mirror of
https://github.com/freebsd/freebsd-src
synced 2024-10-06 16:40:47 +00:00
openssh: update to OpenSSH v8.7p1
Some notable changes, from upstream's release notes: - sshd(8): Remove support for obsolete "host/port" syntax. - ssh(1): When prompting whether to record a new host key, accept the key fingerprint as a synonym for "yes". - ssh-keygen(1): when acting as a CA and signing certificates with an RSA key, default to using the rsa-sha2-512 signature algorithm. - ssh(1), sshd(8), ssh-keygen(1): this release removes the "ssh-rsa" (RSA/SHA1) algorithm from those accepted for certificate signatures. - ssh-sk-helper(8): this is a new binary. It is used by the FIDO/U2F support to provide address-space isolation for token middleware libraries (including the internal one). - ssh(1): this release enables UpdateHostkeys by default subject to some conservative preconditions. - scp(1): this release changes the behaviour of remote to remote copies (e.g. "scp host-a:/path host-b:") to transfer through the local host by default. - scp(1): experimental support for transfers using the SFTP protocol as a replacement for the venerable SCP/RCP protocol that it has traditionally used. Additional integration work is needed to support FIDO/U2F in the base system. Deprecation Notice ------------------ OpenSSH will disable the ssh-rsa signature scheme by default in the next release. Reviewed by: imp MFC after: 1 month Relnotes: Yes Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D29985
This commit is contained in:
commit
19261079b7
|
@ -1,175 +1,183 @@
|
|||
# DO NOT DELETE
|
||||
# Automatically generated by makedepend.
|
||||
# Run "make depend" to rebuild.
|
||||
|
||||
addrmatch.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h match.h log.h
|
||||
atomicio.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h atomicio.h
|
||||
audit-bsm.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
audit-linux.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
audit.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
auth-bsdauth.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
auth-krb5.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h log.h sshbuf.h sshkey.h misc.h servconf.h uidswap.h hostfile.h auth.h auth-pam.h audit.h loginrec.h
|
||||
auth-options.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssherr.h log.h sshbuf.h misc.h sshkey.h match.h ssh2.h auth-options.h
|
||||
auth-pam.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
auth-passwd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h sshbuf.h ssherr.h log.h misc.h servconf.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h auth-options.h
|
||||
auth-rhosts.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h uidswap.h pathnames.h log.h misc.h sshbuf.h sshkey.h servconf.h canohost.h hostfile.h auth.h auth-pam.h audit.h loginrec.h
|
||||
auth-shadow.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
auth-sia.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
auth-skey.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
auth.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h match.h groupaccess.h log.h sshbuf.h misc.h servconf.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h auth-options.h canohost.h uidswap.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h
|
||||
auth.o: authfile.h monitor_wrap.h ssherr.h compat.h channels.h
|
||||
auth2-chall.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh2.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h sshbuf.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h ssherr.h log.h misc.h servconf.h
|
||||
auth2-gss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
auth2-hostbased.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh2.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h sshbuf.h log.h misc.h servconf.h compat.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h canohost.h monitor_wrap.h
|
||||
auth2-hostbased.o: pathnames.h ssherr.h match.h
|
||||
auth2-kbdint.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h hostfile.h auth.h auth-pam.h audit.h loginrec.h log.h misc.h servconf.h ssherr.h
|
||||
auth2-none.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h atomicio.h xmalloc.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h log.h misc.h servconf.h compat.h ssh2.h ssherr.h monitor_wrap.h
|
||||
auth2-passwd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h ssherr.h log.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h monitor_wrap.h misc.h servconf.h
|
||||
auth2-pubkey.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h ssh2.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h sshbuf.h log.h misc.h servconf.h compat.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h pathnames.h uidswap.h
|
||||
auth2-pubkey.o: auth-options.h canohost.h monitor_wrap.h authfile.h match.h ssherr.h channels.h session.h
|
||||
auth2.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h atomicio.h xmalloc.h ssh2.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h log.h sshbuf.h misc.h servconf.h compat.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h pathnames.h ssherr.h
|
||||
auth2.o: monitor_wrap.h digest.h
|
||||
authfd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h sshbuf.h sshkey.h authfd.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h compat.h log.h atomicio.h misc.h ssherr.h
|
||||
authfile.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h ssh.h log.h authfile.h misc.h atomicio.h sshkey.h sshbuf.h ssherr.h krl.h
|
||||
bitmap.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h bitmap.h
|
||||
canohost.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h log.h canohost.h misc.h
|
||||
chacha.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h chacha.h
|
||||
channels.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h ssherr.h sshbuf.h packet.h dispatch.h opacket.h log.h misc.h channels.h compat.h canohost.h sshkey.h authfd.h pathnames.h match.h
|
||||
cipher-aes.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/openssl-compat.h
|
||||
cipher-aesctr.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h cipher-aesctr.h rijndael.h
|
||||
cipher-chachapoly.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h sshbuf.h ssherr.h cipher-chachapoly.h chacha.h poly1305.h
|
||||
cipher-ctr.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
cipher.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h misc.h sshbuf.h ssherr.h digest.h openbsd-compat/openssl-compat.h
|
||||
cleanup.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h
|
||||
clientloop.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h packet.h dispatch.h opacket.h sshbuf.h compat.h channels.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h
|
||||
clientloop.o: myproposal.h log.h misc.h readconf.h clientloop.h sshconnect.h authfd.h atomicio.h sshpty.h match.h msg.h ssherr.h hostfile.h
|
||||
compat.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h compat.h log.h match.h kex.h mac.h
|
||||
crc32.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crc32.h
|
||||
dh.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
digest-libc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h digest.h
|
||||
digest-openssl.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
dispatch.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh2.h log.h dispatch.h packet.h openbsd-compat/sys-queue.h opacket.h compat.h ssherr.h
|
||||
dns.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sshkey.h ssherr.h dns.h log.h digest.h
|
||||
ed25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h ge25519.h fe25519.h sc25519.h
|
||||
entropy.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
fatal.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h
|
||||
fe25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h fe25519.h crypto_api.h
|
||||
ge25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h fe25519.h crypto_api.h sc25519.h ge25519.h ge25519_base.data
|
||||
groupaccess.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h groupaccess.h match.h log.h
|
||||
gss-genr.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
gss-serv-krb5.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
gss-serv.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
hash.o: crypto_api.h includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h digest.h log.h ssherr.h
|
||||
hmac.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshbuf.h digest.h hmac.h
|
||||
hostfile.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h match.h sshkey.h hostfile.h log.h misc.h ssherr.h digest.h hmac.h
|
||||
kex.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh2.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h log.h match.h misc.h monitor.h ssherr.h sshbuf.h
|
||||
kex.o: digest.h
|
||||
kexc25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshbuf.h ssh2.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h log.h digest.h ssherr.h
|
||||
kexc25519c.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h log.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h ssh2.h sshbuf.h digest.h ssherr.h
|
||||
kexc25519s.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h digest.h kex.h mac.h log.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h ssh2.h sshbuf.h ssherr.h
|
||||
kexdh.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
kexdhc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
kexdhs.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
kexecdh.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
kexecdhc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
kexecdhs.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
kexgex.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
kexgexc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
kexgexs.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
krl.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h sshbuf.h ssherr.h sshkey.h authfile.h misc.h log.h digest.h bitmap.h krl.h
|
||||
log.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h
|
||||
loginrec.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sshkey.h hostfile.h ssh.h loginrec.h log.h atomicio.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h canohost.h auth.h auth-pam.h audit.h sshbuf.h ssherr.h
|
||||
logintest.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h loginrec.h
|
||||
mac.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h digest.h hmac.h umac.h mac.h misc.h ssherr.h sshbuf.h openbsd-compat/openssl-compat.h
|
||||
match.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h match.h misc.h
|
||||
md5crypt.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
misc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h misc.h log.h ssh.h sshbuf.h ssherr.h
|
||||
moduli.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
monitor.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h openbsd-compat/openssl-compat.h atomicio.h xmalloc.h ssh.h sshkey.h sshbuf.h hostfile.h auth.h auth-pam.h audit.h loginrec.h cipher.h cipher-chachapoly.h
|
||||
monitor.o: chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h dh.h packet.h dispatch.h opacket.h auth-options.h sshpty.h channels.h session.h sshlogin.h canohost.h log.h misc.h servconf.h monitor.h monitor_wrap.h monitor_fdpass.h compat.h ssh2.h authfd.h match.h ssherr.h
|
||||
monitor_fdpass.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h monitor_fdpass.h
|
||||
monitor_wrap.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h sshbuf.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h hostfile.h auth.h auth-pam.h audit.h loginrec.h
|
||||
monitor_wrap.o: auth-options.h packet.h dispatch.h opacket.h log.h monitor.h monitor_wrap.h atomicio.h monitor_fdpass.h misc.h channels.h session.h servconf.h ssherr.h
|
||||
msg.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshbuf.h ssherr.h log.h atomicio.h msg.h misc.h
|
||||
mux.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h log.h ssh.h ssh2.h pathnames.h misc.h match.h sshbuf.h channels.h msg.h packet.h dispatch.h opacket.h monitor_fdpass.h sshpty.h sshkey.h readconf.h clientloop.h ssherr.h
|
||||
nchan.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h ssh2.h sshbuf.h ssherr.h packet.h dispatch.h opacket.h channels.h compat.h log.h
|
||||
opacket.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h log.h
|
||||
packet.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h crc32.h compat.h ssh2.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h digest.h log.h canohost.h misc.h channels.h ssh.h
|
||||
packet.o: packet.h dispatch.h opacket.h ssherr.h sshbuf.h
|
||||
platform-misc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
platform-pledge.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
platform-tracing.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h
|
||||
platform.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h misc.h servconf.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h
|
||||
poly1305.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h poly1305.h
|
||||
progressmeter.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h progressmeter.h atomicio.h misc.h
|
||||
readconf.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/glob.h xmalloc.h ssh.h ssherr.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h pathnames.h log.h sshkey.h misc.h readconf.h match.h kex.h mac.h uidswap.h
|
||||
readconf.o: myproposal.h digest.h
|
||||
readpass.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h misc.h pathnames.h log.h ssh.h uidswap.h
|
||||
rijndael.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h rijndael.h
|
||||
sandbox-capsicum.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
sandbox-darwin.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
sandbox-null.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
sandbox-pledge.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
sandbox-rlimit.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
sandbox-seccomp-filter.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
sandbox-solaris.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
sandbox-systrace.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
sc25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sc25519.h crypto_api.h
|
||||
scp.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h atomicio.h pathnames.h log.h misc.h progressmeter.h utf8.h
|
||||
servconf.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h log.h sshbuf.h misc.h servconf.h compat.h pathnames.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h match.h channels.h
|
||||
servconf.o: groupaccess.h canohost.h packet.h dispatch.h opacket.h ssherr.h hostfile.h auth.h auth-pam.h audit.h loginrec.h myproposal.h digest.h
|
||||
serverloop.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h packet.h dispatch.h opacket.h sshbuf.h log.h misc.h servconf.h canohost.h sshpty.h channels.h compat.h ssh2.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h
|
||||
serverloop.o: cipher-aesctr.h rijndael.h kex.h mac.h hostfile.h auth.h auth-pam.h audit.h loginrec.h session.h auth-options.h serverloop.h ssherr.h
|
||||
session.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshpty.h packet.h dispatch.h opacket.h sshbuf.h ssherr.h match.h uidswap.h compat.h channels.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h
|
||||
session.o: cipher-aesctr.h rijndael.h hostfile.h auth.h auth-pam.h audit.h loginrec.h auth-options.h authfd.h pathnames.h log.h misc.h servconf.h sshlogin.h serverloop.h canohost.h session.h kex.h mac.h monitor_wrap.h sftp.h atomicio.h
|
||||
sftp-client.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssherr.h sshbuf.h log.h atomicio.h progressmeter.h misc.h utf8.h sftp.h sftp-common.h sftp-client.h openbsd-compat/glob.h
|
||||
sftp-common.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssherr.h sshbuf.h log.h misc.h sftp.h sftp-common.h
|
||||
sftp-glob.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sftp.h sftp-common.h sftp-client.h openbsd-compat/glob.h
|
||||
sftp-server-main.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h sftp.h misc.h xmalloc.h
|
||||
sftp-server.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sshbuf.h ssherr.h log.h misc.h match.h uidswap.h sftp.h sftp-common.h
|
||||
sftp.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h log.h pathnames.h misc.h utf8.h sftp.h ssherr.h sshbuf.h sftp-common.h sftp-client.h openbsd-compat/glob.h
|
||||
ssh-add.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/openssl-compat.h xmalloc.h ssh.h log.h sshkey.h sshbuf.h authfd.h authfile.h pathnames.h misc.h ssherr.h digest.h
|
||||
ssh-agent.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h sshbuf.h sshkey.h authfd.h compat.h log.h misc.h digest.h ssherr.h match.h
|
||||
ssh-dss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
ssh-ecdsa.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
ssh-ed25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h log.h sshbuf.h sshkey.h ssherr.h ssh.h
|
||||
ssh-keygen.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sshkey.h authfile.h uuencode.h sshbuf.h pathnames.h log.h misc.h match.h hostfile.h dns.h ssh.h ssh2.h ssherr.h ssh-pkcs11.h atomicio.h krl.h digest.h utf8.h authfd.h
|
||||
ssh-keyscan.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h sshbuf.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h compat.h myproposal.h packet.h dispatch.h opacket.h log.h
|
||||
ssh-keyscan.o: atomicio.h misc.h hostfile.h ssherr.h ssh_api.h ssh2.h dns.h
|
||||
ssh-keysign.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h log.h sshkey.h ssh.h ssh2.h misc.h sshbuf.h authfile.h msg.h canohost.h pathnames.h readconf.h uidswap.h ssherr.h
|
||||
ssh-pkcs11-client.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
ssh-pkcs11-helper.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h sshbuf.h log.h misc.h sshkey.h authfd.h ssh-pkcs11.h ssherr.h
|
||||
ssh-pkcs11.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
ssh-rsa.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
ssh-xmss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
ssh.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/openssl-compat.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h canohost.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h digest.h packet.h dispatch.h opacket.h
|
||||
ssh.o: sshbuf.h channels.h sshkey.h authfd.h authfile.h pathnames.h clientloop.h log.h misc.h readconf.h sshconnect.h kex.h mac.h sshpty.h match.h msg.h version.h ssherr.h myproposal.h utf8.h
|
||||
ssh_api.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh_api.h openbsd-compat/sys-queue.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h ssh.h ssh2.h packet.h dispatch.h opacket.h compat.h log.h authfile.h misc.h
|
||||
ssh_api.o: version.h myproposal.h ssherr.h sshbuf.h
|
||||
sshbuf-getput-basic.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h
|
||||
sshbuf-getput-crypto.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h
|
||||
sshbuf-misc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h
|
||||
sshbuf.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h misc.h
|
||||
sshconnect.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h hostfile.h ssh.h sshbuf.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h compat.h sshkey.h sshconnect.h log.h misc.h readconf.h atomicio.h dns.h monitor_fdpass.h ssh2.h version.h authfile.h
|
||||
sshconnect.o: ssherr.h authfd.h
|
||||
sshconnect2.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshbuf.h packet.h dispatch.h opacket.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h myproposal.h
|
||||
sshconnect2.o: sshconnect.h authfile.h dh.h authfd.h log.h misc.h readconf.h match.h canohost.h msg.h pathnames.h uidswap.h hostfile.h ssherr.h utf8.h
|
||||
sshd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshpty.h packet.h dispatch.h opacket.h log.h sshbuf.h misc.h match.h servconf.h uidswap.h compat.h cipher.h cipher-chachapoly.h chacha.h
|
||||
sshd.o: poly1305.h cipher-aesctr.h rijndael.h digest.h sshkey.h kex.h mac.h myproposal.h authfile.h pathnames.h atomicio.h canohost.h hostfile.h auth.h auth-pam.h audit.h loginrec.h authfd.h msg.h channels.h session.h monitor.h monitor_wrap.h ssh-sandbox.h auth-options.h version.h ssherr.h
|
||||
# DO NOT DELETE
|
||||
addr.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h addr.h
|
||||
addrmatch.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h addr.h match.h log.h ssherr.h
|
||||
atomicio.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h atomicio.h
|
||||
audit-bsm.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
audit-linux.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
audit.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
auth-bsdauth.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
auth-krb5.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h packet.h openbsd-compat/sys-queue.h dispatch.h log.h ssherr.h sshbuf.h sshkey.h misc.h servconf.h uidswap.h hostfile.h auth.h auth-pam.h audit.h loginrec.h
|
||||
auth-options.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssherr.h log.h sshbuf.h misc.h sshkey.h match.h ssh2.h auth-options.h
|
||||
auth-pam.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
auth-passwd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h packet.h openbsd-compat/sys-queue.h dispatch.h sshbuf.h ssherr.h log.h misc.h servconf.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h auth-options.h
|
||||
auth-rhosts.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h packet.h openbsd-compat/sys-queue.h dispatch.h uidswap.h pathnames.h log.h ssherr.h misc.h sshbuf.h sshkey.h servconf.h canohost.h hostfile.h auth.h auth-pam.h audit.h loginrec.h
|
||||
auth-shadow.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
auth-sia.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
auth.o: authfile.h monitor_wrap.h compat.h channels.h
|
||||
auth.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h match.h groupaccess.h log.h ssherr.h sshbuf.h misc.h servconf.h openbsd-compat/sys-queue.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h auth-options.h canohost.h uidswap.h packet.h dispatch.h
|
||||
auth2-chall.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh2.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h sshbuf.h packet.h openbsd-compat/sys-queue.h dispatch.h ssherr.h log.h misc.h servconf.h
|
||||
auth2-gss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
auth2-hostbased.o: canohost.h monitor_wrap.h pathnames.h match.h
|
||||
auth2-hostbased.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh2.h packet.h openbsd-compat/sys-queue.h dispatch.h kex.h mac.h crypto_api.h sshbuf.h log.h ssherr.h misc.h servconf.h compat.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h
|
||||
auth2-kbdint.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h packet.h openbsd-compat/sys-queue.h dispatch.h hostfile.h auth.h auth-pam.h audit.h loginrec.h log.h ssherr.h misc.h servconf.h
|
||||
auth2-none.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h atomicio.h xmalloc.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h packet.h openbsd-compat/sys-queue.h dispatch.h log.h ssherr.h misc.h servconf.h compat.h ssh2.h monitor_wrap.h
|
||||
auth2-passwd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h packet.h openbsd-compat/sys-queue.h dispatch.h ssherr.h log.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h monitor_wrap.h misc.h servconf.h
|
||||
auth2-pubkey.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h ssh2.h packet.h openbsd-compat/sys-queue.h dispatch.h kex.h mac.h crypto_api.h sshbuf.h log.h ssherr.h misc.h servconf.h compat.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h
|
||||
auth2-pubkey.o: pathnames.h uidswap.h auth-options.h canohost.h monitor_wrap.h authfile.h match.h channels.h session.h sk-api.h
|
||||
auth2.o: digest.h
|
||||
auth2.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h atomicio.h xmalloc.h ssh2.h packet.h openbsd-compat/sys-queue.h dispatch.h log.h ssherr.h sshbuf.h misc.h servconf.h compat.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h pathnames.h monitor_wrap.h
|
||||
authfd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h sshbuf.h sshkey.h authfd.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h compat.h log.h ssherr.h atomicio.h misc.h
|
||||
authfile.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h ssh.h log.h ssherr.h authfile.h misc.h atomicio.h sshkey.h sshbuf.h krl.h
|
||||
bitmap.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h bitmap.h
|
||||
canohost.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h packet.h openbsd-compat/sys-queue.h dispatch.h log.h ssherr.h canohost.h misc.h
|
||||
chacha.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h chacha.h
|
||||
channels.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h ssherr.h sshbuf.h packet.h dispatch.h log.h misc.h channels.h compat.h canohost.h sshkey.h authfd.h pathnames.h match.h
|
||||
cipher-aes.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/openssl-compat.h
|
||||
cipher-aesctr.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h cipher-aesctr.h rijndael.h
|
||||
cipher-chachapoly-libcrypto.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
cipher-chachapoly.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ssherr.h sshbuf.h cipher-chachapoly.h chacha.h poly1305.h
|
||||
cipher-ctr.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
cipher.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h misc.h sshbuf.h ssherr.h digest.h openbsd-compat/openssl-compat.h
|
||||
cleanup.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ssherr.h
|
||||
clientloop.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h packet.h dispatch.h sshbuf.h compat.h channels.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h crypto_api.h
|
||||
clientloop.o: myproposal.h log.h ssherr.h misc.h readconf.h clientloop.h sshconnect.h authfd.h atomicio.h sshpty.h match.h msg.h hostfile.h
|
||||
compat.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h packet.h openbsd-compat/sys-queue.h dispatch.h compat.h log.h ssherr.h match.h kex.h mac.h crypto_api.h
|
||||
dh.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
digest-libc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h digest.h
|
||||
digest-openssl.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
dispatch.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh2.h log.h ssherr.h dispatch.h packet.h openbsd-compat/sys-queue.h compat.h
|
||||
dns.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sshkey.h ssherr.h dns.h log.h digest.h
|
||||
ed25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h ge25519.h fe25519.h sc25519.h
|
||||
entropy.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
fatal.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ssherr.h
|
||||
fe25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h fe25519.h crypto_api.h
|
||||
ge25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h fe25519.h crypto_api.h sc25519.h ge25519.h ge25519_base.data
|
||||
groupaccess.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h groupaccess.h match.h log.h ssherr.h
|
||||
gss-genr.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
gss-serv-krb5.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
gss-serv.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
hash.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h
|
||||
hmac.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshbuf.h digest.h hmac.h
|
||||
hostfile.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h match.h sshkey.h hostfile.h log.h ssherr.h misc.h pathnames.h digest.h hmac.h sshbuf.h
|
||||
kex.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh.h ssh2.h atomicio.h version.h packet.h openbsd-compat/sys-queue.h dispatch.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h crypto_api.h log.h ssherr.h
|
||||
kex.o: match.h misc.h monitor.h sshbuf.h digest.h
|
||||
kexc25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshkey.h kex.h mac.h crypto_api.h sshbuf.h digest.h ssherr.h ssh2.h
|
||||
kexdh.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
kexecdh.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h
|
||||
kexgen.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshkey.h kex.h mac.h crypto_api.h log.h ssherr.h packet.h openbsd-compat/sys-queue.h dispatch.h ssh2.h sshbuf.h digest.h
|
||||
kexgex.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
kexgexc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
kexgexs.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
kexsntrup761x25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h
|
||||
krl.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h sshbuf.h ssherr.h sshkey.h authfile.h misc.h log.h digest.h bitmap.h utf8.h krl.h
|
||||
log.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ssherr.h match.h
|
||||
loginrec.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sshkey.h hostfile.h ssh.h loginrec.h log.h ssherr.h atomicio.h packet.h openbsd-compat/sys-queue.h dispatch.h canohost.h auth.h auth-pam.h audit.h sshbuf.h
|
||||
logintest.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h loginrec.h
|
||||
mac.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h digest.h hmac.h umac.h mac.h misc.h ssherr.h sshbuf.h openbsd-compat/openssl-compat.h
|
||||
match.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h match.h misc.h
|
||||
md5crypt.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
misc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h misc.h log.h ssherr.h ssh.h sshbuf.h
|
||||
moduli.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
monitor.o: chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h crypto_api.h dh.h packet.h dispatch.h auth-options.h sshpty.h channels.h session.h sshlogin.h canohost.h log.h ssherr.h misc.h servconf.h monitor.h monitor_wrap.h monitor_fdpass.h compat.h ssh2.h authfd.h match.h sk-api.h
|
||||
monitor.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h openbsd-compat/openssl-compat.h atomicio.h xmalloc.h ssh.h sshkey.h sshbuf.h hostfile.h auth.h auth-pam.h audit.h loginrec.h cipher.h cipher-chachapoly.h
|
||||
monitor_fdpass.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ssherr.h monitor_fdpass.h
|
||||
monitor_wrap.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h sshbuf.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h crypto_api.h hostfile.h auth.h auth-pam.h audit.h
|
||||
monitor_wrap.o: loginrec.h auth-options.h packet.h dispatch.h log.h ssherr.h monitor.h monitor_wrap.h atomicio.h monitor_fdpass.h misc.h channels.h session.h servconf.h
|
||||
msg.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshbuf.h ssherr.h log.h atomicio.h msg.h misc.h
|
||||
mux.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h log.h ssherr.h ssh.h ssh2.h pathnames.h misc.h match.h sshbuf.h channels.h msg.h packet.h dispatch.h monitor_fdpass.h sshpty.h sshkey.h readconf.h clientloop.h
|
||||
nchan.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h ssh2.h sshbuf.h ssherr.h packet.h dispatch.h channels.h compat.h log.h
|
||||
packet.o: channels.h ssh.h packet.h dispatch.h sshbuf.h
|
||||
packet.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h compat.h ssh2.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h crypto_api.h digest.h log.h ssherr.h canohost.h misc.h
|
||||
platform-misc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
platform-pledge.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
platform-tracing.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ssherr.h
|
||||
platform.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ssherr.h misc.h servconf.h openbsd-compat/sys-queue.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h
|
||||
poly1305.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h poly1305.h
|
||||
progressmeter.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h progressmeter.h atomicio.h misc.h utf8.h
|
||||
readconf.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/glob.h xmalloc.h ssh.h ssherr.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h pathnames.h log.h sshkey.h misc.h readconf.h match.h kex.h mac.h crypto_api.h
|
||||
readconf.o: uidswap.h myproposal.h digest.h
|
||||
readpass.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h misc.h pathnames.h log.h ssherr.h ssh.h uidswap.h
|
||||
rijndael.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h rijndael.h
|
||||
sandbox-capsicum.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
sandbox-darwin.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
sandbox-null.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
sandbox-pledge.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
sandbox-rlimit.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
sandbox-seccomp-filter.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
sandbox-solaris.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
sandbox-systrace.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
sc25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sc25519.h crypto_api.h
|
||||
scp.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/glob.h xmalloc.h ssh.h atomicio.h pathnames.h log.h ssherr.h misc.h progressmeter.h utf8.h sftp-common.h sftp-client.h
|
||||
servconf.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/glob.h openbsd-compat/sys-queue.h xmalloc.h ssh.h log.h ssherr.h sshbuf.h misc.h servconf.h compat.h pathnames.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h
|
||||
servconf.o: kex.h mac.h crypto_api.h match.h channels.h groupaccess.h canohost.h packet.h dispatch.h hostfile.h auth.h auth-pam.h audit.h loginrec.h myproposal.h digest.h
|
||||
serverloop.o: cipher-aesctr.h rijndael.h kex.h mac.h crypto_api.h hostfile.h auth.h auth-pam.h audit.h loginrec.h session.h auth-options.h serverloop.h
|
||||
serverloop.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h packet.h dispatch.h sshbuf.h log.h ssherr.h misc.h servconf.h canohost.h sshpty.h channels.h compat.h ssh2.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h
|
||||
session.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshpty.h packet.h dispatch.h sshbuf.h ssherr.h match.h uidswap.h compat.h channels.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h
|
||||
session.o: rijndael.h hostfile.h auth.h auth-pam.h audit.h loginrec.h auth-options.h authfd.h pathnames.h log.h misc.h servconf.h sshlogin.h serverloop.h canohost.h session.h kex.h mac.h crypto_api.h monitor_wrap.h sftp.h atomicio.h
|
||||
sftp-client.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssherr.h sshbuf.h log.h atomicio.h progressmeter.h misc.h utf8.h sftp.h sftp-common.h sftp-client.h openbsd-compat/glob.h
|
||||
sftp-common.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssherr.h sshbuf.h log.h misc.h sftp.h sftp-common.h
|
||||
sftp-glob.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sftp.h sftp-common.h sftp-client.h openbsd-compat/glob.h
|
||||
sftp-realpath.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
sftp-server-main.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ssherr.h sftp.h misc.h xmalloc.h
|
||||
sftp-server.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sshbuf.h ssherr.h log.h misc.h match.h uidswap.h sftp.h sftp-common.h
|
||||
sftp.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h log.h ssherr.h pathnames.h misc.h utf8.h sftp.h sshbuf.h sftp-common.h sftp-client.h openbsd-compat/glob.h
|
||||
sk-usbhid.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
sntrup761.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
srclimit.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h addr.h canohost.h log.h ssherr.h misc.h srclimit.h xmalloc.h
|
||||
ssh-add.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h log.h ssherr.h sshkey.h sshbuf.h authfd.h authfile.h pathnames.h misc.h digest.h ssh-sk.h sk-api.h
|
||||
ssh-agent.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshbuf.h sshkey.h authfd.h compat.h log.h ssherr.h misc.h digest.h match.h msg.h pathnames.h ssh-pkcs11.h sk-api.h
|
||||
ssh-dss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
ssh-ecdsa-sk.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/openssl-compat.h sshbuf.h ssherr.h digest.h sshkey.h
|
||||
ssh-ecdsa.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
ssh-ed25519-sk.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h log.h ssherr.h sshbuf.h sshkey.h ssh.h digest.h
|
||||
ssh-ed25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h log.h ssherr.h sshbuf.h sshkey.h ssh.h
|
||||
ssh-keygen.o: cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h
|
||||
ssh-keygen.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sshkey.h authfile.h sshbuf.h pathnames.h log.h ssherr.h misc.h match.h hostfile.h dns.h ssh.h ssh2.h ssh-pkcs11.h atomicio.h krl.h digest.h utf8.h authfd.h sshsig.h ssh-sk.h sk-api.h cipher.h
|
||||
ssh-keyscan.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h sshbuf.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h crypto_api.h compat.h myproposal.h packet.h dispatch.h log.h
|
||||
ssh-keyscan.o: ssherr.h atomicio.h misc.h hostfile.h ssh_api.h ssh2.h dns.h
|
||||
ssh-keysign.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h log.h ssherr.h sshkey.h ssh.h ssh2.h misc.h sshbuf.h authfile.h msg.h canohost.h pathnames.h readconf.h uidswap.h
|
||||
ssh-pkcs11-client.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
ssh-pkcs11-helper.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h sshbuf.h log.h ssherr.h misc.h sshkey.h authfd.h ssh-pkcs11.h
|
||||
ssh-pkcs11.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ssherr.h sshkey.h
|
||||
ssh-rsa.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
ssh-sk-client.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ssherr.h sshbuf.h sshkey.h msg.h digest.h pathnames.h ssh-sk.h misc.h
|
||||
ssh-sk-helper.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h log.h ssherr.h sshkey.h authfd.h misc.h sshbuf.h msg.h uidswap.h ssh-sk.h
|
||||
ssh-sk.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
ssh-xmss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
ssh.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/openssl-compat.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h canohost.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h packet.h dispatch.h sshbuf.h channels.h
|
||||
ssh.o: sshkey.h authfd.h authfile.h pathnames.h clientloop.h log.h ssherr.h misc.h readconf.h sshconnect.h kex.h mac.h crypto_api.h sshpty.h match.h msg.h version.h myproposal.h utf8.h
|
||||
ssh_api.o: authfile.h misc.h version.h myproposal.h sshbuf.h openbsd-compat/openssl-compat.h
|
||||
ssh_api.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh_api.h openbsd-compat/sys-queue.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h crypto_api.h ssh.h ssh2.h packet.h dispatch.h compat.h log.h ssherr.h
|
||||
sshbuf-getput-basic.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h
|
||||
sshbuf-getput-crypto.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
sshbuf-io.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h atomicio.h
|
||||
sshbuf-misc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h
|
||||
sshbuf.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h misc.h
|
||||
sshconnect.o: authfd.h kex.h mac.h crypto_api.h
|
||||
sshconnect.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h hostfile.h ssh.h sshbuf.h packet.h openbsd-compat/sys-queue.h dispatch.h compat.h sshkey.h sshconnect.h log.h ssherr.h misc.h readconf.h atomicio.h dns.h monitor_fdpass.h ssh2.h version.h authfile.h
|
||||
sshconnect2.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshbuf.h packet.h dispatch.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h crypto_api.h
|
||||
sshconnect2.o: myproposal.h sshconnect.h authfile.h dh.h authfd.h log.h ssherr.h misc.h readconf.h match.h canohost.h msg.h pathnames.h uidswap.h hostfile.h utf8.h ssh-sk.h sk-api.h
|
||||
sshd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshpty.h packet.h dispatch.h log.h ssherr.h sshbuf.h misc.h match.h servconf.h uidswap.h compat.h cipher.h cipher-chachapoly.h chacha.h
|
||||
sshd.o: poly1305.h cipher-aesctr.h rijndael.h digest.h sshkey.h kex.h mac.h crypto_api.h myproposal.h authfile.h pathnames.h atomicio.h canohost.h hostfile.h auth.h auth-pam.h audit.h loginrec.h authfd.h msg.h channels.h session.h monitor.h monitor_wrap.h ssh-sandbox.h auth-options.h version.h sk-api.h srclimit.h dh.h
|
||||
ssherr.o: ssherr.h
|
||||
sshkey-xmss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
sshkey.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h ssh2.h ssherr.h misc.h sshbuf.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h digest.h sshkey.h sshkey-xmss.h match.h xmss_fast.h openbsd-compat/openssl-compat.h
|
||||
sshlogin.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshlogin.h ssherr.h loginrec.h log.h sshbuf.h misc.h servconf.h
|
||||
sshpty.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshpty.h log.h misc.h
|
||||
sshtty.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshpty.h
|
||||
ttymodes.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h log.h compat.h sshbuf.h ssherr.h ttymodes.h
|
||||
uidswap.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h uidswap.h xmalloc.h
|
||||
umac.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h umac.h misc.h rijndael.h
|
||||
umac128.o: umac.c includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h umac.h misc.h rijndael.h
|
||||
utf8.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h utf8.h
|
||||
uuencode.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h uuencode.h
|
||||
verify.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h
|
||||
xmalloc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h log.h
|
||||
xmss_commons.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
xmss_fast.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
xmss_hash.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
xmss_hash_address.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
xmss_wots.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
sshkey-xmss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
sshkey.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h ssh2.h ssherr.h misc.h sshbuf.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h digest.h sshkey.h match.h ssh-sk.h openbsd-compat/openssl-compat.h
|
||||
sshlogin.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshlogin.h ssherr.h loginrec.h log.h sshbuf.h misc.h servconf.h openbsd-compat/sys-queue.h
|
||||
sshpty.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshpty.h log.h ssherr.h misc.h
|
||||
sshsig.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h authfd.h authfile.h log.h ssherr.h misc.h sshbuf.h sshsig.h sshkey.h match.h digest.h
|
||||
sshtty.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshpty.h
|
||||
ttymodes.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h packet.h openbsd-compat/sys-queue.h dispatch.h log.h ssherr.h compat.h sshbuf.h ttymodes.h
|
||||
uidswap.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ssherr.h uidswap.h xmalloc.h
|
||||
umac.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h umac.h misc.h rijndael.h
|
||||
umac128.o: umac.c includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h umac.h misc.h rijndael.h
|
||||
utf8.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h utf8.h
|
||||
verify.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h
|
||||
xmalloc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h log.h ssherr.h
|
||||
xmss_commons.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
xmss_fast.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
xmss_hash.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
xmss_hash_address.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
xmss_wots.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
|
||||
|
|
4
crypto/openssh/.github/ci-status.md
vendored
Normal file
4
crypto/openssh/.github/ci-status.md
vendored
Normal file
|
@ -0,0 +1,4 @@
|
|||
[![C/C++ CI](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml/badge.svg)](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml)
|
||||
[![C/C++ CI self-hosted](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml/badge.svg)](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml)
|
||||
[![Upstream self-hosted](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/upstream.yml/badge.svg)](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/upstream.yml)
|
||||
[![Fuzzing Status](https://oss-fuzz-build-logs.storage.googleapis.com/badges/openssh.svg)](https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:openssh)
|
170
crypto/openssh/.github/configs
vendored
Executable file
170
crypto/openssh/.github/configs
vendored
Executable file
|
@ -0,0 +1,170 @@
|
|||
#!/bin/sh
|
||||
#
|
||||
# usage: configs vmname test_config (or '' for default)
|
||||
#
|
||||
# Sets the following variables:
|
||||
# CONFIGFLAGS options to ./configure
|
||||
# SSHD_CONFOPTS sshd_config options
|
||||
# TEST_TARGET make target used when testing. defaults to "tests".
|
||||
# LTESTS
|
||||
|
||||
config=$1
|
||||
|
||||
TEST_TARGET="tests"
|
||||
LTESTS=""
|
||||
SKIP_LTESTS=""
|
||||
SUDO=sudo # run with sudo by default
|
||||
TEST_SSH_UNSAFE_PERMISSIONS=1
|
||||
|
||||
CONFIGFLAGS=""
|
||||
LIBCRYPTOFLAGS=""
|
||||
|
||||
case "$config" in
|
||||
default|sol64)
|
||||
;;
|
||||
c89)
|
||||
CC="gcc"
|
||||
CFLAGS="-Wall -std=c89 -pedantic -Werror=vla"
|
||||
CONFIGFLAGS="--without-openssl --without-zlib"
|
||||
TEST_TARGET=t-exec
|
||||
;;
|
||||
kitchensink)
|
||||
CONFIGFLAGS="--with-kerberos5 --with-libedit --with-pam"
|
||||
CONFIGFLAGS="${CONFIGFLAGS} --with-security-key-builtin --with-selinux"
|
||||
CONFIGFLAGS="${CONFIGFLAGS} --with-cflags=-DSK_DEBUG"
|
||||
;;
|
||||
hardenedmalloc)
|
||||
CONFIGFLAGS="--with-ldflags=-lhardened_malloc"
|
||||
;;
|
||||
kerberos5)
|
||||
CONFIGFLAGS="--with-kerberos5"
|
||||
;;
|
||||
libedit)
|
||||
CONFIGFLAGS="--with-libedit"
|
||||
;;
|
||||
pam-krb5)
|
||||
CONFIGFLAGS="--with-pam --with-kerberos5"
|
||||
SSHD_CONFOPTS="UsePam yes"
|
||||
;;
|
||||
*pam)
|
||||
CONFIGFLAGS="--with-pam"
|
||||
SSHD_CONFOPTS="UsePam yes"
|
||||
;;
|
||||
libressl-*)
|
||||
LIBCRYPTOFLAGS="--with-ssl-dir=/opt/libressl --with-rpath=-Wl,-rpath,"
|
||||
;;
|
||||
openssl-*)
|
||||
LIBCRYPTOFLAGS="--with-ssl-dir=/opt/openssl --with-rpath=-Wl,-rpath,"
|
||||
;;
|
||||
selinux)
|
||||
CONFIGFLAGS="--with-selinux"
|
||||
;;
|
||||
sk)
|
||||
CONFIGFLAGS="--with-security-key-builtin"
|
||||
;;
|
||||
without-openssl)
|
||||
LIBCRYPTOFLAGS="--without-openssl"
|
||||
TEST_TARGET=t-exec
|
||||
;;
|
||||
valgrind-[1-4]|valgrind-unit)
|
||||
# rlimit sandbox and FORTIFY_SOURCE confuse Valgrind.
|
||||
CONFIGFLAGS="--without-sandbox --without-hardening"
|
||||
CONFIGFLAGS="$CONFIGFLAGS --with-cppflags=-D_FORTIFY_SOURCE=0"
|
||||
TEST_TARGET="t-exec USE_VALGRIND=1"
|
||||
TEST_SSH_ELAPSED_TIMES=1
|
||||
export TEST_SSH_ELAPSED_TIMES
|
||||
# Valgrind slows things down enough that the agent timeout test
|
||||
# won't reliably pass, and the unit tests run longer than allowed
|
||||
# by github so split into three separate tests.
|
||||
tests2="rekey integrity"
|
||||
tests3="krl forward-control sshsig"
|
||||
tests4="cert-userkey cert-hostkey kextype sftp-perm keygen-comment"
|
||||
case "$config" in
|
||||
valgrind-1)
|
||||
# All tests except agent-timeout (which is flaky under valgrind)
|
||||
#) and slow ones that run separately to increase parallelism.
|
||||
SKIP_LTESTS="agent-timeout ${tests2} ${tests3} ${tests4}"
|
||||
;;
|
||||
valgrind-2)
|
||||
LTESTS="${tests2}"
|
||||
;;
|
||||
valgrind-3)
|
||||
LTESTS="${tests3}"
|
||||
;;
|
||||
valgrind-4)
|
||||
LTESTS="${tests4}"
|
||||
;;
|
||||
valgrind-unit)
|
||||
TEST_TARGET="unit USE_VALGRIND=1"
|
||||
;;
|
||||
esac
|
||||
;;
|
||||
*)
|
||||
echo "Unknown configuration $config"
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
|
||||
# The Solaris 64bit targets are special since they need a non-flag arg.
|
||||
case "$config" in
|
||||
sol64*)
|
||||
CONFIGFLAGS="x86_64 --with-cflags=-m64 --with-ldflags=-m64 ${CONFIGFLAGS}"
|
||||
LIBCRYPTOFLAGS="--with-ssl-dir=/usr/local/ssl64"
|
||||
;;
|
||||
esac
|
||||
|
||||
case "${TARGET_HOST}" in
|
||||
dfly58*|dfly60*)
|
||||
# scp 3-way connection hangs on these so skip until sorted.
|
||||
SKIP_LTESTS=scp3
|
||||
;;
|
||||
hurd)
|
||||
SKIP_LTESTS="forwarding multiplex proxy-connect hostkey-agent agent-ptrace"
|
||||
;;
|
||||
minix3)
|
||||
CC="clang"
|
||||
LIBCRYPTOFLAGS="--without-openssl"
|
||||
# Minix does not have a loopback interface so we have to skip any
|
||||
# test that relies on it.
|
||||
TEST_TARGET=t-exec
|
||||
SKIP_LTESTS="addrmatch cfgparse key-options reexec agent connect"
|
||||
SKIP_LTESTS="$SKIP_LTESTS keyscan rekey allow-deny-users connect-uri"
|
||||
SKIP_LTESTS="$SKIP_LTESTS knownhosts-command sftp-uri brokenkeys"
|
||||
SKIP_LTESTS="$SKIP_LTESTS exit-status login-timeout stderr-data"
|
||||
SKIP_LTESTS="$SKIP_LTESTS cfgmatch forward-control multiplex transfer"
|
||||
SKIP_LTESTS="$SKIP_LTESTS cfgmatchlisten forwarding reconfigure"
|
||||
SUDO=""
|
||||
;;
|
||||
nbsd4)
|
||||
# System compiler will ICE on some files with fstack-protector
|
||||
CONFIGFLAGS="${CONFIGFLAGS} --without-hardening"
|
||||
;;
|
||||
sol10|sol11)
|
||||
# sol10 VM is 32bit and the unit tests are slow.
|
||||
# sol11 has 4 test configs so skip unit tests to speed up.
|
||||
TEST_TARGET="tests SKIP_UNIT=1"
|
||||
;;
|
||||
win10)
|
||||
# No sudo on Windows.
|
||||
SUDO=""
|
||||
;;
|
||||
esac
|
||||
|
||||
# If we have a local openssl/libressl, use that.
|
||||
if [ -z "${LIBCRYPTOFLAGS}" ]; then
|
||||
# last-match
|
||||
for i in /usr/local /usr/local/ssl /usr/local/opt/openssl; do
|
||||
if [ -x ${i}/bin/openssl ]; then
|
||||
LIBCRYPTOFLAGS="--with-ssl-dir=${i}"
|
||||
fi
|
||||
done
|
||||
fi
|
||||
|
||||
CONFIGFLAGS="${CONFIGFLAGS} ${LIBCRYPTOFLAGS}"
|
||||
|
||||
if [ -x "$(which plink 2>/dev/null)" ]; then
|
||||
REGRESS_INTEROP_PUTTY=yes
|
||||
export REGRESS_INTEROP_PUTTY
|
||||
fi
|
||||
|
||||
export CC CFLAGS LTESTS SUDO TEST_TARGET TEST_SSH_UNSAFE_PERMISSIONS
|
6
crypto/openssh/.github/configure.sh
vendored
Executable file
6
crypto/openssh/.github/configure.sh
vendored
Executable file
|
@ -0,0 +1,6 @@
|
|||
#!/bin/sh
|
||||
|
||||
. .github/configs $1
|
||||
|
||||
set -x
|
||||
./configure ${CONFIGFLAGS}
|
34
crypto/openssh/.github/run_test.sh
vendored
Executable file
34
crypto/openssh/.github/run_test.sh
vendored
Executable file
|
@ -0,0 +1,34 @@
|
|||
#!/bin/sh
|
||||
|
||||
. .github/configs $1
|
||||
|
||||
[ -z "${SUDO}" ] || ${SUDO} mkdir -p /var/empty
|
||||
|
||||
set -ex
|
||||
|
||||
output_failed_logs() {
|
||||
for i in regress/failed*; do
|
||||
if [ -f "$i" ]; then
|
||||
echo -------------------------------------------------------------------------
|
||||
echo LOGFILE $i
|
||||
cat $i
|
||||
echo -------------------------------------------------------------------------
|
||||
fi
|
||||
done
|
||||
}
|
||||
trap output_failed_logs 0
|
||||
|
||||
if [ -z "${LTESTS}" ]; then
|
||||
make ${TEST_TARGET} SKIP_LTESTS="${SKIP_LTESTS}"
|
||||
else
|
||||
make ${TEST_TARGET} SKIP_LTESTS="${SKIP_LTESTS}" LTESTS="${LTESTS}"
|
||||
fi
|
||||
|
||||
if [ ! -z "${SSHD_CONFOPTS}" ]; then
|
||||
echo "rerunning t-exec with TEST_SSH_SSHD_CONFOPTS='${SSHD_CONFOPTS}'"
|
||||
if [ -z "${LTESTS}" ]; then
|
||||
make t-exec SKIP_LTESTS="${SKIP_LTESTS}" TEST_SSH_SSHD_CONFOPTS="${SSHD_CONFOPTS}"
|
||||
else
|
||||
make t-exec SKIP_LTESTS="${SKIP_LTESTS}" LTESTS="${LTESTS}" TEST_SSH_SSHD_CONFOPTS="${SSHD_CONFOPTS}"
|
||||
fi
|
||||
fi
|
115
crypto/openssh/.github/setup_ci.sh
vendored
Executable file
115
crypto/openssh/.github/setup_ci.sh
vendored
Executable file
|
@ -0,0 +1,115 @@
|
|||
#!/bin/sh
|
||||
|
||||
case $(./config.guess) in
|
||||
*-darwin*)
|
||||
brew install automake
|
||||
exit 0
|
||||
;;
|
||||
esac
|
||||
|
||||
TARGETS=$@
|
||||
|
||||
PACKAGES=""
|
||||
INSTALL_FIDO_PPA="no"
|
||||
|
||||
#echo "Setting up for '$TARGETS'"
|
||||
|
||||
set -ex
|
||||
|
||||
lsb_release -a
|
||||
|
||||
if [ "${TARGETS}" = "kitchensink" ]; then
|
||||
TARGETS="kerberos5 libedit pam sk selinux"
|
||||
fi
|
||||
|
||||
for TARGET in $TARGETS; do
|
||||
case $TARGET in
|
||||
default|without-openssl|without-zlib|c89)
|
||||
# nothing to do
|
||||
;;
|
||||
kerberos5)
|
||||
PACKAGES="$PACKAGES heimdal-dev"
|
||||
#PACKAGES="$PACKAGES libkrb5-dev"
|
||||
;;
|
||||
libedit)
|
||||
PACKAGES="$PACKAGES libedit-dev"
|
||||
;;
|
||||
*pam)
|
||||
PACKAGES="$PACKAGES libpam0g-dev"
|
||||
;;
|
||||
sk)
|
||||
INSTALL_FIDO_PPA="yes"
|
||||
PACKAGES="$PACKAGES libfido2-dev libu2f-host-dev libcbor-dev"
|
||||
;;
|
||||
selinux)
|
||||
PACKAGES="$PACKAGES libselinux1-dev selinux-policy-dev"
|
||||
;;
|
||||
hardenedmalloc)
|
||||
INSTALL_HARDENED_MALLOC=yes
|
||||
;;
|
||||
openssl-noec)
|
||||
INSTALL_OPENSSL=OpenSSL_1_1_1k
|
||||
SSLCONFOPTS="no-ec"
|
||||
;;
|
||||
openssl-*)
|
||||
INSTALL_OPENSSL=$(echo ${TARGET} | cut -f2 -d-)
|
||||
case ${INSTALL_OPENSSL} in
|
||||
1.*) INSTALL_OPENSSL="OpenSSL_$(echo ${INSTALL_OPENSSL} | tr . _)" ;;
|
||||
3.*) INSTALL_OPENSSL="openssl-${INSTALL_OPENSSL}" ;;
|
||||
esac
|
||||
PACKAGES="${PACKAGES} putty-tools"
|
||||
;;
|
||||
libressl-*)
|
||||
INSTALL_LIBRESSL=$(echo ${TARGET} | cut -f2 -d-)
|
||||
case ${INSTALL_LIBRESSL} in
|
||||
master) ;;
|
||||
*) INSTALL_LIBRESSL="v$(echo ${TARGET} | cut -f2 -d-)" ;;
|
||||
esac
|
||||
PACKAGES="${PACKAGES} putty-tools"
|
||||
;;
|
||||
valgrind*)
|
||||
PACKAGES="$PACKAGES valgrind"
|
||||
;;
|
||||
*) echo "Invalid option '${TARGET}'"
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
||||
if [ "yes" = "$INSTALL_FIDO_PPA" ]; then
|
||||
sudo apt update -qq
|
||||
sudo apt install software-properties-common
|
||||
sudo apt-add-repository ppa:yubico/stable
|
||||
fi
|
||||
|
||||
if [ "x" != "x$PACKAGES" ]; then
|
||||
sudo apt update -qq
|
||||
sudo apt install -qy $PACKAGES
|
||||
fi
|
||||
|
||||
if [ "${INSTALL_HARDENED_MALLOC}" = "yes" ]; then
|
||||
(cd ${HOME} &&
|
||||
git clone https://github.com/GrapheneOS/hardened_malloc.git &&
|
||||
cd ${HOME}/hardened_malloc &&
|
||||
make -j2 && sudo cp libhardened_malloc.so /usr/lib/)
|
||||
fi
|
||||
|
||||
if [ ! -z "${INSTALL_OPENSSL}" ]; then
|
||||
(cd ${HOME} &&
|
||||
git clone https://github.com/openssl/openssl.git &&
|
||||
cd ${HOME}/openssl &&
|
||||
git checkout ${INSTALL_OPENSSL} &&
|
||||
./config no-threads shared ${SSLCONFOPTS} \
|
||||
--prefix=/opt/openssl &&
|
||||
make && sudo make install_sw)
|
||||
fi
|
||||
|
||||
if [ ! -z "${INSTALL_LIBRESSL}" ]; then
|
||||
(mkdir -p ${HOME}/libressl && cd ${HOME}/libressl &&
|
||||
git clone https://github.com/libressl-portable/portable.git &&
|
||||
cd ${HOME}/libressl/portable &&
|
||||
git checkout ${INSTALL_LIBRESSL} &&
|
||||
sh update.sh && sh autogen.sh &&
|
||||
./configure --prefix=/opt/libressl &&
|
||||
make -j2 && sudo make install)
|
||||
fi
|
76
crypto/openssh/.github/workflows/c-cpp.yml
vendored
Normal file
76
crypto/openssh/.github/workflows/c-cpp.yml
vendored
Normal file
|
@ -0,0 +1,76 @@
|
|||
name: C/C++ CI
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [ master, ci ]
|
||||
pull_request:
|
||||
branches: [ master ]
|
||||
|
||||
jobs:
|
||||
ci:
|
||||
if: github.repository != 'openssh/openssh-portable-selfhosted'
|
||||
strategy:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
# First we test all OSes in the default configuration.
|
||||
os: [ubuntu-20.04, ubuntu-18.04, macos-10.15, macos-11.0]
|
||||
configs: [default]
|
||||
# Then we include any extra configs we want to test for specific VMs.
|
||||
# Valgrind slows things down quite a bit, so start them first.
|
||||
include:
|
||||
- { os: ubuntu-20.04, configs: valgrind-1 }
|
||||
- { os: ubuntu-20.04, configs: valgrind-2 }
|
||||
- { os: ubuntu-20.04, configs: valgrind-3 }
|
||||
- { os: ubuntu-20.04, configs: valgrind-4 }
|
||||
- { os: ubuntu-20.04, configs: valgrind-unit }
|
||||
- { os: ubuntu-20.04, configs: c89 }
|
||||
- { os: ubuntu-20.04, configs: pam }
|
||||
- { os: ubuntu-20.04, configs: kitchensink }
|
||||
- { os: ubuntu-20.04, configs: hardenedmalloc }
|
||||
- { os: ubuntu-latest, configs: libressl-master }
|
||||
- { os: ubuntu-latest, configs: libressl-2.2.9 }
|
||||
- { os: ubuntu-latest, configs: libressl-2.8.3 }
|
||||
- { os: ubuntu-latest, configs: libressl-3.0.2 }
|
||||
- { os: ubuntu-latest, configs: libressl-3.2.5 }
|
||||
- { os: ubuntu-latest, configs: openssl-master }
|
||||
- { os: ubuntu-latest, configs: openssl-noec }
|
||||
- { os: ubuntu-latest, configs: openssl-1.0.1 }
|
||||
- { os: ubuntu-latest, configs: openssl-1.0.1u }
|
||||
- { os: ubuntu-latest, configs: openssl-1.0.2u }
|
||||
- { os: ubuntu-latest, configs: openssl-1.1.0h }
|
||||
- { os: ubuntu-latest, configs: openssl-1.1.1 }
|
||||
- { os: ubuntu-latest, configs: openssl-1.1.1k }
|
||||
- { os: ubuntu-18.04, configs: pam }
|
||||
- { os: ubuntu-18.04, configs: kerberos5 }
|
||||
- { os: ubuntu-18.04, configs: libedit }
|
||||
- { os: ubuntu-18.04, configs: sk }
|
||||
- { os: ubuntu-18.04, configs: selinux }
|
||||
- { os: ubuntu-18.04, configs: kitchensink }
|
||||
- { os: ubuntu-18.04, configs: without-openssl }
|
||||
- { os: macos-10.15, configs: pam }
|
||||
- { os: macos-11.0, configs: pam }
|
||||
runs-on: ${{ matrix.os }}
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- name: setup CI system
|
||||
run: ./.github/setup_ci.sh ${{ matrix.configs }}
|
||||
- name: autoreconf
|
||||
run: autoreconf
|
||||
- name: configure
|
||||
run: ./.github/configure.sh ${{ matrix.configs }}
|
||||
- name: make
|
||||
run: make -j2
|
||||
- name: make tests
|
||||
run: ./.github/run_test.sh ${{ matrix.configs }}
|
||||
env:
|
||||
TEST_SSH_UNSAFE_PERMISSIONS: 1
|
||||
- name: save logs
|
||||
if: failure()
|
||||
uses: actions/upload-artifact@v2
|
||||
with:
|
||||
name: ${{ matrix.os }}-${{ matrix.configs }}-logs
|
||||
path: |
|
||||
config.h
|
||||
config.log
|
||||
regress/*.log
|
||||
regress/valgrind-out/
|
93
crypto/openssh/.github/workflows/selfhosted.yml
vendored
Normal file
93
crypto/openssh/.github/workflows/selfhosted.yml
vendored
Normal file
|
@ -0,0 +1,93 @@
|
|||
name: C/C++ CI self-hosted
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [ master, ci ]
|
||||
|
||||
jobs:
|
||||
selfhosted:
|
||||
if: github.repository == 'openssh/openssh-portable-selfhosted'
|
||||
runs-on: ${{ matrix.os }}
|
||||
env:
|
||||
TARGET_HOST: ${{ matrix.os }}
|
||||
strategy:
|
||||
fail-fast: false
|
||||
# We use a matrix in two parts: firstly all of the VMs are tested with the
|
||||
# default config. "os" corresponds to a label associated with the worker.
|
||||
matrix:
|
||||
os:
|
||||
- ARM64
|
||||
- bbone
|
||||
- dfly30
|
||||
- dfly48
|
||||
- dfly58
|
||||
- dfly60
|
||||
- fbsd6
|
||||
- fbsd10
|
||||
- fbsd12
|
||||
- fbsd13
|
||||
- hurd
|
||||
- minix3
|
||||
# - nbsd2
|
||||
- nbsd3
|
||||
- nbsd4
|
||||
- nbsd8
|
||||
- nbsd9
|
||||
- obsd51
|
||||
- obsd67
|
||||
- obsd68
|
||||
- obsd69
|
||||
- obsdsnap
|
||||
- openindiana
|
||||
# - rocky84
|
||||
- sol10
|
||||
- sol11
|
||||
- win10
|
||||
configs:
|
||||
- default
|
||||
# Then we include any extra configs we want to test for specific VMs.
|
||||
include:
|
||||
- { os: ARM64, configs: pam }
|
||||
- { os: dfly30, configs: without-openssl}
|
||||
- { os: dfly48, configs: pam }
|
||||
- { os: dfly58, configs: pam }
|
||||
- { os: dfly60, configs: pam }
|
||||
- { os: fbsd6, configs: pam }
|
||||
- { os: fbsd10, configs: pam }
|
||||
- { os: fbsd12, configs: pam }
|
||||
- { os: fbsd13, configs: pam }
|
||||
- { os: nbsd8, configs: pam }
|
||||
- { os: nbsd9, configs: pam }
|
||||
- { os: openindiana, configs: pam }
|
||||
# - { os: rocky84, configs: pam }
|
||||
- { os: sol10, configs: pam }
|
||||
- { os: sol11, configs: pam-krb5 }
|
||||
- { os: sol11, configs: sol64 }
|
||||
# - { os: sol11, configs: sol64-pam }
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- name: autoreconf
|
||||
run: autoreconf
|
||||
- name: shutdown VM if running
|
||||
run: vmshutdown
|
||||
- name: startup VM
|
||||
run: vmstartup
|
||||
- name: configure
|
||||
run: vmrun ./.github/configure.sh ${{ matrix.configs }}
|
||||
- name: make
|
||||
run: vmrun make
|
||||
- name: make tests
|
||||
run: vmrun ./.github/run_test.sh ${{ matrix.configs }}
|
||||
- name: save logs
|
||||
if: failure()
|
||||
uses: actions/upload-artifact@v2
|
||||
with:
|
||||
name: ${{ matrix.os }}-${{ matrix.configs }}-logs
|
||||
path: |
|
||||
config.h
|
||||
config.log
|
||||
regress/*.log
|
||||
regress/valgrind-out/
|
||||
- name: shutdown VM
|
||||
if: always()
|
||||
run: vmshutdown
|
43
crypto/openssh/.github/workflows/upstream.yml
vendored
Normal file
43
crypto/openssh/.github/workflows/upstream.yml
vendored
Normal file
|
@ -0,0 +1,43 @@
|
|||
name: Upstream self-hosted
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [ master, ci ]
|
||||
|
||||
jobs:
|
||||
selfhosted:
|
||||
if: github.repository == 'openssh/openssh-portable-selfhosted'
|
||||
runs-on: ${{ matrix.os }}
|
||||
env:
|
||||
TARGET_HOST: ${{ matrix.os }}
|
||||
strategy:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
os: [ obsdsnap, obsdsnap-i386, obsd69, obsd68 ]
|
||||
configs: [ default, without-openssl ]
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- name: shutdown VM if running
|
||||
run: vmshutdown
|
||||
- name: startup VM
|
||||
run: vmstartup
|
||||
- name: update source
|
||||
run: vmrun "cd /usr/src && cvs up -dPA usr.bin/ssh regress/usr.bin/ssh"
|
||||
- name: make clean
|
||||
run: vmrun "cd /usr/src/usr.bin/ssh && make obj && make clean"
|
||||
- name: make
|
||||
run: vmrun "cd /usr/src/usr.bin/ssh && if test '${{ matrix.configs }}' = 'without-openssl'; then make OPENSSL=no; else make; fi"
|
||||
- name: make install
|
||||
run: vmrun "cd /usr/src/usr.bin/ssh && sudo make install"
|
||||
- name: make tests
|
||||
run: vmrun "cd /usr/src/regress/usr.bin/ssh && make obj && make clean && if test '${{ matrix.configs }}' = 'without-openssl'; then make SUDO=sudo OPENSSL=no; else make SUDO=sudo; fi"
|
||||
- name: save logs
|
||||
if: failure()
|
||||
uses: actions/upload-artifact@v2
|
||||
with:
|
||||
name: ${{ matrix.os }}-${{ matrix.configs }}-logs
|
||||
path: |
|
||||
/usr/obj/regress/usr.bin/ssh/*.log
|
||||
- name: shutdown VM
|
||||
if: always()
|
||||
run: vmshutdown
|
8
crypto/openssh/.gitignore
vendored
8
crypto/openssh/.gitignore
vendored
|
@ -2,8 +2,11 @@ Makefile
|
|||
buildpkg.sh
|
||||
config.h
|
||||
config.h.in
|
||||
config.h.in~
|
||||
config.log
|
||||
config.status
|
||||
configure
|
||||
aclocal.m4
|
||||
openbsd-compat/Makefile
|
||||
openbsd-compat/regress/Makefile
|
||||
openssh.xml
|
||||
|
@ -11,6 +14,8 @@ opensshd.init
|
|||
survey.sh
|
||||
**/*.0
|
||||
**/*.o
|
||||
**/*.lo
|
||||
**/*.so
|
||||
**/*.out
|
||||
**/*.a
|
||||
autom4te.cache/
|
||||
|
@ -24,5 +29,8 @@ ssh-keygen
|
|||
ssh-keyscan
|
||||
ssh-keysign
|
||||
ssh-pkcs11-helper
|
||||
ssh-sk-helper
|
||||
sshd
|
||||
!regress/misc/fuzz-harness/Makefile
|
||||
!regress/unittests/sshsig/Makefile
|
||||
tags
|
||||
|
|
|
@ -5,6 +5,24 @@ fa728823ba21c4b45212750e1d3a4b2086fd1a62 more Makefile refactoring
|
|||
1de0e85522051eb2ffa00437e1885e9d7b3e0c2e moduli update
|
||||
814b2f670df75759e1581ecef530980b2b3d7e0f remove redundant make defs
|
||||
04431e8e7872f49a2129bf080a6b73c19d576d40 moduli update
|
||||
c07772f58028fda683ee6abd41c73da3ff70d403 moduli update
|
||||
db6375fc302e3bdf07d96430c63c991b2c2bd3ff moduli update
|
||||
5ea3d63ab972691f43e9087ab5fd8376d48e898f uuencode.c Makefile accident
|
||||
99dd10e72c04e93849981d43d64c946619efa474 include sshbuf-misc.c
|
||||
9e1c23476bb845f3cf3d15d9032da3ed0cb2fcf5 sshbuf-misc.c in regress
|
||||
569f08445c27124ec7c7f6c0268d844ec56ac061 Makefile tweaks for !openssl
|
||||
58ec755be4e51978ecfee73539090eb68652a987 moduli update
|
||||
4bd5551b306df55379afe17d841207990eb773bf Makefile.inc
|
||||
14806a59353152f843eb349e618abbf6f4dd3ada Makefile.inc
|
||||
8ea4455a2d9364a0a04f9e4a2cbfa4c9fcefe77e Makefile.inc
|
||||
d9b910e412d139141b072a905e66714870c38ac0 Makefile.inc
|
||||
7b7b619c1452a459310b0cf4391c5757c6bdbc0f moduli update
|
||||
5010ff08f7ad92082e87dde098b20f5c24921a8f moduli regen script update
|
||||
3bcae7a754db3fc5ad3cab63dd46774edb35b8ae moduli regen script update
|
||||
52ff0e3205036147b2499889353ac082e505ea54 moduli update
|
||||
07b5031e9f49f2b69ac5e85b8da4fc9e393992a0 Makefile.inc
|
||||
cc12a9029833d222043aecd252d654965c351a69 moduli-gen Makefile
|
||||
7ac6c252d2a5be8fbad4c66d9d35db507c9dac5b moduli update
|
||||
|
||||
Old upstream tree:
|
||||
|
||||
|
|
|
@ -33,7 +33,7 @@ David Agraz <dagraz@jahoopa.com> - Build fixes
|
|||
David Del Piero <David.DelPiero@qed.qld.gov.au> - bug fixes
|
||||
David Hesprich <darkgrue@gue-tech.org> - Configure fixes
|
||||
David Rankin <drankin@bohemians.lexington.ky.us> - libwrap, AIX, NetBSD fixes
|
||||
Dag-Erling Smørgrav <des at freebsd.org> - Challenge-Response PAM code.
|
||||
Dag-Erling Smørgrav <des at freebsd.org> - Challenge-Response PAM code.
|
||||
Dhiraj Gulati <dgulati@sco.com> - UnixWare long passwords
|
||||
Ed Eden <ede370@stl.rural.usda.gov> - configure fixes
|
||||
Garrick James <garrick@james.net> - configure fixes
|
||||
|
|
21715
crypto/openssh/ChangeLog
21715
crypto/openssh/ChangeLog
File diff suppressed because it is too large
Load diff
|
@ -1,6 +1,6 @@
|
|||
# $FreeBSD$
|
||||
Project: Portable OpenSSH
|
||||
ProjectURL: http://www.openssh.com/portable.html
|
||||
Version: 7.9p1
|
||||
Version: 8.7p1
|
||||
License: BSD
|
||||
Maintainer: des
|
||||
Maintainer: emaste
|
||||
|
|
|
@ -7,39 +7,52 @@ options. Some notes about specific compilers:
|
|||
- clang: -ftrapv and -sanitize=integer require the compiler-rt runtime
|
||||
(CC=clang LDFLAGS=--rtlib=compiler-rt ./configure)
|
||||
|
||||
You will need working installations of Zlib and libcrypto (LibreSSL /
|
||||
OpenSSL)
|
||||
To support Privilege Separation (which is now required) you will need
|
||||
to create the user, group and directory used by sshd for privilege
|
||||
separation. See README.privsep for details.
|
||||
|
||||
Zlib 1.1.4 or 1.2.1.2 or greater (earlier 1.2.x versions have problems):
|
||||
http://www.gzip.org/zlib/
|
||||
|
||||
libcrypto (LibreSSL or OpenSSL >= 1.0.1 < 1.1.0)
|
||||
LibreSSL http://www.libressl.org/ ; or
|
||||
OpenSSL http://www.openssl.org/
|
||||
|
||||
LibreSSL/OpenSSL should be compiled as a position-independent library
|
||||
(i.e. with -fPIC) otherwise OpenSSH will not be able to link with it.
|
||||
If you must use a non-position-independent libcrypto, then you may need
|
||||
to configure OpenSSH --without-pie. Note that because of API changes,
|
||||
OpenSSL 1.1.x is not currently supported.
|
||||
|
||||
The remaining items are optional.
|
||||
|
||||
A working installation of zlib:
|
||||
Zlib 1.1.4 or 1.2.1.2 or greater (earlier 1.2.x versions have problems):
|
||||
http://www.gzip.org/zlib/
|
||||
|
||||
libcrypto from either of LibreSSL or OpenSSL. Building without libcrypto
|
||||
is supported but severely restricts the available ciphers and algorithms.
|
||||
- LibreSSL (https://www.libressl.org/)
|
||||
- OpenSSL (https://www.openssl.org) with any of the following versions:
|
||||
- 1.0.x >= 1.0.1 or 1.1.0 >= 1.1.0g or any 1.1.1
|
||||
|
||||
Note that due to a bug in EVP_CipherInit OpenSSL 1.1 versions prior to
|
||||
1.1.0g can't be used.
|
||||
|
||||
LibreSSL/OpenSSL should be compiled as a position-independent library
|
||||
(i.e. -fPIC, eg by configuring OpenSSL as "./config [options] -fPIC"
|
||||
or LibreSSL as "CFLAGS=-fPIC ./configure") otherwise OpenSSH will not
|
||||
be able to link with it. If you must use a non-position-independent
|
||||
libcrypto, then you may need to configure OpenSSH --without-pie.
|
||||
|
||||
If you build either from source, running the OpenSSL self-test ("make
|
||||
tests") or the LibreSSL equivalent ("make check") and ensuring that all
|
||||
tests pass is strongly recommended.
|
||||
|
||||
NB. If you operating system supports /dev/random, you should configure
|
||||
libcrypto (LibreSSL/OpenSSL) to use it. OpenSSH relies on libcrypto's
|
||||
direct support of /dev/random, or failing that, either prngd or egd
|
||||
direct support of /dev/random, or failing that, either prngd or egd.
|
||||
|
||||
PRNGD:
|
||||
|
||||
If your system lacks kernel-based random collection, the use of Lutz
|
||||
Jaenicke's PRNGd is recommended.
|
||||
Jaenicke's PRNGd is recommended. It requires that libcrypto be configured
|
||||
to support it.
|
||||
|
||||
http://prngd.sourceforge.net/
|
||||
|
||||
EGD:
|
||||
|
||||
If the kernel lacks /dev/random the Entropy Gathering Daemon (EGD) is
|
||||
supported only if libcrypto supports it.
|
||||
The Entropy Gathering Daemon (EGD) supports the same interface as prngd.
|
||||
It also supported only if libcrypto is configured to support it.
|
||||
|
||||
http://egd.sourceforge.net/
|
||||
|
||||
|
@ -47,7 +60,7 @@ PAM:
|
|||
|
||||
OpenSSH can utilise Pluggable Authentication Modules (PAM) if your
|
||||
system supports it. PAM is standard most Linux distributions, Solaris,
|
||||
HP-UX 11, AIX >= 5.2, FreeBSD and NetBSD.
|
||||
HP-UX 11, AIX >= 5.2, FreeBSD, NetBSD and Mac OS X.
|
||||
|
||||
Information about the various PAM implementations are available:
|
||||
|
||||
|
@ -93,11 +106,12 @@ http://nlnetlabs.nl/projects/ldns/
|
|||
Autoconf:
|
||||
|
||||
If you modify configure.ac or configure doesn't exist (eg if you checked
|
||||
the code out of git yourself) then you will need autoconf-2.69 to rebuild
|
||||
the automatically generated files by running "autoreconf". Earlier
|
||||
versions may also work but this is not guaranteed.
|
||||
the code out of git yourself) then you will need autoconf-2.69 and
|
||||
automake-1.16.1 to rebuild the automatically generated files by running
|
||||
"autoreconf". Earlier versions may also work but this is not guaranteed.
|
||||
|
||||
http://www.gnu.org/software/autoconf/
|
||||
http://www.gnu.org/software/automake/
|
||||
|
||||
Basic Security Module (BSM):
|
||||
|
||||
|
@ -113,6 +127,16 @@ If you are making significant changes to the code you may need to rebuild
|
|||
the dependency (.depend) file using "make depend", which requires the
|
||||
"makedepend" tool from the X11 distribution.
|
||||
|
||||
libfido2:
|
||||
|
||||
libfido2 allows the use of hardware security keys over USB. libfido2
|
||||
in turn depends on libcbor. libfido2 >= 1.5.0 is strongly recommended.
|
||||
Limited functionality is possible with earlier libfido2 versions.
|
||||
|
||||
https://github.com/Yubico/libfido2
|
||||
https://github.com/pjk/libcbor
|
||||
|
||||
|
||||
2. Building / Installation
|
||||
--------------------------
|
||||
|
||||
|
@ -140,10 +164,6 @@ make install
|
|||
This will install the binaries in /opt/{bin,lib,sbin}, but will place the
|
||||
configuration files in /etc/ssh.
|
||||
|
||||
If you are using Privilege Separation (which is enabled by default)
|
||||
then you will also need to create the user, group and directory used by
|
||||
sshd for privilege separation. See README.privsep for details.
|
||||
|
||||
If you are using PAM, you may need to manually install a PAM control
|
||||
file as "/etc/pam.d/sshd" (or wherever your system prefers to keep
|
||||
them). Note that the service name used to start PAM is __progname,
|
||||
|
@ -215,6 +235,11 @@ libraries are installed.
|
|||
|
||||
--with-ssl-engine enables Libre/OpenSSL's (hardware) ENGINE support
|
||||
|
||||
--without-openssl builds without using OpenSSL. Only a subset of ciphers
|
||||
and algorithms are supported in this configuration.
|
||||
|
||||
--without-zlib builds without zlib. This disables the Compression option.
|
||||
|
||||
--with-4in6 Check for IPv4 in IPv6 mapped addresses and convert them to
|
||||
real (AF_INET) IPv4 addresses. Works around some quirks on Linux.
|
||||
|
||||
|
@ -246,10 +271,10 @@ to generate keys for all supported types.
|
|||
|
||||
Replacing /etc/ssh with the correct path to the configuration directory.
|
||||
(${prefix}/etc or whatever you specified with --sysconfdir during
|
||||
configuration)
|
||||
configuration).
|
||||
|
||||
If you have configured OpenSSH with EGD support, ensure that EGD is
|
||||
running and has collected some Entropy.
|
||||
If you have configured OpenSSH with EGD/prngd support, ensure that EGD or
|
||||
prngd is running and has collected some entropy first.
|
||||
|
||||
For more information on configuration, please refer to the manual pages
|
||||
for sshd, ssh and ssh-agent.
|
||||
|
@ -271,6 +296,6 @@ summary data may be published.
|
|||
5. Problems?
|
||||
------------
|
||||
|
||||
If you experience problems compiling, installing or running OpenSSH.
|
||||
Please refer to the "reporting bugs" section of the webpage at
|
||||
If you experience problems compiling, installing or running OpenSSH,
|
||||
please refer to the "reporting bugs" section of the webpage at
|
||||
https://www.openssh.com/
|
||||
|
|
|
@ -174,7 +174,7 @@ OpenSSH contains no GPL code.
|
|||
Gert Doering
|
||||
Jakob Schlyter
|
||||
Jason Downs
|
||||
Juha Yrj<EFBFBD>l<EFBFBD>
|
||||
Juha Yrjölä
|
||||
Michael Stone
|
||||
Networks Associates Technology, Inc.
|
||||
Solar Designer
|
||||
|
@ -314,6 +314,68 @@ OpenSSH contains no GPL code.
|
|||
* authorization. *
|
||||
****************************************************************************/
|
||||
|
||||
The Blowfish cipher implementation is licensed by Niels Provis under
|
||||
a 4-clause BSD license:
|
||||
|
||||
* Blowfish - a fast block cipher designed by Bruce Schneier
|
||||
*
|
||||
* Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de>
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* This product includes software developed by Niels Provos.
|
||||
* 4. The name of the author may not be used to endorse or promote products
|
||||
* derived from this software without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
|
||||
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
||||
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
||||
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
|
||||
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
|
||||
Some replacement code is licensed by the NetBSD foundation under a
|
||||
2-clause BSD license:
|
||||
|
||||
* Copyright (c) 2001 The NetBSD Foundation, Inc.
|
||||
* All rights reserved.
|
||||
*
|
||||
* This code is derived from software contributed to The NetBSD Foundation
|
||||
* by Todd Vierling.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
|
||||
* ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
|
||||
* TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
|
||||
* BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
|
||||
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
||||
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
||||
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
|
||||
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
||||
* POSSIBILITY OF SUCH DAMAGE.
|
||||
|
||||
------
|
||||
$OpenBSD: LICENCE,v 1.20 2017/04/30 23:26:16 djm Exp $
|
||||
|
|
|
@ -16,6 +16,7 @@ sysconfdir=@sysconfdir@
|
|||
piddir=@piddir@
|
||||
srcdir=@srcdir@
|
||||
top_srcdir=@top_srcdir@
|
||||
abs_top_srcdir=@abs_top_srcdir@
|
||||
|
||||
DESTDIR=
|
||||
VPATH=@srcdir@
|
||||
|
@ -24,6 +25,7 @@ ASKPASS_PROGRAM=$(libexecdir)/ssh-askpass
|
|||
SFTP_SERVER=$(libexecdir)/sftp-server
|
||||
SSH_KEYSIGN=$(libexecdir)/ssh-keysign
|
||||
SSH_PKCS11_HELPER=$(libexecdir)/ssh-pkcs11-helper
|
||||
SSH_SK_HELPER=$(libexecdir)/ssh-sk-helper
|
||||
PRIVSEP_PATH=@PRIVSEP_PATH@
|
||||
SSH_PRIVSEP_USER=@SSH_PRIVSEP_USER@
|
||||
STRIP_OPT=@STRIP_OPT@
|
||||
|
@ -35,32 +37,37 @@ PATHS= -DSSHDIR=\"$(sysconfdir)\" \
|
|||
-D_PATH_SFTP_SERVER=\"$(SFTP_SERVER)\" \
|
||||
-D_PATH_SSH_KEY_SIGN=\"$(SSH_KEYSIGN)\" \
|
||||
-D_PATH_SSH_PKCS11_HELPER=\"$(SSH_PKCS11_HELPER)\" \
|
||||
-D_PATH_SSH_SK_HELPER=\"$(SSH_SK_HELPER)\" \
|
||||
-D_PATH_SSH_PIDDIR=\"$(piddir)\" \
|
||||
-D_PATH_PRIVSEP_CHROOT_DIR=\"$(PRIVSEP_PATH)\"
|
||||
|
||||
CC=@CC@
|
||||
LD=@LD@
|
||||
CFLAGS=@CFLAGS@
|
||||
CFLAGS_NOPIE=@CFLAGS_NOPIE@
|
||||
CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
|
||||
PICFLAG=@PICFLAG@
|
||||
LIBS=@LIBS@
|
||||
K5LIBS=@K5LIBS@
|
||||
GSSLIBS=@GSSLIBS@
|
||||
SSHLIBS=@SSHLIBS@
|
||||
SSHDLIBS=@SSHDLIBS@
|
||||
LIBEDIT=@LIBEDIT@
|
||||
LIBFIDO2=@LIBFIDO2@
|
||||
AR=@AR@
|
||||
AWK=@AWK@
|
||||
RANLIB=@RANLIB@
|
||||
INSTALL=@INSTALL@
|
||||
SED=@SED@
|
||||
ENT=@ENT@
|
||||
XAUTH_PATH=@XAUTH_PATH@
|
||||
LDFLAGS=-L. -Lopenbsd-compat/ @LDFLAGS@
|
||||
LDFLAGS_NOPIE=-L. -Lopenbsd-compat/ @LDFLAGS_NOPIE@
|
||||
EXEEXT=@EXEEXT@
|
||||
MANFMT=@MANFMT@
|
||||
MKDIR_P=@MKDIR_P@
|
||||
|
||||
TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT)
|
||||
.SUFFIXES: .lo
|
||||
|
||||
TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-sk-helper$(EXEEXT)
|
||||
|
||||
XMSS_OBJS=\
|
||||
ssh-xmss.o \
|
||||
|
@ -87,23 +94,27 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \
|
|||
authfd.o authfile.o \
|
||||
canohost.o channels.o cipher.o cipher-aes.o cipher-aesctr.o \
|
||||
cipher-ctr.o cleanup.o \
|
||||
compat.o crc32.o fatal.o hostfile.o \
|
||||
log.o match.o moduli.o nchan.o packet.o opacket.o \
|
||||
readpass.o ttymodes.o xmalloc.o addrmatch.o \
|
||||
atomicio.o dispatch.o mac.o uuencode.o misc.o utf8.o \
|
||||
monitor_fdpass.o rijndael.o ssh-dss.o ssh-ecdsa.o ssh-rsa.o dh.o \
|
||||
compat.o fatal.o hostfile.o \
|
||||
log.o match.o moduli.o nchan.o packet.o \
|
||||
readpass.o ttymodes.o xmalloc.o addr.o addrmatch.o \
|
||||
atomicio.o dispatch.o mac.o misc.o utf8.o \
|
||||
monitor_fdpass.o rijndael.o ssh-dss.o ssh-ecdsa.o ssh-ecdsa-sk.o \
|
||||
ssh-ed25519-sk.o ssh-rsa.o dh.o \
|
||||
msg.o progressmeter.o dns.o entropy.o gss-genr.o umac.o umac128.o \
|
||||
ssh-pkcs11.o smult_curve25519_ref.o \
|
||||
poly1305.o chacha.o cipher-chachapoly.o \
|
||||
ssh-ed25519.o digest-openssl.o digest-libc.o hmac.o \
|
||||
sc25519.o ge25519.o fe25519.o ed25519.o verify.o hash.o \
|
||||
poly1305.o chacha.o cipher-chachapoly.o cipher-chachapoly-libcrypto.o \
|
||||
ssh-ed25519.o digest-openssl.o digest-libc.o \
|
||||
hmac.o sc25519.o ge25519.o fe25519.o ed25519.o verify.o hash.o \
|
||||
kex.o kexdh.o kexgex.o kexecdh.o kexc25519.o \
|
||||
kexdhc.o kexgexc.o kexecdhc.o kexc25519c.o \
|
||||
kexdhs.o kexgexs.o kexecdhs.o kexc25519s.o \
|
||||
platform-pledge.o platform-tracing.o platform-misc.o
|
||||
kexgexc.o kexgexs.o \
|
||||
kexsntrup761x25519.o sntrup761.o kexgen.o \
|
||||
sftp-realpath.o platform-pledge.o platform-tracing.o platform-misc.o \
|
||||
sshbuf-io.o
|
||||
|
||||
SKOBJS= ssh-sk-client.o
|
||||
|
||||
SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \
|
||||
sshconnect.o sshconnect2.o mux.o
|
||||
sshconnect.o sshconnect2.o mux.o $(SKOBJS)
|
||||
|
||||
SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o \
|
||||
audit.o audit-bsm.o audit-linux.o platform.o \
|
||||
|
@ -115,13 +126,35 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o \
|
|||
monitor.o monitor_wrap.o auth-krb5.o \
|
||||
auth2-gss.o gss-serv.o gss-serv-krb5.o \
|
||||
loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \
|
||||
sftp-server.o sftp-common.o \
|
||||
srclimit.o sftp-server.o sftp-common.o \
|
||||
sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \
|
||||
sandbox-seccomp-filter.o sandbox-capsicum.o sandbox-pledge.o \
|
||||
sandbox-solaris.o uidswap.o
|
||||
sandbox-solaris.o uidswap.o $(SKOBJS)
|
||||
|
||||
MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out
|
||||
MANPAGES_IN = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 sshd_config.5 ssh_config.5
|
||||
SFTP_CLIENT_OBJS=sftp-common.o sftp-client.o sftp-glob.o
|
||||
|
||||
SCP_OBJS= scp.o progressmeter.o $(SFTP_CLIENT_OBJS)
|
||||
|
||||
SSHADD_OBJS= ssh-add.o $(SKOBJS)
|
||||
|
||||
SSHAGENT_OBJS= ssh-agent.o ssh-pkcs11-client.o $(SKOBJS)
|
||||
|
||||
SSHKEYGEN_OBJS= ssh-keygen.o sshsig.o $(SKOBJS)
|
||||
|
||||
SSHKEYSIGN_OBJS=ssh-keysign.o readconf.o uidswap.o $(SKOBJS)
|
||||
|
||||
P11HELPER_OBJS= ssh-pkcs11-helper.o ssh-pkcs11.o $(SKOBJS)
|
||||
|
||||
SKHELPER_OBJS= ssh-sk-helper.o ssh-sk.o sk-usbhid.o
|
||||
|
||||
SSHKEYSCAN_OBJS=ssh-keyscan.o $(SKOBJS)
|
||||
|
||||
SFTPSERVER_OBJS=sftp-common.o sftp-server.o sftp-server-main.o
|
||||
|
||||
SFTP_OBJS= sftp.o progressmeter.o $(SFTP_CLIENT_OBJS)
|
||||
|
||||
MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out ssh-sk-helper.8.out sshd_config.5.out ssh_config.5.out
|
||||
MANPAGES_IN = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 ssh-sk-helper.8 sshd_config.5 ssh_config.5
|
||||
MANTYPE = @MANTYPE@
|
||||
|
||||
CONFIGFILES=sshd_config.out ssh_config.out moduli.out
|
||||
|
@ -150,11 +183,16 @@ FIXPATHSCMD = $(SED) $(PATHSUBS)
|
|||
FIXALGORITHMSCMD= $(SHELL) $(srcdir)/fixalgorithms $(SED) \
|
||||
@UNSUPPORTED_ALGORITHMS@
|
||||
|
||||
all: $(CONFIGFILES) $(MANPAGES) $(TARGETS)
|
||||
all: configure-check $(CONFIGFILES) $(MANPAGES) $(TARGETS)
|
||||
|
||||
$(LIBSSH_OBJS): Makefile.in config.h
|
||||
$(SSHOBJS): Makefile.in config.h
|
||||
$(SSHDOBJS): Makefile.in config.h
|
||||
configure-check: $(srcdir)/configure
|
||||
|
||||
$(srcdir)/configure: configure.ac $(srcdir)/m4/*.m4
|
||||
@echo "ERROR: configure is out of date; please run ${AUTORECONF} (and configure)" 1>&2
|
||||
@exit 1
|
||||
|
||||
.c.o:
|
||||
$(CC) $(CFLAGS) $(CPPFLAGS) -c $< -o $@
|
||||
|
@ -169,37 +207,40 @@ libssh.a: $(LIBSSH_OBJS)
|
|||
$(RANLIB) $@
|
||||
|
||||
ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS)
|
||||
$(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHLIBS) $(LIBS) $(GSSLIBS)
|
||||
$(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) $(GSSLIBS)
|
||||
|
||||
sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS)
|
||||
$(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) $(LIBS) $(GSSLIBS) $(K5LIBS)
|
||||
|
||||
scp$(EXEEXT): $(LIBCOMPAT) libssh.a scp.o progressmeter.o
|
||||
$(LD) -o $@ scp.o progressmeter.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
|
||||
scp$(EXEEXT): $(LIBCOMPAT) libssh.a $(SCP_OBJS)
|
||||
$(LD) -o $@ $(SCP_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
|
||||
|
||||
ssh-add$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-add.o
|
||||
$(LD) -o $@ ssh-add.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
|
||||
ssh-add$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHADD_OBJS)
|
||||
$(LD) -o $@ $(SSHADD_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
|
||||
|
||||
ssh-agent$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-agent.o ssh-pkcs11-client.o
|
||||
$(LD) -o $@ ssh-agent.o ssh-pkcs11-client.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
|
||||
ssh-agent$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHAGENT_OBJS)
|
||||
$(LD) -o $@ $(SSHAGENT_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
|
||||
|
||||
ssh-keygen$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keygen.o
|
||||
$(LD) -o $@ ssh-keygen.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
|
||||
ssh-keygen$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHKEYGEN_OBJS)
|
||||
$(LD) -o $@ $(SSHKEYGEN_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
|
||||
|
||||
ssh-keysign$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keysign.o readconf.o uidswap.o
|
||||
$(LD) -o $@ ssh-keysign.o readconf.o uidswap.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
|
||||
ssh-keysign$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHKEYSIGN_OBJS)
|
||||
$(LD) -o $@ $(SSHKEYSIGN_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
|
||||
|
||||
ssh-pkcs11-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-pkcs11-helper.o ssh-pkcs11.o
|
||||
$(LD) -o $@ ssh-pkcs11-helper.o ssh-pkcs11.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
|
||||
ssh-pkcs11-helper$(EXEEXT): $(LIBCOMPAT) libssh.a $(P11HELPER_OBJS)
|
||||
$(LD) -o $@ $(P11HELPER_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
|
||||
|
||||
ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o
|
||||
$(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
|
||||
ssh-sk-helper$(EXEEXT): $(LIBCOMPAT) libssh.a $(SKHELPER_OBJS)
|
||||
$(LD) -o $@ $(SKHELPER_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS) $(LIBFIDO2)
|
||||
|
||||
sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-server.o sftp-server-main.o
|
||||
$(LD) -o $@ sftp-server.o sftp-common.o sftp-server-main.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
|
||||
ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHKEYSCAN_OBJS)
|
||||
$(LD) -o $@ $(SSHKEYSCAN_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
|
||||
|
||||
sftp$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-client.o sftp-common.o sftp-glob.o progressmeter.o
|
||||
$(LD) -o $@ progressmeter.o sftp.o sftp-client.o sftp-common.o sftp-glob.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) $(LIBEDIT)
|
||||
sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a $(SFTPSERVER_OBJS)
|
||||
$(LD) -o $@ $(SFTPSERVER_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
|
||||
|
||||
sftp$(EXEEXT): $(LIBCOMPAT) libssh.a $(SFTP_OBJS)
|
||||
$(LD) -o $@ $(SFTP_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) $(LIBEDIT)
|
||||
|
||||
# test driver for the loginrec code - not built by default
|
||||
logintest: logintest.o $(LIBCOMPAT) libssh.a loginrec.o
|
||||
|
@ -227,16 +268,14 @@ moduli:
|
|||
echo
|
||||
|
||||
clean: regressclean
|
||||
rm -f *.o *.a $(TARGETS) logintest config.cache config.log
|
||||
rm -f *.o *.lo *.a $(TARGETS) logintest config.cache config.log
|
||||
rm -f *.out core survey
|
||||
rm -f regress/check-perm$(EXEEXT)
|
||||
rm -f regress/mkdtemp$(EXEEXT)
|
||||
rm -f regress/unittests/test_helper/*.a
|
||||
rm -f regress/unittests/test_helper/*.o
|
||||
rm -f regress/unittests/sshbuf/*.o
|
||||
rm -f regress/unittests/sshbuf/test_sshbuf$(EXEEXT)
|
||||
rm -f regress/unittests/sshkey/*.o
|
||||
rm -f regress/unittests/sshkey/test_sshkey$(EXEEXT)
|
||||
rm -f regress/unittests/authopt/*.o
|
||||
rm -f regress/unittests/authopt/test_authopt$(EXEEXT)
|
||||
rm -f regress/unittests/bitmap/*.o
|
||||
rm -f regress/unittests/bitmap/test_bitmap$(EXEEXT)
|
||||
rm -f regress/unittests/conversion/*.o
|
||||
|
@ -247,10 +286,19 @@ clean: regressclean
|
|||
rm -f regress/unittests/kex/test_kex$(EXEEXT)
|
||||
rm -f regress/unittests/match/*.o
|
||||
rm -f regress/unittests/match/test_match$(EXEEXT)
|
||||
rm -f regress/unittests/misc/*.o
|
||||
rm -f regress/unittests/misc/test_misc$(EXEEXT)
|
||||
rm -f regress/unittests/sshbuf/*.o
|
||||
rm -f regress/unittests/sshbuf/test_sshbuf$(EXEEXT)
|
||||
rm -f regress/unittests/sshkey/*.o
|
||||
rm -f regress/unittests/sshkey/test_sshkey$(EXEEXT)
|
||||
rm -f regress/unittests/sshsig/*.o
|
||||
rm -f regress/unittests/sshsig/test_sshsig$(EXEEXT)
|
||||
rm -f regress/unittests/utf8/*.o
|
||||
rm -f regress/unittests/utf8/test_utf8$(EXEEXT)
|
||||
rm -f regress/misc/kexfuzz/*.o
|
||||
rm -f regress/misc/kexfuzz/kexfuzz$(EXEEXT)
|
||||
rm -f regress/misc/sk-dummy/*.o
|
||||
rm -f regress/misc/sk-dummy/*.lo
|
||||
rm -f regress/misc/sk-dummy/sk-dummy.so
|
||||
(cd openbsd-compat && $(MAKE) clean)
|
||||
|
||||
distclean: regressclean
|
||||
|
@ -263,10 +311,8 @@ distclean: regressclean
|
|||
rm -f regress/mkdtemp
|
||||
rm -f regress/unittests/test_helper/*.a
|
||||
rm -f regress/unittests/test_helper/*.o
|
||||
rm -f regress/unittests/sshbuf/*.o
|
||||
rm -f regress/unittests/sshbuf/test_sshbuf
|
||||
rm -f regress/unittests/sshkey/*.o
|
||||
rm -f regress/unittests/sshkey/test_sshkey
|
||||
rm -f regress/unittests/authopt/*.o
|
||||
rm -f regress/unittests/authopt/test_authopt
|
||||
rm -f regress/unittests/bitmap/*.o
|
||||
rm -f regress/unittests/bitmap/test_bitmap
|
||||
rm -f regress/unittests/conversion/*.o
|
||||
|
@ -277,10 +323,16 @@ distclean: regressclean
|
|||
rm -f regress/unittests/kex/test_kex
|
||||
rm -f regress/unittests/match/*.o
|
||||
rm -f regress/unittests/match/test_match
|
||||
rm -f regress/unittests/misc/*.o
|
||||
rm -f regress/unittests/misc/test_misc
|
||||
rm -f regress/unittests/sshbuf/*.o
|
||||
rm -f regress/unittests/sshbuf/test_sshbuf
|
||||
rm -f regress/unittests/sshkey/*.o
|
||||
rm -f regress/unittests/sshkey/test_sshkey
|
||||
rm -f regress/unittests/sshsig/*.o
|
||||
rm -f regress/unittests/sshsig/test_sshsig
|
||||
rm -f regress/unittests/utf8/*.o
|
||||
rm -f regress/unittests/utf8/test_utf8
|
||||
rm -f regress/misc/kexfuzz/*.o
|
||||
rm -f regress/misc/kexfuzz/kexfuzz$(EXEEXT)
|
||||
(cd openbsd-compat && $(MAKE) distclean)
|
||||
if test -d pkg ; then \
|
||||
rm -fr pkg ; \
|
||||
|
@ -307,9 +359,15 @@ depend: depend-rebuild
|
|||
rm -f .depend.bak
|
||||
|
||||
depend-rebuild:
|
||||
rm -f config.h
|
||||
touch config.h
|
||||
mv .depend .depend.old
|
||||
rm -f config.h .depend
|
||||
touch config.h .depend
|
||||
makedepend -w1000 -Y. -f .depend *.c 2>/dev/null
|
||||
(echo '# Automatically generated by makedepend.'; \
|
||||
echo '# Run "make depend" to rebuild.'; sort .depend ) >.depend.tmp
|
||||
mv .depend.tmp .depend
|
||||
rm -f .depend.bak
|
||||
mv .depend.old .depend.bak
|
||||
rm -f config.h
|
||||
|
||||
depend-check: depend-rebuild
|
||||
|
@ -343,6 +401,7 @@ install-files:
|
|||
$(INSTALL) -m 0755 $(STRIP_OPT) sshd$(EXEEXT) $(DESTDIR)$(sbindir)/sshd$(EXEEXT)
|
||||
$(INSTALL) -m 4711 $(STRIP_OPT) ssh-keysign$(EXEEXT) $(DESTDIR)$(SSH_KEYSIGN)$(EXEEXT)
|
||||
$(INSTALL) -m 0755 $(STRIP_OPT) ssh-pkcs11-helper$(EXEEXT) $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT)
|
||||
$(INSTALL) -m 0755 $(STRIP_OPT) ssh-sk-helper$(EXEEXT) $(DESTDIR)$(SSH_SK_HELPER)$(EXEEXT)
|
||||
$(INSTALL) -m 0755 $(STRIP_OPT) sftp$(EXEEXT) $(DESTDIR)$(bindir)/sftp$(EXEEXT)
|
||||
$(INSTALL) -m 0755 $(STRIP_OPT) sftp-server$(EXEEXT) $(DESTDIR)$(SFTP_SERVER)$(EXEEXT)
|
||||
$(INSTALL) -m 644 ssh.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1
|
||||
|
@ -359,6 +418,7 @@ install-files:
|
|||
$(INSTALL) -m 644 sftp-server.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8
|
||||
$(INSTALL) -m 644 ssh-keysign.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8
|
||||
$(INSTALL) -m 644 ssh-pkcs11-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8
|
||||
$(INSTALL) -m 644 ssh-sk-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-sk-helper.8
|
||||
|
||||
install-sysconf:
|
||||
$(MKDIR_P) $(DESTDIR)$(sysconfdir)
|
||||
|
@ -419,6 +479,7 @@ uninstall:
|
|||
-rm -r $(DESTDIR)$(SFTP_SERVER)$(EXEEXT)
|
||||
-rm -f $(DESTDIR)$(SSH_KEYSIGN)$(EXEEXT)
|
||||
-rm -f $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT)
|
||||
-rm -f $(DESTDIR)$(SSH_SK_HELPER)$(EXEEXT)
|
||||
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1
|
||||
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1
|
||||
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-add.1
|
||||
|
@ -430,18 +491,22 @@ uninstall:
|
|||
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8
|
||||
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8
|
||||
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8
|
||||
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-sk-helper.8
|
||||
|
||||
regress-prep:
|
||||
$(MKDIR_P) `pwd`/regress/unittests/test_helper
|
||||
$(MKDIR_P) `pwd`/regress/unittests/sshbuf
|
||||
$(MKDIR_P) `pwd`/regress/unittests/sshkey
|
||||
$(MKDIR_P) `pwd`/regress/unittests/authopt
|
||||
$(MKDIR_P) `pwd`/regress/unittests/bitmap
|
||||
$(MKDIR_P) `pwd`/regress/unittests/conversion
|
||||
$(MKDIR_P) `pwd`/regress/unittests/hostkeys
|
||||
$(MKDIR_P) `pwd`/regress/unittests/kex
|
||||
$(MKDIR_P) `pwd`/regress/unittests/match
|
||||
$(MKDIR_P) `pwd`/regress/unittests/misc
|
||||
$(MKDIR_P) `pwd`/regress/unittests/sshbuf
|
||||
$(MKDIR_P) `pwd`/regress/unittests/sshkey
|
||||
$(MKDIR_P) `pwd`/regress/unittests/sshsig
|
||||
$(MKDIR_P) `pwd`/regress/unittests/utf8
|
||||
$(MKDIR_P) `pwd`/regress/misc/kexfuzz
|
||||
$(MKDIR_P) `pwd`/regress/misc/sk-dummy
|
||||
[ -f `pwd`/regress/Makefile ] || \
|
||||
ln -s `cd $(srcdir) && pwd`/regress/Makefile `pwd`/regress/Makefile
|
||||
|
||||
|
@ -496,7 +561,8 @@ UNITTESTS_TEST_SSHKEY_OBJS=\
|
|||
regress/unittests/sshkey/tests.o \
|
||||
regress/unittests/sshkey/common.o \
|
||||
regress/unittests/sshkey/test_file.o \
|
||||
regress/unittests/sshkey/test_sshkey.o
|
||||
regress/unittests/sshkey/test_sshkey.o \
|
||||
$(SKOBJS)
|
||||
|
||||
regress/unittests/sshkey/test_sshkey$(EXEEXT): ${UNITTESTS_TEST_SSHKEY_OBJS} \
|
||||
regress/unittests/test_helper/libtest_helper.a libssh.a
|
||||
|
@ -504,6 +570,17 @@ regress/unittests/sshkey/test_sshkey$(EXEEXT): ${UNITTESTS_TEST_SSHKEY_OBJS} \
|
|||
regress/unittests/test_helper/libtest_helper.a \
|
||||
-lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
|
||||
|
||||
UNITTESTS_TEST_SSHSIG_OBJS=\
|
||||
sshsig.o \
|
||||
regress/unittests/sshsig/tests.o \
|
||||
$(SKOBJS)
|
||||
|
||||
regress/unittests/sshsig/test_sshsig$(EXEEXT): ${UNITTESTS_TEST_SSHSIG_OBJS} \
|
||||
regress/unittests/test_helper/libtest_helper.a libssh.a
|
||||
$(LD) -o $@ $(LDFLAGS) $(UNITTESTS_TEST_SSHSIG_OBJS) \
|
||||
regress/unittests/test_helper/libtest_helper.a \
|
||||
-lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
|
||||
|
||||
UNITTESTS_TEST_BITMAP_OBJS=\
|
||||
regress/unittests/bitmap/tests.o
|
||||
|
||||
|
@ -513,6 +590,18 @@ regress/unittests/bitmap/test_bitmap$(EXEEXT): ${UNITTESTS_TEST_BITMAP_OBJS} \
|
|||
regress/unittests/test_helper/libtest_helper.a \
|
||||
-lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
|
||||
|
||||
UNITTESTS_TEST_AUTHOPT_OBJS=\
|
||||
regress/unittests/authopt/tests.o \
|
||||
auth-options.o \
|
||||
$(SKOBJS)
|
||||
|
||||
regress/unittests/authopt/test_authopt$(EXEEXT): \
|
||||
${UNITTESTS_TEST_AUTHOPT_OBJS} \
|
||||
regress/unittests/test_helper/libtest_helper.a libssh.a
|
||||
$(LD) -o $@ $(LDFLAGS) $(UNITTESTS_TEST_AUTHOPT_OBJS) \
|
||||
regress/unittests/test_helper/libtest_helper.a \
|
||||
-lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
|
||||
|
||||
UNITTESTS_TEST_CONVERSION_OBJS=\
|
||||
regress/unittests/conversion/tests.o
|
||||
|
||||
|
@ -525,7 +614,8 @@ regress/unittests/conversion/test_conversion$(EXEEXT): \
|
|||
|
||||
UNITTESTS_TEST_KEX_OBJS=\
|
||||
regress/unittests/kex/tests.o \
|
||||
regress/unittests/kex/test_kex.o
|
||||
regress/unittests/kex/test_kex.o \
|
||||
$(SKOBJS)
|
||||
|
||||
regress/unittests/kex/test_kex$(EXEEXT): ${UNITTESTS_TEST_KEX_OBJS} \
|
||||
regress/unittests/test_helper/libtest_helper.a libssh.a
|
||||
|
@ -535,7 +625,8 @@ regress/unittests/kex/test_kex$(EXEEXT): ${UNITTESTS_TEST_KEX_OBJS} \
|
|||
|
||||
UNITTESTS_TEST_HOSTKEYS_OBJS=\
|
||||
regress/unittests/hostkeys/tests.o \
|
||||
regress/unittests/hostkeys/test_iterate.o
|
||||
regress/unittests/hostkeys/test_iterate.o \
|
||||
$(SKOBJS)
|
||||
|
||||
regress/unittests/hostkeys/test_hostkeys$(EXEEXT): \
|
||||
${UNITTESTS_TEST_HOSTKEYS_OBJS} \
|
||||
|
@ -554,6 +645,21 @@ regress/unittests/match/test_match$(EXEEXT): \
|
|||
regress/unittests/test_helper/libtest_helper.a \
|
||||
-lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
|
||||
|
||||
UNITTESTS_TEST_MISC_OBJS=\
|
||||
regress/unittests/misc/tests.o \
|
||||
regress/unittests/misc/test_parse.o \
|
||||
regress/unittests/misc/test_expand.o \
|
||||
regress/unittests/misc/test_convtime.o \
|
||||
regress/unittests/misc/test_argv.o \
|
||||
regress/unittests/misc/test_strdelim.o
|
||||
|
||||
regress/unittests/misc/test_misc$(EXEEXT): \
|
||||
${UNITTESTS_TEST_MISC_OBJS} \
|
||||
regress/unittests/test_helper/libtest_helper.a libssh.a
|
||||
$(LD) -o $@ $(LDFLAGS) $(UNITTESTS_TEST_MISC_OBJS) \
|
||||
regress/unittests/test_helper/libtest_helper.a \
|
||||
-lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
|
||||
|
||||
UNITTESTS_TEST_UTF8_OBJS=\
|
||||
regress/unittests/utf8/tests.o
|
||||
|
||||
|
@ -564,47 +670,58 @@ regress/unittests/utf8/test_utf8$(EXEEXT): \
|
|||
regress/unittests/test_helper/libtest_helper.a \
|
||||
-lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
|
||||
|
||||
MISC_KEX_FUZZ_OBJS=\
|
||||
regress/misc/kexfuzz/kexfuzz.o
|
||||
# These all need to be compiled -fPIC, so they are treated differently.
|
||||
SK_DUMMY_OBJS=\
|
||||
regress/misc/sk-dummy/sk-dummy.lo \
|
||||
regress/misc/sk-dummy/fatal.lo \
|
||||
ed25519.lo hash.lo ge25519.lo fe25519.lo sc25519.lo verify.lo
|
||||
|
||||
regress/misc/kexfuzz/kexfuzz$(EXEEXT): ${MISC_KEX_FUZZ_OBJS} libssh.a
|
||||
$(LD) -o $@ $(LDFLAGS) $(MISC_KEX_FUZZ_OBJS) \
|
||||
-lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
|
||||
SK_DUMMY_LIBRARY=@SK_DUMMY_LIBRARY@
|
||||
|
||||
regress-binaries: regress/modpipe$(EXEEXT) \
|
||||
.c.lo: Makefile.in config.h
|
||||
$(CC) $(CFLAGS_NOPIE) $(PICFLAG) $(CPPFLAGS) -c $< -o $@
|
||||
|
||||
regress/misc/sk-dummy/sk-dummy.so: $(SK_DUMMY_OBJS)
|
||||
$(CC) $(CFLAGS) $(CPPFLAGS) -fPIC -shared -o $@ $(SK_DUMMY_OBJS) \
|
||||
-L. -Lopenbsd-compat -lopenbsd-compat $(LDFLAGS_NOPIE) $(LIBS)
|
||||
|
||||
regress-binaries: regress-prep $(LIBCOMPAT) \
|
||||
regress/modpipe$(EXEEXT) \
|
||||
regress/setuid-allowed$(EXEEXT) \
|
||||
regress/netcat$(EXEEXT) \
|
||||
regress/check-perm$(EXEEXT) \
|
||||
regress/mkdtemp$(EXEEXT) \
|
||||
regress/unittests/sshbuf/test_sshbuf$(EXEEXT) \
|
||||
regress/unittests/sshkey/test_sshkey$(EXEEXT) \
|
||||
$(SK_DUMMY_LIBRARY)
|
||||
|
||||
regress-unit-binaries: regress-prep $(REGRESSLIBS) \
|
||||
regress/unittests/authopt/test_authopt$(EXEEXT) \
|
||||
regress/unittests/bitmap/test_bitmap$(EXEEXT) \
|
||||
regress/unittests/conversion/test_conversion$(EXEEXT) \
|
||||
regress/unittests/hostkeys/test_hostkeys$(EXEEXT) \
|
||||
regress/unittests/kex/test_kex$(EXEEXT) \
|
||||
regress/unittests/match/test_match$(EXEEXT) \
|
||||
regress/unittests/utf8/test_utf8$(EXEEXT) \
|
||||
regress/misc/kexfuzz/kexfuzz$(EXEEXT)
|
||||
regress/unittests/misc/test_misc$(EXEEXT) \
|
||||
regress/unittests/sshbuf/test_sshbuf$(EXEEXT) \
|
||||
regress/unittests/sshkey/test_sshkey$(EXEEXT) \
|
||||
regress/unittests/sshsig/test_sshsig$(EXEEXT) \
|
||||
regress/unittests/utf8/test_utf8$(EXEEXT)
|
||||
|
||||
tests interop-tests t-exec unit: regress-prep regress-binaries $(TARGETS)
|
||||
tests: file-tests t-exec interop-tests unit
|
||||
echo all tests passed
|
||||
|
||||
unit: regress-unit-binaries
|
||||
BUILDDIR=`pwd`; \
|
||||
TEST_SSH_SCP="$${BUILDDIR}/scp"; \
|
||||
TEST_SSH_SSH="$${BUILDDIR}/ssh"; \
|
||||
TEST_SSH_SSHD="$${BUILDDIR}/sshd"; \
|
||||
TEST_SSH_SSHAGENT="$${BUILDDIR}/ssh-agent"; \
|
||||
TEST_SSH_SSHADD="$${BUILDDIR}/ssh-add"; \
|
||||
TEST_SSH_SSHKEYGEN="$${BUILDDIR}/ssh-keygen"; \
|
||||
TEST_SSH_SSHPKCS11HELPER="$${BUILDDIR}/ssh-pkcs11-helper"; \
|
||||
TEST_SSH_SSHKEYSCAN="$${BUILDDIR}/ssh-keyscan"; \
|
||||
TEST_SSH_SFTP="$${BUILDDIR}/sftp"; \
|
||||
TEST_SSH_SFTPSERVER="$${BUILDDIR}/sftp-server"; \
|
||||
TEST_SSH_PLINK="plink"; \
|
||||
TEST_SSH_PUTTYGEN="puttygen"; \
|
||||
TEST_SSH_CONCH="conch"; \
|
||||
TEST_SSH_IPV6="@TEST_SSH_IPV6@" ; \
|
||||
TEST_SSH_UTF8="@TEST_SSH_UTF8@" ; \
|
||||
TEST_SSH_ECC="@TEST_SSH_ECC@" ; \
|
||||
cd $(srcdir)/regress || exit $$?; \
|
||||
$(MAKE) \
|
||||
.OBJDIR="$${BUILDDIR}/regress" \
|
||||
.CURDIR="`pwd`" \
|
||||
OBJ="$${BUILDDIR}/regress" \
|
||||
$@ && echo $@ tests passed
|
||||
|
||||
interop-tests t-exec file-tests: regress-prep regress-binaries $(TARGETS)
|
||||
BUILDDIR=`pwd`; \
|
||||
cd $(srcdir)/regress || exit $$?; \
|
||||
EGREP='@EGREP@' \
|
||||
$(MAKE) \
|
||||
.OBJDIR="$${BUILDDIR}/regress" \
|
||||
.CURDIR="`pwd`" \
|
||||
|
@ -613,25 +730,28 @@ tests interop-tests t-exec unit: regress-prep regress-binaries $(TARGETS)
|
|||
PATH="$${BUILDDIR}:$${PATH}" \
|
||||
TEST_ENV=MALLOC_OPTIONS="@TEST_MALLOC_OPTIONS@" \
|
||||
TEST_MALLOC_OPTIONS="@TEST_MALLOC_OPTIONS@" \
|
||||
TEST_SSH_SCP="$${TEST_SSH_SCP}" \
|
||||
TEST_SSH_SSH="$${TEST_SSH_SSH}" \
|
||||
TEST_SSH_SSHD="$${TEST_SSH_SSHD}" \
|
||||
TEST_SSH_SSHAGENT="$${TEST_SSH_SSHAGENT}" \
|
||||
TEST_SSH_SSHADD="$${TEST_SSH_SSHADD}" \
|
||||
TEST_SSH_SSHKEYGEN="$${TEST_SSH_SSHKEYGEN}" \
|
||||
TEST_SSH_SSHPKCS11HELPER="$${TEST_SSH_SSHPKCS11HELPER}" \
|
||||
TEST_SSH_SSHKEYSCAN="$${TEST_SSH_SSHKEYSCAN}" \
|
||||
TEST_SSH_SFTP="$${TEST_SSH_SFTP}" \
|
||||
TEST_SSH_SFTPSERVER="$${TEST_SSH_SFTPSERVER}" \
|
||||
TEST_SSH_PLINK="$${TEST_SSH_PLINK}" \
|
||||
TEST_SSH_PUTTYGEN="$${TEST_SSH_PUTTYGEN}" \
|
||||
TEST_SSH_CONCH="$${TEST_SSH_CONCH}" \
|
||||
TEST_SSH_IPV6="$${TEST_SSH_IPV6}" \
|
||||
TEST_SSH_UTF8="$${TEST_SSH_UTF8}" \
|
||||
TEST_SSH_ECC="$${TEST_SSH_ECC}" \
|
||||
TEST_SSH_SCP="$${BUILDDIR}/scp" \
|
||||
TEST_SSH_SSH="$${BUILDDIR}/ssh" \
|
||||
TEST_SSH_SSHD="$${BUILDDIR}/sshd" \
|
||||
TEST_SSH_SSHAGENT="$${BUILDDIR}/ssh-agent" \
|
||||
TEST_SSH_SSHADD="$${BUILDDIR}/ssh-add" \
|
||||
TEST_SSH_SSHKEYGEN="$${BUILDDIR}/ssh-keygen" \
|
||||
TEST_SSH_SSHPKCS11HELPER="$${BUILDDIR}/ssh-pkcs11-helper" \
|
||||
TEST_SSH_SSHKEYSCAN="$${BUILDDIR}/ssh-keyscan" \
|
||||
TEST_SSH_SFTP="$${BUILDDIR}/sftp" \
|
||||
TEST_SSH_PKCS11_HELPER="$${BUILDDIR}/ssh-pkcs11-helper" \
|
||||
TEST_SSH_SK_HELPER="$${BUILDDIR}/ssh-sk-helper" \
|
||||
TEST_SSH_SFTPSERVER="$${BUILDDIR}/sftp-server" \
|
||||
TEST_SSH_MODULI_FILE="$(abs_top_srcdir)/moduli" \
|
||||
TEST_SSH_PLINK="plink" \
|
||||
TEST_SSH_PUTTYGEN="puttygen" \
|
||||
TEST_SSH_CONCH="conch" \
|
||||
TEST_SSH_IPV6="@TEST_SSH_IPV6@" \
|
||||
TEST_SSH_UTF8="@TEST_SSH_UTF8@" \
|
||||
TEST_SSH_ECC="@TEST_SSH_ECC@" \
|
||||
TEST_SHELL="${TEST_SHELL}" \
|
||||
EXEEXT="$(EXEEXT)" \
|
||||
$@ && echo all tests passed
|
||||
$@ && echo all $@ passed
|
||||
|
||||
compat-tests: $(LIBCOMPAT)
|
||||
(cd openbsd-compat/regress && $(MAKE))
|
||||
|
|
|
@ -34,11 +34,12 @@ these programs.
|
|||
|
||||
- Ssh contains several encryption algorithms. These are all
|
||||
accessed through the cipher.h interface. The interface code is
|
||||
in cipher.c, and the implementations are in libc.
|
||||
in cipher.c, and the implementations are either in libc or
|
||||
LibreSSL.
|
||||
|
||||
Multiple Precision Integer Library
|
||||
|
||||
- Uses the SSLeay BIGNUM sublibrary.
|
||||
- Uses the LibreSSL BIGNUM sublibrary.
|
||||
|
||||
Random Numbers
|
||||
|
||||
|
@ -158,4 +159,4 @@ these programs.
|
|||
uidswap.c uid-swapping
|
||||
xmalloc.c "safe" malloc routines
|
||||
|
||||
$OpenBSD: OVERVIEW,v 1.14 2018/07/27 03:55:22 dtucker Exp $
|
||||
$OpenBSD: OVERVIEW,v 1.15 2018/10/23 05:56:35 djm Exp $
|
||||
|
|
|
@ -140,7 +140,7 @@ window space and may be sent even if no window space is available.
|
|||
NB. due to certain broken SSH implementations aborting upon receipt
|
||||
of this message (in contravention of RFC4254 section 5.4), this
|
||||
message is only sent to OpenSSH peers (identified by banner).
|
||||
Other SSH implementations may be whitelisted to receive this message
|
||||
Other SSH implementations may be listed to receive this message
|
||||
upon request.
|
||||
|
||||
2.2. connection: disallow additional sessions extension
|
||||
|
@ -169,7 +169,7 @@ Note that this is not a general defence against compromised clients
|
|||
NB. due to certain broken SSH implementations aborting upon receipt
|
||||
of this message, the no-more-sessions request is only sent to OpenSSH
|
||||
servers (identified by banner). Other SSH implementations may be
|
||||
whitelisted to receive this message upon request.
|
||||
listed to receive this message upon request.
|
||||
|
||||
2.3. connection: Tunnel forward extension "tun@openssh.com"
|
||||
|
||||
|
@ -194,7 +194,7 @@ layer 2 frames or layer 3 packets. It may take one of the following values:
|
|||
SSH_TUNMODE_ETHERNET 2 /* layer 2 frames */
|
||||
|
||||
The "tunnel unit number" specifies the remote interface number, or may
|
||||
be 0x7fffffff to allow the server to automatically chose an interface. A
|
||||
be 0x7fffffff to allow the server to automatically choose an interface. A
|
||||
server that is not willing to open a client-specified unit should refuse
|
||||
the request with a SSH_MSG_CHANNEL_OPEN_FAILURE error. On successful
|
||||
open, the server should reply with SSH_MSG_CHANNEL_OPEN_SUCCESS.
|
||||
|
@ -292,13 +292,14 @@ has completed.
|
|||
|
||||
byte SSH_MSG_GLOBAL_REQUEST
|
||||
string "hostkeys-00@openssh.com"
|
||||
char 0 /* want-reply */
|
||||
string[] hostkeys
|
||||
|
||||
Upon receiving this message, a client should check which of the
|
||||
supplied host keys are present in known_hosts.
|
||||
|
||||
Note that the server may send key types that the client does not
|
||||
support. The client should disgregard such keys if they are received.
|
||||
support. The client should disregard such keys if they are received.
|
||||
|
||||
If the client identifies any keys that are not present for the host,
|
||||
it should send a "hostkeys-prove@openssh.com" message to request the
|
||||
|
@ -465,6 +466,84 @@ respond with a SSH_FXP_STATUS message.
|
|||
This extension is advertised in the SSH_FXP_VERSION hello with version
|
||||
"1".
|
||||
|
||||
3.7. sftp: Extension request "lsetstat@openssh.com"
|
||||
|
||||
This request is like the "setstat" command, but sets file attributes on
|
||||
symlinks. It is implemented as a SSH_FXP_EXTENDED request with the
|
||||
following format:
|
||||
|
||||
uint32 id
|
||||
string "lsetstat@openssh.com"
|
||||
string path
|
||||
ATTRS attrs
|
||||
|
||||
See the "setstat" command for more details.
|
||||
|
||||
This extension is advertised in the SSH_FXP_VERSION hello with version
|
||||
"1".
|
||||
|
||||
3.8. sftp: Extension request "limits@openssh.com"
|
||||
|
||||
This request is used to determine various limits the server might impose.
|
||||
Clients should not attempt to exceed these limits as the server might sever
|
||||
the connection immediately.
|
||||
|
||||
uint32 id
|
||||
string "limits@openssh.com"
|
||||
|
||||
The server will respond with a SSH_FXP_EXTENDED_REPLY reply:
|
||||
|
||||
uint32 id
|
||||
uint64 max-packet-length
|
||||
uint64 max-read-length
|
||||
uint64 max-write-length
|
||||
uint64 max-open-handles
|
||||
|
||||
The 'max-packet-length' applies to the total number of bytes in a
|
||||
single SFTP packet. Servers SHOULD set this at least to 34000.
|
||||
|
||||
The 'max-read-length' is the largest length in a SSH_FXP_READ packet.
|
||||
Even if the client requests a larger size, servers will usually respond
|
||||
with a shorter SSH_FXP_DATA packet. Servers SHOULD set this at least to
|
||||
32768.
|
||||
|
||||
The 'max-write-length' is the largest length in a SSH_FXP_WRITE packet
|
||||
the server will accept. Servers SHOULD set this at least to 32768.
|
||||
|
||||
The 'max-open-handles' is the maximum number of active handles that the
|
||||
server allows (e.g. handles created by SSH_FXP_OPEN and SSH_FXP_OPENDIR
|
||||
packets). Servers MAY count internal file handles against this limit
|
||||
(e.g. system logging or stdout/stderr), so clients SHOULD NOT expect to
|
||||
open this many handles in practice.
|
||||
|
||||
If the server doesn't enforce a specific limit, then the field may be
|
||||
set to 0. This implies the server relies on the OS to enforce limits
|
||||
(e.g. available memory or file handles), and such limits might be
|
||||
dynamic. The client SHOULD take care to not try to exceed reasonable
|
||||
limits.
|
||||
|
||||
This extension is advertised in the SSH_FXP_VERSION hello with version
|
||||
"1".
|
||||
|
||||
3.9. sftp: Extension request "expand-path@openssh.com"
|
||||
|
||||
This request supports canonicalisation of relative paths and
|
||||
those that need tilde-expansion, i.e. "~", "~/..." and "~user/..."
|
||||
These paths are expanded using shell-like rules and the resultant
|
||||
path is canonicalised similarly to SSH2_FXP_REALPATH.
|
||||
|
||||
It is implemented as a SSH_FXP_EXTENDED request with the following
|
||||
format:
|
||||
|
||||
uint32 id
|
||||
string "expand-path@openssh.com"
|
||||
string path
|
||||
|
||||
Its reply is the same format as that of SSH2_FXP_REALPATH.
|
||||
|
||||
This extension is advertised in the SSH_FXP_VERSION hello with version
|
||||
"1".
|
||||
|
||||
4. Miscellaneous changes
|
||||
|
||||
4.1 Public key format
|
||||
|
@ -496,4 +575,4 @@ OpenSSH's connection multiplexing uses messages as described in
|
|||
PROTOCOL.mux over a Unix domain socket for communications between a
|
||||
master instance and later clients.
|
||||
|
||||
$OpenBSD: PROTOCOL,v 1.36 2018/10/02 12:51:58 djm Exp $
|
||||
$OpenBSD: PROTOCOL,v 1.42 2021/08/09 23:47:44 djm Exp $
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
This file used to contain a description of the SSH agent protocol
|
||||
implemented by OpenSSH. It has since been superseded by an Internet-
|
||||
draft that is available from:
|
||||
implemented by OpenSSH. It has since been superseded by
|
||||
https://tools.ietf.org/html/draft-miller-ssh-agent-04
|
||||
|
||||
https://tools.ietf.org/html/draft-miller-ssh-agent-02
|
||||
$OpenBSD: PROTOCOL.agent,v 1.14 2020/10/06 07:12:04 dtucker Exp $
|
||||
|
|
|
@ -36,6 +36,7 @@ Certified keys are represented using new key types:
|
|||
ecdsa-sha2-nistp256-cert-v01@openssh.com
|
||||
ecdsa-sha2-nistp384-cert-v01@openssh.com
|
||||
ecdsa-sha2-nistp521-cert-v01@openssh.com
|
||||
ssh-ed25519-cert-v01@openssh.com
|
||||
|
||||
Two additional types exist for RSA certificates to force use of
|
||||
SHA-2 signatures (SHA-256 and SHA-512 respectively):
|
||||
|
@ -44,7 +45,7 @@ SHA-2 signatures (SHA-256 and SHA-512 respectively):
|
|||
rsa-sha2-512-cert-v01@openssh.com
|
||||
|
||||
These RSA/SHA-2 types should not appear in keys at rest or transmitted
|
||||
on their wire, but do appear in a SSH_MSG_KEXINIT's host-key algorithms
|
||||
on the wire, but do appear in a SSH_MSG_KEXINIT's host-key algorithms
|
||||
field or in the "public key algorithm name" field of a "publickey"
|
||||
SSH_USERAUTH_REQUEST to indicate that the signature will use the
|
||||
specified algorithm.
|
||||
|
@ -158,12 +159,11 @@ p, q, g, y are the DSA parameters as described in FIPS-186-2.
|
|||
curve and public key are respectively the ECDSA "[identifier]" and "Q"
|
||||
defined in section 3.1 of RFC5656.
|
||||
|
||||
pk is the encoded Ed25519 public key as defined by
|
||||
draft-josefsson-eddsa-ed25519-03.
|
||||
pk is the encoded Ed25519 public key as defined by RFC8032.
|
||||
|
||||
serial is an optional certificate serial number set by the CA to
|
||||
provide an abbreviated way to refer to certificates from that CA.
|
||||
If a CA does not wish to number its certificates it must set this
|
||||
If a CA does not wish to number its certificates, it must set this
|
||||
field to zero.
|
||||
|
||||
type specifies whether this certificate is for identification of a user
|
||||
|
@ -216,13 +216,13 @@ signature is computed over all preceding fields from the initial string
|
|||
up to, and including the signature key. Signatures are computed and
|
||||
encoded according to the rules defined for the CA's public key algorithm
|
||||
(RFC4253 section 6.6 for ssh-rsa and ssh-dss, RFC5656 for the ECDSA
|
||||
types), and draft-josefsson-eddsa-ed25519-03 for Ed25519.
|
||||
types, and RFC8032 for Ed25519).
|
||||
|
||||
Critical options
|
||||
----------------
|
||||
|
||||
The critical options section of the certificate specifies zero or more
|
||||
options on the certificates validity. The format of this field
|
||||
options on the certificate's validity. The format of this field
|
||||
is a sequence of zero or more tuples:
|
||||
|
||||
string name
|
||||
|
@ -233,7 +233,7 @@ sequence. Each named option may only appear once in a certificate.
|
|||
|
||||
The name field identifies the option and the data field encodes
|
||||
option-specific information (see below). All options are
|
||||
"critical", if an implementation does not recognise a option
|
||||
"critical"; if an implementation does not recognise a option,
|
||||
then the validating party should refuse to accept the certificate.
|
||||
|
||||
Custom options should append the originating author or organisation's
|
||||
|
@ -255,10 +255,18 @@ source-address string Comma-separated list of source addresses
|
|||
for authentication. Addresses are
|
||||
specified in CIDR format (nn.nn.nn.nn/nn
|
||||
or hhhh::hhhh/nn).
|
||||
If this option is not present then
|
||||
If this option is not present, then
|
||||
certificates may be presented from any
|
||||
source address.
|
||||
|
||||
verify-required empty Flag indicating that signatures made
|
||||
with this certificate must assert FIDO
|
||||
user verification (e.g. PIN or
|
||||
biometric). This option only makes sense
|
||||
for the U2F/FIDO security key types that
|
||||
support this feature in their signature
|
||||
formats.
|
||||
|
||||
Extensions
|
||||
----------
|
||||
|
||||
|
@ -279,6 +287,13 @@ their data fields are:
|
|||
|
||||
Name Format Description
|
||||
-----------------------------------------------------------------------------
|
||||
no-touch-required empty Flag indicating that signatures made
|
||||
with this certificate need not assert
|
||||
FIDO user presence. This option only
|
||||
makes sense for the U2F/FIDO security
|
||||
key types that support this feature in
|
||||
their signature formats.
|
||||
|
||||
permit-X11-forwarding empty Flag indicating that X11 forwarding
|
||||
should be permitted. X11 forwarding will
|
||||
be refused if this option is absent.
|
||||
|
@ -290,7 +305,7 @@ permit-agent-forwarding empty Flag indicating that agent forwarding
|
|||
|
||||
permit-port-forwarding empty Flag indicating that port-forwarding
|
||||
should be allowed. If this option is
|
||||
not present then no port forwarding will
|
||||
not present, then no port forwarding will
|
||||
be allowed.
|
||||
|
||||
permit-pty empty Flag indicating that PTY allocation
|
||||
|
@ -303,4 +318,4 @@ permit-user-rc empty Flag indicating that execution of
|
|||
of this script will not be permitted if
|
||||
this option is not present.
|
||||
|
||||
$OpenBSD: PROTOCOL.certkeys,v 1.15 2018/07/03 11:39:54 djm Exp $
|
||||
$OpenBSD: PROTOCOL.certkeys,v 1.19 2021/06/05 13:47:00 naddy Exp $
|
||||
|
|
|
@ -34,7 +34,7 @@ Detailed Construction
|
|||
The chacha20-poly1305@openssh.com cipher requires 512 bits of key
|
||||
material as output from the SSH key exchange. This forms two 256 bit
|
||||
keys (K_1 and K_2), used by two separate instances of chacha20.
|
||||
The first 256 bits consitute K_2 and the second 256 bits become
|
||||
The first 256 bits constitute K_2 and the second 256 bits become
|
||||
K_1.
|
||||
|
||||
The instance keyed by K_1 is a stream cipher that is used only
|
||||
|
@ -103,5 +103,5 @@ References
|
|||
[3] "ChaCha20 and Poly1305 based Cipher Suites for TLS", Adam Langley
|
||||
http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-03
|
||||
|
||||
$OpenBSD: PROTOCOL.chacha20poly1305,v 1.4 2018/04/10 00:10:49 djm Exp $
|
||||
$OpenBSD: PROTOCOL.chacha20poly1305,v 1.5 2020/02/21 00:04:43 dtucker Exp $
|
||||
|
||||
|
|
|
@ -35,9 +35,9 @@ of the cipher block size.
|
|||
|
||||
uint32 checkint
|
||||
uint32 checkint
|
||||
string privatekey1
|
||||
byte[] privatekey1
|
||||
string comment1
|
||||
string privatekey2
|
||||
byte[] privatekey2
|
||||
string comment2
|
||||
...
|
||||
string privatekeyN
|
||||
|
@ -48,6 +48,9 @@ of the cipher block size.
|
|||
...
|
||||
char padlen % 255
|
||||
|
||||
where each private key is encoded using the same rules as used for
|
||||
SSH agent.
|
||||
|
||||
Before the key is encrypted, a random integer is assigned
|
||||
to both checkint fields so successful decryption can be
|
||||
quickly checked by verifying that both checkint fields
|
||||
|
@ -65,4 +68,4 @@ For unencrypted keys the cipher "none" and the KDF "none"
|
|||
are used with empty passphrases. The options if the KDF "none"
|
||||
are the empty string.
|
||||
|
||||
$OpenBSD: PROTOCOL.key,v 1.1 2013/12/06 13:34:54 markus Exp $
|
||||
$OpenBSD: PROTOCOL.key,v 1.2 2021/05/07 02:29:40 djm Exp $
|
||||
|
|
|
@ -39,7 +39,7 @@ messages between the client and server. The client therefore must
|
|||
speak a significant subset of the SSH protocol, but in return is able
|
||||
to access basically the full suite of connection protocol features.
|
||||
Moreover, as no file descriptor passing is required, the connection
|
||||
supporting a proxy client may iteself be forwarded or relayed to another
|
||||
supporting a proxy client may itself be forwarded or relayed to another
|
||||
host if necessary.
|
||||
|
||||
1. Connection setup
|
||||
|
@ -295,4 +295,4 @@ XXX session inspection via master
|
|||
XXX signals via mux request
|
||||
XXX list active connections via mux
|
||||
|
||||
$OpenBSD: PROTOCOL.mux,v 1.11 2018/09/26 07:30:05 djm Exp $
|
||||
$OpenBSD: PROTOCOL.mux,v 1.12 2020/03/13 03:17:07 djm Exp $
|
||||
|
|
100
crypto/openssh/PROTOCOL.sshsig
Normal file
100
crypto/openssh/PROTOCOL.sshsig
Normal file
|
@ -0,0 +1,100 @@
|
|||
This document describes a lightweight SSH Signature format
|
||||
that is compatible with SSH keys and wire formats.
|
||||
|
||||
At present, only detached and armored signatures are supported.
|
||||
|
||||
1. Armored format
|
||||
|
||||
The Armored SSH signatures consist of a header, a base64
|
||||
encoded blob, and a footer.
|
||||
|
||||
The header is the string "-----BEGIN SSH SIGNATURE-----"
|
||||
followed by a newline. The footer is the string
|
||||
"-----END SSH SIGNATURE-----" immediately after a newline.
|
||||
|
||||
The header MUST be present at the start of every signature.
|
||||
Files containing the signature MUST start with the header.
|
||||
Likewise, the footer MUST be present at the end of every
|
||||
signature.
|
||||
|
||||
The base64 encoded blob SHOULD be broken up by newlines
|
||||
every 76 characters.
|
||||
|
||||
Example:
|
||||
|
||||
-----BEGIN SSH SIGNATURE-----
|
||||
U1NIU0lHAAAAAQAAADMAAAALc3NoLWVkMjU1MTkAAAAgJKxoLBJBivUPNTUJUSslQTt2hD
|
||||
jozKvHarKeN8uYFqgAAAADZm9vAAAAAAAAAFMAAAALc3NoLWVkMjU1MTkAAABAKNC4IEbt
|
||||
Tq0Fb56xhtuE1/lK9H9RZJfON4o6hE9R4ZGFX98gy0+fFJ/1d2/RxnZky0Y7GojwrZkrHT
|
||||
FgCqVWAQ==
|
||||
-----END SSH SIGNATURE-----
|
||||
|
||||
2. Blob format
|
||||
|
||||
#define MAGIC_PREAMBLE "SSHSIG"
|
||||
#define SIG_VERSION 0x01
|
||||
|
||||
byte[6] MAGIC_PREAMBLE
|
||||
uint32 SIG_VERSION
|
||||
string publickey
|
||||
string namespace
|
||||
string reserved
|
||||
string hash_algorithm
|
||||
string signature
|
||||
|
||||
The publickey field MUST contain the serialisation of the
|
||||
public key used to make the signature using the usual SSH
|
||||
encoding rules, i.e RFC4253, RFC5656,
|
||||
draft-ietf-curdle-ssh-ed25519-ed448, etc.
|
||||
|
||||
Verifiers MUST reject signatures with versions greater than those
|
||||
they support.
|
||||
|
||||
The purpose of the namespace value is to specify a unambiguous
|
||||
interpretation domain for the signature, e.g. file signing.
|
||||
This prevents cross-protocol attacks caused by signatures
|
||||
intended for one intended domain being accepted in another.
|
||||
The namespace value MUST NOT be the empty string.
|
||||
|
||||
The reserved value is present to encode future information
|
||||
(e.g. tags) into the signature. Implementations should ignore
|
||||
the reserved field if it is not empty.
|
||||
|
||||
Data to be signed is first hashed with the specified hash_algorithm.
|
||||
This is done to limit the amount of data presented to the signature
|
||||
operation, which may be of concern if the signing key is held in limited
|
||||
or slow hardware or on a remote ssh-agent. The supported hash algorithms
|
||||
are "sha256" and "sha512".
|
||||
|
||||
The signature itself is made using the SSH signature algorithm and
|
||||
encoding rules for the chosen key type. For RSA signatures, the
|
||||
signature algorithm must be "rsa-sha2-512" or "rsa-sha2-256" (i.e.
|
||||
not the legacy RSA-SHA1 "ssh-rsa").
|
||||
|
||||
This blob is encoded as a string using the RFC4253 encoding
|
||||
rules and base64 encoded to form the middle part of the
|
||||
armored signature.
|
||||
|
||||
|
||||
3. Signed Data, of which the signature goes into the blob above
|
||||
|
||||
#define MAGIC_PREAMBLE "SSHSIG"
|
||||
|
||||
byte[6] MAGIC_PREAMBLE
|
||||
string namespace
|
||||
string reserved
|
||||
string hash_algorithm
|
||||
string H(message)
|
||||
|
||||
The preamble is the six-byte sequence "SSHSIG". It is included to
|
||||
ensure that manual signatures can never be confused with any message
|
||||
signed during SSH user or host authentication.
|
||||
|
||||
The reserved value is present to encode future information
|
||||
(e.g. tags) into the signature. Implementations should ignore
|
||||
the reserved field if it is not empty.
|
||||
|
||||
The data is concatenated and passed to the SSH signing
|
||||
function.
|
||||
|
||||
$OpenBSD: PROTOCOL.sshsig,v 1.4 2020/08/31 00:17:41 djm Exp $
|
309
crypto/openssh/PROTOCOL.u2f
Normal file
309
crypto/openssh/PROTOCOL.u2f
Normal file
|
@ -0,0 +1,309 @@
|
|||
This document describes OpenSSH's support for U2F/FIDO security keys.
|
||||
|
||||
Background
|
||||
----------
|
||||
|
||||
U2F is an open standard for two-factor authentication hardware, widely
|
||||
used for user authentication to websites. U2F tokens are ubiquitous,
|
||||
available from a number of manufacturers and are currently by far the
|
||||
cheapest way for users to achieve hardware-backed credential storage.
|
||||
|
||||
The U2F protocol however cannot be trivially used as an SSH protocol key
|
||||
type as both the inputs to the signature operation and the resultant
|
||||
signature differ from those specified for SSH. For similar reasons,
|
||||
integration of U2F devices cannot be achieved via the PKCS#11 API.
|
||||
|
||||
U2F also offers a number of features that are attractive in the context
|
||||
of SSH authentication. They can be configured to require indication
|
||||
of "user presence" for each signature operation (typically achieved
|
||||
by requiring the user touch the key). They also offer an attestation
|
||||
mechanism at key enrollment time that can be used to prove that a
|
||||
given key is backed by hardware. Finally the signature format includes
|
||||
a monotonic signature counter that can be used (at scale) to detect
|
||||
concurrent use of a private key, should it be extracted from hardware.
|
||||
|
||||
U2F private keys are generated through an enrollment operation,
|
||||
which takes an application ID - a URL-like string, typically "ssh:"
|
||||
in this case, but a HTTP origin for the case of web authentication,
|
||||
and a challenge string (typically randomly generated). The enrollment
|
||||
operation returns a public key, a key handle that must be used to invoke
|
||||
the hardware-backed private key, some flags and signed attestation
|
||||
information that may be used to verify that a private key is hosted on a
|
||||
particular hardware instance.
|
||||
|
||||
It is common for U2F hardware to derive private keys from the key handle
|
||||
in conjunction with a small per-device secret that is unique to the
|
||||
hardware, thus requiring little on-device storage for an effectively
|
||||
unlimited number of supported keys. This drives the requirement that
|
||||
the key handle be supplied for each signature operation. U2F tokens
|
||||
primarily use ECDSA signatures in the NIST-P256 field, though the FIDO2
|
||||
standard specifies additional key types, including one based on Ed25519.
|
||||
|
||||
Use of U2F security keys does not automatically imply multi-factor
|
||||
authentication. From sshd's perspective, a security key constitutes a
|
||||
single factor of authentication, even if protected by a PIN or biometric
|
||||
authentication. To enable multi-factor authentication in ssh, please
|
||||
refer to the AuthenticationMethods option in sshd_config(5).
|
||||
|
||||
|
||||
SSH U2F Key formats
|
||||
-------------------
|
||||
|
||||
OpenSSH integrates U2F as new key and corresponding certificate types:
|
||||
|
||||
sk-ecdsa-sha2-nistp256@openssh.com
|
||||
sk-ecdsa-sha2-nistp256-cert-v01@openssh.com
|
||||
sk-ssh-ed25519@openssh.com
|
||||
sk-ssh-ed25519-cert-v01@openssh.com
|
||||
|
||||
While each uses ecdsa-sha256-nistp256 as the underlying signature primitive,
|
||||
keys require extra information in the public and private keys, and in
|
||||
the signature object itself. As such they cannot be made compatible with
|
||||
the existing ecdsa-sha2-nistp* key types.
|
||||
|
||||
The format of a sk-ecdsa-sha2-nistp256@openssh.com public key is:
|
||||
|
||||
string "sk-ecdsa-sha2-nistp256@openssh.com"
|
||||
string curve name
|
||||
ec_point Q
|
||||
string application (user-specified, but typically "ssh:")
|
||||
|
||||
The corresponding private key contains:
|
||||
|
||||
string "sk-ecdsa-sha2-nistp256@openssh.com"
|
||||
string curve name
|
||||
ec_point Q
|
||||
string application (user-specified, but typically "ssh:")
|
||||
uint8 flags
|
||||
string key_handle
|
||||
string reserved
|
||||
|
||||
The format of a sk-ssh-ed25519@openssh.com public key is:
|
||||
|
||||
string "sk-ssh-ed25519@openssh.com"
|
||||
string public key
|
||||
string application (user-specified, but typically "ssh:")
|
||||
|
||||
With a private half consisting of:
|
||||
|
||||
string "sk-ssh-ed25519@openssh.com"
|
||||
string public key
|
||||
string application (user-specified, but typically "ssh:")
|
||||
uint8 flags
|
||||
string key_handle
|
||||
string reserved
|
||||
|
||||
The certificate form for SSH U2F keys appends the usual certificate
|
||||
information to the public key:
|
||||
|
||||
string "sk-ecdsa-sha2-nistp256-cert-v01@openssh.com"
|
||||
string nonce
|
||||
string curve name
|
||||
ec_point Q
|
||||
string application
|
||||
uint64 serial
|
||||
uint32 type
|
||||
string key id
|
||||
string valid principals
|
||||
uint64 valid after
|
||||
uint64 valid before
|
||||
string critical options
|
||||
string extensions
|
||||
string reserved
|
||||
string signature key
|
||||
string signature
|
||||
|
||||
and for security key ed25519 certificates:
|
||||
|
||||
string "sk-ssh-ed25519-cert-v01@openssh.com"
|
||||
string nonce
|
||||
string public key
|
||||
string application
|
||||
uint64 serial
|
||||
uint32 type
|
||||
string key id
|
||||
string valid principals
|
||||
uint64 valid after
|
||||
uint64 valid before
|
||||
string critical options
|
||||
string extensions
|
||||
string reserved
|
||||
string signature key
|
||||
string signature
|
||||
|
||||
Both security key certificates use the following encoding for private keys:
|
||||
|
||||
string type (e.g. "sk-ssh-ed25519-cert-v01@openssh.com")
|
||||
string pubkey (the above key/cert structure)
|
||||
string application
|
||||
uint8 flags
|
||||
string key_handle
|
||||
string reserved
|
||||
|
||||
During key generation, the hardware also returns attestation information
|
||||
that may be used to cryptographically prove that a given key is
|
||||
hardware-backed. Unfortunately, the protocol required for this proof is
|
||||
not privacy-preserving and may be used to identify U2F tokens with at
|
||||
least manufacturer and batch number granularity. For this reason, we
|
||||
choose not to include this information in the public key or save it by
|
||||
default.
|
||||
|
||||
Attestation information is useful for out-of-band key and certificate
|
||||
registration workflows, e.g. proving to a CA that a key is backed
|
||||
by trusted hardware before it will issue a certificate. To support this
|
||||
case, OpenSSH optionally allows retaining the attestation information
|
||||
at the time of key generation. It will take the following format:
|
||||
|
||||
string "ssh-sk-attest-v01"
|
||||
string attestation certificate
|
||||
string enrollment signature
|
||||
string authenticator data (CBOR encoded)
|
||||
uint32 reserved flags
|
||||
string reserved string
|
||||
|
||||
A previous version of this format, emitted prior to OpenSSH 8.4 omitted
|
||||
the authenticator data.
|
||||
|
||||
string "ssh-sk-attest-v00"
|
||||
string attestation certificate
|
||||
string enrollment signature
|
||||
uint32 reserved flags
|
||||
string reserved string
|
||||
|
||||
OpenSSH treats the attestation certificate and enrollment signatures as
|
||||
opaque objects and does no interpretation of them itself.
|
||||
|
||||
SSH U2F signatures
|
||||
------------------
|
||||
|
||||
In addition to the message to be signed, the U2F signature operation
|
||||
requires the key handle and a few additional parameters. The signature
|
||||
is signed over a blob that consists of:
|
||||
|
||||
byte[32] SHA256(application)
|
||||
byte flags (including "user present", extensions present)
|
||||
uint32 counter
|
||||
byte[] extensions
|
||||
byte[32] SHA256(message)
|
||||
|
||||
No extensions are yet defined for SSH use. If any are defined in the future,
|
||||
it will be possible to infer their presence from the contents of the "flags"
|
||||
value.
|
||||
|
||||
The signature returned from U2F hardware takes the following format:
|
||||
|
||||
byte flags (including "user present")
|
||||
uint32 counter
|
||||
byte[] ecdsa_signature (in X9.62 format).
|
||||
|
||||
For use in the SSH protocol, we wish to avoid server-side parsing of ASN.1
|
||||
format data in the pre-authentication attack surface. Therefore, the
|
||||
signature format used on the wire in SSH2_USERAUTH_REQUEST packets will
|
||||
be reformatted to better match the existing signature encoding:
|
||||
|
||||
string "sk-ecdsa-sha2-nistp256@openssh.com"
|
||||
string ecdsa_signature
|
||||
byte flags
|
||||
uint32 counter
|
||||
|
||||
Where the "ecdsa_signature" field follows the RFC5656 ECDSA signature
|
||||
encoding:
|
||||
|
||||
mpint r
|
||||
mpint s
|
||||
|
||||
For Ed25519 keys the signature is encoded as:
|
||||
|
||||
string "sk-ssh-ed25519@openssh.com"
|
||||
string signature
|
||||
byte flags
|
||||
uint32 counter
|
||||
|
||||
webauthn signatures
|
||||
-------------------
|
||||
|
||||
The W3C/FIDO webauthn[1] standard defines a mechanism for a web browser to
|
||||
interact with FIDO authentication tokens. This standard builds upon the
|
||||
FIDO standards, but requires different signature contents to raw FIDO
|
||||
messages. OpenSSH supports ECDSA/p256 webauthn signatures through the
|
||||
"webauthn-sk-ecdsa-sha2-nistp256@openssh.com" signature algorithm.
|
||||
|
||||
The wire encoding for a webauthn-sk-ecdsa-sha2-nistp256@openssh.com
|
||||
signature is similar to the sk-ecdsa-sha2-nistp256@openssh.com format:
|
||||
|
||||
string "webauthn-sk-ecdsa-sha2-nistp256@openssh.com"
|
||||
string ecdsa_signature
|
||||
byte flags
|
||||
uint32 counter
|
||||
string origin
|
||||
string clientData
|
||||
string extensions
|
||||
|
||||
Where "origin" is the HTTP origin making the signature, "clientData" is
|
||||
the JSON-like structure signed by the browser and "extensions" are any
|
||||
extensions used in making the signature.
|
||||
|
||||
[1] https://www.w3.org/TR/webauthn-2/
|
||||
|
||||
ssh-agent protocol extensions
|
||||
-----------------------------
|
||||
|
||||
ssh-agent requires a protocol extension to support U2F keys. At
|
||||
present the closest analogue to Security Keys in ssh-agent are PKCS#11
|
||||
tokens, insofar as they require a middleware library to communicate with
|
||||
the device that holds the keys. Unfortunately, the protocol message used
|
||||
to add PKCS#11 keys to ssh-agent does not include any way to send the
|
||||
key handle to the agent as U2F keys require.
|
||||
|
||||
To avoid this, without having to add wholly new messages to the agent
|
||||
protocol, we will use the existing SSH2_AGENTC_ADD_ID_CONSTRAINED message
|
||||
with a new key constraint extension to encode a path to the middleware
|
||||
library for the key. The format of this constraint extension would be:
|
||||
|
||||
byte SSH_AGENT_CONSTRAIN_EXTENSION
|
||||
string sk-provider@openssh.com
|
||||
string middleware path
|
||||
|
||||
This constraint-based approach does not present any compatibility
|
||||
problems.
|
||||
|
||||
OpenSSH integration
|
||||
-------------------
|
||||
|
||||
U2F tokens may be attached via a number of means, including USB and NFC.
|
||||
The USB interface is standardised around a HID protocol, but we want to
|
||||
be able to support other transports as well as dummy implementations for
|
||||
regress testing. For this reason, OpenSSH shall support a dynamically-
|
||||
loaded middleware libraries to communicate with security keys, but offer
|
||||
support for the common case of USB HID security keys internally.
|
||||
|
||||
The middleware library need only expose a handful of functions and
|
||||
numbers listed in sk-api.h. Included in the defined numbers is a
|
||||
SSH_SK_VERSION_MAJOR that should be incremented for each incompatible
|
||||
API change.
|
||||
|
||||
miscellaneous options may be passed to the middleware as a NULL-
|
||||
terminated array of pointers to struct sk_option. The middleware may
|
||||
ignore unsupported or unknown options unless the "required" flag is set,
|
||||
in which case it should return failure if an unsupported option is
|
||||
requested.
|
||||
|
||||
At present the following options names are supported:
|
||||
|
||||
"device"
|
||||
|
||||
Specifies a specific FIDO device on which to perform the
|
||||
operation. The value in this field is interpreted by the
|
||||
middleware but it would be typical to specify a path to
|
||||
a /dev node for the device in question.
|
||||
|
||||
"user"
|
||||
|
||||
Specifies the FIDO2 username used when enrolling a key,
|
||||
overriding OpenSSH's default of using an all-zero username.
|
||||
|
||||
In OpenSSH, the middleware will be invoked by using a similar mechanism to
|
||||
ssh-pkcs11-helper to provide address-space containment of the
|
||||
middleware from ssh-agent.
|
||||
|
||||
$OpenBSD: PROTOCOL.u2f,v 1.26 2020/09/09 03:08:01 djm Exp $
|
|
@ -1,4 +1,4 @@
|
|||
See https://www.openssh.com/releasenotes.html#7.9p1 for the release notes.
|
||||
See https://www.openssh.com/releasenotes.html#8.7p1 for the release notes.
|
||||
|
||||
Please read https://www.openssh.com/report.html for bug reporting
|
||||
instructions and note that we do not use Github for bug reporting or
|
||||
|
@ -15,7 +15,7 @@ Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo de Raadt,
|
|||
and Dug Song. It has a homepage at https://www.openssh.com/
|
||||
|
||||
This port consists of the re-introduction of autoconf support, PAM
|
||||
support, EGD[1]/PRNGD[2] support and replacements for OpenBSD library
|
||||
support, EGD/PRNGD support and replacements for OpenBSD library
|
||||
functions that are (regrettably) absent from other unices. This port
|
||||
has been best tested on AIX, Cygwin, HP-UX, Linux, MacOS/X,
|
||||
FreeBSD, NetBSD, OpenBSD, OpenServer, Solaris and UnixWare.
|
||||
|
@ -26,37 +26,27 @@ The PAM support is now more functional than the popular packages of
|
|||
commercial ssh-1.2.x. It checks "account" and "session" modules for
|
||||
all logins, not just when using password authentication.
|
||||
|
||||
OpenSSH depends on Zlib[3], OpenSSL[4], and optionally PAM[5] and
|
||||
libedit[6]
|
||||
|
||||
There is now several mailing lists for this port of OpenSSH. Please
|
||||
refer to https://www.openssh.com/list.html for details on how to join.
|
||||
|
||||
Please send bug reports and patches to the mailing list
|
||||
openssh-unix-dev@mindrot.org. The list is open to posting by unsubscribed
|
||||
users. Code contribution are welcomed, but please follow the OpenBSD
|
||||
style guidelines[7].
|
||||
Please send bug reports and patches to https://bugzilla.mindrot.org or
|
||||
the mailing list openssh-unix-dev@mindrot.org. To mitigate spam, the
|
||||
list only allows posting from subscribed addresses. Code contribution
|
||||
are welcomed, but please follow the OpenBSD style guidelines[1].
|
||||
|
||||
Please refer to the INSTALL document for information on how to install
|
||||
OpenSSH on your system.
|
||||
Please refer to the INSTALL document for information on dependencies and
|
||||
how to install OpenSSH on your system.
|
||||
|
||||
Damien Miller <djm@mindrot.org>
|
||||
|
||||
Miscellania -
|
||||
|
||||
This version of OpenSSH is based upon code retrieved from the OpenBSD
|
||||
CVS repository which in turn was based on the last free sample
|
||||
implementation released by Tatu Ylonen.
|
||||
This version of OpenSSH is based upon code retrieved from the OpenBSD CVS
|
||||
repository which in turn was based on the last free sample implementation
|
||||
released by Tatu Ylonen.
|
||||
|
||||
References -
|
||||
|
||||
[0] https://www.openssh.com/
|
||||
[1] http://www.lothar.com/tech/crypto/
|
||||
[2] http://prngd.sourceforge.net/
|
||||
[3] https://www.zlib.net/
|
||||
[4] https://www.openssl.org/
|
||||
[5] https://www.openpam.org
|
||||
https://www.kernel.org/pub/linux/libs/pam/
|
||||
(PAM also is standard on Solaris and HP-UX 11)
|
||||
[6] https://thrysoee.dk/editline/ (portable version)
|
||||
[7] https://man.openbsd.org/style.9
|
||||
[1] https://man.openbsd.org/style.9
|
||||
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
How to verify host keys using OpenSSH and DNS
|
||||
---------------------------------------------
|
||||
|
||||
OpenSSH contains support for verifying host keys using DNS as described in
|
||||
draft-ietf-secsh-dns-05.txt. The document contains very brief instructions
|
||||
on how to use this feature. Configuring DNS is out of the scope of this
|
||||
document.
|
||||
OpenSSH contains support for verifying host keys using DNS as described
|
||||
in https://tools.ietf.org/html/rfc4255. The document contains very brief
|
||||
instructions on how to use this feature. Configuring DNS is out of the
|
||||
scope of this document.
|
||||
|
||||
|
||||
(1) Server: Generate and publish the DNS RR
|
||||
|
|
84
crypto/openssh/README.md
Normal file
84
crypto/openssh/README.md
Normal file
|
@ -0,0 +1,84 @@
|
|||
# Portable OpenSSH
|
||||
|
||||
[![C/C++ CI](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml/badge.svg)](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml)
|
||||
[![Fuzzing Status](https://oss-fuzz-build-logs.storage.googleapis.com/badges/openssh.svg)](https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:openssh)
|
||||
|
||||
OpenSSH is a complete implementation of the SSH protocol (version 2) for secure remote login, command execution and file transfer. It includes a client ``ssh`` and server ``sshd``, file transfer utilities ``scp`` and ``sftp`` as well as tools for key generation (``ssh-keygen``), run-time key storage (``ssh-agent``) and a number of supporting programs.
|
||||
|
||||
This is a port of OpenBSD's [OpenSSH](https://openssh.com) to most Unix-like operating systems, including Linux, OS X and Cygwin. Portable OpenSSH polyfills OpenBSD APIs that are not available elsewhere, adds sshd sandboxing for more operating systems and includes support for OS-native authentication and auditing (e.g. using PAM).
|
||||
|
||||
## Documentation
|
||||
|
||||
The official documentation for OpenSSH are the man pages for each tool:
|
||||
|
||||
* [ssh(1)](https://man.openbsd.org/ssh.1)
|
||||
* [sshd(8)](https://man.openbsd.org/sshd.8)
|
||||
* [ssh-keygen(1)](https://man.openbsd.org/ssh-keygen.1)
|
||||
* [ssh-agent(1)](https://man.openbsd.org/ssh-agent.1)
|
||||
* [scp(1)](https://man.openbsd.org/scp.1)
|
||||
* [sftp(1)](https://man.openbsd.org/sftp.1)
|
||||
* [ssh-keyscan(8)](https://man.openbsd.org/ssh-keyscan.8)
|
||||
* [sftp-server(8)](https://man.openbsd.org/sftp-server.8)
|
||||
|
||||
## Stable Releases
|
||||
|
||||
Stable release tarballs are available from a number of [download mirrors](https://www.openssh.com/portable.html#downloads). We recommend the use of a stable release for most users. Please read the [release notes](https://www.openssh.com/releasenotes.html) for details of recent changes and potential incompatibilities.
|
||||
|
||||
## Building Portable OpenSSH
|
||||
|
||||
### Dependencies
|
||||
|
||||
Portable OpenSSH is built using autoconf and make. It requires a working C compiler, standard library and headers.
|
||||
|
||||
``libcrypto`` from either [LibreSSL](https://www.libressl.org/) or [OpenSSL](https://www.openssl.org) may also be used, but OpenSSH may be built without it supporting a subset of crypto algorithms.
|
||||
|
||||
[zlib](https://www.zlib.net/) is optional; without it transport compression is not supported.
|
||||
|
||||
FIDO security token support needs [libfido2](https://github.com/Yubico/libfido2) and its dependencies. Also, certain platforms and build-time options may require additional dependencies; see README.platform for details.
|
||||
|
||||
### Building a release
|
||||
|
||||
Releases include a pre-built copy of the ``configure`` script and may be built using:
|
||||
|
||||
```
|
||||
tar zxvf openssh-X.YpZ.tar.gz
|
||||
cd openssh
|
||||
./configure # [options]
|
||||
make && make tests
|
||||
```
|
||||
|
||||
See the [Build-time Customisation](#build-time-customisation) section below for configure options. If you plan on installing OpenSSH to your system, then you will usually want to specify destination paths.
|
||||
|
||||
### Building from git
|
||||
|
||||
If building from git, you'll need [autoconf](https://www.gnu.org/software/autoconf/) installed to build the ``configure`` script. The following commands will check out and build portable OpenSSH from git:
|
||||
|
||||
```
|
||||
git clone https://github.com/openssh/openssh-portable # or https://anongit.mindrot.org/openssh.git
|
||||
cd openssh-portable
|
||||
autoreconf
|
||||
./configure
|
||||
make && make tests
|
||||
```
|
||||
|
||||
### Build-time Customisation
|
||||
|
||||
There are many build-time customisation options available. All Autoconf destination path flags (e.g. ``--prefix``) are supported (and are usually required if you want to install OpenSSH).
|
||||
|
||||
For a full list of available flags, run ``configure --help`` but a few of the more frequently-used ones are described below. Some of these flags will require additional libraries and/or headers be installed.
|
||||
|
||||
Flag | Meaning
|
||||
--- | ---
|
||||
``--with-pam`` | Enable [PAM](https://en.wikipedia.org/wiki/Pluggable_authentication_module) support. [OpenPAM](https://www.openpam.org/), [Linux PAM](http://www.linux-pam.org/) and Solaris PAM are supported.
|
||||
``--with-libedit`` | Enable [libedit](https://www.thrysoee.dk/editline/) support for sftp.
|
||||
``--with-kerberos5`` | Enable Kerberos/GSSAPI support. Both [Heimdal](https://www.h5l.org/) and [MIT](https://web.mit.edu/kerberos/) Kerberos implementations are supported.
|
||||
``--with-selinux`` | Enable [SELinux](https://en.wikipedia.org/wiki/Security-Enhanced_Linux) support.
|
||||
``--with-security-key-builtin`` | Include built-in support for U2F/FIDO2 security keys. This requires [libfido2](https://github.com/Yubico/libfido2) be installed.
|
||||
|
||||
## Development
|
||||
|
||||
Portable OpenSSH development is discussed on the [openssh-unix-dev mailing list](https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev) ([archive mirror](https://marc.info/?l=openssh-unix-dev)). Bugs and feature requests are tracked on our [Bugzilla](https://bugzilla.mindrot.org/).
|
||||
|
||||
## Reporting bugs
|
||||
|
||||
_Non-security_ bugs may be reported to the developers via [Bugzilla](https://bugzilla.mindrot.org/) or via the mailing list above. Security bugs should be reported to [openssh@openssh.com](mailto:openssh.openssh.com).
|
|
@ -1,19 +1,19 @@
|
|||
This file contains notes about OpenSSH on specific platforms.
|
||||
|
||||
AIX
|
||||
---
|
||||
As of OpenSSH 3.8p1, sshd will now honour an accounts password expiry
|
||||
settings, where previously it did not. Because of this, it's possible for
|
||||
sites that have used OpenSSH's sshd exclusively to have accounts which
|
||||
have passwords expired longer than the inactive time (ie the "Weeks between
|
||||
password EXPIRATION and LOCKOUT" setting in SMIT or the maxexpired
|
||||
chuser attribute).
|
||||
|
||||
Beginning with OpenSSH 3.8p1, sshd will honour an account's password
|
||||
expiry settings, where prior to that it did not. Because of this,
|
||||
it's possible for sites that have used OpenSSH's sshd exclusively to
|
||||
have accounts which have passwords expired longer than the inactive time
|
||||
(ie the "Weeks between password EXPIRATION and LOCKOUT" setting in SMIT
|
||||
or the maxexpired chuser attribute).
|
||||
|
||||
Accounts in this state must have their passwords reset manually by the
|
||||
administrator. As a precaution, it is recommended that the administrative
|
||||
passwords be reset before upgrading from OpenSSH <3.8.
|
||||
|
||||
As of OpenSSH 4.0, configure will attempt to detect if your version
|
||||
As of OpenSSH 4.0p1, configure will attempt to detect if your version
|
||||
and maintenance level of AIX has a working getaddrinfo, and will use it
|
||||
if found. This will enable IPv6 support. If for some reason configure
|
||||
gets it wrong, or if you want to build binaries to work on earlier MLs
|
||||
|
|
|
@ -5,13 +5,10 @@ escalation by containing corruption to an unprivileged process.
|
|||
More information is available at:
|
||||
http://www.citi.umich.edu/u/provos/ssh/privsep.html
|
||||
|
||||
Privilege separation is now enabled by default; see the
|
||||
UsePrivilegeSeparation option in sshd_config(5).
|
||||
|
||||
When privsep is enabled, during the pre-authentication phase sshd will
|
||||
chroot(2) to "/var/empty" and change its privileges to the "sshd" user
|
||||
and its primary group. sshd is a pseudo-account that should not be
|
||||
used by other daemons, and must be locked and should contain a
|
||||
Privilege separation is now mandatory. During the pre-authentication
|
||||
phase sshd will chroot(2) to "/var/empty" and change its privileges to the
|
||||
"sshd" user and its primary group. sshd is a pseudo-account that should
|
||||
not be used by other daemons, and must be locked and should contain a
|
||||
"nologin" or invalid shell.
|
||||
|
||||
You should do something like the following to prepare the privsep
|
||||
|
|
193
crypto/openssh/aclocal.m4
vendored
193
crypto/openssh/aclocal.m4
vendored
|
@ -1,186 +1,15 @@
|
|||
dnl OpenSSH-specific autoconf macros
|
||||
dnl
|
||||
# generated automatically by aclocal 1.16.3 -*- Autoconf -*-
|
||||
|
||||
dnl OSSH_CHECK_CFLAG_COMPILE(check_flag[, define_flag])
|
||||
dnl Check that $CC accepts a flag 'check_flag'. If it is supported append
|
||||
dnl 'define_flag' to $CFLAGS. If 'define_flag' is not specified, then append
|
||||
dnl 'check_flag'.
|
||||
AC_DEFUN([OSSH_CHECK_CFLAG_COMPILE], [{
|
||||
AC_MSG_CHECKING([if $CC supports compile flag $1])
|
||||
saved_CFLAGS="$CFLAGS"
|
||||
CFLAGS="$CFLAGS $WERROR $1"
|
||||
_define_flag="$2"
|
||||
test "x$_define_flag" = "x" && _define_flag="$1"
|
||||
AC_COMPILE_IFELSE([AC_LANG_SOURCE([[
|
||||
#include <stdlib.h>
|
||||
#include <stdio.h>
|
||||
int main(int argc, char **argv) {
|
||||
/* Some math to catch -ftrapv problems in the toolchain */
|
||||
int i = 123 * argc, j = 456 + argc, k = 789 - argc;
|
||||
float l = i * 2.1;
|
||||
double m = l / 0.5;
|
||||
long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
|
||||
printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o);
|
||||
exit(0);
|
||||
}
|
||||
]])],
|
||||
[
|
||||
if $ac_cv_path_EGREP -i "unrecognized option|warning.*ignored" conftest.err >/dev/null
|
||||
then
|
||||
AC_MSG_RESULT([no])
|
||||
CFLAGS="$saved_CFLAGS"
|
||||
else
|
||||
AC_MSG_RESULT([yes])
|
||||
CFLAGS="$saved_CFLAGS $_define_flag"
|
||||
fi],
|
||||
[ AC_MSG_RESULT([no])
|
||||
CFLAGS="$saved_CFLAGS" ]
|
||||
)
|
||||
}])
|
||||
# Copyright (C) 1996-2020 Free Software Foundation, Inc.
|
||||
|
||||
dnl OSSH_CHECK_CFLAG_LINK(check_flag[, define_flag])
|
||||
dnl Check that $CC accepts a flag 'check_flag'. If it is supported append
|
||||
dnl 'define_flag' to $CFLAGS. If 'define_flag' is not specified, then append
|
||||
dnl 'check_flag'.
|
||||
AC_DEFUN([OSSH_CHECK_CFLAG_LINK], [{
|
||||
AC_MSG_CHECKING([if $CC supports compile flag $1 and linking succeeds])
|
||||
saved_CFLAGS="$CFLAGS"
|
||||
CFLAGS="$CFLAGS $WERROR $1"
|
||||
_define_flag="$2"
|
||||
test "x$_define_flag" = "x" && _define_flag="$1"
|
||||
AC_LINK_IFELSE([AC_LANG_SOURCE([[
|
||||
#include <stdlib.h>
|
||||
#include <stdio.h>
|
||||
int main(int argc, char **argv) {
|
||||
/* Some math to catch -ftrapv problems in the toolchain */
|
||||
int i = 123 * argc, j = 456 + argc, k = 789 - argc;
|
||||
float l = i * 2.1;
|
||||
double m = l / 0.5;
|
||||
long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
|
||||
long long int p = n * o;
|
||||
printf("%d %d %d %f %f %lld %lld %lld\n", i, j, k, l, m, n, o, p);
|
||||
exit(0);
|
||||
}
|
||||
]])],
|
||||
[
|
||||
if $ac_cv_path_EGREP -i "unrecognized option|warning.*ignored" conftest.err >/dev/null
|
||||
then
|
||||
AC_MSG_RESULT([no])
|
||||
CFLAGS="$saved_CFLAGS"
|
||||
else
|
||||
AC_MSG_RESULT([yes])
|
||||
CFLAGS="$saved_CFLAGS $_define_flag"
|
||||
fi],
|
||||
[ AC_MSG_RESULT([no])
|
||||
CFLAGS="$saved_CFLAGS" ]
|
||||
)
|
||||
}])
|
||||
# This file is free software; the Free Software Foundation
|
||||
# gives unlimited permission to copy and/or distribute it,
|
||||
# with or without modifications, as long as this notice is preserved.
|
||||
|
||||
dnl OSSH_CHECK_LDFLAG_LINK(check_flag[, define_flag])
|
||||
dnl Check that $LD accepts a flag 'check_flag'. If it is supported append
|
||||
dnl 'define_flag' to $LDFLAGS. If 'define_flag' is not specified, then append
|
||||
dnl 'check_flag'.
|
||||
AC_DEFUN([OSSH_CHECK_LDFLAG_LINK], [{
|
||||
AC_MSG_CHECKING([if $LD supports link flag $1])
|
||||
saved_LDFLAGS="$LDFLAGS"
|
||||
LDFLAGS="$LDFLAGS $WERROR $1"
|
||||
_define_flag="$2"
|
||||
test "x$_define_flag" = "x" && _define_flag="$1"
|
||||
AC_LINK_IFELSE([AC_LANG_SOURCE([[
|
||||
#include <stdlib.h>
|
||||
#include <stdio.h>
|
||||
int main(int argc, char **argv) {
|
||||
/* Some math to catch -ftrapv problems in the toolchain */
|
||||
int i = 123 * argc, j = 456 + argc, k = 789 - argc;
|
||||
float l = i * 2.1;
|
||||
double m = l / 0.5;
|
||||
long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
|
||||
long long p = n * o;
|
||||
printf("%d %d %d %f %f %lld %lld %lld\n", i, j, k, l, m, n, o, p);
|
||||
exit(0);
|
||||
}
|
||||
]])],
|
||||
[
|
||||
if $ac_cv_path_EGREP -i "unrecognized option|warning.*ignored" conftest.err >/dev/null
|
||||
then
|
||||
AC_MSG_RESULT([no])
|
||||
LDFLAGS="$saved_LDFLAGS"
|
||||
else
|
||||
AC_MSG_RESULT([yes])
|
||||
LDFLAGS="$saved_LDFLAGS $_define_flag"
|
||||
fi ],
|
||||
[ AC_MSG_RESULT([no])
|
||||
LDFLAGS="$saved_LDFLAGS" ]
|
||||
)
|
||||
}])
|
||||
|
||||
dnl OSSH_CHECK_HEADER_FOR_FIELD(field, header, symbol)
|
||||
dnl Does AC_EGREP_HEADER on 'header' for the string 'field'
|
||||
dnl If found, set 'symbol' to be defined. Cache the result.
|
||||
dnl TODO: This is not foolproof, better to compile and read from there
|
||||
AC_DEFUN(OSSH_CHECK_HEADER_FOR_FIELD, [
|
||||
# look for field '$1' in header '$2'
|
||||
dnl This strips characters illegal to m4 from the header filename
|
||||
ossh_safe=`echo "$2" | sed 'y%./+-%__p_%'`
|
||||
dnl
|
||||
ossh_varname="ossh_cv_$ossh_safe""_has_"$1
|
||||
AC_MSG_CHECKING(for $1 field in $2)
|
||||
AC_CACHE_VAL($ossh_varname, [
|
||||
AC_EGREP_HEADER($1, $2, [ dnl
|
||||
eval "$ossh_varname=yes" dnl
|
||||
], [ dnl
|
||||
eval "$ossh_varname=no" dnl
|
||||
]) dnl
|
||||
])
|
||||
ossh_result=`eval 'echo $'"$ossh_varname"`
|
||||
if test -n "`echo $ossh_varname`"; then
|
||||
AC_MSG_RESULT($ossh_result)
|
||||
if test "x$ossh_result" = "xyes"; then
|
||||
AC_DEFINE($3, 1, [Define if you have $1 in $2])
|
||||
fi
|
||||
else
|
||||
AC_MSG_RESULT(no)
|
||||
fi
|
||||
])
|
||||
|
||||
dnl Check for socklen_t: historically on BSD it is an int, and in
|
||||
dnl POSIX 1g it is a type of its own, but some platforms use different
|
||||
dnl types for the argument to getsockopt, getpeername, etc. So we
|
||||
dnl have to test to find something that will work.
|
||||
AC_DEFUN([TYPE_SOCKLEN_T],
|
||||
[
|
||||
AC_CHECK_TYPE([socklen_t], ,[
|
||||
AC_MSG_CHECKING([for socklen_t equivalent])
|
||||
AC_CACHE_VAL([curl_cv_socklen_t_equiv],
|
||||
[
|
||||
# Systems have either "struct sockaddr *" or
|
||||
# "void *" as the second argument to getpeername
|
||||
curl_cv_socklen_t_equiv=
|
||||
for arg2 in "struct sockaddr" void; do
|
||||
for t in int size_t unsigned long "unsigned long"; do
|
||||
AC_TRY_COMPILE([
|
||||
#include <sys/types.h>
|
||||
#include <sys/socket.h>
|
||||
|
||||
int getpeername (int, $arg2 *, $t *);
|
||||
],[
|
||||
$t len;
|
||||
getpeername(0,0,&len);
|
||||
],[
|
||||
curl_cv_socklen_t_equiv="$t"
|
||||
break
|
||||
])
|
||||
done
|
||||
done
|
||||
|
||||
if test "x$curl_cv_socklen_t_equiv" = x; then
|
||||
AC_MSG_ERROR([Cannot find a type to use in place of socklen_t])
|
||||
fi
|
||||
])
|
||||
AC_MSG_RESULT($curl_cv_socklen_t_equiv)
|
||||
AC_DEFINE_UNQUOTED(socklen_t, $curl_cv_socklen_t_equiv,
|
||||
[type to use in place of socklen_t if not defined])],
|
||||
[#include <sys/types.h>
|
||||
#include <sys/socket.h>])
|
||||
])
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
|
||||
# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
|
||||
# PARTICULAR PURPOSE.
|
||||
|
||||
m4_ifndef([AC_CONFIG_MACRO_DIRS], [m4_defun([_AM_CONFIG_MACRO_DIRS], [])m4_defun([AC_CONFIG_MACRO_DIRS], [_AM_CONFIG_MACRO_DIRS($@)])])
|
||||
m4_include([m4/openssh.m4])
|
||||
|
|
423
crypto/openssh/addr.c
Normal file
423
crypto/openssh/addr.c
Normal file
|
@ -0,0 +1,423 @@
|
|||
/* $OpenBSD: addr.c,v 1.1 2021/01/09 11:58:50 dtucker Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2004-2008 Damien Miller <djm@mindrot.org>
|
||||
*
|
||||
* Permission to use, copy, modify, and distribute this software for any
|
||||
* purpose with or without fee is hereby granted, provided that the above
|
||||
* copyright notice and this permission notice appear in all copies.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
||||
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
||||
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
||||
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
||||
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
||||
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
||||
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
|
||||
#include <sys/types.h>
|
||||
#include <sys/socket.h>
|
||||
#include <netinet/in.h>
|
||||
#include <arpa/inet.h>
|
||||
|
||||
#include <netdb.h>
|
||||
#include <string.h>
|
||||
#include <stdlib.h>
|
||||
#include <stdio.h>
|
||||
|
||||
#include "addr.h"
|
||||
|
||||
#define _SA(x) ((struct sockaddr *)(x))
|
||||
|
||||
int
|
||||
addr_unicast_masklen(int af)
|
||||
{
|
||||
switch (af) {
|
||||
case AF_INET:
|
||||
return 32;
|
||||
case AF_INET6:
|
||||
return 128;
|
||||
default:
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
|
||||
static inline int
|
||||
masklen_valid(int af, u_int masklen)
|
||||
{
|
||||
switch (af) {
|
||||
case AF_INET:
|
||||
return masklen <= 32 ? 0 : -1;
|
||||
case AF_INET6:
|
||||
return masklen <= 128 ? 0 : -1;
|
||||
default:
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
|
||||
int
|
||||
addr_xaddr_to_sa(const struct xaddr *xa, struct sockaddr *sa, socklen_t *len,
|
||||
u_int16_t port)
|
||||
{
|
||||
struct sockaddr_in *in4 = (struct sockaddr_in *)sa;
|
||||
struct sockaddr_in6 *in6 = (struct sockaddr_in6 *)sa;
|
||||
|
||||
if (xa == NULL || sa == NULL || len == NULL)
|
||||
return -1;
|
||||
|
||||
switch (xa->af) {
|
||||
case AF_INET:
|
||||
if (*len < sizeof(*in4))
|
||||
return -1;
|
||||
memset(sa, '\0', sizeof(*in4));
|
||||
*len = sizeof(*in4);
|
||||
#ifdef SOCK_HAS_LEN
|
||||
in4->sin_len = sizeof(*in4);
|
||||
#endif
|
||||
in4->sin_family = AF_INET;
|
||||
in4->sin_port = htons(port);
|
||||
memcpy(&in4->sin_addr, &xa->v4, sizeof(in4->sin_addr));
|
||||
break;
|
||||
case AF_INET6:
|
||||
if (*len < sizeof(*in6))
|
||||
return -1;
|
||||
memset(sa, '\0', sizeof(*in6));
|
||||
*len = sizeof(*in6);
|
||||
#ifdef SOCK_HAS_LEN
|
||||
in6->sin6_len = sizeof(*in6);
|
||||
#endif
|
||||
in6->sin6_family = AF_INET6;
|
||||
in6->sin6_port = htons(port);
|
||||
memcpy(&in6->sin6_addr, &xa->v6, sizeof(in6->sin6_addr));
|
||||
#ifdef HAVE_STRUCT_SOCKADDR_IN6_SIN6_SCOPE_ID
|
||||
in6->sin6_scope_id = xa->scope_id;
|
||||
#endif
|
||||
break;
|
||||
default:
|
||||
return -1;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* Convert struct sockaddr to struct xaddr
|
||||
* Returns 0 on success, -1 on failure.
|
||||
*/
|
||||
int
|
||||
addr_sa_to_xaddr(struct sockaddr *sa, socklen_t slen, struct xaddr *xa)
|
||||
{
|
||||
struct sockaddr_in *in4 = (struct sockaddr_in *)sa;
|
||||
struct sockaddr_in6 *in6 = (struct sockaddr_in6 *)sa;
|
||||
|
||||
memset(xa, '\0', sizeof(*xa));
|
||||
|
||||
switch (sa->sa_family) {
|
||||
case AF_INET:
|
||||
if (slen < (socklen_t)sizeof(*in4))
|
||||
return -1;
|
||||
xa->af = AF_INET;
|
||||
memcpy(&xa->v4, &in4->sin_addr, sizeof(xa->v4));
|
||||
break;
|
||||
case AF_INET6:
|
||||
if (slen < (socklen_t)sizeof(*in6))
|
||||
return -1;
|
||||
xa->af = AF_INET6;
|
||||
memcpy(&xa->v6, &in6->sin6_addr, sizeof(xa->v6));
|
||||
#ifdef HAVE_STRUCT_SOCKADDR_IN6_SIN6_SCOPE_ID
|
||||
xa->scope_id = in6->sin6_scope_id;
|
||||
#endif
|
||||
break;
|
||||
default:
|
||||
return -1;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
int
|
||||
addr_invert(struct xaddr *n)
|
||||
{
|
||||
int i;
|
||||
|
||||
if (n == NULL)
|
||||
return -1;
|
||||
|
||||
switch (n->af) {
|
||||
case AF_INET:
|
||||
n->v4.s_addr = ~n->v4.s_addr;
|
||||
return 0;
|
||||
case AF_INET6:
|
||||
for (i = 0; i < 4; i++)
|
||||
n->addr32[i] = ~n->addr32[i];
|
||||
return 0;
|
||||
default:
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Calculate a netmask of length 'l' for address family 'af' and
|
||||
* store it in 'n'.
|
||||
* Returns 0 on success, -1 on failure.
|
||||
*/
|
||||
int
|
||||
addr_netmask(int af, u_int l, struct xaddr *n)
|
||||
{
|
||||
int i;
|
||||
|
||||
if (masklen_valid(af, l) != 0 || n == NULL)
|
||||
return -1;
|
||||
|
||||
memset(n, '\0', sizeof(*n));
|
||||
switch (af) {
|
||||
case AF_INET:
|
||||
n->af = AF_INET;
|
||||
if (l == 0)
|
||||
return 0;
|
||||
n->v4.s_addr = htonl((0xffffffff << (32 - l)) & 0xffffffff);
|
||||
return 0;
|
||||
case AF_INET6:
|
||||
n->af = AF_INET6;
|
||||
for (i = 0; i < 4 && l >= 32; i++, l -= 32)
|
||||
n->addr32[i] = 0xffffffffU;
|
||||
if (i < 4 && l != 0)
|
||||
n->addr32[i] = htonl((0xffffffff << (32 - l)) &
|
||||
0xffffffff);
|
||||
return 0;
|
||||
default:
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
|
||||
int
|
||||
addr_hostmask(int af, u_int l, struct xaddr *n)
|
||||
{
|
||||
if (addr_netmask(af, l, n) == -1 || addr_invert(n) == -1)
|
||||
return -1;
|
||||
return 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* Perform logical AND of addresses 'a' and 'b', storing result in 'dst'.
|
||||
* Returns 0 on success, -1 on failure.
|
||||
*/
|
||||
int
|
||||
addr_and(struct xaddr *dst, const struct xaddr *a, const struct xaddr *b)
|
||||
{
|
||||
int i;
|
||||
|
||||
if (dst == NULL || a == NULL || b == NULL || a->af != b->af)
|
||||
return -1;
|
||||
|
||||
memcpy(dst, a, sizeof(*dst));
|
||||
switch (a->af) {
|
||||
case AF_INET:
|
||||
dst->v4.s_addr &= b->v4.s_addr;
|
||||
return 0;
|
||||
case AF_INET6:
|
||||
dst->scope_id = a->scope_id;
|
||||
for (i = 0; i < 4; i++)
|
||||
dst->addr32[i] &= b->addr32[i];
|
||||
return 0;
|
||||
default:
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
|
||||
int
|
||||
addr_cmp(const struct xaddr *a, const struct xaddr *b)
|
||||
{
|
||||
int i;
|
||||
|
||||
if (a->af != b->af)
|
||||
return (a->af == AF_INET6 ? 1 : -1);
|
||||
|
||||
switch (a->af) {
|
||||
case AF_INET:
|
||||
/*
|
||||
* Can't just subtract here as 255.255.255.255 - 0.0.0.0 is
|
||||
* too big to fit into a signed int
|
||||
*/
|
||||
if (a->v4.s_addr == b->v4.s_addr)
|
||||
return 0;
|
||||
return (ntohl(a->v4.s_addr) > ntohl(b->v4.s_addr) ? 1 : -1);
|
||||
case AF_INET6:;
|
||||
/*
|
||||
* Do this a byte at a time to avoid the above issue and
|
||||
* any endian problems
|
||||
*/
|
||||
for (i = 0; i < 16; i++)
|
||||
if (a->addr8[i] - b->addr8[i] != 0)
|
||||
return (a->addr8[i] - b->addr8[i]);
|
||||
if (a->scope_id == b->scope_id)
|
||||
return (0);
|
||||
return (a->scope_id > b->scope_id ? 1 : -1);
|
||||
default:
|
||||
return (-1);
|
||||
}
|
||||
}
|
||||
|
||||
int
|
||||
addr_is_all0s(const struct xaddr *a)
|
||||
{
|
||||
int i;
|
||||
|
||||
switch (a->af) {
|
||||
case AF_INET:
|
||||
return (a->v4.s_addr == 0 ? 0 : -1);
|
||||
case AF_INET6:;
|
||||
for (i = 0; i < 4; i++)
|
||||
if (a->addr32[i] != 0)
|
||||
return -1;
|
||||
return 0;
|
||||
default:
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Test whether host portion of address 'a', as determined by 'masklen'
|
||||
* is all zeros.
|
||||
* Returns 0 on if host portion of address is all-zeros,
|
||||
* -1 if not all zeros or on failure.
|
||||
*/
|
||||
int
|
||||
addr_host_is_all0s(const struct xaddr *a, u_int masklen)
|
||||
{
|
||||
struct xaddr tmp_addr, tmp_mask, tmp_result;
|
||||
|
||||
memcpy(&tmp_addr, a, sizeof(tmp_addr));
|
||||
if (addr_hostmask(a->af, masklen, &tmp_mask) == -1)
|
||||
return -1;
|
||||
if (addr_and(&tmp_result, &tmp_addr, &tmp_mask) == -1)
|
||||
return -1;
|
||||
return addr_is_all0s(&tmp_result);
|
||||
}
|
||||
|
||||
/*
|
||||
* Parse string address 'p' into 'n'
|
||||
* Returns 0 on success, -1 on failure.
|
||||
*/
|
||||
int
|
||||
addr_pton(const char *p, struct xaddr *n)
|
||||
{
|
||||
struct addrinfo hints, *ai;
|
||||
|
||||
memset(&hints, '\0', sizeof(hints));
|
||||
hints.ai_flags = AI_NUMERICHOST;
|
||||
|
||||
if (p == NULL || getaddrinfo(p, NULL, &hints, &ai) != 0)
|
||||
return -1;
|
||||
|
||||
if (ai == NULL || ai->ai_addr == NULL)
|
||||
return -1;
|
||||
|
||||
if (n != NULL && addr_sa_to_xaddr(ai->ai_addr, ai->ai_addrlen,
|
||||
n) == -1) {
|
||||
freeaddrinfo(ai);
|
||||
return -1;
|
||||
}
|
||||
|
||||
freeaddrinfo(ai);
|
||||
return 0;
|
||||
}
|
||||
|
||||
int
|
||||
addr_sa_pton(const char *h, const char *s, struct sockaddr *sa, socklen_t slen)
|
||||
{
|
||||
struct addrinfo hints, *ai;
|
||||
|
||||
memset(&hints, '\0', sizeof(hints));
|
||||
hints.ai_flags = AI_NUMERICHOST;
|
||||
|
||||
if (h == NULL || getaddrinfo(h, s, &hints, &ai) != 0)
|
||||
return -1;
|
||||
|
||||
if (ai == NULL || ai->ai_addr == NULL)
|
||||
return -1;
|
||||
|
||||
if (sa != NULL) {
|
||||
if (slen < ai->ai_addrlen)
|
||||
return -1;
|
||||
memcpy(sa, &ai->ai_addr, ai->ai_addrlen);
|
||||
}
|
||||
|
||||
freeaddrinfo(ai);
|
||||
return 0;
|
||||
}
|
||||
|
||||
int
|
||||
addr_ntop(const struct xaddr *n, char *p, size_t len)
|
||||
{
|
||||
struct sockaddr_storage ss;
|
||||
socklen_t slen = sizeof(ss);
|
||||
|
||||
if (addr_xaddr_to_sa(n, _SA(&ss), &slen, 0) == -1)
|
||||
return -1;
|
||||
if (n == NULL || p == NULL || len == 0)
|
||||
return -1;
|
||||
if (getnameinfo(_SA(&ss), slen, p, len, NULL, 0,
|
||||
NI_NUMERICHOST) == -1)
|
||||
return -1;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* Parse a CIDR address (x.x.x.x/y or xxxx:yyyy::/z).
|
||||
* Return -1 on parse error, -2 on inconsistency or 0 on success.
|
||||
*/
|
||||
int
|
||||
addr_pton_cidr(const char *p, struct xaddr *n, u_int *l)
|
||||
{
|
||||
struct xaddr tmp;
|
||||
long unsigned int masklen = 999;
|
||||
char addrbuf[64], *mp, *cp;
|
||||
|
||||
/* Don't modify argument */
|
||||
if (p == NULL || strlcpy(addrbuf, p, sizeof(addrbuf)) >= sizeof(addrbuf))
|
||||
return -1;
|
||||
|
||||
if ((mp = strchr(addrbuf, '/')) != NULL) {
|
||||
*mp = '\0';
|
||||
mp++;
|
||||
masklen = strtoul(mp, &cp, 10);
|
||||
if (*mp == '\0' || *cp != '\0' || masklen > 128)
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (addr_pton(addrbuf, &tmp) == -1)
|
||||
return -1;
|
||||
|
||||
if (mp == NULL)
|
||||
masklen = addr_unicast_masklen(tmp.af);
|
||||
if (masklen_valid(tmp.af, masklen) == -1)
|
||||
return -2;
|
||||
if (addr_host_is_all0s(&tmp, masklen) != 0)
|
||||
return -2;
|
||||
|
||||
if (n != NULL)
|
||||
memcpy(n, &tmp, sizeof(*n));
|
||||
if (l != NULL)
|
||||
*l = masklen;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
int
|
||||
addr_netmatch(const struct xaddr *host, const struct xaddr *net, u_int masklen)
|
||||
{
|
||||
struct xaddr tmp_mask, tmp_result;
|
||||
|
||||
if (host->af != net->af)
|
||||
return -1;
|
||||
|
||||
if (addr_netmask(host->af, masklen, &tmp_mask) == -1)
|
||||
return -1;
|
||||
if (addr_and(&tmp_result, host, &tmp_mask) == -1)
|
||||
return -1;
|
||||
return addr_cmp(&tmp_result, net);
|
||||
}
|
60
crypto/openssh/addr.h
Normal file
60
crypto/openssh/addr.h
Normal file
|
@ -0,0 +1,60 @@
|
|||
/*
|
||||
* Copyright (c) 2004,2005 Damien Miller <djm@mindrot.org>
|
||||
*
|
||||
* Permission to use, copy, modify, and distribute this software for any
|
||||
* purpose with or without fee is hereby granted, provided that the above
|
||||
* copyright notice and this permission notice appear in all copies.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
||||
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
||||
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
||||
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
||||
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
||||
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
||||
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
/* Address handling routines */
|
||||
|
||||
#ifndef _ADDR_H
|
||||
#define _ADDR_H
|
||||
|
||||
#include <sys/socket.h>
|
||||
#include <netinet/in.h>
|
||||
|
||||
struct xaddr {
|
||||
sa_family_t af;
|
||||
union {
|
||||
struct in_addr v4;
|
||||
struct in6_addr v6;
|
||||
u_int8_t addr8[16];
|
||||
u_int16_t addr16[8];
|
||||
u_int32_t addr32[4];
|
||||
} xa; /* 128-bit address */
|
||||
u_int32_t scope_id; /* iface scope id for v6 */
|
||||
#define v4 xa.v4
|
||||
#define v6 xa.v6
|
||||
#define addr8 xa.addr8
|
||||
#define addr16 xa.addr16
|
||||
#define addr32 xa.addr32
|
||||
};
|
||||
|
||||
int addr_unicast_masklen(int af);
|
||||
int addr_xaddr_to_sa(const struct xaddr *xa, struct sockaddr *sa,
|
||||
socklen_t *len, u_int16_t port);
|
||||
int addr_sa_to_xaddr(struct sockaddr *sa, socklen_t slen, struct xaddr *xa);
|
||||
int addr_netmask(int af, u_int l, struct xaddr *n);
|
||||
int addr_hostmask(int af, u_int l, struct xaddr *n);
|
||||
int addr_invert(struct xaddr *n);
|
||||
int addr_pton(const char *p, struct xaddr *n);
|
||||
int addr_sa_pton(const char *h, const char *s, struct sockaddr *sa,
|
||||
socklen_t slen);
|
||||
int addr_pton_cidr(const char *p, struct xaddr *n, u_int *l);
|
||||
int addr_ntop(const struct xaddr *n, char *p, size_t len);
|
||||
int addr_and(struct xaddr *dst, const struct xaddr *a, const struct xaddr *b);
|
||||
int addr_cmp(const struct xaddr *a, const struct xaddr *b);
|
||||
int addr_is_all0s(const struct xaddr *n);
|
||||
int addr_host_is_all0s(const struct xaddr *n, u_int masklen);
|
||||
int addr_netmatch(const struct xaddr *host, const struct xaddr *net,
|
||||
u_int masklen);
|
||||
#endif /* _ADDR_H */
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: addrmatch.c,v 1.14 2018/07/31 03:07:24 djm Exp $ */
|
||||
/* $OpenBSD: addrmatch.c,v 1.17 2021/04/03 06:18:40 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2004-2008 Damien Miller <djm@mindrot.org>
|
||||
|
@ -29,337 +29,10 @@
|
|||
#include <stdio.h>
|
||||
#include <stdarg.h>
|
||||
|
||||
#include "addr.h"
|
||||
#include "match.h"
|
||||
#include "log.h"
|
||||
|
||||
struct xaddr {
|
||||
sa_family_t af;
|
||||
union {
|
||||
struct in_addr v4;
|
||||
struct in6_addr v6;
|
||||
u_int8_t addr8[16];
|
||||
u_int32_t addr32[4];
|
||||
} xa; /* 128-bit address */
|
||||
u_int32_t scope_id; /* iface scope id for v6 */
|
||||
#define v4 xa.v4
|
||||
#define v6 xa.v6
|
||||
#define addr8 xa.addr8
|
||||
#define addr32 xa.addr32
|
||||
};
|
||||
|
||||
static int
|
||||
addr_unicast_masklen(int af)
|
||||
{
|
||||
switch (af) {
|
||||
case AF_INET:
|
||||
return 32;
|
||||
case AF_INET6:
|
||||
return 128;
|
||||
default:
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
|
||||
static inline int
|
||||
masklen_valid(int af, u_int masklen)
|
||||
{
|
||||
switch (af) {
|
||||
case AF_INET:
|
||||
return masklen <= 32 ? 0 : -1;
|
||||
case AF_INET6:
|
||||
return masklen <= 128 ? 0 : -1;
|
||||
default:
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Convert struct sockaddr to struct xaddr
|
||||
* Returns 0 on success, -1 on failure.
|
||||
*/
|
||||
static int
|
||||
addr_sa_to_xaddr(struct sockaddr *sa, socklen_t slen, struct xaddr *xa)
|
||||
{
|
||||
struct sockaddr_in *in4 = (struct sockaddr_in *)sa;
|
||||
struct sockaddr_in6 *in6 = (struct sockaddr_in6 *)sa;
|
||||
|
||||
memset(xa, '\0', sizeof(*xa));
|
||||
|
||||
switch (sa->sa_family) {
|
||||
case AF_INET:
|
||||
if (slen < (socklen_t)sizeof(*in4))
|
||||
return -1;
|
||||
xa->af = AF_INET;
|
||||
memcpy(&xa->v4, &in4->sin_addr, sizeof(xa->v4));
|
||||
break;
|
||||
case AF_INET6:
|
||||
if (slen < (socklen_t)sizeof(*in6))
|
||||
return -1;
|
||||
xa->af = AF_INET6;
|
||||
memcpy(&xa->v6, &in6->sin6_addr, sizeof(xa->v6));
|
||||
#ifdef HAVE_STRUCT_SOCKADDR_IN6_SIN6_SCOPE_ID
|
||||
xa->scope_id = in6->sin6_scope_id;
|
||||
#endif
|
||||
break;
|
||||
default:
|
||||
return -1;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* Calculate a netmask of length 'l' for address family 'af' and
|
||||
* store it in 'n'.
|
||||
* Returns 0 on success, -1 on failure.
|
||||
*/
|
||||
static int
|
||||
addr_netmask(int af, u_int l, struct xaddr *n)
|
||||
{
|
||||
int i;
|
||||
|
||||
if (masklen_valid(af, l) != 0 || n == NULL)
|
||||
return -1;
|
||||
|
||||
memset(n, '\0', sizeof(*n));
|
||||
switch (af) {
|
||||
case AF_INET:
|
||||
n->af = AF_INET;
|
||||
if (l == 0)
|
||||
return 0;
|
||||
n->v4.s_addr = htonl((0xffffffff << (32 - l)) & 0xffffffff);
|
||||
return 0;
|
||||
case AF_INET6:
|
||||
n->af = AF_INET6;
|
||||
for (i = 0; i < 4 && l >= 32; i++, l -= 32)
|
||||
n->addr32[i] = 0xffffffffU;
|
||||
if (i < 4 && l != 0)
|
||||
n->addr32[i] = htonl((0xffffffff << (32 - l)) &
|
||||
0xffffffff);
|
||||
return 0;
|
||||
default:
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Perform logical AND of addresses 'a' and 'b', storing result in 'dst'.
|
||||
* Returns 0 on success, -1 on failure.
|
||||
*/
|
||||
static int
|
||||
addr_and(struct xaddr *dst, const struct xaddr *a, const struct xaddr *b)
|
||||
{
|
||||
int i;
|
||||
|
||||
if (dst == NULL || a == NULL || b == NULL || a->af != b->af)
|
||||
return -1;
|
||||
|
||||
memcpy(dst, a, sizeof(*dst));
|
||||
switch (a->af) {
|
||||
case AF_INET:
|
||||
dst->v4.s_addr &= b->v4.s_addr;
|
||||
return 0;
|
||||
case AF_INET6:
|
||||
dst->scope_id = a->scope_id;
|
||||
for (i = 0; i < 4; i++)
|
||||
dst->addr32[i] &= b->addr32[i];
|
||||
return 0;
|
||||
default:
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Compare addresses 'a' and 'b'
|
||||
* Return 0 if addresses are identical, -1 if (a < b) or 1 if (a > b)
|
||||
*/
|
||||
static int
|
||||
addr_cmp(const struct xaddr *a, const struct xaddr *b)
|
||||
{
|
||||
int i;
|
||||
|
||||
if (a->af != b->af)
|
||||
return a->af == AF_INET6 ? 1 : -1;
|
||||
|
||||
switch (a->af) {
|
||||
case AF_INET:
|
||||
if (a->v4.s_addr == b->v4.s_addr)
|
||||
return 0;
|
||||
return ntohl(a->v4.s_addr) > ntohl(b->v4.s_addr) ? 1 : -1;
|
||||
case AF_INET6:
|
||||
for (i = 0; i < 16; i++)
|
||||
if (a->addr8[i] - b->addr8[i] != 0)
|
||||
return a->addr8[i] > b->addr8[i] ? 1 : -1;
|
||||
if (a->scope_id == b->scope_id)
|
||||
return 0;
|
||||
return a->scope_id > b->scope_id ? 1 : -1;
|
||||
default:
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Parse string address 'p' into 'n'
|
||||
* Returns 0 on success, -1 on failure.
|
||||
*/
|
||||
static int
|
||||
addr_pton(const char *p, struct xaddr *n)
|
||||
{
|
||||
struct addrinfo hints, *ai = NULL;
|
||||
int ret = -1;
|
||||
|
||||
memset(&hints, '\0', sizeof(hints));
|
||||
hints.ai_flags = AI_NUMERICHOST;
|
||||
|
||||
if (p == NULL || getaddrinfo(p, NULL, &hints, &ai) != 0)
|
||||
goto out;
|
||||
if (ai == NULL || ai->ai_addr == NULL)
|
||||
goto out;
|
||||
if (n != NULL && addr_sa_to_xaddr(ai->ai_addr, ai->ai_addrlen, n) == -1)
|
||||
goto out;
|
||||
/* success */
|
||||
ret = 0;
|
||||
out:
|
||||
if (ai != NULL)
|
||||
freeaddrinfo(ai);
|
||||
return ret;
|
||||
}
|
||||
|
||||
/*
|
||||
* Perform bitwise negation of address
|
||||
* Returns 0 on success, -1 on failure.
|
||||
*/
|
||||
static int
|
||||
addr_invert(struct xaddr *n)
|
||||
{
|
||||
int i;
|
||||
|
||||
if (n == NULL)
|
||||
return (-1);
|
||||
|
||||
switch (n->af) {
|
||||
case AF_INET:
|
||||
n->v4.s_addr = ~n->v4.s_addr;
|
||||
return (0);
|
||||
case AF_INET6:
|
||||
for (i = 0; i < 4; i++)
|
||||
n->addr32[i] = ~n->addr32[i];
|
||||
return (0);
|
||||
default:
|
||||
return (-1);
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Calculate a netmask of length 'l' for address family 'af' and
|
||||
* store it in 'n'.
|
||||
* Returns 0 on success, -1 on failure.
|
||||
*/
|
||||
static int
|
||||
addr_hostmask(int af, u_int l, struct xaddr *n)
|
||||
{
|
||||
if (addr_netmask(af, l, n) == -1 || addr_invert(n) == -1)
|
||||
return (-1);
|
||||
return (0);
|
||||
}
|
||||
|
||||
/*
|
||||
* Test whether address 'a' is all zeros (i.e. 0.0.0.0 or ::)
|
||||
* Returns 0 on if address is all-zeros, -1 if not all zeros or on failure.
|
||||
*/
|
||||
static int
|
||||
addr_is_all0s(const struct xaddr *a)
|
||||
{
|
||||
int i;
|
||||
|
||||
switch (a->af) {
|
||||
case AF_INET:
|
||||
return (a->v4.s_addr == 0 ? 0 : -1);
|
||||
case AF_INET6:;
|
||||
for (i = 0; i < 4; i++)
|
||||
if (a->addr32[i] != 0)
|
||||
return (-1);
|
||||
return (0);
|
||||
default:
|
||||
return (-1);
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Test whether host portion of address 'a', as determined by 'masklen'
|
||||
* is all zeros.
|
||||
* Returns 0 on if host portion of address is all-zeros,
|
||||
* -1 if not all zeros or on failure.
|
||||
*/
|
||||
static int
|
||||
addr_host_is_all0s(const struct xaddr *a, u_int masklen)
|
||||
{
|
||||
struct xaddr tmp_addr, tmp_mask, tmp_result;
|
||||
|
||||
memcpy(&tmp_addr, a, sizeof(tmp_addr));
|
||||
if (addr_hostmask(a->af, masklen, &tmp_mask) == -1)
|
||||
return (-1);
|
||||
if (addr_and(&tmp_result, &tmp_addr, &tmp_mask) == -1)
|
||||
return (-1);
|
||||
return (addr_is_all0s(&tmp_result));
|
||||
}
|
||||
|
||||
/*
|
||||
* Parse a CIDR address (x.x.x.x/y or xxxx:yyyy::/z).
|
||||
* Return -1 on parse error, -2 on inconsistency or 0 on success.
|
||||
*/
|
||||
static int
|
||||
addr_pton_cidr(const char *p, struct xaddr *n, u_int *l)
|
||||
{
|
||||
struct xaddr tmp;
|
||||
long unsigned int masklen = 999;
|
||||
char addrbuf[64], *mp, *cp;
|
||||
|
||||
/* Don't modify argument */
|
||||
if (p == NULL || strlcpy(addrbuf, p, sizeof(addrbuf)) >= sizeof(addrbuf))
|
||||
return -1;
|
||||
|
||||
if ((mp = strchr(addrbuf, '/')) != NULL) {
|
||||
*mp = '\0';
|
||||
mp++;
|
||||
masklen = strtoul(mp, &cp, 10);
|
||||
if (*mp == '\0' || *cp != '\0' || masklen > 128)
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (addr_pton(addrbuf, &tmp) == -1)
|
||||
return -1;
|
||||
|
||||
if (mp == NULL)
|
||||
masklen = addr_unicast_masklen(tmp.af);
|
||||
if (masklen_valid(tmp.af, masklen) == -1)
|
||||
return -2;
|
||||
if (addr_host_is_all0s(&tmp, masklen) != 0)
|
||||
return -2;
|
||||
|
||||
if (n != NULL)
|
||||
memcpy(n, &tmp, sizeof(*n));
|
||||
if (l != NULL)
|
||||
*l = masklen;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int
|
||||
addr_netmatch(const struct xaddr *host, const struct xaddr *net, u_int masklen)
|
||||
{
|
||||
struct xaddr tmp_mask, tmp_result;
|
||||
|
||||
if (host->af != net->af)
|
||||
return -1;
|
||||
|
||||
if (addr_netmask(host->af, masklen, &tmp_mask) == -1)
|
||||
return -1;
|
||||
if (addr_and(&tmp_result, host, &tmp_mask) == -1)
|
||||
return -1;
|
||||
return addr_cmp(&tmp_result, net);
|
||||
}
|
||||
|
||||
/*
|
||||
* Match "addr" against list pattern list "_list", which may contain a
|
||||
* mix of CIDR addresses and old-school wildcards.
|
||||
|
@ -381,7 +54,7 @@ addr_match_list(const char *addr, const char *_list)
|
|||
int ret = 0, r;
|
||||
|
||||
if (addr != NULL && addr_pton(addr, &try_addr) != 0) {
|
||||
debug2("%s: couldn't parse address %.100s", __func__, addr);
|
||||
debug2_f("couldn't parse address %.100s", addr);
|
||||
return 0;
|
||||
}
|
||||
if ((o = list = strdup(_list)) == NULL)
|
||||
|
@ -397,13 +70,13 @@ addr_match_list(const char *addr, const char *_list)
|
|||
/* Prefer CIDR address matching */
|
||||
r = addr_pton_cidr(cp, &match_addr, &masklen);
|
||||
if (r == -2) {
|
||||
debug2("%s: inconsistent mask length for "
|
||||
"match network \"%.100s\"", __func__, cp);
|
||||
debug2_f("inconsistent mask length for "
|
||||
"match network \"%.100s\"", cp);
|
||||
ret = -2;
|
||||
break;
|
||||
} else if (r == 0) {
|
||||
if (addr != NULL && addr_netmatch(&try_addr,
|
||||
&match_addr, masklen) == 0) {
|
||||
&match_addr, masklen) == 0) {
|
||||
foundit:
|
||||
if (neg) {
|
||||
ret = -1;
|
||||
|
@ -441,15 +114,14 @@ addr_match_cidr_list(const char *addr, const char *_list)
|
|||
int ret = 0, r;
|
||||
|
||||
if (addr != NULL && addr_pton(addr, &try_addr) != 0) {
|
||||
debug2("%s: couldn't parse address %.100s", __func__, addr);
|
||||
debug2_f("couldn't parse address %.100s", addr);
|
||||
return 0;
|
||||
}
|
||||
if ((o = list = strdup(_list)) == NULL)
|
||||
return -1;
|
||||
while ((cp = strsep(&list, ",")) != NULL) {
|
||||
if (*cp == '\0') {
|
||||
error("%s: empty entry in list \"%.100s\"",
|
||||
__func__, o);
|
||||
error_f("empty entry in list \"%.100s\"", o);
|
||||
ret = -1;
|
||||
break;
|
||||
}
|
||||
|
@ -462,15 +134,14 @@ addr_match_cidr_list(const char *addr, const char *_list)
|
|||
|
||||
/* Stop junk from reaching getaddrinfo. +3 is for masklen */
|
||||
if (strlen(cp) > INET6_ADDRSTRLEN + 3) {
|
||||
error("%s: list entry \"%.100s\" too long",
|
||||
__func__, cp);
|
||||
error_f("list entry \"%.100s\" too long", cp);
|
||||
ret = -1;
|
||||
break;
|
||||
}
|
||||
#define VALID_CIDR_CHARS "0123456789abcdefABCDEF.:/"
|
||||
if (strspn(cp, VALID_CIDR_CHARS) != strlen(cp)) {
|
||||
error("%s: list entry \"%.100s\" contains invalid "
|
||||
"characters", __func__, cp);
|
||||
error_f("list entry \"%.100s\" contains invalid "
|
||||
"characters", cp);
|
||||
ret = -1;
|
||||
}
|
||||
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: atomicio.c,v 1.28 2016/07/27 23:18:12 djm Exp $ */
|
||||
/* $OpenBSD: atomicio.c,v 1.30 2019/01/24 02:42:23 dtucker Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2006 Damien Miller. All rights reserved.
|
||||
* Copyright (c) 2005 Anil Madhavapeddy. All rights reserved.
|
||||
|
@ -57,20 +57,25 @@ atomicio6(ssize_t (*f) (int, void *, size_t), int fd, void *_s, size_t n,
|
|||
ssize_t res;
|
||||
struct pollfd pfd;
|
||||
|
||||
#ifndef BROKEN_READ_COMPARISON
|
||||
pfd.fd = fd;
|
||||
#ifndef BROKEN_READ_COMPARISON
|
||||
pfd.events = f == read ? POLLIN : POLLOUT;
|
||||
#else
|
||||
pfd.events = POLLIN|POLLOUT;
|
||||
#endif
|
||||
while (n > pos) {
|
||||
res = (f) (fd, s + pos, n - pos);
|
||||
switch (res) {
|
||||
case -1:
|
||||
if (errno == EINTR)
|
||||
if (errno == EINTR) {
|
||||
/* possible SIGALARM, update callback */
|
||||
if (cb != NULL && cb(cb_arg, 0) == -1) {
|
||||
errno = EINTR;
|
||||
return pos;
|
||||
}
|
||||
continue;
|
||||
if (errno == EAGAIN || errno == EWOULDBLOCK) {
|
||||
#ifndef BROKEN_READ_COMPARISON
|
||||
} else if (errno == EAGAIN || errno == EWOULDBLOCK) {
|
||||
(void)poll(&pfd, 1, -1);
|
||||
#endif
|
||||
continue;
|
||||
}
|
||||
return 0;
|
||||
|
@ -114,20 +119,25 @@ atomiciov6(ssize_t (*f) (int, const struct iovec *, int), int fd,
|
|||
/* Make a copy of the iov array because we may modify it below */
|
||||
memcpy(iov, _iov, (size_t)iovcnt * sizeof(*_iov));
|
||||
|
||||
#ifndef BROKEN_READV_COMPARISON
|
||||
pfd.fd = fd;
|
||||
#ifndef BROKEN_READV_COMPARISON
|
||||
pfd.events = f == readv ? POLLIN : POLLOUT;
|
||||
#else
|
||||
pfd.events = POLLIN|POLLOUT;
|
||||
#endif
|
||||
for (; iovcnt > 0 && iov[0].iov_len > 0;) {
|
||||
res = (f) (fd, iov, iovcnt);
|
||||
switch (res) {
|
||||
case -1:
|
||||
if (errno == EINTR)
|
||||
if (errno == EINTR) {
|
||||
/* possible SIGALARM, update callback */
|
||||
if (cb != NULL && cb(cb_arg, 0) == -1) {
|
||||
errno = EINTR;
|
||||
return pos;
|
||||
}
|
||||
continue;
|
||||
if (errno == EAGAIN || errno == EWOULDBLOCK) {
|
||||
#ifndef BROKEN_READV_COMPARISON
|
||||
} else if (errno == EAGAIN || errno == EWOULDBLOCK) {
|
||||
(void)poll(&pfd, 1, -1);
|
||||
#endif
|
||||
continue;
|
||||
}
|
||||
return 0;
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: atomicio.h,v 1.11 2010/09/22 22:58:51 djm Exp $ */
|
||||
/* $OpenBSD: atomicio.h,v 1.12 2018/12/27 03:25:25 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2006 Damien Miller. All rights reserved.
|
||||
|
@ -29,6 +29,8 @@
|
|||
#ifndef _ATOMICIO_H
|
||||
#define _ATOMICIO_H
|
||||
|
||||
struct iovec;
|
||||
|
||||
/*
|
||||
* Ensure all of data on socket comes through. f==read || f==vwrite
|
||||
*/
|
||||
|
|
|
@ -129,7 +129,7 @@ static AuditInfoTermID ssh_bsm_tid;
|
|||
* getaudit_addr() is only present on IPv6 capable machines.
|
||||
*/
|
||||
#if defined(HAVE_AUG_GET_MACHINE) || !defined(HAVE_GETAUDIT_ADDR)
|
||||
extern int aug_get_machine(char *, u_int32_t *, u_int32_t *);
|
||||
extern int aug_get_machine(char *, u_int32_t *, u_int32_t *);
|
||||
#else
|
||||
static int
|
||||
aug_get_machine(char *host, u_int32_t *addr, u_int32_t *type)
|
||||
|
@ -183,41 +183,41 @@ getacna(char *auditstring, int len)
|
|||
scf_value_t *value = NULL;
|
||||
int ret = 0;
|
||||
|
||||
/*
|
||||
* The man page for getacna on Solaris 10 states we should return -2
|
||||
* in case of error and set errno to indicate the error. We don't
|
||||
* bother with errno here, though, since the only use of this function
|
||||
* below doesn't check for errors anyway.
|
||||
*/
|
||||
handle = scf_handle_create(SCF_VERSION);
|
||||
if (handle == NULL)
|
||||
return -2; /* The man page for getacna on Solaris 10 states
|
||||
we should return -2 in case of error and set
|
||||
errno to indicate the error. We don't bother
|
||||
with errno here, though, since the only use
|
||||
of this function below doesn't check for errors
|
||||
anyway.
|
||||
*/
|
||||
return -2;
|
||||
|
||||
ret = scf_handle_bind(handle);
|
||||
if (ret == -1)
|
||||
return -2;
|
||||
return -2;
|
||||
|
||||
property = scf_property_create(handle);
|
||||
if (property == NULL)
|
||||
return -2;
|
||||
return -2;
|
||||
|
||||
ret = scf_handle_decode_fmri(handle,
|
||||
"svc:/system/auditd:default/:properties/preselection/naflags",
|
||||
NULL, NULL, NULL, NULL, property, 0);
|
||||
"svc:/system/auditd:default/:properties/preselection/naflags",
|
||||
NULL, NULL, NULL, NULL, property, 0);
|
||||
if (ret == -1)
|
||||
return -2;
|
||||
return -2;
|
||||
|
||||
value = scf_value_create(handle);
|
||||
if (value == NULL)
|
||||
return -2;
|
||||
return -2;
|
||||
|
||||
ret = scf_property_get_value(property, value);
|
||||
if (ret == -1)
|
||||
return -2;
|
||||
return -2;
|
||||
|
||||
ret = scf_value_get_astring(value, auditstring, len);
|
||||
if (ret == -1)
|
||||
return -2;
|
||||
return -2;
|
||||
|
||||
scf_value_destroy(value);
|
||||
scf_property_destroy(property);
|
||||
|
@ -280,9 +280,10 @@ bsm_audit_record(int typ, char *string, au_event_t event_no)
|
|||
(void) au_write(ad, AUToReturnFunc(typ, rc));
|
||||
|
||||
#ifdef BROKEN_BSM_API
|
||||
/* The last argument is the event modifier flags. For
|
||||
some seemingly undocumented reason it was added in
|
||||
Solaris 11. */
|
||||
/*
|
||||
* The last argument is the event modifier flags. For some seemingly
|
||||
* undocumented reason it was added in Solaris 11.
|
||||
*/
|
||||
rc = au_close(ad, AU_TO_WRITE, event_no, 0);
|
||||
#else
|
||||
rc = au_close(ad, AU_TO_WRITE, event_no);
|
||||
|
@ -391,7 +392,7 @@ audit_session_close(struct logininfo *li)
|
|||
}
|
||||
|
||||
void
|
||||
audit_event(ssh_audit_event_t event)
|
||||
audit_event(struct ssh *ssh, ssh_audit_event_t event)
|
||||
{
|
||||
char textbuf[BSM_TEXTBUFSZ];
|
||||
static int logged_in = 0;
|
||||
|
|
|
@ -97,10 +97,8 @@ audit_session_close(struct logininfo *li)
|
|||
}
|
||||
|
||||
void
|
||||
audit_event(ssh_audit_event_t event)
|
||||
audit_event(struct ssh *ssh, ssh_audit_event_t event)
|
||||
{
|
||||
struct ssh *ssh = active_state; /* XXX */
|
||||
|
||||
switch(event) {
|
||||
case SSH_AUTH_SUCCESS:
|
||||
case SSH_CONNECTION_CLOSE:
|
||||
|
|
|
@ -131,7 +131,7 @@ audit_connection_from(const char *host, int port)
|
|||
* events and what they mean).
|
||||
*/
|
||||
void
|
||||
audit_event(ssh_audit_event_t event)
|
||||
audit_event(struct ssh *ssh, ssh_audit_event_t event)
|
||||
{
|
||||
debug("audit event euid %d user %s event %d (%s)", geteuid(),
|
||||
audit_username(), event, audit_event_lookup(event));
|
||||
|
|
|
@ -27,6 +27,8 @@
|
|||
|
||||
#include "loginrec.h"
|
||||
|
||||
struct ssh;
|
||||
|
||||
enum ssh_audit_event_type {
|
||||
SSH_LOGIN_EXCEED_MAXTRIES,
|
||||
SSH_LOGIN_ROOT_DENIED,
|
||||
|
@ -46,7 +48,7 @@ enum ssh_audit_event_type {
|
|||
typedef enum ssh_audit_event_type ssh_audit_event_t;
|
||||
|
||||
void audit_connection_from(const char *, int);
|
||||
void audit_event(ssh_audit_event_t);
|
||||
void audit_event(struct ssh *, ssh_audit_event_t);
|
||||
void audit_session_open(struct logininfo *);
|
||||
void audit_session_close(struct logininfo *);
|
||||
void audit_run_command(const char *);
|
||||
|
|
|
@ -29,8 +29,6 @@
|
|||
#include <stdarg.h>
|
||||
#include <stdio.h>
|
||||
|
||||
#include <stdarg.h>
|
||||
|
||||
#ifdef BSD_AUTH
|
||||
#include "xmalloc.h"
|
||||
#include "sshkey.h"
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: auth-krb5.c,v 1.23 2018/07/09 21:35:50 markus Exp $ */
|
||||
/* $OpenBSD: auth-krb5.c,v 1.24 2021/04/03 06:18:40 djm Exp $ */
|
||||
/*
|
||||
* Kerberos v5 authentication and ticket-passing routines.
|
||||
*
|
||||
|
@ -99,7 +99,7 @@ auth_krb5_password(Authctxt *authctxt, const char *password)
|
|||
#ifdef HEIMDAL
|
||||
# ifdef HAVE_KRB5_CC_NEW_UNIQUE
|
||||
problem = krb5_cc_new_unique(authctxt->krb5_ctx,
|
||||
krb5_mcc_ops.prefix, NULL, &ccache);
|
||||
krb5_mcc_ops.prefix, NULL, &ccache);
|
||||
# else
|
||||
problem = krb5_cc_gen_new(authctxt->krb5_ctx, &krb5_mcc_ops, &ccache);
|
||||
# endif
|
||||
|
@ -123,7 +123,7 @@ auth_krb5_password(Authctxt *authctxt, const char *password)
|
|||
|
||||
# ifdef HAVE_KRB5_CC_NEW_UNIQUE
|
||||
problem = krb5_cc_new_unique(authctxt->krb5_ctx,
|
||||
krb5_fcc_ops.prefix, NULL, &authctxt->krb5_fwd_ccache);
|
||||
krb5_fcc_ops.prefix, NULL, &authctxt->krb5_fwd_ccache);
|
||||
# else
|
||||
problem = krb5_cc_gen_new(authctxt->krb5_ctx, &krb5_fcc_ops,
|
||||
&authctxt->krb5_fwd_ccache);
|
||||
|
@ -163,17 +163,18 @@ auth_krb5_password(Authctxt *authctxt, const char *password)
|
|||
goto out;
|
||||
}
|
||||
|
||||
problem = ssh_krb5_cc_gen(authctxt->krb5_ctx, &authctxt->krb5_fwd_ccache);
|
||||
problem = ssh_krb5_cc_gen(authctxt->krb5_ctx,
|
||||
&authctxt->krb5_fwd_ccache);
|
||||
if (problem)
|
||||
goto out;
|
||||
|
||||
problem = krb5_cc_initialize(authctxt->krb5_ctx, authctxt->krb5_fwd_ccache,
|
||||
authctxt->krb5_user);
|
||||
problem = krb5_cc_initialize(authctxt->krb5_ctx,
|
||||
authctxt->krb5_fwd_ccache, authctxt->krb5_user);
|
||||
if (problem)
|
||||
goto out;
|
||||
|
||||
problem= krb5_cc_store_cred(authctxt->krb5_ctx, authctxt->krb5_fwd_ccache,
|
||||
&creds);
|
||||
problem = krb5_cc_store_cred(authctxt->krb5_ctx,
|
||||
authctxt->krb5_fwd_ccache, &creds);
|
||||
if (problem)
|
||||
goto out;
|
||||
#endif
|
||||
|
@ -202,7 +203,7 @@ auth_krb5_password(Authctxt *authctxt, const char *password)
|
|||
if (authctxt->krb5_ctx != NULL && problem!=-1) {
|
||||
errmsg = krb5_get_error_message(authctxt->krb5_ctx,
|
||||
problem);
|
||||
debug("Kerberos password authentication failed: %s",
|
||||
debug("Kerberos password authentication failed: %s",
|
||||
errmsg);
|
||||
krb5_free_error_message(authctxt->krb5_ctx, errmsg);
|
||||
} else
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: auth-options.c,v 1.84 2018/10/03 06:38:35 djm Exp $ */
|
||||
/* $OpenBSD: auth-options.c,v 1.97 2021/07/24 01:55:19 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2018 Damien Miller <djm@mindrot.org>
|
||||
*
|
||||
|
@ -19,6 +19,7 @@
|
|||
|
||||
#include <sys/types.h>
|
||||
|
||||
#include <stdlib.h>
|
||||
#include <netdb.h>
|
||||
#include <pwd.h>
|
||||
#include <string.h>
|
||||
|
@ -39,75 +40,6 @@
|
|||
#include "ssh2.h"
|
||||
#include "auth-options.h"
|
||||
|
||||
/*
|
||||
* Match flag 'opt' in *optsp, and if allow_negate is set then also match
|
||||
* 'no-opt'. Returns -1 if option not matched, 1 if option matches or 0
|
||||
* if negated option matches.
|
||||
* If the option or negated option matches, then *optsp is updated to
|
||||
* point to the first character after the option.
|
||||
*/
|
||||
static int
|
||||
opt_flag(const char *opt, int allow_negate, const char **optsp)
|
||||
{
|
||||
size_t opt_len = strlen(opt);
|
||||
const char *opts = *optsp;
|
||||
int negate = 0;
|
||||
|
||||
if (allow_negate && strncasecmp(opts, "no-", 3) == 0) {
|
||||
opts += 3;
|
||||
negate = 1;
|
||||
}
|
||||
if (strncasecmp(opts, opt, opt_len) == 0) {
|
||||
*optsp = opts + opt_len;
|
||||
return negate ? 0 : 1;
|
||||
}
|
||||
return -1;
|
||||
}
|
||||
|
||||
static char *
|
||||
opt_dequote(const char **sp, const char **errstrp)
|
||||
{
|
||||
const char *s = *sp;
|
||||
char *ret;
|
||||
size_t i;
|
||||
|
||||
*errstrp = NULL;
|
||||
if (*s != '"') {
|
||||
*errstrp = "missing start quote";
|
||||
return NULL;
|
||||
}
|
||||
s++;
|
||||
if ((ret = malloc(strlen((s)) + 1)) == NULL) {
|
||||
*errstrp = "memory allocation failed";
|
||||
return NULL;
|
||||
}
|
||||
for (i = 0; *s != '\0' && *s != '"';) {
|
||||
if (s[0] == '\\' && s[1] == '"')
|
||||
s++;
|
||||
ret[i++] = *s++;
|
||||
}
|
||||
if (*s == '\0') {
|
||||
*errstrp = "missing end quote";
|
||||
free(ret);
|
||||
return NULL;
|
||||
}
|
||||
ret[i] = '\0';
|
||||
s++;
|
||||
*sp = s;
|
||||
return ret;
|
||||
}
|
||||
|
||||
static int
|
||||
opt_match(const char **opts, const char *term)
|
||||
{
|
||||
if (strncasecmp((*opts), term, strlen(term)) == 0 &&
|
||||
(*opts)[strlen(term)] == '=') {
|
||||
*opts += strlen(term) + 1;
|
||||
return 1;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int
|
||||
dup_strings(char ***dstp, size_t *ndstp, char **src, size_t nsrc)
|
||||
{
|
||||
|
@ -147,7 +79,7 @@ cert_option_list(struct sshauthopt *opts, struct sshbuf *oblob,
|
|||
int r, ret = -1, found;
|
||||
|
||||
if ((c = sshbuf_fromb(oblob)) == NULL) {
|
||||
error("%s: sshbuf_fromb failed", __func__);
|
||||
error_f("sshbuf_fromb failed");
|
||||
goto out;
|
||||
}
|
||||
|
||||
|
@ -156,15 +88,17 @@ cert_option_list(struct sshauthopt *opts, struct sshbuf *oblob,
|
|||
data = NULL;
|
||||
if ((r = sshbuf_get_cstring(c, &name, NULL)) != 0 ||
|
||||
(r = sshbuf_froms(c, &data)) != 0) {
|
||||
error("Unable to parse certificate options: %s",
|
||||
ssh_err(r));
|
||||
error_r(r, "Unable to parse certificate options");
|
||||
goto out;
|
||||
}
|
||||
debug3("found certificate option \"%.100s\" len %zu",
|
||||
name, sshbuf_len(data));
|
||||
found = 0;
|
||||
if ((which & OPTIONS_EXTENSIONS) != 0) {
|
||||
if (strcmp(name, "permit-X11-forwarding") == 0) {
|
||||
if (strcmp(name, "no-touch-required") == 0) {
|
||||
opts->no_require_user_presence = 1;
|
||||
found = 1;
|
||||
} else if (strcmp(name, "permit-X11-forwarding") == 0) {
|
||||
opts->permit_x11_forwarding_flag = 1;
|
||||
found = 1;
|
||||
} else if (strcmp(name,
|
||||
|
@ -184,11 +118,14 @@ cert_option_list(struct sshauthopt *opts, struct sshbuf *oblob,
|
|||
}
|
||||
}
|
||||
if (!found && (which & OPTIONS_CRITICAL) != 0) {
|
||||
if (strcmp(name, "force-command") == 0) {
|
||||
if (strcmp(name, "verify-required") == 0) {
|
||||
opts->require_verify = 1;
|
||||
found = 1;
|
||||
} else if (strcmp(name, "force-command") == 0) {
|
||||
if ((r = sshbuf_get_cstring(data, &command,
|
||||
NULL)) != 0) {
|
||||
error("Unable to parse \"%s\" "
|
||||
"section: %s", name, ssh_err(r));
|
||||
error_r(r, "Unable to parse \"%s\" "
|
||||
"section", name);
|
||||
goto out;
|
||||
}
|
||||
if (opts->force_command != NULL) {
|
||||
|
@ -199,12 +136,11 @@ cert_option_list(struct sshauthopt *opts, struct sshbuf *oblob,
|
|||
}
|
||||
opts->force_command = command;
|
||||
found = 1;
|
||||
}
|
||||
if (strcmp(name, "source-address") == 0) {
|
||||
} else if (strcmp(name, "source-address") == 0) {
|
||||
if ((r = sshbuf_get_cstring(data, &allowed,
|
||||
NULL)) != 0) {
|
||||
error("Unable to parse \"%s\" "
|
||||
"section: %s", name, ssh_err(r));
|
||||
error_r(r, "Unable to parse \"%s\" "
|
||||
"section", name);
|
||||
goto out;
|
||||
}
|
||||
if (opts->required_from_host_cert != NULL) {
|
||||
|
@ -287,8 +223,7 @@ sshauthopt_free(struct sshauthopt *opts)
|
|||
free(opts->permitlisten[i]);
|
||||
free(opts->permitlisten);
|
||||
|
||||
explicit_bzero(opts, sizeof(*opts));
|
||||
free(opts);
|
||||
freezero(opts, sizeof(*opts));
|
||||
}
|
||||
|
||||
struct sshauthopt *
|
||||
|
@ -320,7 +255,7 @@ handle_permit(const char **optsp, int allow_bare_port,
|
|||
size_t npermits = *npermitsp;
|
||||
const char *errstr = "unknown error";
|
||||
|
||||
if (npermits > INT_MAX) {
|
||||
if (npermits > SSH_AUTHOPT_PERMIT_MAX) {
|
||||
*errstrp = "too many permission directives";
|
||||
return -1;
|
||||
}
|
||||
|
@ -332,7 +267,8 @@ handle_permit(const char **optsp, int allow_bare_port,
|
|||
* Allow a bare port number in permitlisten to indicate a
|
||||
* listen_host wildcard.
|
||||
*/
|
||||
if (asprintf(&tmp, "*:%s", opt) < 0) {
|
||||
if (asprintf(&tmp, "*:%s", opt) == -1) {
|
||||
free(opt);
|
||||
*errstrp = "memory allocation failed";
|
||||
return -1;
|
||||
}
|
||||
|
@ -388,6 +324,7 @@ sshauthopt_parse(const char *opts, const char **errstrp)
|
|||
struct sshauthopt *ret = NULL;
|
||||
const char *errstr = "unknown error";
|
||||
uint64_t valid_before;
|
||||
size_t i, l;
|
||||
|
||||
if (errstrp != NULL)
|
||||
*errstrp = NULL;
|
||||
|
@ -414,6 +351,10 @@ sshauthopt_parse(const char *opts, const char **errstrp)
|
|||
ret->permit_agent_forwarding_flag = r == 1;
|
||||
} else if ((r = opt_flag("x11-forwarding", 1, &opts)) != -1) {
|
||||
ret->permit_x11_forwarding_flag = r == 1;
|
||||
} else if ((r = opt_flag("touch-required", 1, &opts)) != -1) {
|
||||
ret->no_require_user_presence = r != 1; /* NB. flip */
|
||||
} else if ((r = opt_flag("verify-required", 1, &opts)) != -1) {
|
||||
ret->require_verify = r == 1;
|
||||
} else if ((r = opt_flag("pty", 1, &opts)) != -1) {
|
||||
ret->permit_pty_flag = r == 1;
|
||||
} else if ((r = opt_flag("user-rc", 1, &opts)) != -1) {
|
||||
|
@ -457,7 +398,7 @@ sshauthopt_parse(const char *opts, const char **errstrp)
|
|||
valid_before < ret->valid_before)
|
||||
ret->valid_before = valid_before;
|
||||
} else if (opt_match(&opts, "environment")) {
|
||||
if (ret->nenv > INT_MAX) {
|
||||
if (ret->nenv > SSH_AUTHOPT_ENV_MAX) {
|
||||
errstr = "too many environment strings";
|
||||
goto fail;
|
||||
}
|
||||
|
@ -469,25 +410,41 @@ sshauthopt_parse(const char *opts, const char **errstrp)
|
|||
errstr = "invalid environment string";
|
||||
goto fail;
|
||||
}
|
||||
if ((cp = strdup(opt)) == NULL)
|
||||
if ((cp = strdup(opt)) == NULL) {
|
||||
free(opt);
|
||||
goto alloc_fail;
|
||||
cp[tmp - opt] = '\0'; /* truncate at '=' */
|
||||
}
|
||||
l = (size_t)(tmp - opt);
|
||||
cp[l] = '\0'; /* truncate at '=' */
|
||||
if (!valid_env_name(cp)) {
|
||||
free(cp);
|
||||
free(opt);
|
||||
errstr = "invalid environment string";
|
||||
goto fail;
|
||||
}
|
||||
free(cp);
|
||||
/* Append it. */
|
||||
oarray = ret->env;
|
||||
if ((ret->env = recallocarray(ret->env, ret->nenv,
|
||||
ret->nenv + 1, sizeof(*ret->env))) == NULL) {
|
||||
free(opt);
|
||||
ret->env = oarray; /* put it back for cleanup */
|
||||
goto alloc_fail;
|
||||
/* Check for duplicates; XXX O(n*log(n)) */
|
||||
for (i = 0; i < ret->nenv; i++) {
|
||||
if (strncmp(ret->env[i], cp, l) == 0 &&
|
||||
ret->env[i][l] == '=')
|
||||
break;
|
||||
}
|
||||
ret->env[ret->nenv++] = opt;
|
||||
free(cp);
|
||||
/* First match wins */
|
||||
if (i >= ret->nenv) {
|
||||
/* Append it. */
|
||||
oarray = ret->env;
|
||||
if ((ret->env = recallocarray(ret->env,
|
||||
ret->nenv, ret->nenv + 1,
|
||||
sizeof(*ret->env))) == NULL) {
|
||||
free(opt);
|
||||
/* put it back for cleanup */
|
||||
ret->env = oarray;
|
||||
goto alloc_fail;
|
||||
}
|
||||
ret->env[ret->nenv++] = opt;
|
||||
opt = NULL; /* transferred */
|
||||
}
|
||||
free(opt);
|
||||
} else if (opt_match(&opts, "permitopen")) {
|
||||
if (handle_permit(&opts, 0, &ret->permitopen,
|
||||
&ret->npermitopen, &errstr) != 0)
|
||||
|
@ -634,14 +591,18 @@ sshauthopt_merge(const struct sshauthopt *primary,
|
|||
goto alloc_fail;
|
||||
}
|
||||
|
||||
/* Flags are logical-AND (i.e. must be set in both for permission) */
|
||||
#define OPTFLAG(x) ret->x = (primary->x == 1) && (additional->x == 1)
|
||||
OPTFLAG(permit_port_forwarding_flag);
|
||||
OPTFLAG(permit_agent_forwarding_flag);
|
||||
OPTFLAG(permit_x11_forwarding_flag);
|
||||
OPTFLAG(permit_pty_flag);
|
||||
OPTFLAG(permit_user_rc);
|
||||
#undef OPTFLAG
|
||||
#define OPTFLAG_AND(x) ret->x = (primary->x == 1) && (additional->x == 1)
|
||||
#define OPTFLAG_OR(x) ret->x = (primary->x == 1) || (additional->x == 1)
|
||||
/* Permissive flags are logical-AND (i.e. must be set in both) */
|
||||
OPTFLAG_AND(permit_port_forwarding_flag);
|
||||
OPTFLAG_AND(permit_agent_forwarding_flag);
|
||||
OPTFLAG_AND(permit_x11_forwarding_flag);
|
||||
OPTFLAG_AND(permit_pty_flag);
|
||||
OPTFLAG_AND(permit_user_rc);
|
||||
OPTFLAG_AND(no_require_user_presence);
|
||||
/* Restrictive flags are logical-OR (i.e. must be set in either) */
|
||||
OPTFLAG_OR(require_verify);
|
||||
#undef OPTFLAG_AND
|
||||
|
||||
/* Earliest expiry time should win */
|
||||
if (primary->valid_before != 0)
|
||||
|
@ -710,6 +671,8 @@ sshauthopt_copy(const struct sshauthopt *orig)
|
|||
OPTSCALAR(cert_authority);
|
||||
OPTSCALAR(force_tun_device);
|
||||
OPTSCALAR(valid_before);
|
||||
OPTSCALAR(no_require_user_presence);
|
||||
OPTSCALAR(require_verify);
|
||||
#undef OPTSCALAR
|
||||
#define OPTSTRING(x) \
|
||||
do { \
|
||||
|
@ -795,9 +758,11 @@ deserialise_array(struct sshbuf *m, char ***ap, size_t *np)
|
|||
*np = n;
|
||||
n = 0;
|
||||
out:
|
||||
for (i = 0; i < n; i++)
|
||||
free(a[i]);
|
||||
free(a);
|
||||
if (a != NULL) {
|
||||
for (i = 0; i < n; i++)
|
||||
free(a[i]);
|
||||
free(a);
|
||||
}
|
||||
sshbuf_free(b);
|
||||
return r;
|
||||
}
|
||||
|
@ -832,7 +797,7 @@ sshauthopt_serialise(const struct sshauthopt *opts, struct sshbuf *m,
|
|||
{
|
||||
int r = SSH_ERR_INTERNAL_ERROR;
|
||||
|
||||
/* Flag and simple integer options */
|
||||
/* Flag options */
|
||||
if ((r = sshbuf_put_u8(m, opts->permit_port_forwarding_flag)) != 0 ||
|
||||
(r = sshbuf_put_u8(m, opts->permit_agent_forwarding_flag)) != 0 ||
|
||||
(r = sshbuf_put_u8(m, opts->permit_x11_forwarding_flag)) != 0 ||
|
||||
|
@ -840,7 +805,12 @@ sshauthopt_serialise(const struct sshauthopt *opts, struct sshbuf *m,
|
|||
(r = sshbuf_put_u8(m, opts->permit_user_rc)) != 0 ||
|
||||
(r = sshbuf_put_u8(m, opts->restricted)) != 0 ||
|
||||
(r = sshbuf_put_u8(m, opts->cert_authority)) != 0 ||
|
||||
(r = sshbuf_put_u64(m, opts->valid_before)) != 0)
|
||||
(r = sshbuf_put_u8(m, opts->no_require_user_presence)) != 0 ||
|
||||
(r = sshbuf_put_u8(m, opts->require_verify)) != 0)
|
||||
return r;
|
||||
|
||||
/* Simple integer options */
|
||||
if ((r = sshbuf_put_u64(m, opts->valid_before)) != 0)
|
||||
return r;
|
||||
|
||||
/* tunnel number can be negative to indicate "unset" */
|
||||
|
@ -857,7 +827,7 @@ sshauthopt_serialise(const struct sshauthopt *opts, struct sshbuf *m,
|
|||
(r = serialise_nullable_string(m,
|
||||
untrusted ? NULL : opts->required_from_host_cert)) != 0 ||
|
||||
(r = serialise_nullable_string(m,
|
||||
untrusted ? NULL : opts->required_from_host_keys)) != 0)
|
||||
untrusted ? NULL : opts->required_from_host_keys)) != 0)
|
||||
return r;
|
||||
|
||||
/* Array options */
|
||||
|
@ -884,6 +854,7 @@ sshauthopt_deserialise(struct sshbuf *m, struct sshauthopt **optsp)
|
|||
if ((opts = calloc(1, sizeof(*opts))) == NULL)
|
||||
return SSH_ERR_ALLOC_FAIL;
|
||||
|
||||
/* Flag options */
|
||||
#define OPT_FLAG(x) \
|
||||
do { \
|
||||
if ((r = sshbuf_get_u8(m, &f)) != 0) \
|
||||
|
@ -897,8 +868,11 @@ sshauthopt_deserialise(struct sshbuf *m, struct sshauthopt **optsp)
|
|||
OPT_FLAG(permit_user_rc);
|
||||
OPT_FLAG(restricted);
|
||||
OPT_FLAG(cert_authority);
|
||||
OPT_FLAG(no_require_user_presence);
|
||||
OPT_FLAG(require_verify);
|
||||
#undef OPT_FLAG
|
||||
|
||||
/* Simple integer options */
|
||||
if ((r = sshbuf_get_u64(m, &opts->valid_before)) != 0)
|
||||
goto out;
|
||||
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: auth-options.h,v 1.27 2018/06/06 18:23:32 djm Exp $ */
|
||||
/* $OpenBSD: auth-options.h,v 1.31 2021/07/23 03:57:20 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2018 Damien Miller <djm@mindrot.org>
|
||||
|
@ -22,6 +22,12 @@
|
|||
struct passwd;
|
||||
struct sshkey;
|
||||
|
||||
/* Maximum number of permitopen/permitlisten directives to accept */
|
||||
#define SSH_AUTHOPT_PERMIT_MAX 4096
|
||||
|
||||
/* Maximum number of environment directives to accept */
|
||||
#define SSH_AUTHOPT_ENV_MAX 1024
|
||||
|
||||
/*
|
||||
* sshauthopt represents key options parsed from authorized_keys or
|
||||
* from certificate extensions/options.
|
||||
|
@ -65,6 +71,11 @@ struct sshauthopt {
|
|||
*/
|
||||
char *required_from_host_cert;
|
||||
char *required_from_host_keys;
|
||||
|
||||
/* Key requires user presence asserted */
|
||||
int no_require_user_presence;
|
||||
/* Key requires user verification (e.g. PIN) */
|
||||
int require_verify;
|
||||
};
|
||||
|
||||
struct sshauthopt *sshauthopt_new(void);
|
||||
|
|
|
@ -56,6 +56,7 @@
|
|||
#include <errno.h>
|
||||
#include <signal.h>
|
||||
#include <stdarg.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <unistd.h>
|
||||
|
||||
|
@ -99,6 +100,7 @@ extern char *__progname;
|
|||
#include "servconf.h"
|
||||
#include "ssh2.h"
|
||||
#include "auth-options.h"
|
||||
#include "misc.h"
|
||||
#ifdef GSSAPI
|
||||
#include "ssh-gss.h"
|
||||
#endif
|
||||
|
@ -151,12 +153,12 @@ static struct pam_ctxt *cleanup_ctxt;
|
|||
*/
|
||||
|
||||
static int sshpam_thread_status = -1;
|
||||
static mysig_t sshpam_oldsig;
|
||||
static sshsig_t sshpam_oldsig;
|
||||
|
||||
static void
|
||||
sshpam_sigchld_handler(int sig)
|
||||
{
|
||||
signal(SIGCHLD, SIG_DFL);
|
||||
ssh_signal(SIGCHLD, SIG_DFL);
|
||||
if (cleanup_ctxt == NULL)
|
||||
return; /* handler called after PAM cleanup, shouldn't happen */
|
||||
if (waitpid(cleanup_ctxt->pam_thread, &sshpam_thread_status, WNOHANG)
|
||||
|
@ -198,7 +200,7 @@ pthread_create(sp_pthread_t *thread, const void *attr,
|
|||
switch ((pid = fork())) {
|
||||
case -1:
|
||||
error("fork(): %s", strerror(errno));
|
||||
return (-1);
|
||||
return errno;
|
||||
case 0:
|
||||
close(ctx->pam_psock);
|
||||
ctx->pam_psock = -1;
|
||||
|
@ -208,7 +210,7 @@ pthread_create(sp_pthread_t *thread, const void *attr,
|
|||
*thread = pid;
|
||||
close(ctx->pam_csock);
|
||||
ctx->pam_csock = -1;
|
||||
sshpam_oldsig = signal(SIGCHLD, sshpam_sigchld_handler);
|
||||
sshpam_oldsig = ssh_signal(SIGCHLD, sshpam_sigchld_handler);
|
||||
return (0);
|
||||
}
|
||||
}
|
||||
|
@ -216,7 +218,7 @@ pthread_create(sp_pthread_t *thread, const void *attr,
|
|||
static int
|
||||
pthread_cancel(sp_pthread_t thread)
|
||||
{
|
||||
signal(SIGCHLD, sshpam_oldsig);
|
||||
ssh_signal(SIGCHLD, sshpam_oldsig);
|
||||
return (kill(thread, SIGTERM));
|
||||
}
|
||||
|
||||
|
@ -228,7 +230,7 @@ pthread_join(sp_pthread_t thread, void **value)
|
|||
|
||||
if (sshpam_thread_status != -1)
|
||||
return (sshpam_thread_status);
|
||||
signal(SIGCHLD, sshpam_oldsig);
|
||||
ssh_signal(SIGCHLD, sshpam_oldsig);
|
||||
while (waitpid(thread, &status, 0) == -1) {
|
||||
if (errno == EINTR)
|
||||
continue;
|
||||
|
@ -249,6 +251,9 @@ static int sshpam_maxtries_reached = 0;
|
|||
static char **sshpam_env = NULL;
|
||||
static Authctxt *sshpam_authctxt = NULL;
|
||||
static const char *sshpam_password = NULL;
|
||||
static char *sshpam_rhost = NULL;
|
||||
static char *sshpam_laddr = NULL;
|
||||
static char *sshpam_conninfo = NULL;
|
||||
|
||||
/* Some PAM implementations don't implement this */
|
||||
#ifndef HAVE_PAM_GETENVLIST
|
||||
|
@ -256,7 +261,7 @@ static char **
|
|||
pam_getenvlist(pam_handle_t *pamh)
|
||||
{
|
||||
/*
|
||||
* XXX - If necessary, we can still support envrionment passing
|
||||
* XXX - If necessary, we can still support environment passing
|
||||
* for platforms without pam_getenvlist by searching for known
|
||||
* env vars (e.g. KRB5CCNAME) from the PAM environment.
|
||||
*/
|
||||
|
@ -264,6 +269,14 @@ pam_getenvlist(pam_handle_t *pamh)
|
|||
}
|
||||
#endif
|
||||
|
||||
#ifndef HAVE_PAM_PUTENV
|
||||
static int
|
||||
pam_putenv(pam_handle_t *pamh, const char *name_value)
|
||||
{
|
||||
return PAM_SUCCESS;
|
||||
}
|
||||
#endif /* HAVE_PAM_PUTENV */
|
||||
|
||||
/*
|
||||
* Some platforms, notably Solaris, do not enforce password complexity
|
||||
* rules during pam_chauthtok() if the real uid of the calling process
|
||||
|
@ -289,7 +302,7 @@ sshpam_chauthtok_ruid(pam_handle_t *pamh, int flags)
|
|||
# define pam_chauthtok(a,b) (sshpam_chauthtok_ruid((a), (b)))
|
||||
#endif
|
||||
|
||||
void
|
||||
static void
|
||||
sshpam_password_change_required(int reqd)
|
||||
{
|
||||
extern struct sshauthopt *auth_opts;
|
||||
|
@ -358,14 +371,16 @@ import_environments(struct sshbuf *b)
|
|||
for (i = 0; i < num_env; i++) {
|
||||
if ((r = sshbuf_get_cstring(b, &env, NULL)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
#ifdef HAVE_PAM_PUTENV
|
||||
/* Errors are not fatal here */
|
||||
if ((r = pam_putenv(sshpam_handle, env)) != PAM_SUCCESS) {
|
||||
error("PAM: pam_putenv: %s",
|
||||
pam_strerror(sshpam_handle, r));
|
||||
}
|
||||
#endif
|
||||
/* XXX leak env? */
|
||||
/*
|
||||
* XXX this possibly leaks env because it is not documented
|
||||
* what pam_putenv() does with it. Does it copy it? Does it
|
||||
* take ownweship? We don't know, so it's safest just to leak.
|
||||
*/
|
||||
}
|
||||
#endif
|
||||
}
|
||||
|
@ -533,7 +548,7 @@ sshpam_thread(void *ctxtp)
|
|||
for (i = 0; environ[i] != NULL; i++) {
|
||||
/* Count */
|
||||
if (i > INT_MAX)
|
||||
fatal("%s: too many enviornment strings", __func__);
|
||||
fatal("%s: too many environment strings", __func__);
|
||||
}
|
||||
if ((r = sshbuf_put_u32(buffer, i)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
|
@ -546,7 +561,7 @@ sshpam_thread(void *ctxtp)
|
|||
for (i = 0; env_from_pam != NULL && env_from_pam[i] != NULL; i++) {
|
||||
/* Count */
|
||||
if (i > INT_MAX)
|
||||
fatal("%s: too many PAM enviornment strings", __func__);
|
||||
fatal("%s: too many PAM environment strings", __func__);
|
||||
}
|
||||
if ((r = sshbuf_put_u32(buffer, i)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
|
@ -670,13 +685,23 @@ sshpam_cleanup(void)
|
|||
}
|
||||
|
||||
static int
|
||||
sshpam_init(Authctxt *authctxt)
|
||||
sshpam_init(struct ssh *ssh, Authctxt *authctxt)
|
||||
{
|
||||
const char *pam_rhost, *pam_user, *user = authctxt->user;
|
||||
const char *pam_user, *user = authctxt->user;
|
||||
const char **ptr_pam_user = &pam_user;
|
||||
struct ssh *ssh = active_state; /* XXX */
|
||||
|
||||
if (sshpam_handle != NULL) {
|
||||
#if defined(PAM_SUN_CODEBASE) && defined(PAM_MAX_RESP_SIZE)
|
||||
/* Protect buggy PAM implementations from excessively long usernames */
|
||||
if (strlen(user) >= PAM_MAX_RESP_SIZE)
|
||||
fatal("Username too long from %s port %d",
|
||||
ssh_remote_ipaddr(ssh), ssh_remote_port(ssh));
|
||||
#endif
|
||||
if (sshpam_handle == NULL) {
|
||||
if (ssh == NULL) {
|
||||
fatal("%s: called initially with no "
|
||||
"packet context", __func__);
|
||||
}
|
||||
} if (sshpam_handle != NULL) {
|
||||
/* We already have a PAM context; check if the user matches */
|
||||
sshpam_err = pam_get_item(sshpam_handle,
|
||||
PAM_USER, (sshpam_const void **)ptr_pam_user);
|
||||
|
@ -695,14 +720,33 @@ sshpam_init(Authctxt *authctxt)
|
|||
sshpam_handle = NULL;
|
||||
return (-1);
|
||||
}
|
||||
pam_rhost = auth_get_canonical_hostname(ssh, options.use_dns);
|
||||
debug("PAM: setting PAM_RHOST to \"%s\"", pam_rhost);
|
||||
sshpam_err = pam_set_item(sshpam_handle, PAM_RHOST, pam_rhost);
|
||||
if (sshpam_err != PAM_SUCCESS) {
|
||||
pam_end(sshpam_handle, sshpam_err);
|
||||
sshpam_handle = NULL;
|
||||
return (-1);
|
||||
|
||||
if (ssh != NULL && sshpam_rhost == NULL) {
|
||||
/*
|
||||
* We need to cache these as we don't have packet context
|
||||
* during the kbdint flow.
|
||||
*/
|
||||
sshpam_rhost = xstrdup(auth_get_canonical_hostname(ssh,
|
||||
options.use_dns));
|
||||
sshpam_laddr = get_local_ipaddr(
|
||||
ssh_packet_get_connection_in(ssh));
|
||||
xasprintf(&sshpam_conninfo, "SSH_CONNECTION=%.50s %d %.50s %d",
|
||||
ssh_remote_ipaddr(ssh), ssh_remote_port(ssh),
|
||||
sshpam_laddr, ssh_local_port(ssh));
|
||||
}
|
||||
if (sshpam_rhost != NULL) {
|
||||
debug("PAM: setting PAM_RHOST to \"%s\"", sshpam_rhost);
|
||||
sshpam_err = pam_set_item(sshpam_handle, PAM_RHOST,
|
||||
sshpam_rhost);
|
||||
if (sshpam_err != PAM_SUCCESS) {
|
||||
pam_end(sshpam_handle, sshpam_err);
|
||||
sshpam_handle = NULL;
|
||||
return (-1);
|
||||
}
|
||||
/* Put SSH_CONNECTION in the PAM environment too */
|
||||
pam_putenv(sshpam_handle, sshpam_conninfo);
|
||||
}
|
||||
|
||||
#ifdef PAM_TTY_KLUDGE
|
||||
/*
|
||||
* Some silly PAM modules (e.g. pam_time) require a TTY to operate.
|
||||
|
@ -745,7 +789,7 @@ static void *
|
|||
sshpam_init_ctx(Authctxt *authctxt)
|
||||
{
|
||||
struct pam_ctxt *ctxt;
|
||||
int socks[2];
|
||||
int result, socks[2];
|
||||
|
||||
debug3("PAM: %s entering", __func__);
|
||||
/*
|
||||
|
@ -756,7 +800,7 @@ sshpam_init_ctx(Authctxt *authctxt)
|
|||
return NULL;
|
||||
|
||||
/* Initialize PAM */
|
||||
if (sshpam_init(authctxt) == -1) {
|
||||
if (sshpam_init(NULL, authctxt) == -1) {
|
||||
error("PAM: initialization failed");
|
||||
return (NULL);
|
||||
}
|
||||
|
@ -772,9 +816,10 @@ sshpam_init_ctx(Authctxt *authctxt)
|
|||
}
|
||||
ctxt->pam_psock = socks[0];
|
||||
ctxt->pam_csock = socks[1];
|
||||
if (pthread_create(&ctxt->pam_thread, NULL, sshpam_thread, ctxt) == -1) {
|
||||
result = pthread_create(&ctxt->pam_thread, NULL, sshpam_thread, ctxt);
|
||||
if (result != 0) {
|
||||
error("PAM: failed to start authentication thread: %s",
|
||||
strerror(errno));
|
||||
strerror(result));
|
||||
close(socks[0]);
|
||||
close(socks[1]);
|
||||
free(ctxt);
|
||||
|
@ -788,7 +833,6 @@ static int
|
|||
sshpam_query(void *ctx, char **name, char **info,
|
||||
u_int *num, char ***prompts, u_int **echo_on)
|
||||
{
|
||||
struct ssh *ssh = active_state; /* XXX */
|
||||
struct sshbuf *buffer;
|
||||
struct pam_ctxt *ctxt = ctx;
|
||||
size_t plen;
|
||||
|
@ -820,6 +864,7 @@ sshpam_query(void *ctx, char **name, char **info,
|
|||
plen += mlen;
|
||||
**echo_on = (type == PAM_PROMPT_ECHO_ON);
|
||||
free(msg);
|
||||
sshbuf_free(buffer);
|
||||
return (0);
|
||||
case PAM_ERROR_MSG:
|
||||
case PAM_TEXT_INFO:
|
||||
|
@ -848,6 +893,7 @@ sshpam_query(void *ctx, char **name, char **info,
|
|||
**echo_on = 0;
|
||||
ctxt->pam_done = -1;
|
||||
free(msg);
|
||||
sshbuf_free(buffer);
|
||||
return 0;
|
||||
}
|
||||
/* FALLTHROUGH */
|
||||
|
@ -874,23 +920,25 @@ sshpam_query(void *ctx, char **name, char **info,
|
|||
**echo_on = 0;
|
||||
ctxt->pam_done = 1;
|
||||
free(msg);
|
||||
sshbuf_free(buffer);
|
||||
return (0);
|
||||
}
|
||||
BLACKLIST_NOTIFY(BLACKLIST_BAD_USER,
|
||||
sshpam_authctxt->user);
|
||||
error("PAM: %s for %s%.100s from %.100s", msg,
|
||||
sshpam_authctxt->valid ? "" : "illegal user ",
|
||||
sshpam_authctxt->user,
|
||||
auth_get_canonical_hostname(ssh, options.use_dns));
|
||||
sshpam_authctxt->user, sshpam_rhost);
|
||||
/* FALLTHROUGH */
|
||||
default:
|
||||
*num = 0;
|
||||
**echo_on = 0;
|
||||
free(msg);
|
||||
ctxt->pam_done = -1;
|
||||
sshbuf_free(buffer);
|
||||
return (-1);
|
||||
}
|
||||
}
|
||||
sshbuf_free(buffer);
|
||||
return (-1);
|
||||
}
|
||||
|
||||
|
@ -998,12 +1046,14 @@ KbdintDevice mm_sshpam_device = {
|
|||
* This replaces auth-pam.c
|
||||
*/
|
||||
void
|
||||
start_pam(Authctxt *authctxt)
|
||||
start_pam(struct ssh *ssh)
|
||||
{
|
||||
Authctxt *authctxt = (Authctxt *)ssh->authctxt;
|
||||
|
||||
if (!options.use_pam)
|
||||
fatal("PAM: initialisation requested when UsePAM=no");
|
||||
|
||||
if (sshpam_init(authctxt) == -1)
|
||||
if (sshpam_init(ssh, authctxt) == -1)
|
||||
fatal("PAM: initialisation failed");
|
||||
}
|
||||
|
||||
|
@ -1182,7 +1232,6 @@ int
|
|||
do_pam_putenv(char *name, char *value)
|
||||
{
|
||||
int ret = 1;
|
||||
#ifdef HAVE_PAM_PUTENV
|
||||
char *compound;
|
||||
size_t len;
|
||||
|
||||
|
@ -1192,7 +1241,6 @@ do_pam_putenv(char *name, char *value)
|
|||
snprintf(compound, len, "%s=%s", name, value);
|
||||
ret = pam_putenv(sshpam_handle, compound);
|
||||
free(compound);
|
||||
#endif
|
||||
|
||||
return (ret);
|
||||
}
|
||||
|
@ -1347,6 +1395,5 @@ sshpam_set_maxtries_reached(int reached)
|
|||
sshpam_maxtries_reached = 1;
|
||||
options.password_authentication = 0;
|
||||
options.kbd_interactive_authentication = 0;
|
||||
options.challenge_response_authentication = 0;
|
||||
}
|
||||
#endif /* USE_PAM */
|
||||
|
|
|
@ -27,7 +27,7 @@
|
|||
|
||||
struct ssh;
|
||||
|
||||
void start_pam(Authctxt *);
|
||||
void start_pam(struct ssh *);
|
||||
void finish_pam(void);
|
||||
u_int do_pam_account(void);
|
||||
void do_pam_session(struct ssh *);
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: auth-passwd.c,v 1.47 2018/07/09 21:26:02 markus Exp $ */
|
||||
/* $OpenBSD: auth-passwd.c,v 1.48 2020/10/18 11:32:01 djm Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
|
@ -152,14 +152,14 @@ warn_expiry(Authctxt *authctxt, auth_session_t *as)
|
|||
if ((r = sshbuf_putf(loginmsg,
|
||||
"Your password will expire in %lld day%s.\n",
|
||||
daysleft, daysleft == 1 ? "" : "s")) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "buffer error");
|
||||
}
|
||||
if (actimeleft != 0 && actimeleft < acwarntime) {
|
||||
daysleft = actimeleft / DAY + 1;
|
||||
if ((r = sshbuf_putf(loginmsg,
|
||||
"Your account will expire in %lld day%s.\n",
|
||||
daysleft, daysleft == 1 ? "" : "s")) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "buffer error");
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: auth-rhosts.c,v 1.49 2018/07/09 21:35:50 markus Exp $ */
|
||||
/* $OpenBSD: auth-rhosts.c,v 1.53 2020/10/18 11:32:01 djm Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
|
@ -38,7 +38,6 @@
|
|||
#include "sshkey.h"
|
||||
#include "servconf.h"
|
||||
#include "canohost.h"
|
||||
#include "sshkey.h"
|
||||
#include "hostfile.h"
|
||||
#include "auth.h"
|
||||
|
||||
|
@ -222,9 +221,9 @@ auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname,
|
|||
* are no system-wide files.
|
||||
*/
|
||||
if (!rhosts_files[rhosts_file_index] &&
|
||||
stat(_PATH_RHOSTS_EQUIV, &st) < 0 &&
|
||||
stat(_PATH_SSH_HOSTS_EQUIV, &st) < 0) {
|
||||
debug3("%s: no hosts access files exist", __func__);
|
||||
stat(_PATH_RHOSTS_EQUIV, &st) == -1 &&
|
||||
stat(_PATH_SSH_HOSTS_EQUIV, &st) == -1) {
|
||||
debug3_f("no hosts access files exist");
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
@ -233,7 +232,7 @@ auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname,
|
|||
* shosts.equiv.
|
||||
*/
|
||||
if (pw->pw_uid == 0)
|
||||
debug3("%s: root user, ignoring system hosts files", __func__);
|
||||
debug3_f("root user, ignoring system hosts files");
|
||||
else {
|
||||
if (check_rhosts_file(_PATH_RHOSTS_EQUIV, hostname, ipaddr,
|
||||
client_user, pw->pw_name)) {
|
||||
|
@ -253,7 +252,7 @@ auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname,
|
|||
* Check that the home directory is owned by root or the user, and is
|
||||
* not group or world writable.
|
||||
*/
|
||||
if (stat(pw->pw_dir, &st) < 0) {
|
||||
if (stat(pw->pw_dir, &st) == -1) {
|
||||
logit("Rhosts authentication refused for %.100s: "
|
||||
"no home directory %.200s", pw->pw_name, pw->pw_dir);
|
||||
auth_debug_add("Rhosts authentication refused for %.100s: "
|
||||
|
@ -278,7 +277,7 @@ auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname,
|
|||
/* Check users .rhosts or .shosts. */
|
||||
snprintf(buf, sizeof buf, "%.500s/%.100s",
|
||||
pw->pw_dir, rhosts_files[rhosts_file_index]);
|
||||
if (stat(buf, &st) < 0)
|
||||
if (stat(buf, &st) == -1)
|
||||
continue;
|
||||
|
||||
/*
|
||||
|
@ -299,7 +298,9 @@ auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname,
|
|||
* Check if we have been configured to ignore .rhosts
|
||||
* and .shosts files.
|
||||
*/
|
||||
if (options.ignore_rhosts) {
|
||||
if (options.ignore_rhosts == IGNORE_RHOSTS_YES ||
|
||||
(options.ignore_rhosts == IGNORE_RHOSTS_SHOSTS &&
|
||||
strcmp(rhosts_files[rhosts_file_index], ".shosts") != 0)) {
|
||||
auth_debug_add("Server has been configured to "
|
||||
"ignore %.100s.", rhosts_files[rhosts_file_index]);
|
||||
continue;
|
||||
|
|
|
@ -1,107 +0,0 @@
|
|||
/* $OpenBSD: auth-skey.c,v 1.27 2007/01/21 01:41:54 stevesk Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2001 Markus Friedl. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
|
||||
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
||||
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
||||
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
|
||||
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "includes.h"
|
||||
|
||||
#ifdef SKEY
|
||||
|
||||
#include <sys/types.h>
|
||||
|
||||
#include <pwd.h>
|
||||
#include <stdio.h>
|
||||
|
||||
#include <skey.h>
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "hostfile.h"
|
||||
#include "auth.h"
|
||||
#include "ssh-gss.h"
|
||||
#include "log.h"
|
||||
#include "monitor_wrap.h"
|
||||
|
||||
static void *
|
||||
skey_init_ctx(Authctxt *authctxt)
|
||||
{
|
||||
return authctxt;
|
||||
}
|
||||
|
||||
int
|
||||
skey_query(void *ctx, char **name, char **infotxt,
|
||||
u_int* numprompts, char ***prompts, u_int **echo_on)
|
||||
{
|
||||
Authctxt *authctxt = ctx;
|
||||
char challenge[1024];
|
||||
struct skey skey;
|
||||
|
||||
if (_compat_skeychallenge(&skey, authctxt->user, challenge,
|
||||
sizeof(challenge)) == -1)
|
||||
return -1;
|
||||
|
||||
*name = xstrdup("");
|
||||
*infotxt = xstrdup("");
|
||||
*numprompts = 1;
|
||||
*prompts = xcalloc(*numprompts, sizeof(char *));
|
||||
*echo_on = xcalloc(*numprompts, sizeof(u_int));
|
||||
|
||||
xasprintf(*prompts, "%s%s", challenge, SKEY_PROMPT);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
int
|
||||
skey_respond(void *ctx, u_int numresponses, char **responses)
|
||||
{
|
||||
Authctxt *authctxt = ctx;
|
||||
|
||||
if (authctxt->valid &&
|
||||
numresponses == 1 &&
|
||||
skey_haskey(authctxt->pw->pw_name) == 0 &&
|
||||
skey_passcheck(authctxt->pw->pw_name, responses[0]) != -1)
|
||||
return 0;
|
||||
return -1;
|
||||
}
|
||||
|
||||
static void
|
||||
skey_free_ctx(void *ctx)
|
||||
{
|
||||
/* we don't have a special context */
|
||||
}
|
||||
|
||||
KbdintDevice skey_device = {
|
||||
"skey",
|
||||
skey_init_ctx,
|
||||
skey_query,
|
||||
skey_respond,
|
||||
skey_free_ctx
|
||||
};
|
||||
|
||||
KbdintDevice mm_skey_device = {
|
||||
"skey",
|
||||
skey_init_ctx,
|
||||
mm_skey_query,
|
||||
mm_skey_respond,
|
||||
skey_free_ctx
|
||||
};
|
||||
#endif /* SKEY */
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: auth.c,v 1.133 2018/09/12 01:19:12 djm Exp $ */
|
||||
/* $OpenBSD: auth.c,v 1.153 2021/07/05 00:50:25 dtucker Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||
*
|
||||
|
@ -33,6 +33,7 @@ __RCSID("$FreeBSD$");
|
|||
|
||||
#include <netinet/in.h>
|
||||
|
||||
#include <stdlib.h>
|
||||
#include <errno.h>
|
||||
#include <fcntl.h>
|
||||
#ifdef HAVE_PATHS_H
|
||||
|
@ -51,6 +52,7 @@ __RCSID("$FreeBSD$");
|
|||
#include <unistd.h>
|
||||
#include <limits.h>
|
||||
#include <netdb.h>
|
||||
#include <time.h>
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "match.h"
|
||||
|
@ -72,7 +74,6 @@ __RCSID("$FreeBSD$");
|
|||
#endif
|
||||
#include "authfile.h"
|
||||
#include "monitor_wrap.h"
|
||||
#include "authfile.h"
|
||||
#include "ssherr.h"
|
||||
#include "compat.h"
|
||||
#include "channels.h"
|
||||
|
@ -80,6 +81,7 @@ __RCSID("$FreeBSD$");
|
|||
|
||||
/* import */
|
||||
extern ServerOptions options;
|
||||
extern struct include_list includes;
|
||||
extern int use_privsep;
|
||||
extern struct sshbuf *loginmsg;
|
||||
extern struct passwd *privsep_pw;
|
||||
|
@ -98,9 +100,8 @@ static struct sshbuf *auth_debug;
|
|||
* Otherwise true is returned.
|
||||
*/
|
||||
int
|
||||
allowed_user(struct passwd * pw)
|
||||
allowed_user(struct ssh *ssh, struct passwd * pw)
|
||||
{
|
||||
struct ssh *ssh = active_state; /* XXX */
|
||||
struct stat st;
|
||||
const char *hostname = NULL, *ipaddr = NULL, *passwd = NULL;
|
||||
u_int i;
|
||||
|
@ -169,7 +170,7 @@ allowed_user(struct passwd * pw)
|
|||
char *shell = xstrdup((pw->pw_shell[0] == '\0') ?
|
||||
_PATH_BSHELL : pw->pw_shell); /* empty = /bin/sh */
|
||||
|
||||
if (stat(shell, &st) != 0) {
|
||||
if (stat(shell, &st) == -1) {
|
||||
logit("User %.100s not allowed because shell %.100s "
|
||||
"does not exist", pw->pw_name, shell);
|
||||
free(shell);
|
||||
|
@ -260,7 +261,7 @@ allowed_user(struct passwd * pw)
|
|||
}
|
||||
|
||||
#ifdef CUSTOM_SYS_AUTH_ALLOWED_USER
|
||||
if (!sys_auth_allowed_user(pw, &loginmsg))
|
||||
if (!sys_auth_allowed_user(pw, loginmsg))
|
||||
return 0;
|
||||
#endif
|
||||
|
||||
|
@ -310,10 +311,10 @@ format_method_key(Authctxt *authctxt)
|
|||
}
|
||||
|
||||
void
|
||||
auth_log(Authctxt *authctxt, int authenticated, int partial,
|
||||
auth_log(struct ssh *ssh, int authenticated, int partial,
|
||||
const char *method, const char *submethod)
|
||||
{
|
||||
struct ssh *ssh = active_state; /* XXX */
|
||||
Authctxt *authctxt = (Authctxt *)ssh->authctxt;
|
||||
int level = SYSLOG_LEVEL_VERBOSE;
|
||||
const char *authmsg;
|
||||
char *extra = NULL;
|
||||
|
@ -356,31 +357,33 @@ auth_log(Authctxt *authctxt, int authenticated, int partial,
|
|||
|
||||
free(extra);
|
||||
|
||||
#ifdef CUSTOM_FAILED_LOGIN
|
||||
if (authenticated == 0 && !authctxt->postponed &&
|
||||
(strcmp(method, "password") == 0 ||
|
||||
strncmp(method, "keyboard-interactive", 20) == 0 ||
|
||||
strcmp(method, "challenge-response") == 0))
|
||||
record_failed_login(authctxt->user,
|
||||
auth_get_canonical_hostname(ssh, options.use_dns), "ssh");
|
||||
# ifdef WITH_AIXAUTHENTICATE
|
||||
#if defined(CUSTOM_FAILED_LOGIN) || defined(SSH_AUDIT_EVENTS)
|
||||
if (authenticated == 0 && !(authctxt->postponed || partial)) {
|
||||
/* Log failed login attempt */
|
||||
# ifdef CUSTOM_FAILED_LOGIN
|
||||
if (strcmp(method, "password") == 0 ||
|
||||
strncmp(method, "keyboard-interactive", 20) == 0 ||
|
||||
strcmp(method, "challenge-response") == 0)
|
||||
record_failed_login(ssh, authctxt->user,
|
||||
auth_get_canonical_hostname(ssh, options.use_dns), "ssh");
|
||||
# endif
|
||||
# ifdef SSH_AUDIT_EVENTS
|
||||
audit_event(ssh, audit_classify_auth(method));
|
||||
# endif
|
||||
}
|
||||
#endif
|
||||
#if defined(CUSTOM_FAILED_LOGIN) && defined(WITH_AIXAUTHENTICATE)
|
||||
if (authenticated)
|
||||
sys_auth_record_login(authctxt->user,
|
||||
auth_get_canonical_hostname(ssh, options.use_dns), "ssh",
|
||||
&loginmsg);
|
||||
# endif
|
||||
#endif
|
||||
#ifdef SSH_AUDIT_EVENTS
|
||||
if (authenticated == 0 && !authctxt->postponed)
|
||||
audit_event(audit_classify_auth(method));
|
||||
loginmsg);
|
||||
#endif
|
||||
}
|
||||
|
||||
|
||||
void
|
||||
auth_maxtries_exceeded(Authctxt *authctxt)
|
||||
auth_maxtries_exceeded(struct ssh *ssh)
|
||||
{
|
||||
struct ssh *ssh = active_state; /* XXX */
|
||||
Authctxt *authctxt = (Authctxt *)ssh->authctxt;
|
||||
|
||||
error("maximum authentication attempts exceeded for "
|
||||
"%s%.100s from %.200s port %d ssh2",
|
||||
|
@ -388,7 +391,7 @@ auth_maxtries_exceeded(Authctxt *authctxt)
|
|||
authctxt->user,
|
||||
ssh_remote_ipaddr(ssh),
|
||||
ssh_remote_port(ssh));
|
||||
packet_disconnect("Too many authentication failures");
|
||||
ssh_packet_disconnect(ssh, "Too many authentication failures");
|
||||
/* NOTREACHED */
|
||||
}
|
||||
|
||||
|
@ -442,7 +445,7 @@ expand_authorized_keys(const char *filename, struct passwd *pw)
|
|||
* Ensure that filename starts anchored. If not, be backward
|
||||
* compatible and prepend the '%h/'
|
||||
*/
|
||||
if (*file == '/')
|
||||
if (path_absolute(file))
|
||||
return (file);
|
||||
|
||||
i = snprintf(ret, sizeof(ret), "%s/%s", pw->pw_dir, file);
|
||||
|
@ -472,7 +475,7 @@ check_key_in_hostfiles(struct passwd *pw, struct sshkey *key, const char *host,
|
|||
const struct hostkey_entry *found;
|
||||
|
||||
hostkeys = init_hostkeys();
|
||||
load_hostkeys(hostkeys, host, sysfile);
|
||||
load_hostkeys(hostkeys, host, sysfile, 0);
|
||||
if (userfile != NULL) {
|
||||
user_hostfile = tilde_expand_filename(userfile, pw->pw_uid);
|
||||
if (options.strict_modes &&
|
||||
|
@ -486,7 +489,7 @@ check_key_in_hostfiles(struct passwd *pw, struct sshkey *key, const char *host,
|
|||
user_hostfile);
|
||||
} else {
|
||||
temporarily_use_uid(pw);
|
||||
load_hostkeys(hostkeys, host, user_hostfile);
|
||||
load_hostkeys(hostkeys, host, user_hostfile, 0);
|
||||
restore_uid();
|
||||
}
|
||||
free(user_hostfile);
|
||||
|
@ -494,12 +497,12 @@ check_key_in_hostfiles(struct passwd *pw, struct sshkey *key, const char *host,
|
|||
host_status = check_key_in_hostkeys(hostkeys, key, &found);
|
||||
if (host_status == HOST_REVOKED)
|
||||
error("WARNING: revoked key for %s attempted authentication",
|
||||
found->host);
|
||||
host);
|
||||
else if (host_status == HOST_OK)
|
||||
debug("%s: key for %s found at %s:%ld", __func__,
|
||||
debug_f("key for %s found at %s:%ld",
|
||||
found->host, found->file, found->line);
|
||||
else
|
||||
debug("%s: key for host %s not found", __func__, host);
|
||||
debug_f("key for host %s not found", host);
|
||||
|
||||
free_hostkeys(hostkeys);
|
||||
|
||||
|
@ -518,11 +521,11 @@ auth_openfile(const char *file, struct passwd *pw, int strict_modes,
|
|||
if ((fd = open(file, O_RDONLY|O_NONBLOCK)) == -1) {
|
||||
if (log_missing || errno != ENOENT)
|
||||
debug("Could not open %s '%s': %s", file_type, file,
|
||||
strerror(errno));
|
||||
strerror(errno));
|
||||
return NULL;
|
||||
}
|
||||
|
||||
if (fstat(fd, &st) < 0) {
|
||||
if (fstat(fd, &st) == -1) {
|
||||
close(fd);
|
||||
return NULL;
|
||||
}
|
||||
|
@ -563,9 +566,8 @@ auth_openprincipals(const char *file, struct passwd *pw, int strict_modes)
|
|||
}
|
||||
|
||||
struct passwd *
|
||||
getpwnamallow(const char *user)
|
||||
getpwnamallow(struct ssh *ssh, const char *user)
|
||||
{
|
||||
struct ssh *ssh = active_state; /* XXX */
|
||||
#ifdef HAVE_LOGIN_CAP
|
||||
extern login_cap_t *lc;
|
||||
#ifdef HAVE_AUTH_HOSTOK
|
||||
|
@ -576,11 +578,16 @@ getpwnamallow(const char *user)
|
|||
#endif
|
||||
#endif
|
||||
struct passwd *pw;
|
||||
struct connection_info *ci = get_connection_info(1, options.use_dns);
|
||||
struct connection_info *ci;
|
||||
u_int i;
|
||||
|
||||
ci = get_connection_info(ssh, 1, options.use_dns);
|
||||
ci->user = user;
|
||||
parse_server_match_config(&options, ci);
|
||||
parse_server_match_config(&options, &includes, ci);
|
||||
log_change_level(options.log_level);
|
||||
log_verbose_reset();
|
||||
for (i = 0; i < options.num_log_verbose; i++)
|
||||
log_verbose_add(options.log_verbose[i]);
|
||||
process_permitopen(ssh, &options);
|
||||
|
||||
#if defined(_AIX) && defined(HAVE_SETAUTHDB)
|
||||
|
@ -591,34 +598,21 @@ getpwnamallow(const char *user)
|
|||
|
||||
#if defined(_AIX) && defined(HAVE_SETAUTHDB)
|
||||
aix_restoreauthdb();
|
||||
#endif
|
||||
#ifdef HAVE_CYGWIN
|
||||
/*
|
||||
* Windows usernames are case-insensitive. To avoid later problems
|
||||
* when trying to match the username, the user is only allowed to
|
||||
* login if the username is given in the same case as stored in the
|
||||
* user database.
|
||||
*/
|
||||
if (pw != NULL && strcmp(user, pw->pw_name) != 0) {
|
||||
logit("Login name %.100s does not match stored username %.100s",
|
||||
user, pw->pw_name);
|
||||
pw = NULL;
|
||||
}
|
||||
#endif
|
||||
if (pw == NULL) {
|
||||
BLACKLIST_NOTIFY(BLACKLIST_BAD_USER, user);
|
||||
logit("Invalid user %.100s from %.100s port %d",
|
||||
user, ssh_remote_ipaddr(ssh), ssh_remote_port(ssh));
|
||||
#ifdef CUSTOM_FAILED_LOGIN
|
||||
record_failed_login(user,
|
||||
record_failed_login(ssh, user,
|
||||
auth_get_canonical_hostname(ssh, options.use_dns), "ssh");
|
||||
#endif
|
||||
#ifdef SSH_AUDIT_EVENTS
|
||||
audit_event(SSH_INVALID_USER);
|
||||
audit_event(ssh, SSH_INVALID_USER);
|
||||
#endif /* SSH_AUDIT_EVENTS */
|
||||
return (NULL);
|
||||
}
|
||||
if (!allowed_user(pw))
|
||||
if (!allowed_user(ssh, pw))
|
||||
return (NULL);
|
||||
#ifdef HAVE_LOGIN_CAP
|
||||
if ((lc = login_getpwclass(pw)) == NULL) {
|
||||
|
@ -667,7 +661,7 @@ auth_key_is_revoked(struct sshkey *key)
|
|||
if ((fp = sshkey_fingerprint(key, options.fingerprint_hash,
|
||||
SSH_FP_DEFAULT)) == NULL) {
|
||||
r = SSH_ERR_ALLOC_FAIL;
|
||||
error("%s: fingerprint key: %s", __func__, ssh_err(r));
|
||||
error_fr(r, "fingerprint key");
|
||||
goto out;
|
||||
}
|
||||
|
||||
|
@ -680,9 +674,9 @@ auth_key_is_revoked(struct sshkey *key)
|
|||
sshkey_type(key), fp, options.revoked_keys_file);
|
||||
goto out;
|
||||
default:
|
||||
error("Error checking authentication key %s %s in "
|
||||
"revoked keys file %s: %s", sshkey_type(key), fp,
|
||||
options.revoked_keys_file, ssh_err(r));
|
||||
error_r(r, "Error checking authentication key %s %s in "
|
||||
"revoked keys file %s", sshkey_type(key), fp,
|
||||
options.revoked_keys_file);
|
||||
goto out;
|
||||
}
|
||||
|
||||
|
@ -708,13 +702,12 @@ auth_debug_add(const char *fmt,...)
|
|||
vsnprintf(buf, sizeof(buf), fmt, args);
|
||||
va_end(args);
|
||||
if ((r = sshbuf_put_cstring(auth_debug, buf)) != 0)
|
||||
fatal("%s: sshbuf_put_cstring: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "sshbuf_put_cstring");
|
||||
}
|
||||
|
||||
void
|
||||
auth_debug_send(void)
|
||||
auth_debug_send(struct ssh *ssh)
|
||||
{
|
||||
struct ssh *ssh = active_state; /* XXX */
|
||||
char *msg;
|
||||
int r;
|
||||
|
||||
|
@ -722,8 +715,7 @@ auth_debug_send(void)
|
|||
return;
|
||||
while (sshbuf_len(auth_debug) != 0) {
|
||||
if ((r = sshbuf_get_cstring(auth_debug, &msg, NULL)) != 0)
|
||||
fatal("%s: sshbuf_get_cstring: %s",
|
||||
__func__, ssh_err(r));
|
||||
fatal_fr(r, "sshbuf_get_cstring");
|
||||
ssh_packet_send_debug(ssh, "%s", msg);
|
||||
free(msg);
|
||||
}
|
||||
|
@ -735,7 +727,7 @@ auth_debug_reset(void)
|
|||
if (auth_debug != NULL)
|
||||
sshbuf_reset(auth_debug);
|
||||
else if ((auth_debug = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
}
|
||||
|
||||
struct passwd *
|
||||
|
@ -766,9 +758,7 @@ fakepw(void)
|
|||
* be freed. NB. this will usually trigger a DNS query the first time it is
|
||||
* called.
|
||||
* This function does additional checks on the hostname to mitigate some
|
||||
* attacks on legacy rhosts-style authentication.
|
||||
* XXX is RhostsRSAAuthentication vulnerable to these?
|
||||
* XXX Can we remove these checks? (or if not, remove RhostsRSAAuthentication?)
|
||||
* attacks on based on conflation of hostnames and IP addresses.
|
||||
*/
|
||||
|
||||
static char *
|
||||
|
@ -784,9 +774,9 @@ remote_hostname(struct ssh *ssh)
|
|||
fromlen = sizeof(from);
|
||||
memset(&from, 0, sizeof(from));
|
||||
if (getpeername(ssh_packet_get_connection_in(ssh),
|
||||
(struct sockaddr *)&from, &fromlen) < 0) {
|
||||
(struct sockaddr *)&from, &fromlen) == -1) {
|
||||
debug("getpeername failed: %.100s", strerror(errno));
|
||||
return strdup(ntop);
|
||||
return xstrdup(ntop);
|
||||
}
|
||||
|
||||
ipv64_normalise_mapped(&from, &fromlen);
|
||||
|
@ -798,7 +788,7 @@ remote_hostname(struct ssh *ssh)
|
|||
if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name),
|
||||
NULL, 0, NI_NAMEREQD) != 0) {
|
||||
/* Host name not found. Use ip address. */
|
||||
return strdup(ntop);
|
||||
return xstrdup(ntop);
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -813,7 +803,7 @@ remote_hostname(struct ssh *ssh)
|
|||
logit("Nasty PTR record \"%s\" is set up for %s, ignoring",
|
||||
name, ntop);
|
||||
freeaddrinfo(ai);
|
||||
return strdup(ntop);
|
||||
return xstrdup(ntop);
|
||||
}
|
||||
|
||||
/* Names are stored in lowercase. */
|
||||
|
@ -834,7 +824,7 @@ remote_hostname(struct ssh *ssh)
|
|||
if (getaddrinfo(name, NULL, &hints, &aitop) != 0) {
|
||||
logit("reverse mapping checking getaddrinfo for %.700s "
|
||||
"[%s] failed.", name, ntop);
|
||||
return strdup(ntop);
|
||||
return xstrdup(ntop);
|
||||
}
|
||||
/* Look for the address from the list of addresses. */
|
||||
for (ai = aitop; ai; ai = ai->ai_next) {
|
||||
|
@ -849,9 +839,9 @@ remote_hostname(struct ssh *ssh)
|
|||
/* Address not found for the host name. */
|
||||
logit("Address %.100s maps to %.600s, but this does not "
|
||||
"map back to the address.", ntop, name);
|
||||
return strdup(ntop);
|
||||
return xstrdup(ntop);
|
||||
}
|
||||
return strdup(name);
|
||||
return xstrdup(name);
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -875,158 +865,6 @@ auth_get_canonical_hostname(struct ssh *ssh, int use_dns)
|
|||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Runs command in a subprocess with a minimal environment.
|
||||
* Returns pid on success, 0 on failure.
|
||||
* The child stdout and stderr maybe captured, left attached or sent to
|
||||
* /dev/null depending on the contents of flags.
|
||||
* "tag" is prepended to log messages.
|
||||
* NB. "command" is only used for logging; the actual command executed is
|
||||
* av[0].
|
||||
*/
|
||||
pid_t
|
||||
subprocess(const char *tag, struct passwd *pw, const char *command,
|
||||
int ac, char **av, FILE **child, u_int flags)
|
||||
{
|
||||
FILE *f = NULL;
|
||||
struct stat st;
|
||||
int fd, devnull, p[2], i;
|
||||
pid_t pid;
|
||||
char *cp, errmsg[512];
|
||||
u_int envsize;
|
||||
char **child_env;
|
||||
|
||||
if (child != NULL)
|
||||
*child = NULL;
|
||||
|
||||
debug3("%s: %s command \"%s\" running as %s (flags 0x%x)", __func__,
|
||||
tag, command, pw->pw_name, flags);
|
||||
|
||||
/* Check consistency */
|
||||
if ((flags & SSH_SUBPROCESS_STDOUT_DISCARD) != 0 &&
|
||||
(flags & SSH_SUBPROCESS_STDOUT_CAPTURE) != 0) {
|
||||
error("%s: inconsistent flags", __func__);
|
||||
return 0;
|
||||
}
|
||||
if (((flags & SSH_SUBPROCESS_STDOUT_CAPTURE) == 0) != (child == NULL)) {
|
||||
error("%s: inconsistent flags/output", __func__);
|
||||
return 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* If executing an explicit binary, then verify the it exists
|
||||
* and appears safe-ish to execute
|
||||
*/
|
||||
if (*av[0] != '/') {
|
||||
error("%s path is not absolute", tag);
|
||||
return 0;
|
||||
}
|
||||
temporarily_use_uid(pw);
|
||||
if (stat(av[0], &st) < 0) {
|
||||
error("Could not stat %s \"%s\": %s", tag,
|
||||
av[0], strerror(errno));
|
||||
restore_uid();
|
||||
return 0;
|
||||
}
|
||||
if (safe_path(av[0], &st, NULL, 0, errmsg, sizeof(errmsg)) != 0) {
|
||||
error("Unsafe %s \"%s\": %s", tag, av[0], errmsg);
|
||||
restore_uid();
|
||||
return 0;
|
||||
}
|
||||
/* Prepare to keep the child's stdout if requested */
|
||||
if (pipe(p) != 0) {
|
||||
error("%s: pipe: %s", tag, strerror(errno));
|
||||
restore_uid();
|
||||
return 0;
|
||||
}
|
||||
restore_uid();
|
||||
|
||||
switch ((pid = fork())) {
|
||||
case -1: /* error */
|
||||
error("%s: fork: %s", tag, strerror(errno));
|
||||
close(p[0]);
|
||||
close(p[1]);
|
||||
return 0;
|
||||
case 0: /* child */
|
||||
/* Prepare a minimal environment for the child. */
|
||||
envsize = 5;
|
||||
child_env = xcalloc(sizeof(*child_env), envsize);
|
||||
child_set_env(&child_env, &envsize, "PATH", _PATH_STDPATH);
|
||||
child_set_env(&child_env, &envsize, "USER", pw->pw_name);
|
||||
child_set_env(&child_env, &envsize, "LOGNAME", pw->pw_name);
|
||||
child_set_env(&child_env, &envsize, "HOME", pw->pw_dir);
|
||||
if ((cp = getenv("LANG")) != NULL)
|
||||
child_set_env(&child_env, &envsize, "LANG", cp);
|
||||
|
||||
for (i = 0; i < NSIG; i++)
|
||||
signal(i, SIG_DFL);
|
||||
|
||||
if ((devnull = open(_PATH_DEVNULL, O_RDWR)) == -1) {
|
||||
error("%s: open %s: %s", tag, _PATH_DEVNULL,
|
||||
strerror(errno));
|
||||
_exit(1);
|
||||
}
|
||||
if (dup2(devnull, STDIN_FILENO) == -1) {
|
||||
error("%s: dup2: %s", tag, strerror(errno));
|
||||
_exit(1);
|
||||
}
|
||||
|
||||
/* Set up stdout as requested; leave stderr in place for now. */
|
||||
fd = -1;
|
||||
if ((flags & SSH_SUBPROCESS_STDOUT_CAPTURE) != 0)
|
||||
fd = p[1];
|
||||
else if ((flags & SSH_SUBPROCESS_STDOUT_DISCARD) != 0)
|
||||
fd = devnull;
|
||||
if (fd != -1 && dup2(fd, STDOUT_FILENO) == -1) {
|
||||
error("%s: dup2: %s", tag, strerror(errno));
|
||||
_exit(1);
|
||||
}
|
||||
closefrom(STDERR_FILENO + 1);
|
||||
|
||||
/* Don't use permanently_set_uid() here to avoid fatal() */
|
||||
if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) != 0) {
|
||||
error("%s: setresgid %u: %s", tag, (u_int)pw->pw_gid,
|
||||
strerror(errno));
|
||||
_exit(1);
|
||||
}
|
||||
if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) != 0) {
|
||||
error("%s: setresuid %u: %s", tag, (u_int)pw->pw_uid,
|
||||
strerror(errno));
|
||||
_exit(1);
|
||||
}
|
||||
/* stdin is pointed to /dev/null at this point */
|
||||
if ((flags & SSH_SUBPROCESS_STDOUT_DISCARD) != 0 &&
|
||||
dup2(STDIN_FILENO, STDERR_FILENO) == -1) {
|
||||
error("%s: dup2: %s", tag, strerror(errno));
|
||||
_exit(1);
|
||||
}
|
||||
|
||||
execve(av[0], av, child_env);
|
||||
error("%s exec \"%s\": %s", tag, command, strerror(errno));
|
||||
_exit(127);
|
||||
default: /* parent */
|
||||
break;
|
||||
}
|
||||
|
||||
close(p[1]);
|
||||
if ((flags & SSH_SUBPROCESS_STDOUT_CAPTURE) == 0)
|
||||
close(p[0]);
|
||||
else if ((f = fdopen(p[0], "r")) == NULL) {
|
||||
error("%s: fdopen: %s", tag, strerror(errno));
|
||||
close(p[0]);
|
||||
/* Don't leave zombie child */
|
||||
kill(pid, SIGTERM);
|
||||
while (waitpid(pid, NULL, 0) == -1 && errno == EINTR)
|
||||
;
|
||||
return 0;
|
||||
}
|
||||
/* Success */
|
||||
debug3("%s: %s pid %ld", __func__, tag, (long)pid);
|
||||
if (child != NULL)
|
||||
*child = f;
|
||||
return pid;
|
||||
}
|
||||
|
||||
/* These functions link key/cert options to the auth framework */
|
||||
|
||||
/* Log sshauthopt options locally and (optionally) for remote transmission */
|
||||
|
@ -1043,16 +881,18 @@ auth_log_authopts(const char *loc, const struct sshauthopt *opts, int do_remote)
|
|||
|
||||
snprintf(buf, sizeof(buf), "%d", opts->force_tun_device);
|
||||
/* Try to keep this alphabetically sorted */
|
||||
snprintf(msg, sizeof(msg), "key options:%s%s%s%s%s%s%s%s%s%s%s%s%s",
|
||||
snprintf(msg, sizeof(msg), "key options:%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s",
|
||||
opts->permit_agent_forwarding_flag ? " agent-forwarding" : "",
|
||||
opts->force_command == NULL ? "" : " command",
|
||||
do_env ? " environment" : "",
|
||||
opts->valid_before == 0 ? "" : "expires",
|
||||
opts->no_require_user_presence ? " no-touch-required" : "",
|
||||
do_permitopen ? " permitopen" : "",
|
||||
do_permitlisten ? " permitlisten" : "",
|
||||
opts->permit_port_forwarding_flag ? " port-forwarding" : "",
|
||||
opts->cert_principals == NULL ? "" : " principals",
|
||||
opts->permit_pty_flag ? " pty" : "",
|
||||
opts->require_verify ? " uv" : "",
|
||||
opts->force_tun_device == -1 ? "" : " tun=",
|
||||
opts->force_tun_device == -1 ? "" : buf,
|
||||
opts->permit_user_rc ? " user-rc" : "",
|
||||
|
@ -1104,7 +944,7 @@ auth_activate_options(struct ssh *ssh, struct sshauthopt *opts)
|
|||
struct sshauthopt *old = auth_opts;
|
||||
const char *emsg = NULL;
|
||||
|
||||
debug("%s: setting new authentication options", __func__);
|
||||
debug_f("setting new authentication options");
|
||||
if ((auth_opts = sshauthopt_merge(old, opts, &emsg)) == NULL) {
|
||||
error("Inconsistent authentication options: %s", emsg);
|
||||
return -1;
|
||||
|
@ -1118,7 +958,7 @@ auth_restrict_session(struct ssh *ssh)
|
|||
{
|
||||
struct sshauthopt *restricted;
|
||||
|
||||
debug("%s: restricting session", __func__);
|
||||
debug_f("restricting session");
|
||||
|
||||
/* A blank sshauthopt defaults to permitting nothing */
|
||||
restricted = sshauthopt_new();
|
||||
|
@ -1126,7 +966,7 @@ auth_restrict_session(struct ssh *ssh)
|
|||
restricted->restricted = 1;
|
||||
|
||||
if (auth_activate_options(ssh, restricted) != 0)
|
||||
fatal("%s: failed to restrict session", __func__);
|
||||
fatal_f("failed to restrict session");
|
||||
sshauthopt_free(restricted);
|
||||
}
|
||||
|
||||
|
@ -1201,8 +1041,7 @@ auth_authorise_keyopts(struct ssh *ssh, struct passwd *pw,
|
|||
case -1:
|
||||
default:
|
||||
/* invalid */
|
||||
error("%s: Certificate source-address invalid",
|
||||
loc);
|
||||
error("%s: Certificate source-address invalid", loc);
|
||||
/* FALLTHROUGH */
|
||||
case 0:
|
||||
logit("%s: Authentication tried for %.100s with valid "
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: auth.h,v 1.96 2018/04/10 00:10:49 djm Exp $ */
|
||||
/* $OpenBSD: auth.h,v 1.101 2020/12/22 00:12:22 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||
|
@ -30,8 +30,6 @@
|
|||
|
||||
#include <signal.h>
|
||||
|
||||
#include <openssl/rsa.h>
|
||||
|
||||
#ifdef HAVE_LOGIN_CAP
|
||||
#include <login_cap.h>
|
||||
#endif
|
||||
|
@ -132,8 +130,8 @@ auth_rhosts2(struct passwd *, const char *, const char *, const char *);
|
|||
|
||||
int auth_password(struct ssh *, const char *);
|
||||
|
||||
int hostbased_key_allowed(struct passwd *, const char *, char *,
|
||||
struct sshkey *);
|
||||
int hostbased_key_allowed(struct ssh *, struct passwd *,
|
||||
const char *, char *, struct sshkey *);
|
||||
int user_key_allowed(struct ssh *, struct passwd *, struct sshkey *, int,
|
||||
struct sshauthopt **);
|
||||
int auth2_key_already_used(Authctxt *, const struct sshkey *);
|
||||
|
@ -166,15 +164,13 @@ int auth_shadow_pwexpired(Authctxt *);
|
|||
#include "audit.h"
|
||||
void remove_kbdint_device(const char *);
|
||||
|
||||
void do_authentication2(Authctxt *);
|
||||
void do_authentication2(struct ssh *);
|
||||
|
||||
void auth_log(Authctxt *, int, int, const char *, const char *);
|
||||
void auth_maxtries_exceeded(Authctxt *) __attribute__((noreturn));
|
||||
void auth_log(struct ssh *, int, int, const char *, const char *);
|
||||
void auth_maxtries_exceeded(struct ssh *) __attribute__((noreturn));
|
||||
void userauth_finish(struct ssh *, int, const char *, const char *);
|
||||
int auth_root_allowed(struct ssh *, const char *);
|
||||
|
||||
void userauth_send_banner(const char *);
|
||||
|
||||
char *auth2_read_banner(void);
|
||||
int auth2_methods_valid(const char *, int);
|
||||
int auth2_update_methods_lists(Authctxt *, const char *, const char *);
|
||||
|
@ -188,8 +184,8 @@ void auth2_challenge_stop(struct ssh *);
|
|||
int bsdauth_query(void *, char **, char **, u_int *, char ***, u_int **);
|
||||
int bsdauth_respond(void *, u_int, char **);
|
||||
|
||||
int allowed_user(struct passwd *);
|
||||
struct passwd * getpwnamallow(const char *user);
|
||||
int allowed_user(struct ssh *, struct passwd *);
|
||||
struct passwd * getpwnamallow(struct ssh *, const char *user);
|
||||
|
||||
char *expand_authorized_keys(const char *, struct passwd *pw);
|
||||
char *authorized_principals_file(struct passwd *);
|
||||
|
@ -210,8 +206,8 @@ struct sshkey *get_hostkey_public_by_index(int, struct ssh *);
|
|||
struct sshkey *get_hostkey_public_by_type(int, int, struct ssh *);
|
||||
struct sshkey *get_hostkey_private_by_type(int, int, struct ssh *);
|
||||
int get_hostkey_index(struct sshkey *, int, struct ssh *);
|
||||
int sshd_hostkey_sign(struct sshkey *, struct sshkey *, u_char **,
|
||||
size_t *, const u_char *, size_t, const char *, u_int);
|
||||
int sshd_hostkey_sign(struct ssh *, struct sshkey *, struct sshkey *,
|
||||
u_char **, size_t *, const u_char *, size_t, const char *);
|
||||
|
||||
/* Key / cert options linkage to auth layer */
|
||||
const struct sshauthopt *auth_options(struct ssh *);
|
||||
|
@ -224,21 +220,15 @@ void auth_log_authopts(const char *, const struct sshauthopt *, int);
|
|||
/* debug messages during authentication */
|
||||
void auth_debug_add(const char *fmt,...)
|
||||
__attribute__((format(printf, 1, 2)));
|
||||
void auth_debug_send(void);
|
||||
void auth_debug_send(struct ssh *);
|
||||
void auth_debug_reset(void);
|
||||
|
||||
struct passwd *fakepw(void);
|
||||
|
||||
#define SSH_SUBPROCESS_STDOUT_DISCARD (1) /* Discard stdout */
|
||||
#define SSH_SUBPROCESS_STDOUT_CAPTURE (1<<1) /* Redirect stdout */
|
||||
#define SSH_SUBPROCESS_STDERR_DISCARD (1<<2) /* Discard stderr */
|
||||
pid_t subprocess(const char *, struct passwd *,
|
||||
const char *, int, char **, FILE **, u_int flags);
|
||||
|
||||
int sys_auth_passwd(struct ssh *, const char *);
|
||||
|
||||
#if defined(KRB5) && !defined(HEIMDAL)
|
||||
#include <krb5.h>
|
||||
krb5_error_code ssh_krb5_cc_gen(krb5_context, krb5_ccache *);
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#endif /* AUTH_H */
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: auth2-chall.c,v 1.50 2018/07/11 18:55:11 markus Exp $ */
|
||||
/* $OpenBSD: auth2-chall.c,v 1.54 2020/10/18 11:32:01 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2001 Markus Friedl. All rights reserved.
|
||||
* Copyright (c) 2001 Per Allansson. All rights reserved.
|
||||
|
@ -28,9 +28,10 @@
|
|||
|
||||
#include <sys/types.h>
|
||||
|
||||
#include <stdarg.h>
|
||||
#include <stdlib.h>
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <stdarg.h>
|
||||
|
||||
#include "xmalloc.h"
|
||||
#include "ssh2.h"
|
||||
|
@ -111,15 +112,14 @@ kbdint_alloc(const char *devs)
|
|||
kbdintctxt = xcalloc(1, sizeof(KbdintAuthctxt));
|
||||
if (strcmp(devs, "") == 0) {
|
||||
if ((b = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
for (i = 0; devices[i]; i++) {
|
||||
if ((r = sshbuf_putf(b, "%s%s",
|
||||
sshbuf_len(b) ? "," : "", devices[i]->name)) != 0)
|
||||
fatal("%s: buffer error: %s",
|
||||
__func__, ssh_err(r));
|
||||
fatal_fr(r, "buffer error");
|
||||
}
|
||||
if ((kbdintctxt->devices = sshbuf_dup_string(b)) == NULL)
|
||||
fatal("%s: sshbuf_dup_string failed", __func__);
|
||||
fatal_f("sshbuf_dup_string failed");
|
||||
sshbuf_free(b);
|
||||
} else {
|
||||
kbdintctxt->devices = xstrdup(devs);
|
||||
|
@ -146,8 +146,7 @@ kbdint_free(KbdintAuthctxt *kbdintctxt)
|
|||
if (kbdintctxt->device)
|
||||
kbdint_reset_device(kbdintctxt);
|
||||
free(kbdintctxt->devices);
|
||||
explicit_bzero(kbdintctxt, sizeof(*kbdintctxt));
|
||||
free(kbdintctxt);
|
||||
freezero(kbdintctxt, sizeof(*kbdintctxt));
|
||||
}
|
||||
/* get next device */
|
||||
static int
|
||||
|
@ -268,15 +267,15 @@ send_userauth_info_request(struct ssh *ssh)
|
|||
(r = sshpkt_put_cstring(ssh, instr)) != 0 ||
|
||||
(r = sshpkt_put_cstring(ssh, "")) != 0 || /* language not used */
|
||||
(r = sshpkt_put_u32(ssh, kbdintctxt->nreq)) != 0)
|
||||
fatal("%s: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "start packet");
|
||||
for (i = 0; i < kbdintctxt->nreq; i++) {
|
||||
if ((r = sshpkt_put_cstring(ssh, prompts[i])) != 0 ||
|
||||
(r = sshpkt_put_u8(ssh, echo_on[i])) != 0)
|
||||
fatal("%s: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "assemble packet");
|
||||
}
|
||||
if ((r = sshpkt_send(ssh)) != 0 ||
|
||||
(r = ssh_packet_write_wait(ssh)) != 0)
|
||||
fatal("%s: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "send packet");
|
||||
|
||||
for (i = 0; i < kbdintctxt->nreq; i++)
|
||||
free(prompts[i]);
|
||||
|
@ -299,29 +298,29 @@ input_userauth_info_response(int type, u_int32_t seq, struct ssh *ssh)
|
|||
char **response = NULL;
|
||||
|
||||
if (authctxt == NULL)
|
||||
fatal("input_userauth_info_response: no authctxt");
|
||||
fatal_f("no authctxt");
|
||||
kbdintctxt = authctxt->kbdintctxt;
|
||||
if (kbdintctxt == NULL || kbdintctxt->ctxt == NULL)
|
||||
fatal("input_userauth_info_response: no kbdintctxt");
|
||||
fatal_f("no kbdintctxt");
|
||||
if (kbdintctxt->device == NULL)
|
||||
fatal("input_userauth_info_response: no device");
|
||||
fatal_f("no device");
|
||||
|
||||
authctxt->postponed = 0; /* reset */
|
||||
if ((r = sshpkt_get_u32(ssh, &nresp)) != 0)
|
||||
fatal("%s: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse packet");
|
||||
if (nresp != kbdintctxt->nreq)
|
||||
fatal("input_userauth_info_response: wrong number of replies");
|
||||
fatal_f("wrong number of replies");
|
||||
if (nresp > 100)
|
||||
fatal("input_userauth_info_response: too many replies");
|
||||
fatal_f("too many replies");
|
||||
if (nresp > 0) {
|
||||
response = xcalloc(nresp, sizeof(char *));
|
||||
for (i = 0; i < nresp; i++)
|
||||
if ((r = sshpkt_get_cstring(ssh, &response[i],
|
||||
NULL)) != 0)
|
||||
fatal("%s: %s", __func__, ssh_err(r));
|
||||
for (i = 0; i < nresp; i++) {
|
||||
if ((r = sshpkt_get_cstring(ssh, &response[i], NULL)) != 0)
|
||||
fatal_fr(r, "parse response");
|
||||
}
|
||||
}
|
||||
if ((r = sshpkt_get_end(ssh)) != 0)
|
||||
fatal("%s: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse packet");
|
||||
|
||||
res = kbdintctxt->device->respond(kbdintctxt->ctxt, nresp, response);
|
||||
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: auth2-gss.c,v 1.29 2018/07/31 03:10:27 djm Exp $ */
|
||||
/* $OpenBSD: auth2-gss.c,v 1.32 2021/01/27 10:15:08 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
|
||||
|
@ -44,6 +44,7 @@
|
|||
#include "misc.h"
|
||||
#include "servconf.h"
|
||||
#include "packet.h"
|
||||
#include "kex.h"
|
||||
#include "ssh-gss.h"
|
||||
#include "monitor_wrap.h"
|
||||
|
||||
|
@ -71,7 +72,7 @@ userauth_gssapi(struct ssh *ssh)
|
|||
u_char *doid = NULL;
|
||||
|
||||
if ((r = sshpkt_get_u32(ssh, &mechs)) != 0)
|
||||
fatal("%s: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse packet");
|
||||
|
||||
if (mechs == 0) {
|
||||
debug("Mechanism negotiation is not supported");
|
||||
|
@ -85,7 +86,7 @@ userauth_gssapi(struct ssh *ssh)
|
|||
|
||||
present = 0;
|
||||
if ((r = sshpkt_get_string(ssh, &doid, &len)) != 0)
|
||||
fatal("%s: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse oid");
|
||||
|
||||
if (len > 2 && doid[0] == SSH_GSS_OIDTYPE &&
|
||||
doid[1] == len - 2) {
|
||||
|
@ -104,7 +105,7 @@ userauth_gssapi(struct ssh *ssh)
|
|||
}
|
||||
|
||||
if (!authctxt->valid || authctxt->user == NULL) {
|
||||
debug2("%s: disabled because of invalid user", __func__);
|
||||
debug2_f("disabled because of invalid user");
|
||||
free(doid);
|
||||
return (0);
|
||||
}
|
||||
|
@ -123,7 +124,7 @@ userauth_gssapi(struct ssh *ssh)
|
|||
if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_GSSAPI_RESPONSE)) != 0 ||
|
||||
(r = sshpkt_put_string(ssh, doid, len)) != 0 ||
|
||||
(r = sshpkt_send(ssh)) != 0)
|
||||
fatal("%s: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "send packet");
|
||||
|
||||
free(doid);
|
||||
|
||||
|
@ -152,7 +153,7 @@ input_gssapi_token(int type, u_int32_t plen, struct ssh *ssh)
|
|||
gssctxt = authctxt->methoddata;
|
||||
if ((r = sshpkt_get_string(ssh, &p, &len)) != 0 ||
|
||||
(r = sshpkt_get_end(ssh)) != 0)
|
||||
fatal("%s: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse packet");
|
||||
|
||||
recv_tok.value = p;
|
||||
recv_tok.length = len;
|
||||
|
@ -168,7 +169,7 @@ input_gssapi_token(int type, u_int32_t plen, struct ssh *ssh)
|
|||
(r = sshpkt_put_string(ssh, send_tok.value,
|
||||
send_tok.length)) != 0 ||
|
||||
(r = sshpkt_send(ssh)) != 0)
|
||||
fatal("%s: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "send ERRTOK packet");
|
||||
}
|
||||
authctxt->postponed = 0;
|
||||
ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
|
||||
|
@ -180,7 +181,7 @@ input_gssapi_token(int type, u_int32_t plen, struct ssh *ssh)
|
|||
(r = sshpkt_put_string(ssh, send_tok.value,
|
||||
send_tok.length)) != 0 ||
|
||||
(r = sshpkt_send(ssh)) != 0)
|
||||
fatal("%s: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "send TOKEN packet");
|
||||
}
|
||||
if (maj_status == GSS_S_COMPLETE) {
|
||||
ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
|
||||
|
@ -216,7 +217,7 @@ input_gssapi_errtok(int type, u_int32_t plen, struct ssh *ssh)
|
|||
gssctxt = authctxt->methoddata;
|
||||
if ((r = sshpkt_get_string(ssh, &p, &len)) != 0 ||
|
||||
(r = sshpkt_get_end(ssh)) != 0)
|
||||
fatal("%s: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse packet");
|
||||
recv_tok.value = p;
|
||||
recv_tok.length = len;
|
||||
|
||||
|
@ -258,7 +259,7 @@ input_gssapi_exchange_complete(int type, u_int32_t plen, struct ssh *ssh)
|
|||
*/
|
||||
|
||||
if ((r = sshpkt_get_end(ssh)) != 0)
|
||||
fatal("%s: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse packet");
|
||||
|
||||
authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user));
|
||||
|
||||
|
@ -293,16 +294,16 @@ input_gssapi_mic(int type, u_int32_t plen, struct ssh *ssh)
|
|||
gssctxt = authctxt->methoddata;
|
||||
|
||||
if ((r = sshpkt_get_string(ssh, &p, &len)) != 0)
|
||||
fatal("%s: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse packet");
|
||||
if ((b = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
mic.value = p;
|
||||
mic.length = len;
|
||||
ssh_gssapi_buildmic(b, authctxt->user, authctxt->service,
|
||||
"gssapi-with-mic");
|
||||
"gssapi-with-mic", ssh->kex->session_id);
|
||||
|
||||
if ((gssbuf.value = sshbuf_mutable_ptr(b)) == NULL)
|
||||
fatal("%s: sshbuf_mutable_ptr failed", __func__);
|
||||
fatal_f("sshbuf_mutable_ptr failed");
|
||||
gssbuf.length = sshbuf_len(b);
|
||||
|
||||
if (!GSS_ERROR(PRIVSEP(ssh_gssapi_checkmic(gssctxt, &gssbuf, &mic))))
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: auth2-hostbased.c,v 1.38 2018/09/20 03:28:06 djm Exp $ */
|
||||
/* $OpenBSD: auth2-hostbased.c,v 1.47 2021/07/23 03:37:52 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||
*
|
||||
|
@ -27,6 +27,7 @@
|
|||
|
||||
#include <sys/types.h>
|
||||
|
||||
#include <stdlib.h>
|
||||
#include <pwd.h>
|
||||
#include <string.h>
|
||||
#include <stdarg.h>
|
||||
|
@ -34,6 +35,7 @@
|
|||
#include "xmalloc.h"
|
||||
#include "ssh2.h"
|
||||
#include "packet.h"
|
||||
#include "kex.h"
|
||||
#include "sshbuf.h"
|
||||
#include "log.h"
|
||||
#include "misc.h"
|
||||
|
@ -53,8 +55,6 @@
|
|||
|
||||
/* import */
|
||||
extern ServerOptions options;
|
||||
extern u_char *session_id2;
|
||||
extern u_int session_id2_len;
|
||||
|
||||
static int
|
||||
userauth_hostbased(struct ssh *ssh)
|
||||
|
@ -73,9 +73,9 @@ userauth_hostbased(struct ssh *ssh)
|
|||
(r = sshpkt_get_cstring(ssh, &chost, NULL)) != 0 ||
|
||||
(r = sshpkt_get_cstring(ssh, &cuser, NULL)) != 0 ||
|
||||
(r = sshpkt_get_string(ssh, &sig, &slen)) != 0)
|
||||
fatal("%s: packet parsing: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse packet");
|
||||
|
||||
debug("%s: cuser %s chost %s pkalg %s slen %zu", __func__,
|
||||
debug_f("cuser %s chost %s pkalg %s slen %zu",
|
||||
cuser, chost, pkalg, slen);
|
||||
#ifdef DEBUG_PK
|
||||
debug("signature:");
|
||||
|
@ -84,21 +84,21 @@ userauth_hostbased(struct ssh *ssh)
|
|||
pktype = sshkey_type_from_name(pkalg);
|
||||
if (pktype == KEY_UNSPEC) {
|
||||
/* this is perfectly legal */
|
||||
logit("%s: unsupported public key algorithm: %s",
|
||||
__func__, pkalg);
|
||||
logit_f("unsupported public key algorithm: %s",
|
||||
pkalg);
|
||||
goto done;
|
||||
}
|
||||
if ((r = sshkey_from_blob(pkblob, blen, &key)) != 0) {
|
||||
error("%s: key_from_blob: %s", __func__, ssh_err(r));
|
||||
error_fr(r, "key_from_blob");
|
||||
goto done;
|
||||
}
|
||||
if (key == NULL) {
|
||||
error("%s: cannot decode key: %s", __func__, pkalg);
|
||||
error_f("cannot decode key: %s", pkalg);
|
||||
goto done;
|
||||
}
|
||||
if (key->type != pktype) {
|
||||
error("%s: type mismatch for decoded key "
|
||||
"(received %d, expected %d)", __func__, key->type, pktype);
|
||||
error_f("type mismatch for decoded key "
|
||||
"(received %d, expected %d)", key->type, pktype);
|
||||
goto done;
|
||||
}
|
||||
if (sshkey_type_plain(key->type) == KEY_RSA &&
|
||||
|
@ -107,28 +107,28 @@ userauth_hostbased(struct ssh *ssh)
|
|||
"signature format");
|
||||
goto done;
|
||||
}
|
||||
if (match_pattern_list(pkalg, options.hostbased_key_types, 0) != 1) {
|
||||
logit("%s: key type %s not in HostbasedAcceptedKeyTypes",
|
||||
__func__, sshkey_type(key));
|
||||
if (match_pattern_list(pkalg, options.hostbased_accepted_algos, 0) != 1) {
|
||||
logit_f("key type %s not in HostbasedAcceptedAlgorithms",
|
||||
sshkey_type(key));
|
||||
goto done;
|
||||
}
|
||||
if ((r = sshkey_check_cert_sigtype(key,
|
||||
options.ca_sign_algorithms)) != 0) {
|
||||
logit("%s: certificate signature algorithm %s: %s", __func__,
|
||||
logit_fr(r, "certificate signature algorithm %s",
|
||||
(key->cert == NULL || key->cert->signature_type == NULL) ?
|
||||
"(null)" : key->cert->signature_type, ssh_err(r));
|
||||
"(null)" : key->cert->signature_type);
|
||||
goto done;
|
||||
}
|
||||
|
||||
if (!authctxt->valid || authctxt->user == NULL) {
|
||||
debug2("%s: disabled because of invalid user", __func__);
|
||||
debug2_f("disabled because of invalid user");
|
||||
goto done;
|
||||
}
|
||||
|
||||
if ((b = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
/* reconstruct packet */
|
||||
if ((r = sshbuf_put_string(b, session_id2, session_id2_len)) != 0 ||
|
||||
if ((r = sshbuf_put_stringb(b, ssh->kex->session_id)) != 0 ||
|
||||
(r = sshbuf_put_u8(b, SSH2_MSG_USERAUTH_REQUEST)) != 0 ||
|
||||
(r = sshbuf_put_cstring(b, authctxt->user)) != 0 ||
|
||||
(r = sshbuf_put_cstring(b, authctxt->service)) != 0 ||
|
||||
|
@ -137,7 +137,7 @@ userauth_hostbased(struct ssh *ssh)
|
|||
(r = sshbuf_put_string(b, pkblob, blen)) != 0 ||
|
||||
(r = sshbuf_put_cstring(b, chost)) != 0 ||
|
||||
(r = sshbuf_put_cstring(b, cuser)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "reconstruct packet");
|
||||
#ifdef DEBUG_PK
|
||||
sshbuf_dump(b, stderr);
|
||||
#endif
|
||||
|
@ -147,15 +147,16 @@ userauth_hostbased(struct ssh *ssh)
|
|||
|
||||
/* test for allowed key and correct signature */
|
||||
authenticated = 0;
|
||||
if (PRIVSEP(hostbased_key_allowed(authctxt->pw, cuser, chost, key)) &&
|
||||
if (PRIVSEP(hostbased_key_allowed(ssh, authctxt->pw, cuser,
|
||||
chost, key)) &&
|
||||
PRIVSEP(sshkey_verify(key, sig, slen,
|
||||
sshbuf_ptr(b), sshbuf_len(b), pkalg, ssh->compat)) == 0)
|
||||
sshbuf_ptr(b), sshbuf_len(b), pkalg, ssh->compat, NULL)) == 0)
|
||||
authenticated = 1;
|
||||
|
||||
auth2_record_key(authctxt, authenticated, key);
|
||||
sshbuf_free(b);
|
||||
done:
|
||||
debug2("%s: authenticated %d", __func__, authenticated);
|
||||
debug2_f("authenticated %d", authenticated);
|
||||
sshkey_free(key);
|
||||
free(pkalg);
|
||||
free(pkblob);
|
||||
|
@ -167,10 +168,9 @@ userauth_hostbased(struct ssh *ssh)
|
|||
|
||||
/* return 1 if given hostkey is allowed */
|
||||
int
|
||||
hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost,
|
||||
struct sshkey *key)
|
||||
hostbased_key_allowed(struct ssh *ssh, struct passwd *pw,
|
||||
const char *cuser, char *chost, struct sshkey *key)
|
||||
{
|
||||
struct ssh *ssh = active_state; /* XXX */
|
||||
const char *resolvedname, *ipaddr, *lookup, *reason;
|
||||
HostStatus host_status;
|
||||
int len;
|
||||
|
@ -182,7 +182,7 @@ hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost,
|
|||
resolvedname = auth_get_canonical_hostname(ssh, options.use_dns);
|
||||
ipaddr = ssh_remote_ipaddr(ssh);
|
||||
|
||||
debug2("%s: chost %s resolvedname %s ipaddr %s", __func__,
|
||||
debug2_f("chost %s resolvedname %s ipaddr %s",
|
||||
chost, resolvedname, ipaddr);
|
||||
|
||||
if (((len = strlen(chost)) > 0) && chost[len - 1] == '.') {
|
||||
|
@ -192,9 +192,8 @@ hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost,
|
|||
|
||||
if (options.hostbased_uses_name_from_packet_only) {
|
||||
if (auth_rhosts2(pw, cuser, chost, chost) == 0) {
|
||||
debug2("%s: auth_rhosts2 refused "
|
||||
"user \"%.100s\" host \"%.100s\" (from packet)",
|
||||
__func__, cuser, chost);
|
||||
debug2_f("auth_rhosts2 refused user \"%.100s\" "
|
||||
"host \"%.100s\" (from packet)", cuser, chost);
|
||||
return 0;
|
||||
}
|
||||
lookup = chost;
|
||||
|
@ -204,17 +203,17 @@ hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost,
|
|||
"client sends %s, but we resolve %s to %s",
|
||||
chost, ipaddr, resolvedname);
|
||||
if (auth_rhosts2(pw, cuser, resolvedname, ipaddr) == 0) {
|
||||
debug2("%s: auth_rhosts2 refused "
|
||||
debug2_f("auth_rhosts2 refused "
|
||||
"user \"%.100s\" host \"%.100s\" addr \"%.100s\"",
|
||||
__func__, cuser, resolvedname, ipaddr);
|
||||
cuser, resolvedname, ipaddr);
|
||||
return 0;
|
||||
}
|
||||
lookup = resolvedname;
|
||||
}
|
||||
debug2("%s: access allowed by auth_rhosts2", __func__);
|
||||
debug2_f("access allowed by auth_rhosts2");
|
||||
|
||||
if (sshkey_is_cert(key) &&
|
||||
sshkey_cert_check_authority(key, 1, 0, lookup, &reason)) {
|
||||
sshkey_cert_check_authority_now(key, 1, 0, 0, lookup, &reason)) {
|
||||
error("%s", reason);
|
||||
auth_debug_add("%s", reason);
|
||||
return 0;
|
||||
|
@ -236,7 +235,7 @@ hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost,
|
|||
if (sshkey_is_cert(key)) {
|
||||
if ((fp = sshkey_fingerprint(key->cert->signature_key,
|
||||
options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL)
|
||||
fatal("%s: sshkey_fingerprint fail", __func__);
|
||||
fatal_f("sshkey_fingerprint fail");
|
||||
verbose("Accepted certificate ID \"%s\" signed by "
|
||||
"%s CA %s from %s@%s", key->cert->key_id,
|
||||
sshkey_type(key->cert->signature_key), fp,
|
||||
|
@ -244,7 +243,7 @@ hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost,
|
|||
} else {
|
||||
if ((fp = sshkey_fingerprint(key,
|
||||
options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL)
|
||||
fatal("%s: sshkey_fingerprint fail", __func__);
|
||||
fatal_f("sshkey_fingerprint fail");
|
||||
verbose("Accepted %s public key %s from %s@%s",
|
||||
sshkey_type(key), fp, cuser, lookup);
|
||||
}
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: auth2-kbdint.c,v 1.9 2018/07/09 21:35:50 markus Exp $ */
|
||||
/* $OpenBSD: auth2-kbdint.c,v 1.13 2021/07/02 05:11:20 dtucker Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||
*
|
||||
|
@ -27,6 +27,8 @@
|
|||
|
||||
#include <sys/types.h>
|
||||
|
||||
#include <stdlib.h>
|
||||
#include <stdio.h>
|
||||
#include <stdarg.h>
|
||||
|
||||
#include "xmalloc.h"
|
||||
|
@ -50,11 +52,11 @@ userauth_kbdint(struct ssh *ssh)
|
|||
if ((r = sshpkt_get_cstring(ssh, &lang, NULL)) != 0 ||
|
||||
(r = sshpkt_get_cstring(ssh, &devs, NULL)) != 0 ||
|
||||
(r = sshpkt_get_end(ssh)) != 0)
|
||||
fatal("%s: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse packet");
|
||||
|
||||
debug("keyboard-interactive devs %s", devs);
|
||||
|
||||
if (options.challenge_response_authentication)
|
||||
if (options.kbd_interactive_authentication)
|
||||
authenticated = auth2_challenge(ssh, devs);
|
||||
|
||||
free(devs);
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: auth2-none.c,v 1.22 2018/07/09 21:35:50 markus Exp $ */
|
||||
/* $OpenBSD: auth2-none.c,v 1.23 2020/10/18 11:32:01 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||
*
|
||||
|
@ -65,7 +65,7 @@ userauth_none(struct ssh *ssh)
|
|||
|
||||
none_enabled = 0;
|
||||
if ((r = sshpkt_get_end(ssh)) != 0)
|
||||
fatal("%s: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse packet");
|
||||
if (options.permit_empty_passwd && options.password_authentication)
|
||||
return (PRIVSEP(auth_password(ssh, "")));
|
||||
return (0);
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: auth2-passwd.c,v 1.16 2018/07/09 21:35:50 markus Exp $ */
|
||||
/* $OpenBSD: auth2-passwd.c,v 1.19 2020/10/18 11:32:01 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||
*
|
||||
|
@ -27,8 +27,10 @@
|
|||
|
||||
#include <sys/types.h>
|
||||
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <stdarg.h>
|
||||
#include <stdio.h>
|
||||
|
||||
#include "packet.h"
|
||||
#include "ssherr.h"
|
||||
|
@ -58,14 +60,13 @@ userauth_passwd(struct ssh *ssh)
|
|||
(r = sshpkt_get_cstring(ssh, &password, &len)) != 0 ||
|
||||
(change && (r = sshpkt_get_cstring(ssh, NULL, NULL)) != 0) ||
|
||||
(r = sshpkt_get_end(ssh)) != 0)
|
||||
fatal("%s: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse packet");
|
||||
|
||||
if (change)
|
||||
logit("password change not supported");
|
||||
else if (PRIVSEP(auth_password(ssh, password)) == 1)
|
||||
authenticated = 1;
|
||||
explicit_bzero(password, len);
|
||||
free(password);
|
||||
freezero(password, len);
|
||||
return authenticated;
|
||||
}
|
||||
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: auth2-pubkey.c,v 1.86 2018/09/20 03:28:06 djm Exp $ */
|
||||
/* $OpenBSD: auth2-pubkey.c,v 1.109 2021/07/23 03:37:52 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||
*
|
||||
|
@ -28,6 +28,7 @@
|
|||
#include <sys/types.h>
|
||||
#include <sys/stat.h>
|
||||
|
||||
#include <stdlib.h>
|
||||
#include <errno.h>
|
||||
#include <fcntl.h>
|
||||
#ifdef HAVE_PATHS_H
|
||||
|
@ -46,6 +47,7 @@
|
|||
#include "ssh.h"
|
||||
#include "ssh2.h"
|
||||
#include "packet.h"
|
||||
#include "kex.h"
|
||||
#include "sshbuf.h"
|
||||
#include "log.h"
|
||||
#include "misc.h"
|
||||
|
@ -67,11 +69,10 @@
|
|||
#include "ssherr.h"
|
||||
#include "channels.h" /* XXX for session.h */
|
||||
#include "session.h" /* XXX for child_set_env(); refactor? */
|
||||
#include "sk-api.h"
|
||||
|
||||
/* import */
|
||||
extern ServerOptions options;
|
||||
extern u_char *session_id2;
|
||||
extern u_int session_id2_len;
|
||||
|
||||
static char *
|
||||
format_key(const struct sshkey *key)
|
||||
|
@ -95,31 +96,47 @@ userauth_pubkey(struct ssh *ssh)
|
|||
u_char *pkblob = NULL, *sig = NULL, have_sig;
|
||||
size_t blen, slen;
|
||||
int r, pktype;
|
||||
int authenticated = 0;
|
||||
int req_presence = 0, req_verify = 0, authenticated = 0;
|
||||
struct sshauthopt *authopts = NULL;
|
||||
struct sshkey_sig_details *sig_details = NULL;
|
||||
|
||||
if ((r = sshpkt_get_u8(ssh, &have_sig)) != 0 ||
|
||||
(r = sshpkt_get_cstring(ssh, &pkalg, NULL)) != 0 ||
|
||||
(r = sshpkt_get_string(ssh, &pkblob, &blen)) != 0)
|
||||
fatal("%s: parse request failed: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse packet");
|
||||
|
||||
if (log_level_get() >= SYSLOG_LEVEL_DEBUG2) {
|
||||
char *keystring;
|
||||
struct sshbuf *pkbuf;
|
||||
|
||||
if ((pkbuf = sshbuf_from(pkblob, blen)) == NULL)
|
||||
fatal_f("sshbuf_from failed");
|
||||
if ((keystring = sshbuf_dtob64_string(pkbuf, 0)) == NULL)
|
||||
fatal_f("sshbuf_dtob64 failed");
|
||||
debug2_f("%s user %s %s public key %s %s",
|
||||
authctxt->valid ? "valid" : "invalid", authctxt->user,
|
||||
have_sig ? "attempting" : "querying", pkalg, keystring);
|
||||
sshbuf_free(pkbuf);
|
||||
free(keystring);
|
||||
}
|
||||
|
||||
pktype = sshkey_type_from_name(pkalg);
|
||||
if (pktype == KEY_UNSPEC) {
|
||||
/* this is perfectly legal */
|
||||
verbose("%s: unsupported public key algorithm: %s",
|
||||
__func__, pkalg);
|
||||
verbose_f("unsupported public key algorithm: %s", pkalg);
|
||||
goto done;
|
||||
}
|
||||
if ((r = sshkey_from_blob(pkblob, blen, &key)) != 0) {
|
||||
error("%s: could not parse key: %s", __func__, ssh_err(r));
|
||||
error_fr(r, "parse key");
|
||||
goto done;
|
||||
}
|
||||
if (key == NULL) {
|
||||
error("%s: cannot decode key: %s", __func__, pkalg);
|
||||
error_f("cannot decode key: %s", pkalg);
|
||||
goto done;
|
||||
}
|
||||
if (key->type != pktype) {
|
||||
error("%s: type mismatch for decoded key "
|
||||
"(received %d, expected %d)", __func__, key->type, pktype);
|
||||
error_f("type mismatch for decoded key "
|
||||
"(received %d, expected %d)", key->type, pktype);
|
||||
goto done;
|
||||
}
|
||||
if (sshkey_type_plain(key->type) == KEY_RSA &&
|
||||
|
@ -132,16 +149,16 @@ userauth_pubkey(struct ssh *ssh)
|
|||
logit("refusing previously-used %s key", sshkey_type(key));
|
||||
goto done;
|
||||
}
|
||||
if (match_pattern_list(pkalg, options.pubkey_key_types, 0) != 1) {
|
||||
logit("%s: key type %s not in PubkeyAcceptedKeyTypes",
|
||||
__func__, sshkey_ssh_name(key));
|
||||
if (match_pattern_list(pkalg, options.pubkey_accepted_algos, 0) != 1) {
|
||||
logit_f("key type %s not in PubkeyAcceptedAlgorithms",
|
||||
sshkey_ssh_name(key));
|
||||
goto done;
|
||||
}
|
||||
if ((r = sshkey_check_cert_sigtype(key,
|
||||
options.ca_sign_algorithms)) != 0) {
|
||||
logit("%s: certificate signature algorithm %s: %s", __func__,
|
||||
logit_fr(r, "certificate signature algorithm %s",
|
||||
(key->cert == NULL || key->cert->signature_type == NULL) ?
|
||||
"(null)" : key->cert->signature_type, ssh_err(r));
|
||||
"(null)" : key->cert->signature_type);
|
||||
goto done;
|
||||
}
|
||||
key_s = format_key(key);
|
||||
|
@ -149,29 +166,23 @@ userauth_pubkey(struct ssh *ssh)
|
|||
ca_s = format_key(key->cert->signature_key);
|
||||
|
||||
if (have_sig) {
|
||||
debug3("%s: have %s signature for %s%s%s",
|
||||
__func__, pkalg, key_s,
|
||||
ca_s == NULL ? "" : " CA ",
|
||||
ca_s == NULL ? "" : ca_s);
|
||||
debug3_f("have %s signature for %s%s%s", pkalg, key_s,
|
||||
ca_s == NULL ? "" : " CA ", ca_s == NULL ? "" : ca_s);
|
||||
if ((r = sshpkt_get_string(ssh, &sig, &slen)) != 0 ||
|
||||
(r = sshpkt_get_end(ssh)) != 0)
|
||||
fatal("%s: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse signature packet");
|
||||
if ((b = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
if (ssh->compat & SSH_OLD_SESSIONID) {
|
||||
if ((r = sshbuf_put(b, session_id2,
|
||||
session_id2_len)) != 0)
|
||||
fatal("%s: sshbuf_put session id: %s",
|
||||
__func__, ssh_err(r));
|
||||
if ((r = sshbuf_putb(b, ssh->kex->session_id)) != 0)
|
||||
fatal_fr(r, "put old session id");
|
||||
} else {
|
||||
if ((r = sshbuf_put_string(b, session_id2,
|
||||
session_id2_len)) != 0)
|
||||
fatal("%s: sshbuf_put_string session id: %s",
|
||||
__func__, ssh_err(r));
|
||||
if ((r = sshbuf_put_stringb(b,
|
||||
ssh->kex->session_id)) != 0)
|
||||
fatal_fr(r, "put session id");
|
||||
}
|
||||
if (!authctxt->valid || authctxt->user == NULL) {
|
||||
debug2("%s: disabled because of invalid user",
|
||||
__func__);
|
||||
debug2_f("disabled because of invalid user");
|
||||
goto done;
|
||||
}
|
||||
/* reconstruct packet */
|
||||
|
@ -185,8 +196,7 @@ userauth_pubkey(struct ssh *ssh)
|
|||
(r = sshbuf_put_u8(b, have_sig)) != 0 ||
|
||||
(r = sshbuf_put_cstring(b, pkalg)) != 0 ||
|
||||
(r = sshbuf_put_string(b, pkblob, blen)) != 0)
|
||||
fatal("%s: build packet failed: %s",
|
||||
__func__, ssh_err(r));
|
||||
fatal_fr(r, "reconstruct packet");
|
||||
#ifdef DEBUG_PK
|
||||
sshbuf_dump(b, stderr);
|
||||
#endif
|
||||
|
@ -196,22 +206,54 @@ userauth_pubkey(struct ssh *ssh)
|
|||
PRIVSEP(sshkey_verify(key, sig, slen,
|
||||
sshbuf_ptr(b), sshbuf_len(b),
|
||||
(ssh->compat & SSH_BUG_SIGTYPE) == 0 ? pkalg : NULL,
|
||||
ssh->compat)) == 0) {
|
||||
ssh->compat, &sig_details)) == 0) {
|
||||
authenticated = 1;
|
||||
}
|
||||
if (authenticated == 1 && sig_details != NULL) {
|
||||
auth2_record_info(authctxt, "signature count = %u",
|
||||
sig_details->sk_counter);
|
||||
debug_f("sk_counter = %u, sk_flags = 0x%02x",
|
||||
sig_details->sk_counter, sig_details->sk_flags);
|
||||
req_presence = (options.pubkey_auth_options &
|
||||
PUBKEYAUTH_TOUCH_REQUIRED) ||
|
||||
!authopts->no_require_user_presence;
|
||||
if (req_presence && (sig_details->sk_flags &
|
||||
SSH_SK_USER_PRESENCE_REQD) == 0) {
|
||||
error("public key %s signature for %s%s from "
|
||||
"%.128s port %d rejected: user presence "
|
||||
"(authenticator touch) requirement "
|
||||
"not met ", key_s,
|
||||
authctxt->valid ? "" : "invalid user ",
|
||||
authctxt->user, ssh_remote_ipaddr(ssh),
|
||||
ssh_remote_port(ssh));
|
||||
authenticated = 0;
|
||||
goto done;
|
||||
}
|
||||
req_verify = (options.pubkey_auth_options &
|
||||
PUBKEYAUTH_VERIFY_REQUIRED) ||
|
||||
authopts->require_verify;
|
||||
if (req_verify && (sig_details->sk_flags &
|
||||
SSH_SK_USER_VERIFICATION_REQD) == 0) {
|
||||
error("public key %s signature for %s%s from "
|
||||
"%.128s port %d rejected: user "
|
||||
"verification requirement not met ", key_s,
|
||||
authctxt->valid ? "" : "invalid user ",
|
||||
authctxt->user, ssh_remote_ipaddr(ssh),
|
||||
ssh_remote_port(ssh));
|
||||
authenticated = 0;
|
||||
goto done;
|
||||
}
|
||||
}
|
||||
auth2_record_key(authctxt, authenticated, key);
|
||||
} else {
|
||||
debug("%s: test pkalg %s pkblob %s%s%s",
|
||||
__func__, pkalg, key_s,
|
||||
ca_s == NULL ? "" : " CA ",
|
||||
ca_s == NULL ? "" : ca_s);
|
||||
debug_f("test pkalg %s pkblob %s%s%s", pkalg, key_s,
|
||||
ca_s == NULL ? "" : " CA ", ca_s == NULL ? "" : ca_s);
|
||||
|
||||
if ((r = sshpkt_get_end(ssh)) != 0)
|
||||
fatal("%s: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "parse packet");
|
||||
|
||||
if (!authctxt->valid || authctxt->user == NULL) {
|
||||
debug2("%s: disabled because of invalid user",
|
||||
__func__);
|
||||
debug2_f("disabled because of invalid user");
|
||||
goto done;
|
||||
}
|
||||
/* XXX fake reply and always send PK_OK ? */
|
||||
|
@ -229,16 +271,16 @@ userauth_pubkey(struct ssh *ssh)
|
|||
(r = sshpkt_put_string(ssh, pkblob, blen)) != 0 ||
|
||||
(r = sshpkt_send(ssh)) != 0 ||
|
||||
(r = ssh_packet_write_wait(ssh)) != 0)
|
||||
fatal("%s: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "send packet");
|
||||
authctxt->postponed = 1;
|
||||
}
|
||||
}
|
||||
done:
|
||||
if (authenticated == 1 && auth_activate_options(ssh, authopts) != 0) {
|
||||
debug("%s: key options inconsistent with existing", __func__);
|
||||
debug_f("key options inconsistent with existing");
|
||||
authenticated = 0;
|
||||
}
|
||||
debug2("%s: authenticated %d pkalg %s", __func__, authenticated, pkalg);
|
||||
debug2_f("authenticated %d pkalg %s", authenticated, pkalg);
|
||||
|
||||
sshbuf_free(b);
|
||||
sshauthopt_free(authopts);
|
||||
|
@ -249,6 +291,7 @@ userauth_pubkey(struct ssh *ssh)
|
|||
free(key_s);
|
||||
free(ca_s);
|
||||
free(sig);
|
||||
sshkey_sig_details_free(sig_details);
|
||||
return authenticated;
|
||||
}
|
||||
|
||||
|
@ -402,7 +445,7 @@ match_principals_command(struct ssh *ssh, struct passwd *user_pw,
|
|||
pid_t pid;
|
||||
char *tmp, *username = NULL, *command = NULL, **av = NULL;
|
||||
char *ca_fp = NULL, *key_fp = NULL, *catext = NULL, *keytext = NULL;
|
||||
char serial_s[16], uidstr[32];
|
||||
char serial_s[32], uidstr[32];
|
||||
void (*osigchld)(int);
|
||||
|
||||
if (authoptsp != NULL)
|
||||
|
@ -419,7 +462,7 @@ match_principals_command(struct ssh *ssh, struct passwd *user_pw,
|
|||
* NB. all returns later this function should go via "out" to
|
||||
* ensure the original SIGCHLD handler is restored properly.
|
||||
*/
|
||||
osigchld = signal(SIGCHLD, SIG_DFL);
|
||||
osigchld = ssh_signal(SIGCHLD, SIG_DFL);
|
||||
|
||||
/* Prepare and verify the user for the command */
|
||||
username = percent_expand(options.authorized_principals_command_user,
|
||||
|
@ -432,32 +475,33 @@ match_principals_command(struct ssh *ssh, struct passwd *user_pw,
|
|||
}
|
||||
|
||||
/* Turn the command into an argument vector */
|
||||
if (argv_split(options.authorized_principals_command, &ac, &av) != 0) {
|
||||
if (argv_split(options.authorized_principals_command,
|
||||
&ac, &av, 0) != 0) {
|
||||
error("AuthorizedPrincipalsCommand \"%s\" contains "
|
||||
"invalid quotes", command);
|
||||
"invalid quotes", options.authorized_principals_command);
|
||||
goto out;
|
||||
}
|
||||
if (ac == 0) {
|
||||
error("AuthorizedPrincipalsCommand \"%s\" yielded no arguments",
|
||||
command);
|
||||
options.authorized_principals_command);
|
||||
goto out;
|
||||
}
|
||||
if ((ca_fp = sshkey_fingerprint(cert->signature_key,
|
||||
options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) {
|
||||
error("%s: sshkey_fingerprint failed", __func__);
|
||||
error_f("sshkey_fingerprint failed");
|
||||
goto out;
|
||||
}
|
||||
if ((key_fp = sshkey_fingerprint(key,
|
||||
options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) {
|
||||
error("%s: sshkey_fingerprint failed", __func__);
|
||||
error_f("sshkey_fingerprint failed");
|
||||
goto out;
|
||||
}
|
||||
if ((r = sshkey_to_base64(cert->signature_key, &catext)) != 0) {
|
||||
error("%s: sshkey_to_base64 failed: %s", __func__, ssh_err(r));
|
||||
error_fr(r, "sshkey_to_base64 failed");
|
||||
goto out;
|
||||
}
|
||||
if ((r = sshkey_to_base64(key, &keytext)) != 0) {
|
||||
error("%s: sshkey_to_base64 failed: %s", __func__, ssh_err(r));
|
||||
error_fr(r, "sshkey_to_base64 failed");
|
||||
goto out;
|
||||
}
|
||||
snprintf(serial_s, sizeof(serial_s), "%llu",
|
||||
|
@ -479,16 +523,17 @@ match_principals_command(struct ssh *ssh, struct passwd *user_pw,
|
|||
"s", serial_s,
|
||||
(char *)NULL);
|
||||
if (tmp == NULL)
|
||||
fatal("%s: percent_expand failed", __func__);
|
||||
fatal_f("percent_expand failed");
|
||||
free(av[i]);
|
||||
av[i] = tmp;
|
||||
}
|
||||
/* Prepare a printable command for logs, etc. */
|
||||
command = argv_assemble(ac, av);
|
||||
|
||||
if ((pid = subprocess("AuthorizedPrincipalsCommand", runas_pw, command,
|
||||
if ((pid = subprocess("AuthorizedPrincipalsCommand", command,
|
||||
ac, av, &f,
|
||||
SSH_SUBPROCESS_STDOUT_CAPTURE|SSH_SUBPROCESS_STDERR_DISCARD)) == 0)
|
||||
SSH_SUBPROCESS_STDOUT_CAPTURE|SSH_SUBPROCESS_STDERR_DISCARD,
|
||||
runas_pw, temporarily_use_uid, restore_uid)) == 0)
|
||||
goto out;
|
||||
|
||||
uid_swapped = 1;
|
||||
|
@ -507,7 +552,7 @@ match_principals_command(struct ssh *ssh, struct passwd *user_pw,
|
|||
out:
|
||||
if (f != NULL)
|
||||
fclose(f);
|
||||
signal(SIGCHLD, osigchld);
|
||||
ssh_signal(SIGCHLD, osigchld);
|
||||
for (i = 0; i < ac; i++)
|
||||
free(av[i]);
|
||||
free(av);
|
||||
|
@ -522,38 +567,6 @@ match_principals_command(struct ssh *ssh, struct passwd *user_pw,
|
|||
return found_principal;
|
||||
}
|
||||
|
||||
static void
|
||||
skip_space(char **cpp)
|
||||
{
|
||||
char *cp;
|
||||
|
||||
for (cp = *cpp; *cp == ' ' || *cp == '\t'; cp++)
|
||||
;
|
||||
*cpp = cp;
|
||||
}
|
||||
|
||||
/*
|
||||
* Advanced *cpp past the end of key options, defined as the first unquoted
|
||||
* whitespace character. Returns 0 on success or -1 on failure (e.g.
|
||||
* unterminated quotes).
|
||||
*/
|
||||
static int
|
||||
advance_past_options(char **cpp)
|
||||
{
|
||||
char *cp = *cpp;
|
||||
int quoted = 0;
|
||||
|
||||
for (; *cp && (quoted || (*cp != ' ' && *cp != '\t')); cp++) {
|
||||
if (*cp == '\\' && cp[1] == '"')
|
||||
cp++; /* Skip both */
|
||||
else if (*cp == '"')
|
||||
quoted = !quoted;
|
||||
}
|
||||
*cpp = cp;
|
||||
/* return failure for unterminated quotes */
|
||||
return (*cp == '\0' && quoted) ? -1 : 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* Check a single line of an authorized_keys-format file. Returns 0 if key
|
||||
* matches, -1 otherwise. Will return key/cert options via *authoptsp
|
||||
|
@ -574,7 +587,7 @@ check_authkey_line(struct ssh *ssh, struct passwd *pw, struct sshkey *key,
|
|||
*authoptsp = NULL;
|
||||
|
||||
if ((found = sshkey_new(want_keytype)) == NULL) {
|
||||
debug3("%s: keytype %d failed", __func__, want_keytype);
|
||||
debug3_f("keytype %d failed", want_keytype);
|
||||
goto out;
|
||||
}
|
||||
|
||||
|
@ -584,7 +597,7 @@ check_authkey_line(struct ssh *ssh, struct passwd *pw, struct sshkey *key,
|
|||
/* no key? check for options */
|
||||
debug2("%s: check options: '%s'", loc, cp);
|
||||
key_options = cp;
|
||||
if (advance_past_options(&cp) != 0) {
|
||||
if (sshkey_advance_past_options(&cp) != 0) {
|
||||
reason = "invalid key option string";
|
||||
goto fail_reason;
|
||||
}
|
||||
|
@ -616,7 +629,7 @@ check_authkey_line(struct ssh *ssh, struct passwd *pw, struct sshkey *key,
|
|||
/* We have a candidate key, perform authorisation checks */
|
||||
if ((fp = sshkey_fingerprint(found,
|
||||
options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL)
|
||||
fatal("%s: fingerprint failed", __func__);
|
||||
fatal_f("fingerprint failed");
|
||||
|
||||
debug("%s: matching %s found: %s %s", loc,
|
||||
sshkey_is_cert(key) ? "CA" : "key", sshkey_type(found), fp);
|
||||
|
@ -661,8 +674,9 @@ check_authkey_line(struct ssh *ssh, struct passwd *pw, struct sshkey *key,
|
|||
reason = "Certificate does not contain an authorized principal";
|
||||
goto fail_reason;
|
||||
}
|
||||
if (sshkey_cert_check_authority(key, 0, 0,
|
||||
keyopts->cert_principals == NULL ? pw->pw_name : NULL, &reason) != 0)
|
||||
if (sshkey_cert_check_authority_now(key, 0, 0, 0,
|
||||
keyopts->cert_principals == NULL ? pw->pw_name : NULL,
|
||||
&reason) != 0)
|
||||
goto fail_reason;
|
||||
|
||||
verbose("Accepted certificate ID \"%s\" (serial %llu) "
|
||||
|
@ -673,7 +687,7 @@ check_authkey_line(struct ssh *ssh, struct passwd *pw, struct sshkey *key,
|
|||
|
||||
success:
|
||||
if (finalopts == NULL)
|
||||
fatal("%s: internal error: missing options", __func__);
|
||||
fatal_f("internal error: missing options");
|
||||
if (authoptsp != NULL) {
|
||||
*authoptsp = finalopts;
|
||||
finalopts = NULL;
|
||||
|
@ -752,9 +766,9 @@ user_cert_trusted_ca(struct ssh *ssh, struct passwd *pw, struct sshkey *key,
|
|||
|
||||
if ((r = sshkey_in_file(key->cert->signature_key,
|
||||
options.trusted_user_ca_keys, 1, 0)) != 0) {
|
||||
debug2("%s: CA %s %s is not listed in %s: %s", __func__,
|
||||
debug2_fr(r, "CA %s %s is not listed in %s",
|
||||
sshkey_type(key->cert->signature_key), ca_fp,
|
||||
options.trusted_user_ca_keys, ssh_err(r));
|
||||
options.trusted_user_ca_keys);
|
||||
goto out;
|
||||
}
|
||||
/*
|
||||
|
@ -773,14 +787,14 @@ user_cert_trusted_ca(struct ssh *ssh, struct passwd *pw, struct sshkey *key,
|
|||
found_principal = 1;
|
||||
/* If principals file or command is specified, then require a match */
|
||||
use_authorized_principals = principals_file != NULL ||
|
||||
options.authorized_principals_command != NULL;
|
||||
options.authorized_principals_command != NULL;
|
||||
if (!found_principal && use_authorized_principals) {
|
||||
reason = "Certificate does not contain an authorized principal";
|
||||
goto fail_reason;
|
||||
}
|
||||
if (use_authorized_principals && principals_opts == NULL)
|
||||
fatal("%s: internal error: missing principals_opts", __func__);
|
||||
if (sshkey_cert_check_authority(key, 0, 1,
|
||||
fatal_f("internal error: missing principals_opts");
|
||||
if (sshkey_cert_check_authority_now(key, 0, 1, 0,
|
||||
use_authorized_principals ? NULL : pw->pw_name, &reason) != 0)
|
||||
goto fail_reason;
|
||||
|
||||
|
@ -889,7 +903,7 @@ user_key_command_allowed2(struct ssh *ssh, struct passwd *user_pw,
|
|||
* NB. all returns later this function should go via "out" to
|
||||
* ensure the original SIGCHLD handler is restored properly.
|
||||
*/
|
||||
osigchld = signal(SIGCHLD, SIG_DFL);
|
||||
osigchld = ssh_signal(SIGCHLD, SIG_DFL);
|
||||
|
||||
/* Prepare and verify the user for the command */
|
||||
username = percent_expand(options.authorized_keys_command_user,
|
||||
|
@ -904,23 +918,23 @@ user_key_command_allowed2(struct ssh *ssh, struct passwd *user_pw,
|
|||
/* Prepare AuthorizedKeysCommand */
|
||||
if ((key_fp = sshkey_fingerprint(key, options.fingerprint_hash,
|
||||
SSH_FP_DEFAULT)) == NULL) {
|
||||
error("%s: sshkey_fingerprint failed", __func__);
|
||||
error_f("sshkey_fingerprint failed");
|
||||
goto out;
|
||||
}
|
||||
if ((r = sshkey_to_base64(key, &keytext)) != 0) {
|
||||
error("%s: sshkey_to_base64 failed: %s", __func__, ssh_err(r));
|
||||
error_fr(r, "sshkey_to_base64 failed");
|
||||
goto out;
|
||||
}
|
||||
|
||||
/* Turn the command into an argument vector */
|
||||
if (argv_split(options.authorized_keys_command, &ac, &av) != 0) {
|
||||
if (argv_split(options.authorized_keys_command, &ac, &av, 0) != 0) {
|
||||
error("AuthorizedKeysCommand \"%s\" contains invalid quotes",
|
||||
command);
|
||||
options.authorized_keys_command);
|
||||
goto out;
|
||||
}
|
||||
if (ac == 0) {
|
||||
error("AuthorizedKeysCommand \"%s\" yielded no arguments",
|
||||
command);
|
||||
options.authorized_keys_command);
|
||||
goto out;
|
||||
}
|
||||
snprintf(uidstr, sizeof(uidstr), "%llu",
|
||||
|
@ -935,7 +949,7 @@ user_key_command_allowed2(struct ssh *ssh, struct passwd *user_pw,
|
|||
"k", keytext,
|
||||
(char *)NULL);
|
||||
if (tmp == NULL)
|
||||
fatal("%s: percent_expand failed", __func__);
|
||||
fatal_f("percent_expand failed");
|
||||
free(av[i]);
|
||||
av[i] = tmp;
|
||||
}
|
||||
|
@ -956,9 +970,10 @@ user_key_command_allowed2(struct ssh *ssh, struct passwd *user_pw,
|
|||
xasprintf(&command, "%s %s", av[0], av[1]);
|
||||
}
|
||||
|
||||
if ((pid = subprocess("AuthorizedKeysCommand", runas_pw, command,
|
||||
if ((pid = subprocess("AuthorizedKeysCommand", command,
|
||||
ac, av, &f,
|
||||
SSH_SUBPROCESS_STDOUT_CAPTURE|SSH_SUBPROCESS_STDERR_DISCARD)) == 0)
|
||||
SSH_SUBPROCESS_STDOUT_CAPTURE|SSH_SUBPROCESS_STDERR_DISCARD,
|
||||
runas_pw, temporarily_use_uid, restore_uid)) == 0)
|
||||
goto out;
|
||||
|
||||
uid_swapped = 1;
|
||||
|
@ -978,7 +993,7 @@ user_key_command_allowed2(struct ssh *ssh, struct passwd *user_pw,
|
|||
out:
|
||||
if (f != NULL)
|
||||
fclose(f);
|
||||
signal(SIGCHLD, osigchld);
|
||||
ssh_signal(SIGCHLD, osigchld);
|
||||
for (i = 0; i < ac; i++)
|
||||
free(av[i]);
|
||||
free(av);
|
||||
|
@ -998,9 +1013,10 @@ int
|
|||
user_key_allowed(struct ssh *ssh, struct passwd *pw, struct sshkey *key,
|
||||
int auth_attempt, struct sshauthopt **authoptsp)
|
||||
{
|
||||
u_int success, i;
|
||||
u_int success = 0, i;
|
||||
char *file;
|
||||
struct sshauthopt *opts = NULL;
|
||||
|
||||
if (authoptsp != NULL)
|
||||
*authoptsp = NULL;
|
||||
|
||||
|
@ -1010,6 +1026,21 @@ user_key_allowed(struct ssh *ssh, struct passwd *pw, struct sshkey *key,
|
|||
auth_key_is_revoked(key->cert->signature_key))
|
||||
return 0;
|
||||
|
||||
for (i = 0; !success && i < options.num_authkeys_files; i++) {
|
||||
if (strcasecmp(options.authorized_keys_files[i], "none") == 0)
|
||||
continue;
|
||||
file = expand_authorized_keys(
|
||||
options.authorized_keys_files[i], pw);
|
||||
success = user_key_allowed2(ssh, pw, key, file, &opts);
|
||||
free(file);
|
||||
if (!success) {
|
||||
sshauthopt_free(opts);
|
||||
opts = NULL;
|
||||
}
|
||||
}
|
||||
if (success)
|
||||
goto out;
|
||||
|
||||
if ((success = user_cert_trusted_ca(ssh, pw, key, &opts)) != 0)
|
||||
goto out;
|
||||
sshauthopt_free(opts);
|
||||
|
@ -1020,15 +1051,6 @@ user_key_allowed(struct ssh *ssh, struct passwd *pw, struct sshkey *key,
|
|||
sshauthopt_free(opts);
|
||||
opts = NULL;
|
||||
|
||||
for (i = 0; !success && i < options.num_authkeys_files; i++) {
|
||||
if (strcasecmp(options.authorized_keys_files[i], "none") == 0)
|
||||
continue;
|
||||
file = expand_authorized_keys(
|
||||
options.authorized_keys_files[i], pw);
|
||||
success = user_key_allowed2(ssh, pw, key, file, &opts);
|
||||
free(file);
|
||||
}
|
||||
|
||||
out:
|
||||
if (success && authoptsp != NULL) {
|
||||
*authoptsp = opts;
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: auth2.c,v 1.149 2018/07/11 18:53:29 markus Exp $ */
|
||||
/* $OpenBSD: auth2.c,v 1.161 2021/04/03 06:18:40 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||
*
|
||||
|
@ -36,7 +36,9 @@ __RCSID("$FreeBSD$");
|
|||
#include <stdarg.h>
|
||||
#include <string.h>
|
||||
#include <unistd.h>
|
||||
#include <time.h>
|
||||
|
||||
#include "stdlib.h"
|
||||
#include "atomicio.h"
|
||||
#include "xmalloc.h"
|
||||
#include "ssh2.h"
|
||||
|
@ -51,21 +53,16 @@ __RCSID("$FreeBSD$");
|
|||
#include "auth.h"
|
||||
#include "dispatch.h"
|
||||
#include "pathnames.h"
|
||||
#include "sshbuf.h"
|
||||
#include "ssherr.h"
|
||||
#include "blacklist_client.h"
|
||||
|
||||
#ifdef GSSAPI
|
||||
#include "ssh-gss.h"
|
||||
#endif
|
||||
#include "monitor_wrap.h"
|
||||
#include "ssherr.h"
|
||||
#include "digest.h"
|
||||
|
||||
/* import */
|
||||
extern ServerOptions options;
|
||||
extern u_char *session_id2;
|
||||
extern u_int session_id2_len;
|
||||
extern struct sshbuf *loginmsg;
|
||||
|
||||
/* methods */
|
||||
|
@ -139,18 +136,21 @@ auth2_read_banner(void)
|
|||
return (banner);
|
||||
}
|
||||
|
||||
void
|
||||
userauth_send_banner(const char *msg)
|
||||
static void
|
||||
userauth_send_banner(struct ssh *ssh, const char *msg)
|
||||
{
|
||||
packet_start(SSH2_MSG_USERAUTH_BANNER);
|
||||
packet_put_cstring(msg);
|
||||
packet_put_cstring(""); /* language, unused */
|
||||
packet_send();
|
||||
int r;
|
||||
|
||||
if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_BANNER)) != 0 ||
|
||||
(r = sshpkt_put_cstring(ssh, msg)) != 0 ||
|
||||
(r = sshpkt_put_cstring(ssh, "")) != 0 || /* language, unused */
|
||||
(r = sshpkt_send(ssh)) != 0)
|
||||
fatal_fr(r, "send packet");
|
||||
debug("%s: sent", __func__);
|
||||
}
|
||||
|
||||
static void
|
||||
userauth_banner(void)
|
||||
userauth_banner(struct ssh *ssh)
|
||||
{
|
||||
char *banner = NULL;
|
||||
|
||||
|
@ -159,7 +159,7 @@ userauth_banner(void)
|
|||
|
||||
if ((banner = PRIVSEP(auth2_read_banner())) == NULL)
|
||||
goto done;
|
||||
userauth_send_banner(banner);
|
||||
userauth_send_banner(ssh, banner);
|
||||
|
||||
done:
|
||||
free(banner);
|
||||
|
@ -169,10 +169,10 @@ userauth_banner(void)
|
|||
* loop until authctxt->success == TRUE
|
||||
*/
|
||||
void
|
||||
do_authentication2(Authctxt *authctxt)
|
||||
do_authentication2(struct ssh *ssh)
|
||||
{
|
||||
struct ssh *ssh = active_state; /* XXX */
|
||||
ssh->authctxt = authctxt; /* XXX move to caller */
|
||||
Authctxt *authctxt = ssh->authctxt;
|
||||
|
||||
ssh_dispatch_init(ssh, &dispatch_protocol_error);
|
||||
ssh_dispatch_set(ssh, SSH2_MSG_SERVICE_REQUEST, &input_service_request);
|
||||
ssh_dispatch_run_fatal(ssh, DISPATCH_BLOCK, &authctxt->success);
|
||||
|
@ -184,10 +184,12 @@ static int
|
|||
input_service_request(int type, u_int32_t seq, struct ssh *ssh)
|
||||
{
|
||||
Authctxt *authctxt = ssh->authctxt;
|
||||
u_int len;
|
||||
int acceptit = 0;
|
||||
char *service = packet_get_cstring(&len);
|
||||
packet_check_eom();
|
||||
char *service = NULL;
|
||||
int r, acceptit = 0;
|
||||
|
||||
if ((r = sshpkt_get_cstring(ssh, &service, NULL)) != 0 ||
|
||||
(r = sshpkt_get_end(ssh)) != 0)
|
||||
goto out;
|
||||
|
||||
if (authctxt == NULL)
|
||||
fatal("input_service_request: no authctxt");
|
||||
|
@ -196,22 +198,26 @@ input_service_request(int type, u_int32_t seq, struct ssh *ssh)
|
|||
if (!authctxt->success) {
|
||||
acceptit = 1;
|
||||
/* now we can handle user-auth requests */
|
||||
ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_REQUEST, &input_userauth_request);
|
||||
ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_REQUEST,
|
||||
&input_userauth_request);
|
||||
}
|
||||
}
|
||||
/* XXX all other service requests are denied */
|
||||
|
||||
if (acceptit) {
|
||||
packet_start(SSH2_MSG_SERVICE_ACCEPT);
|
||||
packet_put_cstring(service);
|
||||
packet_send();
|
||||
packet_write_wait();
|
||||
if ((r = sshpkt_start(ssh, SSH2_MSG_SERVICE_ACCEPT)) != 0 ||
|
||||
(r = sshpkt_put_cstring(ssh, service)) != 0 ||
|
||||
(r = sshpkt_send(ssh)) != 0 ||
|
||||
(r = ssh_packet_write_wait(ssh)) != 0)
|
||||
goto out;
|
||||
} else {
|
||||
debug("bad service request %s", service);
|
||||
packet_disconnect("bad service request %s", service);
|
||||
ssh_packet_disconnect(ssh, "bad service request %s", service);
|
||||
}
|
||||
r = 0;
|
||||
out:
|
||||
free(service);
|
||||
return 0;
|
||||
return r;
|
||||
}
|
||||
|
||||
#define MIN_FAIL_DELAY_SECONDS 0.005
|
||||
|
@ -224,13 +230,13 @@ user_specific_delay(const char *user)
|
|||
double delay;
|
||||
|
||||
(void)snprintf(b, sizeof b, "%llu%s",
|
||||
(unsigned long long)options.timing_secret, user);
|
||||
(unsigned long long)options.timing_secret, user);
|
||||
if (ssh_digest_memory(SSH_DIGEST_SHA512, b, strlen(b), hash, len) != 0)
|
||||
fatal("%s: ssh_digest_memory", __func__);
|
||||
fatal_f("ssh_digest_memory");
|
||||
/* 0-4.2 ms of delay */
|
||||
delay = (double)PEEK_U32(hash) / 1000 / 1000 / 1000 / 1000;
|
||||
freezero(hash, len);
|
||||
debug3("%s: user specific delay %0.3lfms", __func__, delay/1000);
|
||||
debug3_f("user specific delay %0.3lfms", delay/1000);
|
||||
return MIN_FAIL_DELAY_SECONDS + delay;
|
||||
}
|
||||
|
||||
|
@ -246,8 +252,8 @@ ensure_minimum_time_since(double start, double seconds)
|
|||
|
||||
ts.tv_sec = remain;
|
||||
ts.tv_nsec = (remain - ts.tv_sec) * 1000000000;
|
||||
debug3("%s: elapsed %0.3lfms, delaying %0.3lfms (requested %0.3lfms)",
|
||||
__func__, elapsed*1000, remain*1000, req*1000);
|
||||
debug3_f("elapsed %0.3lfms, delaying %0.3lfms (requested %0.3lfms)",
|
||||
elapsed*1000, remain*1000, req*1000);
|
||||
nanosleep(&ts, NULL);
|
||||
}
|
||||
|
||||
|
@ -257,16 +263,17 @@ input_userauth_request(int type, u_int32_t seq, struct ssh *ssh)
|
|||
{
|
||||
Authctxt *authctxt = ssh->authctxt;
|
||||
Authmethod *m = NULL;
|
||||
char *user, *service, *method, *style = NULL;
|
||||
int authenticated = 0;
|
||||
char *user = NULL, *service = NULL, *method = NULL, *style = NULL;
|
||||
int r, authenticated = 0;
|
||||
double tstart = monotime_double();
|
||||
|
||||
if (authctxt == NULL)
|
||||
fatal("input_userauth_request: no authctxt");
|
||||
|
||||
user = packet_get_cstring(NULL);
|
||||
service = packet_get_cstring(NULL);
|
||||
method = packet_get_cstring(NULL);
|
||||
if ((r = sshpkt_get_cstring(ssh, &user, NULL)) != 0 ||
|
||||
(r = sshpkt_get_cstring(ssh, &service, NULL)) != 0 ||
|
||||
(r = sshpkt_get_cstring(ssh, &method, NULL)) != 0)
|
||||
goto out;
|
||||
debug("userauth-request for user %s service %s method %s", user, service, method);
|
||||
debug("attempt %d failures %d", authctxt->attempt, authctxt->failures);
|
||||
|
||||
|
@ -275,22 +282,21 @@ input_userauth_request(int type, u_int32_t seq, struct ssh *ssh)
|
|||
|
||||
if (authctxt->attempt++ == 0) {
|
||||
/* setup auth context */
|
||||
authctxt->pw = PRIVSEP(getpwnamallow(user));
|
||||
authctxt->pw = PRIVSEP(getpwnamallow(ssh, user));
|
||||
authctxt->user = xstrdup(user);
|
||||
if (authctxt->pw && strcmp(service, "ssh-connection")==0) {
|
||||
authctxt->valid = 1;
|
||||
debug2("%s: setting up authctxt for %s",
|
||||
__func__, user);
|
||||
debug2_f("setting up authctxt for %s", user);
|
||||
} else {
|
||||
/* Invalid user, fake password information */
|
||||
authctxt->pw = fakepw();
|
||||
#ifdef SSH_AUDIT_EVENTS
|
||||
PRIVSEP(audit_event(SSH_INVALID_USER));
|
||||
PRIVSEP(audit_event(ssh, SSH_INVALID_USER));
|
||||
#endif
|
||||
}
|
||||
#ifdef USE_PAM
|
||||
if (options.use_pam)
|
||||
PRIVSEP(start_pam(authctxt));
|
||||
PRIVSEP(start_pam(ssh));
|
||||
#endif
|
||||
ssh_packet_set_log_preamble(ssh, "%suser %s",
|
||||
authctxt->valid ? "authenticating " : "invalid ", user);
|
||||
|
@ -300,13 +306,14 @@ input_userauth_request(int type, u_int32_t seq, struct ssh *ssh)
|
|||
authctxt->style = style ? xstrdup(style) : NULL;
|
||||
if (use_privsep)
|
||||
mm_inform_authserv(service, style);
|
||||
userauth_banner();
|
||||
userauth_banner(ssh);
|
||||
if (auth2_setup_methods_lists(authctxt) != 0)
|
||||
packet_disconnect("no authentication methods enabled");
|
||||
ssh_packet_disconnect(ssh,
|
||||
"no authentication methods enabled");
|
||||
} else if (strcmp(user, authctxt->user) != 0 ||
|
||||
strcmp(service, authctxt->service) != 0) {
|
||||
packet_disconnect("Change of username or service not allowed: "
|
||||
"(%s,%s) -> (%s,%s)",
|
||||
ssh_packet_disconnect(ssh, "Change of username or service "
|
||||
"not allowed: (%s,%s) -> (%s,%s)",
|
||||
authctxt->user, authctxt->service, user, service);
|
||||
}
|
||||
/* reset state */
|
||||
|
@ -332,11 +339,12 @@ input_userauth_request(int type, u_int32_t seq, struct ssh *ssh)
|
|||
ensure_minimum_time_since(tstart,
|
||||
user_specific_delay(authctxt->user));
|
||||
userauth_finish(ssh, authenticated, method, NULL);
|
||||
|
||||
r = 0;
|
||||
out:
|
||||
free(service);
|
||||
free(user);
|
||||
free(method);
|
||||
return 0;
|
||||
return r;
|
||||
}
|
||||
|
||||
void
|
||||
|
@ -345,7 +353,7 @@ userauth_finish(struct ssh *ssh, int authenticated, const char *method,
|
|||
{
|
||||
Authctxt *authctxt = ssh->authctxt;
|
||||
char *methods;
|
||||
int partial = 0;
|
||||
int r, partial = 0;
|
||||
|
||||
if (!authctxt->valid && authenticated)
|
||||
fatal("INTERNAL ERROR: authenticated invalid user %s",
|
||||
|
@ -358,7 +366,7 @@ userauth_finish(struct ssh *ssh, int authenticated, const char *method,
|
|||
!auth_root_allowed(ssh, method)) {
|
||||
authenticated = 0;
|
||||
#ifdef SSH_AUDIT_EVENTS
|
||||
PRIVSEP(audit_event(SSH_LOGIN_ROOT_DENIED));
|
||||
PRIVSEP(audit_event(ssh, SSH_LOGIN_ROOT_DENIED));
|
||||
#endif
|
||||
}
|
||||
|
||||
|
@ -370,7 +378,7 @@ userauth_finish(struct ssh *ssh, int authenticated, const char *method,
|
|||
}
|
||||
|
||||
/* Log before sending the reply */
|
||||
auth_log(authctxt, authenticated, partial, method, submethod);
|
||||
auth_log(ssh, authenticated, partial, method, submethod);
|
||||
|
||||
/* Update information exposed to session */
|
||||
if (authenticated || partial)
|
||||
|
@ -381,17 +389,20 @@ userauth_finish(struct ssh *ssh, int authenticated, const char *method,
|
|||
|
||||
#ifdef USE_PAM
|
||||
if (options.use_pam && authenticated) {
|
||||
int r;
|
||||
int r, success = PRIVSEP(do_pam_account());
|
||||
|
||||
if (!PRIVSEP(do_pam_account())) {
|
||||
/* if PAM returned a message, send it to the user */
|
||||
if (sshbuf_len(loginmsg) > 0) {
|
||||
if ((r = sshbuf_put(loginmsg, "\0", 1)) != 0)
|
||||
fatal("%s: buffer error: %s",
|
||||
__func__, ssh_err(r));
|
||||
userauth_send_banner(sshbuf_ptr(loginmsg));
|
||||
packet_write_wait();
|
||||
/* If PAM returned a message, send it to the user. */
|
||||
if (sshbuf_len(loginmsg) > 0) {
|
||||
if ((r = sshbuf_put(loginmsg, "\0", 1)) != 0)
|
||||
fatal("%s: buffer error: %s",
|
||||
__func__, ssh_err(r));
|
||||
userauth_send_banner(ssh, sshbuf_ptr(loginmsg));
|
||||
if ((r = ssh_packet_write_wait(ssh)) != 0) {
|
||||
sshpkt_fatal(ssh, r,
|
||||
"%s: send PAM banner", __func__);
|
||||
}
|
||||
}
|
||||
if (!success) {
|
||||
fatal("Access denied for user %s by PAM account "
|
||||
"configuration", authctxt->user);
|
||||
}
|
||||
|
@ -400,10 +411,12 @@ userauth_finish(struct ssh *ssh, int authenticated, const char *method,
|
|||
|
||||
if (authenticated == 1) {
|
||||
/* turn off userauth */
|
||||
ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_REQUEST, &dispatch_protocol_ignore);
|
||||
packet_start(SSH2_MSG_USERAUTH_SUCCESS);
|
||||
packet_send();
|
||||
packet_write_wait();
|
||||
ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_REQUEST,
|
||||
&dispatch_protocol_ignore);
|
||||
if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_SUCCESS)) != 0 ||
|
||||
(r = sshpkt_send(ssh)) != 0 ||
|
||||
(r = ssh_packet_write_wait(ssh)) != 0)
|
||||
fatal_fr(r, "send success packet");
|
||||
/* now we can break out */
|
||||
authctxt->success = 1;
|
||||
ssh_packet_set_log_preamble(ssh, "user %s", authctxt->user);
|
||||
|
@ -416,18 +429,19 @@ userauth_finish(struct ssh *ssh, int authenticated, const char *method,
|
|||
}
|
||||
if (authctxt->failures >= options.max_authtries) {
|
||||
#ifdef SSH_AUDIT_EVENTS
|
||||
PRIVSEP(audit_event(SSH_LOGIN_EXCEED_MAXTRIES));
|
||||
PRIVSEP(audit_event(ssh, SSH_LOGIN_EXCEED_MAXTRIES));
|
||||
#endif
|
||||
auth_maxtries_exceeded(authctxt);
|
||||
auth_maxtries_exceeded(ssh);
|
||||
}
|
||||
methods = authmethods_get(authctxt);
|
||||
debug3("%s: failure partial=%d next methods=\"%s\"", __func__,
|
||||
debug3_f("failure partial=%d next methods=\"%s\"",
|
||||
partial, methods);
|
||||
packet_start(SSH2_MSG_USERAUTH_FAILURE);
|
||||
packet_put_cstring(methods);
|
||||
packet_put_char(partial);
|
||||
packet_send();
|
||||
packet_write_wait();
|
||||
if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_FAILURE)) != 0 ||
|
||||
(r = sshpkt_put_cstring(ssh, methods)) != 0 ||
|
||||
(r = sshpkt_put_u8(ssh, partial)) != 0 ||
|
||||
(r = sshpkt_send(ssh)) != 0 ||
|
||||
(r = ssh_packet_write_wait(ssh)) != 0)
|
||||
fatal_fr(r, "send failure packet");
|
||||
free(methods);
|
||||
}
|
||||
}
|
||||
|
@ -465,7 +479,7 @@ authmethods_get(Authctxt *authctxt)
|
|||
int i, r;
|
||||
|
||||
if ((b = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
fatal_f("sshbuf_new failed");
|
||||
for (i = 0; authmethods[i] != NULL; i++) {
|
||||
if (strcmp(authmethods[i]->name, "none") == 0)
|
||||
continue;
|
||||
|
@ -477,10 +491,10 @@ authmethods_get(Authctxt *authctxt)
|
|||
continue;
|
||||
if ((r = sshbuf_putf(b, "%s%s", sshbuf_len(b) ? "," : "",
|
||||
authmethods[i]->name)) != 0)
|
||||
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "buffer error");
|
||||
}
|
||||
if ((list = sshbuf_dup_string(b)) == NULL)
|
||||
fatal("%s: sshbuf_dup_string failed", __func__);
|
||||
fatal_f("sshbuf_dup_string failed");
|
||||
sshbuf_free(b);
|
||||
return list;
|
||||
}
|
||||
|
@ -562,9 +576,17 @@ auth2_setup_methods_lists(Authctxt *authctxt)
|
|||
{
|
||||
u_int i;
|
||||
|
||||
/* First, normalise away the "any" pseudo-method */
|
||||
if (options.num_auth_methods == 1 &&
|
||||
strcmp(options.auth_methods[0], "any") == 0) {
|
||||
free(options.auth_methods[0]);
|
||||
options.auth_methods[0] = NULL;
|
||||
options.num_auth_methods = 0;
|
||||
}
|
||||
|
||||
if (options.num_auth_methods == 0)
|
||||
return 0;
|
||||
debug3("%s: checking methods", __func__);
|
||||
debug3_f("checking methods");
|
||||
authctxt->auth_methods = xcalloc(options.num_auth_methods,
|
||||
sizeof(*authctxt->auth_methods));
|
||||
authctxt->num_auth_methods = 0;
|
||||
|
@ -652,7 +674,7 @@ auth2_update_methods_lists(Authctxt *authctxt, const char *method,
|
|||
{
|
||||
u_int i, found = 0;
|
||||
|
||||
debug3("%s: updating methods list after \"%s\"", __func__, method);
|
||||
debug3_f("updating methods list after \"%s\"", method);
|
||||
for (i = 0; i < authctxt->num_auth_methods; i++) {
|
||||
if (!remove_method(&(authctxt->auth_methods[i]), method,
|
||||
submethod))
|
||||
|
@ -667,7 +689,7 @@ auth2_update_methods_lists(Authctxt *authctxt, const char *method,
|
|||
}
|
||||
/* This should not happen, but would be bad if it did */
|
||||
if (!found)
|
||||
fatal("%s: method not in AuthenticationMethods", __func__);
|
||||
fatal_f("method not in AuthenticationMethods");
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
@ -685,7 +707,7 @@ void
|
|||
auth2_record_info(Authctxt *authctxt, const char *fmt, ...)
|
||||
{
|
||||
va_list ap;
|
||||
int i;
|
||||
int i;
|
||||
|
||||
free(authctxt->auth_method_info);
|
||||
authctxt->auth_method_info = NULL;
|
||||
|
@ -694,8 +716,8 @@ auth2_record_info(Authctxt *authctxt, const char *fmt, ...)
|
|||
i = vasprintf(&authctxt->auth_method_info, fmt, ap);
|
||||
va_end(ap);
|
||||
|
||||
if (i < 0 || authctxt->auth_method_info == NULL)
|
||||
fatal("%s: vasprintf failed", __func__);
|
||||
if (i == -1)
|
||||
fatal_f("vasprintf failed");
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -711,7 +733,7 @@ auth2_record_key(Authctxt *authctxt, int authenticated,
|
|||
int r;
|
||||
|
||||
if ((r = sshkey_from_private(key, &dup)) != 0)
|
||||
fatal("%s: copy key: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "copy key");
|
||||
sshkey_free(authctxt->auth_method_key);
|
||||
authctxt->auth_method_key = dup;
|
||||
|
||||
|
@ -720,11 +742,11 @@ auth2_record_key(Authctxt *authctxt, int authenticated,
|
|||
|
||||
/* If authenticated, make sure we don't accept this key again */
|
||||
if ((r = sshkey_from_private(key, &dup)) != 0)
|
||||
fatal("%s: copy key: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "copy key");
|
||||
if (authctxt->nprev_keys >= INT_MAX ||
|
||||
(tmp = recallocarray(authctxt->prev_keys, authctxt->nprev_keys,
|
||||
authctxt->nprev_keys + 1, sizeof(*authctxt->prev_keys))) == NULL)
|
||||
fatal("%s: reallocarray failed", __func__);
|
||||
fatal_f("reallocarray failed");
|
||||
authctxt->prev_keys = tmp;
|
||||
authctxt->prev_keys[authctxt->nprev_keys] = dup;
|
||||
authctxt->nprev_keys++;
|
||||
|
@ -742,7 +764,7 @@ auth2_key_already_used(Authctxt *authctxt, const struct sshkey *key)
|
|||
if (sshkey_equal_public(key, authctxt->prev_keys[i])) {
|
||||
fp = sshkey_fingerprint(authctxt->prev_keys[i],
|
||||
options.fingerprint_hash, SSH_FP_DEFAULT);
|
||||
debug3("%s: key already used: %s %s", __func__,
|
||||
debug3_f("key already used: %s %s",
|
||||
sshkey_type(authctxt->prev_keys[i]),
|
||||
fp == NULL ? "UNKNOWN" : fp);
|
||||
free(fp);
|
||||
|
@ -764,35 +786,34 @@ auth2_update_session_info(Authctxt *authctxt, const char *method,
|
|||
|
||||
if (authctxt->session_info == NULL) {
|
||||
if ((authctxt->session_info = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new", __func__);
|
||||
fatal_f("sshbuf_new");
|
||||
}
|
||||
|
||||
/* Append method[/submethod] */
|
||||
if ((r = sshbuf_putf(authctxt->session_info, "%s%s%s",
|
||||
method, submethod == NULL ? "" : "/",
|
||||
submethod == NULL ? "" : submethod)) != 0)
|
||||
fatal("%s: append method: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "append method");
|
||||
|
||||
/* Append key if present */
|
||||
if (authctxt->auth_method_key != NULL) {
|
||||
if ((r = sshbuf_put_u8(authctxt->session_info, ' ')) != 0 ||
|
||||
(r = sshkey_format_text(authctxt->auth_method_key,
|
||||
authctxt->session_info)) != 0)
|
||||
fatal("%s: append key: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "append key");
|
||||
}
|
||||
|
||||
if (authctxt->auth_method_info != NULL) {
|
||||
/* Ensure no ambiguity here */
|
||||
if (strchr(authctxt->auth_method_info, '\n') != NULL)
|
||||
fatal("%s: auth_method_info contains \\n", __func__);
|
||||
fatal_f("auth_method_info contains \\n");
|
||||
if ((r = sshbuf_put_u8(authctxt->session_info, ' ')) != 0 ||
|
||||
(r = sshbuf_putf(authctxt->session_info, "%s",
|
||||
authctxt->auth_method_info)) != 0) {
|
||||
fatal("%s: append method info: %s",
|
||||
__func__, ssh_err(r));
|
||||
fatal_fr(r, "append method info");
|
||||
}
|
||||
}
|
||||
if ((r = sshbuf_put_u8(authctxt->session_info, '\n')) != 0)
|
||||
fatal("%s: append: %s", __func__, ssh_err(r));
|
||||
fatal_fr(r, "append");
|
||||
}
|
||||
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: authfd.c,v 1.111 2018/07/09 21:59:10 markus Exp $ */
|
||||
/* $OpenBSD: authfd.c,v 1.127 2021/01/26 00:46:17 djm Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
|
@ -44,8 +44,8 @@
|
|||
#include <fcntl.h>
|
||||
#include <stdlib.h>
|
||||
#include <signal.h>
|
||||
#include <stdarg.h>
|
||||
#include <string.h>
|
||||
#include <stdarg.h>
|
||||
#include <unistd.h>
|
||||
#include <errno.h>
|
||||
|
||||
|
@ -62,7 +62,7 @@
|
|||
#include "ssherr.h"
|
||||
|
||||
#define MAX_AGENT_IDENTITIES 2048 /* Max keys in agent reply */
|
||||
#define MAX_AGENT_REPLY_LEN (256 * 1024) /* Max bytes in agent reply */
|
||||
#define MAX_AGENT_REPLY_LEN (256 * 1024) /* Max bytes in agent reply */
|
||||
|
||||
/* macro to check for "agent failure" message */
|
||||
#define agent_failed(x) \
|
||||
|
@ -82,31 +82,26 @@ decode_reply(u_char type)
|
|||
return SSH_ERR_INVALID_FORMAT;
|
||||
}
|
||||
|
||||
/* Returns the number of the authentication fd, or -1 if there is none. */
|
||||
/*
|
||||
* Opens an authentication socket at the provided path and stores the file
|
||||
* descriptor in fdp. Returns 0 on success and an error on failure.
|
||||
*/
|
||||
int
|
||||
ssh_get_authentication_socket(int *fdp)
|
||||
ssh_get_authentication_socket_path(const char *authsocket, int *fdp)
|
||||
{
|
||||
const char *authsocket;
|
||||
int sock, oerrno;
|
||||
struct sockaddr_un sunaddr;
|
||||
|
||||
if (fdp != NULL)
|
||||
*fdp = -1;
|
||||
|
||||
authsocket = getenv(SSH_AUTHSOCKET_ENV_NAME);
|
||||
if (!authsocket)
|
||||
return SSH_ERR_AGENT_NOT_PRESENT;
|
||||
|
||||
memset(&sunaddr, 0, sizeof(sunaddr));
|
||||
sunaddr.sun_family = AF_UNIX;
|
||||
strlcpy(sunaddr.sun_path, authsocket, sizeof(sunaddr.sun_path));
|
||||
|
||||
if ((sock = socket(AF_UNIX, SOCK_STREAM, 0)) < 0)
|
||||
if ((sock = socket(AF_UNIX, SOCK_STREAM, 0)) == -1)
|
||||
return SSH_ERR_SYSTEM_ERROR;
|
||||
|
||||
/* close on exec */
|
||||
if (fcntl(sock, F_SETFD, FD_CLOEXEC) == -1 ||
|
||||
connect(sock, (struct sockaddr *)&sunaddr, sizeof(sunaddr)) < 0) {
|
||||
connect(sock, (struct sockaddr *)&sunaddr, sizeof(sunaddr)) == -1) {
|
||||
oerrno = errno;
|
||||
close(sock);
|
||||
errno = oerrno;
|
||||
|
@ -119,6 +114,25 @@ ssh_get_authentication_socket(int *fdp)
|
|||
return 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* Opens the default authentication socket and stores the file descriptor in
|
||||
* fdp. Returns 0 on success and an error on failure.
|
||||
*/
|
||||
int
|
||||
ssh_get_authentication_socket(int *fdp)
|
||||
{
|
||||
const char *authsocket;
|
||||
|
||||
if (fdp != NULL)
|
||||
*fdp = -1;
|
||||
|
||||
authsocket = getenv(SSH_AUTHSOCKET_ENV_NAME);
|
||||
if (authsocket == NULL || *authsocket == '\0')
|
||||
return SSH_ERR_AGENT_NOT_PRESENT;
|
||||
|
||||
return ssh_get_authentication_socket_path(authsocket, fdp);
|
||||
}
|
||||
|
||||
/* Communicate with agent: send request and read reply */
|
||||
static int
|
||||
ssh_request_reply(int sock, struct sshbuf *request, struct sshbuf *reply)
|
||||
|
@ -163,6 +177,27 @@ ssh_request_reply(int sock, struct sshbuf *request, struct sshbuf *reply)
|
|||
return 0;
|
||||
}
|
||||
|
||||
/* Communicate with agent: sent request, read and decode status reply */
|
||||
static int
|
||||
ssh_request_reply_decode(int sock, struct sshbuf *request)
|
||||
{
|
||||
struct sshbuf *reply;
|
||||
int r;
|
||||
u_char type;
|
||||
|
||||
if ((reply = sshbuf_new()) == NULL)
|
||||
return SSH_ERR_ALLOC_FAIL;
|
||||
if ((r = ssh_request_reply(sock, request, reply)) != 0 ||
|
||||
(r = sshbuf_get_u8(reply, &type)) != 0 ||
|
||||
(r = decode_reply(type)) != 0)
|
||||
goto out;
|
||||
/* success */
|
||||
r = 0;
|
||||
out:
|
||||
sshbuf_free(reply);
|
||||
return r;
|
||||
}
|
||||
|
||||
/*
|
||||
* Closes the agent socket if it should be closed (depends on how it was
|
||||
* obtained). The argument must have been returned by
|
||||
|
@ -186,13 +221,11 @@ ssh_lock_agent(int sock, int lock, const char *password)
|
|||
if ((msg = sshbuf_new()) == NULL)
|
||||
return SSH_ERR_ALLOC_FAIL;
|
||||
if ((r = sshbuf_put_u8(msg, type)) != 0 ||
|
||||
(r = sshbuf_put_cstring(msg, password)) != 0)
|
||||
(r = sshbuf_put_cstring(msg, password)) != 0 ||
|
||||
(r = ssh_request_reply_decode(sock, msg)) != 0)
|
||||
goto out;
|
||||
if ((r = ssh_request_reply(sock, msg, msg)) != 0)
|
||||
goto out;
|
||||
if ((r = sshbuf_get_u8(msg, &type)) != 0)
|
||||
goto out;
|
||||
r = decode_reply(type);
|
||||
/* success */
|
||||
r = 0;
|
||||
out:
|
||||
sshbuf_free(msg);
|
||||
return r;
|
||||
|
@ -312,9 +345,37 @@ ssh_free_identitylist(struct ssh_identitylist *idl)
|
|||
if (idl->comments != NULL)
|
||||
free(idl->comments[i]);
|
||||
}
|
||||
free(idl->keys);
|
||||
free(idl->comments);
|
||||
free(idl);
|
||||
}
|
||||
|
||||
/*
|
||||
* Check if the ssh agent has a given key.
|
||||
* Returns 0 if found, or a negative SSH_ERR_* error code on failure.
|
||||
*/
|
||||
int
|
||||
ssh_agent_has_key(int sock, const struct sshkey *key)
|
||||
{
|
||||
int r, ret = SSH_ERR_KEY_NOT_FOUND;
|
||||
size_t i;
|
||||
struct ssh_identitylist *idlist = NULL;
|
||||
|
||||
if ((r = ssh_fetch_identitylist(sock, &idlist)) != 0) {
|
||||
return r;
|
||||
}
|
||||
|
||||
for (i = 0; i < idlist->nkeys; i++) {
|
||||
if (sshkey_equal_public(idlist->keys[i], key)) {
|
||||
ret = 0;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
ssh_free_identitylist(idlist);
|
||||
return ret;
|
||||
}
|
||||
|
||||
/*
|
||||
* Sends a challenge (typically from a server via ssh(1)) to the agent,
|
||||
* and waits for a response from the agent.
|
||||
|
@ -327,10 +388,12 @@ ssh_free_identitylist(struct ssh_identitylist *idl)
|
|||
static u_int
|
||||
agent_encode_alg(const struct sshkey *key, const char *alg)
|
||||
{
|
||||
if (alg != NULL && key->type == KEY_RSA) {
|
||||
if (strcmp(alg, "rsa-sha2-256") == 0)
|
||||
if (alg != NULL && sshkey_type_plain(key->type) == KEY_RSA) {
|
||||
if (strcmp(alg, "rsa-sha2-256") == 0 ||
|
||||
strcmp(alg, "rsa-sha2-256-cert-v01@openssh.com") == 0)
|
||||
return SSH_AGENT_RSA_SHA2_256;
|
||||
else if (strcmp(alg, "rsa-sha2-512") == 0)
|
||||
if (strcmp(alg, "rsa-sha2-512") == 0 ||
|
||||
strcmp(alg, "rsa-sha2-512-cert-v01@openssh.com") == 0)
|
||||
return SSH_AGENT_RSA_SHA2_512;
|
||||
}
|
||||
return 0;
|
||||
|
@ -393,7 +456,8 @@ ssh_agent_sign(int sock, const struct sshkey *key,
|
|||
|
||||
|
||||
static int
|
||||
encode_constraints(struct sshbuf *m, u_int life, u_int confirm, u_int maxsign)
|
||||
encode_constraints(struct sshbuf *m, u_int life, u_int confirm, u_int maxsign,
|
||||
const char *provider)
|
||||
{
|
||||
int r;
|
||||
|
||||
|
@ -411,6 +475,14 @@ encode_constraints(struct sshbuf *m, u_int life, u_int confirm, u_int maxsign)
|
|||
(r = sshbuf_put_u32(m, maxsign)) != 0)
|
||||
goto out;
|
||||
}
|
||||
if (provider != NULL) {
|
||||
if ((r = sshbuf_put_u8(m,
|
||||
SSH_AGENT_CONSTRAIN_EXTENSION)) != 0 ||
|
||||
(r = sshbuf_put_cstring(m,
|
||||
"sk-provider@openssh.com")) != 0 ||
|
||||
(r = sshbuf_put_cstring(m, provider)) != 0)
|
||||
goto out;
|
||||
}
|
||||
r = 0;
|
||||
out:
|
||||
return r;
|
||||
|
@ -421,11 +493,12 @@ encode_constraints(struct sshbuf *m, u_int life, u_int confirm, u_int maxsign)
|
|||
* This call is intended only for use by ssh-add(1) and like applications.
|
||||
*/
|
||||
int
|
||||
ssh_add_identity_constrained(int sock, const struct sshkey *key,
|
||||
const char *comment, u_int life, u_int confirm, u_int maxsign)
|
||||
ssh_add_identity_constrained(int sock, struct sshkey *key,
|
||||
const char *comment, u_int life, u_int confirm, u_int maxsign,
|
||||
const char *provider)
|
||||
{
|
||||
struct sshbuf *msg;
|
||||
int r, constrained = (life || confirm || maxsign);
|
||||
int r, constrained = (life || confirm || maxsign || provider);
|
||||
u_char type;
|
||||
|
||||
if ((msg = sshbuf_new()) == NULL)
|
||||
|
@ -439,9 +512,13 @@ ssh_add_identity_constrained(int sock, const struct sshkey *key,
|
|||
case KEY_DSA_CERT:
|
||||
case KEY_ECDSA:
|
||||
case KEY_ECDSA_CERT:
|
||||
case KEY_ECDSA_SK:
|
||||
case KEY_ECDSA_SK_CERT:
|
||||
#endif
|
||||
case KEY_ED25519:
|
||||
case KEY_ED25519_CERT:
|
||||
case KEY_ED25519_SK:
|
||||
case KEY_ED25519_SK_CERT:
|
||||
case KEY_XMSS:
|
||||
case KEY_XMSS_CERT:
|
||||
type = constrained ?
|
||||
|
@ -449,7 +526,7 @@ ssh_add_identity_constrained(int sock, const struct sshkey *key,
|
|||
SSH2_AGENTC_ADD_IDENTITY;
|
||||
if ((r = sshbuf_put_u8(msg, type)) != 0 ||
|
||||
(r = sshkey_private_serialize_maxsign(key, msg, maxsign,
|
||||
NULL)) != 0 ||
|
||||
0)) != 0 ||
|
||||
(r = sshbuf_put_cstring(msg, comment)) != 0)
|
||||
goto out;
|
||||
break;
|
||||
|
@ -458,13 +535,13 @@ ssh_add_identity_constrained(int sock, const struct sshkey *key,
|
|||
goto out;
|
||||
}
|
||||
if (constrained &&
|
||||
(r = encode_constraints(msg, life, confirm, maxsign)) != 0)
|
||||
(r = encode_constraints(msg, life, confirm, maxsign,
|
||||
provider)) != 0)
|
||||
goto out;
|
||||
if ((r = ssh_request_reply(sock, msg, msg)) != 0)
|
||||
if ((r = ssh_request_reply_decode(sock, msg)) != 0)
|
||||
goto out;
|
||||
if ((r = sshbuf_get_u8(msg, &type)) != 0)
|
||||
goto out;
|
||||
r = decode_reply(type);
|
||||
/* success */
|
||||
r = 0;
|
||||
out:
|
||||
sshbuf_free(msg);
|
||||
return r;
|
||||
|
@ -475,11 +552,11 @@ ssh_add_identity_constrained(int sock, const struct sshkey *key,
|
|||
* This call is intended only for use by ssh-add(1) and like applications.
|
||||
*/
|
||||
int
|
||||
ssh_remove_identity(int sock, struct sshkey *key)
|
||||
ssh_remove_identity(int sock, const struct sshkey *key)
|
||||
{
|
||||
struct sshbuf *msg;
|
||||
int r;
|
||||
u_char type, *blob = NULL;
|
||||
u_char *blob = NULL;
|
||||
size_t blen;
|
||||
|
||||
if ((msg = sshbuf_new()) == NULL)
|
||||
|
@ -496,16 +573,13 @@ ssh_remove_identity(int sock, struct sshkey *key)
|
|||
r = SSH_ERR_INVALID_ARGUMENT;
|
||||
goto out;
|
||||
}
|
||||
if ((r = ssh_request_reply(sock, msg, msg)) != 0)
|
||||
if ((r = ssh_request_reply_decode(sock, msg)) != 0)
|
||||
goto out;
|
||||
if ((r = sshbuf_get_u8(msg, &type)) != 0)
|
||||
goto out;
|
||||
r = decode_reply(type);
|
||||
/* success */
|
||||
r = 0;
|
||||
out:
|
||||
if (blob != NULL) {
|
||||
explicit_bzero(blob, blen);
|
||||
free(blob);
|
||||
}
|
||||
if (blob != NULL)
|
||||
freezero(blob, blen);
|
||||
sshbuf_free(msg);
|
||||
return r;
|
||||
}
|
||||
|
@ -536,13 +610,12 @@ ssh_update_card(int sock, int add, const char *reader_id, const char *pin,
|
|||
(r = sshbuf_put_cstring(msg, pin)) != 0)
|
||||
goto out;
|
||||
if (constrained &&
|
||||
(r = encode_constraints(msg, life, confirm, 0)) != 0)
|
||||
(r = encode_constraints(msg, life, confirm, 0, NULL)) != 0)
|
||||
goto out;
|
||||
if ((r = ssh_request_reply(sock, msg, msg)) != 0)
|
||||
if ((r = ssh_request_reply_decode(sock, msg)) != 0)
|
||||
goto out;
|
||||
if ((r = sshbuf_get_u8(msg, &type)) != 0)
|
||||
goto out;
|
||||
r = decode_reply(type);
|
||||
/* success */
|
||||
r = 0;
|
||||
out:
|
||||
sshbuf_free(msg);
|
||||
return r;
|
||||
|
@ -569,11 +642,10 @@ ssh_remove_all_identities(int sock, int version)
|
|||
return SSH_ERR_ALLOC_FAIL;
|
||||
if ((r = sshbuf_put_u8(msg, type)) != 0)
|
||||
goto out;
|
||||
if ((r = ssh_request_reply(sock, msg, msg)) != 0)
|
||||
if ((r = ssh_request_reply_decode(sock, msg)) != 0)
|
||||
goto out;
|
||||
if ((r = sshbuf_get_u8(msg, &type)) != 0)
|
||||
goto out;
|
||||
r = decode_reply(type);
|
||||
/* success */
|
||||
r = 0;
|
||||
out:
|
||||
sshbuf_free(msg);
|
||||
return r;
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: authfd.h,v 1.44 2018/07/12 04:35:25 djm Exp $ */
|
||||
/* $OpenBSD: authfd.h,v 1.49 2020/06/26 05:03:36 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
|
@ -24,14 +24,17 @@ struct ssh_identitylist {
|
|||
};
|
||||
|
||||
int ssh_get_authentication_socket(int *fdp);
|
||||
int ssh_get_authentication_socket_path(const char *authsocket, int *fdp);
|
||||
void ssh_close_authentication_socket(int sock);
|
||||
|
||||
int ssh_lock_agent(int sock, int lock, const char *password);
|
||||
int ssh_fetch_identitylist(int sock, struct ssh_identitylist **idlp);
|
||||
void ssh_free_identitylist(struct ssh_identitylist *idl);
|
||||
int ssh_add_identity_constrained(int sock, const struct sshkey *key,
|
||||
const char *comment, u_int life, u_int confirm, u_int maxsign);
|
||||
int ssh_remove_identity(int sock, struct sshkey *key);
|
||||
int ssh_add_identity_constrained(int sock, struct sshkey *key,
|
||||
const char *comment, u_int life, u_int confirm, u_int maxsign,
|
||||
const char *provider);
|
||||
int ssh_agent_has_key(int sock, const struct sshkey *key);
|
||||
int ssh_remove_identity(int sock, const struct sshkey *key);
|
||||
int ssh_update_card(int sock, int add, const char *reader_id,
|
||||
const char *pin, u_int life, u_int confirm);
|
||||
int ssh_remove_all_identities(int sock, int version);
|
||||
|
@ -76,6 +79,7 @@ int ssh_agent_sign(int sock, const struct sshkey *key,
|
|||
#define SSH_AGENT_CONSTRAIN_LIFETIME 1
|
||||
#define SSH_AGENT_CONSTRAIN_CONFIRM 2
|
||||
#define SSH_AGENT_CONSTRAIN_MAXSIGN 3
|
||||
#define SSH_AGENT_CONSTRAIN_EXTENSION 255
|
||||
|
||||
/* extended failure messages */
|
||||
#define SSH2_AGENT_FAILURE 30
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: authfile.c,v 1.131 2018/09/21 12:20:12 djm Exp $ */
|
||||
/* $OpenBSD: authfile.c,v 1.141 2020/06/18 23:33:38 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2000, 2013 Markus Friedl. All rights reserved.
|
||||
*
|
||||
|
@ -55,26 +55,19 @@
|
|||
static int
|
||||
sshkey_save_private_blob(struct sshbuf *keybuf, const char *filename)
|
||||
{
|
||||
int fd, oerrno;
|
||||
int r;
|
||||
mode_t omask;
|
||||
|
||||
if ((fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0600)) < 0)
|
||||
return SSH_ERR_SYSTEM_ERROR;
|
||||
if (atomicio(vwrite, fd, sshbuf_mutable_ptr(keybuf),
|
||||
sshbuf_len(keybuf)) != sshbuf_len(keybuf)) {
|
||||
oerrno = errno;
|
||||
close(fd);
|
||||
unlink(filename);
|
||||
errno = oerrno;
|
||||
return SSH_ERR_SYSTEM_ERROR;
|
||||
}
|
||||
close(fd);
|
||||
return 0;
|
||||
omask = umask(077);
|
||||
r = sshbuf_write_file(filename, keybuf);
|
||||
umask(omask);
|
||||
return r;
|
||||
}
|
||||
|
||||
int
|
||||
sshkey_save_private(struct sshkey *key, const char *filename,
|
||||
const char *passphrase, const char *comment,
|
||||
int force_new_format, const char *new_format_cipher, int new_format_rounds)
|
||||
int format, const char *openssh_format_cipher, int openssh_format_rounds)
|
||||
{
|
||||
struct sshbuf *keyblob = NULL;
|
||||
int r;
|
||||
|
@ -82,7 +75,7 @@ sshkey_save_private(struct sshkey *key, const char *filename,
|
|||
if ((keyblob = sshbuf_new()) == NULL)
|
||||
return SSH_ERR_ALLOC_FAIL;
|
||||
if ((r = sshkey_private_to_fileblob(key, keyblob, passphrase, comment,
|
||||
force_new_format, new_format_cipher, new_format_rounds)) != 0)
|
||||
format, openssh_format_cipher, openssh_format_rounds)) != 0)
|
||||
goto out;
|
||||
if ((r = sshkey_save_private_blob(keyblob, filename)) != 0)
|
||||
goto out;
|
||||
|
@ -92,56 +85,13 @@ sshkey_save_private(struct sshkey *key, const char *filename,
|
|||
return r;
|
||||
}
|
||||
|
||||
/* Load a key from a fd into a buffer */
|
||||
int
|
||||
sshkey_load_file(int fd, struct sshbuf *blob)
|
||||
{
|
||||
u_char buf[1024];
|
||||
size_t len;
|
||||
struct stat st;
|
||||
int r;
|
||||
|
||||
if (fstat(fd, &st) < 0)
|
||||
return SSH_ERR_SYSTEM_ERROR;
|
||||
if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 &&
|
||||
st.st_size > MAX_KEY_FILE_SIZE)
|
||||
return SSH_ERR_INVALID_FORMAT;
|
||||
for (;;) {
|
||||
if ((len = atomicio(read, fd, buf, sizeof(buf))) == 0) {
|
||||
if (errno == EPIPE)
|
||||
break;
|
||||
r = SSH_ERR_SYSTEM_ERROR;
|
||||
goto out;
|
||||
}
|
||||
if ((r = sshbuf_put(blob, buf, len)) != 0)
|
||||
goto out;
|
||||
if (sshbuf_len(blob) > MAX_KEY_FILE_SIZE) {
|
||||
r = SSH_ERR_INVALID_FORMAT;
|
||||
goto out;
|
||||
}
|
||||
}
|
||||
if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 &&
|
||||
st.st_size != (off_t)sshbuf_len(blob)) {
|
||||
r = SSH_ERR_FILE_CHANGED;
|
||||
goto out;
|
||||
}
|
||||
r = 0;
|
||||
|
||||
out:
|
||||
explicit_bzero(buf, sizeof(buf));
|
||||
if (r != 0)
|
||||
sshbuf_reset(blob);
|
||||
return r;
|
||||
}
|
||||
|
||||
|
||||
/* XXX remove error() calls from here? */
|
||||
int
|
||||
sshkey_perm_ok(int fd, const char *filename)
|
||||
{
|
||||
struct stat st;
|
||||
|
||||
if (fstat(fd, &st) < 0)
|
||||
if (fstat(fd, &st) == -1)
|
||||
return SSH_ERR_SYSTEM_ERROR;
|
||||
/*
|
||||
* if a key owned by the user is accessed, then we check the
|
||||
|
@ -164,10 +114,9 @@ sshkey_perm_ok(int fd, const char *filename)
|
|||
return 0;
|
||||
}
|
||||
|
||||
/* XXX kill perm_ok now that we have SSH_ERR_KEY_BAD_PERMISSIONS? */
|
||||
int
|
||||
sshkey_load_private_type(int type, const char *filename, const char *passphrase,
|
||||
struct sshkey **keyp, char **commentp, int *perm_ok)
|
||||
struct sshkey **keyp, char **commentp)
|
||||
{
|
||||
int fd, r;
|
||||
|
||||
|
@ -176,19 +125,12 @@ sshkey_load_private_type(int type, const char *filename, const char *passphrase,
|
|||
if (commentp != NULL)
|
||||
*commentp = NULL;
|
||||
|
||||
if ((fd = open(filename, O_RDONLY)) < 0) {
|
||||
if (perm_ok != NULL)
|
||||
*perm_ok = 0;
|
||||
if ((fd = open(filename, O_RDONLY)) == -1)
|
||||
return SSH_ERR_SYSTEM_ERROR;
|
||||
}
|
||||
if (sshkey_perm_ok(fd, filename) != 0) {
|
||||
if (perm_ok != NULL)
|
||||
*perm_ok = 0;
|
||||
r = SSH_ERR_KEY_BAD_PERMISSIONS;
|
||||
|
||||
r = sshkey_perm_ok(fd, filename);
|
||||
if (r != 0)
|
||||
goto out;
|
||||
}
|
||||
if (perm_ok != NULL)
|
||||
*perm_ok = 1;
|
||||
|
||||
r = sshkey_load_private_type_fd(fd, type, passphrase, keyp, commentp);
|
||||
if (r == 0 && keyp && *keyp)
|
||||
|
@ -198,6 +140,14 @@ sshkey_load_private_type(int type, const char *filename, const char *passphrase,
|
|||
return r;
|
||||
}
|
||||
|
||||
int
|
||||
sshkey_load_private(const char *filename, const char *passphrase,
|
||||
struct sshkey **keyp, char **commentp)
|
||||
{
|
||||
return sshkey_load_private_type(KEY_UNSPEC, filename, passphrase,
|
||||
keyp, commentp);
|
||||
}
|
||||
|
||||
int
|
||||
sshkey_load_private_type_fd(int fd, int type, const char *passphrase,
|
||||
struct sshkey **keyp, char **commentp)
|
||||
|
@ -207,11 +157,7 @@ sshkey_load_private_type_fd(int fd, int type, const char *passphrase,
|
|||
|
||||
if (keyp != NULL)
|
||||
*keyp = NULL;
|
||||
if ((buffer = sshbuf_new()) == NULL) {
|
||||
r = SSH_ERR_ALLOC_FAIL;
|
||||
goto out;
|
||||
}
|
||||
if ((r = sshkey_load_file(fd, buffer)) != 0 ||
|
||||
if ((r = sshbuf_load_fd(fd, &buffer)) != 0 ||
|
||||
(r = sshkey_parse_private_fileblob_type(buffer, type,
|
||||
passphrase, keyp, commentp)) != 0)
|
||||
goto out;
|
||||
|
@ -223,56 +169,57 @@ sshkey_load_private_type_fd(int fd, int type, const char *passphrase,
|
|||
return r;
|
||||
}
|
||||
|
||||
/* XXX this is almost identical to sshkey_load_private_type() */
|
||||
int
|
||||
sshkey_load_private(const char *filename, const char *passphrase,
|
||||
struct sshkey **keyp, char **commentp)
|
||||
/* Load a pubkey from the unencrypted envelope of a new-format private key */
|
||||
static int
|
||||
sshkey_load_pubkey_from_private(const char *filename, struct sshkey **pubkeyp)
|
||||
{
|
||||
struct sshbuf *buffer = NULL;
|
||||
struct sshkey *pubkey = NULL;
|
||||
int r, fd;
|
||||
|
||||
if (keyp != NULL)
|
||||
*keyp = NULL;
|
||||
if (commentp != NULL)
|
||||
*commentp = NULL;
|
||||
if (pubkeyp != NULL)
|
||||
*pubkeyp = NULL;
|
||||
|
||||
if ((fd = open(filename, O_RDONLY)) < 0)
|
||||
if ((fd = open(filename, O_RDONLY)) == -1)
|
||||
return SSH_ERR_SYSTEM_ERROR;
|
||||
if (sshkey_perm_ok(fd, filename) != 0) {
|
||||
r = SSH_ERR_KEY_BAD_PERMISSIONS;
|
||||
if ((r = sshbuf_load_fd(fd, &buffer)) != 0 ||
|
||||
(r = sshkey_parse_pubkey_from_private_fileblob_type(buffer,
|
||||
KEY_UNSPEC, &pubkey)) != 0)
|
||||
goto out;
|
||||
if ((r = sshkey_set_filename(pubkey, filename)) != 0)
|
||||
goto out;
|
||||
/* success */
|
||||
if (pubkeyp != NULL) {
|
||||
*pubkeyp = pubkey;
|
||||
pubkey = NULL;
|
||||
}
|
||||
|
||||
if ((buffer = sshbuf_new()) == NULL) {
|
||||
r = SSH_ERR_ALLOC_FAIL;
|
||||
goto out;
|
||||
}
|
||||
if ((r = sshkey_load_file(fd, buffer)) != 0 ||
|
||||
(r = sshkey_parse_private_fileblob(buffer, passphrase, keyp,
|
||||
commentp)) != 0)
|
||||
goto out;
|
||||
if (keyp && *keyp &&
|
||||
(r = sshkey_set_filename(*keyp, filename)) != 0)
|
||||
goto out;
|
||||
r = 0;
|
||||
out:
|
||||
close(fd);
|
||||
sshbuf_free(buffer);
|
||||
sshkey_free(pubkey);
|
||||
return r;
|
||||
}
|
||||
|
||||
static int
|
||||
sshkey_try_load_public(struct sshkey *k, const char *filename, char **commentp)
|
||||
sshkey_try_load_public(struct sshkey **kp, const char *filename,
|
||||
char **commentp)
|
||||
{
|
||||
FILE *f;
|
||||
char *line = NULL, *cp;
|
||||
size_t linesize = 0;
|
||||
int r;
|
||||
struct sshkey *k = NULL;
|
||||
|
||||
*kp = NULL;
|
||||
if (commentp != NULL)
|
||||
*commentp = NULL;
|
||||
if ((f = fopen(filename, "r")) == NULL)
|
||||
return SSH_ERR_SYSTEM_ERROR;
|
||||
if ((k = sshkey_new(KEY_UNSPEC)) == NULL) {
|
||||
fclose(f);
|
||||
return SSH_ERR_ALLOC_FAIL;
|
||||
}
|
||||
while (getline(&line, &linesize, f) != -1) {
|
||||
cp = line;
|
||||
switch (*cp) {
|
||||
|
@ -297,12 +244,15 @@ sshkey_try_load_public(struct sshkey *k, const char *filename, char **commentp)
|
|||
if (*commentp == NULL)
|
||||
r = SSH_ERR_ALLOC_FAIL;
|
||||
}
|
||||
/* success */
|
||||
*kp = k;
|
||||
free(line);
|
||||
fclose(f);
|
||||
return r;
|
||||
}
|
||||
}
|
||||
}
|
||||
free(k);
|
||||
free(line);
|
||||
fclose(f);
|
||||
return SSH_ERR_INVALID_FORMAT;
|
||||
|
@ -312,44 +262,35 @@ sshkey_try_load_public(struct sshkey *k, const char *filename, char **commentp)
|
|||
int
|
||||
sshkey_load_public(const char *filename, struct sshkey **keyp, char **commentp)
|
||||
{
|
||||
struct sshkey *pub = NULL;
|
||||
char *file = NULL;
|
||||
int r;
|
||||
char *pubfile = NULL;
|
||||
int r, oerrno;
|
||||
|
||||
if (keyp != NULL)
|
||||
*keyp = NULL;
|
||||
if (commentp != NULL)
|
||||
*commentp = NULL;
|
||||
|
||||
if ((pub = sshkey_new(KEY_UNSPEC)) == NULL)
|
||||
return SSH_ERR_ALLOC_FAIL;
|
||||
if ((r = sshkey_try_load_public(pub, filename, commentp)) == 0) {
|
||||
if (keyp != NULL) {
|
||||
*keyp = pub;
|
||||
pub = NULL;
|
||||
}
|
||||
r = 0;
|
||||
if ((r = sshkey_try_load_public(keyp, filename, commentp)) == 0)
|
||||
goto out;
|
||||
}
|
||||
sshkey_free(pub);
|
||||
|
||||
/* try .pub suffix */
|
||||
if (asprintf(&file, "%s.pub", filename) == -1)
|
||||
if (asprintf(&pubfile, "%s.pub", filename) == -1)
|
||||
return SSH_ERR_ALLOC_FAIL;
|
||||
if ((pub = sshkey_new(KEY_UNSPEC)) == NULL) {
|
||||
r = SSH_ERR_ALLOC_FAIL;
|
||||
if ((r = sshkey_try_load_public(keyp, pubfile, commentp)) == 0)
|
||||
goto out;
|
||||
}
|
||||
if ((r = sshkey_try_load_public(pub, file, commentp)) == 0) {
|
||||
if (keyp != NULL) {
|
||||
*keyp = pub;
|
||||
pub = NULL;
|
||||
}
|
||||
r = 0;
|
||||
}
|
||||
|
||||
/* finally, try to extract public key from private key file */
|
||||
if ((r = sshkey_load_pubkey_from_private(filename, keyp)) == 0)
|
||||
goto out;
|
||||
|
||||
/* Pretend we couldn't find the key */
|
||||
r = SSH_ERR_SYSTEM_ERROR;
|
||||
errno = ENOENT;
|
||||
|
||||
out:
|
||||
free(file);
|
||||
sshkey_free(pub);
|
||||
oerrno = errno;
|
||||
free(pubfile);
|
||||
errno = oerrno;
|
||||
return r;
|
||||
}
|
||||
|
||||
|
@ -367,18 +308,7 @@ sshkey_load_cert(const char *filename, struct sshkey **keyp)
|
|||
if (asprintf(&file, "%s-cert.pub", filename) == -1)
|
||||
return SSH_ERR_ALLOC_FAIL;
|
||||
|
||||
if ((pub = sshkey_new(KEY_UNSPEC)) == NULL) {
|
||||
goto out;
|
||||
}
|
||||
if ((r = sshkey_try_load_public(pub, file, NULL)) != 0)
|
||||
goto out;
|
||||
/* success */
|
||||
if (keyp != NULL) {
|
||||
*keyp = pub;
|
||||
pub = NULL;
|
||||
}
|
||||
r = 0;
|
||||
out:
|
||||
r = sshkey_try_load_public(keyp, file, NULL);
|
||||
free(file);
|
||||
sshkey_free(pub);
|
||||
return r;
|
||||
|
@ -387,7 +317,7 @@ sshkey_load_cert(const char *filename, struct sshkey **keyp)
|
|||
/* Load private key and certificate */
|
||||
int
|
||||
sshkey_load_private_cert(int type, const char *filename, const char *passphrase,
|
||||
struct sshkey **keyp, int *perm_ok)
|
||||
struct sshkey **keyp)
|
||||
{
|
||||
struct sshkey *key = NULL, *cert = NULL;
|
||||
int r;
|
||||
|
@ -410,7 +340,7 @@ sshkey_load_private_cert(int type, const char *filename, const char *passphrase,
|
|||
}
|
||||
|
||||
if ((r = sshkey_load_private_type(type, filename,
|
||||
passphrase, &key, NULL, perm_ok)) != 0 ||
|
||||
passphrase, &key, NULL)) != 0 ||
|
||||
(r = sshkey_load_cert(filename, &cert)) != 0)
|
||||
goto out;
|
||||
|
||||
|
@ -536,3 +466,56 @@ sshkey_check_revoked(struct sshkey *key, const char *revoked_keys_file)
|
|||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Advanced *cpp past the end of key options, defined as the first unquoted
|
||||
* whitespace character. Returns 0 on success or -1 on failure (e.g.
|
||||
* unterminated quotes).
|
||||
*/
|
||||
int
|
||||
sshkey_advance_past_options(char **cpp)
|
||||
{
|
||||
char *cp = *cpp;
|
||||
int quoted = 0;
|
||||
|
||||
for (; *cp && (quoted || (*cp != ' ' && *cp != '\t')); cp++) {
|
||||
if (*cp == '\\' && cp[1] == '"')
|
||||
cp++; /* Skip both */
|
||||
else if (*cp == '"')
|
||||
quoted = !quoted;
|
||||
}
|
||||
*cpp = cp;
|
||||
/* return failure for unterminated quotes */
|
||||
return (*cp == '\0' && quoted) ? -1 : 0;
|
||||
}
|
||||
|
||||
/* Save a public key */
|
||||
int
|
||||
sshkey_save_public(const struct sshkey *key, const char *path,
|
||||
const char *comment)
|
||||
{
|
||||
int fd, oerrno;
|
||||
FILE *f = NULL;
|
||||
int r = SSH_ERR_INTERNAL_ERROR;
|
||||
|
||||
if ((fd = open(path, O_WRONLY|O_CREAT|O_TRUNC, 0644)) == -1)
|
||||
return SSH_ERR_SYSTEM_ERROR;
|
||||
if ((f = fdopen(fd, "w")) == NULL) {
|
||||
r = SSH_ERR_SYSTEM_ERROR;
|
||||
goto fail;
|
||||
}
|
||||
if ((r = sshkey_write(key, f)) != 0)
|
||||
goto fail;
|
||||
fprintf(f, " %s\n", comment);
|
||||
if (ferror(f) || fclose(f) != 0) {
|
||||
r = SSH_ERR_SYSTEM_ERROR;
|
||||
fail:
|
||||
oerrno = errno;
|
||||
if (f != NULL)
|
||||
fclose(f);
|
||||
else
|
||||
close(fd);
|
||||
errno = oerrno;
|
||||
return r;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: authfile.h,v 1.21 2015/01/08 10:14:08 djm Exp $ */
|
||||
/* $OpenBSD: authfile.h,v 1.25 2020/01/25 23:02:13 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2000, 2013 Markus Friedl. All rights reserved.
|
||||
|
@ -35,18 +35,20 @@ struct sshkey;
|
|||
|
||||
int sshkey_save_private(struct sshkey *, const char *,
|
||||
const char *, const char *, int, const char *, int);
|
||||
int sshkey_load_file(int, struct sshbuf *);
|
||||
int sshkey_load_cert(const char *, struct sshkey **);
|
||||
int sshkey_load_public(const char *, struct sshkey **, char **);
|
||||
int sshkey_load_private(const char *, const char *, struct sshkey **, char **);
|
||||
int sshkey_load_private_cert(int, const char *, const char *,
|
||||
struct sshkey **, int *);
|
||||
struct sshkey **);
|
||||
int sshkey_load_private_type(int, const char *, const char *,
|
||||
struct sshkey **, char **, int *);
|
||||
struct sshkey **, char **);
|
||||
int sshkey_load_private_type_fd(int fd, int type, const char *passphrase,
|
||||
struct sshkey **keyp, char **commentp);
|
||||
int sshkey_perm_ok(int, const char *);
|
||||
int sshkey_in_file(struct sshkey *, const char *, int, int);
|
||||
int sshkey_check_revoked(struct sshkey *key, const char *revoked_keys_file);
|
||||
int sshkey_advance_past_options(char **cpp);
|
||||
int sshkey_save_public(const struct sshkey *key, const char *path,
|
||||
const char *comment);
|
||||
|
||||
#endif
|
||||
|
|
|
@ -76,7 +76,7 @@ im_log(int priority, const char *message, va_list args)
|
|||
default:
|
||||
imlevel = SYSLOG_LEVEL_DEBUG2;
|
||||
}
|
||||
do_log(imlevel, message, args);
|
||||
do_log2(imlevel, message, args);
|
||||
}
|
||||
|
||||
void
|
||||
|
@ -91,7 +91,7 @@ void
|
|||
blacklist_notify(int action, const char *msg)
|
||||
{
|
||||
|
||||
if (blstate != NULL && packet_connection_is_on_socket())
|
||||
if (blstate != NULL && ssh_packet_connection_is_on_socket(NULL))
|
||||
(void)blacklist_r(blstate, action,
|
||||
packet_get_connection_in(), msg);
|
||||
ssh_packet_get_connection_in(NULL), msg);
|
||||
}
|
||||
|
|
|
@ -268,7 +268,7 @@ then
|
|||
touch space
|
||||
else
|
||||
cat > space << _EOF
|
||||
# extra space required by start/stop links added by installf
|
||||
# extra space required by start/stop links added by installf
|
||||
# in postinstall
|
||||
$TEST_DIR/etc/rc0.d/${SYSVINITSTOPT}${SYSVINIT_NAME} 0 1
|
||||
$TEST_DIR/etc/rc2.d/${SYSVINITSTART}${SYSVINIT_NAME} 0 1
|
||||
|
@ -293,7 +293,7 @@ cat >> preinstall << _EOF
|
|||
#
|
||||
if [ "\${PRE_INS_STOP}" = "yes" ]
|
||||
then
|
||||
if [ $DO_SMF -eq 1 ]
|
||||
if [ $DO_SMF -eq 1 ]
|
||||
then
|
||||
svcadm disable $OPENSSH_FMRI
|
||||
else
|
||||
|
@ -326,7 +326,7 @@ cat > postinstall << _EOF
|
|||
|
||||
if [ $DO_SMF -eq 1 ]
|
||||
then
|
||||
# Delete the existing service, if it exists, then import the
|
||||
# Delete the existing service, if it exists, then import the
|
||||
# new one.
|
||||
if svcs $OPENSSH_FMRI > /dev/null 2>&1
|
||||
then
|
||||
|
@ -438,7 +438,7 @@ echo "Building preremove file..."
|
|||
cat > preremove << _EOF
|
||||
#! ${SCRIPT_SHELL}
|
||||
#
|
||||
if [ $DO_SMF -eq 1 ]
|
||||
if [ $DO_SMF -eq 1 ]
|
||||
then
|
||||
svcadm disable $OPENSSH_FMRI
|
||||
else
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: canohost.c,v 1.73 2016/03/07 19:02:43 djm Exp $ */
|
||||
/* $OpenBSD: canohost.c,v 1.75 2020/10/18 11:32:01 djm Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
|
@ -96,7 +96,7 @@ get_socket_address(int sock, int remote, int flags)
|
|||
/* Get the address in ascii. */
|
||||
if ((r = getnameinfo((struct sockaddr *)&addr, addrlen, ntop,
|
||||
sizeof(ntop), NULL, 0, flags)) != 0) {
|
||||
error("%s: getnameinfo %d failed: %s", __func__,
|
||||
error_f("getnameinfo %d failed: %s",
|
||||
flags, ssh_gai_strerror(r));
|
||||
return NULL;
|
||||
}
|
||||
|
@ -141,7 +141,7 @@ get_local_name(int fd)
|
|||
|
||||
/* Handle the case where we were passed a pipe */
|
||||
if (gethostname(myname, sizeof(myname)) == -1) {
|
||||
verbose("%s: gethostname: %s", __func__, strerror(errno));
|
||||
verbose_f("gethostname: %s", strerror(errno));
|
||||
host = xstrdup("UNKNOWN");
|
||||
} else {
|
||||
host = xstrdup(myname);
|
||||
|
@ -164,12 +164,12 @@ get_sock_port(int sock, int local)
|
|||
fromlen = sizeof(from);
|
||||
memset(&from, 0, sizeof(from));
|
||||
if (local) {
|
||||
if (getsockname(sock, (struct sockaddr *)&from, &fromlen) < 0) {
|
||||
if (getsockname(sock, (struct sockaddr *)&from, &fromlen) == -1) {
|
||||
error("getsockname failed: %.100s", strerror(errno));
|
||||
return 0;
|
||||
}
|
||||
} else {
|
||||
if (getpeername(sock, (struct sockaddr *)&from, &fromlen) < 0) {
|
||||
if (getpeername(sock, (struct sockaddr *)&from, &fromlen) == -1) {
|
||||
debug("getpeername failed: %.100s", strerror(errno));
|
||||
return -1;
|
||||
}
|
||||
|
@ -186,7 +186,7 @@ get_sock_port(int sock, int local)
|
|||
/* Return port number. */
|
||||
if ((r = getnameinfo((struct sockaddr *)&from, fromlen, NULL, 0,
|
||||
strport, sizeof(strport), NI_NUMERICSERV)) != 0)
|
||||
fatal("%s: getnameinfo NI_NUMERICSERV failed: %s", __func__,
|
||||
fatal_f("getnameinfo NI_NUMERICSERV failed: %s",
|
||||
ssh_gai_strerror(r));
|
||||
return atoi(strport);
|
||||
}
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: chacha.h,v 1.4 2016/08/27 04:04:56 guenther Exp $ */
|
||||
/* $OpenBSD: chacha.h,v 1.5 2021/04/03 05:54:14 djm Exp $ */
|
||||
|
||||
/*
|
||||
chacha-merged.c version 20080118
|
||||
|
@ -16,7 +16,7 @@ struct chacha_ctx {
|
|||
u_int input[16];
|
||||
};
|
||||
|
||||
#define CHACHA_MINKEYLEN 16
|
||||
#define CHACHA_MINKEYLEN 16
|
||||
#define CHACHA_NONCELEN 8
|
||||
#define CHACHA_CTRLEN 8
|
||||
#define CHACHA_STATELEN (CHACHA_NONCELEN+CHACHA_CTRLEN)
|
||||
|
|
File diff suppressed because it is too large
Load diff
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: channels.h,v 1.132 2018/10/04 00:10:11 djm Exp $ */
|
||||
/* $OpenBSD: channels.h,v 1.138 2021/05/19 01:24:05 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
|
@ -52,17 +52,27 @@
|
|||
#define SSH_CHANNEL_DYNAMIC 13
|
||||
#define SSH_CHANNEL_ZOMBIE 14 /* Almost dead. */
|
||||
#define SSH_CHANNEL_MUX_LISTENER 15 /* Listener for mux conn. */
|
||||
#define SSH_CHANNEL_MUX_CLIENT 16 /* Conn. to mux slave */
|
||||
#define SSH_CHANNEL_MUX_CLIENT 16 /* Conn. to mux client */
|
||||
#define SSH_CHANNEL_ABANDONED 17 /* Abandoned session, eg mux */
|
||||
#define SSH_CHANNEL_UNIX_LISTENER 18 /* Listening on a domain socket. */
|
||||
#define SSH_CHANNEL_RUNIX_LISTENER 19 /* Listening to a R-style domain socket. */
|
||||
#define SSH_CHANNEL_MUX_PROXY 20 /* proxy channel for mux-slave */
|
||||
#define SSH_CHANNEL_MUX_PROXY 20 /* proxy channel for mux-client */
|
||||
#define SSH_CHANNEL_RDYNAMIC_OPEN 21 /* reverse SOCKS, parsing request */
|
||||
#define SSH_CHANNEL_RDYNAMIC_FINISH 22 /* reverse SOCKS, finishing connect */
|
||||
#define SSH_CHANNEL_MAX_TYPE 23
|
||||
|
||||
#define CHANNEL_CANCEL_PORT_STATIC -1
|
||||
|
||||
/* nonblocking flags for channel_new */
|
||||
#define CHANNEL_NONBLOCK_LEAVE 0 /* don't modify non-blocking state */
|
||||
#define CHANNEL_NONBLOCK_SET 1 /* set non-blocking state */
|
||||
#define CHANNEL_NONBLOCK_STDIO 2 /* set non-blocking and restore on close */
|
||||
|
||||
/* c->restore_block mask flags */
|
||||
#define CHANNEL_RESTORE_RFD 0x01
|
||||
#define CHANNEL_RESTORE_WFD 0x02
|
||||
#define CHANNEL_RESTORE_EFD 0x04
|
||||
|
||||
/* TCP forwarding */
|
||||
#define FORWARD_DENY 0
|
||||
#define FORWARD_REMOTE (1)
|
||||
|
@ -105,8 +115,16 @@ struct channel_connect {
|
|||
/* Callbacks for mux channels back into client-specific code */
|
||||
typedef int mux_callback_fn(struct ssh *, struct Channel *);
|
||||
|
||||
/*
|
||||
* NB. channel IDs on the wire and in c->remote_id are uint32, but local
|
||||
* channel IDs (e.g. c->self) only ever use the int32 subset of this range,
|
||||
* because we use local channel ID -1 for housekeeping. Remote channels have
|
||||
* a dedicated "have_remote_id" flag to indicate their validity.
|
||||
*/
|
||||
|
||||
struct Channel {
|
||||
int type; /* channel type/state */
|
||||
|
||||
int self; /* my own channel identifier */
|
||||
uint32_t remote_id; /* channel identifier for remote peer */
|
||||
int have_remote_id; /* non-zero if remote_id is valid */
|
||||
|
@ -131,6 +149,7 @@ struct Channel {
|
|||
* to a matching pre-select handler.
|
||||
* this way post-select handlers are not
|
||||
* accidentally called if a FD gets reused */
|
||||
int restore_block; /* fd mask to restore blocking status */
|
||||
struct sshbuf *input; /* data read from socket, to be sent over
|
||||
* encrypted connection */
|
||||
struct sshbuf *output; /* data received over encrypted connection for
|
||||
|
@ -169,7 +188,7 @@ struct Channel {
|
|||
channel_filter_cleanup_fn *filter_cleanup;
|
||||
|
||||
/* keep boundaries */
|
||||
int datagram;
|
||||
int datagram;
|
||||
|
||||
/* non-blocking connect */
|
||||
/* XXX make this a pointer so the structure can be opaque */
|
||||
|
@ -179,7 +198,7 @@ struct Channel {
|
|||
mux_callback_fn *mux_rcb;
|
||||
void *mux_ctx;
|
||||
int mux_pause;
|
||||
int mux_downstream_id;
|
||||
int mux_downstream_id;
|
||||
};
|
||||
|
||||
#define CHAN_EXTENDED_IGNORE 0
|
||||
|
@ -215,6 +234,9 @@ struct Channel {
|
|||
/* Read buffer size */
|
||||
#define CHAN_RBUF (16*1024)
|
||||
|
||||
/* Maximum channel input buffer size */
|
||||
#define CHAN_INPUT_MAX (16*1024*1024)
|
||||
|
||||
/* Hard limit on number of channels */
|
||||
#define CHANNELS_MAX_CHANNELS (16*1024)
|
||||
|
||||
|
@ -255,7 +277,7 @@ void channel_register_filter(struct ssh *, int, channel_infilter_fn *,
|
|||
void channel_register_status_confirm(struct ssh *, int,
|
||||
channel_confirm_cb *, channel_confirm_abandon_cb *, void *);
|
||||
void channel_cancel_cleanup(struct ssh *, int);
|
||||
int channel_close_fd(struct ssh *, int *);
|
||||
int channel_close_fd(struct ssh *, Channel *, int *);
|
||||
void channel_send_window_changes(struct ssh *);
|
||||
|
||||
/* mux proxy support */
|
||||
|
@ -278,7 +300,7 @@ int channel_input_status_confirm(int, u_int32_t, struct ssh *);
|
|||
/* file descriptor handling (read/write) */
|
||||
|
||||
void channel_prepare_select(struct ssh *, fd_set **, fd_set **, int *,
|
||||
u_int*, time_t*);
|
||||
u_int*, time_t*);
|
||||
void channel_after_select(struct ssh *, fd_set *, fd_set *);
|
||||
void channel_output_poll(struct ssh *);
|
||||
|
||||
|
@ -302,7 +324,7 @@ Channel *channel_connect_to_port(struct ssh *, const char *, u_short,
|
|||
char *, char *, int *, const char **);
|
||||
Channel *channel_connect_to_path(struct ssh *, const char *, char *, char *);
|
||||
Channel *channel_connect_stdio_fwd(struct ssh *, const char*,
|
||||
u_short, int, int);
|
||||
u_short, int, int, int);
|
||||
Channel *channel_connect_by_listen_address(struct ssh *, const char *,
|
||||
u_short, char *, char *);
|
||||
Channel *channel_connect_by_listen_path(struct ssh *, const char *,
|
||||
|
|
166
crypto/openssh/cipher-chachapoly-libcrypto.c
Normal file
166
crypto/openssh/cipher-chachapoly-libcrypto.c
Normal file
|
@ -0,0 +1,166 @@
|
|||
/*
|
||||
* Copyright (c) 2013 Damien Miller <djm@mindrot.org>
|
||||
*
|
||||
* Permission to use, copy, modify, and distribute this software for any
|
||||
* purpose with or without fee is hereby granted, provided that the above
|
||||
* copyright notice and this permission notice appear in all copies.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
||||
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
||||
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
||||
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
||||
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
||||
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
||||
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
/* $OpenBSD: cipher-chachapoly-libcrypto.c,v 1.1 2020/04/03 04:32:21 djm Exp $ */
|
||||
|
||||
#include "includes.h"
|
||||
#ifdef WITH_OPENSSL
|
||||
#include "openbsd-compat/openssl-compat.h"
|
||||
#endif
|
||||
|
||||
#if defined(HAVE_EVP_CHACHA20) && !defined(HAVE_BROKEN_CHACHA20)
|
||||
|
||||
#include <sys/types.h>
|
||||
#include <stdarg.h> /* needed for log.h */
|
||||
#include <string.h>
|
||||
#include <stdio.h> /* needed for misc.h */
|
||||
|
||||
#include <openssl/evp.h>
|
||||
|
||||
#include "log.h"
|
||||
#include "sshbuf.h"
|
||||
#include "ssherr.h"
|
||||
#include "cipher-chachapoly.h"
|
||||
|
||||
struct chachapoly_ctx {
|
||||
EVP_CIPHER_CTX *main_evp, *header_evp;
|
||||
};
|
||||
|
||||
struct chachapoly_ctx *
|
||||
chachapoly_new(const u_char *key, u_int keylen)
|
||||
{
|
||||
struct chachapoly_ctx *ctx;
|
||||
|
||||
if (keylen != (32 + 32)) /* 2 x 256 bit keys */
|
||||
return NULL;
|
||||
if ((ctx = calloc(1, sizeof(*ctx))) == NULL)
|
||||
return NULL;
|
||||
if ((ctx->main_evp = EVP_CIPHER_CTX_new()) == NULL ||
|
||||
(ctx->header_evp = EVP_CIPHER_CTX_new()) == NULL)
|
||||
goto fail;
|
||||
if (!EVP_CipherInit(ctx->main_evp, EVP_chacha20(), key, NULL, 1))
|
||||
goto fail;
|
||||
if (!EVP_CipherInit(ctx->header_evp, EVP_chacha20(), key + 32, NULL, 1))
|
||||
goto fail;
|
||||
if (EVP_CIPHER_CTX_iv_length(ctx->header_evp) != 16)
|
||||
goto fail;
|
||||
return ctx;
|
||||
fail:
|
||||
chachapoly_free(ctx);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
void
|
||||
chachapoly_free(struct chachapoly_ctx *cpctx)
|
||||
{
|
||||
if (cpctx == NULL)
|
||||
return;
|
||||
EVP_CIPHER_CTX_free(cpctx->main_evp);
|
||||
EVP_CIPHER_CTX_free(cpctx->header_evp);
|
||||
freezero(cpctx, sizeof(*cpctx));
|
||||
}
|
||||
|
||||
/*
|
||||
* chachapoly_crypt() operates as following:
|
||||
* En/decrypt with header key 'aadlen' bytes from 'src', storing result
|
||||
* to 'dest'. The ciphertext here is treated as additional authenticated
|
||||
* data for MAC calculation.
|
||||
* En/decrypt 'len' bytes at offset 'aadlen' from 'src' to 'dest'. Use
|
||||
* POLY1305_TAGLEN bytes at offset 'len'+'aadlen' as the authentication
|
||||
* tag. This tag is written on encryption and verified on decryption.
|
||||
*/
|
||||
int
|
||||
chachapoly_crypt(struct chachapoly_ctx *ctx, u_int seqnr, u_char *dest,
|
||||
const u_char *src, u_int len, u_int aadlen, u_int authlen, int do_encrypt)
|
||||
{
|
||||
u_char seqbuf[16]; /* layout: u64 counter || u64 seqno */
|
||||
int r = SSH_ERR_INTERNAL_ERROR;
|
||||
u_char expected_tag[POLY1305_TAGLEN], poly_key[POLY1305_KEYLEN];
|
||||
|
||||
/*
|
||||
* Run ChaCha20 once to generate the Poly1305 key. The IV is the
|
||||
* packet sequence number.
|
||||
*/
|
||||
memset(seqbuf, 0, sizeof(seqbuf));
|
||||
POKE_U64(seqbuf + 8, seqnr);
|
||||
memset(poly_key, 0, sizeof(poly_key));
|
||||
if (!EVP_CipherInit(ctx->main_evp, NULL, NULL, seqbuf, 1) ||
|
||||
EVP_Cipher(ctx->main_evp, poly_key,
|
||||
poly_key, sizeof(poly_key)) < 0) {
|
||||
r = SSH_ERR_LIBCRYPTO_ERROR;
|
||||
goto out;
|
||||
}
|
||||
|
||||
/* If decrypting, check tag before anything else */
|
||||
if (!do_encrypt) {
|
||||
const u_char *tag = src + aadlen + len;
|
||||
|
||||
poly1305_auth(expected_tag, src, aadlen + len, poly_key);
|
||||
if (timingsafe_bcmp(expected_tag, tag, POLY1305_TAGLEN) != 0) {
|
||||
r = SSH_ERR_MAC_INVALID;
|
||||
goto out;
|
||||
}
|
||||
}
|
||||
|
||||
/* Crypt additional data */
|
||||
if (aadlen) {
|
||||
if (!EVP_CipherInit(ctx->header_evp, NULL, NULL, seqbuf, 1) ||
|
||||
EVP_Cipher(ctx->header_evp, dest, src, aadlen) < 0) {
|
||||
r = SSH_ERR_LIBCRYPTO_ERROR;
|
||||
goto out;
|
||||
}
|
||||
}
|
||||
|
||||
/* Set Chacha's block counter to 1 */
|
||||
seqbuf[0] = 1;
|
||||
if (!EVP_CipherInit(ctx->main_evp, NULL, NULL, seqbuf, 1) ||
|
||||
EVP_Cipher(ctx->main_evp, dest + aadlen, src + aadlen, len) < 0) {
|
||||
r = SSH_ERR_LIBCRYPTO_ERROR;
|
||||
goto out;
|
||||
}
|
||||
|
||||
/* If encrypting, calculate and append tag */
|
||||
if (do_encrypt) {
|
||||
poly1305_auth(dest + aadlen + len, dest, aadlen + len,
|
||||
poly_key);
|
||||
}
|
||||
r = 0;
|
||||
out:
|
||||
explicit_bzero(expected_tag, sizeof(expected_tag));
|
||||
explicit_bzero(seqbuf, sizeof(seqbuf));
|
||||
explicit_bzero(poly_key, sizeof(poly_key));
|
||||
return r;
|
||||
}
|
||||
|
||||
/* Decrypt and extract the encrypted packet length */
|
||||
int
|
||||
chachapoly_get_length(struct chachapoly_ctx *ctx,
|
||||
u_int *plenp, u_int seqnr, const u_char *cp, u_int len)
|
||||
{
|
||||
u_char buf[4], seqbuf[16];
|
||||
|
||||
if (len < 4)
|
||||
return SSH_ERR_MESSAGE_INCOMPLETE;
|
||||
memset(seqbuf, 0, sizeof(seqbuf));
|
||||
POKE_U64(seqbuf + 8, seqnr);
|
||||
if (!EVP_CipherInit(ctx->header_evp, NULL, NULL, seqbuf, 0))
|
||||
return SSH_ERR_LIBCRYPTO_ERROR;
|
||||
if (EVP_Cipher(ctx->header_evp, buf, (u_char *)cp, sizeof(buf)) < 0)
|
||||
return SSH_ERR_LIBCRYPTO_ERROR;
|
||||
*plenp = PEEK_U32(buf);
|
||||
return 0;
|
||||
}
|
||||
#endif /* defined(HAVE_EVP_CHACHA20) && !defined(HAVE_BROKEN_CHACHA20) */
|
|
@ -14,9 +14,14 @@
|
|||
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
/* $OpenBSD: cipher-chachapoly.c,v 1.8 2016/08/03 05:41:57 djm Exp $ */
|
||||
/* $OpenBSD: cipher-chachapoly.c,v 1.9 2020/04/03 04:27:03 djm Exp $ */
|
||||
|
||||
#include "includes.h"
|
||||
#ifdef WITH_OPENSSL
|
||||
#include "openbsd-compat/openssl-compat.h"
|
||||
#endif
|
||||
|
||||
#if !defined(HAVE_EVP_CHACHA20) || defined(HAVE_BROKEN_CHACHA20)
|
||||
|
||||
#include <sys/types.h>
|
||||
#include <stdarg.h> /* needed for log.h */
|
||||
|
@ -28,15 +33,28 @@
|
|||
#include "ssherr.h"
|
||||
#include "cipher-chachapoly.h"
|
||||
|
||||
int
|
||||
chachapoly_init(struct chachapoly_ctx *ctx,
|
||||
const u_char *key, u_int keylen)
|
||||
struct chachapoly_ctx {
|
||||
struct chacha_ctx main_ctx, header_ctx;
|
||||
};
|
||||
|
||||
struct chachapoly_ctx *
|
||||
chachapoly_new(const u_char *key, u_int keylen)
|
||||
{
|
||||
struct chachapoly_ctx *ctx;
|
||||
|
||||
if (keylen != (32 + 32)) /* 2 x 256 bit keys */
|
||||
return SSH_ERR_INVALID_ARGUMENT;
|
||||
return NULL;
|
||||
if ((ctx = calloc(1, sizeof(*ctx))) == NULL)
|
||||
return NULL;
|
||||
chacha_keysetup(&ctx->main_ctx, key, 256);
|
||||
chacha_keysetup(&ctx->header_ctx, key + 32, 256);
|
||||
return 0;
|
||||
return ctx;
|
||||
}
|
||||
|
||||
void
|
||||
chachapoly_free(struct chachapoly_ctx *cpctx)
|
||||
{
|
||||
freezero(cpctx, sizeof(*cpctx));
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -117,3 +135,5 @@ chachapoly_get_length(struct chachapoly_ctx *ctx,
|
|||
*plenp = PEEK_U32(buf);
|
||||
return 0;
|
||||
}
|
||||
|
||||
#endif /* !defined(HAVE_EVP_CHACHA20) || defined(HAVE_BROKEN_CHACHA20) */
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: cipher-chachapoly.h,v 1.4 2014/06/24 01:13:21 djm Exp $ */
|
||||
/* $OpenBSD: cipher-chachapoly.h,v 1.5 2020/04/03 04:27:03 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) Damien Miller 2013 <djm@mindrot.org>
|
||||
|
@ -24,13 +24,12 @@
|
|||
|
||||
#define CHACHA_KEYLEN 32 /* Only 256 bit keys used here */
|
||||
|
||||
struct chachapoly_ctx {
|
||||
struct chacha_ctx main_ctx, header_ctx;
|
||||
};
|
||||
struct chachapoly_ctx;
|
||||
|
||||
struct chachapoly_ctx *chachapoly_new(const u_char *key, u_int keylen)
|
||||
__attribute__((__bounded__(__buffer__, 1, 2)));
|
||||
void chachapoly_free(struct chachapoly_ctx *cpctx);
|
||||
|
||||
int chachapoly_init(struct chachapoly_ctx *cpctx,
|
||||
const u_char *key, u_int keylen)
|
||||
__attribute__((__bounded__(__buffer__, 2, 3)));
|
||||
int chachapoly_crypt(struct chachapoly_ctx *cpctx, u_int seqnr,
|
||||
u_char *dest, const u_char *src, u_int len, u_int aadlen, u_int authlen,
|
||||
int do_encrypt);
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: cipher.c,v 1.111 2018/02/23 15:58:37 markus Exp $ */
|
||||
/* $OpenBSD: cipher.c,v 1.119 2021/04/03 06:18:40 djm Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
|
@ -51,12 +51,15 @@
|
|||
|
||||
#include "openbsd-compat/openssl-compat.h"
|
||||
|
||||
#ifndef WITH_OPENSSL
|
||||
#define EVP_CIPHER_CTX void
|
||||
#endif
|
||||
|
||||
struct sshcipher_ctx {
|
||||
int plaintext;
|
||||
int encrypt;
|
||||
EVP_CIPHER_CTX *evp;
|
||||
struct chachapoly_ctx cp_ctx; /* XXX union with evp? */
|
||||
struct chachapoly_ctx *cp_ctx;
|
||||
struct aesctr_ctx ac_ctx; /* XXX union with evp? */
|
||||
const struct sshcipher *cipher;
|
||||
};
|
||||
|
@ -88,8 +91,6 @@ static const struct sshcipher ciphers[] = {
|
|||
{ "aes128-cbc", 16, 16, 0, 0, CFLAG_CBC, EVP_aes_128_cbc },
|
||||
{ "aes192-cbc", 16, 24, 0, 0, CFLAG_CBC, EVP_aes_192_cbc },
|
||||
{ "aes256-cbc", 16, 32, 0, 0, CFLAG_CBC, EVP_aes_256_cbc },
|
||||
{ "rijndael-cbc@lysator.liu.se",
|
||||
16, 32, 0, 0, CFLAG_CBC, EVP_aes_256_cbc },
|
||||
{ "aes128-ctr", 16, 16, 0, 0, 0, EVP_aes_128_ctr },
|
||||
{ "aes192-ctr", 16, 24, 0, 0, 0, EVP_aes_192_ctr },
|
||||
{ "aes256-ctr", 16, 32, 0, 0, 0, EVP_aes_256_ctr },
|
||||
|
@ -140,6 +141,17 @@ cipher_alg_list(char sep, int auth_only)
|
|||
return ret;
|
||||
}
|
||||
|
||||
const char *
|
||||
compression_alg_list(int compression)
|
||||
{
|
||||
#ifdef WITH_ZLIB
|
||||
return compression ? "zlib@openssh.com,zlib,none" :
|
||||
"none,zlib@openssh.com,zlib";
|
||||
#else
|
||||
return "none";
|
||||
#endif
|
||||
}
|
||||
|
||||
u_int
|
||||
cipher_blocksize(const struct sshcipher *c)
|
||||
{
|
||||
|
@ -259,7 +271,8 @@ cipher_init(struct sshcipher_ctx **ccp, const struct sshcipher *cipher,
|
|||
|
||||
cc->cipher = cipher;
|
||||
if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) {
|
||||
ret = chachapoly_init(&cc->cp_ctx, key, keylen);
|
||||
cc->cp_ctx = chachapoly_new(key, keylen);
|
||||
ret = cc->cp_ctx != NULL ? 0 : SSH_ERR_INVALID_ARGUMENT;
|
||||
goto out;
|
||||
}
|
||||
if ((cc->cipher->flags & CFLAG_NONE) != 0) {
|
||||
|
@ -314,8 +327,7 @@ cipher_init(struct sshcipher_ctx **ccp, const struct sshcipher *cipher,
|
|||
#ifdef WITH_OPENSSL
|
||||
EVP_CIPHER_CTX_free(cc->evp);
|
||||
#endif /* WITH_OPENSSL */
|
||||
explicit_bzero(cc, sizeof(*cc));
|
||||
free(cc);
|
||||
freezero(cc, sizeof(*cc));
|
||||
}
|
||||
}
|
||||
return ret;
|
||||
|
@ -324,7 +336,7 @@ cipher_init(struct sshcipher_ctx **ccp, const struct sshcipher *cipher,
|
|||
/*
|
||||
* cipher_crypt() operates as following:
|
||||
* Copy 'aadlen' bytes (without en/decryption) from 'src' to 'dest'.
|
||||
* Theses bytes are treated as additional authenticated data for
|
||||
* These bytes are treated as additional authenticated data for
|
||||
* authenticated encryption modes.
|
||||
* En/Decrypt 'len' bytes at offset 'aadlen' from 'src' to 'dest'.
|
||||
* Use 'authlen' bytes at offset 'len'+'aadlen' as the authentication tag.
|
||||
|
@ -336,7 +348,7 @@ cipher_crypt(struct sshcipher_ctx *cc, u_int seqnr, u_char *dest,
|
|||
const u_char *src, u_int len, u_int aadlen, u_int authlen)
|
||||
{
|
||||
if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) {
|
||||
return chachapoly_crypt(&cc->cp_ctx, seqnr, dest, src,
|
||||
return chachapoly_crypt(cc->cp_ctx, seqnr, dest, src,
|
||||
len, aadlen, authlen, cc->encrypt);
|
||||
}
|
||||
if ((cc->cipher->flags & CFLAG_NONE) != 0) {
|
||||
|
@ -399,7 +411,7 @@ cipher_get_length(struct sshcipher_ctx *cc, u_int *plenp, u_int seqnr,
|
|||
const u_char *cp, u_int len)
|
||||
{
|
||||
if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0)
|
||||
return chachapoly_get_length(&cc->cp_ctx, plenp, seqnr,
|
||||
return chachapoly_get_length(cc->cp_ctx, plenp, seqnr,
|
||||
cp, len);
|
||||
if (len < 4)
|
||||
return SSH_ERR_MESSAGE_INCOMPLETE;
|
||||
|
@ -412,16 +424,16 @@ cipher_free(struct sshcipher_ctx *cc)
|
|||
{
|
||||
if (cc == NULL)
|
||||
return;
|
||||
if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0)
|
||||
explicit_bzero(&cc->cp_ctx, sizeof(cc->cp_ctx));
|
||||
else if ((cc->cipher->flags & CFLAG_AESCTR) != 0)
|
||||
if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) {
|
||||
chachapoly_free(cc->cp_ctx);
|
||||
cc->cp_ctx = NULL;
|
||||
} else if ((cc->cipher->flags & CFLAG_AESCTR) != 0)
|
||||
explicit_bzero(&cc->ac_ctx, sizeof(cc->ac_ctx));
|
||||
#ifdef WITH_OPENSSL
|
||||
EVP_CIPHER_CTX_free(cc->evp);
|
||||
cc->evp = NULL;
|
||||
#endif
|
||||
explicit_bzero(cc, sizeof(*cc));
|
||||
free(cc);
|
||||
freezero(cc, sizeof(*cc));
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -482,10 +494,10 @@ cipher_get_keyiv(struct sshcipher_ctx *cc, u_char *iv, size_t len)
|
|||
#endif
|
||||
if (cipher_authlen(c)) {
|
||||
if (!EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_IV_GEN,
|
||||
len, iv))
|
||||
return SSH_ERR_LIBCRYPTO_ERROR;
|
||||
len, iv))
|
||||
return SSH_ERR_LIBCRYPTO_ERROR;
|
||||
} else if (!EVP_CIPHER_CTX_get_iv(cc->evp, iv, len))
|
||||
return SSH_ERR_LIBCRYPTO_ERROR;
|
||||
return SSH_ERR_LIBCRYPTO_ERROR;
|
||||
#endif
|
||||
return 0;
|
||||
}
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: cipher.h,v 1.52 2017/05/07 23:12:57 djm Exp $ */
|
||||
/* $OpenBSD: cipher.h,v 1.55 2020/01/23 10:24:29 dtucker Exp $ */
|
||||
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
|
@ -38,7 +38,9 @@
|
|||
#define CIPHER_H
|
||||
|
||||
#include <sys/types.h>
|
||||
#ifdef WITH_OPENSSL
|
||||
#include <openssl/evp.h>
|
||||
#endif
|
||||
#include "cipher-chachapoly.h"
|
||||
#include "cipher-aesctr.h"
|
||||
|
||||
|
@ -52,6 +54,7 @@ const struct sshcipher *cipher_by_name(const char *);
|
|||
const char *cipher_warning_message(const struct sshcipher_ctx *);
|
||||
int ciphers_valid(const char *);
|
||||
char *cipher_alg_list(char, int);
|
||||
const char *compression_alg_list(int);
|
||||
int cipher_init(struct sshcipher_ctx **, const struct sshcipher *,
|
||||
const u_char *, u_int, const u_char *, u_int, int);
|
||||
int cipher_crypt(struct sshcipher_ctx *, u_int, u_char *, const u_char *,
|
||||
|
|
File diff suppressed because it is too large
Load diff
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: clientloop.h,v 1.36 2018/07/09 21:03:30 markus Exp $ */
|
||||
/* $OpenBSD: clientloop.h,v 1.37 2020/04/03 02:40:32 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
|
@ -46,7 +46,8 @@ int client_x11_get_proto(struct ssh *, const char *, const char *,
|
|||
void client_global_request_reply_fwd(int, u_int32_t, void *);
|
||||
void client_session2_setup(struct ssh *, int, int, int,
|
||||
const char *, struct termios *, int, struct sshbuf *, char **);
|
||||
char *client_request_tun_fwd(struct ssh *, int, int, int);
|
||||
char *client_request_tun_fwd(struct ssh *, int, int, int,
|
||||
channel_open_fn *, void *);
|
||||
void client_stop_mux(void);
|
||||
|
||||
/* Escape filter for protocol 2 sessions */
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: compat.c,v 1.113 2018/08/13 02:41:05 djm Exp $ */
|
||||
/* $OpenBSD: compat.c,v 1.118 2021/06/06 03:40:39 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved.
|
||||
*
|
||||
|
@ -38,11 +38,9 @@
|
|||
#include "match.h"
|
||||
#include "kex.h"
|
||||
|
||||
int datafellows = 0;
|
||||
|
||||
/* datafellows bug compatibility */
|
||||
u_int
|
||||
compat_datafellows(const char *version)
|
||||
/* determine bug flags from SSH protocol banner */
|
||||
void
|
||||
compat_banner(struct ssh *ssh, const char *version)
|
||||
{
|
||||
int i;
|
||||
static struct {
|
||||
|
@ -65,6 +63,8 @@ compat_datafellows(const char *version)
|
|||
{ "OpenSSH_6.5*,"
|
||||
"OpenSSH_6.6*", SSH_NEW_OPENSSH|SSH_BUG_CURVE25519PAD|
|
||||
SSH_BUG_SIGTYPE},
|
||||
{ "OpenSSH_7.4*", SSH_NEW_OPENSSH|SSH_BUG_SIGTYPE|
|
||||
SSH_BUG_SIGTYPE74},
|
||||
{ "OpenSSH_7.0*,"
|
||||
"OpenSSH_7.1*,"
|
||||
"OpenSSH_7.2*,"
|
||||
|
@ -145,89 +145,63 @@ compat_datafellows(const char *version)
|
|||
};
|
||||
|
||||
/* process table, return first match */
|
||||
ssh->compat = 0;
|
||||
for (i = 0; check[i].pat; i++) {
|
||||
if (match_pattern_list(version, check[i].pat, 0) == 1) {
|
||||
debug("match: %s pat %s compat 0x%08x",
|
||||
debug_f("match: %s pat %s compat 0x%08x",
|
||||
version, check[i].pat, check[i].bugs);
|
||||
datafellows = check[i].bugs; /* XXX for now */
|
||||
return check[i].bugs;
|
||||
ssh->compat = check[i].bugs;
|
||||
return;
|
||||
}
|
||||
}
|
||||
debug("no match: %s", version);
|
||||
return 0;
|
||||
}
|
||||
|
||||
#define SEP ","
|
||||
int
|
||||
proto_spec(const char *spec)
|
||||
{
|
||||
char *s, *p, *q;
|
||||
int ret = SSH_PROTO_UNKNOWN;
|
||||
|
||||
if (spec == NULL)
|
||||
return ret;
|
||||
q = s = strdup(spec);
|
||||
if (s == NULL)
|
||||
return ret;
|
||||
for ((p = strsep(&q, SEP)); p && *p != '\0'; (p = strsep(&q, SEP))) {
|
||||
switch (atoi(p)) {
|
||||
case 2:
|
||||
ret |= SSH_PROTO_2;
|
||||
break;
|
||||
default:
|
||||
logit("ignoring bad proto spec: '%s'.", p);
|
||||
break;
|
||||
}
|
||||
}
|
||||
free(s);
|
||||
return ret;
|
||||
debug_f("no match: %s", version);
|
||||
}
|
||||
|
||||
char *
|
||||
compat_cipher_proposal(char *cipher_prop)
|
||||
compat_cipher_proposal(struct ssh *ssh, char *cipher_prop)
|
||||
{
|
||||
if (!(datafellows & SSH_BUG_BIGENDIANAES))
|
||||
if (!(ssh->compat & SSH_BUG_BIGENDIANAES))
|
||||
return cipher_prop;
|
||||
debug2("%s: original cipher proposal: %s", __func__, cipher_prop);
|
||||
if ((cipher_prop = match_filter_blacklist(cipher_prop, "aes*")) == NULL)
|
||||
fatal("match_filter_blacklist failed");
|
||||
debug2("%s: compat cipher proposal: %s", __func__, cipher_prop);
|
||||
debug2_f("original cipher proposal: %s", cipher_prop);
|
||||
if ((cipher_prop = match_filter_denylist(cipher_prop, "aes*")) == NULL)
|
||||
fatal("match_filter_denylist failed");
|
||||
debug2_f("compat cipher proposal: %s", cipher_prop);
|
||||
if (*cipher_prop == '\0')
|
||||
fatal("No supported ciphers found");
|
||||
return cipher_prop;
|
||||
}
|
||||
|
||||
char *
|
||||
compat_pkalg_proposal(char *pkalg_prop)
|
||||
compat_pkalg_proposal(struct ssh *ssh, char *pkalg_prop)
|
||||
{
|
||||
if (!(datafellows & SSH_BUG_RSASIGMD5))
|
||||
if (!(ssh->compat & SSH_BUG_RSASIGMD5))
|
||||
return pkalg_prop;
|
||||
debug2("%s: original public key proposal: %s", __func__, pkalg_prop);
|
||||
if ((pkalg_prop = match_filter_blacklist(pkalg_prop, "ssh-rsa")) == NULL)
|
||||
fatal("match_filter_blacklist failed");
|
||||
debug2("%s: compat public key proposal: %s", __func__, pkalg_prop);
|
||||
debug2_f("original public key proposal: %s", pkalg_prop);
|
||||
if ((pkalg_prop = match_filter_denylist(pkalg_prop, "ssh-rsa")) == NULL)
|
||||
fatal("match_filter_denylist failed");
|
||||
debug2_f("compat public key proposal: %s", pkalg_prop);
|
||||
if (*pkalg_prop == '\0')
|
||||
fatal("No supported PK algorithms found");
|
||||
return pkalg_prop;
|
||||
}
|
||||
|
||||
char *
|
||||
compat_kex_proposal(char *p)
|
||||
compat_kex_proposal(struct ssh *ssh, char *p)
|
||||
{
|
||||
if ((datafellows & (SSH_BUG_CURVE25519PAD|SSH_OLD_DHGEX)) == 0)
|
||||
if ((ssh->compat & (SSH_BUG_CURVE25519PAD|SSH_OLD_DHGEX)) == 0)
|
||||
return p;
|
||||
debug2("%s: original KEX proposal: %s", __func__, p);
|
||||
if ((datafellows & SSH_BUG_CURVE25519PAD) != 0)
|
||||
if ((p = match_filter_blacklist(p,
|
||||
debug2_f("original KEX proposal: %s", p);
|
||||
if ((ssh->compat & SSH_BUG_CURVE25519PAD) != 0)
|
||||
if ((p = match_filter_denylist(p,
|
||||
"curve25519-sha256@libssh.org")) == NULL)
|
||||
fatal("match_filter_blacklist failed");
|
||||
if ((datafellows & SSH_OLD_DHGEX) != 0) {
|
||||
if ((p = match_filter_blacklist(p,
|
||||
fatal("match_filter_denylist failed");
|
||||
if ((ssh->compat & SSH_OLD_DHGEX) != 0) {
|
||||
if ((p = match_filter_denylist(p,
|
||||
"diffie-hellman-group-exchange-sha256,"
|
||||
"diffie-hellman-group-exchange-sha1")) == NULL)
|
||||
fatal("match_filter_blacklist failed");
|
||||
fatal("match_filter_denylist failed");
|
||||
}
|
||||
debug2("%s: compat KEX proposal: %s", __func__, p);
|
||||
debug2_f("compat KEX proposal: %s", p);
|
||||
if (*p == '\0')
|
||||
fatal("No supported key exchange algorithms found");
|
||||
return p;
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: compat.h,v 1.54 2018/08/13 02:41:05 djm Exp $ */
|
||||
/* $OpenBSD: compat.h,v 1.57 2021/06/06 03:40:39 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 1999, 2000, 2001 Markus Friedl. All rights reserved.
|
||||
|
@ -27,14 +27,9 @@
|
|||
#ifndef COMPAT_H
|
||||
#define COMPAT_H
|
||||
|
||||
#define SSH_PROTO_UNKNOWN 0x00
|
||||
#define SSH_PROTO_1 0x01
|
||||
#define SSH_PROTO_1_PREFERRED 0x02
|
||||
#define SSH_PROTO_2 0x04
|
||||
|
||||
#define SSH_BUG_UTF8TTYMODE 0x00000001
|
||||
#define SSH_BUG_SIGTYPE 0x00000002
|
||||
/* #define unused 0x00000004 */
|
||||
#define SSH_BUG_SIGTYPE74 0x00000004
|
||||
/* #define unused 0x00000008 */
|
||||
#define SSH_OLD_SESSIONID 0x00000010
|
||||
/* #define unused 0x00000020 */
|
||||
|
@ -63,11 +58,10 @@
|
|||
#define SSH_BUG_HOSTKEYS 0x20000000
|
||||
#define SSH_BUG_DHGEX_LARGE 0x40000000
|
||||
|
||||
u_int compat_datafellows(const char *);
|
||||
int proto_spec(const char *);
|
||||
char *compat_cipher_proposal(char *);
|
||||
char *compat_pkalg_proposal(char *);
|
||||
char *compat_kex_proposal(char *);
|
||||
struct ssh;
|
||||
|
||||
extern int datafellows;
|
||||
void compat_banner(struct ssh *, const char *);
|
||||
char *compat_cipher_proposal(struct ssh *, char *);
|
||||
char *compat_pkalg_proposal(struct ssh *, char *);
|
||||
char *compat_kex_proposal(struct ssh *, char *);
|
||||
#endif
|
||||
|
|
882
crypto/openssh/config.guess
vendored
882
crypto/openssh/config.guess
vendored
File diff suppressed because it is too large
Load diff
|
@ -46,9 +46,6 @@
|
|||
against it */
|
||||
/* #undef BROKEN_READ_COMPARISON */
|
||||
|
||||
/* realpath does not work with nonexistent files */
|
||||
#define BROKEN_REALPATH 1
|
||||
|
||||
/* Needed for NeXT */
|
||||
/* #undef BROKEN_SAVED_UIDS */
|
||||
|
||||
|
@ -103,7 +100,7 @@
|
|||
/* Define if you want to specify the path to your wtmp file */
|
||||
/* #undef CONF_WTMP_FILE */
|
||||
|
||||
/* Define if your platform needs to skip post auth file descriptor passing */
|
||||
/* Need to call setpgrp as root */
|
||||
/* #undef DISABLE_FD_PASSING */
|
||||
|
||||
/* Define if you don't want to use lastlog */
|
||||
|
@ -136,6 +133,12 @@
|
|||
/* Enable for PKCS#11 support */
|
||||
#define ENABLE_PKCS11 /**/
|
||||
|
||||
/* Enable for U2F/FIDO support */
|
||||
#define ENABLE_SK /**/
|
||||
|
||||
/* Enable for built-in U2F/FIDO support */
|
||||
/* #undef ENABLE_SK_INTERNAL */
|
||||
|
||||
/* define if fflush(NULL) does not work */
|
||||
/* #undef FFLUSH_NULL_BUG */
|
||||
|
||||
|
@ -319,6 +322,10 @@
|
|||
*/
|
||||
#define HAVE_DECL_BZERO 1
|
||||
|
||||
/* Define to 1 if you have the declaration of `getpeereid', and to 0 if you
|
||||
don't. */
|
||||
#define HAVE_DECL_GETPEEREID 1
|
||||
|
||||
/* Define to 1 if you have the declaration of `GLOB_NOMATCH', and to 0 if you
|
||||
don't. */
|
||||
#define HAVE_DECL_GLOB_NOMATCH 1
|
||||
|
@ -351,6 +358,10 @@
|
|||
don't. */
|
||||
#define HAVE_DECL_MAXSYMLINKS 1
|
||||
|
||||
/* Define to 1 if you have the declaration of `memmem', and to 0 if you don't.
|
||||
*/
|
||||
#define HAVE_DECL_MEMMEM 1
|
||||
|
||||
/* Define to 1 if you have the declaration of `NFDBITS', and to 0 if you
|
||||
don't. */
|
||||
#define HAVE_DECL_NFDBITS 1
|
||||
|
@ -379,6 +390,10 @@
|
|||
don't. */
|
||||
#define HAVE_DECL_SHUT_RD 1
|
||||
|
||||
/* Define to 1 if you have the declaration of `UINT32_MAX', and to 0 if you
|
||||
don't. */
|
||||
#define HAVE_DECL_UINT32_MAX 1
|
||||
|
||||
/* Define to 1 if you have the declaration of `writev', and to 0 if you don't.
|
||||
*/
|
||||
#define HAVE_DECL_WRITEV 1
|
||||
|
@ -400,19 +415,19 @@
|
|||
/* Define if you have /dev/ptc */
|
||||
/* #undef HAVE_DEV_PTS_AND_PTC */
|
||||
|
||||
/* Define if libcrypto has DH_get0_key */
|
||||
/* Define to 1 if you have the `DH_get0_key' function. */
|
||||
#define HAVE_DH_GET0_KEY 1
|
||||
|
||||
/* Define if libcrypto has DH_get0_pqg */
|
||||
/* Define to 1 if you have the `DH_get0_pqg' function. */
|
||||
#define HAVE_DH_GET0_PQG 1
|
||||
|
||||
/* Define if libcrypto has DH_set0_key */
|
||||
/* Define to 1 if you have the `DH_set0_key' function. */
|
||||
#define HAVE_DH_SET0_KEY 1
|
||||
|
||||
/* Define if libcrypto has DH_set0_pqg */
|
||||
/* Define to 1 if you have the `DH_set0_pqg' function. */
|
||||
#define HAVE_DH_SET0_PQG 1
|
||||
|
||||
/* Define if libcrypto has DH_set_length */
|
||||
/* Define to 1 if you have the `DH_set_length' function. */
|
||||
#define HAVE_DH_SET_LENGTH 1
|
||||
|
||||
/* Define to 1 if you have the <dirent.h> header file. */
|
||||
|
@ -424,33 +439,39 @@
|
|||
/* Define to 1 if you have the `dirname' function. */
|
||||
#define HAVE_DIRNAME 1
|
||||
|
||||
/* Define to 1 if you have the `dlopen' function. */
|
||||
#define HAVE_DLOPEN 1
|
||||
|
||||
/* Define to 1 if you have the `DSA_generate_parameters_ex' function. */
|
||||
#define HAVE_DSA_GENERATE_PARAMETERS_EX 1
|
||||
|
||||
/* Define if libcrypto has DSA_get0_key */
|
||||
/* Define to 1 if you have the `DSA_get0_key' function. */
|
||||
#define HAVE_DSA_GET0_KEY 1
|
||||
|
||||
/* Define if libcrypto has DSA_get0_pqg */
|
||||
/* Define to 1 if you have the `DSA_get0_pqg' function. */
|
||||
#define HAVE_DSA_GET0_PQG 1
|
||||
|
||||
/* Define if libcrypto has DSA_set0_key */
|
||||
/* Define to 1 if you have the `DSA_set0_key' function. */
|
||||
#define HAVE_DSA_SET0_KEY 1
|
||||
|
||||
/* Define if libcrypto has DSA_set0_pqg */
|
||||
/* Define to 1 if you have the `DSA_set0_pqg' function. */
|
||||
#define HAVE_DSA_SET0_PQG 1
|
||||
|
||||
/* Define if libcrypto has DSA_SIG_get0 */
|
||||
/* Define to 1 if you have the `DSA_SIG_get0' function. */
|
||||
#define HAVE_DSA_SIG_GET0 1
|
||||
|
||||
/* Define if libcrypto has DSA_SIG_set0 */
|
||||
/* Define to 1 if you have the `DSA_SIG_set0' function. */
|
||||
#define HAVE_DSA_SIG_SET0 1
|
||||
|
||||
/* Define if libcrypto has ECDSA_SIG_get0 */
|
||||
/* Define to 1 if you have the `ECDSA_SIG_get0' function. */
|
||||
#define HAVE_ECDSA_SIG_GET0 1
|
||||
|
||||
/* Define if libcrypto has ECDSA_SIG_set0 */
|
||||
/* Define to 1 if you have the `ECDSA_SIG_set0' function. */
|
||||
#define HAVE_ECDSA_SIG_SET0 1
|
||||
|
||||
/* Define to 1 if you have the `EC_KEY_METHOD_new' function. */
|
||||
#define HAVE_EC_KEY_METHOD_NEW 1
|
||||
|
||||
/* Define to 1 if you have the <elf.h> header file. */
|
||||
#define HAVE_ELF_H 1
|
||||
|
||||
|
@ -478,18 +499,27 @@
|
|||
/* Define if your system has /etc/default/login */
|
||||
/* #undef HAVE_ETC_DEFAULT_LOGIN */
|
||||
|
||||
/* Define if libcrypto has EVP_CIPHER_CTX_ctrl */
|
||||
/* Define to 1 if you have the `EVP_chacha20' function. */
|
||||
#define HAVE_EVP_CHACHA20 1
|
||||
|
||||
/* Define to 1 if you have the `EVP_CIPHER_CTX_ctrl' function. */
|
||||
#define HAVE_EVP_CIPHER_CTX_CTRL 1
|
||||
|
||||
/* Define if libcrypto has EVP_CIPHER_CTX_set_iv */
|
||||
/* Define to 1 if you have the `EVP_CIPHER_CTX_get_iv' function. */
|
||||
/* #undef HAVE_EVP_CIPHER_CTX_GET_IV */
|
||||
|
||||
/* Define if libcrypto has EVP_CIPHER_CTX_iv */
|
||||
/* Define to 1 if you have the `EVP_CIPHER_CTX_get_updated_iv' function. */
|
||||
/* #undef HAVE_EVP_CIPHER_CTX_GET_UPDATED_IV */
|
||||
|
||||
/* Define to 1 if you have the `EVP_CIPHER_CTX_iv' function. */
|
||||
#define HAVE_EVP_CIPHER_CTX_IV 1
|
||||
|
||||
/* Define if libcrypto has EVP_CIPHER_CTX_iv_noconst */
|
||||
/* Define to 1 if you have the `EVP_CIPHER_CTX_iv_noconst' function. */
|
||||
#define HAVE_EVP_CIPHER_CTX_IV_NOCONST 1
|
||||
|
||||
/* Define to 1 if you have the `EVP_CIPHER_CTX_set_iv' function. */
|
||||
/* #undef HAVE_EVP_CIPHER_CTX_SET_IV */
|
||||
|
||||
/* Define to 1 if you have the `EVP_DigestFinal_ex' function. */
|
||||
#define HAVE_EVP_DIGESTFINAL_EX 1
|
||||
|
||||
|
@ -502,36 +532,48 @@
|
|||
/* Define to 1 if you have the `EVP_MD_CTX_copy_ex' function. */
|
||||
#define HAVE_EVP_MD_CTX_COPY_EX 1
|
||||
|
||||
/* Define if libcrypto has EVP_MD_CTX_free */
|
||||
/* Define to 1 if you have the `EVP_MD_CTX_free' function. */
|
||||
#define HAVE_EVP_MD_CTX_FREE 1
|
||||
|
||||
/* Define to 1 if you have the `EVP_MD_CTX_init' function. */
|
||||
/* #undef HAVE_EVP_MD_CTX_INIT */
|
||||
|
||||
/* Define if libcrypto has EVP_MD_CTX_new */
|
||||
/* Define to 1 if you have the `EVP_MD_CTX_new' function. */
|
||||
#define HAVE_EVP_MD_CTX_NEW 1
|
||||
|
||||
/* Define if libcrypto has EVP_PKEY_get0_RSA */
|
||||
/* Define to 1 if you have the `EVP_PKEY_get0_RSA' function. */
|
||||
#define HAVE_EVP_PKEY_GET0_RSA 1
|
||||
|
||||
/* Define to 1 if you have the `EVP_ripemd160' function. */
|
||||
#define HAVE_EVP_RIPEMD160 1
|
||||
|
||||
/* Define to 1 if you have the `EVP_sha256' function. */
|
||||
#define HAVE_EVP_SHA256 1
|
||||
|
||||
/* Define to 1 if you have the `EVP_sha384' function. */
|
||||
#define HAVE_EVP_SHA384 1
|
||||
|
||||
/* Define to 1 if you have the `EVP_sha512' function. */
|
||||
#define HAVE_EVP_SHA512 1
|
||||
|
||||
/* Define if you have ut_exit in utmp.h */
|
||||
/* #undef HAVE_EXIT_IN_UTMP */
|
||||
|
||||
/* Define to 1 if you have the `explicit_bzero' function. */
|
||||
#define HAVE_EXPLICIT_BZERO 1
|
||||
|
||||
/* Define to 1 if you have the `explicit_memset' function. */
|
||||
/* #undef HAVE_EXPLICIT_MEMSET */
|
||||
|
||||
/* Define to 1 if you have the `fchmod' function. */
|
||||
#define HAVE_FCHMOD 1
|
||||
|
||||
/* Define to 1 if you have the `fchmodat' function. */
|
||||
#define HAVE_FCHMODAT 1
|
||||
|
||||
/* Define to 1 if you have the `fchown' function. */
|
||||
#define HAVE_FCHOWN 1
|
||||
|
||||
/* Define to 1 if you have the `fchownat' function. */
|
||||
#define HAVE_FCHOWNAT 1
|
||||
|
||||
/* Use F_CLOSEM fcntl for closefrom */
|
||||
/* #undef HAVE_FCNTL_CLOSEM */
|
||||
|
||||
|
@ -544,6 +586,21 @@
|
|||
/* Define to 1 if you have the <features.h> header file. */
|
||||
/* #undef HAVE_FEATURES_H */
|
||||
|
||||
/* Define to 1 if you have the `fido_cred_prot' function. */
|
||||
/* #undef HAVE_FIDO_CRED_PROT */
|
||||
|
||||
/* Define to 1 if you have the `fido_cred_set_prot' function. */
|
||||
/* #undef HAVE_FIDO_CRED_SET_PROT */
|
||||
|
||||
/* Define to 1 if you have the `fido_dev_get_touch_begin' function. */
|
||||
/* #undef HAVE_FIDO_DEV_GET_TOUCH_BEGIN */
|
||||
|
||||
/* Define to 1 if you have the `fido_dev_get_touch_status' function. */
|
||||
/* #undef HAVE_FIDO_DEV_GET_TOUCH_STATUS */
|
||||
|
||||
/* Define to 1 if you have the `fido_dev_supports_cred_prot' function. */
|
||||
/* #undef HAVE_FIDO_DEV_SUPPORTS_CRED_PROT */
|
||||
|
||||
/* Define to 1 if you have the <floatingpoint.h> header file. */
|
||||
#define HAVE_FLOATINGPOINT_H 1
|
||||
|
||||
|
@ -553,6 +610,12 @@
|
|||
/* Define to 1 if you have the `fmt_scaled' function. */
|
||||
/* #undef HAVE_FMT_SCALED */
|
||||
|
||||
/* Define to 1 if you have the `fnmatch' function. */
|
||||
#define HAVE_FNMATCH 1
|
||||
|
||||
/* Define to 1 if you have the <fnmatch.h> header file. */
|
||||
#define HAVE_FNMATCH_H 1
|
||||
|
||||
/* Define to 1 if you have the `freeaddrinfo' function. */
|
||||
#define HAVE_FREEADDRINFO 1
|
||||
|
||||
|
@ -794,7 +857,7 @@
|
|||
/* #undef HAVE_LIBCRYPT */
|
||||
|
||||
/* Define to 1 if you have the `dl' library (-ldl). */
|
||||
#define HAVE_LIBDL 1
|
||||
/* #undef HAVE_LIBDL */
|
||||
|
||||
/* Define to 1 if you have the <libgen.h> header file. */
|
||||
#define HAVE_LIBGEN_H 1
|
||||
|
@ -806,7 +869,10 @@
|
|||
/* #undef HAVE_LIBNETWORK */
|
||||
|
||||
/* Define to 1 if you have the `pam' library (-lpam). */
|
||||
#define HAVE_LIBPAM 1
|
||||
/* #undef HAVE_LIBPAM */
|
||||
|
||||
/* Define to 1 if you have the <libproc.h> header file. */
|
||||
/* #undef HAVE_LIBPROC_H */
|
||||
|
||||
/* Define to 1 if you have the `socket' library (-lsocket). */
|
||||
/* #undef HAVE_LIBSOCKET */
|
||||
|
@ -841,6 +907,9 @@
|
|||
/* Define to 1 if you have the <locale.h> header file. */
|
||||
#define HAVE_LOCALE_H 1
|
||||
|
||||
/* Define to 1 if you have the `localtime_r' function. */
|
||||
#define HAVE_LOCALTIME_R 1
|
||||
|
||||
/* Define to 1 if you have the `login' function. */
|
||||
/* #undef HAVE_LOGIN */
|
||||
|
||||
|
@ -850,6 +919,9 @@
|
|||
/* Define to 1 if you have the `login_getcapbool' function. */
|
||||
#define HAVE_LOGIN_GETCAPBOOL 1
|
||||
|
||||
/* Define to 1 if you have the `login_getpwclass' function. */
|
||||
#define HAVE_LOGIN_GETPWCLASS 1
|
||||
|
||||
/* Define to 1 if you have the <login.h> header file. */
|
||||
/* #undef HAVE_LOGIN_H */
|
||||
|
||||
|
@ -884,6 +956,9 @@
|
|||
/* Define if you want to allow MD5 passwords */
|
||||
/* #undef HAVE_MD5_PASSWORDS */
|
||||
|
||||
/* Define to 1 if you have the `memmem' function. */
|
||||
#define HAVE_MEMMEM 1
|
||||
|
||||
/* Define to 1 if you have the `memmove' function. */
|
||||
#define HAVE_MEMMOVE 1
|
||||
|
||||
|
@ -942,20 +1017,29 @@
|
|||
/* Define to 1 if you have the `openpty' function. */
|
||||
#define HAVE_OPENPTY 1
|
||||
|
||||
/* Define if your ssl headers are included with #include <openssl/header.h> */
|
||||
#define HAVE_OPENSSL 1
|
||||
/* as a macro */
|
||||
#define HAVE_OPENSSL_ADD_ALL_ALGORITHMS 1
|
||||
|
||||
/* Define to 1 if you have the `OPENSSL_init_crypto' function. */
|
||||
#define HAVE_OPENSSL_INIT_CRYPTO 1
|
||||
|
||||
/* Define to 1 if you have the `OpenSSL_version' function. */
|
||||
#define HAVE_OPENSSL_VERSION 1
|
||||
|
||||
/* Define to 1 if you have the `OpenSSL_version_num' function. */
|
||||
#define HAVE_OPENSSL_VERSION_NUM 1
|
||||
|
||||
/* Define if you have Digital Unix Security Integration Architecture */
|
||||
/* #undef HAVE_OSF_SIA */
|
||||
|
||||
/* Define to 1 if you have the `pam_getenvlist' function. */
|
||||
#define HAVE_PAM_GETENVLIST 1
|
||||
/* #undef HAVE_PAM_GETENVLIST */
|
||||
|
||||
/* Define to 1 if you have the <pam/pam_appl.h> header file. */
|
||||
/* #undef HAVE_PAM_PAM_APPL_H */
|
||||
|
||||
/* Define to 1 if you have the `pam_putenv' function. */
|
||||
#define HAVE_PAM_PUTENV 1
|
||||
/* #undef HAVE_PAM_PUTENV */
|
||||
|
||||
/* Define to 1 if you have the <paths.h> header file. */
|
||||
#define HAVE_PATHS_H 1
|
||||
|
@ -987,6 +1071,12 @@
|
|||
/* Define if you have /proc/$pid/fd */
|
||||
/* #undef HAVE_PROC_PID */
|
||||
|
||||
/* Define to 1 if you have the `proc_pidinfo' function. */
|
||||
/* #undef HAVE_PROC_PIDINFO */
|
||||
|
||||
/* Define to 1 if you have the `pselect' function. */
|
||||
#define HAVE_PSELECT 1
|
||||
|
||||
/* Define to 1 if you have the `pstat' function. */
|
||||
/* #undef HAVE_PSTAT */
|
||||
|
||||
|
@ -1036,46 +1126,46 @@
|
|||
/* Define to 1 if you have the `RSA_generate_key_ex' function. */
|
||||
#define HAVE_RSA_GENERATE_KEY_EX 1
|
||||
|
||||
/* Define if libcrypto has RSA_get0_crt_params */
|
||||
/* Define to 1 if you have the `RSA_get0_crt_params' function. */
|
||||
#define HAVE_RSA_GET0_CRT_PARAMS 1
|
||||
|
||||
/* Define if libcrypto has RSA_get0_factors */
|
||||
/* Define to 1 if you have the `RSA_get0_factors' function. */
|
||||
#define HAVE_RSA_GET0_FACTORS 1
|
||||
|
||||
/* Define if libcrypto has RSA_get0_key */
|
||||
/* Define to 1 if you have the `RSA_get0_key' function. */
|
||||
#define HAVE_RSA_GET0_KEY 1
|
||||
|
||||
/* Define to 1 if you have the `RSA_get_default_method' function. */
|
||||
#define HAVE_RSA_GET_DEFAULT_METHOD 1
|
||||
|
||||
/* Define if libcrypto has RSA_meth_dup */
|
||||
/* Define to 1 if you have the `RSA_meth_dup' function. */
|
||||
#define HAVE_RSA_METH_DUP 1
|
||||
|
||||
/* Define if libcrypto has RSA_meth_free */
|
||||
/* Define to 1 if you have the `RSA_meth_free' function. */
|
||||
#define HAVE_RSA_METH_FREE 1
|
||||
|
||||
/* Define if libcrypto has RSA_meth_get_finish */
|
||||
/* Define to 1 if you have the `RSA_meth_get_finish' function. */
|
||||
#define HAVE_RSA_METH_GET_FINISH 1
|
||||
|
||||
/* Define if libcrypto has RSA_meth_set1_name */
|
||||
/* Define to 1 if you have the `RSA_meth_set1_name' function. */
|
||||
#define HAVE_RSA_METH_SET1_NAME 1
|
||||
|
||||
/* Define if libcrypto has RSA_meth_set_finish */
|
||||
/* Define to 1 if you have the `RSA_meth_set_finish' function. */
|
||||
#define HAVE_RSA_METH_SET_FINISH 1
|
||||
|
||||
/* Define if libcrypto has RSA_meth_set_priv_dec */
|
||||
/* Define to 1 if you have the `RSA_meth_set_priv_dec' function. */
|
||||
#define HAVE_RSA_METH_SET_PRIV_DEC 1
|
||||
|
||||
/* Define if libcrypto has RSA_meth_set_priv_enc */
|
||||
/* Define to 1 if you have the `RSA_meth_set_priv_enc' function. */
|
||||
#define HAVE_RSA_METH_SET_PRIV_ENC 1
|
||||
|
||||
/* Define if libcrypto has RSA_get0_srt_params */
|
||||
/* Define to 1 if you have the `RSA_set0_crt_params' function. */
|
||||
#define HAVE_RSA_SET0_CRT_PARAMS 1
|
||||
|
||||
/* Define if libcrypto has RSA_set0_factors */
|
||||
/* Define to 1 if you have the `RSA_set0_factors' function. */
|
||||
#define HAVE_RSA_SET0_FACTORS 1
|
||||
|
||||
/* Define if libcrypto has RSA_set0_key */
|
||||
/* Define to 1 if you have the `RSA_set0_key' function. */
|
||||
#define HAVE_RSA_SET0_KEY 1
|
||||
|
||||
/* Define to 1 if you have the <sandbox.h> header file. */
|
||||
|
@ -1177,18 +1267,27 @@
|
|||
/* Define to 1 if you have the `set_id' function. */
|
||||
/* #undef HAVE_SET_ID */
|
||||
|
||||
/* Define to 1 if you have the `SHA256_Update' function. */
|
||||
#define HAVE_SHA256_UPDATE 1
|
||||
/* Define to 1 if you have the `SHA256Update' function. */
|
||||
/* #undef HAVE_SHA256UPDATE */
|
||||
|
||||
/* Define to 1 if you have the <sha2.h> header file. */
|
||||
/* #undef HAVE_SHA2_H */
|
||||
|
||||
/* Define to 1 if you have the `SHA384Update' function. */
|
||||
/* #undef HAVE_SHA384UPDATE */
|
||||
|
||||
/* Define to 1 if you have the `SHA512Update' function. */
|
||||
/* #undef HAVE_SHA512UPDATE */
|
||||
|
||||
/* Define to 1 if you have the <shadow.h> header file. */
|
||||
/* #undef HAVE_SHADOW_H */
|
||||
|
||||
/* Define to 1 if you have the `sigaction' function. */
|
||||
#define HAVE_SIGACTION 1
|
||||
|
||||
/* Define to 1 if the system has the type `sighandler_t'. */
|
||||
/* #undef HAVE_SIGHANDLER_T */
|
||||
|
||||
/* Define to 1 if you have the `sigvec' function. */
|
||||
#define HAVE_SIGVEC 1
|
||||
|
||||
|
@ -1213,6 +1312,9 @@
|
|||
/* Fields in struct sockaddr_storage */
|
||||
#define HAVE_SS_FAMILY_IN_SS 1
|
||||
|
||||
/* Define if you have ut_ss in utmpx.h */
|
||||
/* #undef HAVE_SS_IN_UTMPX */
|
||||
|
||||
/* Define to 1 if you have the `statfs' function. */
|
||||
#define HAVE_STATFS 1
|
||||
|
||||
|
@ -1240,9 +1342,6 @@
|
|||
/* Define to 1 if you have the `strftime' function. */
|
||||
#define HAVE_STRFTIME 1
|
||||
|
||||
/* Silly mkstemp() */
|
||||
/* #undef HAVE_STRICT_MKSTEMP */
|
||||
|
||||
/* Define to 1 if you have the <strings.h> header file. */
|
||||
#define HAVE_STRINGS_H 1
|
||||
|
||||
|
@ -1315,8 +1414,11 @@
|
|||
/* define if you have struct sockaddr_storage data type */
|
||||
#define HAVE_STRUCT_SOCKADDR_STORAGE 1
|
||||
|
||||
/* Define to 1 if `f_files' is a member of `struct statfs'. */
|
||||
#define HAVE_STRUCT_STATFS_F_FILES 1
|
||||
|
||||
/* Define to 1 if `f_flags' is a member of `struct statfs'. */
|
||||
/* #undef HAVE_STRUCT_STATFS_F_FLAGS */
|
||||
#define HAVE_STRUCT_STATFS_F_FLAGS 1
|
||||
|
||||
/* Define to 1 if `st_blksize' is a member of `struct stat'. */
|
||||
#define HAVE_STRUCT_STAT_ST_BLKSIZE 1
|
||||
|
@ -1327,7 +1429,7 @@
|
|||
/* Define to 1 if `st_mtime' is a member of `struct stat'. */
|
||||
#define HAVE_STRUCT_STAT_ST_MTIME 1
|
||||
|
||||
/* Define to 1 if the system has the type `struct timespec'. */
|
||||
/* define if you have struct timespec */
|
||||
#define HAVE_STRUCT_TIMESPEC 1
|
||||
|
||||
/* define if you have struct timeval */
|
||||
|
@ -1351,6 +1453,9 @@
|
|||
/* Define to 1 if you have the <sys/bsdtty.h> header file. */
|
||||
/* #undef HAVE_SYS_BSDTTY_H */
|
||||
|
||||
/* Define to 1 if you have the <sys/byteorder.h> header file. */
|
||||
/* #undef HAVE_SYS_BYTEORDER_H */
|
||||
|
||||
/* Define to 1 if you have the <sys/capsicum.h> header file. */
|
||||
#define HAVE_SYS_CAPSICUM_H 1
|
||||
|
||||
|
@ -1379,7 +1484,7 @@
|
|||
/* #undef HAVE_SYS_NDIR_H */
|
||||
|
||||
/* Define if your system defines sys_nerr */
|
||||
#define HAVE_SYS_NERR 1
|
||||
/* #undef HAVE_SYS_NERR */
|
||||
|
||||
/* Define to 1 if you have the <sys/poll.h> header file. */
|
||||
#define HAVE_SYS_POLL_H 1
|
||||
|
@ -1519,6 +1624,9 @@
|
|||
/* Define to 1 if you have the <util.h> header file. */
|
||||
/* #undef HAVE_UTIL_H */
|
||||
|
||||
/* Define to 1 if you have the `utimensat' function. */
|
||||
#define HAVE_UTIMENSAT 1
|
||||
|
||||
/* Define to 1 if you have the `utimes' function. */
|
||||
#define HAVE_UTIMES 1
|
||||
|
||||
|
@ -1655,7 +1763,7 @@
|
|||
/* Set this to your mail directory if you do not have _PATH_MAILDIR */
|
||||
/* #undef MAIL_DIRECTORY */
|
||||
|
||||
/* Need setpgrp to acquire controlling tty */
|
||||
/* Need setpgrp to for controlling tty */
|
||||
/* #undef NEED_SETPGRP */
|
||||
|
||||
/* compiler does not accept __attribute__ on prototype args */
|
||||
|
@ -1664,6 +1772,9 @@
|
|||
/* compiler does not accept __attribute__ on return types */
|
||||
/* #undef NO_ATTRIBUTE_ON_RETURN_TYPE */
|
||||
|
||||
/* SA_RESTARTed signals do no interrupt select */
|
||||
/* #undef NO_SA_RESTART */
|
||||
|
||||
/* Define to disable UID restoration test */
|
||||
/* #undef NO_UID_RESTORATION_TEST */
|
||||
|
||||
|
@ -1785,6 +1896,9 @@
|
|||
/* The size of `short int', as computed by sizeof. */
|
||||
#define SIZEOF_SHORT_INT 2
|
||||
|
||||
/* The size of `time_t', as computed by sizeof. */
|
||||
#define SIZEOF_TIME_T 8
|
||||
|
||||
/* Define as const if snprintf() can declare const char *fmt */
|
||||
#define SNPRINTF_CONST const
|
||||
|
||||
|
@ -1856,16 +1970,16 @@
|
|||
/* #undef USE_BTMP */
|
||||
|
||||
/* Use libedit for sftp */
|
||||
#define USE_LIBEDIT 1
|
||||
/* #undef USE_LIBEDIT */
|
||||
|
||||
/* Use Linux audit module */
|
||||
/* #undef USE_LINUX_AUDIT */
|
||||
|
||||
/* Enable OpenSSL engine support */
|
||||
#define USE_OPENSSL_ENGINE 1
|
||||
/* #undef USE_OPENSSL_ENGINE */
|
||||
|
||||
/* Define if you want to enable PAM support */
|
||||
#define USE_PAM 1
|
||||
/* #undef USE_PAM */
|
||||
|
||||
/* Use PIPES instead of a socketpair() */
|
||||
/* #undef USE_PIPES */
|
||||
|
@ -1879,6 +1993,12 @@
|
|||
/* Define if you have Solaris projects */
|
||||
/* #undef USE_SOLARIS_PROJECTS */
|
||||
|
||||
/* compiler variable declarations after code */
|
||||
#define VARIABLE_DECLARATION_AFTER_CODE 1
|
||||
|
||||
/* compiler supports variable length arrays */
|
||||
#define VARIABLE_LENGTH_ARRAYS 1
|
||||
|
||||
/* Define if you shouldn't strip 'tty' from your ttyname in [uw]tmp */
|
||||
/* #undef WITH_ABBREV_NO_TTY */
|
||||
|
||||
|
@ -1904,6 +2024,9 @@
|
|||
/* Define if you want SELinux support. */
|
||||
/* #undef WITH_SELINUX */
|
||||
|
||||
/* Enable zlib */
|
||||
#define WITH_ZLIB 1
|
||||
|
||||
/* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most
|
||||
significant byte first (like Motorola and SPARC, unlike Intel). */
|
||||
#if defined AC_APPLE_UNIVERSAL_BUILD
|
||||
|
@ -1917,7 +2040,7 @@
|
|||
#endif
|
||||
|
||||
/* Define if xauth is found in your path */
|
||||
/* #undef XAUTH_PATH */
|
||||
#define XAUTH_PATH "/usr/local/bin/xauth"
|
||||
|
||||
/* Enable large inode numbers on Mac OS X 10.5. */
|
||||
#ifndef _DARWIN_USE_64_BIT_INODE
|
||||
|
|
2784
crypto/openssh/config.sub
vendored
2784
crypto/openssh/config.sub
vendored
File diff suppressed because it is too large
Load diff
File diff suppressed because it is too large
Load diff
|
@ -1,7 +1,7 @@
|
|||
PKG_CONFIG = pkg-config
|
||||
|
||||
all:
|
||||
@echo "Valid targets: gnome-ssh-askpass1 gnome-ssh-askpass2"
|
||||
@echo "Valid targets: gnome-ssh-askpass1 gnome-ssh-askpass2 gnome-ssk-askpass3"
|
||||
|
||||
gnome-ssh-askpass1: gnome-ssh-askpass1.c
|
||||
$(CC) $(CFLAGS) `gnome-config --cflags gnome gnomeui` \
|
||||
|
@ -13,9 +13,9 @@ gnome-ssh-askpass2: gnome-ssh-askpass2.c
|
|||
gnome-ssh-askpass2.c -o gnome-ssh-askpass2 \
|
||||
`$(PKG_CONFIG) --libs gtk+-2.0 x11`
|
||||
|
||||
gnome-ssh-askpass3: gnome-ssh-askpass2.c
|
||||
gnome-ssh-askpass3: gnome-ssh-askpass3.c
|
||||
$(CC) $(CFLAGS) `$(PKG_CONFIG) --cflags gtk+-3.0` \
|
||||
gnome-ssh-askpass2.c -o gnome-ssh-askpass3 \
|
||||
gnome-ssh-askpass3.c -o gnome-ssh-askpass3 \
|
||||
`$(PKG_CONFIG) --libs gtk+-3.0 x11`
|
||||
|
||||
clean:
|
||||
|
|
|
@ -60,7 +60,7 @@ Options:
|
|||
Please note that OpenSSH does never use the value of $HOME to
|
||||
search for the users configuration files! It always uses the
|
||||
value of the pw_dir field in /etc/passwd as the home directory.
|
||||
If no home diretory is set in /etc/passwd, the root directory
|
||||
If no home directory is set in /etc/passwd, the root directory
|
||||
is used instead!
|
||||
|
||||
================
|
||||
|
@ -77,7 +77,7 @@ with the aforementioned cygport script:
|
|||
|
||||
zlib
|
||||
crypt
|
||||
openssl-devel
|
||||
libssl-devel
|
||||
libedit-devel
|
||||
libkrb5-devel
|
||||
|
||||
|
|
|
@ -61,7 +61,7 @@ LOCALSTATEDIR=/var
|
|||
|
||||
sshd_config_configured=no
|
||||
port_number=22
|
||||
service_name=sshd
|
||||
service_name=cygsshd
|
||||
strictmodes=yes
|
||||
cygwin_value=""
|
||||
user_account=
|
||||
|
@ -307,7 +307,7 @@ check_service_files_ownership() {
|
|||
|
||||
if [ -z "${run_service_as}" ]
|
||||
then
|
||||
accnt_name=$(/usr/bin/cygrunsrv -VQ sshd |
|
||||
accnt_name=$(/usr/bin/cygrunsrv -VQ "${service_name}" |
|
||||
/usr/bin/sed -ne 's/^Account *: *//gp')
|
||||
if [ "${accnt_name}" = "LocalSystem" ]
|
||||
then
|
||||
|
@ -329,9 +329,9 @@ check_service_files_ownership() {
|
|||
fi
|
||||
if [ -z "${run_service_as}" ]
|
||||
then
|
||||
csih_warning "Couldn't determine name of user running sshd service from account database!"
|
||||
csih_warning "Couldn't determine name of user running ${service_name} service from account database!"
|
||||
csih_warning "As a result, this script cannot make sure that the files used"
|
||||
csih_warning "by the sshd service belong to the user running the service."
|
||||
csih_warning "by the ${service_name} service belong to the user running the service."
|
||||
return 1
|
||||
fi
|
||||
fi
|
||||
|
@ -367,8 +367,8 @@ check_service_files_ownership() {
|
|||
if [ $ret -ne 0 ]
|
||||
then
|
||||
csih_warning "Couldn't change owner of important files to ${run_service_as}!"
|
||||
csih_warning "This may cause the sshd service to fail! Please make sure that"
|
||||
csih_warning "you have suufficient permissions to change the ownership of files"
|
||||
csih_warning "This may cause the ${service_name} service to fail! Please make sure that"
|
||||
csih_warning "you have sufficient permissions to change the ownership of files"
|
||||
csih_warning "and try to run the ssh-host-config script again."
|
||||
fi
|
||||
return $ret
|
||||
|
@ -394,14 +394,24 @@ install_service() {
|
|||
then
|
||||
csih_get_cygenv "${cygwin_value}"
|
||||
|
||||
if ( csih_is_nt2003 || [ "$csih_FORCE_PRIVILEGED_USER" = "yes" ] )
|
||||
if ( [ "$csih_FORCE_PRIVILEGED_USER" != "yes" ] )
|
||||
then
|
||||
csih_inform "On Windows Server 2003, Windows Vista, and above, the"
|
||||
csih_inform "SYSTEM account cannot setuid to other users -- a capability"
|
||||
csih_inform "sshd requires. You need to have or to create a privileged"
|
||||
csih_inform "account. This script will help you do so."
|
||||
echo
|
||||
# Enforce using privileged user on 64 bit Vista or W7 under WOW64
|
||||
is_wow64=$(/usr/bin/uname | /usr/bin/grep -q 'WOW' && echo 1 || echo 0)
|
||||
|
||||
if ( csih_is_nt2003 && ! csih_is_windows8 && [ "${is_wow64}" = "1" ] )
|
||||
then
|
||||
csih_inform "Running 32 bit Cygwin on 64 bit Windows Vista or Windows 7"
|
||||
csih_inform "the SYSTEM account is not sufficient to setuid to a local"
|
||||
csih_inform "user account. You need to have or to create a privileged"
|
||||
csih_inform "account. This script will help you do so."
|
||||
echo
|
||||
csih_FORCE_PRIVILEGED_USER=yes
|
||||
fi
|
||||
fi
|
||||
|
||||
if ( [ "$csih_FORCE_PRIVILEGED_USER" = "yes" ] )
|
||||
then
|
||||
[ "${opt_force}" = "yes" ] && opt_f=-f
|
||||
[ -n "${user_account}" ] && opt_u="-u ""${user_account}"""
|
||||
csih_select_privileged_username ${opt_f} ${opt_u} sshd
|
||||
|
@ -412,11 +422,12 @@ install_service() {
|
|||
csih_request "Do you want to proceed anyway?" || exit 1
|
||||
let ++ret
|
||||
fi
|
||||
# Never returns empty if NT or above
|
||||
run_service_as=$(csih_service_should_run_as)
|
||||
else
|
||||
run_service_as="SYSTEM"
|
||||
fi
|
||||
|
||||
# Never returns empty if NT or above
|
||||
run_service_as=$(csih_service_should_run_as)
|
||||
|
||||
if [ "${run_service_as}" = "${csih_PRIVILEGED_USERNAME}" ]
|
||||
then
|
||||
password="${csih_PRIVILEGED_PASSWORD}"
|
||||
|
@ -446,7 +457,7 @@ install_service() {
|
|||
echo
|
||||
csih_inform "The sshd service has been installed under the LocalSystem"
|
||||
csih_inform "account (also known as SYSTEM). To start the service now, call"
|
||||
csih_inform "\`net start sshd' or \`cygrunsrv -S sshd'. Otherwise, it"
|
||||
csih_inform "\`net start ${service_name}' or \`cygrunsrv -S ${service_name}'. Otherwise, it"
|
||||
csih_inform "will start automatically after the next reboot."
|
||||
fi
|
||||
else
|
||||
|
@ -669,14 +680,24 @@ then
|
|||
fi
|
||||
|
||||
# handle sshd_config
|
||||
# make sure not to change the existing file
|
||||
mod_before=""
|
||||
if [ -e "${SYSCONFDIR}/sshd_config" ]
|
||||
then
|
||||
mod_before=$(stat "${SYSCONFDIR}/sshd_config" | grep '^Modify:')
|
||||
fi
|
||||
csih_install_config "${SYSCONFDIR}/sshd_config" "${SYSCONFDIR}/defaults" || let ++warning_cnt
|
||||
mod_now=$(stat "${SYSCONFDIR}/sshd_config" | grep '^Modify:')
|
||||
if ! /usr/bin/cmp "${SYSCONFDIR}/sshd_config" "${SYSCONFDIR}/defaults/${SYSCONFDIR}/sshd_config" >/dev/null 2>&1
|
||||
then
|
||||
sshd_config_configured=yes
|
||||
fi
|
||||
sshd_strictmodes || let warning_cnt+=$?
|
||||
sshd_privsep || let warning_cnt+=$?
|
||||
sshd_config_tweak || let warning_cnt+=$?
|
||||
if [ "${mod_before}" != "${mod_now}" ]
|
||||
then
|
||||
sshd_strictmodes || let warning_cnt+=$?
|
||||
sshd_config_tweak || let warning_cnt+=$?
|
||||
fi
|
||||
#sshd_privsep || let warning_cnt+=$?
|
||||
update_services_file || let warning_cnt+=$?
|
||||
update_inetd_conf || let warning_cnt+=$?
|
||||
install_service || let warning_cnt+=$?
|
||||
|
|
0
crypto/openssh/contrib/findssl.sh
Executable file → Normal file
0
crypto/openssh/contrib/findssl.sh
Executable file → Normal file
|
@ -137,9 +137,10 @@ passphrase_dialog(char *message)
|
|||
gnome_dialog_close(GNOME_DIALOG(dialog));
|
||||
return (result == 0 ? 0 : -1);
|
||||
|
||||
/* At least one grab failed - ungrab what we got, and report
|
||||
the failure to the user. Note that XGrabServer() cannot
|
||||
fail. */
|
||||
/*
|
||||
* At least one grab failed - ungrab what we got, and report the
|
||||
* failure to the user. Note that XGrabServer() cannot fail.
|
||||
*/
|
||||
nograbkb:
|
||||
gdk_pointer_ungrab(GDK_CURRENT_TIME);
|
||||
nograb:
|
||||
|
|
|
@ -39,6 +39,10 @@
|
|||
#define GRAB_TRIES 16
|
||||
#define GRAB_WAIT 250 /* milliseconds */
|
||||
|
||||
#define PROMPT_ENTRY 0
|
||||
#define PROMPT_CONFIRM 1
|
||||
#define PROMPT_NONE 2
|
||||
|
||||
/*
|
||||
* Compile with:
|
||||
*
|
||||
|
@ -52,9 +56,11 @@
|
|||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <unistd.h>
|
||||
|
||||
#include <X11/Xlib.h>
|
||||
#include <gtk/gtk.h>
|
||||
#include <gdk/gdkx.h>
|
||||
#include <gdk/gdkkeysyms.h>
|
||||
|
||||
static void
|
||||
report_failed_grab (GtkWidget *parent_window, const char *what)
|
||||
|
@ -62,11 +68,9 @@ report_failed_grab (GtkWidget *parent_window, const char *what)
|
|||
GtkWidget *err;
|
||||
|
||||
err = gtk_message_dialog_new(GTK_WINDOW(parent_window), 0,
|
||||
GTK_MESSAGE_ERROR,
|
||||
GTK_BUTTONS_CLOSE,
|
||||
"Could not grab %s. "
|
||||
"A malicious client may be eavesdropping "
|
||||
"on your session.", what);
|
||||
GTK_MESSAGE_ERROR, GTK_BUTTONS_CLOSE,
|
||||
"Could not grab %s. A malicious client may be eavesdropping "
|
||||
"on your session.", what);
|
||||
gtk_window_set_position(GTK_WINDOW(err), GTK_WIN_POS_CENTER);
|
||||
|
||||
gtk_dialog_run(GTK_DIALOG(err));
|
||||
|
@ -81,48 +85,148 @@ ok_dialog(GtkWidget *entry, gpointer dialog)
|
|||
gtk_dialog_response(GTK_DIALOG(dialog), GTK_RESPONSE_OK);
|
||||
}
|
||||
|
||||
static gboolean
|
||||
check_none(GtkWidget *widget, GdkEventKey *event, gpointer dialog)
|
||||
{
|
||||
switch (event->keyval) {
|
||||
case GDK_KEY_Escape:
|
||||
/* esc -> close dialog */
|
||||
gtk_dialog_response(GTK_DIALOG(dialog), GTK_RESPONSE_CLOSE);
|
||||
return TRUE;
|
||||
case GDK_KEY_Tab:
|
||||
/* tab -> focus close button */
|
||||
gtk_widget_grab_focus(gtk_dialog_get_widget_for_response(
|
||||
dialog, GTK_RESPONSE_CLOSE));
|
||||
return TRUE;
|
||||
default:
|
||||
/* eat all other key events */
|
||||
return TRUE;
|
||||
}
|
||||
}
|
||||
|
||||
static int
|
||||
passphrase_dialog(char *message)
|
||||
parse_env_hex_color(const char *env, GdkColor *c)
|
||||
{
|
||||
const char *s;
|
||||
unsigned long ul;
|
||||
char *ep;
|
||||
size_t n;
|
||||
|
||||
if ((s = getenv(env)) == NULL)
|
||||
return 0;
|
||||
|
||||
memset(c, 0, sizeof(*c));
|
||||
|
||||
/* Permit hex rgb or rrggbb optionally prefixed by '#' or '0x' */
|
||||
if (*s == '#')
|
||||
s++;
|
||||
else if (strncmp(s, "0x", 2) == 0)
|
||||
s += 2;
|
||||
n = strlen(s);
|
||||
if (n != 3 && n != 6)
|
||||
goto bad;
|
||||
ul = strtoul(s, &ep, 16);
|
||||
if (*ep != '\0' || ul > 0xffffff) {
|
||||
bad:
|
||||
fprintf(stderr, "Invalid $%s - invalid hex color code\n", env);
|
||||
return 0;
|
||||
}
|
||||
/* Valid hex sequence; expand into a GdkColor */
|
||||
if (n == 3) {
|
||||
/* 4-bit RGB */
|
||||
c->red = ((ul >> 8) & 0xf) << 12;
|
||||
c->green = ((ul >> 4) & 0xf) << 12;
|
||||
c->blue = (ul & 0xf) << 12;
|
||||
} else {
|
||||
/* 8-bit RGB */
|
||||
c->red = ((ul >> 16) & 0xff) << 8;
|
||||
c->green = ((ul >> 8) & 0xff) << 8;
|
||||
c->blue = (ul & 0xff) << 8;
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
static int
|
||||
passphrase_dialog(char *message, int prompt_type)
|
||||
{
|
||||
const char *failed;
|
||||
char *passphrase, *local;
|
||||
int result, grab_tries, grab_server, grab_pointer;
|
||||
int buttons, default_response;
|
||||
GtkWidget *parent_window, *dialog, *entry;
|
||||
GdkGrabStatus status;
|
||||
GdkColor fg, bg;
|
||||
int fg_set = 0, bg_set = 0;
|
||||
|
||||
grab_server = (getenv("GNOME_SSH_ASKPASS_GRAB_SERVER") != NULL);
|
||||
grab_pointer = (getenv("GNOME_SSH_ASKPASS_GRAB_POINTER") != NULL);
|
||||
grab_tries = 0;
|
||||
|
||||
fg_set = parse_env_hex_color("GNOME_SSH_ASKPASS_FG_COLOR", &fg);
|
||||
bg_set = parse_env_hex_color("GNOME_SSH_ASKPASS_BG_COLOR", &bg);
|
||||
|
||||
/* Create an invisible parent window so that GtkDialog doesn't
|
||||
* complain. */
|
||||
parent_window = gtk_window_new(GTK_WINDOW_TOPLEVEL);
|
||||
|
||||
dialog = gtk_message_dialog_new(GTK_WINDOW(parent_window), 0,
|
||||
GTK_MESSAGE_QUESTION,
|
||||
GTK_BUTTONS_OK_CANCEL,
|
||||
"%s",
|
||||
message);
|
||||
switch (prompt_type) {
|
||||
case PROMPT_CONFIRM:
|
||||
buttons = GTK_BUTTONS_YES_NO;
|
||||
default_response = GTK_RESPONSE_YES;
|
||||
break;
|
||||
case PROMPT_NONE:
|
||||
buttons = GTK_BUTTONS_CLOSE;
|
||||
default_response = GTK_RESPONSE_CLOSE;
|
||||
break;
|
||||
default:
|
||||
buttons = GTK_BUTTONS_OK_CANCEL;
|
||||
default_response = GTK_RESPONSE_OK;
|
||||
break;
|
||||
}
|
||||
|
||||
entry = gtk_entry_new();
|
||||
gtk_box_pack_start(
|
||||
GTK_BOX(gtk_dialog_get_content_area(GTK_DIALOG(dialog))), entry,
|
||||
FALSE, FALSE, 0);
|
||||
gtk_entry_set_visibility(GTK_ENTRY(entry), FALSE);
|
||||
gtk_widget_grab_focus(entry);
|
||||
gtk_widget_show(entry);
|
||||
dialog = gtk_message_dialog_new(GTK_WINDOW(parent_window), 0,
|
||||
GTK_MESSAGE_QUESTION, buttons, "%s", message);
|
||||
|
||||
gtk_window_set_title(GTK_WINDOW(dialog), "OpenSSH");
|
||||
gtk_window_set_position (GTK_WINDOW(dialog), GTK_WIN_POS_CENTER);
|
||||
gtk_window_set_keep_above(GTK_WINDOW(dialog), TRUE);
|
||||
|
||||
/* Make <enter> close dialog */
|
||||
gtk_dialog_set_default_response(GTK_DIALOG(dialog), GTK_RESPONSE_OK);
|
||||
g_signal_connect(G_OBJECT(entry), "activate",
|
||||
G_CALLBACK(ok_dialog), dialog);
|
||||
|
||||
gtk_dialog_set_default_response(GTK_DIALOG(dialog), default_response);
|
||||
gtk_window_set_keep_above(GTK_WINDOW(dialog), TRUE);
|
||||
|
||||
if (fg_set)
|
||||
gtk_widget_modify_fg(dialog, GTK_STATE_NORMAL, &fg);
|
||||
if (bg_set)
|
||||
gtk_widget_modify_bg(dialog, GTK_STATE_NORMAL, &bg);
|
||||
|
||||
if (prompt_type == PROMPT_ENTRY || prompt_type == PROMPT_NONE) {
|
||||
entry = gtk_entry_new();
|
||||
if (fg_set)
|
||||
gtk_widget_modify_fg(entry, GTK_STATE_NORMAL, &fg);
|
||||
if (bg_set)
|
||||
gtk_widget_modify_bg(entry, GTK_STATE_NORMAL, &bg);
|
||||
gtk_box_pack_start(
|
||||
GTK_BOX(gtk_dialog_get_content_area(GTK_DIALOG(dialog))),
|
||||
entry, FALSE, FALSE, 0);
|
||||
gtk_entry_set_visibility(GTK_ENTRY(entry), FALSE);
|
||||
gtk_widget_grab_focus(entry);
|
||||
if (prompt_type == PROMPT_ENTRY) {
|
||||
gtk_widget_show(entry);
|
||||
/* Make <enter> close dialog */
|
||||
g_signal_connect(G_OBJECT(entry), "activate",
|
||||
G_CALLBACK(ok_dialog), dialog);
|
||||
} else {
|
||||
/*
|
||||
* Ensure the 'close' button is not focused by default
|
||||
* but is still reachable via tab. This is a bit of a
|
||||
* hack - it uses a hidden entry that responds to a
|
||||
* couple of keypress events (escape and tab only).
|
||||
*/
|
||||
gtk_widget_realize(entry);
|
||||
g_signal_connect(G_OBJECT(entry), "key_press_event",
|
||||
G_CALLBACK(check_none), dialog);
|
||||
}
|
||||
}
|
||||
|
||||
/* Grab focus */
|
||||
gtk_widget_show_now(dialog);
|
||||
if (grab_pointer) {
|
||||
|
@ -166,32 +270,37 @@ passphrase_dialog(char *message)
|
|||
gdk_flush();
|
||||
|
||||
/* Report passphrase if user selected OK */
|
||||
passphrase = g_strdup(gtk_entry_get_text(GTK_ENTRY(entry)));
|
||||
if (result == GTK_RESPONSE_OK) {
|
||||
local = g_locale_from_utf8(passphrase, strlen(passphrase),
|
||||
NULL, NULL, NULL);
|
||||
if (local != NULL) {
|
||||
puts(local);
|
||||
memset(local, '\0', strlen(local));
|
||||
g_free(local);
|
||||
} else {
|
||||
puts(passphrase);
|
||||
if (prompt_type == PROMPT_ENTRY) {
|
||||
passphrase = g_strdup(gtk_entry_get_text(GTK_ENTRY(entry)));
|
||||
if (result == GTK_RESPONSE_OK) {
|
||||
local = g_locale_from_utf8(passphrase,
|
||||
strlen(passphrase), NULL, NULL, NULL);
|
||||
if (local != NULL) {
|
||||
puts(local);
|
||||
memset(local, '\0', strlen(local));
|
||||
g_free(local);
|
||||
} else {
|
||||
puts(passphrase);
|
||||
}
|
||||
}
|
||||
/* Zero passphrase in memory */
|
||||
memset(passphrase, '\b', strlen(passphrase));
|
||||
gtk_entry_set_text(GTK_ENTRY(entry), passphrase);
|
||||
memset(passphrase, '\0', strlen(passphrase));
|
||||
g_free(passphrase);
|
||||
}
|
||||
|
||||
/* Zero passphrase in memory */
|
||||
memset(passphrase, '\b', strlen(passphrase));
|
||||
gtk_entry_set_text(GTK_ENTRY(entry), passphrase);
|
||||
memset(passphrase, '\0', strlen(passphrase));
|
||||
g_free(passphrase);
|
||||
|
||||
gtk_widget_destroy(dialog);
|
||||
return (result == GTK_RESPONSE_OK ? 0 : -1);
|
||||
|
||||
/* At least one grab failed - ungrab what we got, and report
|
||||
the failure to the user. Note that XGrabServer() cannot
|
||||
fail. */
|
||||
gtk_widget_destroy(dialog);
|
||||
if (result != GTK_RESPONSE_OK && result != GTK_RESPONSE_YES)
|
||||
return -1;
|
||||
return 0;
|
||||
|
||||
nograbkb:
|
||||
/*
|
||||
* At least one grab failed - ungrab what we got, and report
|
||||
* the failure to the user. Note that XGrabServer() cannot
|
||||
* fail.
|
||||
*/
|
||||
gdk_pointer_ungrab(GDK_CURRENT_TIME);
|
||||
nograb:
|
||||
if (grab_server)
|
||||
|
@ -206,8 +315,8 @@ passphrase_dialog(char *message)
|
|||
int
|
||||
main(int argc, char **argv)
|
||||
{
|
||||
char *message;
|
||||
int result;
|
||||
char *message, *prompt_mode;
|
||||
int result, prompt_type = PROMPT_ENTRY;
|
||||
|
||||
gtk_init(&argc, &argv);
|
||||
|
||||
|
@ -217,8 +326,15 @@ main(int argc, char **argv)
|
|||
message = g_strdup("Enter your OpenSSH passphrase:");
|
||||
}
|
||||
|
||||
if ((prompt_mode = getenv("SSH_ASKPASS_PROMPT")) != NULL) {
|
||||
if (strcasecmp(prompt_mode, "confirm") == 0)
|
||||
prompt_type = PROMPT_CONFIRM;
|
||||
else if (strcasecmp(prompt_mode, "none") == 0)
|
||||
prompt_type = PROMPT_NONE;
|
||||
}
|
||||
|
||||
setvbuf(stdout, 0, _IONBF, 0);
|
||||
result = passphrase_dialog(message);
|
||||
result = passphrase_dialog(message, prompt_type);
|
||||
g_free(message);
|
||||
|
||||
return (result);
|
||||
|
|
305
crypto/openssh/contrib/gnome-ssh-askpass3.c
Normal file
305
crypto/openssh/contrib/gnome-ssh-askpass3.c
Normal file
|
@ -0,0 +1,305 @@
|
|||
/*
|
||||
* Copyright (c) 2000-2002 Damien Miller. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
|
||||
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
||||
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
||||
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
|
||||
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
/* GTK2 support by Nalin Dahyabhai <nalin@redhat.com> */
|
||||
|
||||
/*
|
||||
* This is a simple GNOME SSH passphrase grabber. To use it, set the
|
||||
* environment variable SSH_ASKPASS to point to the location of
|
||||
* gnome-ssh-askpass before calling "ssh-add < /dev/null".
|
||||
*
|
||||
* There is only two run-time options: if you set the environment variable
|
||||
* "GNOME_SSH_ASKPASS_GRAB_SERVER=true" then gnome-ssh-askpass will grab
|
||||
* the X server. If you set "GNOME_SSH_ASKPASS_GRAB_POINTER=true", then the
|
||||
* pointer will be grabbed too. These may have some benefit to security if
|
||||
* you don't trust your X server. We grab the keyboard always.
|
||||
*/
|
||||
|
||||
#define GRAB_TRIES 16
|
||||
#define GRAB_WAIT 250 /* milliseconds */
|
||||
|
||||
#define PROMPT_ENTRY 0
|
||||
#define PROMPT_CONFIRM 1
|
||||
#define PROMPT_NONE 2
|
||||
|
||||
/*
|
||||
* Compile with:
|
||||
*
|
||||
* cc -Wall `pkg-config --cflags gtk+-2.0` \
|
||||
* gnome-ssh-askpass2.c -o gnome-ssh-askpass \
|
||||
* `pkg-config --libs gtk+-2.0`
|
||||
*
|
||||
*/
|
||||
|
||||
#include <stdlib.h>
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <unistd.h>
|
||||
|
||||
#include <X11/Xlib.h>
|
||||
#include <gtk/gtk.h>
|
||||
#include <gdk/gdkx.h>
|
||||
#include <gdk/gdkkeysyms.h>
|
||||
|
||||
static void
|
||||
ok_dialog(GtkWidget *entry, gpointer dialog)
|
||||
{
|
||||
g_return_if_fail(GTK_IS_DIALOG(dialog));
|
||||
gtk_dialog_response(GTK_DIALOG(dialog), GTK_RESPONSE_OK);
|
||||
}
|
||||
|
||||
static gboolean
|
||||
check_none(GtkWidget *widget, GdkEventKey *event, gpointer dialog)
|
||||
{
|
||||
switch (event->keyval) {
|
||||
case GDK_KEY_Escape:
|
||||
/* esc -> close dialog */
|
||||
gtk_dialog_response(GTK_DIALOG(dialog), GTK_RESPONSE_CLOSE);
|
||||
return TRUE;
|
||||
case GDK_KEY_Tab:
|
||||
/* tab -> focus close button */
|
||||
gtk_widget_grab_focus(gtk_dialog_get_widget_for_response(
|
||||
dialog, GTK_RESPONSE_CLOSE));
|
||||
return TRUE;
|
||||
default:
|
||||
/* eat all other key events */
|
||||
return TRUE;
|
||||
}
|
||||
}
|
||||
|
||||
static int
|
||||
parse_env_hex_color(const char *env, GdkColor *c)
|
||||
{
|
||||
const char *s;
|
||||
unsigned long ul;
|
||||
char *ep;
|
||||
size_t n;
|
||||
|
||||
if ((s = getenv(env)) == NULL)
|
||||
return 0;
|
||||
|
||||
memset(c, 0, sizeof(*c));
|
||||
|
||||
/* Permit hex rgb or rrggbb optionally prefixed by '#' or '0x' */
|
||||
if (*s == '#')
|
||||
s++;
|
||||
else if (strncmp(s, "0x", 2) == 0)
|
||||
s += 2;
|
||||
n = strlen(s);
|
||||
if (n != 3 && n != 6)
|
||||
goto bad;
|
||||
ul = strtoul(s, &ep, 16);
|
||||
if (*ep != '\0' || ul > 0xffffff) {
|
||||
bad:
|
||||
fprintf(stderr, "Invalid $%s - invalid hex color code\n", env);
|
||||
return 0;
|
||||
}
|
||||
/* Valid hex sequence; expand into a GdkColor */
|
||||
if (n == 3) {
|
||||
/* 4-bit RGB */
|
||||
c->red = ((ul >> 8) & 0xf) << 12;
|
||||
c->green = ((ul >> 4) & 0xf) << 12;
|
||||
c->blue = (ul & 0xf) << 12;
|
||||
} else {
|
||||
/* 8-bit RGB */
|
||||
c->red = ((ul >> 16) & 0xff) << 8;
|
||||
c->green = ((ul >> 8) & 0xff) << 8;
|
||||
c->blue = (ul & 0xff) << 8;
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
static int
|
||||
passphrase_dialog(char *message, int prompt_type)
|
||||
{
|
||||
const char *failed;
|
||||
char *passphrase, *local;
|
||||
int result, grab_tries, grab_server, grab_pointer;
|
||||
int buttons, default_response;
|
||||
GtkWidget *parent_window, *dialog, *entry, *err;
|
||||
GdkGrabStatus status;
|
||||
GdkColor fg, bg;
|
||||
GdkSeat *seat;
|
||||
GdkDisplay *display;
|
||||
GdkSeatCapabilities caps;
|
||||
int fg_set = 0, bg_set = 0;
|
||||
|
||||
grab_server = (getenv("GNOME_SSH_ASKPASS_GRAB_SERVER") != NULL);
|
||||
grab_pointer = (getenv("GNOME_SSH_ASKPASS_GRAB_POINTER") != NULL);
|
||||
grab_tries = 0;
|
||||
|
||||
fg_set = parse_env_hex_color("GNOME_SSH_ASKPASS_FG_COLOR", &fg);
|
||||
bg_set = parse_env_hex_color("GNOME_SSH_ASKPASS_BG_COLOR", &bg);
|
||||
|
||||
/* Create an invisible parent window so that GtkDialog doesn't
|
||||
* complain. */
|
||||
parent_window = gtk_window_new(GTK_WINDOW_TOPLEVEL);
|
||||
|
||||
switch (prompt_type) {
|
||||
case PROMPT_CONFIRM:
|
||||
buttons = GTK_BUTTONS_YES_NO;
|
||||
default_response = GTK_RESPONSE_YES;
|
||||
break;
|
||||
case PROMPT_NONE:
|
||||
buttons = GTK_BUTTONS_CLOSE;
|
||||
default_response = GTK_RESPONSE_CLOSE;
|
||||
break;
|
||||
default:
|
||||
buttons = GTK_BUTTONS_OK_CANCEL;
|
||||
default_response = GTK_RESPONSE_OK;
|
||||
break;
|
||||
}
|
||||
|
||||
dialog = gtk_message_dialog_new(GTK_WINDOW(parent_window), 0,
|
||||
GTK_MESSAGE_QUESTION, buttons, "%s", message);
|
||||
|
||||
gtk_window_set_title(GTK_WINDOW(dialog), "OpenSSH");
|
||||
gtk_window_set_position (GTK_WINDOW(dialog), GTK_WIN_POS_CENTER);
|
||||
gtk_window_set_keep_above(GTK_WINDOW(dialog), TRUE);
|
||||
gtk_dialog_set_default_response(GTK_DIALOG(dialog), default_response);
|
||||
gtk_window_set_keep_above(GTK_WINDOW(dialog), TRUE);
|
||||
|
||||
if (fg_set)
|
||||
gtk_widget_modify_fg(dialog, GTK_STATE_NORMAL, &fg);
|
||||
if (bg_set)
|
||||
gtk_widget_modify_bg(dialog, GTK_STATE_NORMAL, &bg);
|
||||
|
||||
if (prompt_type == PROMPT_ENTRY || prompt_type == PROMPT_NONE) {
|
||||
entry = gtk_entry_new();
|
||||
if (fg_set)
|
||||
gtk_widget_modify_fg(entry, GTK_STATE_NORMAL, &fg);
|
||||
if (bg_set)
|
||||
gtk_widget_modify_bg(entry, GTK_STATE_NORMAL, &bg);
|
||||
gtk_box_pack_start(
|
||||
GTK_BOX(gtk_dialog_get_content_area(GTK_DIALOG(dialog))),
|
||||
entry, FALSE, FALSE, 0);
|
||||
gtk_entry_set_visibility(GTK_ENTRY(entry), FALSE);
|
||||
gtk_widget_grab_focus(entry);
|
||||
if (prompt_type == PROMPT_ENTRY) {
|
||||
gtk_widget_show(entry);
|
||||
/* Make <enter> close dialog */
|
||||
g_signal_connect(G_OBJECT(entry), "activate",
|
||||
G_CALLBACK(ok_dialog), dialog);
|
||||
} else {
|
||||
/*
|
||||
* Ensure the 'close' button is not focused by default
|
||||
* but is still reachable via tab. This is a bit of a
|
||||
* hack - it uses a hidden entry that responds to a
|
||||
* couple of keypress events (escape and tab only).
|
||||
*/
|
||||
gtk_widget_realize(entry);
|
||||
g_signal_connect(G_OBJECT(entry), "key_press_event",
|
||||
G_CALLBACK(check_none), dialog);
|
||||
}
|
||||
}
|
||||
/* Grab focus */
|
||||
gtk_widget_show_now(dialog);
|
||||
display = gtk_widget_get_display(GTK_WIDGET(dialog));
|
||||
seat = gdk_display_get_default_seat(display);
|
||||
caps = GDK_SEAT_CAPABILITY_KEYBOARD;
|
||||
if (grab_pointer)
|
||||
caps |= GDK_SEAT_CAPABILITY_ALL_POINTING;
|
||||
if (grab_server)
|
||||
caps = GDK_SEAT_CAPABILITY_ALL;
|
||||
for (;;) {
|
||||
status = gdk_seat_grab(seat, gtk_widget_get_window(dialog),
|
||||
caps, TRUE, NULL, NULL, NULL, NULL);
|
||||
if (status == GDK_GRAB_SUCCESS)
|
||||
break;
|
||||
usleep(GRAB_WAIT * 1000);
|
||||
if (++grab_tries > GRAB_TRIES)
|
||||
goto nograb;
|
||||
}
|
||||
|
||||
result = gtk_dialog_run(GTK_DIALOG(dialog));
|
||||
|
||||
/* Ungrab */
|
||||
gdk_seat_ungrab(seat);
|
||||
gdk_display_flush(display);
|
||||
|
||||
/* Report passphrase if user selected OK */
|
||||
if (prompt_type == PROMPT_ENTRY) {
|
||||
passphrase = g_strdup(gtk_entry_get_text(GTK_ENTRY(entry)));
|
||||
if (result == GTK_RESPONSE_OK) {
|
||||
local = g_locale_from_utf8(passphrase,
|
||||
strlen(passphrase), NULL, NULL, NULL);
|
||||
if (local != NULL) {
|
||||
puts(local);
|
||||
memset(local, '\0', strlen(local));
|
||||
g_free(local);
|
||||
} else {
|
||||
puts(passphrase);
|
||||
}
|
||||
}
|
||||
/* Zero passphrase in memory */
|
||||
memset(passphrase, '\b', strlen(passphrase));
|
||||
gtk_entry_set_text(GTK_ENTRY(entry), passphrase);
|
||||
memset(passphrase, '\0', strlen(passphrase));
|
||||
g_free(passphrase);
|
||||
}
|
||||
|
||||
gtk_widget_destroy(dialog);
|
||||
if (result != GTK_RESPONSE_OK && result != GTK_RESPONSE_YES)
|
||||
return -1;
|
||||
return 0;
|
||||
|
||||
nograb:
|
||||
gtk_widget_destroy(dialog);
|
||||
err = gtk_message_dialog_new(GTK_WINDOW(parent_window), 0,
|
||||
GTK_MESSAGE_ERROR, GTK_BUTTONS_CLOSE,
|
||||
"Could not grab input. A malicious client may be eavesdropping "
|
||||
"on your session.");
|
||||
gtk_window_set_position(GTK_WINDOW(err), GTK_WIN_POS_CENTER);
|
||||
gtk_dialog_run(GTK_DIALOG(err));
|
||||
gtk_widget_destroy(err);
|
||||
return -1;
|
||||
}
|
||||
|
||||
int
|
||||
main(int argc, char **argv)
|
||||
{
|
||||
char *message, *prompt_mode;
|
||||
int result, prompt_type = PROMPT_ENTRY;
|
||||
|
||||
gtk_init(&argc, &argv);
|
||||
|
||||
if (argc > 1) {
|
||||
message = g_strjoinv(" ", argv + 1);
|
||||
} else {
|
||||
message = g_strdup("Enter your OpenSSH passphrase:");
|
||||
}
|
||||
|
||||
if ((prompt_mode = getenv("SSH_ASKPASS_PROMPT")) != NULL) {
|
||||
if (strcasecmp(prompt_mode, "confirm") == 0)
|
||||
prompt_type = PROMPT_CONFIRM;
|
||||
else if (strcasecmp(prompt_mode, "none") == 0)
|
||||
prompt_type = PROMPT_NONE;
|
||||
}
|
||||
|
||||
setvbuf(stdout, 0, _IONBF, 0);
|
||||
result = passphrase_dialog(message, prompt_type);
|
||||
g_free(message);
|
||||
|
||||
return (result);
|
||||
}
|
0
crypto/openssh/contrib/redhat/gnome-ssh-askpass.sh
Executable file → Normal file
0
crypto/openssh/contrib/redhat/gnome-ssh-askpass.sh
Executable file → Normal file
|
@ -1,78 +1,78 @@
|
|||
%define ver 7.9p1
|
||||
%define rel 1%{?dist}
|
||||
%global ver 8.7p1
|
||||
%global rel 1%{?dist}
|
||||
|
||||
# OpenSSH privilege separation requires a user & group ID
|
||||
%define sshd_uid 74
|
||||
%define sshd_gid 74
|
||||
%global sshd_uid 74
|
||||
%global sshd_gid 74
|
||||
|
||||
# Version of ssh-askpass
|
||||
%define aversion 1.2.4.1
|
||||
%global aversion 1.2.4.1
|
||||
|
||||
# Do we want to disable building of x11-askpass? (1=yes 0=no)
|
||||
%define no_x11_askpass 0
|
||||
%global no_x11_askpass 0
|
||||
|
||||
# Do we want to disable building of gnome-askpass? (1=yes 0=no)
|
||||
%define no_gnome_askpass 0
|
||||
%global no_gnome_askpass 0
|
||||
|
||||
# Do we want to link against a static libcrypto? (1=yes 0=no)
|
||||
%define static_libcrypto 0
|
||||
%global static_libcrypto 0
|
||||
|
||||
# Do we want smartcard support (1=yes 0=no)
|
||||
%define scard 0
|
||||
%global scard 0
|
||||
|
||||
# Use GTK2 instead of GNOME in gnome-ssh-askpass
|
||||
%define gtk2 1
|
||||
%global gtk2 1
|
||||
|
||||
# Use build6x options for older RHEL builds
|
||||
# RHEL 7 not yet supported
|
||||
%if 0%{?rhel} > 6
|
||||
%define build6x 0
|
||||
%global build6x 0
|
||||
%else
|
||||
%define build6x 1
|
||||
%global build6x 1
|
||||
%endif
|
||||
|
||||
%if 0%{?fedora} >= 26
|
||||
%define compat_openssl 1
|
||||
%global compat_openssl 1
|
||||
%else
|
||||
%define compat_openssl 0
|
||||
%global compat_openssl 0
|
||||
%endif
|
||||
|
||||
# Do we want kerberos5 support (1=yes 0=no)
|
||||
%define kerberos5 1
|
||||
%global kerberos5 1
|
||||
|
||||
# Reserve options to override askpass settings with:
|
||||
# rpm -ba|--rebuild --define 'skip_xxx 1'
|
||||
%{?skip_x11_askpass:%define no_x11_askpass 1}
|
||||
%{?skip_gnome_askpass:%define no_gnome_askpass 1}
|
||||
%{?skip_x11_askpass:%global no_x11_askpass 1}
|
||||
%{?skip_gnome_askpass:%global no_gnome_askpass 1}
|
||||
|
||||
# Add option to build without GTK2 for older platforms with only GTK+.
|
||||
# RedHat <= 7.2 and Red Hat Advanced Server 2.1 are examples.
|
||||
# rpm -ba|--rebuild --define 'no_gtk2 1'
|
||||
%{?no_gtk2:%define gtk2 0}
|
||||
%{?no_gtk2:%global gtk2 0}
|
||||
|
||||
# Is this a build for RHL 6.x or earlier?
|
||||
%{?build_6x:%define build6x 1}
|
||||
%{?build_6x:%global build6x 1}
|
||||
|
||||
# If this is RHL 6.x, the default configuration has sysconfdir in /usr/etc.
|
||||
%if %{build6x}
|
||||
%define _sysconfdir /etc
|
||||
%global _sysconfdir /etc
|
||||
%endif
|
||||
|
||||
# Options for static OpenSSL link:
|
||||
# rpm -ba|--rebuild --define "static_openssl 1"
|
||||
%{?static_openssl:%define static_libcrypto 1}
|
||||
%{?static_openssl:%global static_libcrypto 1}
|
||||
|
||||
# Options for Smartcard support: (needs libsectok and openssl-engine)
|
||||
# rpm -ba|--rebuild --define "smartcard 1"
|
||||
%{?smartcard:%define scard 1}
|
||||
%{?smartcard:%global scard 1}
|
||||
|
||||
# Is this a build for the rescue CD (without PAM, with MD5)? (1=yes 0=no)
|
||||
%define rescue 0
|
||||
%{?build_rescue:%define rescue 1}
|
||||
%global rescue 0
|
||||
%{?build_rescue:%global rescue 1}
|
||||
|
||||
# Turn off some stuff for resuce builds
|
||||
%if %{rescue}
|
||||
%define kerberos5 0
|
||||
%global kerberos5 0
|
||||
%endif
|
||||
|
||||
Summary: The OpenSSH implementation of SSH protocol version 2.
|
||||
|
@ -363,8 +363,10 @@ fi
|
|||
%attr(0755,root,root) %dir %{_libexecdir}/openssh
|
||||
%attr(4711,root,root) %{_libexecdir}/openssh/ssh-keysign
|
||||
%attr(0755,root,root) %{_libexecdir}/openssh/ssh-pkcs11-helper
|
||||
%attr(0755,root,root) %{_libexecdir}/openssh/ssh-sk-helper
|
||||
%attr(0644,root,root) %{_mandir}/man8/ssh-keysign.8*
|
||||
%attr(0644,root,root) %{_mandir}/man8/ssh-pkcs11-helper.8*
|
||||
%attr(0644,root,root) %{_mandir}/man8/ssh-sk-helper.8*
|
||||
%endif
|
||||
%if %{scard}
|
||||
%attr(0755,root,root) %dir %{_datadir}/openssh
|
||||
|
@ -422,6 +424,9 @@ fi
|
|||
%endif
|
||||
|
||||
%changelog
|
||||
* Mon Jul 20 2020 Damien Miller <djm@mindrto.org>
|
||||
- Add ssh-sk-helper and corresponding manual page.
|
||||
|
||||
* Sat Feb 10 2018 Darren Tucker <dtucker@dtucker.net>
|
||||
- Update openssl-devel dependency to match current requirements.
|
||||
- Handle Fedora >=6 openssl 1.0 compat libs.
|
||||
|
|
0
crypto/openssh/contrib/solaris/README
Executable file → Normal file
0
crypto/openssh/contrib/solaris/README
Executable file → Normal file
|
@ -1,6 +1,8 @@
|
|||
#!/bin/sh
|
||||
|
||||
# Copyright (c) 1999-2016 Philip Hands <phil@hands.com>
|
||||
# Copyright (c) 1999-2020 Philip Hands <phil@hands.com>
|
||||
# 2020 Matthias Blümel <blaimi@blaimi.de>
|
||||
# 2017 Sebastien Boyron <seb@boyron.eu>
|
||||
# 2013 Martin Kletzander <mkletzan@redhat.com>
|
||||
# 2010 Adeodato =?iso-8859-1?Q?Sim=F3?= <asp16@alu.ua.es>
|
||||
# 2010 Eric Moret <eric.moret@gmail.com>
|
||||
|
@ -33,13 +35,15 @@
|
|||
# Shell script to install your public key(s) on a remote machine
|
||||
# See the ssh-copy-id(1) man page for details
|
||||
|
||||
# shellcheck shell=dash
|
||||
|
||||
# check that we have something mildly sane as our shell, or try to find something better
|
||||
if false ^ printf "%s: WARNING: ancient shell, hunting for a more modern one... " "$0"
|
||||
then
|
||||
SANE_SH=${SANE_SH:-/usr/bin/ksh}
|
||||
if printf 'true ^ false\n' | "$SANE_SH"
|
||||
then
|
||||
printf "'%s' seems viable.\n" "$SANE_SH"
|
||||
printf "'%s' seems viable.\\n" "$SANE_SH"
|
||||
exec "$SANE_SH" "$0" "$@"
|
||||
else
|
||||
cat <<-EOF
|
||||
|
@ -51,36 +55,39 @@ then
|
|||
a bug describing your setup, and the shell you used to make it work.
|
||||
|
||||
EOF
|
||||
printf "%s: ERROR: Less dimwitted shell required.\n" "$0"
|
||||
printf '%s: ERROR: Less dimwitted shell required.\n' "$0"
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
most_recent_id="$(cd "$HOME" ; ls -t .ssh/id*.pub 2>/dev/null | grep -v -- '-cert.pub$' | head -n 1)"
|
||||
DEFAULT_PUB_ID_FILE="${most_recent_id:+$HOME/}$most_recent_id"
|
||||
# shellcheck disable=SC2010
|
||||
DEFAULT_PUB_ID_FILE=$(ls -t "${HOME}"/.ssh/id*.pub 2>/dev/null | grep -v -- '-cert.pub$' | head -n 1)
|
||||
SSH="ssh -a -x"
|
||||
umask 0177
|
||||
|
||||
usage () {
|
||||
printf 'Usage: %s [-h|-?|-f|-n] [-i [identity_file]] [-p port] [[-o <ssh -o options>] ...] [user@]hostname\n' "$0" >&2
|
||||
printf 'Usage: %s [-h|-?|-f|-n|-s] [-i [identity_file]] [-p port] [-F alternative ssh_config file] [[-o <ssh -o options>] ...] [user@]hostname\n' "$0" >&2
|
||||
printf '\t-f: force mode -- copy keys without trying to check if they are already installed\n' >&2
|
||||
printf '\t-n: dry run -- no keys are actually copied\n' >&2
|
||||
printf '\t-s: use sftp -- use sftp instead of executing remote-commands. Can be useful if the remote only allows sftp\n' >&2
|
||||
printf '\t-h|-?: print this help\n' >&2
|
||||
exit 1
|
||||
}
|
||||
|
||||
# escape any single quotes in an argument
|
||||
quote() {
|
||||
printf "%s\n" "$1" | sed -e "s/'/'\\\\''/g"
|
||||
printf '%s\n' "$1" | sed -e "s/'/'\\\\''/g"
|
||||
}
|
||||
|
||||
use_id_file() {
|
||||
local L_ID_FILE="$1"
|
||||
L_ID_FILE="$1"
|
||||
|
||||
if [ -z "$L_ID_FILE" ] ; then
|
||||
printf "%s: ERROR: no ID file found\n" "$0"
|
||||
printf '%s: ERROR: no ID file found\n' "$0"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if expr "$L_ID_FILE" : ".*\.pub$" >/dev/null ; then
|
||||
if expr "$L_ID_FILE" : '.*\.pub$' >/dev/null ; then
|
||||
PUB_ID_FILE="$L_ID_FILE"
|
||||
else
|
||||
PUB_ID_FILE="$L_ID_FILE.pub"
|
||||
|
@ -91,9 +98,9 @@ use_id_file() {
|
|||
# check that the files are readable
|
||||
for f in "$PUB_ID_FILE" ${PRIV_ID_FILE:+"$PRIV_ID_FILE"} ; do
|
||||
ErrMSG=$( { : < "$f" ; } 2>&1 ) || {
|
||||
local L_PRIVMSG=""
|
||||
L_PRIVMSG=""
|
||||
[ "$f" = "$PRIV_ID_FILE" ] && L_PRIVMSG=" (to install the contents of '$PUB_ID_FILE' anyway, look at the -f option)"
|
||||
printf "\n%s: ERROR: failed to open ID file '%s': %s\n" "$0" "$f" "$(printf "%s\n%s\n" "$ErrMSG" "$L_PRIVMSG" | sed -e 's/.*: *//')"
|
||||
printf "\\n%s: ERROR: failed to open ID file '%s': %s\\n" "$0" "$f" "$(printf '%s\n%s\n' "$ErrMSG" "$L_PRIVMSG" | sed -e 's/.*: *//')"
|
||||
exit 1
|
||||
}
|
||||
done
|
||||
|
@ -105,80 +112,36 @@ if [ -n "$SSH_AUTH_SOCK" ] && ssh-add -L >/dev/null 2>&1 ; then
|
|||
GET_ID="ssh-add -L"
|
||||
fi
|
||||
|
||||
while test "$#" -gt 0
|
||||
while getopts "i:o:p:F:fnsh?" OPT
|
||||
do
|
||||
[ "${SEEN_OPT_I}" ] && expr "$1" : "[-]i" >/dev/null && {
|
||||
printf "\n%s: ERROR: -i option must not be specified more than once\n\n" "$0"
|
||||
usage
|
||||
}
|
||||
|
||||
OPT= OPTARG=
|
||||
# implement something like getopt to avoid Solaris pain
|
||||
case "$1" in
|
||||
-i?*|-o?*|-p?*)
|
||||
OPT="$(printf -- "$1"|cut -c1-2)"
|
||||
OPTARG="$(printf -- "$1"|cut -c3-)"
|
||||
shift
|
||||
;;
|
||||
-o|-p)
|
||||
OPT="$1"
|
||||
OPTARG="$2"
|
||||
shift 2
|
||||
;;
|
||||
-i)
|
||||
OPT="$1"
|
||||
test "$#" -le 2 || expr "$2" : "[-]" >/dev/null || {
|
||||
OPTARG="$2"
|
||||
shift
|
||||
}
|
||||
shift
|
||||
;;
|
||||
-f|-n|-h|-\?)
|
||||
OPT="$1"
|
||||
OPTARG=
|
||||
shift
|
||||
;;
|
||||
--)
|
||||
shift
|
||||
while test "$#" -gt 0
|
||||
do
|
||||
SAVEARGS="${SAVEARGS:+$SAVEARGS }'$(quote "$1")'"
|
||||
shift
|
||||
done
|
||||
break
|
||||
;;
|
||||
-*)
|
||||
printf "\n%s: ERROR: invalid option (%s)\n\n" "$0" "$1"
|
||||
usage
|
||||
;;
|
||||
*)
|
||||
SAVEARGS="${SAVEARGS:+$SAVEARGS }'$(quote "$1")'"
|
||||
shift
|
||||
continue
|
||||
;;
|
||||
esac
|
||||
|
||||
case "$OPT" in
|
||||
-i)
|
||||
i)
|
||||
[ "${SEEN_OPT_I}" ] && {
|
||||
printf '\n%s: ERROR: -i option must not be specified more than once\n\n' "$0"
|
||||
usage
|
||||
}
|
||||
SEEN_OPT_I="yes"
|
||||
use_id_file "${OPTARG:-$DEFAULT_PUB_ID_FILE}"
|
||||
;;
|
||||
-o|-p)
|
||||
SSH_OPTS="${SSH_OPTS:+$SSH_OPTS }$OPT '$(quote "$OPTARG")'"
|
||||
o|p|F)
|
||||
SSH_OPTS="${SSH_OPTS:+$SSH_OPTS }-$OPT '$(quote "${OPTARG}")'"
|
||||
;;
|
||||
-f)
|
||||
f)
|
||||
FORCED=1
|
||||
;;
|
||||
-n)
|
||||
n)
|
||||
DRY_RUN=1
|
||||
;;
|
||||
-h|-\?)
|
||||
s)
|
||||
SFTP=sftp
|
||||
;;
|
||||
h|\?)
|
||||
usage
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
||||
eval set -- "$SAVEARGS"
|
||||
#shift all args to keep only USER_HOST
|
||||
shift $((OPTIND-1))
|
||||
|
||||
if [ $# = 0 ] ; then
|
||||
usage
|
||||
|
@ -189,71 +152,74 @@ if [ $# != 1 ] ; then
|
|||
fi
|
||||
|
||||
# drop trailing colon
|
||||
USER_HOST=$(printf "%s\n" "$1" | sed 's/:$//')
|
||||
USER_HOST="$*"
|
||||
# tack the hostname onto SSH_OPTS
|
||||
SSH_OPTS="${SSH_OPTS:+$SSH_OPTS }'$(quote "$USER_HOST")'"
|
||||
# and populate "$@" for later use (only way to get proper quoting of options)
|
||||
eval set -- "$SSH_OPTS"
|
||||
|
||||
# shellcheck disable=SC2086
|
||||
if [ -z "$(eval $GET_ID)" ] && [ -r "${PUB_ID_FILE:=$DEFAULT_PUB_ID_FILE}" ] ; then
|
||||
use_id_file "$PUB_ID_FILE"
|
||||
fi
|
||||
|
||||
# shellcheck disable=SC2086
|
||||
if [ -z "$(eval $GET_ID)" ] ; then
|
||||
printf '%s: ERROR: No identities found\n' "$0" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# filter_ids()
|
||||
# tries to log in using the keys piped to it, and filters out any that work
|
||||
filter_ids() {
|
||||
L_SUCCESS="$1"
|
||||
L_TMP_ID_FILE="$SCRATCH_DIR"/popids_tmp_id
|
||||
L_OUTPUT_FILE="$SCRATCH_DIR"/popids_output
|
||||
|
||||
# repopulate "$@" inside this function
|
||||
eval set -- "$SSH_OPTS"
|
||||
|
||||
while read -r ID || [ "$ID" ] ; do
|
||||
printf '%s\n' "$ID" > "$L_TMP_ID_FILE"
|
||||
|
||||
# the next line assumes $PRIV_ID_FILE only set if using a single id file - this
|
||||
# assumption will break if we implement the possibility of multiple -i options.
|
||||
# The point being that if file based, ssh needs the private key, which it cannot
|
||||
# find if only given the contents of the .pub file in an unrelated tmpfile
|
||||
$SSH -i "${PRIV_ID_FILE:-$L_TMP_ID_FILE}" \
|
||||
-o ControlPath=none \
|
||||
-o LogLevel=INFO \
|
||||
-o PreferredAuthentications=publickey \
|
||||
-o IdentitiesOnly=yes "$@" exit >"$L_OUTPUT_FILE" 2>&1 </dev/null
|
||||
if [ "$?" = "$L_SUCCESS" ] || {
|
||||
[ "$SFTP" ] && grep 'allows sftp connections only' "$L_OUTPUT_FILE" >/dev/null
|
||||
# this error counts as a success if we're setting up an sftp connection
|
||||
}
|
||||
then
|
||||
: > "$L_TMP_ID_FILE"
|
||||
else
|
||||
grep 'Permission denied' "$L_OUTPUT_FILE" >/dev/null || {
|
||||
sed -e 's/^/ERROR: /' <"$L_OUTPUT_FILE" >"$L_TMP_ID_FILE"
|
||||
cat >/dev/null #consume the other keys, causing loop to end
|
||||
}
|
||||
fi
|
||||
|
||||
cat "$L_TMP_ID_FILE"
|
||||
done
|
||||
}
|
||||
|
||||
# populate_new_ids() uses several global variables ($USER_HOST, $SSH_OPTS ...)
|
||||
# and has the side effect of setting $NEW_IDS
|
||||
populate_new_ids() {
|
||||
local L_SUCCESS="$1"
|
||||
|
||||
if [ "$FORCED" ] ; then
|
||||
# shellcheck disable=SC2086
|
||||
NEW_IDS=$(eval $GET_ID)
|
||||
return
|
||||
fi
|
||||
|
||||
# repopulate "$@" inside this function
|
||||
eval set -- "$SSH_OPTS"
|
||||
|
||||
umask 0177
|
||||
local L_TMP_ID_FILE=$(mktemp ~/.ssh/ssh-copy-id_id.XXXXXXXXXX)
|
||||
if test $? -ne 0 || test "x$L_TMP_ID_FILE" = "x" ; then
|
||||
printf '%s: ERROR: mktemp failed\n' "$0" >&2
|
||||
exit 1
|
||||
fi
|
||||
local L_CLEANUP="rm -f \"$L_TMP_ID_FILE\" \"${L_TMP_ID_FILE}.stderr\""
|
||||
trap "$L_CLEANUP" EXIT TERM INT QUIT
|
||||
printf '%s: INFO: attempting to log in with the new key(s), to filter out any that are already installed\n' "$0" >&2
|
||||
NEW_IDS=$(
|
||||
eval $GET_ID | {
|
||||
while read ID || [ "$ID" ] ; do
|
||||
printf '%s\n' "$ID" > "$L_TMP_ID_FILE"
|
||||
|
||||
# the next line assumes $PRIV_ID_FILE only set if using a single id file - this
|
||||
# assumption will break if we implement the possibility of multiple -i options.
|
||||
# The point being that if file based, ssh needs the private key, which it cannot
|
||||
# find if only given the contents of the .pub file in an unrelated tmpfile
|
||||
ssh -i "${PRIV_ID_FILE:-$L_TMP_ID_FILE}" \
|
||||
-o ControlPath=none \
|
||||
-o LogLevel=INFO \
|
||||
-o PreferredAuthentications=publickey \
|
||||
-o IdentitiesOnly=yes "$@" exit 2>"$L_TMP_ID_FILE.stderr" </dev/null
|
||||
if [ "$?" = "$L_SUCCESS" ] ; then
|
||||
: > "$L_TMP_ID_FILE"
|
||||
else
|
||||
grep 'Permission denied' "$L_TMP_ID_FILE.stderr" >/dev/null || {
|
||||
sed -e 's/^/ERROR: /' <"$L_TMP_ID_FILE.stderr" >"$L_TMP_ID_FILE"
|
||||
cat >/dev/null #consume the other keys, causing loop to end
|
||||
}
|
||||
fi
|
||||
|
||||
cat "$L_TMP_ID_FILE"
|
||||
done
|
||||
}
|
||||
)
|
||||
eval "$L_CLEANUP" && trap - EXIT TERM INT QUIT
|
||||
# shellcheck disable=SC2086
|
||||
NEW_IDS=$(eval $GET_ID | filter_ids $1)
|
||||
|
||||
if expr "$NEW_IDS" : "^ERROR: " >/dev/null ; then
|
||||
printf '\n%s: %s\n\n' "$0" "$NEW_IDS" >&2
|
||||
|
@ -261,43 +227,130 @@ populate_new_ids() {
|
|||
fi
|
||||
if [ -z "$NEW_IDS" ] ; then
|
||||
printf '\n%s: WARNING: All keys were skipped because they already exist on the remote system.\n' "$0" >&2
|
||||
printf '\t\t(if you think this is a mistake, you may want to use -f option)\n\n' "$0" >&2
|
||||
printf '\t\t(if you think this is a mistake, you may want to use -f option)\n\n' >&2
|
||||
exit 0
|
||||
fi
|
||||
printf '%s: INFO: %d key(s) remain to be installed -- if you are prompted now it is to install the new keys\n' "$0" "$(printf '%s\n' "$NEW_IDS" | wc -l)" >&2
|
||||
}
|
||||
|
||||
REMOTE_VERSION=$(ssh -v -o PreferredAuthentications=',' -o ControlPath=none "$@" 2>&1 |
|
||||
# installkey_sh [target_path]
|
||||
# produce a one-liner to add the keys to remote authorized_keys file
|
||||
# optionally takes an alternative path for authorized_keys
|
||||
installkeys_sh() {
|
||||
AUTH_KEY_FILE=${1:-.ssh/authorized_keys}
|
||||
AUTH_KEY_DIR=$(dirname "${AUTH_KEY_FILE}")
|
||||
|
||||
# In setting INSTALLKEYS_SH:
|
||||
# the tr puts it all on one line (to placate tcsh)
|
||||
# (hence the excessive use of semi-colons (;) )
|
||||
# then in the command:
|
||||
# cd to be at $HOME, just in case;
|
||||
# the -z `tail ...` checks for a trailing newline. The echo adds one if was missing
|
||||
# the cat adds the keys we're getting via STDIN
|
||||
# and if available restorecon is used to restore the SELinux context
|
||||
INSTALLKEYS_SH=$(tr '\t\n' ' ' <<-EOF
|
||||
cd;
|
||||
umask 077;
|
||||
mkdir -p "${AUTH_KEY_DIR}" &&
|
||||
{ [ -z \`tail -1c ${AUTH_KEY_FILE} 2>/dev/null\` ] ||
|
||||
echo >> "${AUTH_KEY_FILE}" || exit 1; } &&
|
||||
cat >> "${AUTH_KEY_FILE}" || exit 1;
|
||||
if type restorecon >/dev/null 2>&1; then
|
||||
restorecon -F "${AUTH_KEY_DIR}" "${AUTH_KEY_FILE}";
|
||||
fi
|
||||
EOF
|
||||
)
|
||||
|
||||
# to defend against quirky remote shells: use 'exec sh -c' to get POSIX;
|
||||
printf "exec sh -c '%s'" "${INSTALLKEYS_SH}"
|
||||
}
|
||||
|
||||
#shellcheck disable=SC2120 # the 'eval set' confuses this
|
||||
installkeys_via_sftp() {
|
||||
|
||||
# repopulate "$@" inside this function
|
||||
eval set -- "$SSH_OPTS"
|
||||
|
||||
L_KEYS=$SCRATCH_DIR/authorized_keys
|
||||
L_SHARED_CON=$SCRATCH_DIR/master-conn
|
||||
$SSH -f -N -M -S "$L_SHARED_CON" "$@"
|
||||
L_CLEANUP="$SSH -S $L_SHARED_CON -O exit 'ignored' >/dev/null 2>&1 ; $SCRATCH_CLEANUP"
|
||||
#shellcheck disable=SC2064
|
||||
trap "$L_CLEANUP" EXIT TERM INT QUIT
|
||||
sftp -b - -o "ControlPath=$L_SHARED_CON" "ignored" <<-EOF || return 1
|
||||
-get .ssh/authorized_keys $L_KEYS
|
||||
EOF
|
||||
# add a newline or create file if it's missing, same like above
|
||||
[ -z "$(tail -1c "$L_KEYS" 2>/dev/null)" ] || echo >> "$L_KEYS"
|
||||
# append the keys being piped in here
|
||||
cat >> "$L_KEYS"
|
||||
sftp -b - -o "ControlPath=$L_SHARED_CON" "ignored" <<-EOF || return 1
|
||||
-mkdir .ssh
|
||||
chmod 700 .ssh
|
||||
put $L_KEYS .ssh/authorized_keys
|
||||
chmod 600 .ssh/authorized_keys
|
||||
EOF
|
||||
#shellcheck disable=SC2064
|
||||
eval "$L_CLEANUP" && trap "$SCRATCH_CLEANUP" EXIT TERM INT QUIT
|
||||
}
|
||||
|
||||
|
||||
# create a scratch dir for any temporary files needed
|
||||
if SCRATCH_DIR=$(mktemp -d ~/.ssh/ssh-copy-id.XXXXXXXXXX) &&
|
||||
[ "$SCRATCH_DIR" ] && [ -d "$SCRATCH_DIR" ]
|
||||
then
|
||||
chmod 0700 "$SCRATCH_DIR"
|
||||
SCRATCH_CLEANUP="rm -rf \"$SCRATCH_DIR\""
|
||||
#shellcheck disable=SC2064
|
||||
trap "$SCRATCH_CLEANUP" EXIT TERM INT QUIT
|
||||
else
|
||||
printf '%s: ERROR: failed to create required temporary directory under ~/.ssh\n' "$0" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
REMOTE_VERSION=$($SSH -v -o PreferredAuthentications=',' -o ControlPath=none "$@" 2>&1 |
|
||||
sed -ne 's/.*remote software version //p')
|
||||
|
||||
# shellcheck disable=SC2029
|
||||
case "$REMOTE_VERSION" in
|
||||
NetScreen*)
|
||||
populate_new_ids 1
|
||||
for KEY in $(printf "%s" "$NEW_IDS" | cut -d' ' -f2) ; do
|
||||
KEY_NO=$(($KEY_NO + 1))
|
||||
printf "%s\n" "$KEY" | grep ssh-dss >/dev/null || {
|
||||
KEY_NO=$((KEY_NO + 1))
|
||||
printf '%s\n' "$KEY" | grep ssh-dss >/dev/null || {
|
||||
printf '%s: WARNING: Non-dsa key (#%d) skipped (NetScreen only supports DSA keys)\n' "$0" "$KEY_NO" >&2
|
||||
continue
|
||||
}
|
||||
[ "$DRY_RUN" ] || printf 'set ssh pka-dsa key %s\nsave\nexit\n' "$KEY" | ssh -T "$@" >/dev/null 2>&1
|
||||
[ "$DRY_RUN" ] || printf 'set ssh pka-dsa key %s\nsave\nexit\n' "$KEY" | $SSH -T "$@" >/dev/null 2>&1
|
||||
if [ $? = 255 ] ; then
|
||||
printf '%s: ERROR: installation of key #%d failed (please report a bug describing what caused this, so that we can make this message useful)\n' "$0" "$KEY_NO" >&2
|
||||
else
|
||||
ADDED=$(($ADDED + 1))
|
||||
ADDED=$((ADDED + 1))
|
||||
fi
|
||||
done
|
||||
if [ -z "$ADDED" ] ; then
|
||||
exit 1
|
||||
fi
|
||||
;;
|
||||
dropbear*)
|
||||
populate_new_ids 0
|
||||
[ "$DRY_RUN" ] || printf '%s\n' "$NEW_IDS" | \
|
||||
$SSH "$@" "$(installkeys_sh /etc/dropbear/authorized_keys)" \
|
||||
|| exit 1
|
||||
ADDED=$(printf '%s\n' "$NEW_IDS" | wc -l)
|
||||
;;
|
||||
*)
|
||||
# Assuming that the remote host treats ~/.ssh/authorized_keys as one might expect
|
||||
populate_new_ids 0
|
||||
# in ssh below - to defend against quirky remote shells: use 'exec sh -c' to get POSIX;
|
||||
# 'cd' to be at $HOME; add a newline if it's missing; and all on one line, because tcsh.
|
||||
[ "$DRY_RUN" ] || printf '%s\n' "$NEW_IDS" | \
|
||||
ssh "$@" "exec sh -c 'cd ; umask 077 ; mkdir -p .ssh && { [ -z "'`tail -1c .ssh/authorized_keys 2>/dev/null`'" ] || echo >> .ssh/authorized_keys ; } && cat >> .ssh/authorized_keys || exit 1 ; if type restorecon >/dev/null 2>&1 ; then restorecon -F .ssh .ssh/authorized_keys ; fi'" \
|
||||
|| exit 1
|
||||
if ! [ "$DRY_RUN" ] ; then
|
||||
printf '%s\n' "$NEW_IDS" | \
|
||||
if [ "$SFTP" ] ; then
|
||||
#shellcheck disable=SC2119
|
||||
installkeys_via_sftp
|
||||
else
|
||||
$SSH "$@" "$(installkeys_sh)"
|
||||
fi || exit 1
|
||||
fi
|
||||
ADDED=$(printf '%s\n' "$NEW_IDS" | wc -l)
|
||||
;;
|
||||
esac
|
||||
|
@ -315,7 +368,7 @@ else
|
|||
|
||||
Number of key(s) added: $ADDED
|
||||
|
||||
Now try logging into the machine, with: "ssh $SSH_OPTS"
|
||||
Now try logging into the machine, with: "${SFTP:-ssh} $SSH_OPTS"
|
||||
and check to make sure that only the key(s) you wanted were added.
|
||||
|
||||
EOF
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
.ig \" -*- nroff -*-
|
||||
Copyright (c) 1999-2013 hands.com Ltd. <http://hands.com/>
|
||||
Copyright (c) 1999-2020 hands.com Ltd. <http://hands.com/>
|
||||
|
||||
Redistribution and use in source and binary forms, with or without
|
||||
modification, are permitted provided that the following conditions
|
||||
|
@ -31,6 +31,7 @@ THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|||
.Nm
|
||||
.Op Fl f
|
||||
.Op Fl n
|
||||
.Op Fl s
|
||||
.Op Fl i Op Ar identity_file
|
||||
.Op Fl p Ar port
|
||||
.Op Fl o Ar ssh_option
|
||||
|
@ -84,6 +85,12 @@ in more than one copy of the key being installed on the remote system.
|
|||
.It Fl n
|
||||
do a dry-run. Instead of installing keys on the remote system simply
|
||||
prints the key(s) that would have been installed.
|
||||
.It Fl s
|
||||
SFTP mode: usually the public keys are installed by executing commands on the remote side.
|
||||
With this option the user's
|
||||
.Pa ~/.ssh/authorized_keys
|
||||
file will be downloaded, modified locally and uploaded with sftp.
|
||||
This option is useful if the server has restrictions on commands which can be used on the remote side.
|
||||
.It Fl h , Fl ?
|
||||
Print Usage summary
|
||||
.It Fl p Ar port , Fl o Ar ssh_option
|
||||
|
@ -158,7 +165,7 @@ asked for confirmation, which is your cue to log back out and run
|
|||
The reason you might want to specify the -i option in this case is to
|
||||
ensure that the comment on the installed key is the one from the
|
||||
.Pa .pub
|
||||
file, rather than just the filename that was loaded into you agent.
|
||||
file, rather than just the filename that was loaded into your agent.
|
||||
It also ensures that only the id you intended is installed, rather than
|
||||
all the keys that you have in your
|
||||
.Xr ssh-agent 1 .
|
||||
|
|
|
@ -13,7 +13,7 @@
|
|||
|
||||
Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation
|
||||
Name: openssh
|
||||
Version: 7.9p1
|
||||
Version: 8.7p1
|
||||
URL: https://www.openssh.com/
|
||||
Release: 1
|
||||
Source0: openssh-%{version}.tar.gz
|
||||
|
@ -75,6 +75,8 @@ patented algorithms to separate libraries (OpenSSL).
|
|||
This package contains an X Window System passphrase dialog for OpenSSH.
|
||||
|
||||
%changelog
|
||||
* Mon Jul 20 2020 Damien Miller <djm@mindrto.org>
|
||||
- Add ssh-sk-helper and corresponding manual page.
|
||||
* Wed Oct 26 2005 Iain Morgan <imorgan@nas.nasa.gov>
|
||||
- Removed accidental inclusion of --without-zlib-version-check
|
||||
* Tue Oct 25 2005 Iain Morgan <imorgan@nas.nasa.gov>
|
||||
|
@ -211,6 +213,7 @@ rm -rf $RPM_BUILD_ROOT
|
|||
%attr(0755,root,root) %{_libdir}/ssh/sftp-server
|
||||
%attr(4711,root,root) %{_libdir}/ssh/ssh-keysign
|
||||
%attr(0755,root,root) %{_libdir}/ssh/ssh-pkcs11-helper
|
||||
%attr(0755,root,root) %{_libdir}/ssh/ssh-sk-helper
|
||||
%attr(0644,root,root) %doc %{_mandir}/man1/scp.1*
|
||||
%attr(0644,root,root) %doc %{_mandir}/man1/sftp.1*
|
||||
%attr(0644,root,root) %doc %{_mandir}/man1/ssh.1*
|
||||
|
@ -224,6 +227,7 @@ rm -rf $RPM_BUILD_ROOT
|
|||
%attr(0644,root,root) %doc %{_mandir}/man8/sftp-server.8*
|
||||
%attr(0644,root,root) %doc %{_mandir}/man8/ssh-keysign.8*
|
||||
%attr(0644,root,root) %doc %{_mandir}/man8/ssh-pkcs11-helper.8*
|
||||
%attr(0644,root,root) %doc %{_mandir}/man8/ssh-sk-helper.8*
|
||||
%attr(0644,root,root) %doc %{_mandir}/man8/sshd.8*
|
||||
%attr(0644,root,root) /var/adm/fillup-templates/sysconfig.ssh
|
||||
|
||||
|
|
|
@ -1,105 +0,0 @@
|
|||
/* $OpenBSD: crc32.c,v 1.11 2006/04/22 18:29:33 stevesk Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2003 Markus Friedl. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
|
||||
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
||||
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
||||
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
|
||||
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
#include "includes.h"
|
||||
#include "crc32.h"
|
||||
|
||||
static const u_int32_t crc32tab[] = {
|
||||
0x00000000L, 0x77073096L, 0xee0e612cL, 0x990951baL,
|
||||
0x076dc419L, 0x706af48fL, 0xe963a535L, 0x9e6495a3L,
|
||||
0x0edb8832L, 0x79dcb8a4L, 0xe0d5e91eL, 0x97d2d988L,
|
||||
0x09b64c2bL, 0x7eb17cbdL, 0xe7b82d07L, 0x90bf1d91L,
|
||||
0x1db71064L, 0x6ab020f2L, 0xf3b97148L, 0x84be41deL,
|
||||
0x1adad47dL, 0x6ddde4ebL, 0xf4d4b551L, 0x83d385c7L,
|
||||
0x136c9856L, 0x646ba8c0L, 0xfd62f97aL, 0x8a65c9ecL,
|
||||
0x14015c4fL, 0x63066cd9L, 0xfa0f3d63L, 0x8d080df5L,
|
||||
0x3b6e20c8L, 0x4c69105eL, 0xd56041e4L, 0xa2677172L,
|
||||
0x3c03e4d1L, 0x4b04d447L, 0xd20d85fdL, 0xa50ab56bL,
|
||||
0x35b5a8faL, 0x42b2986cL, 0xdbbbc9d6L, 0xacbcf940L,
|
||||
0x32d86ce3L, 0x45df5c75L, 0xdcd60dcfL, 0xabd13d59L,
|
||||
0x26d930acL, 0x51de003aL, 0xc8d75180L, 0xbfd06116L,
|
||||
0x21b4f4b5L, 0x56b3c423L, 0xcfba9599L, 0xb8bda50fL,
|
||||
0x2802b89eL, 0x5f058808L, 0xc60cd9b2L, 0xb10be924L,
|
||||
0x2f6f7c87L, 0x58684c11L, 0xc1611dabL, 0xb6662d3dL,
|
||||
0x76dc4190L, 0x01db7106L, 0x98d220bcL, 0xefd5102aL,
|
||||
0x71b18589L, 0x06b6b51fL, 0x9fbfe4a5L, 0xe8b8d433L,
|
||||
0x7807c9a2L, 0x0f00f934L, 0x9609a88eL, 0xe10e9818L,
|
||||
0x7f6a0dbbL, 0x086d3d2dL, 0x91646c97L, 0xe6635c01L,
|
||||
0x6b6b51f4L, 0x1c6c6162L, 0x856530d8L, 0xf262004eL,
|
||||
0x6c0695edL, 0x1b01a57bL, 0x8208f4c1L, 0xf50fc457L,
|
||||
0x65b0d9c6L, 0x12b7e950L, 0x8bbeb8eaL, 0xfcb9887cL,
|
||||
0x62dd1ddfL, 0x15da2d49L, 0x8cd37cf3L, 0xfbd44c65L,
|
||||
0x4db26158L, 0x3ab551ceL, 0xa3bc0074L, 0xd4bb30e2L,
|
||||
0x4adfa541L, 0x3dd895d7L, 0xa4d1c46dL, 0xd3d6f4fbL,
|
||||
0x4369e96aL, 0x346ed9fcL, 0xad678846L, 0xda60b8d0L,
|
||||
0x44042d73L, 0x33031de5L, 0xaa0a4c5fL, 0xdd0d7cc9L,
|
||||
0x5005713cL, 0x270241aaL, 0xbe0b1010L, 0xc90c2086L,
|
||||
0x5768b525L, 0x206f85b3L, 0xb966d409L, 0xce61e49fL,
|
||||
0x5edef90eL, 0x29d9c998L, 0xb0d09822L, 0xc7d7a8b4L,
|
||||
0x59b33d17L, 0x2eb40d81L, 0xb7bd5c3bL, 0xc0ba6cadL,
|
||||
0xedb88320L, 0x9abfb3b6L, 0x03b6e20cL, 0x74b1d29aL,
|
||||
0xead54739L, 0x9dd277afL, 0x04db2615L, 0x73dc1683L,
|
||||
0xe3630b12L, 0x94643b84L, 0x0d6d6a3eL, 0x7a6a5aa8L,
|
||||
0xe40ecf0bL, 0x9309ff9dL, 0x0a00ae27L, 0x7d079eb1L,
|
||||
0xf00f9344L, 0x8708a3d2L, 0x1e01f268L, 0x6906c2feL,
|
||||
0xf762575dL, 0x806567cbL, 0x196c3671L, 0x6e6b06e7L,
|
||||
0xfed41b76L, 0x89d32be0L, 0x10da7a5aL, 0x67dd4accL,
|
||||
0xf9b9df6fL, 0x8ebeeff9L, 0x17b7be43L, 0x60b08ed5L,
|
||||
0xd6d6a3e8L, 0xa1d1937eL, 0x38d8c2c4L, 0x4fdff252L,
|
||||
0xd1bb67f1L, 0xa6bc5767L, 0x3fb506ddL, 0x48b2364bL,
|
||||
0xd80d2bdaL, 0xaf0a1b4cL, 0x36034af6L, 0x41047a60L,
|
||||
0xdf60efc3L, 0xa867df55L, 0x316e8eefL, 0x4669be79L,
|
||||
0xcb61b38cL, 0xbc66831aL, 0x256fd2a0L, 0x5268e236L,
|
||||
0xcc0c7795L, 0xbb0b4703L, 0x220216b9L, 0x5505262fL,
|
||||
0xc5ba3bbeL, 0xb2bd0b28L, 0x2bb45a92L, 0x5cb36a04L,
|
||||
0xc2d7ffa7L, 0xb5d0cf31L, 0x2cd99e8bL, 0x5bdeae1dL,
|
||||
0x9b64c2b0L, 0xec63f226L, 0x756aa39cL, 0x026d930aL,
|
||||
0x9c0906a9L, 0xeb0e363fL, 0x72076785L, 0x05005713L,
|
||||
0x95bf4a82L, 0xe2b87a14L, 0x7bb12baeL, 0x0cb61b38L,
|
||||
0x92d28e9bL, 0xe5d5be0dL, 0x7cdcefb7L, 0x0bdbdf21L,
|
||||
0x86d3d2d4L, 0xf1d4e242L, 0x68ddb3f8L, 0x1fda836eL,
|
||||
0x81be16cdL, 0xf6b9265bL, 0x6fb077e1L, 0x18b74777L,
|
||||
0x88085ae6L, 0xff0f6a70L, 0x66063bcaL, 0x11010b5cL,
|
||||
0x8f659effL, 0xf862ae69L, 0x616bffd3L, 0x166ccf45L,
|
||||
0xa00ae278L, 0xd70dd2eeL, 0x4e048354L, 0x3903b3c2L,
|
||||
0xa7672661L, 0xd06016f7L, 0x4969474dL, 0x3e6e77dbL,
|
||||
0xaed16a4aL, 0xd9d65adcL, 0x40df0b66L, 0x37d83bf0L,
|
||||
0xa9bcae53L, 0xdebb9ec5L, 0x47b2cf7fL, 0x30b5ffe9L,
|
||||
0xbdbdf21cL, 0xcabac28aL, 0x53b39330L, 0x24b4a3a6L,
|
||||
0xbad03605L, 0xcdd70693L, 0x54de5729L, 0x23d967bfL,
|
||||
0xb3667a2eL, 0xc4614ab8L, 0x5d681b02L, 0x2a6f2b94L,
|
||||
0xb40bbe37L, 0xc30c8ea1L, 0x5a05df1bL, 0x2d02ef8dL
|
||||
};
|
||||
|
||||
u_int32_t
|
||||
ssh_crc32(const u_char *buf, u_int32_t size)
|
||||
{
|
||||
u_int32_t i, crc;
|
||||
|
||||
crc = 0;
|
||||
for (i = 0; i < size; i++)
|
||||
crc = crc32tab[(crc ^ buf[i]) & 0xff] ^ (crc >> 8);
|
||||
return crc;
|
||||
}
|
|
@ -1,30 +0,0 @@
|
|||
/* $OpenBSD: crc32.h,v 1.15 2006/03/25 22:22:43 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2003 Markus Friedl. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
|
||||
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
||||
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
||||
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
|
||||
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#ifndef SSH_CRC32_H
|
||||
#define SSH_CRC32_H
|
||||
u_int32_t ssh_crc32(const u_char *, u_int32_t);
|
||||
#endif
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: crypto_api.h,v 1.4 2017/12/14 21:07:39 naddy Exp $ */
|
||||
/* $OpenBSD: crypto_api.h,v 1.7 2021/01/08 02:33:13 dtucker Exp $ */
|
||||
|
||||
/*
|
||||
* Assembled from generated headers and source files by Markus Friedl.
|
||||
|
@ -15,10 +15,17 @@
|
|||
#endif
|
||||
#include <stdlib.h>
|
||||
|
||||
typedef int8_t crypto_int8;
|
||||
typedef uint8_t crypto_uint8;
|
||||
typedef int16_t crypto_int16;
|
||||
typedef uint16_t crypto_uint16;
|
||||
typedef int32_t crypto_int32;
|
||||
typedef uint32_t crypto_uint32;
|
||||
typedef int64_t crypto_int64;
|
||||
typedef uint64_t crypto_uint64;
|
||||
|
||||
#define randombytes(buf, buf_len) arc4random_buf((buf), (buf_len))
|
||||
#define small_random32() arc4random()
|
||||
|
||||
#define crypto_hash_sha512_BYTES 64U
|
||||
|
||||
|
@ -37,4 +44,15 @@ int crypto_sign_ed25519_open(unsigned char *, unsigned long long *,
|
|||
const unsigned char *, unsigned long long, const unsigned char *);
|
||||
int crypto_sign_ed25519_keypair(unsigned char *, unsigned char *);
|
||||
|
||||
#define crypto_kem_sntrup761_PUBLICKEYBYTES 1158
|
||||
#define crypto_kem_sntrup761_SECRETKEYBYTES 1763
|
||||
#define crypto_kem_sntrup761_CIPHERTEXTBYTES 1039
|
||||
#define crypto_kem_sntrup761_BYTES 32
|
||||
|
||||
int crypto_kem_sntrup761_enc(unsigned char *cstr, unsigned char *k,
|
||||
const unsigned char *pk);
|
||||
int crypto_kem_sntrup761_dec(unsigned char *k,
|
||||
const unsigned char *cstr, const unsigned char *sk);
|
||||
int crypto_kem_sntrup761_keypair(unsigned char *pk, unsigned char *sk);
|
||||
|
||||
#endif /* crypto_api_h */
|
||||
|
|
|
@ -96,6 +96,18 @@ enum
|
|||
#ifndef IPTOS_DSCP_EF
|
||||
# define IPTOS_DSCP_EF 0xb8
|
||||
#endif /* IPTOS_DSCP_EF */
|
||||
#ifndef IPTOS_DSCP_LE
|
||||
# define IPTOS_DSCP_LE 0x01
|
||||
#endif /* IPTOS_DSCP_LE */
|
||||
#ifndef IPTOS_PREC_CRITIC_ECP
|
||||
# define IPTOS_PREC_CRITIC_ECP 0xa0
|
||||
#endif
|
||||
#ifndef IPTOS_PREC_INTERNETCONTROL
|
||||
# define IPTOS_PREC_INTERNETCONTROL 0xc0
|
||||
#endif
|
||||
#ifndef IPTOS_PREC_NETCONTROL
|
||||
# define IPTOS_PREC_NETCONTROL 0xe0
|
||||
#endif
|
||||
|
||||
#ifndef PATH_MAX
|
||||
# ifdef _POSIX_PATH_MAX
|
||||
|
@ -108,10 +120,6 @@ enum
|
|||
# define MAXPATHLEN PATH_MAX
|
||||
# else /* PATH_MAX */
|
||||
# define MAXPATHLEN 64
|
||||
/* realpath uses a fixed buffer of size MAXPATHLEN, so force use of ours */
|
||||
# ifndef BROKEN_REALPATH
|
||||
# define BROKEN_REALPATH 1
|
||||
# endif /* BROKEN_REALPATH */
|
||||
# endif /* PATH_MAX */
|
||||
#endif /* MAXPATHLEN */
|
||||
|
||||
|
@ -246,6 +254,21 @@ typedef unsigned int u_int32_t;
|
|||
#define __BIT_TYPES_DEFINED__
|
||||
#endif
|
||||
|
||||
#if !defined(LLONG_MIN) && defined(LONG_LONG_MIN)
|
||||
#define LLONG_MIN LONG_LONG_MIN
|
||||
#endif
|
||||
#if !defined(LLONG_MAX) && defined(LONG_LONG_MAX)
|
||||
#define LLONG_MAX LONG_LONG_MAX
|
||||
#endif
|
||||
|
||||
#ifndef UINT32_MAX
|
||||
# if defined(HAVE_DECL_UINT32_MAX) && (HAVE_DECL_UINT32_MAX == 0)
|
||||
# if (SIZEOF_INT == 4)
|
||||
# define UINT32_MAX UINT_MAX
|
||||
# endif
|
||||
# endif
|
||||
#endif
|
||||
|
||||
/* 64-bit types */
|
||||
#ifndef HAVE_INT64_T
|
||||
# if (SIZEOF_LONG_INT == 8)
|
||||
|
@ -281,6 +304,12 @@ typedef long long intmax_t;
|
|||
typedef unsigned long long uintmax_t;
|
||||
#endif
|
||||
|
||||
#if SIZEOF_TIME_T == SIZEOF_LONG_LONG_INT
|
||||
# define SSH_TIME_T_MAX LLONG_MAX
|
||||
#else
|
||||
# define SSH_TIME_T_MAX INT_MAX
|
||||
#endif
|
||||
|
||||
#ifndef HAVE_U_CHAR
|
||||
typedef unsigned char u_char;
|
||||
# define HAVE_U_CHAR
|
||||
|
@ -328,6 +357,7 @@ typedef unsigned int size_t;
|
|||
|
||||
#ifndef HAVE_SSIZE_T
|
||||
typedef int ssize_t;
|
||||
#define SSIZE_MAX INT_MAX
|
||||
# define HAVE_SSIZE_T
|
||||
#endif /* HAVE_SSIZE_T */
|
||||
|
||||
|
@ -805,10 +835,6 @@ struct winsize {
|
|||
# define getgroups(a,b) ((a)==0 && (b)==NULL ? NGROUPS_MAX : getgroups((a),(b)))
|
||||
#endif
|
||||
|
||||
#if defined(HAVE_MMAP) && defined(BROKEN_MMAP)
|
||||
# undef HAVE_MMAP
|
||||
#endif
|
||||
|
||||
#ifndef IOV_MAX
|
||||
# if defined(_XOPEN_IOV_MAX)
|
||||
# define IOV_MAX _XOPEN_IOV_MAX
|
||||
|
@ -834,9 +860,10 @@ struct winsize {
|
|||
/*
|
||||
* We want functions in openbsd-compat, if enabled, to override system ones.
|
||||
* We no-op out the weak symbol definition rather than remove it to reduce
|
||||
* future sync problems.
|
||||
* future sync problems. Some compilers (eg Unixware) do not allow an
|
||||
* empty statement, so we use a bogus function declaration.
|
||||
*/
|
||||
#define DEF_WEAK(x)
|
||||
#define DEF_WEAK(x) void __ssh_compat_weak_##x(void)
|
||||
|
||||
/*
|
||||
* Platforms that have arc4random_uniform() and not arc4random_stir()
|
||||
|
@ -873,4 +900,11 @@ struct winsize {
|
|||
# define USE_SYSTEM_GLOB
|
||||
#endif
|
||||
|
||||
/*
|
||||
* sntrup761 uses variable length arrays and c99-style declarations after code,
|
||||
* so only enable if the compiler supports them.
|
||||
*/
|
||||
#if defined(VARIABLE_LENGTH_ARRAYS) && defined(VARIABLE_DECLARATION_AFTER_CODE)
|
||||
# define USE_SNTRUP761X25519 1
|
||||
#endif
|
||||
#endif /* _DEFINES_H */
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue