Vendor import of OpenSSH 3.4p1.
This commit is contained in:
parent
83d2307d00
commit
ee21a45f81
@ -1,6 +1,169 @@
|
||||
20020626
|
||||
- (stevesk) [monitor.c] remove duplicate proto15 dispatch entry for PAM
|
||||
- (bal) OpenBSD CVS Sync
|
||||
- markus@cvs.openbsd.org 2002/06/23 21:34:07
|
||||
[channels.c]
|
||||
tcode is u_int
|
||||
- markus@cvs.openbsd.org 2002/06/24 13:12:23
|
||||
[ssh-agent.1]
|
||||
the socket name contains ssh-agent's ppid; via mpech@ from form@
|
||||
- markus@cvs.openbsd.org 2002/06/24 14:33:27
|
||||
[channels.c channels.h clientloop.c serverloop.c]
|
||||
move channel counter to u_int
|
||||
- markus@cvs.openbsd.org 2002/06/24 14:55:38
|
||||
[authfile.c kex.c ssh-agent.c]
|
||||
cat to (void) when output from buffer_get_X is ignored
|
||||
- itojun@cvs.openbsd.org 2002/06/24 15:49:22
|
||||
[msg.c]
|
||||
printf type pedant
|
||||
- deraadt@cvs.openbsd.org 2002/06/24 17:57:20
|
||||
[sftp-server.c sshpty.c]
|
||||
explicit (u_int) for uid and gid
|
||||
- markus@cvs.openbsd.org 2002/06/25 16:22:42
|
||||
[authfd.c]
|
||||
unnecessary cast
|
||||
- markus@cvs.openbsd.org 2002/06/25 18:51:04
|
||||
[sshd.c]
|
||||
lightweight do_setusercontext after chroot()
|
||||
- (bal) Updated AIX package build. Patch by dtucker@zip.com.au
|
||||
- (tim) [Makefile.in] fix test on installing ssh-rand-helper.8
|
||||
- (bal) added back in error check for mmap(). I screwed up, Pointed
|
||||
out by stevesk@
|
||||
- (tim) [README.privsep] UnixWare tip no longer needed.
|
||||
- (bal) fixed NeXTStep missing munmap() issue. It defines HAVE_MMAP,
|
||||
but it all damned lies.
|
||||
- (stevesk) [README.privsep] more for sshd pseudo-account.
|
||||
- (tim) [contrib/caldera/openssh.spec] add support for privsep
|
||||
- (djm) setlogin needs pgid==pid on BSD/OS; from itojun@
|
||||
- (djm) OpenBSD CVS Sync
|
||||
- markus@cvs.openbsd.org 2002/06/26 08:53:12
|
||||
[bufaux.c]
|
||||
limit size of BNs to 8KB; ok provos/deraadt
|
||||
- markus@cvs.openbsd.org 2002/06/26 08:54:18
|
||||
[buffer.c]
|
||||
limit append to 1MB and buffers to 10MB
|
||||
- markus@cvs.openbsd.org 2002/06/26 08:55:02
|
||||
[channels.c]
|
||||
limit # of channels to 10000
|
||||
- markus@cvs.openbsd.org 2002/06/26 08:58:26
|
||||
[session.c]
|
||||
limit # of env vars to 1000; ok deraadt/djm
|
||||
- deraadt@cvs.openbsd.org 2002/06/26 13:20:57
|
||||
[monitor.c]
|
||||
be careful in mm_zalloc
|
||||
- deraadt@cvs.openbsd.org 2002/06/26 13:49:26
|
||||
[session.c]
|
||||
disclose less information from environment files; based on input
|
||||
from djm, and dschultz@uclink.Berkeley.EDU
|
||||
- markus@cvs.openbsd.org 2002/06/26 13:55:37
|
||||
[auth2-chall.c]
|
||||
make sure # of response matches # of queries, fixes int overflow;
|
||||
from ISS
|
||||
- markus@cvs.openbsd.org 2002/06/26 13:56:27
|
||||
[version.h]
|
||||
3.4
|
||||
- (djm) Require krb5 devel for RPM build w/ KrbV
|
||||
- (djm) Improve PAMAuthenticationViaKbdInt text from Nalin Dahyabhai
|
||||
<nalin@redhat.com>
|
||||
- (djm) Update spec files for release
|
||||
- (djm) Fix int overflow in auth2-pam.c, similar to one discovered by ISS
|
||||
- (djm) Release 3.4p1
|
||||
|
||||
20020625
|
||||
- (stevesk) [INSTALL acconfig.h configure.ac defines.h] remove --with-rsh
|
||||
- (stevesk) [README.privsep] minor updates
|
||||
- (djm) Create privsep directory and warn if privsep user is missing
|
||||
during make install
|
||||
- (bal) Started list of PrivSep issues in TODO
|
||||
- (bal) if mmap() is substandard, don't allow compression on server side.
|
||||
Post 'event' we will add more options.
|
||||
- (tim) [contrib/caldera/openssh.spec] Sync with Caldera
|
||||
- (bal) moved aix_usrinfo() and noted not setting real TTY. Patch by
|
||||
dtucker@zip.com.au
|
||||
- (tim) [acconfig.h configure.ac sshd.c] BROKEN_FD_PASSING fix from Markus
|
||||
for Cygwin, Cray, & SCO
|
||||
|
||||
20020624
|
||||
- OpenBSD CVS Sync
|
||||
- deraadt@cvs.openbsd.org 2002/06/23 03:25:50
|
||||
[tildexpand.c]
|
||||
KNF
|
||||
- deraadt@cvs.openbsd.org 2002/06/23 03:26:19
|
||||
[cipher.c key.c]
|
||||
KNF
|
||||
- deraadt@cvs.openbsd.org 2002/06/23 03:30:58
|
||||
[scard.c ssh-dss.c ssh-rsa.c sshconnect.c sshconnect2.c sshd.c sshlogin.c
|
||||
sshpty.c]
|
||||
various KNF and %d for unsigned
|
||||
- deraadt@cvs.openbsd.org 2002/06/23 09:30:14
|
||||
[sftp-client.c sftp-client.h sftp-common.c sftp-int.c sftp-server.c
|
||||
sftp.c]
|
||||
bunch of u_int vs int stuff
|
||||
- deraadt@cvs.openbsd.org 2002/06/23 09:39:55
|
||||
[ssh-keygen.c]
|
||||
u_int stuff
|
||||
- deraadt@cvs.openbsd.org 2002/06/23 09:46:51
|
||||
[bufaux.c servconf.c]
|
||||
minor KNF. things the fingers do while you read
|
||||
- deraadt@cvs.openbsd.org 2002/06/23 10:29:52
|
||||
[ssh-agent.c sshd.c]
|
||||
some minor KNF and %u
|
||||
- deraadt@cvs.openbsd.org 2002/06/23 20:39:45
|
||||
[session.c]
|
||||
compression_level is u_int
|
||||
- deraadt@cvs.openbsd.org 2002/06/23 21:06:13
|
||||
[sshpty.c]
|
||||
KNF
|
||||
- deraadt@cvs.openbsd.org 2002/06/23 21:06:41
|
||||
[channels.c channels.h session.c session.h]
|
||||
display, screen, row, col, xpixel, ypixel are u_int; markus ok
|
||||
- deraadt@cvs.openbsd.org 2002/06/23 21:10:02
|
||||
[packet.c]
|
||||
packet_get_int() returns unsigned for reason & seqnr
|
||||
- (bal) Also fixed IPADDR_IN_DISPLAY case where display, screen, row, col,
|
||||
xpixel are u_int.
|
||||
|
||||
|
||||
20020623
|
||||
- (stevesk) [configure.ac] bug #255 LOGIN_NEEDS_UTMPX for AIX.
|
||||
- (bal) removed GNUism for getops in ssh-agent since glibc lacks optreset.
|
||||
- (bal) add extern char *getopt. Based on report by dtucker@zip.com.au
|
||||
- OpenBSD CVS Sync
|
||||
- stevesk@cvs.openbsd.org 2002/06/22 02:00:29
|
||||
[ssh.h]
|
||||
correct comment
|
||||
- stevesk@cvs.openbsd.org 2002/06/22 02:40:23
|
||||
[ssh.1]
|
||||
section 5 not 4 for ssh_config
|
||||
- naddy@cvs.openbsd.org 2002/06/22 11:51:39
|
||||
[ssh.1]
|
||||
typo
|
||||
- stevesk@cvs.openbsd.org 2002/06/22 16:32:54
|
||||
[sshd.8]
|
||||
add /var/empty in FILES section
|
||||
- stevesk@cvs.openbsd.org 2002/06/22 16:40:19
|
||||
[sshd.c]
|
||||
check /var/empty owner mode; ok provos@
|
||||
- stevesk@cvs.openbsd.org 2002/06/22 16:41:57
|
||||
[scp.1]
|
||||
typo
|
||||
- stevesk@cvs.openbsd.org 2002/06/22 16:45:29
|
||||
[ssh-agent.1 sshd.8 sshd_config.5]
|
||||
use process ID vs. pid/PID/process identifier
|
||||
- stevesk@cvs.openbsd.org 2002/06/22 20:05:27
|
||||
[sshd.c]
|
||||
don't call setsid() if debugging or run from inetd; no "Operation not
|
||||
permitted" errors now; ok millert@ markus@
|
||||
- stevesk@cvs.openbsd.org 2002/06/22 23:09:51
|
||||
[monitor.c]
|
||||
save auth method before monitor_reset_key_state(); bugzilla bug #284;
|
||||
ok provos@
|
||||
|
||||
20020622
|
||||
- (djm) Update README.privsep; spotted by fries@
|
||||
- (djm) Release 3.3p1
|
||||
- (bal) getopt now can be staticly compiled on those platforms missing
|
||||
optreset. Patch by binder@arago.de
|
||||
|
||||
20020621
|
||||
- (djm) Sync:
|
||||
@ -1004,4 +1167,4 @@
|
||||
- (stevesk) entropy.c: typo in debug message
|
||||
- (djm) ssh-keygen -i needs seeded RNG; report from markus@
|
||||
|
||||
$Id: ChangeLog,v 1.2240 2002/06/21 15:44:45 djm Exp $
|
||||
$Id: ChangeLog,v 1.2301 2002/06/26 13:59:10 djm Exp $
|
||||
|
@ -105,11 +105,6 @@ name).
|
||||
|
||||
There are a few other options to the configure script:
|
||||
|
||||
--with-rsh=PATH allows you to specify the path to your rsh program.
|
||||
Normally ./configure will search the current $PATH for 'rsh'. You
|
||||
may need to specify this option if rsh is not in your path or has a
|
||||
different name.
|
||||
|
||||
--with-pam enables PAM support.
|
||||
|
||||
--enable-gnome-askpass will build the GNOME passphrase dialog. You
|
||||
@ -226,4 +221,4 @@ Please refer to the "reporting bugs" section of the webpage at
|
||||
http://www.openssh.com/
|
||||
|
||||
|
||||
$Id: INSTALL,v 1.53 2002/05/13 05:22:21 djm Exp $
|
||||
$Id: INSTALL,v 1.54 2002/06/24 16:26:49 stevesk Exp $
|
||||
|
@ -1,4 +1,4 @@
|
||||
# $Id: Makefile.in,v 1.215 2002/06/21 01:38:53 mouring Exp $
|
||||
# $Id: Makefile.in,v 1.217 2002/06/25 23:45:42 tim Exp $
|
||||
|
||||
# uncomment if you run a non bourne compatable shell. Ie. csh
|
||||
#SHELL = @SH@
|
||||
@ -26,6 +26,7 @@ SFTP_SERVER=$(libexecdir)/sftp-server
|
||||
SSH_KEYSIGN=$(libexecdir)/ssh-keysign
|
||||
RAND_HELPER=$(libexecdir)/ssh-rand-helper
|
||||
PRIVSEP_PATH=@PRIVSEP_PATH@
|
||||
SSH_PRIVSEP_USER=@SSH_PRIVSEP_USER@
|
||||
|
||||
PATHS= -DSSHDIR=\"$(sysconfdir)\" \
|
||||
-D_PATH_SSH_PROGRAM=\"$(SSH_PROGRAM)\" \
|
||||
@ -197,9 +198,13 @@ distprep: catman-do
|
||||
$(AUTORECONF)
|
||||
(cd scard && $(MAKE) -f Makefile.in distprep)
|
||||
|
||||
install: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files host-key
|
||||
install: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files host-key check-user
|
||||
install-nokeys: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files
|
||||
|
||||
check-user:
|
||||
id $(SSH_PRIVSEP_USER) || \
|
||||
echo "WARNING: Privilege separation user \"$(SSH_PRIVSEP_USER)\" does not exist"
|
||||
|
||||
scard-install:
|
||||
(cd scard && $(MAKE) DESTDIR=$(DESTDIR) install)
|
||||
|
||||
@ -212,6 +217,8 @@ install-files: scard-install
|
||||
$(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)5
|
||||
$(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)8
|
||||
$(srcdir)/mkinstalldirs $(DESTDIR)$(libexecdir)
|
||||
$(srcdir)/mkinstalldirs $(DESTDIR)$(PRIVSEP_PATH)
|
||||
chmod 0700 $(DESTDIR)$(PRIVSEP_PATH)
|
||||
$(INSTALL) -m 0755 -s ssh $(DESTDIR)$(bindir)/ssh
|
||||
$(INSTALL) -m 0755 -s scp $(DESTDIR)$(bindir)/scp
|
||||
$(INSTALL) -m 0755 -s ssh-add $(DESTDIR)$(bindir)/ssh-add
|
||||
@ -234,7 +241,7 @@ install-files: scard-install
|
||||
$(INSTALL) -m 644 sshd_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/sshd_config.5
|
||||
$(INSTALL) -m 644 ssh_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/ssh_config.5
|
||||
$(INSTALL) -m 644 sshd.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sshd.8
|
||||
if [ ! -z "$(INSTALL_SSH_PRNG_CMDS)" ]; then \
|
||||
if [ ! -z "$(INSTALL_SSH_RAND_HELPER)" ]; then \
|
||||
$(INSTALL) -m 644 ssh-rand-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-rand-helper.8 ; \
|
||||
fi
|
||||
@NO_SFTP@$(INSTALL) -m 644 sftp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/sftp.1
|
||||
|
@ -12,19 +12,20 @@ On systems which lack mmap or anonymous (MAP_ANON) memory mapping,
|
||||
compression must be disabled in order for privilege separation to
|
||||
function.
|
||||
|
||||
When privsep is enabled, the pre-authentication sshd process will
|
||||
When privsep is enabled, during the pre-authentication phase sshd will
|
||||
chroot(2) to "/var/empty" and change its privileges to the "sshd" user
|
||||
and its primary group. You should do something like the following to
|
||||
prepare the privsep preauth environment:
|
||||
and its primary group. sshd is a pseudo-account that should not be
|
||||
used by other daemons, and must be locked and should contain a
|
||||
"nologin" or invalid shell.
|
||||
|
||||
You should do something like the following to prepare the privsep
|
||||
preauth environment:
|
||||
|
||||
# mkdir /var/empty
|
||||
# chown root:sys /var/empty
|
||||
# chmod 755 /var/empty
|
||||
# groupadd sshd
|
||||
# useradd -g sshd sshd
|
||||
|
||||
If you are on UnixWare 7 or OpenUNIX 8 do this additional step.
|
||||
# ln /usr/lib/.ns.so /usr/lib/ns.so.1
|
||||
# useradd -g sshd -c 'sshd privsep' -d /var/empty -s /bin/false sshd
|
||||
|
||||
/var/empty should not contain any files.
|
||||
|
||||
@ -34,8 +35,8 @@ privsep user and chroot directory:
|
||||
--with-privsep-path=xxx Path for privilege separation chroot
|
||||
--with-privsep-user=user Specify non-privileged user for privilege separation
|
||||
|
||||
Privsep requires operating system support for file descriptor passing
|
||||
and mmap(MAP_ANON).
|
||||
Privsep requires operating system support for file descriptor passing.
|
||||
Compression will be disabled on systems without a working mmap MAP_ANON.
|
||||
|
||||
PAM-enabled OpenSSH is known to function with privsep on Linux.
|
||||
It does not function on HP-UX with a trusted system
|
||||
@ -57,4 +58,4 @@ process 1005 is the sshd process listening for new connections.
|
||||
process 6917 is the privileged monitor process, 6919 is the user owned
|
||||
sshd process and 6921 is the shell process.
|
||||
|
||||
$Id: README.privsep,v 1.7 2002/06/21 14:48:02 djm Exp $
|
||||
$Id: README.privsep,v 1.10 2002/06/26 00:43:57 stevesk Exp $
|
||||
|
@ -87,4 +87,20 @@ Packaging:
|
||||
- HP-UX: Provide DEPOT package scripts.
|
||||
(gilbert.r.loomis@saic.com)
|
||||
|
||||
$Id: TODO,v 1.46 2002/01/22 11:26:20 djm Exp $
|
||||
|
||||
PrivSep Issues:
|
||||
- mmap() issues.
|
||||
+ /dev/zero solution (Solaris)
|
||||
+ No/broken MAP_ANON (Irix)
|
||||
+ broken /dev/zero parse (Linux)
|
||||
- PAM
|
||||
+ See above PAM notes
|
||||
- AIX
|
||||
+ usrinfo() does not set TTY, but only required for legicy systems. Works
|
||||
with PrivSep.
|
||||
- OSF
|
||||
+ SIA is broken
|
||||
- Cygwin
|
||||
+ Privsep for Pre-auth only (no fd passing)
|
||||
|
||||
$Id: TODO,v 1.50 2002/06/25 17:12:27 mouring Exp $
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $Id: acconfig.h,v 1.138 2002/06/12 16:57:15 mouring Exp $ */
|
||||
/* $Id: acconfig.h,v 1.141 2002/06/25 22:35:16 tim Exp $ */
|
||||
|
||||
#ifndef _CONFIG_H
|
||||
#define _CONFIG_H
|
||||
@ -228,9 +228,6 @@
|
||||
/* Define if xauth is found in your path */
|
||||
#undef XAUTH_PATH
|
||||
|
||||
/* Define if rsh is found in your path */
|
||||
#undef RSH_PATH
|
||||
|
||||
/* Define if you want to allow MD5 passwords */
|
||||
#undef HAVE_MD5_PASSWORDS
|
||||
|
||||
@ -358,6 +355,12 @@
|
||||
/* Path that unprivileged child will chroot() to in privep mode */
|
||||
#undef PRIVSEP_PATH
|
||||
|
||||
/* Define if you have the `mmap' function that supports MAP_ANON|SHARED */
|
||||
#undef HAVE_MMAP_ANON_SHARED
|
||||
|
||||
/* Define if sendmsg()/recvmsg() has problems passing file descriptors */
|
||||
#undef BROKEN_FD_PASSING
|
||||
|
||||
@BOTTOM@
|
||||
|
||||
/* ******************* Shouldn't need to edit below this line ************** */
|
||||
|
@ -23,7 +23,7 @@
|
||||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: auth2-chall.c,v 1.18 2002/06/19 00:27:55 deraadt Exp $");
|
||||
RCSID("$OpenBSD: auth2-chall.c,v 1.19 2002/06/26 13:55:37 markus Exp $");
|
||||
|
||||
#include "ssh2.h"
|
||||
#include "auth.h"
|
||||
@ -63,6 +63,7 @@ struct KbdintAuthctxt
|
||||
char *devices;
|
||||
void *ctxt;
|
||||
KbdintDevice *device;
|
||||
u_int nreq;
|
||||
};
|
||||
|
||||
static KbdintAuthctxt *
|
||||
@ -90,6 +91,7 @@ kbdint_alloc(const char *devs)
|
||||
debug("kbdint_alloc: devices '%s'", kbdintctxt->devices);
|
||||
kbdintctxt->ctxt = NULL;
|
||||
kbdintctxt->device = NULL;
|
||||
kbdintctxt->nreq = 0;
|
||||
|
||||
return kbdintctxt;
|
||||
}
|
||||
@ -209,26 +211,26 @@ send_userauth_info_request(Authctxt *authctxt)
|
||||
KbdintAuthctxt *kbdintctxt;
|
||||
char *name, *instr, **prompts;
|
||||
int i;
|
||||
u_int numprompts, *echo_on;
|
||||
u_int *echo_on;
|
||||
|
||||
kbdintctxt = authctxt->kbdintctxt;
|
||||
if (kbdintctxt->device->query(kbdintctxt->ctxt,
|
||||
&name, &instr, &numprompts, &prompts, &echo_on))
|
||||
&name, &instr, &kbdintctxt->nreq, &prompts, &echo_on))
|
||||
return 0;
|
||||
|
||||
packet_start(SSH2_MSG_USERAUTH_INFO_REQUEST);
|
||||
packet_put_cstring(name);
|
||||
packet_put_cstring(instr);
|
||||
packet_put_cstring(""); /* language not used */
|
||||
packet_put_int(numprompts);
|
||||
for (i = 0; i < numprompts; i++) {
|
||||
packet_put_int(kbdintctxt->nreq);
|
||||
for (i = 0; i < kbdintctxt->nreq; i++) {
|
||||
packet_put_cstring(prompts[i]);
|
||||
packet_put_char(echo_on[i]);
|
||||
}
|
||||
packet_send();
|
||||
packet_write_wait();
|
||||
|
||||
for (i = 0; i < numprompts; i++)
|
||||
for (i = 0; i < kbdintctxt->nreq; i++)
|
||||
xfree(prompts[i]);
|
||||
xfree(prompts);
|
||||
xfree(echo_on);
|
||||
@ -256,6 +258,10 @@ input_userauth_info_response(int type, u_int32_t seq, void *ctxt)
|
||||
|
||||
authctxt->postponed = 0; /* reset */
|
||||
nresp = packet_get_int();
|
||||
if (nresp != kbdintctxt->nreq)
|
||||
fatal("input_userauth_info_response: wrong number of replies");
|
||||
if (nresp > 100)
|
||||
fatal("input_userauth_info_response: too many replies");
|
||||
if (nresp > 0) {
|
||||
response = xmalloc(nresp * sizeof(char*));
|
||||
for (i = 0; i < nresp; i++)
|
||||
|
@ -1,5 +1,5 @@
|
||||
#include "includes.h"
|
||||
RCSID("$Id: auth2-pam.c,v 1.12 2002/01/22 12:43:13 djm Exp $");
|
||||
RCSID("$Id: auth2-pam.c,v 1.13 2002/06/26 13:58:00 djm Exp $");
|
||||
|
||||
#ifdef USE_PAM
|
||||
#include <security/pam_appl.h>
|
||||
@ -140,6 +140,15 @@ input_userauth_info_response_pam(int type, u_int32_t seqnr, void *ctxt)
|
||||
nresp = packet_get_int(); /* Number of responses. */
|
||||
debug("got %d responses", nresp);
|
||||
|
||||
|
||||
if (nresp != context_pam2.num_expected)
|
||||
fatal("%s: Received incorrect number of responses "
|
||||
"(expected %u, received %u)", __func__, nresp,
|
||||
context_pam2.num_expected);
|
||||
|
||||
if (nresp > 100)
|
||||
fatal("%s: too many replies", __func__);
|
||||
|
||||
for (i = 0; i < nresp; i++) {
|
||||
int j = context_pam2.prompts[i];
|
||||
|
||||
|
@ -35,7 +35,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: authfd.c,v 1.55 2002/06/19 00:27:55 deraadt Exp $");
|
||||
RCSID("$OpenBSD: authfd.c,v 1.56 2002/06/25 16:22:42 markus Exp $");
|
||||
|
||||
#include <openssl/evp.h>
|
||||
|
||||
@ -144,7 +144,7 @@ ssh_request_reply(AuthenticationConnection *auth, Buffer *request, Buffer *reply
|
||||
error("Error reading response from authentication socket.");
|
||||
return 0;
|
||||
}
|
||||
buffer_append(reply, (char *) buf, l);
|
||||
buffer_append(reply, buf, l);
|
||||
len -= l;
|
||||
}
|
||||
return 1;
|
||||
|
@ -36,7 +36,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: authfile.c,v 1.49 2002/05/23 19:24:30 markus Exp $");
|
||||
RCSID("$OpenBSD: authfile.c,v 1.50 2002/06/24 14:55:38 markus Exp $");
|
||||
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/evp.h>
|
||||
@ -270,7 +270,7 @@ key_load_public_rsa1(int fd, const char *filename, char **commentp)
|
||||
(void) buffer_get_int(&buffer); /* reserved */
|
||||
|
||||
/* Read the public key from the buffer. */
|
||||
buffer_get_int(&buffer);
|
||||
(void) buffer_get_int(&buffer);
|
||||
pub = key_new(KEY_RSA1);
|
||||
buffer_get_bignum(&buffer, pub->rsa->n);
|
||||
buffer_get_bignum(&buffer, pub->rsa->e);
|
||||
@ -357,7 +357,7 @@ key_load_private_rsa1(int fd, const char *filename, const char *passphrase,
|
||||
(void) buffer_get_int(&buffer); /* Reserved data. */
|
||||
|
||||
/* Read the public key from the buffer. */
|
||||
buffer_get_int(&buffer);
|
||||
(void) buffer_get_int(&buffer);
|
||||
prv = key_new_private(KEY_RSA1);
|
||||
|
||||
buffer_get_bignum(&buffer, prv->rsa->n);
|
||||
|
@ -37,7 +37,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: bufaux.c,v 1.25 2002/04/20 09:14:58 markus Exp $");
|
||||
RCSID("$OpenBSD: bufaux.c,v 1.27 2002/06/26 08:53:12 markus Exp $");
|
||||
|
||||
#include <openssl/bn.h>
|
||||
#include "bufaux.h"
|
||||
@ -88,6 +88,8 @@ buffer_get_bignum(Buffer *buffer, BIGNUM *value)
|
||||
bits = GET_16BIT(buf);
|
||||
/* Compute the number of binary bytes that follow. */
|
||||
bytes = (bits + 7) / 8;
|
||||
if (bytes > 8 * 1024)
|
||||
fatal("buffer_get_bignum: cannot handle BN of size %d", bytes);
|
||||
if (buffer_len(buffer) < bytes)
|
||||
fatal("buffer_get_bignum: input buffer too small");
|
||||
bin = buffer_ptr(buffer);
|
||||
@ -105,6 +107,7 @@ buffer_put_bignum2(Buffer *buffer, BIGNUM *value)
|
||||
u_char *buf = xmalloc(bytes);
|
||||
int oi;
|
||||
int hasnohigh = 0;
|
||||
|
||||
buf[0] = '\0';
|
||||
/* Get the value of in binary */
|
||||
oi = BN_bn2bin(value, buf+1);
|
||||
@ -128,12 +131,15 @@ buffer_put_bignum2(Buffer *buffer, BIGNUM *value)
|
||||
xfree(buf);
|
||||
}
|
||||
|
||||
/* XXX does not handle negative BNs */
|
||||
void
|
||||
buffer_get_bignum2(Buffer *buffer, BIGNUM *value)
|
||||
{
|
||||
/**XXX should be two's-complement */
|
||||
int len;
|
||||
u_char *bin = buffer_get_string(buffer, (u_int *)&len);
|
||||
u_int len;
|
||||
u_char *bin = buffer_get_string(buffer, &len);
|
||||
|
||||
if (len > 8 * 1024)
|
||||
fatal("buffer_get_bignum2: cannot handle BN of size %d", len);
|
||||
BN_bin2bn(bin, len, value);
|
||||
xfree(bin);
|
||||
}
|
||||
@ -145,6 +151,7 @@ u_short
|
||||
buffer_get_short(Buffer *buffer)
|
||||
{
|
||||
u_char buf[2];
|
||||
|
||||
buffer_get(buffer, (char *) buf, 2);
|
||||
return GET_16BIT(buf);
|
||||
}
|
||||
@ -153,6 +160,7 @@ u_int
|
||||
buffer_get_int(Buffer *buffer)
|
||||
{
|
||||
u_char buf[4];
|
||||
|
||||
buffer_get(buffer, (char *) buf, 4);
|
||||
return GET_32BIT(buf);
|
||||
}
|
||||
@ -162,6 +170,7 @@ u_int64_t
|
||||
buffer_get_int64(Buffer *buffer)
|
||||
{
|
||||
u_char buf[8];
|
||||
|
||||
buffer_get(buffer, (char *) buf, 8);
|
||||
return GET_64BIT(buf);
|
||||
}
|
||||
@ -174,6 +183,7 @@ void
|
||||
buffer_put_short(Buffer *buffer, u_short value)
|
||||
{
|
||||
char buf[2];
|
||||
|
||||
PUT_16BIT(buf, value);
|
||||
buffer_append(buffer, buf, 2);
|
||||
}
|
||||
@ -182,6 +192,7 @@ void
|
||||
buffer_put_int(Buffer *buffer, u_int value)
|
||||
{
|
||||
char buf[4];
|
||||
|
||||
PUT_32BIT(buf, value);
|
||||
buffer_append(buffer, buf, 4);
|
||||
}
|
||||
@ -191,6 +202,7 @@ void
|
||||
buffer_put_int64(Buffer *buffer, u_int64_t value)
|
||||
{
|
||||
char buf[8];
|
||||
|
||||
PUT_64BIT(buf, value);
|
||||
buffer_append(buffer, buf, 8);
|
||||
}
|
||||
@ -207,8 +219,9 @@ buffer_put_int64(Buffer *buffer, u_int64_t value)
|
||||
void *
|
||||
buffer_get_string(Buffer *buffer, u_int *length_ptr)
|
||||
{
|
||||
u_int len;
|
||||
u_char *value;
|
||||
u_int len;
|
||||
|
||||
/* Get the length. */
|
||||
len = buffer_get_int(buffer);
|
||||
if (len > 256 * 1024)
|
||||
@ -249,6 +262,7 @@ int
|
||||
buffer_get_char(Buffer *buffer)
|
||||
{
|
||||
char ch;
|
||||
|
||||
buffer_get(buffer, &ch, 1);
|
||||
return (u_char) ch;
|
||||
}
|
||||
@ -260,5 +274,6 @@ void
|
||||
buffer_put_char(Buffer *buffer, int value)
|
||||
{
|
||||
char ch = value;
|
||||
|
||||
buffer_append(buffer, &ch, 1);
|
||||
}
|
||||
|
@ -12,7 +12,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: buffer.c,v 1.15 2002/01/18 18:14:17 stevesk Exp $");
|
||||
RCSID("$OpenBSD: buffer.c,v 1.16 2002/06/26 08:54:18 markus Exp $");
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "buffer.h"
|
||||
@ -71,6 +71,9 @@ buffer_append_space(Buffer *buffer, u_int len)
|
||||
{
|
||||
void *p;
|
||||
|
||||
if (len > 0x100000)
|
||||
fatal("buffer_append_space: len %u not supported", len);
|
||||
|
||||
/* If the buffer is empty, start using it from the beginning. */
|
||||
if (buffer->offset == buffer->end) {
|
||||
buffer->offset = 0;
|
||||
@ -96,6 +99,9 @@ buffer_append_space(Buffer *buffer, u_int len)
|
||||
}
|
||||
/* Increase the size of the buffer and retry. */
|
||||
buffer->alloc += len + 32768;
|
||||
if (buffer->alloc > 0xa00000)
|
||||
fatal("buffer_append_space: alloc %u not supported",
|
||||
buffer->alloc);
|
||||
buffer->buf = xrealloc(buffer->buf, buffer->alloc);
|
||||
goto restart;
|
||||
/* NOTREACHED */
|
||||
|
@ -39,7 +39,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: channels.c,v 1.175 2002/06/10 22:28:41 markus Exp $");
|
||||
RCSID("$OpenBSD: channels.c,v 1.179 2002/06/26 08:55:02 markus Exp $");
|
||||
|
||||
#include "ssh.h"
|
||||
#include "ssh1.h"
|
||||
@ -205,7 +205,7 @@ channel_register_fds(Channel *c, int rfd, int wfd, int efd,
|
||||
|
||||
Channel *
|
||||
channel_new(char *ctype, int type, int rfd, int wfd, int efd,
|
||||
int window, int maxpack, int extusage, char *remote_name, int nonblock)
|
||||
u_int window, u_int maxpack, int extusage, char *remote_name, int nonblock)
|
||||
{
|
||||
int i, found;
|
||||
Channel *c;
|
||||
@ -229,6 +229,9 @@ channel_new(char *ctype, int type, int rfd, int wfd, int efd,
|
||||
/* There are no free slots. Take last+1 slot and expand the array. */
|
||||
found = channels_alloc;
|
||||
channels_alloc += 10;
|
||||
if (channels_alloc > 10000)
|
||||
fatal("channel_new: internal error: channels_alloc %d "
|
||||
"too big.", channels_alloc);
|
||||
debug2("channel: expanding %d", channels_alloc);
|
||||
channels = xrealloc(channels, channels_alloc * sizeof(Channel *));
|
||||
for (i = found; i < channels_alloc; i++)
|
||||
@ -1568,8 +1571,9 @@ channel_after_select(fd_set * readset, fd_set * writeset)
|
||||
void
|
||||
channel_output_poll(void)
|
||||
{
|
||||
int len, i;
|
||||
Channel *c;
|
||||
int i;
|
||||
u_int len;
|
||||
|
||||
for (i = 0; i < channels_alloc; i++) {
|
||||
c = channels[i];
|
||||
@ -1647,7 +1651,7 @@ channel_output_poll(void)
|
||||
c->remote_window > 0 &&
|
||||
(len = buffer_len(&c->extended)) > 0 &&
|
||||
c->extended_usage == CHAN_EXTENDED_READ) {
|
||||
debug2("channel %d: rwin %d elen %d euse %d",
|
||||
debug2("channel %d: rwin %u elen %u euse %d",
|
||||
c->self, c->remote_window, buffer_len(&c->extended),
|
||||
c->extended_usage);
|
||||
if (len > c->remote_window)
|
||||
@ -1717,9 +1721,8 @@ void
|
||||
channel_input_extended_data(int type, u_int32_t seq, void *ctxt)
|
||||
{
|
||||
int id;
|
||||
int tcode;
|
||||
char *data;
|
||||
u_int data_len;
|
||||
u_int data_len, tcode;
|
||||
Channel *c;
|
||||
|
||||
/* Get the channel number and verify it. */
|
||||
@ -1874,7 +1877,7 @@ channel_input_open_confirmation(int type, u_int32_t seq, void *ctxt)
|
||||
c->confirm(c->self, NULL);
|
||||
debug2("callback done");
|
||||
}
|
||||
debug("channel %d: open confirm rwindow %d rmax %d", c->self,
|
||||
debug("channel %d: open confirm rwindow %u rmax %u", c->self,
|
||||
c->remote_window, c->remote_maxpacket);
|
||||
}
|
||||
packet_check_eom();
|
||||
@ -1931,7 +1934,8 @@ void
|
||||
channel_input_window_adjust(int type, u_int32_t seq, void *ctxt)
|
||||
{
|
||||
Channel *c;
|
||||
int id, adjust;
|
||||
int id;
|
||||
u_int adjust;
|
||||
|
||||
if (!compat20)
|
||||
return;
|
||||
@ -1947,7 +1951,7 @@ channel_input_window_adjust(int type, u_int32_t seq, void *ctxt)
|
||||
}
|
||||
adjust = packet_get_int();
|
||||
packet_check_eom();
|
||||
debug2("channel %d: rcvd adjust %d", id, adjust);
|
||||
debug2("channel %d: rcvd adjust %u", id, adjust);
|
||||
c->remote_window += adjust;
|
||||
}
|
||||
|
||||
@ -2328,12 +2332,12 @@ channel_connect_to(const char *host, u_short port)
|
||||
|
||||
/*
|
||||
* Creates an internet domain socket for listening for X11 connections.
|
||||
* Returns a suitable display number for the DISPLAY variable, or -1 if
|
||||
* an error occurs.
|
||||
* Returns 0 and a suitable display number for the DISPLAY variable
|
||||
* stored in display_numberp , or -1 if an error occurs.
|
||||
*/
|
||||
int
|
||||
x11_create_display_inet(int x11_display_offset, int x11_use_localhost,
|
||||
int single_connection)
|
||||
int single_connection, u_int *display_numberp)
|
||||
{
|
||||
Channel *nc = NULL;
|
||||
int display_number, sock;
|
||||
@ -2431,7 +2435,8 @@ x11_create_display_inet(int x11_display_offset, int x11_use_localhost,
|
||||
}
|
||||
|
||||
/* Return the display number for the DISPLAY environment variable. */
|
||||
return display_number;
|
||||
*display_numberp = display_number;
|
||||
return (0);
|
||||
}
|
||||
|
||||
static int
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: channels.h,v 1.68 2002/06/10 22:28:41 markus Exp $ */
|
||||
/* $OpenBSD: channels.h,v 1.70 2002/06/24 14:33:27 markus Exp $ */
|
||||
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
@ -90,12 +90,12 @@ struct Channel {
|
||||
int host_port; /* remote port to connect for forwards */
|
||||
char *remote_name; /* remote hostname */
|
||||
|
||||
int remote_window;
|
||||
int remote_maxpacket;
|
||||
int local_window;
|
||||
int local_window_max;
|
||||
int local_consumed;
|
||||
int local_maxpacket;
|
||||
u_int remote_window;
|
||||
u_int remote_maxpacket;
|
||||
u_int local_window;
|
||||
u_int local_window_max;
|
||||
u_int local_consumed;
|
||||
u_int local_maxpacket;
|
||||
int extended_usage;
|
||||
int single_connection;
|
||||
|
||||
@ -151,7 +151,7 @@ struct Channel {
|
||||
/* channel management */
|
||||
|
||||
Channel *channel_lookup(int);
|
||||
Channel *channel_new(char *, int, int, int, int, int, int, int, char *, int);
|
||||
Channel *channel_new(char *, int, int, int, int, u_int, u_int, int, char *, int);
|
||||
void channel_set_fds(int, int, int, int, int, int, u_int);
|
||||
void channel_free(Channel *);
|
||||
void channel_free_all(void);
|
||||
@ -205,7 +205,7 @@ int channel_setup_remote_fwd_listener(const char *, u_short, int);
|
||||
/* x11 forwarding */
|
||||
|
||||
int x11_connect_display(void);
|
||||
int x11_create_display_inet(int, int, int);
|
||||
int x11_create_display_inet(int, int, int, u_int *);
|
||||
void x11_input_open(int, u_int32_t, void *);
|
||||
void x11_request_forwarding_with_spoofing(int, const char *, const char *);
|
||||
void deny_input_open(int, u_int32_t, void *);
|
||||
|
@ -35,7 +35,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: cipher.c,v 1.59 2002/06/19 18:01:00 markus Exp $");
|
||||
RCSID("$OpenBSD: cipher.c,v 1.60 2002/06/23 03:26:52 deraadt Exp $");
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "log.h"
|
||||
@ -95,11 +95,13 @@ cipher_blocksize(Cipher *c)
|
||||
{
|
||||
return (c->block_size);
|
||||
}
|
||||
|
||||
u_int
|
||||
cipher_keylen(Cipher *c)
|
||||
{
|
||||
return (c->key_len);
|
||||
}
|
||||
|
||||
u_int
|
||||
cipher_get_number(Cipher *c)
|
||||
{
|
||||
@ -314,6 +316,7 @@ struct ssh1_3des_ctx
|
||||
{
|
||||
EVP_CIPHER_CTX k1, k2, k3;
|
||||
};
|
||||
|
||||
static int
|
||||
ssh1_3des_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv,
|
||||
int enc)
|
||||
@ -356,6 +359,7 @@ ssh1_3des_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv,
|
||||
#endif
|
||||
return (1);
|
||||
}
|
||||
|
||||
static int
|
||||
ssh1_3des_cbc(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src, u_int len)
|
||||
{
|
||||
@ -377,6 +381,7 @@ ssh1_3des_cbc(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src, u_int len)
|
||||
#endif
|
||||
return (1);
|
||||
}
|
||||
|
||||
static int
|
||||
ssh1_3des_cleanup(EVP_CIPHER_CTX *ctx)
|
||||
{
|
||||
@ -389,6 +394,7 @@ ssh1_3des_cleanup(EVP_CIPHER_CTX *ctx)
|
||||
}
|
||||
return (1);
|
||||
}
|
||||
|
||||
static const EVP_CIPHER *
|
||||
evp_ssh1_3des(void)
|
||||
{
|
||||
@ -430,7 +436,9 @@ swap_bytes(const u_char *src, u_char *dst, int n)
|
||||
*dst++ = c[3];
|
||||
}
|
||||
}
|
||||
|
||||
static int (*orig_bf)(EVP_CIPHER_CTX *, u_char *, const u_char *, u_int) = NULL;
|
||||
|
||||
static int
|
||||
bf_ssh1_cipher(EVP_CIPHER_CTX *ctx, u_char *out, const u_char *in, u_int len)
|
||||
{
|
||||
@ -441,6 +449,7 @@ bf_ssh1_cipher(EVP_CIPHER_CTX *ctx, u_char *out, const u_char *in, u_int len)
|
||||
swap_bytes(out, out, len);
|
||||
return (ret);
|
||||
}
|
||||
|
||||
static const EVP_CIPHER *
|
||||
evp_ssh1_bf(void)
|
||||
{
|
||||
@ -483,6 +492,7 @@ ssh_rijndael_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv,
|
||||
memcpy(c->r_iv, iv, RIJNDAEL_BLOCKSIZE);
|
||||
return (1);
|
||||
}
|
||||
|
||||
static int
|
||||
ssh_rijndael_cbc(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src,
|
||||
u_int len)
|
||||
@ -528,6 +538,7 @@ ssh_rijndael_cbc(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src,
|
||||
}
|
||||
return (1);
|
||||
}
|
||||
|
||||
static int
|
||||
ssh_rijndael_cleanup(EVP_CIPHER_CTX *ctx)
|
||||
{
|
||||
@ -540,6 +551,7 @@ ssh_rijndael_cleanup(EVP_CIPHER_CTX *ctx)
|
||||
}
|
||||
return (1);
|
||||
}
|
||||
|
||||
static const EVP_CIPHER *
|
||||
evp_rijndael(void)
|
||||
{
|
||||
|
@ -59,7 +59,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: clientloop.c,v 1.101 2002/06/09 13:32:01 markus Exp $");
|
||||
RCSID("$OpenBSD: clientloop.c,v 1.102 2002/06/24 14:33:27 markus Exp $");
|
||||
|
||||
#include "ssh.h"
|
||||
#include "ssh1.h"
|
||||
@ -1208,10 +1208,8 @@ client_input_channel_open(int type, u_int32_t seq, void *ctxt)
|
||||
{
|
||||
Channel *c = NULL;
|
||||
char *ctype;
|
||||
u_int len;
|
||||
int rchan;
|
||||
int rmaxpack;
|
||||
int rwindow;
|
||||
u_int rmaxpack, rwindow, len;
|
||||
|
||||
ctype = packet_get_string(&len);
|
||||
rchan = packet_get_int();
|
||||
|
@ -1,4 +1,4 @@
|
||||
# $Id: configure.ac,v 1.67 2002/06/21 00:01:19 mouring Exp $
|
||||
# $Id: configure.ac,v 1.72 2002/06/25 22:35:16 tim Exp $
|
||||
|
||||
AC_INIT
|
||||
AC_CONFIG_SRCDIR([ssh.c])
|
||||
@ -76,6 +76,7 @@ case "$host" in
|
||||
AC_DEFINE(BROKEN_REALPATH)
|
||||
dnl AIX handles lastlog as part of its login message
|
||||
AC_DEFINE(DISABLE_LASTLOG)
|
||||
AC_DEFINE(LOGIN_NEEDS_UTMPX)
|
||||
;;
|
||||
*-*-cygwin*)
|
||||
LIBS="$LIBS /usr/lib/textmode.o"
|
||||
@ -85,6 +86,7 @@ case "$host" in
|
||||
AC_DEFINE(IPV4_DEFAULT)
|
||||
AC_DEFINE(IP_TOS_IS_BROKEN)
|
||||
AC_DEFINE(NO_X11_UNIX_SOCKETS)
|
||||
AC_DEFINE(BROKEN_FD_PASSING)
|
||||
AC_DEFINE(SETGROUPS_NOOP)
|
||||
;;
|
||||
*-*-dgux*)
|
||||
@ -246,7 +248,6 @@ mips-sony-bsd|mips-sony-newsos4)
|
||||
CPPFLAGS="$CPPFLAGS -Dftruncate=chsize -I/usr/local/include"
|
||||
LDFLAGS="$LDFLAGS -L/usr/local/lib"
|
||||
LIBS="$LIBS -los -lprot -lx -ltinfo -lm"
|
||||
rsh_path="/usr/bin/rcmd"
|
||||
RANLIB=true
|
||||
no_dev_ptmx=1
|
||||
AC_DEFINE(BROKEN_SYS_TERMIO_H)
|
||||
@ -263,10 +264,10 @@ mips-sony-bsd|mips-sony-newsos4)
|
||||
LDFLAGS="$LDFLAGS -L/usr/local/lib"
|
||||
LIBS="$LIBS -lprot -lx -ltinfo -lm"
|
||||
no_dev_ptmx=1
|
||||
rsh_path="/usr/bin/rcmd"
|
||||
AC_DEFINE(USE_PIPES)
|
||||
AC_DEFINE(HAVE_SECUREWARE)
|
||||
AC_DEFINE(DISABLE_SHADOW)
|
||||
AC_DEFINE(BROKEN_FD_PASSING)
|
||||
AC_CHECK_FUNCS(getluid setluid)
|
||||
MANTYPE=man
|
||||
;;
|
||||
@ -274,6 +275,7 @@ mips-sony-bsd|mips-sony-newsos4)
|
||||
no_libsocket=1
|
||||
no_libnsl=1
|
||||
AC_DEFINE(USE_PIPES)
|
||||
AC_DEFINE(BROKEN_FD_PASSING)
|
||||
LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal,-L/usr/local/lib"
|
||||
LIBS="$LIBS -lgen -lrsc"
|
||||
;;
|
||||
@ -575,6 +577,30 @@ AC_CHECK_FUNCS(arc4random b64_ntop bcopy bindresvport_sa \
|
||||
socketpair strerror strlcat strlcpy strmode strsep sysconf tcgetpgrp \
|
||||
truncate utimes vhangup vsnprintf waitpid __b64_ntop _getpty)
|
||||
|
||||
if test $ac_cv_func_mmap = yes ; then
|
||||
AC_MSG_CHECKING([for mmap anon shared])
|
||||
AC_TRY_RUN(
|
||||
[
|
||||
#include <stdio.h>
|
||||
#include <sys/mman.h>
|
||||
#if !defined(MAP_ANON) && defined(MAP_ANONYMOUS)
|
||||
#define MAP_ANON MAP_ANONYMOUS
|
||||
#endif
|
||||
main() { char *p;
|
||||
p = (char *) mmap(NULL, 10, PROT_WRITE|PROT_READ, MAP_ANON|MAP_SHARED, -1, 0);
|
||||
if (p == (char *)-1)
|
||||
exit(1);
|
||||
exit(0);
|
||||
}
|
||||
],
|
||||
[
|
||||
AC_MSG_RESULT(yes)
|
||||
AC_DEFINE(HAVE_MMAP_ANON_SHARED)
|
||||
],
|
||||
[ AC_MSG_RESULT(no) ]
|
||||
)
|
||||
fi
|
||||
|
||||
dnl IRIX and Solaris 2.5.1 have dirname() in libgen
|
||||
AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
|
||||
AC_CHECK_LIB(gen, dirname,[
|
||||
@ -907,16 +933,17 @@ AC_ARG_WITH(entropy-timeout,
|
||||
)
|
||||
AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout)
|
||||
|
||||
ssh_privsep_user=sshd
|
||||
SSH_PRIVSEP_USER=sshd
|
||||
AC_ARG_WITH(privsep-user,
|
||||
[ --with-privsep-user=user Specify non-privileged user for privilege separation],
|
||||
[
|
||||
if test -n "$withval"; then
|
||||
ssh_privsep_user=$withval
|
||||
SSH_PRIVSEP_USER=$withval
|
||||
fi
|
||||
]
|
||||
)
|
||||
AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$ssh_privsep_user")
|
||||
AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER")
|
||||
AC_SUBST(SSH_PRIVSEP_USER)
|
||||
|
||||
# We do this little dance with the search path to insure
|
||||
# that programs that we select for use by installed programs
|
||||
@ -1789,17 +1816,6 @@ AC_ARG_WITH(afs,
|
||||
LIBS="$LIBS $KLIBS $K5LIBS"
|
||||
|
||||
# Looking for programs, paths and files
|
||||
AC_ARG_WITH(rsh,
|
||||
[ --with-rsh=PATH Specify path to remote shell program ],
|
||||
[
|
||||
if test "x$withval" != "$no" ; then
|
||||
rsh_path=$withval
|
||||
fi
|
||||
],
|
||||
[
|
||||
AC_PATH_PROG(rsh_path, rsh)
|
||||
]
|
||||
)
|
||||
|
||||
PRIVSEP_PATH=/var/empty
|
||||
AC_ARG_WITH(privsep-path,
|
||||
@ -1835,9 +1851,6 @@ else
|
||||
XAUTH_PATH=$xauth_path
|
||||
AC_SUBST(XAUTH_PATH)
|
||||
fi
|
||||
if test ! -z "$rsh_path" ; then
|
||||
AC_DEFINE_UNQUOTED(RSH_PATH, "$rsh_path")
|
||||
fi
|
||||
|
||||
# Check for mail directory (last resort if we cannot get it from headers)
|
||||
if test ! -z "$MAIL" ; then
|
||||
|
@ -1,7 +1,7 @@
|
||||
#ifndef _DEFINES_H
|
||||
#define _DEFINES_H
|
||||
|
||||
/* $Id: defines.h,v 1.90 2002/06/07 03:19:36 mouring Exp $ */
|
||||
/* $Id: defines.h,v 1.92 2002/06/24 16:26:49 stevesk Exp $ */
|
||||
|
||||
|
||||
/* Constants */
|
||||
@ -316,14 +316,6 @@ struct winsize {
|
||||
# define _PATH_MAILDIR MAILDIR
|
||||
#endif /* !defined(_PATH_MAILDIR) && defined(MAILDIR) */
|
||||
|
||||
#ifndef _PATH_RSH
|
||||
# ifdef RSH_PATH
|
||||
# define _PATH_RSH RSH_PATH
|
||||
# else /* RSH_PATH */
|
||||
# define _PATH_RSH "/usr/bin/rsh"
|
||||
# endif /* RSH_PATH */
|
||||
#endif /* _PATH_RSH */
|
||||
|
||||
#ifndef _PATH_NOLOGIN
|
||||
# define _PATH_NOLOGIN "/etc/nologin"
|
||||
#endif
|
||||
@ -417,7 +409,18 @@ struct winsize {
|
||||
#endif
|
||||
|
||||
#ifndef HAVE_GETOPT_OPTRESET
|
||||
#define getopt(ac, av, o) BSDgetopt(ac, av, o)
|
||||
# undef getopt
|
||||
# undef opterr
|
||||
# undef optind
|
||||
# undef optopt
|
||||
# undef optreset
|
||||
# undef optarg
|
||||
# define getopt(ac, av, o) BSDgetopt(ac, av, o)
|
||||
# define opterr BSDopterr
|
||||
# define optind BSDoptind
|
||||
# define optopt BSDoptopt
|
||||
# define optreset BSDoptreset
|
||||
# define optarg BSDoptarg
|
||||
#endif
|
||||
|
||||
/* In older versions of libpam, pam_strerror takes a single argument */
|
||||
|
@ -23,7 +23,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: kex.c,v 1.50 2002/05/15 15:47:49 mouring Exp $");
|
||||
RCSID("$OpenBSD: kex.c,v 1.51 2002/06/24 14:55:38 markus Exp $");
|
||||
|
||||
#include <openssl/crypto.h>
|
||||
|
||||
@ -202,8 +202,8 @@ kex_input_kexinit(int type, u_int32_t seq, void *ctxt)
|
||||
packet_get_char();
|
||||
for (i = 0; i < PROPOSAL_MAX; i++)
|
||||
xfree(packet_get_string(NULL));
|
||||
packet_get_char();
|
||||
packet_get_int();
|
||||
(void) packet_get_char();
|
||||
(void) packet_get_int();
|
||||
packet_check_eom();
|
||||
|
||||
kex_kexinit_finish(kex);
|
||||
|
@ -32,7 +32,7 @@
|
||||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: key.c,v 1.44 2002/05/31 13:16:48 markus Exp $");
|
||||
RCSID("$OpenBSD: key.c,v 1.45 2002/06/23 03:26:19 deraadt Exp $");
|
||||
|
||||
#include <openssl/evp.h>
|
||||
|
||||
@ -89,6 +89,7 @@ key_new(int type)
|
||||
}
|
||||
return k;
|
||||
}
|
||||
|
||||
Key *
|
||||
key_new_private(int type)
|
||||
{
|
||||
@ -120,6 +121,7 @@ key_new_private(int type)
|
||||
}
|
||||
return k;
|
||||
}
|
||||
|
||||
void
|
||||
key_free(Key *k)
|
||||
{
|
||||
@ -359,6 +361,7 @@ read_bignum(char **cpp, BIGNUM * value)
|
||||
*cpp = cp;
|
||||
return 1;
|
||||
}
|
||||
|
||||
static int
|
||||
write_bignum(FILE *f, BIGNUM *num)
|
||||
{
|
||||
@ -485,6 +488,7 @@ key_read(Key *ret, char **cpp)
|
||||
}
|
||||
return success;
|
||||
}
|
||||
|
||||
int
|
||||
key_write(Key *key, FILE *f)
|
||||
{
|
||||
@ -516,6 +520,7 @@ key_write(Key *key, FILE *f)
|
||||
}
|
||||
return success;
|
||||
}
|
||||
|
||||
char *
|
||||
key_type(Key *k)
|
||||
{
|
||||
@ -532,6 +537,7 @@ key_type(Key *k)
|
||||
}
|
||||
return "unknown";
|
||||
}
|
||||
|
||||
char *
|
||||
key_ssh_name(Key *k)
|
||||
{
|
||||
@ -545,6 +551,7 @@ key_ssh_name(Key *k)
|
||||
}
|
||||
return "ssh-unknown";
|
||||
}
|
||||
|
||||
u_int
|
||||
key_size(Key *k)
|
||||
{
|
||||
@ -807,7 +814,6 @@ key_verify(
|
||||
}
|
||||
|
||||
/* Converts a private to a public key */
|
||||
|
||||
Key *
|
||||
key_demote(Key *k)
|
||||
{
|
||||
|
@ -25,7 +25,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: monitor.c,v 1.16 2002/06/21 05:50:51 djm Exp $");
|
||||
RCSID("$OpenBSD: monitor.c,v 1.18 2002/06/26 13:20:57 deraadt Exp $");
|
||||
|
||||
#include <openssl/dh.h>
|
||||
|
||||
@ -188,9 +188,6 @@ struct mon_table mon_dispatch_proto15[] = {
|
||||
{MONITOR_REQ_KEYALLOWED, MON_ISAUTH, mm_answer_keyallowed},
|
||||
{MONITOR_REQ_RSACHALLENGE, MON_ONCE, mm_answer_rsa_challenge},
|
||||
{MONITOR_REQ_RSARESPONSE, MON_ONCE|MON_AUTHDECIDE, mm_answer_rsa_response},
|
||||
#ifdef USE_PAM
|
||||
{MONITOR_REQ_PAM_START, MON_ONCE, mm_answer_pam_start},
|
||||
#endif
|
||||
#ifdef BSD_AUTH
|
||||
{MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery},
|
||||
{MONITOR_REQ_BSDAUTHRESPOND, MON_AUTH,mm_answer_bsdauthrespond},
|
||||
@ -982,14 +979,14 @@ mm_answer_keyverify(int socket, Buffer *m)
|
||||
xfree(signature);
|
||||
xfree(data);
|
||||
|
||||
auth_method = key_blobtype == MM_USERKEY ? "publickey" : "hostbased";
|
||||
|
||||
monitor_reset_key_state();
|
||||
|
||||
buffer_clear(m);
|
||||
buffer_put_int(m, verified);
|
||||
mm_request_send(socket, MONITOR_ANS_KEYVERIFY, m);
|
||||
|
||||
auth_method = key_blobtype == MM_USERKEY ? "publickey" : "hostbased";
|
||||
|
||||
return (verified);
|
||||
}
|
||||
|
||||
@ -1456,9 +1453,13 @@ mm_get_keystate(struct monitor *pmonitor)
|
||||
void *
|
||||
mm_zalloc(struct mm_master *mm, u_int ncount, u_int size)
|
||||
{
|
||||
int len = size * ncount;
|
||||
void *address;
|
||||
|
||||
address = mm_malloc(mm, size * ncount);
|
||||
if (len <= 0)
|
||||
fatal("%s: mm_zalloc(%u, %u)", __func__, ncount, size);
|
||||
|
||||
address = mm_malloc(mm, len);
|
||||
|
||||
return (address);
|
||||
}
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: monitor_fdpass.h,v 1.2 2002/03/26 03:24:01 stevesk Exp $ */
|
||||
/* $OpenBSD: monitor_fdpass.h,v 1.2 2002/03/26 03:24:01 stevesk Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
|
||||
|
@ -84,13 +84,13 @@ mm_create(struct mm_master *mmalloc, size_t size)
|
||||
*/
|
||||
mm->mmalloc = mmalloc;
|
||||
|
||||
#if defined(HAVE_MMAP) && defined(MAP_ANON)
|
||||
#ifdef HAVE_MMAP_ANON_SHARED
|
||||
address = mmap(NULL, size, PROT_WRITE|PROT_READ, MAP_ANON|MAP_SHARED,
|
||||
-1, 0);
|
||||
if (address == MAP_FAILED)
|
||||
fatal("mmap(%lu): %s", (u_long)size, strerror(errno));
|
||||
#else
|
||||
fatal("%s: UsePrivilegeSeparation=yes not supported",
|
||||
fatal("%s: UsePrivilegeSeparation=yes and Compression=yes not supported",
|
||||
__func__);
|
||||
#endif
|
||||
|
||||
@ -130,12 +130,12 @@ mm_destroy(struct mm_master *mm)
|
||||
mm_freelist(mm->mmalloc, &mm->rb_free);
|
||||
mm_freelist(mm->mmalloc, &mm->rb_allocated);
|
||||
|
||||
#ifdef HAVE_MMAP
|
||||
#ifdef HAVE_MMAP_ANON_SHARED
|
||||
if (munmap(mm->address, mm->size) == -1)
|
||||
fatal("munmap(%p, %lu): %s", mm->address, (u_long)mm->size,
|
||||
strerror(errno));
|
||||
#else
|
||||
fatal("%s: UsePrivilegeSeparation=yes not supported",
|
||||
fatal("%s: UsePrivilegeSeparation=yes and Compression=yes not supported",
|
||||
__func__);
|
||||
#endif
|
||||
if (mm->mmalloc == NULL)
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: monitor_mm.h,v 1.2 2002/03/26 03:24:01 stevesk Exp $ */
|
||||
/* $OpenBSD: monitor_mm.h,v 1.2 2002/03/26 03:24:01 stevesk Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
|
||||
|
@ -22,7 +22,7 @@
|
||||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: msg.c,v 1.2 2002/06/19 00:27:55 deraadt Exp $");
|
||||
RCSID("$OpenBSD: msg.c,v 1.3 2002/06/24 15:49:22 itojun Exp $");
|
||||
|
||||
#include "buffer.h"
|
||||
#include "getput.h"
|
||||
@ -36,7 +36,7 @@ msg_send(int fd, u_char type, Buffer *m)
|
||||
u_char buf[5];
|
||||
u_int mlen = buffer_len(m);
|
||||
|
||||
debug3("msg_send: type %d", type);
|
||||
debug3("msg_send: type %u", (unsigned int)type & 0xff);
|
||||
|
||||
PUT_32BIT(buf, mlen + 1);
|
||||
buf[4] = type; /* 1st byte of payload is mesg-type */
|
||||
@ -59,7 +59,7 @@ msg_recv(int fd, Buffer *m)
|
||||
if (res != sizeof(buf)) {
|
||||
if (res == 0)
|
||||
return -1;
|
||||
fatal("msg_recv: read: header %d", res);
|
||||
fatal("msg_recv: read: header %ld", (long)res);
|
||||
}
|
||||
msg_len = GET_32BIT(buf);
|
||||
if (msg_len > 256 * 1024)
|
||||
|
@ -42,11 +42,11 @@ static char *rcsid = "$OpenBSD: getopt.c,v 1.2 1996/08/19 08:33:32 tholo Exp $";
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
|
||||
int opterr = 1, /* if error message should be printed */
|
||||
optind = 1, /* index into parent argv vector */
|
||||
optopt, /* character checked for validity */
|
||||
optreset; /* reset getopt */
|
||||
char *optarg; /* argument associated with option */
|
||||
int BSDopterr = 1, /* if error message should be printed */
|
||||
BSDoptind = 1, /* index into parent argv vector */
|
||||
BSDoptopt, /* character checked for validity */
|
||||
BSDoptreset; /* reset getopt */
|
||||
char *BSDoptarg; /* argument associated with option */
|
||||
|
||||
#define BADCH (int)'?'
|
||||
#define BADARG (int)':'
|
||||
@ -66,57 +66,57 @@ BSDgetopt(nargc, nargv, ostr)
|
||||
static char *place = EMSG; /* option letter processing */
|
||||
char *oli; /* option letter list index */
|
||||
|
||||
if (optreset || !*place) { /* update scanning pointer */
|
||||
optreset = 0;
|
||||
if (optind >= nargc || *(place = nargv[optind]) != '-') {
|
||||
if (BSDoptreset || !*place) { /* update scanning pointer */
|
||||
BSDoptreset = 0;
|
||||
if (BSDoptind >= nargc || *(place = nargv[BSDoptind]) != '-') {
|
||||
place = EMSG;
|
||||
return (-1);
|
||||
}
|
||||
if (place[1] && *++place == '-') { /* found "--" */
|
||||
++optind;
|
||||
++BSDoptind;
|
||||
place = EMSG;
|
||||
return (-1);
|
||||
}
|
||||
} /* option letter okay? */
|
||||
if ((optopt = (int)*place++) == (int)':' ||
|
||||
!(oli = strchr(ostr, optopt))) {
|
||||
if ((BSDoptopt = (int)*place++) == (int)':' ||
|
||||
!(oli = strchr(ostr, BSDoptopt))) {
|
||||
/*
|
||||
* if the user didn't specify '-' as an option,
|
||||
* assume it means -1.
|
||||
*/
|
||||
if (optopt == (int)'-')
|
||||
if (BSDoptopt == (int)'-')
|
||||
return (-1);
|
||||
if (!*place)
|
||||
++optind;
|
||||
if (opterr && *ostr != ':')
|
||||
++BSDoptind;
|
||||
if (BSDopterr && *ostr != ':')
|
||||
(void)fprintf(stderr,
|
||||
"%s: illegal option -- %c\n", __progname, optopt);
|
||||
"%s: illegal option -- %c\n", __progname, BSDoptopt);
|
||||
return (BADCH);
|
||||
}
|
||||
if (*++oli != ':') { /* don't need argument */
|
||||
optarg = NULL;
|
||||
BSDoptarg = NULL;
|
||||
if (!*place)
|
||||
++optind;
|
||||
++BSDoptind;
|
||||
}
|
||||
else { /* need an argument */
|
||||
if (*place) /* no white space */
|
||||
optarg = place;
|
||||
else if (nargc <= ++optind) { /* no arg */
|
||||
BSDoptarg = place;
|
||||
else if (nargc <= ++BSDoptind) { /* no arg */
|
||||
place = EMSG;
|
||||
if (*ostr == ':')
|
||||
return (BADARG);
|
||||
if (opterr)
|
||||
if (BSDopterr)
|
||||
(void)fprintf(stderr,
|
||||
"%s: option requires an argument -- %c\n",
|
||||
__progname, optopt);
|
||||
__progname, BSDoptopt);
|
||||
return (BADCH);
|
||||
}
|
||||
else /* white space */
|
||||
optarg = nargv[optind];
|
||||
BSDoptarg = nargv[BSDoptind];
|
||||
place = EMSG;
|
||||
++optind;
|
||||
++BSDoptind;
|
||||
}
|
||||
return (optopt); /* dump back option letter */
|
||||
return (BSDoptopt); /* dump back option letter */
|
||||
}
|
||||
|
||||
#endif /* !defined(HAVE_GETOPT) || !defined(HAVE_OPTRESET) */
|
||||
|
@ -37,7 +37,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: packet.c,v 1.95 2002/06/19 18:01:00 markus Exp $");
|
||||
RCSID("$OpenBSD: packet.c,v 1.96 2002/06/23 21:10:02 deraadt Exp $");
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "buffer.h"
|
||||
@ -1015,7 +1015,7 @@ packet_read_poll2(u_int32_t *seqnr_p)
|
||||
int
|
||||
packet_read_poll_seqnr(u_int32_t *seqnr_p)
|
||||
{
|
||||
int reason, seqnr;
|
||||
u_int reason, seqnr;
|
||||
u_char type;
|
||||
char *msg;
|
||||
|
||||
@ -1038,14 +1038,15 @@ packet_read_poll_seqnr(u_int32_t *seqnr_p)
|
||||
case SSH2_MSG_DISCONNECT:
|
||||
reason = packet_get_int();
|
||||
msg = packet_get_string(NULL);
|
||||
log("Received disconnect from %s: %d: %.400s", get_remote_ipaddr(),
|
||||
reason, msg);
|
||||
log("Received disconnect from %s: %u: %.400s",
|
||||
get_remote_ipaddr(), reason, msg);
|
||||
xfree(msg);
|
||||
fatal_cleanup();
|
||||
break;
|
||||
case SSH2_MSG_UNIMPLEMENTED:
|
||||
seqnr = packet_get_int();
|
||||
debug("Received SSH2_MSG_UNIMPLEMENTED for %d", seqnr);
|
||||
debug("Received SSH2_MSG_UNIMPLEMENTED for %u",
|
||||
seqnr);
|
||||
break;
|
||||
default:
|
||||
return type;
|
||||
@ -1063,8 +1064,8 @@ packet_read_poll_seqnr(u_int32_t *seqnr_p)
|
||||
break;
|
||||
case SSH_MSG_DISCONNECT:
|
||||
msg = packet_get_string(NULL);
|
||||
log("Received disconnect from %s: %.400s", get_remote_ipaddr(),
|
||||
msg);
|
||||
log("Received disconnect from %s: %.400s",
|
||||
get_remote_ipaddr(), msg);
|
||||
fatal_cleanup();
|
||||
xfree(msg);
|
||||
break;
|
||||
|
@ -24,7 +24,7 @@
|
||||
|
||||
#include "includes.h"
|
||||
#if defined(SMARTCARD) && defined(USE_SECTOK)
|
||||
RCSID("$OpenBSD: scard.c,v 1.25 2002/03/26 18:46:59 rees Exp $");
|
||||
RCSID("$OpenBSD: scard.c,v 1.26 2002/06/23 03:30:17 deraadt Exp $");
|
||||
|
||||
#include <openssl/evp.h>
|
||||
#include <sectok.h>
|
||||
@ -191,7 +191,7 @@ sc_read_pubkey(Key * k)
|
||||
|
||||
status = 0;
|
||||
p = key_fingerprint(k, SSH_FP_MD5, SSH_FP_HEX);
|
||||
debug("fingerprint %d %s", key_size(k), p);
|
||||
debug("fingerprint %u %s", key_size(k), p);
|
||||
xfree(p);
|
||||
|
||||
err:
|
||||
|
@ -9,7 +9,7 @@
|
||||
.\"
|
||||
.\" Created: Sun May 7 00:14:37 1995 ylo
|
||||
.\"
|
||||
.\" $OpenBSD: scp.1,v 1.22 2002/06/20 20:00:05 stevesk Exp $
|
||||
.\" $OpenBSD: scp.1,v 1.23 2002/06/22 16:41:57 stevesk Exp $
|
||||
.\"
|
||||
.Dd September 25, 1999
|
||||
.Dt SCP 1
|
||||
@ -152,5 +152,5 @@ California.
|
||||
.Xr ssh-add 1 ,
|
||||
.Xr ssh-agent 1 ,
|
||||
.Xr ssh-keygen 1 ,
|
||||
.Xr ssh_config 5
|
||||
.Xr ssh_config 5 ,
|
||||
.Xr sshd 8
|
||||
|
@ -10,7 +10,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: servconf.c,v 1.111 2002/06/20 23:05:55 markus Exp $");
|
||||
RCSID("$OpenBSD: servconf.c,v 1.112 2002/06/23 09:46:51 deraadt Exp $");
|
||||
|
||||
#if defined(KRB4)
|
||||
#include <krb.h>
|
||||
@ -257,7 +257,7 @@ fill_default_server_options(ServerOptions *options)
|
||||
if (use_privsep == -1)
|
||||
use_privsep = 1;
|
||||
|
||||
#if !defined(HAVE_MMAP) || !defined(MAP_ANON)
|
||||
#if !defined(HAVE_MMAP_ANON_SHARED)
|
||||
if (use_privsep && options->compression == 1) {
|
||||
error("This platform does not support both privilege "
|
||||
"separation and compression");
|
||||
@ -423,7 +423,7 @@ add_one_listen_addr(ServerOptions *options, char *addr, u_short port)
|
||||
hints.ai_family = IPv4or6;
|
||||
hints.ai_socktype = SOCK_STREAM;
|
||||
hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
|
||||
snprintf(strport, sizeof strport, "%d", port);
|
||||
snprintf(strport, sizeof strport, "%u", port);
|
||||
if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0)
|
||||
fatal("bad addr or host: %s (%s)",
|
||||
addr ? addr : "<NULL>",
|
||||
@ -439,9 +439,8 @@ process_server_config_line(ServerOptions *options, char *line,
|
||||
const char *filename, int linenum)
|
||||
{
|
||||
char *cp, **charptr, *arg, *p;
|
||||
int *intptr, value;
|
||||
int *intptr, value, i, n;
|
||||
ServerOpCodes opcode;
|
||||
int i, n;
|
||||
|
||||
cp = line;
|
||||
arg = strdelim(&cp);
|
||||
@ -765,7 +764,8 @@ process_server_config_line(ServerOptions *options, char *line,
|
||||
if (options->num_allow_users >= MAX_ALLOW_USERS)
|
||||
fatal("%s line %d: too many allow users.",
|
||||
filename, linenum);
|
||||
options->allow_users[options->num_allow_users++] = xstrdup(arg);
|
||||
options->allow_users[options->num_allow_users++] =
|
||||
xstrdup(arg);
|
||||
}
|
||||
break;
|
||||
|
||||
@ -774,7 +774,8 @@ process_server_config_line(ServerOptions *options, char *line,
|
||||
if (options->num_deny_users >= MAX_DENY_USERS)
|
||||
fatal( "%s line %d: too many deny users.",
|
||||
filename, linenum);
|
||||
options->deny_users[options->num_deny_users++] = xstrdup(arg);
|
||||
options->deny_users[options->num_deny_users++] =
|
||||
xstrdup(arg);
|
||||
}
|
||||
break;
|
||||
|
||||
@ -783,7 +784,8 @@ process_server_config_line(ServerOptions *options, char *line,
|
||||
if (options->num_allow_groups >= MAX_ALLOW_GROUPS)
|
||||
fatal("%s line %d: too many allow groups.",
|
||||
filename, linenum);
|
||||
options->allow_groups[options->num_allow_groups++] = xstrdup(arg);
|
||||
options->allow_groups[options->num_allow_groups++] =
|
||||
xstrdup(arg);
|
||||
}
|
||||
break;
|
||||
|
||||
@ -921,10 +923,9 @@ process_server_config_line(ServerOptions *options, char *line,
|
||||
void
|
||||
read_server_config(ServerOptions *options, const char *filename)
|
||||
{
|
||||
FILE *f;
|
||||
int linenum, bad_options = 0;
|
||||
char line[1024];
|
||||
int linenum;
|
||||
int bad_options = 0;
|
||||
FILE *f;
|
||||
|
||||
f = fopen(filename, "r");
|
||||
if (!f) {
|
||||
|
@ -35,7 +35,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: serverloop.c,v 1.102 2002/06/11 05:46:20 mpech Exp $");
|
||||
RCSID("$OpenBSD: serverloop.c,v 1.103 2002/06/24 14:33:27 markus Exp $");
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "packet.h"
|
||||
@ -902,10 +902,8 @@ server_input_channel_open(int type, u_int32_t seq, void *ctxt)
|
||||
{
|
||||
Channel *c = NULL;
|
||||
char *ctype;
|
||||
u_int len;
|
||||
int rchan;
|
||||
int rmaxpack;
|
||||
int rwindow;
|
||||
u_int rmaxpack, rwindow, len;
|
||||
|
||||
ctype = packet_get_string(&len);
|
||||
rchan = packet_get_int();
|
||||
|
@ -33,7 +33,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: session.c,v 1.138 2002/06/20 23:05:55 markus Exp $");
|
||||
RCSID("$OpenBSD: session.c,v 1.142 2002/06/26 13:49:26 deraadt Exp $");
|
||||
|
||||
#include "ssh.h"
|
||||
#include "ssh1.h"
|
||||
@ -252,8 +252,8 @@ do_authenticated1(Authctxt *authctxt)
|
||||
Session *s;
|
||||
char *command;
|
||||
int success, type, screen_flag;
|
||||
int compression_level = 0, enable_compression_after_reply = 0;
|
||||
u_int proto_len, data_len, dlen;
|
||||
int enable_compression_after_reply = 0;
|
||||
u_int proto_len, data_len, dlen, compression_level = 0;
|
||||
|
||||
s = session_new();
|
||||
s->authctxt = authctxt;
|
||||
@ -849,6 +849,9 @@ child_set_env(char ***envp, u_int *envsizep, const char *name,
|
||||
} else {
|
||||
/* New variable. Expand if necessary. */
|
||||
if (i >= (*envsizep) - 1) {
|
||||
if (*envsizep >= 1000)
|
||||
fatal("child_set_env: too many env vars,"
|
||||
" skipping: %.100s", name);
|
||||
(*envsizep) += 50;
|
||||
env = (*envp) = xrealloc(env, (*envsizep) * sizeof(char *));
|
||||
}
|
||||
@ -874,12 +877,15 @@ read_environment_file(char ***env, u_int *envsize,
|
||||
FILE *f;
|
||||
char buf[4096];
|
||||
char *cp, *value;
|
||||
u_int lineno = 0;
|
||||
|
||||
f = fopen(filename, "r");
|
||||
if (!f)
|
||||
return;
|
||||
|
||||
while (fgets(buf, sizeof(buf), f)) {
|
||||
if (++lineno > 1000)
|
||||
fatal("Too many lines in environment file %s", filename);
|
||||
for (cp = buf; *cp == ' ' || *cp == '\t'; cp++)
|
||||
;
|
||||
if (!*cp || *cp == '#' || *cp == '\n')
|
||||
@ -888,7 +894,8 @@ read_environment_file(char ***env, u_int *envsize,
|
||||
*strchr(cp, '\n') = '\0';
|
||||
value = strchr(cp, '=');
|
||||
if (value == NULL) {
|
||||
fprintf(stderr, "Bad line in %.100s: %.200s\n", filename, buf);
|
||||
fprintf(stderr, "Bad line %u in %.100s\n", lineno,
|
||||
filename);
|
||||
continue;
|
||||
}
|
||||
/*
|
||||
@ -1152,6 +1159,8 @@ do_nologin(struct passwd *pw)
|
||||
void
|
||||
do_setusercontext(struct passwd *pw)
|
||||
{
|
||||
char tty='\0';
|
||||
|
||||
#ifdef HAVE_CYGWIN
|
||||
if (is_winnt) {
|
||||
#else /* HAVE_CYGWIN */
|
||||
@ -1161,6 +1170,9 @@ do_setusercontext(struct passwd *pw)
|
||||
setpcred(pw->pw_name);
|
||||
#endif /* HAVE_SETPCRED */
|
||||
#ifdef HAVE_LOGIN_CAP
|
||||
#ifdef __bsdi__
|
||||
setpgid(0, 0);
|
||||
#endif
|
||||
if (setusercontext(lc, pw, pw->pw_uid,
|
||||
(LOGIN_SETALL & ~LOGIN_SETPATH)) < 0) {
|
||||
perror("unable to set user context");
|
||||
@ -1196,6 +1208,10 @@ do_setusercontext(struct passwd *pw)
|
||||
# if defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY)
|
||||
irix_setusercontext(pw);
|
||||
# endif /* defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY) */
|
||||
# ifdef _AIX
|
||||
/* XXX: Disable tty setting. Enabled if required later */
|
||||
aix_usrinfo(pw, &tty, -1);
|
||||
# endif /* _AIX */
|
||||
/* Permanently switch to the desired uid. */
|
||||
permanently_set_uid(pw);
|
||||
#endif
|
||||
@ -1258,9 +1274,6 @@ do_child(Session *s, const char *command)
|
||||
do_motd();
|
||||
#else /* HAVE_OSF_SIA */
|
||||
do_nologin(pw);
|
||||
# ifdef _AIX
|
||||
aix_usrinfo(pw, s->tty, s->ttyfd);
|
||||
# endif /* _AIX */
|
||||
do_setusercontext(pw);
|
||||
#endif /* HAVE_OSF_SIA */
|
||||
}
|
||||
@ -1970,9 +1983,9 @@ session_setup_x11fwd(Session *s)
|
||||
debug("X11 display already set.");
|
||||
return 0;
|
||||
}
|
||||
s->display_number = x11_create_display_inet(options.x11_display_offset,
|
||||
options.x11_use_localhost, s->single_connection);
|
||||
if (s->display_number == -1) {
|
||||
if (x11_create_display_inet(options.x11_display_offset,
|
||||
options.x11_use_localhost, s->single_connection,
|
||||
&s->display_number) == -1) {
|
||||
debug("x11_create_display_inet failed.");
|
||||
return 0;
|
||||
}
|
||||
@ -1986,9 +1999,9 @@ session_setup_x11fwd(Session *s)
|
||||
* different than the DISPLAY string for localhost displays.
|
||||
*/
|
||||
if (options.x11_use_localhost) {
|
||||
snprintf(display, sizeof display, "localhost:%d.%d",
|
||||
snprintf(display, sizeof display, "localhost:%u.%u",
|
||||
s->display_number, s->screen);
|
||||
snprintf(auth_display, sizeof auth_display, "unix:%d.%d",
|
||||
snprintf(auth_display, sizeof auth_display, "unix:%u.%u",
|
||||
s->display_number, s->screen);
|
||||
s->display = xstrdup(display);
|
||||
s->auth_display = xstrdup(auth_display);
|
||||
@ -2004,10 +2017,10 @@ session_setup_x11fwd(Session *s)
|
||||
return 0;
|
||||
}
|
||||
memcpy(&my_addr, he->h_addr_list[0], sizeof(struct in_addr));
|
||||
snprintf(display, sizeof display, "%.50s:%d.%d", inet_ntoa(my_addr),
|
||||
snprintf(display, sizeof display, "%.50s:%u.%u", inet_ntoa(my_addr),
|
||||
s->display_number, s->screen);
|
||||
#else
|
||||
snprintf(display, sizeof display, "%.400s:%d.%d", hostname,
|
||||
snprintf(display, sizeof display, "%.400s:%u.%u", hostname,
|
||||
s->display_number, s->screen);
|
||||
#endif
|
||||
s->display = xstrdup(display);
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: session.h,v 1.17 2002/03/29 18:59:32 markus Exp $ */
|
||||
/* $OpenBSD: session.h,v 1.18 2002/06/23 21:06:41 deraadt Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
|
||||
@ -37,15 +37,15 @@ struct Session {
|
||||
/* tty */
|
||||
char *term;
|
||||
int ptyfd, ttyfd, ptymaster;
|
||||
int row, col, xpixel, ypixel;
|
||||
u_int row, col, xpixel, ypixel;
|
||||
char tty[TTYSZ];
|
||||
/* last login */
|
||||
char hostname[MAXHOSTNAMELEN];
|
||||
time_t last_login_time;
|
||||
/* X11 */
|
||||
int display_number;
|
||||
u_int display_number;
|
||||
char *display;
|
||||
int screen;
|
||||
u_int screen;
|
||||
char *auth_display;
|
||||
char *auth_proto;
|
||||
char *auth_data;
|
||||
|
@ -28,7 +28,7 @@
|
||||
/* XXX: copy between two remote sites */
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: sftp-client.c,v 1.32 2002/06/09 13:32:01 markus Exp $");
|
||||
RCSID("$OpenBSD: sftp-client.c,v 1.33 2002/06/23 09:30:14 deraadt Exp $");
|
||||
|
||||
#include "openbsd-compat/fake-queue.h"
|
||||
|
||||
@ -88,7 +88,7 @@ get_msg(int fd, Buffer *m)
|
||||
|
||||
msg_len = GET_32BIT(buf);
|
||||
if (msg_len > 256 * 1024)
|
||||
fatal("Received message too long %d", msg_len);
|
||||
fatal("Received message too long %u", msg_len);
|
||||
|
||||
while (msg_len) {
|
||||
len = atomicio(read, fd, buf, MIN(msg_len, sizeof(buf)));
|
||||
@ -113,7 +113,7 @@ send_string_request(int fd, u_int id, u_int code, char *s,
|
||||
buffer_put_int(&msg, id);
|
||||
buffer_put_string(&msg, s, len);
|
||||
send_msg(fd, &msg);
|
||||
debug3("Sent message fd %d T:%d I:%d", fd, code, id);
|
||||
debug3("Sent message fd %d T:%u I:%u", fd, code, id);
|
||||
buffer_free(&msg);
|
||||
}
|
||||
|
||||
@ -129,12 +129,12 @@ send_string_attrs_request(int fd, u_int id, u_int code, char *s,
|
||||
buffer_put_string(&msg, s, len);
|
||||
encode_attrib(&msg, a);
|
||||
send_msg(fd, &msg);
|
||||
debug3("Sent message fd %d T:%d I:%d", fd, code, id);
|
||||
debug3("Sent message fd %d T:%u I:%u", fd, code, id);
|
||||
buffer_free(&msg);
|
||||
}
|
||||
|
||||
static u_int
|
||||
get_status(int fd, int expected_id)
|
||||
get_status(int fd, u_int expected_id)
|
||||
{
|
||||
Buffer msg;
|
||||
u_int type, id, status;
|
||||
@ -145,15 +145,15 @@ get_status(int fd, int expected_id)
|
||||
id = buffer_get_int(&msg);
|
||||
|
||||
if (id != expected_id)
|
||||
fatal("ID mismatch (%d != %d)", id, expected_id);
|
||||
fatal("ID mismatch (%u != %u)", id, expected_id);
|
||||
if (type != SSH2_FXP_STATUS)
|
||||
fatal("Expected SSH2_FXP_STATUS(%d) packet, got %d",
|
||||
fatal("Expected SSH2_FXP_STATUS(%u) packet, got %u",
|
||||
SSH2_FXP_STATUS, type);
|
||||
|
||||
status = buffer_get_int(&msg);
|
||||
buffer_free(&msg);
|
||||
|
||||
debug3("SSH2_FXP_STATUS %d", status);
|
||||
debug3("SSH2_FXP_STATUS %u", status);
|
||||
|
||||
return(status);
|
||||
}
|
||||
@ -171,14 +171,14 @@ get_handle(int fd, u_int expected_id, u_int *len)
|
||||
id = buffer_get_int(&msg);
|
||||
|
||||
if (id != expected_id)
|
||||
fatal("ID mismatch (%d != %d)", id, expected_id);
|
||||
fatal("ID mismatch (%u != %u)", id, expected_id);
|
||||
if (type == SSH2_FXP_STATUS) {
|
||||
int status = buffer_get_int(&msg);
|
||||
|
||||
error("Couldn't get handle: %s", fx2txt(status));
|
||||
return(NULL);
|
||||
} else if (type != SSH2_FXP_HANDLE)
|
||||
fatal("Expected SSH2_FXP_HANDLE(%d) packet, got %d",
|
||||
fatal("Expected SSH2_FXP_HANDLE(%u) packet, got %u",
|
||||
SSH2_FXP_HANDLE, type);
|
||||
|
||||
handle = buffer_get_string(&msg, len);
|
||||
@ -200,9 +200,9 @@ get_decode_stat(int fd, u_int expected_id, int quiet)
|
||||
type = buffer_get_char(&msg);
|
||||
id = buffer_get_int(&msg);
|
||||
|
||||
debug3("Received stat reply T:%d I:%d", type, id);
|
||||
debug3("Received stat reply T:%u I:%u", type, id);
|
||||
if (id != expected_id)
|
||||
fatal("ID mismatch (%d != %d)", id, expected_id);
|
||||
fatal("ID mismatch (%u != %u)", id, expected_id);
|
||||
if (type == SSH2_FXP_STATUS) {
|
||||
int status = buffer_get_int(&msg);
|
||||
|
||||
@ -212,7 +212,7 @@ get_decode_stat(int fd, u_int expected_id, int quiet)
|
||||
error("Couldn't stat remote file: %s", fx2txt(status));
|
||||
return(NULL);
|
||||
} else if (type != SSH2_FXP_ATTRS) {
|
||||
fatal("Expected SSH2_FXP_ATTRS(%d) packet, got %d",
|
||||
fatal("Expected SSH2_FXP_ATTRS(%u) packet, got %u",
|
||||
SSH2_FXP_ATTRS, type);
|
||||
}
|
||||
a = decode_attrib(&msg);
|
||||
@ -224,7 +224,8 @@ get_decode_stat(int fd, u_int expected_id, int quiet)
|
||||
struct sftp_conn *
|
||||
do_init(int fd_in, int fd_out, u_int transfer_buflen, u_int num_requests)
|
||||
{
|
||||
int type, version;
|
||||
u_int type;
|
||||
int version;
|
||||
Buffer msg;
|
||||
struct sftp_conn *ret;
|
||||
|
||||
@ -239,7 +240,7 @@ do_init(int fd_in, int fd_out, u_int transfer_buflen, u_int num_requests)
|
||||
|
||||
/* Expecting a VERSION reply */
|
||||
if ((type = buffer_get_char(&msg)) != SSH2_FXP_VERSION) {
|
||||
error("Invalid packet back from SSH2_FXP_INIT (type %d)",
|
||||
error("Invalid packet back from SSH2_FXP_INIT (type %u)",
|
||||
type);
|
||||
buffer_free(&msg);
|
||||
return(NULL);
|
||||
@ -294,7 +295,7 @@ do_close(struct sftp_conn *conn, char *handle, u_int handle_len)
|
||||
buffer_put_int(&msg, id);
|
||||
buffer_put_string(&msg, handle, handle_len);
|
||||
send_msg(conn->fd_out, &msg);
|
||||
debug3("Sent message SSH2_FXP_CLOSE I:%d", id);
|
||||
debug3("Sent message SSH2_FXP_CLOSE I:%u", id);
|
||||
|
||||
status = get_status(conn->fd_in, id);
|
||||
if (status != SSH2_FX_OK)
|
||||
@ -339,7 +340,7 @@ do_lsreaddir(struct sftp_conn *conn, char *path, int printflag,
|
||||
|
||||
id = expected_id = conn->msg_id++;
|
||||
|
||||
debug3("Sending SSH2_FXP_READDIR I:%d", id);
|
||||
debug3("Sending SSH2_FXP_READDIR I:%u", id);
|
||||
|
||||
buffer_clear(&msg);
|
||||
buffer_put_char(&msg, SSH2_FXP_READDIR);
|
||||
@ -354,10 +355,10 @@ do_lsreaddir(struct sftp_conn *conn, char *path, int printflag,
|
||||
type = buffer_get_char(&msg);
|
||||
id = buffer_get_int(&msg);
|
||||
|
||||
debug3("Received reply T:%d I:%d", type, id);
|
||||
debug3("Received reply T:%u I:%u", type, id);
|
||||
|
||||
if (id != expected_id)
|
||||
fatal("ID mismatch (%d != %d)", id, expected_id);
|
||||
fatal("ID mismatch (%u != %u)", id, expected_id);
|
||||
|
||||
if (type == SSH2_FXP_STATUS) {
|
||||
int status = buffer_get_int(&msg);
|
||||
@ -373,7 +374,7 @@ do_lsreaddir(struct sftp_conn *conn, char *path, int printflag,
|
||||
return(status);
|
||||
}
|
||||
} else if (type != SSH2_FXP_NAME)
|
||||
fatal("Expected SSH2_FXP_NAME(%d) packet, got %d",
|
||||
fatal("Expected SSH2_FXP_NAME(%u) packet, got %u",
|
||||
SSH2_FXP_NAME, type);
|
||||
|
||||
count = buffer_get_int(&msg);
|
||||
@ -584,7 +585,7 @@ do_realpath(struct sftp_conn *conn, char *path)
|
||||
id = buffer_get_int(&msg);
|
||||
|
||||
if (id != expected_id)
|
||||
fatal("ID mismatch (%d != %d)", id, expected_id);
|
||||
fatal("ID mismatch (%u != %u)", id, expected_id);
|
||||
|
||||
if (type == SSH2_FXP_STATUS) {
|
||||
u_int status = buffer_get_int(&msg);
|
||||
@ -592,7 +593,7 @@ do_realpath(struct sftp_conn *conn, char *path)
|
||||
error("Couldn't canonicalise: %s", fx2txt(status));
|
||||
return(NULL);
|
||||
} else if (type != SSH2_FXP_NAME)
|
||||
fatal("Expected SSH2_FXP_NAME(%d) packet, got %d",
|
||||
fatal("Expected SSH2_FXP_NAME(%u) packet, got %u",
|
||||
SSH2_FXP_NAME, type);
|
||||
|
||||
count = buffer_get_int(&msg);
|
||||
@ -690,7 +691,7 @@ do_readlink(struct sftp_conn *conn, char *path)
|
||||
id = buffer_get_int(&msg);
|
||||
|
||||
if (id != expected_id)
|
||||
fatal("ID mismatch (%d != %d)", id, expected_id);
|
||||
fatal("ID mismatch (%u != %u)", id, expected_id);
|
||||
|
||||
if (type == SSH2_FXP_STATUS) {
|
||||
u_int status = buffer_get_int(&msg);
|
||||
@ -698,7 +699,7 @@ do_readlink(struct sftp_conn *conn, char *path)
|
||||
error("Couldn't readlink: %s", fx2txt(status));
|
||||
return(NULL);
|
||||
} else if (type != SSH2_FXP_NAME)
|
||||
fatal("Expected SSH2_FXP_NAME(%d) packet, got %d",
|
||||
fatal("Expected SSH2_FXP_NAME(%u) packet, got %u",
|
||||
SSH2_FXP_NAME, type);
|
||||
|
||||
count = buffer_get_int(&msg);
|
||||
@ -790,7 +791,7 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path,
|
||||
attrib_clear(&junk); /* Send empty attributes */
|
||||
encode_attrib(&msg, &junk);
|
||||
send_msg(conn->fd_out, &msg);
|
||||
debug3("Sent message SSH2_FXP_OPEN I:%d P:%s", id, remote_path);
|
||||
debug3("Sent message SSH2_FXP_OPEN I:%u P:%s", id, remote_path);
|
||||
|
||||
handle = get_handle(conn->fd_in, id, &handle_len);
|
||||
if (handle == NULL) {
|
||||
@ -835,7 +836,7 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path,
|
||||
get_msg(conn->fd_in, &msg);
|
||||
type = buffer_get_char(&msg);
|
||||
id = buffer_get_int(&msg);
|
||||
debug3("Received reply T:%d I:%d R:%d", type, id, max_req);
|
||||
debug3("Received reply T:%u I:%u R:%d", type, id, max_req);
|
||||
|
||||
/* Find the request in our queue */
|
||||
for(req = TAILQ_FIRST(&requests);
|
||||
@ -862,7 +863,7 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path,
|
||||
(unsigned long long)req->offset + len - 1);
|
||||
if (len > req->len)
|
||||
fatal("Received more data than asked for "
|
||||
"%d > %d", len, req->len);
|
||||
"%u > %u", len, req->len);
|
||||
if ((lseek(local_fd, req->offset, SEEK_SET) == -1 ||
|
||||
atomicio(write, local_fd, data, len) != len) &&
|
||||
!write_error) {
|
||||
@ -907,7 +908,7 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path,
|
||||
}
|
||||
break;
|
||||
default:
|
||||
fatal("Expected SSH2_FXP_DATA(%d) packet, got %d",
|
||||
fatal("Expected SSH2_FXP_DATA(%u) packet, got %u",
|
||||
SSH2_FXP_DATA, type);
|
||||
}
|
||||
}
|
||||
@ -1006,7 +1007,7 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path,
|
||||
buffer_put_int(&msg, SSH2_FXF_WRITE|SSH2_FXF_CREAT|SSH2_FXF_TRUNC);
|
||||
encode_attrib(&msg, &a);
|
||||
send_msg(conn->fd_out, &msg);
|
||||
debug3("Sent message SSH2_FXP_OPEN I:%d P:%s", id, remote_path);
|
||||
debug3("Sent message SSH2_FXP_OPEN I:%u P:%s", id, remote_path);
|
||||
|
||||
buffer_clear(&msg);
|
||||
|
||||
@ -1051,7 +1052,7 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path,
|
||||
buffer_put_int64(&msg, offset);
|
||||
buffer_put_string(&msg, data, len);
|
||||
send_msg(conn->fd_out, &msg);
|
||||
debug3("Sent message SSH2_FXP_WRITE I:%d O:%llu S:%u",
|
||||
debug3("Sent message SSH2_FXP_WRITE I:%u O:%llu S:%u",
|
||||
id, (unsigned long long)offset, len);
|
||||
} else if (TAILQ_FIRST(&acks) == NULL)
|
||||
break;
|
||||
@ -1081,7 +1082,7 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path,
|
||||
ack = TAILQ_NEXT(ack, tq))
|
||||
;
|
||||
if (ack == NULL)
|
||||
fatal("Can't find request for ID %d", r_id);
|
||||
fatal("Can't find request for ID %u", r_id);
|
||||
TAILQ_REMOVE(&acks, ack, tq);
|
||||
|
||||
if (status != SSH2_FX_OK) {
|
||||
@ -1091,7 +1092,7 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path,
|
||||
close(local_fd);
|
||||
goto done;
|
||||
}
|
||||
debug3("In write loop, ack for %u %d bytes at %llu",
|
||||
debug3("In write loop, ack for %u %u bytes at %llu",
|
||||
ack->id, ack->len, (unsigned long long)ack->offset);
|
||||
++ackid;
|
||||
free(ack);
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: sftp-client.h,v 1.9 2002/02/13 00:59:23 djm Exp $ */
|
||||
/* $OpenBSD: sftp-client.h,v 1.10 2002/06/23 09:30:14 deraadt Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2001,2002 Damien Miller. All rights reserved.
|
||||
@ -41,11 +41,9 @@ struct SFTP_DIRENT {
|
||||
* Initialiase a SSH filexfer connection. Returns -1 on error or
|
||||
* protocol version on success.
|
||||
*/
|
||||
struct sftp_conn *
|
||||
do_init(int, int, u_int, u_int);
|
||||
struct sftp_conn *do_init(int, int, u_int, u_int);
|
||||
|
||||
u_int
|
||||
sftp_proto_version(struct sftp_conn *);
|
||||
u_int sftp_proto_version(struct sftp_conn *);
|
||||
|
||||
/* Close file referred to by 'handle' */
|
||||
int do_close(struct sftp_conn *, char *, u_int);
|
||||
|
@ -24,7 +24,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: sftp-common.c,v 1.5 2001/12/02 02:08:32 deraadt Exp $");
|
||||
RCSID("$OpenBSD: sftp-common.c,v 1.6 2002/06/23 09:30:14 deraadt Exp $");
|
||||
|
||||
#include "buffer.h"
|
||||
#include "bufaux.h"
|
||||
@ -70,6 +70,7 @@ Attrib *
|
||||
decode_attrib(Buffer *b)
|
||||
{
|
||||
static Attrib a;
|
||||
|
||||
attrib_clear(&a);
|
||||
a.flags = buffer_get_int(b);
|
||||
if (a.flags & SSH2_FILEXFER_ATTR_SIZE)
|
||||
@ -88,6 +89,7 @@ decode_attrib(Buffer *b)
|
||||
if (a.flags & SSH2_FILEXFER_ATTR_EXTENDED) {
|
||||
char *type, *data;
|
||||
int i, count;
|
||||
|
||||
count = buffer_get_int(b);
|
||||
for (i = 0; i < count; i++) {
|
||||
type = buffer_get_string(b, NULL);
|
||||
|
@ -26,7 +26,7 @@
|
||||
/* XXX: recursive operations */
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: sftp-int.c,v 1.46 2002/03/30 18:51:15 markus Exp $");
|
||||
RCSID("$OpenBSD: sftp-int.c,v 1.47 2002/06/23 09:30:14 deraadt Exp $");
|
||||
|
||||
#include "buffer.h"
|
||||
#include "xmalloc.h"
|
||||
@ -835,7 +835,7 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd)
|
||||
help();
|
||||
break;
|
||||
case I_VERSION:
|
||||
printf("SFTP protocol version %d\n", sftp_proto_version(conn));
|
||||
printf("SFTP protocol version %u\n", sftp_proto_version(conn));
|
||||
break;
|
||||
default:
|
||||
fatal("%d is not implemented", cmdnum);
|
||||
|
@ -22,7 +22,7 @@
|
||||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: sftp-server.c,v 1.35 2002/06/06 17:30:11 markus Exp $");
|
||||
RCSID("$OpenBSD: sftp-server.c,v 1.37 2002/06/24 17:57:20 deraadt Exp $");
|
||||
|
||||
#include "buffer.h"
|
||||
#include "bufaux.h"
|
||||
@ -282,7 +282,7 @@ send_status(u_int32_t id, u_int32_t error)
|
||||
"Unknown error" /* Others */
|
||||
};
|
||||
|
||||
TRACE("sent status id %d error %d", id, error);
|
||||
TRACE("sent status id %u error %u", id, error);
|
||||
buffer_init(&msg);
|
||||
buffer_put_char(&msg, SSH2_FXP_STATUS);
|
||||
buffer_put_int(&msg, id);
|
||||
@ -311,7 +311,7 @@ send_data_or_handle(char type, u_int32_t id, char *data, int dlen)
|
||||
static void
|
||||
send_data(u_int32_t id, char *data, int dlen)
|
||||
{
|
||||
TRACE("sent data id %d len %d", id, dlen);
|
||||
TRACE("sent data id %u len %d", id, dlen);
|
||||
send_data_or_handle(SSH2_FXP_DATA, id, data, dlen);
|
||||
}
|
||||
|
||||
@ -322,7 +322,7 @@ send_handle(u_int32_t id, int handle)
|
||||
int hlen;
|
||||
|
||||
handle_to_string(handle, &string, &hlen);
|
||||
TRACE("sent handle id %d handle %d", id, handle);
|
||||
TRACE("sent handle id %u handle %d", id, handle);
|
||||
send_data_or_handle(SSH2_FXP_HANDLE, id, string, hlen);
|
||||
xfree(string);
|
||||
}
|
||||
@ -337,7 +337,7 @@ send_names(u_int32_t id, int count, Stat *stats)
|
||||
buffer_put_char(&msg, SSH2_FXP_NAME);
|
||||
buffer_put_int(&msg, id);
|
||||
buffer_put_int(&msg, count);
|
||||
TRACE("sent names id %d count %d", id, count);
|
||||
TRACE("sent names id %u count %d", id, count);
|
||||
for (i = 0; i < count; i++) {
|
||||
buffer_put_cstring(&msg, stats[i].name);
|
||||
buffer_put_cstring(&msg, stats[i].long_name);
|
||||
@ -352,7 +352,7 @@ send_attrib(u_int32_t id, Attrib *a)
|
||||
{
|
||||
Buffer msg;
|
||||
|
||||
TRACE("sent attrib id %d have 0x%x", id, a->flags);
|
||||
TRACE("sent attrib id %u have 0x%x", id, a->flags);
|
||||
buffer_init(&msg);
|
||||
buffer_put_char(&msg, SSH2_FXP_ATTRS);
|
||||
buffer_put_int(&msg, id);
|
||||
@ -391,7 +391,7 @@ process_open(void)
|
||||
a = get_attrib();
|
||||
flags = flags_from_portable(pflags);
|
||||
mode = (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ? a->perm : 0666;
|
||||
TRACE("open id %d name %s flags %d mode 0%o", id, name, pflags, mode);
|
||||
TRACE("open id %u name %s flags %d mode 0%o", id, name, pflags, mode);
|
||||
fd = open(name, flags, mode);
|
||||
if (fd < 0) {
|
||||
status = errno_to_portable(errno);
|
||||
@ -417,7 +417,7 @@ process_close(void)
|
||||
|
||||
id = get_int();
|
||||
handle = get_handle();
|
||||
TRACE("close id %d handle %d", id, handle);
|
||||
TRACE("close id %u handle %d", id, handle);
|
||||
ret = handle_close(handle);
|
||||
status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
|
||||
send_status(id, status);
|
||||
@ -436,7 +436,7 @@ process_read(void)
|
||||
off = get_int64();
|
||||
len = get_int();
|
||||
|
||||
TRACE("read id %d handle %d off %llu len %d", id, handle,
|
||||
TRACE("read id %u handle %d off %llu len %d", id, handle,
|
||||
(u_int64_t)off, len);
|
||||
if (len > sizeof buf) {
|
||||
len = sizeof buf;
|
||||
@ -477,7 +477,7 @@ process_write(void)
|
||||
off = get_int64();
|
||||
data = get_string(&len);
|
||||
|
||||
TRACE("write id %d handle %d off %llu len %d", id, handle,
|
||||
TRACE("write id %u handle %d off %llu len %d", id, handle,
|
||||
(u_int64_t)off, len);
|
||||
fd = handle_to_fd(handle);
|
||||
if (fd >= 0) {
|
||||
@ -512,7 +512,7 @@ process_do_stat(int do_lstat)
|
||||
|
||||
id = get_int();
|
||||
name = get_string(NULL);
|
||||
TRACE("%sstat id %d name %s", do_lstat ? "l" : "", id, name);
|
||||
TRACE("%sstat id %u name %s", do_lstat ? "l" : "", id, name);
|
||||
ret = do_lstat ? lstat(name, &st) : stat(name, &st);
|
||||
if (ret < 0) {
|
||||
status = errno_to_portable(errno);
|
||||
@ -548,7 +548,7 @@ process_fstat(void)
|
||||
|
||||
id = get_int();
|
||||
handle = get_handle();
|
||||
TRACE("fstat id %d handle %d", id, handle);
|
||||
TRACE("fstat id %u handle %d", id, handle);
|
||||
fd = handle_to_fd(handle);
|
||||
if (fd >= 0) {
|
||||
ret = fstat(fd, &st);
|
||||
@ -582,13 +582,12 @@ process_setstat(void)
|
||||
Attrib *a;
|
||||
u_int32_t id;
|
||||
char *name;
|
||||
int ret;
|
||||
int status = SSH2_FX_OK;
|
||||
int status = SSH2_FX_OK, ret;
|
||||
|
||||
id = get_int();
|
||||
name = get_string(NULL);
|
||||
a = get_attrib();
|
||||
TRACE("setstat id %d name %s", id, name);
|
||||
TRACE("setstat id %u name %s", id, name);
|
||||
if (a->flags & SSH2_FILEXFER_ATTR_SIZE) {
|
||||
ret = truncate(name, a->size);
|
||||
if (ret == -1)
|
||||
@ -625,7 +624,7 @@ process_fsetstat(void)
|
||||
id = get_int();
|
||||
handle = get_handle();
|
||||
a = get_attrib();
|
||||
TRACE("fsetstat id %d handle %d", id, handle);
|
||||
TRACE("fsetstat id %u handle %d", id, handle);
|
||||
fd = handle_to_fd(handle);
|
||||
name = handle_to_name(handle);
|
||||
if (fd < 0 || name == NULL) {
|
||||
@ -677,7 +676,7 @@ process_opendir(void)
|
||||
|
||||
id = get_int();
|
||||
path = get_string(NULL);
|
||||
TRACE("opendir id %d path %s", id, path);
|
||||
TRACE("opendir id %u path %s", id, path);
|
||||
dirp = opendir(path);
|
||||
if (dirp == NULL) {
|
||||
status = errno_to_portable(errno);
|
||||
@ -713,13 +712,13 @@ ls_file(char *name, struct stat *st)
|
||||
if ((pw = getpwuid(st->st_uid)) != NULL) {
|
||||
user = pw->pw_name;
|
||||
} else {
|
||||
snprintf(ubuf, sizeof ubuf, "%d", st->st_uid);
|
||||
snprintf(ubuf, sizeof ubuf, "%u", (u_int)st->st_uid);
|
||||
user = ubuf;
|
||||
}
|
||||
if ((gr = getgrgid(st->st_gid)) != NULL) {
|
||||
group = gr->gr_name;
|
||||
} else {
|
||||
snprintf(gbuf, sizeof gbuf, "%d", st->st_gid);
|
||||
snprintf(gbuf, sizeof gbuf, "%u", (u_int)st->st_gid);
|
||||
group = gbuf;
|
||||
}
|
||||
if (ltime != NULL) {
|
||||
@ -749,7 +748,7 @@ process_readdir(void)
|
||||
|
||||
id = get_int();
|
||||
handle = get_handle();
|
||||
TRACE("readdir id %d handle %d", id, handle);
|
||||
TRACE("readdir id %u handle %d", id, handle);
|
||||
dirp = handle_to_dir(handle);
|
||||
path = handle_to_name(handle);
|
||||
if (dirp == NULL || path == NULL) {
|
||||
@ -759,6 +758,7 @@ process_readdir(void)
|
||||
char pathname[1024];
|
||||
Stat *stats;
|
||||
int nstats = 10, count = 0, i;
|
||||
|
||||
stats = xmalloc(nstats * sizeof(Stat));
|
||||
while ((dp = readdir(dirp)) != NULL) {
|
||||
if (count >= nstats) {
|
||||
@ -802,7 +802,7 @@ process_remove(void)
|
||||
|
||||
id = get_int();
|
||||
name = get_string(NULL);
|
||||
TRACE("remove id %d name %s", id, name);
|
||||
TRACE("remove id %u name %s", id, name);
|
||||
ret = unlink(name);
|
||||
status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
|
||||
send_status(id, status);
|
||||
@ -822,7 +822,7 @@ process_mkdir(void)
|
||||
a = get_attrib();
|
||||
mode = (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ?
|
||||
a->perm & 0777 : 0777;
|
||||
TRACE("mkdir id %d name %s mode 0%o", id, name, mode);
|
||||
TRACE("mkdir id %u name %s mode 0%o", id, name, mode);
|
||||
ret = mkdir(name, mode);
|
||||
status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
|
||||
send_status(id, status);
|
||||
@ -838,7 +838,7 @@ process_rmdir(void)
|
||||
|
||||
id = get_int();
|
||||
name = get_string(NULL);
|
||||
TRACE("rmdir id %d name %s", id, name);
|
||||
TRACE("rmdir id %u name %s", id, name);
|
||||
ret = rmdir(name);
|
||||
status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
|
||||
send_status(id, status);
|
||||
@ -858,7 +858,7 @@ process_realpath(void)
|
||||
xfree(path);
|
||||
path = xstrdup(".");
|
||||
}
|
||||
TRACE("realpath id %d path %s", id, path);
|
||||
TRACE("realpath id %u path %s", id, path);
|
||||
if (realpath(path, resolvedname) == NULL) {
|
||||
send_status(id, errno_to_portable(errno));
|
||||
} else {
|
||||
@ -881,7 +881,7 @@ process_rename(void)
|
||||
id = get_int();
|
||||
oldpath = get_string(NULL);
|
||||
newpath = get_string(NULL);
|
||||
TRACE("rename id %d old %s new %s", id, oldpath, newpath);
|
||||
TRACE("rename id %u old %s new %s", id, oldpath, newpath);
|
||||
/* fail if 'newpath' exists */
|
||||
if (stat(newpath, &st) == -1) {
|
||||
ret = rename(oldpath, newpath);
|
||||
@ -902,7 +902,7 @@ process_readlink(void)
|
||||
|
||||
id = get_int();
|
||||
path = get_string(NULL);
|
||||
TRACE("readlink id %d path %s", id, path);
|
||||
TRACE("readlink id %u path %s", id, path);
|
||||
if ((len = readlink(path, link, sizeof(link) - 1)) == -1)
|
||||
send_status(id, errno_to_portable(errno));
|
||||
else {
|
||||
@ -927,7 +927,7 @@ process_symlink(void)
|
||||
id = get_int();
|
||||
oldpath = get_string(NULL);
|
||||
newpath = get_string(NULL);
|
||||
TRACE("symlink id %d old %s new %s", id, oldpath, newpath);
|
||||
TRACE("symlink id %u old %s new %s", id, oldpath, newpath);
|
||||
/* fail if 'newpath' exists */
|
||||
if (stat(newpath, &st) == -1) {
|
||||
ret = symlink(oldpath, newpath);
|
||||
|
@ -24,7 +24,7 @@
|
||||
|
||||
#include "includes.h"
|
||||
|
||||
RCSID("$OpenBSD: sftp.c,v 1.29 2002/04/02 17:37:48 markus Exp $");
|
||||
RCSID("$OpenBSD: sftp.c,v 1.30 2002/06/23 09:30:14 deraadt Exp $");
|
||||
|
||||
/* XXX: short-form remote directory listings (like 'ls -C') */
|
||||
|
||||
@ -53,8 +53,10 @@ static void
|
||||
connect_to_server(char *path, char **args, int *in, int *out, pid_t *sshpid)
|
||||
{
|
||||
int c_in, c_out;
|
||||
|
||||
#ifdef USE_PIPES
|
||||
int pin[2], pout[2];
|
||||
|
||||
if ((pipe(pin) == -1) || (pipe(pout) == -1))
|
||||
fatal("pipe: %s", strerror(errno));
|
||||
*in = pin[0];
|
||||
@ -63,6 +65,7 @@ connect_to_server(char *path, char **args, int *in, int *out, pid_t *sshpid)
|
||||
c_out = pin[1];
|
||||
#else /* USE_PIPES */
|
||||
int inout[2];
|
||||
|
||||
if (socketpair(AF_UNIX, SOCK_STREAM, 0, inout) == -1)
|
||||
fatal("socketpair: %s", strerror(errno));
|
||||
*in = *out = inout[0];
|
||||
|
@ -1,4 +1,4 @@
|
||||
.\" $OpenBSD: ssh-agent.1,v 1.33 2002/06/19 00:27:55 deraadt Exp $
|
||||
.\" $OpenBSD: ssh-agent.1,v 1.35 2002/06/24 13:12:23 markus Exp $
|
||||
.\"
|
||||
.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
@ -69,7 +69,7 @@ The options are as follows:
|
||||
Bind the agent to the unix-domain socket
|
||||
.Ar bind_address .
|
||||
The default is
|
||||
.Pa /tmp/ssh-XXXXXXXX/agent.<pid> .
|
||||
.Pa /tmp/ssh-XXXXXXXX/agent.<ppid> .
|
||||
.It Fl c
|
||||
Generate C-shell commands on
|
||||
.Dv stdout .
|
||||
@ -151,7 +151,7 @@ user.
|
||||
.Pp
|
||||
The
|
||||
.Ev SSH_AGENT_PID
|
||||
environment variable holds the agent's PID.
|
||||
environment variable holds the agent's process ID.
|
||||
.Pp
|
||||
The agent exits automatically when the command given on the command
|
||||
line terminates.
|
||||
@ -163,7 +163,7 @@ Contains the protocol version 1 RSA authentication identity of the user.
|
||||
Contains the protocol version 2 DSA authentication identity of the user.
|
||||
.It Pa $HOME/.ssh/id_rsa
|
||||
Contains the protocol version 2 RSA authentication identity of the user.
|
||||
.It Pa /tmp/ssh-XXXXXXXX/agent.<pid>
|
||||
.It Pa /tmp/ssh-XXXXXXXX/agent.<ppid>
|
||||
Unix-domain sockets used to contain the connection to the
|
||||
authentication agent.
|
||||
These sockets should only be readable by the owner.
|
||||
|
@ -35,7 +35,7 @@
|
||||
|
||||
#include "includes.h"
|
||||
#include "openbsd-compat/fake-queue.h"
|
||||
RCSID("$OpenBSD: ssh-agent.c,v 1.95 2002/06/19 00:27:55 deraadt Exp $");
|
||||
RCSID("$OpenBSD: ssh-agent.c,v 1.97 2002/06/24 14:55:38 markus Exp $");
|
||||
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/md5.h>
|
||||
@ -110,6 +110,7 @@ static void
|
||||
idtab_init(void)
|
||||
{
|
||||
int i;
|
||||
|
||||
for (i = 0; i <=2; i++) {
|
||||
TAILQ_INIT(&idtable[i].idlist);
|
||||
idtable[i].nentries = 0;
|
||||
@ -152,8 +153,8 @@ static void
|
||||
process_request_identities(SocketEntry *e, int version)
|
||||
{
|
||||
Idtab *tab = idtab_lookup(version);
|
||||
Buffer msg;
|
||||
Identity *id;
|
||||
Buffer msg;
|
||||
|
||||
buffer_init(&msg);
|
||||
buffer_put_char(&msg, (version == 1) ?
|
||||
@ -182,21 +183,21 @@ process_request_identities(SocketEntry *e, int version)
|
||||
static void
|
||||
process_authentication_challenge1(SocketEntry *e)
|
||||
{
|
||||
Identity *id;
|
||||
Key *key;
|
||||
u_char buf[32], mdbuf[16], session_id[16];
|
||||
u_int response_type;
|
||||
BIGNUM *challenge;
|
||||
Identity *id;
|
||||
int i, len;
|
||||
Buffer msg;
|
||||
MD5_CTX md;
|
||||
u_char buf[32], mdbuf[16], session_id[16];
|
||||
u_int response_type;
|
||||
Key *key;
|
||||
|
||||
buffer_init(&msg);
|
||||
key = key_new(KEY_RSA1);
|
||||
if ((challenge = BN_new()) == NULL)
|
||||
fatal("process_authentication_challenge1: BN_new failed");
|
||||
|
||||
buffer_get_int(&e->request); /* ignored */
|
||||
(void) buffer_get_int(&e->request); /* ignored */
|
||||
buffer_get_bignum(&e->request, key->rsa->e);
|
||||
buffer_get_bignum(&e->request, key->rsa->n);
|
||||
buffer_get_bignum(&e->request, challenge);
|
||||
@ -251,13 +252,12 @@ process_authentication_challenge1(SocketEntry *e)
|
||||
static void
|
||||
process_sign_request2(SocketEntry *e)
|
||||
{
|
||||
extern int datafellows;
|
||||
Key *key;
|
||||
u_char *blob, *data, *signature = NULL;
|
||||
u_int blen, dlen, slen = 0;
|
||||
int flags;
|
||||
extern int datafellows;
|
||||
int ok = -1, flags;
|
||||
Buffer msg;
|
||||
int ok = -1;
|
||||
Key *key;
|
||||
|
||||
datafellows = 0;
|
||||
|
||||
@ -296,11 +296,10 @@ process_sign_request2(SocketEntry *e)
|
||||
static void
|
||||
process_remove_identity(SocketEntry *e, int version)
|
||||
{
|
||||
u_int blen, bits;
|
||||
int success = 0;
|
||||
Key *key = NULL;
|
||||
u_char *blob;
|
||||
u_int blen;
|
||||
u_int bits;
|
||||
int success = 0;
|
||||
|
||||
switch (version) {
|
||||
case 1:
|
||||
@ -310,7 +309,7 @@ process_remove_identity(SocketEntry *e, int version)
|
||||
buffer_get_bignum(&e->request, key->rsa->n);
|
||||
|
||||
if (bits != key_size(key))
|
||||
log("Warning: identity keysize mismatch: actual %d, announced %d",
|
||||
log("Warning: identity keysize mismatch: actual %u, announced %u",
|
||||
key_size(key), bits);
|
||||
break;
|
||||
case 2:
|
||||
@ -370,10 +369,10 @@ process_remove_all_identities(SocketEntry *e, int version)
|
||||
static void
|
||||
reaper(void)
|
||||
{
|
||||
Idtab *tab;
|
||||
u_int now = time(NULL);
|
||||
Identity *id, *nxt;
|
||||
int version;
|
||||
u_int now = time(NULL);
|
||||
Idtab *tab;
|
||||
|
||||
for (version = 1; version < 3; version++) {
|
||||
tab = idtab_lookup(version);
|
||||
@ -391,16 +390,15 @@ reaper(void)
|
||||
static void
|
||||
process_add_identity(SocketEntry *e, int version)
|
||||
{
|
||||
Key *k = NULL;
|
||||
char *type_name;
|
||||
char *comment;
|
||||
int type, success = 0, death = 0;
|
||||
Idtab *tab = idtab_lookup(version);
|
||||
int type, success = 0, death = 0;
|
||||
char *type_name, *comment;
|
||||
Key *k = NULL;
|
||||
|
||||
switch (version) {
|
||||
case 1:
|
||||
k = key_new_private(KEY_RSA1);
|
||||
buffer_get_int(&e->request); /* ignored */
|
||||
(void) buffer_get_int(&e->request); /* ignored */
|
||||
buffer_get_bignum(&e->request, k->rsa->n);
|
||||
buffer_get_bignum(&e->request, k->rsa->e);
|
||||
buffer_get_bignum(&e->request, k->rsa->d);
|
||||
@ -481,8 +479,8 @@ process_add_identity(SocketEntry *e, int version)
|
||||
static void
|
||||
process_lock_agent(SocketEntry *e, int lock)
|
||||
{
|
||||
char *passwd;
|
||||
int success = 0;
|
||||
char *passwd;
|
||||
|
||||
passwd = buffer_get_string(&e->request, NULL);
|
||||
if (locked && !lock && strcmp(passwd, lock_passwd) == 0) {
|
||||
@ -523,11 +521,11 @@ no_identities(SocketEntry *e, u_int type)
|
||||
static void
|
||||
process_add_smartcard_key (SocketEntry *e)
|
||||
{
|
||||
Identity *id;
|
||||
Idtab *tab;
|
||||
Key **keys, *k;
|
||||
char *sc_reader_id = NULL, *pin;
|
||||
int i, version, success = 0;
|
||||
Key **keys, *k;
|
||||
Identity *id;
|
||||
Idtab *tab;
|
||||
|
||||
sc_reader_id = buffer_get_string(&e->request, NULL);
|
||||
pin = buffer_get_string(&e->request, NULL);
|
||||
@ -566,11 +564,11 @@ process_add_smartcard_key (SocketEntry *e)
|
||||
static void
|
||||
process_remove_smartcard_key(SocketEntry *e)
|
||||
{
|
||||
Identity *id;
|
||||
Idtab *tab;
|
||||
Key **keys, *k = NULL;
|
||||
char *sc_reader_id = NULL, *pin;
|
||||
int i, version, success = 0;
|
||||
Key **keys, *k = NULL;
|
||||
Identity *id;
|
||||
Idtab *tab;
|
||||
|
||||
sc_reader_id = buffer_get_string(&e->request, NULL);
|
||||
pin = buffer_get_string(&e->request, NULL);
|
||||
@ -608,8 +606,7 @@ process_remove_smartcard_key(SocketEntry *e)
|
||||
static void
|
||||
process_message(SocketEntry *e)
|
||||
{
|
||||
u_int msg_len;
|
||||
u_int type;
|
||||
u_int msg_len, type;
|
||||
u_char *cp;
|
||||
|
||||
/* kill dead keys */
|
||||
@ -622,6 +619,7 @@ process_message(SocketEntry *e)
|
||||
if (msg_len > 256 * 1024) {
|
||||
shutdown(e->fd, SHUT_RDWR);
|
||||
close(e->fd);
|
||||
e->fd = -1;
|
||||
e->type = AUTH_UNUSED;
|
||||
buffer_free(&e->input);
|
||||
buffer_free(&e->output);
|
||||
@ -717,6 +715,7 @@ static void
|
||||
new_socket(sock_type type, int fd)
|
||||
{
|
||||
u_int i, old_alloc;
|
||||
|
||||
if (fcntl(fd, F_SETFL, O_NONBLOCK) < 0)
|
||||
error("fcntl O_NONBLOCK: %s", strerror(errno));
|
||||
|
||||
@ -801,11 +800,11 @@ prepare_select(fd_set **fdrp, fd_set **fdwp, int *fdl, int *nallocp)
|
||||
static void
|
||||
after_select(fd_set *readset, fd_set *writeset)
|
||||
{
|
||||
u_int i;
|
||||
int len, sock;
|
||||
struct sockaddr_un sunaddr;
|
||||
socklen_t slen;
|
||||
char buf[1024];
|
||||
struct sockaddr_un sunaddr;
|
||||
int len, sock;
|
||||
u_int i;
|
||||
|
||||
for (i = 0; i < sockets_alloc; i++)
|
||||
switch (sockets[i].type) {
|
||||
@ -839,6 +838,7 @@ after_select(fd_set *readset, fd_set *writeset)
|
||||
if (len <= 0) {
|
||||
shutdown(sockets[i].fd, SHUT_RDWR);
|
||||
close(sockets[i].fd);
|
||||
sockets[i].fd = -1;
|
||||
sockets[i].type = AUTH_UNUSED;
|
||||
buffer_free(&sockets[i].input);
|
||||
buffer_free(&sockets[i].output);
|
||||
@ -858,6 +858,7 @@ after_select(fd_set *readset, fd_set *writeset)
|
||||
if (len <= 0) {
|
||||
shutdown(sockets[i].fd, SHUT_RDWR);
|
||||
close(sockets[i].fd);
|
||||
sockets[i].fd = -1;
|
||||
sockets[i].type = AUTH_UNUSED;
|
||||
buffer_free(&sockets[i].input);
|
||||
buffer_free(&sockets[i].output);
|
||||
@ -928,6 +929,8 @@ int
|
||||
main(int ac, char **av)
|
||||
{
|
||||
int sock, c_flag = 0, d_flag = 0, k_flag = 0, s_flag = 0, ch, nalloc;
|
||||
char *shell, *format, *pidstr, *agentsocket = NULL;
|
||||
fd_set *readsetp = NULL, *writesetp = NULL;
|
||||
struct sockaddr_un sunaddr;
|
||||
#ifdef HAVE_SETRLIMIT
|
||||
struct rlimit rlim;
|
||||
@ -935,11 +938,10 @@ main(int ac, char **av)
|
||||
#ifdef HAVE_CYGWIN
|
||||
int prev_mask;
|
||||
#endif
|
||||
pid_t pid;
|
||||
char *shell, *format, *pidstr, pidstrbuf[1 + 3 * sizeof pid];
|
||||
char *agentsocket = NULL;
|
||||
extern int optind;
|
||||
fd_set *readsetp = NULL, *writesetp = NULL;
|
||||
extern char *optarg;
|
||||
pid_t pid;
|
||||
char pidstrbuf[1 + 3 * sizeof pid];
|
||||
|
||||
SSLeay_add_all_algorithms();
|
||||
|
||||
@ -947,11 +949,7 @@ main(int ac, char **av)
|
||||
init_rng();
|
||||
seed_rng();
|
||||
|
||||
#ifdef __GNU_LIBRARY__
|
||||
while ((ch = getopt(ac, av, "+cdksa:")) != -1) {
|
||||
#else /* __GNU_LIBRARY__ */
|
||||
while ((ch = getopt(ac, av, "cdksa:")) != -1) {
|
||||
#endif /* __GNU_LIBRARY__ */
|
||||
switch (ch) {
|
||||
case 'c':
|
||||
if (s_flag)
|
||||
|
@ -23,7 +23,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: ssh-dss.c,v 1.14 2002/02/28 15:46:33 markus Exp $");
|
||||
RCSID("$OpenBSD: ssh-dss.c,v 1.15 2002/06/23 03:30:17 deraadt Exp $");
|
||||
|
||||
#include <openssl/bn.h>
|
||||
#include <openssl/evp.h>
|
||||
@ -40,9 +40,7 @@ RCSID("$OpenBSD: ssh-dss.c,v 1.14 2002/02/28 15:46:33 markus Exp $");
|
||||
#define SIGBLOB_LEN (2*INTBLOB_LEN)
|
||||
|
||||
int
|
||||
ssh_dss_sign(
|
||||
Key *key,
|
||||
u_char **sigp, u_int *lenp,
|
||||
ssh_dss_sign(Key *key, u_char **sigp, u_int *lenp,
|
||||
u_char *data, u_int datalen)
|
||||
{
|
||||
DSA_SIG *sig;
|
||||
@ -71,7 +69,7 @@ ssh_dss_sign(
|
||||
rlen = BN_num_bytes(sig->r);
|
||||
slen = BN_num_bytes(sig->s);
|
||||
if (rlen > INTBLOB_LEN || slen > INTBLOB_LEN) {
|
||||
error("bad sig size %d %d", rlen, slen);
|
||||
error("bad sig size %u %u", rlen, slen);
|
||||
DSA_SIG_free(sig);
|
||||
return -1;
|
||||
}
|
||||
@ -104,9 +102,7 @@ ssh_dss_sign(
|
||||
return 0;
|
||||
}
|
||||
int
|
||||
ssh_dss_verify(
|
||||
Key *key,
|
||||
u_char *signature, u_int signaturelen,
|
||||
ssh_dss_verify(Key *key, u_char *signature, u_int signaturelen,
|
||||
u_char *data, u_int datalen)
|
||||
{
|
||||
DSA_SIG *sig;
|
||||
@ -151,7 +147,7 @@ ssh_dss_verify(
|
||||
}
|
||||
|
||||
if (len != SIGBLOB_LEN) {
|
||||
fatal("bad sigbloblen %d != SIGBLOB_LEN", len);
|
||||
fatal("bad sigbloblen %u != SIGBLOB_LEN", len);
|
||||
}
|
||||
|
||||
/* parse signature */
|
||||
|
@ -12,7 +12,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: ssh-keygen.c,v 1.100 2002/06/19 00:27:55 deraadt Exp $");
|
||||
RCSID("$OpenBSD: ssh-keygen.c,v 1.101 2002/06/23 09:39:55 deraadt Exp $");
|
||||
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/pem.h>
|
||||
@ -170,7 +170,7 @@ do_convert_to_ssh2(struct passwd *pw)
|
||||
}
|
||||
fprintf(stdout, "%s\n", SSH_COM_PUBLIC_BEGIN);
|
||||
fprintf(stdout,
|
||||
"Comment: \"%d-bit %s, converted from OpenSSH by %s@%s\"\n",
|
||||
"Comment: \"%u-bit %s, converted from OpenSSH by %s@%s\"\n",
|
||||
key_size(k), key_type(k),
|
||||
pw->pw_name, hostname);
|
||||
dump_base64(stdout, blob, len);
|
||||
@ -462,7 +462,7 @@ do_fingerprint(struct passwd *pw)
|
||||
public = key_load_public(identity_file, &comment);
|
||||
if (public != NULL) {
|
||||
fp = key_fingerprint(public, fptype, rep);
|
||||
printf("%d %s %s\n", key_size(public), fp, comment);
|
||||
printf("%u %s %s\n", key_size(public), fp, comment);
|
||||
key_free(public);
|
||||
xfree(comment);
|
||||
xfree(fp);
|
||||
@ -496,7 +496,8 @@ do_fingerprint(struct passwd *pw)
|
||||
if (i == 0 || ep == NULL || (*ep != ' ' && *ep != '\t')) {
|
||||
int quoted = 0;
|
||||
comment = cp;
|
||||
for (; *cp && (quoted || (*cp != ' ' && *cp != '\t')); cp++) {
|
||||
for (; *cp && (quoted || (*cp != ' ' &&
|
||||
*cp != '\t')); cp++) {
|
||||
if (*cp == '\\' && cp[1] == '"')
|
||||
cp++; /* Skip both */
|
||||
else if (*cp == '"')
|
||||
@ -519,7 +520,7 @@ do_fingerprint(struct passwd *pw)
|
||||
}
|
||||
comment = *cp ? cp : comment;
|
||||
fp = key_fingerprint(public, fptype, rep);
|
||||
printf("%d %s %s\n", key_size(public), fp,
|
||||
printf("%u %s %s\n", key_size(public), fp,
|
||||
comment ? comment : "no comment");
|
||||
xfree(fp);
|
||||
key_free(public);
|
||||
|
@ -23,7 +23,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: ssh-rsa.c,v 1.20 2002/06/10 16:53:06 stevesk Exp $");
|
||||
RCSID("$OpenBSD: ssh-rsa.c,v 1.21 2002/06/23 03:30:17 deraadt Exp $");
|
||||
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/err.h>
|
||||
@ -39,9 +39,7 @@ RCSID("$OpenBSD: ssh-rsa.c,v 1.20 2002/06/10 16:53:06 stevesk Exp $");
|
||||
|
||||
/* RSASSA-PKCS1-v1_5 (PKCS #1 v2.0 signature) with SHA1 */
|
||||
int
|
||||
ssh_rsa_sign(
|
||||
Key *key,
|
||||
u_char **sigp, u_int *lenp,
|
||||
ssh_rsa_sign(Key *key, u_char **sigp, u_int *lenp,
|
||||
u_char *data, u_int datalen)
|
||||
{
|
||||
const EVP_MD *evp_md;
|
||||
@ -72,17 +70,18 @@ ssh_rsa_sign(
|
||||
|
||||
if (ok != 1) {
|
||||
int ecode = ERR_get_error();
|
||||
error("ssh_rsa_sign: RSA_sign failed: %s", ERR_error_string(ecode, NULL));
|
||||
error("ssh_rsa_sign: RSA_sign failed: %s",
|
||||
ERR_error_string(ecode, NULL));
|
||||
xfree(sig);
|
||||
return -1;
|
||||
}
|
||||
if (len < slen) {
|
||||
int diff = slen - len;
|
||||
debug("slen %d > len %d", slen, len);
|
||||
debug("slen %u > len %u", slen, len);
|
||||
memmove(sig + diff, sig, len);
|
||||
memset(sig, 0, diff);
|
||||
} else if (len > slen) {
|
||||
error("ssh_rsa_sign: slen %d slen2 %d", slen, len);
|
||||
error("ssh_rsa_sign: slen %u slen2 %u", slen, len);
|
||||
xfree(sig);
|
||||
return -1;
|
||||
}
|
||||
@ -105,9 +104,7 @@ ssh_rsa_sign(
|
||||
}
|
||||
|
||||
int
|
||||
ssh_rsa_verify(
|
||||
Key *key,
|
||||
u_char *signature, u_int signaturelen,
|
||||
ssh_rsa_verify(Key *key, u_char *signature, u_int signaturelen,
|
||||
u_char *data, u_int datalen)
|
||||
{
|
||||
Buffer b;
|
||||
@ -148,12 +145,12 @@ ssh_rsa_verify(
|
||||
/* RSA_verify expects a signature of RSA_size */
|
||||
modlen = RSA_size(key->rsa);
|
||||
if (len > modlen) {
|
||||
error("ssh_rsa_verify: len %d > modlen %d", len, modlen);
|
||||
error("ssh_rsa_verify: len %u > modlen %u", len, modlen);
|
||||
xfree(sigblob);
|
||||
return -1;
|
||||
} else if (len < modlen) {
|
||||
int diff = modlen - len;
|
||||
debug("ssh_rsa_verify: add padding: modlen %d > len %d",
|
||||
debug("ssh_rsa_verify: add padding: modlen %u > len %u",
|
||||
modlen, len);
|
||||
sigblob = xrealloc(sigblob, modlen);
|
||||
memmove(sigblob + diff, sigblob, len);
|
||||
@ -176,7 +173,8 @@ ssh_rsa_verify(
|
||||
xfree(sigblob);
|
||||
if (ret == 0) {
|
||||
int ecode = ERR_get_error();
|
||||
error("ssh_rsa_verify: RSA_verify failed: %s", ERR_error_string(ecode, NULL));
|
||||
error("ssh_rsa_verify: RSA_verify failed: %s",
|
||||
ERR_error_string(ecode, NULL));
|
||||
}
|
||||
debug("ssh_rsa_verify: signature %scorrect", (ret==0) ? "in" : "");
|
||||
return ret;
|
||||
|
@ -34,7 +34,7 @@
|
||||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $OpenBSD: ssh.1,v 1.158 2002/06/20 19:56:07 stevesk Exp $
|
||||
.\" $OpenBSD: ssh.1,v 1.160 2002/06/22 11:51:39 naddy Exp $
|
||||
.Dd September 25, 1999
|
||||
.Dt SSH 1
|
||||
.Os
|
||||
@ -952,8 +952,8 @@ protocol versions 1.5 and 2.0.
|
||||
.Xr ssh-agent 1 ,
|
||||
.Xr ssh-keygen 1 ,
|
||||
.Xr telnet 1 ,
|
||||
.Xr ssh_config 4 ,
|
||||
.Xr ssh-keysign 8,
|
||||
.Xr ssh_config 5 ,
|
||||
.Xr ssh-keysign 8 ,
|
||||
.Xr sshd 8
|
||||
.Rs
|
||||
.%A T. Ylonen
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: ssh.h,v 1.70 2002/06/03 12:04:07 deraadt Exp $ */
|
||||
/* $OpenBSD: ssh.h,v 1.71 2002/06/22 02:00:29 stevesk Exp $ */
|
||||
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
@ -65,8 +65,8 @@
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Name of the environment variable containing the pathname of the
|
||||
* authentication socket.
|
||||
* Name of the environment variable containing the process ID of the
|
||||
* authentication agent.
|
||||
*/
|
||||
#define SSH_AGENTPID_ENV_NAME "SSH_AGENT_PID"
|
||||
|
||||
|
@ -13,7 +13,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: sshconnect.c,v 1.125 2002/06/19 00:27:55 deraadt Exp $");
|
||||
RCSID("$OpenBSD: sshconnect.c,v 1.126 2002/06/23 03:30:17 deraadt Exp $");
|
||||
|
||||
#include <openssl/bn.h>
|
||||
|
||||
@ -266,7 +266,7 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
|
||||
memset(&hints, 0, sizeof(hints));
|
||||
hints.ai_family = family;
|
||||
hints.ai_socktype = SOCK_STREAM;
|
||||
snprintf(strport, sizeof strport, "%d", port);
|
||||
snprintf(strport, sizeof strport, "%u", port);
|
||||
if ((gaierr = getaddrinfo(host, strport, &hints, &aitop)) != 0)
|
||||
fatal("%s: %.100s: %s", __progname, host,
|
||||
gai_strerror(gaierr));
|
||||
@ -489,7 +489,6 @@ confirm(const char *prompt)
|
||||
* check whether the supplied host key is valid, return -1 if the key
|
||||
* is not valid. the user_hostfile will not be updated if 'readonly' is true.
|
||||
*/
|
||||
|
||||
static int
|
||||
check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
|
||||
int readonly, const char *user_hostfile, const char *system_hostfile)
|
||||
|
@ -23,7 +23,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: sshconnect2.c,v 1.104 2002/06/19 00:27:55 deraadt Exp $");
|
||||
RCSID("$OpenBSD: sshconnect2.c,v 1.105 2002/06/23 03:30:17 deraadt Exp $");
|
||||
|
||||
#include "ssh.h"
|
||||
#include "ssh2.h"
|
||||
@ -299,12 +299,14 @@ userauth(Authctxt *authctxt, char *authlist)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
void
|
||||
input_userauth_error(int type, u_int32_t seq, void *ctxt)
|
||||
{
|
||||
fatal("input_userauth_error: bad message during authentication: "
|
||||
"type %d", type);
|
||||
}
|
||||
|
||||
void
|
||||
input_userauth_banner(int type, u_int32_t seq, void *ctxt)
|
||||
{
|
||||
@ -316,6 +318,7 @@ input_userauth_banner(int type, u_int32_t seq, void *ctxt)
|
||||
xfree(msg);
|
||||
xfree(lang);
|
||||
}
|
||||
|
||||
void
|
||||
input_userauth_success(int type, u_int32_t seq, void *ctxt)
|
||||
{
|
||||
@ -327,6 +330,7 @@ input_userauth_success(int type, u_int32_t seq, void *ctxt)
|
||||
clear_auth_state(authctxt);
|
||||
authctxt->success = 1; /* break out */
|
||||
}
|
||||
|
||||
void
|
||||
input_userauth_failure(int type, u_int32_t seq, void *ctxt)
|
||||
{
|
||||
@ -375,7 +379,7 @@ input_userauth_pk_ok(int type, u_int32_t seq, void *ctxt)
|
||||
}
|
||||
packet_check_eom();
|
||||
|
||||
debug("input_userauth_pk_ok: pkalg %s blen %d lastkey %p hint %d",
|
||||
debug("input_userauth_pk_ok: pkalg %s blen %u lastkey %p hint %d",
|
||||
pkalg, blen, authctxt->last_key, authctxt->last_key_hint);
|
||||
|
||||
do {
|
||||
@ -894,9 +898,7 @@ input_userauth_info_req(int type, u_int32_t seq, void *ctxt)
|
||||
}
|
||||
|
||||
static int
|
||||
ssh_keysign(
|
||||
Key *key,
|
||||
u_char **sigp, u_int *lenp,
|
||||
ssh_keysign(Key *key, u_char **sigp, u_int *lenp,
|
||||
u_char *data, u_int datalen)
|
||||
{
|
||||
Buffer b;
|
||||
@ -1098,6 +1100,7 @@ authmethod_lookup(const char *name)
|
||||
static Authmethod *current = NULL;
|
||||
static char *supported = NULL;
|
||||
static char *preferred = NULL;
|
||||
|
||||
/*
|
||||
* Given the authentication method list sent by the server, return the
|
||||
* next method we should try. If the server initially sends a nil list,
|
||||
|
@ -34,7 +34,7 @@
|
||||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $OpenBSD: sshd.8,v 1.184 2002/06/20 19:56:07 stevesk Exp $
|
||||
.\" $OpenBSD: sshd.8,v 1.186 2002/06/22 16:45:29 stevesk Exp $
|
||||
.Dd September 25, 1999
|
||||
.Dt SSHD 8
|
||||
.Os
|
||||
@ -578,11 +578,18 @@ These files are created using
|
||||
.Xr ssh-keygen 1 .
|
||||
.It Pa /etc/moduli
|
||||
Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange".
|
||||
.It Pa /var/empty
|
||||
.Xr chroot 2
|
||||
directory used by
|
||||
.Nm
|
||||
during privilege separation in the pre-authentication phase.
|
||||
The directory should not contain any files and must be owned by root
|
||||
and not group or world-writable.
|
||||
.It Pa /var/run/sshd.pid
|
||||
Contains the process ID of the
|
||||
.Nm
|
||||
listening for connections (if there are several daemons running
|
||||
concurrently for different ports, this contains the pid of the one
|
||||
concurrently for different ports, this contains the process ID of the one
|
||||
started last).
|
||||
The content of this file is not sensitive; it can be world-readable.
|
||||
.It Pa $HOME/.ssh/authorized_keys
|
||||
|
@ -42,7 +42,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: sshd.c,v 1.246 2002/06/20 23:05:56 markus Exp $");
|
||||
RCSID("$OpenBSD: sshd.c,v 1.251 2002/06/25 18:51:04 markus Exp $");
|
||||
|
||||
#include <openssl/dh.h>
|
||||
#include <openssl/bn.h>
|
||||
@ -219,6 +219,7 @@ static void
|
||||
close_listen_socks(void)
|
||||
{
|
||||
int i;
|
||||
|
||||
for (i = 0; i < num_listen_socks; i++)
|
||||
close(listen_socks[i]);
|
||||
num_listen_socks = -1;
|
||||
@ -228,6 +229,7 @@ static void
|
||||
close_startup_pipes(void)
|
||||
{
|
||||
int i;
|
||||
|
||||
if (startup_pipes)
|
||||
for (i = 0; i < options.max_startups; i++)
|
||||
if (startup_pipes[i] != -1)
|
||||
@ -260,7 +262,8 @@ sighup_restart(void)
|
||||
close_listen_socks();
|
||||
close_startup_pipes();
|
||||
execv(saved_argv[0], saved_argv);
|
||||
log("RESTART FAILED: av[0]='%.100s', error: %.100s.", saved_argv[0], strerror(errno));
|
||||
log("RESTART FAILED: av[0]='%.100s', error: %.100s.", saved_argv[0],
|
||||
strerror(errno));
|
||||
exit(1);
|
||||
}
|
||||
|
||||
@ -280,8 +283,8 @@ sigterm_handler(int sig)
|
||||
static void
|
||||
main_sigchld_handler(int sig)
|
||||
{
|
||||
pid_t pid;
|
||||
int save_errno = errno;
|
||||
pid_t pid;
|
||||
int status;
|
||||
|
||||
while ((pid = waitpid(-1, &status, WNOHANG)) > 0 ||
|
||||
@ -341,6 +344,7 @@ static void
|
||||
key_regeneration_alarm(int sig)
|
||||
{
|
||||
int save_errno = errno;
|
||||
|
||||
signal(SIGALRM, SIG_DFL);
|
||||
errno = save_errno;
|
||||
key_do_regen = 1;
|
||||
@ -372,7 +376,8 @@ sshd_exchange_identification(int sock_in, int sock_out)
|
||||
|
||||
if (client_version_string == NULL) {
|
||||
/* Send our protocol version identification. */
|
||||
if (atomicio(write, sock_out, server_version_string, strlen(server_version_string))
|
||||
if (atomicio(write, sock_out, server_version_string,
|
||||
strlen(server_version_string))
|
||||
!= strlen(server_version_string)) {
|
||||
log("Could not write ident string to %s", get_remote_ipaddr());
|
||||
fatal_cleanup();
|
||||
@ -475,7 +480,6 @@ sshd_exchange_identification(int sock_in, int sock_out)
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/* Destroy the host and server keys. They will no longer be needed. */
|
||||
void
|
||||
destroy_sensitive_data(void)
|
||||
@ -526,8 +530,9 @@ static void
|
||||
privsep_preauth_child(void)
|
||||
{
|
||||
u_int32_t rand[256];
|
||||
int i;
|
||||
gid_t gidset[2];
|
||||
struct passwd *pw;
|
||||
int i;
|
||||
|
||||
/* Enable challenge-response authentication for privilege separation */
|
||||
privsep_challenge_enable();
|
||||
@ -555,7 +560,17 @@ privsep_preauth_child(void)
|
||||
/* Drop our privileges */
|
||||
debug3("privsep user:group %u:%u", (u_int)pw->pw_uid,
|
||||
(u_int)pw->pw_gid);
|
||||
#if 0
|
||||
/* XXX not ready, to heavy after chroot */
|
||||
do_setusercontext(pw);
|
||||
#else
|
||||
gidset[0] = pw->pw_gid;
|
||||
if (setgid(pw->pw_gid) < 0)
|
||||
fatal("setgid failed for %u", pw->pw_gid );
|
||||
if (setgroups(1, gidset) < 0)
|
||||
fatal("setgroups: %.100s", strerror(errno));
|
||||
permanently_set_uid(pw);
|
||||
#endif
|
||||
}
|
||||
|
||||
static Authctxt*
|
||||
@ -609,7 +624,11 @@ privsep_postauth(Authctxt *authctxt)
|
||||
/* XXX - Remote port forwarding */
|
||||
x_authctxt = authctxt;
|
||||
|
||||
#ifdef BROKEN_FD_PASSING
|
||||
if (1) {
|
||||
#else
|
||||
if (authctxt->pw->pw_uid == 0 || options.use_login) {
|
||||
#endif
|
||||
/* File descriptor passing is broken or root login */
|
||||
monitor_apply_keystate(pmonitor);
|
||||
use_privsep = 0;
|
||||
@ -683,6 +702,7 @@ Key *
|
||||
get_hostkey_by_type(int type)
|
||||
{
|
||||
int i;
|
||||
|
||||
for (i = 0; i < options.num_host_key_files; i++) {
|
||||
Key *key = sensitive_data.host_keys[i];
|
||||
if (key != NULL && key->type == type)
|
||||
@ -703,6 +723,7 @@ int
|
||||
get_hostkey_index(Key *key)
|
||||
{
|
||||
int i;
|
||||
|
||||
for (i = 0; i < options.num_host_key_files; i++) {
|
||||
if (key == sensitive_data.host_keys[i])
|
||||
return (i);
|
||||
@ -991,11 +1012,13 @@ main(int ac, char **av)
|
||||
* hate software patents. I dont know if this can go? Niels
|
||||
*/
|
||||
if (options.server_key_bits >
|
||||
BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) - SSH_KEY_BITS_RESERVED &&
|
||||
options.server_key_bits <
|
||||
BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) + SSH_KEY_BITS_RESERVED) {
|
||||
BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) -
|
||||
SSH_KEY_BITS_RESERVED && options.server_key_bits <
|
||||
BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) +
|
||||
SSH_KEY_BITS_RESERVED) {
|
||||
options.server_key_bits =
|
||||
BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) + SSH_KEY_BITS_RESERVED;
|
||||
BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) +
|
||||
SSH_KEY_BITS_RESERVED;
|
||||
debug("Forcing server key to %d bits to make it differ from host key.",
|
||||
options.server_key_bits);
|
||||
}
|
||||
@ -1012,6 +1035,9 @@ main(int ac, char **av)
|
||||
(S_ISDIR(st.st_mode) == 0))
|
||||
fatal("Missing privilege separation directory: %s",
|
||||
_PATH_PRIVSEP_CHROOT_DIR);
|
||||
if (st.st_uid != 0 || (st.st_mode & (S_IWGRP|S_IWOTH)) != 0)
|
||||
fatal("Bad owner or mode for %s",
|
||||
_PATH_PRIVSEP_CHROOT_DIR);
|
||||
}
|
||||
|
||||
/* Configuration looks good, so exit if in test mode. */
|
||||
@ -1351,7 +1377,7 @@ main(int ac, char **av)
|
||||
*/
|
||||
#if 0
|
||||
/* XXX: this breaks Solaris */
|
||||
if (setsid() < 0)
|
||||
if (!debug_flag && !inetd_flag && setsid() < 0)
|
||||
error("setsid: %.100s", strerror(errno));
|
||||
#endif
|
||||
|
||||
|
@ -34,7 +34,7 @@
|
||||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $OpenBSD: sshd_config.5,v 1.3 2002/06/20 23:37:12 markus Exp $
|
||||
.\" $OpenBSD: sshd_config.5,v 1.4 2002/06/22 16:45:29 stevesk Exp $
|
||||
.Dd September 25, 1999
|
||||
.Dt SSHD_CONFIG 5
|
||||
.Os
|
||||
@ -305,10 +305,6 @@ To disable keepalives, the value should be set to
|
||||
.It Cm KerberosAuthentication
|
||||
Specifies whether Kerberos authentication is allowed.
|
||||
This can be in the form of a Kerberos ticket, or if
|
||||
.It Cm PAMAuthenticationViaKbdInt
|
||||
Specifies whether PAM challenge response authentication is allowed. This
|
||||
allows the use of most PAM challenge response authentication modules, but
|
||||
it will allow password authentication regardless of whether
|
||||
.Cm PasswordAuthentication
|
||||
is yes, the password provided by the user will be validated through
|
||||
the Kerberos KDC.
|
||||
@ -425,6 +421,12 @@ The probability increases linearly and all connection attempts
|
||||
are refused if the number of unauthenticated connections reaches
|
||||
.Dq full
|
||||
(60).
|
||||
.It Cm PAMAuthenticationViaKbdInt
|
||||
Specifies whether PAM challenge response authentication is allowed. This
|
||||
allows the use of most PAM challenge response authentication modules, but
|
||||
it will allow password authentication regardless of whether
|
||||
.Cm PasswordAuthentication
|
||||
is enabled.
|
||||
.It Cm PasswordAuthentication
|
||||
Specifies whether password authentication is allowed.
|
||||
The default is
|
||||
@ -464,7 +466,7 @@ If this option is set to
|
||||
.Dq no
|
||||
root is not allowed to login.
|
||||
.It Cm PidFile
|
||||
Specifies the file that contains the process identifier of the
|
||||
Specifies the file that contains the process ID of the
|
||||
.Nm sshd
|
||||
daemon.
|
||||
The default is
|
||||
|
@ -39,7 +39,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: sshlogin.c,v 1.3 2001/12/19 07:18:56 deraadt Exp $");
|
||||
RCSID("$OpenBSD: sshlogin.c,v 1.4 2002/06/23 03:30:17 deraadt Exp $");
|
||||
|
||||
#include "loginrec.h"
|
||||
|
||||
@ -48,10 +48,9 @@ RCSID("$OpenBSD: sshlogin.c,v 1.3 2001/12/19 07:18:56 deraadt Exp $");
|
||||
* information is not available. This must be called before record_login.
|
||||
* The host the user logged in from will be returned in buf.
|
||||
*/
|
||||
|
||||
u_long
|
||||
get_last_login_time(uid_t uid, const char *logname,
|
||||
char *buf, u_int bufsize)
|
||||
char *buf, u_int bufsize)
|
||||
{
|
||||
struct logininfo li;
|
||||
|
||||
@ -64,10 +63,9 @@ get_last_login_time(uid_t uid, const char *logname,
|
||||
* Records that the user has logged in. I these parts of operating systems
|
||||
* were more standardized.
|
||||
*/
|
||||
|
||||
void
|
||||
record_login(pid_t pid, const char *ttyname, const char *user, uid_t uid,
|
||||
const char *host, struct sockaddr * addr)
|
||||
const char *host, struct sockaddr * addr)
|
||||
{
|
||||
struct logininfo *li;
|
||||
|
||||
@ -92,7 +90,6 @@ record_utmp_only(pid_t pid, const char *ttyname, const char *user,
|
||||
#endif
|
||||
|
||||
/* Records that the user has logged out. */
|
||||
|
||||
void
|
||||
record_logout(pid_t pid, const char *ttyname, const char *user)
|
||||
{
|
||||
|
@ -12,7 +12,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: sshpty.c,v 1.4 2001/12/19 07:18:56 deraadt Exp $");
|
||||
RCSID("$OpenBSD: sshpty.c,v 1.7 2002/06/24 17:57:20 deraadt Exp $");
|
||||
|
||||
#ifdef HAVE_UTIL_H
|
||||
# include <util.h>
|
||||
@ -343,9 +343,8 @@ pty_make_controlling_tty(int *ttyfd, const char *ttyname)
|
||||
if (fd < 0)
|
||||
error("open /dev/tty failed - could not set controlling tty: %.100s",
|
||||
strerror(errno));
|
||||
else {
|
||||
else
|
||||
close(fd);
|
||||
}
|
||||
#endif /* _CRAY */
|
||||
}
|
||||
|
||||
@ -356,6 +355,7 @@ pty_change_window_size(int ptyfd, int row, int col,
|
||||
int xpixel, int ypixel)
|
||||
{
|
||||
struct winsize w;
|
||||
|
||||
w.ws_row = row;
|
||||
w.ws_col = col;
|
||||
w.ws_xpixel = xpixel;
|
||||
@ -393,13 +393,13 @@ pty_setowner(struct passwd *pw, const char *ttyname)
|
||||
if (st.st_uid != pw->pw_uid || st.st_gid != gid) {
|
||||
if (chown(ttyname, pw->pw_uid, gid) < 0) {
|
||||
if (errno == EROFS &&
|
||||
(st.st_uid == pw->pw_uid || st.st_uid == 0))
|
||||
error("chown(%.100s, %d, %d) failed: %.100s",
|
||||
ttyname, pw->pw_uid, gid,
|
||||
(st.st_uid == pw->pw_uid || st.st_uid == 0))
|
||||
error("chown(%.100s, %u, %u) failed: %.100s",
|
||||
ttyname, (u_int)pw->pw_uid, (u_int)gid,
|
||||
strerror(errno));
|
||||
else
|
||||
fatal("chown(%.100s, %d, %d) failed: %.100s",
|
||||
ttyname, pw->pw_uid, gid,
|
||||
fatal("chown(%.100s, %u, %u) failed: %.100s",
|
||||
ttyname, (u_int)pw->pw_uid, (u_int)gid,
|
||||
strerror(errno));
|
||||
}
|
||||
}
|
||||
|
@ -11,7 +11,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: tildexpand.c,v 1.12 2001/08/11 22:51:27 jakob Exp $");
|
||||
RCSID("$OpenBSD: tildexpand.c,v 1.13 2002/06/23 03:25:50 deraadt Exp $");
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "log.h"
|
||||
@ -67,6 +67,7 @@ tilde_expand_filename(const char *filename, uid_t my_uid)
|
||||
if (len > MAXPATHLEN)
|
||||
fatal("Home directory too long (%d > %d", len-1, MAXPATHLEN-1);
|
||||
expanded = xmalloc(len);
|
||||
snprintf(expanded, len, "%s%s%s", pw->pw_dir, strcmp(pw->pw_dir, "/") ? "/" : "", cp + 1);
|
||||
snprintf(expanded, len, "%s%s%s", pw->pw_dir,
|
||||
strcmp(pw->pw_dir, "/") ? "/" : "", cp + 1);
|
||||
return expanded;
|
||||
}
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: version.h,v 1.33 2002/06/21 15:41:20 markus Exp $ */
|
||||
/* $OpenBSD: version.h,v 1.34 2002/06/26 13:56:27 markus Exp $ */
|
||||
|
||||
#define SSH_VERSION "OpenSSH_3.3"
|
||||
#define SSH_VERSION "OpenSSH_3.4p1"
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user