This commit was generated by cvs2svn to compensate for changes in r149749,
which included commits to RCS files with non-trunk default branches.
This commit is contained in:
commit
f8a2a7f14a
@ -3,6 +3,7 @@ Tatu Ylonen <ylo@cs.hut.fi> - Creator of SSH
|
||||
Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos,
|
||||
Theo de Raadt, and Dug Song - Creators of OpenSSH
|
||||
|
||||
Ahsan Rashid <arms@sco.com> - UnixWare long passwords
|
||||
Alain St-Denis <Alain.St-Denis@ec.gc.ca> - Irix fix
|
||||
Alexandre Oliva <oliva@lsd.ic.unicamp.br> - AIX fixes
|
||||
Andre Lucas <andre@ae-35.com> - new login code, many fixes
|
||||
@ -32,6 +33,7 @@ David Del Piero <David.DelPiero@qed.qld.gov.au> - bug fixes
|
||||
David Hesprich <darkgrue@gue-tech.org> - Configure fixes
|
||||
David Rankin <drankin@bohemians.lexington.ky.us> - libwrap, AIX, NetBSD fixes
|
||||
Dag-Erling Smørgrav <des at freebsd.org> - Challenge-Response PAM code.
|
||||
Dhiraj Gulati <dgulati@sco.com> - UnixWare long passwords
|
||||
Ed Eden <ede370@stl.rural.usda.gov> - configure fixes
|
||||
Garrick James <garrick@james.net> - configure fixes
|
||||
Gary E. Miller <gem@rellim.com> - SCO support
|
||||
@ -98,5 +100,5 @@ Apologies to anyone I have missed.
|
||||
|
||||
Damien Miller <djm@mindrot.org>
|
||||
|
||||
$Id: CREDITS,v 1.79 2004/05/26 23:59:31 dtucker Exp $
|
||||
$Id: CREDITS,v 1.80 2005/08/26 20:15:20 tim Exp $
|
||||
|
||||
|
@ -1,3 +1,496 @@
|
||||
20050901
|
||||
- (djm) Update RPM spec file versions
|
||||
|
||||
20050831
|
||||
- (djm) OpenBSD CVS Sync
|
||||
- djm@cvs.openbsd.org 2005/08/30 22:08:05
|
||||
[gss-serv.c sshconnect2.c]
|
||||
destroy credentials if krb5_kuserok() call fails. Stops credentials being
|
||||
delegated to users who are not authorised for GSSAPIAuthentication when
|
||||
GSSAPIDeletegateCredentials=yes and another authentication mechanism
|
||||
succeeds; bz#1073 reported by paul.moore AT centrify.com, fix by
|
||||
simon AT sxw.org.uk, tested todd@ biorn@ jakob@; ok deraadt@
|
||||
- markus@cvs.openbsd.org 2005/08/31 09:28:42
|
||||
[version.h]
|
||||
4.2
|
||||
- (dtucker) [README] Update release note URL to 4.2
|
||||
- (tim) [configure.ac auth.c defines.h session.c openbsd-compat/port-uw.c
|
||||
openbsd-compat/port-uw.h openbsd-compat/xcrypt.c] libiaf cleanup. Disable
|
||||
libiaf bits for OpenServer6. Free memory allocated by ia_get_logpwd().
|
||||
Feedback and OK dtucker@
|
||||
|
||||
20050830
|
||||
- (tim) [configure.ac] Back out last change. It needs to be done differently.
|
||||
|
||||
20050829
|
||||
- (tim) [configure.ac] ia_openinfo() seems broken on OSR6. Limit UW long
|
||||
password support to 7.x for now.
|
||||
|
||||
20050826
|
||||
- (tim) [CREDITS LICENCE auth.c configure.ac defines.h includes.h session.c
|
||||
openbsd-compat/Makefile.in openbsd-compat/openbsd-compat.h
|
||||
openbsd-compat/xcrypt.c] New files [openssh/openbsd-compat/port-uw.c
|
||||
openssh/openbsd-compat/port-uw.h] Support long passwords (> 8-char)
|
||||
on UnixWare 7 from Dhiraj Gulati and Ahsan Rashid. Cleanup and testing
|
||||
by tim@. Feedback and OK dtucker@
|
||||
|
||||
20050823
|
||||
- (dtucker) [regress/test-exec.sh] Do not prepend an extra "/" to a fully-
|
||||
qualified sshd pathname since some systems (eg Cygwin) may consider "/foo"
|
||||
and "//foo" to be different. Spotted by vinschen at redhat.com.
|
||||
- (tim) [configure.ac] Not all gcc's support -Wsign-compare. Enhancements
|
||||
and OK dtucker@
|
||||
- (tim) [defines.h] PATH_MAX bits for OpenServer OK dtucker@
|
||||
|
||||
20050821
|
||||
- (dtucker) [configure.ac defines.h includes.h sftp.c] Add support for
|
||||
LynxOS, patch from Olli Savia (ops at iki.fi). ok djm@
|
||||
|
||||
20050816
|
||||
- (djm) [ttymodes.c] bugzilla #1025: Fix encoding of _POSIX_VDISABLE,
|
||||
from Jacob Nevins; ok dtucker@
|
||||
|
||||
20050815
|
||||
- (tim) [sftp.c] wrap el_end() in #ifdef USE_LIBEDIT
|
||||
- (tim) [configure.ac] corrections to libedit tests. Report and patches
|
||||
by skeleten AT shillest.net
|
||||
|
||||
20050812
|
||||
- (djm) OpenBSD CVS Sync
|
||||
- markus@cvs.openbsd.org 2005/07/28 17:36:22
|
||||
[packet.c]
|
||||
missing packet_init_compression(); from solar
|
||||
- djm@cvs.openbsd.org 2005/07/30 01:26:16
|
||||
[ssh.c]
|
||||
fix -D listen_host initialisation, so it picks up gateway_ports setting
|
||||
correctly
|
||||
- djm@cvs.openbsd.org 2005/07/30 02:03:47
|
||||
[readconf.c]
|
||||
listen_hosts initialisation here too; spotted greg AT y2005.nest.cx
|
||||
- dtucker@cvs.openbsd.org 2005/08/06 10:03:12
|
||||
[servconf.c]
|
||||
Unbreak sshd ListenAddress for bare IPv6 addresses.
|
||||
Report from Janusz Mucka; ok djm@
|
||||
- jaredy@cvs.openbsd.org 2005/08/08 13:22:48
|
||||
[sftp.c]
|
||||
sftp prompt enhancements:
|
||||
- in non-interactive mode, do not print an empty prompt at the end
|
||||
before finishing
|
||||
- print newline after EOF in editline mode
|
||||
- call el_end() in editline mode
|
||||
ok dtucker djm
|
||||
|
||||
20050810
|
||||
- (dtucker) [configure.ac] Test libedit library and headers for compatibility.
|
||||
Report from skeleten AT shillest.net, ok djm@
|
||||
- (dtucker) [LICENCE configure.ac defines.h openbsd-compat/realpath.c]
|
||||
Sync current (thread-safe) version of realpath.c from OpenBSD (which is
|
||||
in turn based on FreeBSD's). ok djm@
|
||||
|
||||
20050809
|
||||
- (tim) [configure.ac] Allow --with-audit=no. OK dtucker@
|
||||
Report by skeleten AT shillest.net
|
||||
|
||||
20050803
|
||||
- (dtucker) [openbsd-compat/fake-rfc2553.h] Check for EAI_* defines
|
||||
individually and use a value less likely to collide with real values from
|
||||
netdb.h. Fixes compile warnings on FreeBSD 5.3. ok djm@
|
||||
- (dtucker) [openbsd-compat/fake-rfc2553.h] MAX_INT -> INT_MAX since the
|
||||
latter is specified in the standard.
|
||||
|
||||
20050802
|
||||
- (dtucker) OpenBSD CVS Sync
|
||||
- dtucker@cvs.openbsd.org 2005/07/27 10:39:03
|
||||
[scp.c hostfile.c sftp-client.c]
|
||||
Silence bogus -Wuninitialized warnings; ok djm@
|
||||
- (dtucker) [configure.ac] Enable -Wuninitialized by default when compiling
|
||||
with gcc. ok djm@
|
||||
- (dtucker) [configure.ac] Add a --with-Werror option to configure for
|
||||
adding -Werror to CFLAGS when all of the configure tests are done. ok djm@
|
||||
|
||||
20050726
|
||||
- (dtucker) [configure.ac] Update zlib warning message too, pointed out by
|
||||
tim@.
|
||||
- (djm) OpenBSD CVS Sync
|
||||
- otto@cvs.openbsd.org 2005/07/19 15:32:26
|
||||
[auth-passwd.c]
|
||||
auth_usercheck(3) can return NULL, so check for that. Report from
|
||||
mpech@. ok markus@
|
||||
- markus@cvs.openbsd.org 2005/07/25 11:59:40
|
||||
[kex.c kex.h myproposal.h packet.c packet.h servconf.c session.c]
|
||||
[sshconnect2.c sshd.c sshd_config sshd_config.5]
|
||||
add a new compression method that delays compression until the user
|
||||
has been authenticated successfully and set compression to 'delayed'
|
||||
for sshd.
|
||||
this breaks older openssh clients (< 3.5) if they insist on
|
||||
compression, so you have to re-enable compression in sshd_config.
|
||||
ok djm@
|
||||
|
||||
20050725
|
||||
- (dtucker) [configure.ac] Update zlib version check for CAN-2005-2096.
|
||||
|
||||
20050717
|
||||
- OpenBSD CVS Sync
|
||||
- djm@cvs.openbsd.org 2005/07/16 01:35:24
|
||||
[auth1.c channels.c cipher.c clientloop.c kex.c session.c ssh.c]
|
||||
[sshconnect.c]
|
||||
spacing
|
||||
- (djm) [acss.c auth-pam.c auth-shadow.c auth-skey.c auth1.c canohost.c]
|
||||
[cipher-acss.c loginrec.c ssh-rand-helper.c sshd.c] Fix whitespace at EOL
|
||||
in portable too ("perl -p -i -e 's/\s+$/\n/' *.[ch]")
|
||||
- (djm) [auth-pam.c sftp.c] spaces vs. tabs at start of line
|
||||
- djm@cvs.openbsd.org 2005/07/17 06:49:04
|
||||
[channels.c channels.h session.c session.h]
|
||||
Fix a number of X11 forwarding channel leaks:
|
||||
1. Refuse multiple X11 forwarding requests on the same session
|
||||
2. Clean up all listeners after a single_connection X11 forward, not just
|
||||
the one that made the single connection
|
||||
3. Destroy X11 listeners when the session owning them goes away
|
||||
testing and ok dtucker@
|
||||
- djm@cvs.openbsd.org 2005/07/17 07:17:55
|
||||
[auth-rh-rsa.c auth-rhosts.c auth2-chall.c auth2-gss.c channels.c]
|
||||
[cipher-ctr.c gss-genr.c gss-serv.c kex.c moduli.c readconf.c]
|
||||
[serverloop.c session.c sftp-client.c sftp.c ssh-add.c ssh-keygen.c]
|
||||
[sshconnect.c sshconnect2.c]
|
||||
knf says that a 2nd level indent is four (not three or five) spaces
|
||||
-(djm) [audit.c auth1.c auth2.c entropy.c loginrec.c serverloop.c]
|
||||
[ssh-rand-helper.c] fix portable 2nd level indents at 4 spaces too
|
||||
- (djm) [monitor.c monitor_wrap.c] -Wsign-compare for PAM monitor calls
|
||||
|
||||
20050716
|
||||
- (dtucker) [auth-pam.c] Ensure that only one side of the authentication
|
||||
socketpair stays open on in both the monitor and PAM process. Patch from
|
||||
Joerg Sonnenberger.
|
||||
|
||||
20050714
|
||||
- (dtucker) OpenBSD CVS Sync
|
||||
- dtucker@cvs.openbsd.org 2005/07/06 09:33:05
|
||||
[ssh.1]
|
||||
clarify meaning of ssh -b ; with & ok jmc@
|
||||
- dtucker@cvs.openbsd.org 2005/07/08 09:26:18
|
||||
[misc.c]
|
||||
Make comment match code; ok djm@
|
||||
- markus@cvs.openbsd.org 2005/07/08 09:41:33
|
||||
[channels.h]
|
||||
race when efd gets closed while there is still buffered data:
|
||||
change CHANNEL_EFD_OUTPUT_ACTIVE()
|
||||
1) c->efd must always be valid AND
|
||||
2a) no EOF has been seen OR
|
||||
2b) there is buffered data
|
||||
report, initial fix and testing Chuck Cranor
|
||||
- dtucker@cvs.openbsd.org 2005/07/08 10:20:41
|
||||
[ssh_config.5]
|
||||
change BindAddress to match recent ssh -b change; prompted by markus@
|
||||
- jmc@cvs.openbsd.org 2005/07/08 12:53:10
|
||||
[ssh_config.5]
|
||||
new sentence, new line;
|
||||
- dtucker@cvs.openbsd.org 2005/07/14 04:00:43
|
||||
[misc.h]
|
||||
use __sentinel__ attribute; ok deraadt@ djm@ markus@
|
||||
- (dtucker) [configure.ac defines.h] Define __sentinel__ to nothing if the
|
||||
compiler doesn't understand it to prevent warnings. If any mainstream
|
||||
compiler versions acquire it we can test for those versions. Based on
|
||||
discussion with djm@.
|
||||
|
||||
20050707
|
||||
- dtucker [auth-krb5.c auth.h gss-serv-krb5.c] Move KRB5CCNAME generation for
|
||||
the MIT Kerberos code path into a common function and expand mkstemp
|
||||
template to be consistent with the rest of OpenSSH. From sxw at
|
||||
inf.ed.ac.uk, ok djm@
|
||||
- (dtucker) [auth-krb5.c] There's no guarantee that snprintf will set errno
|
||||
in the case where the buffer is insufficient, so always return ENOMEM.
|
||||
Also pointed out by sxw at inf.ed.ac.uk.
|
||||
- (dtucker) [acconfig.h auth-krb5.c configure.ac gss-serv-krb5.c] Remove
|
||||
calls to krb5_init_ets, which has not been required since krb-1.1.x and
|
||||
most Kerberos versions no longer export in their public API. From sxw
|
||||
at inf.ed.ac.uk, ok djm@
|
||||
|
||||
20050706
|
||||
- (djm) OpenBSD CVS Sync
|
||||
- markus@cvs.openbsd.org 2005/07/01 13:19:47
|
||||
[channels.c]
|
||||
don't free() if getaddrinfo() fails; report mpech@
|
||||
- djm@cvs.openbsd.org 2005/07/04 00:58:43
|
||||
[channels.c clientloop.c clientloop.h misc.c misc.h ssh.c ssh_config.5]
|
||||
implement support for X11 and agent forwarding over multiplex slave
|
||||
connections. Because of protocol limitations, the slave connections inherit
|
||||
the master's DISPLAY and SSH_AUTH_SOCK rather than distinctly forwarding
|
||||
their own.
|
||||
ok dtucker@ "put it in" deraadt@
|
||||
- jmc@cvs.openbsd.org 2005/07/04 11:29:51
|
||||
[ssh_config.5]
|
||||
fix Xr and a little grammar;
|
||||
- markus@cvs.openbsd.org 2005/07/04 14:04:11
|
||||
[channels.c]
|
||||
don't forget to set x11_saved_display
|
||||
|
||||
20050626
|
||||
- (djm) OpenBSD CVS Sync
|
||||
- djm@cvs.openbsd.org 2005/06/17 22:53:47
|
||||
[ssh.c sshconnect.c]
|
||||
Fix ControlPath's %p expanding to "0" for a default port,
|
||||
spotted dwmw2 AT infradead.org; ok markus@
|
||||
- djm@cvs.openbsd.org 2005/06/18 04:30:36
|
||||
[ssh.c ssh_config.5]
|
||||
allow ControlPath=none, patch from dwmw2 AT infradead.org; ok dtucker@
|
||||
- djm@cvs.openbsd.org 2005/06/25 22:47:49
|
||||
[ssh.c]
|
||||
do the default port filling code a few lines earlier, so it really
|
||||
does fix %p
|
||||
|
||||
20050618
|
||||
- (djm) OpenBSD CVS Sync
|
||||
- djm@cvs.openbsd.org 2005/05/20 12:57:01;
|
||||
[auth1.c] split protocol 1 auth methods into separate functions, makes
|
||||
authloop much more readable; fixes and ok markus@ (portable ok &
|
||||
polish dtucker@)
|
||||
- djm@cvs.openbsd.org 2005/06/17 02:44:33
|
||||
[auth1.c] make this -Wsign-compare clean; ok avsm@ markus@
|
||||
- (djm) [loginrec.c ssh-rand-helper.c] Fix -Wsign-compare for portable,
|
||||
tested and fixes tim@
|
||||
|
||||
20050617
|
||||
- (djm) OpenBSD CVS Sync
|
||||
- djm@cvs.openbsd.org 2005/06/16 03:38:36
|
||||
[channels.c channels.h clientloop.c clientloop.h ssh.c]
|
||||
move x11_get_proto from ssh.c to clientloop.c, to make muliplexed xfwd
|
||||
easier later; ok deraadt@
|
||||
- markus@cvs.openbsd.org 2005/06/16 08:00:00
|
||||
[canohost.c channels.c sshd.c]
|
||||
don't exit if getpeername fails for forwarded ports; bugzilla #1054;
|
||||
ok djm
|
||||
- djm@cvs.openbsd.org 2005/06/17 02:44:33
|
||||
[auth-rsa.c auth.c auth1.c auth2-chall.c auth2-gss.c authfd.c authfile.c]
|
||||
[bufaux.c canohost.c channels.c cipher.c clientloop.c dns.c gss-serv.c]
|
||||
[kex.c kex.h key.c mac.c match.c misc.c packet.c packet.h scp.c]
|
||||
[servconf.c session.c session.h sftp-client.c sftp-server.c sftp.c]
|
||||
[ssh-keyscan.c ssh-rsa.c sshconnect.c sshconnect1.c sshconnect2.c sshd.c]
|
||||
make this -Wsign-compare clean; ok avsm@ markus@
|
||||
NB. auth1.c changes not committed yet (conflicts with uncommitted sync)
|
||||
NB2. more work may be needed to make portable Wsign-compare clean
|
||||
- (dtucker) [cipher.c openbsd-compat/openbsd-compat.h
|
||||
openbsd-compat/openssl-compat.c] only include openssl compat stuff where
|
||||
it's needed as it can cause conflicts elsewhere (eg xcrypt.c). Found by
|
||||
and ok tim@
|
||||
|
||||
20050616
|
||||
- (djm) OpenBSD CVS Sync
|
||||
- jaredy@cvs.openbsd.org 2005/06/07 13:25:23
|
||||
[progressmeter.c]
|
||||
catch SIGWINCH and resize progress meter accordingly; ok markus dtucker
|
||||
- djm@cvs.openbsd.org 2005/06/06 11:20:36
|
||||
[auth.c auth.h misc.c misc.h ssh.c ssh_config.5 sshconnect.c]
|
||||
introduce a generic %foo expansion function. replace existing % expansion
|
||||
and add expansion to ControlPath; ok markus@
|
||||
- djm@cvs.openbsd.org 2005/06/08 03:50:00
|
||||
[ssh-keygen.1 ssh-keygen.c sshd.8]
|
||||
increase default rsa/dsa key length from 1024 to 2048 bits;
|
||||
ok markus@ deraadt@
|
||||
- djm@cvs.openbsd.org 2005/06/08 11:25:09
|
||||
[clientloop.c readconf.c readconf.h ssh.c ssh_config.5]
|
||||
add ControlMaster=auto/autoask options to support opportunistic
|
||||
multiplexing; tested avsm@ and jakob@, ok markus@
|
||||
- dtucker@cvs.openbsd.org 2005/06/09 13:43:49
|
||||
[cipher.c]
|
||||
Correctly initialize end of array sentinel; ok djm@
|
||||
(Id sync only, change already in portable)
|
||||
|
||||
20050609
|
||||
- (dtucker) [cipher.c openbsd-compat/Makefile.in
|
||||
openbsd-compat/openbsd-compat.h openbsd-compat/openssl-compat.{c,h}]
|
||||
Move compatibility code for supporting older OpenSSL versions to the
|
||||
compat layer. Suggested by and "no objection" djm@
|
||||
|
||||
20050607
|
||||
- (dtucker) [configure.ac] Continue the hunt for LLONG_MIN and LLONG_MAX:
|
||||
in today's episode we attempt to coax it from limits.h where it may be
|
||||
hiding, failing that we take the DIY approach. Tested by tim@
|
||||
|
||||
20050603
|
||||
- (dtucker) [configure.ac] Only try gcc -std=gnu99 if LLONG_MAX isn't
|
||||
defined, and check that it helps before keeping it in CFLAGS. Some old
|
||||
gcc's don't set an error code when encountering an unknown value in -std.
|
||||
Found and tested by tim@.
|
||||
- (dtucker) [configure.ac] Point configure's reporting address at the
|
||||
openssh-unix-dev list. ok tim@ djm@
|
||||
|
||||
20050602
|
||||
- (tim) [configure.ac] Some platforms need sys/types.h for arpa/nameser.h.
|
||||
Take AC_CHECK_HEADERS test out of ultrix section. It caused other platforms
|
||||
to skip builtin standard includes tests. (first AC_CHECK_HEADERS test
|
||||
must be run on all platforms) Add missing ;; to case statement. OK dtucker@
|
||||
|
||||
20050601
|
||||
- (dtucker) [configure.ac] Look for _getshort and _getlong in
|
||||
arpa/nameser.h.
|
||||
- (dtucker) [configure.ac openbsd-compat/Makefile.in openbsd-compat/strtoll.c]
|
||||
Add strtoll to the compat library, from OpenBSD.
|
||||
- (dtucker) OpenBSD CVS Sync
|
||||
- avsm@cvs.openbsd.org 2005/05/26 02:08:05
|
||||
[scp.c]
|
||||
If copying multiple files to a target file (which normally fails, as it
|
||||
must be a target directory), kill the spawned ssh child before exiting.
|
||||
This stops it trying to authenticate and spewing lots of output.
|
||||
deraadt@ ok
|
||||
- dtucker@cvs.openbsd.org 2005/05/26 09:08:12
|
||||
[ssh-keygen.c]
|
||||
uint32_t -> u_int32_t for consistency; ok djm@
|
||||
- djm@cvs.openbsd.org 2005/05/27 08:30:37
|
||||
[ssh.c]
|
||||
fix -O for cases where no ControlPath has been specified or socket at
|
||||
ControlPath is not contactable; spotted by and ok avsm@
|
||||
- (tim) [config.guess config.sub] Update to '2005-05-27' version.
|
||||
- (tim) [configure.ac] set TEST_SHELL for OpenServer 6
|
||||
|
||||
20050531
|
||||
- (dtucker) [contrib/aix/pam.conf] Correct comments. From davidl at
|
||||
vintela.com.
|
||||
- (dtucker) [mdoc2man.awk] Teach it to understand .Ox.
|
||||
|
||||
20050530
|
||||
- (dtucker) [README] Link to new release notes. Beter late than never...
|
||||
|
||||
20050529
|
||||
- (dtucker) [openbsd-compat/port-aix.c] Bug #1046: AIX 5.3 expects the
|
||||
argument to passwdexpired to be initialized to NULL. Suggested by tim@
|
||||
While at it, initialize the other arguments to auth functions in case they
|
||||
ever acquire this behaviour.
|
||||
- (dtucker) [openbsd-compat/port-aix.c] Whitespace cleanups while there.
|
||||
- (dtucker) [openbsd-compat/port-aix.c] Minor correction to debug message,
|
||||
spotted by tim@.
|
||||
|
||||
20050528
|
||||
- (dtucker) [configure.ac] For AC_CHECK_HEADERS() and AC_CHECK_FUNCS() have
|
||||
one entry per line to make it easier to merge changes. ok djm@
|
||||
- (dtucker) [configure.ac] strsep() may be defined in string.h, so check
|
||||
for its presence and include it in the strsep check.
|
||||
- (dtucker) [configure.ac] getpgrp may be defined in unistd.h, so check for
|
||||
its presence before doing AC_FUNC_GETPGRP.
|
||||
- (dtucker) [configure.ac] Merge HP-UX blocks into a common block with minor
|
||||
version-specific variations as required.
|
||||
- (dtucker) [openbsd-compat/port-aix.h] Use the HAVE_DECL_* definitions as
|
||||
per the autoconf man page. Configure should always define them but it
|
||||
doesn't hurt to check.
|
||||
|
||||
20050527
|
||||
- (djm) [defines.h] Use our realpath if we have to define PATH_MAX, spotted by
|
||||
David Leach; ok dtucker@
|
||||
- (dtucker) [acconfig.h configure.ac defines.h includes.h sshpty.c
|
||||
openbsd-compat/bsd-misc.c] Add support for Ultrix. No, that's not a typo.
|
||||
Required changes from Bernhard Simon, integrated by me. ok djm@
|
||||
|
||||
20050525
|
||||
- (djm) [mpaux.c mpaux.h Makefile.in] Remove old mpaux.[ch] code, it has not
|
||||
been used for a while
|
||||
- (djm) OpenBSD CVS Sync
|
||||
- otto@cvs.openbsd.org 2005/04/05 13:45:31
|
||||
[ssh-keygen.c]
|
||||
- djm@cvs.openbsd.org 2005/04/06 09:43:59
|
||||
[sshd.c]
|
||||
avoid harmless logspam by not performing setsockopt() on non-socket;
|
||||
ok markus@
|
||||
- dtucker@cvs.openbsd.org 2005/04/06 12:26:06
|
||||
[ssh.c]
|
||||
Fix debug call for port forwards; patch from pete at seebeyond.com,
|
||||
ok djm@ (ID sync only - change already in portable)
|
||||
- djm@cvs.openbsd.org 2005/04/09 04:32:54
|
||||
[misc.c misc.h tildexpand.c Makefile.in]
|
||||
replace tilde_expand_filename with a simpler implementation, ahead of
|
||||
more whacking; ok deraadt@
|
||||
- jmc@cvs.openbsd.org 2005/04/14 12:30:30
|
||||
[ssh.1]
|
||||
arg to -b is an address, not if_name;
|
||||
ok markus@
|
||||
- jakob@cvs.openbsd.org 2005/04/20 10:05:45
|
||||
[dns.c]
|
||||
do not try to look up SSHFP for numerical hostname. ok djm@
|
||||
- djm@cvs.openbsd.org 2005/04/21 06:17:50
|
||||
[ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 ssh_config.5 sshd.8]
|
||||
[sshd_config.5] OpenSSH doesn't ever look at the $HOME environment
|
||||
variable, so don't say that we do (bz #623); ok deraadt@
|
||||
- djm@cvs.openbsd.org 2005/04/21 11:47:19
|
||||
[ssh.c]
|
||||
don't allocate a pty when -n flag (/dev/null stdin) is set, patch from
|
||||
ignasi.roca AT fujitsu-siemens.com (bz #829); ok dtucker@
|
||||
- dtucker@cvs.openbsd.org 2005/04/23 23:43:47
|
||||
[readpass.c]
|
||||
Add debug message if read_passphrase can't open /dev/tty; bz #471;
|
||||
ok djm@
|
||||
- jmc@cvs.openbsd.org 2005/04/26 12:59:02
|
||||
[sftp-client.h]
|
||||
spelling correction in comment from wiz@netbsd;
|
||||
- jakob@cvs.openbsd.org 2005/04/26 13:08:37
|
||||
[ssh.c ssh_config.5]
|
||||
fallback gracefully if client cannot connect to ControlPath. ok djm@
|
||||
- moritz@cvs.openbsd.org 2005/04/28 10:17:56
|
||||
[progressmeter.c ssh-keyscan.c]
|
||||
add snprintf checks. ok djm@ markus@
|
||||
- markus@cvs.openbsd.org 2005/05/02 21:13:22
|
||||
[readpass.c]
|
||||
missing {}
|
||||
- djm@cvs.openbsd.org 2005/05/10 10:28:11
|
||||
[ssh.c]
|
||||
print nice error message for EADDRINUSE as well (ID sync only)
|
||||
- djm@cvs.openbsd.org 2005/05/10 10:30:43
|
||||
[ssh.c]
|
||||
report real errors on fallback from ControlMaster=no to normal connect
|
||||
- markus@cvs.openbsd.org 2005/05/16 15:30:51
|
||||
[readconf.c servconf.c]
|
||||
check return value from strdelim() for NULL (AddressFamily); mpech
|
||||
- djm@cvs.openbsd.org 2005/05/19 02:39:55
|
||||
[sshd_config.5]
|
||||
sort config options, from grunk AT pestilenz.org; ok jmc@
|
||||
- djm@cvs.openbsd.org 2005/05/19 02:40:52
|
||||
[sshd_config]
|
||||
whitespace nit, from grunk AT pestilenz.org
|
||||
- djm@cvs.openbsd.org 2005/05/19 02:42:26
|
||||
[includes.h]
|
||||
fix cast, from grunk AT pestilenz.org
|
||||
- djm@cvs.openbsd.org 2005/05/20 10:50:55
|
||||
[ssh_config.5]
|
||||
give a ProxyCommand example using nc(1), with and ok jmc@
|
||||
- jmc@cvs.openbsd.org 2005/05/20 11:23:32
|
||||
[ssh_config.5]
|
||||
oops - article and spacing;
|
||||
- avsm@cvs.openbsd.org 2005/05/23 22:44:01
|
||||
[moduli.c ssh-keygen.c]
|
||||
- removes signed/unsigned comparisons in moduli generation
|
||||
- use strtonum instead of atoi where its easier
|
||||
- check some strlcpy overflow and fatal instead of truncate
|
||||
- djm@cvs.openbsd.org 2005/05/23 23:32:46
|
||||
[cipher.c myproposal.h ssh.1 ssh_config.5 sshd_config.5]
|
||||
add support for draft-harris-ssh-arcfour-fixes-02 improved arcfour modes;
|
||||
ok markus@
|
||||
- avsm@cvs.openbsd.org 2005/05/24 02:05:09
|
||||
[ssh-keygen.c]
|
||||
some style nits from dmiller@, and use a fatal() instead of a printf()/exit
|
||||
- avsm@cvs.openbsd.org 2005/05/24 17:32:44
|
||||
[atomicio.c atomicio.h authfd.c monitor_wrap.c msg.c scp.c sftp-client.c]
|
||||
[ssh-keyscan.c sshconnect.c]
|
||||
Switch atomicio to use a simpler interface; it now returns a size_t
|
||||
(containing number of bytes read/written), and indicates error by
|
||||
returning 0. EOF is signalled by errno==EPIPE.
|
||||
Typical use now becomes:
|
||||
|
||||
if (atomicio(read, ..., len) != len)
|
||||
err(1,"read");
|
||||
|
||||
ok deraadt@, cloder@, djm@
|
||||
- (dtucker) [regress/reexec.sh] Add ${EXEEXT} so this test also works on
|
||||
Cygwin.
|
||||
- (dtucker) [auth-pam.c] Bug #1033: Fix warnings building with PAM on Linux:
|
||||
warning: dereferencing type-punned pointer will break strict-aliasing rules
|
||||
warning: passing arg 3 of `pam_get_item' from incompatible pointer type
|
||||
The type-punned pointer fix is based on a patch from SuSE's rpm. ok djm@
|
||||
- (dtucker) [configure.ac openbsd-compat/getrrsetbyname.c] Bug #1033: Provide
|
||||
templates for _getshort and _getlong if missing to prevent compiler warnings
|
||||
on Linux.
|
||||
- (djm) [configure.ac openbsd-compat/Makefile.in]
|
||||
[openbsd-compat/openbsd-compat.h openbsd-compat/strtonum.c]
|
||||
Add strtonum(3) from OpenBSD libc, new code needs it.
|
||||
Unfortunately Linux forces us to do a bizarre dance with compiler
|
||||
options to get LLONG_MIN/MAX; Spotted by and ok dtucker@
|
||||
|
||||
20050524
|
||||
- (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
|
||||
[contrib/suse/openssh.spec] Update spec file versions to 4.1p1
|
||||
@ -9,7 +502,7 @@
|
||||
- (dtucker) [openbsd-compat/bsd-cygwin_util.c] Ensure sufficient memory
|
||||
allocation when retrieving core Windows environment. Add CYGWIN variable
|
||||
to propagated variables. Patch from vinschen at redhat.com, ok djm@
|
||||
- (djm) Release 4.1p1
|
||||
- Release 4.1p1
|
||||
|
||||
20050524
|
||||
- (djm) [openbsd-compat/readpassphrase.c] bz #950: Retry tcsetattr to ensure
|
||||
@ -2496,4 +2989,4 @@
|
||||
- (djm) Trim deprecated options from INSTALL. Mention UsePAM
|
||||
- (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
|
||||
|
||||
$Id: ChangeLog,v 1.3758.2.2 2005/05/25 12:24:56 djm Exp $
|
||||
$Id: ChangeLog,v 1.3887 2005/09/01 09:10:48 djm Exp $
|
||||
|
@ -1,4 +1,4 @@
|
||||
# $Id: Makefile.in,v 1.270 2005/02/25 23:12:38 dtucker Exp $
|
||||
# $Id: Makefile.in,v 1.273 2005/05/29 07:22:29 dtucker Exp $
|
||||
|
||||
# uncomment if you run a non bourne compatable shell. Ie. csh
|
||||
#SHELL = @SH@
|
||||
@ -66,8 +66,8 @@ LIBSSH_OBJS=acss.o authfd.o authfile.o bufaux.o buffer.o \
|
||||
canohost.o channels.o cipher.o cipher-acss.o cipher-aes.o \
|
||||
cipher-bf1.o cipher-ctr.o cipher-3des1.o cleanup.o \
|
||||
compat.o compress.o crc32.o deattack.o fatal.o hostfile.o \
|
||||
log.o match.o moduli.o mpaux.o nchan.o packet.o \
|
||||
readpass.o rsa.o tildexpand.o ttymodes.o xmalloc.o \
|
||||
log.o match.o moduli.o nchan.o packet.o \
|
||||
readpass.o rsa.o ttymodes.o xmalloc.o \
|
||||
atomicio.o key.o dispatch.o kex.o mac.o uidswap.o uuencode.o misc.o \
|
||||
monitor_fdpass.o rijndael.o ssh-dss.o ssh-rsa.o dh.o kexdh.o \
|
||||
kexgex.o kexdhc.o kexgexc.o scard.o msg.o progressmeter.o dns.o \
|
||||
@ -190,7 +190,7 @@ ssh_prng_cmds.out: ssh_prng_cmds
|
||||
$(PERL) $(srcdir)/fixprogs ssh_prng_cmds $(ENT); \
|
||||
fi
|
||||
|
||||
# fake rule to stop make trying to compile moduli.o into a binary "modulo"
|
||||
# fake rule to stop make trying to compile moduli.o into a binary "moduli.o"
|
||||
moduli:
|
||||
echo
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
See http://www.openssh.com/txt/release-4.0 for the release notes.
|
||||
See http://www.openssh.com/txt/release-4.2 for the release notes.
|
||||
|
||||
- A Japanese translation of this document and of the OpenSSH FAQ is
|
||||
- available at http://www.unixuser.org/~haruyama/security/openssh/index.html
|
||||
@ -56,9 +56,10 @@ References -
|
||||
[2] http://www.aet.tu-cottbus.de/personen/jaenicke/postfix_tls/prngd.html
|
||||
[3] http://www.gzip.org/zlib/
|
||||
[4] http://www.openssl.org/
|
||||
[5] http://www.kernel.org/pub/linux/libs/pam/ (PAM is standard on Solaris
|
||||
and HP-UX 11)
|
||||
[5] http://www.openpam.org
|
||||
http://www.kernel.org/pub/linux/libs/pam/
|
||||
(PAM also is standard on Solaris and HP-UX 11)
|
||||
[6] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9
|
||||
[7] http://www.openssh.com/faq.html
|
||||
|
||||
$Id: README,v 1.57 2005/03/09 03:32:28 dtucker Exp $
|
||||
$Id: README,v 1.60 2005/08/31 14:05:57 dtucker Exp $
|
||||
|
@ -38,8 +38,8 @@ privsep user and chroot directory:
|
||||
Privsep requires operating system support for file descriptor passing.
|
||||
Compression will be disabled on systems without a working mmap MAP_ANON.
|
||||
|
||||
PAM-enabled OpenSSH is known to function with privsep on AIX, HP-UX
|
||||
(including Trusted Mode), Linux and Solaris.
|
||||
PAM-enabled OpenSSH is known to function with privsep on AIX, FreeBSD,
|
||||
HP-UX (including Trusted Mode), Linux, NetBSD and Solaris.
|
||||
|
||||
On Cygwin, Tru64 Unix, OpenServer, and Unicos only the pre-authentication
|
||||
part of privsep is supported. Post-authentication privsep is disabled
|
||||
@ -60,4 +60,4 @@ process 1005 is the sshd process listening for new connections.
|
||||
process 6917 is the privileged monitor process, 6919 is the user owned
|
||||
sshd process and 6921 is the shell process.
|
||||
|
||||
$Id: README.privsep,v 1.15 2004/10/06 10:09:32 dtucker Exp $
|
||||
$Id: README.privsep,v 1.16 2005/06/04 23:21:41 djm Exp $
|
||||
|
@ -57,7 +57,7 @@ disproportionate time to execute.
|
||||
|
||||
Tuning the random helper can be done by running ./ssh-random-helper in
|
||||
very verbose mode ("-vvv") and identifying the commands that are taking
|
||||
accessive amounts of time or hanging altogher. Any problem commands can
|
||||
excessive amounts of time or hanging altogher. Any problem commands can
|
||||
be modified or removed from ssh_prng_cmds.
|
||||
|
||||
The default entropy collector will timeout programs which take too long
|
||||
@ -92,4 +92,4 @@ If you are forced to use ssh-rand-helper consider still downloading
|
||||
prngd/egd and configure OpenSSH using --with-prngd-port=xx or
|
||||
--with-prngd-socket=xx (refer to INSTALL for more information).
|
||||
|
||||
$Id: WARNING.RNG,v 1.7 2004/12/06 11:40:11 dtucker Exp $
|
||||
$Id: WARNING.RNG,v 1.8 2005/05/26 01:47:54 djm Exp $
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $Id: acss.c,v 1.2 2004/02/06 04:22:43 dtucker Exp $ */
|
||||
/* $Id: acss.c,v 1.3 2005/07/17 07:04:47 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2004 The OpenBSD project
|
||||
*
|
||||
@ -24,37 +24,37 @@
|
||||
|
||||
/* decryption sbox */
|
||||
static unsigned char sboxdec[] = {
|
||||
0x33, 0x73, 0x3b, 0x26, 0x63, 0x23, 0x6b, 0x76,
|
||||
0x3e, 0x7e, 0x36, 0x2b, 0x6e, 0x2e, 0x66, 0x7b,
|
||||
0xd3, 0x93, 0xdb, 0x06, 0x43, 0x03, 0x4b, 0x96,
|
||||
0xde, 0x9e, 0xd6, 0x0b, 0x4e, 0x0e, 0x46, 0x9b,
|
||||
0x57, 0x17, 0x5f, 0x82, 0xc7, 0x87, 0xcf, 0x12,
|
||||
0x5a, 0x1a, 0x52, 0x8f, 0xca, 0x8a, 0xc2, 0x1f,
|
||||
0xd9, 0x99, 0xd1, 0x00, 0x49, 0x09, 0x41, 0x90,
|
||||
0xd8, 0x98, 0xd0, 0x01, 0x48, 0x08, 0x40, 0x91,
|
||||
0x3d, 0x7d, 0x35, 0x24, 0x6d, 0x2d, 0x65, 0x74,
|
||||
0x3c, 0x7c, 0x34, 0x25, 0x6c, 0x2c, 0x64, 0x75,
|
||||
0xdd, 0x9d, 0xd5, 0x04, 0x4d, 0x0d, 0x45, 0x94,
|
||||
0xdc, 0x9c, 0xd4, 0x05, 0x4c, 0x0c, 0x44, 0x95,
|
||||
0x59, 0x19, 0x51, 0x80, 0xc9, 0x89, 0xc1, 0x10,
|
||||
0x58, 0x18, 0x50, 0x81, 0xc8, 0x88, 0xc0, 0x11,
|
||||
0xd7, 0x97, 0xdf, 0x02, 0x47, 0x07, 0x4f, 0x92,
|
||||
0xda, 0x9a, 0xd2, 0x0f, 0x4a, 0x0a, 0x42, 0x9f,
|
||||
0x53, 0x13, 0x5b, 0x86, 0xc3, 0x83, 0xcb, 0x16,
|
||||
0x5e, 0x1e, 0x56, 0x8b, 0xce, 0x8e, 0xc6, 0x1b,
|
||||
0xb3, 0xf3, 0xbb, 0xa6, 0xe3, 0xa3, 0xeb, 0xf6,
|
||||
0xbe, 0xfe, 0xb6, 0xab, 0xee, 0xae, 0xe6, 0xfb,
|
||||
0x37, 0x77, 0x3f, 0x22, 0x67, 0x27, 0x6f, 0x72,
|
||||
0x3a, 0x7a, 0x32, 0x2f, 0x6a, 0x2a, 0x62, 0x7f,
|
||||
0xb9, 0xf9, 0xb1, 0xa0, 0xe9, 0xa9, 0xe1, 0xf0,
|
||||
0xb8, 0xf8, 0xb0, 0xa1, 0xe8, 0xa8, 0xe0, 0xf1,
|
||||
0x5d, 0x1d, 0x55, 0x84, 0xcd, 0x8d, 0xc5, 0x14,
|
||||
0x5c, 0x1c, 0x54, 0x85, 0xcc, 0x8c, 0xc4, 0x15,
|
||||
0xbd, 0xfd, 0xb5, 0xa4, 0xed, 0xad, 0xe5, 0xf4,
|
||||
0xbc, 0xfc, 0xb4, 0xa5, 0xec, 0xac, 0xe4, 0xf5,
|
||||
0x39, 0x79, 0x31, 0x20, 0x69, 0x29, 0x61, 0x70,
|
||||
0x38, 0x78, 0x30, 0x21, 0x68, 0x28, 0x60, 0x71,
|
||||
0xb7, 0xf7, 0xbf, 0xa2, 0xe7, 0xa7, 0xef, 0xf2,
|
||||
0x33, 0x73, 0x3b, 0x26, 0x63, 0x23, 0x6b, 0x76,
|
||||
0x3e, 0x7e, 0x36, 0x2b, 0x6e, 0x2e, 0x66, 0x7b,
|
||||
0xd3, 0x93, 0xdb, 0x06, 0x43, 0x03, 0x4b, 0x96,
|
||||
0xde, 0x9e, 0xd6, 0x0b, 0x4e, 0x0e, 0x46, 0x9b,
|
||||
0x57, 0x17, 0x5f, 0x82, 0xc7, 0x87, 0xcf, 0x12,
|
||||
0x5a, 0x1a, 0x52, 0x8f, 0xca, 0x8a, 0xc2, 0x1f,
|
||||
0xd9, 0x99, 0xd1, 0x00, 0x49, 0x09, 0x41, 0x90,
|
||||
0xd8, 0x98, 0xd0, 0x01, 0x48, 0x08, 0x40, 0x91,
|
||||
0x3d, 0x7d, 0x35, 0x24, 0x6d, 0x2d, 0x65, 0x74,
|
||||
0x3c, 0x7c, 0x34, 0x25, 0x6c, 0x2c, 0x64, 0x75,
|
||||
0xdd, 0x9d, 0xd5, 0x04, 0x4d, 0x0d, 0x45, 0x94,
|
||||
0xdc, 0x9c, 0xd4, 0x05, 0x4c, 0x0c, 0x44, 0x95,
|
||||
0x59, 0x19, 0x51, 0x80, 0xc9, 0x89, 0xc1, 0x10,
|
||||
0x58, 0x18, 0x50, 0x81, 0xc8, 0x88, 0xc0, 0x11,
|
||||
0xd7, 0x97, 0xdf, 0x02, 0x47, 0x07, 0x4f, 0x92,
|
||||
0xda, 0x9a, 0xd2, 0x0f, 0x4a, 0x0a, 0x42, 0x9f,
|
||||
0x53, 0x13, 0x5b, 0x86, 0xc3, 0x83, 0xcb, 0x16,
|
||||
0x5e, 0x1e, 0x56, 0x8b, 0xce, 0x8e, 0xc6, 0x1b,
|
||||
0xb3, 0xf3, 0xbb, 0xa6, 0xe3, 0xa3, 0xeb, 0xf6,
|
||||
0xbe, 0xfe, 0xb6, 0xab, 0xee, 0xae, 0xe6, 0xfb,
|
||||
0x37, 0x77, 0x3f, 0x22, 0x67, 0x27, 0x6f, 0x72,
|
||||
0x3a, 0x7a, 0x32, 0x2f, 0x6a, 0x2a, 0x62, 0x7f,
|
||||
0xb9, 0xf9, 0xb1, 0xa0, 0xe9, 0xa9, 0xe1, 0xf0,
|
||||
0xb8, 0xf8, 0xb0, 0xa1, 0xe8, 0xa8, 0xe0, 0xf1,
|
||||
0x5d, 0x1d, 0x55, 0x84, 0xcd, 0x8d, 0xc5, 0x14,
|
||||
0x5c, 0x1c, 0x54, 0x85, 0xcc, 0x8c, 0xc4, 0x15,
|
||||
0xbd, 0xfd, 0xb5, 0xa4, 0xed, 0xad, 0xe5, 0xf4,
|
||||
0xbc, 0xfc, 0xb4, 0xa5, 0xec, 0xac, 0xe4, 0xf5,
|
||||
0x39, 0x79, 0x31, 0x20, 0x69, 0x29, 0x61, 0x70,
|
||||
0x38, 0x78, 0x30, 0x21, 0x68, 0x28, 0x60, 0x71,
|
||||
0xb7, 0xf7, 0xbf, 0xa2, 0xe7, 0xa7, 0xef, 0xf2,
|
||||
0xba, 0xfa, 0xb2, 0xaf, 0xea, 0xaa, 0xe2, 0xff
|
||||
};
|
||||
|
||||
@ -95,38 +95,38 @@ static unsigned char sboxenc[] = {
|
||||
};
|
||||
|
||||
static unsigned char reverse[] = {
|
||||
0x00, 0x80, 0x40, 0xc0, 0x20, 0xa0, 0x60, 0xe0,
|
||||
0x10, 0x90, 0x50, 0xd0, 0x30, 0xb0, 0x70, 0xf0,
|
||||
0x08, 0x88, 0x48, 0xc8, 0x28, 0xa8, 0x68, 0xe8,
|
||||
0x18, 0x98, 0x58, 0xd8, 0x38, 0xb8, 0x78, 0xf8,
|
||||
0x04, 0x84, 0x44, 0xc4, 0x24, 0xa4, 0x64, 0xe4,
|
||||
0x14, 0x94, 0x54, 0xd4, 0x34, 0xb4, 0x74, 0xf4,
|
||||
0x0c, 0x8c, 0x4c, 0xcc, 0x2c, 0xac, 0x6c, 0xec,
|
||||
0x1c, 0x9c, 0x5c, 0xdc, 0x3c, 0xbc, 0x7c, 0xfc,
|
||||
0x02, 0x82, 0x42, 0xc2, 0x22, 0xa2, 0x62, 0xe2,
|
||||
0x12, 0x92, 0x52, 0xd2, 0x32, 0xb2, 0x72, 0xf2,
|
||||
0x0a, 0x8a, 0x4a, 0xca, 0x2a, 0xaa, 0x6a, 0xea,
|
||||
0x1a, 0x9a, 0x5a, 0xda, 0x3a, 0xba, 0x7a, 0xfa,
|
||||
0x06, 0x86, 0x46, 0xc6, 0x26, 0xa6, 0x66, 0xe6,
|
||||
0x16, 0x96, 0x56, 0xd6, 0x36, 0xb6, 0x76, 0xf6,
|
||||
0x0e, 0x8e, 0x4e, 0xce, 0x2e, 0xae, 0x6e, 0xee,
|
||||
0x1e, 0x9e, 0x5e, 0xde, 0x3e, 0xbe, 0x7e, 0xfe,
|
||||
0x01, 0x81, 0x41, 0xc1, 0x21, 0xa1, 0x61, 0xe1,
|
||||
0x11, 0x91, 0x51, 0xd1, 0x31, 0xb1, 0x71, 0xf1,
|
||||
0x09, 0x89, 0x49, 0xc9, 0x29, 0xa9, 0x69, 0xe9,
|
||||
0x19, 0x99, 0x59, 0xd9, 0x39, 0xb9, 0x79, 0xf9,
|
||||
0x05, 0x85, 0x45, 0xc5, 0x25, 0xa5, 0x65, 0xe5,
|
||||
0x15, 0x95, 0x55, 0xd5, 0x35, 0xb5, 0x75, 0xf5,
|
||||
0x0d, 0x8d, 0x4d, 0xcd, 0x2d, 0xad, 0x6d, 0xed,
|
||||
0x1d, 0x9d, 0x5d, 0xdd, 0x3d, 0xbd, 0x7d, 0xfd,
|
||||
0x03, 0x83, 0x43, 0xc3, 0x23, 0xa3, 0x63, 0xe3,
|
||||
0x13, 0x93, 0x53, 0xd3, 0x33, 0xb3, 0x73, 0xf3,
|
||||
0x0b, 0x8b, 0x4b, 0xcb, 0x2b, 0xab, 0x6b, 0xeb,
|
||||
0x1b, 0x9b, 0x5b, 0xdb, 0x3b, 0xbb, 0x7b, 0xfb,
|
||||
0x07, 0x87, 0x47, 0xc7, 0x27, 0xa7, 0x67, 0xe7,
|
||||
0x17, 0x97, 0x57, 0xd7, 0x37, 0xb7, 0x77, 0xf7,
|
||||
0x0f, 0x8f, 0x4f, 0xcf, 0x2f, 0xaf, 0x6f, 0xef,
|
||||
0x1f, 0x9f, 0x5f, 0xdf, 0x3f, 0xbf, 0x7f, 0xff
|
||||
0x00, 0x80, 0x40, 0xc0, 0x20, 0xa0, 0x60, 0xe0,
|
||||
0x10, 0x90, 0x50, 0xd0, 0x30, 0xb0, 0x70, 0xf0,
|
||||
0x08, 0x88, 0x48, 0xc8, 0x28, 0xa8, 0x68, 0xe8,
|
||||
0x18, 0x98, 0x58, 0xd8, 0x38, 0xb8, 0x78, 0xf8,
|
||||
0x04, 0x84, 0x44, 0xc4, 0x24, 0xa4, 0x64, 0xe4,
|
||||
0x14, 0x94, 0x54, 0xd4, 0x34, 0xb4, 0x74, 0xf4,
|
||||
0x0c, 0x8c, 0x4c, 0xcc, 0x2c, 0xac, 0x6c, 0xec,
|
||||
0x1c, 0x9c, 0x5c, 0xdc, 0x3c, 0xbc, 0x7c, 0xfc,
|
||||
0x02, 0x82, 0x42, 0xc2, 0x22, 0xa2, 0x62, 0xe2,
|
||||
0x12, 0x92, 0x52, 0xd2, 0x32, 0xb2, 0x72, 0xf2,
|
||||
0x0a, 0x8a, 0x4a, 0xca, 0x2a, 0xaa, 0x6a, 0xea,
|
||||
0x1a, 0x9a, 0x5a, 0xda, 0x3a, 0xba, 0x7a, 0xfa,
|
||||
0x06, 0x86, 0x46, 0xc6, 0x26, 0xa6, 0x66, 0xe6,
|
||||
0x16, 0x96, 0x56, 0xd6, 0x36, 0xb6, 0x76, 0xf6,
|
||||
0x0e, 0x8e, 0x4e, 0xce, 0x2e, 0xae, 0x6e, 0xee,
|
||||
0x1e, 0x9e, 0x5e, 0xde, 0x3e, 0xbe, 0x7e, 0xfe,
|
||||
0x01, 0x81, 0x41, 0xc1, 0x21, 0xa1, 0x61, 0xe1,
|
||||
0x11, 0x91, 0x51, 0xd1, 0x31, 0xb1, 0x71, 0xf1,
|
||||
0x09, 0x89, 0x49, 0xc9, 0x29, 0xa9, 0x69, 0xe9,
|
||||
0x19, 0x99, 0x59, 0xd9, 0x39, 0xb9, 0x79, 0xf9,
|
||||
0x05, 0x85, 0x45, 0xc5, 0x25, 0xa5, 0x65, 0xe5,
|
||||
0x15, 0x95, 0x55, 0xd5, 0x35, 0xb5, 0x75, 0xf5,
|
||||
0x0d, 0x8d, 0x4d, 0xcd, 0x2d, 0xad, 0x6d, 0xed,
|
||||
0x1d, 0x9d, 0x5d, 0xdd, 0x3d, 0xbd, 0x7d, 0xfd,
|
||||
0x03, 0x83, 0x43, 0xc3, 0x23, 0xa3, 0x63, 0xe3,
|
||||
0x13, 0x93, 0x53, 0xd3, 0x33, 0xb3, 0x73, 0xf3,
|
||||
0x0b, 0x8b, 0x4b, 0xcb, 0x2b, 0xab, 0x6b, 0xeb,
|
||||
0x1b, 0x9b, 0x5b, 0xdb, 0x3b, 0xbb, 0x7b, 0xfb,
|
||||
0x07, 0x87, 0x47, 0xc7, 0x27, 0xa7, 0x67, 0xe7,
|
||||
0x17, 0x97, 0x57, 0xd7, 0x37, 0xb7, 0x77, 0xf7,
|
||||
0x0f, 0x8f, 0x4f, 0xcf, 0x2f, 0xaf, 0x6f, 0xef,
|
||||
0x1f, 0x9f, 0x5f, 0xdf, 0x3f, 0xbf, 0x7f, 0xff
|
||||
};
|
||||
|
||||
/*
|
||||
|
@ -1,4 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2005 Anil Madhavapeddy. All rights reserved.
|
||||
* Copyright (c) 1995,1999 Theo de Raadt. All rights reserved.
|
||||
* All rights reserved.
|
||||
*
|
||||
@ -24,14 +25,14 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: atomicio.c,v 1.12 2003/07/31 15:50:16 avsm Exp $");
|
||||
RCSID("$OpenBSD: atomicio.c,v 1.13 2005/05/24 17:32:43 avsm Exp $");
|
||||
|
||||
#include "atomicio.h"
|
||||
|
||||
/*
|
||||
* ensure all of data on socket comes through. f==read || f==vwrite
|
||||
*/
|
||||
ssize_t
|
||||
size_t
|
||||
atomicio(f, fd, _s, n)
|
||||
ssize_t (*f) (int, void *, size_t);
|
||||
int fd;
|
||||
@ -39,7 +40,8 @@ atomicio(f, fd, _s, n)
|
||||
size_t n;
|
||||
{
|
||||
char *s = _s;
|
||||
ssize_t res, pos = 0;
|
||||
size_t pos = 0;
|
||||
ssize_t res;
|
||||
|
||||
while (n > pos) {
|
||||
res = (f) (fd, s + pos, n - pos);
|
||||
@ -51,10 +53,12 @@ atomicio(f, fd, _s, n)
|
||||
if (errno == EINTR || errno == EAGAIN)
|
||||
#endif
|
||||
continue;
|
||||
return 0;
|
||||
case 0:
|
||||
return (res);
|
||||
errno = EPIPE;
|
||||
return pos;
|
||||
default:
|
||||
pos += res;
|
||||
pos += (u_int)res;
|
||||
}
|
||||
}
|
||||
return (pos);
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: atomicio.h,v 1.5 2003/06/28 16:23:06 deraadt Exp $ */
|
||||
/* $OpenBSD: atomicio.h,v 1.6 2005/05/24 17:32:43 avsm Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 1995,1999 Theo de Raadt. All rights reserved.
|
||||
@ -28,6 +28,6 @@
|
||||
/*
|
||||
* Ensure all of data on socket comes through. f==read || f==vwrite
|
||||
*/
|
||||
ssize_t atomicio(ssize_t (*)(int, void *, size_t), int, void *, size_t);
|
||||
size_t atomicio(ssize_t (*)(int, void *, size_t), int, void *, size_t);
|
||||
|
||||
#define vwrite (ssize_t (*)(int, void *, size_t))write
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $Id: audit.c,v 1.2 2005/02/08 10:52:48 dtucker Exp $ */
|
||||
/* $Id: audit.c,v 1.3 2005/07/17 07:26:44 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2004, 2005 Darren Tucker. All rights reserved.
|
||||
@ -120,7 +120,7 @@ void
|
||||
audit_connection_from(const char *host, int port)
|
||||
{
|
||||
debug("audit connection from %s port %d euid %d", host, port,
|
||||
(int)geteuid());
|
||||
(int)geteuid());
|
||||
}
|
||||
|
||||
/*
|
||||
@ -147,7 +147,7 @@ audit_session_open(const char *ttyn)
|
||||
const char *t = ttyn ? ttyn : "(no tty)";
|
||||
|
||||
debug("audit session open euid %d user %s tty name %s", geteuid(),
|
||||
audit_username(), t);
|
||||
audit_username(), t);
|
||||
}
|
||||
|
||||
/*
|
||||
@ -163,7 +163,7 @@ audit_session_close(const char *ttyn)
|
||||
const char *t = ttyn ? ttyn : "(no tty)";
|
||||
|
||||
debug("audit session close euid %d user %s tty name %s", geteuid(),
|
||||
audit_username(), t);
|
||||
audit_username(), t);
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -14,7 +14,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: auth-rhosts.c,v 1.32 2003/11/04 08:54:09 djm Exp $");
|
||||
RCSID("$OpenBSD: auth-rhosts.c,v 1.33 2005/07/17 07:17:54 djm Exp $");
|
||||
|
||||
#include "packet.h"
|
||||
#include "uidswap.h"
|
||||
@ -133,7 +133,7 @@ check_rhosts_file(const char *filename, const char *hostname,
|
||||
/* If the entry was negated, deny access. */
|
||||
if (negated) {
|
||||
auth_debug_add("Matched negative entry in %.100s.",
|
||||
filename);
|
||||
filename);
|
||||
return 0;
|
||||
}
|
||||
/* Accept authentication. */
|
||||
|
@ -23,7 +23,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$Id: auth-shadow.c,v 1.6 2005/02/16 03:20:06 dtucker Exp $");
|
||||
RCSID("$Id: auth-shadow.c,v 1.7 2005/07/17 07:04:47 djm Exp $");
|
||||
|
||||
#if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE)
|
||||
#include <shadow.h>
|
||||
@ -101,7 +101,7 @@ auth_shadow_pwexpired(Authctxt *ctxt)
|
||||
#if defined(__hpux) && !defined(HAVE_SECUREWARE)
|
||||
if (iscomsec()) {
|
||||
struct pr_passwd *pr;
|
||||
|
||||
|
||||
pr = getprpwnam((char *)user);
|
||||
|
||||
/* Test for Trusted Mode expiry disabled */
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: auth2-gss.c,v 1.8 2004/06/21 17:36:31 avsm Exp $ */
|
||||
/* $OpenBSD: auth2-gss.c,v 1.10 2005/07/17 07:17:54 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
|
||||
@ -61,7 +61,7 @@ userauth_gssapi(Authctxt *authctxt)
|
||||
int present;
|
||||
OM_uint32 ms;
|
||||
u_int len;
|
||||
char *doid = NULL;
|
||||
u_char *doid = NULL;
|
||||
|
||||
if (!authctxt->valid || authctxt->user == NULL)
|
||||
return (0);
|
||||
@ -82,9 +82,8 @@ userauth_gssapi(Authctxt *authctxt)
|
||||
present = 0;
|
||||
doid = packet_get_string(&len);
|
||||
|
||||
if (len > 2 &&
|
||||
doid[0] == SSH_GSS_OIDTYPE &&
|
||||
doid[1] == len - 2) {
|
||||
if (len > 2 && doid[0] == SSH_GSS_OIDTYPE &&
|
||||
doid[1] == len - 2) {
|
||||
goid.elements = doid + 2;
|
||||
goid.length = len - 2;
|
||||
gss_test_oid_set_member(&ms, &goid, supported,
|
||||
|
@ -17,7 +17,7 @@
|
||||
#include "includes.h"
|
||||
#include <openssl/evp.h>
|
||||
|
||||
RCSID("$Id: cipher-acss.c,v 1.2 2004/02/06 04:26:11 dtucker Exp $");
|
||||
RCSID("$Id: cipher-acss.c,v 1.3 2005/07/17 07:04:47 djm Exp $");
|
||||
|
||||
#if !defined(EVP_CTRL_SET_ACSS_MODE) && (OPENSSL_VERSION_NUMBER >= 0x00907000L)
|
||||
|
||||
@ -33,7 +33,7 @@ typedef struct {
|
||||
#define EVP_CTRL_SET_ACSS_SUBKEY 0xff07
|
||||
|
||||
static int
|
||||
acss_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
|
||||
acss_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
|
||||
const unsigned char *iv, int enc)
|
||||
{
|
||||
acss_setkey(&data(ctx)->ks,key,enc,ACSS_DATA);
|
||||
@ -41,7 +41,7 @@ acss_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
|
||||
}
|
||||
|
||||
static int
|
||||
acss_ciph(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in,
|
||||
acss_ciph(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in,
|
||||
unsigned int inl)
|
||||
{
|
||||
acss(&data(ctx)->ks,inl,in,out);
|
||||
|
@ -14,7 +14,7 @@
|
||||
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: cipher-ctr.c,v 1.5 2004/12/22 02:13:19 djm Exp $");
|
||||
RCSID("$OpenBSD: cipher-ctr.c,v 1.6 2005/07/17 07:17:55 djm Exp $");
|
||||
|
||||
#include <openssl/evp.h>
|
||||
|
||||
@ -95,7 +95,7 @@ ssh_aes_ctr_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv,
|
||||
}
|
||||
if (key != NULL)
|
||||
AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
|
||||
&c->aes_ctx);
|
||||
&c->aes_ctx);
|
||||
if (iv != NULL)
|
||||
memcpy(c->aes_counter, iv, AES_BLOCK_SIZE);
|
||||
return (1);
|
||||
|
@ -59,7 +59,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: clientloop.c,v 1.136 2005/03/10 22:01:05 deraadt Exp $");
|
||||
RCSID("$OpenBSD: clientloop.c,v 1.141 2005/07/16 01:35:24 djm Exp $");
|
||||
|
||||
#include "ssh.h"
|
||||
#include "ssh1.h"
|
||||
@ -140,6 +140,8 @@ int session_ident = -1;
|
||||
struct confirm_ctx {
|
||||
int want_tty;
|
||||
int want_subsys;
|
||||
int want_x_fwd;
|
||||
int want_agent_fwd;
|
||||
Buffer cmd;
|
||||
char *term;
|
||||
struct termios tio;
|
||||
@ -208,6 +210,109 @@ get_current_time(void)
|
||||
return (double) tv.tv_sec + (double) tv.tv_usec / 1000000.0;
|
||||
}
|
||||
|
||||
#define SSH_X11_PROTO "MIT-MAGIC-COOKIE-1"
|
||||
void
|
||||
client_x11_get_proto(const char *display, const char *xauth_path,
|
||||
u_int trusted, char **_proto, char **_data)
|
||||
{
|
||||
char cmd[1024];
|
||||
char line[512];
|
||||
char xdisplay[512];
|
||||
static char proto[512], data[512];
|
||||
FILE *f;
|
||||
int got_data = 0, generated = 0, do_unlink = 0, i;
|
||||
char *xauthdir, *xauthfile;
|
||||
struct stat st;
|
||||
|
||||
xauthdir = xauthfile = NULL;
|
||||
*_proto = proto;
|
||||
*_data = data;
|
||||
proto[0] = data[0] = '\0';
|
||||
|
||||
if (xauth_path == NULL ||(stat(xauth_path, &st) == -1)) {
|
||||
debug("No xauth program.");
|
||||
} else {
|
||||
if (display == NULL) {
|
||||
debug("x11_get_proto: DISPLAY not set");
|
||||
return;
|
||||
}
|
||||
/*
|
||||
* Handle FamilyLocal case where $DISPLAY does
|
||||
* not match an authorization entry. For this we
|
||||
* just try "xauth list unix:displaynum.screennum".
|
||||
* XXX: "localhost" match to determine FamilyLocal
|
||||
* is not perfect.
|
||||
*/
|
||||
if (strncmp(display, "localhost:", 10) == 0) {
|
||||
snprintf(xdisplay, sizeof(xdisplay), "unix:%s",
|
||||
display + 10);
|
||||
display = xdisplay;
|
||||
}
|
||||
if (trusted == 0) {
|
||||
xauthdir = xmalloc(MAXPATHLEN);
|
||||
xauthfile = xmalloc(MAXPATHLEN);
|
||||
strlcpy(xauthdir, "/tmp/ssh-XXXXXXXXXX", MAXPATHLEN);
|
||||
if (mkdtemp(xauthdir) != NULL) {
|
||||
do_unlink = 1;
|
||||
snprintf(xauthfile, MAXPATHLEN, "%s/xauthfile",
|
||||
xauthdir);
|
||||
snprintf(cmd, sizeof(cmd),
|
||||
"%s -f %s generate %s " SSH_X11_PROTO
|
||||
" untrusted timeout 1200 2>" _PATH_DEVNULL,
|
||||
xauth_path, xauthfile, display);
|
||||
debug2("x11_get_proto: %s", cmd);
|
||||
if (system(cmd) == 0)
|
||||
generated = 1;
|
||||
}
|
||||
}
|
||||
snprintf(cmd, sizeof(cmd),
|
||||
"%s %s%s list %s . 2>" _PATH_DEVNULL,
|
||||
xauth_path,
|
||||
generated ? "-f " : "" ,
|
||||
generated ? xauthfile : "",
|
||||
display);
|
||||
debug2("x11_get_proto: %s", cmd);
|
||||
f = popen(cmd, "r");
|
||||
if (f && fgets(line, sizeof(line), f) &&
|
||||
sscanf(line, "%*s %511s %511s", proto, data) == 2)
|
||||
got_data = 1;
|
||||
if (f)
|
||||
pclose(f);
|
||||
}
|
||||
|
||||
if (do_unlink) {
|
||||
unlink(xauthfile);
|
||||
rmdir(xauthdir);
|
||||
}
|
||||
if (xauthdir)
|
||||
xfree(xauthdir);
|
||||
if (xauthfile)
|
||||
xfree(xauthfile);
|
||||
|
||||
/*
|
||||
* If we didn't get authentication data, just make up some
|
||||
* data. The forwarding code will check the validity of the
|
||||
* response anyway, and substitute this data. The X11
|
||||
* server, however, will ignore this fake data and use
|
||||
* whatever authentication mechanisms it was using otherwise
|
||||
* for the local connection.
|
||||
*/
|
||||
if (!got_data) {
|
||||
u_int32_t rnd = 0;
|
||||
|
||||
logit("Warning: No xauth data; "
|
||||
"using fake authentication data for X11 forwarding.");
|
||||
strlcpy(proto, SSH_X11_PROTO, sizeof proto);
|
||||
for (i = 0; i < 16; i++) {
|
||||
if (i % 4 == 0)
|
||||
rnd = arc4random();
|
||||
snprintf(data + 2 * i, sizeof data - 2 * i, "%02x",
|
||||
rnd & 0xff);
|
||||
rnd >>= 8;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* This is called when the interactive is entered. This checks if there is
|
||||
* an EOF coming on stdin. We must check this explicitly, as select() does
|
||||
@ -528,6 +633,7 @@ static void
|
||||
client_extra_session2_setup(int id, void *arg)
|
||||
{
|
||||
struct confirm_ctx *cctx = arg;
|
||||
const char *display;
|
||||
Channel *c;
|
||||
int i;
|
||||
|
||||
@ -536,6 +642,24 @@ client_extra_session2_setup(int id, void *arg)
|
||||
if ((c = channel_lookup(id)) == NULL)
|
||||
fatal("%s: no channel for id %d", __func__, id);
|
||||
|
||||
display = getenv("DISPLAY");
|
||||
if (cctx->want_x_fwd && options.forward_x11 && display != NULL) {
|
||||
char *proto, *data;
|
||||
/* Get reasonable local authentication information. */
|
||||
client_x11_get_proto(display, options.xauth_location,
|
||||
options.forward_x11_trusted, &proto, &data);
|
||||
/* Request forwarding with authentication spoofing. */
|
||||
debug("Requesting X11 forwarding with authentication spoofing.");
|
||||
x11_request_forwarding_with_spoofing(id, display, proto, data);
|
||||
/* XXX wait for reply */
|
||||
}
|
||||
|
||||
if (cctx->want_agent_fwd && options.forward_agent) {
|
||||
debug("Requesting authentication agent forwarding.");
|
||||
channel_request_start(id, "auth-agent-req@openssh.com", 0);
|
||||
packet_send();
|
||||
}
|
||||
|
||||
client_session2_setup(id, cctx->want_tty, cctx->want_subsys,
|
||||
cctx->term, &cctx->tio, c->rfd, &cctx->cmd, cctx->env,
|
||||
client_subsystem_reply);
|
||||
@ -556,12 +680,12 @@ client_process_control(fd_set * readset)
|
||||
{
|
||||
Buffer m;
|
||||
Channel *c;
|
||||
int client_fd, new_fd[3], ver, i, allowed;
|
||||
int client_fd, new_fd[3], ver, allowed;
|
||||
socklen_t addrlen;
|
||||
struct sockaddr_storage addr;
|
||||
struct confirm_ctx *cctx;
|
||||
char *cmd;
|
||||
u_int len, env_len, command, flags;
|
||||
u_int i, len, env_len, command, flags;
|
||||
uid_t euid;
|
||||
gid_t egid;
|
||||
|
||||
@ -601,7 +725,7 @@ client_process_control(fd_set * readset)
|
||||
buffer_free(&m);
|
||||
return;
|
||||
}
|
||||
if ((ver = buffer_get_char(&m)) != 1) {
|
||||
if ((ver = buffer_get_char(&m)) != SSHMUX_VER) {
|
||||
error("%s: wrong client version %d", __func__, ver);
|
||||
buffer_free(&m);
|
||||
close(client_fd);
|
||||
@ -616,13 +740,15 @@ client_process_control(fd_set * readset)
|
||||
|
||||
switch (command) {
|
||||
case SSHMUX_COMMAND_OPEN:
|
||||
if (options.control_master == 2)
|
||||
if (options.control_master == SSHCTL_MASTER_ASK ||
|
||||
options.control_master == SSHCTL_MASTER_AUTO_ASK)
|
||||
allowed = ask_permission("Allow shared connection "
|
||||
"to %s? ", host);
|
||||
/* continue below */
|
||||
break;
|
||||
case SSHMUX_COMMAND_TERMINATE:
|
||||
if (options.control_master == 2)
|
||||
if (options.control_master == SSHCTL_MASTER_ASK ||
|
||||
options.control_master == SSHCTL_MASTER_AUTO_ASK)
|
||||
allowed = ask_permission("Terminate shared connection "
|
||||
"to %s? ", host);
|
||||
if (allowed)
|
||||
@ -633,7 +759,7 @@ client_process_control(fd_set * readset)
|
||||
buffer_clear(&m);
|
||||
buffer_put_int(&m, allowed);
|
||||
buffer_put_int(&m, getpid());
|
||||
if (ssh_msg_send(client_fd, /* version */1, &m) == -1) {
|
||||
if (ssh_msg_send(client_fd, SSHMUX_VER, &m) == -1) {
|
||||
error("%s: client msg_send failed", __func__);
|
||||
close(client_fd);
|
||||
buffer_free(&m);
|
||||
@ -653,7 +779,7 @@ client_process_control(fd_set * readset)
|
||||
buffer_clear(&m);
|
||||
buffer_put_int(&m, allowed);
|
||||
buffer_put_int(&m, getpid());
|
||||
if (ssh_msg_send(client_fd, /* version */1, &m) == -1) {
|
||||
if (ssh_msg_send(client_fd, SSHMUX_VER, &m) == -1) {
|
||||
error("%s: client msg_send failed", __func__);
|
||||
close(client_fd);
|
||||
buffer_free(&m);
|
||||
@ -674,7 +800,7 @@ client_process_control(fd_set * readset)
|
||||
buffer_free(&m);
|
||||
return;
|
||||
}
|
||||
if ((ver = buffer_get_char(&m)) != 1) {
|
||||
if ((ver = buffer_get_char(&m)) != SSHMUX_VER) {
|
||||
error("%s: wrong client version %d", __func__, ver);
|
||||
buffer_free(&m);
|
||||
close(client_fd);
|
||||
@ -685,6 +811,8 @@ client_process_control(fd_set * readset)
|
||||
memset(cctx, 0, sizeof(*cctx));
|
||||
cctx->want_tty = (flags & SSHMUX_FLAG_TTY) != 0;
|
||||
cctx->want_subsys = (flags & SSHMUX_FLAG_SUBSYS) != 0;
|
||||
cctx->want_x_fwd = (flags & SSHMUX_FLAG_X11_FWD) != 0;
|
||||
cctx->want_agent_fwd = (flags & SSHMUX_FLAG_AGENT_FWD) != 0;
|
||||
cctx->term = buffer_get_string(&m, &len);
|
||||
|
||||
cmd = buffer_get_string(&m, &len);
|
||||
@ -718,7 +846,7 @@ client_process_control(fd_set * readset)
|
||||
|
||||
/* This roundtrip is just for synchronisation of ttymodes */
|
||||
buffer_clear(&m);
|
||||
if (ssh_msg_send(client_fd, /* version */1, &m) == -1) {
|
||||
if (ssh_msg_send(client_fd, SSHMUX_VER, &m) == -1) {
|
||||
error("%s: client msg_send failed", __func__);
|
||||
close(client_fd);
|
||||
close(new_fd[0]);
|
||||
@ -866,7 +994,10 @@ process_escapes(Buffer *bin, Buffer *bout, Buffer *berr, char *buf, int len)
|
||||
u_char ch;
|
||||
char *s;
|
||||
|
||||
for (i = 0; i < len; i++) {
|
||||
if (len <= 0)
|
||||
return (0);
|
||||
|
||||
for (i = 0; i < (u_int)len; i++) {
|
||||
/* Get one character at a time. */
|
||||
ch = buf[i];
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: clientloop.h,v 1.12 2004/11/07 00:01:46 djm Exp $ */
|
||||
/* $OpenBSD: clientloop.h,v 1.14 2005/07/04 00:58:43 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
@ -37,10 +37,15 @@
|
||||
|
||||
/* Client side main loop for the interactive session. */
|
||||
int client_loop(int, int, int);
|
||||
void client_x11_get_proto(const char *, const char *, u_int,
|
||||
char **, char **);
|
||||
void client_global_request_reply_fwd(int, u_int32_t, void *);
|
||||
void client_session2_setup(int, int, int, const char *, struct termios *,
|
||||
int, Buffer *, char **, dispatch_fn *);
|
||||
|
||||
/* Multiplexing protocol version */
|
||||
#define SSHMUX_VER 1
|
||||
|
||||
/* Multiplexing control protocol flags */
|
||||
#define SSHMUX_COMMAND_OPEN 1 /* Open new connection */
|
||||
#define SSHMUX_COMMAND_ALIVE_CHECK 2 /* Check master is alive */
|
||||
@ -48,3 +53,5 @@ void client_session2_setup(int, int, int, const char *, struct termios *,
|
||||
|
||||
#define SSHMUX_FLAG_TTY (1) /* Request tty on open */
|
||||
#define SSHMUX_FLAG_SUBSYS (1<<1) /* Subsystem request on open */
|
||||
#define SSHMUX_FLAG_X11_FWD (1<<2) /* Request X11 forwarding */
|
||||
#define SSHMUX_FLAG_AGENT_FWD (1<<3) /* Request agent forwarding */
|
||||
|
590
crypto/openssh/config.guess
vendored
590
crypto/openssh/config.guess
vendored
File diff suppressed because it is too large
Load Diff
136
crypto/openssh/config.sub
vendored
136
crypto/openssh/config.sub
vendored
@ -1,9 +1,9 @@
|
||||
#! /bin/sh
|
||||
# Configuration validation subroutine script.
|
||||
# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
|
||||
# 2000, 2001, 2002, 2003 Free Software Foundation, Inc.
|
||||
# 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation, Inc.
|
||||
|
||||
timestamp='2003-08-18'
|
||||
timestamp='2005-05-12'
|
||||
|
||||
# This file is (in principle) common to ALL GNU software.
|
||||
# The presence of a machine in this file suggests that SOME GNU software
|
||||
@ -21,14 +21,15 @@ timestamp='2003-08-18'
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, write to the Free Software
|
||||
# Foundation, Inc., 59 Temple Place - Suite 330,
|
||||
# Boston, MA 02111-1307, USA.
|
||||
|
||||
# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA
|
||||
# 02110-1301, USA.
|
||||
#
|
||||
# As a special exception to the GNU General Public License, if you
|
||||
# distribute this file as part of a program that contains a
|
||||
# configuration script generated by Autoconf, you may include it under
|
||||
# the same distribution terms that you use for the rest of that program.
|
||||
|
||||
|
||||
# Please send patches to <config-patches@gnu.org>. Submit a context
|
||||
# diff and a properly formatted ChangeLog entry.
|
||||
#
|
||||
@ -70,7 +71,7 @@ Report bugs and patches to <config-patches@gnu.org>."
|
||||
version="\
|
||||
GNU config.sub ($timestamp)
|
||||
|
||||
Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001
|
||||
Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005
|
||||
Free Software Foundation, Inc.
|
||||
|
||||
This is free software; see the source for copying conditions. There is NO
|
||||
@ -83,11 +84,11 @@ Try \`$me --help' for more information."
|
||||
while test $# -gt 0 ; do
|
||||
case $1 in
|
||||
--time-stamp | --time* | -t )
|
||||
echo "$timestamp" ; exit 0 ;;
|
||||
echo "$timestamp" ; exit ;;
|
||||
--version | -v )
|
||||
echo "$version" ; exit 0 ;;
|
||||
echo "$version" ; exit ;;
|
||||
--help | --h* | -h )
|
||||
echo "$usage"; exit 0 ;;
|
||||
echo "$usage"; exit ;;
|
||||
-- ) # Stop option processing
|
||||
shift; break ;;
|
||||
- ) # Use stdin as input.
|
||||
@ -99,7 +100,7 @@ while test $# -gt 0 ; do
|
||||
*local*)
|
||||
# First pass through any local machine types.
|
||||
echo $1
|
||||
exit 0;;
|
||||
exit ;;
|
||||
|
||||
* )
|
||||
break ;;
|
||||
@ -118,7 +119,8 @@ esac
|
||||
# Here we must recognize all the valid KERNEL-OS combinations.
|
||||
maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'`
|
||||
case $maybe_os in
|
||||
nto-qnx* | linux-gnu* | linux-dietlibc | kfreebsd*-gnu* | netbsd*-gnu* | storm-chaos* | os2-emx* | rtmk-nova*)
|
||||
nto-qnx* | linux-gnu* | linux-dietlibc | linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | \
|
||||
kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* | storm-chaos* | os2-emx* | rtmk-nova*)
|
||||
os=-$maybe_os
|
||||
basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`
|
||||
;;
|
||||
@ -144,7 +146,7 @@ case $os in
|
||||
-convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\
|
||||
-c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \
|
||||
-harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \
|
||||
-apple | -axis)
|
||||
-apple | -axis | -knuth | -cray)
|
||||
os=
|
||||
basic_machine=$1
|
||||
;;
|
||||
@ -230,13 +232,14 @@ case $basic_machine in
|
||||
| alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \
|
||||
| am33_2.0 \
|
||||
| arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr \
|
||||
| bfin \
|
||||
| c4x | clipper \
|
||||
| d10v | d30v | dlx | dsp16xx \
|
||||
| fr30 | frv \
|
||||
| h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \
|
||||
| i370 | i860 | i960 | ia64 \
|
||||
| ip2k | iq2000 \
|
||||
| m32r | m68000 | m68k | m88k | mcore \
|
||||
| m32r | m32rle | m68000 | m68k | m88k | maxq | mcore \
|
||||
| mips | mipsbe | mipseb | mipsel | mipsle \
|
||||
| mips16 \
|
||||
| mips64 | mips64el \
|
||||
@ -261,12 +264,13 @@ case $basic_machine in
|
||||
| pyramid \
|
||||
| sh | sh[1234] | sh[23]e | sh[34]eb | shbe | shle | sh[1234]le | sh3ele \
|
||||
| sh64 | sh64le \
|
||||
| sparc | sparc64 | sparc86x | sparclet | sparclite | sparcv9 | sparcv9b \
|
||||
| sparc | sparc64 | sparc64b | sparc86x | sparclet | sparclite \
|
||||
| sparcv8 | sparcv9 | sparcv9b \
|
||||
| strongarm \
|
||||
| tahoe | thumb | tic4x | tic80 | tron \
|
||||
| v850 | v850e \
|
||||
| we32k \
|
||||
| x86 | xscale | xstormy16 | xtensa \
|
||||
| x86 | xscale | xscalee[bl] | xstormy16 | xtensa \
|
||||
| z8k)
|
||||
basic_machine=$basic_machine-unknown
|
||||
;;
|
||||
@ -297,9 +301,9 @@ case $basic_machine in
|
||||
| alphapca5[67]-* | alpha64pca5[67]-* | arc-* \
|
||||
| arm-* | armbe-* | armle-* | armeb-* | armv*-* \
|
||||
| avr-* \
|
||||
| bs2000-* \
|
||||
| bfin-* | bs2000-* \
|
||||
| c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* | c55x-* | c6x-* \
|
||||
| clipper-* | cydra-* \
|
||||
| clipper-* | craynv-* | cydra-* \
|
||||
| d10v-* | d30v-* | dlx-* \
|
||||
| elxsi-* \
|
||||
| f30[01]-* | f700-* | fr30-* | frv-* | fx80-* \
|
||||
@ -307,9 +311,9 @@ case $basic_machine in
|
||||
| hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \
|
||||
| i*86-* | i860-* | i960-* | ia64-* \
|
||||
| ip2k-* | iq2000-* \
|
||||
| m32r-* \
|
||||
| m32r-* | m32rle-* \
|
||||
| m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \
|
||||
| m88110-* | m88k-* | mcore-* \
|
||||
| m88110-* | m88k-* | maxq-* | mcore-* \
|
||||
| mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \
|
||||
| mips16-* \
|
||||
| mips64-* | mips64el-* \
|
||||
@ -325,8 +329,9 @@ case $basic_machine in
|
||||
| mipsisa64sb1-* | mipsisa64sb1el-* \
|
||||
| mipsisa64sr71k-* | mipsisa64sr71kel-* \
|
||||
| mipstx39-* | mipstx39el-* \
|
||||
| mmix-* \
|
||||
| msp430-* \
|
||||
| none-* | np1-* | nv1-* | ns16k-* | ns32k-* \
|
||||
| none-* | np1-* | ns16k-* | ns32k-* \
|
||||
| orion-* \
|
||||
| pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \
|
||||
| powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \
|
||||
@ -334,15 +339,16 @@ case $basic_machine in
|
||||
| romp-* | rs6000-* \
|
||||
| sh-* | sh[1234]-* | sh[23]e-* | sh[34]eb-* | shbe-* \
|
||||
| shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \
|
||||
| sparc-* | sparc64-* | sparc86x-* | sparclet-* | sparclite-* \
|
||||
| sparcv9-* | sparcv9b-* | strongarm-* | sv1-* | sx?-* \
|
||||
| sparc-* | sparc64-* | sparc64b-* | sparc86x-* | sparclet-* \
|
||||
| sparclite-* \
|
||||
| sparcv8-* | sparcv9-* | sparcv9b-* | strongarm-* | sv1-* | sx?-* \
|
||||
| tahoe-* | thumb-* \
|
||||
| tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \
|
||||
| tron-* \
|
||||
| v850-* | v850e-* | vax-* \
|
||||
| we32k-* \
|
||||
| x86-* | x86_64-* | xps100-* | xscale-* | xstormy16-* \
|
||||
| xtensa-* \
|
||||
| x86-* | x86_64-* | xps100-* | xscale-* | xscalee[bl]-* \
|
||||
| xstormy16-* | xtensa-* \
|
||||
| ymp-* \
|
||||
| z8k-*)
|
||||
;;
|
||||
@ -362,6 +368,9 @@ case $basic_machine in
|
||||
basic_machine=a29k-amd
|
||||
os=-udi
|
||||
;;
|
||||
abacus)
|
||||
basic_machine=abacus-unknown
|
||||
;;
|
||||
adobe68k)
|
||||
basic_machine=m68010-adobe
|
||||
os=-scout
|
||||
@ -379,6 +388,9 @@ case $basic_machine in
|
||||
amd64)
|
||||
basic_machine=x86_64-pc
|
||||
;;
|
||||
amd64-*)
|
||||
basic_machine=x86_64-`echo $basic_machine | sed 's/^[^-]*-//'`
|
||||
;;
|
||||
amdahl)
|
||||
basic_machine=580-amdahl
|
||||
os=-sysv
|
||||
@ -438,12 +450,27 @@ case $basic_machine in
|
||||
basic_machine=j90-cray
|
||||
os=-unicos
|
||||
;;
|
||||
craynv)
|
||||
basic_machine=craynv-cray
|
||||
os=-unicosmp
|
||||
;;
|
||||
cr16c)
|
||||
basic_machine=cr16c-unknown
|
||||
os=-elf
|
||||
;;
|
||||
crds | unos)
|
||||
basic_machine=m68k-crds
|
||||
;;
|
||||
crisv32 | crisv32-* | etraxfs*)
|
||||
basic_machine=crisv32-axis
|
||||
;;
|
||||
cris | cris-* | etrax*)
|
||||
basic_machine=cris-axis
|
||||
;;
|
||||
crx)
|
||||
basic_machine=crx-unknown
|
||||
os=-elf
|
||||
;;
|
||||
da30 | da30-*)
|
||||
basic_machine=m68k-da30
|
||||
;;
|
||||
@ -466,6 +493,10 @@ case $basic_machine in
|
||||
basic_machine=m88k-motorola
|
||||
os=-sysv3
|
||||
;;
|
||||
djgpp)
|
||||
basic_machine=i586-pc
|
||||
os=-msdosdjgpp
|
||||
;;
|
||||
dpx20 | dpx20-*)
|
||||
basic_machine=rs6000-bull
|
||||
os=-bosx
|
||||
@ -644,10 +675,6 @@ case $basic_machine in
|
||||
mips3*)
|
||||
basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown
|
||||
;;
|
||||
mmix*)
|
||||
basic_machine=mmix-knuth
|
||||
os=-mmixware
|
||||
;;
|
||||
monitor)
|
||||
basic_machine=m68k-rom68k
|
||||
os=-coff
|
||||
@ -728,10 +755,6 @@ case $basic_machine in
|
||||
np1)
|
||||
basic_machine=np1-gould
|
||||
;;
|
||||
nv1)
|
||||
basic_machine=nv1-cray
|
||||
os=-unicosmp
|
||||
;;
|
||||
nsr-tandem)
|
||||
basic_machine=nsr-tandem
|
||||
;;
|
||||
@ -743,6 +766,10 @@ case $basic_machine in
|
||||
basic_machine=or32-unknown
|
||||
os=-coff
|
||||
;;
|
||||
os400)
|
||||
basic_machine=powerpc-ibm
|
||||
os=-os400
|
||||
;;
|
||||
OSE68000 | ose68000)
|
||||
basic_machine=m68000-ericsson
|
||||
os=-ose
|
||||
@ -963,6 +990,10 @@ case $basic_machine in
|
||||
tower | tower-32)
|
||||
basic_machine=m68k-ncr
|
||||
;;
|
||||
tpf)
|
||||
basic_machine=s390x-ibm
|
||||
os=-tpf
|
||||
;;
|
||||
udi29k)
|
||||
basic_machine=a29k-amd
|
||||
os=-udi
|
||||
@ -1006,6 +1037,10 @@ case $basic_machine in
|
||||
basic_machine=hppa1.1-winbond
|
||||
os=-proelf
|
||||
;;
|
||||
xbox)
|
||||
basic_machine=i686-pc
|
||||
os=-mingw32
|
||||
;;
|
||||
xps | xps100)
|
||||
basic_machine=xps100-honeywell
|
||||
;;
|
||||
@ -1036,6 +1071,9 @@ case $basic_machine in
|
||||
romp)
|
||||
basic_machine=romp-ibm
|
||||
;;
|
||||
mmix)
|
||||
basic_machine=mmix-knuth
|
||||
;;
|
||||
rs6000)
|
||||
basic_machine=rs6000-ibm
|
||||
;;
|
||||
@ -1058,7 +1096,7 @@ case $basic_machine in
|
||||
sh64)
|
||||
basic_machine=sh64-unknown
|
||||
;;
|
||||
sparc | sparcv9 | sparcv9b)
|
||||
sparc | sparcv8 | sparcv9 | sparcv9b)
|
||||
basic_machine=sparc-sun
|
||||
;;
|
||||
cydra)
|
||||
@ -1131,19 +1169,20 @@ case $os in
|
||||
| -aos* \
|
||||
| -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \
|
||||
| -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \
|
||||
| -hiux* | -386bsd* | -netbsd* | -openbsd* | -kfreebsd* | -freebsd* | -riscix* \
|
||||
| -lynxos* | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
|
||||
| -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* | -openbsd* \
|
||||
| -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \
|
||||
| -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
|
||||
| -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \
|
||||
| -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \
|
||||
| -chorusos* | -chorusrdb* \
|
||||
| -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
|
||||
| -mingw32* | -linux-gnu* | -uxpv* | -beos* | -mpeix* | -udk* \
|
||||
| -mingw32* | -linux-gnu* | -linux-uclibc* | -uxpv* | -beos* | -mpeix* | -udk* \
|
||||
| -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \
|
||||
| -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \
|
||||
| -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \
|
||||
| -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \
|
||||
| -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \
|
||||
| -powermax* | -dnix* | -nx6 | -nx7 | -sei*)
|
||||
| -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* | -skyos*)
|
||||
# Remember, each alternative MUST END IN *, to match a version number.
|
||||
;;
|
||||
-qnx*)
|
||||
@ -1182,6 +1221,9 @@ case $os in
|
||||
-opened*)
|
||||
os=-openedition
|
||||
;;
|
||||
-os400*)
|
||||
os=-os400
|
||||
;;
|
||||
-wince*)
|
||||
os=-wince
|
||||
;;
|
||||
@ -1203,6 +1245,9 @@ case $os in
|
||||
-atheos*)
|
||||
os=-atheos
|
||||
;;
|
||||
-syllable*)
|
||||
os=-syllable
|
||||
;;
|
||||
-386bsd)
|
||||
os=-bsd
|
||||
;;
|
||||
@ -1225,6 +1270,9 @@ case $os in
|
||||
-sinix*)
|
||||
os=-sysv4
|
||||
;;
|
||||
-tpf*)
|
||||
os=-tpf
|
||||
;;
|
||||
-triton*)
|
||||
os=-sysv3
|
||||
;;
|
||||
@ -1261,6 +1309,9 @@ case $os in
|
||||
-kaos*)
|
||||
os=-kaos
|
||||
;;
|
||||
-zvmoe)
|
||||
os=-zvmoe
|
||||
;;
|
||||
-none)
|
||||
;;
|
||||
*)
|
||||
@ -1341,6 +1392,9 @@ case $basic_machine in
|
||||
*-ibm)
|
||||
os=-aix
|
||||
;;
|
||||
*-knuth)
|
||||
os=-mmixware
|
||||
;;
|
||||
*-wec)
|
||||
os=-proelf
|
||||
;;
|
||||
@ -1473,9 +1527,15 @@ case $basic_machine in
|
||||
-mvs* | -opened*)
|
||||
vendor=ibm
|
||||
;;
|
||||
-os400*)
|
||||
vendor=ibm
|
||||
;;
|
||||
-ptx*)
|
||||
vendor=sequent
|
||||
;;
|
||||
-tpf*)
|
||||
vendor=ibm
|
||||
;;
|
||||
-vxsim* | -vxworks* | -windiss*)
|
||||
vendor=wrs
|
||||
;;
|
||||
@ -1500,7 +1560,7 @@ case $basic_machine in
|
||||
esac
|
||||
|
||||
echo $basic_machine$os
|
||||
exit 0
|
||||
exit
|
||||
|
||||
# Local variables:
|
||||
# eval: (add-hook 'write-file-hooks 'time-stamp)
|
||||
|
@ -25,7 +25,7 @@
|
||||
#ifndef _DEFINES_H
|
||||
#define _DEFINES_H
|
||||
|
||||
/* $Id: defines.h,v 1.119 2005/02/20 10:01:49 dtucker Exp $ */
|
||||
/* $Id: defines.h,v 1.127 2005/08/31 16:59:49 tim Exp $ */
|
||||
|
||||
|
||||
/* Constants */
|
||||
@ -54,10 +54,24 @@ enum
|
||||
# ifdef PATH_MAX
|
||||
# define MAXPATHLEN PATH_MAX
|
||||
# else /* PATH_MAX */
|
||||
# define MAXPATHLEN 64 /* Should be safe */
|
||||
# define MAXPATHLEN 64
|
||||
/* realpath uses a fixed buffer of size MAXPATHLEN, so force use of ours */
|
||||
# ifndef BROKEN_REALPATH
|
||||
# define BROKEN_REALPATH 1
|
||||
# endif /* BROKEN_REALPATH */
|
||||
# endif /* PATH_MAX */
|
||||
#endif /* MAXPATHLEN */
|
||||
|
||||
#ifndef PATH_MAX
|
||||
# ifdef _POSIX_PATH_MAX
|
||||
# define PATH_MAX _POSIX_PATH_MAX
|
||||
# endif
|
||||
#endif
|
||||
|
||||
#ifndef MAXSYMLINKS
|
||||
# define MAXSYMLINKS 5
|
||||
#endif
|
||||
|
||||
#ifndef STDIN_FILENO
|
||||
# define STDIN_FILENO 0
|
||||
#endif
|
||||
@ -432,6 +446,10 @@ struct winsize {
|
||||
# define __dead __attribute__((noreturn))
|
||||
#endif
|
||||
|
||||
#if !defined(HAVE_ATTRIBUTE__SENTINEL__) && !defined(__sentinel__)
|
||||
# define __sentinel__
|
||||
#endif
|
||||
|
||||
/* *-*-nto-qnx doesn't define this macro in the system headers */
|
||||
#ifdef MISSING_HOWMANY
|
||||
# define howmany(x,y) (((x)+((y)-1))/(y))
|
||||
@ -567,6 +585,23 @@ struct winsize {
|
||||
# define SSH_SYSFDMAX 10000
|
||||
#endif
|
||||
|
||||
#if defined(__Lynx__)
|
||||
/*
|
||||
* LynxOS defines these in param.h which we do not want to include since
|
||||
* it will also pull in a bunch of kernel definitions.
|
||||
*/
|
||||
# define ALIGNBYTES (sizeof(int) - 1)
|
||||
# define ALIGN(p) (((unsigned)p + ALIGNBYTES) & ~ALIGNBYTES)
|
||||
/* Missing prototypes on LynxOS */
|
||||
int snprintf (char *, size_t, const char *, ...);
|
||||
int mkstemp (char *);
|
||||
char *crypt (const char *, const char *);
|
||||
int seteuid (uid_t);
|
||||
int setegid (gid_t);
|
||||
char *mkdtemp (char *);
|
||||
int rresvport_af (int *, sa_family_t);
|
||||
int innetgr (const char *, const char *, const char *, const char *);
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Define this to use pipes instead of socketpairs for communicating with the
|
||||
@ -653,6 +688,10 @@ struct winsize {
|
||||
# define CUSTOM_SYS_AUTH_PASSWD 1
|
||||
#endif
|
||||
|
||||
#if defined(HAVE_LIBIAF) && !defined(BROKEN_LIBIAF)
|
||||
# define CUSTOM_SYS_AUTH_PASSWD 1
|
||||
#endif
|
||||
|
||||
/* HP-UX 11.11 */
|
||||
#ifdef BTMP_FILE
|
||||
# define _PATH_BTMP BTMP_FILE
|
||||
@ -664,4 +703,12 @@ struct winsize {
|
||||
|
||||
/** end of login recorder definitions */
|
||||
|
||||
#ifdef BROKEN_GETGROUPS
|
||||
# define getgroups(a,b) ((a)==0 && (b)==NULL ? NGROUPS_MAX : getgroups((a),(b)))
|
||||
#endif
|
||||
|
||||
#if defined(HAVE_MMAP) && defined(BROKEN_MMAP)
|
||||
# undef HAVE_MMAP
|
||||
#endif
|
||||
|
||||
#endif /* _DEFINES_H */
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: dns.c,v 1.10 2004/06/21 17:36:31 avsm Exp $ */
|
||||
/* $OpenBSD: dns.c,v 1.12 2005/06/17 02:44:32 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2003 Wesley Griffin. All rights reserved.
|
||||
@ -43,7 +43,7 @@
|
||||
#include "uuencode.h"
|
||||
|
||||
extern char *__progname;
|
||||
RCSID("$OpenBSD: dns.c,v 1.10 2004/06/21 17:36:31 avsm Exp $");
|
||||
RCSID("$OpenBSD: dns.c,v 1.12 2005/06/17 02:44:32 djm Exp $");
|
||||
|
||||
#ifndef LWRES
|
||||
static const char *errset_text[] = {
|
||||
@ -142,6 +142,26 @@ dns_read_rdata(u_int8_t *algorithm, u_int8_t *digest_type,
|
||||
return success;
|
||||
}
|
||||
|
||||
/*
|
||||
* Check if hostname is numerical.
|
||||
* Returns -1 if hostname is numeric, 0 otherwise
|
||||
*/
|
||||
static int
|
||||
is_numeric_hostname(const char *hostname)
|
||||
{
|
||||
struct addrinfo hints, *ai;
|
||||
|
||||
memset(&hints, 0, sizeof(hints));
|
||||
hints.ai_socktype = SOCK_DGRAM;
|
||||
hints.ai_flags = AI_NUMERICHOST;
|
||||
|
||||
if (getaddrinfo(hostname, "0", &hints, &ai) == 0) {
|
||||
freeaddrinfo(ai);
|
||||
return -1;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* Verify the given hostname, address and host key using DNS.
|
||||
@ -151,7 +171,7 @@ int
|
||||
verify_host_key_dns(const char *hostname, struct sockaddr *address,
|
||||
const Key *hostkey, int *flags)
|
||||
{
|
||||
int counter;
|
||||
u_int counter;
|
||||
int result;
|
||||
struct rrsetinfo *fingerprints = NULL;
|
||||
|
||||
@ -171,6 +191,11 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address,
|
||||
if (hostkey == NULL)
|
||||
fatal("No key to look up!");
|
||||
|
||||
if (is_numeric_hostname(hostname)) {
|
||||
debug("skipped DNS lookup for numerical hostname");
|
||||
return -1;
|
||||
}
|
||||
|
||||
result = getrrsetbyname(hostname, DNS_RDATACLASS_IN,
|
||||
DNS_RDATATYPE_SSHFP, 0, &fingerprints);
|
||||
if (result) {
|
||||
@ -249,7 +274,7 @@ export_dns_rr(const char *hostname, const Key *key, FILE *f, int generic)
|
||||
u_char *rdata_digest;
|
||||
u_int rdata_digest_len;
|
||||
|
||||
int i;
|
||||
u_int i;
|
||||
int success = 0;
|
||||
|
||||
if (dns_read_key(&rdata_pubkey_algorithm, &rdata_digest_type,
|
||||
|
@ -45,7 +45,7 @@
|
||||
* XXX: we should tell the child how many bytes we need.
|
||||
*/
|
||||
|
||||
RCSID("$Id: entropy.c,v 1.48 2003/11/21 12:56:47 djm Exp $");
|
||||
RCSID("$Id: entropy.c,v 1.49 2005/07/17 07:26:44 djm Exp $");
|
||||
|
||||
#ifndef OPENSSL_PRNG_ONLY
|
||||
#define RANDOM_SEED_SIZE 48
|
||||
@ -114,8 +114,8 @@ seed_rng(void)
|
||||
close(p[0]);
|
||||
|
||||
if (waitpid(pid, &ret, 0) == -1)
|
||||
fatal("Couldn't wait for ssh-rand-helper completion: %s",
|
||||
strerror(errno));
|
||||
fatal("Couldn't wait for ssh-rand-helper completion: %s",
|
||||
strerror(errno));
|
||||
signal(SIGCHLD, old_sigchld);
|
||||
|
||||
/* We don't mind if the child exits upon a SIGPIPE */
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: gss-genr.c,v 1.3 2003/11/21 11:57:03 djm Exp $ */
|
||||
/* $OpenBSD: gss-genr.c,v 1.4 2005/07/17 07:17:55 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
|
||||
@ -78,8 +78,8 @@ ssh_gssapi_error(Gssctxt *ctxt)
|
||||
}
|
||||
|
||||
char *
|
||||
ssh_gssapi_last_error(Gssctxt *ctxt,
|
||||
OM_uint32 *major_status, OM_uint32 *minor_status)
|
||||
ssh_gssapi_last_error(Gssctxt *ctxt, OM_uint32 *major_status,
|
||||
OM_uint32 *minor_status)
|
||||
{
|
||||
OM_uint32 lmin;
|
||||
gss_buffer_desc msg = GSS_C_EMPTY_BUFFER;
|
||||
|
@ -65,9 +65,6 @@ ssh_gssapi_krb5_init(void)
|
||||
logit("Cannot initialize krb5 context");
|
||||
return 0;
|
||||
}
|
||||
#ifdef KRB5_INIT_ETS
|
||||
krb5_init_ets(krb_context);
|
||||
#endif
|
||||
|
||||
return 1;
|
||||
}
|
||||
@ -131,34 +128,10 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client)
|
||||
return;
|
||||
}
|
||||
#else
|
||||
{
|
||||
int tmpfd;
|
||||
char ccname[40];
|
||||
mode_t old_umask;
|
||||
|
||||
snprintf(ccname, sizeof(ccname),
|
||||
"FILE:/tmp/krb5cc_%d_XXXXXX", geteuid());
|
||||
|
||||
old_umask = umask(0177);
|
||||
tmpfd = mkstemp(ccname + strlen("FILE:"));
|
||||
umask(old_umask);
|
||||
if (tmpfd == -1) {
|
||||
logit("mkstemp(): %.100s", strerror(errno));
|
||||
problem = errno;
|
||||
return;
|
||||
}
|
||||
if (fchmod(tmpfd, S_IRUSR | S_IWUSR) == -1) {
|
||||
logit("fchmod(): %.100s", strerror(errno));
|
||||
close(tmpfd);
|
||||
problem = errno;
|
||||
return;
|
||||
}
|
||||
close(tmpfd);
|
||||
if ((problem = krb5_cc_resolve(krb_context, ccname, &ccache))) {
|
||||
logit("krb5_cc_resolve(): %.100s",
|
||||
krb5_get_err_text(krb_context, problem));
|
||||
return;
|
||||
}
|
||||
if ((problem = ssh_krb5_cc_gen(krb_context, &ccache))) {
|
||||
logit("ssh_krb5_cc_gen(): %.100s",
|
||||
krb5_get_err_text(krb_context, problem));
|
||||
return;
|
||||
}
|
||||
#endif /* #ifdef HEIMDAL */
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: gss-serv.c,v 1.5 2003/11/17 11:06:07 markus Exp $ */
|
||||
/* $OpenBSD: gss-serv.c,v 1.8 2005/08/30 22:08:05 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
|
||||
@ -134,7 +134,7 @@ ssh_gssapi_accept_ctx(Gssctxt *ctx, gss_buffer_desc *recv_tok,
|
||||
static OM_uint32
|
||||
ssh_gssapi_parse_ename(Gssctxt *ctx, gss_buffer_t ename, gss_buffer_t name)
|
||||
{
|
||||
char *tok;
|
||||
u_char *tok;
|
||||
OM_uint32 offset;
|
||||
OM_uint32 oidl;
|
||||
|
||||
@ -164,7 +164,7 @@ ssh_gssapi_parse_ename(Gssctxt *ctx, gss_buffer_t ename, gss_buffer_t name)
|
||||
*/
|
||||
if (tok[4] != 0x06 || tok[5] != oidl ||
|
||||
ename->length < oidl+6 ||
|
||||
!ssh_gssapi_check_oid(ctx,tok+6,oidl))
|
||||
!ssh_gssapi_check_oid(ctx,tok+6,oidl))
|
||||
return GSS_S_FAILURE;
|
||||
|
||||
offset = oidl+6;
|
||||
@ -267,7 +267,7 @@ ssh_gssapi_do_child(char ***envp, u_int *envsizep)
|
||||
debug("Setting %s to %s", gssapi_client.store.envvar,
|
||||
gssapi_client.store.envval);
|
||||
child_set_env(envp, envsizep, gssapi_client.store.envvar,
|
||||
gssapi_client.store.envval);
|
||||
gssapi_client.store.envval);
|
||||
}
|
||||
}
|
||||
|
||||
@ -275,13 +275,24 @@ ssh_gssapi_do_child(char ***envp, u_int *envsizep)
|
||||
int
|
||||
ssh_gssapi_userok(char *user)
|
||||
{
|
||||
OM_uint32 lmin;
|
||||
|
||||
if (gssapi_client.exportedname.length == 0 ||
|
||||
gssapi_client.exportedname.value == NULL) {
|
||||
debug("No suitable client data");
|
||||
return 0;
|
||||
}
|
||||
if (gssapi_client.mech && gssapi_client.mech->userok)
|
||||
return ((*gssapi_client.mech->userok)(&gssapi_client, user));
|
||||
if ((*gssapi_client.mech->userok)(&gssapi_client, user))
|
||||
return 1;
|
||||
else {
|
||||
/* Destroy delegated credentials if userok fails */
|
||||
gss_release_buffer(&lmin, &gssapi_client.displayname);
|
||||
gss_release_buffer(&lmin, &gssapi_client.exportedname);
|
||||
gss_release_cred(&lmin, &gssapi_client.creds);
|
||||
memset(&gssapi_client, 0, sizeof(ssh_gssapi_client));
|
||||
return 0;
|
||||
}
|
||||
else
|
||||
debug("ssh_gssapi_userok: Unknown GSSAPI mechanism");
|
||||
return (0);
|
||||
|
@ -23,7 +23,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: kex.c,v 1.60 2004/06/21 17:36:31 avsm Exp $");
|
||||
RCSID("$OpenBSD: kex.c,v 1.64 2005/07/25 11:59:39 markus Exp $");
|
||||
|
||||
#include <openssl/crypto.h>
|
||||
|
||||
@ -52,7 +52,7 @@ static void kex_choose_conf(Kex *);
|
||||
static void
|
||||
kex_prop2buf(Buffer *b, char *proposal[PROPOSAL_MAX])
|
||||
{
|
||||
int i;
|
||||
u_int i;
|
||||
|
||||
buffer_clear(b);
|
||||
/*
|
||||
@ -101,7 +101,7 @@ kex_buf2prop(Buffer *raw, int *first_kex_follows)
|
||||
static void
|
||||
kex_prop_free(char **proposal)
|
||||
{
|
||||
int i;
|
||||
u_int i;
|
||||
|
||||
for (i = 0; i < PROPOSAL_MAX; i++)
|
||||
xfree(proposal[i]);
|
||||
@ -150,7 +150,7 @@ kex_send_kexinit(Kex *kex)
|
||||
{
|
||||
u_int32_t rnd = 0;
|
||||
u_char *cookie;
|
||||
int i;
|
||||
u_int i;
|
||||
|
||||
if (kex == NULL) {
|
||||
error("kex_send_kexinit: no kex, cannot rekey");
|
||||
@ -183,8 +183,7 @@ void
|
||||
kex_input_kexinit(int type, u_int32_t seq, void *ctxt)
|
||||
{
|
||||
char *ptr;
|
||||
int dlen;
|
||||
int i;
|
||||
u_int i, dlen;
|
||||
Kex *kex = (Kex *)ctxt;
|
||||
|
||||
debug("SSH2_MSG_KEXINIT received");
|
||||
@ -276,10 +275,12 @@ choose_comp(Comp *comp, char *client, char *server)
|
||||
char *name = match_list(client, server, NULL);
|
||||
if (name == NULL)
|
||||
fatal("no matching comp found: client %s server %s", client, server);
|
||||
if (strcmp(name, "zlib") == 0) {
|
||||
comp->type = 1;
|
||||
if (strcmp(name, "zlib@openssh.com") == 0) {
|
||||
comp->type = COMP_DELAYED;
|
||||
} else if (strcmp(name, "zlib") == 0) {
|
||||
comp->type = COMP_ZLIB;
|
||||
} else if (strcmp(name, "none") == 0) {
|
||||
comp->type = 0;
|
||||
comp->type = COMP_NONE;
|
||||
} else {
|
||||
fatal("unsupported comp %s", name);
|
||||
}
|
||||
@ -343,9 +344,7 @@ kex_choose_conf(Kex *kex)
|
||||
char **my, **peer;
|
||||
char **cprop, **sprop;
|
||||
int nenc, nmac, ncomp;
|
||||
int mode;
|
||||
int ctos; /* direction: if true client-to-server */
|
||||
int need;
|
||||
u_int mode, ctos, need;
|
||||
int first_kex_follows, type;
|
||||
|
||||
my = kex_buf2prop(&kex->my, NULL);
|
||||
@ -395,7 +394,7 @@ kex_choose_conf(Kex *kex)
|
||||
|
||||
/* ignore the next message if the proposals do not match */
|
||||
if (first_kex_follows && !proposals_match(my, peer) &&
|
||||
!(datafellows & SSH_BUG_FIRSTKEX)) {
|
||||
!(datafellows & SSH_BUG_FIRSTKEX)) {
|
||||
type = packet_read();
|
||||
debug2("skipping next packet (type %u)", type);
|
||||
}
|
||||
@ -405,15 +404,19 @@ kex_choose_conf(Kex *kex)
|
||||
}
|
||||
|
||||
static u_char *
|
||||
derive_key(Kex *kex, int id, int need, u_char *hash, BIGNUM *shared_secret)
|
||||
derive_key(Kex *kex, int id, u_int need, u_char *hash, BIGNUM *shared_secret)
|
||||
{
|
||||
Buffer b;
|
||||
const EVP_MD *evp_md = EVP_sha1();
|
||||
EVP_MD_CTX md;
|
||||
char c = id;
|
||||
int have;
|
||||
u_int have;
|
||||
int mdsz = EVP_MD_size(evp_md);
|
||||
u_char *digest = xmalloc(roundup(need, mdsz));
|
||||
u_char *digest;
|
||||
|
||||
if (mdsz < 0)
|
||||
fatal("derive_key: mdsz < 0");
|
||||
digest = xmalloc(roundup(need, mdsz));
|
||||
|
||||
buffer_init(&b);
|
||||
buffer_put_bignum2(&b, shared_secret);
|
||||
@ -455,7 +458,7 @@ void
|
||||
kex_derive_keys(Kex *kex, u_char *hash, BIGNUM *shared_secret)
|
||||
{
|
||||
u_char *keys[NKEYS];
|
||||
int i, mode, ctos;
|
||||
u_int i, mode, ctos;
|
||||
|
||||
for (i = 0; i < NKEYS; i++)
|
||||
keys[i] = derive_key(kex, 'A'+i, kex->we_need, hash, shared_secret);
|
||||
@ -493,13 +496,13 @@ derive_ssh1_session_id(BIGNUM *host_modulus, BIGNUM *server_modulus,
|
||||
EVP_DigestInit(&md, evp_md);
|
||||
|
||||
len = BN_num_bytes(host_modulus);
|
||||
if (len < (512 / 8) || len > sizeof(nbuf))
|
||||
if (len < (512 / 8) || (u_int)len > sizeof(nbuf))
|
||||
fatal("%s: bad host modulus (len %d)", __func__, len);
|
||||
BN_bn2bin(host_modulus, nbuf);
|
||||
EVP_DigestUpdate(&md, nbuf, len);
|
||||
|
||||
len = BN_num_bytes(server_modulus);
|
||||
if (len < (512 / 8) || len > sizeof(nbuf))
|
||||
if (len < (512 / 8) || (u_int)len > sizeof(nbuf))
|
||||
fatal("%s: bad server modulus (len %d)", __func__, len);
|
||||
BN_bn2bin(server_modulus, nbuf);
|
||||
EVP_DigestUpdate(&md, nbuf, len);
|
||||
@ -518,7 +521,7 @@ derive_ssh1_session_id(BIGNUM *host_modulus, BIGNUM *server_modulus,
|
||||
void
|
||||
dump_digest(char *msg, u_char *digest, int len)
|
||||
{
|
||||
int i;
|
||||
u_int i;
|
||||
|
||||
fprintf(stderr, "%s\n", msg);
|
||||
for (i = 0; i< len; i++) {
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: kex.h,v 1.35 2004/06/13 12:53:24 djm Exp $ */
|
||||
/* $OpenBSD: kex.h,v 1.37 2005/07/25 11:59:39 markus Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
|
||||
@ -35,6 +35,10 @@
|
||||
#define KEX_DH14 "diffie-hellman-group14-sha1"
|
||||
#define KEX_DHGEX "diffie-hellman-group-exchange-sha1"
|
||||
|
||||
#define COMP_NONE 0
|
||||
#define COMP_ZLIB 1
|
||||
#define COMP_DELAYED 2
|
||||
|
||||
enum kex_init_proposals {
|
||||
PROPOSAL_KEX_ALGS,
|
||||
PROPOSAL_SERVER_HOST_KEY_ALGS,
|
||||
@ -83,9 +87,9 @@ struct Mac {
|
||||
char *name;
|
||||
int enabled;
|
||||
const EVP_MD *md;
|
||||
int mac_len;
|
||||
u_int mac_len;
|
||||
u_char *key;
|
||||
int key_len;
|
||||
u_int key_len;
|
||||
};
|
||||
struct Comp {
|
||||
int type;
|
||||
@ -101,7 +105,7 @@ struct Kex {
|
||||
u_char *session_id;
|
||||
u_int session_id_len;
|
||||
Newkeys *newkeys[MODE_MAX];
|
||||
int we_need;
|
||||
u_int we_need;
|
||||
int server;
|
||||
char *name;
|
||||
int hostkey_type;
|
||||
|
@ -35,7 +35,7 @@
|
||||
#include <netinet/in.h>
|
||||
#include <sys/socket.h>
|
||||
|
||||
/* RCSID("$Id: loginrec.h,v 1.9 2005/02/02 06:10:11 dtucker Exp $"); */
|
||||
/* RCSID("$Id: loginrec.h,v 1.10 2005/06/19 00:19:44 djm Exp $"); */
|
||||
|
||||
/**
|
||||
** you should use the login_* calls to work around platform dependencies
|
||||
@ -128,7 +128,7 @@ struct logininfo *login_get_lastlog(struct logininfo *li, const int uid);
|
||||
unsigned int login_get_lastlog_time(const int uid);
|
||||
|
||||
/* produce various forms of the line filename */
|
||||
char *line_fullname(char *dst, const char *src, int dstsize);
|
||||
char *line_fullname(char *dst, const char *src, u_int dstsize);
|
||||
char *line_stripname(char *dst, const char *src, int dstsize);
|
||||
char *line_abbrevname(char *dst, const char *src, int dstsize);
|
||||
|
||||
|
@ -23,7 +23,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: mac.c,v 1.6 2003/09/18 13:02:21 miod Exp $");
|
||||
RCSID("$OpenBSD: mac.c,v 1.7 2005/06/17 02:44:32 djm Exp $");
|
||||
|
||||
#include <openssl/hmac.h>
|
||||
|
||||
@ -51,12 +51,15 @@ struct {
|
||||
int
|
||||
mac_init(Mac *mac, char *name)
|
||||
{
|
||||
int i;
|
||||
int i, evp_len;
|
||||
|
||||
for (i = 0; macs[i].name; i++) {
|
||||
if (strcmp(name, macs[i].name) == 0) {
|
||||
if (mac != NULL) {
|
||||
mac->md = (*macs[i].mdfunc)();
|
||||
mac->key_len = mac->mac_len = EVP_MD_size(mac->md);
|
||||
if ((evp_len = EVP_MD_size(mac->md)) <= 0)
|
||||
fatal("mac %s len %d", name, evp_len);
|
||||
mac->key_len = mac->mac_len = (u_int)evp_len;
|
||||
if (macs[i].truncatebits != 0)
|
||||
mac->mac_len = macs[i].truncatebits/8;
|
||||
}
|
||||
@ -77,7 +80,7 @@ mac_compute(Mac *mac, u_int32_t seqno, u_char *data, int datalen)
|
||||
|
||||
if (mac->key == NULL)
|
||||
fatal("mac_compute: no key");
|
||||
if ((u_int)mac->mac_len > sizeof(m))
|
||||
if (mac->mac_len > sizeof(m))
|
||||
fatal("mac_compute: mac too long");
|
||||
HMAC_Init(&c, mac->key, mac->key_len, mac->md);
|
||||
PUT_32BIT(b, seqno);
|
||||
|
@ -35,7 +35,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: match.c,v 1.19 2002/03/01 13:12:10 markus Exp $");
|
||||
RCSID("$OpenBSD: match.c,v 1.20 2005/06/17 02:44:32 djm Exp $");
|
||||
|
||||
#include "match.h"
|
||||
#include "xmalloc.h"
|
||||
@ -254,7 +254,7 @@ match_list(const char *client, const char *server, u_int *next)
|
||||
ret = xstrdup(p);
|
||||
if (next != NULL)
|
||||
*next = (cp == NULL) ?
|
||||
strlen(c) : cp - c;
|
||||
strlen(c) : (u_int)(cp - c);
|
||||
xfree(c);
|
||||
xfree(s);
|
||||
return ret;
|
||||
|
@ -140,6 +140,9 @@ function add(str) {
|
||||
} else if(match(words[w],"^Dt$")) {
|
||||
id=wtail()
|
||||
next
|
||||
} else if(match(words[w],"^Ox$")) {
|
||||
add("OpenBSD")
|
||||
skip=1
|
||||
} else if(match(words[w],"^Os$")) {
|
||||
add(".TH " id " \"" date "\" \"" wtail() "\"")
|
||||
} else if(match(words[w],"^Sh$")) {
|
||||
|
@ -1,5 +1,6 @@
|
||||
/*
|
||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||
* Copyright (c) 2005 Damien Miller. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
@ -23,7 +24,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: misc.c,v 1.29 2005/03/10 22:01:05 deraadt Exp $");
|
||||
RCSID("$OpenBSD: misc.c,v 1.34 2005/07/08 09:26:18 dtucker Exp $");
|
||||
|
||||
#include "misc.h"
|
||||
#include "log.h"
|
||||
@ -375,6 +376,114 @@ addargs(arglist *args, char *fmt, ...)
|
||||
args->list[args->num] = NULL;
|
||||
}
|
||||
|
||||
/*
|
||||
* Expands tildes in the file name. Returns data allocated by xmalloc.
|
||||
* Warning: this calls getpw*.
|
||||
*/
|
||||
char *
|
||||
tilde_expand_filename(const char *filename, uid_t uid)
|
||||
{
|
||||
const char *path;
|
||||
char user[128], ret[MAXPATHLEN];
|
||||
struct passwd *pw;
|
||||
u_int len, slash;
|
||||
|
||||
if (*filename != '~')
|
||||
return (xstrdup(filename));
|
||||
filename++;
|
||||
|
||||
path = strchr(filename, '/');
|
||||
if (path != NULL && path > filename) { /* ~user/path */
|
||||
slash = path - filename;
|
||||
if (slash > sizeof(user) - 1)
|
||||
fatal("tilde_expand_filename: ~username too long");
|
||||
memcpy(user, filename, slash);
|
||||
user[slash] = '\0';
|
||||
if ((pw = getpwnam(user)) == NULL)
|
||||
fatal("tilde_expand_filename: No such user %s", user);
|
||||
} else if ((pw = getpwuid(uid)) == NULL) /* ~/path */
|
||||
fatal("tilde_expand_filename: No such uid %d", uid);
|
||||
|
||||
if (strlcpy(ret, pw->pw_dir, sizeof(ret)) >= sizeof(ret))
|
||||
fatal("tilde_expand_filename: Path too long");
|
||||
|
||||
/* Make sure directory has a trailing '/' */
|
||||
len = strlen(pw->pw_dir);
|
||||
if ((len == 0 || pw->pw_dir[len - 1] != '/') &&
|
||||
strlcat(ret, "/", sizeof(ret)) >= sizeof(ret))
|
||||
fatal("tilde_expand_filename: Path too long");
|
||||
|
||||
/* Skip leading '/' from specified path */
|
||||
if (path != NULL)
|
||||
filename = path + 1;
|
||||
if (strlcat(ret, filename, sizeof(ret)) >= sizeof(ret))
|
||||
fatal("tilde_expand_filename: Path too long");
|
||||
|
||||
return (xstrdup(ret));
|
||||
}
|
||||
|
||||
/*
|
||||
* Expand a string with a set of %[char] escapes. A number of escapes may be
|
||||
* specified as (char *escape_chars, char *replacement) pairs. The list must
|
||||
* be terminated by a NULL escape_char. Returns replaced string in memory
|
||||
* allocated by xmalloc.
|
||||
*/
|
||||
char *
|
||||
percent_expand(const char *string, ...)
|
||||
{
|
||||
#define EXPAND_MAX_KEYS 16
|
||||
struct {
|
||||
const char *key;
|
||||
const char *repl;
|
||||
} keys[EXPAND_MAX_KEYS];
|
||||
u_int num_keys, i, j;
|
||||
char buf[4096];
|
||||
va_list ap;
|
||||
|
||||
/* Gather keys */
|
||||
va_start(ap, string);
|
||||
for (num_keys = 0; num_keys < EXPAND_MAX_KEYS; num_keys++) {
|
||||
keys[num_keys].key = va_arg(ap, char *);
|
||||
if (keys[num_keys].key == NULL)
|
||||
break;
|
||||
keys[num_keys].repl = va_arg(ap, char *);
|
||||
if (keys[num_keys].repl == NULL)
|
||||
fatal("percent_expand: NULL replacement");
|
||||
}
|
||||
va_end(ap);
|
||||
|
||||
if (num_keys >= EXPAND_MAX_KEYS)
|
||||
fatal("percent_expand: too many keys");
|
||||
|
||||
/* Expand string */
|
||||
*buf = '\0';
|
||||
for (i = 0; *string != '\0'; string++) {
|
||||
if (*string != '%') {
|
||||
append:
|
||||
buf[i++] = *string;
|
||||
if (i >= sizeof(buf))
|
||||
fatal("percent_expand: string too long");
|
||||
buf[i] = '\0';
|
||||
continue;
|
||||
}
|
||||
string++;
|
||||
if (*string == '%')
|
||||
goto append;
|
||||
for (j = 0; j < num_keys; j++) {
|
||||
if (strchr(keys[j].key, *string) != NULL) {
|
||||
i = strlcat(buf, keys[j].repl, sizeof(buf));
|
||||
if (i >= sizeof(buf))
|
||||
fatal("percent_expand: string too long");
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (j >= num_keys)
|
||||
fatal("percent_expand: unknown key %%%c", *string);
|
||||
}
|
||||
return (xstrdup(buf));
|
||||
#undef EXPAND_MAX_KEYS
|
||||
}
|
||||
|
||||
/*
|
||||
* Read an entire line from a public key file into a static buffer, discarding
|
||||
* lines that exceed the buffer size. Returns 0 on success, -1 on failure.
|
||||
@ -397,3 +506,20 @@ read_keyfile_line(FILE *f, const char *filename, char *buf, size_t bufsz,
|
||||
}
|
||||
return -1;
|
||||
}
|
||||
|
||||
char *
|
||||
tohex(const u_char *d, u_int l)
|
||||
{
|
||||
char b[3], *r;
|
||||
u_int i, hl;
|
||||
|
||||
hl = l * 2 + 1;
|
||||
r = xmalloc(hl);
|
||||
*r = '\0';
|
||||
for (i = 0; i < l; i++) {
|
||||
snprintf(b, sizeof(b), "%02x", d[i]);
|
||||
strlcat(r, b, hl);
|
||||
}
|
||||
return (r);
|
||||
}
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: misc.h,v 1.21 2005/03/01 10:09:52 djm Exp $ */
|
||||
/* $OpenBSD: misc.h,v 1.25 2005/07/14 04:00:43 dtucker Exp $ */
|
||||
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
@ -24,6 +24,9 @@ char *hpdelim(char **);
|
||||
char *cleanhostname(char *);
|
||||
char *colon(char *);
|
||||
long convtime(const char *);
|
||||
char *tilde_expand_filename(const char *, uid_t);
|
||||
char *percent_expand(const char *, ...) __attribute__((__sentinel__));
|
||||
char *tohex(const u_char *, u_int);
|
||||
|
||||
struct passwd *pwcopy(struct passwd *);
|
||||
|
||||
@ -35,10 +38,6 @@ struct arglist {
|
||||
};
|
||||
void addargs(arglist *, char *, ...) __attribute__((format(printf, 2, 3)));
|
||||
|
||||
/* tildexpand.c */
|
||||
|
||||
char *tilde_expand_filename(const char *, uid_t);
|
||||
|
||||
/* readpass.c */
|
||||
|
||||
#define RP_ECHO 0x0001
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: moduli.c,v 1.10 2005/01/17 03:25:46 dtucker Exp $ */
|
||||
/* $OpenBSD: moduli.c,v 1.12 2005/07/17 07:17:55 djm Exp $ */
|
||||
/*
|
||||
* Copyright 1994 Phil Karn <karn@qualcomm.com>
|
||||
* Copyright 1996-1998, 2003 William Allen Simpson <wsimpson@greendragon.com>
|
||||
@ -112,22 +112,22 @@
|
||||
#define TINY_NUMBER (1UL<<16)
|
||||
|
||||
/* Ensure enough bit space for testing 2*q. */
|
||||
#define TEST_MAXIMUM (1UL<<16)
|
||||
#define TEST_MINIMUM (QSIZE_MINIMUM + 1)
|
||||
/* real TEST_MINIMUM (1UL << (SHIFT_WORD - TEST_POWER)) */
|
||||
#define TEST_POWER (3) /* 2**n, n < SHIFT_WORD */
|
||||
#define TEST_MAXIMUM (1UL<<16)
|
||||
#define TEST_MINIMUM (QSIZE_MINIMUM + 1)
|
||||
/* real TEST_MINIMUM (1UL << (SHIFT_WORD - TEST_POWER)) */
|
||||
#define TEST_POWER (3) /* 2**n, n < SHIFT_WORD */
|
||||
|
||||
/* bit operations on 32-bit words */
|
||||
#define BIT_CLEAR(a,n) ((a)[(n)>>SHIFT_WORD] &= ~(1L << ((n) & 31)))
|
||||
#define BIT_SET(a,n) ((a)[(n)>>SHIFT_WORD] |= (1L << ((n) & 31)))
|
||||
#define BIT_TEST(a,n) ((a)[(n)>>SHIFT_WORD] & (1L << ((n) & 31)))
|
||||
#define BIT_CLEAR(a,n) ((a)[(n)>>SHIFT_WORD] &= ~(1L << ((n) & 31)))
|
||||
#define BIT_SET(a,n) ((a)[(n)>>SHIFT_WORD] |= (1L << ((n) & 31)))
|
||||
#define BIT_TEST(a,n) ((a)[(n)>>SHIFT_WORD] & (1L << ((n) & 31)))
|
||||
|
||||
/*
|
||||
* Prime testing defines
|
||||
*/
|
||||
|
||||
/* Minimum number of primality tests to perform */
|
||||
#define TRIAL_MINIMUM (4)
|
||||
#define TRIAL_MINIMUM (4)
|
||||
|
||||
/*
|
||||
* Sieving data (XXX - move to struct)
|
||||
@ -144,7 +144,7 @@ static u_int32_t *LargeSieve, largewords, largetries, largenumbers;
|
||||
static u_int32_t largebits, largememory; /* megabytes */
|
||||
static BIGNUM *largebase;
|
||||
|
||||
int gen_candidates(FILE *, int, int, BIGNUM *);
|
||||
int gen_candidates(FILE *, u_int32_t, u_int32_t, BIGNUM *);
|
||||
int prime_test(FILE *, FILE *, u_int32_t, u_int32_t);
|
||||
|
||||
/*
|
||||
@ -241,19 +241,20 @@ sieve_large(u_int32_t s)
|
||||
* The list is checked against small known primes (less than 2**30).
|
||||
*/
|
||||
int
|
||||
gen_candidates(FILE *out, int memory, int power, BIGNUM *start)
|
||||
gen_candidates(FILE *out, u_int32_t memory, u_int32_t power, BIGNUM *start)
|
||||
{
|
||||
BIGNUM *q;
|
||||
u_int32_t j, r, s, t;
|
||||
u_int32_t smallwords = TINY_NUMBER >> 6;
|
||||
u_int32_t tinywords = TINY_NUMBER >> 6;
|
||||
time_t time_start, time_stop;
|
||||
int i, ret = 0;
|
||||
u_int32_t i;
|
||||
int ret = 0;
|
||||
|
||||
largememory = memory;
|
||||
|
||||
if (memory != 0 &&
|
||||
(memory < LARGE_MINIMUM || memory > LARGE_MAXIMUM)) {
|
||||
(memory < LARGE_MINIMUM || memory > LARGE_MAXIMUM)) {
|
||||
error("Invalid memory amount (min %ld, max %ld)",
|
||||
LARGE_MINIMUM, LARGE_MAXIMUM);
|
||||
return (-1);
|
||||
@ -371,8 +372,8 @@ gen_candidates(FILE *out, int memory, int power, BIGNUM *start)
|
||||
* fencepost errors, the last pass is skipped.
|
||||
*/
|
||||
for (smallbase = TINY_NUMBER + 3;
|
||||
smallbase < (SMALL_MAXIMUM - TINY_NUMBER);
|
||||
smallbase += TINY_NUMBER) {
|
||||
smallbase < (SMALL_MAXIMUM - TINY_NUMBER);
|
||||
smallbase += TINY_NUMBER) {
|
||||
for (i = 0; i < tinybits; i++) {
|
||||
if (BIT_TEST(TinySieve, i))
|
||||
continue; /* 2*i+3 is composite */
|
||||
@ -548,7 +549,7 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted)
|
||||
* due to earlier inconsistencies in interpretation, check
|
||||
* the proposed bit size.
|
||||
*/
|
||||
if (BN_num_bits(p) != (in_size + 1)) {
|
||||
if ((u_int32_t)BN_num_bits(p) != (in_size + 1)) {
|
||||
debug2("%10u: bit size %u mismatch", count_in, in_size);
|
||||
continue;
|
||||
}
|
||||
|
@ -22,7 +22,7 @@
|
||||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: msg.c,v 1.7 2003/11/17 09:45:39 djm Exp $");
|
||||
RCSID("$OpenBSD: msg.c,v 1.8 2005/05/24 17:32:43 avsm Exp $");
|
||||
|
||||
#include "buffer.h"
|
||||
#include "getput.h"
|
||||
@ -55,15 +55,13 @@ int
|
||||
ssh_msg_recv(int fd, Buffer *m)
|
||||
{
|
||||
u_char buf[4];
|
||||
ssize_t res;
|
||||
u_int msg_len;
|
||||
|
||||
debug3("ssh_msg_recv entering");
|
||||
|
||||
res = atomicio(read, fd, buf, sizeof(buf));
|
||||
if (res != sizeof(buf)) {
|
||||
if (res != 0)
|
||||
error("ssh_msg_recv: read: header %ld", (long)res);
|
||||
if (atomicio(read, fd, buf, sizeof(buf)) != sizeof(buf)) {
|
||||
if (errno != EPIPE)
|
||||
error("ssh_msg_recv: read: header");
|
||||
return (-1);
|
||||
}
|
||||
msg_len = GET_32BIT(buf);
|
||||
@ -73,9 +71,8 @@ ssh_msg_recv(int fd, Buffer *m)
|
||||
}
|
||||
buffer_clear(m);
|
||||
buffer_append_space(m, msg_len);
|
||||
res = atomicio(read, fd, buffer_ptr(m), msg_len);
|
||||
if (res != msg_len) {
|
||||
error("ssh_msg_recv: read: %ld != msg_len", (long)res);
|
||||
if (atomicio(read, fd, buffer_ptr(m), msg_len) != msg_len) {
|
||||
error("ssh_msg_recv: read: %s", strerror(errno));
|
||||
return (-1);
|
||||
}
|
||||
return (0);
|
||||
|
@ -1,4 +1,4 @@
|
||||
# $Id: Makefile.in,v 1.31 2004/08/15 08:41:00 djm Exp $
|
||||
# $Id: Makefile.in,v 1.35 2005/08/26 20:15:20 tim Exp $
|
||||
|
||||
sysconfdir=@sysconfdir@
|
||||
piddir=@piddir@
|
||||
@ -16,11 +16,11 @@ RANLIB=@RANLIB@
|
||||
INSTALL=@INSTALL@
|
||||
LDFLAGS=-L. @LDFLAGS@
|
||||
|
||||
OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o getcwd.o getgrouplist.o getopt.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sigact.o strlcat.o strlcpy.o strmode.o strsep.o strtoul.o vis.o
|
||||
OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o getcwd.o getgrouplist.o getopt.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sigact.o strlcat.o strlcpy.o strmode.o strsep.o strtonum.o strtoll.o strtoul.o vis.o
|
||||
|
||||
COMPAT=bsd-arc4random.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-snprintf.o bsd-waitpid.o fake-rfc2553.o xmmap.o xcrypt.o
|
||||
COMPAT=bsd-arc4random.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-snprintf.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o
|
||||
|
||||
PORTS=port-irix.o port-aix.o
|
||||
PORTS=port-irix.o port-aix.o port-uw.o
|
||||
|
||||
.c.o:
|
||||
$(CC) $(CFLAGS) $(CPPFLAGS) -c $<
|
||||
|
@ -29,7 +29,7 @@
|
||||
|
||||
#include "includes.h"
|
||||
|
||||
RCSID("$Id: bsd-cygwin_util.c,v 1.13.4.1 2005/05/25 09:42:40 dtucker Exp $");
|
||||
RCSID("$Id: bsd-cygwin_util.c,v 1.14 2005/05/25 09:42:11 dtucker Exp $");
|
||||
|
||||
#ifdef HAVE_CYGWIN
|
||||
|
||||
|
@ -18,7 +18,7 @@
|
||||
#include "includes.h"
|
||||
#include "xmalloc.h"
|
||||
|
||||
RCSID("$Id: bsd-misc.c,v 1.26 2005/02/25 23:07:38 dtucker Exp $");
|
||||
RCSID("$Id: bsd-misc.c,v 1.27 2005/05/27 11:13:41 dtucker Exp $");
|
||||
|
||||
#ifndef HAVE___PROGNAME
|
||||
char *__progname;
|
||||
@ -212,3 +212,21 @@ mysignal(int sig, mysig_t act)
|
||||
return (signal(sig, act));
|
||||
#endif
|
||||
}
|
||||
|
||||
#ifndef HAVE_STRDUP
|
||||
char *
|
||||
strdup(const char *str)
|
||||
{
|
||||
size_t len;
|
||||
char *cp;
|
||||
|
||||
len = strlen(str) + 1;
|
||||
cp = malloc(len);
|
||||
if (cp != NULL)
|
||||
if (strlcpy(cp, str, len) != len) {
|
||||
free(cp);
|
||||
return NULL;
|
||||
}
|
||||
return cp;
|
||||
}
|
||||
#endif
|
||||
|
@ -144,6 +144,8 @@ _getshort(msgp)
|
||||
GETSHORT(u, msgp);
|
||||
return (u);
|
||||
}
|
||||
#elif defined(HAVE_DECL__GETSHORT) && (HAVE_DECL__GETSHORT == 0)
|
||||
u_int16_t _getshort(register const u_char *);
|
||||
#endif
|
||||
|
||||
#ifndef HAVE__GETLONG
|
||||
@ -156,6 +158,8 @@ _getlong(msgp)
|
||||
GETLONG(u, msgp);
|
||||
return (u);
|
||||
}
|
||||
#elif defined(HAVE_DECL__GETLONG) && (HAVE_DECL__GETLONG == 0)
|
||||
u_int32_t _getlong(register const u_char *);
|
||||
#endif
|
||||
|
||||
int
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $Id: openbsd-compat.h,v 1.26 2004/08/15 08:41:00 djm Exp $ */
|
||||
/* $Id: openbsd-compat.h,v 1.30 2005/08/26 20:15:20 tim Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 1999-2003 Damien Miller. All rights reserved.
|
||||
@ -152,6 +152,10 @@ int openpty(int *, int *, char *, struct termios *, struct winsize *);
|
||||
int snprintf(char *, size_t, const char *, ...);
|
||||
#endif
|
||||
|
||||
#ifndef HAVE_STRTONUM
|
||||
long long strtonum(const char *, long long, long long, const char **);
|
||||
#endif
|
||||
|
||||
#ifndef HAVE_VSNPRINTF
|
||||
int vsnprintf(char *, size_t, const char *, va_list);
|
||||
#endif
|
||||
@ -169,5 +173,6 @@ char *shadow_pw(struct passwd *pw);
|
||||
#include "bsd-cygwin_util.h"
|
||||
#include "port-irix.h"
|
||||
#include "port-aix.h"
|
||||
#include "port-uw.h"
|
||||
|
||||
#endif /* _OPENBSD_COMPAT_H */
|
||||
|
46
crypto/openssh/openbsd-compat/openssl-compat.c
Normal file
46
crypto/openssh/openbsd-compat/openssl-compat.c
Normal file
@ -0,0 +1,46 @@
|
||||
/* $Id: openssl-compat.c,v 1.2 2005/06/17 11:15:21 dtucker Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au>
|
||||
*
|
||||
* Permission to use, copy, modify, and distribute this software for any
|
||||
* purpose with or without fee is hereby granted, provided that the above
|
||||
* copyright notice and this permission notice appear in all copies.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
||||
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
||||
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
||||
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
||||
* WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER
|
||||
* IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
|
||||
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
|
||||
#define SSH_DONT_REDEF_EVP
|
||||
#include "openssl-compat.h"
|
||||
|
||||
#ifdef SSH_OLD_EVP
|
||||
int
|
||||
ssh_EVP_CipherInit(EVP_CIPHER_CTX *evp, const EVP_CIPHER *type,
|
||||
unsigned char *key, unsigned char *iv, int enc)
|
||||
{
|
||||
EVP_CipherInit(evp, type, key, iv, enc);
|
||||
return 1;
|
||||
}
|
||||
|
||||
int
|
||||
ssh_EVP_Cipher(EVP_CIPHER_CTX *evp, char *dst, char *src, int len)
|
||||
{
|
||||
EVP_Cipher(evp, dst, src, len);
|
||||
return 1;
|
||||
}
|
||||
|
||||
int
|
||||
ssh_EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *evp)
|
||||
{
|
||||
EVP_CIPHER_CTX_cleanup(evp);
|
||||
return 1;
|
||||
}
|
||||
#endif
|
65
crypto/openssh/openbsd-compat/openssl-compat.h
Normal file
65
crypto/openssh/openbsd-compat/openssl-compat.h
Normal file
@ -0,0 +1,65 @@
|
||||
/* $Id: openssl-compat.h,v 1.1 2005/06/09 11:45:11 dtucker Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au>
|
||||
*
|
||||
* Permission to use, copy, modify, and distribute this software for any
|
||||
* purpose with or without fee is hereby granted, provided that the above
|
||||
* copyright notice and this permission notice appear in all copies.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
||||
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
||||
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
||||
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
||||
* WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER
|
||||
* IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
|
||||
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
#include <openssl/evp.h>
|
||||
|
||||
#if OPENSSL_VERSION_NUMBER < 0x00906000L
|
||||
# define SSH_OLD_EVP
|
||||
# define EVP_CIPHER_CTX_get_app_data(e) ((e)->app_data)
|
||||
#endif
|
||||
|
||||
#if OPENSSL_VERSION_NUMBER < 0x00907000L
|
||||
# define EVP_aes_128_cbc evp_rijndael
|
||||
# define EVP_aes_192_cbc evp_rijndael
|
||||
# define EVP_aes_256_cbc evp_rijndael
|
||||
extern const EVP_CIPHER *evp_rijndael(void);
|
||||
extern void ssh_rijndael_iv(EVP_CIPHER_CTX *, int, u_char *, u_int);
|
||||
#endif
|
||||
|
||||
#if !defined(EVP_CTRL_SET_ACSS_MODE)
|
||||
# if (OPENSSL_VERSION_NUMBER >= 0x00907000L)
|
||||
# define USE_CIPHER_ACSS 1
|
||||
extern const EVP_CIPHER *evp_acss(void);
|
||||
# define EVP_acss evp_acss
|
||||
# else
|
||||
# define EVP_acss NULL
|
||||
# endif
|
||||
#endif
|
||||
|
||||
/*
|
||||
* insert comment here
|
||||
*/
|
||||
#ifdef SSH_OLD_EVP
|
||||
|
||||
# ifndef SSH_DONT_REDEF_EVP
|
||||
|
||||
# ifdef EVP_Cipher
|
||||
# undef EVP_Cipher
|
||||
# endif
|
||||
|
||||
# define EVP_CipherInit(a,b,c,d,e) ssh_EVP_CipherInit((a),(b),(c),(d),(e))
|
||||
# define EVP_Cipher(a,b,c,d) ssh_EVP_Cipher((a),(b),(c),(d))
|
||||
# define EVP_CIPHER_CTX_cleanup(a) ssh_EVP_CIPHER_CTX_cleanup((a))
|
||||
# endif
|
||||
|
||||
int ssh_EVP_CipherInit(EVP_CIPHER_CTX *, const EVP_CIPHER *, unsigned char *,
|
||||
unsigned char *, int);
|
||||
int ssh_EVP_Cipher(EVP_CIPHER_CTX *, char *, char *, int);
|
||||
int ssh_EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *);
|
||||
#endif
|
@ -1,7 +1,7 @@
|
||||
/*
|
||||
*
|
||||
* Copyright (c) 2001 Gert Doering. All rights reserved.
|
||||
* Copyright (c) 2003,2004 Darren Tucker. All rights reserved.
|
||||
* Copyright (c) 2003,2004,2005 Darren Tucker. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
@ -42,14 +42,12 @@ static char old_registry[REGISTRY_SIZE] = "";
|
||||
# endif
|
||||
|
||||
/*
|
||||
* AIX has a "usrinfo" area where logname and other stuff is stored -
|
||||
* AIX has a "usrinfo" area where logname and other stuff is stored -
|
||||
* a few applications actually use this and die if it's not set
|
||||
*
|
||||
* NOTE: TTY= should be set, but since no one uses it and it's hard to
|
||||
* acquire due to privsep code. We will just drop support.
|
||||
*/
|
||||
|
||||
|
||||
void
|
||||
aix_usrinfo(struct passwd *pw)
|
||||
{
|
||||
@ -60,7 +58,7 @@ aix_usrinfo(struct passwd *pw)
|
||||
len = sizeof("LOGNAME= NAME= ") + (2 * strlen(pw->pw_name));
|
||||
cp = xmalloc(len);
|
||||
|
||||
i = snprintf(cp, len, "LOGNAME=%s%cNAME=%s%c", pw->pw_name, '\0',
|
||||
i = snprintf(cp, len, "LOGNAME=%s%cNAME=%s%c", pw->pw_name, '\0',
|
||||
pw->pw_name, '\0');
|
||||
if (usrinfo(SETUINFO, cp, i) == -1)
|
||||
fatal("Couldn't set usrinfo: %s", strerror(errno));
|
||||
@ -153,14 +151,14 @@ aix_valid_authentications(const char *user)
|
||||
int
|
||||
sys_auth_passwd(Authctxt *ctxt, const char *password)
|
||||
{
|
||||
char *authmsg = NULL, *msg, *name = ctxt->pw->pw_name;
|
||||
char *authmsg = NULL, *msg = NULL, *name = ctxt->pw->pw_name;
|
||||
int authsuccess = 0, expired, reenter, result;
|
||||
|
||||
do {
|
||||
result = authenticate((char *)name, (char *)password, &reenter,
|
||||
&authmsg);
|
||||
aix_remove_embedded_newlines(authmsg);
|
||||
debug3("AIX/authenticate result %d, msg %.100s", result,
|
||||
debug3("AIX/authenticate result %d, authmsg %.100s", result,
|
||||
authmsg);
|
||||
} while (reenter);
|
||||
|
||||
@ -170,7 +168,7 @@ sys_auth_passwd(Authctxt *ctxt, const char *password)
|
||||
if (result == 0) {
|
||||
authsuccess = 1;
|
||||
|
||||
/*
|
||||
/*
|
||||
* Record successful login. We don't have a pty yet, so just
|
||||
* label the line as "ssh"
|
||||
*/
|
||||
@ -257,7 +255,7 @@ int
|
||||
sys_auth_record_login(const char *user, const char *host, const char *ttynm,
|
||||
Buffer *loginmsg)
|
||||
{
|
||||
char *msg;
|
||||
char *msg = NULL;
|
||||
int success = 0;
|
||||
|
||||
aix_setauthdb(user);
|
||||
|
@ -1,8 +1,9 @@
|
||||
/* $Id: port-aix.h,v 1.25 2005/03/21 11:46:34 dtucker Exp $ */
|
||||
/* $Id: port-aix.h,v 1.26 2005/05/28 10:28:40 dtucker Exp $ */
|
||||
|
||||
/*
|
||||
*
|
||||
* Copyright (c) 2001 Gert Doering. All rights reserved.
|
||||
* Copyright (c) 2004, 2005 Darren Tucker. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
@ -47,23 +48,23 @@
|
||||
|
||||
/* These should be in the system headers but are not. */
|
||||
int usrinfo(int, char *, int);
|
||||
#if (HAVE_DECL_SETAUTHDB == 0)
|
||||
#if defined(HAVE_DECL_SETAUTHDB) && (HAVE_DECL_SETAUTHDB == 0)
|
||||
int setauthdb(const char *, char *);
|
||||
#endif
|
||||
/* these may or may not be in the headers depending on the version */
|
||||
#if (HAVE_DECL_AUTHENTICATE == 0)
|
||||
#if defined(HAVE_DECL_AUTHENTICATE) && (HAVE_DECL_AUTHENTICATE == 0)
|
||||
int authenticate(char *, char *, int *, char **);
|
||||
#endif
|
||||
#if (HAVE_DECL_LOGINFAILED == 0)
|
||||
#if defined(HAVE_DECL_LOGINFAILED) && (HAVE_DECL_LOGINFAILED == 0)
|
||||
int loginfailed(char *, char *, char *);
|
||||
#endif
|
||||
#if (HAVE_DECL_LOGINRESTRICTIONS == 0)
|
||||
#if defined(HAVE_DECL_LOGINRESTRICTIONS) && (HAVE_DECL_LOGINRESTRICTIONS == 0)
|
||||
int loginrestrictions(char *, int, char *, char **);
|
||||
#endif
|
||||
#if (HAVE_DECL_LOGINSUCCESS == 0)
|
||||
#if defined(HAVE_DECL_LOGINSUCCESS) && (HAVE_DECL_LOGINSUCCESS == 0)
|
||||
int loginsuccess(char *, char *, char *, char **);
|
||||
#endif
|
||||
#if (HAVE_DECL_PASSWDEXPIRED == 0)
|
||||
#if defined(HAVE_DECL_PASSWDEXPIRED) && (HAVE_DECL_PASSWDEXPIRED == 0)
|
||||
int passwdexpired(char *, char **);
|
||||
#endif
|
||||
|
||||
|
134
crypto/openssh/openbsd-compat/port-uw.c
Normal file
134
crypto/openssh/openbsd-compat/port-uw.c
Normal file
@ -0,0 +1,134 @@
|
||||
/*
|
||||
* Copyright (c) 2005 The SCO Group. All rights reserved.
|
||||
* Copyright (c) 2005 Tim Rice. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
|
||||
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
||||
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
||||
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
|
||||
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
|
||||
#if defined(HAVE_LIBIAF) && !defined(BROKEN_LIBIAF)
|
||||
#ifdef HAVE_CRYPT_H
|
||||
#include <crypt.h>
|
||||
#endif
|
||||
#include "packet.h"
|
||||
#include "buffer.h"
|
||||
#include "log.h"
|
||||
#include "servconf.h"
|
||||
#include "auth.h"
|
||||
#include "auth-options.h"
|
||||
|
||||
int nischeck(char *);
|
||||
|
||||
int
|
||||
sys_auth_passwd(Authctxt *authctxt, const char *password)
|
||||
{
|
||||
struct passwd *pw = authctxt->pw;
|
||||
char *encrypted_password;
|
||||
char *salt;
|
||||
int result;
|
||||
|
||||
/* Just use the supplied fake password if authctxt is invalid */
|
||||
char *pw_password = authctxt->valid ? shadow_pw(pw) : pw->pw_passwd;
|
||||
|
||||
/* Check for users with no password. */
|
||||
if (strcmp(pw_password, "") == 0 && strcmp(password, "") == 0)
|
||||
return (1);
|
||||
|
||||
/* Encrypt the candidate password using the proper salt. */
|
||||
salt = (pw_password[0] && pw_password[1]) ? pw_password : "xx";
|
||||
#ifdef UNIXWARE_LONG_PASSWORDS
|
||||
if (!nischeck(pw->pw_name))
|
||||
encrypted_password = bigcrypt(password, salt);
|
||||
else
|
||||
#endif /* UNIXWARE_LONG_PASSWORDS */
|
||||
encrypted_password = xcrypt(password, salt);
|
||||
|
||||
/*
|
||||
* Authentication is accepted if the encrypted passwords
|
||||
* are identical.
|
||||
*/
|
||||
result = (strcmp(encrypted_password, pw_password) == 0);
|
||||
|
||||
if (authctxt->valid)
|
||||
free(pw_password);
|
||||
return(result);
|
||||
}
|
||||
|
||||
#ifdef UNIXWARE_LONG_PASSWORDS
|
||||
int
|
||||
nischeck(char *namep)
|
||||
{
|
||||
char password_file[] = "/etc/passwd";
|
||||
FILE *fd;
|
||||
struct passwd *ent = NULL;
|
||||
|
||||
if ((fd = fopen (password_file, "r")) == NULL) {
|
||||
/*
|
||||
* If the passwd file has dissapeared we are in a bad state.
|
||||
* However, returning 0 will send us back through the
|
||||
* authentication scheme that has checked the ia database for
|
||||
* passwords earlier.
|
||||
*/
|
||||
return(0);
|
||||
}
|
||||
|
||||
/*
|
||||
* fgetpwent() only reads from password file, so we know for certain
|
||||
* that the user is local.
|
||||
*/
|
||||
while (ent = fgetpwent(fd)) {
|
||||
if (strcmp (ent->pw_name, namep) == 0) {
|
||||
/* Local user */
|
||||
fclose (fd);
|
||||
return(0);
|
||||
}
|
||||
}
|
||||
|
||||
fclose (fd);
|
||||
return (1);
|
||||
}
|
||||
|
||||
#endif /* UNIXWARE_LONG_PASSWORDS */
|
||||
|
||||
/*
|
||||
NOTE: ia_get_logpwd() allocates memory for arg 2
|
||||
functions that call shadow_pw() will need to free
|
||||
*/
|
||||
|
||||
char *
|
||||
get_iaf_password(struct passwd *pw)
|
||||
{
|
||||
char *pw_password = NULL;
|
||||
|
||||
uinfo_t uinfo;
|
||||
if (!ia_openinfo(pw->pw_name,&uinfo)) {
|
||||
ia_get_logpwd(uinfo, &pw_password);
|
||||
if (pw_password == NULL)
|
||||
fatal("ia_get_logpwd: Unable to get the shadow passwd");
|
||||
ia_closeinfo(uinfo);
|
||||
return pw_password;
|
||||
}
|
||||
else
|
||||
fatal("ia_openinfo: Unable to open the shadow passwd file");
|
||||
}
|
||||
#endif /* HAVE_LIBIAF && !BROKEN_LIBIAF */
|
||||
|
30
crypto/openssh/openbsd-compat/port-uw.h
Normal file
30
crypto/openssh/openbsd-compat/port-uw.h
Normal file
@ -0,0 +1,30 @@
|
||||
/*
|
||||
* Copyright (c) 2005 Tim Rice. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
|
||||
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
||||
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
||||
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
|
||||
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
|
||||
#if defined(HAVE_LIBIAF) && !defined(BROKEN_LIBIAF)
|
||||
char * get_iaf_password(struct passwd *pw);
|
||||
#endif
|
||||
|
@ -1,11 +1,7 @@
|
||||
/* OPENBSD ORIGINAL: lib/libc/stdlib/realpath.c */
|
||||
|
||||
/*
|
||||
* Copyright (c) 1994
|
||||
* The Regents of the University of California. All rights reserved.
|
||||
*
|
||||
* This code is derived from software contributed to Berkeley by
|
||||
* Jan-Simon Pendry.
|
||||
* Copyright (c) 2003 Constantin S. Svintsoff <kostik@iclub.nsu.ru>
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
@ -15,14 +11,14 @@
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. Neither the name of the University nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
* 3. The names of the authors may not be used to endorse or promote
|
||||
* products derived from this software without specific prior written
|
||||
* permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
@ -36,169 +32,165 @@
|
||||
|
||||
#if !defined(HAVE_REALPATH) || defined(BROKEN_REALPATH)
|
||||
|
||||
#if defined(LIBC_SCCS) && !defined(lint)
|
||||
static char *rcsid = "$OpenBSD: realpath.c,v 1.11 2004/11/30 15:12:59 millert Exp $";
|
||||
#endif /* LIBC_SCCS and not lint */
|
||||
|
||||
#include <sys/param.h>
|
||||
#include <sys/stat.h>
|
||||
|
||||
#include <errno.h>
|
||||
#include <fcntl.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <unistd.h>
|
||||
|
||||
/*
|
||||
* MAXSYMLINKS
|
||||
*/
|
||||
#ifndef MAXSYMLINKS
|
||||
#define MAXSYMLINKS 5
|
||||
#endif
|
||||
|
||||
/*
|
||||
* char *realpath(const char *path, char resolved_path[MAXPATHLEN]);
|
||||
* char *realpath(const char *path, char resolved[PATH_MAX]);
|
||||
*
|
||||
* Find the real name of path, by removing all ".", ".." and symlink
|
||||
* components. Returns (resolved) on success, or (NULL) on failure,
|
||||
* in which case the path which caused trouble is left in (resolved).
|
||||
*/
|
||||
char *
|
||||
realpath(const char *path, char *resolved)
|
||||
realpath(const char *path, char resolved[PATH_MAX])
|
||||
{
|
||||
struct stat sb;
|
||||
int fd, n, needslash, serrno;
|
||||
char *p, *q, wbuf[MAXPATHLEN];
|
||||
int symlinks = 0;
|
||||
char *p, *q, *s;
|
||||
size_t left_len, resolved_len;
|
||||
unsigned symlinks;
|
||||
int serrno, slen;
|
||||
char left[PATH_MAX], next_token[PATH_MAX], symlink[PATH_MAX];
|
||||
|
||||
/* Save the starting point. */
|
||||
#ifndef HAVE_FCHDIR
|
||||
char start[MAXPATHLEN];
|
||||
/* this is potentially racy but without fchdir we have no option */
|
||||
if (getcwd(start, sizeof(start)) == NULL) {
|
||||
resolved[0] = '.';
|
||||
serrno = errno;
|
||||
symlinks = 0;
|
||||
if (path[0] == '/') {
|
||||
resolved[0] = '/';
|
||||
resolved[1] = '\0';
|
||||
return (NULL);
|
||||
}
|
||||
#endif
|
||||
if ((fd = open(".", O_RDONLY)) < 0) {
|
||||
resolved[0] = '.';
|
||||
resolved[1] = '\0';
|
||||
return (NULL);
|
||||
}
|
||||
|
||||
/* Convert "." -> "" to optimize away a needless lstat() and chdir() */
|
||||
if (path[0] == '.' && path[1] == '\0')
|
||||
path = "";
|
||||
|
||||
/*
|
||||
* Find the dirname and basename from the path to be resolved.
|
||||
* Change directory to the dirname component.
|
||||
* lstat the basename part.
|
||||
* if it is a symlink, read in the value and loop.
|
||||
* if it is a directory, then change to that directory.
|
||||
* get the current directory name and append the basename.
|
||||
*/
|
||||
if (strlcpy(resolved, path, MAXPATHLEN) >= MAXPATHLEN) {
|
||||
serrno = ENAMETOOLONG;
|
||||
goto err2;
|
||||
}
|
||||
loop:
|
||||
q = strrchr(resolved, '/');
|
||||
if (q != NULL) {
|
||||
p = q + 1;
|
||||
if (q == resolved)
|
||||
q = "/";
|
||||
else {
|
||||
do {
|
||||
--q;
|
||||
} while (q > resolved && *q == '/');
|
||||
q[1] = '\0';
|
||||
q = resolved;
|
||||
}
|
||||
if (chdir(q) < 0)
|
||||
goto err1;
|
||||
} else
|
||||
p = resolved;
|
||||
|
||||
/* Deal with the last component. */
|
||||
if (*p != '\0' && lstat(p, &sb) == 0) {
|
||||
if (S_ISLNK(sb.st_mode)) {
|
||||
if (++symlinks > MAXSYMLINKS) {
|
||||
errno = ELOOP;
|
||||
goto err1;
|
||||
}
|
||||
if ((n = readlink(p, resolved, MAXPATHLEN-1)) < 0)
|
||||
goto err1;
|
||||
resolved[n] = '\0';
|
||||
goto loop;
|
||||
}
|
||||
if (S_ISDIR(sb.st_mode)) {
|
||||
if (chdir(p) < 0)
|
||||
goto err1;
|
||||
p = "";
|
||||
if (path[1] == '\0')
|
||||
return (resolved);
|
||||
resolved_len = 1;
|
||||
left_len = strlcpy(left, path + 1, sizeof(left));
|
||||
} else {
|
||||
if (getcwd(resolved, PATH_MAX) == NULL) {
|
||||
strlcpy(resolved, ".", PATH_MAX);
|
||||
return (NULL);
|
||||
}
|
||||
resolved_len = strlen(resolved);
|
||||
left_len = strlcpy(left, path, sizeof(left));
|
||||
}
|
||||
|
||||
/*
|
||||
* Save the last component name and get the full pathname of
|
||||
* the current directory.
|
||||
*/
|
||||
if (strlcpy(wbuf, p, sizeof(wbuf)) >= sizeof(wbuf)) {
|
||||
if (left_len >= sizeof(left) || resolved_len >= PATH_MAX) {
|
||||
errno = ENAMETOOLONG;
|
||||
goto err1;
|
||||
return (NULL);
|
||||
}
|
||||
if (getcwd(resolved, MAXPATHLEN) == NULL)
|
||||
goto err1;
|
||||
|
||||
/*
|
||||
* Join the two strings together, ensuring that the right thing
|
||||
* happens if the last component is empty, or the dirname is root.
|
||||
* Iterate over path components in `left'.
|
||||
*/
|
||||
if (resolved[0] == '/' && resolved[1] == '\0')
|
||||
needslash = 0;
|
||||
else
|
||||
needslash = 1;
|
||||
|
||||
if (*wbuf) {
|
||||
if (strlen(resolved) + strlen(wbuf) + needslash >= MAXPATHLEN) {
|
||||
while (left_len != 0) {
|
||||
/*
|
||||
* Extract the next path component and adjust `left'
|
||||
* and its length.
|
||||
*/
|
||||
p = strchr(left, '/');
|
||||
s = p ? p : left + left_len;
|
||||
if (s - left >= sizeof(next_token)) {
|
||||
errno = ENAMETOOLONG;
|
||||
goto err1;
|
||||
return (NULL);
|
||||
}
|
||||
if (needslash) {
|
||||
if (strlcat(resolved, "/", MAXPATHLEN) >= MAXPATHLEN) {
|
||||
memcpy(next_token, left, s - left);
|
||||
next_token[s - left] = '\0';
|
||||
left_len -= s - left;
|
||||
if (p != NULL)
|
||||
memmove(left, s + 1, left_len + 1);
|
||||
if (resolved[resolved_len - 1] != '/') {
|
||||
if (resolved_len + 1 >= PATH_MAX) {
|
||||
errno = ENAMETOOLONG;
|
||||
goto err1;
|
||||
return (NULL);
|
||||
}
|
||||
resolved[resolved_len++] = '/';
|
||||
resolved[resolved_len] = '\0';
|
||||
}
|
||||
if (strlcat(resolved, wbuf, MAXPATHLEN) >= MAXPATHLEN) {
|
||||
if (next_token[0] == '\0')
|
||||
continue;
|
||||
else if (strcmp(next_token, ".") == 0)
|
||||
continue;
|
||||
else if (strcmp(next_token, "..") == 0) {
|
||||
/*
|
||||
* Strip the last path component except when we have
|
||||
* single "/"
|
||||
*/
|
||||
if (resolved_len > 1) {
|
||||
resolved[resolved_len - 1] = '\0';
|
||||
q = strrchr(resolved, '/') + 1;
|
||||
*q = '\0';
|
||||
resolved_len = q - resolved;
|
||||
}
|
||||
continue;
|
||||
}
|
||||
|
||||
/*
|
||||
* Append the next path component and lstat() it. If
|
||||
* lstat() fails we still can return successfully if
|
||||
* there are no more path components left.
|
||||
*/
|
||||
resolved_len = strlcat(resolved, next_token, PATH_MAX);
|
||||
if (resolved_len >= PATH_MAX) {
|
||||
errno = ENAMETOOLONG;
|
||||
goto err1;
|
||||
return (NULL);
|
||||
}
|
||||
if (lstat(resolved, &sb) != 0) {
|
||||
if (errno == ENOENT && p == NULL) {
|
||||
errno = serrno;
|
||||
return (resolved);
|
||||
}
|
||||
return (NULL);
|
||||
}
|
||||
if (S_ISLNK(sb.st_mode)) {
|
||||
if (symlinks++ > MAXSYMLINKS) {
|
||||
errno = ELOOP;
|
||||
return (NULL);
|
||||
}
|
||||
slen = readlink(resolved, symlink, sizeof(symlink) - 1);
|
||||
if (slen < 0)
|
||||
return (NULL);
|
||||
symlink[slen] = '\0';
|
||||
if (symlink[0] == '/') {
|
||||
resolved[1] = 0;
|
||||
resolved_len = 1;
|
||||
} else if (resolved_len > 1) {
|
||||
/* Strip the last path component. */
|
||||
resolved[resolved_len - 1] = '\0';
|
||||
q = strrchr(resolved, '/') + 1;
|
||||
*q = '\0';
|
||||
resolved_len = q - resolved;
|
||||
}
|
||||
|
||||
/*
|
||||
* If there are any path components left, then
|
||||
* append them to symlink. The result is placed
|
||||
* in `left'.
|
||||
*/
|
||||
if (p != NULL) {
|
||||
if (symlink[slen - 1] != '/') {
|
||||
if (slen + 1 >= sizeof(symlink)) {
|
||||
errno = ENAMETOOLONG;
|
||||
return (NULL);
|
||||
}
|
||||
symlink[slen] = '/';
|
||||
symlink[slen + 1] = 0;
|
||||
}
|
||||
left_len = strlcat(symlink, left, sizeof(left));
|
||||
if (left_len >= sizeof(left)) {
|
||||
errno = ENAMETOOLONG;
|
||||
return (NULL);
|
||||
}
|
||||
}
|
||||
left_len = strlcpy(left, symlink, sizeof(left));
|
||||
}
|
||||
}
|
||||
|
||||
/* Go back to where we came from. */
|
||||
#ifdef HAVE_FCHDIR
|
||||
if (fchdir(fd) < 0) {
|
||||
#else
|
||||
if (chdir(start) < 0) {
|
||||
#endif
|
||||
serrno = errno;
|
||||
goto err2;
|
||||
}
|
||||
|
||||
/* It's okay if the close fails, what's an fd more or less? */
|
||||
(void)close(fd);
|
||||
/*
|
||||
* Remove trailing slash except when the resolved pathname
|
||||
* is a single "/".
|
||||
*/
|
||||
if (resolved_len > 1 && resolved[resolved_len - 1] == '/')
|
||||
resolved[resolved_len - 1] = '\0';
|
||||
return (resolved);
|
||||
|
||||
err1: serrno = errno;
|
||||
#ifdef HAVE_FCHDIR
|
||||
(void)fchdir(fd);
|
||||
#else
|
||||
chdir(start);
|
||||
#endif
|
||||
err2: (void)close(fd);
|
||||
errno = serrno;
|
||||
return (NULL);
|
||||
}
|
||||
#endif /* !defined(HAVE_REALPATH) || defined(BROKEN_REALPATH) */
|
||||
|
151
crypto/openssh/openbsd-compat/strtoll.c
Normal file
151
crypto/openssh/openbsd-compat/strtoll.c
Normal file
@ -0,0 +1,151 @@
|
||||
/* OPENBSD ORIGINAL: lib/libc/stdlib/strtoll.c */
|
||||
|
||||
/*-
|
||||
* Copyright (c) 1992 The Regents of the University of California.
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. Neither the name of the University nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
#ifndef HAVE_STRTOLL
|
||||
|
||||
#if defined(LIBC_SCCS) && !defined(lint)
|
||||
static const char rcsid[] = "$OpenBSD: strtoll.c,v 1.4 2005/03/30 18:51:49 pat Exp $";
|
||||
#endif /* LIBC_SCCS and not lint */
|
||||
|
||||
#include <sys/types.h>
|
||||
|
||||
#include <ctype.h>
|
||||
#include <errno.h>
|
||||
#include <limits.h>
|
||||
#include <stdlib.h>
|
||||
|
||||
/*
|
||||
* Convert a string to a long long.
|
||||
*
|
||||
* Ignores `locale' stuff. Assumes that the upper and lower case
|
||||
* alphabets and digits are each contiguous.
|
||||
*/
|
||||
long long
|
||||
strtoll(const char *nptr, char **endptr, int base)
|
||||
{
|
||||
const char *s;
|
||||
long long acc, cutoff;
|
||||
int c;
|
||||
int neg, any, cutlim;
|
||||
|
||||
/*
|
||||
* Skip white space and pick up leading +/- sign if any.
|
||||
* If base is 0, allow 0x for hex and 0 for octal, else
|
||||
* assume decimal; if base is already 16, allow 0x.
|
||||
*/
|
||||
s = nptr;
|
||||
do {
|
||||
c = (unsigned char) *s++;
|
||||
} while (isspace(c));
|
||||
if (c == '-') {
|
||||
neg = 1;
|
||||
c = *s++;
|
||||
} else {
|
||||
neg = 0;
|
||||
if (c == '+')
|
||||
c = *s++;
|
||||
}
|
||||
if ((base == 0 || base == 16) &&
|
||||
c == '0' && (*s == 'x' || *s == 'X')) {
|
||||
c = s[1];
|
||||
s += 2;
|
||||
base = 16;
|
||||
}
|
||||
if (base == 0)
|
||||
base = c == '0' ? 8 : 10;
|
||||
|
||||
/*
|
||||
* Compute the cutoff value between legal numbers and illegal
|
||||
* numbers. That is the largest legal value, divided by the
|
||||
* base. An input number that is greater than this value, if
|
||||
* followed by a legal input character, is too big. One that
|
||||
* is equal to this value may be valid or not; the limit
|
||||
* between valid and invalid numbers is then based on the last
|
||||
* digit. For instance, if the range for long longs is
|
||||
* [-9223372036854775808..9223372036854775807] and the input base
|
||||
* is 10, cutoff will be set to 922337203685477580 and cutlim to
|
||||
* either 7 (neg==0) or 8 (neg==1), meaning that if we have
|
||||
* accumulated a value > 922337203685477580, or equal but the
|
||||
* next digit is > 7 (or 8), the number is too big, and we will
|
||||
* return a range error.
|
||||
*
|
||||
* Set any if any `digits' consumed; make it negative to indicate
|
||||
* overflow.
|
||||
*/
|
||||
cutoff = neg ? LLONG_MIN : LLONG_MAX;
|
||||
cutlim = cutoff % base;
|
||||
cutoff /= base;
|
||||
if (neg) {
|
||||
if (cutlim > 0) {
|
||||
cutlim -= base;
|
||||
cutoff += 1;
|
||||
}
|
||||
cutlim = -cutlim;
|
||||
}
|
||||
for (acc = 0, any = 0;; c = (unsigned char) *s++) {
|
||||
if (isdigit(c))
|
||||
c -= '0';
|
||||
else if (isalpha(c))
|
||||
c -= isupper(c) ? 'A' - 10 : 'a' - 10;
|
||||
else
|
||||
break;
|
||||
if (c >= base)
|
||||
break;
|
||||
if (any < 0)
|
||||
continue;
|
||||
if (neg) {
|
||||
if (acc < cutoff || (acc == cutoff && c > cutlim)) {
|
||||
any = -1;
|
||||
acc = LLONG_MIN;
|
||||
errno = ERANGE;
|
||||
} else {
|
||||
any = 1;
|
||||
acc *= base;
|
||||
acc -= c;
|
||||
}
|
||||
} else {
|
||||
if (acc > cutoff || (acc == cutoff && c > cutlim)) {
|
||||
any = -1;
|
||||
acc = LLONG_MAX;
|
||||
errno = ERANGE;
|
||||
} else {
|
||||
any = 1;
|
||||
acc *= base;
|
||||
acc += c;
|
||||
}
|
||||
}
|
||||
}
|
||||
if (endptr != 0)
|
||||
*endptr = (char *) (any ? s - 1 : nptr);
|
||||
return (acc);
|
||||
}
|
||||
#endif /* HAVE_STRTOLL */
|
69
crypto/openssh/openbsd-compat/strtonum.c
Normal file
69
crypto/openssh/openbsd-compat/strtonum.c
Normal file
@ -0,0 +1,69 @@
|
||||
/* OPENBSD ORIGINAL: lib/libc/stdlib/strtonum.c */
|
||||
|
||||
/* $OpenBSD: strtonum.c,v 1.6 2004/08/03 19:38:01 millert Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2004 Ted Unangst and Todd Miller
|
||||
* All rights reserved.
|
||||
*
|
||||
* Permission to use, copy, modify, and distribute this software for any
|
||||
* purpose with or without fee is hereby granted, provided that the above
|
||||
* copyright notice and this permission notice appear in all copies.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
||||
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
||||
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
||||
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
||||
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
||||
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
||||
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
#ifndef HAVE_STRTONUM
|
||||
#include <limits.h>
|
||||
|
||||
#define INVALID 1
|
||||
#define TOOSMALL 2
|
||||
#define TOOLARGE 3
|
||||
|
||||
long long
|
||||
strtonum(const char *numstr, long long minval, long long maxval,
|
||||
const char **errstrp)
|
||||
{
|
||||
long long ll = 0;
|
||||
char *ep;
|
||||
int error = 0;
|
||||
struct errval {
|
||||
const char *errstr;
|
||||
int err;
|
||||
} ev[4] = {
|
||||
{ NULL, 0 },
|
||||
{ "invalid", EINVAL },
|
||||
{ "too small", ERANGE },
|
||||
{ "too large", ERANGE },
|
||||
};
|
||||
|
||||
ev[0].err = errno;
|
||||
errno = 0;
|
||||
if (minval > maxval)
|
||||
error = INVALID;
|
||||
else {
|
||||
ll = strtoll(numstr, &ep, 10);
|
||||
if (numstr == ep || *ep != '\0')
|
||||
error = INVALID;
|
||||
else if ((ll == LLONG_MIN && errno == ERANGE) || ll < minval)
|
||||
error = TOOSMALL;
|
||||
else if ((ll == LLONG_MAX && errno == ERANGE) || ll > maxval)
|
||||
error = TOOLARGE;
|
||||
}
|
||||
if (errstrp != NULL)
|
||||
*errstrp = ev[error].errstr;
|
||||
errno = ev[error].err;
|
||||
if (error)
|
||||
ll = 0;
|
||||
|
||||
return (ll);
|
||||
}
|
||||
|
||||
#endif /* HAVE_STRTONUM */
|
@ -93,6 +93,11 @@ shadow_pw(struct passwd *pw)
|
||||
if (spw != NULL)
|
||||
pw_password = spw->sp_pwdp;
|
||||
# endif
|
||||
|
||||
#if defined(HAVE_LIBIAF) && !defined(BROKEN_LIBIAF)
|
||||
return(get_iaf_password(pw));
|
||||
#endif
|
||||
|
||||
# if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW)
|
||||
struct passwd_adjunct *spw;
|
||||
if (issecure() && (spw = getpwanam(pw->pw_name)) != NULL)
|
||||
|
@ -37,7 +37,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: packet.c,v 1.116 2004/10/20 11:48:53 markus Exp $");
|
||||
RCSID("$OpenBSD: packet.c,v 1.119 2005/07/28 17:36:22 markus Exp $");
|
||||
|
||||
#include "openbsd-compat/sys-queue.h"
|
||||
|
||||
@ -116,6 +116,12 @@ static int initialized = 0;
|
||||
/* Set to true if the connection is interactive. */
|
||||
static int interactive_mode = 0;
|
||||
|
||||
/* Set to true if we are the server side. */
|
||||
static int server_side = 0;
|
||||
|
||||
/* Set to true if we are authenticated. */
|
||||
static int after_authentication = 0;
|
||||
|
||||
/* Session key information for Encryption and MAC */
|
||||
Newkeys *newkeys[MODE_MAX];
|
||||
static struct packet_state {
|
||||
@ -624,7 +630,9 @@ set_newkeys(int mode)
|
||||
/* Deleting the keys does not gain extra security */
|
||||
/* memset(enc->iv, 0, enc->block_size);
|
||||
memset(enc->key, 0, enc->key_len); */
|
||||
if (comp->type != 0 && comp->enabled == 0) {
|
||||
if ((comp->type == COMP_ZLIB ||
|
||||
(comp->type == COMP_DELAYED && after_authentication)) &&
|
||||
comp->enabled == 0) {
|
||||
packet_init_compression();
|
||||
if (mode == MODE_OUT)
|
||||
buffer_compress_init_send(6);
|
||||
@ -644,6 +652,35 @@ set_newkeys(int mode)
|
||||
*max_blocks = MIN(*max_blocks, rekey_limit / enc->block_size);
|
||||
}
|
||||
|
||||
/*
|
||||
* Delayed compression for SSH2 is enabled after authentication:
|
||||
* This happans on the server side after a SSH2_MSG_USERAUTH_SUCCESS is sent,
|
||||
* and on the client side after a SSH2_MSG_USERAUTH_SUCCESS is received.
|
||||
*/
|
||||
static void
|
||||
packet_enable_delayed_compress(void)
|
||||
{
|
||||
Comp *comp = NULL;
|
||||
int mode;
|
||||
|
||||
/*
|
||||
* Remember that we are past the authentication step, so rekeying
|
||||
* with COMP_DELAYED will turn on compression immediately.
|
||||
*/
|
||||
after_authentication = 1;
|
||||
for (mode = 0; mode < MODE_MAX; mode++) {
|
||||
comp = &newkeys[mode]->comp;
|
||||
if (comp && !comp->enabled && comp->type == COMP_DELAYED) {
|
||||
packet_init_compression();
|
||||
if (mode == MODE_OUT)
|
||||
buffer_compress_init_send(6);
|
||||
else
|
||||
buffer_compress_init_recv();
|
||||
comp->enabled = 1;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Finalize packet in SSH2 format (compress, mac, encrypt, enqueue)
|
||||
*/
|
||||
@ -757,6 +794,8 @@ packet_send2_wrapped(void)
|
||||
|
||||
if (type == SSH2_MSG_NEWKEYS)
|
||||
set_newkeys(MODE_OUT);
|
||||
else if (type == SSH2_MSG_USERAUTH_SUCCESS && server_side)
|
||||
packet_enable_delayed_compress();
|
||||
}
|
||||
|
||||
static void
|
||||
@ -992,7 +1031,7 @@ packet_read_poll2(u_int32_t *seqnr_p)
|
||||
static u_int packet_length = 0;
|
||||
u_int padlen, need;
|
||||
u_char *macbuf, *cp, type;
|
||||
int maclen, block_size;
|
||||
u_int maclen, block_size;
|
||||
Enc *enc = NULL;
|
||||
Mac *mac = NULL;
|
||||
Comp *comp = NULL;
|
||||
@ -1099,6 +1138,8 @@ packet_read_poll2(u_int32_t *seqnr_p)
|
||||
packet_disconnect("Invalid ssh2 packet type: %d", type);
|
||||
if (type == SSH2_MSG_NEWKEYS)
|
||||
set_newkeys(MODE_IN);
|
||||
else if (type == SSH2_MSG_USERAUTH_SUCCESS && !server_side)
|
||||
packet_enable_delayed_compress();
|
||||
#ifdef PACKET_DEBUG
|
||||
fprintf(stderr, "read/plain[%d]:\r\n", type);
|
||||
buffer_dump(&incoming_packet);
|
||||
@ -1229,9 +1270,9 @@ packet_get_bignum2(BIGNUM * value)
|
||||
}
|
||||
|
||||
void *
|
||||
packet_get_raw(int *length_ptr)
|
||||
packet_get_raw(u_int *length_ptr)
|
||||
{
|
||||
int bytes = buffer_len(&incoming_packet);
|
||||
u_int bytes = buffer_len(&incoming_packet);
|
||||
|
||||
if (length_ptr != NULL)
|
||||
*length_ptr = bytes;
|
||||
@ -1524,3 +1565,15 @@ packet_set_rekey_limit(u_int32_t bytes)
|
||||
{
|
||||
rekey_limit = bytes;
|
||||
}
|
||||
|
||||
void
|
||||
packet_set_server(void)
|
||||
{
|
||||
server_side = 1;
|
||||
}
|
||||
|
||||
void
|
||||
packet_set_authenticated(void)
|
||||
{
|
||||
after_authentication = 1;
|
||||
}
|
||||
|
@ -23,7 +23,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: progressmeter.c,v 1.22 2004/07/11 17:48:47 deraadt Exp $");
|
||||
RCSID("$OpenBSD: progressmeter.c,v 1.24 2005/06/07 13:25:23 jaredy Exp $");
|
||||
|
||||
#include "progressmeter.h"
|
||||
#include "atomicio.h"
|
||||
@ -42,6 +42,10 @@ static int can_output(void);
|
||||
static void format_size(char *, int, off_t);
|
||||
static void format_rate(char *, int, off_t);
|
||||
|
||||
/* window resizing */
|
||||
static void sig_winch(int);
|
||||
static void setscreensize(void);
|
||||
|
||||
/* updates the progressmeter to reflect the current state of the transfer */
|
||||
void refresh_progress_meter(void);
|
||||
|
||||
@ -57,6 +61,7 @@ static volatile off_t *counter; /* progress counter */
|
||||
static long stalled; /* how long we have been stalled */
|
||||
static int bytes_per_second; /* current speed in bytes per second */
|
||||
static int win_size; /* terminal window size */
|
||||
static volatile sig_atomic_t win_resized; /* for window resizing */
|
||||
|
||||
/* units for format_size */
|
||||
static const char unit[] = " KMGT";
|
||||
@ -147,6 +152,8 @@ refresh_progress_meter(void)
|
||||
len = snprintf(buf, file_len + 1, "\r%s", file);
|
||||
if (len < 0)
|
||||
len = 0;
|
||||
if (len >= file_len + 1)
|
||||
len = file_len;
|
||||
for (i = len; i < file_len; i++ )
|
||||
buf[i] = ' ';
|
||||
buf[file_len] = '\0';
|
||||
@ -215,6 +222,10 @@ update_progress_meter(int ignore)
|
||||
|
||||
save_errno = errno;
|
||||
|
||||
if (win_resized) {
|
||||
setscreensize();
|
||||
win_resized = 0;
|
||||
}
|
||||
if (can_output())
|
||||
refresh_progress_meter();
|
||||
|
||||
@ -226,8 +237,6 @@ update_progress_meter(int ignore)
|
||||
void
|
||||
start_progress_meter(char *f, off_t filesize, off_t *ctr)
|
||||
{
|
||||
struct winsize winsize;
|
||||
|
||||
start = last_update = time(NULL);
|
||||
file = f;
|
||||
end_pos = filesize;
|
||||
@ -236,20 +245,12 @@ start_progress_meter(char *f, off_t filesize, off_t *ctr)
|
||||
stalled = 0;
|
||||
bytes_per_second = 0;
|
||||
|
||||
if (ioctl(STDOUT_FILENO, TIOCGWINSZ, &winsize) != -1 &&
|
||||
winsize.ws_col != 0) {
|
||||
if (winsize.ws_col > MAX_WINSIZE)
|
||||
win_size = MAX_WINSIZE;
|
||||
else
|
||||
win_size = winsize.ws_col;
|
||||
} else
|
||||
win_size = DEFAULT_WINSIZE;
|
||||
win_size += 1; /* trailing \0 */
|
||||
|
||||
setscreensize();
|
||||
if (can_output())
|
||||
refresh_progress_meter();
|
||||
|
||||
signal(SIGALRM, update_progress_meter);
|
||||
signal(SIGWINCH, sig_winch);
|
||||
alarm(UPDATE_INTERVAL);
|
||||
}
|
||||
|
||||
@ -267,3 +268,25 @@ stop_progress_meter(void)
|
||||
|
||||
atomicio(vwrite, STDOUT_FILENO, "\n", 1);
|
||||
}
|
||||
|
||||
static void
|
||||
sig_winch(int sig)
|
||||
{
|
||||
win_resized = 1;
|
||||
}
|
||||
|
||||
static void
|
||||
setscreensize(void)
|
||||
{
|
||||
struct winsize winsize;
|
||||
|
||||
if (ioctl(STDOUT_FILENO, TIOCGWINSZ, &winsize) != -1 &&
|
||||
winsize.ws_col != 0) {
|
||||
if (winsize.ws_col > MAX_WINSIZE)
|
||||
win_size = MAX_WINSIZE;
|
||||
else
|
||||
win_size = winsize.ws_col;
|
||||
} else
|
||||
win_size = DEFAULT_WINSIZE;
|
||||
win_size += 1; /* trailing \0 */
|
||||
}
|
||||
|
@ -23,7 +23,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: readpass.c,v 1.31 2004/10/29 22:53:56 djm Exp $");
|
||||
RCSID("$OpenBSD: readpass.c,v 1.33 2005/05/02 21:13:22 markus Exp $");
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "misc.h"
|
||||
@ -106,15 +106,20 @@ read_passphrase(const char *prompt, int flags)
|
||||
if (flags & RP_USE_ASKPASS)
|
||||
use_askpass = 1;
|
||||
else if (flags & RP_ALLOW_STDIN) {
|
||||
if (!isatty(STDIN_FILENO))
|
||||
if (!isatty(STDIN_FILENO)) {
|
||||
debug("read_passphrase: stdin is not a tty");
|
||||
use_askpass = 1;
|
||||
}
|
||||
} else {
|
||||
rppflags |= RPP_REQUIRE_TTY;
|
||||
ttyfd = open(_PATH_TTY, O_RDWR);
|
||||
if (ttyfd >= 0)
|
||||
close(ttyfd);
|
||||
else
|
||||
else {
|
||||
debug("read_passphrase: can't open %s: %s", _PATH_TTY,
|
||||
strerror(errno));
|
||||
use_askpass = 1;
|
||||
}
|
||||
}
|
||||
|
||||
if ((flags & RP_USE_ASKPASS) && getenv("DISPLAY") == NULL)
|
||||
|
@ -3,10 +3,10 @@
|
||||
|
||||
tid="reexec tests"
|
||||
|
||||
DATA=/bin/ls
|
||||
DATA=/bin/ls${EXEEXT}
|
||||
COPY=${OBJ}/copy
|
||||
SSHD_ORIG=$SSHD
|
||||
SSHD_COPY=$OBJ/sshd
|
||||
SSHD_ORIG=$SSHD${EXEEXT}
|
||||
SSHD_COPY=$OBJ/sshd${EXEEXT}
|
||||
|
||||
# Start a sshd and then delete it
|
||||
start_sshd_copy ()
|
||||
|
@ -96,9 +96,10 @@ if [ "x$TEST_SSH_SCP" != "x" ]; then
|
||||
fi
|
||||
|
||||
# Path to sshd must be absolute for rexec
|
||||
if [ ! -x /$SSHD ]; then
|
||||
SSHD=`which sshd`
|
||||
fi
|
||||
case "$SSHD" in
|
||||
/*) ;;
|
||||
*) SSHD=`which sshd` ;;
|
||||
esac
|
||||
|
||||
if [ "x$TEST_SSH_LOGFILE" = "x" ]; then
|
||||
TEST_SSH_LOGFILE=/dev/null
|
||||
|
@ -20,7 +20,7 @@
|
||||
/* XXX: copy between two remote sites */
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: sftp-client.c,v 1.53 2005/03/10 22:01:05 deraadt Exp $");
|
||||
RCSID("$OpenBSD: sftp-client.c,v 1.57 2005/07/27 10:39:03 dtucker Exp $");
|
||||
|
||||
#include "openbsd-compat/sys-queue.h"
|
||||
|
||||
@ -64,10 +64,10 @@ send_msg(int fd, Buffer *m)
|
||||
|
||||
/* Send length first */
|
||||
PUT_32BIT(mlen, buffer_len(m));
|
||||
if (atomicio(vwrite, fd, mlen, sizeof(mlen)) <= 0)
|
||||
if (atomicio(vwrite, fd, mlen, sizeof(mlen)) != sizeof(mlen))
|
||||
fatal("Couldn't send packet: %s", strerror(errno));
|
||||
|
||||
if (atomicio(vwrite, fd, buffer_ptr(m), buffer_len(m)) <= 0)
|
||||
if (atomicio(vwrite, fd, buffer_ptr(m), buffer_len(m)) != buffer_len(m))
|
||||
fatal("Couldn't send packet: %s", strerror(errno));
|
||||
|
||||
buffer_clear(m);
|
||||
@ -76,26 +76,27 @@ send_msg(int fd, Buffer *m)
|
||||
static void
|
||||
get_msg(int fd, Buffer *m)
|
||||
{
|
||||
ssize_t len;
|
||||
u_int msg_len;
|
||||
|
||||
buffer_append_space(m, 4);
|
||||
len = atomicio(read, fd, buffer_ptr(m), 4);
|
||||
if (len == 0)
|
||||
fatal("Connection closed");
|
||||
else if (len == -1)
|
||||
fatal("Couldn't read packet: %s", strerror(errno));
|
||||
if (atomicio(read, fd, buffer_ptr(m), 4) != 4) {
|
||||
if (errno == EPIPE)
|
||||
fatal("Connection closed");
|
||||
else
|
||||
fatal("Couldn't read packet: %s", strerror(errno));
|
||||
}
|
||||
|
||||
msg_len = buffer_get_int(m);
|
||||
if (msg_len > MAX_MSG_LENGTH)
|
||||
fatal("Received message too long %u", msg_len);
|
||||
|
||||
buffer_append_space(m, msg_len);
|
||||
len = atomicio(read, fd, buffer_ptr(m), msg_len);
|
||||
if (len == 0)
|
||||
fatal("Connection closed");
|
||||
else if (len == -1)
|
||||
fatal("Read packet: %s", strerror(errno));
|
||||
if (atomicio(read, fd, buffer_ptr(m), msg_len) != msg_len) {
|
||||
if (errno == EPIPE)
|
||||
fatal("Connection closed");
|
||||
else
|
||||
fatal("Read packet: %s", strerror(errno));
|
||||
}
|
||||
}
|
||||
|
||||
static void
|
||||
@ -310,7 +311,7 @@ do_lsreaddir(struct sftp_conn *conn, char *path, int printflag,
|
||||
SFTP_DIRENT ***dir)
|
||||
{
|
||||
Buffer msg;
|
||||
u_int type, id, handle_len, i, expected_id, ents = 0;
|
||||
u_int count, type, id, handle_len, i, expected_id, ents = 0;
|
||||
char *handle;
|
||||
|
||||
id = conn->msg_id++;
|
||||
@ -334,8 +335,6 @@ do_lsreaddir(struct sftp_conn *conn, char *path, int printflag,
|
||||
}
|
||||
|
||||
for (; !interrupted;) {
|
||||
int count;
|
||||
|
||||
id = expected_id = conn->msg_id++;
|
||||
|
||||
debug3("Sending SSH2_FXP_READDIR I:%u", id);
|
||||
@ -743,10 +742,10 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path,
|
||||
Attrib junk, *a;
|
||||
Buffer msg;
|
||||
char *handle;
|
||||
int local_fd, status, num_req, max_req, write_error;
|
||||
int local_fd, status = 0, write_error;
|
||||
int read_error, write_errno;
|
||||
u_int64_t offset, size;
|
||||
u_int handle_len, mode, type, id, buflen;
|
||||
u_int handle_len, mode, type, id, buflen, num_req, max_req;
|
||||
off_t progress_counter;
|
||||
struct request {
|
||||
u_int id;
|
||||
@ -1127,7 +1126,7 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path,
|
||||
goto done;
|
||||
}
|
||||
debug3("In write loop, ack for %u %u bytes at %llu",
|
||||
ack->id, ack->len, (unsigned long long)ack->offset);
|
||||
ack->id, ack->len, (unsigned long long)ack->offset);
|
||||
++ackid;
|
||||
xfree(ack);
|
||||
}
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: sftp-client.h,v 1.13 2004/11/29 07:41:24 djm Exp $ */
|
||||
/* $OpenBSD: sftp-client.h,v 1.14 2005/04/26 12:59:02 jmc Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
|
||||
@ -30,7 +30,7 @@ struct SFTP_DIRENT {
|
||||
};
|
||||
|
||||
/*
|
||||
* Initialiase a SSH filexfer connection. Returns NULL on error or
|
||||
* Initialise a SSH filexfer connection. Returns NULL on error or
|
||||
* a pointer to a initialized sftp_conn struct on success.
|
||||
*/
|
||||
struct sftp_conn *do_init(int, int, u_int, u_int);
|
||||
|
@ -14,7 +14,7 @@
|
||||
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: sftp-server.c,v 1.47 2004/06/25 05:38:48 dtucker Exp $");
|
||||
RCSID("$OpenBSD: sftp-server.c,v 1.48 2005/06/17 02:44:33 djm Exp $");
|
||||
|
||||
#include "buffer.h"
|
||||
#include "bufaux.h"
|
||||
@ -130,7 +130,7 @@ Handle handles[100];
|
||||
static void
|
||||
handle_init(void)
|
||||
{
|
||||
int i;
|
||||
u_int i;
|
||||
|
||||
for (i = 0; i < sizeof(handles)/sizeof(Handle); i++)
|
||||
handles[i].use = HANDLE_UNUSED;
|
||||
@ -139,7 +139,7 @@ handle_init(void)
|
||||
static int
|
||||
handle_new(int use, const char *name, int fd, DIR *dirp)
|
||||
{
|
||||
int i;
|
||||
u_int i;
|
||||
|
||||
for (i = 0; i < sizeof(handles)/sizeof(Handle); i++) {
|
||||
if (handles[i].use == HANDLE_UNUSED) {
|
||||
@ -156,7 +156,7 @@ handle_new(int use, const char *name, int fd, DIR *dirp)
|
||||
static int
|
||||
handle_is_ok(int i, int type)
|
||||
{
|
||||
return i >= 0 && i < sizeof(handles)/sizeof(Handle) &&
|
||||
return i >= 0 && (u_int)i < sizeof(handles)/sizeof(Handle) &&
|
||||
handles[i].use == type;
|
||||
}
|
||||
|
||||
@ -477,10 +477,10 @@ process_write(void)
|
||||
} else {
|
||||
/* XXX ATOMICIO ? */
|
||||
ret = write(fd, data, len);
|
||||
if (ret == -1) {
|
||||
if (ret < 0) {
|
||||
error("process_write: write failed");
|
||||
status = errno_to_portable(errno);
|
||||
} else if (ret == len) {
|
||||
} else if ((size_t)ret == len) {
|
||||
status = SSH2_FX_OK;
|
||||
} else {
|
||||
logit("nothing at all written");
|
||||
|
@ -16,7 +16,7 @@
|
||||
|
||||
#include "includes.h"
|
||||
|
||||
RCSID("$OpenBSD: sftp.c,v 1.63 2005/03/10 22:01:05 deraadt Exp $");
|
||||
RCSID("$OpenBSD: sftp.c,v 1.66 2005/08/08 13:22:48 jaredy Exp $");
|
||||
|
||||
#ifdef USE_LIBEDIT
|
||||
#include <histedit.h>
|
||||
@ -404,7 +404,7 @@ get_pathname(const char **cpp, char **path)
|
||||
{
|
||||
const char *cp = *cpp, *end;
|
||||
char quot;
|
||||
int i, j;
|
||||
u_int i, j;
|
||||
|
||||
cp += strspn(cp, WHITESPACE);
|
||||
if (!*cp) {
|
||||
@ -664,14 +664,15 @@ sdirent_comp(const void *aa, const void *bb)
|
||||
static int
|
||||
do_ls_dir(struct sftp_conn *conn, char *path, char *strip_path, int lflag)
|
||||
{
|
||||
int n, c = 1, colspace = 0, columns = 1;
|
||||
int n;
|
||||
u_int c = 1, colspace = 0, columns = 1;
|
||||
SFTP_DIRENT **d;
|
||||
|
||||
if ((n = do_readdir(conn, path, &d)) != 0)
|
||||
return (n);
|
||||
|
||||
if (!(lflag & LS_SHORT_VIEW)) {
|
||||
int m = 0, width = 80;
|
||||
u_int m = 0, width = 80;
|
||||
struct winsize ws;
|
||||
char *tmp;
|
||||
|
||||
@ -747,7 +748,7 @@ do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path,
|
||||
int lflag)
|
||||
{
|
||||
glob_t g;
|
||||
int i, c = 1, colspace = 0, columns = 1;
|
||||
u_int i, c = 1, colspace = 0, columns = 1;
|
||||
Attrib *a = NULL;
|
||||
|
||||
memset(&g, 0, sizeof(g));
|
||||
@ -783,7 +784,7 @@ do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path,
|
||||
}
|
||||
|
||||
if (!(lflag & LS_SHORT_VIEW)) {
|
||||
int m = 0, width = 80;
|
||||
u_int m = 0, width = 80;
|
||||
struct winsize ws;
|
||||
|
||||
/* Count entries for sort and find longest filename */
|
||||
@ -1236,7 +1237,7 @@ interactive_loop(int fd_in, int fd_out, char *file1, char *file2)
|
||||
char *dir = NULL;
|
||||
char cmd[2048];
|
||||
struct sftp_conn *conn;
|
||||
int err;
|
||||
int err, interactive;
|
||||
EditLine *el = NULL;
|
||||
#ifdef USE_LIBEDIT
|
||||
History *hl = NULL;
|
||||
@ -1294,14 +1295,15 @@ interactive_loop(int fd_in, int fd_out, char *file1, char *file2)
|
||||
xfree(dir);
|
||||
}
|
||||
|
||||
#if HAVE_SETVBUF
|
||||
#if defined(HAVE_SETVBUF) && !defined(BROKEN_SETVBUF)
|
||||
setvbuf(stdout, NULL, _IOLBF, 0);
|
||||
setvbuf(infile, NULL, _IOLBF, 0);
|
||||
#else
|
||||
setlinebuf(stdout);
|
||||
setlinebuf(infile);
|
||||
setlinebuf(stdout);
|
||||
setlinebuf(infile);
|
||||
#endif
|
||||
|
||||
interactive = !batchmode && isatty(STDIN_FILENO);
|
||||
err = 0;
|
||||
for (;;) {
|
||||
char *cp;
|
||||
@ -1309,20 +1311,28 @@ interactive_loop(int fd_in, int fd_out, char *file1, char *file2)
|
||||
signal(SIGINT, SIG_IGN);
|
||||
|
||||
if (el == NULL) {
|
||||
printf("sftp> ");
|
||||
if (interactive)
|
||||
printf("sftp> ");
|
||||
if (fgets(cmd, sizeof(cmd), infile) == NULL) {
|
||||
printf("\n");
|
||||
if (interactive)
|
||||
printf("\n");
|
||||
break;
|
||||
}
|
||||
if (batchmode) /* Echo command */
|
||||
printf("%s", cmd);
|
||||
if (!interactive) { /* Echo command */
|
||||
printf("sftp> %s", cmd);
|
||||
if (strlen(cmd) > 0 &&
|
||||
cmd[strlen(cmd) - 1] != '\n')
|
||||
printf("\n");
|
||||
}
|
||||
} else {
|
||||
#ifdef USE_LIBEDIT
|
||||
const char *line;
|
||||
int count = 0;
|
||||
|
||||
if ((line = el_gets(el, &count)) == NULL || count <= 0)
|
||||
break;
|
||||
if ((line = el_gets(el, &count)) == NULL || count <= 0) {
|
||||
printf("\n");
|
||||
break;
|
||||
}
|
||||
history(hl, &hev, H_ENTER, line);
|
||||
if (strlcpy(cmd, line, sizeof(cmd)) >= sizeof(cmd)) {
|
||||
fprintf(stderr, "Error: input line too long\n");
|
||||
@ -1345,6 +1355,11 @@ interactive_loop(int fd_in, int fd_out, char *file1, char *file2)
|
||||
}
|
||||
xfree(pwd);
|
||||
|
||||
#ifdef USE_LIBEDIT
|
||||
if (el != NULL)
|
||||
el_end(el);
|
||||
#endif /* USE_LIBEDIT */
|
||||
|
||||
/* err == 1 signifies normal "quit" exit */
|
||||
return (err >= 0 ? 0 : -1);
|
||||
}
|
||||
@ -1475,7 +1490,7 @@ main(int argc, char **argv)
|
||||
|
||||
/* Allow "-" as stdin */
|
||||
if (strcmp(optarg, "-") != 0 &&
|
||||
(infile = fopen(optarg, "r")) == NULL)
|
||||
(infile = fopen(optarg, "r")) == NULL)
|
||||
fatal("%s (%s).", strerror(errno), optarg);
|
||||
showprogress = 0;
|
||||
batchmode = 1;
|
||||
@ -1561,8 +1576,8 @@ main(int argc, char **argv)
|
||||
err = interactive_loop(in, out, file1, file2);
|
||||
|
||||
#if !defined(USE_PIPES)
|
||||
shutdown(in, SHUT_RDWR);
|
||||
shutdown(out, SHUT_RDWR);
|
||||
shutdown(in, SHUT_RDWR);
|
||||
shutdown(out, SHUT_RDWR);
|
||||
#endif
|
||||
|
||||
close(in);
|
||||
|
@ -1,4 +1,4 @@
|
||||
.\" $OpenBSD: ssh-add.1,v 1.42 2005/03/01 17:32:19 jmc Exp $
|
||||
.\" $OpenBSD: ssh-add.1,v 1.43 2005/04/21 06:17:50 djm Exp $
|
||||
.\"
|
||||
.\" -*- nroff -*-
|
||||
.\"
|
||||
@ -57,10 +57,10 @@
|
||||
adds RSA or DSA identities to the authentication agent,
|
||||
.Xr ssh-agent 1 .
|
||||
When run without arguments, it adds the files
|
||||
.Pa $HOME/.ssh/id_rsa ,
|
||||
.Pa $HOME/.ssh/id_dsa
|
||||
.Pa ~/.ssh/id_rsa ,
|
||||
.Pa ~/.ssh/id_dsa
|
||||
and
|
||||
.Pa $HOME/.ssh/identity .
|
||||
.Pa ~/.ssh/identity .
|
||||
Alternative file names can be given on the command line.
|
||||
If any file requires a passphrase,
|
||||
.Nm
|
||||
@ -142,11 +142,11 @@ agent.
|
||||
.El
|
||||
.Sh FILES
|
||||
.Bl -tag -width Ds
|
||||
.It Pa $HOME/.ssh/identity
|
||||
.It Pa ~/.ssh/identity
|
||||
Contains the protocol version 1 RSA authentication identity of the user.
|
||||
.It Pa $HOME/.ssh/id_dsa
|
||||
.It Pa ~/.ssh/id_dsa
|
||||
Contains the protocol version 2 DSA authentication identity of the user.
|
||||
.It Pa $HOME/.ssh/id_rsa
|
||||
.It Pa ~/.ssh/id_rsa
|
||||
Contains the protocol version 2 RSA authentication identity of the user.
|
||||
.El
|
||||
.Pp
|
||||
|
@ -1,4 +1,4 @@
|
||||
.\" $OpenBSD: ssh-agent.1,v 1.41 2004/07/11 17:48:47 deraadt Exp $
|
||||
.\" $OpenBSD: ssh-agent.1,v 1.42 2005/04/21 06:17:50 djm Exp $
|
||||
.\"
|
||||
.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
@ -111,10 +111,10 @@ Keys are added using
|
||||
When executed without arguments,
|
||||
.Xr ssh-add 1
|
||||
adds the files
|
||||
.Pa $HOME/.ssh/id_rsa ,
|
||||
.Pa $HOME/.ssh/id_dsa
|
||||
.Pa ~/.ssh/id_rsa ,
|
||||
.Pa ~/.ssh/id_dsa
|
||||
and
|
||||
.Pa $HOME/.ssh/identity .
|
||||
.Pa ~/.ssh/identity .
|
||||
If the identity has a passphrase,
|
||||
.Xr ssh-add 1
|
||||
asks for the passphrase (using a small X11 application if running
|
||||
@ -179,11 +179,11 @@ The agent exits automatically when the command given on the command
|
||||
line terminates.
|
||||
.Sh FILES
|
||||
.Bl -tag -width Ds
|
||||
.It Pa $HOME/.ssh/identity
|
||||
.It Pa ~/.ssh/identity
|
||||
Contains the protocol version 1 RSA authentication identity of the user.
|
||||
.It Pa $HOME/.ssh/id_dsa
|
||||
.It Pa ~/.ssh/id_dsa
|
||||
Contains the protocol version 2 DSA authentication identity of the user.
|
||||
.It Pa $HOME/.ssh/id_rsa
|
||||
.It Pa ~/.ssh/id_rsa
|
||||
Contains the protocol version 2 RSA authentication identity of the user.
|
||||
.It Pa /tmp/ssh-XXXXXXXX/agent.<ppid>
|
||||
Unix-domain sockets used to contain the connection to the
|
||||
|
@ -1,4 +1,4 @@
|
||||
.\" $OpenBSD: ssh-keygen.1,v 1.67 2005/03/14 10:09:03 dtucker Exp $
|
||||
.\" $OpenBSD: ssh-keygen.1,v 1.69 2005/06/08 03:50:00 djm Exp $
|
||||
.\"
|
||||
.\" -*- nroff -*-
|
||||
.\"
|
||||
@ -129,10 +129,10 @@ section for details.
|
||||
Normally each user wishing to use SSH
|
||||
with RSA or DSA authentication runs this once to create the authentication
|
||||
key in
|
||||
.Pa $HOME/.ssh/identity ,
|
||||
.Pa $HOME/.ssh/id_dsa
|
||||
.Pa ~/.ssh/identity ,
|
||||
.Pa ~/.ssh/id_dsa
|
||||
or
|
||||
.Pa $HOME/.ssh/id_rsa .
|
||||
.Pa ~/.ssh/id_rsa .
|
||||
Additionally, the system administrator may use this to generate host keys,
|
||||
as seen in
|
||||
.Pa /etc/rc .
|
||||
@ -188,8 +188,8 @@ Show the bubblebabble digest of specified private or public key file.
|
||||
.It Fl b Ar bits
|
||||
Specifies the number of bits in the key to create.
|
||||
Minimum is 512 bits.
|
||||
Generally, 1024 bits is considered sufficient.
|
||||
The default is 1024 bits.
|
||||
Generally, 2048 bits is considered sufficient.
|
||||
The default is 2048 bits.
|
||||
.It Fl C Ar comment
|
||||
Provides a new comment.
|
||||
.It Fl c
|
||||
@ -381,7 +381,7 @@ It is important that this file contains moduli of a range of bit lengths and
|
||||
that both ends of a connection share common moduli.
|
||||
.Sh FILES
|
||||
.Bl -tag -width Ds
|
||||
.It Pa $HOME/.ssh/identity
|
||||
.It Pa ~/.ssh/identity
|
||||
Contains the protocol version 1 RSA authentication identity of the user.
|
||||
This file should not be readable by anyone but the user.
|
||||
It is possible to
|
||||
@ -392,14 +392,14 @@ This file is not automatically accessed by
|
||||
but it is offered as the default file for the private key.
|
||||
.Xr ssh 1
|
||||
will read this file when a login attempt is made.
|
||||
.It Pa $HOME/.ssh/identity.pub
|
||||
.It Pa ~/.ssh/identity.pub
|
||||
Contains the protocol version 1 RSA public key for authentication.
|
||||
The contents of this file should be added to
|
||||
.Pa $HOME/.ssh/authorized_keys
|
||||
.Pa ~/.ssh/authorized_keys
|
||||
on all machines
|
||||
where the user wishes to log in using RSA authentication.
|
||||
There is no need to keep the contents of this file secret.
|
||||
.It Pa $HOME/.ssh/id_dsa
|
||||
.It Pa ~/.ssh/id_dsa
|
||||
Contains the protocol version 2 DSA authentication identity of the user.
|
||||
This file should not be readable by anyone but the user.
|
||||
It is possible to
|
||||
@ -410,14 +410,14 @@ This file is not automatically accessed by
|
||||
but it is offered as the default file for the private key.
|
||||
.Xr ssh 1
|
||||
will read this file when a login attempt is made.
|
||||
.It Pa $HOME/.ssh/id_dsa.pub
|
||||
.It Pa ~/.ssh/id_dsa.pub
|
||||
Contains the protocol version 2 DSA public key for authentication.
|
||||
The contents of this file should be added to
|
||||
.Pa $HOME/.ssh/authorized_keys
|
||||
.Pa ~/.ssh/authorized_keys
|
||||
on all machines
|
||||
where the user wishes to log in using public key authentication.
|
||||
There is no need to keep the contents of this file secret.
|
||||
.It Pa $HOME/.ssh/id_rsa
|
||||
.It Pa ~/.ssh/id_rsa
|
||||
Contains the protocol version 2 RSA authentication identity of the user.
|
||||
This file should not be readable by anyone but the user.
|
||||
It is possible to
|
||||
@ -428,10 +428,10 @@ This file is not automatically accessed by
|
||||
but it is offered as the default file for the private key.
|
||||
.Xr ssh 1
|
||||
will read this file when a login attempt is made.
|
||||
.It Pa $HOME/.ssh/id_rsa.pub
|
||||
.It Pa ~/.ssh/id_rsa.pub
|
||||
Contains the protocol version 2 RSA public key for authentication.
|
||||
The contents of this file should be added to
|
||||
.Pa $HOME/.ssh/authorized_keys
|
||||
.Pa ~/.ssh/authorized_keys
|
||||
on all machines
|
||||
where the user wishes to log in using public key authentication.
|
||||
There is no need to keep the contents of this file secret.
|
||||
|
@ -12,7 +12,7 @@
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: ssh-keygen.c,v 1.122 2005/03/11 14:59:06 markus Exp $");
|
||||
RCSID("$OpenBSD: ssh-keygen.c,v 1.128 2005/07/17 07:17:55 djm Exp $");
|
||||
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/pem.h>
|
||||
@ -36,7 +36,7 @@ RCSID("$OpenBSD: ssh-keygen.c,v 1.122 2005/03/11 14:59:06 markus Exp $");
|
||||
#include "dns.h"
|
||||
|
||||
/* Number of bits in the RSA/DSA key. This value can be changed on the command line. */
|
||||
int bits = 1024;
|
||||
u_int32_t bits = 2048;
|
||||
|
||||
/*
|
||||
* Flag indicating that we just want to change the passphrase. This can be
|
||||
@ -90,7 +90,7 @@ extern char *__progname;
|
||||
char hostname[MAXHOSTNAMELEN];
|
||||
|
||||
/* moduli.c */
|
||||
int gen_candidates(FILE *, int, int, BIGNUM *);
|
||||
int gen_candidates(FILE *, u_int32_t, u_int32_t, BIGNUM *);
|
||||
int prime_test(FILE *, FILE *, u_int32_t, u_int32_t);
|
||||
|
||||
static void
|
||||
@ -738,7 +738,7 @@ do_known_hosts(struct passwd *pw, const char *name)
|
||||
fprintf(stderr, "WARNING: %s contains unhashed "
|
||||
"entries\n", old);
|
||||
fprintf(stderr, "Delete this file to ensure privacy "
|
||||
"of hostnames\n");
|
||||
"of hostnames\n");
|
||||
}
|
||||
}
|
||||
|
||||
@ -959,31 +959,38 @@ usage(void)
|
||||
{
|
||||
fprintf(stderr, "Usage: %s [options]\n", __progname);
|
||||
fprintf(stderr, "Options:\n");
|
||||
fprintf(stderr, " -b bits Number of bits in the key to create.\n");
|
||||
fprintf(stderr, " -c Change comment in private and public key files.\n");
|
||||
fprintf(stderr, " -e Convert OpenSSH to IETF SECSH key file.\n");
|
||||
fprintf(stderr, " -f filename Filename of the key file.\n");
|
||||
fprintf(stderr, " -g Use generic DNS resource record format.\n");
|
||||
fprintf(stderr, " -i Convert IETF SECSH to OpenSSH key file.\n");
|
||||
fprintf(stderr, " -l Show fingerprint of key file.\n");
|
||||
fprintf(stderr, " -p Change passphrase of private key file.\n");
|
||||
fprintf(stderr, " -q Quiet.\n");
|
||||
fprintf(stderr, " -y Read private key file and print public key.\n");
|
||||
fprintf(stderr, " -t type Specify type of key to create.\n");
|
||||
fprintf(stderr, " -a trials Number of trials for screening DH-GEX moduli.\n");
|
||||
fprintf(stderr, " -B Show bubblebabble digest of key file.\n");
|
||||
fprintf(stderr, " -H Hash names in known_hosts file\n");
|
||||
fprintf(stderr, " -F hostname Find hostname in known hosts file\n");
|
||||
fprintf(stderr, " -b bits Number of bits in the key to create.\n");
|
||||
fprintf(stderr, " -C comment Provide new comment.\n");
|
||||
fprintf(stderr, " -N phrase Provide new passphrase.\n");
|
||||
fprintf(stderr, " -P phrase Provide old passphrase.\n");
|
||||
fprintf(stderr, " -r hostname Print DNS resource record.\n");
|
||||
fprintf(stderr, " -c Change comment in private and public key files.\n");
|
||||
#ifdef SMARTCARD
|
||||
fprintf(stderr, " -D reader Download public key from smartcard.\n");
|
||||
#endif /* SMARTCARD */
|
||||
fprintf(stderr, " -e Convert OpenSSH to IETF SECSH key file.\n");
|
||||
fprintf(stderr, " -F hostname Find hostname in known hosts file.\n");
|
||||
fprintf(stderr, " -f filename Filename of the key file.\n");
|
||||
fprintf(stderr, " -G file Generate candidates for DH-GEX moduli.\n");
|
||||
fprintf(stderr, " -g Use generic DNS resource record format.\n");
|
||||
fprintf(stderr, " -H Hash names in known_hosts file.\n");
|
||||
fprintf(stderr, " -i Convert IETF SECSH to OpenSSH key file.\n");
|
||||
fprintf(stderr, " -l Show fingerprint of key file.\n");
|
||||
fprintf(stderr, " -M memory Amount of memory (MB) to use for generating DH-GEX moduli.\n");
|
||||
fprintf(stderr, " -N phrase Provide new passphrase.\n");
|
||||
fprintf(stderr, " -P phrase Provide old passphrase.\n");
|
||||
fprintf(stderr, " -p Change passphrase of private key file.\n");
|
||||
fprintf(stderr, " -q Quiet.\n");
|
||||
fprintf(stderr, " -R hostname Remove host from known_hosts file.\n");
|
||||
fprintf(stderr, " -r hostname Print DNS resource record.\n");
|
||||
fprintf(stderr, " -S start Start point (hex) for generating DH-GEX moduli.\n");
|
||||
fprintf(stderr, " -T file Screen candidates for DH-GEX moduli.\n");
|
||||
fprintf(stderr, " -t type Specify type of key to create.\n");
|
||||
#ifdef SMARTCARD
|
||||
fprintf(stderr, " -U reader Upload private key to smartcard.\n");
|
||||
#endif /* SMARTCARD */
|
||||
|
||||
fprintf(stderr, " -G file Generate candidates for DH-GEX moduli\n");
|
||||
fprintf(stderr, " -T file Screen candidates for DH-GEX moduli\n");
|
||||
fprintf(stderr, " -v Verbose.\n");
|
||||
fprintf(stderr, " -W gen Generator to use for generating DH-GEX moduli.\n");
|
||||
fprintf(stderr, " -y Read private key file and print public key.\n");
|
||||
|
||||
exit(1);
|
||||
}
|
||||
@ -1000,12 +1007,13 @@ main(int ac, char **av)
|
||||
Key *private, *public;
|
||||
struct passwd *pw;
|
||||
struct stat st;
|
||||
int opt, type, fd, download = 0, memory = 0;
|
||||
int generator_wanted = 0, trials = 100;
|
||||
int opt, type, fd, download = 0;
|
||||
u_int32_t memory = 0, generator_wanted = 0, trials = 100;
|
||||
int do_gen_candidates = 0, do_screen_candidates = 0;
|
||||
int log_level = SYSLOG_LEVEL_INFO;
|
||||
BIGNUM *start = NULL;
|
||||
FILE *f;
|
||||
const char *errstr;
|
||||
|
||||
extern int optind;
|
||||
extern char *optarg;
|
||||
@ -1033,11 +1041,10 @@ main(int ac, char **av)
|
||||
"degiqpclBHvxXyF:b:f:t:U:D:P:N:C:r:g:R:T:G:M:S:a:W:")) != -1) {
|
||||
switch (opt) {
|
||||
case 'b':
|
||||
bits = atoi(optarg);
|
||||
if (bits < 512 || bits > 32768) {
|
||||
printf("Bits has bad value.\n");
|
||||
exit(1);
|
||||
}
|
||||
bits = strtonum(optarg, 512, 32768, &errstr);
|
||||
if (errstr)
|
||||
fatal("Bits has bad value %s (%s)",
|
||||
optarg, errstr);
|
||||
break;
|
||||
case 'F':
|
||||
find_host = 1;
|
||||
@ -1063,7 +1070,9 @@ main(int ac, char **av)
|
||||
change_comment = 1;
|
||||
break;
|
||||
case 'f':
|
||||
strlcpy(identity_file, optarg, sizeof(identity_file));
|
||||
if (strlcpy(identity_file, optarg, sizeof(identity_file)) >=
|
||||
sizeof(identity_file))
|
||||
fatal("Identity filename too long");
|
||||
have_identity = 1;
|
||||
break;
|
||||
case 'g':
|
||||
@ -1118,23 +1127,34 @@ main(int ac, char **av)
|
||||
rr_hostname = optarg;
|
||||
break;
|
||||
case 'W':
|
||||
generator_wanted = atoi(optarg);
|
||||
if (generator_wanted < 1)
|
||||
fatal("Desired generator has bad value.");
|
||||
generator_wanted = strtonum(optarg, 1, UINT_MAX, &errstr);
|
||||
if (errstr)
|
||||
fatal("Desired generator has bad value: %s (%s)",
|
||||
optarg, errstr);
|
||||
break;
|
||||
case 'a':
|
||||
trials = atoi(optarg);
|
||||
trials = strtonum(optarg, 1, UINT_MAX, &errstr);
|
||||
if (errstr)
|
||||
fatal("Invalid number of trials: %s (%s)",
|
||||
optarg, errstr);
|
||||
break;
|
||||
case 'M':
|
||||
memory = atoi(optarg);
|
||||
memory = strtonum(optarg, 1, UINT_MAX, &errstr);
|
||||
if (errstr) {
|
||||
fatal("Memory limit is %s: %s", errstr, optarg);
|
||||
}
|
||||
break;
|
||||
case 'G':
|
||||
do_gen_candidates = 1;
|
||||
strlcpy(out_file, optarg, sizeof(out_file));
|
||||
if (strlcpy(out_file, optarg, sizeof(out_file)) >=
|
||||
sizeof(out_file))
|
||||
fatal("Output filename too long");
|
||||
break;
|
||||
case 'T':
|
||||
do_screen_candidates = 1;
|
||||
strlcpy(out_file, optarg, sizeof(out_file));
|
||||
if (strlcpy(out_file, optarg, sizeof(out_file)) >=
|
||||
sizeof(out_file))
|
||||
fatal("Output filename too long");
|
||||
break;
|
||||
case 'S':
|
||||
/* XXX - also compare length against bits */
|
||||
|
@ -39,7 +39,7 @@
|
||||
#include "pathnames.h"
|
||||
#include "log.h"
|
||||
|
||||
RCSID("$Id: ssh-rand-helper.c,v 1.23 2005/02/16 02:32:30 dtucker Exp $");
|
||||
RCSID("$Id: ssh-rand-helper.c,v 1.26 2005/07/17 07:26:44 djm Exp $");
|
||||
|
||||
/* Number of bytes we write out */
|
||||
#define OUTPUT_SEED_SIZE 48
|
||||
@ -123,7 +123,7 @@ get_random_bytes_prngd(unsigned char *buf, int len,
|
||||
unsigned short tcp_port, char *socket_path)
|
||||
{
|
||||
int fd, addr_len, rval, errors;
|
||||
char msg[2];
|
||||
u_char msg[2];
|
||||
struct sockaddr_storage addr;
|
||||
struct sockaddr_in *addr_in = (struct sockaddr_in *)&addr;
|
||||
struct sockaddr_un *addr_un = (struct sockaddr_un *)&addr;
|
||||
@ -135,8 +135,8 @@ get_random_bytes_prngd(unsigned char *buf, int len,
|
||||
if (socket_path != NULL &&
|
||||
strlen(socket_path) >= sizeof(addr_un->sun_path))
|
||||
fatal("Random pool path is too long");
|
||||
if (len > 255)
|
||||
fatal("Too many bytes to read from PRNGD");
|
||||
if (len <= 0 || len > 255)
|
||||
fatal("Too many bytes (%d) to read from PRNGD", len);
|
||||
|
||||
memset(&addr, '\0', sizeof(addr));
|
||||
|
||||
@ -190,7 +190,7 @@ get_random_bytes_prngd(unsigned char *buf, int len,
|
||||
goto done;
|
||||
}
|
||||
|
||||
if (atomicio(read, fd, buf, len) != len) {
|
||||
if (atomicio(read, fd, buf, len) != (size_t)len) {
|
||||
if (errno == EPIPE && errors < 10) {
|
||||
close(fd);
|
||||
errors++;
|
||||
@ -398,8 +398,8 @@ hash_command_output(entropy_cmd_t *src, unsigned char *hash)
|
||||
debug3("Time elapsed: %d msec", msec_elapsed);
|
||||
|
||||
if (waitpid(pid, &status, 0) == -1) {
|
||||
error("Couldn't wait for child '%s' completion: %s",
|
||||
src->cmdstring, strerror(errno));
|
||||
error("Couldn't wait for child '%s' completion: %s",
|
||||
src->cmdstring, strerror(errno));
|
||||
return 0.0;
|
||||
}
|
||||
|
||||
@ -600,7 +600,7 @@ prng_write_seedfile(void)
|
||||
save_errno = errno;
|
||||
unlink(tmpseed);
|
||||
fatal("problem renaming PRNG seedfile from %.100s "
|
||||
"to %.100s (%.100s)", tmpseed, filename,
|
||||
"to %.100s (%.100s)", tmpseed, filename,
|
||||
strerror(save_errno));
|
||||
}
|
||||
}
|
||||
|
@ -14,7 +14,7 @@
|
||||
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
#include "includes.h"
|
||||
RCSID("$OpenBSD: ssh-rsa.c,v 1.31 2003/11/10 16:23:41 jakob Exp $");
|
||||
RCSID("$OpenBSD: ssh-rsa.c,v 1.32 2005/06/17 02:44:33 djm Exp $");
|
||||
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/err.h>
|
||||
@ -238,7 +238,7 @@ openssh_RSA_verify(int type, u_char *hash, u_int hashlen,
|
||||
ERR_error_string(ERR_get_error(), NULL));
|
||||
goto done;
|
||||
}
|
||||
if (len != hlen + oidlen) {
|
||||
if (len < 0 || (u_int)len != hlen + oidlen) {
|
||||
error("bad decrypted len: %d != %d + %d", len, hlen, oidlen);
|
||||
goto done;
|
||||
}
|
||||
|
@ -240,6 +240,32 @@ baud_to_speed(int baud)
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Encode a special character into SSH line format.
|
||||
*/
|
||||
static u_int
|
||||
special_char_encode(cc_t c)
|
||||
{
|
||||
#ifdef _POSIX_VDISABLE
|
||||
if (c == _POSIX_VDISABLE)
|
||||
return 255;
|
||||
#endif /* _POSIX_VDISABLE */
|
||||
return c;
|
||||
}
|
||||
|
||||
/*
|
||||
* Decode a special character from SSH line format.
|
||||
*/
|
||||
static cc_t
|
||||
special_char_decode(u_int c)
|
||||
{
|
||||
#ifdef _POSIX_VDISABLE
|
||||
if (c == 255)
|
||||
return _POSIX_VDISABLE;
|
||||
#endif /* _POSIX_VDISABLE */
|
||||
return c;
|
||||
}
|
||||
|
||||
/*
|
||||
* Encodes terminal modes for the terminal referenced by fd
|
||||
* or tiop in a portable manner, and appends the modes to a packet
|
||||
@ -287,7 +313,7 @@ tty_make_modes(int fd, struct termios *tiop)
|
||||
#define TTYCHAR(NAME, OP) \
|
||||
debug3("tty_make_modes: %d %d", OP, tio.c_cc[NAME]); \
|
||||
buffer_put_char(&buf, OP); \
|
||||
put_arg(&buf, tio.c_cc[NAME]);
|
||||
put_arg(&buf, special_char_encode(tio.c_cc[NAME]));
|
||||
|
||||
#define TTYMODE(NAME, FIELD, OP) \
|
||||
debug3("tty_make_modes: %d %d", OP, ((tio.FIELD & NAME) != 0)); \
|
||||
@ -375,7 +401,7 @@ tty_parse_modes(int fd, int *n_bytes_ptr)
|
||||
#define TTYCHAR(NAME, OP) \
|
||||
case OP: \
|
||||
n_bytes += arg_size; \
|
||||
tio.c_cc[NAME] = get_arg(); \
|
||||
tio.c_cc[NAME] = special_char_decode(get_arg()); \
|
||||
debug3("tty_parse_modes: %d %d", OP, tio.c_cc[NAME]); \
|
||||
break;
|
||||
#define TTYMODE(NAME, FIELD, OP) \
|
||||
|
Loading…
Reference in New Issue
Block a user