+20070306
+ - (djm) OpenBSD CVS Sync
+ - jmc@cvs.openbsd.org 2007/03/01 16:19:33
+ [sshd_config.5]
+ sort the `match' keywords;
+ - djm@cvs.openbsd.org 2007/03/06 10:13:14
+ [version.h]
+ openssh-4.6; "please" deraadt@
+ - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
+ [contrib/suse/openssh.spec] crank spec files for release
+ - (djm) [README] correct link to release notes
+ - (djm) Release 4.6p1
+
+20070304
+ - (djm) [configure.ac] add a --without-openssl-header-check option to
+ configure, as some platforms (OS X) ship OpenSSL headers whose version
+ does not match that of the shipping library. ok dtucker@
+ - (dtucker) [openbsd-compat/openssl-compat.h] Bug #1291: Work around a
+ bug in OpenSSL 0.9.8e that prevents aes256-ctr, aes192-ctr and arcfour256
+ ciphers from working correctly (disconnects with "Bad packet length"
+ errors) as found by Ben Harris. ok djm@
+
+20070303
+ - (dtucker) [regress/agent-ptrace.sh] Make ttrace gdb error a little more
+ general to cover newer gdb versions on HP-UX.
+
+20070302
+ - (dtucker) [configure.ac] For Cygwin, read files in textmode (which allows
+ CRLF as well as LF lineendings) and write in binary mode. Patch from
+ vinschen at redhat.com.
+ - (dtucker) [INSTALL] Update to autoconf-2.61.
+
+20070301
+ - (dtucker) OpenBSD CVS Sync
+ - dtucker@cvs.openbsd.org 2007/03/01 10:28:02
+ [auth2.c sshd_config.5 servconf.c]
+ Remove ChallengeResponseAuthentication support inside a Match
+ block as its interaction with KbdInteractive makes it difficult to
+ support. Also, relocate the CR/kbdint option special-case code into
+ servconf. "please commit" djm@, ok markus@ for the relocation.
+ - (tim) [buildpkg.sh.in openssh.xml.in] Clean up Solaris 10 smf(5) bits.
+ "Looks sane" dtucker@
+
+20070228
+ - (dtucker) OpenBSD CVS Sync
+ - dtucker@cvs.openbsd.org 2007/02/28 00:55:30
+ [ssh-agent.c]
+ Remove expired keys periodically so they don't remain in memory when
+ the agent is entirely idle, as noted by David R. Piegdon. This is the
+ simple fix, a more efficient one will be done later. With markus,
+ deraadt, with & ok djm.
+
+20070225
+ - (dtucker) OpenBSD CVS Sync
+ - djm@cvs.openbsd.org 2007/02/20 10:25:14
+ [clientloop.c]
+ set maximum packet and window sizes the same for multiplexed clients
+ as normal connections; ok markus@
+ - dtucker@cvs.openbsd.org 2007/02/21 11:00:05
+ [sshd.c]
+ Clear alarm() before restarting sshd on SIGHUP. Without this, if there's
+ a SIGALRM pending (for SSH1 key regeneration) when sshd is SIGHUP'ed, the
+ newly exec'ed sshd will get the SIGALRM and not have a handler for it,
+ and the default action will terminate the listening sshd. Analysis and
+ patch from andrew at gaul.org.
+ - dtucker@cvs.openbsd.org 2007/02/22 12:58:40
+ [servconf.c]
+ Check activep so Match and GatewayPorts work together; ok markus@
+ - ray@cvs.openbsd.org 2007/02/24 03:30:11
+ [moduli.c]
+ - strlen returns size_t, not int.
+ - Pass full buffer size to fgets.
+ OK djm@, millert@, and moritz@.
+
+20070219
+ - (dtucker) OpenBSD CVS Sync
+ - jmc@cvs.openbsd.org 2007/01/10 13:23:22
+ [ssh_config.5]
+ do not use a list for SYNOPSIS;
+ this is actually part of a larger report sent by eric s. raymond
+ and forwarded by brad, but i only read half of it. spotted by brad.
+ - jmc@cvs.openbsd.org 2007/01/12 20:20:41
+ [ssh-keygen.1 ssh-keygen.c]
+ more secsh -> rfc 4716 updates;
+ spotted by wiz@netbsd
+ ok markus
+ - dtucker@cvs.openbsd.org 2007/01/17 23:22:52
+ [readconf.c]
+ Honour activep for times (eg ServerAliveInterval) while parsing
+ ssh_config and ~/.ssh/config so they work properly with Host directives.
+ From mario.lorenz@wincor-nixdorf.com via bz #1275. ok markus@
+ - stevesk@cvs.openbsd.org 2007/01/21 01:41:54
+ [auth-skey.c kex.c ssh-keygen.c session.c clientloop.c]
+ spaces
+ - stevesk@cvs.openbsd.org 2007/01/21 01:45:35
+ [readconf.c]
+ spaces
+ - djm@cvs.openbsd.org 2007/01/22 11:32:50
+ [sftp-client.c]
+ return error from do_upload() when a write fails. fixes bz#1252: zero
+ exit status from sftp when uploading to a full device. report from
+ jirkat AT atlas.cz; ok dtucker@
+ - djm@cvs.openbsd.org 2007/01/22 13:06:21
+ [scp.c]
+ fix detection of whether we should show progress meter or not: scp
+ tested isatty(stderr) but wrote the progress meter to stdout. This patch
+ makes it test stdout. bz#1265 reported by junkmail AT bitsculpture.com;
+ of dtucker@
+ - stevesk@cvs.openbsd.org 2007/02/14 14:32:00
+ [bufbn.c]
+ typos in comments; ok jmc@
+ - dtucker@cvs.openbsd.org 2007/02/19 10:45:58
+ [monitor_wrap.c servconf.c servconf.h monitor.c sshd_config.5]
+ Teach Match how handle config directives that are used before
+ authentication. This allows configurations such as permitting password
+ authentication from the local net only while requiring pubkey from
+ offsite. ok djm@, man page bits ok jmc@
+ - (dtucker) [contrib/findssl.sh] Add "which" as a shell function since some
+ platforms don't have it. Patch from dleonard at vintela.com.
+ - (dtucker) [openbsd-compat/getrrsetbyname.c] Don't attempt to calloc
+ an array for signatures when there are none since "calloc(0, n) returns
+ NULL on some platforms (eg Tru64), which is explicitly permitted by
+ POSIX. Diagnosis and patch by svallet genoscope.cns.fr.
+
+20070128
+ - (djm) [channels.c serverloop.c] Fix so-called "hang on exit" (bz #52)
+ when closing a tty session when a background process still holds tty
+ fds open. Great detective work and patch by Marc Aurele La France,
+ slightly tweaked by me; ok dtucker@
+
+20070123
+ - (dtucker) [openbsd-compat/bsd-snprintf.c] Static declarations for public
+ library interfaces aren't very helpful. Fix up the DOPR_OUTCH macro
+ so it works properly and modify its callers so that they don't pre or
+ post decrement arguments that are conditionally evaluated. While there,
+ put SNPRINTF_CONST back as it prevents build failures in some
+ configurations. ok djm@ (for most of it)
+
+20070122
+ - (djm) [ssh-rand-helper.8] manpage nits;
+ from dleonard AT vintela.com (bz#1529)
+
+20070117
+ - (dtucker) [packet.c] Re-remove in_systm.h since it's already in includes.h
+ and multiple including it causes problems on old IRIXes. (It snuck back
+ in during a sync.) Found (again) by Georg Schwarz.
+
+20070114
+ - (dtucker) [ssh-keygen.c] av -> argv to match earlier sync.
+ - (djm) [openbsd-compat/bsd-snprintf.c] Fix integer overflow in return
+ value of snprintf replacement, similar to bugs in various libc
+ implementations. This overflow is not exploitable in OpenSSH.
+ While I'm fiddling with it, make it a fair bit faster by inlining the
+ append-char routine; ok dtucker@
+
+20070105
+ - (djm) OpenBSD CVS Sync
+ - deraadt@cvs.openbsd.org 2006/11/14 19:41:04
+ [ssh-keygen.c]
+ use argc and argv not some made up short form
+ - ray@cvs.openbsd.org 2006/11/23 01:35:11
+ [misc.c sftp.c]
+ Don't access buf[strlen(buf) - 1] for zero-length strings.
+ ``ok by me'' djm@.
+ - markus@cvs.openbsd.org 2006/12/11 21:25:46
+ [ssh-keygen.1 ssh.1]
+ add rfc 4716 (public key format); ok jmc
+ - djm@cvs.openbsd.org 2006/12/12 03:58:42
+ [channels.c compat.c compat.h]
+ bz #1019: some ssh.com versions apparently can't cope with the
+ remote port forwarding bind_address being a hostname, so send
+ them an address for cases where they are not explicitly
+ specified (wildcard or localhost bind). reported by daveroth AT
+ acm.org; ok dtucker@ deraadt@
+ - dtucker@cvs.openbsd.org 2006/12/13 08:34:39
+ [servconf.c]
+ Make PermitOpen work with multiple values like the man pages says.
+ bz #1267 with details from peter at dmtz.com, with & ok djm@
+ - dtucker@cvs.openbsd.org 2006/12/14 10:01:14
+ [servconf.c]
+ Make "PermitOpen all" first-match within a block to match the way other
+ options work. ok markus@ djm@
+ - jmc@cvs.openbsd.org 2007/01/02 09:57:25
+ [sshd_config.5]
+ do not use lists for SYNOPSIS;
+ from eric s. raymond via brad
+ - stevesk@cvs.openbsd.org 2007/01/03 00:53:38
+ [ssh-keygen.c]
+ remove small dead code; arnaud.lacombe.1@ulaval.ca via Coverity scan
+ - stevesk@cvs.openbsd.org 2007/01/03 03:01:40
+ [auth2-chall.c channels.c dns.c sftp.c ssh-keygen.c ssh.c]
+ spaces
+ - stevesk@cvs.openbsd.org 2007/01/03 04:09:15
+ [sftp.c]
+ ARGSUSED for lint
+ - stevesk@cvs.openbsd.org 2007/01/03 07:22:36
+ [sftp-server.c]
+ spaces
+
+20061205
+ - (djm) [auth.c] Fix NULL pointer dereference in fakepw(). Crash would
+ occur if the server did not have the privsep user and an invalid user
+ tried to login and both privsep and krb5 auth are disabled; ok dtucker@
+ - (djm) [bsd-asprintf.c] Better test for bad vsnprintf lengths; ok dtucker@
+
+20061108
+ - (dtucker) OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2006/11/07 13:02:07
+ [dh.c]
+ BN_hex2bn returns int; from dtucker@
+
20061107
- (dtucker) [sshd.c] Use privsep_pw if we have it, but only require it
if we absolutely need it. Pointed out by Corinna, ok djm@
dtucker@
- (dtucker) [README contrib/{caldera,redhat,contrib}/openssh.spec] Bump
versions.
- - (dtucker) [dh.c] Type fix for BN_hex2bn; ok markus@
- (dtucker) Release 4.5p1.
20061105
Autoconf:
If you modify configure.ac or configure doesn't exist (eg if you checked
-the code out of CVS yourself) then you will need autoconf-2.60 to rebuild
-the automatically generated files by running "autoreconf".
+the code out of CVS yourself) then you will need autoconf-2.61 to rebuild
+the automatically generated files by running "autoreconf". Earlier
+version may also work but this is not guaranteed.
http://www.gnu.org/software/autoconf/
-See http://www.openssh.com/txt/release-4.5 for the release notes.
+See http://www.openssh.com/txt/release-4.6 for the release notes.
- A Japanese translation of this document and of the OpenSSH FAQ is
- available at http://www.unixuser.org/~haruyama/security/openssh/index.html
-/* $OpenBSD: auth-skey.c,v 1.26 2006/08/05 08:28:24 dtucker Exp $ */
+/* $OpenBSD: auth-skey.c,v 1.27 2007/01/21 01:41:54 stevesk Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
*
sizeof(challenge)) == -1)
return -1;
- *name = xstrdup("");
- *infotxt = xstrdup("");
+ *name = xstrdup("");
+ *infotxt = xstrdup("");
*numprompts = 1;
*prompts = xcalloc(*numprompts, sizeof(char *));
*echo_on = xcalloc(*numprompts, sizeof(u_int));
fake.pw_passwd =
"$2a$06$r3.juUaHZDlIbQaO2dS9FuYxL1W9M81R1Tc92PoSNmzvpEqLkLGrK";
fake.pw_gecos = "NOUSER";
- fake.pw_uid = privsep_pw->pw_uid;
- fake.pw_gid = privsep_pw->pw_gid;
+ fake.pw_uid = privsep_pw == NULL ? (uid_t)-1 : privsep_pw->pw_uid;
+ fake.pw_gid = privsep_pw == NULL ? (gid_t)-1 : privsep_pw->pw_gid;
#ifdef HAVE_PW_CLASS_IN_PASSWD
fake.pw_class = "";
#endif
-/* $OpenBSD: auth2-chall.c,v 1.31 2006/08/05 08:28:24 dtucker Exp $ */
+/* $OpenBSD: auth2-chall.c,v 1.32 2007/01/03 03:01:40 stevesk Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
* Copyright (c) 2001 Per Allansson. All rights reserved.
{
/* unregister callback */
dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE, NULL);
- if (authctxt->kbdintctxt != NULL) {
+ if (authctxt->kbdintctxt != NULL) {
kbdint_free(authctxt->kbdintctxt);
authctxt->kbdintctxt = NULL;
}
-/* $OpenBSD: auth2.c,v 1.113 2006/08/03 03:34:41 deraadt Exp $ */
+/* $OpenBSD: auth2.c,v 1.114 2007/03/01 10:28:02 dtucker Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
void
do_authentication2(Authctxt *authctxt)
{
- /* challenge-response is implemented via keyboard interactive */
- if (options.challenge_response_authentication)
- options.kbd_interactive_authentication = 1;
-
dispatch_init(&dispatch_protocol_error);
dispatch_set(SSH2_MSG_SERVICE_REQUEST, &input_service_request);
dispatch_run(DISPATCH_BLOCK, &authctxt->success, authctxt);
-/* $OpenBSD: bufbn.c,v 1.4 2006/11/06 21:25:28 markus Exp $*/
+/* $OpenBSD: bufbn.c,v 1.5 2007/02/14 14:32:00 stevesk Exp $*/
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
}
/*
- * Retrieves an BIGNUM from the buffer.
+ * Retrieves a BIGNUM from the buffer.
*/
int
buffer_get_bignum_ret(Buffer *buffer, BIGNUM *value)
u_int bits, bytes;
u_char buf[2], *bin;
- /* Get the number for bits. */
+ /* Get the number of bits. */
if (buffer_get_ret(buffer, (char *) buf, 2) == -1) {
error("buffer_get_bignum_ret: invalid length");
return (-1);
}
/*
- * Stores an BIGNUM in the buffer in SSH2 format.
+ * Stores a BIGNUM in the buffer in SSH2 format.
*/
int
buffer_put_bignum2_ret(Buffer *buffer, const BIGNUM *value)
#
OPENSSHD=opensshd.init
OPENSSH_MANIFEST=openssh.xml
-OPENSSH_FMRI=svc:/site/openssh:default
+OPENSSH_FMRI=svc:/site/${SYSVINIT_NAME}:default
PATH_GROUPADD_PROG=@PATH_GROUPADD_PROG@
PATH_USERADD_PROG=@PATH_USERADD_PROG@
cp ${OPENSSHD} $FAKE_ROOT${TEST_DIR}/lib/svc/method/site/${SYSVINIT_NAME}
chmod 744 $FAKE_ROOT${TEST_DIR}/lib/svc/method/site/${SYSVINIT_NAME}
- cp ${OPENSSH_MANIFEST} $FAKE_ROOT${TEST_DIR}/var/svc/manifest/site
- chmod 644 $FAKE_ROOT${TEST_DIR}/var/svc/manifest/site/${OPENSSH_MANIFEST}
+ cat ${OPENSSH_MANIFEST} | sed "s|__SYSVINIT_NAME__|${SYSVINIT_NAME}|" \
+ > $FAKE_ROOT${TEST_DIR}/var/svc/manifest/site/${SYSVINIT_NAME}.xml
+ chmod 644 $FAKE_ROOT${TEST_DIR}/var/svc/manifest/site/${SYSVINIT_NAME}.xml
else
mkdir -p $FAKE_ROOT${TEST_DIR}/etc/init.d
then
svccfg delete -f $OPENSSH_FMRI
fi
- # NOTE, if manifest enables sshd by default, this will actually
- # start the daemon, which may not be what the user wants.
- svccfg import ${TEST_DIR}/var/svc/manifest/site/$OPENSSH_MANIFEST
+ # NOTE, The manifest disables sshd by default.
+ svccfg import ${TEST_DIR}/var/svc/manifest/site/${SYSVINIT_NAME}.xml
else
if [ "\${USE_SYM_LINKS}" = yes ]
then
then
if [ $DO_SMF -eq 1 ]
then
- # See svccfg import note above. The service may already
- # be started.
svcadm enable $OPENSSH_FMRI
else
${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} start
POST_INS_START=no
# determine if should restart the daemon
if [ -s ${piddir}/sshd.pid ] && \
- /usr/bin/svcs $OPENSSH_FMRI 2>&1 | egrep "^online" > /dev/null 2>&1
+ /usr/bin/svcs -H $OPENSSH_FMRI 2>&1 | egrep "^online" > /dev/null 2>&1
then
ans=\`ckyorn -d n \
-p "Should the running sshd daemon be restarted? ${DEF_MSG}"\` || exit \$?
-/* $OpenBSD: channels.c,v 1.266 2006/08/29 10:40:18 djm Exp $ */
+/* $OpenBSD: channels.c,v 1.268 2007/01/03 03:01:40 stevesk Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
if (have < nmethods + 2)
return 0;
/* look for method: "NO AUTHENTICATION REQUIRED" */
- for (found = 0, i = 2 ; i < nmethods + 2; i++) {
+ for (found = 0, i = 2; i < nmethods + 2; i++) {
if (p[i] == SSH_SOCKS5_NOAUTH) {
found = 1;
break;
int len;
if (c->rfd != -1 &&
- FD_ISSET(c->rfd, readset)) {
+ (c->detach_close || FD_ISSET(c->rfd, readset))) {
errno = 0;
len = read(c->rfd, buf, sizeof(buf));
- if (len < 0 && (errno == EINTR || errno == EAGAIN))
+ if (len < 0 && (errno == EINTR ||
+ (errno == EAGAIN && !(c->isatty && c->detach_close))))
return 1;
#ifndef PTY_ZEROREAD
if (len <= 0) {
c->local_consumed += len;
}
} else if (c->extended_usage == CHAN_EXTENDED_READ &&
- FD_ISSET(c->efd, readset)) {
+ (c->detach_close || FD_ISSET(c->efd, readset))) {
len = read(c->efd, buf, sizeof(buf));
debug2("channel %d: read %d from efd %d",
c->self, len, c->efd);
- if (len < 0 && (errno == EINTR || errno == EAGAIN))
+ if (len < 0 && (errno == EINTR ||
+ (errno == EAGAIN && !c->detach_close)))
return 1;
if (len <= 0) {
debug2("channel %d: closing read-efd %d",
/* Send the forward request to the remote side. */
if (compat20) {
const char *address_to_bind;
- if (listen_host == NULL)
- address_to_bind = "localhost";
- else if (*listen_host == '\0' || strcmp(listen_host, "*") == 0)
- address_to_bind = "";
- else
+ if (listen_host == NULL) {
+ if (datafellows & SSH_BUG_RFWD_ADDR)
+ address_to_bind = "127.0.0.1";
+ else
+ address_to_bind = "localhost";
+ } else if (*listen_host == '\0' ||
+ strcmp(listen_host, "*") == 0) {
+ if (datafellows & SSH_BUG_RFWD_ADDR)
+ address_to_bind = "0.0.0.0";
+ else
+ address_to_bind = "";
+ } else
address_to_bind = listen_host;
packet_start(SSH2_MSG_GLOBAL_REQUEST);
-/* $OpenBSD: clientloop.c,v 1.176 2006/10/11 12:38:03 markus Exp $ */
+/* $OpenBSD: clientloop.c,v 1.178 2007/02/20 10:25:14 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
{
Buffer m;
Channel *c;
- int client_fd, new_fd[3], ver, allowed;
+ int client_fd, new_fd[3], ver, allowed, window, packetmax;
socklen_t addrlen;
struct sockaddr_storage addr;
struct confirm_ctx *cctx;
set_nonblock(client_fd);
+ window = CHAN_SES_WINDOW_DEFAULT;
+ packetmax = CHAN_SES_PACKET_DEFAULT;
+ if (cctx->want_tty) {
+ window >>= 1;
+ packetmax >>= 1;
+ }
+
c = channel_new("session", SSH_CHANNEL_OPENING,
- new_fd[0], new_fd[1], new_fd[2],
- CHAN_SES_WINDOW_DEFAULT, CHAN_SES_PACKET_DEFAULT,
+ new_fd[0], new_fd[1], new_fd[2], window, packetmax,
CHAN_EXTENDED_WRITE, "client-session", /*nonblock*/0);
/* XXX */
error("Warning: this is probably a break-in attempt by a malicious server.");
return NULL;
}
- sock = ssh_get_authentication_socket();
+ sock = ssh_get_authentication_socket();
if (sock < 0)
return NULL;
c = channel_new("authentication agent connection",
-/* $OpenBSD: compat.c,v 1.76 2006/08/03 03:34:42 deraadt Exp $ */
+/* $OpenBSD: compat.c,v 1.77 2006/12/12 03:58:42 djm Exp $ */
/*
* Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved.
*
{ "2.3.*", SSH_BUG_DEBUG|SSH_BUG_RSASIGMD5|
SSH_BUG_FIRSTKEX },
{ "2.4", SSH_OLD_SESSIONID }, /* Van Dyke */
- { "2.*", SSH_BUG_DEBUG|SSH_BUG_FIRSTKEX },
+ { "2.*", SSH_BUG_DEBUG|SSH_BUG_FIRSTKEX|
+ SSH_BUG_RFWD_ADDR },
{ "3.0.*", SSH_BUG_DEBUG },
{ "3.0 SecureCRT*", SSH_OLD_SESSIONID },
{ "1.7 SecureFX*", SSH_OLD_SESSIONID },
-/* $OpenBSD: compat.h,v 1.40 2006/03/25 22:22:43 djm Exp $ */
+/* $OpenBSD: compat.h,v 1.41 2006/12/12 03:58:42 djm Exp $ */
/*
* Copyright (c) 1999, 2000, 2001 Markus Friedl. All rights reserved.
#define SSH_BUG_PROBE 0x00400000
#define SSH_BUG_FIRSTKEX 0x00800000
#define SSH_OLD_FORWARD_ADDR 0x01000000
+#define SSH_BUG_RFWD_ADDR 0x02000000
void enable_compat13(void);
void enable_compat20(void);
;;
*-*-cygwin*)
check_for_libcrypt_later=1
- LIBS="$LIBS /usr/lib/textmode.o"
+ LIBS="$LIBS /usr/lib/textreadmode.o"
AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
AC_DEFINE(DISABLE_SHADOW, 1,
]
)
+AC_ARG_WITH(openssl-header-check,
+ [ --without-openssl-header-check Disable OpenSSL version consistency check],
+ [ if test "x$withval" = "xno" ; then
+ openssl_check_nonfatal=1
+ fi
+ ]
+)
+
# Sanity check OpenSSL headers
AC_MSG_CHECKING([whether OpenSSL's headers match the library])
AC_RUN_IFELSE(
],
[
AC_MSG_RESULT(no)
- AC_MSG_ERROR([Your OpenSSL headers do not match your library.
-Check config.log for details.
+ if test "x$openssl_check_nonfatal" = "x"; then
+ AC_MSG_ERROR([Your OpenSSL headers do not match your
+library. Check config.log for details.
+If you are sure your installation is consistent, you can disable the check
+by running "./configure --without-openssl-header-check".
+Also see contrib/findssl.sh for help identifying header/library mismatches.
+])
+ else
+ AC_MSG_WARN([Your OpenSSL headers do not match your
+library. Check config.log for details.
Also see contrib/findssl.sh for help identifying header/library mismatches.])
+ fi
],
[
AC_MSG_WARN([cross compiling: not checking])
#old cvs stuff. please update before use. may be deprecated.
%define use_stable 1
%if %{use_stable}
- %define version 4.5p1
+ %define version 4.6p1
%define cvs %{nil}
%define release 1
%else
LIBRARY_PATH=${LIBRARY_PATH:=$DEFAULT_LIBPATH}
export LIBPATH LD_LIBRARY_PATH LIBRARY_PATH
+# not all platforms have a 'which' command
+if which ls >/dev/null 2>/dev/null; then
+ : which is defined
+else
+ which () {
+ saveIFS="$IFS"
+ IFS=:
+ for p in $PATH; do
+ if test -x "$p/$1" -a -f "$p/$1"; then
+ IFS="$saveIFS"
+ echo "$p/$1"
+ return 0
+ fi
+ done
+ IFS="$saveIFS"
+ return 1
+ }
+fi
+
#
# Search for OpenSSL headers and print versions
#
-%define ver 4.5p1
+%define ver 4.6p1
%define rel 1
# OpenSSH privilege separation requires a user & group ID
Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation
Name: openssh
-Version: 4.5p1
+Version: 4.6p1
URL: http://www.openssh.com/
Release: 1
Source0: openssh-%{version}.tar.gz
-/* $OpenBSD: dh.c,v 1.43 2006/11/06 21:25:28 markus Exp $ */
+/* $OpenBSD: dh.c,v 1.44 2006/11/07 13:02:07 markus Exp $ */
/*
* Copyright (c) 2000 Niels Provos. All rights reserved.
*
-/* $OpenBSD: dns.c,v 1.23 2006/08/03 03:34:42 deraadt Exp $ */
+/* $OpenBSD: dns.c,v 1.24 2007/01/03 03:01:40 stevesk Exp $ */
/*
* Copyright (c) 2003 Wesley Griffin. All rights reserved.
if (fingerprints->rri_nrdatas)
*flags |= DNS_VERIFY_FOUND;
- for (counter = 0; counter < fingerprints->rri_nrdatas; counter++) {
+ for (counter = 0; counter < fingerprints->rri_nrdatas; counter++) {
/*
* Extract the key from the answer. Ignore any badly
* formatted fingerprints.
-/* $OpenBSD: kex.c,v 1.76 2006/08/03 03:34:42 deraadt Exp $ */
+/* $OpenBSD: kex.c,v 1.77 2007/01/21 01:41:54 stevesk Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
*
u_int i;
fprintf(stderr, "%s\n", msg);
- for (i = 0; i< len; i++) {
+ for (i = 0; i < len; i++) {
fprintf(stderr, "%02x", digest[i]);
if (i%32 == 31)
fprintf(stderr, "\n");
-/* $OpenBSD: misc.c,v 1.64 2006/08/03 03:34:42 deraadt Exp $ */
+/* $OpenBSD: misc.c,v 1.65 2006/11/23 01:35:11 ray Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
* Copyright (c) 2005,2006 Damien Miller. All rights reserved.
u_long *lineno)
{
while (fgets(buf, bufsz, f) != NULL) {
+ if (buf[0] == '\0')
+ continue;
(*lineno)++;
if (buf[strlen(buf) - 1] == '\n' || feof(f)) {
return 0;
-/* $OpenBSD: moduli.c,v 1.19 2006/11/06 21:25:28 markus Exp $ */
+/* $OpenBSD: moduli.c,v 1.20 2007/02/24 03:30:11 ray Exp $ */
/*
* Copyright 1994 Phil Karn <karn@qualcomm.com>
* Copyright 1996-1998, 2003 William Allen Simpson <wsimpson@greendragon.com>
res = 0;
lp = xmalloc(QLINESIZE + 1);
- while (fgets(lp, QLINESIZE, in) != NULL) {
- int ll = strlen(lp);
-
+ while (fgets(lp, QLINESIZE + 1, in) != NULL) {
count_in++;
- if (ll < 14 || *lp == '!' || *lp == '#') {
+ if (strlen(lp) < 14 || *lp == '!' || *lp == '#') {
debug2("%10u: comment or short line", count_in);
continue;
}
-/* $OpenBSD: monitor.c,v 1.89 2006/11/07 10:31:31 markus Exp $ */
+/* $OpenBSD: monitor.c,v 1.90 2007/02/19 10:45:58 dtucker Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
* Copyright 2002 Markus Friedl <markus@openbsd.org>
#endif
buffer_put_cstring(m, pwent->pw_dir);
buffer_put_cstring(m, pwent->pw_shell);
+ buffer_put_string(m, &options, sizeof(options));
+ if (options.banner != NULL)
+ buffer_put_cstring(m, options.banner);
out:
debug3("%s: sending MONITOR_ANS_PWNAM: %d", __func__, allowed);
-/* $OpenBSD: monitor_wrap.c,v 1.54 2006/08/12 20:46:46 miod Exp $ */
+/* $OpenBSD: monitor_wrap.c,v 1.55 2007/02/19 10:45:58 dtucker Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
* Copyright 2002 Markus Friedl <markus@openbsd.org>
#include "channels.h"
#include "session.h"
+#include "servconf.h"
/* Imports */
extern int compat20;
{
Buffer m;
struct passwd *pw;
- u_int pwlen;
+ u_int len;
+ ServerOptions *newopts;
debug3("%s entering", __func__);
buffer_free(&m);
return (NULL);
}
- pw = buffer_get_string(&m, &pwlen);
- if (pwlen != sizeof(struct passwd))
+ pw = buffer_get_string(&m, &len);
+ if (len != sizeof(struct passwd))
fatal("%s: struct passwd size mismatch", __func__);
pw->pw_name = buffer_get_string(&m, NULL);
pw->pw_passwd = buffer_get_string(&m, NULL);
#endif
pw->pw_dir = buffer_get_string(&m, NULL);
pw->pw_shell = buffer_get_string(&m, NULL);
+
+ /* copy options block as a Match directive may have changed some */
+ newopts = buffer_get_string(&m, &len);
+ if (len != sizeof(*newopts))
+ fatal("%s: option block size mismatch", __func__);
+ if (newopts->banner != NULL)
+ newopts->banner = buffer_get_string(&m, NULL);
+ copy_set_server_options(&options, newopts, 1);
+ xfree(newopts);
+
buffer_free(&m);
return (pw);
#define INIT_SZ 128
-int vasprintf(char **str, const char *fmt, va_list ap)
+int
+vasprintf(char **str, const char *fmt, va_list ap)
{
int ret = -1;
va_list ap2;
ret = vsnprintf(string, INIT_SZ, fmt, ap2);
if (ret >= 0 && ret < INIT_SZ) { /* succeeded with initial alloc */
*str = string;
- } else if (ret == INT_MAX) { /* shouldn't happen */
+ } else if (ret == INT_MAX || ret < 0) { /* Bad length */
goto fail;
} else { /* bigger than initial, realloc allowing for nul */
len = (size_t)ret + 1;
*
* Move #endif to make sure VA_COPY, LDOUBLE, etc are defined even
* if the C library has some snprintf functions already.
+ *
+ * Damien Miller (djm@mindrot.org) Jan 2007
+ * Fix integer overflows in return value.
+ * Make formatting quite a bit faster by inlining dopr_outch()
+ *
**************************************************************/
#include "includes.h"
#include <stdarg.h>
#include <stdlib.h>
#include <string.h>
+#include <limits.h>
+#include <errno.h>
#ifdef HAVE_LONG_DOUBLE
# define LDOUBLE long double
# define MAX(p,q) (((p) >= (q)) ? (p) : (q))
#endif
-static size_t dopr(char *buffer, size_t maxlen, const char *format,
- va_list args_in);
-static void fmtstr(char *buffer, size_t *currlen, size_t maxlen,
- char *value, int flags, int min, int max);
-static void fmtint(char *buffer, size_t *currlen, size_t maxlen,
- LLONG value, int base, int min, int max, int flags);
-static void fmtfp(char *buffer, size_t *currlen, size_t maxlen,
- LDOUBLE fvalue, int min, int max, int flags);
-static void dopr_outch(char *buffer, size_t *currlen, size_t maxlen, char c);
-
-static size_t dopr(char *buffer, size_t maxlen, const char *format, va_list args_in)
+#define DOPR_OUTCH(buf, pos, buflen, thechar) \
+ do { \
+ if (pos + 1 >= INT_MAX) { \
+ errno = ERANGE; \
+ return -1; \
+ } \
+ if (pos < buflen) \
+ buf[pos] = thechar; \
+ (pos)++; \
+ } while (0)
+
+static int dopr(char *buffer, size_t maxlen, const char *format,
+ va_list args_in);
+static int fmtstr(char *buffer, size_t *currlen, size_t maxlen,
+ char *value, int flags, int min, int max);
+static int fmtint(char *buffer, size_t *currlen, size_t maxlen,
+ LLONG value, int base, int min, int max, int flags);
+static int fmtfp(char *buffer, size_t *currlen, size_t maxlen,
+ LDOUBLE fvalue, int min, int max, int flags);
+
+static int
+dopr(char *buffer, size_t maxlen, const char *format, va_list args_in)
{
char ch;
LLONG value;
case DP_S_DEFAULT:
if (ch == '%')
state = DP_S_FLAGS;
- else
- dopr_outch (buffer, &currlen, maxlen, ch);
+ else
+ DOPR_OUTCH(buffer, currlen, maxlen, ch);
ch = *format++;
break;
case DP_S_FLAGS:
value = va_arg (args, LLONG);
else
value = va_arg (args, int);
- fmtint (buffer, &currlen, maxlen, value, 10, min, max, flags);
+ if (fmtint(buffer, &currlen, maxlen,
+ value, 10, min, max, flags) == -1)
+ return -1;
break;
case 'o':
flags |= DP_F_UNSIGNED;
value = (long)va_arg (args, unsigned LLONG);
else
value = (long)va_arg (args, unsigned int);
- fmtint (buffer, &currlen, maxlen, value, 8, min, max, flags);
+ if (fmtint(buffer, &currlen, maxlen, value,
+ 8, min, max, flags) == -1)
+ return -1;
break;
case 'u':
flags |= DP_F_UNSIGNED;
value = (LLONG)va_arg (args, unsigned LLONG);
else
value = (long)va_arg (args, unsigned int);
- fmtint (buffer, &currlen, maxlen, value, 10, min, max, flags);
+ if (fmtint(buffer, &currlen, maxlen, value,
+ 10, min, max, flags) == -1)
+ return -1;
break;
case 'X':
flags |= DP_F_UP;
value = (LLONG)va_arg (args, unsigned LLONG);
else
value = (long)va_arg (args, unsigned int);
- fmtint (buffer, &currlen, maxlen, value, 16, min, max, flags);
+ if (fmtint(buffer, &currlen, maxlen, value,
+ 16, min, max, flags) == -1)
+ return -1;
break;
case 'f':
if (cflags == DP_C_LDOUBLE)
fvalue = va_arg (args, LDOUBLE);
else
fvalue = va_arg (args, double);
- /* um, floating point? */
- fmtfp (buffer, &currlen, maxlen, fvalue, min, max, flags);
+ if (fmtfp(buffer, &currlen, maxlen, fvalue,
+ min, max, flags) == -1)
+ return -1;
break;
case 'E':
flags |= DP_F_UP;
fvalue = va_arg (args, LDOUBLE);
else
fvalue = va_arg (args, double);
- fmtfp (buffer, &currlen, maxlen, fvalue, min, max, flags);
+ if (fmtfp(buffer, &currlen, maxlen, fvalue,
+ min, max, flags) == -1)
+ return -1;
break;
case 'G':
flags |= DP_F_UP;
fvalue = va_arg (args, LDOUBLE);
else
fvalue = va_arg (args, double);
- fmtfp (buffer, &currlen, maxlen, fvalue, min, max, flags);
+ if (fmtfp(buffer, &currlen, maxlen, fvalue,
+ min, max, flags) == -1)
+ return -1;
break;
case 'c':
- dopr_outch (buffer, &currlen, maxlen, va_arg (args, int));
+ DOPR_OUTCH(buffer, currlen, maxlen,
+ va_arg (args, int));
break;
case 's':
strvalue = va_arg (args, char *);
max = strlen(strvalue);
}
if (min > 0 && max >= 0 && min > max) max = min;
- fmtstr (buffer, &currlen, maxlen, strvalue, flags, min, max);
+ if (fmtstr(buffer, &currlen, maxlen,
+ strvalue, flags, min, max) == -1)
+ return -1;
break;
case 'p':
strvalue = va_arg (args, void *);
- fmtint (buffer, &currlen, maxlen, (long) strvalue, 16, min, max, flags);
+ if (fmtint(buffer, &currlen, maxlen,
+ (long) strvalue, 16, min, max, flags) == -1)
+ return -1;
break;
case 'n':
if (cflags == DP_C_SHORT) {
}
break;
case '%':
- dopr_outch (buffer, &currlen, maxlen, ch);
+ DOPR_OUTCH(buffer, currlen, maxlen, ch);
break;
case 'w':
/* not supported yet, treat as next char */
buffer[maxlen - 1] = '\0';
}
- return currlen;
+ return currlen < INT_MAX ? (int)currlen : -1;
}
-static void fmtstr(char *buffer, size_t *currlen, size_t maxlen,
- char *value, int flags, int min, int max)
+static int
+fmtstr(char *buffer, size_t *currlen, size_t maxlen,
+ char *value, int flags, int min, int max)
{
int padlen, strln; /* amount to pad */
int cnt = 0;
padlen = -padlen; /* Left Justify */
while ((padlen > 0) && (cnt < max)) {
- dopr_outch (buffer, currlen, maxlen, ' ');
+ DOPR_OUTCH(buffer, *currlen, maxlen, ' ');
--padlen;
++cnt;
}
while (*value && (cnt < max)) {
- dopr_outch (buffer, currlen, maxlen, *value++);
+ DOPR_OUTCH(buffer, *currlen, maxlen, *value);
+ *value++;
++cnt;
}
while ((padlen < 0) && (cnt < max)) {
- dopr_outch (buffer, currlen, maxlen, ' ');
+ DOPR_OUTCH(buffer, *currlen, maxlen, ' ');
++padlen;
++cnt;
}
+ return 0;
}
/* Have to handle DP_F_NUM (ie 0x and 0 alternates) */
-static void fmtint(char *buffer, size_t *currlen, size_t maxlen,
+static int
+fmtint(char *buffer, size_t *currlen, size_t maxlen,
LLONG value, int base, int min, int max, int flags)
{
int signvalue = 0;
/* Spaces */
while (spadlen > 0) {
- dopr_outch (buffer, currlen, maxlen, ' ');
+ DOPR_OUTCH(buffer, *currlen, maxlen, ' ');
--spadlen;
}
/* Sign */
if (signvalue)
- dopr_outch (buffer, currlen, maxlen, signvalue);
+ DOPR_OUTCH(buffer, *currlen, maxlen, signvalue);
/* Zeros */
if (zpadlen > 0) {
while (zpadlen > 0) {
- dopr_outch (buffer, currlen, maxlen, '0');
+ DOPR_OUTCH(buffer, *currlen, maxlen, '0');
--zpadlen;
}
}
/* Digits */
- while (place > 0)
- dopr_outch (buffer, currlen, maxlen, convert[--place]);
+ while (place > 0) {
+ --place;
+ DOPR_OUTCH(buffer, *currlen, maxlen, convert[place]);
+ }
/* Left Justified spaces */
while (spadlen < 0) {
- dopr_outch (buffer, currlen, maxlen, ' ');
+ DOPR_OUTCH(buffer, *currlen, maxlen, ' ');
++spadlen;
}
+ return 0;
}
static LDOUBLE abs_val(LDOUBLE value)
return result;
}
-static LDOUBLE POW10(int exp)
+static LDOUBLE POW10(int val)
{
LDOUBLE result = 1;
- while (exp) {
+ while (val) {
result *= 10;
- exp--;
+ val--;
}
return result;
}
if (i == 100) {
- /* yikes! the number is beyond what we can handle. What do we do? */
+ /*
+ * yikes! the number is beyond what we can handle.
+ * What do we do?
+ */
(*iptr) = 0;
return 0;
}
}
-static void fmtfp (char *buffer, size_t *currlen, size_t maxlen,
- LDOUBLE fvalue, int min, int max, int flags)
+static int
+fmtfp (char *buffer, size_t *currlen, size_t maxlen,
+ LDOUBLE fvalue, int min, int max, int flags)
{
int signvalue = 0;
double ufvalue;
if ((flags & DP_F_ZERO) && (padlen > 0)) {
if (signvalue) {
- dopr_outch (buffer, currlen, maxlen, signvalue);
+ DOPR_OUTCH(buffer, *currlen, maxlen, signvalue);
--padlen;
signvalue = 0;
}
while (padlen > 0) {
- dopr_outch (buffer, currlen, maxlen, '0');
+ DOPR_OUTCH(buffer, *currlen, maxlen, '0');
--padlen;
}
}
while (padlen > 0) {
- dopr_outch (buffer, currlen, maxlen, ' ');
+ DOPR_OUTCH(buffer, *currlen, maxlen, ' ');
--padlen;
}
if (signvalue)
- dopr_outch (buffer, currlen, maxlen, signvalue);
+ DOPR_OUTCH(buffer, *currlen, maxlen, signvalue);
- while (iplace > 0)
- dopr_outch (buffer, currlen, maxlen, iconvert[--iplace]);
+ while (iplace > 0) {
+ --iplace;
+ DOPR_OUTCH(buffer, *currlen, maxlen, iconvert[iplace]);
+ }
#ifdef DEBUG_SNPRINTF
printf("fmtfp: fplace=%d zpadlen=%d\n", fplace, zpadlen);
* char to print out.
*/
if (max > 0) {
- dopr_outch (buffer, currlen, maxlen, '.');
+ DOPR_OUTCH(buffer, *currlen, maxlen, '.');
while (zpadlen > 0) {
- dopr_outch (buffer, currlen, maxlen, '0');
+ DOPR_OUTCH(buffer, *currlen, maxlen, '0');
--zpadlen;
}
- while (fplace > 0)
- dopr_outch (buffer, currlen, maxlen, fconvert[--fplace]);
+ while (fplace > 0) {
+ --fplace;
+ DOPR_OUTCH(buffer, *currlen, maxlen, fconvert[fplace]);
+ }
}
while (padlen < 0) {
- dopr_outch (buffer, currlen, maxlen, ' ');
+ DOPR_OUTCH(buffer, *currlen, maxlen, ' ');
++padlen;
}
-}
-
-static void dopr_outch(char *buffer, size_t *currlen, size_t maxlen, char c)
-{
- if (*currlen < maxlen) {
- buffer[(*currlen)] = c;
- }
- (*currlen)++;
+ return 0;
}
#endif /* !defined(HAVE_SNPRINTF) || !defined(HAVE_VSNPRINTF) */
#if !defined(HAVE_VSNPRINTF)
-int vsnprintf (char *str, size_t count, const char *fmt, va_list args)
+int
+vsnprintf (char *str, size_t count, const char *fmt, va_list args)
{
return dopr(str, count, fmt, args);
}
#endif
#if !defined(HAVE_SNPRINTF)
-int snprintf(char *str, size_t count, SNPRINTF_CONST char *fmt, ...)
+int
+snprintf(char *str, size_t count, SNPRINTF_CONST char *fmt, ...)
{
size_t ret;
va_list ap;
return ret;
}
#endif
-
}
/* allocate memory for signatures */
- rrset->rri_sigs = calloc(rrset->rri_nsigs, sizeof(struct rdatainfo));
- if (rrset->rri_sigs == NULL) {
- result = ERRSET_NOMEMORY;
- goto fail;
+ if (rrset->rri_nsigs > 0) {
+ rrset->rri_sigs = calloc(rrset->rri_nsigs, sizeof(struct rdatainfo));
+ if (rrset->rri_sigs == NULL) {
+ result = ERRSET_NOMEMORY;
+ goto fail;
+ }
}
/* copy answers & signatures */
# endif
#endif
+/* OpenSSL 0.9.8e returns cipher key len not context key len */
+#if (OPENSSL_VERSION_NUMBER == 0x0090805fL)
+# define EVP_CIPHER_CTX_key_length(c) ((c)->key_len)
+#endif
+
/*
* We overload some of the OpenSSL crypto functions with ssh_* equivalents
* which cater for older and/or less featureful OpenSSL version.
type='service'
version='1'>
+<!--
+ We default to disabled so administrator can decide to enable or not.
+-->
<create_default_instance enabled='false'/>
<single_instance/>
<exec_method
name='start'
type='method'
- exec='/lib/svc/method/site/opensshd start'
+ exec='/lib/svc/method/site/__SYSVINIT_NAME__ start'
timeout_seconds='60'>
<method_context/>
</exec_method>
# include <sys/time.h>
#endif
-#include <netinet/in_systm.h>
#include <netinet/in.h>
#include <netinet/ip.h>
#include <arpa/inet.h>
-/* $OpenBSD: readconf.c,v 1.159 2006/08/03 03:34:42 deraadt Exp $ */
+/* $OpenBSD: readconf.c,v 1.161 2007/01/21 01:45:35 stevesk Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
if ((value = convtime(arg)) == -1)
fatal("%s line %d: invalid time value.",
filename, linenum);
- if (*intptr == -1)
+ if (*activep && *intptr == -1)
*intptr = value;
break;
if (*intptr >= SSH_MAX_IDENTITY_FILES)
fatal("%.200s line %d: Too many identity files specified (max %d).",
filename, linenum, SSH_MAX_IDENTITY_FILES);
- charptr = &options->identity_files[*intptr];
+ charptr = &options->identity_files[*intptr];
*charptr = xstrdup(arg);
*intptr = *intptr + 1;
}
if [ $? -ne 0 ]; then
fail "gdb failed: exit code $?"
fi
- egrep 'ptrace: Operation not permitted.|procfs:.*Permission denied.|ttrace attach: Permission denied.|procfs:.*: Invalid argument.' >/dev/null ${OBJ}/gdb.out
+ egrep 'ptrace: Operation not permitted.|procfs:.*Permission denied.|ttrace.*Permission denied.|procfs:.*: Invalid argument.' >/dev/null ${OBJ}/gdb.out
r=$?
rm -f ${OBJ}/gdb.out
if [ $r -ne 0 ]; then
-/* $OpenBSD: scp.c,v 1.155 2006/08/03 03:34:42 deraadt Exp $ */
+/* $OpenBSD: scp.c,v 1.156 2007/01/22 13:06:21 djm Exp $ */
/*
* scp - secure remote copy. This is basically patched BSD rcp which
* uses ssh to do the data transfer (instead of using rcmd).
if ((pwd = getpwuid(userid = getuid())) == NULL)
fatal("unknown user %u", (u_int) userid);
- if (!isatty(STDERR_FILENO))
+ if (!isatty(STDOUT_FILENO))
showprogress = 0;
remin = STDIN_FILENO;
-/* $OpenBSD: servconf.c,v 1.165 2006/08/14 12:40:25 dtucker Exp $ */
+/* $OpenBSD: servconf.c,v 1.170 2007/03/01 10:28:02 dtucker Exp $ */
/*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
{ "syslogfacility", sLogFacility, SSHCFG_GLOBAL },
{ "loglevel", sLogLevel, SSHCFG_GLOBAL },
{ "rhostsauthentication", sDeprecated, SSHCFG_GLOBAL },
- { "rhostsrsaauthentication", sRhostsRSAAuthentication, SSHCFG_GLOBAL },
- { "hostbasedauthentication", sHostbasedAuthentication, SSHCFG_GLOBAL },
+ { "rhostsrsaauthentication", sRhostsRSAAuthentication, SSHCFG_ALL },
+ { "hostbasedauthentication", sHostbasedAuthentication, SSHCFG_ALL },
{ "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly, SSHCFG_GLOBAL },
- { "rsaauthentication", sRSAAuthentication, SSHCFG_GLOBAL },
- { "pubkeyauthentication", sPubkeyAuthentication, SSHCFG_GLOBAL },
+ { "rsaauthentication", sRSAAuthentication, SSHCFG_ALL },
+ { "pubkeyauthentication", sPubkeyAuthentication, SSHCFG_ALL },
{ "dsaauthentication", sPubkeyAuthentication, SSHCFG_GLOBAL }, /* alias */
#ifdef KRB5
- { "kerberosauthentication", sKerberosAuthentication, SSHCFG_GLOBAL },
+ { "kerberosauthentication", sKerberosAuthentication, SSHCFG_ALL },
{ "kerberosorlocalpasswd", sKerberosOrLocalPasswd, SSHCFG_GLOBAL },
{ "kerberosticketcleanup", sKerberosTicketCleanup, SSHCFG_GLOBAL },
#ifdef USE_AFS
{ "kerberosgetafstoken", sUnsupported, SSHCFG_GLOBAL },
#endif
#else
- { "kerberosauthentication", sUnsupported, SSHCFG_GLOBAL },
+ { "kerberosauthentication", sUnsupported, SSHCFG_ALL },
{ "kerberosorlocalpasswd", sUnsupported, SSHCFG_GLOBAL },
{ "kerberosticketcleanup", sUnsupported, SSHCFG_GLOBAL },
{ "kerberosgetafstoken", sUnsupported, SSHCFG_GLOBAL },
{ "kerberostgtpassing", sUnsupported, SSHCFG_GLOBAL },
{ "afstokenpassing", sUnsupported, SSHCFG_GLOBAL },
#ifdef GSSAPI
- { "gssapiauthentication", sGssAuthentication, SSHCFG_GLOBAL },
+ { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL },
{ "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL },
#else
- { "gssapiauthentication", sUnsupported, SSHCFG_GLOBAL },
+ { "gssapiauthentication", sUnsupported, SSHCFG_ALL },
{ "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL },
#endif
- { "passwordauthentication", sPasswordAuthentication, SSHCFG_GLOBAL },
- { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_GLOBAL },
+ { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL },
+ { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL },
{ "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL },
{ "skeyauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, /* alias */
{ "checkmail", sDeprecated, SSHCFG_GLOBAL },
{ "subsystem", sSubsystem, SSHCFG_GLOBAL },
{ "maxstartups", sMaxStartups, SSHCFG_GLOBAL },
{ "maxauthtries", sMaxAuthTries, SSHCFG_GLOBAL },
- { "banner", sBanner, SSHCFG_GLOBAL },
+ { "banner", sBanner, SSHCFG_ALL },
{ "usedns", sUseDNS, SSHCFG_GLOBAL },
{ "verifyreversemapping", sDeprecated, SSHCFG_GLOBAL },
{ "reversemappingcheck", sDeprecated, SSHCFG_GLOBAL },
else
fatal("%s line %d: Bad yes/no/clientspecified "
"argument: %s", filename, linenum, arg);
- if (*intptr == -1)
+ if (*activep && *intptr == -1)
*intptr = value;
break;
if (!arg || *arg == '\0')
fatal("%s line %d: missing PermitOpen specification",
filename, linenum);
+ n = options->num_permitted_opens; /* modified later */
if (strcmp(arg, "any") == 0) {
- if (*activep) {
+ if (*activep && n == -1) {
channel_clear_adm_permitted_opens();
options->num_permitted_opens = 0;
}
break;
}
+ if (*activep && n == -1)
+ channel_clear_adm_permitted_opens();
for (; arg != NULL && *arg != '\0'; arg = strdelim(&cp)) {
p = hpdelim(&arg);
if (p == NULL)
if (arg == NULL || (port = a2port(arg)) == 0)
fatal("%s line %d: bad port number in "
"PermitOpen", filename, linenum);
- if (*activep && options->num_permitted_opens == -1) {
- channel_clear_adm_permitted_opens();
+ if (*activep && n == -1)
options->num_permitted_opens =
channel_add_adm_permitted_opens(p, port);
- }
}
break;
initialize_server_options(&mo);
parse_server_config(&mo, "reprocess config", &cfg, user, host, address);
- copy_set_server_options(options, &mo);
+ copy_set_server_options(options, &mo, 0);
}
-/* Copy any (supported) values that are set */
+/* Helper macros */
+#define M_CP_INTOPT(n) do {\
+ if (src->n != -1) \
+ dst->n = src->n; \
+} while (0)
+#define M_CP_STROPT(n) do {\
+ if (src->n != NULL) { \
+ if (dst->n != NULL) \
+ xfree(dst->n); \
+ dst->n = src->n; \
+ } \
+} while(0)
+
+/*
+ * Copy any supported values that are set.
+ *
+ * If the preauth flag is set, we do not bother copying the the string or
+ * array values that are not used pre-authentication, because any that we
+ * do use must be explictly sent in mm_getpwnamallow().
+ */
void
-copy_set_server_options(ServerOptions *dst, ServerOptions *src)
+copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth)
{
- if (src->allow_tcp_forwarding != -1)
- dst->allow_tcp_forwarding = src->allow_tcp_forwarding;
- if (src->gateway_ports != -1)
- dst->gateway_ports = src->gateway_ports;
- if (src->adm_forced_command != NULL) {
- if (dst->adm_forced_command != NULL)
- xfree(dst->adm_forced_command);
- dst->adm_forced_command = src->adm_forced_command;
- }
- if (src->x11_display_offset != -1)
- dst->x11_display_offset = src->x11_display_offset;
- if (src->x11_forwarding != -1)
- dst->x11_forwarding = src->x11_forwarding;
- if (src->x11_use_localhost != -1)
- dst->x11_use_localhost = src->x11_use_localhost;
+ M_CP_INTOPT(password_authentication);
+ M_CP_INTOPT(gss_authentication);
+ M_CP_INTOPT(rsa_authentication);
+ M_CP_INTOPT(pubkey_authentication);
+ M_CP_INTOPT(kerberos_authentication);
+ M_CP_INTOPT(hostbased_authentication);
+ M_CP_INTOPT(kbd_interactive_authentication);
+
+ M_CP_INTOPT(allow_tcp_forwarding);
+ M_CP_INTOPT(gateway_ports);
+ M_CP_INTOPT(x11_display_offset);
+ M_CP_INTOPT(x11_forwarding);
+ M_CP_INTOPT(x11_use_localhost);
+
+ M_CP_STROPT(banner);
+ if (preauth)
+ return;
+ M_CP_STROPT(adm_forced_command);
}
+#undef M_CP_INTOPT
+#undef M_CP_STROPT
+
void
parse_server_config(ServerOptions *options, const char *filename, Buffer *conf,
const char *user, const char *host, const char *address)
if (bad_options > 0)
fatal("%s: terminating, %d bad configuration options",
filename, bad_options);
+
+ /* challenge-response is implemented via keyboard interactive */
+ if (options->challenge_response_authentication == 1)
+ options->kbd_interactive_authentication = 1;
}
-/* $OpenBSD: servconf.h,v 1.79 2006/08/14 12:40:25 dtucker Exp $ */
+/* $OpenBSD: servconf.h,v 1.80 2007/02/19 10:45:58 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
const char *, const char *, const char *);
void parse_server_match_config(ServerOptions *, const char *, const char *,
const char *);
-void copy_set_server_options(ServerOptions *, ServerOptions *);
+void copy_set_server_options(ServerOptions *, ServerOptions *, int);
#endif /* SERVCONF_H */
struct timeval tv, *tvp;
int ret;
int client_alive_scheduled = 0;
+ int program_alive_scheduled = 0;
/*
* if using client_alive, set the max timeout accordingly,
* the client, try to get some more data from the program.
*/
if (packet_not_very_much_data_to_write()) {
+ program_alive_scheduled = child_terminated;
if (!fdout_eof)
FD_SET(fdout, *readsetp);
if (!fderr_eof)
memset(*writesetp, 0, *nallocp);
if (errno != EINTR)
error("select: %.100s", strerror(errno));
- } else if (ret == 0 && client_alive_scheduled)
- client_alive_check();
+ } else {
+ if (ret == 0 && client_alive_scheduled)
+ client_alive_check();
+ if (!compat20 && program_alive_scheduled && fdin_is_tty) {
+ if (!fdout_eof)
+ FD_SET(fdout, *readsetp);
+ if (!fderr_eof)
+ FD_SET(fderr, *readsetp);
+ }
+ }
notify_done(*readsetp);
}
if (!fdout_eof && FD_ISSET(fdout, readset)) {
errno = 0;
len = read(fdout, buf, sizeof(buf));
- if (len < 0 && (errno == EINTR || errno == EAGAIN)) {
+ if (len < 0 && (errno == EINTR ||
+ (errno == EAGAIN && !child_terminated))) {
/* do nothing */
#ifndef PTY_ZEROREAD
} else if (len <= 0) {
if (!fderr_eof && FD_ISSET(fderr, readset)) {
errno = 0;
len = read(fderr, buf, sizeof(buf));
- if (len < 0 && (errno == EINTR || errno == EAGAIN)) {
+ if (len < 0 && (errno == EINTR ||
+ (errno == EAGAIN && !child_terminated))) {
/* do nothing */
#ifndef PTY_ZEROREAD
} else if (len <= 0) {
-/* $OpenBSD: session.c,v 1.220 2006/10/09 23:36:11 djm Exp $ */
+/* $OpenBSD: session.c,v 1.221 2007/01/21 01:41:54 stevesk Exp $ */
/*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
} else if (strcmp(rtype, "exec") == 0) {
success = session_exec_req(s);
} else if (strcmp(rtype, "pty-req") == 0) {
- success = session_pty_req(s);
+ success = session_pty_req(s);
} else if (strcmp(rtype, "x11-req") == 0) {
success = session_x11_req(s);
} else if (strcmp(rtype, "auth-agent-req@openssh.com") == 0) {
debug3("session_close_single_x11: channel %d", id);
channel_cancel_cleanup(id);
- if ((s = session_by_x11_channel(id)) == NULL)
+ if ((s = session_by_x11_channel(id)) == NULL)
fatal("session_close_single_x11: no x11 channel %d", id);
for (i = 0; s->x11_chanids[i] != -1; i++) {
debug("session_close_single_x11: session %d: "
-/* $OpenBSD: sftp-client.c,v 1.75 2006/10/22 02:25:50 djm Exp $ */
+/* $OpenBSD: sftp-client.c,v 1.76 2007/01/22 11:32:50 djm Exp $ */
/*
* Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
*
close(local_fd);
xfree(data);
xfree(ack);
+ status = -1;
goto done;
}
debug3("In write loop, ack for %u %u bytes at %llu",
-/* $OpenBSD: sftp-server.c,v 1.70 2006/08/03 03:34:42 deraadt Exp $ */
+/* $OpenBSD: sftp-server.c,v 1.71 2007/01/03 07:22:36 stevesk Exp $ */
/*
* Copyright (c) 2000-2004 Markus Friedl. All rights reserved.
*
debug("request %u: fstat \"%s\" (handle %u)",
id, handle_to_name(handle), handle);
fd = handle_to_fd(handle);
- if (fd >= 0) {
+ if (fd >= 0) {
ret = fstat(fd, &st);
if (ret < 0) {
status = errno_to_portable(errno);
-/* $OpenBSD: sftp.c,v 1.93 2006/09/30 17:48:22 ray Exp $ */
+/* $OpenBSD: sftp.c,v 1.96 2007/01/03 04:09:15 stevesk Exp $ */
/*
* Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
*
int interactive_loop(int fd_in, int fd_out, char *file1, char *file2);
+/* ARGSUSED */
static void
killchild(int signo)
{
_exit(1);
}
+/* ARGSUSED */
static void
cmd_interrupt(int signo)
{
path_append(char *p1, char *p2)
{
char *ret;
- int len = strlen(p1) + strlen(p2) + 2;
+ size_t len = strlen(p1) + strlen(p2) + 2;
ret = xmalloc(len);
strlcpy(ret, p1, len);
- if (p1[strlen(p1) - 1] != '/')
+ if (p1[0] != '\0' && p1[strlen(p1) - 1] != '/')
strlcat(ret, "/", len);
strlcat(ret, p2, len);
fprintf(stderr, "Missing username\n");
usage();
}
- addargs(&args, "-l%s",userhost);
+ addargs(&args, "-l%s", userhost);
}
if ((cp = colon(host)) != NULL) {
-/* $OpenBSD: ssh-agent.c,v 1.153 2006/10/06 02:29:19 djm Exp $ */
+/* $OpenBSD: ssh-agent.c,v 1.154 2007/02/28 00:55:30 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
for (id = TAILQ_FIRST(&tab->idlist); id; id = nxt) {
nxt = TAILQ_NEXT(id, next);
if (id->death != 0 && now >= id->death) {
+ debug("expiring key '%s'", id->comment);
TAILQ_REMOVE(&tab->idlist, id, next);
free_identity(id);
tab->nentries--;
u_int msg_len, type;
u_char *cp;
- /* kill dead keys */
- reaper();
-
if (buffer_len(&e->input) < 5)
return; /* Incomplete message. */
cp = buffer_ptr(&e->input);
main(int ac, char **av)
{
int c_flag = 0, d_flag = 0, k_flag = 0, s_flag = 0;
- int sock, fd, ch;
+ int sock, fd, ch, result, saved_errno;
u_int nalloc;
char *shell, *format, *pidstr, *agentsocket = NULL;
fd_set *readsetp = NULL, *writesetp = NULL;
extern char *optarg;
pid_t pid;
char pidstrbuf[1 + 3 * sizeof pid];
+ struct timeval tv;
/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
sanitise_stdfd();
nalloc = 0;
while (1) {
+ tv.tv_sec = 10;
+ tv.tv_usec = 0;
prepare_select(&readsetp, &writesetp, &max_fd, &nalloc);
- if (select(max_fd + 1, readsetp, writesetp, NULL, NULL) < 0) {
- if (errno == EINTR)
+ result = select(max_fd + 1, readsetp, writesetp, NULL, &tv);
+ saved_errno = errno;
+ reaper(); /* remove expired keys */
+ if (result < 0) {
+ if (saved_errno == EINTR)
continue;
- fatal("select: %s", strerror(errno));
- }
- after_select(readsetp, writesetp);
+ fatal("select: %s", strerror(saved_errno));
+ } else if (result > 0)
+ after_select(readsetp, writesetp);
}
/* NOTREACHED */
}
-.\" $OpenBSD: ssh-keygen.1,v 1.72 2005/11/28 05:16:53 dtucker Exp $
+.\" $OpenBSD: ssh-keygen.1,v 1.74 2007/01/12 20:20:41 jmc Exp $
.\"
.\" -*- nroff -*-
.\"
.Ar reader .
.It Fl e
This option will read a private or public OpenSSH key file and
-print the key in a
-.Sq SECSH Public Key File Format
+print the key in
+RFC 4716 SSH Public Key File Format
to stdout.
This option allows exporting keys for use by several commercial
SSH implementations.
(or public) key to stdout.
.Nm
also reads the
-.Sq SECSH Public Key File Format .
+RFC 4716 SSH Public Key File Format.
This option allows importing keys from several commercial
SSH implementations.
.It Fl l
.Xr moduli 5 ,
.Xr sshd 8
.Rs
-.%A J. Galbraith
-.%A R. Thayer
-.%T "SECSH Public Key File Format"
-.%N draft-ietf-secsh-publickeyfile-01.txt
-.%D March 2001
-.%O work in progress material
+.%R RFC 4716
+.%T "The Secure Shell (SSH) Public Key File Format"
+.%D 2006
.Re
.Sh AUTHORS
OpenSSH is a derivative of the original and free
-/* $OpenBSD: ssh-keygen.c,v 1.155 2006/11/06 21:25:28 markus Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.160 2007/01/21 01:41:54 stevesk Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
buffer_init(&b);
buffer_append(&b, blob, blen);
- magic = buffer_get_int(&b);
+ magic = buffer_get_int(&b);
if (magic != SSH_COM_PRIVATE_KEY_MAGIC) {
error("bad magic 0x%x != 0x%x", magic, SSH_COM_PRIVATE_KEY_MAGIC);
buffer_free(&b);
i2 = buffer_get_int(&b);
i3 = buffer_get_int(&b);
i4 = buffer_get_int(&b);
- debug("ignore (%d %d %d %d)", i1,i2,i3,i4);
+ debug("ignore (%d %d %d %d)", i1, i2, i3, i4);
if (strcmp(cipher, "none") != 0) {
error("unsupported cipher %s", cipher);
xfree(cipher);
buffer_get_bignum_bits(&b, key->dsa->priv_key);
break;
case KEY_RSA:
- e = buffer_get_char(&b);
+ e = buffer_get_char(&b);
debug("e %lx", e);
if (e < 30) {
e <<= 8;
line[pos++] = c;
line[pos] = '\0';
}
- if (c == EOF)
- return -1;
- return pos;
+ /* We reached EOF */
+ return -1;
}
static void
for (cp = line; *cp == ' ' || *cp == '\t'; cp++)
;
if (!*cp || *cp == '\n' || *cp == '#')
- continue ;
+ continue;
i = strtol(cp, &ep, 10);
if (i == 0 || ep == NULL || (*ep != ' ' && *ep != '\t')) {
int quoted = 0;
#ifdef SMARTCARD
fprintf(stderr, " -D reader Download public key from smartcard.\n");
#endif /* SMARTCARD */
- fprintf(stderr, " -e Convert OpenSSH to IETF SECSH key file.\n");
+ fprintf(stderr, " -e Convert OpenSSH to RFC 4716 key file.\n");
fprintf(stderr, " -F hostname Find hostname in known hosts file.\n");
fprintf(stderr, " -f filename Filename of the key file.\n");
fprintf(stderr, " -G file Generate candidates for DH-GEX moduli.\n");
fprintf(stderr, " -g Use generic DNS resource record format.\n");
fprintf(stderr, " -H Hash names in known_hosts file.\n");
- fprintf(stderr, " -i Convert IETF SECSH to OpenSSH key file.\n");
+ fprintf(stderr, " -i Convert RFC 4716 to OpenSSH key file.\n");
fprintf(stderr, " -l Show fingerprint of key file.\n");
fprintf(stderr, " -M memory Amount of memory (MB) to use for generating DH-GEX moduli.\n");
fprintf(stderr, " -N phrase Provide new passphrase.\n");
* Main program for key management.
*/
int
-main(int ac, char **av)
+main(int argc, char **argv)
{
char dotsshdir[MAXPATHLEN], comment[1024], *passphrase1, *passphrase2;
char out_file[MAXPATHLEN], *reader_id = NULL;
/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
sanitise_stdfd();
- __progname = ssh_get_progname(av[0]);
+ __progname = ssh_get_progname(argv[0]);
SSLeay_add_all_algorithms();
- log_init(av[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1);
+ log_init(argv[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1);
init_rng();
seed_rng();
exit(1);
}
- while ((opt = getopt(ac, av,
+ while ((opt = getopt(argc, argv,
"degiqpclBHvxXyF:b:f:t:U:D:P:N:C:r:g:R:T:G:M:S:a:W:")) != -1) {
switch (opt) {
case 'b':
}
/* reinit */
- log_init(av[0], log_level, SYSLOG_FACILITY_USER, 1);
+ log_init(argv[0], log_level, SYSLOG_FACILITY_USER, 1);
- if (optind < ac) {
+ if (optind < argc) {
printf("Too many arguments.\n");
usage();
}
.Os
.Sh NAME
.Nm ssh-rand-helper
-.Nd Random number gatherer for OpenSSH
+.Nd random number gatherer for OpenSSH
.Sh SYNOPSIS
.Nm ssh-rand-hlper
.Op Fl vxXh
Turn on debugging message. Multiple
.Fl v
options will increase the debugging level.
-.Fl h
+.It Fl h
Display a summary of options.
.El
.Sh AUTHORS
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh.1,v 1.265 2006/10/28 18:08:10 otto Exp $
+.\" $OpenBSD: ssh.1,v 1.266 2006/12/11 21:25:46 markus Exp $
.Dd September 25, 1999
.Dt SSH 1
.Os
.%T "Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer Protocol"
.%D 2006
.Re
+.Rs
+.%R RFC 4716
+.%T "The Secure Shell (SSH) Public Key File Format"
+.%D 2006
+.Re
.Sh AUTHORS
OpenSSH is a derivative of the original and free
ssh 1.2.12 release by Tatu Ylonen.
-/* $OpenBSD: ssh.c,v 1.294 2006/10/06 02:29:19 djm Exp $ */
+/* $OpenBSD: ssh.c,v 1.295 2007/01/03 03:01:40 stevesk Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
if (!read_config_file(config, host, &options, 0))
fatal("Can't open user config file %.100s: "
"%.100s", config, strerror(errno));
- } else {
+ } else {
snprintf(buf, sizeof buf, "%.100s/%.100s", pw->pw_dir,
_PATH_SSH_USER_CONFFILE);
(void)read_config_file(buf, host, &options, 1);
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh_config.5,v 1.97 2006/07/27 08:00:50 jmc Exp $
+.\" $OpenBSD: ssh_config.5,v 1.98 2007/01/10 13:23:22 jmc Exp $
.Dd September 25, 1999
.Dt SSH_CONFIG 5
.Os
.Nm ssh_config
.Nd OpenSSH SSH client configuration files
.Sh SYNOPSIS
-.Bl -tag -width Ds -compact
-.It Pa ~/.ssh/config
-.It Pa /etc/ssh/ssh_config
-.El
+.Nm ~/.ssh/config
+.Nm /etc/ssh/ssh_config
.Sh DESCRIPTION
.Xr ssh 1
obtains configuration data from the following sources in
-/* $OpenBSD: sshd.c,v 1.348 2006/11/06 21:25:28 markus Exp $ */
+/* $OpenBSD: sshd.c,v 1.349 2007/02/21 11:00:05 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
logit("Received SIGHUP; restarting.");
close_listen_socks();
close_startup_pipes();
+ alarm(0); /* alarm timer persists across exec */
execv(saved_argv[0], saved_argv);
logit("RESTART FAILED: av[0]='%.100s', error: %.100s.", saved_argv[0],
strerror(errno));
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: sshd_config.5,v 1.70 2006/08/21 08:14:01 dtucker Exp $
+.\" $OpenBSD: sshd_config.5,v 1.74 2007/03/01 16:19:33 jmc Exp $
.Dd September 25, 1999
.Dt SSHD_CONFIG 5
.Os
.Nm sshd_config
.Nd OpenSSH SSH daemon configuration file
.Sh SYNOPSIS
-.Bl -tag -width Ds -compact
-.It Pa /etc/ssh/sshd_config
-.El
+.Nm /etc/ssh/sshd_config
.Sh DESCRIPTION
.Xr sshd 8
reads configuration data from
keyword.
Available keywords are
.Cm AllowTcpForwarding ,
+.Cm Banner ,
.Cm ForceCommand ,
.Cm GatewayPorts ,
+.Cm GSSApiAuthentication ,
+.Cm KbdInteractiveAuthentication ,
+.Cm KerberosAuthentication ,
+.Cm PasswordAuthentication ,
.Cm PermitOpen ,
+.Cm RhostsRSAAuthentication ,
+.Cm RSAAuthentication ,
.Cm X11DisplayOffset ,
.Cm X11Forwarding ,
and
-/* $OpenBSD: version.h,v 1.48 2006/11/07 10:31:31 markus Exp $ */
+/* $OpenBSD: version.h,v 1.49 2007/03/06 10:13:14 djm Exp $ */
-#define SSH_VERSION "OpenSSH_4.5"
+#define SSH_VERSION "OpenSSH_4.6"
#define SSH_PORTABLE "p1"
#define SSH_RELEASE SSH_VERSION SSH_PORTABLE