);
|
||||
auth_log(authctxt, 0, 0, auth_method, NULL);
|
||||
free(blob);
|
||||
free(cuser);
|
||||
free(chost);
|
||||
}
|
||||
|
||||
debug3("%s: key %p is %s",
|
||||
@ -1235,7 +1242,7 @@ static int
|
||||
monitor_valid_userblob(u_char *data, u_int datalen)
|
||||
{
|
||||
Buffer b;
|
||||
char *p;
|
||||
char *p, *userstyle;
|
||||
u_int len;
|
||||
int fail = 0;
|
||||
|
||||
@ -1256,26 +1263,30 @@ monitor_valid_userblob(u_char *data, u_int datalen)
|
||||
(len != session_id2_len) ||
|
||||
(timingsafe_bcmp(p, session_id2, session_id2_len) != 0))
|
||||
fail++;
|
||||
xfree(p);
|
||||
free(p);
|
||||
}
|
||||
if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST)
|
||||
fail++;
|
||||
p = buffer_get_string(&b, NULL);
|
||||
if (strcmp(authctxt->user, p) != 0) {
|
||||
p = buffer_get_cstring(&b, NULL);
|
||||
xasprintf(&userstyle, "%s%s%s", authctxt->user,
|
||||
authctxt->style ? ":" : "",
|
||||
authctxt->style ? authctxt->style : "");
|
||||
if (strcmp(userstyle, p) != 0) {
|
||||
logit("wrong user name passed to monitor: expected %s != %.100s",
|
||||
authctxt->user, p);
|
||||
userstyle, p);
|
||||
fail++;
|
||||
}
|
||||
xfree(p);
|
||||
free(userstyle);
|
||||
free(p);
|
||||
buffer_skip_string(&b);
|
||||
if (datafellows & SSH_BUG_PKAUTH) {
|
||||
if (!buffer_get_char(&b))
|
||||
fail++;
|
||||
} else {
|
||||
p = buffer_get_string(&b, NULL);
|
||||
p = buffer_get_cstring(&b, NULL);
|
||||
if (strcmp("publickey", p) != 0)
|
||||
fail++;
|
||||
xfree(p);
|
||||
free(p);
|
||||
if (!buffer_get_char(&b))
|
||||
fail++;
|
||||
buffer_skip_string(&b);
|
||||
@ -1292,7 +1303,7 @@ monitor_valid_hostbasedblob(u_char *data, u_int datalen, char *cuser,
|
||||
char *chost)
|
||||
{
|
||||
Buffer b;
|
||||
char *p;
|
||||
char *p, *userstyle;
|
||||
u_int len;
|
||||
int fail = 0;
|
||||
|
||||
@ -1304,22 +1315,26 @@ monitor_valid_hostbasedblob(u_char *data, u_int datalen, char *cuser,
|
||||
(len != session_id2_len) ||
|
||||
(timingsafe_bcmp(p, session_id2, session_id2_len) != 0))
|
||||
fail++;
|
||||
xfree(p);
|
||||
free(p);
|
||||
|
||||
if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST)
|
||||
fail++;
|
||||
p = buffer_get_string(&b, NULL);
|
||||
if (strcmp(authctxt->user, p) != 0) {
|
||||
p = buffer_get_cstring(&b, NULL);
|
||||
xasprintf(&userstyle, "%s%s%s", authctxt->user,
|
||||
authctxt->style ? ":" : "",
|
||||
authctxt->style ? authctxt->style : "");
|
||||
if (strcmp(userstyle, p) != 0) {
|
||||
logit("wrong user name passed to monitor: expected %s != %.100s",
|
||||
authctxt->user, p);
|
||||
userstyle, p);
|
||||
fail++;
|
||||
}
|
||||
xfree(p);
|
||||
free(userstyle);
|
||||
free(p);
|
||||
buffer_skip_string(&b); /* service */
|
||||
p = buffer_get_string(&b, NULL);
|
||||
p = buffer_get_cstring(&b, NULL);
|
||||
if (strcmp(p, "hostbased") != 0)
|
||||
fail++;
|
||||
xfree(p);
|
||||
free(p);
|
||||
buffer_skip_string(&b); /* pkalg */
|
||||
buffer_skip_string(&b); /* pkblob */
|
||||
|
||||
@ -1329,13 +1344,13 @@ monitor_valid_hostbasedblob(u_char *data, u_int datalen, char *cuser,
|
||||
p[len - 1] = '\0';
|
||||
if (strcmp(p, chost) != 0)
|
||||
fail++;
|
||||
xfree(p);
|
||||
free(p);
|
||||
|
||||
/* verify client user */
|
||||
p = buffer_get_string(&b, NULL);
|
||||
if (strcmp(p, cuser) != 0)
|
||||
fail++;
|
||||
xfree(p);
|
||||
free(p);
|
||||
|
||||
if (buffer_len(&b) != 0)
|
||||
fail++;
|
||||
@ -1384,9 +1399,9 @@ mm_answer_keyverify(int sock, Buffer *m)
|
||||
__func__, key, (verified == 1) ? "verified" : "unverified");
|
||||
|
||||
key_free(key);
|
||||
xfree(blob);
|
||||
xfree(signature);
|
||||
xfree(data);
|
||||
free(blob);
|
||||
free(signature);
|
||||
free(data);
|
||||
|
||||
auth_method = key_blobtype == MM_USERKEY ? "publickey" : "hostbased";
|
||||
|
||||
@ -1514,7 +1529,7 @@ mm_answer_pty_cleanup(int sock, Buffer *m)
|
||||
if ((s = session_by_tty(tty)) != NULL)
|
||||
mm_session_close(s);
|
||||
buffer_clear(m);
|
||||
xfree(tty);
|
||||
free(tty);
|
||||
return (0);
|
||||
}
|
||||
|
||||
@ -1646,7 +1661,7 @@ mm_answer_rsa_challenge(int sock, Buffer *m)
|
||||
|
||||
monitor_permit(mon_dispatch, MONITOR_REQ_RSARESPONSE, 1);
|
||||
|
||||
xfree(blob);
|
||||
free(blob);
|
||||
key_free(key);
|
||||
return (0);
|
||||
}
|
||||
@ -1678,9 +1693,9 @@ mm_answer_rsa_response(int sock, Buffer *m)
|
||||
fatal("%s: received bad response to challenge", __func__);
|
||||
success = auth_rsa_verify_response(key, ssh1_challenge, response);
|
||||
|
||||
xfree(blob);
|
||||
free(blob);
|
||||
key_free(key);
|
||||
xfree(response);
|
||||
free(response);
|
||||
|
||||
auth_method = key_blobtype == MM_RSAUSERKEY ? "rsa" : "rhosts-rsa";
|
||||
|
||||
@ -1759,7 +1774,7 @@ mm_answer_audit_command(int socket, Buffer *m)
|
||||
cmd = buffer_get_string(m, &len);
|
||||
/* sanity check command, if so how? */
|
||||
audit_run_command(cmd);
|
||||
xfree(cmd);
|
||||
free(cmd);
|
||||
return (0);
|
||||
}
|
||||
#endif /* SSH_AUDIT_EVENTS */
|
||||
@ -1774,20 +1789,20 @@ monitor_apply_keystate(struct monitor *pmonitor)
|
||||
packet_set_protocol_flags(child_state.ssh1protoflags);
|
||||
packet_set_encryption_key(child_state.ssh1key,
|
||||
child_state.ssh1keylen, child_state.ssh1cipher);
|
||||
xfree(child_state.ssh1key);
|
||||
free(child_state.ssh1key);
|
||||
}
|
||||
|
||||
/* for rc4 and other stateful ciphers */
|
||||
packet_set_keycontext(MODE_OUT, child_state.keyout);
|
||||
xfree(child_state.keyout);
|
||||
free(child_state.keyout);
|
||||
packet_set_keycontext(MODE_IN, child_state.keyin);
|
||||
xfree(child_state.keyin);
|
||||
free(child_state.keyin);
|
||||
|
||||
if (!compat20) {
|
||||
packet_set_iv(MODE_OUT, child_state.ivout);
|
||||
xfree(child_state.ivout);
|
||||
free(child_state.ivout);
|
||||
packet_set_iv(MODE_IN, child_state.ivin);
|
||||
xfree(child_state.ivin);
|
||||
free(child_state.ivin);
|
||||
}
|
||||
|
||||
memcpy(&incoming_stream, &child_state.incoming,
|
||||
@ -1799,18 +1814,22 @@ monitor_apply_keystate(struct monitor *pmonitor)
|
||||
if (options.compression)
|
||||
mm_init_compression(pmonitor->m_zlib);
|
||||
|
||||
if (options.rekey_limit || options.rekey_interval)
|
||||
packet_set_rekey_limits((u_int32_t)options.rekey_limit,
|
||||
(time_t)options.rekey_interval);
|
||||
|
||||
/* Network I/O buffers */
|
||||
/* XXX inefficient for large buffers, need: buffer_init_from_string */
|
||||
buffer_clear(packet_get_input());
|
||||
buffer_append(packet_get_input(), child_state.input, child_state.ilen);
|
||||
memset(child_state.input, 0, child_state.ilen);
|
||||
xfree(child_state.input);
|
||||
free(child_state.input);
|
||||
|
||||
buffer_clear(packet_get_output());
|
||||
buffer_append(packet_get_output(), child_state.output,
|
||||
child_state.olen);
|
||||
memset(child_state.output, 0, child_state.olen);
|
||||
xfree(child_state.output);
|
||||
free(child_state.output);
|
||||
|
||||
/* Roaming */
|
||||
if (compat20)
|
||||
@ -1842,11 +1861,11 @@ mm_get_kex(Buffer *m)
|
||||
blob = buffer_get_string(m, &bloblen);
|
||||
buffer_init(&kex->my);
|
||||
buffer_append(&kex->my, blob, bloblen);
|
||||
xfree(blob);
|
||||
free(blob);
|
||||
blob = buffer_get_string(m, &bloblen);
|
||||
buffer_init(&kex->peer);
|
||||
buffer_append(&kex->peer, blob, bloblen);
|
||||
xfree(blob);
|
||||
free(blob);
|
||||
kex->done = 1;
|
||||
kex->flags = buffer_get_int(m);
|
||||
kex->client_version_string = buffer_get_string(m, NULL);
|
||||
@ -1854,6 +1873,7 @@ mm_get_kex(Buffer *m)
|
||||
kex->load_host_public_key=&get_hostkey_public_by_type;
|
||||
kex->load_host_private_key=&get_hostkey_private_by_type;
|
||||
kex->host_key_index=&get_hostkey_index;
|
||||
kex->sign = sshd_hostkey_sign;
|
||||
|
||||
return (kex);
|
||||
}
|
||||
@ -1889,12 +1909,12 @@ mm_get_keystate(struct monitor *pmonitor)
|
||||
|
||||
blob = buffer_get_string(&m, &bloblen);
|
||||
current_keys[MODE_OUT] = mm_newkeys_from_blob(blob, bloblen);
|
||||
xfree(blob);
|
||||
free(blob);
|
||||
|
||||
debug3("%s: Waiting for second key", __func__);
|
||||
blob = buffer_get_string(&m, &bloblen);
|
||||
current_keys[MODE_IN] = mm_newkeys_from_blob(blob, bloblen);
|
||||
xfree(blob);
|
||||
free(blob);
|
||||
|
||||
/* Now get sequence numbers for the packets */
|
||||
seqnr = buffer_get_int(&m);
|
||||
@ -1919,13 +1939,13 @@ mm_get_keystate(struct monitor *pmonitor)
|
||||
if (plen != sizeof(child_state.outgoing))
|
||||
fatal("%s: bad request size", __func__);
|
||||
memcpy(&child_state.outgoing, p, sizeof(child_state.outgoing));
|
||||
xfree(p);
|
||||
free(p);
|
||||
|
||||
p = buffer_get_string(&m, &plen);
|
||||
if (plen != sizeof(child_state.incoming))
|
||||
fatal("%s: bad request size", __func__);
|
||||
memcpy(&child_state.incoming, p, sizeof(child_state.incoming));
|
||||
xfree(p);
|
||||
free(p);
|
||||
|
||||
/* Network I/O buffers */
|
||||
debug3("%s: Getting Network I/O buffers", __func__);
|
||||
@ -2047,7 +2067,7 @@ mm_answer_gss_setup_ctx(int sock, Buffer *m)
|
||||
|
||||
major = ssh_gssapi_server_ctx(&gsscontext, &goid);
|
||||
|
||||
xfree(goid.elements);
|
||||
free(goid.elements);
|
||||
|
||||
buffer_clear(m);
|
||||
buffer_put_int(m, major);
|
||||
@ -2072,7 +2092,7 @@ mm_answer_gss_accept_ctx(int sock, Buffer *m)
|
||||
in.value = buffer_get_string(m, &len);
|
||||
in.length = len;
|
||||
major = ssh_gssapi_accept_ctx(gsscontext, &in, &out, &flags);
|
||||
xfree(in.value);
|
||||
free(in.value);
|
||||
|
||||
buffer_clear(m);
|
||||
buffer_put_int(m, major);
|
||||
@ -2104,8 +2124,8 @@ mm_answer_gss_checkmic(int sock, Buffer *m)
|
||||
|
||||
ret = ssh_gssapi_checkmic(gsscontext, &gssbuf, &mic);
|
||||
|
||||
xfree(gssbuf.value);
|
||||
xfree(mic.value);
|
||||
free(gssbuf.value);
|
||||
free(mic.value);
|
||||
|
||||
buffer_clear(m);
|
||||
buffer_put_int(m, ret);
|
||||
@ -2175,8 +2195,8 @@ mm_answer_jpake_step1(int sock, Buffer *m)
|
||||
|
||||
bzero(x3_proof, x3_proof_len);
|
||||
bzero(x4_proof, x4_proof_len);
|
||||
xfree(x3_proof);
|
||||
xfree(x4_proof);
|
||||
free(x3_proof);
|
||||
free(x4_proof);
|
||||
|
||||
monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_GET_PWDATA, 1);
|
||||
monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_STEP1, 0);
|
||||
@ -2205,8 +2225,8 @@ mm_answer_jpake_get_pwdata(int sock, Buffer *m)
|
||||
|
||||
bzero(hash_scheme, strlen(hash_scheme));
|
||||
bzero(salt, strlen(salt));
|
||||
xfree(hash_scheme);
|
||||
xfree(salt);
|
||||
free(hash_scheme);
|
||||
free(salt);
|
||||
|
||||
monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_STEP2, 1);
|
||||
|
||||
@ -2245,8 +2265,8 @@ mm_answer_jpake_step2(int sock, Buffer *m)
|
||||
|
||||
bzero(x1_proof, x1_proof_len);
|
||||
bzero(x2_proof, x2_proof_len);
|
||||
xfree(x1_proof);
|
||||
xfree(x2_proof);
|
||||
free(x1_proof);
|
||||
free(x2_proof);
|
||||
|
||||
buffer_clear(m);
|
||||
|
||||
@ -2257,7 +2277,7 @@ mm_answer_jpake_step2(int sock, Buffer *m)
|
||||
mm_request_send(sock, MONITOR_ANS_JPAKE_STEP2, m);
|
||||
|
||||
bzero(x4_s_proof, x4_s_proof_len);
|
||||
xfree(x4_s_proof);
|
||||
free(x4_s_proof);
|
||||
|
||||
monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_KEY_CONFIRM, 1);
|
||||
|
||||
@ -2325,7 +2345,7 @@ mm_answer_jpake_check_confirm(int sock, Buffer *m)
|
||||
JPAKE_DEBUG_CTX((pctx, "check_confirm done in %s", __func__));
|
||||
|
||||
bzero(peer_confirm_hash, peer_confirm_hash_len);
|
||||
xfree(peer_confirm_hash);
|
||||
free(peer_confirm_hash);
|
||||
|
||||
buffer_clear(m);
|
||||
buffer_put_int(m, authenticated);
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: monitor_mm.c,v 1.16 2009/06/22 05:39:28 dtucker Exp $ */
|
||||
/* $OpenBSD: monitor_mm.c,v 1.17 2013/05/17 00:13:13 djm Exp $ */
|
||||
/*
|
||||
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
|
||||
* All rights reserved.
|
||||
@ -35,6 +35,7 @@
|
||||
|
||||
#include <errno.h>
|
||||
#include <stdarg.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
|
||||
#include "xmalloc.h"
|
||||
@ -124,7 +125,7 @@ mm_freelist(struct mm_master *mmalloc, struct mmtree *head)
|
||||
next = RB_NEXT(mmtree, head, mms);
|
||||
RB_REMOVE(mmtree, head, mms);
|
||||
if (mmalloc == NULL)
|
||||
xfree(mms);
|
||||
free(mms);
|
||||
else
|
||||
mm_free(mmalloc, mms);
|
||||
}
|
||||
@ -147,7 +148,7 @@ mm_destroy(struct mm_master *mm)
|
||||
__func__);
|
||||
#endif
|
||||
if (mm->mmalloc == NULL)
|
||||
xfree(mm);
|
||||
free(mm);
|
||||
else
|
||||
mm_free(mm->mmalloc, mm);
|
||||
}
|
||||
@ -198,7 +199,7 @@ mm_malloc(struct mm_master *mm, size_t size)
|
||||
if (mms->size == 0) {
|
||||
RB_REMOVE(mmtree, &mm->rb_free, mms);
|
||||
if (mm->mmalloc == NULL)
|
||||
xfree(mms);
|
||||
free(mms);
|
||||
else
|
||||
mm_free(mm->mmalloc, mms);
|
||||
}
|
||||
@ -254,7 +255,7 @@ mm_free(struct mm_master *mm, void *address)
|
||||
prev->size += mms->size;
|
||||
RB_REMOVE(mmtree, &mm->rb_free, mms);
|
||||
if (mm->mmalloc == NULL)
|
||||
xfree(mms);
|
||||
free(mms);
|
||||
else
|
||||
mm_free(mm->mmalloc, mms);
|
||||
} else
|
||||
@ -278,7 +279,7 @@ mm_free(struct mm_master *mm, void *address)
|
||||
RB_REMOVE(mmtree, &mm->rb_free, mms);
|
||||
|
||||
if (mm->mmalloc == NULL)
|
||||
xfree(mms);
|
||||
free(mms);
|
||||
else
|
||||
mm_free(mm->mmalloc, mms);
|
||||
}
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: monitor_wrap.c,v 1.75 2013/01/08 18:49:04 markus Exp $ */
|
||||
/* $OpenBSD: monitor_wrap.c,v 1.76 2013/05/17 00:13:13 djm Exp $ */
|
||||
/*
|
||||
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
|
||||
* Copyright 2002 Markus Friedl <markus@openbsd.org>
|
||||
@ -259,8 +259,10 @@ mm_getpwnamallow(const char *username)
|
||||
fatal("%s: struct passwd size mismatch", __func__);
|
||||
pw->pw_name = buffer_get_string(&m, NULL);
|
||||
pw->pw_passwd = buffer_get_string(&m, NULL);
|
||||
#ifdef HAVE_STRUCT_PASSWD_PW_GECOS
|
||||
pw->pw_gecos = buffer_get_string(&m, NULL);
|
||||
#ifdef HAVE_PW_CLASS_IN_PASSWD
|
||||
#endif
|
||||
#ifdef HAVE_STRUCT_PASSWD_PW_CLASS
|
||||
pw->pw_class = buffer_get_string(&m, NULL);
|
||||
#endif
|
||||
pw->pw_dir = buffer_get_string(&m, NULL);
|
||||
@ -286,7 +288,7 @@ mm_getpwnamallow(const char *username)
|
||||
#undef M_CP_STRARRAYOPT
|
||||
|
||||
copy_set_server_options(&options, newopts, 1);
|
||||
xfree(newopts);
|
||||
free(newopts);
|
||||
|
||||
buffer_free(&m);
|
||||
|
||||
@ -312,7 +314,7 @@ mm_auth2_read_banner(void)
|
||||
|
||||
/* treat empty banner as missing banner */
|
||||
if (strlen(banner) == 0) {
|
||||
xfree(banner);
|
||||
free(banner);
|
||||
banner = NULL;
|
||||
}
|
||||
return (banner);
|
||||
@ -405,7 +407,7 @@ mm_key_allowed(enum mm_keytype type, char *user, char *host, Key *key)
|
||||
buffer_put_cstring(&m, user ? user : "");
|
||||
buffer_put_cstring(&m, host ? host : "");
|
||||
buffer_put_string(&m, blob, len);
|
||||
xfree(blob);
|
||||
free(blob);
|
||||
|
||||
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYALLOWED, &m);
|
||||
|
||||
@ -448,7 +450,7 @@ mm_key_verify(Key *key, u_char *sig, u_int siglen, u_char *data, u_int datalen)
|
||||
buffer_put_string(&m, blob, len);
|
||||
buffer_put_string(&m, sig, siglen);
|
||||
buffer_put_string(&m, data, datalen);
|
||||
xfree(blob);
|
||||
free(blob);
|
||||
|
||||
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYVERIFY, &m);
|
||||
|
||||
@ -617,7 +619,7 @@ mm_send_keystate(struct monitor *monitor)
|
||||
keylen = packet_get_encryption_key(key);
|
||||
buffer_put_string(&m, key, keylen);
|
||||
memset(key, 0, keylen);
|
||||
xfree(key);
|
||||
free(key);
|
||||
|
||||
ivlen = packet_get_keyiv_len(MODE_OUT);
|
||||
packet_get_keyiv(MODE_OUT, iv, ivlen);
|
||||
@ -640,13 +642,13 @@ mm_send_keystate(struct monitor *monitor)
|
||||
fatal("%s: conversion of newkeys failed", __func__);
|
||||
|
||||
buffer_put_string(&m, blob, bloblen);
|
||||
xfree(blob);
|
||||
free(blob);
|
||||
|
||||
if (!mm_newkeys_to_blob(MODE_IN, &blob, &bloblen))
|
||||
fatal("%s: conversion of newkeys failed", __func__);
|
||||
|
||||
buffer_put_string(&m, blob, bloblen);
|
||||
xfree(blob);
|
||||
free(blob);
|
||||
|
||||
packet_get_state(MODE_OUT, &seqnr, &blocks, &packets, &bytes);
|
||||
buffer_put_int(&m, seqnr);
|
||||
@ -666,13 +668,13 @@ mm_send_keystate(struct monitor *monitor)
|
||||
p = xmalloc(plen+1);
|
||||
packet_get_keycontext(MODE_OUT, p);
|
||||
buffer_put_string(&m, p, plen);
|
||||
xfree(p);
|
||||
free(p);
|
||||
|
||||
plen = packet_get_keycontext(MODE_IN, NULL);
|
||||
p = xmalloc(plen+1);
|
||||
packet_get_keycontext(MODE_IN, p);
|
||||
buffer_put_string(&m, p, plen);
|
||||
xfree(p);
|
||||
free(p);
|
||||
|
||||
/* Compression state */
|
||||
debug3("%s: Sending compression state", __func__);
|
||||
@ -734,10 +736,10 @@ mm_pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, size_t namebuflen)
|
||||
buffer_free(&m);
|
||||
|
||||
strlcpy(namebuf, p, namebuflen); /* Possible truncation */
|
||||
xfree(p);
|
||||
free(p);
|
||||
|
||||
buffer_append(&loginmsg, msg, strlen(msg));
|
||||
xfree(msg);
|
||||
free(msg);
|
||||
|
||||
if ((*ptyfd = mm_receive_fd(pmonitor->m_recvfd)) == -1 ||
|
||||
(*ttyfd = mm_receive_fd(pmonitor->m_recvfd)) == -1)
|
||||
@ -803,7 +805,7 @@ mm_do_pam_account(void)
|
||||
ret = buffer_get_int(&m);
|
||||
msg = buffer_get_string(&m, NULL);
|
||||
buffer_append(&loginmsg, msg, strlen(msg));
|
||||
xfree(msg);
|
||||
free(msg);
|
||||
|
||||
buffer_free(&m);
|
||||
|
||||
@ -1033,7 +1035,7 @@ mm_skey_query(void *ctx, char **name, char **infotxt,
|
||||
mm_chall_setup(name, infotxt, numprompts, prompts, echo_on);
|
||||
|
||||
xasprintf(*prompts, "%s%s", challenge, SKEY_PROMPT);
|
||||
xfree(challenge);
|
||||
free(challenge);
|
||||
|
||||
return (0);
|
||||
}
|
||||
@ -1107,7 +1109,7 @@ mm_auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey)
|
||||
if ((key = key_from_blob(blob, blen)) == NULL)
|
||||
fatal("%s: key_from_blob failed", __func__);
|
||||
*rkey = key;
|
||||
xfree(blob);
|
||||
free(blob);
|
||||
}
|
||||
buffer_free(&m);
|
||||
|
||||
@ -1134,7 +1136,7 @@ mm_auth_rsa_generate_challenge(Key *key)
|
||||
|
||||
buffer_init(&m);
|
||||
buffer_put_string(&m, blob, blen);
|
||||
xfree(blob);
|
||||
free(blob);
|
||||
|
||||
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_RSACHALLENGE, &m);
|
||||
mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_RSACHALLENGE, &m);
|
||||
@ -1163,7 +1165,7 @@ mm_auth_rsa_verify_response(Key *key, BIGNUM *p, u_char response[16])
|
||||
buffer_init(&m);
|
||||
buffer_put_string(&m, blob, blen);
|
||||
buffer_put_string(&m, response, 16);
|
||||
xfree(blob);
|
||||
free(blob);
|
||||
|
||||
mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_RSARESPONSE, &m);
|
||||
mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_RSARESPONSE, &m);
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: mux.c,v 1.38 2013/01/02 00:32:07 djm Exp $ */
|
||||
/* $OpenBSD: mux.c,v 1.44 2013/07/12 00:19:58 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2002-2008 Damien Miller <djm@openbsd.org>
|
||||
*
|
||||
@ -184,7 +184,7 @@ static const struct {
|
||||
|
||||
/* Cleanup callback fired on closure of mux slave _session_ channel */
|
||||
/* ARGSUSED */
|
||||
void
|
||||
static void
|
||||
mux_master_session_cleanup_cb(int cid, void *unused)
|
||||
{
|
||||
Channel *cc, *c = channel_by_id(cid);
|
||||
@ -219,7 +219,8 @@ mux_master_control_cleanup_cb(int cid, void *unused)
|
||||
__func__, c->self, c->remote_id);
|
||||
c->remote_id = -1;
|
||||
sc->ctl_chan = -1;
|
||||
if (sc->type != SSH_CHANNEL_OPEN) {
|
||||
if (sc->type != SSH_CHANNEL_OPEN &&
|
||||
sc->type != SSH_CHANNEL_OPENING) {
|
||||
debug2("%s: channel %d: not open", __func__, sc->self);
|
||||
chan_mark_dead(sc);
|
||||
} else {
|
||||
@ -286,13 +287,13 @@ process_mux_master_hello(u_int rid, Channel *c, Buffer *m, Buffer *r)
|
||||
char *value = buffer_get_string_ret(m, NULL);
|
||||
|
||||
if (name == NULL || value == NULL) {
|
||||
if (name != NULL)
|
||||
xfree(name);
|
||||
free(name);
|
||||
free(value);
|
||||
goto malf;
|
||||
}
|
||||
debug2("Unrecognised slave extension \"%s\"", name);
|
||||
xfree(name);
|
||||
xfree(value);
|
||||
free(name);
|
||||
free(value);
|
||||
}
|
||||
state->hello_rcvd = 1;
|
||||
return 0;
|
||||
@ -323,21 +324,17 @@ process_mux_new_session(u_int rid, Channel *c, Buffer *m, Buffer *r)
|
||||
(cctx->term = buffer_get_string_ret(m, &len)) == NULL ||
|
||||
(cmd = buffer_get_string_ret(m, &len)) == NULL) {
|
||||
malf:
|
||||
if (cmd != NULL)
|
||||
xfree(cmd);
|
||||
if (reserved != NULL)
|
||||
xfree(reserved);
|
||||
free(cmd);
|
||||
free(reserved);
|
||||
for (j = 0; j < env_len; j++)
|
||||
xfree(cctx->env[j]);
|
||||
if (env_len > 0)
|
||||
xfree(cctx->env);
|
||||
if (cctx->term != NULL)
|
||||
xfree(cctx->term);
|
||||
xfree(cctx);
|
||||
free(cctx->env[j]);
|
||||
free(cctx->env);
|
||||
free(cctx->term);
|
||||
free(cctx);
|
||||
error("%s: malformed message", __func__);
|
||||
return -1;
|
||||
}
|
||||
xfree(reserved);
|
||||
free(reserved);
|
||||
reserved = NULL;
|
||||
|
||||
while (buffer_len(m) > 0) {
|
||||
@ -345,7 +342,7 @@ process_mux_new_session(u_int rid, Channel *c, Buffer *m, Buffer *r)
|
||||
if ((cp = buffer_get_string_ret(m, &len)) == NULL)
|
||||
goto malf;
|
||||
if (!env_permitted(cp)) {
|
||||
xfree(cp);
|
||||
free(cp);
|
||||
continue;
|
||||
}
|
||||
cctx->env = xrealloc(cctx->env, env_len + 2,
|
||||
@ -366,7 +363,7 @@ process_mux_new_session(u_int rid, Channel *c, Buffer *m, Buffer *r)
|
||||
|
||||
buffer_init(&cctx->cmd);
|
||||
buffer_append(&cctx->cmd, cmd, strlen(cmd));
|
||||
xfree(cmd);
|
||||
free(cmd);
|
||||
cmd = NULL;
|
||||
|
||||
/* Gather fds from client */
|
||||
@ -377,12 +374,11 @@ process_mux_new_session(u_int rid, Channel *c, Buffer *m, Buffer *r)
|
||||
for (j = 0; j < i; j++)
|
||||
close(new_fd[j]);
|
||||
for (j = 0; j < env_len; j++)
|
||||
xfree(cctx->env[j]);
|
||||
if (env_len > 0)
|
||||
xfree(cctx->env);
|
||||
xfree(cctx->term);
|
||||
free(cctx->env[j]);
|
||||
free(cctx->env);
|
||||
free(cctx->term);
|
||||
buffer_free(&cctx->cmd);
|
||||
xfree(cctx);
|
||||
free(cctx);
|
||||
|
||||
/* prepare reply */
|
||||
buffer_put_int(r, MUX_S_FAILURE);
|
||||
@ -407,14 +403,14 @@ process_mux_new_session(u_int rid, Channel *c, Buffer *m, Buffer *r)
|
||||
close(new_fd[0]);
|
||||
close(new_fd[1]);
|
||||
close(new_fd[2]);
|
||||
xfree(cctx->term);
|
||||
free(cctx->term);
|
||||
if (env_len != 0) {
|
||||
for (i = 0; i < env_len; i++)
|
||||
xfree(cctx->env[i]);
|
||||
xfree(cctx->env);
|
||||
free(cctx->env[i]);
|
||||
free(cctx->env);
|
||||
}
|
||||
buffer_free(&cctx->cmd);
|
||||
xfree(cctx);
|
||||
free(cctx);
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -619,7 +615,7 @@ mux_confirm_remote_forward(int type, u_int32_t seq, void *ctxt)
|
||||
buffer_put_int(&out, MUX_S_FAILURE);
|
||||
buffer_put_int(&out, fctx->rid);
|
||||
buffer_put_cstring(&out, failmsg);
|
||||
xfree(failmsg);
|
||||
free(failmsg);
|
||||
out:
|
||||
buffer_put_string(&c->output, buffer_ptr(&out), buffer_len(&out));
|
||||
buffer_free(&out);
|
||||
@ -634,25 +630,28 @@ process_mux_open_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r)
|
||||
Forward fwd;
|
||||
char *fwd_desc = NULL;
|
||||
u_int ftype;
|
||||
u_int lport, cport;
|
||||
int i, ret = 0, freefwd = 1;
|
||||
|
||||
fwd.listen_host = fwd.connect_host = NULL;
|
||||
if (buffer_get_int_ret(&ftype, m) != 0 ||
|
||||
(fwd.listen_host = buffer_get_string_ret(m, NULL)) == NULL ||
|
||||
buffer_get_int_ret(&fwd.listen_port, m) != 0 ||
|
||||
buffer_get_int_ret(&lport, m) != 0 ||
|
||||
(fwd.connect_host = buffer_get_string_ret(m, NULL)) == NULL ||
|
||||
buffer_get_int_ret(&fwd.connect_port, m) != 0) {
|
||||
buffer_get_int_ret(&cport, m) != 0 ||
|
||||
lport > 65535 || cport > 65535) {
|
||||
error("%s: malformed message", __func__);
|
||||
ret = -1;
|
||||
goto out;
|
||||
}
|
||||
|
||||
fwd.listen_port = lport;
|
||||
fwd.connect_port = cport;
|
||||
if (*fwd.listen_host == '\0') {
|
||||
xfree(fwd.listen_host);
|
||||
free(fwd.listen_host);
|
||||
fwd.listen_host = NULL;
|
||||
}
|
||||
if (*fwd.connect_host == '\0') {
|
||||
xfree(fwd.connect_host);
|
||||
free(fwd.connect_host);
|
||||
fwd.connect_host = NULL;
|
||||
}
|
||||
|
||||
@ -663,10 +662,8 @@ process_mux_open_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r)
|
||||
ftype != MUX_FWD_DYNAMIC) {
|
||||
logit("%s: invalid forwarding type %u", __func__, ftype);
|
||||
invalid:
|
||||
if (fwd.listen_host)
|
||||
xfree(fwd.listen_host);
|
||||
if (fwd.connect_host)
|
||||
xfree(fwd.connect_host);
|
||||
free(fwd.listen_host);
|
||||
free(fwd.connect_host);
|
||||
buffer_put_int(r, MUX_S_FAILURE);
|
||||
buffer_put_int(r, rid);
|
||||
buffer_put_cstring(r, "Invalid forwarding request");
|
||||
@ -768,13 +765,10 @@ process_mux_open_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r)
|
||||
buffer_put_int(r, MUX_S_OK);
|
||||
buffer_put_int(r, rid);
|
||||
out:
|
||||
if (fwd_desc != NULL)
|
||||
xfree(fwd_desc);
|
||||
free(fwd_desc);
|
||||
if (freefwd) {
|
||||
if (fwd.listen_host != NULL)
|
||||
xfree(fwd.listen_host);
|
||||
if (fwd.connect_host != NULL)
|
||||
xfree(fwd.connect_host);
|
||||
free(fwd.listen_host);
|
||||
free(fwd.connect_host);
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
@ -787,24 +781,28 @@ process_mux_close_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r)
|
||||
const char *error_reason = NULL;
|
||||
u_int ftype;
|
||||
int i, listen_port, ret = 0;
|
||||
u_int lport, cport;
|
||||
|
||||
fwd.listen_host = fwd.connect_host = NULL;
|
||||
if (buffer_get_int_ret(&ftype, m) != 0 ||
|
||||
(fwd.listen_host = buffer_get_string_ret(m, NULL)) == NULL ||
|
||||
buffer_get_int_ret(&fwd.listen_port, m) != 0 ||
|
||||
buffer_get_int_ret(&lport, m) != 0 ||
|
||||
(fwd.connect_host = buffer_get_string_ret(m, NULL)) == NULL ||
|
||||
buffer_get_int_ret(&fwd.connect_port, m) != 0) {
|
||||
buffer_get_int_ret(&cport, m) != 0 ||
|
||||
lport > 65535 || cport > 65535) {
|
||||
error("%s: malformed message", __func__);
|
||||
ret = -1;
|
||||
goto out;
|
||||
}
|
||||
fwd.listen_port = lport;
|
||||
fwd.connect_port = cport;
|
||||
|
||||
if (*fwd.listen_host == '\0') {
|
||||
xfree(fwd.listen_host);
|
||||
free(fwd.listen_host);
|
||||
fwd.listen_host = NULL;
|
||||
}
|
||||
if (*fwd.connect_host == '\0') {
|
||||
xfree(fwd.connect_host);
|
||||
free(fwd.connect_host);
|
||||
fwd.connect_host = NULL;
|
||||
}
|
||||
|
||||
@ -861,10 +859,8 @@ process_mux_close_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r)
|
||||
buffer_put_int(r, MUX_S_OK);
|
||||
buffer_put_int(r, rid);
|
||||
|
||||
if (found_fwd->listen_host != NULL)
|
||||
xfree(found_fwd->listen_host);
|
||||
if (found_fwd->connect_host != NULL)
|
||||
xfree(found_fwd->connect_host);
|
||||
free(found_fwd->listen_host);
|
||||
free(found_fwd->connect_host);
|
||||
found_fwd->listen_host = found_fwd->connect_host = NULL;
|
||||
found_fwd->listen_port = found_fwd->connect_port = 0;
|
||||
} else {
|
||||
@ -873,12 +869,9 @@ process_mux_close_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r)
|
||||
buffer_put_cstring(r, error_reason);
|
||||
}
|
||||
out:
|
||||
if (fwd_desc != NULL)
|
||||
xfree(fwd_desc);
|
||||
if (fwd.listen_host != NULL)
|
||||
xfree(fwd.listen_host);
|
||||
if (fwd.connect_host != NULL)
|
||||
xfree(fwd.connect_host);
|
||||
free(fwd_desc);
|
||||
free(fwd.listen_host);
|
||||
free(fwd.connect_host);
|
||||
|
||||
return ret;
|
||||
}
|
||||
@ -895,14 +888,12 @@ process_mux_stdio_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r)
|
||||
if ((reserved = buffer_get_string_ret(m, NULL)) == NULL ||
|
||||
(chost = buffer_get_string_ret(m, NULL)) == NULL ||
|
||||
buffer_get_int_ret(&cport, m) != 0) {
|
||||
if (reserved != NULL)
|
||||
xfree(reserved);
|
||||
if (chost != NULL)
|
||||
xfree(chost);
|
||||
free(reserved);
|
||||
free(chost);
|
||||
error("%s: malformed message", __func__);
|
||||
return -1;
|
||||
}
|
||||
xfree(reserved);
|
||||
free(reserved);
|
||||
|
||||
debug2("%s: channel %d: request stdio fwd to %s:%u",
|
||||
__func__, c->self, chost, cport);
|
||||
@ -914,7 +905,7 @@ process_mux_stdio_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r)
|
||||
__func__, i);
|
||||
for (j = 0; j < i; j++)
|
||||
close(new_fd[j]);
|
||||
xfree(chost);
|
||||
free(chost);
|
||||
|
||||
/* prepare reply */
|
||||
buffer_put_int(r, MUX_S_FAILURE);
|
||||
@ -938,7 +929,7 @@ process_mux_stdio_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r)
|
||||
cleanup:
|
||||
close(new_fd[0]);
|
||||
close(new_fd[1]);
|
||||
xfree(chost);
|
||||
free(chost);
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -1000,7 +991,7 @@ process_mux_stop_listening(u_int rid, Channel *c, Buffer *m, Buffer *r)
|
||||
if (mux_listener_channel != NULL) {
|
||||
channel_free(mux_listener_channel);
|
||||
client_stop_mux();
|
||||
xfree(options.control_path);
|
||||
free(options.control_path);
|
||||
options.control_path = NULL;
|
||||
mux_listener_channel = NULL;
|
||||
muxserver_sock = -1;
|
||||
@ -1100,7 +1091,7 @@ mux_exit_message(Channel *c, int exitval)
|
||||
Buffer m;
|
||||
Channel *mux_chan;
|
||||
|
||||
debug3("%s: channel %d: exit message, evitval %d", __func__, c->self,
|
||||
debug3("%s: channel %d: exit message, exitval %d", __func__, c->self,
|
||||
exitval);
|
||||
|
||||
if ((mux_chan = channel_by_id(c->ctl_chan)) == NULL)
|
||||
@ -1197,8 +1188,8 @@ muxserver_listen(void)
|
||||
close(muxserver_sock);
|
||||
muxserver_sock = -1;
|
||||
}
|
||||
xfree(orig_control_path);
|
||||
xfree(options.control_path);
|
||||
free(orig_control_path);
|
||||
free(options.control_path);
|
||||
options.control_path = NULL;
|
||||
options.control_master = SSHCTL_MASTER_NO;
|
||||
return;
|
||||
@ -1223,7 +1214,7 @@ muxserver_listen(void)
|
||||
goto disable_mux_master;
|
||||
}
|
||||
unlink(options.control_path);
|
||||
xfree(options.control_path);
|
||||
free(options.control_path);
|
||||
options.control_path = orig_control_path;
|
||||
|
||||
set_nonblock(muxserver_sock);
|
||||
@ -1308,13 +1299,13 @@ mux_session_confirm(int id, int success, void *arg)
|
||||
cc->mux_pause = 0; /* start processing messages again */
|
||||
c->open_confirm_ctx = NULL;
|
||||
buffer_free(&cctx->cmd);
|
||||
xfree(cctx->term);
|
||||
free(cctx->term);
|
||||
if (cctx->env != NULL) {
|
||||
for (i = 0; cctx->env[i] != NULL; i++)
|
||||
xfree(cctx->env[i]);
|
||||
xfree(cctx->env);
|
||||
free(cctx->env[i]);
|
||||
free(cctx->env);
|
||||
}
|
||||
xfree(cctx);
|
||||
free(cctx);
|
||||
}
|
||||
|
||||
/* ** Multiplexing client support */
|
||||
@ -1444,7 +1435,9 @@ mux_client_read_packet(int fd, Buffer *m)
|
||||
buffer_init(&queue);
|
||||
if (mux_client_read(fd, &queue, 4) != 0) {
|
||||
if ((oerrno = errno) == EPIPE)
|
||||
debug3("%s: read header failed: %s", __func__, strerror(errno));
|
||||
debug3("%s: read header failed: %s", __func__,
|
||||
strerror(errno));
|
||||
buffer_free(&queue);
|
||||
errno = oerrno;
|
||||
return -1;
|
||||
}
|
||||
@ -1452,6 +1445,7 @@ mux_client_read_packet(int fd, Buffer *m)
|
||||
if (mux_client_read(fd, &queue, need) != 0) {
|
||||
oerrno = errno;
|
||||
debug3("%s: read body failed: %s", __func__, strerror(errno));
|
||||
buffer_free(&queue);
|
||||
errno = oerrno;
|
||||
return -1;
|
||||
}
|
||||
@ -1498,8 +1492,8 @@ mux_client_hello_exchange(int fd)
|
||||
char *value = buffer_get_string(&m, NULL);
|
||||
|
||||
debug2("Unrecognised master extension \"%s\"", name);
|
||||
xfree(name);
|
||||
xfree(value);
|
||||
free(name);
|
||||
free(value);
|
||||
}
|
||||
buffer_free(&m);
|
||||
return 0;
|
||||
@ -1608,7 +1602,7 @@ mux_client_forward(int fd, int cancel_flag, u_int ftype, Forward *fwd)
|
||||
fwd_desc = format_forward(ftype, fwd);
|
||||
debug("Requesting %s %s",
|
||||
cancel_flag ? "cancellation of" : "forwarding of", fwd_desc);
|
||||
xfree(fwd_desc);
|
||||
free(fwd_desc);
|
||||
|
||||
buffer_init(&m);
|
||||
buffer_put_int(&m, cancel_flag ? MUX_C_CLOSE_FWD : MUX_C_OPEN_FWD);
|
||||
@ -1845,7 +1839,7 @@ mux_client_request_session(int fd)
|
||||
leave_raw_mode(options.request_tty == REQUEST_TTY_FORCE);
|
||||
|
||||
if (muxclient_terminate) {
|
||||
debug2("Exiting on signal %d", muxclient_terminate);
|
||||
debug2("Exiting on signal %ld", (long)muxclient_terminate);
|
||||
exitval = 255;
|
||||
} else if (!exitval_seen) {
|
||||
debug2("Control master terminated unexpectedly");
|
||||
|
@ -27,6 +27,8 @@
|
||||
|
||||
#include <openssl/opensslv.h>
|
||||
|
||||
/* conditional algorithm support */
|
||||
|
||||
#ifdef OPENSSL_HAS_ECC
|
||||
# define KEX_ECDH_METHODS \
|
||||
"ecdh-sha2-nistp256," \
|
||||
@ -46,12 +48,22 @@
|
||||
# define HOSTKEY_ECDSA_METHODS
|
||||
#endif
|
||||
|
||||
/* Old OpenSSL doesn't support what we need for DHGEX-sha256 */
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x00907000L
|
||||
#ifdef OPENSSL_HAVE_EVPGCM
|
||||
# define AESGCM_CIPHER_MODES \
|
||||
"aes128-gcm@openssh.com,aes256-gcm@openssh.com,"
|
||||
#else
|
||||
# define AESGCM_CIPHER_MODES
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_EVP_SHA256
|
||||
# define KEX_SHA256_METHODS \
|
||||
"diffie-hellman-group-exchange-sha256,"
|
||||
#define SHA2_HMAC_MODES \
|
||||
"hmac-sha2-256," \
|
||||
"hmac-sha2-512,"
|
||||
#else
|
||||
# define KEX_SHA256_METHODS
|
||||
# define SHA2_HMAC_MODES
|
||||
#endif
|
||||
|
||||
# define KEX_DEFAULT_KEX \
|
||||
@ -71,23 +83,19 @@
|
||||
"ssh-rsa," \
|
||||
"ssh-dss"
|
||||
|
||||
/* the actual algorithms */
|
||||
|
||||
#define KEX_DEFAULT_ENCRYPT \
|
||||
"aes128-ctr,aes192-ctr,aes256-ctr," \
|
||||
"arcfour256,arcfour128," \
|
||||
"aes128-gcm@openssh.com,aes256-gcm@openssh.com," \
|
||||
AESGCM_CIPHER_MODES \
|
||||
"aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \
|
||||
"aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se"
|
||||
#ifdef NONE_CIPHER_ENABLED
|
||||
#define KEX_ENCRYPT_INCLUDE_NONE KEX_DEFAULT_ENCRYPT \
|
||||
",none"
|
||||
#endif
|
||||
#ifdef HAVE_EVP_SHA256
|
||||
#define SHA2_HMAC_MODES \
|
||||
"hmac-sha2-256," \
|
||||
"hmac-sha2-512,"
|
||||
#else
|
||||
# define SHA2_HMAC_MODES
|
||||
#endif
|
||||
|
||||
#define KEX_DEFAULT_MAC \
|
||||
"hmac-md5-etm@openssh.com," \
|
||||
"hmac-sha1-etm@openssh.com," \
|
||||
|
@ -97,7 +97,7 @@ fetch_windows_environment(void)
|
||||
void
|
||||
free_windows_environment(char **p)
|
||||
{
|
||||
xfree(p);
|
||||
free(p);
|
||||
}
|
||||
|
||||
#endif /* HAVE_CYGWIN */
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $Id: bsd-cygwin_util.h,v 1.15.4.1 2013/04/04 23:53:31 dtucker Exp $ */
|
||||
/* $Id: bsd-cygwin_util.h,v 1.16 2013/04/01 01:40:49 dtucker Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2000, 2001, 2011, 2013 Corinna Vinschen <vinschen@redhat.com>
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $Id: bsd-misc.h,v 1.23 2013/03/14 23:34:27 djm Exp $ */
|
||||
/* $Id: bsd-misc.h,v 1.25 2013/08/04 11:48:41 dtucker Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 1999-2004 Damien Miller <djm@mindrot.org>
|
||||
@ -110,4 +110,16 @@ int isblank(int);
|
||||
pid_t getpgid(pid_t);
|
||||
#endif
|
||||
|
||||
#ifndef HAVE_ENDGRENT
|
||||
# define endgrent() do { } while (0)
|
||||
#endif
|
||||
|
||||
#ifndef HAVE_KRB5_GET_ERROR_MESSAGE
|
||||
# define krb5_get_error_message krb5_get_err_text
|
||||
#endif
|
||||
|
||||
#ifndef HAVE_KRB5_FREE_ERROR_MESSAGE
|
||||
# define krb5_free_error_message(a,b) do { } while(0)
|
||||
#endif
|
||||
|
||||
#endif /* _BSD_MISC_H */
|
||||
|
@ -1,123 +0,0 @@
|
||||
/*
|
||||
* Copyright (c) 1987, 1993, 1994
|
||||
* The Regents of the University of California. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. Neither the name of the University nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
/* OPENBSD ORIGINAL: lib/libc/stdlib/getopt.c */
|
||||
|
||||
#include "includes.h"
|
||||
#if !defined(HAVE_GETOPT) || !defined(HAVE_GETOPT_OPTRESET)
|
||||
|
||||
#if defined(LIBC_SCCS) && !defined(lint)
|
||||
static char *rcsid = "$OpenBSD: getopt.c,v 1.5 2003/06/02 20:18:37 millert Exp $";
|
||||
#endif /* LIBC_SCCS and not lint */
|
||||
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
|
||||
int BSDopterr = 1, /* if error message should be printed */
|
||||
BSDoptind = 1, /* index into parent argv vector */
|
||||
BSDoptopt, /* character checked for validity */
|
||||
BSDoptreset; /* reset getopt */
|
||||
char *BSDoptarg; /* argument associated with option */
|
||||
|
||||
#define BADCH (int)'?'
|
||||
#define BADARG (int)':'
|
||||
#define EMSG ""
|
||||
|
||||
/*
|
||||
* getopt --
|
||||
* Parse argc/argv argument vector.
|
||||
*/
|
||||
int
|
||||
BSDgetopt(nargc, nargv, ostr)
|
||||
int nargc;
|
||||
char * const *nargv;
|
||||
const char *ostr;
|
||||
{
|
||||
extern char *__progname;
|
||||
static char *place = EMSG; /* option letter processing */
|
||||
char *oli; /* option letter list index */
|
||||
|
||||
if (ostr == NULL)
|
||||
return (-1);
|
||||
|
||||
if (BSDoptreset || !*place) { /* update scanning pointer */
|
||||
BSDoptreset = 0;
|
||||
if (BSDoptind >= nargc || *(place = nargv[BSDoptind]) != '-') {
|
||||
place = EMSG;
|
||||
return (-1);
|
||||
}
|
||||
if (place[1] && *++place == '-') { /* found "--" */
|
||||
++BSDoptind;
|
||||
place = EMSG;
|
||||
return (-1);
|
||||
}
|
||||
} /* option letter okay? */
|
||||
if ((BSDoptopt = (int)*place++) == (int)':' ||
|
||||
!(oli = strchr(ostr, BSDoptopt))) {
|
||||
/*
|
||||
* if the user didn't specify '-' as an option,
|
||||
* assume it means -1.
|
||||
*/
|
||||
if (BSDoptopt == (int)'-')
|
||||
return (-1);
|
||||
if (!*place)
|
||||
++BSDoptind;
|
||||
if (BSDopterr && *ostr != ':')
|
||||
(void)fprintf(stderr,
|
||||
"%s: illegal option -- %c\n", __progname, BSDoptopt);
|
||||
return (BADCH);
|
||||
}
|
||||
if (*++oli != ':') { /* don't need argument */
|
||||
BSDoptarg = NULL;
|
||||
if (!*place)
|
||||
++BSDoptind;
|
||||
}
|
||||
else { /* need an argument */
|
||||
if (*place) /* no white space */
|
||||
BSDoptarg = place;
|
||||
else if (nargc <= ++BSDoptind) { /* no arg */
|
||||
place = EMSG;
|
||||
if (*ostr == ':')
|
||||
return (BADARG);
|
||||
if (BSDopterr)
|
||||
(void)fprintf(stderr,
|
||||
"%s: option requires an argument -- %c\n",
|
||||
__progname, BSDoptopt);
|
||||
return (BADCH);
|
||||
}
|
||||
else /* white space */
|
||||
BSDoptarg = nargv[BSDoptind];
|
||||
place = EMSG;
|
||||
++BSDoptind;
|
||||
}
|
||||
return (BSDoptopt); /* dump back option letter */
|
||||
}
|
||||
|
||||
#endif /* !defined(HAVE_GETOPT) || !defined(HAVE_OPTRESET) */
|
74
crypto/openssh/openbsd-compat/getopt.h
Normal file
74
crypto/openssh/openbsd-compat/getopt.h
Normal file
@ -0,0 +1,74 @@
|
||||
/* $OpenBSD: getopt.h,v 1.2 2008/06/26 05:42:04 ray Exp $ */
|
||||
/* $NetBSD: getopt.h,v 1.4 2000/07/07 10:43:54 ad Exp $ */
|
||||
|
||||
/*-
|
||||
* Copyright (c) 2000 The NetBSD Foundation, Inc.
|
||||
* All rights reserved.
|
||||
*
|
||||
* This code is derived from software contributed to The NetBSD Foundation
|
||||
* by Dieter Baron and Thomas Klausner.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
|
||||
* ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
|
||||
* TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
|
||||
* BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
|
||||
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
||||
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
||||
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
|
||||
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
||||
* POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#ifndef _GETOPT_H_
|
||||
#define _GETOPT_H_
|
||||
|
||||
/*
|
||||
* GNU-like getopt_long() and 4.4BSD getsubopt()/optreset extensions
|
||||
*/
|
||||
#define no_argument 0
|
||||
#define required_argument 1
|
||||
#define optional_argument 2
|
||||
|
||||
struct option {
|
||||
/* name of long option */
|
||||
const char *name;
|
||||
/*
|
||||
* one of no_argument, required_argument, and optional_argument:
|
||||
* whether option takes an argument
|
||||
*/
|
||||
int has_arg;
|
||||
/* if not NULL, set *flag to val when option found */
|
||||
int *flag;
|
||||
/* if flag not NULL, value to set *flag to; else return value */
|
||||
int val;
|
||||
};
|
||||
|
||||
int getopt_long(int, char * const *, const char *,
|
||||
const struct option *, int *);
|
||||
int getopt_long_only(int, char * const *, const char *,
|
||||
const struct option *, int *);
|
||||
#ifndef _GETOPT_DEFINED_
|
||||
#define _GETOPT_DEFINED_
|
||||
int getopt(int, char * const *, const char *);
|
||||
int getsubopt(char **, char * const *, char **);
|
||||
|
||||
extern char *optarg; /* getopt(3) external variables */
|
||||
extern int opterr;
|
||||
extern int optind;
|
||||
extern int optopt;
|
||||
extern int optreset;
|
||||
extern char *suboptarg; /* getsubopt(3) external variable */
|
||||
#endif
|
||||
|
||||
#endif /* !_GETOPT_H_ */
|
532
crypto/openssh/openbsd-compat/getopt_long.c
Normal file
532
crypto/openssh/openbsd-compat/getopt_long.c
Normal file
@ -0,0 +1,532 @@
|
||||
/* $OpenBSD: getopt_long.c,v 1.25 2011/03/05 22:10:11 guenther Exp $ */
|
||||
/* $NetBSD: getopt_long.c,v 1.15 2002/01/31 22:43:40 tv Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2002 Todd C. Miller <Todd.Miller@courtesan.com>
|
||||
*
|
||||
* Permission to use, copy, modify, and distribute this software for any
|
||||
* purpose with or without fee is hereby granted, provided that the above
|
||||
* copyright notice and this permission notice appear in all copies.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
||||
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
||||
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
||||
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
||||
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
||||
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
||||
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
*
|
||||
* Sponsored in part by the Defense Advanced Research Projects
|
||||
* Agency (DARPA) and Air Force Research Laboratory, Air Force
|
||||
* Materiel Command, USAF, under agreement number F39502-99-1-0512.
|
||||
*/
|
||||
/*-
|
||||
* Copyright (c) 2000 The NetBSD Foundation, Inc.
|
||||
* All rights reserved.
|
||||
*
|
||||
* This code is derived from software contributed to The NetBSD Foundation
|
||||
* by Dieter Baron and Thomas Klausner.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
|
||||
* ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
|
||||
* TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
|
||||
* BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
|
||||
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
||||
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
||||
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
|
||||
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
||||
* POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
/* OPENBSD ORIGINAL: lib/libc/stdlib/getopt_long.c */
|
||||
#include "includes.h"
|
||||
|
||||
#if !defined(HAVE_GETOPT) || !defined(HAVE_GETOPT_OPTRESET)
|
||||
|
||||
/*
|
||||
* Some defines to make it easier to keep the code in sync with upstream.
|
||||
* getopt opterr optind optopt optreset optarg are all in defines.h which is
|
||||
* pulled in by includes.h.
|
||||
*/
|
||||
#define warnx logit
|
||||
|
||||
#if 0
|
||||
#include <err.h>
|
||||
#include <getopt.h>
|
||||
#endif
|
||||
#include <errno.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <stdarg.h>
|
||||
|
||||
#include "log.h"
|
||||
|
||||
int opterr = 1; /* if error message should be printed */
|
||||
int optind = 1; /* index into parent argv vector */
|
||||
int optopt = '?'; /* character checked for validity */
|
||||
int optreset; /* reset getopt */
|
||||
char *optarg; /* argument associated with option */
|
||||
|
||||
#define PRINT_ERROR ((opterr) && (*options != ':'))
|
||||
|
||||
#define FLAG_PERMUTE 0x01 /* permute non-options to the end of argv */
|
||||
#define FLAG_ALLARGS 0x02 /* treat non-options as args to option "-1" */
|
||||
#define FLAG_LONGONLY 0x04 /* operate as getopt_long_only */
|
||||
|
||||
/* return values */
|
||||
#define BADCH (int)'?'
|
||||
#define BADARG ((*options == ':') ? (int)':' : (int)'?')
|
||||
#define INORDER (int)1
|
||||
|
||||
#define EMSG ""
|
||||
|
||||
static int getopt_internal(int, char * const *, const char *,
|
||||
const struct option *, int *, int);
|
||||
static int parse_long_options(char * const *, const char *,
|
||||
const struct option *, int *, int);
|
||||
static int gcd(int, int);
|
||||
static void permute_args(int, int, int, char * const *);
|
||||
|
||||
static char *place = EMSG; /* option letter processing */
|
||||
|
||||
/* XXX: set optreset to 1 rather than these two */
|
||||
static int nonopt_start = -1; /* first non option argument (for permute) */
|
||||
static int nonopt_end = -1; /* first option after non options (for permute) */
|
||||
|
||||
/* Error messages */
|
||||
static const char recargchar[] = "option requires an argument -- %c";
|
||||
static const char recargstring[] = "option requires an argument -- %s";
|
||||
static const char ambig[] = "ambiguous option -- %.*s";
|
||||
static const char noarg[] = "option doesn't take an argument -- %.*s";
|
||||
static const char illoptchar[] = "unknown option -- %c";
|
||||
static const char illoptstring[] = "unknown option -- %s";
|
||||
|
||||
/*
|
||||
* Compute the greatest common divisor of a and b.
|
||||
*/
|
||||
static int
|
||||
gcd(int a, int b)
|
||||
{
|
||||
int c;
|
||||
|
||||
c = a % b;
|
||||
while (c != 0) {
|
||||
a = b;
|
||||
b = c;
|
||||
c = a % b;
|
||||
}
|
||||
|
||||
return (b);
|
||||
}
|
||||
|
||||
/*
|
||||
* Exchange the block from nonopt_start to nonopt_end with the block
|
||||
* from nonopt_end to opt_end (keeping the same order of arguments
|
||||
* in each block).
|
||||
*/
|
||||
static void
|
||||
permute_args(int panonopt_start, int panonopt_end, int opt_end,
|
||||
char * const *nargv)
|
||||
{
|
||||
int cstart, cyclelen, i, j, ncycle, nnonopts, nopts, pos;
|
||||
char *swap;
|
||||
|
||||
/*
|
||||
* compute lengths of blocks and number and size of cycles
|
||||
*/
|
||||
nnonopts = panonopt_end - panonopt_start;
|
||||
nopts = opt_end - panonopt_end;
|
||||
ncycle = gcd(nnonopts, nopts);
|
||||
cyclelen = (opt_end - panonopt_start) / ncycle;
|
||||
|
||||
for (i = 0; i < ncycle; i++) {
|
||||
cstart = panonopt_end+i;
|
||||
pos = cstart;
|
||||
for (j = 0; j < cyclelen; j++) {
|
||||
if (pos >= panonopt_end)
|
||||
pos -= nnonopts;
|
||||
else
|
||||
pos += nopts;
|
||||
swap = nargv[pos];
|
||||
/* LINTED const cast */
|
||||
((char **) nargv)[pos] = nargv[cstart];
|
||||
/* LINTED const cast */
|
||||
((char **)nargv)[cstart] = swap;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* parse_long_options --
|
||||
* Parse long options in argc/argv argument vector.
|
||||
* Returns -1 if short_too is set and the option does not match long_options.
|
||||
*/
|
||||
static int
|
||||
parse_long_options(char * const *nargv, const char *options,
|
||||
const struct option *long_options, int *idx, int short_too)
|
||||
{
|
||||
char *current_argv, *has_equal;
|
||||
size_t current_argv_len;
|
||||
int i, match;
|
||||
|
||||
current_argv = place;
|
||||
match = -1;
|
||||
|
||||
optind++;
|
||||
|
||||
if ((has_equal = strchr(current_argv, '=')) != NULL) {
|
||||
/* argument found (--option=arg) */
|
||||
current_argv_len = has_equal - current_argv;
|
||||
has_equal++;
|
||||
} else
|
||||
current_argv_len = strlen(current_argv);
|
||||
|
||||
for (i = 0; long_options[i].name; i++) {
|
||||
/* find matching long option */
|
||||
if (strncmp(current_argv, long_options[i].name,
|
||||
current_argv_len))
|
||||
continue;
|
||||
|
||||
if (strlen(long_options[i].name) == current_argv_len) {
|
||||
/* exact match */
|
||||
match = i;
|
||||
break;
|
||||
}
|
||||
/*
|
||||
* If this is a known short option, don't allow
|
||||
* a partial match of a single character.
|
||||
*/
|
||||
if (short_too && current_argv_len == 1)
|
||||
continue;
|
||||
|
||||
if (match == -1) /* partial match */
|
||||
match = i;
|
||||
else {
|
||||
/* ambiguous abbreviation */
|
||||
if (PRINT_ERROR)
|
||||
warnx(ambig, (int)current_argv_len,
|
||||
current_argv);
|
||||
optopt = 0;
|
||||
return (BADCH);
|
||||
}
|
||||
}
|
||||
if (match != -1) { /* option found */
|
||||
if (long_options[match].has_arg == no_argument
|
||||
&& has_equal) {
|
||||
if (PRINT_ERROR)
|
||||
warnx(noarg, (int)current_argv_len,
|
||||
current_argv);
|
||||
/*
|
||||
* XXX: GNU sets optopt to val regardless of flag
|
||||
*/
|
||||
if (long_options[match].flag == NULL)
|
||||
optopt = long_options[match].val;
|
||||
else
|
||||
optopt = 0;
|
||||
return (BADARG);
|
||||
}
|
||||
if (long_options[match].has_arg == required_argument ||
|
||||
long_options[match].has_arg == optional_argument) {
|
||||
if (has_equal)
|
||||
optarg = has_equal;
|
||||
else if (long_options[match].has_arg ==
|
||||
required_argument) {
|
||||
/*
|
||||
* optional argument doesn't use next nargv
|
||||
*/
|
||||
optarg = nargv[optind++];
|
||||
}
|
||||
}
|
||||
if ((long_options[match].has_arg == required_argument)
|
||||
&& (optarg == NULL)) {
|
||||
/*
|
||||
* Missing argument; leading ':' indicates no error
|
||||
* should be generated.
|
||||
*/
|
||||
if (PRINT_ERROR)
|
||||
warnx(recargstring,
|
||||
current_argv);
|
||||
/*
|
||||
* XXX: GNU sets optopt to val regardless of flag
|
||||
*/
|
||||
if (long_options[match].flag == NULL)
|
||||
optopt = long_options[match].val;
|
||||
else
|
||||
optopt = 0;
|
||||
--optind;
|
||||
return (BADARG);
|
||||
}
|
||||
} else { /* unknown option */
|
||||
if (short_too) {
|
||||
--optind;
|
||||
return (-1);
|
||||
}
|
||||
if (PRINT_ERROR)
|
||||
warnx(illoptstring, current_argv);
|
||||
optopt = 0;
|
||||
return (BADCH);
|
||||
}
|
||||
if (idx)
|
||||
*idx = match;
|
||||
if (long_options[match].flag) {
|
||||
*long_options[match].flag = long_options[match].val;
|
||||
return (0);
|
||||
} else
|
||||
return (long_options[match].val);
|
||||
}
|
||||
|
||||
/*
|
||||
* getopt_internal --
|
||||
* Parse argc/argv argument vector. Called by user level routines.
|
||||
*/
|
||||
static int
|
||||
getopt_internal(int nargc, char * const *nargv, const char *options,
|
||||
const struct option *long_options, int *idx, int flags)
|
||||
{
|
||||
char *oli; /* option letter list index */
|
||||
int optchar, short_too;
|
||||
static int posixly_correct = -1;
|
||||
|
||||
if (options == NULL)
|
||||
return (-1);
|
||||
|
||||
/*
|
||||
* XXX Some GNU programs (like cvs) set optind to 0 instead of
|
||||
* XXX using optreset. Work around this braindamage.
|
||||
*/
|
||||
if (optind == 0)
|
||||
optind = optreset = 1;
|
||||
|
||||
/*
|
||||
* Disable GNU extensions if POSIXLY_CORRECT is set or options
|
||||
* string begins with a '+'.
|
||||
*/
|
||||
if (posixly_correct == -1 || optreset)
|
||||
posixly_correct = (getenv("POSIXLY_CORRECT") != NULL);
|
||||
if (*options == '-')
|
||||
flags |= FLAG_ALLARGS;
|
||||
else if (posixly_correct || *options == '+')
|
||||
flags &= ~FLAG_PERMUTE;
|
||||
if (*options == '+' || *options == '-')
|
||||
options++;
|
||||
|
||||
optarg = NULL;
|
||||
if (optreset)
|
||||
nonopt_start = nonopt_end = -1;
|
||||
start:
|
||||
if (optreset || !*place) { /* update scanning pointer */
|
||||
optreset = 0;
|
||||
if (optind >= nargc) { /* end of argument vector */
|
||||
place = EMSG;
|
||||
if (nonopt_end != -1) {
|
||||
/* do permutation, if we have to */
|
||||
permute_args(nonopt_start, nonopt_end,
|
||||
optind, nargv);
|
||||
optind -= nonopt_end - nonopt_start;
|
||||
}
|
||||
else if (nonopt_start != -1) {
|
||||
/*
|
||||
* If we skipped non-options, set optind
|
||||
* to the first of them.
|
||||
*/
|
||||
optind = nonopt_start;
|
||||
}
|
||||
nonopt_start = nonopt_end = -1;
|
||||
return (-1);
|
||||
}
|
||||
if (*(place = nargv[optind]) != '-' ||
|
||||
(place[1] == '\0' && strchr(options, '-') == NULL)) {
|
||||
place = EMSG; /* found non-option */
|
||||
if (flags & FLAG_ALLARGS) {
|
||||
/*
|
||||
* GNU extension:
|
||||
* return non-option as argument to option 1
|
||||
*/
|
||||
optarg = nargv[optind++];
|
||||
return (INORDER);
|
||||
}
|
||||
if (!(flags & FLAG_PERMUTE)) {
|
||||
/*
|
||||
* If no permutation wanted, stop parsing
|
||||
* at first non-option.
|
||||
*/
|
||||
return (-1);
|
||||
}
|
||||
/* do permutation */
|
||||
if (nonopt_start == -1)
|
||||
nonopt_start = optind;
|
||||
else if (nonopt_end != -1) {
|
||||
permute_args(nonopt_start, nonopt_end,
|
||||
optind, nargv);
|
||||
nonopt_start = optind -
|
||||
(nonopt_end - nonopt_start);
|
||||
nonopt_end = -1;
|
||||
}
|
||||
optind++;
|
||||
/* process next argument */
|
||||
goto start;
|
||||
}
|
||||
if (nonopt_start != -1 && nonopt_end == -1)
|
||||
nonopt_end = optind;
|
||||
|
||||
/*
|
||||
* If we have "-" do nothing, if "--" we are done.
|
||||
*/
|
||||
if (place[1] != '\0' && *++place == '-' && place[1] == '\0') {
|
||||
optind++;
|
||||
place = EMSG;
|
||||
/*
|
||||
* We found an option (--), so if we skipped
|
||||
* non-options, we have to permute.
|
||||
*/
|
||||
if (nonopt_end != -1) {
|
||||
permute_args(nonopt_start, nonopt_end,
|
||||
optind, nargv);
|
||||
optind -= nonopt_end - nonopt_start;
|
||||
}
|
||||
nonopt_start = nonopt_end = -1;
|
||||
return (-1);
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Check long options if:
|
||||
* 1) we were passed some
|
||||
* 2) the arg is not just "-"
|
||||
* 3) either the arg starts with -- we are getopt_long_only()
|
||||
*/
|
||||
if (long_options != NULL && place != nargv[optind] &&
|
||||
(*place == '-' || (flags & FLAG_LONGONLY))) {
|
||||
short_too = 0;
|
||||
if (*place == '-')
|
||||
place++; /* --foo long option */
|
||||
else if (*place != ':' && strchr(options, *place) != NULL)
|
||||
short_too = 1; /* could be short option too */
|
||||
|
||||
optchar = parse_long_options(nargv, options, long_options,
|
||||
idx, short_too);
|
||||
if (optchar != -1) {
|
||||
place = EMSG;
|
||||
return (optchar);
|
||||
}
|
||||
}
|
||||
|
||||
if ((optchar = (int)*place++) == (int)':' ||
|
||||
(optchar == (int)'-' && *place != '\0') ||
|
||||
(oli = strchr(options, optchar)) == NULL) {
|
||||
/*
|
||||
* If the user specified "-" and '-' isn't listed in
|
||||
* options, return -1 (non-option) as per POSIX.
|
||||
* Otherwise, it is an unknown option character (or ':').
|
||||
*/
|
||||
if (optchar == (int)'-' && *place == '\0')
|
||||
return (-1);
|
||||
if (!*place)
|
||||
++optind;
|
||||
if (PRINT_ERROR)
|
||||
warnx(illoptchar, optchar);
|
||||
optopt = optchar;
|
||||
return (BADCH);
|
||||
}
|
||||
if (long_options != NULL && optchar == 'W' && oli[1] == ';') {
|
||||
/* -W long-option */
|
||||
if (*place) /* no space */
|
||||
/* NOTHING */;
|
||||
else if (++optind >= nargc) { /* no arg */
|
||||
place = EMSG;
|
||||
if (PRINT_ERROR)
|
||||
warnx(recargchar, optchar);
|
||||
optopt = optchar;
|
||||
return (BADARG);
|
||||
} else /* white space */
|
||||
place = nargv[optind];
|
||||
optchar = parse_long_options(nargv, options, long_options,
|
||||
idx, 0);
|
||||
place = EMSG;
|
||||
return (optchar);
|
||||
}
|
||||
if (*++oli != ':') { /* doesn't take argument */
|
||||
if (!*place)
|
||||
++optind;
|
||||
} else { /* takes (optional) argument */
|
||||
optarg = NULL;
|
||||
if (*place) /* no white space */
|
||||
optarg = place;
|
||||
else if (oli[1] != ':') { /* arg not optional */
|
||||
if (++optind >= nargc) { /* no arg */
|
||||
place = EMSG;
|
||||
if (PRINT_ERROR)
|
||||
warnx(recargchar, optchar);
|
||||
optopt = optchar;
|
||||
return (BADARG);
|
||||
} else
|
||||
optarg = nargv[optind];
|
||||
}
|
||||
place = EMSG;
|
||||
++optind;
|
||||
}
|
||||
/* dump back option letter */
|
||||
return (optchar);
|
||||
}
|
||||
|
||||
/*
|
||||
* getopt --
|
||||
* Parse argc/argv argument vector.
|
||||
*
|
||||
* [eventually this will replace the BSD getopt]
|
||||
*/
|
||||
int
|
||||
getopt(int nargc, char * const *nargv, const char *options)
|
||||
{
|
||||
|
||||
/*
|
||||
* We don't pass FLAG_PERMUTE to getopt_internal() since
|
||||
* the BSD getopt(3) (unlike GNU) has never done this.
|
||||
*
|
||||
* Furthermore, since many privileged programs call getopt()
|
||||
* before dropping privileges it makes sense to keep things
|
||||
* as simple (and bug-free) as possible.
|
||||
*/
|
||||
return (getopt_internal(nargc, nargv, options, NULL, NULL, 0));
|
||||
}
|
||||
|
||||
#if 0
|
||||
/*
|
||||
* getopt_long --
|
||||
* Parse argc/argv argument vector.
|
||||
*/
|
||||
int
|
||||
getopt_long(int nargc, char * const *nargv, const char *options,
|
||||
const struct option *long_options, int *idx)
|
||||
{
|
||||
|
||||
return (getopt_internal(nargc, nargv, options, long_options, idx,
|
||||
FLAG_PERMUTE));
|
||||
}
|
||||
|
||||
/*
|
||||
* getopt_long_only --
|
||||
* Parse argc/argv argument vector.
|
||||
*/
|
||||
int
|
||||
getopt_long_only(int nargc, char * const *nargv, const char *options,
|
||||
const struct option *long_options, int *idx)
|
||||
{
|
||||
|
||||
return (getopt_internal(nargc, nargv, options, long_options, idx,
|
||||
FLAG_PERMUTE|FLAG_LONGONLY));
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* !defined(HAVE_GETOPT) || !defined(HAVE_OPTRESET) */
|
@ -58,7 +58,6 @@
|
||||
|
||||
#define malloc(x) (xmalloc(x))
|
||||
#define calloc(x, y) (xcalloc((x),(y)))
|
||||
#define free(x) (xfree(x))
|
||||
|
||||
int
|
||||
getrrsetbyname(const char *hostname, unsigned int rdclass,
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $Id: openbsd-compat.h,v 1.55 2013/02/15 01:20:42 dtucker Exp $ */
|
||||
/* $Id: openbsd-compat.h,v 1.58 2013/06/05 22:30:21 dtucker Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 1999-2003 Damien Miller. All rights reserved.
|
||||
@ -111,6 +111,10 @@ char *dirname(const char *path);
|
||||
int fmt_scaled(long long number, char *result);
|
||||
#endif
|
||||
|
||||
#ifndef HAVE_SCAN_SCALED
|
||||
int scan_scaled(char *, long long *);
|
||||
#endif
|
||||
|
||||
#if defined(BROKEN_INET_NTOA) || !defined(HAVE_INET_NTOA)
|
||||
char *inet_ntoa(struct in_addr in);
|
||||
#endif
|
||||
@ -139,6 +143,7 @@ int getgrouplist(const char *, gid_t, gid_t *, int *);
|
||||
|
||||
#if !defined(HAVE_GETOPT) || !defined(HAVE_GETOPT_OPTRESET)
|
||||
int BSDgetopt(int argc, char * const *argv, const char *opts);
|
||||
#include "openbsd-compat/getopt.h"
|
||||
#endif
|
||||
|
||||
#if defined(HAVE_DECL_WRITEV) && HAVE_DECL_WRITEV == 0
|
||||
@ -202,6 +207,11 @@ unsigned long long strtoull(const char *, char **, int);
|
||||
long long strtonum(const char *, long long, long long, const char **);
|
||||
#endif
|
||||
|
||||
/* multibyte character support */
|
||||
#ifndef HAVE_MBLEN
|
||||
# define mblen(x, y) 1
|
||||
#endif
|
||||
|
||||
#if !defined(HAVE_VASPRINTF) || !defined(HAVE_VSNPRINTF)
|
||||
# include <stdarg.h>
|
||||
#endif
|
||||
|
@ -86,7 +86,7 @@ aix_usrinfo(struct passwd *pw)
|
||||
fatal("Couldn't set usrinfo: %s", strerror(errno));
|
||||
debug3("AIX/UsrInfo: set len %d", i);
|
||||
|
||||
xfree(cp);
|
||||
free(cp);
|
||||
}
|
||||
|
||||
# ifdef WITH_AIXAUTHENTICATE
|
||||
@ -215,16 +215,14 @@ sys_auth_passwd(Authctxt *ctxt, const char *password)
|
||||
default: /* user can't change(2) or other error (-1) */
|
||||
logit("Password can't be changed for user %s: %.100s",
|
||||
name, msg);
|
||||
if (msg)
|
||||
xfree(msg);
|
||||
free(msg);
|
||||
authsuccess = 0;
|
||||
}
|
||||
|
||||
aix_restoreauthdb();
|
||||
}
|
||||
|
||||
if (authmsg != NULL)
|
||||
xfree(authmsg);
|
||||
free(authmsg);
|
||||
|
||||
return authsuccess;
|
||||
}
|
||||
@ -269,7 +267,7 @@ sys_auth_allowed_user(struct passwd *pw, Buffer *loginmsg)
|
||||
|
||||
if (!permitted)
|
||||
logit("Login restricted for %s: %.100s", pw->pw_name, msg);
|
||||
xfree(msg);
|
||||
free(msg);
|
||||
return permitted;
|
||||
}
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $Id: port-linux.c,v 1.17 2012/03/08 23:25:18 djm Exp $ */
|
||||
/* $Id: port-linux.c,v 1.18 2013/06/01 22:07:32 dtucker Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2005 Daniel Walsh <dwalsh@redhat.com>
|
||||
@ -96,10 +96,8 @@ ssh_selinux_getctxbyname(char *pwname)
|
||||
}
|
||||
|
||||
#ifdef HAVE_GETSEUSERBYNAME
|
||||
if (sename != NULL)
|
||||
xfree(sename);
|
||||
if (lvl != NULL)
|
||||
xfree(lvl);
|
||||
free(sename);
|
||||
free(lvl);
|
||||
#endif
|
||||
|
||||
return sc;
|
||||
@ -217,8 +215,8 @@ ssh_selinux_change_context(const char *newname)
|
||||
if (setcon(newctx) < 0)
|
||||
switchlog("%s: setcon %s from %s failed with %s", __func__,
|
||||
newctx, oldctx, strerror(errno));
|
||||
xfree(oldctx);
|
||||
xfree(newctx);
|
||||
free(oldctx);
|
||||
free(newctx);
|
||||
}
|
||||
|
||||
void
|
||||
|
@ -55,7 +55,12 @@
|
||||
|
||||
# if defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT)
|
||||
# include "md5crypt.h"
|
||||
# endif
|
||||
# endif
|
||||
|
||||
# if !defined(HAVE_CRYPT) && defined(HAVE_DES_CRYPT)
|
||||
# include <openssl/des.h>
|
||||
# define crypt DES_crypt
|
||||
# endif
|
||||
|
||||
char *
|
||||
xcrypt(const char *password, const char *salt)
|
||||
|
@ -1,5 +1,4 @@
|
||||
/* $OpenBSD: packet.c,v 1.181 2013/02/10 23:35:24 djm Exp $ */
|
||||
/* $OpenBSD: packet.c,v 1.182 2013/04/11 02:27:50 djm Exp $ */
|
||||
/* $OpenBSD: packet.c,v 1.188 2013/07/12 00:19:58 djm Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
@ -59,6 +58,7 @@
|
||||
#include <string.h>
|
||||
#include <unistd.h>
|
||||
#include <signal.h>
|
||||
#include <time.h>
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "buffer.h"
|
||||
@ -166,9 +166,14 @@ struct session_state {
|
||||
Newkeys *newkeys[MODE_MAX];
|
||||
struct packet_state p_read, p_send;
|
||||
|
||||
/* Volume-based rekeying */
|
||||
u_int64_t max_blocks_in, max_blocks_out;
|
||||
u_int32_t rekey_limit;
|
||||
|
||||
/* Time-based rekeying */
|
||||
time_t rekey_interval; /* how often in seconds */
|
||||
time_t rekey_time; /* time of last rekeying */
|
||||
|
||||
/* Session key for protocol v1 */
|
||||
u_char ssh1_key[SSH_SESSION_KEY_LENGTH];
|
||||
u_int ssh1_keylen;
|
||||
@ -219,7 +224,7 @@ alloc_session_state(void)
|
||||
void
|
||||
packet_set_connection(int fd_in, int fd_out)
|
||||
{
|
||||
Cipher *none = cipher_by_name("none");
|
||||
const Cipher *none = cipher_by_name("none");
|
||||
|
||||
if (none == NULL)
|
||||
fatal("packet_set_connection: cannot load cipher 'none'");
|
||||
@ -549,7 +554,7 @@ packet_start_compression(int level)
|
||||
void
|
||||
packet_set_encryption_key(const u_char *key, u_int keylen, int number)
|
||||
{
|
||||
Cipher *cipher = cipher_by_number(number);
|
||||
const Cipher *cipher = cipher_by_number(number);
|
||||
|
||||
if (cipher == NULL)
|
||||
fatal("packet_set_encryption_key: unknown cipher number %d", number);
|
||||
@ -764,13 +769,13 @@ set_newkeys(int mode)
|
||||
memset(enc->iv, 0, enc->iv_len);
|
||||
memset(enc->key, 0, enc->key_len);
|
||||
memset(mac->key, 0, mac->key_len);
|
||||
xfree(enc->name);
|
||||
xfree(enc->iv);
|
||||
xfree(enc->key);
|
||||
xfree(mac->name);
|
||||
xfree(mac->key);
|
||||
xfree(comp->name);
|
||||
xfree(active_state->newkeys[mode]);
|
||||
free(enc->name);
|
||||
free(enc->iv);
|
||||
free(enc->key);
|
||||
free(mac->name);
|
||||
free(mac->key);
|
||||
free(comp->name);
|
||||
free(active_state->newkeys[mode]);
|
||||
}
|
||||
active_state->newkeys[mode] = kex_get_newkeys(mode);
|
||||
if (active_state->newkeys[mode] == NULL)
|
||||
@ -1013,6 +1018,7 @@ packet_send2(void)
|
||||
/* after a NEWKEYS message we can send the complete queue */
|
||||
if (type == SSH2_MSG_NEWKEYS) {
|
||||
active_state->rekeying = 0;
|
||||
active_state->rekey_time = monotime();
|
||||
while ((p = TAILQ_FIRST(&active_state->outgoing))) {
|
||||
type = p->type;
|
||||
debug("dequeue packet: %u", type);
|
||||
@ -1020,7 +1026,7 @@ packet_send2(void)
|
||||
memcpy(&active_state->outgoing_packet, &p->payload,
|
||||
sizeof(Buffer));
|
||||
TAILQ_REMOVE(&active_state->outgoing, p, next);
|
||||
xfree(p);
|
||||
free(p);
|
||||
packet_send2_wrapped();
|
||||
}
|
||||
}
|
||||
@ -1045,7 +1051,7 @@ packet_send(void)
|
||||
int
|
||||
packet_read_seqnr(u_int32_t *seqnr_p)
|
||||
{
|
||||
int type, len, ret, ms_remain, cont;
|
||||
int type, len, ret, cont, ms_remain = 0;
|
||||
fd_set *setp;
|
||||
char buf[8192];
|
||||
struct timeval timeout, start, *timeoutp = NULL;
|
||||
@ -1070,7 +1076,7 @@ packet_read_seqnr(u_int32_t *seqnr_p)
|
||||
packet_check_eom();
|
||||
/* If we got a packet, return it. */
|
||||
if (type != SSH_MSG_NONE) {
|
||||
xfree(setp);
|
||||
free(setp);
|
||||
return type;
|
||||
}
|
||||
/*
|
||||
@ -1458,9 +1464,9 @@ packet_read_poll_seqnr(u_int32_t *seqnr_p)
|
||||
packet_get_char();
|
||||
msg = packet_get_string(NULL);
|
||||
debug("Remote: %.900s", msg);
|
||||
xfree(msg);
|
||||
free(msg);
|
||||
msg = packet_get_string(NULL);
|
||||
xfree(msg);
|
||||
free(msg);
|
||||
break;
|
||||
case SSH2_MSG_DISCONNECT:
|
||||
reason = packet_get_int();
|
||||
@ -1471,7 +1477,7 @@ packet_read_poll_seqnr(u_int32_t *seqnr_p)
|
||||
SYSLOG_LEVEL_INFO : SYSLOG_LEVEL_ERROR,
|
||||
"Received disconnect from %s: %u: %.400s",
|
||||
get_remote_ipaddr(), reason, msg);
|
||||
xfree(msg);
|
||||
free(msg);
|
||||
cleanup_exit(255);
|
||||
break;
|
||||
case SSH2_MSG_UNIMPLEMENTED:
|
||||
@ -1485,12 +1491,14 @@ packet_read_poll_seqnr(u_int32_t *seqnr_p)
|
||||
} else {
|
||||
type = packet_read_poll1();
|
||||
switch (type) {
|
||||
case SSH_MSG_NONE:
|
||||
return SSH_MSG_NONE;
|
||||
case SSH_MSG_IGNORE:
|
||||
break;
|
||||
case SSH_MSG_DEBUG:
|
||||
msg = packet_get_string(NULL);
|
||||
debug("Remote: %.900s", msg);
|
||||
xfree(msg);
|
||||
free(msg);
|
||||
break;
|
||||
case SSH_MSG_DISCONNECT:
|
||||
msg = packet_get_string(NULL);
|
||||
@ -1499,8 +1507,7 @@ packet_read_poll_seqnr(u_int32_t *seqnr_p)
|
||||
cleanup_exit(255);
|
||||
break;
|
||||
default:
|
||||
if (type)
|
||||
DBG(debug("received packet type %d", type));
|
||||
DBG(debug("received packet type %d", type));
|
||||
return type;
|
||||
}
|
||||
}
|
||||
@ -1737,7 +1744,7 @@ void
|
||||
packet_write_wait(void)
|
||||
{
|
||||
fd_set *setp;
|
||||
int ret, ms_remain;
|
||||
int ret, ms_remain = 0;
|
||||
struct timeval start, timeout, *timeoutp = NULL;
|
||||
|
||||
setp = (fd_set *)xcalloc(howmany(active_state->connection_out + 1,
|
||||
@ -1778,7 +1785,7 @@ packet_write_wait(void)
|
||||
}
|
||||
packet_write_poll();
|
||||
}
|
||||
xfree(setp);
|
||||
free(setp);
|
||||
}
|
||||
|
||||
/* Returns true if there is buffered data to write to the connection. */
|
||||
@ -1952,13 +1959,33 @@ packet_need_rekeying(void)
|
||||
(active_state->max_blocks_out &&
|
||||
(active_state->p_send.blocks > active_state->max_blocks_out)) ||
|
||||
(active_state->max_blocks_in &&
|
||||
(active_state->p_read.blocks > active_state->max_blocks_in));
|
||||
(active_state->p_read.blocks > active_state->max_blocks_in)) ||
|
||||
(active_state->rekey_interval != 0 && active_state->rekey_time +
|
||||
active_state->rekey_interval <= monotime());
|
||||
}
|
||||
|
||||
void
|
||||
packet_set_rekey_limit(u_int32_t bytes)
|
||||
packet_set_rekey_limits(u_int32_t bytes, time_t seconds)
|
||||
{
|
||||
debug3("rekey after %lld bytes, %d seconds", (long long)bytes,
|
||||
(int)seconds);
|
||||
active_state->rekey_limit = bytes;
|
||||
active_state->rekey_interval = seconds;
|
||||
/*
|
||||
* We set the time here so that in post-auth privsep slave we count
|
||||
* from the completion of the authentication.
|
||||
*/
|
||||
active_state->rekey_time = monotime();
|
||||
}
|
||||
|
||||
time_t
|
||||
packet_get_rekey_timeout(void)
|
||||
{
|
||||
time_t seconds;
|
||||
|
||||
seconds = active_state->rekey_time + active_state->rekey_interval -
|
||||
monotime();
|
||||
return (seconds <= 0 ? 1 : seconds);
|
||||
}
|
||||
|
||||
void
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: packet.h,v 1.57 2012/01/25 19:40:09 markus Exp $ */
|
||||
/* $OpenBSD: packet.h,v 1.59 2013/07/12 00:19:59 djm Exp $ */
|
||||
/* $FreeBSD$ */
|
||||
|
||||
/*
|
||||
@ -75,7 +75,7 @@ void *packet_get_raw(u_int *length_ptr);
|
||||
void *packet_get_string(u_int *length_ptr);
|
||||
char *packet_get_cstring(u_int *length_ptr);
|
||||
void *packet_get_string_ptr(u_int *length_ptr);
|
||||
void packet_disconnect(const char *fmt,...) __attribute__((format(printf, 1, 2)));
|
||||
void packet_disconnect(const char *fmt,...) __attribute__((noreturn)) __attribute__((format(printf, 1, 2)));
|
||||
void packet_send_debug(const char *fmt,...) __attribute__((format(printf, 1, 2)));
|
||||
|
||||
void set_newkeys(int mode);
|
||||
@ -122,7 +122,8 @@ int packet_need_rekeying(void);
|
||||
#ifdef NONE_CIPHER_ENABLED
|
||||
void packet_request_rekeying(void);
|
||||
#endif
|
||||
void packet_set_rekey_limit(u_int32_t);
|
||||
void packet_set_rekey_limits(u_int32_t, time_t);
|
||||
time_t packet_get_rekey_timeout(void);
|
||||
|
||||
void packet_backup_state(void);
|
||||
void packet_restore_state(void);
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: pathnames.h,v 1.22 2011/05/23 03:30:07 djm Exp $ */
|
||||
/* $OpenBSD: pathnames.h,v 1.23 2013/04/05 00:31:49 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
@ -65,18 +65,18 @@
|
||||
* readable by anyone except the user him/herself, though this does not
|
||||
* contain anything particularly secret.
|
||||
*/
|
||||
#define _PATH_SSH_USER_HOSTFILE "~/.ssh/known_hosts"
|
||||
#define _PATH_SSH_USER_HOSTFILE "~/" _PATH_SSH_USER_DIR "/known_hosts"
|
||||
/* backward compat for protocol 2 */
|
||||
#define _PATH_SSH_USER_HOSTFILE2 "~/.ssh/known_hosts2"
|
||||
#define _PATH_SSH_USER_HOSTFILE2 "~/" _PATH_SSH_USER_DIR "/known_hosts2"
|
||||
|
||||
/*
|
||||
* Name of the default file containing client-side authentication key. This
|
||||
* file should only be readable by the user him/herself.
|
||||
*/
|
||||
#define _PATH_SSH_CLIENT_IDENTITY ".ssh/identity"
|
||||
#define _PATH_SSH_CLIENT_ID_DSA ".ssh/id_dsa"
|
||||
#define _PATH_SSH_CLIENT_ID_ECDSA ".ssh/id_ecdsa"
|
||||
#define _PATH_SSH_CLIENT_ID_RSA ".ssh/id_rsa"
|
||||
#define _PATH_SSH_CLIENT_IDENTITY _PATH_SSH_USER_DIR "/identity"
|
||||
#define _PATH_SSH_CLIENT_ID_DSA _PATH_SSH_USER_DIR "/id_dsa"
|
||||
#define _PATH_SSH_CLIENT_ID_ECDSA _PATH_SSH_USER_DIR "/id_ecdsa"
|
||||
#define _PATH_SSH_CLIENT_ID_RSA _PATH_SSH_USER_DIR "/id_rsa"
|
||||
|
||||
/*
|
||||
* Configuration file in user's home directory. This file need not be
|
||||
@ -84,7 +84,7 @@
|
||||
* particularly secret. If the user's home directory resides on an NFS
|
||||
* volume where root is mapped to nobody, this may need to be world-readable.
|
||||
*/
|
||||
#define _PATH_SSH_USER_CONFFILE ".ssh/config"
|
||||
#define _PATH_SSH_USER_CONFFILE _PATH_SSH_USER_DIR "/config"
|
||||
|
||||
/*
|
||||
* File containing a list of those rsa keys that permit logging in as this
|
||||
@ -94,10 +94,10 @@
|
||||
* may need to be world-readable. (This file is read by the daemon which is
|
||||
* running as root.)
|
||||
*/
|
||||
#define _PATH_SSH_USER_PERMITTED_KEYS ".ssh/authorized_keys"
|
||||
#define _PATH_SSH_USER_PERMITTED_KEYS _PATH_SSH_USER_DIR "/authorized_keys"
|
||||
|
||||
/* backward compat for protocol v2 */
|
||||
#define _PATH_SSH_USER_PERMITTED_KEYS2 ".ssh/authorized_keys2"
|
||||
#define _PATH_SSH_USER_PERMITTED_KEYS2 _PATH_SSH_USER_DIR "/authorized_keys2"
|
||||
|
||||
/*
|
||||
* Per-user and system-wide ssh "rc" files. These files are executed with
|
||||
@ -105,7 +105,7 @@
|
||||
* passed "proto cookie" as arguments if X11 forwarding with spoofing is in
|
||||
* use. xauth will be run if neither of these exists.
|
||||
*/
|
||||
#define _PATH_SSH_USER_RC ".ssh/rc"
|
||||
#define _PATH_SSH_USER_RC _PATH_SSH_USER_DIR "/rc"
|
||||
#define _PATH_SSH_SYSTEM_RC SSHDIR "/sshrc"
|
||||
|
||||
/*
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: progressmeter.c,v 1.37 2006/08/03 03:34:42 deraadt Exp $ */
|
||||
/* $OpenBSD: progressmeter.c,v 1.39 2013/06/02 13:33:05 dtucker Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2003 Nils Nordman. All rights reserved.
|
||||
*
|
||||
@ -131,7 +131,7 @@ refresh_progress_meter(void)
|
||||
|
||||
transferred = *counter - cur_pos;
|
||||
cur_pos = *counter;
|
||||
now = time(NULL);
|
||||
now = monotime();
|
||||
bytes_left = end_pos - cur_pos;
|
||||
|
||||
if (bytes_left > 0)
|
||||
@ -249,7 +249,7 @@ update_progress_meter(int ignore)
|
||||
void
|
||||
start_progress_meter(char *f, off_t filesize, off_t *ctr)
|
||||
{
|
||||
start = last_update = time(NULL);
|
||||
start = last_update = monotime();
|
||||
file = f;
|
||||
end_pos = filesize;
|
||||
cur_pos = 0;
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: readconf.c,v 1.196 2013/02/22 04:45:08 dtucker Exp $ */
|
||||
/* $OpenBSD: readconf.c,v 1.204 2013/06/10 19:19:44 dtucker Exp $ */
|
||||
/* $FreeBSD$ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
@ -33,6 +33,9 @@ __RCSID("$FreeBSD$");
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <unistd.h>
|
||||
#ifdef HAVE_UTIL_H
|
||||
#include <util.h>
|
||||
#endif
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "ssh.h"
|
||||
@ -138,13 +141,13 @@ typedef enum {
|
||||
oHashKnownHosts,
|
||||
oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand,
|
||||
oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication,
|
||||
oKexAlgorithms, oIPQoS, oRequestTTY,
|
||||
oKexAlgorithms, oIPQoS, oRequestTTY, oIgnoreUnknown,
|
||||
oIgnoredUnknownOption,
|
||||
oHPNDisabled, oHPNBufferSize, oTcpRcvBufPoll, oTcpRcvBuf,
|
||||
#ifdef NONE_CIPHER_ENABLED
|
||||
oNoneEnabled, oNoneSwitch,
|
||||
#endif
|
||||
oVersionAddendum,
|
||||
oDeprecated, oUnsupported
|
||||
oVersionAddendum, oDeprecated, oUnsupported
|
||||
} OpCodes;
|
||||
|
||||
/* Textual representations of the tokens. */
|
||||
@ -255,6 +258,7 @@ static struct {
|
||||
{ "kexalgorithms", oKexAlgorithms },
|
||||
{ "ipqos", oIPQoS },
|
||||
{ "requesttty", oRequestTTY },
|
||||
{ "ignoreunknown", oIgnoreUnknown },
|
||||
{ "hpndisabled", oHPNDisabled },
|
||||
{ "hpnbuffersize", oHPNBufferSize },
|
||||
{ "tcprcvbufpoll", oTcpRcvBufPoll },
|
||||
@ -334,22 +338,20 @@ clear_forwardings(Options *options)
|
||||
int i;
|
||||
|
||||
for (i = 0; i < options->num_local_forwards; i++) {
|
||||
if (options->local_forwards[i].listen_host != NULL)
|
||||
xfree(options->local_forwards[i].listen_host);
|
||||
xfree(options->local_forwards[i].connect_host);
|
||||
free(options->local_forwards[i].listen_host);
|
||||
free(options->local_forwards[i].connect_host);
|
||||
}
|
||||
if (options->num_local_forwards > 0) {
|
||||
xfree(options->local_forwards);
|
||||
free(options->local_forwards);
|
||||
options->local_forwards = NULL;
|
||||
}
|
||||
options->num_local_forwards = 0;
|
||||
for (i = 0; i < options->num_remote_forwards; i++) {
|
||||
if (options->remote_forwards[i].listen_host != NULL)
|
||||
xfree(options->remote_forwards[i].listen_host);
|
||||
xfree(options->remote_forwards[i].connect_host);
|
||||
free(options->remote_forwards[i].listen_host);
|
||||
free(options->remote_forwards[i].connect_host);
|
||||
}
|
||||
if (options->num_remote_forwards > 0) {
|
||||
xfree(options->remote_forwards);
|
||||
free(options->remote_forwards);
|
||||
options->remote_forwards = NULL;
|
||||
}
|
||||
options->num_remote_forwards = 0;
|
||||
@ -381,14 +383,17 @@ add_identity_file(Options *options, const char *dir, const char *filename,
|
||||
*/
|
||||
|
||||
static OpCodes
|
||||
parse_token(const char *cp, const char *filename, int linenum)
|
||||
parse_token(const char *cp, const char *filename, int linenum,
|
||||
const char *ignored_unknown)
|
||||
{
|
||||
u_int i;
|
||||
int i;
|
||||
|
||||
for (i = 0; keywords[i].name; i++)
|
||||
if (strcasecmp(cp, keywords[i].name) == 0)
|
||||
if (strcmp(cp, keywords[i].name) == 0)
|
||||
return keywords[i].opcode;
|
||||
|
||||
if (ignored_unknown != NULL && match_pattern_list(cp, ignored_unknown,
|
||||
strlen(ignored_unknown), 1) == 1)
|
||||
return oIgnoredUnknownOption;
|
||||
error("%s: line %d: Bad configuration option: %s",
|
||||
filename, linenum, cp);
|
||||
return oBadOption;
|
||||
@ -407,10 +412,10 @@ process_config_line(Options *options, const char *host,
|
||||
{
|
||||
char *s, **charptr, *endofnumber, *keyword, *arg, *arg2;
|
||||
char **cpptr, fwdarg[256];
|
||||
u_int *uintptr, max_entries = 0;
|
||||
int negated, opcode, *intptr, value, value2, scale;
|
||||
u_int i, *uintptr, max_entries = 0;
|
||||
int negated, opcode, *intptr, value, value2;
|
||||
LogLevel *log_level_ptr;
|
||||
long long orig, val64;
|
||||
long long val64;
|
||||
size_t len;
|
||||
Forward fwd;
|
||||
|
||||
@ -430,14 +435,22 @@ process_config_line(Options *options, const char *host,
|
||||
keyword = strdelim(&s);
|
||||
if (keyword == NULL || !*keyword || *keyword == '\n' || *keyword == '#')
|
||||
return 0;
|
||||
/* Match lowercase keyword */
|
||||
for (i = 0; i < strlen(keyword); i++)
|
||||
keyword[i] = tolower(keyword[i]);
|
||||
|
||||
opcode = parse_token(keyword, filename, linenum);
|
||||
opcode = parse_token(keyword, filename, linenum,
|
||||
options->ignored_unknown);
|
||||
|
||||
switch (opcode) {
|
||||
case oBadOption:
|
||||
/* don't panic, but count bad options */
|
||||
return -1;
|
||||
/* NOTREACHED */
|
||||
case oIgnoredUnknownOption:
|
||||
debug("%s line %d: Ignored unknown option \"%s\"",
|
||||
filename, linenum, keyword);
|
||||
return 0;
|
||||
case oConnectTimeout:
|
||||
intptr = &options->connection_timeout;
|
||||
parse_time:
|
||||
@ -592,39 +605,32 @@ process_config_line(Options *options, const char *host,
|
||||
case oRekeyLimit:
|
||||
arg = strdelim(&s);
|
||||
if (!arg || *arg == '\0')
|
||||
fatal("%.200s line %d: Missing argument.", filename, linenum);
|
||||
if (arg[0] < '0' || arg[0] > '9')
|
||||
fatal("%.200s line %d: Bad number.", filename, linenum);
|
||||
orig = val64 = strtoll(arg, &endofnumber, 10);
|
||||
if (arg == endofnumber)
|
||||
fatal("%.200s line %d: Bad number.", filename, linenum);
|
||||
switch (toupper(*endofnumber)) {
|
||||
case '\0':
|
||||
scale = 1;
|
||||
break;
|
||||
case 'K':
|
||||
scale = 1<<10;
|
||||
break;
|
||||
case 'M':
|
||||
scale = 1<<20;
|
||||
break;
|
||||
case 'G':
|
||||
scale = 1<<30;
|
||||
break;
|
||||
default:
|
||||
fatal("%.200s line %d: Invalid RekeyLimit suffix",
|
||||
filename, linenum);
|
||||
fatal("%.200s line %d: Missing argument.", filename,
|
||||
linenum);
|
||||
if (strcmp(arg, "default") == 0) {
|
||||
val64 = 0;
|
||||
} else {
|
||||
if (scan_scaled(arg, &val64) == -1)
|
||||
fatal("%.200s line %d: Bad number '%s': %s",
|
||||
filename, linenum, arg, strerror(errno));
|
||||
/* check for too-large or too-small limits */
|
||||
if (val64 > UINT_MAX)
|
||||
fatal("%.200s line %d: RekeyLimit too large",
|
||||
filename, linenum);
|
||||
if (val64 != 0 && val64 < 16)
|
||||
fatal("%.200s line %d: RekeyLimit too small",
|
||||
filename, linenum);
|
||||
}
|
||||
val64 *= scale;
|
||||
/* detect integer wrap and too-large limits */
|
||||
if ((val64 / scale) != orig || val64 > UINT_MAX)
|
||||
fatal("%.200s line %d: RekeyLimit too large",
|
||||
filename, linenum);
|
||||
if (val64 < 16)
|
||||
fatal("%.200s line %d: RekeyLimit too small",
|
||||
filename, linenum);
|
||||
if (*activep && options->rekey_limit == -1)
|
||||
options->rekey_limit = (u_int32_t)val64;
|
||||
if (s != NULL) { /* optional rekey interval present */
|
||||
if (strcmp(s, "none") == 0) {
|
||||
(void)strdelim(&s); /* discard */
|
||||
break;
|
||||
}
|
||||
intptr = &options->rekey_interval;
|
||||
goto parse_time;
|
||||
}
|
||||
break;
|
||||
|
||||
case oIdentityFile:
|
||||
@ -1149,6 +1155,10 @@ process_config_line(Options *options, const char *host,
|
||||
}
|
||||
return 0;
|
||||
|
||||
case oIgnoreUnknown:
|
||||
charptr = &options->ignored_unknown;
|
||||
goto parse_string;
|
||||
|
||||
case oDeprecated:
|
||||
debug("%s line %d: Deprecated option \"%s\"",
|
||||
filename, linenum, keyword);
|
||||
@ -1289,6 +1299,7 @@ initialize_options(Options * options)
|
||||
options->no_host_authentication_for_localhost = - 1;
|
||||
options->identities_only = - 1;
|
||||
options->rekey_limit = - 1;
|
||||
options->rekey_interval = -1;
|
||||
options->verify_host_key_dns = -1;
|
||||
options->server_alive_interval = -1;
|
||||
options->server_alive_count_max = -1;
|
||||
@ -1310,6 +1321,7 @@ initialize_options(Options * options)
|
||||
options->ip_qos_bulk = -1;
|
||||
options->request_tty = -1;
|
||||
options->version_addendum = NULL;
|
||||
options->ignored_unknown = NULL;
|
||||
options->hpn_disabled = -1;
|
||||
options->hpn_buffer_size = -1;
|
||||
options->tcp_rcv_buf_poll = -1;
|
||||
@ -1328,8 +1340,6 @@ initialize_options(Options * options)
|
||||
void
|
||||
fill_default_options(Options * options)
|
||||
{
|
||||
int len;
|
||||
|
||||
if (options->forward_agent == -1)
|
||||
options->forward_agent = 0;
|
||||
if (options->forward_x11 == -1)
|
||||
@ -1435,6 +1445,8 @@ fill_default_options(Options * options)
|
||||
options->enable_ssh_keysign = 0;
|
||||
if (options->rekey_limit == -1)
|
||||
options->rekey_limit = 0;
|
||||
if (options->rekey_interval == -1)
|
||||
options->rekey_interval = 0;
|
||||
#if HAVE_LDNS
|
||||
if (options->verify_host_key_dns == -1)
|
||||
/* automatically trust a verified SSHFP record */
|
||||
@ -1576,7 +1588,7 @@ parse_forward(Forward *fwd, const char *fwdspec, int dynamicfwd, int remotefwd)
|
||||
i = 0; /* failure */
|
||||
}
|
||||
|
||||
xfree(p);
|
||||
free(p);
|
||||
|
||||
if (dynamicfwd) {
|
||||
if (!(i == 1 || i == 2))
|
||||
@ -1602,13 +1614,9 @@ parse_forward(Forward *fwd, const char *fwdspec, int dynamicfwd, int remotefwd)
|
||||
return (i);
|
||||
|
||||
fail_free:
|
||||
if (fwd->connect_host != NULL) {
|
||||
xfree(fwd->connect_host);
|
||||
fwd->connect_host = NULL;
|
||||
}
|
||||
if (fwd->listen_host != NULL) {
|
||||
xfree(fwd->listen_host);
|
||||
fwd->listen_host = NULL;
|
||||
}
|
||||
free(fwd->connect_host);
|
||||
fwd->connect_host = NULL;
|
||||
free(fwd->listen_host);
|
||||
fwd->listen_host = NULL;
|
||||
return (0);
|
||||
}
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: readconf.h,v 1.93 2013/02/22 04:45:09 dtucker Exp $ */
|
||||
/* $OpenBSD: readconf.h,v 1.95 2013/05/16 04:27:50 djm Exp $ */
|
||||
/* $FreeBSD$ */
|
||||
|
||||
/*
|
||||
@ -111,6 +111,7 @@ typedef struct {
|
||||
|
||||
int enable_ssh_keysign;
|
||||
int64_t rekey_limit;
|
||||
int rekey_interval;
|
||||
int no_host_authentication_for_localhost;
|
||||
int identities_only;
|
||||
int server_alive_interval;
|
||||
@ -137,6 +138,9 @@ typedef struct {
|
||||
int use_roaming;
|
||||
|
||||
int request_tty;
|
||||
|
||||
char *ignored_unknown; /* Pattern list of unknown tokens to ignore */
|
||||
|
||||
char *version_addendum; /* Appended to SSH banner */
|
||||
|
||||
int hpn_disabled; /* Switch to disable HPN buffer management. */
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: readpass.c,v 1.48 2010/12/15 00:49:27 djm Exp $ */
|
||||
/* $OpenBSD: readpass.c,v 1.49 2013/05/17 00:13:14 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2001 Markus Friedl. All rights reserved.
|
||||
*
|
||||
@ -186,7 +186,7 @@ ask_permission(const char *fmt, ...)
|
||||
if (*p == '\0' || *p == '\n' ||
|
||||
strcasecmp(p, "yes") == 0)
|
||||
allowed = 1;
|
||||
xfree(p);
|
||||
free(p);
|
||||
}
|
||||
|
||||
return (allowed);
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: roaming_client.c,v 1.4 2011/12/07 05:44:38 djm Exp $ */
|
||||
/* $OpenBSD: roaming_client.c,v 1.5 2013/05/17 00:13:14 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2004-2009 AppGate Network Security AB
|
||||
*
|
||||
@ -187,10 +187,10 @@ roaming_resume(void)
|
||||
debug("server doesn't allow resume");
|
||||
goto fail;
|
||||
}
|
||||
xfree(str);
|
||||
free(str);
|
||||
for (i = 1; i < PROPOSAL_MAX; i++) {
|
||||
/* kex algorithm taken care of so start with i=1 and not 0 */
|
||||
xfree(packet_get_string(&len));
|
||||
free(packet_get_string(&len));
|
||||
}
|
||||
i = packet_get_char(); /* first_kex_packet_follows */
|
||||
if (i && (c = strchr(kexlist, ',')))
|
||||
@ -226,8 +226,7 @@ roaming_resume(void)
|
||||
return 0;
|
||||
|
||||
fail:
|
||||
if (kexlist)
|
||||
xfree(kexlist);
|
||||
free(kexlist);
|
||||
if (packet_get_connection_in() == packet_get_connection_out())
|
||||
close(packet_get_connection_in());
|
||||
else {
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: roaming_common.c,v 1.9 2011/12/07 05:44:38 djm Exp $ */
|
||||
/* $OpenBSD: roaming_common.c,v 1.10 2013/07/12 00:19:59 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2004-2009 AppGate Network Security AB
|
||||
*
|
||||
@ -227,7 +227,7 @@ calculate_new_key(u_int64_t *key, u_int64_t cookie, u_int64_t challenge)
|
||||
{
|
||||
const EVP_MD *md = EVP_sha1();
|
||||
EVP_MD_CTX ctx;
|
||||
char hash[EVP_MAX_MD_SIZE];
|
||||
u_char hash[EVP_MAX_MD_SIZE];
|
||||
Buffer b;
|
||||
|
||||
buffer_init(&b);
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: rsa.c,v 1.29 2006/11/06 21:25:28 markus Exp $ */
|
||||
/* $OpenBSD: rsa.c,v 1.30 2013/05/17 00:13:14 djm Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
@ -96,8 +96,8 @@ rsa_public_encrypt(BIGNUM *out, BIGNUM *in, RSA *key)
|
||||
|
||||
memset(outbuf, 0, olen);
|
||||
memset(inbuf, 0, ilen);
|
||||
xfree(outbuf);
|
||||
xfree(inbuf);
|
||||
free(outbuf);
|
||||
free(inbuf);
|
||||
}
|
||||
|
||||
int
|
||||
@ -122,8 +122,8 @@ rsa_private_decrypt(BIGNUM *out, BIGNUM *in, RSA *key)
|
||||
}
|
||||
memset(outbuf, 0, olen);
|
||||
memset(inbuf, 0, ilen);
|
||||
xfree(outbuf);
|
||||
xfree(inbuf);
|
||||
free(outbuf);
|
||||
free(inbuf);
|
||||
return len;
|
||||
}
|
||||
|
||||
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user