merged OpenSSH 4.6p1, openssh-4.6p1-gsskex-20070312.patch, and openssh-4.6p1-hpn12v16...

author jbasney <jbasney>

Wed, 14 Mar 2007 15:59:49 +0000 (15:59 +0000)

committer jbasney <jbasney>

Wed, 14 Mar 2007 15:59:49 +0000 (15:59 +0000)
author jbasney <jbasney>
Wed, 14 Mar 2007 15:59:49 +0000 (15:59 +0000)
committer jbasney <jbasney>
Wed, 14 Mar 2007 15:59:49 +0000 (15:59 +0000)
diff --git a/openssh/ChangeLog.gssapi b/openssh/ChangeLog.gssapi

index e5459f297516d7e2a331af1edd5111b952c76b74..010612c4ce67143db7c161dc55ace337f824dbc9 100644 (file)
--- a/openssh/ChangeLog.gssapi
+++ b/openssh/ChangeLog.gssapi
@@ -1,3 +1,8 @@
+20070317
+  - [ gss-serv-krb5.c ]
+    Remove C99ism, where new_ccname was being declared in the middle of a 
+    function
+
  20061220
    - [ servconf.c ]
      Make default for GSSAPIStrictAcceptorCheck be Yes, to match previous, and 
  20061220
    - [ servconf.c ]
      Make default for GSSAPIStrictAcceptorCheck be Yes, to match previous, and 
diff --git a/openssh/auth.c b/openssh/auth.c

index 8ed27b96e3492f31145200b1f749d7e2bdf3eb4f..4085a8abdcf385207952c2565b608100eaa16bd0 100644 (file)
--- a/openssh/auth.c
+++ b/openssh/auth.c
@@ -571,8 +571,8 @@ fakepw(void)
         fake.pw_passwd =
             "$2a$06$r3.juUaHZDlIbQaO2dS9FuYxL1W9M81R1Tc92PoSNmzvpEqLkLGrK";
         fake.pw_gecos = "NOUSER";
         fake.pw_passwd =
             "$2a$06$r3.juUaHZDlIbQaO2dS9FuYxL1W9M81R1Tc92PoSNmzvpEqLkLGrK";
         fake.pw_gecos = "NOUSER";
-       fake.pw_uid = privsep_pw->pw_uid;
-       fake.pw_gid = privsep_pw->pw_gid;
+       fake.pw_uid = privsep_pw == NULL ? (uid_t)-1 : privsep_pw->pw_uid;
+       fake.pw_gid = privsep_pw == NULL ? (gid_t)-1 : privsep_pw->pw_gid;
  #ifdef HAVE_PW_CLASS_IN_PASSWD
         fake.pw_class = "";
  #endif
  #ifdef HAVE_PW_CLASS_IN_PASSWD
         fake.pw_class = "";
  #endif
diff --git a/openssh/auth2.c b/openssh/auth2.c

index 8e9b5449595c1d35644afce1fb6461f706dfebb8..82306ba723504f7027ebe31469a34e85438aff8d 100644 (file)
--- a/openssh/auth2.c
+++ b/openssh/auth2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2.c,v 1.113 2006/08/03 03:34:41 deraadt Exp $ */
+/* $OpenBSD: auth2.c,v 1.114 2007/03/01 10:28:02 dtucker Exp $ */
  /*
   * Copyright (c) 2000 Markus Friedl.  All rights reserved.
   *
  /*
   * Copyright (c) 2000 Markus Friedl.  All rights reserved.
   *
@@ -102,10 +102,6 @@ int user_key_allowed(struct passwd *, Key *);
  void
  do_authentication2(Authctxt *authctxt)
  {
  void
  do_authentication2(Authctxt *authctxt)
  {
-       /* challenge-response is implemented via keyboard interactive */
-       if (options.challenge_response_authentication)
-               options.kbd_interactive_authentication = 1;
-
         dispatch_init(&dispatch_protocol_error);
         dispatch_set(SSH2_MSG_SERVICE_REQUEST, &input_service_request);
         dispatch_run(DISPATCH_BLOCK, &authctxt->success, authctxt);
         dispatch_init(&dispatch_protocol_error);
         dispatch_set(SSH2_MSG_SERVICE_REQUEST, &input_service_request);
         dispatch_run(DISPATCH_BLOCK, &authctxt->success, authctxt);
diff --git a/openssh/channels.c b/openssh/channels.c

index 639e69c0c2afeddc29f486b5b49e3f39a9e452c3..030a2deb9b6fb4656dc845e3a87851cbdbae8be0 100644 (file)
--- a/openssh/channels.c
+++ b/openssh/channels.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: channels.c,v 1.266 2006/08/29 10:40:18 djm Exp $ */
+/* $OpenBSD: channels.c,v 1.268 2007/01/03 03:01:40 stevesk Exp $ */
  /*
   * Author: Tatu Ylonen <ylo@cs.hut.fi>
   * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  /*
   * Author: Tatu Ylonen <ylo@cs.hut.fi>
   * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1077,7 +1077,7 @@ channel_decode_socks5(Channel *c, fd_set *readset, fd_set *writeset)
                 if (have < nmethods + 2)
                         return 0;
                 /* look for method: "NO AUTHENTICATION REQUIRED" */
                 if (have < nmethods + 2)
                         return 0;
                 /* look for method: "NO AUTHENTICATION REQUIRED" */
-               for (found = 0, i = 2 ; i < nmethods + 2; i++) {
+               for (found = 0, i = 2; i < nmethods + 2; i++) {
                         if (p[i] == SSH_SOCKS5_NOAUTH) {
                                 found = 1;
                                 break;
                         if (p[i] == SSH_SOCKS5_NOAUTH) {
                                 found = 1;
                                 break;
@@ -1474,10 +1474,11 @@ channel_handle_rfd(Channel *c, fd_set *readset, fd_set *writeset)
         int len;
  
         if (c->rfd != -1 &&
         int len;
  
         if (c->rfd != -1 &&
-           FD_ISSET(c->rfd, readset)) {
+           (c->detach_close || FD_ISSET(c->rfd, readset))) {
                 errno = 0;
                 len = read(c->rfd, buf, sizeof(buf));
                 errno = 0;
                 len = read(c->rfd, buf, sizeof(buf));
-               if (len < 0 && (errno == EINTR || errno == EAGAIN))
+               if (len < 0 && (errno == EINTR ||
+                   (errno == EAGAIN && !(c->isatty && c->detach_close))))
                         return 1;
  #ifndef PTY_ZEROREAD
                 if (len <= 0) {
                         return 1;
  #ifndef PTY_ZEROREAD
                 if (len <= 0) {
@@ -1629,11 +1630,12 @@ channel_handle_efd(Channel *c, fd_set *readset, fd_set *writeset)
                                 c->local_consumed += len;
                         }
                 } else if (c->extended_usage == CHAN_EXTENDED_READ &&
                                 c->local_consumed += len;
                         }
                 } else if (c->extended_usage == CHAN_EXTENDED_READ &&
-                   FD_ISSET(c->efd, readset)) {
+                   (c->detach_close || FD_ISSET(c->efd, readset))) {
                         len = read(c->efd, buf, sizeof(buf));
                         debug2("channel %d: read %d from efd %d",
                             c->self, len, c->efd);
                         len = read(c->efd, buf, sizeof(buf));
                         debug2("channel %d: read %d from efd %d",
                             c->self, len, c->efd);
-                       if (len < 0 && (errno == EINTR || errno == EAGAIN))
+                       if (len < 0 && (errno == EINTR ||
+                           (errno == EAGAIN && !c->detach_close)))
                                 return 1;
                         if (len <= 0) {
                                 debug2("channel %d: closing read-efd %d",
                                 return 1;
                         if (len <= 0) {
                                 debug2("channel %d: closing read-efd %d",
@@ -2565,11 +2567,18 @@ channel_request_remote_forwarding(const char *listen_host, u_short listen_port,
         /* Send the forward request to the remote side. */
         if (compat20) {
                 const char *address_to_bind;
         /* Send the forward request to the remote side. */
         if (compat20) {
                 const char *address_to_bind;
-               if (listen_host == NULL)
-                       address_to_bind = "localhost";
-               else if (*listen_host == '\0' || strcmp(listen_host, "*") == 0)
-                       address_to_bind = "";
-               else
+               if (listen_host == NULL) {
+                       if (datafellows & SSH_BUG_RFWD_ADDR)
+                               address_to_bind = "127.0.0.1";
+                       else
+                               address_to_bind = "localhost";
+               } else if (*listen_host == '\0' ||
+                          strcmp(listen_host, "*") == 0) {
+                       if (datafellows & SSH_BUG_RFWD_ADDR)
+                               address_to_bind = "0.0.0.0";
+                       else
+                               address_to_bind = "";
+               } else
                         address_to_bind = listen_host;
  
                 packet_start(SSH2_MSG_GLOBAL_REQUEST);
                         address_to_bind = listen_host;
  
                 packet_start(SSH2_MSG_GLOBAL_REQUEST);
diff --git a/openssh/clientloop.c b/openssh/clientloop.c

index 2f7ce2b51e86b7a31e27c53829b787ad2ebbc5e1..ac87de57308cb2fcf468becdb090bf5308636e84 100644 (file)
--- a/openssh/clientloop.c
+++ b/openssh/clientloop.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: clientloop.c,v 1.176 2006/10/11 12:38:03 markus Exp $ */
+/* $OpenBSD: clientloop.c,v 1.178 2007/02/20 10:25:14 djm Exp $ */
  /*
   * Author: Tatu Ylonen <ylo@cs.hut.fi>
   * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  /*
   * Author: Tatu Ylonen <ylo@cs.hut.fi>
   * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -707,7 +707,7 @@ client_process_control(fd_set *readset)
  {
         Buffer m;
         Channel *c;
  {
         Buffer m;
         Channel *c;
-       int client_fd, new_fd[3], ver, allowed;
+       int client_fd, new_fd[3], ver, allowed, window, packetmax;
         socklen_t addrlen;
         struct sockaddr_storage addr;
         struct confirm_ctx *cctx;
         socklen_t addrlen;
         struct sockaddr_storage addr;
         struct confirm_ctx *cctx;
@@ -937,15 +937,19 @@ client_process_control(fd_set *readset)
         set_nonblock(client_fd);
  
         if (options.hpn_disabled) 
         set_nonblock(client_fd);
  
         if (options.hpn_disabled) 
-               c = channel_new("session", SSH_CHANNEL_OPENING,
-                   new_fd[0], new_fd[1], new_fd[2],
-                   CHAN_SES_WINDOW_DEFAULT, CHAN_SES_PACKET_DEFAULT,
-                   CHAN_EXTENDED_WRITE, "client-session", /*nonblock*/0);
-       else 
-               c = channel_new("session", SSH_CHANNEL_OPENING,
-                   new_fd[0], new_fd[1], new_fd[2],
-                   options.hpn_buffer_size, CHAN_SES_PACKET_DEFAULT,
-                   CHAN_EXTENDED_WRITE, "client-session", /*nonblock*/0);
+         window = options.hpn_buffer_size;
+       else
+         window = CHAN_SES_WINDOW_DEFAULT;
+       packetmax = CHAN_SES_PACKET_DEFAULT;
+       if (cctx->want_tty) {
+               window >>= 1;
+               packetmax >>= 1;
+       }
+
+       c = channel_new("session", SSH_CHANNEL_OPENING,
+           new_fd[0], new_fd[1], new_fd[2], window, packetmax,
+           CHAN_EXTENDED_WRITE, "client-session", /*nonblock*/0);
+
         /* XXX */
         c->ctl_fd = client_fd;
  
         /* XXX */
         c->ctl_fd = client_fd;
  
@@ -1810,7 +1814,7 @@ client_request_agent(const char *request_type, int rchan)
                 error("Warning: this is probably a break-in attempt by a malicious server.");
                 return NULL;
         }
                 error("Warning: this is probably a break-in attempt by a malicious server.");
                 return NULL;
         }
-       sock =  ssh_get_authentication_socket();
+       sock = ssh_get_authentication_socket();
         if (sock < 0)
                 return NULL;
         if (options.hpn_disabled) 
         if (sock < 0)
                 return NULL;
         if (options.hpn_disabled) 
diff --git a/openssh/compat.c b/openssh/compat.c

index dca641b787b17ab88bea13c734965daf93187b49..d1addc871ead6e68789f6cbb4d26d7cc04046d81 100644 (file)
--- a/openssh/compat.c
+++ b/openssh/compat.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: compat.c,v 1.76 2006/08/03 03:34:42 deraadt Exp $ */
+/* $OpenBSD: compat.c,v 1.77 2006/12/12 03:58:42 djm Exp $ */
  /*
   * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl.  All rights reserved.
   *
  /*
   * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl.  All rights reserved.
   *
@@ -133,7 +133,8 @@ compat_datafellows(const char *version)
                 { "2.3.*",              SSH_BUG_DEBUG|SSH_BUG_RSASIGMD5|
                                         SSH_BUG_FIRSTKEX },
                 { "2.4",                SSH_OLD_SESSIONID },    /* Van Dyke */
                 { "2.3.*",              SSH_BUG_DEBUG|SSH_BUG_RSASIGMD5|
                                         SSH_BUG_FIRSTKEX },
                 { "2.4",                SSH_OLD_SESSIONID },    /* Van Dyke */
-               { "2.*",                SSH_BUG_DEBUG|SSH_BUG_FIRSTKEX },
+               { "2.*",                SSH_BUG_DEBUG|SSH_BUG_FIRSTKEX|
+                                       SSH_BUG_RFWD_ADDR },
                 { "3.0.*",              SSH_BUG_DEBUG },
                 { "3.0 SecureCRT*",     SSH_OLD_SESSIONID },
                 { "1.7 SecureFX*",      SSH_OLD_SESSIONID },
                 { "3.0.*",              SSH_BUG_DEBUG },
                 { "3.0 SecureCRT*",     SSH_OLD_SESSIONID },
                 { "1.7 SecureFX*",      SSH_OLD_SESSIONID },
diff --git a/openssh/compat.h b/openssh/compat.h

index 91232013b18381624410e445faa762332b541190..ec00fd3efbfd22e1f4a35f2cdafae59c083c565f 100644 (file)
--- a/openssh/compat.h
+++ b/openssh/compat.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: compat.h,v 1.40 2006/03/25 22:22:43 djm Exp $ */
+/* $OpenBSD: compat.h,v 1.41 2006/12/12 03:58:42 djm Exp $ */
  
  /*
   * Copyright (c) 1999, 2000, 2001 Markus Friedl.  All rights reserved.
  
  /*
   * Copyright (c) 1999, 2000, 2001 Markus Friedl.  All rights reserved.
@@ -56,7 +56,8 @@
  #define SSH_BUG_PROBE          0x00400000
  #define SSH_BUG_FIRSTKEX       0x00800000
  #define SSH_OLD_FORWARD_ADDR   0x01000000
  #define SSH_BUG_PROBE          0x00400000
  #define SSH_BUG_FIRSTKEX       0x00800000
  #define SSH_OLD_FORWARD_ADDR   0x01000000
-#define SSH_BUG_LARGEWINDOW     0x02000000
+#define SSH_BUG_RFWD_ADDR      0x02000000
+#define SSH_BUG_LARGEWINDOW     0x04000000
  
  void     enable_compat13(void);
  void     enable_compat20(void);
  
  void     enable_compat13(void);
  void     enable_compat20(void);
diff --git a/openssh/configure.ac b/openssh/configure.ac

index 1997002ded62a2cbbe0f7da10350d6faa23380b4..2188d91d7f764ea4bd88d89af46f5bf54baece10 100644 (file)
--- a/openssh/configure.ac
+++ b/openssh/configure.ac
@@ -360,7 +360,7 @@ int main(void) { exit(0); }
         ;;
  *-*-cygwin*)
         check_for_libcrypt_later=1
         ;;
  *-*-cygwin*)
         check_for_libcrypt_later=1
-       LIBS="$LIBS /usr/lib/textmode.o"
+       LIBS="$LIBS /usr/lib/textreadmode.o"
         AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
         AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
         AC_DEFINE(DISABLE_SHADOW, 1,
         AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
         AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
         AC_DEFINE(DISABLE_SHADOW, 1,
@@ -383,7 +383,8 @@ int main(void) { exit(0); }
         AC_DEFINE(BROKEN_SETREGID)
         ;;
  *-*-darwin*)
         AC_DEFINE(BROKEN_SETREGID)
         ;;
  *-*-darwin*)
-       AC_DEFINE(BROKEN_GETADDRINFO, 1, [getaddrinfo is broken (if present)])],
+       AC_DEFINE(BROKEN_GETADDRINFO, 1, [Define if getaddrinfo is broken)])
+       AC_DEFINE(BROKEN_GETADDRINFO)
         AC_DEFINE(SETEUID_BREAKS_SETUID)
         AC_DEFINE(BROKEN_SETREUID)
         AC_DEFINE(BROKEN_SETREGID)
         AC_DEFINE(SETEUID_BREAKS_SETUID)
         AC_DEFINE(BROKEN_SETREUID)
         AC_DEFINE(BROKEN_SETREGID)
@@ -2021,6 +2022,14 @@ int main(void) {
         ]
  )
  
         ]
  )
  
+AC_ARG_WITH(openssl-header-check,
+       [  --without-openssl-header-check Disable OpenSSL version consistency check],
+       [  if test "x$withval" = "xno" ; then
+               openssl_check_nonfatal=1
+          fi
+       ]
+)
+
  # Sanity check OpenSSL headers
  AC_MSG_CHECKING([whether OpenSSL's headers match the library])
  AC_RUN_IFELSE(
  # Sanity check OpenSSL headers
  AC_MSG_CHECKING([whether OpenSSL's headers match the library])
  AC_RUN_IFELSE(
@@ -2034,9 +2043,18 @@ int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
         ],
         [
                 AC_MSG_RESULT(no)
         ],
         [
                 AC_MSG_RESULT(no)
-               AC_MSG_ERROR([Your OpenSSL headers do not match your library.
-Check config.log for details.
+               if test "x$openssl_check_nonfatal" = "x"; then
+                       AC_MSG_ERROR([Your OpenSSL headers do not match your
+library. Check config.log for details.
+If you are sure your installation is consistent, you can disable the check
+by running "./configure --without-openssl-header-check".
+Also see contrib/findssl.sh for help identifying header/library mismatches.
+])
+               else
+                       AC_MSG_WARN([Your OpenSSL headers do not match your
+library. Check config.log for details.
  Also see contrib/findssl.sh for help identifying header/library mismatches.])
  Also see contrib/findssl.sh for help identifying header/library mismatches.])
+               fi
         ],
         [
                 AC_MSG_WARN([cross compiling: not checking])
         ],
         [
                 AC_MSG_WARN([cross compiling: not checking])
diff --git a/openssh/contrib/findssl.sh b/openssh/contrib/findssl.sh

index a4e8f4c83f6584f96eb0ddf62e7c5dccef985d60..128db74c1064b4d46d82df05e72249b7223d0e80 100644 (file)
--- a/openssh/contrib/findssl.sh
+++ b/openssh/contrib/findssl.sh
@@ -89,6 +89,25 @@ LD_LIBRARY_PATH=${LD_LIBRARY_PATH:=$DEFAULT_LIBPATH}
  LIBRARY_PATH=${LIBRARY_PATH:=$DEFAULT_LIBPATH}
  export LIBPATH LD_LIBRARY_PATH LIBRARY_PATH
  
  LIBRARY_PATH=${LIBRARY_PATH:=$DEFAULT_LIBPATH}
  export LIBPATH LD_LIBRARY_PATH LIBRARY_PATH
  
+# not all platforms have a 'which' command
+if which ls >/dev/null 2>/dev/null; then
+    : which is defined
+else
+    which () {
+       saveIFS="$IFS"
+       IFS=:
+       for p in $PATH; do
+           if test -x "$p/$1" -a -f "$p/$1"; then
+               IFS="$saveIFS"
+               echo "$p/$1"
+               return 0
+           fi
+       done
+       IFS="$saveIFS"
+       return 1
+    }
+fi
+
  #
  # Search for OpenSSL headers and print versions
  #
  #
  # Search for OpenSSL headers and print versions
  #
diff --git a/openssh/dns.c b/openssh/dns.c

index 92623de72863877b949cd51b436c3250d3b4e958..a89176f882835c2931261ff909a934af7efa4e39 100644 (file)
--- a/openssh/dns.c
+++ b/openssh/dns.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dns.c,v 1.23 2006/08/03 03:34:42 deraadt Exp $ */
+/* $OpenBSD: dns.c,v 1.24 2007/01/03 03:01:40 stevesk Exp $ */
  
  /*
   * Copyright (c) 2003 Wesley Griffin. All rights reserved.
  
  /*
   * Copyright (c) 2003 Wesley Griffin. All rights reserved.
@@ -217,7 +217,7 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address,
         if (fingerprints->rri_nrdatas)
                 *flags |= DNS_VERIFY_FOUND;
  
         if (fingerprints->rri_nrdatas)
                 *flags |= DNS_VERIFY_FOUND;
  
-       for (counter = 0; counter < fingerprints->rri_nrdatas; counter++)  {
+       for (counter = 0; counter < fingerprints->rri_nrdatas; counter++) {
                 /*
                  * Extract the key from the answer. Ignore any badly
                  * formatted fingerprints.
                 /*
                  * Extract the key from the answer. Ignore any badly
                  * formatted fingerprints.
diff --git a/openssh/gss-serv-krb5.c b/openssh/gss-serv-krb5.c

index 243fbd59895e5b07327853e6c84e9b1c31426655..bea0eaebd25acc85797a42bc3e5b187edd47761c 100644 (file)
--- a/openssh/gss-serv-krb5.c
+++ b/openssh/gss-serv-krb5.c
@@ -164,7 +164,7 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client)
         OM_uint32 maj_status, min_status;
         gss_cred_id_t krb5_cred_handle;
         int len;
         OM_uint32 maj_status, min_status;
         gss_cred_id_t krb5_cred_handle;
         int len;
-    const char* new_ccname;
+       const char *new_ccname;
  
         if (client->creds == NULL) {
                 debug("No credentials stored");
  
         if (client->creds == NULL) {
                 debug("No credentials stored");
diff --git a/openssh/kex.c b/openssh/kex.c

index ac74079fcdd0060f45996ca022950ef54a72d188..ea5d9acfecebfb456234a34bf422d39f1746c996 100644 (file)
--- a/openssh/kex.c
+++ b/openssh/kex.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kex.c,v 1.76 2006/08/03 03:34:42 deraadt Exp $ */
+/* $OpenBSD: kex.c,v 1.77 2007/01/21 01:41:54 stevesk Exp $ */
  /*
   * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
   *
  /*
   * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
   *
@@ -570,7 +570,7 @@ dump_digest(char *msg, u_char *digest, int len)
         u_int i;
  
         fprintf(stderr, "%s\n", msg);
         u_int i;
  
         fprintf(stderr, "%s\n", msg);
-       for (i = 0; i< len; i++) {
+       for (i = 0; i < len; i++) {
                 fprintf(stderr, "%02x", digest[i]);
                 if (i%32 == 31)
                         fprintf(stderr, "\n");
                 fprintf(stderr, "%02x", digest[i]);
                 if (i%32 == 31)
                         fprintf(stderr, "\n");
diff --git a/openssh/misc.c b/openssh/misc.c

index d3f9003b870939b51f2e3aedaa6d1f5aa1470023..1cb71f8767c46c7dbb58c1530c368c197c5fefe7 100644 (file)
--- a/openssh/misc.c
+++ b/openssh/misc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: misc.c,v 1.64 2006/08/03 03:34:42 deraadt Exp $ */
+/* $OpenBSD: misc.c,v 1.65 2006/11/23 01:35:11 ray Exp $ */
  /*
   * Copyright (c) 2000 Markus Friedl.  All rights reserved.
   * Copyright (c) 2005,2006 Damien Miller.  All rights reserved.
  /*
   * Copyright (c) 2000 Markus Friedl.  All rights reserved.
   * Copyright (c) 2005,2006 Damien Miller.  All rights reserved.
@@ -634,6 +634,8 @@ read_keyfile_line(FILE *f, const char *filename, char *buf, size_t bufsz,
     u_long *lineno)
  {
         while (fgets(buf, bufsz, f) != NULL) {
     u_long *lineno)
  {
         while (fgets(buf, bufsz, f) != NULL) {
+               if (buf[0] == '\0')
+                       continue;
                 (*lineno)++;
                 if (buf[strlen(buf) - 1] == '\n' || feof(f)) {
                         return 0;
                 (*lineno)++;
                 if (buf[strlen(buf) - 1] == '\n' || feof(f)) {
                         return 0;
diff --git a/openssh/moduli.c b/openssh/moduli.c

index 44e5ddfc0c03347620cb3998c953ac1092f313e8..8fa545daf090aea41121aadcb295ce3a8c0272a8 100644 (file)
--- a/openssh/moduli.c
+++ b/openssh/moduli.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: moduli.c,v 1.19 2006/11/06 21:25:28 markus Exp $ */
+/* $OpenBSD: moduli.c,v 1.20 2007/02/24 03:30:11 ray Exp $ */
  /*
   * Copyright 1994 Phil Karn <karn@qualcomm.com>
   * Copyright 1996-1998, 2003 William Allen Simpson <wsimpson@greendragon.com>
  /*
   * Copyright 1994 Phil Karn <karn@qualcomm.com>
   * Copyright 1996-1998, 2003 William Allen Simpson <wsimpson@greendragon.com>
@@ -490,11 +490,9 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted)
  
         res = 0;
         lp = xmalloc(QLINESIZE + 1);
  
         res = 0;
         lp = xmalloc(QLINESIZE + 1);
-       while (fgets(lp, QLINESIZE, in) != NULL) {
-               int ll = strlen(lp);
-
+       while (fgets(lp, QLINESIZE + 1, in) != NULL) {
                 count_in++;
                 count_in++;
-               if (ll < 14 || *lp == '!' || *lp == '#') {
+               if (strlen(lp) < 14 || *lp == '!' || *lp == '#') {
                         debug2("%10u: comment or short line", count_in);
                         continue;
                 }
                         debug2("%10u: comment or short line", count_in);
                         continue;
                 }
diff --git a/openssh/monitor.c b/openssh/monitor.c

index 17c5e00b4a689d18a0ff972eac4ecea31e58379c..0ceae2024c39487d8b4a95521433ff11a0946db6 100644 (file)
--- a/openssh/monitor.c
+++ b/openssh/monitor.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor.c,v 1.89 2006/11/07 10:31:31 markus Exp $ */
+/* $OpenBSD: monitor.c,v 1.90 2007/02/19 10:45:58 dtucker Exp $ */
  /*
   * Copyright 2002 Niels Provos <provos@citi.umich.edu>
   * Copyright 2002 Markus Friedl <markus@openbsd.org>
  /*
   * Copyright 2002 Niels Provos <provos@citi.umich.edu>
   * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -679,6 +679,9 @@ mm_answer_pwnamallow(int sock, Buffer *m)
  #endif
         buffer_put_cstring(m, pwent->pw_dir);
         buffer_put_cstring(m, pwent->pw_shell);
  #endif
         buffer_put_cstring(m, pwent->pw_dir);
         buffer_put_cstring(m, pwent->pw_shell);
+       buffer_put_string(m, &options, sizeof(options));
+       if (options.banner != NULL)
+               buffer_put_cstring(m, options.banner);
  
   out:
         debug3("%s: sending MONITOR_ANS_PWNAM: %d", __func__, allowed);
  
   out:
         debug3("%s: sending MONITOR_ANS_PWNAM: %d", __func__, allowed);
diff --git a/openssh/monitor_wrap.c b/openssh/monitor_wrap.c

index 63660753dc1c038253c6b4e7fbfe0fa897a0f24c..9f448664598fa11c5cfbdbe73fd6fd0ccd6efa10 100644 (file)
--- a/openssh/monitor_wrap.c
+++ b/openssh/monitor_wrap.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor_wrap.c,v 1.54 2006/08/12 20:46:46 miod Exp $ */
+/* $OpenBSD: monitor_wrap.c,v 1.55 2007/02/19 10:45:58 dtucker Exp $ */
  /*
   * Copyright 2002 Niels Provos <provos@citi.umich.edu>
   * Copyright 2002 Markus Friedl <markus@openbsd.org>
  /*
   * Copyright 2002 Niels Provos <provos@citi.umich.edu>
   * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -73,6 +73,7 @@
  
  #include "channels.h"
  #include "session.h"
  
  #include "channels.h"
  #include "session.h"
+#include "servconf.h"
  
  /* Imports */
  extern int compat20;
  
  /* Imports */
  extern int compat20;
@@ -207,7 +208,8 @@ mm_getpwnamallow(const char *username)
  {
         Buffer m;
         struct passwd *pw;
  {
         Buffer m;
         struct passwd *pw;
-       u_int pwlen;
+       u_int len;
+       ServerOptions *newopts;
  
         debug3("%s entering", __func__);
  
  
         debug3("%s entering", __func__);
  
@@ -223,8 +225,8 @@ mm_getpwnamallow(const char *username)
                 buffer_free(&m);
                 return (NULL);
         }
                 buffer_free(&m);
                 return (NULL);
         }
-       pw = buffer_get_string(&m, &pwlen);
-       if (pwlen != sizeof(struct passwd))
+       pw = buffer_get_string(&m, &len);
+       if (len != sizeof(struct passwd))
                 fatal("%s: struct passwd size mismatch", __func__);
         pw->pw_name = buffer_get_string(&m, NULL);
         pw->pw_passwd = buffer_get_string(&m, NULL);
                 fatal("%s: struct passwd size mismatch", __func__);
         pw->pw_name = buffer_get_string(&m, NULL);
         pw->pw_passwd = buffer_get_string(&m, NULL);
@@ -234,6 +236,16 @@ mm_getpwnamallow(const char *username)
  #endif
         pw->pw_dir = buffer_get_string(&m, NULL);
         pw->pw_shell = buffer_get_string(&m, NULL);
  #endif
         pw->pw_dir = buffer_get_string(&m, NULL);
         pw->pw_shell = buffer_get_string(&m, NULL);
+
+       /* copy options block as a Match directive may have changed some */
+       newopts = buffer_get_string(&m, &len);
+       if (len != sizeof(*newopts))
+               fatal("%s: option block size mismatch", __func__);
+       if (newopts->banner != NULL)
+               newopts->banner = buffer_get_string(&m, NULL);
+       copy_set_server_options(&options, newopts, 1);
+       xfree(newopts);
+
         buffer_free(&m);
  
         return (pw);
         buffer_free(&m);
  
         return (pw);
diff --git a/openssh/openbsd-compat/getrrsetbyname.c b/openssh/openbsd-compat/getrrsetbyname.c

index 6c86e02c2ab0805dbe8c7629ba47bf3b0d9b0a96..07231d005f77394979fba9a2a44495bafc2ac76b 100644 (file)
--- a/openssh/openbsd-compat/getrrsetbyname.c
+++ b/openssh/openbsd-compat/getrrsetbyname.c
@@ -303,10 +303,12 @@ getrrsetbyname(const char *hostname, unsigned int rdclass,
         }
  
         /* allocate memory for signatures */
         }
  
         /* allocate memory for signatures */
-       rrset->rri_sigs = calloc(rrset->rri_nsigs, sizeof(struct rdatainfo));
-       if (rrset->rri_sigs == NULL) {
-               result = ERRSET_NOMEMORY;
-               goto fail;
+       if (rrset->rri_nsigs > 0) {
+               rrset->rri_sigs = calloc(rrset->rri_nsigs, sizeof(struct rdatainfo));
+               if (rrset->rri_sigs == NULL) {
+                       result = ERRSET_NOMEMORY;
+                       goto fail;
+               }
         }
  
         /* copy answers & signatures */
         }
  
         /* copy answers & signatures */
diff --git a/openssh/packet.c b/openssh/packet.c

index 64970e8672da3f57df9a9bdc332efd0ad194b6bf..b466fa016b315e691513939bacfdb09b7ae4c6e7 100644 (file)
--- a/openssh/packet.c
+++ b/openssh/packet.c
@@ -47,7 +47,6 @@
  # include <sys/time.h>
  #endif
  
  # include <sys/time.h>
  #endif
  
-#include <netinet/in_systm.h>
  #include <netinet/in.h>
  #include <netinet/ip.h>
  #include <arpa/inet.h>
  #include <netinet/in.h>
  #include <netinet/ip.h>
  #include <arpa/inet.h>
diff --git a/openssh/readconf.c b/openssh/readconf.c

index de7635ebdfa2ca474b3a2bd5a6f482966e71a59e..a034b969a8cd2f4551ea71c6279b6ccf9b9cc969 100644 (file)
--- a/openssh/readconf.c
+++ b/openssh/readconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.c,v 1.159 2006/08/03 03:34:42 deraadt Exp $ */
+/* $OpenBSD: readconf.c,v 1.161 2007/01/21 01:45:35 stevesk Exp $ */
  /*
   * Author: Tatu Ylonen <ylo@cs.hut.fi>
   * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  /*
   * Author: Tatu Ylonen <ylo@cs.hut.fi>
   * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -378,7 +378,7 @@ parse_time:
                 if ((value = convtime(arg)) == -1)
                         fatal("%s line %d: invalid time value.",
                             filename, linenum);
                 if ((value = convtime(arg)) == -1)
                         fatal("%s line %d: invalid time value.",
                             filename, linenum);
-               if (*intptr == -1)
+               if (*activep && *intptr == -1)
                         *intptr = value;
                 break;
  
                         *intptr = value;
                 break;
  
@@ -588,7 +588,7 @@ parse_yesnoask:
                         if (*intptr >= SSH_MAX_IDENTITY_FILES)
                                 fatal("%.200s line %d: Too many identity files specified (max %d).",
                                     filename, linenum, SSH_MAX_IDENTITY_FILES);
                         if (*intptr >= SSH_MAX_IDENTITY_FILES)
                                 fatal("%.200s line %d: Too many identity files specified (max %d).",
                                     filename, linenum, SSH_MAX_IDENTITY_FILES);
-                       charptr =  &options->identity_files[*intptr];
+                       charptr = &options->identity_files[*intptr];
                         *charptr = xstrdup(arg);
                         *intptr = *intptr + 1;
                 }
                         *charptr = xstrdup(arg);
                         *intptr = *intptr + 1;
                 }
diff --git a/openssh/scp.c b/openssh/scp.c

index d6005f81047e85fe881adc19aec98ab076e5f190..c325fc3f12e0edcf716e03255f9968ed97ae8eb1 100644 (file)
--- a/openssh/scp.c
+++ b/openssh/scp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: scp.c,v 1.155 2006/08/03 03:34:42 deraadt Exp $ */
+/* $OpenBSD: scp.c,v 1.156 2007/01/22 13:06:21 djm Exp $ */
  /*
   * scp - secure remote copy.  This is basically patched BSD rcp which
   * uses ssh to do the data transfer (instead of using rcmd).
  /*
   * scp - secure remote copy.  This is basically patched BSD rcp which
   * uses ssh to do the data transfer (instead of using rcmd).
@@ -380,7 +380,7 @@ main(int argc, char **argv)
         if ((pwd = getpwuid(userid = getuid())) == NULL)
                 fatal("unknown user %u", (u_int) userid);
  
         if ((pwd = getpwuid(userid = getuid())) == NULL)
                 fatal("unknown user %u", (u_int) userid);
  
-       if (!isatty(STDERR_FILENO))
+       if (!isatty(STDOUT_FILENO))
                 showprogress = 0;
  
         remin = STDIN_FILENO;
                 showprogress = 0;
  
         remin = STDIN_FILENO;
diff --git a/openssh/servconf.c b/openssh/servconf.c

index 78766eee10d021d48a7ca1242939d6d29f159110..efed3dabb1a00e1caf2716d7801b6c84f6738e0c 100644 (file)
--- a/openssh/servconf.c
+++ b/openssh/servconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: servconf.c,v 1.165 2006/08/14 12:40:25 dtucker Exp $ */
+/* $OpenBSD: servconf.c,v 1.170 2007/03/01 10:28:02 dtucker Exp $ */
  /*
   * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
   *                    All rights reserved
  /*
   * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
   *                    All rights reserved
@@ -399,14 +399,14 @@ static struct {
         { "syslogfacility", sLogFacility, SSHCFG_GLOBAL },
         { "loglevel", sLogLevel, SSHCFG_GLOBAL },
         { "rhostsauthentication", sDeprecated, SSHCFG_GLOBAL },
         { "syslogfacility", sLogFacility, SSHCFG_GLOBAL },
         { "loglevel", sLogLevel, SSHCFG_GLOBAL },
         { "rhostsauthentication", sDeprecated, SSHCFG_GLOBAL },
-       { "rhostsrsaauthentication", sRhostsRSAAuthentication, SSHCFG_GLOBAL },
-       { "hostbasedauthentication", sHostbasedAuthentication, SSHCFG_GLOBAL },
+       { "rhostsrsaauthentication", sRhostsRSAAuthentication, SSHCFG_ALL },
+       { "hostbasedauthentication", sHostbasedAuthentication, SSHCFG_ALL },
         { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly, SSHCFG_GLOBAL },
         { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly, SSHCFG_GLOBAL },
-       { "rsaauthentication", sRSAAuthentication, SSHCFG_GLOBAL },
-       { "pubkeyauthentication", sPubkeyAuthentication, SSHCFG_GLOBAL },
+       { "rsaauthentication", sRSAAuthentication, SSHCFG_ALL },
+       { "pubkeyauthentication", sPubkeyAuthentication, SSHCFG_ALL },
         { "dsaauthentication", sPubkeyAuthentication, SSHCFG_GLOBAL },  /* alias */
  #ifdef KRB5
         { "dsaauthentication", sPubkeyAuthentication, SSHCFG_GLOBAL },  /* alias */
  #ifdef KRB5
-       { "kerberosauthentication", sKerberosAuthentication, SSHCFG_GLOBAL },
+       { "kerberosauthentication", sKerberosAuthentication, SSHCFG_ALL },
         { "kerberosorlocalpasswd", sKerberosOrLocalPasswd, SSHCFG_GLOBAL },
         { "kerberosticketcleanup", sKerberosTicketCleanup, SSHCFG_GLOBAL },
  #ifdef USE_AFS
         { "kerberosorlocalpasswd", sKerberosOrLocalPasswd, SSHCFG_GLOBAL },
         { "kerberosticketcleanup", sKerberosTicketCleanup, SSHCFG_GLOBAL },
  #ifdef USE_AFS
@@ -415,7 +415,7 @@ static struct {
         { "kerberosgetafstoken", sUnsupported, SSHCFG_GLOBAL },
  #endif
  #else
         { "kerberosgetafstoken", sUnsupported, SSHCFG_GLOBAL },
  #endif
  #else
-       { "kerberosauthentication", sUnsupported, SSHCFG_GLOBAL },
+       { "kerberosauthentication", sUnsupported, SSHCFG_ALL },
         { "kerberosorlocalpasswd", sUnsupported, SSHCFG_GLOBAL },
         { "kerberosticketcleanup", sUnsupported, SSHCFG_GLOBAL },
         { "kerberosgetafstoken", sUnsupported, SSHCFG_GLOBAL },
         { "kerberosorlocalpasswd", sUnsupported, SSHCFG_GLOBAL },
         { "kerberosticketcleanup", sUnsupported, SSHCFG_GLOBAL },
         { "kerberosgetafstoken", sUnsupported, SSHCFG_GLOBAL },
@@ -423,7 +423,7 @@ static struct {
         { "kerberostgtpassing", sUnsupported, SSHCFG_GLOBAL },
         { "afstokenpassing", sUnsupported, SSHCFG_GLOBAL },
  #ifdef GSSAPI
         { "kerberostgtpassing", sUnsupported, SSHCFG_GLOBAL },
         { "afstokenpassing", sUnsupported, SSHCFG_GLOBAL },
  #ifdef GSSAPI
-       { "gssapiauthentication", sGssAuthentication, SSHCFG_GLOBAL },
+       { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL },
         { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL },
         { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL },
         { "gssapicredentialspath", sGssCredsPath, SSHCFG_GLOBAL },
         { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL },
         { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL },
         { "gssapicredentialspath", sGssCredsPath, SSHCFG_GLOBAL },
@@ -432,7 +432,7 @@ static struct {
         { "gsiallowlimitedproxy", sGsiAllowLimitedProxy, SSHCFG_GLOBAL },
  #endif
  #else
         { "gsiallowlimitedproxy", sGsiAllowLimitedProxy, SSHCFG_GLOBAL },
  #endif
  #else
-       { "gssapiauthentication", sUnsupported, SSHCFG_GLOBAL },
+       { "gssapiauthentication", sUnsupported, SSHCFG_ALL },
         { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL },
         { "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL },
         { "gssapicredentialspath", sUnsupported, SSHCFG_GLOBAL },
         { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL },
         { "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL },
         { "gssapicredentialspath", sUnsupported, SSHCFG_GLOBAL },
@@ -446,8 +446,8 @@ static struct {
      { "sessionhookstartupcmd", sSessionHookStartupCmd, SSHCFG_GLOBAL },
      { "sessionhookshutdowncmd", sSessionHookShutdownCmd, SSHCFG_GLOBAL },
  #endif        
      { "sessionhookstartupcmd", sSessionHookStartupCmd, SSHCFG_GLOBAL },
      { "sessionhookshutdowncmd", sSessionHookShutdownCmd, SSHCFG_GLOBAL },
  #endif        
-       { "passwordauthentication", sPasswordAuthentication, SSHCFG_GLOBAL },
-       { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_GLOBAL },
+       { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL },
+       { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL },
         { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL },
         { "skeyauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, /* alias */
         { "checkmail", sDeprecated, SSHCFG_GLOBAL },
         { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL },
         { "skeyauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, /* alias */
         { "checkmail", sDeprecated, SSHCFG_GLOBAL },
@@ -480,7 +480,7 @@ static struct {
         { "subsystem", sSubsystem, SSHCFG_GLOBAL },
         { "maxstartups", sMaxStartups, SSHCFG_GLOBAL },
         { "maxauthtries", sMaxAuthTries, SSHCFG_GLOBAL },
         { "subsystem", sSubsystem, SSHCFG_GLOBAL },
         { "maxstartups", sMaxStartups, SSHCFG_GLOBAL },
         { "maxauthtries", sMaxAuthTries, SSHCFG_GLOBAL },
-       { "banner", sBanner, SSHCFG_GLOBAL },
+       { "banner", sBanner, SSHCFG_ALL },
         { "usedns", sUseDNS, SSHCFG_GLOBAL },
         { "verifyreversemapping", sDeprecated, SSHCFG_GLOBAL },
         { "reversemappingcheck", sDeprecated, SSHCFG_GLOBAL },
         { "usedns", sUseDNS, SSHCFG_GLOBAL },
         { "verifyreversemapping", sDeprecated, SSHCFG_GLOBAL },
         { "reversemappingcheck", sDeprecated, SSHCFG_GLOBAL },
@@ -1113,7 +1113,7 @@ parse_flag:
                 else
                         fatal("%s line %d: Bad yes/no/clientspecified "
                             "argument: %s", filename, linenum, arg);
                 else
                         fatal("%s line %d: Bad yes/no/clientspecified "
                             "argument: %s", filename, linenum, arg);
-               if (*intptr == -1)
+               if (*activep && *intptr == -1)
                         *intptr = value;
                 break;
  
                         *intptr = value;
                 break;
  
@@ -1365,13 +1365,16 @@ parse_flag:
                 if (!arg || *arg == '\0')
                         fatal("%s line %d: missing PermitOpen specification",
                             filename, linenum);
                 if (!arg || *arg == '\0')
                         fatal("%s line %d: missing PermitOpen specification",
                             filename, linenum);
+               n = options->num_permitted_opens;       /* modified later */
                 if (strcmp(arg, "any") == 0) {
                 if (strcmp(arg, "any") == 0) {
-                       if (*activep) {
+                       if (*activep && n == -1) {
                                 channel_clear_adm_permitted_opens();
                                 options->num_permitted_opens = 0;
                         }
                         break;
                 }
                                 channel_clear_adm_permitted_opens();
                                 options->num_permitted_opens = 0;
                         }
                         break;
                 }
+               if (*activep && n == -1)
+                       channel_clear_adm_permitted_opens();
                 for (; arg != NULL && *arg != '\0'; arg = strdelim(&cp)) {
                         p = hpdelim(&arg);
                         if (p == NULL)
                 for (; arg != NULL && *arg != '\0'; arg = strdelim(&cp)) {
                         p = hpdelim(&arg);
                         if (p == NULL)
@@ -1381,11 +1384,9 @@ parse_flag:
                         if (arg == NULL || (port = a2port(arg)) == 0)
                                 fatal("%s line %d: bad port number in "
                                     "PermitOpen", filename, linenum);
                         if (arg == NULL || (port = a2port(arg)) == 0)
                                 fatal("%s line %d: bad port number in "
                                     "PermitOpen", filename, linenum);
-                       if (*activep && options->num_permitted_opens == -1) {
-                               channel_clear_adm_permitted_opens();
+                       if (*activep && n == -1)
                                 options->num_permitted_opens =
                                     channel_add_adm_permitted_opens(p, port);
                                 options->num_permitted_opens =
                                     channel_add_adm_permitted_opens(p, port);
-                       }
                 }
                 break;
  
                 }
                 break;
  
@@ -1461,30 +1462,55 @@ parse_server_match_config(ServerOptions *options, const char *user,
  
         initialize_server_options(&mo);
         parse_server_config(&mo, "reprocess config", &cfg, user, host, address);
  
         initialize_server_options(&mo);
         parse_server_config(&mo, "reprocess config", &cfg, user, host, address);
-       copy_set_server_options(options, &mo);
+       copy_set_server_options(options, &mo, 0);
  }
  
  }
  
-/* Copy any (supported) values that are set */
+/* Helper macros */
+#define M_CP_INTOPT(n) do {\
+       if (src->n != -1) \
+               dst->n = src->n; \
+} while (0)
+#define M_CP_STROPT(n) do {\
+       if (src->n != NULL) { \
+               if (dst->n != NULL) \
+                       xfree(dst->n); \
+               dst->n = src->n; \
+       } \
+} while(0)
+
+/*
+ * Copy any supported values that are set.
+ *
+ * If the preauth flag is set, we do not bother copying the the string or
+ * array values that are not used pre-authentication, because any that we
+ * do use must be explictly sent in mm_getpwnamallow().
+ */
  void
  void
-copy_set_server_options(ServerOptions *dst, ServerOptions *src)
+copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth)
  {
  {
-       if (src->allow_tcp_forwarding != -1)
-               dst->allow_tcp_forwarding = src->allow_tcp_forwarding;
-       if (src->gateway_ports != -1)
-               dst->gateway_ports = src->gateway_ports;
-       if (src->adm_forced_command != NULL) {
-               if (dst->adm_forced_command != NULL)
-                       xfree(dst->adm_forced_command);
-               dst->adm_forced_command = src->adm_forced_command;
-       }
-       if (src->x11_display_offset != -1)
-               dst->x11_display_offset = src->x11_display_offset;
-       if (src->x11_forwarding != -1)
-               dst->x11_forwarding = src->x11_forwarding;
-       if (src->x11_use_localhost != -1)
-               dst->x11_use_localhost = src->x11_use_localhost;
+       M_CP_INTOPT(password_authentication);
+       M_CP_INTOPT(gss_authentication);
+       M_CP_INTOPT(rsa_authentication);
+       M_CP_INTOPT(pubkey_authentication);
+       M_CP_INTOPT(kerberos_authentication);
+       M_CP_INTOPT(hostbased_authentication);
+       M_CP_INTOPT(kbd_interactive_authentication);
+
+       M_CP_INTOPT(allow_tcp_forwarding);
+       M_CP_INTOPT(gateway_ports);
+       M_CP_INTOPT(x11_display_offset);
+       M_CP_INTOPT(x11_forwarding);
+       M_CP_INTOPT(x11_use_localhost);
+
+       M_CP_STROPT(banner);
+       if (preauth)
+               return;
+       M_CP_STROPT(adm_forced_command);
  }
  
  }
  
+#undef M_CP_INTOPT
+#undef M_CP_STROPT
+
  void
  parse_server_config(ServerOptions *options, const char *filename, Buffer *conf,
      const char *user, const char *host, const char *address)
  void
  parse_server_config(ServerOptions *options, const char *filename, Buffer *conf,
      const char *user, const char *host, const char *address)
@@ -1506,4 +1532,8 @@ parse_server_config(ServerOptions *options, const char *filename, Buffer *conf,
         if (bad_options > 0)
                 fatal("%s: terminating, %d bad configuration options",
                     filename, bad_options);
         if (bad_options > 0)
                 fatal("%s: terminating, %d bad configuration options",
                     filename, bad_options);
+
+       /* challenge-response is implemented via keyboard interactive */
+       if (options->challenge_response_authentication == 1)
+               options->kbd_interactive_authentication = 1;
  }
  }
diff --git a/openssh/servconf.h b/openssh/servconf.h

index cfac80082861e0bc90e90423714c7b214ebaf177..72ea2364dea6f8125596289fbc04001670d6f826 100644 (file)
--- a/openssh/servconf.h
+++ b/openssh/servconf.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: servconf.h,v 1.79 2006/08/14 12:40:25 dtucker Exp $ */
+/* $OpenBSD: servconf.h,v 1.80 2007/02/19 10:45:58 dtucker Exp $ */
  
  /*
   * Author: Tatu Ylonen <ylo@cs.hut.fi>
  
  /*
   * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -165,6 +165,6 @@ void         parse_server_config(ServerOptions *, const char *, Buffer *,
              const char *, const char *, const char *);
  void    parse_server_match_config(ServerOptions *, const char *, const char *,
              const char *);
              const char *, const char *, const char *);
  void    parse_server_match_config(ServerOptions *, const char *, const char *,
              const char *);
-void    copy_set_server_options(ServerOptions *, ServerOptions *);
+void    copy_set_server_options(ServerOptions *, ServerOptions *, int);
  
  #endif                         /* SERVCONF_H */
  
  #endif                         /* SERVCONF_H */
diff --git a/openssh/serverloop.c b/openssh/serverloop.c

index b17547180b208ca8835cc0bc1dae1ec358861527..8ca6d4c31463bf33525128545dc88f64b4e23a89 100644 (file)
--- a/openssh/serverloop.c
+++ b/openssh/serverloop.c
@@ -280,6 +280,7 @@ wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp, int *maxfdp,
         struct timeval tv, *tvp;
         int ret;
         int client_alive_scheduled = 0;
         struct timeval tv, *tvp;
         int ret;
         int client_alive_scheduled = 0;
+       int program_alive_scheduled = 0;
  
         /*
          * if using client_alive, set the max timeout accordingly,
  
         /*
          * if using client_alive, set the max timeout accordingly,
@@ -317,6 +318,7 @@ wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp, int *maxfdp,
                  * the client, try to get some more data from the program.
                  */
                 if (packet_not_very_much_data_to_write()) {
                  * the client, try to get some more data from the program.
                  */
                 if (packet_not_very_much_data_to_write()) {
+                       program_alive_scheduled = child_terminated;
                         if (!fdout_eof)
                                 FD_SET(fdout, *readsetp);
                         if (!fderr_eof)
                         if (!fdout_eof)
                                 FD_SET(fdout, *readsetp);
                         if (!fderr_eof)
@@ -362,8 +364,16 @@ wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp, int *maxfdp,
                 memset(*writesetp, 0, *nallocp);
                 if (errno != EINTR)
                         error("select: %.100s", strerror(errno));
                 memset(*writesetp, 0, *nallocp);
                 if (errno != EINTR)
                         error("select: %.100s", strerror(errno));
-       } else if (ret == 0 && client_alive_scheduled)
-               client_alive_check();
+       } else {
+               if (ret == 0 && client_alive_scheduled)
+                       client_alive_check();
+               if (!compat20 && program_alive_scheduled && fdin_is_tty) {
+                       if (!fdout_eof)
+                               FD_SET(fdout, *readsetp);
+                       if (!fderr_eof)
+                               FD_SET(fderr, *readsetp);
+               }
+       }
  
         notify_done(*readsetp);
  }
  
         notify_done(*readsetp);
  }
@@ -407,7 +417,8 @@ process_input(fd_set *readset)
         if (!fdout_eof && FD_ISSET(fdout, readset)) {
                 errno = 0;
                 len = read(fdout, buf, sizeof(buf));
         if (!fdout_eof && FD_ISSET(fdout, readset)) {
                 errno = 0;
                 len = read(fdout, buf, sizeof(buf));
-               if (len < 0 && (errno == EINTR || errno == EAGAIN)) {
+               if (len < 0 && (errno == EINTR ||
+                   (errno == EAGAIN && !child_terminated))) {
                         /* do nothing */
  #ifndef PTY_ZEROREAD
                 } else if (len <= 0) {
                         /* do nothing */
  #ifndef PTY_ZEROREAD
                 } else if (len <= 0) {
@@ -425,7 +436,8 @@ process_input(fd_set *readset)
         if (!fderr_eof && FD_ISSET(fderr, readset)) {
                 errno = 0;
                 len = read(fderr, buf, sizeof(buf));
         if (!fderr_eof && FD_ISSET(fderr, readset)) {
                 errno = 0;
                 len = read(fderr, buf, sizeof(buf));
-               if (len < 0 && (errno == EINTR || errno == EAGAIN)) {
+               if (len < 0 && (errno == EINTR ||
+                   (errno == EAGAIN && !child_terminated))) {
                         /* do nothing */
  #ifndef PTY_ZEROREAD
                 } else if (len <= 0) {
                         /* do nothing */
  #ifndef PTY_ZEROREAD
                 } else if (len <= 0) {
diff --git a/openssh/session.c b/openssh/session.c

index 6d0c40dedb460dc11ea04a55a21070fb60553b7b..6e936b79fc951cdf1ce5394100a6c1992ee422f0 100644 (file)
--- a/openssh/session.c
+++ b/openssh/session.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: session.c,v 1.220 2006/10/09 23:36:11 djm Exp $ */
+/* $OpenBSD: session.c,v 1.221 2007/01/21 01:41:54 stevesk Exp $ */
  /*
   * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
   *                    All rights reserved
  /*
   * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
   *                    All rights reserved
@@ -2244,7 +2244,7 @@ session_input_channel_req(Channel *c, const char *rtype)
                 } else if (strcmp(rtype, "exec") == 0) {
                         success = session_exec_req(s);
                 } else if (strcmp(rtype, "pty-req") == 0) {
                 } else if (strcmp(rtype, "exec") == 0) {
                         success = session_exec_req(s);
                 } else if (strcmp(rtype, "pty-req") == 0) {
-                       success =  session_pty_req(s);
+                       success = session_pty_req(s);
                 } else if (strcmp(rtype, "x11-req") == 0) {
                         success = session_x11_req(s);
                 } else if (strcmp(rtype, "auth-agent-req@openssh.com") == 0) {
                 } else if (strcmp(rtype, "x11-req") == 0) {
                         success = session_x11_req(s);
                 } else if (strcmp(rtype, "auth-agent-req@openssh.com") == 0) {
@@ -2376,7 +2376,7 @@ session_close_single_x11(int id, void *arg)
  
         debug3("session_close_single_x11: channel %d", id);
         channel_cancel_cleanup(id);
  
         debug3("session_close_single_x11: channel %d", id);
         channel_cancel_cleanup(id);
-       if ((s  = session_by_x11_channel(id)) == NULL)
+       if ((s = session_by_x11_channel(id)) == NULL)
                 fatal("session_close_single_x11: no x11 channel %d", id);
         for (i = 0; s->x11_chanids[i] != -1; i++) {
                 debug("session_close_single_x11: session %d: "
                 fatal("session_close_single_x11: no x11 channel %d", id);
         for (i = 0; s->x11_chanids[i] != -1; i++) {
                 debug("session_close_single_x11: session %d: "
diff --git a/openssh/sftp.c b/openssh/sftp.c

index a39c782f70e28af2c508329246ffd474aac9ee40..f0d5dd557e94a42b7060ce8c1a4cd158a150643d 100644 (file)
--- a/openssh/sftp.c
+++ b/openssh/sftp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sftp.c,v 1.93 2006/09/30 17:48:22 ray Exp $ */
+/* $OpenBSD: sftp.c,v 1.96 2007/01/03 04:09:15 stevesk Exp $ */
  /*
   * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
   *
  /*
   * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
   *
@@ -166,6 +166,7 @@ static const struct CMD cmds[] = {
  
  int interactive_loop(int fd_in, int fd_out, char *file1, char *file2);
  
  
  int interactive_loop(int fd_in, int fd_out, char *file1, char *file2);
  
+/* ARGSUSED */
  static void
  killchild(int signo)
  {
  static void
  killchild(int signo)
  {
@@ -177,6 +178,7 @@ killchild(int signo)
         _exit(1);
  }
  
         _exit(1);
  }
  
+/* ARGSUSED */
  static void
  cmd_interrupt(int signo)
  {
  static void
  cmd_interrupt(int signo)
  {
@@ -298,11 +300,11 @@ static char *
  path_append(char *p1, char *p2)
  {
         char *ret;
  path_append(char *p1, char *p2)
  {
         char *ret;
-       int len = strlen(p1) + strlen(p2) + 2;
+       size_t len = strlen(p1) + strlen(p2) + 2;
  
         ret = xmalloc(len);
         strlcpy(ret, p1, len);
  
         ret = xmalloc(len);
         strlcpy(ret, p1, len);
-       if (p1[strlen(p1) - 1] != '/')
+       if (p1[0] != '\0' && p1[strlen(p1) - 1] != '/')
                 strlcat(ret, "/", len);
         strlcat(ret, p2, len);
  
                 strlcat(ret, "/", len);
         strlcat(ret, p2, len);
  
@@ -1566,7 +1568,7 @@ main(int argc, char **argv)
                                 fprintf(stderr, "Missing username\n");
                                 usage();
                         }
                                 fprintf(stderr, "Missing username\n");
                                 usage();
                         }
-                       addargs(&args, "-l%s",userhost);
+                       addargs(&args, "-l%s", userhost);
                 }
  
                 if ((cp = colon(host)) != NULL) {
                 }
  
                 if ((cp = colon(host)) != NULL) {
diff --git a/openssh/ssh-agent.c b/openssh/ssh-agent.c

index ef95eb878f39b99735eb5417f41d6342cac8b4bc..a3a867c33b70e7a191c1608eb862f11b7ed34988 100644 (file)
--- a/openssh/ssh-agent.c
+++ b/openssh/ssh-agent.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-agent.c,v 1.153 2006/10/06 02:29:19 djm Exp $ */
+/* $OpenBSD: ssh-agent.c,v 1.154 2007/02/28 00:55:30 dtucker Exp $ */
  /*
   * Author: Tatu Ylonen <ylo@cs.hut.fi>
   * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  /*
   * Author: Tatu Ylonen <ylo@cs.hut.fi>
   * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -434,6 +434,7 @@ reaper(void)
                 for (id = TAILQ_FIRST(&tab->idlist); id; id = nxt) {
                         nxt = TAILQ_NEXT(id, next);
                         if (id->death != 0 && now >= id->death) {
                 for (id = TAILQ_FIRST(&tab->idlist); id; id = nxt) {
                         nxt = TAILQ_NEXT(id, next);
                         if (id->death != 0 && now >= id->death) {
+                               debug("expiring key '%s'", id->comment);
                                 TAILQ_REMOVE(&tab->idlist, id, next);
                                 free_identity(id);
                                 tab->nentries--;
                                 TAILQ_REMOVE(&tab->idlist, id, next);
                                 free_identity(id);
                                 tab->nentries--;
@@ -698,9 +699,6 @@ process_message(SocketEntry *e)
         u_int msg_len, type;
         u_char *cp;
  
         u_int msg_len, type;
         u_char *cp;
  
-       /* kill dead keys */
-       reaper();
-
         if (buffer_len(&e->input) < 5)
                 return;         /* Incomplete message. */
         cp = buffer_ptr(&e->input);
         if (buffer_len(&e->input) < 5)
                 return;         /* Incomplete message. */
         cp = buffer_ptr(&e->input);
@@ -1016,7 +1014,7 @@ int
  main(int ac, char **av)
  {
         int c_flag = 0, d_flag = 0, k_flag = 0, s_flag = 0;
  main(int ac, char **av)
  {
         int c_flag = 0, d_flag = 0, k_flag = 0, s_flag = 0;
-       int sock, fd, ch;
+       int sock, fd, ch, result, saved_errno;
         u_int nalloc;
         char *shell, *format, *pidstr, *agentsocket = NULL;
         fd_set *readsetp = NULL, *writesetp = NULL;
         u_int nalloc;
         char *shell, *format, *pidstr, *agentsocket = NULL;
         fd_set *readsetp = NULL, *writesetp = NULL;
@@ -1029,6 +1027,7 @@ main(int ac, char **av)
         extern char *optarg;
         pid_t pid;
         char pidstrbuf[1 + 3 * sizeof pid];
         extern char *optarg;
         pid_t pid;
         char pidstrbuf[1 + 3 * sizeof pid];
+       struct timeval tv;
  
         /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
         sanitise_stdfd();
  
         /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
         sanitise_stdfd();
@@ -1242,13 +1241,18 @@ skip:
         nalloc = 0;
  
         while (1) {
         nalloc = 0;
  
         while (1) {
+               tv.tv_sec = 10;
+               tv.tv_usec = 0;
                 prepare_select(&readsetp, &writesetp, &max_fd, &nalloc);
                 prepare_select(&readsetp, &writesetp, &max_fd, &nalloc);
-               if (select(max_fd + 1, readsetp, writesetp, NULL, NULL) < 0) {
-                       if (errno == EINTR)
+               result = select(max_fd + 1, readsetp, writesetp, NULL, &tv);
+               saved_errno = errno;
+               reaper();       /* remove expired keys */
+               if (result < 0) {
+                       if (saved_errno == EINTR)
                                 continue;
                                 continue;
-                       fatal("select: %s", strerror(errno));
-               }
-               after_select(readsetp, writesetp);
+                       fatal("select: %s", strerror(saved_errno));
+               } else if (result > 0)
+                       after_select(readsetp, writesetp);
         }
         /* NOTREACHED */
  }
         }
         /* NOTREACHED */
  }
diff --git a/openssh/ssh-rand-helper.8 b/openssh/ssh-rand-helper.8

index 59c1e0b3d0643a22d8a129b4d505503d0acc6678..cca3c9d5033f2cb0313cc95f5d67d2e95e557ceb 100644 (file)
--- a/openssh/ssh-rand-helper.8
+++ b/openssh/ssh-rand-helper.8
@@ -27,7 +27,7 @@
  .Os
  .Sh NAME
  .Nm ssh-rand-helper
  .Os
  .Sh NAME
  .Nm ssh-rand-helper
-.Nd Random number gatherer for OpenSSH
+.Nd random number gatherer for OpenSSH
  .Sh SYNOPSIS
  .Nm ssh-rand-hlper
  .Op Fl vxXh
  .Sh SYNOPSIS
  .Nm ssh-rand-hlper
  .Op Fl vxXh
@@ -82,7 +82,7 @@ Force output of a binary seed, even if standard output is a tty
  Turn on debugging message. Multiple
  .Fl v
  options will increase the debugging level.
  Turn on debugging message. Multiple
  .Fl v
  options will increase the debugging level.
-.Fl h
+.It Fl h
  Display a summary of options.
  .El
  .Sh AUTHORS
  Display a summary of options.
  .El
  .Sh AUTHORS
diff --git a/openssh/ssh.1 b/openssh/ssh.1

index 93be52f96bf94a76eb1be8e56dc822a72ff94ba6..b87ab417165c325742e72bd7f494ba82c8dce363 100644 (file)
--- a/openssh/ssh.1
+++ b/openssh/ssh.1
@@ -34,7 +34,7 @@
  .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  .\"
  .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  .\"
-.\" $OpenBSD: ssh.1,v 1.265 2006/10/28 18:08:10 otto Exp $
+.\" $OpenBSD: ssh.1,v 1.266 2006/12/11 21:25:46 markus Exp $
  .Dd September 25, 1999
  .Dt SSH 1
  .Os
  .Dd September 25, 1999
  .Dt SSH 1
  .Os
@@ -1418,6 +1418,11 @@ manual page for more information.
  .%T "Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer Protocol"
  .%D 2006
  .Re
  .%T "Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer Protocol"
  .%D 2006
  .Re
+.Rs
+.%R RFC 4716
+.%T "The Secure Shell (SSH) Public Key File Format"
+.%D 2006
+.Re
  .Sh AUTHORS
  OpenSSH is a derivative of the original and free
  ssh 1.2.12 release by Tatu Ylonen.
  .Sh AUTHORS
  OpenSSH is a derivative of the original and free
  ssh 1.2.12 release by Tatu Ylonen.
diff --git a/openssh/ssh.c b/openssh/ssh.c

index 6edb30f6a7feae9ee161355929acb59f547f3f48..c9a2664a496d8d327b2a7640742c9a4758f3fd55 100644 (file)
--- a/openssh/ssh.c
+++ b/openssh/ssh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.c,v 1.294 2006/10/06 02:29:19 djm Exp $ */
+/* $OpenBSD: ssh.c,v 1.295 2007/01/03 03:01:40 stevesk Exp $ */
  /*
   * Author: Tatu Ylonen <ylo@cs.hut.fi>
   * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  /*
   * Author: Tatu Ylonen <ylo@cs.hut.fi>
   * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -618,7 +618,7 @@ main(int ac, char **av)
                 if (!read_config_file(config, host, &options, 0))
                         fatal("Can't open user config file %.100s: "
                             "%.100s", config, strerror(errno));
                 if (!read_config_file(config, host, &options, 0))
                         fatal("Can't open user config file %.100s: "
                             "%.100s", config, strerror(errno));
-       } else  {
+       } else {
             /*
              * Since the config file parsing code aborts if it sees
              * options it doesn't recognize, allow users to put
             /*
              * Since the config file parsing code aborts if it sees
              * options it doesn't recognize, allow users to put
diff --git a/openssh/ssh_config.5 b/openssh/ssh_config.5

index 2b407817043ffe623458b62fa0ffce8bb45d5f56..f6808142d3c4baaec41cc81290e2dab140edf754 100644 (file)
--- a/openssh/ssh_config.5
+++ b/openssh/ssh_config.5
@@ -34,7 +34,7 @@
  .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  .\"
  .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  .\"
-.\" $OpenBSD: ssh_config.5,v 1.97 2006/07/27 08:00:50 jmc Exp $
+.\" $OpenBSD: ssh_config.5,v 1.98 2007/01/10 13:23:22 jmc Exp $
  .Dd September 25, 1999
  .Dt SSH_CONFIG 5
  .Os
  .Dd September 25, 1999
  .Dt SSH_CONFIG 5
  .Os
@@ -42,10 +42,8 @@
  .Nm ssh_config
  .Nd OpenSSH SSH client configuration files
  .Sh SYNOPSIS
  .Nm ssh_config
  .Nd OpenSSH SSH client configuration files
  .Sh SYNOPSIS
-.Bl -tag -width Ds -compact
-.It Pa ~/.ssh/config
-.It Pa /etc/ssh/ssh_config
-.El
+.Nm ~/.ssh/config
+.Nm /etc/ssh/ssh_config
  .Sh DESCRIPTION
  .Xr ssh 1
  obtains configuration data from the following sources in
  .Sh DESCRIPTION
  .Xr ssh 1
  obtains configuration data from the following sources in
diff --git a/openssh/sshd.c b/openssh/sshd.c

index cfcb2a887bbc04ba6c0b4f430c39d9491bdd652e..f4da90023349850b858c575e85a7f73534554620 100644 (file)
--- a/openssh/sshd.c
+++ b/openssh/sshd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.348 2006/11/06 21:25:28 markus Exp $ */
+/* $OpenBSD: sshd.c,v 1.349 2007/02/21 11:00:05 dtucker Exp $ */
  /*
   * Author: Tatu Ylonen <ylo@cs.hut.fi>
   * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  /*
   * Author: Tatu Ylonen <ylo@cs.hut.fi>
   * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -309,6 +309,7 @@ sighup_restart(void)
         logit("Received SIGHUP; restarting.");
         close_listen_socks();
         close_startup_pipes();
         logit("Received SIGHUP; restarting.");
         close_listen_socks();
         close_startup_pipes();
+       alarm(0);  /* alarm timer persists across exec */
         execv(saved_argv[0], saved_argv);
         logit("RESTART FAILED: av[0]='%.100s', error: %.100s.", saved_argv[0],
             strerror(errno));
         execv(saved_argv[0], saved_argv);
         logit("RESTART FAILED: av[0]='%.100s', error: %.100s.", saved_argv[0],
             strerror(errno));
diff --git a/openssh/sshd_config.5 b/openssh/sshd_config.5

index c90bac7ec1122e6198c064b40375a136e9c8dc95..a1c0f6f001a740e406d1ca745ab67400d53d5eda 100644 (file)
--- a/openssh/sshd_config.5
+++ b/openssh/sshd_config.5
@@ -34,7 +34,7 @@
  .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  .\"
  .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  .\"
-.\" $OpenBSD: sshd_config.5,v 1.70 2006/08/21 08:14:01 dtucker Exp $
+.\" $OpenBSD: sshd_config.5,v 1.74 2007/03/01 16:19:33 jmc Exp $
  .Dd September 25, 1999
  .Dt SSHD_CONFIG 5
  .Os
  .Dd September 25, 1999
  .Dt SSHD_CONFIG 5
  .Os
@@ -42,9 +42,7 @@
  .Nm sshd_config
  .Nd OpenSSH SSH daemon configuration file
  .Sh SYNOPSIS
  .Nm sshd_config
  .Nd OpenSSH SSH daemon configuration file
  .Sh SYNOPSIS
-.Bl -tag -width Ds -compact
-.It Pa /etc/ssh/sshd_config
-.El
+.Nm /etc/ssh/sshd_config
  .Sh DESCRIPTION
  .Xr sshd 8
  reads configuration data from
  .Sh DESCRIPTION
  .Xr sshd 8
  reads configuration data from
@@ -553,9 +551,16 @@ Only a subset of keywords may be used on the lines following a
  keyword.
  Available keywords are
  .Cm AllowTcpForwarding ,
  keyword.
  Available keywords are
  .Cm AllowTcpForwarding ,
+.Cm Banner ,
  .Cm ForceCommand ,
  .Cm GatewayPorts ,
  .Cm ForceCommand ,
  .Cm GatewayPorts ,
+.Cm GSSApiAuthentication ,
+.Cm KbdInteractiveAuthentication ,
+.Cm KerberosAuthentication ,
+.Cm PasswordAuthentication ,
  .Cm PermitOpen ,
  .Cm PermitOpen ,
+.Cm RhostsRSAAuthentication ,
+.Cm RSAAuthentication ,
  .Cm X11DisplayOffset ,
  .Cm X11Forwarding ,
  and
  .Cm X11DisplayOffset ,
  .Cm X11Forwarding ,
  and
diff --git a/openssh/version.h b/openssh/version.h

index 7b734d3d0ce6979634fd8f70c04a96d269735cd3..ab5f1e8b9ff73a3135ea0245d16ac2e5dd79a329 100644 (file)
--- a/openssh/version.h
+++ b/openssh/version.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: version.h,v 1.48 2006/11/07 10:31:31 markus Exp $ */
+/* $OpenBSD: version.h,v 1.49 2007/03/06 10:13:14 djm Exp $ */
  
  #ifdef GSI
  #define GSI_VERSION    " GSI"
  
  #ifdef GSI
  #define GSI_VERSION    " GSI"
@@ -18,11 +18,11 @@
  #define MGLUE_VERSION  ""
  #endif
  
  #define MGLUE_VERSION  ""
  #endif
  
-#define NCSA_VERSION   " NCSA_GSSAPI_20070215"
+#define NCSA_VERSION   " NCSA_GSSAPI_20070314"
  
  
-#define SSH_VERSION    "OpenSSH_4.5"
+#define SSH_VERSION    "OpenSSH_4.6"
  
  #define SSH_PORTABLE   "p1"
  
  #define SSH_PORTABLE   "p1"
-#define SSH_HPN         "-hpn12v14"
+#define SSH_HPN         "-hpn12v16"
  #define SSH_RELEASE    SSH_VERSION SSH_PORTABLE SSH_HPN \
              NCSA_VERSION GSI_VERSION KRB5_VERSION MGLUE_VERSION
  #define SSH_RELEASE    SSH_VERSION SSH_PORTABLE SSH_HPN \
              NCSA_VERSION GSI_VERSION KRB5_VERSION MGLUE_VERSION
author	jbasney <jbasney>
	Wed, 14 Mar 2007 15:59:49 +0000 (15:59 +0000)
committer	jbasney <jbasney>
	Wed, 14 Mar 2007 15:59:49 +0000 (15:59 +0000)
openssh/ChangeLog.gssapi		patch \| blob \| blame \| history
openssh/auth.c		patch \| blob \| blame \| history
openssh/auth2.c		patch \| blob \| blame \| history
openssh/channels.c		patch \| blob \| blame \| history
openssh/clientloop.c		patch \| blob \| blame \| history
openssh/compat.c		patch \| blob \| blame \| history
openssh/compat.h		patch \| blob \| blame \| history
openssh/configure.ac		patch \| blob \| blame \| history
openssh/contrib/findssl.sh		patch \| blob \| blame \| history
openssh/dns.c		patch \| blob \| blame \| history
openssh/gss-serv-krb5.c		patch \| blob \| blame \| history
openssh/kex.c		patch \| blob \| blame \| history
openssh/misc.c		patch \| blob \| blame \| history
openssh/moduli.c		patch \| blob \| blame \| history
openssh/monitor.c		patch \| blob \| blame \| history
openssh/monitor_wrap.c		patch \| blob \| blame \| history
openssh/openbsd-compat/getrrsetbyname.c		patch \| blob \| blame \| history
openssh/packet.c		patch \| blob \| blame \| history
openssh/readconf.c		patch \| blob \| blame \| history
openssh/scp.c		patch \| blob \| blame \| history
openssh/servconf.c		patch \| blob \| blame \| history
openssh/servconf.h		patch \| blob \| blame \| history
openssh/serverloop.c		patch \| blob \| blame \| history
openssh/session.c		patch \| blob \| blame \| history
openssh/sftp.c		patch \| blob \| blame \| history
openssh/ssh-agent.c		patch \| blob \| blame \| history
openssh/ssh-rand-helper.8		patch \| blob \| blame \| history
openssh/ssh.1		patch \| blob \| blame \| history
openssh/ssh.c		patch \| blob \| blame \| history
openssh/ssh_config.5		patch \| blob \| blame \| history
openssh/sshd.c		patch \| blob \| blame \| history
openssh/sshd_config.5		patch \| blob \| blame \| history
openssh/version.h		patch \| blob \| blame \| history