system/freebsd-src
system/freebsd-src
1
0
Fork 0
mirror of https://github.com/freebsd/freebsd-src synced 2024-07-21 10:19:04 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Vendor import of OpenSSH-portable 3.6.1p1.

Browse source
This commit is contained in:
Dag-Erling Smørgrav 2003-04-23 16:53:02 +00:00
parent 4b17dab0ba
commit d0c8c0bcc2
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/vendor-crypto/openssh/dist/; revision=113908
135 changed files with 4205 additions and 1769 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

542
crypto/openssh/ChangeLog
View file

@ -1,3 +1,541 @@
20030401
- (djm) OpenBSD CVS Sync
- jmc@cvs.openbsd.org 2003/03/28 10:11:43
[scp.1 sftp.1 ssh.1 ssh-add.1 ssh-agent.1 ssh_config.5 sshd_config.5]
[ssh-keygen.1 ssh-keyscan.1 ssh-keysign.8]
- killed whitespace
- new sentence new line
- .Bk for arguments
ok markus@
- markus@cvs.openbsd.org 2003/04/01 10:10:23
[clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c]
[readconf.h serverloop.c sshconnect2.c]
rekeying bugfixes and automatic rekeying:
* both client and server rekey _automatically_
(a) after 2^31 packets, because after 2^32 packets
the sequence number for packets wraps
(b) after 2^(blocksize_in_bits/4) blocks
(see: draft-ietf-secsh-newmodes-00.txt)
(a) and (b) are _enabled_ by default, and only disabled for known
openssh versions, that don't support rekeying properly.
* client option 'RekeyLimit'
* do not reply to requests during rekeying
- markus@cvs.openbsd.org 2003/04/01 10:22:21
[clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c]
[readconf.h serverloop.c sshconnect2.c]
backout rekeying changes (for 3.6.1)
- markus@cvs.openbsd.org 2003/04/01 10:31:26
[compat.c compat.h kex.c]
bugfix causes stalled connections for ssh.com < 3.0; noticed by ho@;
tested by ho@ and myself
- markus@cvs.openbsd.org 2003/04/01 10:56:46
[version.h]
3.6.1
- (djm) Crank spec file versions
- (djm) Release 3.6.1p1
20030326
- (djm) OpenBSD CVS Sync
- deraadt@cvs.openbsd.org 2003/03/26 04:02:51
[sftp-server.c]
one last fix to the tree: race fix broke stuff; pr 3169;
srp@srparish.net, help from djm
20030325
- (djm) Fix getpeerid support for 64 bit BE systems. From
Arnd Bergmann <arndb@de.ibm.com>
20030324
- (djm) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2003/03/23 19:02:00
[monitor.c]
unbreak rekeying for privsep; ok millert@
- Release 3.6p1
- Fix sshd BindAddress and -b options for systems using fake-getaddrinfo.
Report from murple@murple.net, diagnosis from dtucker@zip.com.au
20030320
- (djm) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2003/03/17 10:38:38
[progressmeter.c]
don't print \n if backgrounded; from ho@
- markus@cvs.openbsd.org 2003/03/17 11:43:47
[version.h]
enter 3.6
- (bal) The days of lack of int64_t support are over. Sorry kids.
- (bal) scp.c 'limit' conflicts with Cray. Rename to 'limitbw'
- (bal) Collection of Cray patches (bsd-cray.h fix for CRAYT3E and improved
guessing rules)
- (bal) Disable Privsep for Tru64 after pre-authentication due to issues
with SIA. Also, clean up of tru64 support patch by Chris Adams
<cmadams@hiwaay.net>
- (tim) [contrib/caldera/openssh.spec] workaround RPM quirk. Fix %files
20030318
- (tim) [configure.ac openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h]
add nanosleep(). testing/corrections by Darren Tucker <dtucker@zip.com.au>
20030317
- (djm) Fix return value checks for RAND_bytes. Report from
Steve G <linux_4ever@yahoo.com>
20030315
- (djm) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2003/03/13 11:42:19
[authfile.c ssh-keysign.c]
move RSA_blinding_on to generic key load method
- markus@cvs.openbsd.org 2003/03/13 11:44:50
[ssh-agent.c]
ssh-agent is similar to ssh-keysign (allows other processes to use
private rsa keys). however, it gets key over socket and not from
a file, so we have to do blinding here as well.
20030310
- (djm) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2003/03/05 22:33:43
[channels.c monitor.c scp.c session.c sftp-client.c sftp-int.c]
[sftp-server.c ssh-add.c sshconnect2.c]
fix memory leaks; from dlheine@suif.Stanford.EDU/CLOUSEAU; ok djm@
- (djm) One more portable-specific one from dlheine@suif.Stanford.EDU/
CLOUSEAU
- (djm) Bug #245: TTY problems on Solaris. Fix by stevesk@ and
dtucker@zip.com.au
- (djm) AIX package builder update from dtucker@zip.com.au
20030225
- (djm) Fix some compile errors spotted by dtucker and his fabulous
tinderbox
20030224
- (djm) Tweak gnome-ssh-askpass2:
- Retry kb and mouse grab a couple of times, so passphrase dialog doesn't
immediately fail if you are doing something else when it appears (e.g.
dragging a window)
- Perform server grab after we have the keyboard and/or pointer to avoid
races.
- (djm) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2003/01/27 17:06:31
[sshd.c]
more specific error message when /var/empty has wrong permissions;
bug #46, map@appgate.com; ok henning@, provos@, stevesk@
- markus@cvs.openbsd.org 2003/01/28 16:11:52
[scp.1]
document -l; pekkas@netcore.fi
- stevesk@cvs.openbsd.org 2003/01/28 17:24:51
[scp.1]
remove example not pertinent with -1 addition; ok markus@
- jmc@cvs.openbsd.org 2003/01/31 21:54:40
[sshd.8]
typos; sshd(8): help and ok markus@
help and ok millert@
- markus@cvs.openbsd.org 2003/02/02 10:51:13
[scp.c]
call okname() only when using system(3) for remote-remote copy;
fixes bugs #483, #472; ok deraadt@, mouring@
- markus@cvs.openbsd.org 2003/02/02 10:56:08
[kex.c]
add support for key exchange guesses; based on work by
avraham.fraenkel@commatch.com; fixes bug #148; ok deraadt@
- markus@cvs.openbsd.org 2003/02/03 08:56:16
[sshpty.c]
don't call error() for readonly /dev; from soekris list; ok mcbride,
henning, deraadt.
- markus@cvs.openbsd.org 2003/02/04 09:32:08
[key.c]
better debug3 message
- markus@cvs.openbsd.org 2003/02/04 09:33:22
[monitor.c monitor_wrap.c]
skey/bsdauth: use 0 to indicate failure instead of -1, because
the buffer API only supports unsigned ints.
- markus@cvs.openbsd.org 2003/02/05 09:02:28
[readconf.c]
simplify ProxyCommand parsing, remove strcat/xrealloc; ok henning@, djm@
- markus@cvs.openbsd.org 2003/02/06 09:26:23
[session.c]
missing call to setproctitle() after authentication; ok provos@
- markus@cvs.openbsd.org 2003/02/06 09:27:29
[ssh.c ssh_config.5]
support 'ProxyCommand none'; bugzilla #433; binder@arago.de; ok djm@
- markus@cvs.openbsd.org 2003/02/06 09:29:18
[sftp-server.c]
fix races in rename/symlink; from Tony Finch; ok djm@
- markus@cvs.openbsd.org 2003/02/06 21:22:43
[auth1.c auth2.c]
undo broken fix for #387, fixes #486
- markus@cvs.openbsd.org 2003/02/10 11:51:47
[ssh-add.1]
xref sshd_config.5 (not sshd.8); mark@summersault.com; bug #490
- markus@cvs.openbsd.org 2003/02/12 09:33:04
[key.c key.h ssh-dss.c ssh-rsa.c]
merge ssh-dss.h ssh-rsa.h into key.h; ok deraadt@
- markus@cvs.openbsd.org 2003/02/12 21:39:50
[crc32.c crc32.h]
replace crc32.c with a BSD licensed version; noted by David Turner
- markus@cvs.openbsd.org 2003/02/16 17:09:57
[kex.c kexdh.c kexgex.c kex.h sshconnect2.c sshd.c ssh-keyscan.c]
split kex into client and server code, no need to link
server code into the client; ok provos@
- markus@cvs.openbsd.org 2003/02/16 17:30:33
[monitor.c monitor_wrap.c]
fix permitrootlogin forced-commands-only for privsep; bux #387;
ok provos@
- markus@cvs.openbsd.org 2003/02/21 09:05:53
[servconf.c]
print sshd_config filename in debug2 mode.
- mpech@cvs.openbsd.org 2003/02/21 10:34:48
[auth-krb4.c]
...sizeof(&adat.session) is not good here.
henning@, deraadt@, millert@
- (djm) Add new object files to Makefile and reorder
- (djm) Bug #501: gai_strerror should return char*;
fix from dtucker@zip.com.au
- (djm) Most of Bug #499: Cygwin compile fixes for new progressmeter;
From vinschen@redhat.com
- (djm) Rest of Bug #499: Import a basename() function from OpenBSD libc
- (djm) Bug #494: Allow multiple accounts on Windows 9x/Me;
From vinschen@redhat.com
- (djm) Bug #456: Support for NEC SX6 with Unicos; from wendyp@cray.com
20030211
- (djm) Cygwin needs libcrypt too. Patch from vinschen@redhat.com
20030206
- (djm) Teach fake-getaddrinfo to use getservbyname() when provided a
string service name. Suggested by markus@, review by itojun@
20030131
- (bal) AIX 4.2.1 lacks nanosleep(). Patch to use nsleep() provided by
dtucker@zip.com.au
20030130
- (djm) Unbreak root password auth. Spotted by dtucker@zip.com.au
200301028
- (djm) Search libposix4 and librt for nanosleep. From dtucker@zip.com.au
and openssh-unix-dev@thewrittenword.com
200301027
- (bal) Bugzilla 477 patch by wendyp@cray.com. Define TIOCGPGRP for
cray. Also removed test for tcgetpgrp in configure.ac since it
is no longer used.
20030124
- (djm) OpenBSD CVS Sync
- jmc@cvs.openbsd.org 2003/01/23 08:58:47
[sshd_config.5]
typos; ok millert@
- markus@cvs.openbsd.org 2003/01/23 13:50:27
[authfd.c authfd.h readpass.c ssh-add.1 ssh-add.c ssh-agent.c]
ssh-add -c, prompt user for confirmation (using ssh-askpass) when
private agent key is used; with djm@; test by dugsong@, djm@;
ok deraadt@
- markus@cvs.openbsd.org 2003/01/23 14:01:53
[scp.c]
bandwidth limitation patch (scp -l) from niels@; ok todd@, deraadt@
- markus@cvs.openbsd.org 2003/01/23 14:06:15
[scp.1 scp.c]
scp -12; Sam Smith and others; ok provos@, deraadt@
- (djm) Add TIMEVAL_TO_TIMESPEC macros
20030123
- (djm) OpenBSD CVS Sync
- djm@cvs.openbsd.org 2003/01/23 00:03:00
[auth1.c]
Don't log TIS auth response; "get rid of it" - markus@
20030122
- (djm) OpenBSD CVS Sync
- marc@cvs.openbsd.org 2003/01/21 18:14:36
[ssh-agent.1 ssh-agent.c]
Add a -t life option to ssh-agent that set the default lifetime.
The default can still be overriden by using -t in ssh-add.
OK markus@
- (djm) Reorganise PAM & SIA password handling to eliminate some common code
- (djm) Sync regress with OpenBSD -current
20030120
- (djm) Fix compilation for NetBSD from dtucker@zip.com.au
- (tim) [progressmeter.c] make compilers without long long happy.
- (tim) [configure.ac] Add -belf to build ELF binaries on OpenServer 5 when
using cc. (gcc already did)
20030118
- (djm) Revert fix for Bug #442 for now.
20030117
- (djm) Bug #470: Detect strnvis, not strvis in configure.
From d_wllms@lanl.gov
20030116
- (djm) OpenBSD CVS Sync
- djm@cvs.openbsd.org 2003/01/16 03:41:55
[sftp-int.c]
explicitly use first glob result
20030114
- (djm) OpenBSD CVS Sync
- fgsch@cvs.openbsd.org 2003/01/10 23:23:24
[sftp-int.c]
typo; from Nils Nordman <nino at nforced dot com>.
- markus@cvs.openbsd.org 2003/01/11 18:29:43
[log.c]
set fatal_cleanups to NULL in fatal_remove_all_cleanups();
dtucker@zip.com.au
- markus@cvs.openbsd.org 2003/01/12 16:57:02
[progressmeter.c]
allow WARNINGS=yes; ok djm@
- djm@cvs.openbsd.org 2003/01/13 11:04:04
[sftp-int.c]
make cmds[] array static to avoid conflict with BSDI libc.
mindrot bug #466. Fix from mdev@idg.nl; ok markus@
- djm@cvs.openbsd.org 2003/01/14 10:58:00
[sftp-client.c sftp-int.c]
Don't try to upload or download non-regular files. Report from
apoloval@pantuflo.escet.urjc.es; ok markus@
20030113
- (djm) Rework openbsd-compat/setproctitle.c a bit: move emulation type
detection to configure.ac. Prompted by stevesk@
- (djm) Bug #467: Add a --disable-strip option to turn off stripping of
installed binaries. From mdev@idg.nl
20030110
- (djm) Enable new setproctitle emulation for Linux, AIX and HP/UX. More
systems may be added later.
- (djm) OpenBSD CVS Sync
- djm@cvs.openbsd.org 2003/01/08 23:53:26
[sftp.1 sftp.c sftp-int.c sftp-int.h]
Cleanup error handling for batchmode
Allow blank lines and comments in input
Ability to suppress abort on error in batchmode ("-put blah")
Fixes mindrot bug #452; markus@ ok
- fgsch@cvs.openbsd.org 2003/01/10 08:19:07
[scp.c sftp.1 sftp.c sftp-client.c sftp-int.c progressmeter.c]
[progressmeter.h]
sftp progress meter support.
original diffs by Nils Nordman <nino at nforced dot com> via
markus@, merged to -current by me, djm@ ok.
- djm@cvs.openbsd.org 2003/01/10 08:48:15
[sftp-client.c]
Simplify and avoid redundancy in packet send and receive
functions; ok fgs@
- djm@cvs.openbsd.org 2003/01/10 10:29:35
[scp.c]
Don't ftruncate after write error, creating sparse files of
incorrect length
mindrot bug #403, reported by rusr@cup.hp.com; ok markus@
- djm@cvs.openbsd.org 2003/01/10 10:32:54
[channels.c]
hush socket() errors, except last. Fixes mindrot bug #408; ok markus@
20030108
- (djm) Sync openbsd-compat/ with OpenBSD -current
- (djm) Avoid redundant xstrdup/xfree in auth2-pam.c. From Solar via markus@
- (djm) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2003/01/01 18:08:52
[channels.c]
move big output buffer messages to debug2
- djm@cvs.openbsd.org 2003/01/06 23:51:22
[sftp-client.c]
Fix "get -p" download to not add user-write perm. mindrot bug #426
reported by gfernandez@livevault.com; ok markus@
- fgsch@cvs.openbsd.org 2003/01/07 23:42:54
[sftp.1]
add version; from Nils Nordman <nino at nforced dot com> via markus@.
markus@ ok
- (djm) Update README to reflect AIX's status as a well supported platform.
From dtucker@zip.com.au
- (tim) [Makefile.in configure.ac] replace fixpath with sed script. Patch
by Mo DeJong.
- (tim) [auth.c] declare today at top of allowed_user() to keep
older compilers happy.
- (tim) [scp.c] make compilers without long long happy.
20030107
- (djm) Bug #401: Work around Linux breakage with IPv6 mapped addresses.
Based on fix from yoshfuji@linux-ipv6.org
- (djm) Bug #442: Check for and deny access to accounts with locked
passwords. Patch from dtucker@zip.com.au
- (djm) Bug #44: Use local mkstemp() rather than glibc's silly one. Fixes
Can't pass KRB4 TGT passing. Fix from: jan.iven@cern.ch
- (djm) Fix Bug #442 for PAM case
- (djm) Bug #110: bogus error messages in lastlog_get_entry(). Fix based
on one by peak@argo.troja.mff.cuni.cz
- (djm) Bug #111: Run syslog and stderr logging through strnvis to eliminate
nasties. Report from peak@argo.troja.mff.cuni.cz
- (djm) Bug #178: On AIX /etc/nologin wasnt't shown to users. Fix from
Ralf.Wenk@fh-karlsruhe.de and dtucker@zip.com.au
- (djm) Fix my fix of the fix for the Bug #442 for PAM case. Spotted by
dtucker@zip.com.au. Reorder for clarity too.
20030103
- (djm) Bug #461: ssh-copy-id fails with no arguments. Patch from
cjwatson@debian.org
- (djm) Bug #460: Filling utmp[x]->ut_addr_v6 if present. Patch from
cjwatson@debian.org
- (djm) Bug #446: Set LOGIN env var to pw_name on AIX. Patch from
mii@ornl.gov
20030101
- (stevesk) [session.c sshlogin.c sshlogin.h] complete portable
parts of pass addrlen with sockaddr * fix.
from Hajimu UMEMOTO <ume@FreeBSD.org>
20021222
- (bal) OpenBSD CVS Sync
- fgsch@cvs.openbsd.org 2002/11/15 10:03:09
[authfile.c]
lseek(2) may return -1 when getting the public/private key lenght.
Simplify the code and check for errors using fstat(2).
Problem reported by Mauricio Sanchez, markus@ ok.
- markus@cvs.openbsd.org 2002/11/18 16:43:44
[clientloop.c]
don't overwrite SIG{INT,QUIT,TERM} handler if set to SIG_IGN;
e.g. if ssh is used for backup; report Joerg Schilling; ok millert@
- markus@cvs.openbsd.org 2002/11/21 22:22:50
[dh.c]
debug->debug2
- markus@cvs.openbsd.org 2002/11/21 22:45:31
[cipher.c kex.c packet.c sshconnect.c sshconnect2.c]
debug->debug2, unify debug messages
- deraadt@cvs.openbsd.org 2002/11/21 23:03:51
[auth-krb5.c auth1.c hostfile.h monitor_wrap.c sftp-client.c sftp-int.c ssh-add.c ssh-rsa.c
sshconnect.c]
KNF
- markus@cvs.openbsd.org 2002/11/21 23:04:33
[ssh.c]
debug->debug2
- stevesk@cvs.openbsd.org 2002/11/24 21:46:24
[ssh-keysign.8]
typo: "the the"
- wcobb@cvs.openbsd.org 2002/11/26 00:45:03
[scp.c ssh-keygen.c]
Remove unnecessary fflush(stderr) calls, stderr is unbuffered by default.
ok markus@
- stevesk@cvs.openbsd.org 2002/11/26 02:35:30
[ssh-keygen.1]
remove outdated statement; ok markus@ deraadt@
- stevesk@cvs.openbsd.org 2002/11/26 02:38:54
[canohost.c]
KNF, comment and error message repair; ok markus@
- markus@cvs.openbsd.org 2002/11/27 17:53:35
[scp.c sftp.c ssh.c]
allow usernames with embedded '@', e.g. scp user@vhost@realhost:file /tmp;
http://bugzilla.mindrot.org/show_bug.cgi?id=447; ok mouring@, millert@
- stevesk@cvs.openbsd.org 2002/12/04 04:36:47
[session.c]
remove xauth entries before add; PR 2994 from janjaap@stack.nl.
ok markus@
- markus@cvs.openbsd.org 2002/12/05 11:08:35
[scp.c]
use roundup() similar to rcp/util.c and avoid problems with strange
filesystem block sizes, noted by tjr@freebsd.org; ok djm@
- djm@cvs.openbsd.org 2002/12/06 05:20:02
[sftp.1]
Fix cut'n'paste error, spotted by matthias.riese@b-novative.de; ok deraadt@
- millert@cvs.openbsd.org 2002/12/09 16:50:30
[ssh.c]
Avoid setting optind to 0 as GNU getopt treats that like we do optreset.
markus@ OK
- markus@cvs.openbsd.org 2002/12/10 08:56:00
[session.c]
Make sure $SHELL points to the shell from the password file, even if shell
is overridden from login.conf; bug#453; semen at online.sinor.ru; ok millert@
- markus@cvs.openbsd.org 2002/12/10 19:26:50
[packet.c]
move tos handling to packet_set_tos; ok provos/henning/deraadt
- markus@cvs.openbsd.org 2002/12/10 19:47:14
[packet.c]
static
- markus@cvs.openbsd.org 2002/12/13 10:03:15
[channels.c misc.c sshconnect2.c]
cleanup debug messages, more useful information for the client user.
- markus@cvs.openbsd.org 2002/12/13 15:20:52
[scp.c]
1) include stalling time in total time
2) truncate filenames to 45 instead of 20 characters
3) print rate instead of progress bar, no more stars
4) scale output to tty width
based on a patch from Niels; ok fries@ lebel@ fgs@ millert@
- (bal) [msg.c msg.h scp.c ssh-keysign.c sshconnect2.c] Resync CVS IDs since
we already did s/msg_send/ssh_msg_send/
20021205
- (djm) PERL-free fixpaths from stuge-openssh-unix-dev@cdy.org
20021122
- (tim) [configure.ac] fix STDPATH test for IRIX. First reported by
advax@triumf.ca. This type of solution tested by <herb@sgi.com>
20021113
- (tim) [configure.ac] remove unused variables no_libsocket and no_libnsl
20021111
- (tim) [contrib/solaris/opensshd.in] add umask 022 so sshd.pid is
not world writable.
20021109
- (bal) OpenBSD CVS Sync
- itojun@cvs.openbsd.org 2002/10/16 14:31:48
[sftp-common.c]
64bit pedant. %llu is "unsigned long long". markus ok
- markus@cvs.openbsd.org 2002/10/23 10:32:13
[packet.c]
use %u for u_int
- markus@cvs.openbsd.org 2002/10/23 10:40:16
[bufaux.c]
%u for u_int
- markus@cvs.openbsd.org 2002/11/04 10:07:53
[auth.c]
don't compare against pw_home if realpath fails for pw_home (seen
on AFS); ok djm@
- markus@cvs.openbsd.org 2002/11/04 10:09:51
[packet.c]
log before send disconnect; ok djm@
- markus@cvs.openbsd.org 2002/11/05 19:45:20
[monitor.c]
handle overflows for size_t larger than u_int; siw@goneko.de, bug #425
- markus@cvs.openbsd.org 2002/11/05 20:10:37
[sftp-client.c]
typo; GaryF@livevault.com
- markus@cvs.openbsd.org 2002/11/07 16:28:47
[sshd.c]
log to stderr if -ie is given, bug #414, prj@po.cwru.edu
- markus@cvs.openbsd.org 2002/11/07 22:08:07
[readconf.c readconf.h ssh-keysign.8 ssh-keysign.c]
we cannot use HostbasedAuthentication for enabling ssh-keysign(8),
because HostbasedAuthentication might be enabled based on the
target host and ssh-keysign(8) does not know the remote hostname
and not trust ssh(1) about the hostname, so we add a new option
EnableSSHKeysign; ok djm@, report from zierke@informatik.uni-hamburg.de
- markus@cvs.openbsd.org 2002/11/07 22:35:38
[scp.c]
check exit status from ssh, and exit(1) if ssh fails; bug#369;
binder@arago.de
- (bal) Update ssh-host-config and minor rewrite of bsd-cygwin_util.c
ntsec now default if cygwin version beginning w/ version 56. Patch
by Corinna Vinschen <vinschen@redhat.com>
- (bal) AIX does not log login attempts for unknown users (bug #432).
patch by dtucker@zip.com.au
20021021
- (djm) Bug #400: Kill ssh-rand-helper children on timeout, patch from
dtucker@zip.com.au
- (djm) Bug #317: FreeBSD needs libutil.h for openpty() Report from
dirk.meyer@dinoex.sub.org
20021015
- (bal) Fix bug id 383 and only call loginrestrict for AIX if not root.
- (bal) More advanced strsep test by Darren Tucker <dtucker@zip.com.au>
20021015
- (tim) [contrib/caldera/openssh.spec] make ssh-agent setgid nobody
20021004
- (bal) Disable post-authentication Privsep for OSF/1. It conflicts with
SIA.
20021003
- (djm) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2002/10/01 20:34:12
@ -7,7 +545,7 @@
[version.h]
OpenSSH 3.5
- (djm) Bump RPM spec version numbers
- (djm) Bug #406 s/msg_send/ssh_msh_send/ for Mac OS X 1.2
- (djm) Bug #406: s/msg_send/ssh_msg_send/ for Mac OS X 1.2
20020930
- (djm) Tidy contrib/, add Makefile for GNOME passphrase dialogs,
@ -757,4 +1295,4 @@
save auth method before monitor_reset_key_state(); bugzilla bug #284;
ok provos@
$Id: ChangeLog,v 1.2491.2.1 2002/10/03 05:45:53 djm Exp $
$Id: ChangeLog,v 1.2648 2003/04/01 11:47:16 djm Exp $

97
crypto/openssh/Makefile.in
View file

@ -1,4 +1,4 @@
# $Id: Makefile.in,v 1.222 2002/07/14 17:02:21 tim Exp $
# $Id: Makefile.in,v 1.228 2003/03/21 00:34:34 mouring Exp $
# uncomment if you run a non bourne compatable shell. Ie. csh
#SHELL = @SH@
@ -27,6 +27,7 @@ SSH_KEYSIGN=$(libexecdir)/ssh-keysign
RAND_HELPER=$(libexecdir)/ssh-rand-helper
PRIVSEP_PATH=@PRIVSEP_PATH@
SSH_PRIVSEP_USER=@SSH_PRIVSEP_USER@
STRIP_OPT=@STRIP_OPT@
PATHS= -DSSHDIR=\"$(sysconfdir)\" \
-D_PATH_SSH_PROGRAM=\"$(SSH_PROGRAM)\" \
@ -48,6 +49,7 @@ AR=@AR@
RANLIB=@RANLIB@
INSTALL=@INSTALL@
PERL=@PERL@
SED=@SED@
ENT=@ENT@
XAUTH_PATH=@XAUTH_PATH@
LDFLAGS=-L. -Lopenbsd-compat/ @LDFLAGS@
@ -56,15 +58,30 @@ EXEEXT=@EXEEXT@
INSTALL_SSH_PRNG_CMDS=@INSTALL_SSH_PRNG_CMDS@
INSTALL_SSH_RAND_HELPER=@INSTALL_SSH_RAND_HELPER@
@NO_SFTP@SFTP_PROGS=sftp-server$(EXEEXT) sftp$(EXEEXT)
TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-agent$(EXEEXT) scp$(EXEEXT) ssh-rand-helper${EXEEXT} sftp-server$(EXEEXT) sftp$(EXEEXT)
TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-agent$(EXEEXT) scp$(EXEEXT) ssh-rand-helper${EXEEXT} $(SFTP_PROGS)
LIBSSH_OBJS=authfd.o authfile.o bufaux.o buffer.o canohost.o channels.o \
cipher.o compat.o compress.o crc32.o deattack.o fatal.o \
hostfile.o log.o match.o mpaux.o nchan.o packet.o readpass.o \
rsa.o tildexpand.o ttymodes.o xmalloc.o atomicio.o \
key.o dispatch.o kex.o mac.o uuencode.o misc.o \
rijndael.o ssh-dss.o ssh-rsa.o dh.o kexdh.o kexgex.o \
kexdhc.o kexgexc.o scard.o msg.o progressmeter.o \
entropy.o
LIBSSH_OBJS=atomicio.o authfd.o authfile.o bufaux.o buffer.o canohost.o channels.o cipher.o compat.o compress.o crc32.o deattack.o dh.o dispatch.o fatal.o mac.o msg.o hostfile.o key.o kex.o kexdh.o kexgex.o log.o match.o misc.o mpaux.o nchan.o packet.o radix.o rijndael.o entropy.o readpass.o rsa.o scard.o scard-opensc.o ssh-dss.o ssh-rsa.o tildexpand.o ttymodes.o uidswap.o uuencode.o xmalloc.o monitor_wrap.o monitor_fdpass.o
SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \
sshconnect.o sshconnect1.o sshconnect2.o
SSHOBJS= ssh.o sshconnect.o sshconnect1.o sshconnect2.o sshtty.o readconf.o clientloop.o
SSHDOBJS= sshd.o auth.o auth1.o auth2.o auth2-hostbased.o auth2-kbdint.o auth2-none.o auth2-passwd.o auth2-pubkey.o auth-chall.o auth2-chall.o auth-rhosts.o auth-options.o auth-krb4.o auth-krb5.o auth-pam.o auth2-pam.o auth-passwd.o auth-rsa.o auth-rh-rsa.o auth-sia.o sshpty.o sshlogin.o loginrec.o servconf.o serverloop.o md5crypt.o session.o groupaccess.o auth-skey.o auth-bsdauth.o monitor_mm.o monitor.o
SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \
sshpty.o sshlogin.o servconf.o serverloop.o uidswap.o \
auth.o auth1.o auth2.o auth-options.o session.o \
auth-chall.o auth2-chall.o groupaccess.o \
auth-skey.o auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o \
auth2-none.o auth2-passwd.o auth2-pubkey.o \
monitor_mm.o monitor.o monitor_wrap.o monitor_fdpass.o \
kexdhs.o kexgexs.o \
auth-krb5.o auth-krb4.o \
loginrec.o auth-pam.o auth2-pam.o auth-sia.o md5crypt.o
MANPAGES = scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-rand-helper.8.out ssh-keysign.8.out sshd_config.5.out ssh_config.5.out
MANPAGES_IN = scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-rand-helper.8 ssh-keysign.8 sshd_config.5 ssh_config.5
@ -74,23 +91,23 @@ CONFIGFILES=sshd_config.out ssh_config.out moduli.out
CONFIGFILES_IN=sshd_config ssh_config moduli
PATHSUBS = \
-D/etc/ssh/ssh_prng_cmds=$(sysconfdir)/ssh_prng_cmds \
-D/etc/ssh/ssh_config=$(sysconfdir)/ssh_config \
-D/etc/ssh/ssh_known_hosts=$(sysconfdir)/ssh_known_hosts \
-D/etc/ssh/sshd_config=$(sysconfdir)/sshd_config \
-D/usr/libexec=$(libexecdir) \
-D/etc/shosts.equiv=$(sysconfdir)/shosts.equiv \
-D/etc/ssh/ssh_host_key=$(sysconfdir)/ssh_host_key \
-D/etc/ssh/ssh_host_dsa_key=$(sysconfdir)/ssh_host_dsa_key \
-D/etc/ssh/ssh_host_rsa_key=$(sysconfdir)/ssh_host_rsa_key \
-D/var/run/sshd.pid=$(piddir)/sshd.pid \
-D/etc/ssh/moduli=$(sysconfdir)/moduli \
-D/etc/ssh/sshrc=$(sysconfdir)/sshrc \
-D/usr/X11R6/bin/xauth=$(XAUTH_PATH) \
-D/var/empty=$(PRIVSEP_PATH) \
-D/usr/bin:/bin:/usr/sbin:/sbin=@user_path@
-e 's|/etc/ssh/ssh_prng_cmds|$(sysconfdir)/ssh_prng_cmds|g' \
-e 's|/etc/ssh/ssh_config|$(sysconfdir)/ssh_config|g' \
-e 's|/etc/ssh/ssh_known_hosts|$(sysconfdir)/ssh_known_hosts|g' \
-e 's|/etc/ssh/sshd_config|$(sysconfdir)/sshd_config|g' \
-e 's|/usr/libexec|$(libexecdir)|g' \
-e 's|/etc/shosts.equiv|$(sysconfdir)/shosts.equiv|g' \
-e 's|/etc/ssh/ssh_host_key|$(sysconfdir)/ssh_host_key|g' \
-e 's|/etc/ssh/ssh_host_dsa_key|$(sysconfdir)/ssh_host_dsa_key|g' \
-e 's|/etc/ssh/ssh_host_rsa_key|$(sysconfdir)/ssh_host_rsa_key|g' \
-e 's|/var/run/sshd.pid|$(piddir)/sshd.pid|g' \
-e 's|/etc/ssh/moduli|$(sysconfdir)/moduli|g' \
-e 's|/etc/sshrc|$(sysconfdir)/sshrc|g' \
-e 's|/usr/X11R6/bin/xauth|$(XAUTH_PATH)|g' \
-e 's|/var/empty|$(PRIVSEP_PATH)|g' \
-e 's|/usr/bin:/bin:/usr/sbin:/sbin|@user_path@|g'
FIXPATHSCMD = $(PERL) $(srcdir)/fixpaths $(PATHSUBS)
FIXPATHSCMD = $(SED) $(PATHSUBS)
all: $(CONFIGFILES) $(MANPAGES) $(TARGETS)
@ -116,8 +133,8 @@ ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS)
sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS)
$(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBWRAP) $(LIBPAM) $(LIBS)
scp$(EXEEXT): $(LIBCOMPAT) libssh.a scp.o
$(LD) -o $@ scp.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
scp$(EXEEXT): $(LIBCOMPAT) libssh.a scp.o progressmeter.o
$(LD) -o $@ scp.o progressmeter.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
ssh-add$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-add.o
$(LD) -o $@ ssh-add.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
@ -137,8 +154,8 @@ ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o
sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-server.o
$(LD) -o $@ sftp-server.o sftp-common.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
sftp$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-client.o sftp-int.o sftp-common.o sftp-glob.o
$(LD) -o $@ sftp.o sftp-client.o sftp-common.o sftp-int.o sftp-glob.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
sftp$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-client.o sftp-int.o sftp-common.o sftp-glob.o progressmeter.o
$(LD) -o $@ progressmeter.o sftp.o sftp-client.o sftp-common.o sftp-int.o sftp-glob.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
ssh-rand-helper${EXEEXT}: $(LIBCOMPAT) libssh.a ssh-rand-helper.o
$(LD) -o $@ ssh-rand-helper.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
@ -217,19 +234,19 @@ install-files: scard-install
$(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)8
$(srcdir)/mkinstalldirs $(DESTDIR)$(libexecdir)
(umask 022 ; $(srcdir)/mkinstalldirs $(DESTDIR)$(PRIVSEP_PATH))
$(INSTALL) -m 0755 -s ssh $(DESTDIR)$(bindir)/ssh
$(INSTALL) -m 0755 -s scp $(DESTDIR)$(bindir)/scp
$(INSTALL) -m 0755 -s ssh-add $(DESTDIR)$(bindir)/ssh-add
$(INSTALL) -m 0755 -s ssh-agent $(DESTDIR)$(bindir)/ssh-agent
$(INSTALL) -m 0755 -s ssh-keygen $(DESTDIR)$(bindir)/ssh-keygen
$(INSTALL) -m 0755 -s ssh-keyscan $(DESTDIR)$(bindir)/ssh-keyscan
$(INSTALL) -m 0755 -s sshd $(DESTDIR)$(sbindir)/sshd
$(INSTALL) -m 0755 $(STRIP_OPT) ssh $(DESTDIR)$(bindir)/ssh
$(INSTALL) -m 0755 $(STRIP_OPT) scp $(DESTDIR)$(bindir)/scp
$(INSTALL) -m 0755 $(STRIP_OPT) ssh-add $(DESTDIR)$(bindir)/ssh-add
$(INSTALL) -m 0755 $(STRIP_OPT) ssh-agent $(DESTDIR)$(bindir)/ssh-agent
$(INSTALL) -m 0755 $(STRIP_OPT) ssh-keygen $(DESTDIR)$(bindir)/ssh-keygen
$(INSTALL) -m 0755 $(STRIP_OPT) ssh-keyscan $(DESTDIR)$(bindir)/ssh-keyscan
$(INSTALL) -m 0755 $(STRIP_OPT) sshd $(DESTDIR)$(sbindir)/sshd
if test ! -z "$(INSTALL_SSH_RAND_HELPER)" ; then \
$(INSTALL) -m 0755 -s ssh-rand-helper $(DESTDIR)$(libexecdir)/ssh-rand-helper ; \
$(INSTALL) -m 0755 $(STRIP_OPT) ssh-rand-helper $(DESTDIR)$(libexecdir)/ssh-rand-helper ; \
fi
$(INSTALL) -m 4711 -s ssh-keysign $(DESTDIR)$(SSH_KEYSIGN)
@NO_SFTP@$(INSTALL) -m 0755 -s sftp $(DESTDIR)$(bindir)/sftp
@NO_SFTP@$(INSTALL) -m 0755 -s sftp-server $(DESTDIR)$(SFTP_SERVER)
$(INSTALL) -m 4711 $(STRIP_OPT) ssh-keysign $(DESTDIR)$(SSH_KEYSIGN)
$(INSTALL) -m 0755 $(STRIP_OPT) sftp $(DESTDIR)$(bindir)/sftp
$(INSTALL) -m 0755 $(STRIP_OPT) sftp-server $(DESTDIR)$(SFTP_SERVER)
$(INSTALL) -m 644 ssh.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1
$(INSTALL) -m 644 scp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1
$(INSTALL) -m 644 ssh-add.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-add.1
@ -242,8 +259,8 @@ install-files: scard-install
if [ ! -z "$(INSTALL_SSH_RAND_HELPER)" ]; then \
$(INSTALL) -m 644 ssh-rand-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-rand-helper.8 ; \
fi
@NO_SFTP@$(INSTALL) -m 644 sftp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/sftp.1
@NO_SFTP@$(INSTALL) -m 644 sftp-server.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8
$(INSTALL) -m 644 sftp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/sftp.1
$(INSTALL) -m 644 sftp-server.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8
$(INSTALL) -m 644 ssh-keysign.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8
-rm -f $(DESTDIR)$(bindir)/slogin
ln -s ./ssh$(EXEEXT) $(DESTDIR)$(bindir)/slogin

6
crypto/openssh/README
View file

@ -15,8 +15,8 @@ and Dug Song. It has a homepage at http://www.openssh.com/
This port consists of the re-introduction of autoconf support, PAM
support (for Linux and Solaris), EGD[1]/PRNGD[2] support and replacements
for OpenBSD library functions that are (regrettably) absent from other
unices. This port has been best tested on Linux, Solaris, HP-UX, NetBSD
and Irix. Support for AIX, SCO, NeXT and other Unices is underway.
unices. This port has been best tested on Linux, Solaris, HP-UX, NetBSD,
Irix and AIX. Support for SCO, NeXT and other Unices is underway.
This version actively tracks changes in the OpenBSD CVS repository.
The PAM support is now more functional than the popular packages of
@ -63,4 +63,4 @@ References -
[6] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9
[7] http://www.openssh.com/faq.html
$Id: README,v 1.50 2001/12/24 03:17:21 djm Exp $
$Id: README,v 1.51 2003/01/08 12:28:40 djm Exp $

6
crypto/openssh/README.privsep
View file

@ -43,6 +43,10 @@ It does not function on HP-UX with a trusted system
configuration. PAMAuthenticationViaKbdInt does not function with
privsep.
On Compaq Tru64 Unix, only the pre-authentication part of privsep is
supported. Post-authentication privsep is disabled automatically (so
you won't see the additional process mentioned below).
Note that for a normal interactive login with a shell, enabling privsep
will require 1 additional process per login session.
@ -58,4 +62,4 @@ process 1005 is the sshd process listening for new connections.
process 6917 is the privileged monitor process, 6919 is the user owned
sshd process and 6921 is the shell process.
$Id: README.privsep,v 1.10 2002/06/26 00:43:57 stevesk Exp $
$Id: README.privsep,v 1.11 2003/03/21 01:18:09 mouring Exp $

5
crypto/openssh/TODO
View file

@ -13,7 +13,7 @@ Programming:
- Write a test program that calls stat() to search for EGD/PRNGd socket
rather than use the (non-portable) "test -S".
- Replacement for setproctitle() - HP-UX support only currently
- More platforms for for setproctitle() emulation (testing needed)
- Handle changing passwords for the non-PAM expired password case
@ -101,6 +101,7 @@ Clean up configure/makefiles:
(vinschen@redhat.com)
- Replace the whole u_intXX_t evilness in acconfig.h with something better???
- Do it in configure.ac
- Consider splitting the u_intXX_t test for sys/bitype.h into seperate test
to allow people to (right/wrongfully) link against Bind directly.
@ -133,4 +134,4 @@ PrivSep Issues:
- Cygwin
+ Privsep for Pre-auth only (no fd passing)
$Id: TODO,v 1.51 2002/09/05 06:32:03 djm Exp $
$Id: TODO,v 1.53 2003/01/12 23:00:34 djm Exp $

15
crypto/openssh/acconfig.h
View file

@ -1,4 +1,4 @@
/* $Id: acconfig.h,v 1.145 2002/09/26 00:38:48 tim Exp $ */
/* $Id: acconfig.h,v 1.149 2003/03/10 00:38:10 djm Exp $ */
#ifndef _CONFIG_H
#define _CONFIG_H
@ -364,6 +364,19 @@
/* Define if your platform needs to skip post auth file descriptor passing */
#undef DISABLE_FD_PASSING
/* Silly mkstemp() */
#undef HAVE_STRICT_MKSTEMP
/* Setproctitle emulation */
#undef SETPROCTITLE_STRATEGY
#undef SETPROCTITLE_PS_PADDING
/* Some systems put this outside of libc */
#undef HAVE_NANOSLEEP
/* Pushing STREAMS modules incorrectly acquires a controlling TTY */
#undef STREAMS_PUSH_ACQUIRES_CTTY
@BOTTOM@
/* ******************* Shouldn't need to edit below this line ************** */

4
crypto/openssh/auth-krb4.c
View file

@ -23,7 +23,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: auth-krb4.c,v 1.28 2002/09/26 11:38:43 markus Exp $");
RCSID("$OpenBSD: auth-krb4.c,v 1.29 2003/02/21 10:34:48 mpech Exp $");
#include "ssh.h"
#include "ssh1.h"
@ -271,7 +271,7 @@ auth_krb4(Authctxt *authctxt, KTEXT auth, char **client, KTEXT reply)
reply->length = r;
/* Clear session key. */
memset(&adat.session, 0, sizeof(&adat.session));
memset(&adat.session, 0, sizeof(adat.session));
return (1);
}
#endif /* KRB4 */

4
crypto/openssh/auth-krb5.c
View file

@ -28,7 +28,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: auth-krb5.c,v 1.9 2002/09/09 06:48:06 itojun Exp $");
RCSID("$OpenBSD: auth-krb5.c,v 1.10 2002/11/21 23:03:51 deraadt Exp $");
#include "ssh.h"
#include "ssh1.h"
@ -107,7 +107,7 @@ auth_krb5(Authctxt *authctxt, krb5_data *auth, char **client, krb5_data *reply)
if (problem)
goto err;
problem = krb5_sname_to_principal(authctxt->krb5_ctx, NULL, NULL ,
problem = krb5_sname_to_principal(authctxt->krb5_ctx, NULL, NULL,
KRB5_NT_SRV_HST, &server);
if (problem)
goto err;

10
crypto/openssh/auth-pam.c
View file

@ -38,7 +38,7 @@ extern char *__progname;
extern int use_privsep;
RCSID("$Id: auth-pam.c,v 1.54 2002/07/28 20:24:08 stevesk Exp $");
RCSID("$Id: auth-pam.c,v 1.55 2003/01/22 04:42:26 djm Exp $");
#define NEW_AUTHTOK_MSG \
"Warning: Your password has expired, please change it now."
@ -210,14 +210,6 @@ int auth_pam_password(Authctxt *authctxt, const char *password)
do_pam_set_conv(&conv);
/* deny if no user. */
if (pw == NULL)
return 0;
if (pw->pw_uid == 0 && options.permit_root_login == PERMIT_NO_PASSWD)
return 0;
if (*password == '\0' && options.permit_empty_passwd == 0)
return 0;
__pampasswd = password;
pamstate = INITIAL_LOGIN;

87
crypto/openssh/auth-passwd.c
View file

@ -92,33 +92,26 @@ extern char *aixloginmsg;
int
auth_password(Authctxt *authctxt, const char *password)
{
#if defined(USE_PAM)
if (*password == '\0' && options.permit_empty_passwd == 0)
return 0;
return auth_pam_password(authctxt, password);
#elif defined(HAVE_OSF_SIA)
if (*password == '\0' && options.permit_empty_passwd == 0)
return 0;
return auth_sia_password(authctxt, password);
#else
struct passwd * pw = authctxt->pw;
#if !defined(USE_PAM) && !defined(HAVE_OSF_SIA)
char *encrypted_password;
char *pw_password;
char *salt;
#if defined(__hpux) || defined(HAVE_SECUREWARE)
# if defined(__hpux) || defined(HAVE_SECUREWARE)
struct pr_passwd *spw;
#endif /* __hpux || HAVE_SECUREWARE */
#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
# endif /* __hpux || HAVE_SECUREWARE */
# if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
struct spwd *spw;
#endif
#if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW)
# endif
# if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW)
struct passwd_adjunct *spw;
#endif
#ifdef WITH_AIXAUTHENTICATE
# endif
# ifdef WITH_AIXAUTHENTICATE
char *authmsg;
int authsuccess;
int reenter = 1;
#endif
# endif
#endif /* !defined(USE_PAM) && !defined(HAVE_OSF_SIA) */
/* deny if no user. */
if (pw == NULL)
@ -129,15 +122,21 @@ auth_password(Authctxt *authctxt, const char *password)
#endif
if (*password == '\0' && options.permit_empty_passwd == 0)
return 0;
#ifdef KRB5
#if defined(USE_PAM)
return auth_pam_password(authctxt, password);
#elif defined(HAVE_OSF_SIA)
return auth_sia_password(authctxt, password);
#else
# ifdef KRB5
if (options.kerberos_authentication == 1) {
int ret = auth_krb5_password(authctxt, password);
if (ret == 1 || ret == 0)
return ret;
/* Fall back to ordinary passwd authentication. */
}
#endif
#ifdef HAVE_CYGWIN
# endif
# ifdef HAVE_CYGWIN
if (is_winnt) {
HANDLE hToken = cygwin_logon_user(pw, password);
@ -146,8 +145,8 @@ auth_password(Authctxt *authctxt, const char *password)
cygwin_set_impersonation_token(hToken);
return 1;
}
#endif
#ifdef WITH_AIXAUTHENTICATE
# endif
# ifdef WITH_AIXAUTHENTICATE
authsuccess = (authenticate(pw->pw_name,password,&reenter,&authmsg) == 0);
if (authsuccess)
@ -158,47 +157,47 @@ auth_password(Authctxt *authctxt, const char *password)
aixloginmsg = NULL;
return(authsuccess);
#endif
#ifdef KRB4
# endif
# ifdef KRB4
if (options.kerberos_authentication == 1) {
int ret = auth_krb4_password(authctxt, password);
if (ret == 1 || ret == 0)
return ret;
/* Fall back to ordinary passwd authentication. */
}
#endif
#ifdef BSD_AUTH
# endif
# ifdef BSD_AUTH
if (auth_userokay(pw->pw_name, authctxt->style, "auth-ssh",
(char *)password) == 0)
return 0;
else
return 1;
#endif
# endif
pw_password = pw->pw_passwd;
/*
* Various interfaces to shadow or protected password data
*/
#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
# if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
spw = getspnam(pw->pw_name);
if (spw != NULL)
pw_password = spw->sp_pwdp;
#endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */
# endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */
#if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW)
# if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW)
if (issecure() && (spw = getpwanam(pw->pw_name)) != NULL)
pw_password = spw->pwa_passwd;
#endif /* defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW) */
# endif /* defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW) */
#ifdef HAVE_SECUREWARE
# ifdef HAVE_SECUREWARE
if ((spw = getprpwnam(pw->pw_name)) != NULL)
pw_password = spw->ufld.fd_encrypt;
#endif /* HAVE_SECUREWARE */
# endif /* HAVE_SECUREWARE */
#if defined(__hpux) && !defined(HAVE_SECUREWARE)
# if defined(__hpux) && !defined(HAVE_SECUREWARE)
if (iscomsec() && (spw = getprpwnam(pw->pw_name)) != NULL)
pw_password = spw->ufld.fd_encrypt;
#endif /* defined(__hpux) && !defined(HAVE_SECUREWARE) */
# endif /* defined(__hpux) && !defined(HAVE_SECUREWARE) */
/* Check for users with no password. */
if ((password[0] == '\0') && (pw_password[0] == '\0'))
@ -209,25 +208,25 @@ auth_password(Authctxt *authctxt, const char *password)
else
salt = "xx";
#ifdef HAVE_MD5_PASSWORDS
# ifdef HAVE_MD5_PASSWORDS
if (is_md5_salt(salt))
encrypted_password = md5_crypt(password, salt);
else
encrypted_password = crypt(password, salt);
#else /* HAVE_MD5_PASSWORDS */
# if defined(__hpux) && !defined(HAVE_SECUREWARE)
# else /* HAVE_MD5_PASSWORDS */
# if defined(__hpux) && !defined(HAVE_SECUREWARE)
if (iscomsec())
encrypted_password = bigcrypt(password, salt);
else
encrypted_password = crypt(password, salt);
# else
# ifdef HAVE_SECUREWARE
encrypted_password = bigcrypt(password, salt);
# else
# ifdef HAVE_SECUREWARE
encrypted_password = bigcrypt(password, salt);
# else
encrypted_password = crypt(password, salt);
# endif /* HAVE_SECUREWARE */
# endif /* __hpux && !defined(HAVE_SECUREWARE) */
#endif /* HAVE_MD5_PASSWORDS */
# endif /* HAVE_SECUREWARE */
# endif /* __hpux && !defined(HAVE_SECUREWARE) */
# endif /* HAVE_MD5_PASSWORDS */
/* Authentication is accepted if the encrypted passwords are identical. */
return (strcmp(encrypted_password, pw_password) == 0);

47
crypto/openssh/auth-sia.c
View file

@ -45,27 +45,25 @@ extern ServerOptions options;
extern int saved_argc;
extern char **saved_argv;
extern int errno;
int
auth_sia_password(Authctxt *authctxt, char *pass)
{
int ret;
SIAENTITY *ent = NULL;
const char *host;
char *user = authctxt->user;
host = get_canonical_hostname(options.verify_reverse_mapping);
if (!user || !pass || pass[0] == '\0')
if (!authctxt->user || !pass || pass[0] == '\0')
return(0);
if (sia_ses_init(&ent, saved_argc, saved_argv, host, user, NULL, 0,
NULL) != SIASUCCESS)
if (sia_ses_init(&ent, saved_argc, saved_argv, host, authctxt->user,
NULL, 0, NULL) != SIASUCCESS)
return(0);
if ((ret = sia_ses_authent(NULL, pass, ent)) != SIASUCCESS) {
error("Couldn't authenticate %s from %s", user, host);
error("Couldn't authenticate %s from %s", authctxt->user,
host);
if (ret & SIASTOP)
sia_ses_release(&ent);
return(0);
@ -77,48 +75,35 @@ auth_sia_password(Authctxt *authctxt, char *pass)
}
void
session_setup_sia(char *user, char *tty)
session_setup_sia(struct passwd *pw, char *tty)
{
struct passwd *pw;
SIAENTITY *ent = NULL;
const char *host;
host = get_canonical_hostname (options.verify_reverse_mapping);
host = get_canonical_hostname(options.verify_reverse_mapping);
if (sia_ses_init(&ent, saved_argc, saved_argv, host, user, tty, 0,
NULL) != SIASUCCESS) {
if (sia_ses_init(&ent, saved_argc, saved_argv, host, pw->pw_name, tty,
0, NULL) != SIASUCCESS)
fatal("sia_ses_init failed");
}
if ((pw = getpwnam(user)) == NULL) {
sia_ses_release(&ent);
fatal("getpwnam: no user: %s", user);
}
if (sia_make_entity_pwd(pw, ent) != SIASUCCESS) {
sia_ses_release(&ent);
fatal("sia_make_entity_pwd failed");
}
ent->authtype = SIA_A_NONE;
if (sia_ses_estab(sia_collect_trm, ent) != SIASUCCESS) {
fatal("Couldn't establish session for %s from %s", user,
if (sia_ses_estab(sia_collect_trm, ent) != SIASUCCESS)
fatal("Couldn't establish session for %s from %s",
pw->pw_name, host);
if (sia_ses_launch(sia_collect_trm, ent) != SIASUCCESS)
fatal("Couldn't launch session for %s from %s", pw->pw_name,
host);
}
if (setpriority(PRIO_PROCESS, 0, 0) == -1) {
sia_ses_release(&ent);
fatal("setpriority: %s", strerror (errno));
}
if (sia_ses_launch(sia_collect_trm, ent) != SIASUCCESS) {
fatal("Couldn't launch session for %s from %s", user, host);
}
sia_ses_release(&ent);
if (setreuid(geteuid(), geteuid()) < 0) {
if (setreuid(geteuid(), geteuid()) < 0)
fatal("setreuid: %s", strerror(errno));
}
}
#endif /* HAVE_OSF_SIA */

2
crypto/openssh/auth-sia.h
View file

@ -27,6 +27,6 @@
#ifdef HAVE_OSF_SIA
int auth_sia_password(Authctxt *authctxt, char *pass);
void session_setup_sia(char *user, char *tty);
void session_setup_sia(struct passwd *pw, char *tty);
#endif /* HAVE_OSF_SIA */

50
crypto/openssh/auth.c
View file

@ -23,7 +23,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: auth.c,v 1.45 2002/09/20 18:41:29 stevesk Exp $");
RCSID("$OpenBSD: auth.c,v 1.46 2002/11/04 10:07:53 markus Exp $");
#ifdef HAVE_LOGIN_H
#include <login.h>
@ -79,17 +79,20 @@ allowed_user(struct passwd * pw)
char *loginmsg;
#endif /* WITH_AIXAUTHENTICATE */
#if !defined(USE_PAM) && defined(HAVE_SHADOW_H) && \
!defined(DISABLE_SHADOW) && defined(HAS_SHADOW_EXPIRE)
!defined(DISABLE_SHADOW) && defined(HAS_SHADOW_EXPIRE)
struct spwd *spw;
time_t today;
#endif
/* Shouldn't be called if pw is NULL, but better safe than sorry... */
if (!pw || !pw->pw_name)
return 0;
#if !defined(USE_PAM) && defined(HAVE_SHADOW_H) && \
!defined(DISABLE_SHADOW) && defined(HAS_SHADOW_EXPIRE)
#define DAY (24L * 60 * 60) /* 1 day in seconds */
spw = getspnam(pw->pw_name);
if (spw != NULL) {
time_t today = time(NULL) / DAY;
if ((spw = getspnam(pw->pw_name)) != NULL) {
today = time(NULL) / DAY;
debug3("allowed_user: today %d sp_expire %d sp_lstchg %d"
" sp_max %d", (int)today, (int)spw->sp_expire,
(int)spw->sp_lstchg, (int)spw->sp_max);
@ -116,10 +119,6 @@ allowed_user(struct passwd * pw)
return 0;
}
}
#else
/* Shouldn't be called if pw is NULL, but better safe than sorry... */
if (!pw || !pw->pw_name)
return 0;
#endif
/*
@ -202,7 +201,15 @@ allowed_user(struct passwd * pw)
}
#ifdef WITH_AIXAUTHENTICATE
if (loginrestrictions(pw->pw_name, S_RLOGIN, NULL, &loginmsg) != 0) {
/*
* Don't check loginrestrictions() for root account (use
* PermitRootLogin to control logins via ssh), or if running as
* non-root user (since loginrestrictions will always fail).
*/
if ((pw->pw_uid != 0) && (geteuid() == 0) &&
loginrestrictions(pw->pw_name, S_RLOGIN, NULL, &loginmsg) != 0) {
int loginrestrict_errno = errno;
if (loginmsg && *loginmsg) {
/* Remove embedded newlines (if any) */
char *p;
@ -212,9 +219,13 @@ allowed_user(struct passwd * pw)
}
/* Remove trailing newline */
*--p = '\0';
log("Login restricted for %s: %.100s", pw->pw_name, loginmsg);
log("Login restricted for %s: %.100s", pw->pw_name,
loginmsg);
}
return 0;
/* Don't fail if /etc/nologin set */
if (!(loginrestrict_errno == EPERM &&
stat(_PATH_NOLOGIN, &st) == 0))
return 0;
}
#endif /* WITH_AIXAUTHENTICATE */
@ -417,6 +428,7 @@ secure_filename(FILE *f, const char *file, struct passwd *pw,
uid_t uid = pw->pw_uid;
char buf[MAXPATHLEN], homedir[MAXPATHLEN];
char *cp;
int comparehome = 0;
struct stat st;
if (realpath(file, buf) == NULL) {
@ -424,11 +436,8 @@ secure_filename(FILE *f, const char *file, struct passwd *pw,
strerror(errno));
return -1;
}
if (realpath(pw->pw_dir, homedir) == NULL) {
snprintf(err, errlen, "realpath %s failed: %s", pw->pw_dir,
strerror(errno));
return -1;
}
if (realpath(pw->pw_dir, homedir) != NULL)
comparehome = 1;
/* check the open file to avoid races */
if (fstat(fileno(f), &st) < 0 ||
@ -457,7 +466,7 @@ secure_filename(FILE *f, const char *file, struct passwd *pw,
}
/* If are passed the homedir then we can stop */
if (strcmp(homedir, buf) == 0) {
if (comparehome && strcmp(homedir, buf) == 0) {
debug3("secure_filename: terminating check at '%s'",
buf);
break;
@ -487,6 +496,11 @@ getpwnamallow(const char *user)
if (pw == NULL) {
log("Illegal user %.100s from %.100s",
user, get_remote_ipaddr());
#ifdef WITH_AIXAUTHENTICATE
loginfailed(user,
get_canonical_hostname(options.verify_reverse_mapping),
"ssh");
#endif
return (NULL);
}
if (!allowed_user(pw))

8
crypto/openssh/auth1.c
View file

@ -10,7 +10,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: auth1.c,v 1.44 2002/09/26 11:38:43 markus Exp $");
RCSID("$OpenBSD: auth1.c,v 1.47 2003/02/06 21:22:42 markus Exp $");
#include "xmalloc.h"
#include "rsa.h"
@ -150,7 +150,7 @@ do_authloop(Authctxt *authctxt)
snprintf(info, sizeof(info),
" tktuser %.100s",
client_user);
/* Send response to client */
packet_start(
SSH_SMSG_AUTH_KERBEROS_RESPONSE);
@ -285,7 +285,6 @@ do_authloop(Authctxt *authctxt)
debug("rcvd SSH_CMSG_AUTH_TIS_RESPONSE");
if (options.challenge_response_authentication == 1) {
char *response = packet_get_string(&dlen);
debug("got response '%s'", response);
packet_check_eom();
authenticated = verify_response(authctxt, response);
memset(response, 'r', dlen);
@ -329,8 +328,7 @@ do_authloop(Authctxt *authctxt)
}
#else
/* Special handling for root */
if (!use_privsep &&
authenticated && authctxt->pw->pw_uid == 0 &&
if (authenticated && authctxt->pw->pw_uid == 0 &&
!auth_root_allowed(get_authname(type)))
authenticated = 0;
#endif

5
crypto/openssh/auth2-pam.c
View file

@ -1,5 +1,5 @@
#include "includes.h"
RCSID("$Id: auth2-pam.c,v 1.14 2002/06/28 16:48:12 mouring Exp $");
RCSID("$Id: auth2-pam.c,v 1.15 2003/01/08 01:37:03 djm Exp $");
#ifdef USE_PAM
#include <security/pam_appl.h>
@ -154,8 +154,7 @@ input_userauth_info_response_pam(int type, u_int32_t seqnr, void *ctxt)
resp = packet_get_string(&rlen);
context_pam2.responses[j].resp_retcode = PAM_SUCCESS;
context_pam2.responses[j].resp = xstrdup(resp);
xfree(resp);
context_pam2.responses[j].resp = resp;
context_pam2.num_received++;
}

5
crypto/openssh/auth2.c
View file

@ -23,7 +23,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: auth2.c,v 1.95 2002/08/22 21:33:58 markus Exp $");
RCSID("$OpenBSD: auth2.c,v 1.96 2003/02/06 21:22:43 markus Exp $");
#include "ssh2.h"
#include "xmalloc.h"
@ -205,8 +205,7 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method)
authctxt->user);
/* Special handling for root */
if (!use_privsep &&
authenticated && authctxt->pw->pw_uid == 0 &&
if (authenticated && authctxt->pw->pw_uid == 0 &&
!auth_root_allowed(method))
authenticated = 0;

10
crypto/openssh/authfd.c
View file

@ -35,7 +35,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: authfd.c,v 1.57 2002/09/11 18:27:26 stevesk Exp $");
RCSID("$OpenBSD: authfd.c,v 1.58 2003/01/23 13:50:27 markus Exp $");
#include <openssl/evp.h>
@ -499,10 +499,10 @@ ssh_encode_identity_ssh2(Buffer *b, Key *key, const char *comment)
int
ssh_add_identity_constrained(AuthenticationConnection *auth, Key *key,
const char *comment, u_int life)
const char *comment, u_int life, u_int confirm)
{
Buffer msg;
int type, constrained = (life != 0);
int type, constrained = (life || confirm);
buffer_init(&msg);
@ -532,6 +532,8 @@ ssh_add_identity_constrained(AuthenticationConnection *auth, Key *key,
buffer_put_char(&msg, SSH_AGENT_CONSTRAIN_LIFETIME);
buffer_put_int(&msg, life);
}
if (confirm != 0)
buffer_put_char(&msg, SSH_AGENT_CONSTRAIN_CONFIRM);
}
if (ssh_request_reply(auth, &msg, &msg) == 0) {
buffer_free(&msg);
@ -545,7 +547,7 @@ ssh_add_identity_constrained(AuthenticationConnection *auth, Key *key,
int
ssh_add_identity(AuthenticationConnection *auth, Key *key, const char *comment)
{
return ssh_add_identity_constrained(auth, key, comment, 0);
return ssh_add_identity_constrained(auth, key, comment, 0, 0);
}
/*

6
crypto/openssh/authfd.h
View file

@ -1,4 +1,4 @@
/* $OpenBSD: authfd.h,v 1.31 2002/09/11 18:27:25 stevesk Exp $ */
/* $OpenBSD: authfd.h,v 1.32 2003/01/23 13:50:27 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -51,6 +51,7 @@
#define SSH2_AGENTC_ADD_ID_CONSTRAINED 25
#define SSH_AGENT_CONSTRAIN_LIFETIME 1
#define SSH_AGENT_CONSTRAIN_CONFIRM 2
/* extended failure messages */
#define SSH2_AGENT_FAILURE 30
@ -76,7 +77,8 @@ int ssh_get_num_identities(AuthenticationConnection *, int);
Key *ssh_get_first_identity(AuthenticationConnection *, char **, int);
Key *ssh_get_next_identity(AuthenticationConnection *, char **, int);
int ssh_add_identity(AuthenticationConnection *, Key *, const char *);
int ssh_add_identity_constrained(AuthenticationConnection *, Key *, const char *, u_int);
int ssh_add_identity_constrained(AuthenticationConnection *, Key *,
const char *, u_int, u_int);
int ssh_remove_identity(AuthenticationConnection *, Key *);
int ssh_remove_all_identities(AuthenticationConnection *, int);
int ssh_lock_agent(AuthenticationConnection *, int, const char *);

32
crypto/openssh/authfile.c
View file

@ -36,7 +36,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: authfile.c,v 1.50 2002/06/24 14:55:38 markus Exp $");
RCSID("$OpenBSD: authfile.c,v 1.52 2003/03/13 11:42:18 markus Exp $");
#include <openssl/err.h>
#include <openssl/evp.h>
@ -232,12 +232,17 @@ key_load_public_rsa1(int fd, const char *filename, char **commentp)
{
Buffer buffer;
Key *pub;
struct stat st;
char *cp;
int i;
off_t len;
len = lseek(fd, (off_t) 0, SEEK_END);
lseek(fd, (off_t) 0, SEEK_SET);
if (fstat(fd, &st) < 0) {
error("fstat for key file %.200s failed: %.100s",
filename, strerror(errno));
return NULL;
}
len = st.st_size;
buffer_init(&buffer);
cp = buffer_append_space(&buffer, len);
@ -318,9 +323,15 @@ key_load_private_rsa1(int fd, const char *filename, const char *passphrase,
CipherContext ciphercontext;
Cipher *cipher;
Key *prv = NULL;
struct stat st;
len = lseek(fd, (off_t) 0, SEEK_END);
lseek(fd, (off_t) 0, SEEK_SET);
if (fstat(fd, &st) < 0) {
error("fstat for key file %.200s failed: %.100s",
filename, strerror(errno));
close(fd);
return NULL;
}
len = st.st_size;
buffer_init(&buffer);
cp = buffer_append_space(&buffer, len);
@ -410,6 +421,12 @@ key_load_private_rsa1(int fd, const char *filename, const char *passphrase,
rsa_generate_additional_parameters(prv->rsa);
buffer_free(&decrypted);
/* enable blinding */
if (RSA_blinding_on(prv->rsa, NULL) != 1) {
error("key_load_private_rsa1: RSA_blinding_on failed");
goto fail;
}
close(fd);
return prv;
@ -449,6 +466,11 @@ key_load_private_pem(int fd, int type, const char *passphrase,
#ifdef DEBUG_PK
RSA_print_fp(stderr, prv->rsa, 8);
#endif
if (RSA_blinding_on(prv->rsa, NULL) != 1) {
error("key_load_private_pem: RSA_blinding_on failed");
key_free(prv);
prv = NULL;
}
} else if (pk->type == EVP_PKEY_DSA &&
(type == KEY_UNSPEC||type==KEY_DSA)) {
prv = key_new(KEY_UNSPEC);

4
crypto/openssh/bufaux.c
View file

@ -37,7 +37,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: bufaux.c,v 1.27 2002/06/26 08:53:12 markus Exp $");
RCSID("$OpenBSD: bufaux.c,v 1.28 2002/10/23 10:40:16 markus Exp $");
#include <openssl/bn.h>
#include "bufaux.h"
@ -225,7 +225,7 @@ buffer_get_string(Buffer *buffer, u_int *length_ptr)
/* Get the length. */
len = buffer_get_int(buffer);
if (len > 256 * 1024)
fatal("buffer_get_string: bad string length %d", len);
fatal("buffer_get_string: bad string length %u", len);
/* Allocate space for the string. Add one byte for a null character. */
value = xmalloc(len + 1);
/* Get the string. */

25
crypto/openssh/canohost.c
View file

@ -12,7 +12,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: canohost.c,v 1.34 2002/09/23 20:46:27 stevesk Exp $");
RCSID("$OpenBSD: canohost.c,v 1.35 2002/11/26 02:38:54 stevesk Exp $");
#include "packet.h"
#include "xmalloc.h"
@ -38,7 +38,7 @@ get_remote_hostname(int socket, int verify_reverse_mapping)
/* Get IP address of client. */
fromlen = sizeof(from);
memset(&from, 0, sizeof(from));
if (getpeername(socket, (struct sockaddr *) &from, &fromlen) < 0) {
if (getpeername(socket, (struct sockaddr *)&from, &fromlen) < 0) {
debug("getpeername failed: %.100s", strerror(errno));
fatal_cleanup();
}
@ -59,11 +59,14 @@ get_remote_hostname(int socket, int verify_reverse_mapping)
memset(&from, 0, sizeof(from));
from4->sin_family = AF_INET;
fromlen = sizeof(*from4);
memcpy(&from4->sin_addr, &addr, sizeof(addr));
from4->sin_port = port;
}
}
#endif
if (from.ss_family == AF_INET6)
fromlen = sizeof(struct sockaddr_in6);
if (getnameinfo((struct sockaddr *)&from, fromlen, ntop, sizeof(ntop),
NULL, 0, NI_NUMERICHOST) != 0)
@ -202,8 +205,8 @@ get_canonical_hostname(int verify_reverse_mapping)
}
/*
* Returns the remote IP-address of socket as a string. The returned
* string must be freed.
* Returns the local/remote IP-address/hostname of socket as a string.
* The returned string must be freed.
*/
static char *
get_socket_address(int socket, int remote, int flags)
@ -225,10 +228,15 @@ get_socket_address(int socket, int remote, int flags)
< 0)
return NULL;
}
/* Work around Linux IPv6 weirdness */
if (addr.ss_family == AF_INET6)
addrlen = sizeof(struct sockaddr_in6);
/* Get the address in ascii. */
if (getnameinfo((struct sockaddr *)&addr, addrlen, ntop, sizeof(ntop),
NULL, 0, flags) != 0) {
error("get_socket_ipaddr: getnameinfo %d failed", flags);
error("get_socket_address: getnameinfo %d failed", flags);
return NULL;
}
return xstrdup(ntop);
@ -314,11 +322,16 @@ get_sock_port(int sock, int local)
return 0;
}
} else {
if (getpeername(sock, (struct sockaddr *) & from, &fromlen) < 0) {
if (getpeername(sock, (struct sockaddr *)&from, &fromlen) < 0) {
debug("getpeername failed: %.100s", strerror(errno));
fatal_cleanup();
}
}
/* Work around Linux IPv6 weirdness */
if (from.ss_family == AF_INET6)
fromlen = sizeof(struct sockaddr_in6);
/* Return port number. */
if (getnameinfo((struct sockaddr *)&from, fromlen, NULL, 0,
strport, sizeof(strport), NI_NUMERICSERV) != 0)

23
crypto/openssh/channels.c
View file

@ -39,7 +39,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: channels.c,v 1.183 2002/09/17 07:47:02 itojun Exp $");
RCSID("$OpenBSD: channels.c,v 1.187 2003/03/05 22:33:43 markus Exp $");
#include "ssh.h"
#include "ssh1.h"
@ -413,13 +413,13 @@ channel_not_very_much_buffered_data(void)
#if 0
if (!compat20 &&
buffer_len(&c->input) > packet_get_maxsize()) {
debug("channel %d: big input buffer %d",
debug2("channel %d: big input buffer %d",
c->self, buffer_len(&c->input));
return 0;
}
#endif
if (buffer_len(&c->output) > packet_get_maxsize()) {
debug("channel %d: big output buffer %d > %d",
debug2("channel %d: big output buffer %d > %d",
c->self, buffer_len(&c->output),
packet_get_maxsize());
return 0;
@ -578,7 +578,7 @@ channel_send_open(int id)
log("channel_send_open: %d: bad id", id);
return;
}
debug("send channel open %d", id);
debug2("channel %d: send open", id);
packet_start(SSH2_MSG_CHANNEL_OPEN);
packet_put_cstring(c->ctype);
packet_put_int(c->self);
@ -588,15 +588,15 @@ channel_send_open(int id)
}
void
channel_request_start(int local_id, char *service, int wantconfirm)
channel_request_start(int id, char *service, int wantconfirm)
{
Channel *c = channel_lookup(local_id);
Channel *c = channel_lookup(id);
if (c == NULL) {
log("channel_request_start: %d: unknown channel id", local_id);
log("channel_request_start: %d: unknown channel id", id);
return;
}
debug("channel request %d: %s", local_id, service) ;
debug("channel %d: request %s", id, service) ;
packet_start(SSH2_MSG_CHANNEL_REQUEST);
packet_put_int(c->remote_id);
packet_put_cstring(service);
@ -1997,6 +1997,7 @@ channel_input_port_open(int type, u_int32_t seq, void *ctxt)
c->remote_id = remote_id;
}
if (c == NULL) {
xfree(originator_string);
packet_start(SSH_MSG_CHANNEL_OPEN_FAILURE);
packet_put_int(remote_id);
packet_send();
@ -2281,7 +2282,10 @@ connect_to(const char *host, u_short port)
}
sock = socket(ai->ai_family, SOCK_STREAM, 0);
if (sock < 0) {
error("socket: %.100s", strerror(errno));
if (ai->ai_next == NULL)
error("socket: %.100s", strerror(errno));
else
verbose("socket: %.100s", strerror(errno));
continue;
}
if (fcntl(sock, F_SETFL, O_NONBLOCK) < 0)
@ -2606,6 +2610,7 @@ x11_input_open(int type, u_int32_t seq, void *ctxt)
/* Send refusal to the remote host. */
packet_start(SSH_MSG_CHANNEL_OPEN_FAILURE);
packet_put_int(remote_id);
xfree(remote_host);
} else {
/* Send a confirmation to the remote host. */
packet_start(SSH_MSG_CHANNEL_OPEN_CONFIRMATION);

4
crypto/openssh/cipher.c
View file

@ -35,7 +35,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: cipher.c,v 1.61 2002/07/12 15:50:17 markus Exp $");
RCSID("$OpenBSD: cipher.c,v 1.62 2002/11/21 22:45:31 markus Exp $");
#include "xmalloc.h"
#include "log.h"
@ -239,7 +239,7 @@ cipher_init(CipherContext *cc, Cipher *cipher,
cipher->name);
klen = EVP_CIPHER_CTX_key_length(&cc->evp);
if (klen > 0 && keylen != klen) {
debug("cipher_init: set keylen (%d -> %d)", klen, keylen);
debug2("cipher_init: set keylen (%d -> %d)", klen, keylen);
if (EVP_CIPHER_CTX_set_key_length(&cc->evp, keylen) == 0)
fatal("cipher_init: set keylen failed (%d -> %d)",
klen, keylen);

16
crypto/openssh/clientloop.c
View file

@ -59,7 +59,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: clientloop.c,v 1.104 2002/08/22 19:38:42 stevesk Exp $");
RCSID("$OpenBSD: clientloop.c,v 1.107 2003/04/01 10:22:21 markus Exp $");
#include "ssh.h"
#include "ssh1.h"
@ -888,10 +888,16 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id)
client_init_dispatch();
/* Set signal handlers to restore non-blocking mode. */
signal(SIGINT, signal_handler);
signal(SIGQUIT, signal_handler);
signal(SIGTERM, signal_handler);
/*
* Set signal handlers, (e.g. to restore non-blocking mode)
* but don't overwrite SIG_IGN, matches behaviour from rsh(1)
*/
if (signal(SIGINT, SIG_IGN) != SIG_IGN)
signal(SIGINT, signal_handler);
if (signal(SIGQUIT, SIG_IGN) != SIG_IGN)
signal(SIGQUIT, signal_handler);
if (signal(SIGTERM, SIG_IGN) != SIG_IGN)
signal(SIGTERM, signal_handler);
if (have_pty)
signal(SIGWINCH, window_change_handler);

22
crypto/openssh/compat.c
View file

@ -23,7 +23,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: compat.c,v 1.65 2002/09/27 10:42:09 mickey Exp $");
RCSID("$OpenBSD: compat.c,v 1.66 2003/04/01 10:31:26 markus Exp $");
#include "buffer.h"
#include "packet.h"
@ -85,10 +85,12 @@ compat_datafellows(const char *version)
{ "*MindTerm*", 0 },
{ "2.1.0*", SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
SSH_OLD_SESSIONID|SSH_BUG_DEBUG|
SSH_BUG_RSASIGMD5|SSH_BUG_HBSERVICE },
SSH_BUG_RSASIGMD5|SSH_BUG_HBSERVICE|
SSH_BUG_FIRSTKEX },
{ "2.1 *", SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
SSH_OLD_SESSIONID|SSH_BUG_DEBUG|
SSH_BUG_RSASIGMD5|SSH_BUG_HBSERVICE },
SSH_BUG_RSASIGMD5|SSH_BUG_HBSERVICE|
SSH_BUG_FIRSTKEX },
{ "2.0.13*,"
"2.0.14*,"
"2.0.15*,"
@ -100,26 +102,28 @@ compat_datafellows(const char *version)
SSH_BUG_PKSERVICE|SSH_BUG_X11FWD|
SSH_BUG_PKOK|SSH_BUG_RSASIGMD5|
SSH_BUG_HBSERVICE|SSH_BUG_OPENFAILURE|
SSH_BUG_DUMMYCHAN },
SSH_BUG_DUMMYCHAN|SSH_BUG_FIRSTKEX },
{ "2.0.11*,"
"2.0.12*", SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
SSH_OLD_SESSIONID|SSH_BUG_DEBUG|
SSH_BUG_PKSERVICE|SSH_BUG_X11FWD|
SSH_BUG_PKAUTH|SSH_BUG_PKOK|
SSH_BUG_RSASIGMD5|SSH_BUG_OPENFAILURE|
SSH_BUG_DUMMYCHAN },
SSH_BUG_DUMMYCHAN|SSH_BUG_FIRSTKEX },
{ "2.0.*", SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
SSH_OLD_SESSIONID|SSH_BUG_DEBUG|
SSH_BUG_PKSERVICE|SSH_BUG_X11FWD|
SSH_BUG_PKAUTH|SSH_BUG_PKOK|
SSH_BUG_RSASIGMD5|SSH_BUG_OPENFAILURE|
SSH_BUG_DERIVEKEY|SSH_BUG_DUMMYCHAN },
SSH_BUG_DERIVEKEY|SSH_BUG_DUMMYCHAN|
SSH_BUG_FIRSTKEX },
{ "2.2.0*,"
"2.3.0*", SSH_BUG_HMAC|SSH_BUG_DEBUG|
SSH_BUG_RSASIGMD5 },
{ "2.3.*", SSH_BUG_DEBUG|SSH_BUG_RSASIGMD5 },
SSH_BUG_RSASIGMD5|SSH_BUG_FIRSTKEX },
{ "2.3.*", SSH_BUG_DEBUG|SSH_BUG_RSASIGMD5|
SSH_BUG_FIRSTKEX },
{ "2.4", SSH_OLD_SESSIONID }, /* Van Dyke */
{ "2.*", SSH_BUG_DEBUG },
{ "2.*", SSH_BUG_DEBUG|SSH_BUG_FIRSTKEX },
{ "3.0.*", SSH_BUG_DEBUG },
{ "3.0 SecureCRT*", SSH_OLD_SESSIONID },
{ "1.7 SecureFX*", SSH_OLD_SESSIONID },

3
crypto/openssh/compat.h
View file

@ -1,4 +1,4 @@
/* $OpenBSD: compat.h,v 1.33 2002/09/27 10:42:09 mickey Exp $ */
/* $OpenBSD: compat.h,v 1.34 2003/04/01 10:31:26 markus Exp $ */
/*
* Copyright (c) 1999, 2000, 2001 Markus Friedl. All rights reserved.
@ -55,6 +55,7 @@
#define SSH_BUG_EXTEOF 0x00200000
#define SSH_BUG_K5USER 0x00400000
#define SSH_BUG_PROBE 0x00800000
#define SSH_BUG_FIRSTKEX 0x01000000
void enable_compat13(void);
void enable_compat20(void);

3
crypto/openssh/config.guess vendored
View file

@ -726,6 +726,9 @@ EOF
CRAY*SV1:*:*:*)
echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
exit 0 ;;
*:UNICOS/mp:*:*)
echo nv1-cray-unicosmp | sed -e 's/\.[^.]*$/.X/'
exit 0 ;;
F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*)
FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`

9
crypto/openssh/config.sub vendored
View file

@ -315,7 +315,7 @@ case $basic_machine in
| mipsisa64-* | mipsisa64el-* \
| mipsisa64sb1-* | mipsisa64sb1el-* \
| mipstx39 | mipstx39el \
| none-* | np1-* | ns16k-* | ns32k-* \
| none-* | np1-* | ns16k-* | ns32k-* | nv1-* \
| orion-* \
| pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \
| powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \
@ -715,6 +715,9 @@ case $basic_machine in
nsr-tandem)
basic_machine=nsr-tandem
;;
nv1)
basic_machine=nv1-cray
;;
op50n-* | op60c-*)
basic_machine=hppa1.1-oki
os=-proelf
@ -887,6 +890,10 @@ case $basic_machine in
basic_machine=sv1-cray
os=-unicos
;;
sx*-nec)
basic_machine=sx6-nec
os=-sysv
;;
symmetry)
basic_machine=i386-sequent
os=-dynix

121
crypto/openssh/configure.ac
View file

@ -1,4 +1,4 @@
# $Id: configure.ac,v 1.89 2002/09/26 00:38:47 tim Exp $
# $Id: configure.ac,v 1.113 2003/03/21 01:18:09 mouring Exp $
AC_INIT
AC_CONFIG_SRCDIR([ssh.c])
@ -14,6 +14,7 @@ AC_PROG_RANLIB
AC_PROG_INSTALL
AC_PATH_PROG(AR, ar)
AC_PATH_PROGS(PERL, perl5 perl)
AC_PATH_PROG(SED, sed)
AC_SUBST(PERL)
AC_PATH_PROG(ENT, ent)
AC_SUBST(ENT)
@ -81,8 +82,11 @@ case "$host" in
dnl AIX handles lastlog as part of its login message
AC_DEFINE(DISABLE_LASTLOG)
AC_DEFINE(LOGIN_NEEDS_UTMPX)
AC_DEFINE(SETPROCTITLE_STRATEGY,PS_USE_CLOBBER_ARGV)
AC_DEFINE(SETPROCTITLE_PS_PADDING, '\0')
;;
*-*-cygwin*)
check_for_libcrypt_later=1
LIBS="$LIBS /usr/lib/textmode.o"
AC_DEFINE(HAVE_CYGWIN)
AC_DEFINE(USE_PIPES)
@ -121,7 +125,7 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
AC_DEFINE(LOGIN_NEEDS_UTMPX)
AC_DEFINE(DISABLE_SHADOW)
AC_DEFINE(DISABLE_UTMP)
AC_DEFINE(SPT_TYPE,SPT_PSTAT)
AC_DEFINE(SETPROCTITLE_STRATEGY,PS_USE_PSTAT)
LIBS="$LIBS -lsec -lsecpw"
AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
disable_ptmx_check=yes
@ -137,7 +141,7 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
AC_DEFINE(LOGIN_NEEDS_UTMPX)
AC_DEFINE(DISABLE_SHADOW)
AC_DEFINE(DISABLE_UTMP)
AC_DEFINE(SPT_TYPE,SPT_PSTAT)
AC_DEFINE(SETPROCTITLE_STRATEGY,PS_USE_PSTAT)
LIBS="$LIBS -lsec"
AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
;;
@ -150,7 +154,7 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
AC_DEFINE(LOGIN_NEEDS_UTMPX)
AC_DEFINE(DISABLE_SHADOW)
AC_DEFINE(DISABLE_UTMP)
AC_DEFINE(SPT_TYPE,SPT_PSTAT)
AC_DEFINE(SETPROCTITLE_STRATEGY,PS_USE_PSTAT)
LIBS="$LIBS -lsec"
AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
;;
@ -177,6 +181,8 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
check_for_libcrypt_later=1
AC_DEFINE(DONT_TRY_OTHER_AF)
AC_DEFINE(PAM_TTY_KLUDGE)
AC_DEFINE(SETPROCTITLE_STRATEGY,PS_USE_CLOBBER_ARGV)
AC_DEFINE(SETPROCTITLE_PS_PADDING, '\0')
inet6_default_4in6=yes
;;
mips-sony-bsd|mips-sony-newsos4)
@ -210,6 +216,7 @@ mips-sony-bsd|mips-sony-newsos4)
AC_DEFINE(LOGIN_NEEDS_UTMPX)
AC_DEFINE(LOGIN_NEEDS_TERM)
AC_DEFINE(PAM_TTY_KLUDGE)
AC_DEFINE(STREAMS_PUSH_ACQUIRES_CTTY)
# hardwire lastlog location (can't detect it on some versions)
conf_lastlog_location="/var/adm/lastlog"
AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
@ -278,6 +285,9 @@ mips-sony-bsd|mips-sony-newsos4)
do_sco3_extra_lib_check=yes
;;
*-*-sco3.2v5*)
if test -z "$GCC"; then
CFLAGS="$CFLAGS -belf"
fi
CPPFLAGS="$CPPFLAGS -I/usr/local/include"
LDFLAGS="$LDFLAGS -L/usr/local/lib"
LIBS="$LIBS -lprot -lx -ltinfo -lm"
@ -290,8 +300,6 @@ mips-sony-bsd|mips-sony-newsos4)
MANTYPE=man
;;
*-*-unicosmk*)
no_libsocket=1
no_libnsl=1
AC_DEFINE(USE_PIPES)
AC_DEFINE(DISABLE_FD_PASSING)
LDFLAGS="$LDFLAGS"
@ -299,8 +307,6 @@ mips-sony-bsd|mips-sony-newsos4)
MANTYPE=cat
;;
*-*-unicos*)
no_libsocket=1
no_libnsl=1
AC_DEFINE(USE_PIPES)
AC_DEFINE(DISABLE_FD_PASSING)
AC_DEFINE(NO_SSH_LASTLOG)
@ -325,11 +331,13 @@ mips-sony-bsd|mips-sony-newsos4)
AC_MSG_RESULT(yes)
AC_DEFINE(HAVE_OSF_SIA)
AC_DEFINE(DISABLE_LOGIN)
AC_DEFINE(DISABLE_FD_PASSING)
LIBS="$LIBS -lsecurity -ldb -lm -laud"
else
AC_MSG_RESULT(no)
fi
fi
AC_DEFINE(DISABLE_FD_PASSING)
;;
*-*-nto-qnx)
@ -377,13 +385,13 @@ AC_ARG_WITH(libs,
# Checks for header files.
AC_CHECK_HEADERS(bstring.h crypt.h endian.h floatingpoint.h \
getopt.h glob.h ia.h lastlog.h limits.h login.h \
getopt.h glob.h ia.h lastlog.h libgen.h limits.h login.h \
login_cap.h maillock.h netdb.h netgroup.h \
netinet/in_systm.h paths.h pty.h readpassphrase.h \
rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \
strings.h sys/bitypes.h sys/bsdtty.h sys/cdefs.h \
sys/mman.h sys/select.h sys/stat.h \
sys/stropts.h sys/sysmacros.h sys/time.h \
sys/mman.h sys/pstat.h sys/select.h sys/stat.h \
sys/stropts.h sys/sysmacros.h sys/time.h sys/timers.h \
sys/un.h time.h tmpdir.h ttyent.h usersec.h \
util.h utime.h utmp.h utmpx.h)
@ -594,18 +602,25 @@ AC_ARG_WITH(tcp-wrappers,
]
)
dnl Checks for library functions.
AC_CHECK_FUNCS(arc4random b64_ntop bcopy bindresvport_sa \
clock fchmod fchown freeaddrinfo futimes gai_strerror \
getaddrinfo getcwd getgrouplist getnameinfo getopt getpeereid\
getrlimit getrusage getttyent glob inet_aton inet_ntoa \
inet_ntop innetgr login_getcapbool md5_crypt memmove \
mkdtemp mmap ngetaddrinfo openpty ogetaddrinfo readpassphrase \
realpath recvmsg rresvport_af sendmsg setdtablesize setegid \
setenv seteuid setgroups setlogin setproctitle setresgid setreuid \
setrlimit setsid setpcred setvbuf sigaction sigvec snprintf \
socketpair strerror strlcat strlcpy strmode strsep sysconf tcgetpgrp \
truncate utimes vhangup vsnprintf waitpid __b64_ntop _getpty)
dnl Checks for library functions. Please keep in alphabetical order
AC_CHECK_FUNCS(\
arc4random __b64_ntop b64_ntop __b64_pton b64_pton basename bcopy \
bindresvport_sa clock fchmod fchown freeaddrinfo futimes \
gai_strerror getaddrinfo getcwd getgrouplist getnameinfo getopt \
getpeereid _getpty getrlimit getrusage getttyent glob inet_aton \
inet_ntoa inet_ntop innetgr login_getcapbool md5_crypt memmove \
mkdtemp mmap ngetaddrinfo nsleep ogetaddrinfo openpty pstat \
readpassphrase realpath recvmsg rresvport_af sendmsg setdtablesize \
setegid setenv seteuid setgroups setlogin setpcred setproctitle \
setresgid setreuid setrlimit setsid setvbuf sigaction sigvec \
snprintf socketpair strerror strlcat strlcpy strmode strnvis \
sysconf tcgetpgrp truncate utimes vhangup vsnprintf waitpid \
)
AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP))
dnl Make sure strsep prototype is defined before defining HAVE_STRSEP
AC_CHECK_DECL(strsep, [AC_CHECK_FUNCS(strsep)])
dnl IRIX and Solaris 2.5.1 have dirname() in libgen
AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
@ -680,6 +695,32 @@ int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');}
)
fi
dnl see whether mkstemp() requires XXXXXX
if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
AC_MSG_CHECKING([for (overly) strict mkstemp])
AC_TRY_RUN(
[
#include <stdlib.h>
main() { char template[]="conftest.mkstemp-test";
if (mkstemp(template) == -1)
exit(1);
unlink(template); exit(0);
}
],
[
AC_MSG_RESULT(no)
],
[
AC_MSG_RESULT(yes)
AC_DEFINE(HAVE_STRICT_MKSTEMP)
],
[
AC_MSG_RESULT(yes)
AC_DEFINE(HAVE_STRICT_MKSTEMP)
]
)
fi
AC_FUNC_GETPGRP
# Check for PAM libs
@ -1443,12 +1484,16 @@ if test "x$ac_cv_have_struct_timeval" = "xyes" ; then
have_struct_timeval=1
fi
# If we don't have int64_t then we can't compile sftp-server. So don't
# even attempt to do it.
AC_CHECK_TYPES(struct timespec)
# We need int64_t or else certian parts of the compile will fail.
if test "x$ac_cv_have_int64_t" = "xno" -a \
"x$ac_cv_sizeof_long_int" != "x8" -a \
"x$ac_cv_sizeof_long_long_int" = "x0" ; then
NO_SFTP='#'
echo "OpenSSH requires int64_t support. Contact your vendor or install"
echo "an alternative compiler (I.E., GCC) before continuing."
echo ""
exit 1;
else
dnl test snprintf (broken on SCO w/gcc)
AC_TRY_RUN(
@ -1478,7 +1523,6 @@ main() { exit(0); }
], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ]
)
fi
AC_SUBST(NO_SFTP)
dnl Checks for structure members
OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
@ -1906,6 +1950,17 @@ AC_ARG_WITH(xauth,
]
)
STRIP_OPT=-s
AC_ARG_ENABLE(strip,
[ --disable-strip Disable calling strip(1) on install],
[
if test "x$enableval" = "xno" ; then
STRIP_OPT=
fi
]
)
AC_SUBST(STRIP_OPT)
if test -z "$xauth_path" ; then
XAUTH_PATH="undefined"
AC_SUBST(XAUTH_PATH)
@ -2060,7 +2115,11 @@ Edit /etc/login.conf instead.])
# include <paths.h>
#endif
#ifndef _PATH_STDPATH
# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
# ifdef _PATH_USERPATH /* Irix */
# define _PATH_STDPATH _PATH_USERPATH
# else
# define _PATH_STDPATH "/usr/bin:/bin:/usr/sbin:/sbin"
# endif
#endif
#include <sys/types.h>
#include <sys/stat.h>
@ -2498,12 +2557,6 @@ if test "x$PAM_MSG" = "xyes" ; then
echo ""
fi
if test ! -z "$NO_SFTP"; then
echo "sftp-server will be disabled. Your compiler does not "
echo "support 64bit integers."
echo ""
fi
if test ! -z "$RAND_HELPER_CMDHASH" ; then
echo "WARNING: you are using the builtin random number collection "
echo "service. Please read WARNING.RNG and request that your OS "

195
crypto/openssh/crc32.c
View file

@ -1,114 +1,105 @@
/* $OpenBSD: crc32.c,v 1.9 2003/02/12 21:39:50 markus Exp $ */
/*
* COPYRIGHT (C) 1986 Gary S. Brown. You may use this program, or
* code or tables extracted from it, as desired without restriction.
* Copyright (c) 2003 Markus Friedl. All rights reserved.
*
* First, the polynomial itself and its table of feedback terms. The
* polynomial is
* X^32+X^26+X^23+X^22+X^16+X^12+X^11+X^10+X^8+X^7+X^5+X^4+X^2+X^1+X^0
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* Note that we take it "backwards" and put the highest-order term in
* the lowest-order bit. The X^32 term is "implied"; the LSB is the
* X^31 term, etc. The X^0 term (usually shown as "+1") results in
* the MSB being 1
*
* Note that the usual hardware shift register implementation, which
* is what we're using (we're merely optimizing it by doing eight-bit
* chunks at a time) shifts bits into the lowest-order term. In our
* implementation, that means shifting towards the right. Why do we
* do it this way? Because the calculated CRC must be transmitted in
* order from highest-order term to lowest-order term. UARTs transmit
* characters in order from LSB to MSB. By storing the CRC this way
* we hand it to the UART in the order low-byte to high-byte; the UART
* sends each low-bit to hight-bit; and the result is transmission bit
* by bit from highest- to lowest-order term without requiring any bit
* shuffling on our part. Reception works similarly
*
* The feedback terms table consists of 256, 32-bit entries. Notes
*
* The table can be generated at runtime if desired; code to do so
* is shown later. It might not be obvious, but the feedback
* terms simply represent the results of eight shift/xor opera
* tions for all combinations of data and CRC register values
*
* The values must be right-shifted by eight bits by the "updcrc
* logic; the shift must be u_(bring in zeroes). On some
* hardware you could probably optimize the shift in assembler by
* using byte-swap instructions
* polynomial $edb88320
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
RCSID("$OpenBSD: crc32.c,v 1.8 2000/12/19 23:17:56 markus Exp $");
#include "crc32.h"
static u_int crc32_tab[] = {
0x00000000L, 0x77073096L, 0xee0e612cL, 0x990951baL, 0x076dc419L,
0x706af48fL, 0xe963a535L, 0x9e6495a3L, 0x0edb8832L, 0x79dcb8a4L,
0xe0d5e91eL, 0x97d2d988L, 0x09b64c2bL, 0x7eb17cbdL, 0xe7b82d07L,
0x90bf1d91L, 0x1db71064L, 0x6ab020f2L, 0xf3b97148L, 0x84be41deL,
0x1adad47dL, 0x6ddde4ebL, 0xf4d4b551L, 0x83d385c7L, 0x136c9856L,
0x646ba8c0L, 0xfd62f97aL, 0x8a65c9ecL, 0x14015c4fL, 0x63066cd9L,
0xfa0f3d63L, 0x8d080df5L, 0x3b6e20c8L, 0x4c69105eL, 0xd56041e4L,
0xa2677172L, 0x3c03e4d1L, 0x4b04d447L, 0xd20d85fdL, 0xa50ab56bL,
0x35b5a8faL, 0x42b2986cL, 0xdbbbc9d6L, 0xacbcf940L, 0x32d86ce3L,
0x45df5c75L, 0xdcd60dcfL, 0xabd13d59L, 0x26d930acL, 0x51de003aL,
0xc8d75180L, 0xbfd06116L, 0x21b4f4b5L, 0x56b3c423L, 0xcfba9599L,
0xb8bda50fL, 0x2802b89eL, 0x5f058808L, 0xc60cd9b2L, 0xb10be924L,
0x2f6f7c87L, 0x58684c11L, 0xc1611dabL, 0xb6662d3dL, 0x76dc4190L,
0x01db7106L, 0x98d220bcL, 0xefd5102aL, 0x71b18589L, 0x06b6b51fL,
0x9fbfe4a5L, 0xe8b8d433L, 0x7807c9a2L, 0x0f00f934L, 0x9609a88eL,
0xe10e9818L, 0x7f6a0dbbL, 0x086d3d2dL, 0x91646c97L, 0xe6635c01L,
0x6b6b51f4L, 0x1c6c6162L, 0x856530d8L, 0xf262004eL, 0x6c0695edL,
0x1b01a57bL, 0x8208f4c1L, 0xf50fc457L, 0x65b0d9c6L, 0x12b7e950L,
0x8bbeb8eaL, 0xfcb9887cL, 0x62dd1ddfL, 0x15da2d49L, 0x8cd37cf3L,
0xfbd44c65L, 0x4db26158L, 0x3ab551ceL, 0xa3bc0074L, 0xd4bb30e2L,
0x4adfa541L, 0x3dd895d7L, 0xa4d1c46dL, 0xd3d6f4fbL, 0x4369e96aL,
0x346ed9fcL, 0xad678846L, 0xda60b8d0L, 0x44042d73L, 0x33031de5L,
0xaa0a4c5fL, 0xdd0d7cc9L, 0x5005713cL, 0x270241aaL, 0xbe0b1010L,
0xc90c2086L, 0x5768b525L, 0x206f85b3L, 0xb966d409L, 0xce61e49fL,
0x5edef90eL, 0x29d9c998L, 0xb0d09822L, 0xc7d7a8b4L, 0x59b33d17L,
0x2eb40d81L, 0xb7bd5c3bL, 0xc0ba6cadL, 0xedb88320L, 0x9abfb3b6L,
0x03b6e20cL, 0x74b1d29aL, 0xead54739L, 0x9dd277afL, 0x04db2615L,
0x73dc1683L, 0xe3630b12L, 0x94643b84L, 0x0d6d6a3eL, 0x7a6a5aa8L,
0xe40ecf0bL, 0x9309ff9dL, 0x0a00ae27L, 0x7d079eb1L, 0xf00f9344L,
0x8708a3d2L, 0x1e01f268L, 0x6906c2feL, 0xf762575dL, 0x806567cbL,
0x196c3671L, 0x6e6b06e7L, 0xfed41b76L, 0x89d32be0L, 0x10da7a5aL,
0x67dd4accL, 0xf9b9df6fL, 0x8ebeeff9L, 0x17b7be43L, 0x60b08ed5L,
0xd6d6a3e8L, 0xa1d1937eL, 0x38d8c2c4L, 0x4fdff252L, 0xd1bb67f1L,
0xa6bc5767L, 0x3fb506ddL, 0x48b2364bL, 0xd80d2bdaL, 0xaf0a1b4cL,
0x36034af6L, 0x41047a60L, 0xdf60efc3L, 0xa867df55L, 0x316e8eefL,
0x4669be79L, 0xcb61b38cL, 0xbc66831aL, 0x256fd2a0L, 0x5268e236L,
0xcc0c7795L, 0xbb0b4703L, 0x220216b9L, 0x5505262fL, 0xc5ba3bbeL,
0xb2bd0b28L, 0x2bb45a92L, 0x5cb36a04L, 0xc2d7ffa7L, 0xb5d0cf31L,
0x2cd99e8bL, 0x5bdeae1dL, 0x9b64c2b0L, 0xec63f226L, 0x756aa39cL,
0x026d930aL, 0x9c0906a9L, 0xeb0e363fL, 0x72076785L, 0x05005713L,
0x95bf4a82L, 0xe2b87a14L, 0x7bb12baeL, 0x0cb61b38L, 0x92d28e9bL,
0xe5d5be0dL, 0x7cdcefb7L, 0x0bdbdf21L, 0x86d3d2d4L, 0xf1d4e242L,
0x68ddb3f8L, 0x1fda836eL, 0x81be16cdL, 0xf6b9265bL, 0x6fb077e1L,
0x18b74777L, 0x88085ae6L, 0xff0f6a70L, 0x66063bcaL, 0x11010b5cL,
0x8f659effL, 0xf862ae69L, 0x616bffd3L, 0x166ccf45L, 0xa00ae278L,
0xd70dd2eeL, 0x4e048354L, 0x3903b3c2L, 0xa7672661L, 0xd06016f7L,
0x4969474dL, 0x3e6e77dbL, 0xaed16a4aL, 0xd9d65adcL, 0x40df0b66L,
0x37d83bf0L, 0xa9bcae53L, 0xdebb9ec5L, 0x47b2cf7fL, 0x30b5ffe9L,
0xbdbdf21cL, 0xcabac28aL, 0x53b39330L, 0x24b4a3a6L, 0xbad03605L,
0xcdd70693L, 0x54de5729L, 0x23d967bfL, 0xb3667a2eL, 0xc4614ab8L,
0x5d681b02L, 0x2a6f2b94L, 0xb40bbe37L, 0xc30c8ea1L, 0x5a05df1bL,
0x2d02ef8dL
static const u_int32_t crc32tab[] = {
0x00000000L, 0x77073096L, 0xee0e612cL, 0x990951baL,
0x076dc419L, 0x706af48fL, 0xe963a535L, 0x9e6495a3L,
0x0edb8832L, 0x79dcb8a4L, 0xe0d5e91eL, 0x97d2d988L,
0x09b64c2bL, 0x7eb17cbdL, 0xe7b82d07L, 0x90bf1d91L,
0x1db71064L, 0x6ab020f2L, 0xf3b97148L, 0x84be41deL,
0x1adad47dL, 0x6ddde4ebL, 0xf4d4b551L, 0x83d385c7L,
0x136c9856L, 0x646ba8c0L, 0xfd62f97aL, 0x8a65c9ecL,
0x14015c4fL, 0x63066cd9L, 0xfa0f3d63L, 0x8d080df5L,
0x3b6e20c8L, 0x4c69105eL, 0xd56041e4L, 0xa2677172L,
0x3c03e4d1L, 0x4b04d447L, 0xd20d85fdL, 0xa50ab56bL,
0x35b5a8faL, 0x42b2986cL, 0xdbbbc9d6L, 0xacbcf940L,
0x32d86ce3L, 0x45df5c75L, 0xdcd60dcfL, 0xabd13d59L,
0x26d930acL, 0x51de003aL, 0xc8d75180L, 0xbfd06116L,
0x21b4f4b5L, 0x56b3c423L, 0xcfba9599L, 0xb8bda50fL,
0x2802b89eL, 0x5f058808L, 0xc60cd9b2L, 0xb10be924L,
0x2f6f7c87L, 0x58684c11L, 0xc1611dabL, 0xb6662d3dL,
0x76dc4190L, 0x01db7106L, 0x98d220bcL, 0xefd5102aL,
0x71b18589L, 0x06b6b51fL, 0x9fbfe4a5L, 0xe8b8d433L,
0x7807c9a2L, 0x0f00f934L, 0x9609a88eL, 0xe10e9818L,
0x7f6a0dbbL, 0x086d3d2dL, 0x91646c97L, 0xe6635c01L,
0x6b6b51f4L, 0x1c6c6162L, 0x856530d8L, 0xf262004eL,
0x6c0695edL, 0x1b01a57bL, 0x8208f4c1L, 0xf50fc457L,
0x65b0d9c6L, 0x12b7e950L, 0x8bbeb8eaL, 0xfcb9887cL,
0x62dd1ddfL, 0x15da2d49L, 0x8cd37cf3L, 0xfbd44c65L,
0x4db26158L, 0x3ab551ceL, 0xa3bc0074L, 0xd4bb30e2L,
0x4adfa541L, 0x3dd895d7L, 0xa4d1c46dL, 0xd3d6f4fbL,
0x4369e96aL, 0x346ed9fcL, 0xad678846L, 0xda60b8d0L,
0x44042d73L, 0x33031de5L, 0xaa0a4c5fL, 0xdd0d7cc9L,
0x5005713cL, 0x270241aaL, 0xbe0b1010L, 0xc90c2086L,
0x5768b525L, 0x206f85b3L, 0xb966d409L, 0xce61e49fL,
0x5edef90eL, 0x29d9c998L, 0xb0d09822L, 0xc7d7a8b4L,
0x59b33d17L, 0x2eb40d81L, 0xb7bd5c3bL, 0xc0ba6cadL,
0xedb88320L, 0x9abfb3b6L, 0x03b6e20cL, 0x74b1d29aL,
0xead54739L, 0x9dd277afL, 0x04db2615L, 0x73dc1683L,
0xe3630b12L, 0x94643b84L, 0x0d6d6a3eL, 0x7a6a5aa8L,
0xe40ecf0bL, 0x9309ff9dL, 0x0a00ae27L, 0x7d079eb1L,
0xf00f9344L, 0x8708a3d2L, 0x1e01f268L, 0x6906c2feL,
0xf762575dL, 0x806567cbL, 0x196c3671L, 0x6e6b06e7L,
0xfed41b76L, 0x89d32be0L, 0x10da7a5aL, 0x67dd4accL,
0xf9b9df6fL, 0x8ebeeff9L, 0x17b7be43L, 0x60b08ed5L,
0xd6d6a3e8L, 0xa1d1937eL, 0x38d8c2c4L, 0x4fdff252L,
0xd1bb67f1L, 0xa6bc5767L, 0x3fb506ddL, 0x48b2364bL,
0xd80d2bdaL, 0xaf0a1b4cL, 0x36034af6L, 0x41047a60L,
0xdf60efc3L, 0xa867df55L, 0x316e8eefL, 0x4669be79L,
0xcb61b38cL, 0xbc66831aL, 0x256fd2a0L, 0x5268e236L,
0xcc0c7795L, 0xbb0b4703L, 0x220216b9L, 0x5505262fL,
0xc5ba3bbeL, 0xb2bd0b28L, 0x2bb45a92L, 0x5cb36a04L,
0xc2d7ffa7L, 0xb5d0cf31L, 0x2cd99e8bL, 0x5bdeae1dL,
0x9b64c2b0L, 0xec63f226L, 0x756aa39cL, 0x026d930aL,
0x9c0906a9L, 0xeb0e363fL, 0x72076785L, 0x05005713L,
0x95bf4a82L, 0xe2b87a14L, 0x7bb12baeL, 0x0cb61b38L,
0x92d28e9bL, 0xe5d5be0dL, 0x7cdcefb7L, 0x0bdbdf21L,
0x86d3d2d4L, 0xf1d4e242L, 0x68ddb3f8L, 0x1fda836eL,
0x81be16cdL, 0xf6b9265bL, 0x6fb077e1L, 0x18b74777L,
0x88085ae6L, 0xff0f6a70L, 0x66063bcaL, 0x11010b5cL,
0x8f659effL, 0xf862ae69L, 0x616bffd3L, 0x166ccf45L,
0xa00ae278L, 0xd70dd2eeL, 0x4e048354L, 0x3903b3c2L,
0xa7672661L, 0xd06016f7L, 0x4969474dL, 0x3e6e77dbL,
0xaed16a4aL, 0xd9d65adcL, 0x40df0b66L, 0x37d83bf0L,
0xa9bcae53L, 0xdebb9ec5L, 0x47b2cf7fL, 0x30b5ffe9L,
0xbdbdf21cL, 0xcabac28aL, 0x53b39330L, 0x24b4a3a6L,
0xbad03605L, 0xcdd70693L, 0x54de5729L, 0x23d967bfL,
0xb3667a2eL, 0xc4614ab8L, 0x5d681b02L, 0x2a6f2b94L,
0xb40bbe37L, 0xc30c8ea1L, 0x5a05df1bL, 0x2d02ef8dL
};
/* Return a 32-bit CRC of the contents of the buffer. */
u_int
ssh_crc32(const u_char *s, u_int len)
u_int32_t
ssh_crc32(const u_char *buf, u_int32_t size)
{
u_int i;
u_int crc32val;
u_int32_t i, crc;
crc32val = 0;
for (i = 0; i < len; i ++) {
crc32val = crc32_tab[(crc32val ^ s[i]) & 0xff] ^ (crc32val >> 8);
}
return crc32val;
crc = 0;
for (i = 0; i < size; i++)
crc = crc32tab[(crc ^ buf[i]) & 0xff] ^ (crc >> 8);
return crc;
}

41
crypto/openssh/crc32.h
View file

@ -1,21 +1,30 @@
/* $OpenBSD: crc32.h,v 1.13 2002/03/04 17:27:39 stevesk Exp $ */
/* $OpenBSD: crc32.h,v 1.14 2003/02/12 21:39:50 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1992 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
* Functions for computing 32-bit CRC.
* Copyright (c) 2003 Markus Friedl. All rights reserved.
*
* As far as I am concerned, the code I have written for this software
* can be used freely for any purpose. Any derived versions of this
* software must be clearly marked as such, and if the derived work is
* incompatible with the protocol description in the RFC file, it must be
* called by a name other than "ssh" or "Secure Shell".
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#ifndef CRC32_H
#define CRC32_H
u_int ssh_crc32(const u_char *, u_int);
#endif /* CRC32_H */
#ifndef SSH_CRC32_H
#define SSH_CRC32_H
u_int32_t ssh_crc32(const u_char *, u_int32_t);
#endif

16
crypto/openssh/defines.h
View file

@ -1,7 +1,7 @@
#ifndef _DEFINES_H
#define _DEFINES_H
/* $Id: defines.h,v 1.96 2002/09/26 00:38:48 tim Exp $ */
/* $Id: defines.h,v 1.97 2003/01/24 00:50:32 djm Exp $ */
/* Constants */
@ -370,6 +370,20 @@ struct winsize {
} while (0)
#endif
#ifndef TIMEVAL_TO_TIMESPEC
#define TIMEVAL_TO_TIMESPEC(tv, ts) { \
(ts)->tv_sec = (tv)->tv_sec; \
(ts)->tv_nsec = (tv)->tv_usec * 1000; \
}
#endif
#ifndef TIMESPEC_TO_TIMEVAL
#define TIMESPEC_TO_TIMEVAL(tv, ts) { \
(tv)->tv_sec = (ts)->tv_sec; \
(tv)->tv_usec = (ts)->tv_nsec / 1000; \
}
#endif
#ifndef __P
# define __P(x) x
#endif

6
crypto/openssh/dh.c
View file

@ -23,7 +23,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: dh.c,v 1.22 2002/06/27 08:49:44 markus Exp $");
RCSID("$OpenBSD: dh.c,v 1.23 2002/11/21 22:22:50 markus Exp $");
#include "xmalloc.h"
@ -182,7 +182,7 @@ dh_pub_is_valid(DH *dh, BIGNUM *dh_pub)
for (i = 0; i <= n; i++)
if (BN_is_bit_set(dh_pub, i))
bits_set++;
debug("bits set: %d/%d", bits_set, BN_num_bits(dh->p));
debug2("bits set: %d/%d", bits_set, BN_num_bits(dh->p));
/* if g==2 and bits_set==1 then computing log_g(dh_pub) is trivial */
if (bits_set > 1 && (BN_cmp(dh_pub, dh->p) == -1))
@ -214,7 +214,7 @@ dh_gen_key(DH *dh, int need)
for (i = 0; i <= BN_num_bits(dh->priv_key); i++)
if (BN_is_bit_set(dh->priv_key, i))
bits_set++;
debug("dh_gen_key: priv key bits set: %d/%d",
debug2("dh_gen_key: priv key bits set: %d/%d",
bits_set, BN_num_bits(dh->priv_key));
if (tries++ > 10)
fatal("dh_gen_key: too many bad keys: giving up");

49
crypto/openssh/fixpaths
View file

@ -1,43 +1,22 @@
#!/usr/bin/perl -w
#!/bin/sh
#
# fixpaths - substitute makefile variables into text files
# Usage: fixpaths -Dsomething=somethingelse ...
$usage = "Usage: $0 [-Dstring=replacement] [[infile] ...]\n";
if (!defined(@ARGV)) { die ("$usage"); }
# read in the command line and get some definitions
while ($_=$ARGV[0], /^-/) {
if (/^-D/) {
# definition
shift(@ARGV);
if ( /-D(.*)=(.*)/ ) {
$def{"$1"}=$2;
} else {
die ("$usage$0: error in command line arguments.\n");
}
} else {
@cmd = split(//, $ARGV[0]); $opt = $cmd[1];
die ("$usage$0: unknown option '-$opt'\n");
}
} # while parsing arguments
if (!defined(%def)) {
die ("$0: nothing to do - no substitutions listed!\n");
die() {
echo $*
exit -1
}
for $f (@ARGV) {
test -n "`echo $1|grep -- -D`" || \
die $0: nothing to do - no substitutions listed!
$f =~ /(.*\/)*(.*)$/;
test -n "`echo $1|grep -- '-D[^=]\+=[^ ]\+'`" || \
die $0: error in command line arguments.
open(IN, "<$f") || die ("$0: input file $f missing!\n");
while (<IN>) {
for $s (keys(%def)) {
s#$s#$def{$s}#;
} # for $s
print;
} # while <IN>
} # for $f
test -n "`echo $*|grep -- ' [^-]'`" || \
die Usage: $0 '[-Dstring=replacement] [[infile] ...]'
exit 0;
sed `echo $*|sed -e 's/-D\([^=]\+\)=\([^ ]*\)/-e s=\1=\2=g/g'`
exit 0

12
crypto/openssh/hostfile.h
View file

@ -1,4 +1,4 @@
/* $OpenBSD: hostfile.h,v 1.12 2002/09/08 20:24:08 markus Exp $ */
/* $OpenBSD: hostfile.h,v 1.13 2002/11/21 23:03:51 deraadt Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -19,10 +19,10 @@ typedef enum {
} HostStatus;
int hostfile_read_key(char **, u_int *, Key *);
HostStatus
check_host_in_hostfile(const char *, const char *, Key *, Key *, int *);
int add_host_to_hostfile(const char *, const char *, Key *);
int
lookup_key_in_hostfile_by_type(const char *, const char *, int , Key *, int *);
HostStatus check_host_in_hostfile(const char *, const char *,
Key *, Key *, int *);
int add_host_to_hostfile(const char *, const char *, Key *);
int lookup_key_in_hostfile_by_type(const char *, const char *,
int, Key *, int *);
#endif

4
crypto/openssh/includes.h
View file

@ -157,6 +157,10 @@ static /**/const char *const rcsid[] = { (char *)rcsid, "\100(#)" msg }
# include <tmpdir.h>
#endif
#ifdef HAVE_LIBUTIL_H
# include <libutil.h> /* Openpty on FreeBSD at least */
#endif
#include <openssl/opensslv.h> /* For OPENSSL_VERSION_NUMBER */
#include "defines.h"

67
crypto/openssh/kex.c
View file

@ -23,7 +23,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: kex.c,v 1.51 2002/06/24 14:55:38 markus Exp $");
RCSID("$OpenBSD: kex.c,v 1.55 2003/04/01 10:31:26 markus Exp $");
#include <openssl/crypto.h>
@ -44,11 +44,6 @@ RCSID("$OpenBSD: kex.c,v 1.51 2002/06/24 14:55:38 markus Exp $");
#define KEX_COOKIE_LEN 16
/* Use privilege separation for sshd */
int use_privsep;
struct monitor *pmonitor;
/* prototype */
static void kex_kexinit_finish(Kex *);
static void kex_choose_conf(Kex *);
@ -74,7 +69,7 @@ kex_prop2buf(Buffer *b, char *proposal[PROPOSAL_MAX])
/* parse buffer and return algorithm proposal */
static char **
kex_buf2prop(Buffer *raw)
kex_buf2prop(Buffer *raw, int *first_kex_follows)
{
Buffer b;
int i;
@ -94,6 +89,8 @@ kex_buf2prop(Buffer *raw)
}
/* first kex follows / reserved */
i = buffer_get_char(&b);
if (first_kex_follows != NULL)
*first_kex_follows = i;
debug2("kex_parse_kexinit: first_kex_follows %d ", i);
i = buffer_get_int(&b);
debug2("kex_parse_kexinit: reserved %d ", i);
@ -135,7 +132,7 @@ kex_finish(Kex *kex)
/* packet_write_wait(); */
debug("SSH2_MSG_NEWKEYS sent");
debug("waiting for SSH2_MSG_NEWKEYS");
debug("expecting SSH2_MSG_NEWKEYS");
packet_read_expect(SSH2_MSG_NEWKEYS);
packet_check_eom();
debug("SSH2_MSG_NEWKEYS received");
@ -235,14 +232,10 @@ kex_kexinit_finish(Kex *kex)
kex_choose_conf(kex);
switch (kex->kex_type) {
case DH_GRP1_SHA1:
kexdh(kex);
break;
case DH_GEX_SHA1:
kexgex(kex);
break;
default:
if (kex->kex_type >= 0 && kex->kex_type < KEX_MAX &&
kex->kex[kex->kex_type] != NULL) {
(kex->kex[kex->kex_type])(kex);
} else {
fatal("Unsupported key exchange %d", kex->kex_type);
}
}
@ -299,9 +292,9 @@ choose_kex(Kex *k, char *client, char *server)
if (k->name == NULL)
fatal("no kex alg");
if (strcmp(k->name, KEX_DH1) == 0) {
k->kex_type = DH_GRP1_SHA1;
k->kex_type = KEX_DH_GRP1_SHA1;
} else if (strcmp(k->name, KEX_DHGEX) == 0) {
k->kex_type = DH_GEX_SHA1;
k->kex_type = KEX_DH_GEX_SHA1;
} else
fatal("bad kex alg %s", k->name);
}
@ -317,6 +310,30 @@ choose_hostkeyalg(Kex *k, char *client, char *server)
xfree(hostkeyalg);
}
static int
proposals_match(char *my[PROPOSAL_MAX], char *peer[PROPOSAL_MAX])
{
static int check[] = {
PROPOSAL_KEX_ALGS, PROPOSAL_SERVER_HOST_KEY_ALGS, -1
};
int *idx;
char *p;
for (idx = &check[0]; *idx != -1; idx++) {
if ((p = strchr(my[*idx], ',')) != NULL)
*p = '\0';
if ((p = strchr(peer[*idx], ',')) != NULL)
*p = '\0';
if (strcmp(my[*idx], peer[*idx]) != 0) {
debug2("proposal mismatch: my %s peer %s",
my[*idx], peer[*idx]);
return (0);
}
}
debug2("proposals match");
return (1);
}
static void
kex_choose_conf(Kex *kex)
{
@ -327,9 +344,10 @@ kex_choose_conf(Kex *kex)
int mode;
int ctos; /* direction: if true client-to-server */
int need;
int first_kex_follows, type;
my = kex_buf2prop(&kex->my);
peer = kex_buf2prop(&kex->peer);
my = kex_buf2prop(&kex->my, NULL);
peer = kex_buf2prop(&kex->peer, &first_kex_follows);
if (kex->server) {
cprop=peer;
@ -373,6 +391,13 @@ kex_choose_conf(Kex *kex)
/* XXX need runden? */
kex->we_need = need;
/* ignore the next message if the proposals do not match */
if (first_kex_follows && !proposals_match(my, peer) &&
!(datafellows & SSH_BUG_FIRSTKEX)) {
type = packet_read();
debug2("skipping next packet (type %u)", type);
}
kex_prop_free(my);
kex_prop_free(peer);
}
@ -433,7 +458,7 @@ kex_derive_keys(Kex *kex, u_char *hash, BIGNUM *shared_secret)
for (i = 0; i < NKEYS; i++)
keys[i] = derive_key(kex, 'A'+i, kex->we_need, hash, shared_secret);
debug("kex_derive_keys");
debug2("kex_derive_keys");
for (mode = 0; mode < MODE_MAX; mode++) {
current_keys[mode] = kex->newkeys[mode];
kex->newkeys[mode] = NULL;

23
crypto/openssh/kex.h
View file

@ -1,4 +1,4 @@
/* $OpenBSD: kex.h,v 1.32 2002/09/09 14:54:14 markus Exp $ */
/* $OpenBSD: kex.h,v 1.33 2003/02/16 17:09:57 markus Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
@ -55,8 +55,9 @@ enum kex_modes {
};
enum kex_exchange {
DH_GRP1_SHA1,
DH_GEX_SHA1
KEX_DH_GRP1_SHA1,
KEX_DH_GEX_SHA1,
KEX_MAX
};
#define KEX_INIT_SENT 0x0001
@ -112,6 +113,7 @@ struct Kex {
int (*verify_host_key)(Key *);
Key *(*load_host_key)(int);
int (*host_key_index)(Key *);
void (*kex[KEX_MAX])(Kex *);
};
Kex *kex_setup(char *[PROPOSAL_MAX]);
@ -121,11 +123,20 @@ void kex_send_kexinit(Kex *);
void kex_input_kexinit(int, u_int32_t, void *);
void kex_derive_keys(Kex *, u_char *, BIGNUM *);
void kexdh(Kex *);
void kexgex(Kex *);
Newkeys *kex_get_newkeys(int);
void kexdh_client(Kex *);
void kexdh_server(Kex *);
void kexgex_client(Kex *);
void kexgex_server(Kex *);
u_char *
kex_dh_hash(char *, char *, char *, int, char *, int, u_char *, int,
BIGNUM *, BIGNUM *, BIGNUM *);
u_char *
kexgex_hash(char *, char *, char *, int, char *, int, u_char *, int,
int, int, int, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *);
#if defined(DEBUG_KEX) || defined(DEBUG_KEXDH)
void dump_digest(char *, u_char *, int);
#endif

234
crypto/openssh/kexdh.c
View file

@ -23,23 +23,16 @@
*/
#include "includes.h"
RCSID("$OpenBSD: kexdh.c,v 1.18 2002/03/18 17:50:31 provos Exp $");
RCSID("$OpenBSD: kexdh.c,v 1.19 2003/02/16 17:09:57 markus Exp $");
#include <openssl/crypto.h>
#include <openssl/bn.h>
#include <openssl/evp.h>
#include "xmalloc.h"
#include "buffer.h"
#include "bufaux.h"
#include "key.h"
#include "kex.h"
#include "log.h"
#include "packet.h"
#include "dh.h"
#include "ssh2.h"
#include "monitor_wrap.h"
#include "kex.h"
static u_char *
u_char *
kex_dh_hash(
char *client_version_string,
char *server_version_string,
@ -86,222 +79,3 @@ kex_dh_hash(
#endif
return digest;
}
/* client */
static void
kexdh_client(Kex *kex)
{
BIGNUM *dh_server_pub = NULL, *shared_secret = NULL;
DH *dh;
Key *server_host_key;
u_char *server_host_key_blob = NULL, *signature = NULL;
u_char *kbuf, *hash;
u_int klen, kout, slen, sbloblen;
/* generate and send 'e', client DH public key */
dh = dh_new_group1();
dh_gen_key(dh, kex->we_need * 8);
packet_start(SSH2_MSG_KEXDH_INIT);
packet_put_bignum2(dh->pub_key);
packet_send();
debug("sending SSH2_MSG_KEXDH_INIT");
#ifdef DEBUG_KEXDH
DHparams_print_fp(stderr, dh);
fprintf(stderr, "pub= ");
BN_print_fp(stderr, dh->pub_key);
fprintf(stderr, "\n");
#endif
debug("expecting SSH2_MSG_KEXDH_REPLY");
packet_read_expect(SSH2_MSG_KEXDH_REPLY);
/* key, cert */
server_host_key_blob = packet_get_string(&sbloblen);
server_host_key = key_from_blob(server_host_key_blob, sbloblen);
if (server_host_key == NULL)
fatal("cannot decode server_host_key_blob");
if (server_host_key->type != kex->hostkey_type)
fatal("type mismatch for decoded server_host_key_blob");
if (kex->verify_host_key == NULL)
fatal("cannot verify server_host_key");
if (kex->verify_host_key(server_host_key) == -1)
fatal("server_host_key verification failed");
/* DH paramter f, server public DH key */
if ((dh_server_pub = BN_new()) == NULL)
fatal("dh_server_pub == NULL");
packet_get_bignum2(dh_server_pub);
#ifdef DEBUG_KEXDH
fprintf(stderr, "dh_server_pub= ");
BN_print_fp(stderr, dh_server_pub);
fprintf(stderr, "\n");
debug("bits %d", BN_num_bits(dh_server_pub));
#endif
/* signed H */
signature = packet_get_string(&slen);
packet_check_eom();
if (!dh_pub_is_valid(dh, dh_server_pub))
packet_disconnect("bad server public DH value");
klen = DH_size(dh);
kbuf = xmalloc(klen);
kout = DH_compute_key(kbuf, dh_server_pub, dh);
#ifdef DEBUG_KEXDH
dump_digest("shared secret", kbuf, kout);
#endif
if ((shared_secret = BN_new()) == NULL)
fatal("kexdh_client: BN_new failed");
BN_bin2bn(kbuf, kout, shared_secret);
memset(kbuf, 0, klen);
xfree(kbuf);
/* calc and verify H */
hash = kex_dh_hash(
kex->client_version_string,
kex->server_version_string,
buffer_ptr(&kex->my), buffer_len(&kex->my),
buffer_ptr(&kex->peer), buffer_len(&kex->peer),
server_host_key_blob, sbloblen,
dh->pub_key,
dh_server_pub,
shared_secret
);
xfree(server_host_key_blob);
BN_clear_free(dh_server_pub);
DH_free(dh);
if (key_verify(server_host_key, signature, slen, hash, 20) != 1)
fatal("key_verify failed for server_host_key");
key_free(server_host_key);
xfree(signature);
/* save session id */
if (kex->session_id == NULL) {
kex->session_id_len = 20;
kex->session_id = xmalloc(kex->session_id_len);
memcpy(kex->session_id, hash, kex->session_id_len);
}
kex_derive_keys(kex, hash, shared_secret);
BN_clear_free(shared_secret);
kex_finish(kex);
}
/* server */
static void
kexdh_server(Kex *kex)
{
BIGNUM *shared_secret = NULL, *dh_client_pub = NULL;
DH *dh;
Key *server_host_key;
u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL;
u_int sbloblen, klen, kout;
u_int slen;
/* generate server DH public key */
dh = dh_new_group1();
dh_gen_key(dh, kex->we_need * 8);
debug("expecting SSH2_MSG_KEXDH_INIT");
packet_read_expect(SSH2_MSG_KEXDH_INIT);
if (kex->load_host_key == NULL)
fatal("Cannot load hostkey");
server_host_key = kex->load_host_key(kex->hostkey_type);
if (server_host_key == NULL)
fatal("Unsupported hostkey type %d", kex->hostkey_type);
/* key, cert */
if ((dh_client_pub = BN_new()) == NULL)
fatal("dh_client_pub == NULL");
packet_get_bignum2(dh_client_pub);
packet_check_eom();
#ifdef DEBUG_KEXDH
fprintf(stderr, "dh_client_pub= ");
BN_print_fp(stderr, dh_client_pub);
fprintf(stderr, "\n");
debug("bits %d", BN_num_bits(dh_client_pub));
#endif
#ifdef DEBUG_KEXDH
DHparams_print_fp(stderr, dh);
fprintf(stderr, "pub= ");
BN_print_fp(stderr, dh->pub_key);
fprintf(stderr, "\n");
#endif
if (!dh_pub_is_valid(dh, dh_client_pub))
packet_disconnect("bad client public DH value");
klen = DH_size(dh);
kbuf = xmalloc(klen);
kout = DH_compute_key(kbuf, dh_client_pub, dh);
#ifdef DEBUG_KEXDH
dump_digest("shared secret", kbuf, kout);
#endif
if ((shared_secret = BN_new()) == NULL)
fatal("kexdh_server: BN_new failed");
BN_bin2bn(kbuf, kout, shared_secret);
memset(kbuf, 0, klen);
xfree(kbuf);
key_to_blob(server_host_key, &server_host_key_blob, &sbloblen);
/* calc H */
hash = kex_dh_hash(
kex->client_version_string,
kex->server_version_string,
buffer_ptr(&kex->peer), buffer_len(&kex->peer),
buffer_ptr(&kex->my), buffer_len(&kex->my),
server_host_key_blob, sbloblen,
dh_client_pub,
dh->pub_key,
shared_secret
);
BN_clear_free(dh_client_pub);
/* save session id := H */
/* XXX hashlen depends on KEX */
if (kex->session_id == NULL) {
kex->session_id_len = 20;
kex->session_id = xmalloc(kex->session_id_len);
memcpy(kex->session_id, hash, kex->session_id_len);
}
/* sign H */
/* XXX hashlen depends on KEX */
PRIVSEP(key_sign(server_host_key, &signature, &slen, hash, 20));
/* destroy_sensitive_data(); */
/* send server hostkey, DH pubkey 'f' and singed H */
packet_start(SSH2_MSG_KEXDH_REPLY);
packet_put_string(server_host_key_blob, sbloblen);
packet_put_bignum2(dh->pub_key); /* f */
packet_put_string(signature, slen);
packet_send();
xfree(signature);
xfree(server_host_key_blob);
/* have keys, free DH */
DH_free(dh);
kex_derive_keys(kex, hash, shared_secret);
BN_clear_free(shared_secret);
kex_finish(kex);
}
void
kexdh(Kex *kex)
{
if (kex->server)
kexdh_server(kex);
else
kexdh_client(kex);
}

137
crypto/openssh/kexdhc.c Normal file
View file

@ -0,0 +1,137 @@
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
RCSID("$OpenBSD: kexdhc.c,v 1.1 2003/02/16 17:09:57 markus Exp $");
#include "xmalloc.h"
#include "key.h"
#include "kex.h"
#include "log.h"
#include "packet.h"
#include "dh.h"
#include "ssh2.h"
void
kexdh_client(Kex *kex)
{
BIGNUM *dh_server_pub = NULL, *shared_secret = NULL;
DH *dh;
Key *server_host_key;
u_char *server_host_key_blob = NULL, *signature = NULL;
u_char *kbuf, *hash;
u_int klen, kout, slen, sbloblen;
/* generate and send 'e', client DH public key */
dh = dh_new_group1();
dh_gen_key(dh, kex->we_need * 8);
packet_start(SSH2_MSG_KEXDH_INIT);
packet_put_bignum2(dh->pub_key);
packet_send();
debug("sending SSH2_MSG_KEXDH_INIT");
#ifdef DEBUG_KEXDH
DHparams_print_fp(stderr, dh);
fprintf(stderr, "pub= ");
BN_print_fp(stderr, dh->pub_key);
fprintf(stderr, "\n");
#endif
debug("expecting SSH2_MSG_KEXDH_REPLY");
packet_read_expect(SSH2_MSG_KEXDH_REPLY);
/* key, cert */
server_host_key_blob = packet_get_string(&sbloblen);
server_host_key = key_from_blob(server_host_key_blob, sbloblen);
if (server_host_key == NULL)
fatal("cannot decode server_host_key_blob");
if (server_host_key->type != kex->hostkey_type)
fatal("type mismatch for decoded server_host_key_blob");
if (kex->verify_host_key == NULL)
fatal("cannot verify server_host_key");
if (kex->verify_host_key(server_host_key) == -1)
fatal("server_host_key verification failed");
/* DH paramter f, server public DH key */
if ((dh_server_pub = BN_new()) == NULL)
fatal("dh_server_pub == NULL");
packet_get_bignum2(dh_server_pub);
#ifdef DEBUG_KEXDH
fprintf(stderr, "dh_server_pub= ");
BN_print_fp(stderr, dh_server_pub);
fprintf(stderr, "\n");
debug("bits %d", BN_num_bits(dh_server_pub));
#endif
/* signed H */
signature = packet_get_string(&slen);
packet_check_eom();
if (!dh_pub_is_valid(dh, dh_server_pub))
packet_disconnect("bad server public DH value");
klen = DH_size(dh);
kbuf = xmalloc(klen);
kout = DH_compute_key(kbuf, dh_server_pub, dh);
#ifdef DEBUG_KEXDH
dump_digest("shared secret", kbuf, kout);
#endif
if ((shared_secret = BN_new()) == NULL)
fatal("kexdh_client: BN_new failed");
BN_bin2bn(kbuf, kout, shared_secret);
memset(kbuf, 0, klen);
xfree(kbuf);
/* calc and verify H */
hash = kex_dh_hash(
kex->client_version_string,
kex->server_version_string,
buffer_ptr(&kex->my), buffer_len(&kex->my),
buffer_ptr(&kex->peer), buffer_len(&kex->peer),
server_host_key_blob, sbloblen,
dh->pub_key,
dh_server_pub,
shared_secret
);
xfree(server_host_key_blob);
BN_clear_free(dh_server_pub);
DH_free(dh);
if (key_verify(server_host_key, signature, slen, hash, 20) != 1)
fatal("key_verify failed for server_host_key");
key_free(server_host_key);
xfree(signature);
/* save session id */
if (kex->session_id == NULL) {
kex->session_id_len = 20;
kex->session_id = xmalloc(kex->session_id_len);
memcpy(kex->session_id, hash, kex->session_id_len);
}
kex_derive_keys(kex, hash, shared_secret);
BN_clear_free(shared_secret);
kex_finish(kex);
}

138
crypto/openssh/kexdhs.c Normal file
View file

@ -0,0 +1,138 @@
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
RCSID("$OpenBSD: kexdhs.c,v 1.1 2003/02/16 17:09:57 markus Exp $");
#include "xmalloc.h"
#include "key.h"
#include "kex.h"
#include "log.h"
#include "packet.h"
#include "dh.h"
#include "ssh2.h"
#include "monitor_wrap.h"
void
kexdh_server(Kex *kex)
{
BIGNUM *shared_secret = NULL, *dh_client_pub = NULL;
DH *dh;
Key *server_host_key;
u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL;
u_int sbloblen, klen, kout;
u_int slen;
/* generate server DH public key */
dh = dh_new_group1();
dh_gen_key(dh, kex->we_need * 8);
debug("expecting SSH2_MSG_KEXDH_INIT");
packet_read_expect(SSH2_MSG_KEXDH_INIT);
if (kex->load_host_key == NULL)
fatal("Cannot load hostkey");
server_host_key = kex->load_host_key(kex->hostkey_type);
if (server_host_key == NULL)
fatal("Unsupported hostkey type %d", kex->hostkey_type);
/* key, cert */
if ((dh_client_pub = BN_new()) == NULL)
fatal("dh_client_pub == NULL");
packet_get_bignum2(dh_client_pub);
packet_check_eom();
#ifdef DEBUG_KEXDH
fprintf(stderr, "dh_client_pub= ");
BN_print_fp(stderr, dh_client_pub);
fprintf(stderr, "\n");
debug("bits %d", BN_num_bits(dh_client_pub));
#endif
#ifdef DEBUG_KEXDH
DHparams_print_fp(stderr, dh);
fprintf(stderr, "pub= ");
BN_print_fp(stderr, dh->pub_key);
fprintf(stderr, "\n");
#endif
if (!dh_pub_is_valid(dh, dh_client_pub))
packet_disconnect("bad client public DH value");
klen = DH_size(dh);
kbuf = xmalloc(klen);
kout = DH_compute_key(kbuf, dh_client_pub, dh);
#ifdef DEBUG_KEXDH
dump_digest("shared secret", kbuf, kout);
#endif
if ((shared_secret = BN_new()) == NULL)
fatal("kexdh_server: BN_new failed");
BN_bin2bn(kbuf, kout, shared_secret);
memset(kbuf, 0, klen);
xfree(kbuf);
key_to_blob(server_host_key, &server_host_key_blob, &sbloblen);
/* calc H */
hash = kex_dh_hash(
kex->client_version_string,
kex->server_version_string,
buffer_ptr(&kex->peer), buffer_len(&kex->peer),
buffer_ptr(&kex->my), buffer_len(&kex->my),
server_host_key_blob, sbloblen,
dh_client_pub,
dh->pub_key,
shared_secret
);
BN_clear_free(dh_client_pub);
/* save session id := H */
/* XXX hashlen depends on KEX */
if (kex->session_id == NULL) {
kex->session_id_len = 20;
kex->session_id = xmalloc(kex->session_id_len);
memcpy(kex->session_id, hash, kex->session_id_len);
}
/* sign H */
/* XXX hashlen depends on KEX */
PRIVSEP(key_sign(server_host_key, &signature, &slen, hash, 20));
/* destroy_sensitive_data(); */
/* send server hostkey, DH pubkey 'f' and singed H */
packet_start(SSH2_MSG_KEXDH_REPLY);
packet_put_string(server_host_key_blob, sbloblen);
packet_put_bignum2(dh->pub_key); /* f */
packet_put_string(signature, slen);
packet_send();
xfree(signature);
xfree(server_host_key_blob);
/* have keys, free DH */
DH_free(dh);
kex_derive_keys(kex, hash, shared_secret);
BN_clear_free(shared_secret);
kex_finish(kex);
}

328
crypto/openssh/kexgex.c
View file

@ -24,23 +24,16 @@
*/
#include "includes.h"
RCSID("$OpenBSD: kexgex.c,v 1.22 2002/03/24 17:27:03 stevesk Exp $");
RCSID("$OpenBSD: kexgex.c,v 1.23 2003/02/16 17:09:57 markus Exp $");
#include <openssl/bn.h>
#include <openssl/evp.h>
#include "xmalloc.h"
#include "buffer.h"
#include "bufaux.h"
#include "key.h"
#include "kex.h"
#include "log.h"
#include "packet.h"
#include "dh.h"
#include "ssh2.h"
#include "compat.h"
#include "monitor_wrap.h"
static u_char *
u_char *
kexgex_hash(
char *client_version_string,
char *server_version_string,
@ -97,318 +90,3 @@ kexgex_hash(
#endif
return digest;
}
/* client */
static void
kexgex_client(Kex *kex)
{
BIGNUM *dh_server_pub = NULL, *shared_secret = NULL;
BIGNUM *p = NULL, *g = NULL;
Key *server_host_key;
u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL;
u_int klen, kout, slen, sbloblen;
int min, max, nbits;
DH *dh;
nbits = dh_estimate(kex->we_need * 8);
if (datafellows & SSH_OLD_DHGEX) {
debug("SSH2_MSG_KEX_DH_GEX_REQUEST_OLD sent");
/* Old GEX request */
packet_start(SSH2_MSG_KEX_DH_GEX_REQUEST_OLD);
packet_put_int(nbits);
min = DH_GRP_MIN;
max = DH_GRP_MAX;
} else {
debug("SSH2_MSG_KEX_DH_GEX_REQUEST sent");
/* New GEX request */
min = DH_GRP_MIN;
max = DH_GRP_MAX;
packet_start(SSH2_MSG_KEX_DH_GEX_REQUEST);
packet_put_int(min);
packet_put_int(nbits);
packet_put_int(max);
}
#ifdef DEBUG_KEXDH
fprintf(stderr, "\nmin = %d, nbits = %d, max = %d\n",
min, nbits, max);
#endif
packet_send();
debug("expecting SSH2_MSG_KEX_DH_GEX_GROUP");
packet_read_expect(SSH2_MSG_KEX_DH_GEX_GROUP);
if ((p = BN_new()) == NULL)
fatal("BN_new");
packet_get_bignum2(p);
if ((g = BN_new()) == NULL)
fatal("BN_new");
packet_get_bignum2(g);
packet_check_eom();
if (BN_num_bits(p) < min || BN_num_bits(p) > max)
fatal("DH_GEX group out of range: %d !< %d !< %d",
min, BN_num_bits(p), max);
dh = dh_new_group(g, p);
dh_gen_key(dh, kex->we_need * 8);
#ifdef DEBUG_KEXDH
DHparams_print_fp(stderr, dh);
fprintf(stderr, "pub= ");
BN_print_fp(stderr, dh->pub_key);
fprintf(stderr, "\n");
#endif
debug("SSH2_MSG_KEX_DH_GEX_INIT sent");
/* generate and send 'e', client DH public key */
packet_start(SSH2_MSG_KEX_DH_GEX_INIT);
packet_put_bignum2(dh->pub_key);
packet_send();
debug("expecting SSH2_MSG_KEX_DH_GEX_REPLY");
packet_read_expect(SSH2_MSG_KEX_DH_GEX_REPLY);
/* key, cert */
server_host_key_blob = packet_get_string(&sbloblen);
server_host_key = key_from_blob(server_host_key_blob, sbloblen);
if (server_host_key == NULL)
fatal("cannot decode server_host_key_blob");
if (server_host_key->type != kex->hostkey_type)
fatal("type mismatch for decoded server_host_key_blob");
if (kex->verify_host_key == NULL)
fatal("cannot verify server_host_key");
if (kex->verify_host_key(server_host_key) == -1)
fatal("server_host_key verification failed");
/* DH paramter f, server public DH key */
if ((dh_server_pub = BN_new()) == NULL)
fatal("dh_server_pub == NULL");
packet_get_bignum2(dh_server_pub);
#ifdef DEBUG_KEXDH
fprintf(stderr, "dh_server_pub= ");
BN_print_fp(stderr, dh_server_pub);
fprintf(stderr, "\n");
debug("bits %d", BN_num_bits(dh_server_pub));
#endif
/* signed H */
signature = packet_get_string(&slen);
packet_check_eom();
if (!dh_pub_is_valid(dh, dh_server_pub))
packet_disconnect("bad server public DH value");
klen = DH_size(dh);
kbuf = xmalloc(klen);
kout = DH_compute_key(kbuf, dh_server_pub, dh);
#ifdef DEBUG_KEXDH
dump_digest("shared secret", kbuf, kout);
#endif
if ((shared_secret = BN_new()) == NULL)
fatal("kexgex_client: BN_new failed");
BN_bin2bn(kbuf, kout, shared_secret);
memset(kbuf, 0, klen);
xfree(kbuf);
if (datafellows & SSH_OLD_DHGEX)
min = max = -1;
/* calc and verify H */
hash = kexgex_hash(
kex->client_version_string,
kex->server_version_string,
buffer_ptr(&kex->my), buffer_len(&kex->my),
buffer_ptr(&kex->peer), buffer_len(&kex->peer),
server_host_key_blob, sbloblen,
min, nbits, max,
dh->p, dh->g,
dh->pub_key,
dh_server_pub,
shared_secret
);
/* have keys, free DH */
DH_free(dh);
xfree(server_host_key_blob);
BN_clear_free(dh_server_pub);
if (key_verify(server_host_key, signature, slen, hash, 20) != 1)
fatal("key_verify failed for server_host_key");
key_free(server_host_key);
xfree(signature);
/* save session id */
if (kex->session_id == NULL) {
kex->session_id_len = 20;
kex->session_id = xmalloc(kex->session_id_len);
memcpy(kex->session_id, hash, kex->session_id_len);
}
kex_derive_keys(kex, hash, shared_secret);
BN_clear_free(shared_secret);
kex_finish(kex);
}
/* server */
static void
kexgex_server(Kex *kex)
{
BIGNUM *shared_secret = NULL, *dh_client_pub = NULL;
Key *server_host_key;
DH *dh;
u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL;
u_int sbloblen, klen, kout, slen;
int min = -1, max = -1, nbits = -1, type;
if (kex->load_host_key == NULL)
fatal("Cannot load hostkey");
server_host_key = kex->load_host_key(kex->hostkey_type);
if (server_host_key == NULL)
fatal("Unsupported hostkey type %d", kex->hostkey_type);
type = packet_read();
switch (type) {
case SSH2_MSG_KEX_DH_GEX_REQUEST:
debug("SSH2_MSG_KEX_DH_GEX_REQUEST received");
min = packet_get_int();
nbits = packet_get_int();
max = packet_get_int();
min = MAX(DH_GRP_MIN, min);
max = MIN(DH_GRP_MAX, max);
break;
case SSH2_MSG_KEX_DH_GEX_REQUEST_OLD:
debug("SSH2_MSG_KEX_DH_GEX_REQUEST_OLD received");
nbits = packet_get_int();
min = DH_GRP_MIN;
max = DH_GRP_MAX;
/* unused for old GEX */
break;
default:
fatal("protocol error during kex, no DH_GEX_REQUEST: %d", type);
}
packet_check_eom();
if (max < min || nbits < min || max < nbits)
fatal("DH_GEX_REQUEST, bad parameters: %d !< %d !< %d",
min, nbits, max);
/* Contact privileged parent */
dh = PRIVSEP(choose_dh(min, nbits, max));
if (dh == NULL)
packet_disconnect("Protocol error: no matching DH grp found");
debug("SSH2_MSG_KEX_DH_GEX_GROUP sent");
packet_start(SSH2_MSG_KEX_DH_GEX_GROUP);
packet_put_bignum2(dh->p);
packet_put_bignum2(dh->g);
packet_send();
/* flush */
packet_write_wait();
/* Compute our exchange value in parallel with the client */
dh_gen_key(dh, kex->we_need * 8);
debug("expecting SSH2_MSG_KEX_DH_GEX_INIT");
packet_read_expect(SSH2_MSG_KEX_DH_GEX_INIT);
/* key, cert */
if ((dh_client_pub = BN_new()) == NULL)
fatal("dh_client_pub == NULL");
packet_get_bignum2(dh_client_pub);
packet_check_eom();
#ifdef DEBUG_KEXDH
fprintf(stderr, "dh_client_pub= ");
BN_print_fp(stderr, dh_client_pub);
fprintf(stderr, "\n");
debug("bits %d", BN_num_bits(dh_client_pub));
#endif
#ifdef DEBUG_KEXDH
DHparams_print_fp(stderr, dh);
fprintf(stderr, "pub= ");
BN_print_fp(stderr, dh->pub_key);
fprintf(stderr, "\n");
#endif
if (!dh_pub_is_valid(dh, dh_client_pub))
packet_disconnect("bad client public DH value");
klen = DH_size(dh);
kbuf = xmalloc(klen);
kout = DH_compute_key(kbuf, dh_client_pub, dh);
#ifdef DEBUG_KEXDH
dump_digest("shared secret", kbuf, kout);
#endif
if ((shared_secret = BN_new()) == NULL)
fatal("kexgex_server: BN_new failed");
BN_bin2bn(kbuf, kout, shared_secret);
memset(kbuf, 0, klen);
xfree(kbuf);
key_to_blob(server_host_key, &server_host_key_blob, &sbloblen);
if (type == SSH2_MSG_KEX_DH_GEX_REQUEST_OLD)
min = max = -1;
/* calc H */ /* XXX depends on 'kex' */
hash = kexgex_hash(
kex->client_version_string,
kex->server_version_string,
buffer_ptr(&kex->peer), buffer_len(&kex->peer),
buffer_ptr(&kex->my), buffer_len(&kex->my),
server_host_key_blob, sbloblen,
min, nbits, max,
dh->p, dh->g,
dh_client_pub,
dh->pub_key,
shared_secret
);
BN_clear_free(dh_client_pub);
/* save session id := H */
/* XXX hashlen depends on KEX */
if (kex->session_id == NULL) {
kex->session_id_len = 20;
kex->session_id = xmalloc(kex->session_id_len);
memcpy(kex->session_id, hash, kex->session_id_len);
}
/* sign H */
/* XXX hashlen depends on KEX */
PRIVSEP(key_sign(server_host_key, &signature, &slen, hash, 20));
/* destroy_sensitive_data(); */
/* send server hostkey, DH pubkey 'f' and singed H */
debug("SSH2_MSG_KEX_DH_GEX_REPLY sent");
packet_start(SSH2_MSG_KEX_DH_GEX_REPLY);
packet_put_string(server_host_key_blob, sbloblen);
packet_put_bignum2(dh->pub_key); /* f */
packet_put_string(signature, slen);
packet_send();
xfree(signature);
xfree(server_host_key_blob);
/* have keys, free DH */
DH_free(dh);
kex_derive_keys(kex, hash, shared_secret);
BN_clear_free(shared_secret);
kex_finish(kex);
}
void
kexgex(Kex *kex)
{
if (kex->server)
kexgex_server(kex);
else
kexgex_client(kex);
}

189
crypto/openssh/kexgexc.c Normal file
View file

@ -0,0 +1,189 @@
/*
* Copyright (c) 2000 Niels Provos. All rights reserved.
* Copyright (c) 2001 Markus Friedl. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
RCSID("$OpenBSD: kexgexc.c,v 1.1 2003/02/16 17:09:57 markus Exp $");
#include "xmalloc.h"
#include "key.h"
#include "kex.h"
#include "log.h"
#include "packet.h"
#include "dh.h"
#include "ssh2.h"
#include "compat.h"
void
kexgex_client(Kex *kex)
{
BIGNUM *dh_server_pub = NULL, *shared_secret = NULL;
BIGNUM *p = NULL, *g = NULL;
Key *server_host_key;
u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL;
u_int klen, kout, slen, sbloblen;
int min, max, nbits;
DH *dh;
nbits = dh_estimate(kex->we_need * 8);
if (datafellows & SSH_OLD_DHGEX) {
debug("SSH2_MSG_KEX_DH_GEX_REQUEST_OLD sent");
/* Old GEX request */
packet_start(SSH2_MSG_KEX_DH_GEX_REQUEST_OLD);
packet_put_int(nbits);
min = DH_GRP_MIN;
max = DH_GRP_MAX;
} else {
debug("SSH2_MSG_KEX_DH_GEX_REQUEST sent");
/* New GEX request */
min = DH_GRP_MIN;
max = DH_GRP_MAX;
packet_start(SSH2_MSG_KEX_DH_GEX_REQUEST);
packet_put_int(min);
packet_put_int(nbits);
packet_put_int(max);
}
#ifdef DEBUG_KEXDH
fprintf(stderr, "\nmin = %d, nbits = %d, max = %d\n",
min, nbits, max);
#endif
packet_send();
debug("expecting SSH2_MSG_KEX_DH_GEX_GROUP");
packet_read_expect(SSH2_MSG_KEX_DH_GEX_GROUP);
if ((p = BN_new()) == NULL)
fatal("BN_new");
packet_get_bignum2(p);
if ((g = BN_new()) == NULL)
fatal("BN_new");
packet_get_bignum2(g);
packet_check_eom();
if (BN_num_bits(p) < min || BN_num_bits(p) > max)
fatal("DH_GEX group out of range: %d !< %d !< %d",
min, BN_num_bits(p), max);
dh = dh_new_group(g, p);
dh_gen_key(dh, kex->we_need * 8);
#ifdef DEBUG_KEXDH
DHparams_print_fp(stderr, dh);
fprintf(stderr, "pub= ");
BN_print_fp(stderr, dh->pub_key);
fprintf(stderr, "\n");
#endif
debug("SSH2_MSG_KEX_DH_GEX_INIT sent");
/* generate and send 'e', client DH public key */
packet_start(SSH2_MSG_KEX_DH_GEX_INIT);
packet_put_bignum2(dh->pub_key);
packet_send();
debug("expecting SSH2_MSG_KEX_DH_GEX_REPLY");
packet_read_expect(SSH2_MSG_KEX_DH_GEX_REPLY);
/* key, cert */
server_host_key_blob = packet_get_string(&sbloblen);
server_host_key = key_from_blob(server_host_key_blob, sbloblen);
if (server_host_key == NULL)
fatal("cannot decode server_host_key_blob");
if (server_host_key->type != kex->hostkey_type)
fatal("type mismatch for decoded server_host_key_blob");
if (kex->verify_host_key == NULL)
fatal("cannot verify server_host_key");
if (kex->verify_host_key(server_host_key) == -1)
fatal("server_host_key verification failed");
/* DH paramter f, server public DH key */
if ((dh_server_pub = BN_new()) == NULL)
fatal("dh_server_pub == NULL");
packet_get_bignum2(dh_server_pub);
#ifdef DEBUG_KEXDH
fprintf(stderr, "dh_server_pub= ");
BN_print_fp(stderr, dh_server_pub);
fprintf(stderr, "\n");
debug("bits %d", BN_num_bits(dh_server_pub));
#endif
/* signed H */
signature = packet_get_string(&slen);
packet_check_eom();
if (!dh_pub_is_valid(dh, dh_server_pub))
packet_disconnect("bad server public DH value");
klen = DH_size(dh);
kbuf = xmalloc(klen);
kout = DH_compute_key(kbuf, dh_server_pub, dh);
#ifdef DEBUG_KEXDH
dump_digest("shared secret", kbuf, kout);
#endif
if ((shared_secret = BN_new()) == NULL)
fatal("kexgex_client: BN_new failed");
BN_bin2bn(kbuf, kout, shared_secret);
memset(kbuf, 0, klen);
xfree(kbuf);
if (datafellows & SSH_OLD_DHGEX)
min = max = -1;
/* calc and verify H */
hash = kexgex_hash(
kex->client_version_string,
kex->server_version_string,
buffer_ptr(&kex->my), buffer_len(&kex->my),
buffer_ptr(&kex->peer), buffer_len(&kex->peer),
server_host_key_blob, sbloblen,
min, nbits, max,
dh->p, dh->g,
dh->pub_key,
dh_server_pub,
shared_secret
);
/* have keys, free DH */
DH_free(dh);
xfree(server_host_key_blob);
BN_clear_free(dh_server_pub);
if (key_verify(server_host_key, signature, slen, hash, 20) != 1)
fatal("key_verify failed for server_host_key");
key_free(server_host_key);
xfree(signature);
/* save session id */
if (kex->session_id == NULL) {
kex->session_id_len = 20;
kex->session_id = xmalloc(kex->session_id_len);
memcpy(kex->session_id, hash, kex->session_id_len);
}
kex_derive_keys(kex, hash, shared_secret);
BN_clear_free(shared_secret);
kex_finish(kex);
}

186
crypto/openssh/kexgexs.c Normal file
View file

@ -0,0 +1,186 @@
/*
* Copyright (c) 2000 Niels Provos. All rights reserved.
* Copyright (c) 2001 Markus Friedl. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
RCSID("$OpenBSD: kexgexs.c,v 1.1 2003/02/16 17:09:57 markus Exp $");
#include "xmalloc.h"
#include "key.h"
#include "kex.h"
#include "log.h"
#include "packet.h"
#include "dh.h"
#include "ssh2.h"
#include "compat.h"
#include "monitor_wrap.h"
void
kexgex_server(Kex *kex)
{
BIGNUM *shared_secret = NULL, *dh_client_pub = NULL;
Key *server_host_key;
DH *dh;
u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL;
u_int sbloblen, klen, kout, slen;
int min = -1, max = -1, nbits = -1, type;
if (kex->load_host_key == NULL)
fatal("Cannot load hostkey");
server_host_key = kex->load_host_key(kex->hostkey_type);
if (server_host_key == NULL)
fatal("Unsupported hostkey type %d", kex->hostkey_type);
type = packet_read();
switch (type) {
case SSH2_MSG_KEX_DH_GEX_REQUEST:
debug("SSH2_MSG_KEX_DH_GEX_REQUEST received");
min = packet_get_int();
nbits = packet_get_int();
max = packet_get_int();
min = MAX(DH_GRP_MIN, min);
max = MIN(DH_GRP_MAX, max);
break;
case SSH2_MSG_KEX_DH_GEX_REQUEST_OLD:
debug("SSH2_MSG_KEX_DH_GEX_REQUEST_OLD received");
nbits = packet_get_int();
min = DH_GRP_MIN;
max = DH_GRP_MAX;
/* unused for old GEX */
break;
default:
fatal("protocol error during kex, no DH_GEX_REQUEST: %d", type);
}
packet_check_eom();
if (max < min || nbits < min || max < nbits)
fatal("DH_GEX_REQUEST, bad parameters: %d !< %d !< %d",
min, nbits, max);
/* Contact privileged parent */
dh = PRIVSEP(choose_dh(min, nbits, max));
if (dh == NULL)
packet_disconnect("Protocol error: no matching DH grp found");
debug("SSH2_MSG_KEX_DH_GEX_GROUP sent");
packet_start(SSH2_MSG_KEX_DH_GEX_GROUP);
packet_put_bignum2(dh->p);
packet_put_bignum2(dh->g);
packet_send();
/* flush */
packet_write_wait();
/* Compute our exchange value in parallel with the client */
dh_gen_key(dh, kex->we_need * 8);
debug("expecting SSH2_MSG_KEX_DH_GEX_INIT");
packet_read_expect(SSH2_MSG_KEX_DH_GEX_INIT);
/* key, cert */
if ((dh_client_pub = BN_new()) == NULL)
fatal("dh_client_pub == NULL");
packet_get_bignum2(dh_client_pub);
packet_check_eom();
#ifdef DEBUG_KEXDH
fprintf(stderr, "dh_client_pub= ");
BN_print_fp(stderr, dh_client_pub);
fprintf(stderr, "\n");
debug("bits %d", BN_num_bits(dh_client_pub));
#endif
#ifdef DEBUG_KEXDH
DHparams_print_fp(stderr, dh);
fprintf(stderr, "pub= ");
BN_print_fp(stderr, dh->pub_key);
fprintf(stderr, "\n");
#endif
if (!dh_pub_is_valid(dh, dh_client_pub))
packet_disconnect("bad client public DH value");
klen = DH_size(dh);
kbuf = xmalloc(klen);
kout = DH_compute_key(kbuf, dh_client_pub, dh);
#ifdef DEBUG_KEXDH
dump_digest("shared secret", kbuf, kout);
#endif
if ((shared_secret = BN_new()) == NULL)
fatal("kexgex_server: BN_new failed");
BN_bin2bn(kbuf, kout, shared_secret);
memset(kbuf, 0, klen);
xfree(kbuf);
key_to_blob(server_host_key, &server_host_key_blob, &sbloblen);
if (type == SSH2_MSG_KEX_DH_GEX_REQUEST_OLD)
min = max = -1;
/* calc H */ /* XXX depends on 'kex' */
hash = kexgex_hash(
kex->client_version_string,
kex->server_version_string,
buffer_ptr(&kex->peer), buffer_len(&kex->peer),
buffer_ptr(&kex->my), buffer_len(&kex->my),
server_host_key_blob, sbloblen,
min, nbits, max,
dh->p, dh->g,
dh_client_pub,
dh->pub_key,
shared_secret
);
BN_clear_free(dh_client_pub);
/* save session id := H */
/* XXX hashlen depends on KEX */
if (kex->session_id == NULL) {
kex->session_id_len = 20;
kex->session_id = xmalloc(kex->session_id_len);
memcpy(kex->session_id, hash, kex->session_id_len);
}
/* sign H */
/* XXX hashlen depends on KEX */
PRIVSEP(key_sign(server_host_key, &signature, &slen, hash, 20));
/* destroy_sensitive_data(); */
/* send server hostkey, DH pubkey 'f' and singed H */
debug("SSH2_MSG_KEX_DH_GEX_REPLY sent");
packet_start(SSH2_MSG_KEX_DH_GEX_REPLY);
packet_put_string(server_host_key_blob, sbloblen);
packet_put_bignum2(dh->pub_key); /* f */
packet_put_string(signature, slen);
packet_send();
xfree(signature);
xfree(server_host_key_blob);
/* have keys, free DH */
DH_free(dh);
kex_derive_keys(kex, hash, shared_secret);
BN_clear_free(shared_secret);
kex_finish(kex);
}

8
crypto/openssh/key.c
View file

@ -32,15 +32,13 @@
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
RCSID("$OpenBSD: key.c,v 1.49 2002/09/09 14:54:14 markus Exp $");
RCSID("$OpenBSD: key.c,v 1.51 2003/02/12 09:33:04 markus Exp $");
#include <openssl/evp.h>
#include "xmalloc.h"
#include "key.h"
#include "rsa.h"
#include "ssh-dss.h"
#include "ssh-rsa.h"
#include "uuencode.h"
#include "buffer.h"
#include "bufaux.h"
@ -410,14 +408,14 @@ key_read(Key *ret, char **cpp)
case KEY_DSA:
space = strchr(cp, ' ');
if (space == NULL) {
debug3("key_read: no space");
debug3("key_read: missing whitespace");
return -1;
}
*space = '\0';
type = key_type_from_name(cp);
*space = ' ';
if (type == KEY_UNSPEC) {
debug3("key_read: no key found");
debug3("key_read: missing keytype");
return -1;
}
cp = space+1;

7
crypto/openssh/key.h
View file

@ -1,4 +1,4 @@
/* $OpenBSD: key.h,v 1.19 2002/03/18 17:23:31 markus Exp $ */
/* $OpenBSD: key.h,v 1.20 2003/02/12 09:33:04 markus Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
@ -78,4 +78,9 @@ int key_names_valid2(const char *);
int key_sign(Key *, u_char **, u_int *, u_char *, u_int);
int key_verify(Key *, u_char *, u_int, u_char *, u_int);
int ssh_dss_sign(Key *, u_char **, u_int *, u_char *, u_int);
int ssh_dss_verify(Key *, u_char *, u_int, u_char *, u_int);
int ssh_rsa_sign(Key *, u_char **, u_int *, u_char *, u_int);
int ssh_rsa_verify(Key *, u_char *, u_int, u_char *, u_int);
#endif

10
crypto/openssh/log.c
View file

@ -34,7 +34,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: log.c,v 1.24 2002/07/19 15:43:33 markus Exp $");
RCSID("$OpenBSD: log.c,v 1.25 2003/01/11 18:29:43 markus Exp $");
#include "log.h"
#include "xmalloc.h"
@ -233,6 +233,7 @@ fatal_remove_all_cleanups(void)
next_cu = cu->next;
xfree(cu);
}
fatal_cleanups = NULL;
}
/* Cleanup and exit */
@ -386,11 +387,14 @@ do_log(LogLevel level, const char *fmt, va_list args)
} else {
vsnprintf(msgbuf, sizeof(msgbuf), fmt, args);
}
/* Escape magic chars in output. */
strnvis(fmtbuf, msgbuf, sizeof(fmtbuf), VIS_OCTAL);
if (log_on_stderr) {
fprintf(stderr, "%s\r\n", msgbuf);
fprintf(stderr, "%s\r\n", fmtbuf);
} else {
openlog(argv0 ? argv0 : __progname, LOG_PID, log_facility);
syslog(pri, "%.500s", msgbuf);
syslog(pri, "%.500s", fmtbuf);
closelog();
}
}

67
crypto/openssh/loginrec.c
View file

@ -163,7 +163,7 @@
#include "log.h"
#include "atomicio.h"
RCSID("$Id: loginrec.c,v 1.44 2002/09/26 00:38:49 tim Exp $");
RCSID("$Id: loginrec.c,v 1.47 2003/03/10 00:23:07 djm Exp $");
#ifdef HAVE_UTIL_H
# include <util.h>
@ -609,6 +609,9 @@ void
construct_utmp(struct logininfo *li,
struct utmp *ut)
{
# ifdef HAVE_ADDR_V6_IN_UTMP
struct sockaddr_in6 *sa6;
# endif
memset(ut, '\0', sizeof(*ut));
/* First fill out fields used for both logins and logouts */
@ -661,6 +664,19 @@ construct_utmp(struct logininfo *li,
if (li->hostaddr.sa.sa_family == AF_INET)
ut->ut_addr = li->hostaddr.sa_in.sin_addr.s_addr;
# endif
# ifdef HAVE_ADDR_V6_IN_UTMP
/* this is just a 128-bit IPv6 address */
if (li->hostaddr.sa.sa_family == AF_INET6) {
sa6 = ((struct sockaddr_in6 *)&li->hostaddr.sa);
memcpy(ut->ut_addr_v6, sa6->sin6_addr.s6_addr, 16);
if (IN6_IS_ADDR_V4MAPPED(&sa6->sin6_addr)) {
ut->ut_addr_v6[0] = ut->ut_addr_v6[3];
ut->ut_addr_v6[1] = 0;
ut->ut_addr_v6[2] = 0;
ut->ut_addr_v6[3] = 0;
}
}
# endif
}
#endif /* USE_UTMP || USE_WTMP || USE_LOGIN */
@ -689,6 +705,9 @@ set_utmpx_time(struct logininfo *li, struct utmpx *utx)
void
construct_utmpx(struct logininfo *li, struct utmpx *utx)
{
# ifdef HAVE_ADDR_V6_IN_UTMP
struct sockaddr_in6 *sa6;
# endif
memset(utx, '\0', sizeof(*utx));
# ifdef HAVE_ID_IN_UTMPX
line_abbrevname(utx->ut_id, li->line, sizeof(utx->ut_id));
@ -725,6 +744,19 @@ construct_utmpx(struct logininfo *li, struct utmpx *utx)
if (li->hostaddr.sa.sa_family == AF_INET)
utx->ut_addr = li->hostaddr.sa_in.sin_addr.s_addr;
# endif
# ifdef HAVE_ADDR_V6_IN_UTMP
/* this is just a 128-bit IPv6 address */
if (li->hostaddr.sa.sa_family == AF_INET6) {
sa6 = ((struct sockaddr_in6 *)&li->hostaddr.sa);
memcpy(ut->ut_addr_v6, sa6->sin6_addr.s6_addr, 16);
if (IN6_IS_ADDR_V4MAPPED(&sa6->sin6_addr)) {
ut->ut_addr_v6[0] = ut->ut_addr_v6[3];
ut->ut_addr_v6[1] = 0;
ut->ut_addr_v6[2] = 0;
ut->ut_addr_v6[3] = 0;
}
}
# endif
# ifdef HAVE_SYSLEN_IN_UTMPX
/* ut_syslen is the length of the utx_host string */
utx->ut_syslen = MIN(strlen(li->hostname), sizeof(utx->ut_host));
@ -1313,6 +1345,7 @@ syslogin_perform_login(struct logininfo *li)
}
construct_utmp(li, ut);
login(ut);
free(ut);
return 1;
}
@ -1490,22 +1523,32 @@ int
lastlog_get_entry(struct logininfo *li)
{
struct lastlog last;
int fd;
int fd, ret;
if (!lastlog_openseek(li, &fd, O_RDONLY))
return 0;
if (atomicio(read, fd, &last, sizeof(last)) != sizeof(last)) {
close(fd);
log("lastlog_get_entry: Error reading from %s: %s",
LASTLOG_FILE, strerror(errno));
return 0;
}
return (0);
ret = atomicio(read, fd, &last, sizeof(last));
close(fd);
lastlog_populate_entry(li, &last);
switch (ret) {
case 0:
memset(&last, '\0', sizeof(last));
/* FALLTHRU */
case sizeof(last):
lastlog_populate_entry(li, &last);
return (1);
case -1:
error("%s: Error reading from %s: %s", __func__,
LASTLOG_FILE, strerror(errno));
return (0);
default:
error("%s: Error reading from %s: Expecting %d, got %d",
__func__, LASTLOG_FILE, sizeof(last), ret);
return (0);
}
return 1;
/* NOTREACHED */
return (0);
}
#endif /* USE_LASTLOG */

4
crypto/openssh/misc.c
View file

@ -23,7 +23,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: misc.c,v 1.19 2002/03/04 17:27:39 stevesk Exp $");
RCSID("$OpenBSD: misc.c,v 1.20 2002/12/13 10:03:15 markus Exp $");
#include "misc.h"
#include "log.h"
@ -105,7 +105,7 @@ set_nodelay(int fd)
return;
}
opt = 1;
debug("fd %d setting TCP_NODELAY", fd);
debug2("fd %d setting TCP_NODELAY", fd);
if (setsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &opt, sizeof opt) == -1)
error("setsockopt TCP_NODELAY: %.100s", strerror(errno));
}

42
crypto/openssh/monitor.c
View file

@ -25,7 +25,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: monitor.c,v 1.29 2002/09/26 11:38:43 markus Exp $");
RCSID("$OpenBSD: monitor.c,v 1.36 2003/04/01 10:22:21 markus Exp $");
#include <openssl/dh.h>
@ -634,20 +634,20 @@ mm_answer_bsdauthquery(int socket, Buffer *m)
u_int numprompts;
u_int *echo_on;
char **prompts;
int res;
u_int success;
res = bsdauth_query(authctxt, &name, &infotxt, &numprompts,
&prompts, &echo_on);
success = bsdauth_query(authctxt, &name, &infotxt, &numprompts,
&prompts, &echo_on) < 0 ? 0 : 1;
buffer_clear(m);
buffer_put_int(m, res);
if (res != -1)
buffer_put_int(m, success);
if (success)
buffer_put_cstring(m, prompts[0]);
debug3("%s: sending challenge res: %d", __func__, res);
debug3("%s: sending challenge success: %u", __func__, success);
mm_request_send(socket, MONITOR_ANS_BSDAUTHQUERY, m);
if (res != -1) {
if (success) {
xfree(name);
xfree(infotxt);
xfree(prompts);
@ -691,16 +691,16 @@ mm_answer_skeyquery(int socket, Buffer *m)
{
struct skey skey;
char challenge[1024];
int res;
u_int success;
res = skeychallenge(&skey, authctxt->user, challenge);
success = skeychallenge(&skey, authctxt->user, challenge) < 0 ? 0 : 1;
buffer_clear(m);
buffer_put_int(m, res);
if (res != -1)
buffer_put_int(m, success);
if (success)
buffer_put_cstring(m, challenge);
debug3("%s: sending challenge res: %d", __func__, res);
debug3("%s: sending challenge success: %u", __func__, success);
mm_request_send(socket, MONITOR_ANS_SKEYQUERY, m);
return (0);
@ -806,8 +806,9 @@ mm_answer_keyallowed(int socket, Buffer *m)
fatal("%s: unknown key type %d", __func__, type);
break;
}
key_free(key);
}
if (key != NULL)
key_free(key);
/* clear temporarily storage (used by verify) */
monitor_reset_key_state();
@ -826,6 +827,7 @@ mm_answer_keyallowed(int socket, Buffer *m)
buffer_clear(m);
buffer_put_int(m, allowed);
buffer_put_int(m, forced_command != NULL);
mm_append_debug(m);
@ -1188,6 +1190,7 @@ mm_answer_rsa_keyallowed(int socket, Buffer *m)
}
buffer_clear(m);
buffer_put_int(m, allowed);
buffer_put_int(m, forced_command != NULL);
/* clear temporarily storage (used by generate challenge) */
monitor_reset_key_state();
@ -1202,8 +1205,9 @@ mm_answer_rsa_keyallowed(int socket, Buffer *m)
key_blob = blob;
key_bloblen = blen;
key_blobtype = MM_RSAUSERKEY;
key_free(key);
}
if (key != NULL)
key_free(key);
mm_append_debug(m);
@ -1244,6 +1248,9 @@ mm_answer_rsa_challenge(int socket, Buffer *m)
mm_request_send(socket, MONITOR_ANS_RSACHALLENGE, m);
monitor_permit(mon_dispatch, MONITOR_REQ_RSARESPONSE, 1);
xfree(blob);
key_free(key);
return (0);
}
@ -1274,6 +1281,7 @@ mm_answer_rsa_response(int socket, Buffer *m)
fatal("%s: received bad response to challenge", __func__);
success = auth_rsa_verify_response(key, ssh1_challenge, response);
xfree(blob);
key_free(key);
xfree(response);
@ -1458,6 +1466,8 @@ mm_get_kex(Buffer *m)
(memcmp(kex->session_id, session_id2, session_id2_len) != 0))
fatal("mm_get_get: internal error: bad session id");
kex->we_need = buffer_get_int(m);
kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server;
kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
kex->server = 1;
kex->hostkey_type = buffer_get_int(m);
kex->kex_type = buffer_get_int(m);
@ -1551,7 +1561,7 @@ mm_get_keystate(struct monitor *pmonitor)
void *
mm_zalloc(struct mm_master *mm, u_int ncount, u_int size)
{
size_t len = size * ncount;
size_t len = (size_t) size * ncount;
void *address;
if (len == 0 || ncount > SIZE_T_MAX / size)

32
crypto/openssh/monitor_wrap.c
View file

@ -25,7 +25,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: monitor_wrap.c,v 1.19 2002/09/26 11:38:43 markus Exp $");
RCSID("$OpenBSD: monitor_wrap.c,v 1.24 2003/04/01 10:22:21 markus Exp $");
#include <openssl/bn.h>
#include <openssl/dh.h>
@ -34,6 +34,7 @@ RCSID("$OpenBSD: monitor_wrap.c,v 1.19 2002/09/26 11:38:43 markus Exp $");
#include "dh.h"
#include "kex.h"
#include "auth.h"
#include "auth-options.h"
#include "buffer.h"
#include "bufaux.h"
#include "packet.h"
@ -312,7 +313,7 @@ mm_key_allowed(enum mm_keytype type, char *user, char *host, Key *key)
Buffer m;
u_char *blob;
u_int len;
int allowed = 0;
int allowed = 0, have_forced = 0;
debug3("%s entering", __func__);
@ -334,6 +335,11 @@ mm_key_allowed(enum mm_keytype type, char *user, char *host, Key *key)
allowed = buffer_get_int(&m);
/* fake forced command */
auth_clear_options();
have_forced = buffer_get_int(&m);
forced_command = have_forced ? xstrdup("true") : NULL;
/* Send potential debug messages */
mm_send_debug(&m);
@ -714,7 +720,7 @@ mm_bsdauth_query(void *ctx, char **name, char **infotxt,
u_int *numprompts, char ***prompts, u_int **echo_on)
{
Buffer m;
int res;
u_int success;
char *challenge;
debug3("%s: entering", __func__);
@ -724,8 +730,8 @@ mm_bsdauth_query(void *ctx, char **name, char **infotxt,
mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_BSDAUTHQUERY,
&m);
res = buffer_get_int(&m);
if (res == -1) {
success = buffer_get_int(&m);
if (success == 0) {
debug3("%s: no challenge", __func__);
buffer_free(&m);
return (-1);
@ -771,7 +777,8 @@ mm_skey_query(void *ctx, char **name, char **infotxt,
u_int *numprompts, char ***prompts, u_int **echo_on)
{
Buffer m;
int len, res;
int len;
u_int success;
char *p, *challenge;
debug3("%s: entering", __func__);
@ -781,8 +788,8 @@ mm_skey_query(void *ctx, char **name, char **infotxt,
mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_SKEYQUERY,
&m);
res = buffer_get_int(&m);
if (res == -1) {
success = buffer_get_int(&m);
if (success == 0) {
debug3("%s: no challenge", __func__);
buffer_free(&m);
return (-1);
@ -852,7 +859,7 @@ mm_auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey)
Key *key;
u_char *blob;
u_int blen;
int allowed = 0;
int allowed = 0, have_forced = 0;
debug3("%s entering", __func__);
@ -864,6 +871,11 @@ mm_auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey)
allowed = buffer_get_int(&m);
/* fake forced command */
auth_clear_options();
have_forced = buffer_get_int(&m);
forced_command = have_forced ? xstrdup("true") : NULL;
if (allowed && rkey != NULL) {
blob = buffer_get_string(&m, &blen);
if ((key = key_from_blob(blob, blen)) == NULL)
@ -969,7 +981,7 @@ mm_auth_krb4(Authctxt *authctxt, void *_auth, char **client, void *_reply)
xfree(p);
}
buffer_free(&m);
return (success);
return (success);
}
#endif

2
crypto/openssh/msg.c
View file

@ -22,7 +22,7 @@
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
RCSID("$OpenBSD: msg.c,v 1.4 2002/07/01 16:15:25 deraadt Exp $");
RCSID("$OpenBSD: msg.c,v 1.5 2002/12/19 00:07:02 djm Exp $");
#include "buffer.h"
#include "getput.h"

2
crypto/openssh/msg.h
View file

@ -1,4 +1,4 @@
/* $OpenBSD: msg.h,v 1.1 2002/05/23 19:24:30 markus Exp $ */
/* $OpenBSD: msg.h,v 1.2 2002/12/19 00:07:02 djm Exp $ */
/*
* Copyright (c) 2002 Markus Friedl. All rights reserved.
*

4
crypto/openssh/openbsd-compat/Makefile.in
View file

@ -1,4 +1,4 @@
# $Id: Makefile.in,v 1.23 2002/09/12 00:33:02 djm Exp $
# $Id: Makefile.in,v 1.25 2003/02/24 01:55:56 djm Exp $
sysconfdir=@sysconfdir@
piddir=@piddir@
@ -16,7 +16,7 @@ RANLIB=@RANLIB@
INSTALL=@INSTALL@
LDFLAGS=-L. @LDFLAGS@
OPENBSD=base64.o bindresvport.o daemon.o dirname.o getcwd.o getgrouplist.o getopt.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sigact.o strlcat.o strlcpy.o strmode.o strsep.o
OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o getcwd.o getgrouplist.o getopt.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sigact.o strlcat.o strlcpy.o strmode.o strsep.o vis.o
COMPAT=bsd-arc4random.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-snprintf.o bsd-waitpid.o fake-getaddrinfo.o fake-getnameinfo.o xmmap.o

9
crypto/openssh/openbsd-compat/base64.c
View file

@ -44,7 +44,7 @@
#include "includes.h"
#if !defined(HAVE_B64_NTOP) && !defined(HAVE___B64_NTOP)
#if (!defined(HAVE_B64_NTOP) && !defined(HAVE___B64_NTOP)) || (!defined(HAVE_B64_PTON) && !defined(HAVE___B64_PTON))
#include <sys/types.h>
#include <sys/param.h>
@ -130,6 +130,7 @@ static const char Pad64 = '=';
characters followed by one "=" padding character.
*/
#if !defined(HAVE_B64_NTOP) && !defined(HAVE___B64_NTOP)
int
b64_ntop(u_char const *src, size_t srclength, char *target, size_t targsize)
{
@ -190,6 +191,9 @@ b64_ntop(u_char const *src, size_t srclength, char *target, size_t targsize)
target[datalength] = '\0'; /* Returned value doesn't count \0. */
return (datalength);
}
#endif /* !defined(HAVE_B64_NTOP) && !defined(HAVE___B64_NTOP) */
#if !defined(HAVE_B64_PTON) && !defined(HAVE___B64_PTON)
/* skips all whitespace anywhere.
converts characters, four at a time, starting at (or after)
@ -314,4 +318,5 @@ b64_pton(char const *src, u_char *target, size_t targsize)
return (tarindex);
}
#endif /* !defined(HAVE_B64_NTOP) && !defined(HAVE___B64_NTOP) */
#endif /* !defined(HAVE_B64_PTON) && !defined(HAVE___B64_PTON) */
#endif

11
crypto/openssh/openbsd-compat/base64.h
View file

@ -1,4 +1,4 @@
/* $Id: base64.h,v 1.3 2002/02/26 16:59:59 stevesk Exp $ */
/* $Id: base64.h,v 1.4 2003/02/24 04:45:43 djm Exp $ */
#ifndef _BSD_BASE64_H
#define _BSD_BASE64_H
@ -9,10 +9,15 @@
# ifndef HAVE_B64_NTOP
int b64_ntop(u_char const *src, size_t srclength, char *target,
size_t targsize);
int b64_pton(char const *src, u_char *target, size_t targsize);
# endif /* !HAVE_B64_NTOP */
# define __b64_ntop b64_ntop
# define __b64_pton b64_pton
#endif /* HAVE___B64_NTOP */
#ifndef HAVE___B64_PTON
# ifndef HAVE_B64_PTON
int b64_pton(char const *src, u_char *target, size_t targsize);
# endif /* !HAVE_B64_PTON */
# define __b64_pton b64_pton
#endif /* HAVE___B64_PTON */
#endif /* _BSD_BASE64_H */

73
crypto/openssh/openbsd-compat/basename.c Normal file
View file

@ -0,0 +1,73 @@
/* $OpenBSD: basename.c,v 1.8 2002/06/09 05:03:59 deraadt Exp $ */
/*
* Copyright (c) 1997 Todd C. Miller <Todd.Miller@courtesan.com>
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote products
* derived from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
* THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
* OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
#if !defined(HAVE_BASENAME)
#ifndef lint
static char rcsid[] = "$OpenBSD: basename.c,v 1.8 2002/06/09 05:03:59 deraadt Exp $";
#endif /* not lint */
char *
basename(const char *path)
{
static char bname[MAXPATHLEN];
register const char *endp, *startp;
/* Empty or NULL string gets treated as "." */
if (path == NULL || *path == '\0') {
(void)strlcpy(bname, ".", sizeof bname);
return(bname);
}
/* Strip trailing slashes */
endp = path + strlen(path) - 1;
while (endp > path && *endp == '/')
endp--;
/* All slashes become "/" */
if (endp == path && *endp == '/') {
(void)strlcpy(bname, "/", sizeof bname);
return(bname);
}
/* Find the start of the base */
startp = endp;
while (startp > path && *(startp - 1) != '/')
startp--;
if (endp - startp + 2 > sizeof(bname)) {
errno = ENAMETOOLONG;
return(NULL);
}
strlcpy(bname, startp, endp - startp + 2);
return(bname);
}
#endif /* !defined(HAVE_BASENAME) */

12
crypto/openssh/openbsd-compat/basename.h Normal file
View file

@ -0,0 +1,12 @@
/* $Id: basename.h,v 1.3 2003/02/25 03:32:16 djm Exp $ */
#ifndef _BASENAME_H
#define _BASENAME_H
#include "config.h"
#if !defined(HAVE_BASENAME)
char *basename(const char *path);
#endif /* !defined(HAVE_BASENAME) */
#endif /* _BASENAME_H */

4
crypto/openssh/openbsd-compat/bsd-arc4random.c
View file

@ -25,7 +25,7 @@
#include "includes.h"
#include "log.h"
RCSID("$Id: bsd-arc4random.c,v 1.5 2002/05/08 22:57:18 tim Exp $");
RCSID("$Id: bsd-arc4random.c,v 1.6 2003/03/17 05:13:53 djm Exp $");
#ifndef HAVE_ARC4RANDOM
@ -66,7 +66,7 @@ void arc4random_stir(void)
unsigned char rand_buf[SEED_SIZE];
memset(&rc4, 0, sizeof(rc4));
if (!RAND_bytes(rand_buf, sizeof(rand_buf)))
if (RAND_bytes(rand_buf, sizeof(rand_buf)) <= 0)
fatal("Couldn't obtain random bytes (error %ld)",
ERR_get_error());
RC4_set_key(&rc4, sizeof(rand_buf), rand_buf);

6
crypto/openssh/openbsd-compat/bsd-cray.h
View file

@ -1,5 +1,5 @@
/*
* $Id: bsd-cray.h,v 1.5 2002/09/26 00:38:51 tim Exp $
* $Id: bsd-cray.h,v 1.7 2003/03/21 01:05:38 mouring Exp $
*
* bsd-cray.h
*
@ -49,6 +49,10 @@ extern char cray_tmpdir[]; /* cray tmpdir */
#ifndef MAXHOSTNAMELEN
#define MAXHOSTNAMELEN 64
#endif
#ifndef _CRAYT3E
#include <sys/ttold.h>
#define TIOCGPGRP (tIOC|20)
#endif
#endif
#endif /* _BSD_CRAY_H */

72
crypto/openssh/openbsd-compat/bsd-cygwin_util.c
View file

@ -31,7 +31,7 @@
#include "includes.h"
RCSID("$Id: bsd-cygwin_util.c,v 1.8 2002/04/15 22:00:52 stevesk Exp $");
RCSID("$Id: bsd-cygwin_util.c,v 1.9 2002/11/09 15:59:29 mouring Exp $");
#ifdef HAVE_CYGWIN
@ -43,6 +43,7 @@ RCSID("$Id: bsd-cygwin_util.c,v 1.8 2002/04/15 22:00:52 stevesk Exp $");
#define is_winnt (GetVersion() < 0x80000000)
#define ntsec_on(c) ((c) && strstr((c),"ntsec") && !strstr((c),"nontsec"))
#define ntsec_off(c) ((c) && strstr((c),"nontsec"))
#define ntea_on(c) ((c) && strstr((c),"ntea") && !strstr((c),"nontea"))
#if defined(open) && open == binary_open
@ -74,6 +75,56 @@ int binary_pipe(int fd[2])
return ret;
}
#define HAS_CREATE_TOKEN 1
#define HAS_NTSEC_BY_DEFAULT 2
static int has_capability(int what)
{
/* has_capability() basically calls uname() and checks if
specific capabilities of Cygwin can be evaluated from that.
This simplifies the calling functions which only have to ask
for a capability using has_capability() instead of having
to figure that out by themselves. */
static int inited;
static int has_create_token;
static int has_ntsec_by_default;
if (!inited) {
struct utsname uts;
char *c;
if (!uname(&uts)) {
int major_high = 0;
int major_low = 0;
int minor = 0;
int api_major_version = 0;
int api_minor_version = 0;
char *c;
sscanf(uts.release, "%d.%d.%d", &major_high,
&major_low, &minor);
c = strchr(uts.release, '(');
if (c)
sscanf(c + 1, "%d.%d", &api_major_version,
&api_minor_version);
if (major_high > 1 ||
(major_high == 1 && (major_low > 3 ||
(major_low == 3 && minor >= 2))))
has_create_token = 1;
if (api_major_version > 0 || api_minor_version >= 56)
has_ntsec_by_default = 1;
inited = 1;
}
}
switch (what) {
case HAS_CREATE_TOKEN:
return has_create_token;
case HAS_NTSEC_BY_DEFAULT:
return has_ntsec_by_default;
}
return 0;
}
int check_nt_auth(int pwd_authenticated, struct passwd *pw)
{
/*
@ -93,19 +144,14 @@ int check_nt_auth(int pwd_authenticated, struct passwd *pw)
return 0;
if (is_winnt) {
if (has_create_token < 0) {
struct utsname uts;
int major_high = 0, major_low = 0, minor = 0;
char *cygwin = getenv("CYGWIN");
has_create_token = 0;
if (ntsec_on(cygwin) && !uname(&uts)) {
sscanf(uts.release, "%d.%d.%d",
&major_high, &major_low, &minor);
if (major_high > 1 ||
(major_high == 1 && (major_low > 3 ||
(major_low == 3 && minor >= 2))))
has_create_token = 1;
}
if (has_capability(HAS_CREATE_TOKEN) &&
(ntsec_on(cygwin) ||
(has_capability(HAS_NTSEC_BY_DEFAULT) &&
!ntsec_off(cygwin))))
has_create_token = 1;
}
if (has_create_token < 1 &&
!pwd_authenticated && geteuid() != pw->pw_uid)
@ -128,7 +174,9 @@ int check_ntsec(const char *filename)
/* Evaluate current CYGWIN settings. */
cygwin = getenv("CYGWIN");
allow_ntea = ntea_on(cygwin);
allow_ntsec = ntsec_on(cygwin);
allow_ntsec = ntsec_on(cygwin) ||
(has_capability(HAS_NTSEC_BY_DEFAULT) &&
!ntsec_off(cygwin));
/*
* `ntea' is an emulation of POSIX attributes. It doesn't support

4
crypto/openssh/openbsd-compat/bsd-getpeereid.c
View file

@ -24,7 +24,7 @@
#include "includes.h"
RCSID("$Id: bsd-getpeereid.c,v 1.1 2002/09/12 00:33:02 djm Exp $");
RCSID("$Id: bsd-getpeereid.c,v 1.2 2003/03/24 22:07:52 djm Exp $");
#if !defined(HAVE_GETPEEREID)
@ -33,7 +33,7 @@ int
getpeereid(int s, uid_t *euid, gid_t *gid)
{
struct ucred cred;
size_t len = sizeof(cred);
socklen_t len = sizeof(cred);
if (getsockopt(s, SOL_SOCKET, SO_PEERCRED, &cred, &len) < 0)
return (-1);

43
crypto/openssh/openbsd-compat/bsd-misc.c
View file

@ -23,15 +23,20 @@
*/
#include "includes.h"
#include "xmalloc.h"
RCSID("$Id: bsd-misc.c,v 1.10 2002/07/08 21:09:41 mouring Exp $");
RCSID("$Id: bsd-misc.c,v 1.12 2003/03/18 18:21:41 tim Exp $");
/*
* NB. duplicate __progname in case it is an alias for argv[0]
* Otherwise it may get clobbered by setproctitle()
*/
char *get_progname(char *argv0)
{
#ifdef HAVE___PROGNAME
extern char *__progname;
return __progname;
return xstrdup(__progname);
#else
char *p;
@ -42,7 +47,8 @@ char *get_progname(char *argv0)
p = argv0;
else
p++;
return p;
return xstrdup(p);
#endif
}
@ -129,3 +135,34 @@ setgroups(size_t size, const gid_t *list)
}
#endif
#if !defined(HAVE_NANOSLEEP) && !defined(HAVE_NSLEEP)
int nanosleep(const struct timespec *req, struct timespec *rem)
{
int rc, saverrno;
extern int errno;
struct timeval tstart, tstop, tremain, time2wait;
TIMESPEC_TO_TIMEVAL(&time2wait, req)
(void) gettimeofday(&tstart, NULL);
rc = select(0, NULL, NULL, NULL, &time2wait);
if (rc == -1) {
saverrno = errno;
(void) gettimeofday (&tstop, NULL);
errno = saverrno;
tremain.tv_sec = time2wait.tv_sec -
(tstop.tv_sec - tstart.tv_sec);
tremain.tv_usec = time2wait.tv_usec -
(tstop.tv_usec - tstart.tv_usec);
tremain.tv_sec += tremain.tv_usec / 1000000L;
tremain.tv_usec %= 1000000L;
} else {
tremain.tv_sec = 0;
tremain.tv_usec = 0;
}
TIMEVAL_TO_TIMESPEC(&tremain, rem)
return(rc);
}
#endif

11
crypto/openssh/openbsd-compat/bsd-misc.h
View file

@ -22,7 +22,7 @@
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/* $Id: bsd-misc.h,v 1.6 2002/06/13 21:34:58 mouring Exp $ */
/* $Id: bsd-misc.h,v 1.7 2003/03/18 18:21:41 tim Exp $ */
#ifndef _BSD_MISC_H
#define _BSD_MISC_H
@ -80,5 +80,14 @@ int truncate (const char *path, off_t length);
int setgroups(size_t size, const gid_t *list);
#endif
#if !defined(HAVE_NANOSLEEP) && !defined(HAVE_NSLEEP)
#ifndef HAVE_STRUCT_TIMESPEC
struct timespec {
time_t tv_sec;
long tv_nsec;
};
#endif
int nanosleep(const struct timespec *req, struct timespec *rem);
#endif
#endif /* _BSD_MISC_H */

9
crypto/openssh/openbsd-compat/bsd-snprintf.c
View file

@ -1,3 +1,10 @@
/*
* Copyright Patrick Powell 1995
* This code is based on code written by Patrick Powell (papowell@astart.com)
* It may be used for any purpose as long as this notice remains intact
* on all source code distributions
*/
/**************************************************************
* Original:
* Patrick Powell Tue Apr 11 09:48:21 PDT 1995
@ -51,7 +58,7 @@
#include "includes.h"
RCSID("$Id: bsd-snprintf.c,v 1.5 2001/02/25 23:20:41 mouring Exp $");
RCSID("$Id: bsd-snprintf.c,v 1.6 2003/04/01 11:31:56 djm Exp $");
#if defined(BROKEN_SNPRINTF) /* For those with broken snprintf() */
# undef HAVE_SNPRINTF

28
crypto/openssh/openbsd-compat/fake-getaddrinfo.c
View file

@ -12,7 +12,7 @@
#include "includes.h"
#include "ssh.h"
RCSID("$Id: fake-getaddrinfo.c,v 1.2 2001/02/09 01:55:36 djm Exp $");
RCSID("$Id: fake-getaddrinfo.c,v 1.5 2003/03/24 02:35:59 djm Exp $");
#ifndef HAVE_GAI_STRERROR
char *gai_strerror(int ecode)
@ -67,16 +67,30 @@ int getaddrinfo(const char *hostname, const char *servname,
{
struct addrinfo *cur, *prev = NULL;
struct hostent *hp;
struct servent *sp;
struct in_addr in;
int i, port;
int i;
long int port;
u_long addr;
if (servname)
port = htons(atoi(servname));
else
port = 0;
port = 0;
if (servname != NULL) {
char *cp;
port = strtol(servname, &cp, 10);
if (port > 0 && port <= 65535 && *cp == '\0')
port = htons(port);
else if ((sp = getservbyname(servname, NULL)) != NULL)
port = sp->s_port;
else
port = 0;
}
if (hints && hints->ai_flags & AI_PASSIVE) {
if (NULL != (*res = malloc_ai(port, htonl(0x00000000))))
addr = htonl(0x00000000);
if (hostname && inet_aton(hostname, &in) != 0)
addr = in.s_addr;
if (NULL != (*res = malloc_ai(port, addr)))
return 0;
else
return EAI_MEMORY;

2
crypto/openssh/openbsd-compat/fake-getaddrinfo.h
View file

@ -1,4 +1,4 @@
/* $Id: fake-getaddrinfo.h,v 1.2 2001/02/09 01:55:36 djm Exp $ */
/* $Id: fake-getaddrinfo.h,v 1.4 2003/02/24 01:35:09 djm Exp $ */
#ifndef _FAKE_GETADDRINFO_H
#define _FAKE_GETADDRINFO_H

4
crypto/openssh/openbsd-compat/getcwd.c
View file

@ -29,7 +29,7 @@
#if !defined(HAVE_GETCWD)
#if defined(LIBC_SCCS) && !defined(lint)
static char rcsid[] = "$OpenBSD: getcwd.c,v 1.6 2000/07/19 15:25:13 deraadt Exp $";
static char rcsid[] = "$OpenBSD: getcwd.c,v 1.7 2002/11/24 01:52:27 cloder Exp $";
#endif /* LIBC_SCCS and not lint */
#include <sys/param.h>
@ -127,7 +127,7 @@ getcwd(char *pt,size_t size)
/*
* Build pointer to the parent directory, allocating memory
* as necessary. Max length is 3 for "../", the largest
* possible component name, plus a trailing NULL.
* possible component name, plus a trailing NUL.
*/
if (bup + 3 + MAXNAMLEN + 1 >= eup) {
char *nup;

5
crypto/openssh/openbsd-compat/getopt.c
View file

@ -35,7 +35,7 @@
#if !defined(HAVE_GETOPT) || !defined(HAVE_GETOPT_OPTRESET)
#if defined(LIBC_SCCS) && !defined(lint)
static char *rcsid = "$OpenBSD: getopt.c,v 1.2 1996/08/19 08:33:32 tholo Exp $";
static char *rcsid = "$OpenBSD: getopt.c,v 1.4 2002/12/08 22:57:14 millert Exp $";
#endif /* LIBC_SCCS and not lint */
#include <stdio.h>
@ -66,6 +66,9 @@ BSDgetopt(nargc, nargv, ostr)
static char *place = EMSG; /* option letter processing */
char *oli; /* option letter list index */
if (ostr == NULL)
return (-1);
if (BSDoptreset || !*place) { /* update scanning pointer */
BSDoptreset = 0;
if (BSDoptind >= nargc || *(place = nargv[BSDoptind]) != '-') {

4
crypto/openssh/openbsd-compat/mktemp.c
View file

@ -36,7 +36,7 @@
#include "includes.h"
#ifndef HAVE_MKDTEMP
#if !defined(HAVE_MKDTEMP) || defined(HAVE_STRICT_MKSTEMP)
#if defined(LIBC_SCCS) && !defined(lint)
static char rcsid[] = "$OpenBSD: mktemp.c,v 1.16 2002/05/27 18:20:45 millert Exp $";
@ -181,4 +181,4 @@ _gettemp(path, doopen, domkdir, slen)
/*NOTREACHED*/
}
#endif /* !HAVE_MKDTEMP */
#endif /* !defined(HAVE_MKDTEMP) || defined(HAVE_STRICT_MKSTEMP) */

6
crypto/openssh/openbsd-compat/mktemp.h
View file

@ -1,13 +1,13 @@
/* $Id: mktemp.h,v 1.2 2001/02/09 01:55:36 djm Exp $ */
/* $Id: mktemp.h,v 1.3 2003/01/07 04:18:33 djm Exp $ */
#ifndef _BSD_MKTEMP_H
#define _BSD_MKTEMP_H
#include "config.h"
#ifndef HAVE_MKDTEMP
#if !defined(HAVE_MKDTEMP) || defined(HAVE_STRICT_MKSTEMP)
int mkstemps(char *path, int slen);
int mkstemp(char *path);
char *mkdtemp(char *path);
#endif /* !HAVE_MKDTEMP */
#endif /* !defined(HAVE_MKDTEMP) || defined(HAVE_STRICT_MKSTEMP) */
#endif /* _BSD_MKTEMP_H */

4
crypto/openssh/openbsd-compat/openbsd-compat.h
View file

@ -1,4 +1,4 @@
/* $Id: openbsd-compat.h,v 1.17 2002/09/12 00:33:02 djm Exp $ */
/* $Id: openbsd-compat.h,v 1.19 2003/02/24 01:55:56 djm Exp $ */
#ifndef _OPENBSD_H
#define _OPENBSD_H
@ -6,6 +6,7 @@
#include "config.h"
/* OpenBSD function replacements */
#include "basename.h"
#include "bindresvport.h"
#include "getcwd.h"
#include "realpath.h"
@ -26,6 +27,7 @@
#include "glob.h"
#include "readpassphrase.h"
#include "getopt.h"
#include "vis.h"
/* Home grown routines */
#include "bsd-arc4random.h"

11
crypto/openssh/openbsd-compat/port-aix.h
View file

@ -25,5 +25,16 @@
*/
#ifdef _AIX
/* AIX 4.2.x doesn't have nanosleep but does have nsleep which is equivalent */
#if !defined(HAVE_NANOSLEEP) && defined(HAVE_NSLEEP)
# define nanosleep(a,b) nsleep(a,b)
#endif
/* For struct timespec on AIX 4.2.x */
#ifdef HAVE_SYS_TIMERS_H
# include <sys/timers.h>
#endif
void aix_usrinfo(struct passwd *pw);
#endif /* _AIX */

5
crypto/openssh/openbsd-compat/setenv.c
View file

@ -35,12 +35,14 @@
#ifndef HAVE_SETENV
#if defined(LIBC_SCCS) && !defined(lint)
static char *rcsid = "$OpenBSD: setenv.c,v 1.4 2001/07/09 06:57:45 deraadt Exp $";
static char *rcsid = "$OpenBSD: setenv.c,v 1.5 2002/12/10 22:44:13 mickey Exp $";
#endif /* LIBC_SCCS and not lint */
#include <stdlib.h>
#include <string.h>
char *__findenv(const char *name, int *offset);
/*
* __findenv --
* Returns pointer to value associated with name, if any, else NULL.
@ -92,7 +94,6 @@ setenv(name, value, rewrite)
static int alloced; /* if allocated space before */
register char *C;
int l_value, offset;
char *__findenv();
if (*value == '=') /* no `=' in value */
++value;

285
crypto/openssh/openbsd-compat/setproctitle.c
View file

@ -1,102 +1,243 @@
/*
* Modified for OpenSSH by Kevin Steves
* October 2000
* Based on src/backend/utils/misc/pg_status.c from
* PostgreSQL Database Management System
*
* Portions Copyright (c) 1996-2001, The PostgreSQL Global Development Group
*
* Portions Copyright (c) 1994, The Regents of the University of California
*
* Permission to use, copy, modify, and distribute this software and its
* documentation for any purpose, without fee, and without a written agreement
* is hereby granted, provided that the above copyright notice and this
* paragraph and the following two paragraphs appear in all copies.
*
* IN NO EVENT SHALL THE UNIVERSITY OF CALIFORNIA BE LIABLE TO ANY PARTY FOR
* DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES, INCLUDING
* LOST PROFITS, ARISING OUT OF THE USE OF THIS SOFTWARE AND ITS
* DOCUMENTATION, EVEN IF THE UNIVERSITY OF CALIFORNIA HAS BEEN ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
* THE UNIVERSITY OF CALIFORNIA SPECIFICALLY DISCLAIMS ANY WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS FOR A PARTICULAR PURPOSE. THE SOFTWARE PROVIDED HEREUNDER IS
* ON AN "AS IS" BASIS, AND THE UNIVERSITY OF CALIFORNIA HAS NO OBLIGATIONS TO
* PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS.
*/
/*
* Copyright (c) 1994, 1995 Christopher G. Demetriou
* All rights reserved.
/*--------------------------------------------------------------------
* ps_status.c
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by Christopher G. Demetriou
* for the NetBSD Project.
* 4. The name of the author may not be used to endorse or promote products
* derived from this software without specific prior written permission
* Routines to support changing the ps display of PostgreSQL backends
* to contain some useful information. Mechanism differs wildly across
* platforms.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
* $Header: /var/cvs/openssh/openbsd-compat/setproctitle.c,v 1.5 2003/01/20 02:15:11 djm Exp $
*
* Copyright 2000 by PostgreSQL Global Development Group
* various details abducted from various places
*--------------------------------------------------------------------
*/
#if defined(LIBC_SCCS) && !defined(lint)
static char rcsid[] = "$OpenBSD: setproctitle.c,v 1.8 2001/11/06 19:21:40 art Exp $";
#endif /* LIBC_SCCS and not lint */
#include "includes.h"
#ifndef HAVE_SETPROCTITLE
#define SPT_NONE 0
#define SPT_PSTAT 1
#ifndef SPT_TYPE
#define SPT_TYPE SPT_NONE
#include <unistd.h>
#ifdef HAVE_SYS_PSTAT_H
#include <sys/pstat.h> /* for HP-UX */
#endif
#ifdef HAVE_PS_STRINGS
#include <machine/vmparam.h> /* for old BSD */
#include <sys/exec.h>
#endif
#if SPT_TYPE == SPT_PSTAT
#include <sys/param.h>
#include <sys/pstat.h>
#endif /* SPT_TYPE == SPT_PSTAT */
/*------
* Alternative ways of updating ps display:
*
* SETPROCTITLE_STRATEGY == PS_USE_PSTAT
* use the pstat(PSTAT_SETCMD, )
* (HPUX)
* SETPROCTITLE_STRATEGY == PS_USE_PS_STRINGS
* assign PS_STRINGS->ps_argvstr = "string"
* (some BSD systems)
* SETPROCTITLE_STRATEGY == PS_USE_CHANGE_ARGV
* assign argv[0] = "string"
* (some other BSD systems)
* SETPROCTITLE_STRATEGY == PS_USE_CLOBBER_ARGV
* write over the argv and environment area
* (most SysV-like systems)
* SETPROCTITLE_STRATEGY == PS_USE_NONE
* don't update ps display
* (This is the default, as it is safest.)
*/
#define MAX_PROCTITLE 2048
#define PS_USE_NONE 0
#define PS_USE_PSTAT 1
#define PS_USE_PS_STRINGS 2
#define PS_USE_CHANGE_ARGV 3
#define PS_USE_CLOBBER_ARGV 4
#ifndef SETPROCTITLE_STRATEGY
# define SETPROCTITLE_STRATEGY PS_USE_NONE
#endif
#ifndef SETPROCTITLE_PS_PADDING
# define SETPROCTITLE_PS_PADDING ' '
#endif
#endif /* HAVE_SETPROCTITLE */
extern char **environ;
/*
* argv clobbering uses existing argv space, all other methods need a buffer
*/
#if SETPROCTITLE_STRATEGY != PS_USE_CLOBBER_ARGV
static char ps_buffer[256];
static const size_t ps_buffer_size = sizeof(ps_buffer);
#else
static char *ps_buffer; /* will point to argv area */
static size_t ps_buffer_size; /* space determined at run time */
#endif
/* save the original argv[] location here */
static int save_argc;
static char **save_argv;
extern char *__progname;
#ifndef HAVE_SETPROCTITLE
/*
* Set Process Title (SPT) defines. Modeled after sendmail's
* SPT type definition strategy.
*
* SPT_TYPE:
*
* SPT_NONE: Don't set the process title. Default.
* SPT_PSTAT: Use pstat(PSTAT_SETCMD). HP-UX specific.
* Call this to update the ps status display to a fixed prefix plus an
* indication of what you're currently doing passed in the argument.
*/
void
setproctitle(const char *fmt, ...)
{
#if SPT_TYPE != SPT_NONE
va_list ap;
char buf[MAX_PROCTITLE];
size_t used;
#if SPT_TYPE == SPT_PSTAT
#if SETPROCTITLE_STRATEGY == PS_USE_PSTAT
union pstun pst;
#endif /* SPT_TYPE == SPT_PSTAT */
#endif
#if SETPROCTITLE_STRATEGY != PS_USE_NONE
ssize_t used;
va_list ap;
/* no ps display if you didn't call save_ps_display_args() */
if (save_argv == NULL)
return;
#if SETPROCTITLE_STRATEGY == PS_USE_CLOBBER_ARGV
/* If ps_buffer is a pointer, it might still be null */
if (ps_buffer == NULL)
return;
#endif /* PS_USE_CLOBBER_ARGV */
/*
* Overwrite argv[] to point at appropriate space, if needed
*/
#if SETPROCTITLE_STRATEGY == PS_USE_CHANGE_ARGV
save_argv[0] = ps_buffer;
save_argv[1] = NULL;
#endif /* PS_USE_CHANGE_ARGV */
#if SETPROCTITLE_STRATEGY == PS_USE_CLOBBER_ARGV
save_argv[1] = NULL;
#endif /* PS_USE_CLOBBER_ARGV */
/*
* Make fixed prefix of ps display.
*/
va_start(ap, fmt);
if (fmt != NULL) {
used = snprintf(buf, MAX_PROCTITLE, "%s: ", __progname);
if (used >= MAX_PROCTITLE)
used = MAX_PROCTITLE - 1;
(void)vsnprintf(buf + used, MAX_PROCTITLE - used, fmt, ap);
} else
(void)snprintf(buf, MAX_PROCTITLE, "%s", __progname);
if (fmt == NULL)
snprintf(ps_buffer, ps_buffer_size, "%s", __progname);
else {
used = snprintf(ps_buffer, ps_buffer_size, "%s: ", __progname);
if (used == -1 || used >= ps_buffer_size)
used = ps_buffer_size;
vsnprintf(ps_buffer + used, ps_buffer_size - used, fmt, ap);
}
va_end(ap);
used = strlen(buf);
#if SPT_TYPE == SPT_PSTAT
pst.pst_command = buf;
pstat(PSTAT_SETCMD, pst, used, 0, 0);
#endif /* SPT_TYPE == SPT_PSTAT */
#if SETPROCTITLE_STRATEGY == PS_USE_PSTAT
pst.pst_command = ps_buffer;
pstat(PSTAT_SETCMD, pst, strlen(ps_buffer), 0, 0);
#endif /* PS_USE_PSTAT */
#endif /* SPT_TYPE != SPT_NONE */
#if SETPROCTITLE_STRATEGY == PS_USE_PS_STRINGS
PS_STRINGS->ps_nargvstr = 1;
PS_STRINGS->ps_argvstr = ps_buffer;
#endif /* PS_USE_PS_STRINGS */
#if SETPROCTITLE_STRATEGY == PS_USE_CLOBBER_ARGV
/* pad unused memory */
used = strlen(ps_buffer);
memset(ps_buffer + used, SETPROCTITLE_PS_PADDING,
ps_buffer_size - used);
#endif /* PS_USE_CLOBBER_ARGV */
#endif /* PS_USE_NONE */
}
#endif /* HAVE_SETPROCTITLE */
/*
* Call this early in startup to save the original argc/argv values.
*
* argv[] will not be overwritten by this routine, but may be overwritten
* during setproctitle. Also, the physical location of the environment
* strings may be moved, so this should be called before any code that
* might try to hang onto a getenv() result.
*/
void
compat_init_setproctitle(int argc, char *argv[])
{
#if SETPROCTITLE_STRATEGY == PS_USE_CLOBBER_ARGV
char *end_of_area = NULL;
char **new_environ;
int i;
#endif
save_argc = argc;
save_argv = argv;
#if SETPROCTITLE_STRATEGY == PS_USE_CLOBBER_ARGV
/*
* If we're going to overwrite the argv area, count the available
* space. Also move the environment to make additional room.
*/
/*
* check for contiguous argv strings
*/
for (i = 0; i < argc; i++) {
if (i == 0 || end_of_area + 1 == argv[i])
end_of_area = argv[i] + strlen(argv[i]);
}
/* probably can't happen? */
if (end_of_area == NULL) {
ps_buffer = NULL;
ps_buffer_size = 0;
return;
}
/*
* check for contiguous environ strings following argv
*/
for (i = 0; environ[i] != NULL; i++) {
if (end_of_area + 1 == environ[i])
end_of_area = environ[i] + strlen(environ[i]);
}
ps_buffer = argv[0];
ps_buffer_size = end_of_area - argv[0] - 1;
/*
* Duplicate and move the environment out of the way
*/
new_environ = malloc(sizeof(char *) * (i + 1));
for (i = 0; environ[i] != NULL; i++)
new_environ[i] = strdup(environ[i]);
new_environ[i] = NULL;
environ = new_environ;
#endif /* PS_USE_CLOBBER_ARGV */
}

3
crypto/openssh/openbsd-compat/setproctitle.h
View file

@ -1,4 +1,4 @@
/* $Id: setproctitle.h,v 1.2 2001/02/09 01:55:36 djm Exp $ */
/* $Id: setproctitle.h,v 1.3 2003/01/09 22:53:13 djm Exp $ */
#ifndef _BSD_SETPROCTITLE_H
#define _BSD_SETPROCTITLE_H
@ -7,6 +7,7 @@
#ifndef HAVE_SETPROCTITLE
void setproctitle(const char *fmt, ...);
void compat_init_setproctitle(int argc, char *argv[]);
#endif
#endif /* _BSD_SETPROCTITLE_H */

8
crypto/openssh/openbsd-compat/sys-tree.h
View file

@ -1,4 +1,4 @@
/* $OpenBSD: tree.h,v 1.6 2002/06/11 22:09:52 provos Exp $ */
/* $OpenBSD: tree.h,v 1.7 2002/10/17 21:51:54 art Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
* All rights reserved.
@ -343,12 +343,13 @@ struct { \
RB_LEFT(RB_PARENT(elm, field), field) = (tmp); \
else \
RB_RIGHT(RB_PARENT(elm, field), field) = (tmp); \
RB_AUGMENT(RB_PARENT(elm, field)); \
} else \
(head)->rbh_root = (tmp); \
RB_LEFT(tmp, field) = (elm); \
RB_PARENT(elm, field) = (tmp); \
RB_AUGMENT(tmp); \
if ((RB_PARENT(tmp, field))) \
RB_AUGMENT(RB_PARENT(tmp, field)); \
} while (0)
#define RB_ROTATE_RIGHT(head, elm, tmp, field) do { \
@ -362,12 +363,13 @@ struct { \
RB_LEFT(RB_PARENT(elm, field), field) = (tmp); \
else \
RB_RIGHT(RB_PARENT(elm, field), field) = (tmp); \
RB_AUGMENT(RB_PARENT(elm, field)); \
} else \
(head)->rbh_root = (tmp); \
RB_RIGHT(tmp, field) = (elm); \
RB_PARENT(elm, field) = (tmp); \
RB_AUGMENT(tmp); \
if ((RB_PARENT(tmp, field))) \
RB_AUGMENT(RB_PARENT(tmp, field)); \
} while (0)
/* Generates prototypes and inline functions */

232
crypto/openssh/openbsd-compat/vis.c Normal file
View file

@ -0,0 +1,232 @@
/*-
* Copyright (c) 1989, 1993
* The Regents of the University of California. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the University of
* California, Berkeley and its contributors.
* 4. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "config.h"
#if !defined(HAVE_STRNVIS)
#if defined(LIBC_SCCS) && !defined(lint)
static char rcsid[] = "$OpenBSD: vis.c,v 1.8 2002/02/19 19:39:36 millert Exp $";
#endif /* LIBC_SCCS and not lint */
#include <ctype.h>
#include "vis.h"
#define isoctal(c) (((u_char)(c)) >= '0' && ((u_char)(c)) <= '7')
#define isvisible(c) (((u_int)(c) <= UCHAR_MAX && isascii((u_char)(c)) && \
isgraph((u_char)(c))) || \
((flag & VIS_SP) == 0 && (c) == ' ') || \
((flag & VIS_TAB) == 0 && (c) == '\t') || \
((flag & VIS_NL) == 0 && (c) == '\n') || \
((flag & VIS_SAFE) && \
((c) == '\b' || (c) == '\007' || (c) == '\r')))
/*
* vis - visually encode characters
*/
char *
vis(dst, c, flag, nextc)
register char *dst;
int c, nextc;
register int flag;
{
if (isvisible(c)) {
*dst++ = c;
if (c == '\\' && (flag & VIS_NOSLASH) == 0)
*dst++ = '\\';
*dst = '\0';
return (dst);
}
if (flag & VIS_CSTYLE) {
switch(c) {
case '\n':
*dst++ = '\\';
*dst++ = 'n';
goto done;
case '\r':
*dst++ = '\\';
*dst++ = 'r';
goto done;
case '\b':
*dst++ = '\\';
*dst++ = 'b';
goto done;
case '\a':
*dst++ = '\\';
*dst++ = 'a';
goto done;
case '\v':
*dst++ = '\\';
*dst++ = 'v';
goto done;
case '\t':
*dst++ = '\\';
*dst++ = 't';
goto done;
case '\f':
*dst++ = '\\';
*dst++ = 'f';
goto done;
case ' ':
*dst++ = '\\';
*dst++ = 's';
goto done;
case '\0':
*dst++ = '\\';
*dst++ = '0';
if (isoctal(nextc)) {
*dst++ = '0';
*dst++ = '0';
}
goto done;
}
}
if (((c & 0177) == ' ') || (flag & VIS_OCTAL)) {
*dst++ = '\\';
*dst++ = ((u_char)c >> 6 & 07) + '0';
*dst++ = ((u_char)c >> 3 & 07) + '0';
*dst++ = ((u_char)c & 07) + '0';
goto done;
}
if ((flag & VIS_NOSLASH) == 0)
*dst++ = '\\';
if (c & 0200) {
c &= 0177;
*dst++ = 'M';
}
if (iscntrl(c)) {
*dst++ = '^';
if (c == 0177)
*dst++ = '?';
else
*dst++ = c + '@';
} else {
*dst++ = '-';
*dst++ = c;
}
done:
*dst = '\0';
return (dst);
}
/*
* strvis, strnvis, strvisx - visually encode characters from src into dst
*
* Dst must be 4 times the size of src to account for possible
* expansion. The length of dst, not including the trailing NULL,
* is returned.
*
* Strnvis will write no more than siz-1 bytes (and will NULL terminate).
* The number of bytes needed to fully encode the string is returned.
*
* Strvisx encodes exactly len bytes from src into dst.
* This is useful for encoding a block of data.
*/
int
strvis(dst, src, flag)
register char *dst;
register const char *src;
int flag;
{
register char c;
char *start;
for (start = dst; (c = *src);)
dst = vis(dst, c, flag, *++src);
*dst = '\0';
return (dst - start);
}
int
strnvis(dst, src, siz, flag)
register char *dst;
register const char *src;
size_t siz;
int flag;
{
register char c;
char *start, *end;
for (start = dst, end = start + siz - 1; (c = *src) && dst < end; ) {
if (isvisible(c)) {
*dst++ = c;
if (c == '\\' && (flag & VIS_NOSLASH) == 0) {
/* need space for the extra '\\' */
if (dst < end)
*dst++ = '\\';
else {
dst--;
break;
}
}
src++;
} else {
/* vis(3) requires up to 4 chars */
if (dst + 3 < end)
dst = vis(dst, c, flag, *++src);
else
break;
}
}
*dst = '\0';
if (dst >= end) {
char tbuf[5];
/* adjust return value for truncation */
while ((c = *src))
dst += vis(tbuf, c, flag, *++src) - tbuf;
}
return (dst - start);
}
int
strvisx(dst, src, len, flag)
register char *dst;
register const char *src;
register size_t len;
int flag;
{
register char c;
char *start;
for (start = dst; len > 1; len--) {
c = *src;
dst = vis(dst, c, flag, *++src);
}
if (len)
dst = vis(dst, *src, flag, '\0');
*dst = '\0';
return (dst - start);
}
#endif

91
crypto/openssh/openbsd-compat/vis.h Normal file
View file

@ -0,0 +1,91 @@
/* $OpenBSD: vis.h,v 1.5 2002/02/16 21:27:17 millert Exp $ */
/* $NetBSD: vis.h,v 1.4 1994/10/26 00:56:41 cgd Exp $ */
/*-
* Copyright (c) 1990 The Regents of the University of California.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the University of
* California, Berkeley and its contributors.
* 4. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* @(#)vis.h 5.9 (Berkeley) 4/3/91
*/
#include "config.h"
#if !defined(HAVE_STRNVIS)
#ifndef _VIS_H_
#define _VIS_H_
#include <sys/types.h>
#include <limits.h>
/*
* to select alternate encoding format
*/
#define VIS_OCTAL 0x01 /* use octal \ddd format */
#define VIS_CSTYLE 0x02 /* use \[nrft0..] where appropriate */
/*
* to alter set of characters encoded (default is to encode all
* non-graphic except space, tab, and newline).
*/
#define VIS_SP 0x04 /* also encode space */
#define VIS_TAB 0x08 /* also encode tab */
#define VIS_NL 0x10 /* also encode newline */
#define VIS_WHITE (VIS_SP | VIS_TAB | VIS_NL)
#define VIS_SAFE 0x20 /* only encode "unsafe" characters */
/*
* other
*/
#define VIS_NOSLASH 0x40 /* inhibit printing '\' */
/*
* unvis return codes
*/
#define UNVIS_VALID 1 /* character valid */
#define UNVIS_VALIDPUSH 2 /* character valid, push back passed char */
#define UNVIS_NOCHAR 3 /* valid sequence, no character produced */
#define UNVIS_SYNBAD -1 /* unrecognized escape sequence */
#define UNVIS_ERROR -2 /* decoder in unknown state (unrecoverable) */
/*
* unvis flags
*/
#define UNVIS_END 1 /* no more characters */
char *vis(char *, int, int, int);
int strvis(char *, const char *, int);
int strnvis(char *, const char *, size_t, int);
int strvisx(char *, const char *, size_t, int);
int strunvis(char *, const char *);
int unvis(char *, char, int *, int);
#endif /* !_VIS_H_ */
#endif /* !HAVE_STRNVIS */

64
crypto/openssh/packet.c
View file

@ -37,7 +37,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: packet.c,v 1.97 2002/07/04 08:12:15 deraadt Exp $");
RCSID("$OpenBSD: packet.c,v 1.104 2003/04/01 10:22:21 markus Exp $");
#include "xmalloc.h"
#include "buffer.h"
@ -564,7 +564,7 @@ set_newkeys(int mode)
CipherContext *cc;
int encrypt;
debug("newkeys: mode %d", mode);
debug2("set_newkeys: mode %d", mode);
if (mode == MODE_OUT) {
cc = &send_context;
@ -574,7 +574,7 @@ set_newkeys(int mode)
encrypt = CIPHER_DECRYPT;
}
if (newkeys[mode] != NULL) {
debug("newkeys: rekeying");
debug("set_newkeys: rekeying");
cipher_cleanup(cc);
enc = &newkeys[mode]->enc;
mac = &newkeys[mode]->mac;
@ -840,7 +840,7 @@ packet_read_poll1(void)
cp = buffer_ptr(&input);
len = GET_32BIT(cp);
if (len < 1 + 2 + 2 || len > 256 * 1024)
packet_disconnect("Bad packet length %d.", len);
packet_disconnect("Bad packet length %u.", len);
padded_len = (len + 8) & ~7;
/* Check if the packet has been entirely received. */
@ -936,9 +936,9 @@ packet_read_poll2(u_int32_t *seqnr_p)
packet_length = GET_32BIT(cp);
if (packet_length < 1 + 4 || packet_length > 256 * 1024) {
buffer_dump(&incoming_packet);
packet_disconnect("Bad packet length %d.", packet_length);
packet_disconnect("Bad packet length %u.", packet_length);
}
DBG(debug("input: packet len %d", packet_length+4));
DBG(debug("input: packet len %u", packet_length+4));
buffer_consume(&input, block_size);
}
/* we have a partial packet of block_size bytes */
@ -1226,6 +1226,9 @@ packet_disconnect(const char *fmt,...)
vsnprintf(buf, sizeof(buf), fmt, args);
va_end(args);
/* Display the error locally */
log("Disconnecting: %.100s", buf);
/* Send the disconnect message to the other side, and wait for it to get sent. */
if (compat20) {
packet_start(SSH2_MSG_DISCONNECT);
@ -1245,8 +1248,6 @@ packet_disconnect(const char *fmt,...)
/* Close the connection. */
packet_close();
/* Display the error locally and exit. */
log("Disconnecting: %.100s", buf);
fatal_cleanup();
}
@ -1313,16 +1314,26 @@ packet_not_very_much_data_to_write(void)
return buffer_len(&output) < 128 * 1024;
}
static void
packet_set_tos(int interactive)
{
int tos = interactive ? IPTOS_LOWDELAY : IPTOS_THROUGHPUT;
if (!packet_connection_is_on_socket() ||
!packet_connection_is_ipv4())
return;
if (setsockopt(connection_in, IPPROTO_IP, IP_TOS, &tos,
sizeof(tos)) < 0)
error("setsockopt IP_TOS %d: %.100s:",
tos, strerror(errno));
}
/* Informs that the current session is interactive. Sets IP flags for that. */
void
packet_set_interactive(int interactive)
{
static int called = 0;
#if defined(IP_TOS) && !defined(IP_TOS_IS_BROKEN)
int lowdelay = IPTOS_LOWDELAY;
int throughput = IPTOS_THROUGHPUT;
#endif
if (called)
return;
@ -1333,35 +1344,12 @@ packet_set_interactive(int interactive)
/* Only set socket options if using a socket. */
if (!packet_connection_is_on_socket())
return;
/*
* IPTOS_LOWDELAY and IPTOS_THROUGHPUT are IPv4 only
*/
if (interactive) {
/*
* Set IP options for an interactive connection. Use
* IPTOS_LOWDELAY and TCP_NODELAY.
*/
#if defined(IP_TOS) && !defined(IP_TOS_IS_BROKEN)
if (packet_connection_is_ipv4()) {
if (setsockopt(connection_in, IPPROTO_IP, IP_TOS,
&lowdelay, sizeof(lowdelay)) < 0)
error("setsockopt IPTOS_LOWDELAY: %.100s",
strerror(errno));
}
#endif
if (interactive)
set_nodelay(connection_in);
} else if (packet_connection_is_ipv4()) {
/*
* Set IP options for a non-interactive connection. Use
* IPTOS_THROUGHPUT.
*/
#if defined(IP_TOS) && !defined(IP_TOS_IS_BROKEN)
if (setsockopt(connection_in, IPPROTO_IP, IP_TOS, &throughput,
sizeof(throughput)) < 0)
error("setsockopt IPTOS_THROUGHPUT: %.100s", strerror(errno));
packet_set_tos(interactive);
#endif
}
}
/* Returns true if the current connection is interactive. */

2
crypto/openssh/packet.h
View file

@ -1,4 +1,4 @@
/* $OpenBSD: packet.h,v 1.35 2002/06/19 18:01:00 markus Exp $ */
/* $OpenBSD: packet.h,v 1.37 2003/04/01 10:22:21 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>

282
crypto/openssh/progressmeter.c Normal file
View file

@ -0,0 +1,282 @@
/*
* Copyright (c) 1999 Theo de Raadt. All rights reserved.
* Copyright (c) 1999 Aaron Campbell. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/*
* Parts from:
*
* Copyright (c) 1983, 1990, 1992, 1993, 1995
* The Regents of the University of California. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the University of
* California, Berkeley and its contributors.
* 4. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
*/
#include "includes.h"
RCSID("$OpenBSD: progressmeter.c,v 1.3 2003/03/17 10:38:38 markus Exp $");
#ifdef HAVE_LIBGEN_H
#include <libgen.h>
#endif
#include "atomicio.h"
#include "progressmeter.h"
/* Number of seconds before xfer considered "stalled". */
#define STALLTIME 5
/* alarm() interval for updating progress meter. */
#define PROGRESSTIME 1
/* Signal handler used for updating the progress meter. */
static void update_progress_meter(int);
/* Returns non-zero if we are the foreground process. */
static int foregroundproc(void);
/* Returns width of the terminal (for progress meter calculations). */
static int get_tty_width(void);
/* Visual statistics about files as they are transferred. */
static void draw_progress_meter(void);
/* Time a transfer started. */
static struct timeval start;
/* Number of bytes of current file transferred so far. */
static volatile off_t *statbytes;
/* Total size of current file. */
static off_t totalbytes;
/* Name of current file being transferred. */
static char *curfile;
/* Time of last update. */
static struct timeval lastupdate;
/* Size at the time of the last update. */
static off_t lastsize;
void
start_progress_meter(char *file, off_t filesize, off_t *counter)
{
if ((curfile = basename(file)) == NULL)
curfile = file;
totalbytes = filesize;
statbytes = counter;
(void) gettimeofday(&start, (struct timezone *) 0);
lastupdate = start;
lastsize = 0;
draw_progress_meter();
signal(SIGALRM, update_progress_meter);
alarm(PROGRESSTIME);
}
void
stop_progress_meter()
{
alarm(0);
draw_progress_meter();
if (foregroundproc() != 0)
atomicio(write, fileno(stdout), "\n", 1);
}
static void
update_progress_meter(int ignore)
{
int save_errno = errno;
draw_progress_meter();
signal(SIGALRM, update_progress_meter);
alarm(PROGRESSTIME);
errno = save_errno;
}
static int
foregroundproc(void)
{
static pid_t pgrp = -1;
int ctty_pgrp;
if (pgrp == -1)
pgrp = getpgrp();
#ifdef HAVE_TCGETPGRP
return ((ctty_pgrp = tcgetpgrp(STDOUT_FILENO)) != -1 &&
ctty_pgrp == pgrp);
#else
return ((ioctl(STDOUT_FILENO, TIOCGPGRP, &ctty_pgrp) != -1 &&
ctty_pgrp == pgrp));
#endif
}
static void
draw_progress_meter()
{
static const char spaces[] = " "
" "
" "
" "
" "
" ";
static const char prefixes[] = " KMGTP";
struct timeval now, td, wait;
off_t cursize, abbrevsize, bytespersec;
double elapsed;
int ratio, remaining, i, ai, bi, nspaces;
char buf[512];
if (foregroundproc() == 0)
return;
(void) gettimeofday(&now, (struct timezone *) 0);
cursize = *statbytes;
if (totalbytes != 0) {
ratio = 100.0 * cursize / totalbytes;
ratio = MAX(ratio, 0);
ratio = MIN(ratio, 100);
} else
ratio = 100;
abbrevsize = cursize;
for (ai = 0; abbrevsize >= 10000 && ai < sizeof(prefixes); ai++)
abbrevsize >>= 10;
timersub(&now, &lastupdate, &wait);
if (cursize > lastsize) {
lastupdate = now;
lastsize = cursize;
wait.tv_sec = 0;
}
timersub(&now, &start, &td);
elapsed = td.tv_sec + (td.tv_usec / 1000000.0);
bytespersec = 0;
if (cursize > 0) {
bytespersec = cursize;
if (elapsed > 0.0)
bytespersec /= elapsed;
}
for (bi = 1; bytespersec >= 1024000 && bi < sizeof(prefixes); bi++)
bytespersec >>= 10;
nspaces = MIN(get_tty_width() - 79, sizeof(spaces) - 1);
#ifdef HAVE_LONG_LONG_INT
snprintf(buf, sizeof(buf),
"\r%-45.45s%.*s%3d%% %4lld%c%c %3lld.%01d%cB/s",
curfile,
nspaces,
spaces,
ratio,
(long long)abbrevsize,
prefixes[ai],
ai == 0 ? ' ' : 'B',
(long long)(bytespersec / 1024),
(int)((bytespersec % 1024) * 10 / 1024),
prefixes[bi]
);
#else
/* XXX: Handle integer overflow? */
snprintf(buf, sizeof(buf),
"\r%-45.45s%.*s%3d%% %4lu%c%c %3lu.%01d%cB/s",
curfile,
nspaces,
spaces,
ratio,
(u_long)abbrevsize,
prefixes[ai],
ai == 0 ? ' ' : 'B',
(u_long)(bytespersec / 1024),
(int)((bytespersec % 1024) * 10 / 1024),
prefixes[bi]
);
#endif
if (cursize <= 0 || elapsed <= 0.0 || cursize > totalbytes) {
snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf),
" --:-- ETA");
} else if (wait.tv_sec >= STALLTIME) {
snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf),
" - stalled -");
} else {
if (cursize != totalbytes)
remaining = (int)(totalbytes / (cursize / elapsed) -
elapsed);
else
remaining = elapsed;
i = remaining / 3600;
if (i)
snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf),
"%2d:", i);
else
snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf),
" ");
i = remaining % 3600;
snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf),
"%02d:%02d%s", i / 60, i % 60,
(cursize != totalbytes) ? " ETA" : " ");
}
atomicio(write, fileno(stdout), buf, strlen(buf));
}
static int
get_tty_width(void)
{
struct winsize winsize;
if (ioctl(fileno(stdout), TIOCGWINSZ, &winsize) != -1)
return (winsize.ws_col ? winsize.ws_col : 80);
else
return (80);
}

27
crypto/openssh/progressmeter.h Normal file
View file

@ -0,0 +1,27 @@
/* $OpenBSD: progressmeter.h,v 1.1 2003/01/10 08:19:07 fgsch Exp $ */
/*
* Copyright (c) 2002 Nils Nordman. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
void start_progress_meter(char *, off_t, off_t *);
void stop_progress_meter(void);

26
crypto/openssh/readconf.c
View file

@ -12,7 +12,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: readconf.c,v 1.100 2002/06/19 00:27:55 deraadt Exp $");
RCSID("$OpenBSD: readconf.c,v 1.104 2003/04/01 10:22:21 markus Exp $");
#include "ssh.h"
#include "xmalloc.h"
@ -114,6 +114,7 @@ typedef enum {
oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
oHostKeyAlgorithms, oBindAddress, oSmartcardDevice,
oClearAllForwardings, oNoHostAuthenticationForLocalhost,
oEnableSSHKeysign,
oDeprecated
} OpCodes;
@ -185,6 +186,7 @@ static struct {
{ "bindaddress", oBindAddress },
{ "smartcarddevice", oSmartcardDevice },
{ "clearallforwardings", oClearAllForwardings },
{ "enablesshkeysign", oEnableSSHKeysign },
{ "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost },
{ NULL, oBadOption }
};
@ -266,14 +268,16 @@ parse_token(const char *cp, const char *filename, int linenum)
* Processes a single option line as used in the configuration files. This
* only sets those values that have not already been set.
*/
#define WHITESPACE " \t\r\n"
int
process_config_line(Options *options, const char *host,
char *line, const char *filename, int linenum,
int *activep)
{
char buf[256], *s, *string, **charptr, *endofnumber, *keyword, *arg;
char buf[256], *s, **charptr, *endofnumber, *keyword, *arg;
int opcode, *intptr, value;
size_t len;
u_short fwd_port, fwd_host_port;
char sfwd_host_port[6];
@ -486,16 +490,9 @@ process_config_line(Options *options, const char *host,
case oProxyCommand:
charptr = &options->proxy_command;
string = xstrdup("");
while ((arg = strdelim(&s)) != NULL && *arg != '\0') {
string = xrealloc(string, strlen(string) + strlen(arg) + 2);
strcat(string, " ");
strcat(string, arg);
}
len = strspn(s, WHITESPACE "=");
if (*activep && *charptr == NULL)
*charptr = string;
else
xfree(string);
*charptr = xstrdup(s + len);
return 0;
case oPort:
@ -669,6 +666,10 @@ process_config_line(Options *options, const char *host,
*intptr = value;
break;
case oEnableSSHKeysign:
intptr = &options->enable_ssh_keysign;
goto parse_flag;
case oDeprecated:
debug("%s line %d: Deprecated option \"%s\"",
filename, linenum, keyword);
@ -792,6 +793,7 @@ initialize_options(Options * options)
options->preferred_authentications = NULL;
options->bind_address = NULL;
options->smartcard_device = NULL;
options->enable_ssh_keysign = - 1;
options->no_host_authentication_for_localhost = - 1;
}
@ -907,6 +909,8 @@ fill_default_options(Options * options)
clear_forwardings(options);
if (options->no_host_authentication_for_localhost == - 1)
options->no_host_authentication_for_localhost = 0;
if (options->enable_ssh_keysign == -1)
options->enable_ssh_keysign = 0;
/* options->proxy_command should not be set by default */
/* options->user will be set in the main program if appropriate */
/* options->hostname will be set in the main program if appropriate */

4
crypto/openssh/readconf.h
View file

@ -1,4 +1,4 @@
/* $OpenBSD: readconf.h,v 1.43 2002/06/08 05:17:01 markus Exp $ */
/* $OpenBSD: readconf.h,v 1.46 2003/04/01 10:22:21 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -99,6 +99,8 @@ typedef struct {
int num_remote_forwards;
Forward remote_forwards[SSH_MAX_FORWARDS_PER_DIRECTION];
int clear_forwardings;
int enable_ssh_keysign;
int no_host_authentication_for_localhost;
} Options;

16
crypto/openssh/readpass.c
View file

@ -23,7 +23,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: readpass.c,v 1.27 2002/03/26 15:58:46 markus Exp $");
RCSID("$OpenBSD: readpass.c,v 1.28 2003/01/23 13:50:27 markus Exp $");
#include "xmalloc.h"
#include "readpass.h"
@ -46,11 +46,11 @@ ssh_askpass(char *askpass, const char *msg)
fatal("internal error: askpass undefined");
if (pipe(p) < 0) {
error("ssh_askpass: pipe: %s", strerror(errno));
return xstrdup("");
return NULL;
}
if ((pid = fork()) < 0) {
error("ssh_askpass: fork: %s", strerror(errno));
return xstrdup("");
return NULL;
}
if (pid == 0) {
seteuid(getuid());
@ -79,6 +79,11 @@ ssh_askpass(char *askpass, const char *msg)
if (errno != EINTR)
break;
if (!WIFEXITED(status) || WEXITSTATUS(status) != 0) {
memset(buf, 0, sizeof(buf));
return NULL;
}
buf[strcspn(buf, "\r\n")] = '\0';
pass = xstrdup(buf);
memset(buf, 0, sizeof(buf));
@ -115,7 +120,10 @@ read_passphrase(const char *prompt, int flags)
askpass = getenv(SSH_ASKPASS_ENV);
else
askpass = _PATH_SSH_ASKPASS_DEFAULT;
return ssh_askpass(askpass, prompt);
if ((ret = ssh_askpass(askpass, prompt)) == NULL)
if (!(flags & RP_ALLOW_EOF))
return xstrdup("");
return ret;
}
if (readpassphrase(prompt, buf, sizeof buf, rppflags) == NULL) {

14
crypto/openssh/regress/Makefile
View file

@ -1,8 +1,8 @@
# $OpenBSD: Makefile,v 1.13 2002/04/01 22:15:08 markus Exp $
# $OpenBSD: Makefile,v 1.20 2003/01/08 23:54:22 djm Exp $
REGRESSTARGETS= t1 t2 t3 t4 t5 t6 t7
REGRESS_TARGETS= t1 t2 t3 t4 t5 t6 t7
CLEANFILES+= t2.out t6.out1 t6.out2 t7.out t7.out.pub
CLEANFILES+= t2.out t6.out1 t6.out2 t7.out t7.out.pub copy.1 copy.2
LTESTS= connect \
proxy-connect \
@ -17,8 +17,14 @@ LTESTS= connect \
try-ciphers \
yes-head \
agent \
agent-getpeereid \
agent-timeout \
agent-ptrace \
keyscan \
keygen-change \
sftp \
sftp-cmds \
sftp-batch \
forwarding
USER!= id -un
@ -65,7 +71,7 @@ t7: t7.out
ssh-keygen -Bf t7.out > /dev/null
.for t in ${LTESTS}
REGRESSTARGETS+=t-${t}
REGRESS_TARGETS+=t-${t}
t-${t}:
sh ${.CURDIR}/test-exec.sh ${.OBJDIR} ${.CURDIR}/${t}.sh
.endfor

34
crypto/openssh/regress/agent-getpeereid.sh Normal file
View file

@ -0,0 +1,34 @@
# $OpenBSD: agent-getpeereid.sh,v 1.1 2002/12/09 16:05:02 markus Exp $
# Placed in the Public Domain.
tid="disallow agent attach from other uid"
UNPRIV=nobody
ASOCK=${OBJ}/agent
SSH_AUTH_SOCK=/nonexistant
trace "start agent"
eval `${SSHAGENT} -s -a ${ASOCK}` > /dev/null
r=$?
if [ $r -ne 0 ]; then
fail "could not start ssh-agent: exit code $r"
else
chmod 644 ${SSH_AUTH_SOCK}
ssh-add -l > /dev/null 2>&1
r=$?
if [ $r -ne 1 ]; then
fail "ssh-add failed with $r != 1"
fi
< /dev/null sudo -S -u ${UNPRIV} ssh-add -l > /dev/null 2>&1
r=$?
if [ $r -lt 2 ]; then
fail "ssh-add did not fail for ${UNPRIV}: $r < 2"
fi
trace "kill agent"
${SSHAGENT} -k > /dev/null
fi
rm -f ${OBJ}/agent

28
crypto/openssh/regress/agent-ptrace.sh Normal file
View file

@ -0,0 +1,28 @@
# $OpenBSD: agent-ptrace.sh,v 1.1 2002/12/09 15:38:30 markus Exp $
# Placed in the Public Domain.
tid="disallow agent ptrace attach"
trace "start agent"
eval `${SSHAGENT} -s` > /dev/null
r=$?
if [ $r -ne 0 ]; then
fail "could not start ssh-agent: exit code $r"
else
# ls -l ${SSH_AUTH_SOCK}
gdb ${SSHAGENT} ${SSH_AGENT_PID} > ${OBJ}/gdb.out 2>&1 << EOF
quit
EOF
if [ $? -ne 0 ]; then
fail "gdb failed: exit code $?"
fi
grep -q 'ptrace: Operation not permitted.' ${OBJ}/gdb.out
r=$?
rm -f ${OBJ}/gdb.out
if [ $r -ne 0 ]; then
fail "ptrace succeeded?: exit code $r"
fi
trace "kill agent"
${SSHAGENT} -k > /dev/null
fi

36
crypto/openssh/regress/agent-timeout.sh Normal file
View file

@ -0,0 +1,36 @@
# $OpenBSD: agent-timeout.sh,v 1.1 2002/06/06 00:38:40 markus Exp $
# Placed in the Public Domain.
tid="agent timeout test"
TIMEOUT=5
trace "start agent"
eval `${SSHAGENT} -s` > /dev/null
r=$?
if [ $r -ne 0 ]; then
fail "could not start ssh-agent: exit code $r"
else
trace "add keys with timeout"
for t in rsa rsa1; do
${SSHADD} -t ${TIMEOUT} $OBJ/$t > /dev/null 2>&1
if [ $? -ne 0 ]; then
fail "ssh-add did succeed exit code 0"
fi
done
n=`${SSHADD} -l 2> /dev/null | wc -l`
trace "agent has $n keys"
if [ $n -ne 2 ]; then
fail "ssh-add -l did not return 2 keys: $n"
fi
trace "sleeping 2*${TIMEOUT} seconds"
sleep ${TIMEOUT}
sleep ${TIMEOUT}
${SSHADD} -l 2> /dev/null | grep -q 'The agent has no identities.'
if [ $? -ne 0 ]; then
fail "ssh-add -l still returns keys after timeout"
fi
trace "kill agent"
${SSHAGENT} -k > /dev/null
fi

23
crypto/openssh/regress/keygen-change.sh Normal file
View file

@ -0,0 +1,23 @@
# $OpenBSD: keygen-change.sh,v 1.2 2002/07/16 09:15:55 markus Exp $
# Placed in the Public Domain.
tid="change passphrase for key"
S1="secret1"
S2="2secret"
for t in rsa dsa rsa1; do
# generate user key for agent
trace "generating $t key"
rm -f $OBJ/$t-key
${SSHKEYGEN} -q -N ${S1} -t $t -f $OBJ/$t-key
if [ $? -eq 0 ]; then
${SSHKEYGEN} -p -P ${S1} -N ${S2} -f $OBJ/$t-key > /dev/null
if [ $? -ne 0 ]; then
fail "ssh-keygen -p failed for $t-key"
fi
else
fail "ssh-keygen for $t-key failed"
fi
rm -f $OBJ/$t-key $OBJ/$t-key.pub
done

9
crypto/openssh/regress/proxy-connect.sh
View file

@ -1,4 +1,4 @@
# $OpenBSD: proxy-connect.sh,v 1.4 2002/03/15 13:08:56 markus Exp $
# $OpenBSD: proxy-connect.sh,v 1.5 2002/12/09 15:28:46 markus Exp $
# Placed in the Public Domain.
tid="proxy connect"
@ -8,4 +8,11 @@ for p in 1 2; do
if [ $? -ne 0 ]; then
fail "ssh proxyconnect protocol $p failed"
fi
SSH_CONNECTION=`${SSH} -$p -F $OBJ/ssh_proxy 999.999.999.999 'echo $SSH_CONNECTION'`
if [ $? -ne 0 ]; then
fail "ssh proxyconnect protocol $p failed"
fi
if [ "$SSH_CONNECTION" != "UNKNOWN 65535 UNKNOWN 65535" ]; then
fail "bad SSH_CONNECTION"
fi
done

57
crypto/openssh/regress/sftp-batch.sh Normal file
View file

@ -0,0 +1,57 @@
# $OpenBSD: sftp-batch.sh,v 1.2 2003/01/10 07:52:41 djm Exp $
# Placed in the Public Domain.
tid="sftp batchfile"
DATA=/bin/ls
COPY=${OBJ}/copy
BATCH=${OBJ}/sftp-batch
rm -rf ${COPY} ${COPY}.1 ${COPY}.2 ${COPY}.dd ${BATCH}.*
cat << EOF > ${BATCH}.pass.1
get $DATA $COPY
put ${COPY} ${COPY}.1
rm ${COPY}
-put ${COPY} ${COPY}.2
EOF
cat << EOF > ${BATCH}.pass.2
# This is a comment
# That was a blank line
ls
EOF
cat << EOF > ${BATCH}.fail.1
get $DATA $COPY
put ${COPY} ${COPY}.3
rm ${COPY}.*
# The next command should fail
put ${COPY}.3 ${COPY}.4
EOF
cat << EOF > ${BATCH}.fail.2
# The next command should fail
jajajajaja
EOF
verbose "$tid: good commands"
${SFTP} -b ${BATCH}.pass.1 -P ${SFTPSERVER} >/dev/null 2>&1 \
|| fail "good commands failed"
verbose "$tid: bad commands"
${SFTP} -b ${BATCH}.fail.1 -P ${SFTPSERVER} >/dev/null 2>&1 \
&& fail "bad commands succeeded"
verbose "$tid: comments and blanks"
${SFTP} -b ${BATCH}.pass.2 -P ${SFTPSERVER} >/dev/null 2>&1 \
|| fail "comments & blanks failed"
verbose "$tid: junk command"
${SFTP} -b ${BATCH}.fail.2 -P ${SFTPSERVER} >/dev/null 2>&1 \
&& fail "junk command succeeded"
rm -rf ${COPY} ${COPY}.1 ${COPY}.2 ${COPY}.dd ${BATCH}.*

100
crypto/openssh/regress/sftp-cmds.sh Normal file
View file

@ -0,0 +1,100 @@
# $OpenBSD: sftp-cmds.sh,v 1.2 2003/01/10 07:52:41 djm Exp $
# Placed in the Public Domain.
# XXX - TODO:
# - globbed operations
# - chmod / chown / chgrp
# - -p flag for get & put
tid="sftp commands"
DATA=/bin/ls
COPY=${OBJ}/copy
rm -rf ${COPY} ${COPY}.1 ${COPY}.2 ${COPY}.dd ${BATCH}.*
verbose "$tid: lls"
echo "lls ${OBJ}" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
|| fail "lls failed"
# XXX always successful
verbose "$tid: ls"
echo "ls ${OBJ}" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
|| fail "ls failed"
# XXX always successful
verbose "$tid: shell"
echo "!echo hi there" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
|| fail "shell failed"
# XXX always successful
verbose "$tid: pwd"
echo "pwd" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
|| fail "pwd failed"
# XXX always successful
verbose "$tid: lpwd"
echo "lpwd" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
|| fail "lpwd failed"
# XXX always successful
verbose "$tid: quit"
echo "quit" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
|| fail "quit failed"
# XXX always successful
verbose "$tid: help"
echo "help" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
|| fail "help failed"
# XXX always successful
rm -f ${COPY}
verbose "$tid: get"
echo "get $DATA $COPY" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
|| fail "get failed"
cmp $DATA ${COPY} || fail "corrupted copy after get"
rm -f ${COPY}
verbose "$tid: put"
echo "put $DATA $COPY" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
|| fail "put failed"
cmp $DATA ${COPY} || fail "corrupted copy after put"
verbose "$tid: rename"
echo "rename $COPY ${COPY}.1" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
|| fail "rename failed"
test -f ${COPY}.1 || fail "missing file after rename"
cmp $DATA ${COPY}.1 >/dev/null 2>&1 || fail "corrupted copy after rename"
verbose "$tid: ln"
echo "ln ${COPY}.1 ${COPY}.2" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 || fail "ln failed"
test -L ${COPY}.2 || fail "missing file after ln"
verbose "$tid: mkdir"
echo "mkdir ${COPY}.dd" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
|| fail "mkdir failed"
test -d ${COPY}.dd || fail "missing directory after mkdir"
# XXX do more here
verbose "$tid: chdir"
echo "chdir ${COPY}.dd" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
|| fail "chdir failed"
verbose "$tid: rmdir"
echo "rmdir ${COPY}.dd" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
|| fail "rmdir failed"
test -d ${COPY}.1 && fail "present directory after rmdir"
verbose "$tid: lmkdir"
echo "lmkdir ${COPY}.dd" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
|| fail "lmkdir failed"
test -d ${COPY}.dd || fail "missing directory after lmkdir"
# XXX do more here
verbose "$tid: lchdir"
echo "lchdir ${COPY}.dd" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \
|| fail "lchdir failed"
rm -rf ${COPY} ${COPY}.1 ${COPY}.2 ${COPY}.dd ${BATCH}.*

6
crypto/openssh/regress/ssh-com-client.sh
View file

@ -1,4 +1,4 @@
# $OpenBSD: ssh-com-client.sh,v 1.3 2002/04/10 08:45:30 markus Exp $
# $OpenBSD: ssh-com-client.sh,v 1.4 2002/07/16 08:58:16 markus Exp $
# Placed in the Public Domain.
tid="connect with ssh.com client"
@ -15,7 +15,9 @@ VERSIONS="
2.3.1
2.4.0
3.0.0
3.1.0"
3.1.0
3.2.0
3.3.0"
# 2.0.10 2.0.12 2.0.13 don't like the test setup

6
crypto/openssh/regress/ssh-com-keygen.sh
View file

@ -1,4 +1,4 @@
# $OpenBSD: ssh-com-keygen.sh,v 1.1 2002/03/27 22:40:27 markus Exp $
# $OpenBSD: ssh-com-keygen.sh,v 1.2 2002/07/16 08:58:16 markus Exp $
# Placed in the Public Domain.
tid="ssh.com key import"
@ -18,7 +18,9 @@ VERSIONS="
2.3.1
2.4.0
3.0.0
3.1.0"
3.1.0
3.2.0
3.3.0"
COMPRV=${OBJ}/comkey
COMPUB=${COMPRV}.pub

6
crypto/openssh/regress/ssh-com-sftp.sh
View file

@ -1,4 +1,4 @@
# $OpenBSD: ssh-com-sftp.sh,v 1.2 2002/04/10 08:45:30 markus Exp $
# $OpenBSD: ssh-com-sftp.sh,v 1.3 2002/07/16 08:58:16 markus Exp $
# Placed in the Public Domain.
tid="basic sftp put/get with ssh.com server"
@ -24,7 +24,9 @@ VERSIONS="
2.3.1
2.4.0
3.0.0
3.1.0"
3.1.0
3.2.0
3.3.0"
# go for it
for v in ${VERSIONS}; do

10
crypto/openssh/regress/ssh-com.sh
View file

@ -1,4 +1,4 @@
# $OpenBSD: ssh-com.sh,v 1.3 2002/03/15 13:08:56 markus Exp $
# $OpenBSD: ssh-com.sh,v 1.4 2002/07/16 08:58:16 markus Exp $
# Placed in the Public Domain.
tid="connect to ssh.com server"
@ -14,17 +14,19 @@ VERSIONS="
2.1.0
2.2.0
2.3.0
2.3.1
2.4.0
3.0.0
3.1.0"
3.1.0
3.2.0
3.3.0"
# 2.0.10 does not support UserConfigDirectory
# 2.3.1 requires a config in $HOME/.ssh2
SRC=`dirname ${SCRIPT}`
# ssh.com
cat << EOF > $OBJ/sshd2_config
*:
#*:
# Port and ListenAdress are not used.
QuietMode yes
Port 4343

21
crypto/openssh/scp.1
View file

@ -9,7 +9,7 @@
.\"
.\" Created: Sun May 7 00:14:37 1995 ylo
.\"
.\" $OpenBSD: scp.1,v 1.23 2002/06/22 16:41:57 stevesk Exp $
.\" $OpenBSD: scp.1,v 1.27 2003/03/28 10:11:43 jmc Exp $
.\"
.Dd September 25, 1999
.Dt SCP 1
@ -19,12 +19,14 @@
.Nd secure copy (remote file copy program)
.Sh SYNOPSIS
.Nm scp
.Op Fl pqrvBC46
.Bk -words
.Op Fl pqrvBC1246
.Op Fl F Ar ssh_config
.Op Fl S Ar program
.Op Fl P Ar port
.Op Fl c Ar cipher
.Op Fl i Ar identity_file
.Op Fl l Ar limit
.Op Fl o Ar ssh_option
.Sm off
.Oo
@ -39,6 +41,7 @@
.Ar host2 No :
.Oc Ar file2
.Sm on
.Ek
.Sh DESCRIPTION
.Nm
copies files between hosts on a network.
@ -68,6 +71,8 @@ Selects the file from which the identity (private key) for RSA
authentication is read.
This option is directly passed to
.Xr ssh 1 .
.It Fl l Ar limit
Limits the used bandwidth, specified in Kbit/s.
.It Fl p
Preserves modification times, access times, and modes from the
original file.
@ -122,9 +127,15 @@ in the format used in
This is useful for specifying options
for which there is no separate
.Nm scp
command-line flag. For example, forcing the use of protocol
version 1 is specified using
.Ic scp -oProtocol=1 .
command-line flag.
.It Fl 1
Forces
.Nm
to use protocol 1.
.It Fl 2
Forces
.Nm
to use protocol 2.
.It Fl 4
Forces
.Nm

337
crypto/openssh/scp.c
View file

@ -75,13 +75,14 @@
*/
#include "includes.h"
RCSID("$OpenBSD: scp.c,v 1.91 2002/06/19 00:27:55 deraadt Exp $");
RCSID("$OpenBSD: scp.c,v 1.102 2003/03/05 22:33:43 markus Exp $");
#include "xmalloc.h"
#include "atomicio.h"
#include "pathnames.h"
#include "log.h"
#include "misc.h"
#include "progressmeter.h"
#ifdef HAVE___PROGNAME
extern char *__progname;
@ -89,29 +90,13 @@ extern char *__progname;
char *__progname;
#endif
/* For progressmeter() -- number of seconds before xfer considered "stalled" */
#define STALLTIME 5
/* alarm() interval for updating progress meter */
#define PROGRESSTIME 1
/* Visual statistics about files as they are transferred. */
void progressmeter(int);
/* Returns width of the terminal (for progress meter calculations). */
int getttywidth(void);
int do_cmd(char *host, char *remuser, char *cmd, int *fdin, int *fdout, int argc);
void bwlimit(int);
/* Struct for addargs */
arglist args;
/* Time a transfer started. */
static struct timeval start;
/* Number of bytes of current file transferred so far. */
volatile off_t statbytes;
/* Total size of current file. */
off_t totalbytes = 0;
/* Bandwidth limit */
off_t limitbw = 0;
/* Name of current file being transferred. */
char *curfile;
@ -125,6 +110,9 @@ int showprogress = 1;
/* This is the program to execute for the secured connection. ("ssh" or -S) */
char *ssh_program = _PATH_SSH_PROGRAM;
/* This is used to store the pid of ssh_program */
pid_t do_cmd_pid;
/*
* This function executes the given command as the specified user on the
* given host. This returns < 0 if execution fails, and >= 0 otherwise. This
@ -159,7 +147,8 @@ do_cmd(char *host, char *remuser, char *cmd, int *fdin, int *fdout, int argc)
close(reserved[1]);
/* For a child to execute the command on the remote host using ssh. */
if (fork() == 0) {
do_cmd_pid = fork();
if (do_cmd_pid == 0) {
/* Child. */
close(pin[1]);
close(pout[0]);
@ -177,6 +166,8 @@ do_cmd(char *host, char *remuser, char *cmd, int *fdin, int *fdout, int argc)
execvp(ssh_program, args.list);
perror(ssh_program);
exit(1);
} else if (do_cmd_pid == -1) {
fatal("fork: %s", strerror(errno));
}
/* Parent. Close the other side, and return the local side. */
close(pin[0]);
@ -219,8 +210,9 @@ main(argc, argv)
int argc;
char *argv[];
{
int ch, fflag, tflag;
char *targ;
int ch, fflag, tflag, status;
double speed;
char *targ, *endp;
extern char *optarg;
extern int optind;
@ -233,9 +225,11 @@ main(argc, argv)
addargs(&args, "-oClearAllForwardings yes");
fflag = tflag = 0;
while ((ch = getopt(argc, argv, "dfprtvBCc:i:P:q46S:o:F:")) != -1)
while ((ch = getopt(argc, argv, "dfl:prtvBCc:i:P:q1246S:o:F:")) != -1)
switch (ch) {
/* User-visible flags. */
case '1':
case '2':
case '4':
case '6':
case 'C':
@ -253,6 +247,12 @@ main(argc, argv)
case 'B':
addargs(&args, "-oBatchmode yes");
break;
case 'l':
speed = strtod(optarg, &endp);
if (speed <= 0 || *endp != '\0')
usage();
limitbw = speed * 1024;
break;
case 'p':
pflag = 1;
break;
@ -317,6 +317,7 @@ main(argc, argv)
targetshouldbedirectory = 1;
remin = remout = -1;
do_cmd_pid = -1;
/* Command to be executed on remote system using "ssh". */
(void) snprintf(cmd, sizeof cmd, "scp%s%s%s%s",
verbose_mode ? " -v" : "",
@ -332,6 +333,22 @@ main(argc, argv)
if (targetshouldbedirectory)
verifydir(argv[argc - 1]);
}
/*
* Finally check the exit status of the ssh process, if one was forked
* and no error has occured yet
*/
if (do_cmd_pid != -1 && errs == 0) {
if (remin != -1)
(void) close(remin);
if (remout != -1)
(void) close(remout);
if (waitpid(do_cmd_pid, &status, 0) == -1)
errs = 1;
else {
if (!WIFEXITED(status) || WEXITSTATUS(status) != 0)
errs = 1;
}
}
exit(errs != 0);
}
@ -347,14 +364,12 @@ toremote(targ, argc, argv)
if (*targ == 0)
targ = ".";
if ((thost = strchr(argv[argc - 1], '@'))) {
if ((thost = strrchr(argv[argc - 1], '@'))) {
/* user@host */
*thost++ = 0;
tuser = argv[argc - 1];
if (*tuser == '\0')
tuser = NULL;
else if (!okname(tuser))
exit(1);
} else {
thost = argv[argc - 1];
tuser = NULL;
@ -368,7 +383,7 @@ toremote(targ, argc, argv)
*src++ = 0;
if (*src == 0)
src = ".";
host = strchr(argv[i], '@');
host = strrchr(argv[i], '@');
len = strlen(ssh_program) + strlen(argv[i]) +
strlen(src) + (tuser ? strlen(tuser) : 0) +
strlen(thost) + strlen(targ) +
@ -380,8 +395,14 @@ toremote(targ, argc, argv)
suser = argv[i];
if (*suser == '\0')
suser = pwd->pw_name;
else if (!okname(suser))
else if (!okname(suser)) {
xfree(bp);
continue;
}
if (tuser && !okname(tuser)) {
xfree(bp);
continue;
}
snprintf(bp, len,
"%s%s %s -n "
"-l %s %s %s %s '%s%s%s:%s'",
@ -447,7 +468,7 @@ tolocal(argc, argv)
*src++ = 0;
if (*src == 0)
src = ".";
if ((host = strchr(argv[i], '@')) == NULL) {
if ((host = strrchr(argv[i], '@')) == NULL) {
host = argv[i];
suser = NULL;
} else {
@ -455,8 +476,6 @@ tolocal(argc, argv)
suser = argv[i];
if (*suser == '\0')
suser = pwd->pw_name;
else if (!okname(suser))
continue;
}
host = cleanhostname(host);
len = strlen(src) + CMDNEEDS + 20;
@ -482,7 +501,7 @@ source(argc, argv)
struct stat stb;
static BUF buffer;
BUF *bp;
off_t i, amt, result;
off_t i, amt, result, statbytes;
int fd, haderr, indx;
char *last, *name, buf[2048];
int len;
@ -547,7 +566,6 @@ syserr: run_err("%s: %s", name, strerror(errno));
#endif
if (verbose_mode) {
fprintf(stderr, "Sending file modes: %s", buf);
fflush(stderr);
}
(void) atomicio(write, remout, buf, strlen(buf));
if (response() < 0)
@ -556,10 +574,8 @@ syserr: run_err("%s: %s", name, strerror(errno));
next: (void) close(fd);
continue;
}
if (showprogress) {
totalbytes = stb.st_size;
progressmeter(-1);
}
if (showprogress)
start_progress_meter(curfile, stb.st_size, &statbytes);
/* Keep writing after an error so that we stay sync'd up. */
for (haderr = i = 0; i < stb.st_size; i += bp->cnt) {
amt = bp->cnt;
@ -578,9 +594,11 @@ next: (void) close(fd);
haderr = result >= 0 ? EIO : errno;
statbytes += result;
}
if (limitbw)
bwlimit(amt);
}
if (showprogress)
progressmeter(1);
stop_progress_meter();
if (close(fd) < 0 && !haderr)
haderr = errno;
@ -647,6 +665,60 @@ rsource(name, statp)
(void) response();
}
void
bwlimit(int amount)
{
static struct timeval bwstart, bwend;
static int lamt, thresh = 16384;
u_int64_t wait;
struct timespec ts, rm;
if (!timerisset(&bwstart)) {
gettimeofday(&bwstart, NULL);
return;
}
lamt += amount;
if (lamt < thresh)
return;
gettimeofday(&bwend, NULL);
timersub(&bwend, &bwstart, &bwend);
if (!timerisset(&bwend))
return;
lamt *= 8;
wait = (double)1000000L * lamt / limitbw;
bwstart.tv_sec = wait / 1000000L;
bwstart.tv_usec = wait % 1000000L;
if (timercmp(&bwstart, &bwend, >)) {
timersub(&bwstart, &bwend, &bwend);
/* Adjust the wait time */
if (bwend.tv_sec) {
thresh /= 2;
if (thresh < 2048)
thresh = 2048;
} else if (bwend.tv_usec < 100) {
thresh *= 2;
if (thresh > 32768)
thresh = 32768;
}
TIMEVAL_TO_TIMESPEC(&bwend, &ts);
while (nanosleep(&ts, &rm) == -1) {
if (errno != EINTR)
break;
ts = rm;
}
}
lamt = 0;
gettimeofday(&bwstart, NULL);
}
void
sink(argc, argv)
int argc;
@ -660,7 +732,7 @@ sink(argc, argv)
BUF *bp;
off_t i, j;
int amt, count, exists, first, mask, mode, ofd, omode;
off_t size;
off_t size, statbytes;
int setimes, targisdir, wrerrno = 0;
char ch, *cp, *np, *targ, *why, *vect[1], buf[2048];
struct timeval tv[2];
@ -822,11 +894,9 @@ bad: run_err("%s: %s", np, strerror(errno));
cp = bp->buf;
wrerr = NO;
if (showprogress) {
totalbytes = size;
progressmeter(-1);
}
statbytes = 0;
if (showprogress)
start_progress_meter(curfile, size, &statbytes);
for (count = i = 0; i < size; i += 4096) {
amt = 4096;
if (i + amt > size)
@ -846,6 +916,10 @@ bad: run_err("%s: %s", np, strerror(errno));
cp += j;
statbytes += j;
} while (amt > 0);
if (limitbw)
bwlimit(4096);
if (count == bp->cnt) {
/* Keep reading so we stay sync'd up. */
if (wrerr == NO) {
@ -860,13 +934,13 @@ bad: run_err("%s: %s", np, strerror(errno));
}
}
if (showprogress)
progressmeter(1);
stop_progress_meter();
if (count != 0 && wrerr == NO &&
(j = atomicio(write, ofd, bp->buf, count)) != count) {
wrerr = YES;
wrerrno = j >= 0 ? EIO : errno;
}
if (ftruncate(ofd, size)) {
if (wrerr == NO && ftruncate(ofd, size) != 0) {
run_err("%s: truncate: %s", np, strerror(errno));
wrerr = DISPLAYED;
}
@ -955,8 +1029,8 @@ void
usage(void)
{
(void) fprintf(stderr,
"usage: scp [-pqrvBC46] [-F config] [-S program] [-P port]\n"
" [-c cipher] [-i identity] [-o option]\n"
"usage: scp [-pqrvBC1246] [-F config] [-S program] [-P port]\n"
" [-c cipher] [-i identity] [-l limit] [-o option]\n"
" [[user@]host1:]file1 [...] [[user@]host2:]file2\n");
exit(1);
}
@ -1013,9 +1087,18 @@ okname(cp0)
c = (int)*cp;
if (c & 0200)
goto bad;
if (!isalpha(c) && !isdigit(c) &&
c != '_' && c != '-' && c != '.' && c != '+')
goto bad;
if (!isalpha(c) && !isdigit(c)) {
switch (c) {
case '\'':
case '"':
case '`':
case ' ':
case '#':
goto bad;
default:
break;
}
}
} while (*++cp);
return (1);
@ -1036,11 +1119,9 @@ allocbuf(bp, fd, blksize)
run_err("fstat: %s", strerror(errno));
return (0);
}
if (stb.st_blksize == 0)
size = roundup(stb.st_blksize, blksize);
if (size == 0)
size = blksize;
else
size = blksize + (stb.st_blksize - blksize % stb.st_blksize) %
stb.st_blksize;
#else /* HAVE_STRUCT_STAT_ST_BLKSIZE */
size = blksize;
#endif /* HAVE_STRUCT_STAT_ST_BLKSIZE */
@ -1066,149 +1147,3 @@ lostconn(signo)
else
exit(1);
}
static void
updateprogressmeter(int ignore)
{
int save_errno = errno;
progressmeter(0);
signal(SIGALRM, updateprogressmeter);
alarm(PROGRESSTIME);
errno = save_errno;
}
static int
foregroundproc(void)
{
static pid_t pgrp = -1;
int ctty_pgrp;
if (pgrp == -1)
pgrp = getpgrp();
#ifdef HAVE_TCGETPGRP
return ((ctty_pgrp = tcgetpgrp(STDOUT_FILENO)) != -1 &&
ctty_pgrp == pgrp);
#else
return ((ioctl(STDOUT_FILENO, TIOCGPGRP, &ctty_pgrp) != -1 &&
ctty_pgrp == pgrp));
#endif
}
void
progressmeter(int flag)
{
static const char prefixes[] = " KMGTP";
static struct timeval lastupdate;
static off_t lastsize;
struct timeval now, td, wait;
off_t cursize, abbrevsize;
double elapsed;
int ratio, barlength, i, remaining;
char buf[512];
if (flag == -1) {
(void) gettimeofday(&start, (struct timezone *) 0);
lastupdate = start;
lastsize = 0;
}
if (foregroundproc() == 0)
return;
(void) gettimeofday(&now, (struct timezone *) 0);
cursize = statbytes;
if (totalbytes != 0) {
ratio = 100.0 * cursize / totalbytes;
ratio = MAX(ratio, 0);
ratio = MIN(ratio, 100);
} else
ratio = 100;
snprintf(buf, sizeof(buf), "\r%-20.20s %3d%% ", curfile, ratio);
barlength = getttywidth() - 51;
if (barlength > 0) {
i = barlength * ratio / 100;
snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf),
"|%.*s%*s|", i,
"*******************************************************"
"*******************************************************"
"*******************************************************"
"*******************************************************"
"*******************************************************"
"*******************************************************"
"*******************************************************",
barlength - i, "");
}
i = 0;
abbrevsize = cursize;
while (abbrevsize >= 100000 && i < sizeof(prefixes)) {
i++;
abbrevsize >>= 10;
}
snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf), " %5lu %c%c ",
(unsigned long) abbrevsize, prefixes[i],
prefixes[i] == ' ' ? ' ' : 'B');
timersub(&now, &lastupdate, &wait);
if (cursize > lastsize) {
lastupdate = now;
lastsize = cursize;
if (wait.tv_sec >= STALLTIME) {
start.tv_sec += wait.tv_sec;
start.tv_usec += wait.tv_usec;
}
wait.tv_sec = 0;
}
timersub(&now, &start, &td);
elapsed = td.tv_sec + (td.tv_usec / 1000000.0);
if (flag != 1 &&
(statbytes <= 0 || elapsed <= 0.0 || cursize > totalbytes)) {
snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf),
" --:-- ETA");
} else if (wait.tv_sec >= STALLTIME) {
snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf),
" - stalled -");
} else {
if (flag != 1)
remaining = (int)(totalbytes / (statbytes / elapsed) -
elapsed);
else
remaining = elapsed;
i = remaining / 3600;
if (i)
snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf),
"%2d:", i);
else
snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf),
" ");
i = remaining % 3600;
snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf),
"%02d:%02d%s", i / 60, i % 60,
(flag != 1) ? " ETA" : " ");
}
atomicio(write, fileno(stdout), buf, strlen(buf));
if (flag == -1) {
mysignal(SIGALRM, updateprogressmeter);
alarm(PROGRESSTIME);
} else if (flag == 1) {
alarm(0);
atomicio(write, fileno(stdout), "\n", 1);
statbytes = 0;
}
}
int
getttywidth(void)
{
struct winsize winsize;
if (ioctl(fileno(stdout), TIOCGWINSZ, &winsize) != -1)
return (winsize.ws_col ? winsize.ws_col : 80);
else
return (80);
}

Some files were not shown because too many files have changed in this diff Show more