From 12408a1b16c3ce5b7e203bec879ceb3d67ae09a8 Mon Sep 17 00:00:00 2001 From: cphillip Date: Tue, 6 Jan 2004 19:11:06 +0000 Subject: [PATCH] Import of openssh-SNAP-20040105 --- openssh/CREDITS | 2 +- openssh/ChangeLog | 524 +++++++++++++++++++++-- openssh/INSTALL | 54 +-- openssh/LICENCE | 43 +- openssh/Makefile.in | 25 +- openssh/OVERVIEW | 18 +- openssh/README | 18 +- openssh/README.dns | 23 +- openssh/README.privsep | 10 +- openssh/README.smartcard | 14 +- openssh/RFC.nroff | 4 +- openssh/TODO | 10 +- openssh/WARNING.RNG | 8 +- openssh/acconfig.h | 15 +- openssh/auth-chall.c | 44 +- openssh/auth-krb5.c | 35 +- openssh/auth-pam.c | 311 +++++++++----- openssh/auth-pam.h | 3 + openssh/auth-passwd.c | 52 +-- openssh/auth-rh-rsa.c | 7 +- openssh/auth-rhosts.c | 6 +- openssh/auth-rsa.c | 7 +- openssh/auth-sia.c | 9 +- openssh/auth.c | 31 +- openssh/auth.h | 15 +- openssh/auth1.c | 18 +- openssh/auth2-gss.c | 84 +++- openssh/auth2-passwd.c | 20 +- openssh/auth2-pubkey.c | 5 +- openssh/auth2.c | 23 +- openssh/authfd.c | 13 +- openssh/authfd.h | 4 +- openssh/authfile.c | 3 +- openssh/bufaux.c | 12 +- openssh/bufaux.h | 6 +- openssh/buffer.c | 6 +- openssh/canohost.c | 60 +-- openssh/channels.c | 60 +-- openssh/channels.h | 3 +- openssh/cipher-3des1.c | 5 +- openssh/cipher-aes.c | 2 +- openssh/cipher-ctr.c | 4 +- openssh/cipher.c | 12 +- openssh/cipher.h | 12 +- openssh/cleanup.c | 26 ++ openssh/clientloop.c | 119 +++++- openssh/clientloop.h | 4 +- openssh/compat.c | 8 +- openssh/compat.h | 3 +- openssh/config.guess | 158 +++---- openssh/config.sub | 48 +-- openssh/configure.ac | 390 +++++++++-------- openssh/contrib/README | 6 +- openssh/contrib/aix/buildbff.sh | 48 +-- openssh/contrib/aix/inventory.sh | 2 +- openssh/contrib/caldera/openssh.spec | 1 - openssh/contrib/caldera/ssh-host-keygen | 6 +- openssh/contrib/caldera/sshd.init | 6 +- openssh/contrib/cygwin/Makefile | 56 +++ openssh/contrib/cygwin/README | 124 +++--- openssh/contrib/cygwin/ssh-host-config | 533 ++++++++++++------------ openssh/contrib/cygwin/ssh-user-config | 64 ++- openssh/contrib/findssl.sh | 14 +- openssh/contrib/gnome-ssh-askpass1.c | 14 +- openssh/contrib/gnome-ssh-askpass2.c | 14 +- openssh/contrib/redhat/openssh.spec | 14 +- openssh/contrib/solaris/README | 2 +- openssh/contrib/solaris/buildpkg.sh | 58 +-- openssh/contrib/solaris/opensshd.in | 16 +- openssh/contrib/ssh-copy-id | 2 +- openssh/contrib/suse/openssh.spec | 24 +- openssh/defines.h | 11 +- openssh/dh.c | 10 +- openssh/dns.c | 71 ++-- openssh/dns.h | 15 +- openssh/entropy.c | 22 +- openssh/fatal.c | 4 +- openssh/fixprogs | 2 +- openssh/gss-genr.c | 27 +- openssh/gss-serv-krb5.c | 14 +- openssh/gss-serv.c | 18 +- openssh/hostfile.c | 10 +- openssh/hostfile.h | 6 +- openssh/includes.h | 4 + openssh/install-sh | 12 +- openssh/kex.c | 6 +- openssh/kexgexc.c | 11 +- openssh/key.c | 40 +- openssh/key.h | 46 +- openssh/log.c | 79 +--- openssh/log.h | 9 +- openssh/loginrec.c | 4 +- openssh/mac.c | 4 +- openssh/md5crypt.c | 8 +- openssh/mdoc2man.awk | 158 +++---- openssh/misc.c | 4 +- openssh/mkinstalldirs | 10 +- openssh/moduli.c | 107 ++--- openssh/monitor.c | 62 ++- openssh/monitor.h | 5 +- openssh/monitor_wrap.c | 51 ++- openssh/monitor_wrap.h | 7 +- openssh/msg.c | 37 +- openssh/msg.h | 4 +- openssh/nchan.ms | 8 +- openssh/nchan2.ms | 8 +- openssh/openbsd-compat/Makefile.in | 2 +- openssh/openbsd-compat/base64.c | 2 + openssh/openbsd-compat/basename.c | 2 + openssh/openbsd-compat/bsd-misc.c | 2 +- openssh/openbsd-compat/daemon.c | 2 + openssh/openbsd-compat/dirname.c | 2 + openssh/openbsd-compat/getcwd.c | 2 + openssh/openbsd-compat/getgrouplist.c | 2 + openssh/openbsd-compat/getopt.c | 2 + openssh/openbsd-compat/getrrsetbyname.c | 6 +- openssh/openbsd-compat/getrrsetbyname.h | 6 +- openssh/openbsd-compat/glob.c | 2 + openssh/openbsd-compat/glob.h | 2 + openssh/openbsd-compat/inet_aton.c | 2 + openssh/openbsd-compat/inet_ntoa.c | 2 + openssh/openbsd-compat/inet_ntop.c | 2 + openssh/openbsd-compat/mktemp.c | 2 + openssh/openbsd-compat/port-aix.c | 64 ++- openssh/openbsd-compat/port-aix.h | 6 +- openssh/openbsd-compat/readpassphrase.c | 2 + openssh/openbsd-compat/readpassphrase.h | 2 + openssh/openbsd-compat/realpath.c | 4 +- openssh/openbsd-compat/rresvport.c | 2 + openssh/openbsd-compat/setenv.c | 2 + openssh/openbsd-compat/sigact.c | 2 + openssh/openbsd-compat/strlcat.c | 2 + openssh/openbsd-compat/strlcpy.c | 2 + openssh/openbsd-compat/strmode.c | 2 + openssh/openbsd-compat/strsep.c | 2 + openssh/openbsd-compat/strtoul.c | 114 +++++ openssh/openbsd-compat/sys-queue.h | 2 + openssh/openbsd-compat/sys-tree.h | 2 + openssh/openbsd-compat/vis.c | 2 + openssh/openbsd-compat/vis.h | 2 + openssh/openbsd-compat/xcrypt.c | 4 - openssh/packet.c | 22 +- openssh/progressmeter.c | 14 +- openssh/readconf.c | 57 ++- openssh/readconf.h | 9 +- openssh/regress/Makefile | 5 +- openssh/regress/agent-ptrace.sh | 13 +- openssh/regress/banner.sh | 29 ++ openssh/regress/sftp-cmds.sh | 16 +- openssh/rijndael.c | 134 +++--- openssh/scard-opensc.c | 24 +- openssh/scp.1 | 161 ++++--- openssh/scp.c | 22 +- openssh/servconf.c | 31 +- openssh/servconf.h | 6 +- openssh/serverloop.c | 48 +-- openssh/session.c | 161 ++++--- openssh/session.h | 5 +- openssh/sftp-client.c | 6 +- openssh/sftp-common.c | 10 +- openssh/sftp-common.h | 10 +- openssh/sftp-glob.c | 4 +- openssh/sftp-int.c | 24 +- openssh/sftp-server.8 | 5 +- openssh/sftp-server.c | 16 +- openssh/sftp.1 | 135 ++++-- openssh/sftp.c | 12 +- openssh/ssh-add.1 | 7 +- openssh/ssh-add.c | 8 +- openssh/ssh-agent.c | 19 +- openssh/ssh-dss.c | 20 +- openssh/ssh-gss.h | 8 +- openssh/ssh-keygen.1 | 14 +- openssh/ssh-keygen.c | 40 +- openssh/ssh-keyscan.c | 10 +- openssh/ssh-keysign.c | 5 +- openssh/ssh-rand-helper.8 | 22 +- openssh/ssh-rand-helper.c | 46 +- openssh/ssh-rsa.c | 10 +- openssh/ssh.1 | 490 ++++++++++++---------- openssh/ssh.c | 111 +++-- openssh/ssh.h | 5 +- openssh/ssh_config.5 | 119 ++++-- openssh/ssh_prng_cmds.in | 2 +- openssh/sshconnect.c | 96 +++-- openssh/sshconnect2.c | 179 ++++---- openssh/sshd.8 | 85 ++-- openssh/sshd.c | 106 ++--- openssh/sshd_config | 11 +- openssh/sshd_config.5 | 59 +-- openssh/sshpty.c | 2 +- openssh/sshtty.c | 12 +- openssh/sshtty.h | 3 +- openssh/uidswap.c | 16 +- openssh/uuencode.c | 4 +- openssh/uuencode.h | 4 +- 196 files changed, 4276 insertions(+), 2770 deletions(-) create mode 100644 openssh/cleanup.c create mode 100644 openssh/contrib/cygwin/Makefile create mode 100644 openssh/openbsd-compat/strtoul.c create mode 100644 openssh/regress/banner.sh diff --git a/openssh/CREDITS b/openssh/CREDITS index 365b83b..f235483 100644 --- a/openssh/CREDITS +++ b/openssh/CREDITS @@ -1,6 +1,6 @@ Tatu Ylonen - Creator of SSH -Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, +Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo de Raadt, and Dug Song - Creators of OpenSSH Alain St-Denis - Irix fix diff --git a/openssh/ChangeLog b/openssh/ChangeLog index 933d795..c5ef7de 100644 --- a/openssh/ChangeLog +++ b/openssh/ChangeLog @@ -1,30 +1,433 @@ -20030923 +20040105 + - (dtucker) [contrib/ssh-copy-id] Bug #781: exit if ssh fails. Patch from + cjwatson at debian.org. + +20040102 + - (djm) OSX/Darwin needs BIND_8_COMPAT to build getrrsetbyname. Report from + jakob@ + - (djm) Remove useless DNS support configure summary message. from jakob@ + - (djm) OSX/Darwin put the PAM headers in a different place, detect this. + Report from jakob@ + +20031231 - (dtucker) OpenBSD CVS Sync - - markus@cvs.openbsd.org 2003/09/18 07:52:54 + - djm@cvs.openbsd.org 2003/12/22 09:16:58 + [moduli.c ssh-keygen.1 ssh-keygen.c] + tidy up moduli generation debugging, add -v (verbose/debug) option to + ssh-keygen; ok markus@ + - markus@cvs.openbsd.org 2003/12/22 20:29:55 + [cipher-3des1.c] + EVP_CIPHER_CTX_cleanup() for the des contexts; pruiksma@freesurf.fr + - jakob@cvs.openbsd.org 2003/12/23 16:12:10 + [servconf.c servconf.h session.c sshd_config] + implement KerberosGetAFSToken server option. ok markus@, beck@ + - millert@cvs.openbsd.org 2003/12/29 16:39:50 + [sshd_config] + KeepAlive has been obsoleted, use TCPKeepAlive instead; markus@ OK + - dtucker@cvs.openbsd.org 2003/12/31 00:24:50 + [auth2-passwd.c] + Ignore password change request during password auth (which we currently + don't support) and discard proposed new password. corrections/ok markus@ + - (dtucker) [configure.ac] Only test setresuid and setresgid if they exist. + +20031219 + - (dtucker) [defines.h] Bug #458: Define SIZE_T_MAX as UINT_MAX if we + typedef size_t ourselves. + +20031218 + - (dtucker) [configure.ac] Don't use setre[ug]id on DG-UX, from Tom Orban. + - (dtucker) [auth-pam.c] Do PAM chauthtok during SSH2 keyboard-interactive + authentication. Partially fixes bug #423. Feedback & ok djm@ + +20031217 + - (djm) OpenBSD CVS Sync + - markus@cvs.openbsd.org 2003/12/09 15:28:43 + [serverloop.c] + make ClientKeepAlive work for ssh -N, too (no login shell requested). + 1) send a bogus channel request if we find a channel + 2) send a bogus global request if we don't have a channel + ok + test beck@ + - markus@cvs.openbsd.org 2003/12/09 17:29:04 + [sshd.c] + fix -o and HUP; ok henning@ + - markus@cvs.openbsd.org 2003/12/09 17:30:05 + [ssh.c] + don't modify argv for ssh -o; similar to sshd.c 1.283 + - markus@cvs.openbsd.org 2003/12/09 21:53:37 + [readconf.c readconf.h scp.1 servconf.c servconf.h sftp.1 ssh.1] + [ssh_config.5 sshconnect.c sshd.c sshd_config.5] + rename keepalive to tcpkeepalive; the old name causes too much + confusion; ok djm, dtucker; with help from jmc@ + - dtucker@cvs.openbsd.org 2003/12/09 23:45:32 + [clientloop.c] + Clear exit code when ssh -N is terminated with a SIGTERM. ok markus@ + - markus@cvs.openbsd.org 2003/12/14 12:37:21 + [ssh_config.5] + we don't support GSS KEX; from Simon Wilkinson + - markus@cvs.openbsd.org 2003/12/16 15:49:51 + [clientloop.c clientloop.h readconf.c readconf.h scp.1 sftp.1 ssh.1] + [ssh.c ssh_config.5] + application layer keep alive (ServerAliveInterval ServerAliveCountMax) + for ssh(1), similar to the sshd(8) option; ok beck@; with help from + jmc and dtucker@ + - markus@cvs.openbsd.org 2003/12/16 15:51:54 + [dh.c] + use <= instead of < in dh_estimate; ok provos/hshoexer; + do not return < DH_GRP_MIN + - (dtucker) [acconfig.h configure.ac uidswap.c] Bug #645: Check for + setres[ug]id() present but not implemented (eg some Linux/glibc + combinations). + - (bal) [openbsd-compat/bsd-misc.c] unset 'signal' defined if we are + using a real 'signal()' (Noticed by a NeXT Compile) + +20031209 + - (dtucker) OpenBSD CVS Sync + - matthieu@cvs.openbsd.org 2003/11/25 23:10:08 + [ssh-add.1] + ssh-add doesn't need to be a descendant of ssh-agent. Ok markus@, jmc@. + - djm@cvs.openbsd.org 2003/11/26 21:44:29 + [cipher-aes.c] + fix #ifdef before #define; ok markus@ + (RCS ID sync only, Portable already had this) + - markus@cvs.openbsd.org 2003/12/02 12:15:10 + [progressmeter.c] + improvments from andreas@: + * saner speed estimate for transfers that takes less than a second by + rounding the time to 1 second. + * when the transfer is finished calculate the actual total speed + rather than the current speed which is given during the transfer + - markus@cvs.openbsd.org 2003/12/02 17:01:15 + [channels.c session.c ssh-agent.c ssh.h sshd.c] + use SSH_LISTEN_BACKLOG (=128) in listen(2). + - djm@cvs.openbsd.org 2003/12/07 06:34:18 + [moduli.c] + remove unused debugging #define templates + - markus@cvs.openbsd.org 2003/12/08 11:00:47 + [kexgexc.c] + print requested group size in debug; ok djm + - dtucker@cvs.openbsd.org 2003/12/09 13:52:55 + [moduli.c] + Prevent ssh-keygen -T from outputting moduli with a generator of 0, since + they can't be used for Diffie-Hellman. Assistance and ok djm@ + - (dtucker) [ssh-keyscan.c] Sync RCSIDs, missed in SSH_SSFDMAX change below. + +20031208 + - (tim) [configure.ac] Bug 770. Fix --without-rpath. + +20031123 + - (djm) [canohost.c] Move IPv4inV6 mapped address normalisation to its own + function and call it unconditionally + - (djm) OpenBSD CVS Sync + - djm@cvs.openbsd.org 2003/11/23 23:17:34 + [ssh-keyscan.c] + from portable - use sysconf to detect fd limit; ok markus@ + (tidy diff by adding SSH_SSFDMAX macro to defines.h) + - djm@cvs.openbsd.org 2003/11/23 23:18:45 + [ssh-keygen.c] + consistency PATH_MAX -> MAXPATHLEN; ok markus@ + (RCS ID sync only) + - djm@cvs.openbsd.org 2003/11/23 23:21:21 + [scp.c] + from portable: rename clashing variable limit-> limit_rate; ok markus@ + (RCS ID sync only) + - dtucker@cvs.openbsd.org 2003/11/24 00:16:35 + [ssh.1 ssh.c] + Make ssh -k mean GSSAPIDelegateCredentials=no. Suggestion & ok markus@ + - (djm) Annotate OpenBSD-derived files in openbsd-compat/ with original + source file path (in OpenBSD tree). + +20031122 + - (dtucker) [channels.c] Make AIX write limit code clearer. Suggested by djm@ + - (dtucker) [auth-passwd.c openbsd-compat/port-aix.c openbsd-compat/port-aix.h] + Move AIX specific password authentication code to port-aix.c, call + authenticate() until reenter flag is clear. + - (dtucker) [auth-sia.c configure.ac] Tru64 update from cmadams at hiwaay.net. + Use permanently_set_uid for SIA, only define DISABLE_FD_PASSING when SIA + is enabled, rely on SIA to check for locked accounts if enabled. ok djm@ + - (djm) [scp.c] Rename limitbw -> limit_rate to match upstreamed patch + - (djm) [sftp-int.c] Remove duplicated code from bogus sync + - (djm) [packet.c] Shuffle #ifdef to reduce conditionally compiled code + +20031121 + - (djm) OpenBSD CVS Sync + - markus@cvs.openbsd.org 2003/11/20 11:39:28 + [progressmeter.c] + fix rounding errors; from andreas@ + - djm@cvs.openbsd.org 2003/11/21 11:57:03 + [everything] + unexpand and delete whitespace at EOL; ok markus@ + (done locally and RCS IDs synced) + +20031118 + - (djm) Fix early exit for root auth success when UsePAM=yes and + PermitRootLogin=no + - (dtucker) [auth-pam.c] Convert chauthtok_conv into a generic tty_conv, + and use it for do_pam_session. Fixes problems like pam_motd not + displaying anything. ok djm@ + - (dtucker) [auth-pam.c] Only use pam_putenv if our platform has it. ok djm@ + - (djm) OpenBSD CVS Sync + - dtucker@cvs.openbsd.org 2003/11/18 00:40:05 + [serverloop.c] + Correct check for authctxt->valid. ok djm@ + - djm@cvs.openbsd.org 2003/11/18 10:53:07 + [monitor.c] + unbreak fake authloop for non-existent users (my screwup). Spotted and + tested by dtucker@; ok markus@ + +20031117 + - (djm) OpenBSD CVS Sync + - djm@cvs.openbsd.org 2003/11/03 09:03:37 + [auth-chall.c] + make this a little more idiot-proof; ok markus@ + (includes portable-specific changes) + - jakob@cvs.openbsd.org 2003/11/03 09:09:41 [sshconnect.c] - missing {}; bug #656; jclonguet at free.fr - - markus@cvs.openbsd.org 2003/09/18 07:54:48 - [buffer.c] - protect against double free; #660; zardoz at users.sf.net - - markus@cvs.openbsd.org 2003/09/18 08:49:45 - [deattack.c misc.c session.c ssh-agent.c] - more buffer allocation fixes; from Solar Designer; CAN-2003-0682; - ok millert@ - - markus@cvs.openbsd.org 2003/09/19 09:02:02 - [packet.c] - buffer_dump only if PACKET_DEBUG is defined; Jedi/Sector One; pr 3471 - - (djm) Fix SSH1 challenge kludge - - (djm) Bug #671: Fix builds on OpenBSD - - (djm) Bug #676: Fix PAM stack corruption - - (djm) Fix bad free() in PAM code - - (djm) Don't call pam_end before pam_init - - (djm) Enable build with old OpenSSL again - - (djm) Trim deprecated options from INSTALL. Mention UsePAM - - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu - - (djm) Crank version.h and spec version numbers - - (djm) Release 3.7.1p2 - -20030922 + move changed key warning into warn_changed_key(). ok markus@ + - jakob@cvs.openbsd.org 2003/11/03 09:37:32 + [sshconnect.c] + do not free static type pointer in warn_changed_key() + - djm@cvs.openbsd.org 2003/11/04 08:54:09 + [auth1.c auth2.c auth2-pubkey.c auth.h auth-krb5.c auth-passwd.c] + [auth-rhosts.c auth-rh-rsa.c auth-rsa.c monitor.c serverloop.c] + [session.c] + standardise arguments to auth methods - they should all take authctxt. + check authctxt->valid rather then pw != NULL; ok markus@ + - jakob@cvs.openbsd.org 2003/11/08 16:02:40 + [auth1.c] + remove unused variable (pw). ok djm@ + (id sync only - still used in portable) + - jmc@cvs.openbsd.org 2003/11/08 19:17:29 + [sftp-int.c] + typos from Jonathon Gray; + - jakob@cvs.openbsd.org 2003/11/10 16:23:41 + [bufaux.c bufaux.h cipher.c cipher.h hostfile.c hostfile.h key.c] + [key.h sftp-common.c sftp-common.h sftp-server.c sshconnect.c sshd.c] + [ssh-dss.c ssh-rsa.c uuencode.c uuencode.h] + constify. ok markus@ & djm@ + - dtucker@cvs.openbsd.org 2003/11/12 10:12:15 + [scp.c] + When called with -q, pass -q to ssh; suppresses SSH2 banner. ok markus@ + - jakob@cvs.openbsd.org 2003/11/12 16:39:58 + [dns.c dns.h readconf.c ssh_config.5 sshconnect.c] + update SSHFP validation. ok markus@ + - jmc@cvs.openbsd.org 2003/11/12 20:14:51 + [ssh_config.5] + make verb agree with subject, and kill some whitespace; + - markus@cvs.openbsd.org 2003/11/14 13:19:09 + [sshconnect2.c] + cleanup and minor fixes for the client code; from Simon Wilkinson + - djm@cvs.openbsd.org 2003/11/17 09:45:39 + [msg.c msg.h sshconnect2.c ssh-keysign.c] + return error on msg send/receive failure (rather than fatal); ok markus@ + - markus@cvs.openbsd.org 2003/11/17 11:06:07 + [auth2-gss.c gss-genr.c gss-serv.c monitor.c monitor.h monitor_wrap.c] + [monitor_wrap.h sshconnect2.c ssh-gss.h] + replace "gssapi" with "gssapi-with-mic"; from Simon Wilkinson; + test + ok jakob. + - (djm) Bug #632: Don't call pam_end indirectly from within kbd-int + conversation function + - (djm) Export environment variables from authentication subprocess to + parent. Part of Bug #717 + +20031115 + - (dtucker) [regress/agent-ptrace.sh] Test for GDB output from Solaris and + HP-UX, skip test on AIX. + +20031113 + - (dtucker) [auth-pam.c] Append newlines to lines output by the + pam_chauthtok_conv(). + - (dtucker) [README ssh-host-config ssh-user-config Makefile] (All + contrib/cygwin). Major update from vinschen at redhat.com. + - Makefile provides a `cygwin-postinstall' target to run right after + `make install'. + - Better support for Windows 2003 Server. + - Try to get permissions as correct as possible. + - New command line options to allow full automated host configuration. + - Create configs from skeletons in /etc/defaults/etc. + - Use /bin/bash, allows reading user input with readline support. + - Remove really old configs from /usr/local. + - (dtucker) [auth-pam.c] Add newline to accumulated PAM_TEXT_INFO and + PAM_ERROR_MSG messages. + +20031106 + - (djm) Clarify UsePAM consequences a little more + +20031103 + - (dtucker) [contrib/cygwin/ssh-host-config] Ensure entries in /etc/services + are created correctly with CRLF line terminations. Patch from vinschen at + redhat.com. + - (dtucker) OpenBSD CVS Sync + - markus@cvs.openbsd.org 2003/10/15 09:48:45 + [monitor_wrap.c] + check pmonitor != NULL + - markus@cvs.openbsd.org 2003/10/21 09:50:06 + [auth2-gss.c] + make sure the doid is larger than 2 + - avsm@cvs.openbsd.org 2003/10/26 16:57:43 + [sshconnect2.c] + rename 'supported' static var in userauth_gssapi() to 'gss_supported' + to avoid shadowing the global version. markus@ ok + - markus@cvs.openbsd.org 2003/10/28 09:08:06 + [misc.c] + error->debug for getsockopt+TCP_NODELAY; several requests + - markus@cvs.openbsd.org 2003/11/02 11:01:03 + [auth2-gss.c compat.c compat.h sshconnect2.c] + remove support for SSH_BUG_GSSAPI_BER; simon@sxw.org.uk + - (dtucker) [regress/agent-ptrace.sh] Use numeric uid and gid. + +20031021 + - (dtucker) [INSTALL] Some system crypt() functions support MD5 passwords + directly. Noted by Darren.Moffat at sun.com. + - (dtucker) [regress/agent-ptrace.sh] Skip agent-test unless SUDO is set, + make agent setgid during test. + +20031017 + - (dtucker) [INSTALL] Note that --with-md5 is now required on platforms with + MD5 passwords even if PAM support is enabled. From steev at detritus.net. + +20031015 + - (dtucker) OpenBSD CVS Sync + - jmc@cvs.openbsd.org 2003/10/08 08:27:36 + [scp.1 scp.c sftp-server.8 sftp.1 sftp.c ssh.1 sshd.8] + scp and sftp: add options list and sort options. options list requested + by deraadt@ + sshd: use same format as ssh + ssh: remove wrong option from list + sftp-server: Subsystem is documented in ssh_config(5), not sshd(8) + ok deraadt@ markus@ + - markus@cvs.openbsd.org 2003/10/08 15:21:24 + [readconf.c ssh_config.5] + default GSS API to no in client, too; ok jakob, deraadt@ + - markus@cvs.openbsd.org 2003/10/11 08:24:08 + [readconf.c readconf.h ssh.1 ssh.c ssh_config.5] + remote x11 clients are now untrusted by default, uses xauth(8) to generate + untrusted cookies; ForwardX11Trusted=yes restores old behaviour. + ok deraadt; feedback and ok djm/fries + - markus@cvs.openbsd.org 2003/10/11 08:26:43 + [sshconnect2.c] + search keys in reverse order; fixes #684 + - markus@cvs.openbsd.org 2003/10/11 11:36:23 + [monitor_wrap.c] + return NULL for missing banner; ok djm@ + - jmc@cvs.openbsd.org 2003/10/12 13:12:13 + [ssh_config.5] + note that EnableSSHKeySign should be in the non-hostspecific section; + remove unnecessary .Pp; + ok markus@ + - markus@cvs.openbsd.org 2003/10/13 08:22:25 + [scp.1 sftp.1] + don't refer to options related to forwarding; ok jmc@ + - jakob@cvs.openbsd.org 2003/10/14 19:42:10 + [dns.c dns.h readconf.c ssh-keygen.c sshconnect.c] + include SSHFP lookup code (not enabled by default). ok markus@ + - jakob@cvs.openbsd.org 2003/10/14 19:43:23 + [README.dns] + update + - markus@cvs.openbsd.org 2003/10/14 19:54:39 + [session.c ssh-agent.c] + 10X for mkdtemp; djm@ + - (dtucker) [acconfig.h configure.ac dns.c openbsd-compat/getrrsetbyname.c + openbsd-compat/getrrsetbyname.h] DNS fingerprint support is now always + compiled in but disabled in config. + - (dtucker) [auth.c] Check for disabled password expiry on HP-UX Trusted Mode. + - (tim) [regress/banner.sh] portability fix. + +20031009 + - (dtucker) [sshd_config.5] UsePAM defaults to "no". ok djm@ + +20031008 + - (dtucker) OpenBSD CVS Sync + - dtucker@cvs.openbsd.org 2003/10/07 01:47:27 + [sshconnect2.c] + Don't use logit for banner, since it truncates to MSGBUFSIZ; bz #668 & + #707. ok markus@ + - djm@cvs.openbsd.org 2003/10/07 07:04:16 + [sftp-int.c] + sftp quoting fix from admorten AT umich.edu; ok markus@ + - deraadt@cvs.openbsd.org 2003/10/07 21:58:28 + [sshconnect2.c] + set ptr to NULL after free + - dtucker@cvs.openbsd.org 2003/10/07 01:52:13 + [regress/Makefile regress/banner.sh] + Test SSH2 banner. ok markus@ + - djm@cvs.openbsd.org 2003/10/07 07:04:52 + [regress/sftp-cmds.sh] + more sftp quoting regress tests; ok markus + +20031007 + - (djm) Delete autom4te.cache after autoreconf + - (dtucker) [auth-pam.c auth-pam.h session.c] Make PAM use the new static + cleanup functions. With & ok djm@ + - (dtucker) [contrib/redhat/openssh.spec] Bug #714: Now that UsePAM is a + run-time switch, always build --with-md5-passwords. + - (dtucker) [configure.ac openbsd-compat/Makefile.in openbsd-compat/strtoul.c] + Bug #670: add strtoul() to openbsd-compat for platforms lacking it. ok djm@ + - (dtucker) [configure.ac] Bug #715: Set BROKEN_SETREUID and BROKEN_SETREGID + on Reliant Unix. Patch from Robert.Dahlem at siemens.com. + - (dtucker) [configure.ac] Bug #710: Check for dlsym() in libdl on + Reliant Unix. Based on patch from Robert.Dahlem at siemens.com. + +20031003 + - (dtucker) OpenBSD CVS Sync + - markus@cvs.openbsd.org 2003/10/02 10:41:59 + [sshd.c] + print openssl version, too, several requests; ok henning/djm. + - markus@cvs.openbsd.org 2003/10/02 08:26:53 + [ssh-gss.h] + missing $OpenBSD:; dtucker + - (tim) [contrib/caldera/openssh.spec] Remove obsolete --with-ipv4-default + option. + +20031002 + - (dtucker) OpenBSD CVS Sync + - markus@cvs.openbsd.org 2003/09/23 20:17:11 + [Makefile.in auth1.c auth2.c auth.c auth.h auth-krb5.c canohost.c + cleanup.c clientloop.c fatal.c gss-serv.c log.c log.h monitor.c monitor.h + monitor_wrap.c monitor_wrap.h packet.c serverloop.c session.c session.h + ssh-agent.c sshd.c] + replace fatal_cleanup() and linked list of fatal callbacks with static + cleanup_exit() function. re-refine cleanup_exit() where appropriate, + allocate sshd's authctxt eary to allow simpler cleanup in sshd. + tested by many, ok deraadt@ + - markus@cvs.openbsd.org 2003/09/23 20:18:52 + [progressmeter.c] + don't print trailing \0; bug #709; Robert.Dahlem@siemens.com + ok millert/deraadt@ + - markus@cvs.openbsd.org 2003/09/23 20:41:11 + [channels.c channels.h clientloop.c] + move client only agent code to clientloop.c + - markus@cvs.openbsd.org 2003/09/26 08:19:29 + [sshd.c] + no need to set the listen sockets to non-block; ok deraadt@ + - jmc@cvs.openbsd.org 2003/09/29 11:40:51 + [ssh.1] + - add list of options to -o and .Xr ssh_config(5) + - some other cleanup + requested by deraadt@; + ok deraadt@ markus@ + - markus@cvs.openbsd.org 2003/09/29 20:19:57 + [servconf.c sshd_config] + GSSAPICleanupCreds -> GSSAPICleanupCredentials + - (dtucker) [configure.ac] Don't set DISABLE_SHADOW when configuring + --with-pam. ok djm@ + - (dtucker) [ssh-gss.h] Prototype change missed in sync. + - (dtucker) [session.c] Fix bus errors on some 64-bit Solaris configurations. + Based on patches by Matthias Koeppe and Thomas Baden. ok djm@ + +20030930 + - (bal) Fix issues in openbsd-compat/realpath.c + +20030925 + - (dtucker) [configure.ac openbsd-compat/xcrypt.c] Bug #633: Remove + DISABLE_SHADOW for HP-UX, use getspnam instead of getprpwnam. Patch from + michael_steffens at hp.com, ok djm@ + - (tim) [sshd_config] UsePAM defaults to no. + +20030924 + - (djm) Update version.h and spec files for HEAD + - (dtucker) [configure.ac] IRIX5 needs the same setre[ug]id defines as IRIX6. + +20030923 - (dtucker) [Makefile.in] Bug #644: Fix "make clean" for out-of-tree builds. Portability corrections from tim@. - (dtucker) [configure.ac] Bug #665: uid swapping issues on Mac OS X. @@ -55,30 +458,89 @@ Report by distler AT golem ph utexas edu. - (dtucker) [contrib/aix/pam.conf] Include example pam.conf for AIX from article by genty at austin.ibm.com, included with the author's permission. + - (dtucker) OpenBSD CVS Sync + - markus@cvs.openbsd.org 2003/09/18 07:52:54 + [sshconnect.c] + missing {}; bug #656; jclonguet at free.fr + - markus@cvs.openbsd.org 2003/09/18 07:54:48 + [buffer.c] + protect against double free; #660; zardoz at users.sf.net + - markus@cvs.openbsd.org 2003/09/18 07:56:05 + [authfile.c] + missing buffer_free(&encrypted); #662; zardoz at users.sf.net + - markus@cvs.openbsd.org 2003/09/18 08:49:45 + [deattack.c misc.c session.c ssh-agent.c] + more buffer allocation fixes; from Solar Designer; CAN-2003-0682; + ok millert@ + - miod@cvs.openbsd.org 2003/09/18 13:02:21 + [authfd.c bufaux.c dh.c mac.c ssh-keygen.c] + A few signedness fixes for harmless situations; markus@ ok + - markus@cvs.openbsd.org 2003/09/19 09:02:02 + [packet.c] + buffer_dump only if PACKET_DEBUG is defined; Jedi/Sector One; pr 3471 + - markus@cvs.openbsd.org 2003/09/19 09:03:00 + [buffer.c] + sign fix in buffer_dump; Jedi/Sector One; pr 3473 + - markus@cvs.openbsd.org 2003/09/19 11:29:40 + [ssh-agent.c] + provide a ssh-agent specific fatal() function; ok deraadt + - markus@cvs.openbsd.org 2003/09/19 11:30:39 + [ssh-keyscan.c] + avoid fatal_cleanup, just call exit(); ok deraadt + - markus@cvs.openbsd.org 2003/09/19 11:31:33 + [channels.c] + do not call channel_free_all on fatal; ok deraadt + - markus@cvs.openbsd.org 2003/09/19 11:33:09 + [packet.c sshd.c] + do not call packet_close on fatal; ok deraadt + - markus@cvs.openbsd.org 2003/09/19 17:40:20 + [scp.c] + error handling for remote-remote copy; #638; report Harald Koenig; + ok millert, fgs, henning, deraadt + - markus@cvs.openbsd.org 2003/09/19 17:43:35 + [clientloop.c sshtty.c sshtty.h] + remove fatal callbacks from client code; ok deraadt + - (bal) "extration" -> "extraction" in ssh-rand-helper.c; repoted by john + on #unixhelp@efnet - (tim) [configure.ac] add --disable-etc-default-login option. ok djm + - (djm) Sync with V_3_7 branch: + - (djm) Fix SSH1 challenge kludge + - (djm) Bug #671: Fix builds on OpenBSD + - (djm) Bug #676: Fix PAM stack corruption + - (djm) Fix bad free() in PAM code + - (djm) Don't call pam_end before pam_init + - (djm) Enable build with old OpenSSL again + - (djm) Trim deprecated options from INSTALL. Mention UsePAM + - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu 20030919 - (djm) Bug #683: Remove reference to --with-ipv4-default from INSTALL; djast AT cs.toronto.edu - - (djm) Bug #680: Remove missing inet_ntoa.h header reference + - (djm) Bug #661: Remove duplicate check for basename; from + bugzilla-openssh AT thewrittenword.com + - (djm) Bug #641: Allow RedHat RPM building without GTK-2; Patch from + jason AT devrandom.org - (djm) Bug #646: Fix location of x11-ssh-askpass; Jim - (dtucker) [openbsd-compat/port-aix.h] Bug #640: Don't include audit.h unless required. Reorder to reduce warnings. - (dtucker) [session.c] Bug #643: Fix size_t -> u_int and fix null deref when /etc/default/login doesn't exist or isn't readable. Fixes from jparsons-lists at saffron.net and georg.oppenberg at deu mci com. + - (dtucker) [acconfig.h] Updated basename test needs HAVE_BASENAME 20030918 - (djm) Bug #652: Fix empty password auth 20030917 + - (djm) Sync with V_3_7 branch - (djm) OpenBSD Sync - markus@cvs.openbsd.org 2003/09/16 21:02:40 [buffer.c channels.c version.h] more malloc/fatal fixes; ok millert/deraadt; ghudson at MIT.EDU - - (djm) Crank RPM spec versions - - (djm) Release 3.7.1p1 - + - (djm) Crank RPM spec file versions + - (tim) [openbsd-compat/inet_ntoa.c] 20030917 "Sync with V_3_7 branch" undid + 20030916 "Missed dead header in inet_ntoa.c" + 20030916 - (dtucker) [acconfig.h configure.ac defines.h session.c] Bug #252: Retrieve PATH (or SUPATH) and UMASK from /etc/default/login on platforms that have it @@ -88,10 +550,8 @@ - deraadt@cvs.openbsd.org 2003/09/16 03:03:47 [buffer.c] do not expand buffer before attempting to reallocate it; markus ok - - (djm) Crank spec versions - - (djm) Banish (safe) sprintf from auth-pam.c. Patch from bal - (tim) [configure.ac] Fix portability issues. - - (djm) Release 3.7p1 + - (bal) Missed dead header in inet_ntoa.c 20030914 - (dtucker) [Makefile regress/Makefile] Fix portability issues preventing diff --git a/openssh/INSTALL b/openssh/INSTALL index 835f8be..eecc386 100644 --- a/openssh/INSTALL +++ b/openssh/INSTALL @@ -4,21 +4,21 @@ You will need working installations of Zlib and OpenSSL. Zlib 1.1.4 or greater: -http://www.gzip.org/zlib/ +http://www.gzip.org/zlib/ OpenSSL 0.9.6 or greater: http://www.openssl.org/ -(OpenSSL 0.9.5a is partially supported, but some ciphers (SSH protocol 1 +(OpenSSL 0.9.5a is partially supported, but some ciphers (SSH protocol 1 Blowfish) do not work correctly.) OpenSSH can utilise Pluggable Authentication Modules (PAM) if your system supports it. PAM is standard on Redhat and Debian Linux, Solaris and HP-UX 11. -NB. If you operating system supports /dev/random, you should configure -OpenSSL to use it. OpenSSH relies on OpenSSL's direct support of -/dev/random. If you don't you will have to rely on ssh-rand-helper, which +NB. If you operating system supports /dev/random, you should configure +OpenSSL to use it. OpenSSH relies on OpenSSL's direct support of +/dev/random. If you don't you will have to rely on ssh-rand-helper, which is inferior to a good kernel-based solution. PAM: @@ -37,7 +37,7 @@ http://www.jmknoble.net/software/x11-ssh-askpass/ PRNGD: -If your system lacks Kernel based random collection, the use of Lutz +If your system lacks Kernel based random collection, the use of Lutz Jaenicke's PRNGd is recommended. http://www.aet.tu-cottbus.de/personen/jaenicke/postfix_tls/prngd.html @@ -54,7 +54,7 @@ http://www.sparc.spb.su/solaris/skey/ If you wish to use --with-skey then you will need the above library installed. No other current S/Key library is currently known to be -supported. +supported. 2. Building / Installation -------------------------- @@ -73,7 +73,7 @@ installation prefix, use the --prefix option to configure: make make install -Will install OpenSSH in /opt/{bin,etc,lib,sbin}. You can also override +Will install OpenSSH in /opt/{bin,etc,lib,sbin}. You can also override specific paths, for example: ./configure --prefix=/opt --sysconfdir=/etc/ssh @@ -104,40 +104,42 @@ There are a few other options to the configure script: --with-pam enables PAM support. If PAM support is compiled in, it must also be enabled in sshd_config (refer to the UsePAM directive). ---with-prngd-socket=/some/file allows you to enable EGD or PRNGD -support and to specify a PRNGd socket. Use this if your Unix lacks -/dev/random and you don't want to use OpenSSH's builtin entropy +--with-prngd-socket=/some/file allows you to enable EGD or PRNGD +support and to specify a PRNGd socket. Use this if your Unix lacks +/dev/random and you don't want to use OpenSSH's builtin entropy collection support. ---with-prngd-port=portnum allows you to enable EGD or PRNGD support -and to specify a EGD localhost TCP port. Use this if your Unix lacks -/dev/random and you don't want to use OpenSSH's builtin entropy +--with-prngd-port=portnum allows you to enable EGD or PRNGD support +and to specify a EGD localhost TCP port. Use this if your Unix lacks +/dev/random and you don't want to use OpenSSH's builtin entropy collection support. ---with-lastlog=FILE will specify the location of the lastlog file. +--with-lastlog=FILE will specify the location of the lastlog file. ./configure searches a few locations for lastlog, but may not find it if lastlog is installed in a different place. --without-lastlog will disable lastlog support entirely. ---with-osfsia, --without-osfsia will enable or disable OSF1's Security +--with-osfsia, --without-osfsia will enable or disable OSF1's Security Integration Architecture. The default for OSF1 machines is enable. ---with-skey=PATH will enable S/Key one time password support. You will +--with-skey=PATH will enable S/Key one time password support. You will need the S/Key libraries and header files installed for this to work. --with-tcp-wrappers will enable TCP Wrappers (/etc/hosts.allow|deny) support. You will need libwrap.a and tcpd.h installed. --with-md5-passwords will enable the use of MD5 passwords. Enable this -if your operating system uses MD5 passwords without using PAM. +if your operating system uses MD5 passwords and the system crypt() does +not support them directly (see the crypt(3/3c) man page). If enabled, the +resulting binary will support both MD5 and traditional crypt passwords. ---with-utmpx enables utmpx support. utmpx support is automatic for +--with-utmpx enables utmpx support. utmpx support is automatic for some platforms. --without-shadow disables shadow password support. ---with-ipaddr-display forces the use of a numeric IP address in the +--with-ipaddr-display forces the use of a numeric IP address in the $DISPLAY environment variable. Some broken systems need this. --with-default-path=PATH allows you to specify a default $PATH for sessions @@ -167,33 +169,33 @@ CFLAGS="-O -m486" LDFLAGS="-s" LIBS="-lrubbish" LD="/usr/foo/ld" ./configure 3. Configuration ---------------- -The runtime configuration files are installed by in ${prefix}/etc or +The runtime configuration files are installed by in ${prefix}/etc or whatever you specified as your --sysconfdir (/usr/local/etc by default). -The default configuration should be instantly usable, though you should +The default configuration should be instantly usable, though you should review it to ensure that it matches your security requirements. To generate a host key, run "make host-key". Alternately you can do so -manually using the following commands: +manually using the following commands: ssh-keygen -t rsa1 -f /etc/ssh/ssh_host_key -N "" ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N "" ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N "" Replacing /etc/ssh with the correct path to the configuration directory. -(${prefix}/etc or whatever you specified with --sysconfdir during +(${prefix}/etc or whatever you specified with --sysconfdir during configuration) If you have configured OpenSSH with EGD support, ensure that EGD is running and has collected some Entropy. -For more information on configuration, please refer to the manual pages +For more information on configuration, please refer to the manual pages for sshd, ssh and ssh-agent. 4. Problems? ------------ -If you experience problems compiling, installing or running OpenSSH. +If you experience problems compiling, installing or running OpenSSH. Please refer to the "reporting bugs" section of the webpage at http://www.openssh.com/ diff --git a/openssh/LICENCE b/openssh/LICENCE index b47556d..d729299 100644 --- a/openssh/LICENCE +++ b/openssh/LICENCE @@ -45,16 +45,16 @@ OpenSSH contains no GPL code. software are publicly available on the Internet and at any major bookstore, scientific library, and patent office worldwide. More information can be found e.g. at "http://www.cs.hut.fi/crypto". - + The legal status of this program is some combination of all these permissions and restrictions. Use only at your own responsibility. You will be responsible for any legal consequences yourself; I am not making any claims whether possessing or using this is legal or not in your country, and I am not taking any responsibility on your behalf. - - - NO WARRANTY - + + + NO WARRANTY + BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES @@ -64,7 +64,7 @@ OpenSSH contains no GPL code. TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. - + IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, @@ -112,15 +112,15 @@ OpenSSH contains no GPL code. with the following license: * @version 3.0 (December 2000) - * + * * Optimised ANSI C code for the Rijndael cipher (now AES) - * + * * @author Vincent Rijmen * @author Antoon Bosselaers * @author Paulo Barreto - * + * * This code is hereby placed in the public domain. - * + * * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -177,13 +177,12 @@ OpenSSH contains no GPL code. Damien Miller Kevin Steves Daniel Kouril - Per Allansson Wesley Griffin Per Allansson Nils Nordman Simon Wilkinson - Portable OpenSSH additionally includes code from the following copyright + Portable OpenSSH additionally includes code from the following copyright holders, also under the 2-term BSD license: Ben Lindstrom @@ -229,24 +228,24 @@ OpenSSH contains no GPL code. a) md5crypt.c, md5crypt.h * "THE BEER-WARE LICENSE" (Revision 42): - * wrote this file. As long as you retain this - * notice you can do whatever you want with this stuff. If we meet - * some day, and you think this stuff is worth it, you can buy me a + * wrote this file. As long as you retain this + * notice you can do whatever you want with this stuff. If we meet + * some day, and you think this stuff is worth it, you can buy me a * beer in return. Poul-Henning Kamp b) snprintf replacement * Copyright Patrick Powell 1995 - * This code is based on code written by Patrick Powell - * (papowell@astart.com) It may be used for any purpose as long as this + * This code is based on code written by Patrick Powell + * (papowell@astart.com) It may be used for any purpose as long as this * notice remains intact on all source code distributions c) Compatibility code (openbsd-compat) - Apart from the previously mentioned licenses, various pieces of code + Apart from the previously mentioned licenses, various pieces of code in the openbsd-compat/ subdirectory are licensed as follows: - Some code is licensed under a 3-term BSD license, to the following + Some code is licensed under a 3-term BSD license, to the following copyright holders: Todd C. Miller @@ -279,7 +278,7 @@ OpenSSH contains no GPL code. * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - Some code is licensed under an ISC-style license, to the following + Some code is licensed under an ISC-style license, to the following copyright holders: Internet Software Consortium. @@ -297,7 +296,7 @@ OpenSSH contains no GPL code. * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - Some code is licensed under a MIT-style license to the following + Some code is licensed under a MIT-style license to the following copyright holders: Free Software Foundation, Inc. @@ -329,4 +328,4 @@ OpenSSH contains no GPL code. ------ -$OpenBSD: LICENCE,v 1.17 2003/08/22 20:55:06 markus Exp $ +$OpenBSD: LICENCE,v 1.18 2003/11/21 11:57:02 djm Exp $ diff --git a/openssh/Makefile.in b/openssh/Makefile.in index d04d5d0..813acff 100644 --- a/openssh/Makefile.in +++ b/openssh/Makefile.in @@ -62,8 +62,8 @@ INSTALL_SSH_RAND_HELPER=@INSTALL_SSH_RAND_HELPER@ TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-agent$(EXEEXT) scp$(EXEEXT) ssh-rand-helper${EXEEXT} sftp-server$(EXEEXT) sftp$(EXEEXT) LIBSSH_OBJS=authfd.o authfile.o bufaux.o buffer.o canohost.o channels.o \ - cipher.o cipher-aes.o cipher-bf1.o cipher-ctr.o cipher-3des1.o \ - compat.o compress.o crc32.o deattack.o fatal.o \ + cipher.o cipher-aes.o cipher-bf1.o cipher-ctr.o cipher-3des1.o \ + cleanup.o compat.o compress.o crc32.o deattack.o fatal.o \ hostfile.o log.o match.o moduli.o mpaux.o nchan.o packet.o \ readpass.o rsa.o tildexpand.o ttymodes.o xmalloc.o atomicio.o \ key.o dispatch.o kex.o mac.o uuencode.o misc.o \ @@ -140,22 +140,22 @@ scp$(EXEEXT): $(LIBCOMPAT) libssh.a scp.o progressmeter.o $(LD) -o $@ scp.o progressmeter.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) ssh-add$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-add.o - $(LD) -o $@ ssh-add.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) + $(LD) -o $@ ssh-add.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) ssh-agent$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-agent.o - $(LD) -o $@ ssh-agent.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) + $(LD) -o $@ ssh-agent.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) ssh-keygen$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keygen.o - $(LD) -o $@ ssh-keygen.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) + $(LD) -o $@ ssh-keygen.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) ssh-keysign$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keysign.o - $(LD) -o $@ ssh-keysign.o readconf.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) + $(LD) -o $@ ssh-keysign.o readconf.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o - $(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS) + $(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS) sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-server.o - $(LD) -o $@ sftp-server.o sftp-common.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) + $(LD) -o $@ sftp-server.o sftp-common.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) sftp$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-client.o sftp-int.o sftp-common.o sftp-glob.o progressmeter.o $(LD) -o $@ progressmeter.o sftp.o sftp-client.o sftp-common.o sftp-int.o sftp-glob.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) @@ -193,12 +193,12 @@ moduli: echo clean: regressclean - rm -f *.o *.a $(TARGETS) logintest config.cache config.log - rm -f *.out core + rm -f *.o *.a $(TARGETS) logintest config.cache config.log + rm -f *.out core (cd openbsd-compat && $(MAKE) clean) distclean: regressclean - rm -f *.o *.a $(TARGETS) logintest config.cache config.log + rm -f *.o *.a $(TARGETS) logintest config.cache config.log rm -f *.out core rm -f Makefile config.h config.status ssh_prng_cmds *~ rm -rf autom4te.cache @@ -222,6 +222,7 @@ catman-do: distprep: catman-do $(AUTORECONF) + -rm -rf autom4te.cache (cd scard && $(MAKE) -f Makefile.in distprep) install: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS) install-files host-key check-config @@ -342,7 +343,7 @@ uninstallall: uninstall -rmdir $(DESTDIR)$(mandir) -rmdir $(DESTDIR)$(libexecdir) -uninstall: +uninstall: -rm -f $(DESTDIR)$(bindir)/slogin -rm -f $(DESTDIR)$(bindir)/ssh$(EXEEXT) -rm -f $(DESTDIR)$(bindir)/scp$(EXEEXT) diff --git a/openssh/OVERVIEW b/openssh/OVERVIEW index ff03eca..df46ec2 100644 --- a/openssh/OVERVIEW +++ b/openssh/OVERVIEW @@ -5,7 +5,7 @@ to developers.] This document is intended for those who wish to read the ssh source code. This tries to give an overview of the structure of the code. - + Copyright (c) 1995 Tatu Ylonen Updated 17 Nov 1995. Updated 19 Oct 1999 for OpenSSH-1.2 @@ -20,7 +20,7 @@ There are some subsystems/abstractions that are used by a number of these programs. Buffer manipulation routines - + - These provide an arbitrary size buffer, where data can be appended. Data can be consumed from either end. The code is used heavily throughout ssh. The basic buffer manipulation functions are in @@ -28,7 +28,7 @@ these programs. data types is in bufaux.c. Compression Library - + - Ssh uses the GNU GZIP compression library (ZLIB). Encryption/Decryption @@ -89,7 +89,7 @@ these programs. code is linked into the server. The routines also manipulate known hosts files using code in hostfile.c. Code in canohost.c is used to retrieve the canonical host name of the remote host. - Code in match.c is used to match host names. + Code in match.c is used to match host names. - In the client end, authentication code is in sshconnect.c. It reads Passwords/passphrases using code in readpass.c. It reads @@ -147,10 +147,10 @@ these programs. operations, and finally the server enters the normal session mode by calling server_loop in serverloop.c. This does the real work, calling functions in other modules. - + - The code for the server is in sshd.c. It contains a lot of stuff, including: - - server main program + - server main program - waiting for connections - processing new connection - authentication @@ -162,9 +162,9 @@ these programs. - There are several other files in the distribution that contain various auxiliary routines: - ssh.h the main header file for ssh (various definitions) - getput.h byte-order independent storage of integers - includes.h includes most system headers. Lots of #ifdefs. + ssh.h the main header file for ssh (various definitions) + getput.h byte-order independent storage of integers + includes.h includes most system headers. Lots of #ifdefs. tildexpand.c expand tilde in file names uidswap.c uid-swapping xmalloc.c "safe" malloc routines diff --git a/openssh/README b/openssh/README index 21088b9..c7ed4f0 100644 --- a/openssh/README +++ b/openssh/README @@ -1,4 +1,4 @@ -- A Japanese translation of this document and of the OpenSSH FAQ is +- A Japanese translation of this document and of the OpenSSH FAQ is - available at http://www.unixuser.org/~haruyama/security/openssh/index.html - Thanks to HARUYAMA Seigo @@ -13,10 +13,10 @@ Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo de Raadt, and Dug Song. It has a homepage at http://www.openssh.com/ This port consists of the re-introduction of autoconf support, PAM -support (for Linux and Solaris), EGD[1]/PRNGD[2] support and replacements -for OpenBSD library functions that are (regrettably) absent from other -unices. This port has been best tested on Linux, Solaris, HP-UX, NetBSD, -Irix and AIX. Support for SCO, NeXT and other Unices is underway. +support (for Linux and Solaris), EGD[1]/PRNGD[2] support and replacements +for OpenBSD library functions that are (regrettably) absent from other +unices. This port has been best tested on Linux, Solaris, HP-UX, NetBSD, +Irix and AIX. Support for SCO, NeXT and other Unices is underway. This version actively tracks changes in the OpenBSD CVS repository. The PAM support is now more functional than the popular packages of @@ -32,20 +32,20 @@ Please send bug reports and patches to the mailing list openssh-unix-dev@mindrot.org. The list is open to posting by unsubscribed users. -If you are a citizen of an USA-embargoed country to which export of -cryptographic products is restricted, then please refrain from sending +If you are a citizen of an USA-embargoed country to which export of +cryptographic products is restricted, then please refrain from sending crypto-related code or patches to the list. We cannot accept them. Other code contribution are accepted, but please follow the OpenBSD style guidelines[6]. Please refer to the INSTALL document for information on how to install -OpenSSH on your system. There are a number of differences between this +OpenSSH on your system. There are a number of differences between this port of OpenSSH and F-Secure SSH 1.x, please refer to the OpenSSH FAQ[7] for details and general tips. Damien Miller -Miscellania - +Miscellania - This version of OpenSSH is based upon code retrieved from the OpenBSD CVS repository which in turn was based on the last free sample diff --git a/openssh/README.dns b/openssh/README.dns index e24092e..9787918 100644 --- a/openssh/README.dns +++ b/openssh/README.dns @@ -1,17 +1,13 @@ How to verify host keys using OpenSSH and DNS --------------------------------------------- -OpenSSH contains experimental support for verifying host keys using DNS -as described in draft-ietf-secsh-dns-xx.txt. The document contains -very brief instructions on how to test this feature. Configuring DNS -and DNSSEC is out of the scope of this document. +OpenSSH contains support for verifying host keys using DNS as described in +draft-ietf-secsh-dns-05.txt. The document contains very brief instructions +on how to use this feature. Configuring DNS is out of the scope of this +document. -(1) Enable DNS fingerprint support in OpenSSH - - configure --with-dns - -(2) Generate and publish the DNS RR +(1) Server: Generate and publish the DNS RR To create a DNS resource record (RR) containing a fingerprint of the public host key, use the following command: @@ -24,15 +20,14 @@ you should generate one RR for each key. In the example above, ssh-keygen will print the fingerprint in a generic DNS RR format parsable by most modern name server -implementations. If your nameserver has support for the SSHFP RR, as -defined by the draft, you can omit the -g flag and ssh-keygen will -print a standard RR. +implementations. If your nameserver has support for the SSHFP RR +you can omit the -g flag and ssh-keygen will print a standard SSHFP RR. To publish the fingerprint using the DNS you must add the generated RR to your DNS zone file and sign your zone. -(3) Enable the ssh client to verify host keys using DNS +(2) Client: Enable ssh to verify host keys using DNS To enable the ssh client to verify host keys using DNS, you have to add the following option to the ssh configuration file @@ -49,4 +44,4 @@ the remote host key, the user will be notified. Wesley Griffin -$OpenBSD: README.dns,v 1.1 2003/05/14 18:16:20 jakob Exp $ +$OpenBSD: README.dns,v 1.2 2003/10/14 19:43:23 jakob Exp $ diff --git a/openssh/README.privsep b/openssh/README.privsep index 2f60236..fcbae9a 100644 --- a/openssh/README.privsep +++ b/openssh/README.privsep @@ -1,15 +1,15 @@ Privilege separation, or privsep, is method in OpenSSH by which operations that require root privilege are performed by a separate privileged monitor process. Its purpose is to prevent privilege -escalation by containing corruption to an unprivileged process. +escalation by containing corruption to an unprivileged process. More information is available at: http://www.citi.umich.edu/u/provos/ssh/privsep.html Privilege separation is now enabled by default; see the UsePrivilegeSeparation option in sshd_config(5). -On systems which lack mmap or anonymous (MAP_ANON) memory mapping, -compression must be disabled in order for privilege separation to +On systems which lack mmap or anonymous (MAP_ANON) memory mapping, +compression must be disabled in order for privilege separation to function. When privsep is enabled, during the pre-authentication phase sshd will @@ -38,9 +38,9 @@ privsep user and chroot directory: Privsep requires operating system support for file descriptor passing. Compression will be disabled on systems without a working mmap MAP_ANON. -PAM-enabled OpenSSH is known to function with privsep on Linux. +PAM-enabled OpenSSH is known to function with privsep on Linux. It does not function on HP-UX with a trusted system -configuration. +configuration. On Compaq Tru64 Unix, only the pre-authentication part of privsep is supported. Post-authentication privsep is disabled automatically (so diff --git a/openssh/README.smartcard b/openssh/README.smartcard index 88810fc..fdf83ec 100644 --- a/openssh/README.smartcard +++ b/openssh/README.smartcard @@ -1,7 +1,7 @@ How to use smartcards with OpenSSH? OpenSSH contains experimental support for authentication using -Cyberflex smartcards and TODOS card readers, in addition to the cards +Cyberflex smartcards and TODOS card readers, in addition to the cards with PKCS#15 structure supported by OpenSC. To enable this you need to: @@ -27,8 +27,8 @@ Using libsectok: sectok> login -d sectok> jload /usr/libdata/ssh/Ssh.bin sectok> setpass - Enter new AUT0 passphrase: - Re-enter passphrase: + Enter new AUT0 passphrase: + Re-enter passphrase: sectok> quit Do not forget the passphrase. There is no way to @@ -51,9 +51,9 @@ Using libsectok: $ sectok sectok> login -d - sectok> acl 0012 world: w - world: w - AUT0: w inval + sectok> acl 0012 world: w + world: w + AUT0: w inval sectok> quit If you do this, anyone who has access to your card @@ -90,4 +90,4 @@ Common operations: -markus, Tue Jul 17 23:54:51 CEST 2001 -$OpenBSD: README.smartcard,v 1.8 2002/03/26 18:56:23 rees Exp $ +$OpenBSD: README.smartcard,v 1.9 2003/11/21 11:57:02 djm Exp $ diff --git a/openssh/RFC.nroff b/openssh/RFC.nroff index bf7146a..d6baed6 100644 --- a/openssh/RFC.nroff +++ b/openssh/RFC.nroff @@ -137,7 +137,7 @@ pseudo tty, starting X11 [X11] or TCP/IP port forwarding, starting authentication agent forwarding, and executing the shell or a command. When a shell or command is executed, the connection enters interactive -session mode. In this mode, data is passed in both directions, +session mode. In this mode, data is passed in both directions, new forwarded connections may be opened, etc. The interactive session normally terminates when the server sends the exit status of the program to the client. @@ -372,7 +372,7 @@ previous versions keep the same major protocol version; changes that are not compatible increment the major version (which will hopefully never happen). The version described in this document is 1.3. -The client will +The client will .ti 0 Key Exchange and Server Host Authentication diff --git a/openssh/TODO b/openssh/TODO index 484e8f8..a43f913 100644 --- a/openssh/TODO +++ b/openssh/TODO @@ -8,7 +8,7 @@ Documentation: - Install FAQ? - General FAQ on S/Key, TIS, RSA, RSA2, DSA, etc and suggestions on when it - would be best to use them. + would be best to use them. - Create a Documentation/ directory? @@ -17,7 +17,7 @@ Programming: - Grep for 'XXX' comments and fix - Link order is incorrect for some systems using Kerberos 4 and AFS. Result - is multiple inclusion of DES symbols. Holger Trapp + is multiple inclusion of DES symbols. Holger Trapp reports that changing the configure generated link order from: -lresolv -lkrb -lz -lnsl -lutil -lkafs -lkrb -ldes -lcrypto @@ -26,7 +26,7 @@ Programming: fixing the problem. - Write a test program that calls stat() to search for EGD/PRNGd socket - rather than use the (non-portable) "test -S". + rather than use the (non-portable) "test -S". - More platforms for for setproctitle() emulation (testing needed) @@ -70,7 +70,7 @@ Clean up configure/makefiles: to allow people to (right/wrongfully) link against Bind directly. - Consider splitting configure.ac into seperate files which do logically - similar tests. E.g move all the type detection stuff into one file, + similar tests. E.g move all the type detection stuff into one file, entropy related stuff into another. Packaging: @@ -86,7 +86,7 @@ PrivSep Issues: + /dev/zero solution (Solaris) + No/broken MAP_ANON (Irix) + broken /dev/zero parse (Linux) -- PAM +- PAM + See above PAM notes - AIX + usrinfo() does not set TTY, but only required for legacy systems. Works diff --git a/openssh/WARNING.RNG b/openssh/WARNING.RNG index e5fd1ac..71e2390 100644 --- a/openssh/WARNING.RNG +++ b/openssh/WARNING.RNG @@ -44,16 +44,16 @@ the specified program. The random number code will also read and save a seed file to ~/.ssh/prng_seed. This contents of this file are added to the random -number generator at startup. The goal here is to maintain as much +number generator at startup. The goal here is to maintain as much randomness between sessions as possible. The default entropy collection code has two main problems: 1. It is slow. -Executing each program in the list can take a large amount of time, -especially on slower machines. Additionally some program can take a -disproportionate time to execute. +Executing each program in the list can take a large amount of time, +especially on slower machines. Additionally some program can take a +disproportionate time to execute. Tuning the default entropy collection code is difficult at this point. It requires doing 'times ./ssh-rand-helper' and modifying the diff --git a/openssh/acconfig.h b/openssh/acconfig.h index 7ceade0..60aa368 100644 --- a/openssh/acconfig.h +++ b/openssh/acconfig.h @@ -41,6 +41,12 @@ /* Define if your setregid() is broken */ #undef BROKEN_SETREGID +/* Define if your setresuid() is broken */ +#undef BROKEN_SETRESUID + +/* Define if your setresgid() is broken */ +#undef BROKEN_SETRESGID + /* Define to a Set Process Title type if your system is */ /* supported by bsd-setproctitle.c */ #undef SPT_TYPE @@ -89,6 +95,9 @@ /* Define if you have the getuserattr function. */ #undef HAVE_GETUSERATTR +/* Define if you have the basename function. */ +#undef HAVE_BASENAME + /* Work around problematic Linux PAM modules handling of PAM_TTY */ #undef PAM_TTY_KLUDGE @@ -415,15 +424,15 @@ #undef LOCKED_PASSWD_PREFIX #undef LOCKED_PASSWD_SUBSTR -/* Define if DNS support is to be activated */ -#undef DNS - /* Define if getrrsetbyname() exists */ #undef HAVE_GETRRSETBYNAME /* Define if HEADER.ad exists in arpa/nameser.h */ #undef HAVE_HEADER_AD +/* Define if your resolver libs need this for getrrsetbyname */ +#undef BIND_8_COMPAT + @BOTTOM@ /* ******************* Shouldn't need to edit below this line ************** */ diff --git a/openssh/auth-chall.c b/openssh/auth-chall.c index 00d6e0e..a9d314d 100644 --- a/openssh/auth-chall.c +++ b/openssh/auth-chall.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-chall.c,v 1.8 2001/05/18 14:13:28 markus Exp $"); +RCSID("$OpenBSD: auth-chall.c,v 1.9 2003/11/03 09:03:37 djm Exp $"); #include "auth.h" #include "log.h" @@ -67,36 +67,38 @@ get_challenge(Authctxt *authctxt) int verify_response(Authctxt *authctxt, const char *response) { - char *resp[1]; - int res; + char *resp[1], *name, *info, **prompts; + u_int i, numprompts, *echo_on; + int authenticated = 0; if (device == NULL) return 0; if (authctxt->kbdintctxt == NULL) return 0; resp[0] = (char *)response; - res = device->respond(authctxt->kbdintctxt, 1, resp); - if (res == 1) { - /* postponed - send a null query just in case */ - char *name, *info, **prompts; - u_int i, numprompts, *echo_on; + switch (device->respond(authctxt->kbdintctxt, 1, resp)) { + case 0: /* Success */ + authenticated = 1; + break; + case 1: /* Postponed - retry with empty query for PAM */ + if ((device->query(authctxt->kbdintctxt, &name, &info, + &numprompts, &prompts, &echo_on)) != 0) + break; + if (numprompts == 0 && + device->respond(authctxt->kbdintctxt, 0, resp) == 0) + authenticated = 1; - res = device->query(authctxt->kbdintctxt, &name, &info, - &numprompts, &prompts, &echo_on); - if (res == 0) { - for (i = 0; i < numprompts; i++) - xfree(prompts[i]); - xfree(prompts); - xfree(name); - xfree(echo_on); - xfree(info); - } - /* if we received more prompts, we're screwed */ - res = (res == 0 && numprompts == 0) ? 0 : -1; + for (i = 0; i < numprompts; i++) + xfree(prompts[i]); + xfree(prompts); + xfree(name); + xfree(echo_on); + xfree(info); + break; } device->free_ctx(authctxt->kbdintctxt); authctxt->kbdintctxt = NULL; - return res ? 0 : 1; + return authenticated; } void abandon_challenge_response(Authctxt *authctxt) diff --git a/openssh/auth-krb5.c b/openssh/auth-krb5.c index 0aa5195..8594924 100644 --- a/openssh/auth-krb5.c +++ b/openssh/auth-krb5.c @@ -28,7 +28,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-krb5.c,v 1.12 2003/08/28 12:54:34 markus Exp $"); +RCSID("$OpenBSD: auth-krb5.c,v 1.15 2003/11/21 11:57:02 djm Exp $"); #include "ssh.h" #include "ssh1.h" @@ -40,7 +40,6 @@ RCSID("$OpenBSD: auth-krb5.c,v 1.12 2003/08/28 12:54:34 markus Exp $"); #include "auth.h" #ifdef KRB5 - #include extern ServerOptions options; @@ -50,7 +49,6 @@ krb5_init(void *context) { Authctxt *authctxt = (Authctxt *)context; krb5_error_code problem; - static int cleanup_registered = 0; if (authctxt->krb5_ctx == NULL) { problem = krb5_init_context(&authctxt->krb5_ctx); @@ -58,10 +56,6 @@ krb5_init(void *context) return (problem); krb5_init_ets(authctxt->krb5_ctx); } - if (!cleanup_registered) { - fatal_add_cleanup(krb5_cleanup_proc, authctxt); - cleanup_registered = 1; - } return (0); } @@ -73,11 +67,11 @@ auth_krb5_password(Authctxt *authctxt, const char *password) krb5_principal server; char ccname[40]; int tmpfd; -#endif +#endif krb5_error_code problem; krb5_ccache ccache = NULL; - if (authctxt->pw == NULL) + if (!authctxt->valid) return (0); temporarily_use_uid(authctxt->pw); @@ -102,14 +96,15 @@ auth_krb5_password(Authctxt *authctxt, const char *password) goto out; restore_uid(); - + problem = krb5_verify_user(authctxt->krb5_ctx, authctxt->krb5_user, ccache, password, 1, NULL); - + temporarily_use_uid(authctxt->pw); if (problem) goto out; + problem = krb5_cc_gen_new(authctxt->krb5_ctx, &krb5_fcc_ops, &authctxt->krb5_fwd_ccache); if (problem) @@ -140,21 +135,21 @@ auth_krb5_password(Authctxt *authctxt, const char *password) temporarily_use_uid(authctxt->pw); if (problem) goto out; - - if (!krb5_kuserok(authctxt->krb5_ctx, authctxt->krb5_user, + + if (!krb5_kuserok(authctxt->krb5_ctx, authctxt->krb5_user, authctxt->pw->pw_name)) { problem = -1; goto out; - } + } snprintf(ccname,sizeof(ccname),"FILE:/tmp/krb5cc_%d_XXXXXX",geteuid()); - + if ((tmpfd = mkstemp(ccname+strlen("FILE:")))==-1) { logit("mkstemp(): %.100s", strerror(errno)); problem = errno; goto out; } - + if (fchmod(tmpfd,S_IRUSR | S_IWUSR) == -1) { logit("fchmod(): %.100s", strerror(errno)); close(tmpfd); @@ -171,12 +166,12 @@ auth_krb5_password(Authctxt *authctxt, const char *password) authctxt->krb5_user); if (problem) goto out; - + problem= krb5_cc_store_cred(authctxt->krb5_ctx, authctxt->krb5_fwd_ccache, &creds); if (problem) goto out; -#endif +#endif authctxt->krb5_ticket_file = (char *)krb5_cc_get_name(authctxt->krb5_ctx, authctxt->krb5_fwd_ccache); @@ -205,10 +200,8 @@ auth_krb5_password(Authctxt *authctxt, const char *password) } void -krb5_cleanup_proc(void *context) +krb5_cleanup_proc(Authctxt *authctxt) { - Authctxt *authctxt = (Authctxt *)context; - debug("krb5_cleanup_proc called"); if (authctxt->krb5_fwd_ccache) { krb5_cc_destroy(authctxt->krb5_ctx, authctxt->krb5_fwd_ccache); diff --git a/openssh/auth-pam.c b/openssh/auth-pam.c index 6d55b75..9f0bec0 100644 --- a/openssh/auth-pam.c +++ b/openssh/auth-pam.c @@ -34,7 +34,11 @@ RCSID("$Id$"); #ifdef USE_PAM +#if defined(HAVE_SECURITY_PAM_APPL_H) #include +#elif defined (HAVE_PAM_PAM_APPL_H) +#include +#endif #include "auth.h" #include "auth-pam.h" @@ -52,17 +56,19 @@ RCSID("$Id$"); #include "auth-options.h" extern ServerOptions options; +extern Buffer loginmsg; +extern int compat20; #define __unused #ifdef USE_POSIX_THREADS #include /* - * Avoid namespace clash when *not* using pthreads for systems *with* - * pthreads, which unconditionally define pthread_t via sys/types.h + * Avoid namespace clash when *not* using pthreads for systems *with* + * pthreads, which unconditionally define pthread_t via sys/types.h * (e.g. Linux) */ -typedef pthread_t sp_pthread_t; +typedef pthread_t sp_pthread_t; #else /* * Simulate threads with processes. @@ -117,6 +123,8 @@ static int sshpam_authenticated = 0; static int sshpam_new_authtok_reqd = 0; static int sshpam_session_open = 0; static int sshpam_cred_established = 0; +static int sshpam_account_status = -1; +static char **sshpam_env = NULL; struct pam_ctxt { sp_pthread_t pam_thread; @@ -126,6 +134,73 @@ struct pam_ctxt { }; static void sshpam_free_ctx(void *); +static struct pam_ctxt *cleanup_ctxt; + +/* Some PAM implementations don't implement this */ +#ifndef HAVE_PAM_GETENVLIST +static char ** +pam_getenvlist(pam_handle_t *pamh) +{ + /* + * XXX - If necessary, we can still support envrionment passing + * for platforms without pam_getenvlist by searching for known + * env vars (e.g. KRB5CCNAME) from the PAM environment. + */ + return NULL; +} +#endif + +void +pam_password_change_required(int reqd) +{ + sshpam_new_authtok_reqd = reqd; + if (reqd) { + no_port_forwarding_flag |= 2; + no_agent_forwarding_flag |= 2; + no_x11_forwarding_flag |= 2; + } else { + no_port_forwarding_flag &= ~2; + no_agent_forwarding_flag &= ~2; + no_x11_forwarding_flag &= ~2; + + } +} +/* Import regular and PAM environment from subprocess */ +static void +import_environments(Buffer *b) +{ + char *env; + u_int i, num_env; + int err; + + /* Import variables set by do_pam_account */ + sshpam_account_status = buffer_get_int(b); + pam_password_change_required(buffer_get_int(b)); + + /* Import environment from subprocess */ + num_env = buffer_get_int(b); + sshpam_env = xmalloc((num_env + 1) * sizeof(*sshpam_env)); + debug3("PAM: num env strings %d", num_env); + for(i = 0; i < num_env; i++) + sshpam_env[i] = buffer_get_string(b, NULL); + + sshpam_env[num_env] = NULL; + + /* Import PAM environment from subprocess */ + num_env = buffer_get_int(b); + debug("PAM: num PAM env strings %d", num_env); + for(i = 0; i < num_env; i++) { + env = buffer_get_string(b, NULL); + +#ifdef HAVE_PAM_PUTENV + /* Errors are not fatal here */ + if ((err = pam_putenv(sshpam_handle, env)) != PAM_SUCCESS) { + error("PAM: pam_putenv: %s", + pam_strerror(sshpam_handle, sshpam_err)); + } +#endif + } +} /* * Conversation function for authentication thread. @@ -153,36 +228,42 @@ sshpam_thread_conv(int n, const struct pam_message **msg, for (i = 0; i < n; ++i) { switch (PAM_MSG_MEMBER(msg, i, msg_style)) { case PAM_PROMPT_ECHO_OFF: - buffer_put_cstring(&buffer, + buffer_put_cstring(&buffer, PAM_MSG_MEMBER(msg, i, msg)); - ssh_msg_send(ctxt->pam_csock, - PAM_MSG_MEMBER(msg, i, msg_style), &buffer); - ssh_msg_recv(ctxt->pam_csock, &buffer); + if (ssh_msg_send(ctxt->pam_csock, + PAM_MSG_MEMBER(msg, i, msg_style), &buffer) == -1) + goto fail; + if (ssh_msg_recv(ctxt->pam_csock, &buffer) == -1) + goto fail; if (buffer_get_char(&buffer) != PAM_AUTHTOK) goto fail; reply[i].resp = buffer_get_string(&buffer, NULL); break; case PAM_PROMPT_ECHO_ON: - buffer_put_cstring(&buffer, + buffer_put_cstring(&buffer, PAM_MSG_MEMBER(msg, i, msg)); - ssh_msg_send(ctxt->pam_csock, - PAM_MSG_MEMBER(msg, i, msg_style), &buffer); - ssh_msg_recv(ctxt->pam_csock, &buffer); + if (ssh_msg_send(ctxt->pam_csock, + PAM_MSG_MEMBER(msg, i, msg_style), &buffer) == -1) + goto fail; + if (ssh_msg_recv(ctxt->pam_csock, &buffer) == -1) + goto fail; if (buffer_get_char(&buffer) != PAM_AUTHTOK) goto fail; reply[i].resp = buffer_get_string(&buffer, NULL); break; case PAM_ERROR_MSG: - buffer_put_cstring(&buffer, + buffer_put_cstring(&buffer, PAM_MSG_MEMBER(msg, i, msg)); - ssh_msg_send(ctxt->pam_csock, - PAM_MSG_MEMBER(msg, i, msg_style), &buffer); + if (ssh_msg_send(ctxt->pam_csock, + PAM_MSG_MEMBER(msg, i, msg_style), &buffer) == -1) + goto fail; break; case PAM_TEXT_INFO: - buffer_put_cstring(&buffer, + buffer_put_cstring(&buffer, PAM_MSG_MEMBER(msg, i, msg)); - ssh_msg_send(ctxt->pam_csock, - PAM_MSG_MEMBER(msg, i, msg_style), &buffer); + if (ssh_msg_send(ctxt->pam_csock, + PAM_MSG_MEMBER(msg, i, msg_style), &buffer) == -1) + goto fail; break; default: goto fail; @@ -213,10 +294,14 @@ sshpam_thread(void *ctxtp) Buffer buffer; struct pam_conv sshpam_conv; #ifndef USE_POSIX_THREADS + extern char **environ; + char **env_from_pam; + u_int i; const char *pam_user; pam_get_item(sshpam_handle, PAM_USER, (const void **)&pam_user); setproctitle("%s [pam]", pam_user); + environ[0] = NULL; #endif sshpam_conv.conv = sshpam_thread_conv; @@ -230,7 +315,43 @@ sshpam_thread(void *ctxtp) sshpam_err = pam_authenticate(sshpam_handle, 0); if (sshpam_err != PAM_SUCCESS) goto auth_fail; + + if (compat20) { + if (!do_pam_account()) + goto auth_fail; + if (sshpam_new_authtok_reqd) { + sshpam_err = pam_chauthtok(sshpam_handle, + PAM_CHANGE_EXPIRED_AUTHTOK); + if (sshpam_err != PAM_SUCCESS) + goto auth_fail; + pam_password_change_required(0); + } + } + buffer_put_cstring(&buffer, "OK"); + +#ifndef USE_POSIX_THREADS + /* Export variables set by do_pam_account */ + buffer_put_int(&buffer, sshpam_account_status); + buffer_put_int(&buffer, sshpam_new_authtok_reqd); + + /* Export any environment strings set in child */ + for(i = 0; environ[i] != NULL; i++) + ; /* Count */ + buffer_put_int(&buffer, i); + for(i = 0; environ[i] != NULL; i++) + buffer_put_cstring(&buffer, environ[i]); + + /* Export any environment strings set by PAM in child */ + env_from_pam = pam_getenvlist(sshpam_handle); + for(i = 0; env_from_pam != NULL && env_from_pam[i] != NULL; i++) + ; /* Count */ + buffer_put_int(&buffer, i); + for(i = 0; env_from_pam != NULL && env_from_pam[i] != NULL; i++) + buffer_put_cstring(&buffer, env_from_pam[i]); +#endif /* USE_POSIX_THREADS */ + + /* XXX - can't do much about an error here */ ssh_msg_send(ctxt->pam_csock, sshpam_err, &buffer); buffer_free(&buffer); pthread_exit(NULL); @@ -238,22 +359,27 @@ sshpam_thread(void *ctxtp) auth_fail: buffer_put_cstring(&buffer, pam_strerror(sshpam_handle, sshpam_err)); + /* XXX - can't do much about an error here */ ssh_msg_send(ctxt->pam_csock, PAM_AUTH_ERR, &buffer); buffer_free(&buffer); pthread_exit(NULL); - + return (NULL); /* Avoid warning for non-pthread case */ } -static void -sshpam_thread_cleanup(void *ctxtp) +void +sshpam_thread_cleanup(void) { - struct pam_ctxt *ctxt = ctxtp; - - pthread_cancel(ctxt->pam_thread); - pthread_join(ctxt->pam_thread, NULL); - close(ctxt->pam_psock); - close(ctxt->pam_csock); + struct pam_ctxt *ctxt = cleanup_ctxt; + + if (ctxt != NULL && ctxt->pam_thread != 0) { + pthread_cancel(ctxt->pam_thread); + pthread_join(ctxt->pam_thread, NULL); + close(ctxt->pam_psock); + close(ctxt->pam_csock); + memset(ctxt, 0, sizeof(*ctxt)); + cleanup_ctxt = NULL; + } } static int @@ -265,10 +391,9 @@ sshpam_null_conv(int n, const struct pam_message **msg, static struct pam_conv null_conv = { sshpam_null_conv, NULL }; -static void -sshpam_cleanup(void *arg) +void +sshpam_cleanup(void) { - (void)arg; debug("PAM: cleanup"); if (sshpam_handle == NULL) return; @@ -299,7 +424,6 @@ sshpam_init(const char *user) PAM_USER, (const void **)&pam_user); if (sshpam_err == PAM_SUCCESS && strcmp(user, pam_user) == 0) return (0); - fatal_remove_cleanup(sshpam_cleanup, NULL); pam_end(sshpam_handle, sshpam_err); sshpam_handle = NULL; } @@ -320,11 +444,11 @@ sshpam_init(const char *user) return (-1); } #ifdef PAM_TTY_KLUDGE - /* - * Some silly PAM modules (e.g. pam_time) require a TTY to operate. - * sshd doesn't set the tty until too late in the auth process and + /* + * Some silly PAM modules (e.g. pam_time) require a TTY to operate. + * sshd doesn't set the tty until too late in the auth process and * may not even set one (for tty-less connections) - */ + */ debug("PAM: setting PAM_TTY to \"ssh\""); sshpam_err = pam_set_item(sshpam_handle, PAM_TTY, "ssh"); if (sshpam_err != PAM_SUCCESS) { @@ -333,7 +457,6 @@ sshpam_init(const char *user) return (-1); } #endif - fatal_add_cleanup(sshpam_cleanup, NULL); return (0); } @@ -354,7 +477,7 @@ sshpam_init_ctx(Authctxt *authctxt) } ctxt = xmalloc(sizeof *ctxt); - ctxt->pam_done = 0; + memset(ctxt, 0, sizeof(*ctxt)); /* Start the authentication thread */ if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, socks) == -1) { @@ -372,7 +495,7 @@ sshpam_init_ctx(Authctxt *authctxt) xfree(ctxt); return (NULL); } - fatal_add_cleanup(sshpam_thread_cleanup, ctxt); + cleanup_ctxt = ctxt; return (ctxt); } @@ -410,26 +533,23 @@ sshpam_query(void *ctx, char **name, char **info, case PAM_ERROR_MSG: case PAM_TEXT_INFO: /* accumulate messages */ - len = plen + strlen(msg) + 1; + len = plen + strlen(msg) + 2; **prompts = xrealloc(**prompts, len); - plen += snprintf(**prompts + plen, len, "%s", msg); + plen += snprintf(**prompts + plen, len, "%s\n", msg); xfree(msg); break; case PAM_SUCCESS: case PAM_AUTH_ERR: if (**prompts != NULL) { /* drain any accumulated messages */ -#if 0 /* XXX - not compatible with privsep */ - packet_start(SSH2_MSG_USERAUTH_BANNER); - packet_put_cstring(**prompts); - packet_put_cstring(""); - packet_send(); - packet_write_wait(); -#endif + debug("PAM: %s", **prompts); + buffer_append(&loginmsg, **prompts, + strlen(**prompts)); xfree(**prompts); **prompts = NULL; } if (type == PAM_SUCCESS) { + import_environments(&buffer); *num = 0; **echo_on = 0; ctxt->pam_done = 1; @@ -437,6 +557,7 @@ sshpam_query(void *ctx, char **name, char **info, return (0); } error("PAM: %s", msg); + /* FALLTHROUGH */ default: *num = 0; **echo_on = 0; @@ -471,7 +592,10 @@ sshpam_respond(void *ctx, u_int num, char **resp) } buffer_init(&buffer); buffer_put_cstring(&buffer, *resp); - ssh_msg_send(ctxt->pam_psock, PAM_AUTHTOK, &buffer); + if (ssh_msg_send(ctxt->pam_psock, PAM_AUTHTOK, &buffer) == -1) { + buffer_free(&buffer); + return (-1); + } buffer_free(&buffer); return (1); } @@ -481,8 +605,7 @@ sshpam_free_ctx(void *ctxtp) { struct pam_ctxt *ctxt = ctxtp; - fatal_remove_cleanup(sshpam_thread_cleanup, ctxt); - sshpam_thread_cleanup(ctxtp); + sshpam_thread_cleanup(); xfree(ctxt); /* * We don't call sshpam_cleanup() here because we may need the PAM @@ -524,44 +647,28 @@ start_pam(const char *user) void finish_pam(void) { - fatal_remove_cleanup(sshpam_cleanup, NULL); - sshpam_cleanup(NULL); + sshpam_cleanup(); } u_int do_pam_account(void) { + if (sshpam_account_status != -1) + return (sshpam_account_status); + sshpam_err = pam_acct_mgmt(sshpam_handle, 0); debug3("%s: pam_acct_mgmt = %d", __func__, sshpam_err); - if (sshpam_err != PAM_SUCCESS && sshpam_err != PAM_NEW_AUTHTOK_REQD) - return (0); - - if (sshpam_err == PAM_NEW_AUTHTOK_REQD) { - sshpam_new_authtok_reqd = 1; - - /* Prevent forwardings until password changed */ - no_port_forwarding_flag |= 2; - no_agent_forwarding_flag |= 2; - no_x11_forwarding_flag |= 2; + if (sshpam_err != PAM_SUCCESS && sshpam_err != PAM_NEW_AUTHTOK_REQD) { + sshpam_account_status = 0; + return (sshpam_account_status); } - return (1); -} + if (sshpam_err == PAM_NEW_AUTHTOK_REQD) + pam_password_change_required(1); -void -do_pam_session(void) -{ - sshpam_err = pam_set_item(sshpam_handle, PAM_CONV, - (const void *)&null_conv); - if (sshpam_err != PAM_SUCCESS) - fatal("PAM: failed to set PAM_CONV: %s", - pam_strerror(sshpam_handle, sshpam_err)); - sshpam_err = pam_open_session(sshpam_handle, 0); - if (sshpam_err != PAM_SUCCESS) - fatal("PAM: pam_open_session(): %s", - pam_strerror(sshpam_handle, sshpam_err)); - sshpam_session_open = 1; + sshpam_account_status = 1; + return (sshpam_account_status); } void @@ -610,7 +717,7 @@ is_pam_password_change_required(void) } static int -pam_chauthtok_conv(int n, const struct pam_message **msg, +pam_tty_conv(int n, const struct pam_message **msg, struct pam_response **resp, void *data) { char input[PAM_MAX_MSG_SIZE]; @@ -619,7 +726,7 @@ pam_chauthtok_conv(int n, const struct pam_message **msg, *resp = NULL; - if (n <= 0 || n > PAM_MAX_NUM_MSG) + if (n <= 0 || n > PAM_MAX_NUM_MSG || !isatty(STDIN_FILENO)) return (PAM_CONV_ERR); if ((reply = malloc(n * sizeof(*reply))) == NULL) @@ -630,19 +737,19 @@ pam_chauthtok_conv(int n, const struct pam_message **msg, switch (PAM_MSG_MEMBER(msg, i, msg_style)) { case PAM_PROMPT_ECHO_OFF: reply[i].resp = - read_passphrase(PAM_MSG_MEMBER(msg, i, msg), + read_passphrase(PAM_MSG_MEMBER(msg, i, msg), RP_ALLOW_STDIN); reply[i].resp_retcode = PAM_SUCCESS; break; case PAM_PROMPT_ECHO_ON: - fputs(PAM_MSG_MEMBER(msg, i, msg), stderr); + fprintf(stderr, "%s\n", PAM_MSG_MEMBER(msg, i, msg)); fgets(input, sizeof input, stdin); reply[i].resp = xstrdup(input); reply[i].resp_retcode = PAM_SUCCESS; break; case PAM_ERROR_MSG: case PAM_TEXT_INFO: - fputs(PAM_MSG_MEMBER(msg, i, msg), stderr); + fprintf(stderr, "%s\n", PAM_MSG_MEMBER(msg, i, msg)); reply[i].resp_retcode = PAM_SUCCESS; break; default: @@ -661,6 +768,8 @@ pam_chauthtok_conv(int n, const struct pam_message **msg, return (PAM_CONV_ERR); } +static struct pam_conv tty_conv = { pam_tty_conv, NULL }; + /* * XXX this should be done in the authentication phase, but ssh1 doesn't * support that @@ -668,15 +777,10 @@ pam_chauthtok_conv(int n, const struct pam_message **msg, void do_pam_chauthtok(void) { - struct pam_conv pam_conv; - - pam_conv.conv = pam_chauthtok_conv; - pam_conv.appdata_ptr = NULL; - if (use_privsep) fatal("Password expired (unable to change with privsep)"); sshpam_err = pam_set_item(sshpam_handle, PAM_CONV, - (const void *)&pam_conv); + (const void *)&tty_conv); if (sshpam_err != PAM_SUCCESS) fatal("PAM: failed to set PAM_CONV: %s", pam_strerror(sshpam_handle, sshpam_err)); @@ -687,17 +791,31 @@ do_pam_chauthtok(void) pam_strerror(sshpam_handle, sshpam_err)); } -/* +void +do_pam_session(void) +{ + sshpam_err = pam_set_item(sshpam_handle, PAM_CONV, + (const void *)&tty_conv); + if (sshpam_err != PAM_SUCCESS) + fatal("PAM: failed to set PAM_CONV: %s", + pam_strerror(sshpam_handle, sshpam_err)); + sshpam_err = pam_open_session(sshpam_handle, 0); + if (sshpam_err != PAM_SUCCESS) + fatal("PAM: pam_open_session(): %s", + pam_strerror(sshpam_handle, sshpam_err)); + sshpam_session_open = 1; +} + +/* * Set a PAM environment string. We need to do this so that the session * modules can handle things like Kerberos/GSI credentials that appear * during the ssh authentication process. */ - int -do_pam_putenv(char *name, char *value) +do_pam_putenv(char *name, char *value) { int ret = 1; -#ifdef HAVE_PAM_PUTENV +#ifdef HAVE_PAM_PUTENV char *compound; size_t len; @@ -718,15 +836,16 @@ print_pam_messages(void) /* XXX */ } +char ** +fetch_pam_child_environment(void) +{ + return sshpam_env; +} + char ** fetch_pam_environment(void) { -#ifdef HAVE_PAM_GETENVLIST - debug("PAM: retrieving environment"); return (pam_getenvlist(sshpam_handle)); -#else - return (NULL); -#endif } void diff --git a/openssh/auth-pam.h b/openssh/auth-pam.h index 6b77872..dbd3595 100644 --- a/openssh/auth-pam.h +++ b/openssh/auth-pam.h @@ -42,6 +42,9 @@ void do_pam_chauthtok(void); int do_pam_putenv(char *, char *); void print_pam_messages(void); char ** fetch_pam_environment(void); +char ** fetch_pam_child_environment(void); void free_pam_environment(char **); +void sshpam_thread_cleanup(void); +void sshpam_cleanup(void); #endif /* USE_PAM */ diff --git a/openssh/auth-passwd.c b/openssh/auth-passwd.c index 971c7ba..a27170c 100644 --- a/openssh/auth-passwd.c +++ b/openssh/auth-passwd.c @@ -36,16 +36,14 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-passwd.c,v 1.29 2003/08/26 09:58:43 markus Exp $"); +RCSID("$OpenBSD: auth-passwd.c,v 1.30 2003/11/04 08:54:09 djm Exp $"); #include "packet.h" #include "log.h" #include "servconf.h" #include "auth.h" #ifdef WITH_AIXAUTHENTICATE -# include "buffer.h" # include "canohost.h" -extern Buffer loginmsg; #endif extern ServerOptions options; @@ -60,11 +58,8 @@ auth_password(Authctxt *authctxt, const char *password) struct passwd * pw = authctxt->pw; int ok = authctxt->valid; - /* deny if no user. */ - if (pw == NULL) - return 0; #ifndef HAVE_CYGWIN - if (pw && pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES) + if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES) ok = 0; #endif if (*password == '\0' && options.permit_empty_passwd == 0) @@ -92,44 +87,11 @@ auth_password(Authctxt *authctxt, const char *password) } # endif # ifdef WITH_AIXAUTHENTICATE - { - char *authmsg = NULL; - int reenter = 1; - int authsuccess = 0; - - if (authenticate(pw->pw_name, password, &reenter, - &authmsg) == 0 && ok) { - char *msg; - char *host = - (char *)get_canonical_hostname(options.use_dns); - - authsuccess = 1; - aix_remove_embedded_newlines(authmsg); - - debug3("AIX/authenticate succeeded for user %s: %.100s", - pw->pw_name, authmsg); - - /* No pty yet, so just label the line as "ssh" */ - aix_setauthdb(authctxt->user); - if (loginsuccess(authctxt->user, host, "ssh", - &msg) == 0) { - if (msg != NULL) { - debug("%s: msg %s", __func__, msg); - buffer_append(&loginmsg, msg, - strlen(msg)); - xfree(msg); - } - } - } else { - debug3("AIX/authenticate failed for user %s: %.100s", - pw->pw_name, authmsg); - } - - if (authmsg != NULL) - xfree(authmsg); - - return authsuccess; - } + if (aix_authenticate(pw->pw_name, password, + get_canonical_hostname(options.use_dns)) == 0) + return 0; + else + return ok; # endif # ifdef BSD_AUTH if (auth_userokay(pw->pw_name, authctxt->style, "auth-ssh", diff --git a/openssh/auth-rh-rsa.c b/openssh/auth-rh-rsa.c index 2eb7e6e..29eb538 100644 --- a/openssh/auth-rh-rsa.c +++ b/openssh/auth-rh-rsa.c @@ -13,7 +13,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-rh-rsa.c,v 1.36 2003/06/02 09:17:34 markus Exp $"); +RCSID("$OpenBSD: auth-rh-rsa.c,v 1.37 2003/11/04 08:54:09 djm Exp $"); #include "packet.h" #include "uidswap.h" @@ -52,14 +52,15 @@ auth_rhosts_rsa_key_allowed(struct passwd *pw, char *cuser, char *chost, * its host key. Returns true if authentication succeeds. */ int -auth_rhosts_rsa(struct passwd *pw, char *cuser, Key *client_host_key) +auth_rhosts_rsa(Authctxt *authctxt, char *cuser, Key *client_host_key) { char *chost; + struct passwd *pw = authctxt->pw; debug("Trying rhosts with RSA host authentication for client user %.100s", cuser); - if (pw == NULL || client_host_key == NULL || + if (!authctxt->valid || client_host_key == NULL || client_host_key->rsa == NULL) return 0; diff --git a/openssh/auth-rhosts.c b/openssh/auth-rhosts.c index b42a64c..585246e 100644 --- a/openssh/auth-rhosts.c +++ b/openssh/auth-rhosts.c @@ -14,7 +14,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-rhosts.c,v 1.31 2003/06/02 09:17:34 markus Exp $"); +RCSID("$OpenBSD: auth-rhosts.c,v 1.32 2003/11/04 08:54:09 djm Exp $"); #include "packet.h" #include "uidswap.h" @@ -173,10 +173,6 @@ auth_rhosts2_raw(struct passwd *pw, const char *client_user, const char *hostnam debug2("auth_rhosts2: clientuser %s hostname %s ipaddr %s", client_user, hostname, ipaddr); - /* no user given */ - if (pw == NULL) - return 0; - /* Switch to the user's uid. */ temporarily_use_uid(pw); /* diff --git a/openssh/auth-rsa.c b/openssh/auth-rsa.c index 5631d23..2f0746b 100644 --- a/openssh/auth-rsa.c +++ b/openssh/auth-rsa.c @@ -14,7 +14,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-rsa.c,v 1.57 2003/04/08 20:21:28 itojun Exp $"); +RCSID("$OpenBSD: auth-rsa.c,v 1.58 2003/11/04 08:54:09 djm Exp $"); #include #include @@ -284,13 +284,14 @@ auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey) * successful. This may exit if there is a serious protocol violation. */ int -auth_rsa(struct passwd *pw, BIGNUM *client_n) +auth_rsa(Authctxt *authctxt, BIGNUM *client_n) { Key *key; char *fp; + struct passwd *pw = authctxt->pw; /* no user given */ - if (pw == NULL) + if (!authctxt->valid) return 0; if (!PRIVSEP(auth_rsa_key_allowed(pw, client_n, &key))) { diff --git a/openssh/auth-sia.c b/openssh/auth-sia.c index cae5f09..cd2dcb8 100644 --- a/openssh/auth-sia.c +++ b/openssh/auth-sia.c @@ -31,6 +31,7 @@ #include "log.h" #include "servconf.h" #include "canohost.h" +#include "uidswap.h" #include #include @@ -83,7 +84,7 @@ session_setup_sia(struct passwd *pw, char *tty) host = get_canonical_hostname(options.use_dns); - if (sia_ses_init(&ent, saved_argc, saved_argv, host, pw->pw_name, + if (sia_ses_init(&ent, saved_argc, saved_argv, host, pw->pw_name, tty, 0, NULL) != SIASUCCESS) fatal("sia_ses_init failed"); @@ -100,11 +101,11 @@ session_setup_sia(struct passwd *pw, char *tty) if (sia_ses_launch(sia_collect_trm, ent) != SIASUCCESS) fatal("Couldn't launch session for %s from %s", pw->pw_name, host); - + sia_ses_release(&ent); - if (setreuid(geteuid(), geteuid()) < 0) - fatal("setreuid: %s", strerror(errno)); + setuid(0); + permanently_set_uid(pw); } #endif /* HAVE_OSF_SIA */ diff --git a/openssh/auth.c b/openssh/auth.c index 46e495a..4b307da 100644 --- a/openssh/auth.c +++ b/openssh/auth.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth.c,v 1.49 2003/08/26 09:58:43 markus Exp $"); +RCSID("$OpenBSD: auth.c,v 1.51 2003/11/21 11:57:02 djm Exp $"); #ifdef HAVE_LOGIN_H #include @@ -90,6 +90,7 @@ allowed_user(struct passwd * pw) #ifdef HAS_SHADOW_EXPIRE #define DAY (24L * 60 * 60) /* 1 day in seconds */ if (!options.use_pam && spw != NULL) { + int disabled = 0; time_t today; today = time(NULL) / DAY; @@ -106,13 +107,19 @@ allowed_user(struct passwd * pw) return 0; } - if (spw->sp_lstchg == 0) { +#if defined(__hpux) && !defined(HAVE_SECUREWARE) + if (iscomsec() && spw->sp_min == 0 && spw->sp_max == 0 && + spw->sp_warn == 0) + disabled = 1; /* Trusted Mode: expiry disabled */ +#endif + + if (!disabled && spw->sp_lstchg == 0) { logit("User %.100s password has expired (root forced)", pw->pw_name); return 0; } - if (spw->sp_max != -1 && + if (!disabled && spw->sp_max != -1 && today > spw->sp_lstchg + spw->sp_max) { logit("User %.100s password has expired (password aged)", pw->pw_name); @@ -122,7 +129,7 @@ allowed_user(struct passwd * pw) #endif /* HAS_SHADOW_EXPIRE */ #endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */ - /* grab passwd field for locked account check */ + /* grab passwd field for locked account check */ #if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) if (spw != NULL) passwd = spw->sp_pwdp; @@ -130,7 +137,7 @@ allowed_user(struct passwd * pw) passwd = pw->pw_passwd; #endif - /* check for locked account */ + /* check for locked account */ if (!options.use_pam && passwd && *passwd) { int locked = 0; @@ -242,7 +249,7 @@ allowed_user(struct passwd * pw) if ((pw->pw_uid != 0) && (geteuid() == 0)) { char *msg; - if (loginrestrictions(pw->pw_name, S_RLOGIN, NULL, &msg) != 0) { + if (loginrestrictions(pw->pw_name, S_RLOGIN, NULL, &msg) != 0) { int loginrestrict_errno = errno; if (msg && *msg) { @@ -252,7 +259,7 @@ allowed_user(struct passwd * pw) pw->pw_name, msg); } /* Don't fail if /etc/nologin set */ - if (!(loginrestrict_errno == EPERM && + if (!(loginrestrict_errno == EPERM && stat(_PATH_NOLOGIN, &st) == 0)) return 0; } @@ -263,14 +270,6 @@ allowed_user(struct passwd * pw) return 1; } -Authctxt * -authctxt_new(void) -{ - Authctxt *authctxt = xmalloc(sizeof(*authctxt)); - memset(authctxt, 0, sizeof(*authctxt)); - return authctxt; -} - void auth_log(Authctxt *authctxt, int authenticated, char *method, char *info) { @@ -598,7 +597,7 @@ fakepw(void) memset(&fake, 0, sizeof(fake)); fake.pw_name = "NOUSER"; fake.pw_passwd = - "$2a$06$r3.juUaHZDlIbQaO2dS9FuYxL1W9M81R1Tc92PoSNmzvpEqLkLGrK"; + "$2a$06$r3.juUaHZDlIbQaO2dS9FuYxL1W9M81R1Tc92PoSNmzvpEqLkLGrK"; fake.pw_gecos = "NOUSER"; fake.pw_uid = -1; fake.pw_gid = -1; diff --git a/openssh/auth.h b/openssh/auth.h index beaacb8..0be1f88 100644 --- a/openssh/auth.h +++ b/openssh/auth.h @@ -1,4 +1,4 @@ -/* $OpenBSD: auth.h,v 1.46 2003/08/28 12:54:34 markus Exp $ */ +/* $OpenBSD: auth.h,v 1.48 2003/11/04 08:54:09 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -102,9 +102,9 @@ int auth_rhosts(struct passwd *, const char *); int auth_rhosts2(struct passwd *, const char *, const char *, const char *); -int auth_rhosts_rsa(struct passwd *, char *, Key *); +int auth_rhosts_rsa(Authctxt *, char *, Key *); int auth_password(Authctxt *, const char *); -int auth_rsa(struct passwd *, BIGNUM *); +int auth_rsa(Authctxt *, BIGNUM *); int auth_rsa_challenge_dialog(Key *); BIGNUM *auth_rsa_generate_challenge(Key *); int auth_rsa_verify_response(Key *, BIGNUM *, u_char[]); @@ -118,15 +118,14 @@ int user_key_allowed(struct passwd *, Key *); int auth_krb5(Authctxt *authctxt, krb5_data *auth, char **client, krb5_data *); int auth_krb5_tgt(Authctxt *authctxt, krb5_data *tgt); int auth_krb5_password(Authctxt *authctxt, const char *password); -void krb5_cleanup_proc(void *authctxt); +void krb5_cleanup_proc(Authctxt *authctxt); #endif /* KRB5 */ #include "auth-pam.h" -Authctxt *do_authentication(void); -Authctxt *do_authentication2(void); +void do_authentication(Authctxt *); +void do_authentication2(Authctxt *); -Authctxt *authctxt_new(void); void auth_log(Authctxt *, int, char *, char *); void userauth_finish(Authctxt *, int, char *); int auth_root_allowed(char *); @@ -149,8 +148,6 @@ char *get_challenge(Authctxt *); int verify_response(Authctxt *, const char *); void abandon_challenge_response(Authctxt *); -struct passwd * auth_get_user(void); - char *expand_filename(const char *, struct passwd *); char *authorized_keys_file(struct passwd *); char *authorized_keys_file2(struct passwd *); diff --git a/openssh/auth1.c b/openssh/auth1.c index dfe944d..82fe5fb 100644 --- a/openssh/auth1.c +++ b/openssh/auth1.c @@ -10,7 +10,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth1.c,v 1.52 2003/08/28 12:54:34 markus Exp $"); +RCSID("$OpenBSD: auth1.c,v 1.55 2003/11/08 16:02:40 jakob Exp $"); #include "xmalloc.h" #include "rsa.h" @@ -139,7 +139,7 @@ do_authloop(Authctxt *authctxt) BN_num_bits(client_host_key->rsa->n), bits); packet_check_eom(); - authenticated = auth_rhosts_rsa(pw, client_user, + authenticated = auth_rhosts_rsa(authctxt, client_user, client_host_key); key_free(client_host_key); @@ -156,7 +156,7 @@ do_authloop(Authctxt *authctxt) fatal("do_authloop: BN_new failed"); packet_get_bignum(n); packet_check_eom(); - authenticated = auth_rsa(pw, n); + authenticated = auth_rsa(authctxt, n); BN_clear_free(n); break; @@ -235,7 +235,7 @@ do_authloop(Authctxt *authctxt) if (authenticated && !check_nt_auth(type == SSH_CMSG_AUTH_PASSWORD, pw)) { packet_disconnect("Authentication rejected for uid %d.", - pw == NULL ? -1 : pw->pw_uid); + pw == NULL ? -1 : pw->pw_uid); authenticated = 0; } #else @@ -246,7 +246,7 @@ do_authloop(Authctxt *authctxt) #endif #ifdef USE_PAM - if (options.use_pam && authenticated && + if (options.use_pam && authenticated && !PRIVSEP(do_pam_account())) authenticated = 0; #endif @@ -275,10 +275,9 @@ do_authloop(Authctxt *authctxt) * Performs authentication of an incoming connection. Session key has already * been exchanged and encryption is enabled. */ -Authctxt * -do_authentication(void) +void +do_authentication(Authctxt *authctxt) { - Authctxt *authctxt; u_int ulen; char *user, *style = NULL; @@ -292,7 +291,6 @@ do_authentication(void) if ((style = strchr(user, ':')) != NULL) *style++ = '\0'; - authctxt = authctxt_new(); authctxt->user = user; authctxt->style = style; @@ -332,6 +330,4 @@ do_authentication(void) packet_start(SSH_SMSG_SUCCESS); packet_send(); packet_write_wait(); - - return (authctxt); } diff --git a/openssh/auth2-gss.c b/openssh/auth2-gss.c index 75b94b0..9249988 100644 --- a/openssh/auth2-gss.c +++ b/openssh/auth2-gss.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-gss.c,v 1.3 2003/09/01 20:44:54 markus Exp $ */ +/* $OpenBSD: auth2-gss.c,v 1.7 2003/11/21 11:57:03 djm Exp $ */ /* * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. @@ -43,6 +43,7 @@ extern ServerOptions options; static void input_gssapi_token(int type, u_int32_t plen, void *ctxt); +static void input_gssapi_mic(int type, u_int32_t plen, void *ctxt); static void input_gssapi_exchange_complete(int type, u_int32_t plen, void *ctxt); static void input_gssapi_errtok(int, u_int32_t, void *); @@ -78,17 +79,19 @@ userauth_gssapi(Authctxt *authctxt) if (doid) xfree(doid); + present = 0; doid = packet_get_string(&len); - if (doid[0] != SSH_GSS_OIDTYPE || doid[1] != len-2) { - logit("Mechanism OID received using the old encoding form"); - oid.elements = doid; - oid.length = len; - } else { + if (len > 2 && + doid[0] == SSH_GSS_OIDTYPE && + doid[1] == len - 2) { oid.elements = doid + 2; oid.length = len - 2; + gss_test_oid_set_member(&ms, &oid, supported, + &present); + } else { + logit("Badly formed OID received"); } - gss_test_oid_set_member(&ms, &oid, supported, &present); } while (mechs > 0 && !present); gss_release_oid_set(&ms, &supported); @@ -107,7 +110,7 @@ userauth_gssapi(Authctxt *authctxt) packet_start(SSH2_MSG_USERAUTH_GSSAPI_RESPONSE); - /* Return OID in same format as we received it*/ + /* Return the OID that we received */ packet_put_string(doid, len); packet_send(); @@ -127,7 +130,7 @@ input_gssapi_token(int type, u_int32_t plen, void *ctxt) Gssctxt *gssctxt; gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER; gss_buffer_desc recv_tok; - OM_uint32 maj_status, min_status; + OM_uint32 maj_status, min_status, flags; u_int len; if (authctxt == NULL || (authctxt->methoddata == NULL && !use_privsep)) @@ -140,7 +143,7 @@ input_gssapi_token(int type, u_int32_t plen, void *ctxt) packet_check_eom(); maj_status = PRIVSEP(ssh_gssapi_accept_ctx(gssctxt, &recv_tok, - &send_tok, NULL)); + &send_tok, &flags)); xfree(recv_tok.value); @@ -152,7 +155,7 @@ input_gssapi_token(int type, u_int32_t plen, void *ctxt) } authctxt->postponed = 0; dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL); - userauth_finish(authctxt, 0, "gssapi"); + userauth_finish(authctxt, 0, "gssapi-with-mic"); } else { if (send_tok.length != 0) { packet_start(SSH2_MSG_USERAUTH_GSSAPI_TOKEN); @@ -161,8 +164,13 @@ input_gssapi_token(int type, u_int32_t plen, void *ctxt) } if (maj_status == GSS_S_COMPLETE) { dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL); - dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE, - &input_gssapi_exchange_complete); + if (flags & GSS_C_INTEG_FLAG) + dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_MIC, + &input_gssapi_mic); + else + dispatch_set( + SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE, + &input_gssapi_exchange_complete); } } @@ -222,9 +230,8 @@ input_gssapi_exchange_complete(int type, u_int32_t plen, void *ctxt) gssctxt = authctxt->methoddata; /* - * We don't need to check the status, because the stored credentials - * which userok uses are only populated once the context init step - * has returned complete. + * We don't need to check the status, because we're only enabled in + * the dispatcher once the exchange is complete */ packet_check_eom(); @@ -234,12 +241,53 @@ input_gssapi_exchange_complete(int type, u_int32_t plen, void *ctxt) authctxt->postponed = 0; dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL); dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, NULL); + dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_MIC, NULL); + dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE, NULL); + userauth_finish(authctxt, authenticated, "gssapi-with-mic"); +} + +static void +input_gssapi_mic(int type, u_int32_t plen, void *ctxt) +{ + Authctxt *authctxt = ctxt; + Gssctxt *gssctxt; + int authenticated = 0; + Buffer b; + gss_buffer_desc mic, gssbuf; + u_int len; + + if (authctxt == NULL || (authctxt->methoddata == NULL && !use_privsep)) + fatal("No authentication or GSSAPI context"); + + gssctxt = authctxt->methoddata; + + mic.value = packet_get_string(&len); + mic.length = len; + + ssh_gssapi_buildmic(&b, authctxt->user, authctxt->service, + "gssapi-with-mic"); + + gssbuf.value = buffer_ptr(&b); + gssbuf.length = buffer_len(&b); + + if (!GSS_ERROR(PRIVSEP(ssh_gssapi_checkmic(gssctxt, &gssbuf, &mic)))) + authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user)); + else + logit("GSSAPI MIC check failed"); + + buffer_free(&b); + xfree(mic.value); + + authctxt->postponed = 0; + dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL); + dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, NULL); + dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_MIC, NULL); dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE, NULL); - userauth_finish(authctxt, authenticated, "gssapi"); + userauth_finish(authctxt, authenticated, "gssapi-with-mic"); } Authmethod method_gssapi = { - "gssapi", + "gssapi-with-mic", userauth_gssapi, &options.gss_authentication }; diff --git a/openssh/auth2-passwd.c b/openssh/auth2-passwd.c index 67fb4c9..a4f482d 100644 --- a/openssh/auth2-passwd.c +++ b/openssh/auth2-passwd.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth2-passwd.c,v 1.4 2003/08/26 09:58:43 markus Exp $"); +RCSID("$OpenBSD: auth2-passwd.c,v 1.5 2003/12/31 00:24:50 dtucker Exp $"); #include "xmalloc.h" #include "packet.h" @@ -38,16 +38,24 @@ extern ServerOptions options; static int userauth_passwd(Authctxt *authctxt) { - char *password; + char *password, *newpass; int authenticated = 0; int change; - u_int len; + u_int len, newlen; + change = packet_get_char(); - if (change) - logit("password change not supported"); password = packet_get_string(&len); + if (change) { + /* discard new password from packet */ + newpass = packet_get_string(&newlen); + memset(newpass, 0, newlen); + xfree(newpass); + } packet_check_eom(); - if (PRIVSEP(auth_password(authctxt, password)) == 1 + + if (change) + logit("password change not supported"); + else if (PRIVSEP(auth_password(authctxt, password)) == 1 #ifdef HAVE_CYGWIN && check_nt_auth(1, authctxt->pw) #endif diff --git a/openssh/auth2-pubkey.c b/openssh/auth2-pubkey.c index d51e939..c28571a 100644 --- a/openssh/auth2-pubkey.c +++ b/openssh/auth2-pubkey.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth2-pubkey.c,v 1.4 2003/06/24 08:23:46 markus Exp $"); +RCSID("$OpenBSD: auth2-pubkey.c,v 1.5 2003/11/04 08:54:09 djm Exp $"); #include "ssh2.h" #include "xmalloc.h" @@ -175,9 +175,6 @@ user_key_allowed2(struct passwd *pw, Key *key, char *file) Key *found; char *fp; - if (pw == NULL) - return 0; - /* Temporarily use the user's uid. */ temporarily_use_uid(pw); diff --git a/openssh/auth2.c b/openssh/auth2.c index 41e77ef..a9490cc 100644 --- a/openssh/auth2.c +++ b/openssh/auth2.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth2.c,v 1.102 2003/08/26 09:58:43 markus Exp $"); +RCSID("$OpenBSD: auth2.c,v 1.104 2003/11/04 08:54:09 djm Exp $"); #include "ssh2.h" #include "xmalloc.h" @@ -45,8 +45,6 @@ extern ServerOptions options; extern u_char *session_id2; extern u_int session_id2_len; -Authctxt *x_authctxt = NULL; - /* methods */ extern Authmethod method_none; @@ -79,19 +77,14 @@ static void input_userauth_request(int, u_int32_t, void *); static Authmethod *authmethod_lookup(const char *); static char *authmethods_get(void); int user_key_allowed(struct passwd *, Key *); -int hostbased_key_allowed(struct passwd *, const char *, char *, Key *); /* * loop until authctxt->success == TRUE */ -Authctxt * -do_authentication2(void) +void +do_authentication2(Authctxt *authctxt) { - Authctxt *authctxt = authctxt_new(); - - x_authctxt = authctxt; /*XXX*/ - /* challenge-response is implemented via keyboard interactive */ if (options.challenge_response_authentication) options.kbd_interactive_authentication = 1; @@ -99,8 +92,6 @@ do_authentication2(void) dispatch_init(&dispatch_protocol_error); dispatch_set(SSH2_MSG_SERVICE_REQUEST, &input_service_request); dispatch_run(DISPATCH_BLOCK, &authctxt->success, authctxt); - - return (authctxt); } static void @@ -264,14 +255,6 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method) } } -/* get current user */ - -struct passwd* -auth_get_user(void) -{ - return (x_authctxt != NULL && x_authctxt->valid) ? x_authctxt->pw : NULL; -} - #define DELIM "," static char * diff --git a/openssh/authfd.c b/openssh/authfd.c index c78db6d..42ca082 100644 --- a/openssh/authfd.c +++ b/openssh/authfd.c @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: authfd.c,v 1.61 2003/06/28 16:23:06 deraadt Exp $"); +RCSID("$OpenBSD: authfd.c,v 1.63 2003/11/21 11:57:03 djm Exp $"); #include @@ -114,7 +114,8 @@ ssh_get_authentication_socket(void) static int ssh_request_reply(AuthenticationConnection *auth, Buffer *request, Buffer *reply) { - int l, len; + int l; + u_int len; char buf[1024]; /* Get the length of the message, and format it in the buffer. */ @@ -147,7 +148,7 @@ ssh_request_reply(AuthenticationConnection *auth, Buffer *request, Buffer *reply /* Extract the length, and check it for sanity. */ len = GET_32BIT(buf); if (len > 256 * 1024) - fatal("Authentication response too long: %d", len); + fatal("Authentication response too long: %u", len); /* Read the rest of the response in to the buffer. */ buffer_clear(reply); @@ -292,7 +293,7 @@ ssh_get_num_identities(AuthenticationConnection *auth, int version) /* Get the number of entries in the response and check it for sanity. */ auth->howmany = buffer_get_int(&auth->identities); - if (auth->howmany > 1024) + if ((u_int)auth->howmany > 1024) fatal("Too many identities in authentication reply: %d", auth->howmany); @@ -589,7 +590,7 @@ ssh_remove_identity(AuthenticationConnection *auth, Key *key) } int -ssh_update_card(AuthenticationConnection *auth, int add, +ssh_update_card(AuthenticationConnection *auth, int add, const char *reader_id, const char *pin, u_int life, u_int confirm) { Buffer msg; @@ -606,7 +607,7 @@ ssh_update_card(AuthenticationConnection *auth, int add, buffer_put_char(&msg, type); buffer_put_cstring(&msg, reader_id); buffer_put_cstring(&msg, pin); - + if (constrained) { if (life != 0) { buffer_put_char(&msg, SSH_AGENT_CONSTRAIN_LIFETIME); diff --git a/openssh/authfd.h b/openssh/authfd.h index 74b825c..0a6a4e3 100644 --- a/openssh/authfd.h +++ b/openssh/authfd.h @@ -1,4 +1,4 @@ -/* $OpenBSD: authfd.h,v 1.33 2003/06/11 11:18:38 djm Exp $ */ +/* $OpenBSD: authfd.h,v 1.34 2003/11/21 11:57:03 djm Exp $ */ /* * Author: Tatu Ylonen @@ -83,7 +83,7 @@ int ssh_add_identity_constrained(AuthenticationConnection *, Key *, int ssh_remove_identity(AuthenticationConnection *, Key *); int ssh_remove_all_identities(AuthenticationConnection *, int); int ssh_lock_agent(AuthenticationConnection *, int, const char *); -int ssh_update_card(AuthenticationConnection *, int, const char *, +int ssh_update_card(AuthenticationConnection *, int, const char *, const char *, u_int, u_int); int diff --git a/openssh/authfile.c b/openssh/authfile.c index 1f46093..83ddd63 100644 --- a/openssh/authfile.c +++ b/openssh/authfile.c @@ -36,7 +36,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: authfile.c,v 1.54 2003/05/24 09:30:39 djm Exp $"); +RCSID("$OpenBSD: authfile.c,v 1.55 2003/09/18 07:56:05 markus Exp $"); #include #include @@ -143,6 +143,7 @@ key_save_private_rsa1(Key *key, const char *filename, const char *passphrase, fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0600); if (fd < 0) { error("open %s failed: %s.", filename, strerror(errno)); + buffer_free(&encrypted); return 0; } if (write(fd, buffer_ptr(&encrypted), buffer_len(&encrypted)) != diff --git a/openssh/bufaux.c b/openssh/bufaux.c index 37cc27f..339d744 100644 --- a/openssh/bufaux.c +++ b/openssh/bufaux.c @@ -37,7 +37,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: bufaux.c,v 1.29 2003/04/08 20:21:28 itojun Exp $"); +RCSID("$OpenBSD: bufaux.c,v 1.31 2003/11/10 16:23:41 jakob Exp $"); #include #include "bufaux.h" @@ -50,7 +50,7 @@ RCSID("$OpenBSD: bufaux.c,v 1.29 2003/04/08 20:21:28 itojun Exp $"); * by (bits+7)/8 bytes of binary data, msb first. */ void -buffer_put_bignum(Buffer *buffer, BIGNUM *value) +buffer_put_bignum(Buffer *buffer, const BIGNUM *value) { int bits = BN_num_bits(value); int bin_size = (bits + 7) / 8; @@ -80,7 +80,7 @@ buffer_put_bignum(Buffer *buffer, BIGNUM *value) void buffer_get_bignum(Buffer *buffer, BIGNUM *value) { - int bits, bytes; + u_int bits, bytes; u_char buf[2], *bin; /* Get the number for bits. */ @@ -101,12 +101,12 @@ buffer_get_bignum(Buffer *buffer, BIGNUM *value) * Stores an BIGNUM in the buffer in SSH2 format. */ void -buffer_put_bignum2(Buffer *buffer, BIGNUM *value) +buffer_put_bignum2(Buffer *buffer, const BIGNUM *value) { - int bytes = BN_num_bytes(value) + 1; + u_int bytes = BN_num_bytes(value) + 1; u_char *buf = xmalloc(bytes); int oi; - int hasnohigh = 0; + u_int hasnohigh = 0; buf[0] = '\0'; /* Get the value of in binary */ diff --git a/openssh/bufaux.h b/openssh/bufaux.h index 9355535..61c72e3 100644 --- a/openssh/bufaux.h +++ b/openssh/bufaux.h @@ -1,4 +1,4 @@ -/* $OpenBSD: bufaux.h,v 1.18 2002/04/20 09:14:58 markus Exp $ */ +/* $OpenBSD: bufaux.h,v 1.19 2003/11/10 16:23:41 jakob Exp $ */ /* * Author: Tatu Ylonen @@ -18,8 +18,8 @@ #include "buffer.h" #include -void buffer_put_bignum(Buffer *, BIGNUM *); -void buffer_put_bignum2(Buffer *, BIGNUM *); +void buffer_put_bignum(Buffer *, const BIGNUM *); +void buffer_put_bignum2(Buffer *, const BIGNUM *); void buffer_get_bignum(Buffer *, BIGNUM *); void buffer_get_bignum2(Buffer *, BIGNUM *); diff --git a/openssh/buffer.c b/openssh/buffer.c index a80880b..9217cb2 100644 --- a/openssh/buffer.c +++ b/openssh/buffer.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: buffer.c,v 1.19 2003/09/18 07:54:48 markus Exp $"); +RCSID("$OpenBSD: buffer.c,v 1.21 2003/11/21 11:57:03 djm Exp $"); #include "xmalloc.h" #include "buffer.h" @@ -105,7 +105,7 @@ restart: goto restart; } /* Increase the size of the buffer and retry. */ - + newlen = buffer->alloc + len + 32768; if (newlen > 0xa00000) fatal("buffer_append_space: alloc %u not supported", @@ -169,7 +169,7 @@ buffer_ptr(Buffer *buffer) void buffer_dump(Buffer *buffer) { - int i; + u_int i; u_char *ucp = buffer->buf; for (i = buffer->offset; i < buffer->end; i++) { diff --git a/openssh/canohost.c b/openssh/canohost.c index 438175f..f514592 100644 --- a/openssh/canohost.c +++ b/openssh/canohost.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: canohost.c,v 1.37 2003/06/02 09:17:34 markus Exp $"); +RCSID("$OpenBSD: canohost.c,v 1.38 2003/09/23 20:17:11 markus Exp $"); #include "packet.h" #include "xmalloc.h" @@ -20,6 +20,7 @@ RCSID("$OpenBSD: canohost.c,v 1.37 2003/06/02 09:17:34 markus Exp $"); #include "canohost.h" static void check_ip_options(int, char *); +static void ipv64_normalise_mapped(struct sockaddr_storage *, socklen_t *); /* * Return the canonical name of the host at the other end of the socket. The @@ -40,31 +41,11 @@ get_remote_hostname(int socket, int use_dns) memset(&from, 0, sizeof(from)); if (getpeername(socket, (struct sockaddr *)&from, &fromlen) < 0) { debug("getpeername failed: %.100s", strerror(errno)); - fatal_cleanup(); + cleanup_exit(255); } -#ifdef IPV4_IN_IPV6 - if (from.ss_family == AF_INET6) { - struct sockaddr_in6 *from6 = (struct sockaddr_in6 *)&from; - - /* Detect IPv4 in IPv6 mapped address and convert it to */ - /* plain (AF_INET) IPv4 address */ - if (IN6_IS_ADDR_V4MAPPED(&from6->sin6_addr)) { - struct sockaddr_in *from4 = (struct sockaddr_in *)&from; - struct in_addr addr; - u_int16_t port; - - memcpy(&addr, ((char *)&from6->sin6_addr) + 12, sizeof(addr)); - port = from6->sin6_port; - - memset(&from, 0, sizeof(from)); - - from4->sin_family = AF_INET; - fromlen = sizeof(*from4); - memcpy(&from4->sin_addr, &addr, sizeof(addr)); - from4->sin_port = port; - } - } -#endif + + ipv64_normalise_mapped(&from, &fromlen); + if (from.ss_family == AF_INET6) fromlen = sizeof(struct sockaddr_in6); @@ -185,6 +166,31 @@ check_ip_options(int socket, char *ipaddr) #endif /* IP_OPTIONS */ } +static void +ipv64_normalise_mapped(struct sockaddr_storage *addr, socklen_t *len) +{ + struct sockaddr_in6 *a6 = (struct sockaddr_in6 *)addr; + struct sockaddr_in *a4 = (struct sockaddr_in *)addr; + struct in_addr inaddr; + u_int16_t port; + + if (addr->ss_family != AF_INET6 || + !IN6_IS_ADDR_V4MAPPED(&a6->sin6_addr)) + return; + + debug3("Normalising mapped IPv4 in IPv6 address"); + + memcpy(&inaddr, ((char *)&a6->sin6_addr) + 12, sizeof(inaddr)); + port = a6->sin6_port; + + memset(addr, 0, sizeof(*a4)); + + a4->sin_family = AF_INET; + *len = sizeof(*a4); + memcpy(&a4->sin_addr, &inaddr, sizeof(inaddr)); + a4->sin_port = port; +} + /* * Return the canonical name of the host in the other side of the current * connection. The host name is cached, so it is efficient to call this @@ -296,7 +302,7 @@ get_remote_ipaddr(void) canonical_host_ip = get_peer_ipaddr(packet_get_connection_in()); if (canonical_host_ip == NULL) - fatal_cleanup(); + cleanup_exit(255); } else { /* If not on socket, return UNKNOWN. */ canonical_host_ip = xstrdup("UNKNOWN"); @@ -336,7 +342,7 @@ get_sock_port(int sock, int local) } else { if (getpeername(sock, (struct sockaddr *)&from, &fromlen) < 0) { debug("getpeername failed: %.100s", strerror(errno)); - fatal_cleanup(); + cleanup_exit(255); } } diff --git a/openssh/channels.c b/openssh/channels.c index 3d75c8f..14405bd 100644 --- a/openssh/channels.c +++ b/openssh/channels.c @@ -39,7 +39,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: channels.c,v 1.195 2003/09/16 21:02:40 markus Exp $"); +RCSID("$OpenBSD: channels.c,v 1.199 2003/12/02 17:01:14 markus Exp $"); #include "ssh.h" #include "ssh1.h" @@ -217,7 +217,6 @@ channel_new(char *ctype, int type, int rfd, int wfd, int efd, channels = xmalloc(channels_alloc * sizeof(Channel *)); for (i = 0; i < channels_alloc; i++) channels[i] = NULL; - fatal_add_cleanup((void (*) (void *)) channel_free_all, NULL); } /* Try to find a free slot where to put the new channel. */ for (found = -1, i = 0; i < channels_alloc; i++) @@ -971,7 +970,7 @@ channel_decode_socks5(Channel *c, fd_set * readset, fd_set * writeset) have = buffer_len(&c->input); if (!(c->flags & SSH_SOCKS5_AUTHDONE)) { /* format: ver | nmethods | methods */ - if (have < 2) + if (have < 2) return 0; nmethods = p[1]; if (have < nmethods + 2) @@ -1036,7 +1035,7 @@ channel_decode_socks5(Channel *c, fd_set * readset, fd_set * writeset) else if (inet_ntop(af, dest_addr, c->path, sizeof(c->path)) == NULL) return -1; c->host_port = ntohs(dest_port); - + debug2("channel %d: dynamic request: socks5 host %s port %u command %u", c->self, c->path, c->host_port, s5_req.command); @@ -1398,9 +1397,9 @@ channel_handle_wfd(Channel *c, fd_set * readset, fd_set * writeset) data = buffer_ptr(&c->output); dlen = buffer_len(&c->output); #ifdef _AIX - /* XXX: Later AIX versions can't push as much data to tty */ - if (compat20 && c->wfd_isatty && dlen > 8*1024) - dlen = 8*1024; + /* XXX: Later AIX versions can't push as much data to tty */ + if (compat20 && c->wfd_isatty) + dlen = MIN(dlen, 8*1024); #endif len = write(c->wfd, data, dlen); if (len < 0 && (errno == EINTR || errno == EAGAIN)) @@ -2196,7 +2195,7 @@ channel_setup_fwd_listener(int type, const char *listen_addr, u_short listen_por continue; } /* Start listening for connections on the socket. */ - if (listen(sock, 5) < 0) { + if (listen(sock, SSH_LISTEN_BACKLOG) < 0) { error("listen: %.100s", strerror(errno)); close(sock); continue; @@ -2551,7 +2550,7 @@ x11_create_display_inet(int x11_display_offset, int x11_use_localhost, /* Start listening for connections on the socket. */ for (n = 0; n < num_socks; n++) { sock = socks[n]; - if (listen(sock, 5) < 0) { + if (listen(sock, SSH_LISTEN_BACKLOG) < 0) { error("listen: %.100s", strerror(errno)); close(sock); return -1; @@ -2839,46 +2838,3 @@ auth_request_forwarding(void) packet_send(); packet_write_wait(); } - -/* This is called to process an SSH_SMSG_AGENT_OPEN message. */ - -void -auth_input_open_request(int type, u_int32_t seq, void *ctxt) -{ - Channel *c = NULL; - int remote_id, sock; - - /* Read the remote channel number from the message. */ - remote_id = packet_get_int(); - packet_check_eom(); - - /* - * Get a connection to the local authentication agent (this may again - * get forwarded). - */ - sock = ssh_get_authentication_socket(); - - /* - * If we could not connect the agent, send an error message back to - * the server. This should never happen unless the agent dies, - * because authentication forwarding is only enabled if we have an - * agent. - */ - if (sock >= 0) { - c = channel_new("", SSH_CHANNEL_OPEN, sock, sock, - -1, 0, 0, 0, "authentication agent connection", 1); - c->remote_id = remote_id; - c->force_drain = 1; - } - if (c == NULL) { - packet_start(SSH_MSG_CHANNEL_OPEN_FAILURE); - packet_put_int(remote_id); - } else { - /* Send a confirmation to the remote host. */ - debug("Forwarding authentication connection."); - packet_start(SSH_MSG_CHANNEL_OPEN_CONFIRMATION); - packet_put_int(remote_id); - packet_put_int(c->self); - } - packet_send(); -} diff --git a/openssh/channels.h b/openssh/channels.h index bd2e925..7d98147 100644 --- a/openssh/channels.h +++ b/openssh/channels.h @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.h,v 1.70 2002/06/24 14:33:27 markus Exp $ */ +/* $OpenBSD: channels.h,v 1.71 2003/09/23 20:41:11 markus Exp $ */ /* * Author: Tatu Ylonen @@ -214,7 +214,6 @@ void deny_input_open(int, u_int32_t, void *); /* agent forwarding */ void auth_request_forwarding(void); -void auth_input_open_request(int, u_int32_t, void *); /* channel close */ diff --git a/openssh/cipher-3des1.c b/openssh/cipher-3des1.c index 6f9f5dd..f815e8a 100644 --- a/openssh/cipher-3des1.c +++ b/openssh/cipher-3des1.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: cipher-3des1.c,v 1.1 2003/05/15 03:08:29 markus Exp $"); +RCSID("$OpenBSD: cipher-3des1.c,v 1.2 2003/12/22 20:29:55 markus Exp $"); #include #include "xmalloc.h" @@ -126,6 +126,9 @@ ssh1_3des_cleanup(EVP_CIPHER_CTX *ctx) struct ssh1_3des_ctx *c; if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) != NULL) { + EVP_CIPHER_CTX_cleanup(&c->k1); + EVP_CIPHER_CTX_cleanup(&c->k2); + EVP_CIPHER_CTX_cleanup(&c->k3); memset(c, 0, sizeof(*c)); xfree(c); EVP_CIPHER_CTX_set_app_data(ctx, NULL); diff --git a/openssh/cipher-aes.c b/openssh/cipher-aes.c index 7ba9501..22d500d 100644 --- a/openssh/cipher-aes.c +++ b/openssh/cipher-aes.c @@ -24,7 +24,7 @@ #include "includes.h" #if OPENSSL_VERSION_NUMBER < 0x00907000L -RCSID("$OpenBSD: cipher-aes.c,v 1.1 2003/05/15 03:08:29 markus Exp $"); +RCSID("$OpenBSD: cipher-aes.c,v 1.2 2003/11/26 21:44:29 djm Exp $"); #include #include "rijndael.h" diff --git a/openssh/cipher-ctr.c b/openssh/cipher-ctr.c index 4f0814b..a9ddb8a 100644 --- a/openssh/cipher-ctr.c +++ b/openssh/cipher-ctr.c @@ -14,7 +14,7 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include "includes.h" -RCSID("$OpenBSD: cipher-ctr.c,v 1.2 2003/06/17 18:14:23 markus Exp $"); +RCSID("$OpenBSD: cipher-ctr.c,v 1.3 2003/11/21 11:57:03 djm Exp $"); #include @@ -94,7 +94,7 @@ ssh_aes_ctr_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv, EVP_CIPHER_CTX_set_app_data(ctx, c); } if (key != NULL) - AES_set_encrypt_key(key, ctx->key_len * 8, &c->aes_ctx); + AES_set_encrypt_key(key, ctx->key_len * 8, &c->aes_ctx); if (iv != NULL) memcpy(c->aes_counter, iv, AES_BLOCK_SIZE); return (1); diff --git a/openssh/cipher.c b/openssh/cipher.c index ce53367..a1c40cc 100644 --- a/openssh/cipher.c +++ b/openssh/cipher.c @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: cipher.c,v 1.65 2003/05/17 04:27:52 markus Exp $"); +RCSID("$OpenBSD: cipher.c,v 1.66 2003/11/10 16:23:41 jakob Exp $"); #include "xmalloc.h" #include "log.h" @@ -99,19 +99,19 @@ struct Cipher { /*--*/ u_int -cipher_blocksize(Cipher *c) +cipher_blocksize(const Cipher *c) { return (c->block_size); } u_int -cipher_keylen(Cipher *c) +cipher_keylen(const Cipher *c) { return (c->key_len); } u_int -cipher_get_number(Cipher *c) +cipher_get_number(const Cipher *c) { return (c->number); } @@ -311,7 +311,7 @@ cipher_set_key_string(CipherContext *cc, Cipher *cipher, */ int -cipher_get_keyiv_len(CipherContext *cc) +cipher_get_keyiv_len(const CipherContext *cc) { Cipher *c = cc->cipher; int ivlen; @@ -397,7 +397,7 @@ cipher_set_keyiv(CipherContext *cc, u_char *iv) #endif int -cipher_get_keycontext(CipherContext *cc, u_char *dat) +cipher_get_keycontext(const CipherContext *cc, u_char *dat) { Cipher *c = cc->cipher; int plen = 0; diff --git a/openssh/cipher.h b/openssh/cipher.h index fc7f6dd..74b3669 100644 --- a/openssh/cipher.h +++ b/openssh/cipher.h @@ -1,4 +1,4 @@ -/* $OpenBSD: cipher.h,v 1.33 2002/03/18 17:13:15 markus Exp $ */ +/* $OpenBSD: cipher.h,v 1.34 2003/11/10 16:23:41 jakob Exp $ */ /* * Author: Tatu Ylonen @@ -79,13 +79,13 @@ void cipher_init(CipherContext *, Cipher *, const u_char *, u_int, void cipher_crypt(CipherContext *, u_char *, const u_char *, u_int); void cipher_cleanup(CipherContext *); void cipher_set_key_string(CipherContext *, Cipher *, const char *, int); -u_int cipher_blocksize(Cipher *); -u_int cipher_keylen(Cipher *); +u_int cipher_blocksize(const Cipher *); +u_int cipher_keylen(const Cipher *); -u_int cipher_get_number(Cipher *); +u_int cipher_get_number(const Cipher *); void cipher_get_keyiv(CipherContext *, u_char *, u_int); void cipher_set_keyiv(CipherContext *, u_char *); -int cipher_get_keyiv_len(CipherContext *); -int cipher_get_keycontext(CipherContext *, u_char *); +int cipher_get_keyiv_len(const CipherContext *); +int cipher_get_keycontext(const CipherContext *, u_char *); void cipher_set_keycontext(CipherContext *, u_char *); #endif /* CIPHER_H */ diff --git a/openssh/cleanup.c b/openssh/cleanup.c new file mode 100644 index 0000000..11d1d4d --- /dev/null +++ b/openssh/cleanup.c @@ -0,0 +1,26 @@ +/* + * Copyright (c) 2003 Markus Friedl + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ +#include "includes.h" +RCSID("$OpenBSD: cleanup.c,v 1.1 2003/09/23 20:17:11 markus Exp $"); + +#include "log.h" + +/* default implementation */ +void +cleanup_exit(int i) +{ + _exit(i); +} diff --git a/openssh/clientloop.c b/openssh/clientloop.c index d8def78..626b29a 100644 --- a/openssh/clientloop.c +++ b/openssh/clientloop.c @@ -59,7 +59,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: clientloop.c,v 1.112 2003/06/28 16:23:06 deraadt Exp $"); +RCSID("$OpenBSD: clientloop.c,v 1.117 2003/12/16 15:49:51 markus Exp $"); #include "ssh.h" #include "ssh1.h" @@ -89,6 +89,9 @@ extern Options options; /* Flag indicating that stdin should be redirected from /dev/null. */ extern int stdin_null_flag; +/* Flag indicating that no shell has been requested */ +extern int no_shell_flag; + /* * Name of the host we are connecting to. This is the name given on the * command line, or the HostName specified for the user-supplied name in a @@ -124,6 +127,7 @@ static int connection_in; /* Connection to server (input). */ static int connection_out; /* Connection to server (output). */ static int need_rekeying; /* Set to non-zero if rekeying is requested. */ static int session_closed = 0; /* In SSH2: login session closed. */ +static int server_alive_timeouts = 0; static void client_init_dispatch(void); int session_ident = -1; @@ -139,7 +143,6 @@ leave_non_blocking(void) if (in_non_blocking_mode) { (void) fcntl(fileno(stdin), F_SETFL, 0); in_non_blocking_mode = 0; - fatal_remove_cleanup((void (*) (void *)) leave_non_blocking, NULL); } } @@ -150,7 +153,6 @@ enter_non_blocking(void) { in_non_blocking_mode = 1; (void) fcntl(fileno(stdin), F_SETFL, O_NONBLOCK); - fatal_add_cleanup((void (*) (void *)) leave_non_blocking, NULL); } /* @@ -312,6 +314,24 @@ client_check_window_change(void) } } +static void +client_global_request_reply(int type, u_int32_t seq, void *ctxt) +{ + server_alive_timeouts = 0; + client_global_request_reply_fwd(type, seq, ctxt); +} + +static void +server_alive_check(void) +{ + if (++server_alive_timeouts > options.server_alive_count_max) + packet_disconnect("Timeout, server not responding."); + packet_start(SSH2_MSG_GLOBAL_REQUEST); + packet_put_cstring("keepalive@openssh.com"); + packet_put_char(1); /* boolean: want reply */ + packet_send(); +} + /* * Waits until the client can do something (some data becomes available on * one of the file descriptors). @@ -321,6 +341,9 @@ static void client_wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp, int *maxfdp, int *nallocp, int rekeying) { + struct timeval tv, *tvp; + int ret; + /* Add any selections by the channel mechanism. */ channel_prepare_select(readsetp, writesetp, maxfdp, nallocp, rekeying); @@ -362,13 +385,18 @@ client_wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp, /* * Wait for something to happen. This will suspend the process until * some selected descriptor can be read, written, or has some other - * event pending. Note: if you want to implement SSH_MSG_IGNORE - * messages to fool traffic analysis, this might be the place to do - * it: just have a random timeout for the select, and send a random - * SSH_MSG_IGNORE packet when the timeout expires. + * event pending. */ - if (select((*maxfdp)+1, *readsetp, *writesetp, NULL, NULL) < 0) { + if (options.server_alive_interval == 0 || !compat20) + tvp = NULL; + else { + tv.tv_sec = options.server_alive_interval; + tv.tv_usec = 0; + tvp = &tv; + } + ret = select((*maxfdp)+1, *readsetp, *writesetp, NULL, tvp); + if (ret < 0) { char buf[100]; /* @@ -385,7 +413,8 @@ client_wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp, snprintf(buf, sizeof buf, "select: %s\r\n", strerror(errno)); buffer_append(&stderr_buffer, buf, strlen(buf)); quit_pending = 1; - } + } else if (ret == 0) + server_alive_check(); } static void @@ -844,8 +873,7 @@ client_channel_closed(int id, void *arg) id, session_ident); channel_cancel_cleanup(id); session_closed = 1; - if (in_raw_mode()) - leave_raw_mode(); + leave_raw_mode(); } /* @@ -1034,12 +1062,19 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id) if (!isatty(fileno(stderr))) unset_nonblock(fileno(stderr)); - if (received_signal) { - if (in_non_blocking_mode) /* XXX */ - leave_non_blocking(); - fatal("Killed by signal %d.", (int) received_signal); + /* + * If there was no shell or command requested, there will be no remote + * exit status to be returned. In that case, clear error code if the + * connection was deliberately terminated at this end. + */ + if (no_shell_flag && received_signal == SIGTERM) { + received_signal = 0; + exit_status = 0; } + if (received_signal) + fatal("Killed by signal %d.", (int) received_signal); + /* * In interactive mode (with pseudo tty) display a message indicating * that the connection has been closed. @@ -1131,6 +1166,46 @@ client_input_exit_status(int type, u_int32_t seq, void *ctxt) /* Flag that we want to exit. */ quit_pending = 1; } +static void +client_input_agent_open(int type, u_int32_t seq, void *ctxt) +{ + Channel *c = NULL; + int remote_id, sock; + + /* Read the remote channel number from the message. */ + remote_id = packet_get_int(); + packet_check_eom(); + + /* + * Get a connection to the local authentication agent (this may again + * get forwarded). + */ + sock = ssh_get_authentication_socket(); + + /* + * If we could not connect the agent, send an error message back to + * the server. This should never happen unless the agent dies, + * because authentication forwarding is only enabled if we have an + * agent. + */ + if (sock >= 0) { + c = channel_new("", SSH_CHANNEL_OPEN, sock, sock, + -1, 0, 0, 0, "authentication agent connection", 1); + c->remote_id = remote_id; + c->force_drain = 1; + } + if (c == NULL) { + packet_start(SSH_MSG_CHANNEL_OPEN_FAILURE); + packet_put_int(remote_id); + } else { + /* Send a confirmation to the remote host. */ + debug("Forwarding authentication connection."); + packet_start(SSH_MSG_CHANNEL_OPEN_CONFIRMATION); + packet_put_int(remote_id); + packet_put_int(c->self); + } + packet_send(); +} static Channel * client_request_forwarded_tcpip(const char *request_type, int rchan) @@ -1318,7 +1393,8 @@ client_input_global_request(int type, u_int32_t seq, void *ctxt) rtype = packet_get_string(NULL); want_reply = packet_get_char(); - debug("client_input_global_request: rtype %s want_reply %d", rtype, want_reply); + debug("client_input_global_request: rtype %s want_reply %d", + rtype, want_reply); if (want_reply) { packet_start(success ? SSH2_MSG_REQUEST_SUCCESS : SSH2_MSG_REQUEST_FAILURE); @@ -1366,7 +1442,7 @@ client_init_dispatch_13(void) dispatch_set(SSH_SMSG_STDOUT_DATA, &client_input_stdout_data); dispatch_set(SSH_SMSG_AGENT_OPEN, options.forward_agent ? - &auth_input_open_request : &deny_input_open); + &client_input_agent_open : &deny_input_open); dispatch_set(SSH_SMSG_X11_OPEN, options.forward_x11 ? &x11_input_open : &deny_input_open); } @@ -1387,3 +1463,12 @@ client_init_dispatch(void) else client_init_dispatch_15(); } + +/* client specific fatal cleanup */ +void +cleanup_exit(int i) +{ + leave_raw_mode(); + leave_non_blocking(); + _exit(i); +} diff --git a/openssh/clientloop.h b/openssh/clientloop.h index 8056a40..56af06b 100644 --- a/openssh/clientloop.h +++ b/openssh/clientloop.h @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.h,v 1.7 2002/04/22 21:04:52 markus Exp $ */ +/* $OpenBSD: clientloop.h,v 1.8 2003/12/16 15:49:51 markus Exp $ */ /* * Author: Tatu Ylonen @@ -37,4 +37,4 @@ /* Client side main loop for the interactive session. */ int client_loop(int, int, int); -void client_global_request_reply(int type, u_int32_t seq, void *ctxt); +void client_global_request_reply_fwd(int, u_int32_t, void *); diff --git a/openssh/compat.c b/openssh/compat.c index af1d143..2fdebe7 100644 --- a/openssh/compat.c +++ b/openssh/compat.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: compat.c,v 1.69 2003/08/29 10:03:15 markus Exp $"); +RCSID("$OpenBSD: compat.c,v 1.70 2003/11/02 11:01:03 markus Exp $"); #include "buffer.h" #include "packet.h" @@ -79,11 +79,7 @@ compat_datafellows(const char *version) { "OpenSSH_2.5.3*", SSH_BUG_NOREKEY|SSH_BUG_EXTEOF}, { "OpenSSH_2.*," "OpenSSH_3.0*," - "OpenSSH_3.1*", SSH_BUG_EXTEOF|SSH_BUG_GSSAPI_BER}, - { "OpenSSH_3.2*," - "OpenSSH_3.3*," - "OpenSSH_3.4*," - "OpenSSH_3.5*", SSH_BUG_GSSAPI_BER}, + "OpenSSH_3.1*", SSH_BUG_EXTEOF}, { "Sun_SSH_1.0*", SSH_BUG_NOREKEY|SSH_BUG_EXTEOF}, { "OpenSSH*", 0 }, { "*MindTerm*", 0 }, diff --git a/openssh/compat.h b/openssh/compat.h index 7a50044..efa0f08 100644 --- a/openssh/compat.h +++ b/openssh/compat.h @@ -1,4 +1,4 @@ -/* $OpenBSD: compat.h,v 1.36 2003/08/29 10:03:15 markus Exp $ */ +/* $OpenBSD: compat.h,v 1.37 2003/11/02 11:01:03 markus Exp $ */ /* * Copyright (c) 1999, 2000, 2001 Markus Friedl. All rights reserved. @@ -55,7 +55,6 @@ #define SSH_BUG_EXTEOF 0x00200000 #define SSH_BUG_PROBE 0x00400000 #define SSH_BUG_FIRSTKEX 0x00800000 -#define SSH_BUG_GSSAPI_BER 0x01000000 void enable_compat13(void); void enable_compat20(void); diff --git a/openssh/config.guess b/openssh/config.guess index e8f2061..3fe4d4f 100755 --- a/openssh/config.guess +++ b/openssh/config.guess @@ -174,7 +174,7 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in fi ;; *) - os=netbsd + os=netbsd ;; esac # The OS release @@ -382,23 +382,23 @@ EOF # MiNT. But MiNT is downward compatible to TOS, so this should # be no problem. atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*) - echo m68k-atari-mint${UNAME_RELEASE} + echo m68k-atari-mint${UNAME_RELEASE} exit 0 ;; atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*) echo m68k-atari-mint${UNAME_RELEASE} - exit 0 ;; + exit 0 ;; *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*) - echo m68k-atari-mint${UNAME_RELEASE} + echo m68k-atari-mint${UNAME_RELEASE} exit 0 ;; milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*) - echo m68k-milan-mint${UNAME_RELEASE} - exit 0 ;; + echo m68k-milan-mint${UNAME_RELEASE} + exit 0 ;; hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*) - echo m68k-hades-mint${UNAME_RELEASE} - exit 0 ;; + echo m68k-hades-mint${UNAME_RELEASE} + exit 0 ;; *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*) - echo m68k-unknown-mint${UNAME_RELEASE} - exit 0 ;; + echo m68k-unknown-mint${UNAME_RELEASE} + exit 0 ;; powerpc:machten:*:*) echo powerpc-apple-machten${UNAME_RELEASE} exit 0 ;; @@ -462,8 +462,8 @@ EOF echo m88k-motorola-sysv3 exit 0 ;; AViiON:dgux:*:*) - # DG/UX returns AViiON for all architectures - UNAME_PROCESSOR=`/usr/bin/uname -p` + # DG/UX returns AViiON for all architectures + UNAME_PROCESSOR=`/usr/bin/uname -p` if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ] then if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \ @@ -476,7 +476,7 @@ EOF else echo i586-dg-dgux${UNAME_RELEASE} fi - exit 0 ;; + exit 0 ;; M88*:DolphinOS:*:*) # DolphinOS (SVR3) echo m88k-dolphin-sysv3 exit 0 ;; @@ -573,52 +573,52 @@ EOF 9000/[678][0-9][0-9]) if [ -x /usr/bin/getconf ]; then sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null` - sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null` - case "${sc_cpu_version}" in - 523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0 - 528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1 - 532) # CPU_PA_RISC2_0 - case "${sc_kernel_bits}" in - 32) HP_ARCH="hppa2.0n" ;; - 64) HP_ARCH="hppa2.0w" ;; + sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null` + case "${sc_cpu_version}" in + 523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0 + 528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1 + 532) # CPU_PA_RISC2_0 + case "${sc_kernel_bits}" in + 32) HP_ARCH="hppa2.0n" ;; + 64) HP_ARCH="hppa2.0w" ;; '') HP_ARCH="hppa2.0" ;; # HP-UX 10.20 - esac ;; - esac + esac ;; + esac fi if [ "${HP_ARCH}" = "" ]; then eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c - #define _HPUX_SOURCE - #include - #include + #define _HPUX_SOURCE + #include + #include - int main () - { - #if defined(_SC_KERNEL_BITS) - long bits = sysconf(_SC_KERNEL_BITS); - #endif - long cpu = sysconf (_SC_CPU_VERSION); + int main () + { + #if defined(_SC_KERNEL_BITS) + long bits = sysconf(_SC_KERNEL_BITS); + #endif + long cpu = sysconf (_SC_CPU_VERSION); - switch (cpu) - { - case CPU_PA_RISC1_0: puts ("hppa1.0"); break; - case CPU_PA_RISC1_1: puts ("hppa1.1"); break; - case CPU_PA_RISC2_0: - #if defined(_SC_KERNEL_BITS) - switch (bits) - { - case 64: puts ("hppa2.0w"); break; - case 32: puts ("hppa2.0n"); break; - default: puts ("hppa2.0"); break; - } break; - #else /* !defined(_SC_KERNEL_BITS) */ - puts ("hppa2.0"); break; - #endif - default: puts ("hppa1.0"); break; - } - exit (0); - } + switch (cpu) + { + case CPU_PA_RISC1_0: puts ("hppa1.0"); break; + case CPU_PA_RISC1_1: puts ("hppa1.1"); break; + case CPU_PA_RISC2_0: + #if defined(_SC_KERNEL_BITS) + switch (bits) + { + case 64: puts ("hppa2.0w"); break; + case 32: puts ("hppa2.0n"); break; + default: puts ("hppa2.0"); break; + } break; + #else /* !defined(_SC_KERNEL_BITS) */ + puts ("hppa2.0"); break; + #endif + default: puts ("hppa1.0"); break; + } + exit (0); + } EOF (CCOPTS= $CC_FOR_BUILD $dummy.c -o $dummy 2>/dev/null) && HP_ARCH=`$dummy` if test -z "$HP_ARCH"; then HP_ARCH=hppa; fi @@ -689,22 +689,22 @@ EOF exit 0 ;; C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*) echo c1-convex-bsd - exit 0 ;; + exit 0 ;; C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*) if getsysinfo -f scalar_acc then echo c32-convex-bsd else echo c2-convex-bsd fi - exit 0 ;; + exit 0 ;; C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*) echo c34-convex-bsd - exit 0 ;; + exit 0 ;; C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*) echo c38-convex-bsd - exit 0 ;; + exit 0 ;; C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*) echo c4-convex-bsd - exit 0 ;; + exit 0 ;; CRAY*Y-MP:*:*:*) echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' exit 0 ;; @@ -731,10 +731,10 @@ EOF exit 0 ;; F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*) FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` - FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` - FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'` - echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" - exit 0 ;; + FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` + FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'` + echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" + exit 0 ;; i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*) echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE} exit 0 ;; @@ -836,7 +836,7 @@ EOF EV6) UNAME_MACHINE=alphaev6 ;; EV67) UNAME_MACHINE=alphaev67 ;; EV68*) UNAME_MACHINE=alphaev68 ;; - esac + esac objdump --private-headers /bin/sh | grep ld.so.1 >/dev/null if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC} @@ -875,7 +875,7 @@ EOF s/.*supported targets: *// s/ .*// p'` - case "$ld_supported_targets" in + case "$ld_supported_targets" in elf32-i386) TENTATIVE="${UNAME_MACHINE}-pc-linux-gnu" ;; @@ -925,11 +925,11 @@ EOF echo i386-sequent-sysv4 exit 0 ;; i*86:UNIX_SV:4.2MP:2.*) - # Unixware is an offshoot of SVR4, but it has its own version - # number series starting with 2... - # I am not positive that other SVR4 systems won't match this, + # Unixware is an offshoot of SVR4, but it has its own version + # number series starting with 2... + # I am not positive that other SVR4 systems won't match this, # I just have to hope. -- rms. - # Use sysv4.2uw... so that sysv4* matches it. + # Use sysv4.2uw... so that sysv4* matches it. echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION} exit 0 ;; i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*) @@ -971,10 +971,10 @@ EOF exit 0 ;; pc:*:*:*) # Left here for compatibility: - # uname -m prints for DJGPP always 'pc', but it prints nothing about - # the processor, so we play safe by assuming i386. + # uname -m prints for DJGPP always 'pc', but it prints nothing about + # the processor, so we play safe by assuming i386. echo i386-pc-msdosdjgpp - exit 0 ;; + exit 0 ;; Intel:Mach:3*:*) echo i386-pc-mach3 exit 0 ;; @@ -1003,8 +1003,8 @@ EOF /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ && echo i586-ncr-sysv4.3${OS_REL} && exit 0 ;; 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*) - /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ - && echo i486-ncr-sysv4 && exit 0 ;; + /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ + && echo i486-ncr-sysv4 && exit 0 ;; m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*) echo m68k-unknown-lynxos${UNAME_RELEASE} exit 0 ;; @@ -1041,9 +1041,9 @@ EOF fi exit 0 ;; PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort - # says - echo i586-unisys-sysv4 - exit 0 ;; + # says + echo i586-unisys-sysv4 + exit 0 ;; *:UNIX_System_V:4*:FTX*) # From Gerald Hewes . # How about differentiating between stratus architectures? -djm @@ -1065,11 +1065,11 @@ EOF exit 0 ;; R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*) if [ -d /usr/nec ]; then - echo mips-nec-sysv${UNAME_RELEASE} + echo mips-nec-sysv${UNAME_RELEASE} else - echo mips-unknown-sysv${UNAME_RELEASE} + echo mips-unknown-sysv${UNAME_RELEASE} fi - exit 0 ;; + exit 0 ;; BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only. echo powerpc-be-beos exit 0 ;; @@ -1179,11 +1179,11 @@ main () #include printf ("m68k-sony-newsos%s\n", #ifdef NEWSOS4 - "4" + "4" #else "" #endif - ); exit (0); + ); exit (0); #endif #endif diff --git a/openssh/config.sub b/openssh/config.sub index a0b7bb9..75a74f7 100755 --- a/openssh/config.sub +++ b/openssh/config.sub @@ -162,10 +162,10 @@ case $os in os=-chorusos basic_machine=$1 ;; - -chorusrdb) - os=-chorusrdb + -chorusrdb) + os=-chorusrdb basic_machine=$1 - ;; + ;; -hiux*) os=-hiuxwe2 ;; @@ -748,7 +748,7 @@ case $basic_machine in pbb) basic_machine=m68k-tti ;; - pc532 | pc532-*) + pc532 | pc532-*) basic_machine=ns32k-pc532 ;; pentium | p5 | k5 | k6 | nexgen | viac3) @@ -775,22 +775,22 @@ case $basic_machine in power) basic_machine=power-ibm ;; ppc) basic_machine=powerpc-unknown - ;; + ;; ppc-*) basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'` ;; ppcle | powerpclittle | ppc-le | powerpc-little) basic_machine=powerpcle-unknown - ;; + ;; ppcle-* | powerpclittle-*) basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'` ;; ppc64) basic_machine=powerpc64-unknown - ;; + ;; ppc64-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'` ;; ppc64le | powerpc64little | ppc64-le | powerpc64-little) basic_machine=powerpc64le-unknown - ;; + ;; ppc64le-* | powerpc64little-*) basic_machine=powerpc64le-`echo $basic_machine | sed 's/^[^-]*-//'` ;; @@ -886,11 +886,11 @@ case $basic_machine in sun386 | sun386i | roadrunner) basic_machine=i386-sun ;; - sv1) + sv1) basic_machine=sv1-cray os=-unicos ;; - sx*-nec) + sx*-nec) basic_machine=sx6-nec os=-sysv ;; @@ -948,8 +948,8 @@ case $basic_machine in os=-vms ;; vpp*|vx|vx-*) - basic_machine=f301-fujitsu - ;; + basic_machine=f301-fujitsu + ;; vxworks960) basic_machine=i960-wrs os=-vxworks @@ -974,7 +974,7 @@ case $basic_machine in basic_machine=i386-pc os=-windows32-msvcrt ;; - xps | xps100) + xps | xps100) basic_machine=xps100-honeywell ;; ymp) @@ -1029,7 +1029,7 @@ case $basic_machine in sparc | sparcv9 | sparcv9b) basic_machine=sparc-sun ;; - cydra) + cydra) basic_machine=cydra-cydrome ;; orion) @@ -1074,8 +1074,8 @@ esac if [ x"$os" != x"" ] then case $os in - # First match some system type aliases - # that might get confused with valid system types. + # First match some system type aliases + # that might get confused with valid system types. # -solaris* is a basic system type, with this one exception. -solaris1 | -solaris1.*) os=`echo $os | sed -e 's|solaris1|sunos4|'` @@ -1179,7 +1179,7 @@ case $os in os=-rtmk-nova ;; -ns2 ) - os=-nextstep2 + os=-nextstep2 ;; -nsk*) os=-nsk @@ -1218,8 +1218,8 @@ case $os in -xenix) os=-xenix ;; - -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) - os=-mint + -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) + os=-mint ;; -none) ;; @@ -1256,7 +1256,7 @@ case $basic_machine in pdp10-*) os=-tops20 ;; - pdp11-*) + pdp11-*) os=-none ;; *-dec | vax-*) @@ -1349,19 +1349,19 @@ case $basic_machine in *-next) os=-nextstep3 ;; - *-gould) + *-gould) os=-sysv ;; - *-highlevel) + *-highlevel) os=-bsd ;; *-encore) os=-bsd ;; - *-sgi) + *-sgi) os=-irix ;; - *-siemens) + *-siemens) os=-sysv4 ;; *-masscomp) diff --git a/openssh/configure.ac b/openssh/configure.ac index b6a8b16..f885dc9 100644 --- a/openssh/configure.ac +++ b/openssh/configure.ac @@ -48,16 +48,28 @@ fi AC_SUBST(LD) AC_C_INLINE -if test "$GCC" = "yes" || test "$GCC" = "egcs"; then +if test "$GCC" = "yes" || test "$GCC" = "egcs"; then CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wno-uninitialized" fi +AC_ARG_WITH(rpath, + [ --without-rpath Disable auto-added -R linker paths], + [ + if test "x$withval" = "xno" ; then + need_dash_r="" + fi + if test "x$withval" = "xyes" ; then + need_dash_r=1 + fi + ] +) + # Check for some target-specific stuff case "$host" in *-*-aix*) CPPFLAGS="$CPPFLAGS -I/usr/local/include" LDFLAGS="$LDFLAGS -L/usr/local/lib" - AC_MSG_CHECKING([how to specify blibpath for linker ($LD)]) + AC_MSG_CHECKING([how to specify blibpath for linker ($LD)]) if (test -z "$blibpath"); then blibpath="/usr/lib:/lib:/usr/local/lib" fi @@ -120,6 +132,9 @@ case "$host" in ;; *-*-dgux*) AC_DEFINE(IP_TOS_IS_BROKEN) + AC_DEFINE(SETEUID_BREAKS_SETUID) + AC_DEFINE(BROKEN_SETREUID) + AC_DEFINE(BROKEN_SETREGID) ;; *-*-darwin*) AC_MSG_CHECKING(if we have working getaddrinfo) @@ -135,6 +150,7 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) AC_DEFINE(SETEUID_BREAKS_SETUID) AC_DEFINE(BROKEN_SETREUID) AC_DEFINE(BROKEN_SETREGID) + AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1) ;; *-*-hpux10.26) if test -z "$GCC"; then @@ -146,7 +162,6 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) AC_DEFINE(USE_PIPES) AC_DEFINE(LOGIN_NO_ENDOPT) AC_DEFINE(LOGIN_NEEDS_UTMPX) - AC_DEFINE(DISABLE_SHADOW) AC_DEFINE(DISABLE_UTMP) AC_DEFINE(LOCKED_PASSWD_STRING, "*") AC_DEFINE(SPT_TYPE,SPT_PSTAT) @@ -163,7 +178,6 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) AC_DEFINE(USE_PIPES) AC_DEFINE(LOGIN_NO_ENDOPT) AC_DEFINE(LOGIN_NEEDS_UTMPX) - AC_DEFINE(DISABLE_SHADOW) AC_DEFINE(DISABLE_UTMP) AC_DEFINE(LOCKED_PASSWD_STRING, "*") AC_DEFINE(SPT_TYPE,SPT_PSTAT) @@ -177,7 +191,6 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) AC_DEFINE(USE_PIPES) AC_DEFINE(LOGIN_NO_ENDOPT) AC_DEFINE(LOGIN_NEEDS_UTMPX) - AC_DEFINE(DISABLE_SHADOW) AC_DEFINE(DISABLE_UTMP) AC_DEFINE(LOCKED_PASSWD_STRING, "*") AC_DEFINE(SPT_TYPE,SPT_PSTAT) @@ -189,6 +202,9 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) LDFLAGS="$LDFLAGS" PATH="$PATH:/usr/etc" AC_DEFINE(BROKEN_INET_NTOA) + AC_DEFINE(SETEUID_BREAKS_SETUID) + AC_DEFINE(BROKEN_SETREUID) + AC_DEFINE(BROKEN_SETREGID) AC_DEFINE(WITH_ABBREV_NO_TTY) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*") ;; @@ -228,7 +244,9 @@ mips-sony-bsd|mips-sony-newsos4) ;; *-*-netbsd*) check_for_libcrypt_before=1 - need_dash_r=1 + if test "x$withval" != "xno" ; then + need_dash_r=1 + fi ;; *-*-freebsd*) check_for_libcrypt_later=1 @@ -252,8 +270,12 @@ mips-sony-bsd|mips-sony-newsos4) ;; *-*-solaris*) CPPFLAGS="$CPPFLAGS -I/usr/local/include" - LDFLAGS="$LDFLAGS -L/usr/local/lib -R/usr/local/lib" - need_dash_r=1 + if test "x$withval" = "xno" ; then + LDFLAGS="$LDFLAGS -L/usr/local/lib" + else + LDFLAGS="$LDFLAGS -L/usr/local/lib -R/usr/local/lib" + need_dash_r=1 + fi AC_DEFINE(PAM_SUN_CODEBASE) AC_DEFINE(LOGIN_NEEDS_UTMPX) AC_DEFINE(LOGIN_NEEDS_TERM) @@ -297,9 +319,13 @@ mips-sony-bsd|mips-sony-newsos4) CPPFLAGS="$CPPFLAGS -I/usr/local/include" # /usr/ucblib MUST NOT be searched on ReliantUNIX LDFLAGS="$LDFLAGS -L/usr/local/lib" + AC_CHECK_LIB(dl, dlsym, ,) IPADDR_IN_DISPLAY=yes AC_DEFINE(USE_PIPES) AC_DEFINE(IP_TOS_IS_BROKEN) + AC_DEFINE(SETEUID_BREAKS_SETUID) + AC_DEFINE(BROKEN_SETREUID) + AC_DEFINE(BROKEN_SETREGID) AC_DEFINE(SSHD_ACQUIRES_CTTY) external_path_file=/etc/default/login # /usr/ucblib/libucb.a no longer needed on ReliantUNIX @@ -405,14 +431,13 @@ mips-sony-bsd|mips-sony-newsos4) LIBS="$LIBS -lsecurity -ldb -lm -laud" else AC_MSG_RESULT(no) + AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin") fi fi - AC_DEFINE(DISABLE_FD_PASSING) AC_DEFINE(BROKEN_GETADDRINFO) AC_DEFINE(SETEUID_BREAKS_SETUID) AC_DEFINE(BROKEN_SETREUID) AC_DEFINE(BROKEN_SETREGID) - AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin") ;; *-*-nto-qnx) @@ -474,7 +499,7 @@ int main(){exit(0);} AC_CHECK_HEADERS(bstring.h crypt.h endian.h features.h floatingpoint.h \ getopt.h glob.h ia.h lastlog.h limits.h login.h \ login_cap.h maillock.h netdb.h netgroup.h \ - netinet/in_systm.h paths.h pty.h readpassphrase.h \ + netinet/in_systm.h pam/pam_appl.h paths.h pty.h readpassphrase.h \ rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \ strings.h sys/strtio.h sys/audit.h sys/bitypes.h sys/bsdtty.h \ sys/cdefs.h sys/mman.h sys/pstat.h sys/select.h sys/stat.h \ @@ -534,18 +559,6 @@ AC_CHECK_FUNC(getspnam, , AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen")) AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME)) -AC_ARG_WITH(rpath, - [ --without-rpath Disable auto-added -R linker paths], - [ - if test "x$withval" = "xno" ; then - need_dash_r="" - fi - if test "x$withval" = "xyes" ; then - need_dash_r=1 - fi - ] -) - dnl zlib is required AC_ARG_WITH(zlib, [ --with-zlib=PATH Use zlib in PATH], @@ -577,10 +590,10 @@ AC_ARG_WITH(zlib, AC_CHECK_LIB(z, deflate, ,AC_MSG_ERROR([*** zlib missing - please install first or check config.log ***])) dnl UnixWare 2.x -AC_CHECK_FUNC(strcasecmp, +AC_CHECK_FUNC(strcasecmp, [], [ AC_CHECK_LIB(resolv, strcasecmp, LIBS="$LIBS -lresolv") ] ) -AC_CHECK_FUNC(utimes, +AC_CHECK_FUNC(utimes, [], [ AC_CHECK_LIB(c89, utimes, [AC_DEFINE(HAVE_UTIMES) LIBS="$LIBS -lc89"]) ] ) @@ -600,7 +613,7 @@ AC_EGREP_CPP(FOUNDIT, #ifdef GLOB_ALTDIRFUNC FOUNDIT #endif - ], + ], [ AC_DEFINE(GLOB_HAS_ALTDIRFUNC) AC_MSG_RESULT(yes) @@ -613,17 +626,17 @@ AC_EGREP_CPP(FOUNDIT, # Check for g.gl_matchc glob() extension AC_MSG_CHECKING(for gl_matchc field in glob_t) AC_EGREP_CPP(FOUNDIT, - [ - #include + [ + #include int main(void){glob_t g; g.gl_matchc = 1;} - ], - [ - AC_DEFINE(GLOB_HAS_GL_MATCHC) - AC_MSG_RESULT(yes) - ], - [ - AC_MSG_RESULT(no) - ] + ], + [ + AC_DEFINE(GLOB_HAS_GL_MATCHC) + AC_MSG_RESULT(yes) + ], + [ + AC_MSG_RESULT(no) + ] ) AC_MSG_CHECKING([whether struct dirent allocates space for d_name]) @@ -633,7 +646,7 @@ AC_TRY_RUN( #include int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));} ], - [AC_MSG_RESULT(yes)], + [AC_MSG_RESULT(yes)], [ AC_MSG_RESULT(no) AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME) @@ -641,10 +654,10 @@ int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));} ) # Check whether user wants S/Key support -SKEY_MSG="no" +SKEY_MSG="no" AC_ARG_WITH(skey, [ --with-skey[[=PATH]] Enable S/Key support - (optionally in PATH)], + (optionally in PATH)], [ if test "x$withval" != "xno" ; then @@ -655,7 +668,7 @@ AC_ARG_WITH(skey, AC_DEFINE(SKEY) LIBS="-lskey $LIBS" - SKEY_MSG="yes" + SKEY_MSG="yes" AC_MSG_CHECKING([for s/key support]) AC_TRY_RUN( @@ -677,7 +690,7 @@ int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); } TCPW_MSG="no" AC_ARG_WITH(tcp-wrappers, [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support - (optionally in PATH)], + (optionally in PATH)], [ if test "x$withval" != "xno" ; then saved_LIBS="$LIBS" @@ -729,7 +742,7 @@ AC_ARG_WITH(tcp-wrappers, dnl Checks for library functions. Please keep in alphabetical order AC_CHECK_FUNCS(\ - arc4random __b64_ntop b64_ntop __b64_pton b64_pton basename \ + arc4random __b64_ntop b64_ntop __b64_pton b64_pton \ bcopy bindresvport_sa clock fchmod fchown freeaddrinfo futimes \ getaddrinfo getcwd getgrouplist getnameinfo getopt \ getpeereid _getpty getrlimit getttyent glob inet_aton \ @@ -737,9 +750,9 @@ AC_CHECK_FUNCS(\ mkdtemp mmap ngetaddrinfo nsleep ogetaddrinfo openlog_r openpty \ pstat readpassphrase realpath recvmsg rresvport_af sendmsg \ setdtablesize setegid setenv seteuid setgroups setlogin setpcred \ - setproctitle setregid setresgid setresuid setreuid setrlimit \ + setproctitle setregid setreuid setrlimit \ setsid setvbuf sigaction sigvec snprintf socketpair strerror \ - strlcat strlcpy strmode strnvis sysconf tcgetpgrp \ + strlcat strlcpy strmode strnvis strtoul sysconf tcgetpgrp \ truncate utimes vhangup vsnprintf waitpid \ ) @@ -767,10 +780,38 @@ AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)]) dnl tcsendbreak might be a macro AC_CHECK_DECL(tcsendbreak, [AC_DEFINE(HAVE_TCSENDBREAK)], - [AC_CHECK_FUNCS(tcsendbreak)], + [AC_CHECK_FUNCS(tcsendbreak)], [#include ] ) +AC_CHECK_FUNCS(setresuid, [ + dnl Some platorms have setresuid that isn't implemented, test for this + AC_MSG_CHECKING(if setresuid seems to work) + AC_TRY_RUN([ +#include +#include +int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);} + ], + [AC_MSG_RESULT(yes)], + [AC_DEFINE(BROKEN_SETRESUID), + AC_MSG_RESULT(not implemented)] + ) +]) + +AC_CHECK_FUNCS(setresgid, [ + dnl Some platorms have setresgid that isn't implemented, test for this + AC_MSG_CHECKING(if setresgid seems to work) + AC_TRY_RUN([ +#include +#include +int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);} + ], + [AC_MSG_RESULT(yes)], + [AC_DEFINE(BROKEN_SETRESGID) + AC_MSG_RESULT(not implemented)] + ) +]) + dnl Checks for time functions AC_CHECK_FUNCS(gettimeofday time) dnl Checks for utmp functions @@ -780,12 +821,12 @@ dnl Checks for utmpx functions AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline ) AC_CHECK_FUNCS(setutxent utmpxname) -AC_CHECK_FUNC(daemon, +AC_CHECK_FUNC(daemon, [AC_DEFINE(HAVE_DAEMON)], [AC_CHECK_LIB(bsd, daemon, [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])] ) -AC_CHECK_FUNC(getpagesize, +AC_CHECK_FUNC(getpagesize, [AC_DEFINE(HAVE_GETPAGESIZE)], [AC_CHECK_LIB(ucb, getpagesize, [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])] ) @@ -798,7 +839,7 @@ if test "x$ac_cv_func_snprintf" = "xyes" ; then #include int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');} ], - [AC_MSG_RESULT(yes)], + [AC_MSG_RESULT(yes)], [ AC_MSG_RESULT(no) AC_DEFINE(BROKEN_SNPRINTF) @@ -822,14 +863,14 @@ unlink(template); exit(0); [ AC_MSG_RESULT(no) ], - [ + [ AC_MSG_RESULT(yes) AC_DEFINE(HAVE_STRICT_MKSTEMP) ], [ AC_MSG_RESULT(yes) AC_DEFINE(HAVE_STRICT_MKSTEMP) - ] + ] ) fi @@ -854,7 +895,7 @@ main() exit(1); } else if (pid > 0) { /* parent */ waitpid(pid, &status, 0); - if (WIFEXITED(status)) + if (WIFEXITED(status)) exit(WEXITSTATUS(status)); else exit(2); @@ -888,7 +929,8 @@ AC_ARG_WITH(pam, [ --with-pam Enable PAM support ], [ if test "x$withval" != "xno" ; then - if test "x$ac_cv_header_security_pam_appl_h" != "xyes" ; then + if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \ + test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then AC_MSG_ERROR([PAM headers not found]) fi @@ -897,7 +939,6 @@ AC_ARG_WITH(pam, AC_CHECK_FUNCS(pam_getenvlist) AC_CHECK_FUNCS(pam_putenv) - disable_shadow=yes PAM_MSG="yes" AC_DEFINE(USE_PAM) @@ -918,9 +959,13 @@ if test "x$PAM_MSG" = "xyes" ; then AC_TRY_COMPILE( [ #include +#if defined(HAVE_SECURITY_PAM_APPL_H) #include - ], - [(void)pam_strerror((pam_handle_t *)NULL, -1);], +#elif defined (HAVE_PAM_PAM_APPL_H) +#include +#endif + ], + [(void)pam_strerror((pam_handle_t *)NULL, -1);], [AC_MSG_RESULT(no)], [ AC_DEFINE(HAVE_OLD_PAM) @@ -991,12 +1036,12 @@ AC_TRY_RUN( #include #define DATA "conftest.sslincver" int main(void) { - FILE *fd; - int rc; + FILE *fd; + int rc; - fd = fopen(DATA,"w"); - if(fd == NULL) - exit(1); + fd = fopen(DATA,"w"); + if(fd == NULL) + exit(1); if ((rc = fprintf(fd ,"%x (%s)\n", OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT)) <0) exit(1); @@ -1024,12 +1069,12 @@ AC_TRY_RUN( #include #define DATA "conftest.ssllibver" int main(void) { - FILE *fd; - int rc; + FILE *fd; + int rc; - fd = fopen(DATA,"w"); - if(fd == NULL) - exit(1); + fd = fopen(DATA,"w"); + if(fd == NULL) + exit(1); if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0) exit(1); @@ -1066,7 +1111,7 @@ Also see contrib/findssl.sh for help identifying header/library mismatches.]) ] ) -# Some Linux systems (Slackware) need crypt() from libcrypt, *not* the +# Some Linux systems (Slackware) need crypt() from libcrypt, *not* the # version in OpenSSL. Skip this for PAM if test "x$check_for_libcrypt_later" = "x1"; then AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt") @@ -1101,7 +1146,7 @@ AC_ARG_WITH(rand-helper, [ --with-rand-helper Use subprocess to gather strong randomness ], [ if test "x$withval" = "xno" ; then - # Force use of OpenSSL's internal RNG, even if + # Force use of OpenSSL's internal RNG, even if # the previous test showed it to be unseeded. if test -z "$OPENSSL_SEEDS_ITSELF" ; then AC_MSG_WARN([*** Forcing use of OpenSSL's non-self-seeding PRNG]) @@ -1238,7 +1283,7 @@ test -d /sbin && PATH=$PATH:/sbin test -d /usr/sbin && PATH=$PATH:/usr/sbin PATH=$PATH:/etc:$OPATH -# These programs are used by the command hashing source to gather entropy +# These programs are used by the command hashing source to gather entropy OSSH_PATH_ENTROPY_PROG(PROG_LS, ls) OSSH_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat) OSSH_PATH_ENTROPY_PROG(PROG_ARP, arp) @@ -1294,8 +1339,8 @@ fi # More checks for data types AC_CACHE_CHECK([for u_int type], ac_cv_have_u_int, [ AC_TRY_COMPILE( - [ #include ], - [ u_int a; a = 1;], + [ #include ], + [ u_int a; a = 1;], [ ac_cv_have_u_int="yes" ], [ ac_cv_have_u_int="no" ] ) @@ -1307,8 +1352,8 @@ fi AC_CACHE_CHECK([for intXX_t types], ac_cv_have_intxx_t, [ AC_TRY_COMPILE( - [ #include ], - [ int8_t a; int16_t b; int32_t c; a = b = c = 1;], + [ #include ], + [ int8_t a; int16_t b; int32_t c; a = b = c = 1;], [ ac_cv_have_intxx_t="yes" ], [ ac_cv_have_intxx_t="no" ] ) @@ -1319,12 +1364,12 @@ if test "x$ac_cv_have_intxx_t" = "xyes" ; then fi if (test -z "$have_intxx_t" && \ - test "x$ac_cv_header_stdint_h" = "xyes") + test "x$ac_cv_header_stdint_h" = "xyes") then AC_MSG_CHECKING([for intXX_t types in stdint.h]) AC_TRY_COMPILE( - [ #include ], - [ int8_t a; int16_t b; int32_t c; a = b = c = 1;], + [ #include ], + [ int8_t a; int16_t b; int32_t c; a = b = c = 1;], [ AC_DEFINE(HAVE_INTXX_T) AC_MSG_RESULT(yes) @@ -1344,8 +1389,8 @@ AC_CACHE_CHECK([for int64_t type], ac_cv_have_int64_t, [ #ifdef HAVE_SYS_BITYPES_H # include #endif - ], - [ int64_t a; a = 1;], + ], + [ int64_t a; a = 1;], [ ac_cv_have_int64_t="yes" ], [ ac_cv_have_int64_t="no" ] ) @@ -1356,8 +1401,8 @@ fi AC_CACHE_CHECK([for u_intXX_t types], ac_cv_have_u_intxx_t, [ AC_TRY_COMPILE( - [ #include ], - [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;], + [ #include ], + [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;], [ ac_cv_have_u_intxx_t="yes" ], [ ac_cv_have_u_intxx_t="no" ] ) @@ -1370,8 +1415,8 @@ fi if test -z "$have_u_intxx_t" ; then AC_MSG_CHECKING([for u_intXX_t types in sys/socket.h]) AC_TRY_COMPILE( - [ #include ], - [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;], + [ #include ], + [ u_int8_t a; u_int16_t b; u_int32_t c; a = b = c = 1;], [ AC_DEFINE(HAVE_U_INTXX_T) AC_MSG_RESULT(yes) @@ -1382,8 +1427,8 @@ fi AC_CACHE_CHECK([for u_int64_t types], ac_cv_have_u_int64_t, [ AC_TRY_COMPILE( - [ #include ], - [ u_int64_t a; a = 1;], + [ #include ], + [ u_int64_t a; a = 1;], [ ac_cv_have_u_int64_t="yes" ], [ ac_cv_have_u_int64_t="no" ] ) @@ -1396,7 +1441,7 @@ fi if test -z "$have_u_int64_t" ; then AC_MSG_CHECKING([for u_int64_t type in sys/bitypes.h]) AC_TRY_COMPILE( - [ #include ], + [ #include ], [ u_int64_t a; a = 1], [ AC_DEFINE(HAVE_U_INT64_T) @@ -1411,8 +1456,8 @@ if test -z "$have_u_intxx_t" ; then AC_TRY_COMPILE( [ #include - ], - [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ], + ], + [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1; ], [ ac_cv_have_uintxx_t="yes" ], [ ac_cv_have_uintxx_t="no" ] ) @@ -1425,8 +1470,8 @@ fi if test -z "$have_uintxx_t" ; then AC_MSG_CHECKING([for uintXX_t types in stdint.h]) AC_TRY_COMPILE( - [ #include ], - [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;], + [ #include ], + [ uint8_t a; uint16_t b; uint32_t c; a = b = c = 1;], [ AC_DEFINE(HAVE_UINTXX_T) AC_MSG_RESULT(yes) @@ -1436,25 +1481,25 @@ if test -z "$have_uintxx_t" ; then fi if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \ - test "x$ac_cv_header_sys_bitypes_h" = "xyes") + test "x$ac_cv_header_sys_bitypes_h" = "xyes") then AC_MSG_CHECKING([for intXX_t and u_intXX_t types in sys/bitypes.h]) AC_TRY_COMPILE( [ #include - ], + ], [ int8_t a; int16_t b; int32_t c; u_int8_t e; u_int16_t f; u_int32_t g; a = b = c = e = f = g = 1; - ], + ], [ AC_DEFINE(HAVE_U_INTXX_T) AC_DEFINE(HAVE_INTXX_T) AC_MSG_RESULT(yes) ], [AC_MSG_RESULT(no)] - ) + ) fi @@ -1635,8 +1680,8 @@ fi AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [ AC_TRY_COMPILE( - [ #include ], - [ struct timeval tv; tv.tv_sec = 1;], + [ #include ], + [ struct timeval tv; tv.tv_sec = 1;], [ ac_cv_have_struct_timeval="yes" ], [ ac_cv_have_struct_timeval="no" ] ) @@ -1676,7 +1721,7 @@ main() strcpy(expected_out, "9223372036854775807"); snprintf(buf, mazsize, "%lld", num); if(strcmp(buf, expected_out) != 0) - exit(1); + exit(1); exit(0); } #else @@ -1834,8 +1879,8 @@ if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then fi AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [ - AC_TRY_LINK([], - [ extern char *__progname; printf("%s", __progname); ], + AC_TRY_LINK([], + [ extern char *__progname; printf("%s", __progname); ], [ ac_cv_libc_defines___progname="yes" ], [ ac_cv_libc_defines___progname="no" ] ) @@ -1847,8 +1892,8 @@ fi AC_CACHE_CHECK([whether $CC implements __FUNCTION__], ac_cv_cc_implements___FUNCTION__, [ AC_TRY_LINK([ #include -], - [ printf("%s", __FUNCTION__); ], +], + [ printf("%s", __FUNCTION__); ], [ ac_cv_cc_implements___FUNCTION__="yes" ], [ ac_cv_cc_implements___FUNCTION__="no" ] ) @@ -1860,8 +1905,8 @@ fi AC_CACHE_CHECK([whether $CC implements __func__], ac_cv_cc_implements___func__, [ AC_TRY_LINK([ #include -], - [ printf("%s", __func__); ], +], + [ printf("%s", __func__); ], [ ac_cv_cc_implements___func__="yes" ], [ ac_cv_cc_implements___func__="no" ] ) @@ -1886,8 +1931,8 @@ if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then fi AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [ - AC_TRY_LINK([], - [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);], + AC_TRY_LINK([], + [ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);], [ ac_cv_libc_defines_sys_errlist="yes" ], [ ac_cv_libc_defines_sys_errlist="no" ] ) @@ -1898,8 +1943,8 @@ fi AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [ - AC_TRY_LINK([], - [ extern int sys_nerr; printf("%i", sys_nerr);], + AC_TRY_LINK([], + [ extern int sys_nerr; printf("%i", sys_nerr);], [ ac_cv_libc_defines_sys_nerr="yes" ], [ ac_cv_libc_defines_sys_nerr="no" ] ) @@ -1908,7 +1953,7 @@ if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then AC_DEFINE(HAVE_SYS_NERR) fi -SCARD_MSG="no" +SCARD_MSG="no" # Check whether user wants sectok support AC_ARG_WITH(sectok, [ --with-sectok Enable smartcard support using libsectok], @@ -1934,7 +1979,7 @@ AC_ARG_WITH(sectok, fi AC_DEFINE(SMARTCARD) AC_DEFINE(USE_SECTOK) - SCARD_MSG="yes, using sectok" + SCARD_MSG="yes, using sectok" fi ] ) @@ -1954,65 +1999,55 @@ if test x$opensc_config_prefix != x ; then LDFLAGS="$LDFLAGS $LIBOPENSC_LIBS" AC_DEFINE(SMARTCARD) AC_DEFINE(USE_OPENSC) - SCARD_MSG="yes, using OpenSC" + SCARD_MSG="yes, using OpenSC" fi fi -# Check whether user wants DNS support -DNS_MSG="no" -AC_ARG_WITH(dns, - [ --with-dns Support for fetching keys from DNS (experimental)], +# Check libraries needed by DNS fingerprint support +AC_SEARCH_LIBS(getrrsetbyname, resolv, + [AC_DEFINE(HAVE_GETRRSETBYNAME)], [ - if test "x$withval" != "xno" ; then - DNS_MSG="yes" - AC_DEFINE(DNS) - AC_SEARCH_LIBS(getrrsetbyname, resolv, - [AC_DEFINE(HAVE_GETRRSETBYNAME)], - [ - # Needed by our getrrsetbyname() - AC_SEARCH_LIBS(res_query, resolv) - AC_SEARCH_LIBS(dn_expand, resolv) - AC_CHECK_FUNCS(_getshort _getlong) - AC_CHECK_MEMBER(HEADER.ad, - [AC_DEFINE(HAVE_HEADER_AD)],, - [#include ]) - ]) - fi - ] -) + # Needed by our getrrsetbyname() + AC_SEARCH_LIBS(res_query, resolv) + AC_SEARCH_LIBS(dn_expand, resolv) + AC_CHECK_FUNCS(_getshort _getlong) + AC_CHECK_MEMBER(HEADER.ad, + [AC_DEFINE(HAVE_HEADER_AD)],, + [#include ]) + ]) # Check whether user wants Kerberos 5 support -KRB5_MSG="no" +KRB5_MSG="no" AC_ARG_WITH(kerberos5, - [ --with-kerberos5=PATH Enable Kerberos 5 support], - [ - if test "x$withval" != "xno" ; then - if test "x$withval" = "xyes" ; then - KRB5ROOT="/usr/local" - else - KRB5ROOT=${withval} - fi + [ --with-kerberos5=PATH Enable Kerberos 5 support], + [ + if test "x$withval" != "xno" ; then + if test "x$withval" = "xyes" ; then + KRB5ROOT="/usr/local" + else + KRB5ROOT=${withval} + fi CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include" - LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib" - AC_DEFINE(KRB5) + LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib" + AC_DEFINE(KRB5) KRB5_MSG="yes" - AC_MSG_CHECKING(whether we are using Heimdal) - AC_TRY_COMPILE([ #include ], - [ char *tmp = heimdal_version; ], - [ AC_MSG_RESULT(yes) - AC_DEFINE(HEIMDAL) - K5LIBS="-lkrb5 -ldes -lcom_err -lasn1 -lroken" - ], - [ AC_MSG_RESULT(no) - K5LIBS="-lkrb5 -lk5crypto -lcom_err" - ] - ) - if test ! -z "$need_dash_r" ; then - LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib" - fi - if test ! -z "$blibpath" ; then - blibpath="$blibpath:${KRB5ROOT}/lib" - fi + AC_MSG_CHECKING(whether we are using Heimdal) + AC_TRY_COMPILE([ #include ], + [ char *tmp = heimdal_version; ], + [ AC_MSG_RESULT(yes) + AC_DEFINE(HEIMDAL) + K5LIBS="-lkrb5 -ldes -lcom_err -lasn1 -lroken" + ], + [ AC_MSG_RESULT(no) + K5LIBS="-lkrb5 -lk5crypto -lcom_err" + ] + ) + if test ! -z "$need_dash_r" ; then + LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib" + fi + if test ! -z "$blibpath" ; then + blibpath="$blibpath:${KRB5ROOT}/lib" + fi AC_SEARCH_LIBS(dn_expand, resolv) AC_CHECK_LIB(gssapi,gss_init_sec_context, @@ -2020,7 +2055,7 @@ AC_ARG_WITH(kerberos5, K5LIBS="-lgssapi $K5LIBS" ], [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context, [ AC_DEFINE(GSSAPI) - K5LIBS="-lgssapi_krb5 $K5LIBS" ], + K5LIBS="-lgssapi_krb5 $K5LIBS" ], AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]), $K5LIBS) ], @@ -2028,10 +2063,10 @@ AC_ARG_WITH(kerberos5, AC_CHECK_HEADER(gssapi.h, , [ unset ac_cv_header_gssapi_h - CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" + CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" AC_CHECK_HEADERS(gssapi.h, , AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail]) - ) + ) ] ) @@ -2040,9 +2075,9 @@ AC_ARG_WITH(kerberos5, AC_CHECK_HEADER(gssapi_krb5.h, , [ CPPFLAGS="$oldCPP" ]) - KRB5=yes - fi - ] + KRB5=yes + fi + ] ) LIBS="$LIBS $K5LIBS" @@ -2107,7 +2142,7 @@ fi if test -z "$no_dev_ptmx" ; then if test "x$disable_ptmx_check" != "xyes" ; then - AC_CHECK_FILE("/dev/ptmx", + AC_CHECK_FILE("/dev/ptmx", [ AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX) have_dev_ptmx=1 @@ -2115,7 +2150,7 @@ if test -z "$no_dev_ptmx" ; then ) fi fi -AC_CHECK_FILE("/dev/ptc", +AC_CHECK_FILE("/dev/ptc", [ AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC) have_dev_ptc=1 @@ -2156,13 +2191,13 @@ fi AC_SUBST(mansubdir) # Check whether to enable MD5 passwords -MD5_MSG="no" +MD5_MSG="no" AC_ARG_WITH(md5-passwords, [ --with-md5-passwords Enable use of MD5 passwords], [ if test "x$withval" != "xno" ; then AC_DEFINE(HAVE_MD5_PASSWORDS) - MD5_MSG="yes" + MD5_MSG="yes" fi ] ) @@ -2202,13 +2237,13 @@ if test ! -z "$IPADDR_IN_DISPLAY" ; then DISPLAY_HACK_MSG="yes" AC_DEFINE(IPADDR_IN_DISPLAY) else - DISPLAY_HACK_MSG="no" + DISPLAY_HACK_MSG="no" AC_ARG_WITH(ipaddr-display, [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY], [ if test "x$withval" != "xno" ; then AC_DEFINE(IPADDR_IN_DISPLAY) - DISPLAY_HACK_MSG="yes" + DISPLAY_HACK_MSG="yes" fi ] ) @@ -2232,7 +2267,7 @@ if test $ac_cv_func_login_getcapbool = "yes" -a \ fi # Whether to mess with the default path -SERVER_PATH_MSG="(default)" +SERVER_PATH_MSG="(default)" AC_ARG_WITH(default-path, [ --with-default-path= Specify default \$PATH environment for server], [ @@ -2247,7 +2282,7 @@ Edit /etc/login.conf instead.]) $external_path_file .]) fi user_path="$withval" - SERVER_PATH_MSG="$withval" + SERVER_PATH_MSG="$withval" fi ], [ if test "x$external_path_file" = "x/etc/login.conf" ; then @@ -2331,14 +2366,14 @@ AC_ARG_WITH(superuser-path, AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses]) -IPV4_IN6_HACK_MSG="no" +IPV4_IN6_HACK_MSG="no" AC_ARG_WITH(4in6, [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses], [ if test "x$withval" != "xno" ; then AC_MSG_RESULT(yes) AC_DEFINE(IPV4_IN_IPV6) - IPV4_IN6_HACK_MSG="yes" + IPV4_IN6_HACK_MSG="yes" else AC_MSG_RESULT(no) fi @@ -2346,7 +2381,7 @@ AC_ARG_WITH(4in6, if test "x$inet6_default_4in6" = "xyes"; then AC_MSG_RESULT([yes (default)]) AC_DEFINE(IPV4_IN_IPV6) - IPV4_IN6_HACK_MSG="yes" + IPV4_IN6_HACK_MSG="yes" else AC_MSG_RESULT([no (default)]) fi @@ -2371,7 +2406,7 @@ piddir=/var/run if test ! -d $piddir ; then piddir=`eval echo ${sysconfdir}` case $piddir in - NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;; + NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;; esac fi @@ -2443,7 +2478,7 @@ AC_ARG_ENABLE(pututline, [ --disable-pututline disable use of pututline() etc. ([uw]tmp) [no]], [ if test "x$enableval" = "xno" ; then - AC_DEFINE(DISABLE_PUTUTLINE) + AC_DEFINE(DISABLE_PUTUTLINE) fi ] ) @@ -2697,7 +2732,6 @@ if test ! -z "$superuser_path" ; then echo " sshd superuser user PATH: $J" fi echo " Manpage format: $MANTYPE" -echo " DNS support: $DNS_MSG" echo " PAM support: $PAM_MSG" echo " KerberosV support: $KRB5_MSG" echo " Smartcard support: $SCARD_MSG" @@ -2726,7 +2760,7 @@ echo "" if test "x$PAM_MSG" = "xyes" ; then echo "PAM is enabled. You may need to install a PAM control file " echo "for sshd, otherwise password authentication may fail. " - echo "Example PAM control files can be found in the contrib/ " + echo "Example PAM control files can be found in the contrib/ " echo "subdirectory" echo "" fi diff --git a/openssh/contrib/README b/openssh/contrib/README index 67dbbd2..9de3d96 100644 --- a/openssh/contrib/README +++ b/openssh/contrib/README @@ -1,4 +1,4 @@ -Other patches and addons for OpenSSH. Please send submissions to +Other patches and addons for OpenSSH. Please send submissions to djm@mindrot.org Externally maintained @@ -7,7 +7,7 @@ Externally maintained SSH Proxy Command -- connect.c Shun-ichi GOTO has written a very useful ProxyCommand -which allows the use of outbound SSH from behind a SOCKS4, SOCKS5 or +which allows the use of outbound SSH from behind a SOCKS4, SOCKS5 or https CONNECT style proxy server. His page for connect.c has extensive documentation on its use as well as compiled versions for Win32. @@ -47,7 +47,7 @@ Dominik Brettnacher mdoc2man.pl: Converts mdoc formated manpages into normal manpages. This can be used -on Solaris machines to provide manpages that are not preformated. +on Solaris machines to provide manpages that are not preformated. Contributed by Mark D. Roth redhat: diff --git a/openssh/contrib/aix/buildbff.sh b/openssh/contrib/aix/buildbff.sh index 8d1bc3c..4b5d71b 100755 --- a/openssh/contrib/aix/buildbff.sh +++ b/openssh/contrib/aix/buildbff.sh @@ -6,7 +6,7 @@ # Author: Darren Tucker (dtucker at zip dot com dot au) # This file is placed in the public domain and comes with absolutely # no warranty. -# +# # Based originally on Ben Lindstrom's buildpkg.sh for Solaris # @@ -45,7 +45,7 @@ fi if [ ! -f Makefile ] then echo "Makefile not found (did you run configure?)" - exit 1 + exit 1 fi # @@ -96,12 +96,12 @@ then PRIVSEP_PATH=/var/empty fi -# Clean package build directory +# Clean package build directory rm -rf $objdir/$PKGDIR FAKE_ROOT=$objdir/$PKGDIR/root mkdir -p $FAKE_ROOT -# Start by faking root install +# Start by faking root install echo "Faking root install..." cd $objdir make install-nokeys DESTDIR=$FAKE_ROOT @@ -136,15 +136,15 @@ echo "Building BFF for $PKGNAME $VERSION (package version $BFFVERSION)" # # Set ssh and sshd parameters as per config.local # -if [ "${PERMIT_ROOT_LOGIN}" = no ] +if [ "${PERMIT_ROOT_LOGIN}" = no ] then - perl -p -i -e "s/#PermitRootLogin yes/PermitRootLogin no/" \ - $FAKE_ROOT/${sysconfdir}/sshd_config + perl -p -i -e "s/#PermitRootLogin yes/PermitRootLogin no/" \ + $FAKE_ROOT/${sysconfdir}/sshd_config fi if [ "${X11_FORWARDING}" = yes ] then - perl -p -i -e "s/#X11Forwarding no/X11Forwarding yes/" \ - $FAKE_ROOT/${sysconfdir}/sshd_config + perl -p -i -e "s/#X11Forwarding no/X11Forwarding yes/" \ + $FAKE_ROOT/${sysconfdir}/sshd_config fi @@ -190,13 +190,13 @@ cat <>../openssh.post_i echo Creating configs from defaults if necessary. for cfgfile in ssh_config sshd_config ssh_prng_cmds do - if [ ! -f $sysconfdir/\$cfgfile ] - then - echo "Creating \$cfgfile from default" - cp $sysconfdir/\$cfgfile.default $sysconfdir/\$cfgfile - else - echo "\$cfgfile already exists." - fi + if [ ! -f $sysconfdir/\$cfgfile ] + then + echo "Creating \$cfgfile from default" + cp $sysconfdir/\$cfgfile.default $sysconfdir/\$cfgfile + else + echo "\$cfgfile already exists." + fi done echo @@ -244,19 +244,19 @@ echo # Generate keys unless they already exist echo Creating host keys if required. if [ -f "$sysconfdir/ssh_host_key" ] ; then - echo "$sysconfdir/ssh_host_key already exists, skipping." + echo "$sysconfdir/ssh_host_key already exists, skipping." else - $bindir/ssh-keygen -t rsa1 -f $sysconfdir/ssh_host_key -N "" + $bindir/ssh-keygen -t rsa1 -f $sysconfdir/ssh_host_key -N "" fi if [ -f $sysconfdir/ssh_host_dsa_key ] ; then - echo "$sysconfdir/ssh_host_dsa_key already exists, skipping." + echo "$sysconfdir/ssh_host_dsa_key already exists, skipping." else - $bindir/ssh-keygen -t dsa -f $sysconfdir/ssh_host_dsa_key -N "" + $bindir/ssh-keygen -t dsa -f $sysconfdir/ssh_host_dsa_key -N "" fi if [ -f $sysconfdir/ssh_host_rsa_key ] ; then - echo "$sysconfdir/ssh_host_rsa_key already exists, skipping." -else - $bindir/ssh-keygen -t rsa -f $sysconfdir/ssh_host_rsa_key -N "" + echo "$sysconfdir/ssh_host_rsa_key already exists, skipping." +else + $bindir/ssh-keygen -t rsa -f $sysconfdir/ssh_host_rsa_key -N "" fi echo @@ -369,7 +369,7 @@ echo Creating $PKGNAME-$VERSION.bff with backup... rm -f $PKGNAME-$VERSION.bff ( echo "./lpp_name" - find . ! -name lpp_name -a ! -name . -print + find . ! -name lpp_name -a ! -name . -print ) | backup -i -q -f ../$PKGNAME-$VERSION.bff $filelist # diff --git a/openssh/contrib/aix/inventory.sh b/openssh/contrib/aix/inventory.sh index 4d07e9a..44f59a4 100755 --- a/openssh/contrib/aix/inventory.sh +++ b/openssh/contrib/aix/inventory.sh @@ -59,5 +59,5 @@ find . ! -name . -print | perl -ne '{ } elsif ( -d $_ ) { # Entry is Directory print "\ttype=DIRECTORY\n"; - } + } }' diff --git a/openssh/contrib/caldera/openssh.spec b/openssh/contrib/caldera/openssh.spec index d39d5b7..d41bf38 100644 --- a/openssh/contrib/caldera/openssh.spec +++ b/openssh/contrib/caldera/openssh.spec @@ -180,7 +180,6 @@ CFLAGS="$RPM_OPT_FLAGS" \ %configure \ --with-pam \ --with-tcp-wrappers \ - --with-ipv4-default \ --with-privsep-path=%{_var}/empty/sshd \ #leave this line for easy edits. diff --git a/openssh/contrib/caldera/ssh-host-keygen b/openssh/contrib/caldera/ssh-host-keygen index 94e3997..fea435a 100755 --- a/openssh/contrib/caldera/ssh-host-keygen +++ b/openssh/contrib/caldera/ssh-host-keygen @@ -12,7 +12,7 @@ keydir=@sysconfdir@ keygen=@sshkeygen@ if [ -f $keydir/ssh_host_key -o \ - -f $keydir/ssh_host_key.pub ]; then + -f $keydir/ssh_host_key.pub ]; then echo "You already have an SSH1 RSA host key in $keydir/ssh_host_key." else echo "Generating 1024 bit SSH1 RSA host key." @@ -20,7 +20,7 @@ else fi if [ -f $keydir/ssh_host_rsa_key -o \ - -f $keydir/ssh_host_rsa_key.pub ]; then + -f $keydir/ssh_host_rsa_key.pub ]; then echo "You already have an SSH2 RSA host key in $keydir/ssh_host_rsa_key." else echo "Generating 1024 bit SSH2 RSA host key." @@ -28,7 +28,7 @@ else fi if [ -f $keydir/ssh_host_dsa_key -o \ - -f $keydir/ssh_host_dsa_key.pub ]; then + -f $keydir/ssh_host_dsa_key.pub ]; then echo "You already have an SSH2 DSA host key in $keydir/ssh_host_dsa_key." else echo "Generating SSH2 DSA host key." diff --git a/openssh/contrib/caldera/sshd.init b/openssh/contrib/caldera/sshd.init index bb0c9f9..1368d03 100755 --- a/openssh/contrib/caldera/sshd.init +++ b/openssh/contrib/caldera/sshd.init @@ -64,11 +64,11 @@ case "$1" in SVIemptyConfig @sysconfdir@/sshd_config && exit 6 if [ ! \( -f @sysconfdir@/ssh_host_key -a \ - -f @sysconfdir@/ssh_host_key.pub \) -a \ + -f @sysconfdir@/ssh_host_key.pub \) -a \ ! \( -f @sysconfdir@/ssh_host_rsa_key -a \ - -f @sysconfdir@/ssh_host_rsa_key.pub \) -a \ + -f @sysconfdir@/ssh_host_rsa_key.pub \) -a \ ! \( -f @sysconfdir@/ssh_host_dsa_key -a \ - -f @sysconfdir@/ssh_host_dsa_key.pub \) ]; then + -f @sysconfdir@/ssh_host_dsa_key.pub \) ]; then echo "$SVIsubsys: host key not initialized: skipped!" echo "$SVIsubsys: use ssh-host-keygen to generate one!" diff --git a/openssh/contrib/cygwin/Makefile b/openssh/contrib/cygwin/Makefile new file mode 100644 index 0000000..09e8ea2 --- /dev/null +++ b/openssh/contrib/cygwin/Makefile @@ -0,0 +1,56 @@ +srcdir=../.. +prefix=/usr +exec_prefix=$(prefix) +bindir=$(prefix)/bin +datadir=$(prefix)/share +docdir=$(datadir)/doc +sshdocdir=$(docdir)/openssh +cygdocdir=$(docdir)/Cygwin +sysconfdir=/etc +defaultsdir=$(sysconfdir)/defaults/etc +PRIVSEP_PATH=/var/empty +INSTALL=/usr/bin/install -c + +DESTDIR= + +all: + @echo + @echo "Use \`make cygwin-postinstall DESTDIR=[package directory]'" + @echo "Be sure having DESTDIR set correctly!" + @echo + +move-config-files: $(DESTDIR)$(sysconfdir)/ssh_config $(DESTDIR)$(sysconfdir)/sshd_config + $(srcdir)/mkinstalldirs $(DESTDIR)$(defaultsdir) + mv $(DESTDIR)$(sysconfdir)/ssh_config $(DESTDIR)$(defaultsdir) + mv $(DESTDIR)$(sysconfdir)/sshd_config $(DESTDIR)$(defaultsdir) + +remove-empty-dir: + rm -rf $(DESTDIR)$(PRIVSEP_PATH) + +install-sshdoc: + $(srcdir)/mkinstalldirs $(DESTDIR)$(sshdocdir) + $(INSTALL) -m 644 $(srcdir)/CREDITS $(DESTDIR)$(sshdocdir)/CREDITS + $(INSTALL) -m 644 $(srcdir)/ChangeLog $(DESTDIR)$(sshdocdir)/ChangeLog + $(INSTALL) -m 644 $(srcdir)/LICENCE $(DESTDIR)$(sshdocdir)/LICENCE + $(INSTALL) -m 644 $(srcdir)/OVERVIEW $(DESTDIR)$(sshdocdir)/OVERVIEW + $(INSTALL) -m 644 $(srcdir)/README $(DESTDIR)$(sshdocdir)/README + $(INSTALL) -m 644 $(srcdir)/README.dns $(DESTDIR)$(sshdocdir)/README.dns + $(INSTALL) -m 644 $(srcdir)/README.privsep $(DESTDIR)$(sshdocdir)/README.privsep + $(INSTALL) -m 644 $(srcdir)/README.smartcard $(DESTDIR)$(sshdocdir)/README.smartcard + $(INSTALL) -m 644 $(srcdir)/RFC.nroff $(DESTDIR)$(sshdocdir)/RFC.nroff + $(INSTALL) -m 644 $(srcdir)/TODO $(DESTDIR)$(sshdocdir)/TODO + $(INSTALL) -m 644 $(srcdir)/WARNING.RNG $(DESTDIR)$(sshdocdir)/WARNING.RNG + +install-cygwindoc: README + $(srcdir)/mkinstalldirs $(DESTDIR)$(cygdocdir) + $(INSTALL) -m 644 README $(DESTDIR)$(cygdocdir)/openssh.README + +install-doc: install-sshdoc install-cygwindoc + +install-scripts: ssh-host-config ssh-user-config + $(srcdir)/mkinstalldirs $(DESTDIR)$(bindir) + $(INSTALL) -m 755 ssh-host-config $(DESTDIR)$(bindir)/ssh-host-config + $(INSTALL) -m 755 ssh-user-config $(DESTDIR)$(bindir)/ssh-user-config + +cygwin-postinstall: move-config-files remove-empty-dir install-doc install-scripts + @echo "Cygwin specific configuration finished." diff --git a/openssh/contrib/cygwin/README b/openssh/contrib/cygwin/README index ec58964..1ed9343 100644 --- a/openssh/contrib/cygwin/README +++ b/openssh/contrib/cygwin/README @@ -1,4 +1,49 @@ -This package is the actual port of OpenSSH to Cygwin 1.5. +This package describes important Cygwin specific stuff concerning OpenSSH. + +The binary package is usually built for recent Cygwin versions and might +not run on older versions. Please check http://cygwin.com/ for information +about current Cygwin releases. + +Build instructions are at the end of the file. + +=========================================================================== +Important change since 3.7.1p2-2: + +The ssh-host-config file doesn't create the /etc/ssh_config and +/etc/sshd_config files from builtin here-scripts anymore, but it uses +skeleton files installed in /etc/defaults/etc. + +Also it now tries hard to create appropriate permissions on files. +Same applies for ssh-user-config. + +After creating the sshd service with ssh-host-config, it's advisable to +call ssh-user-config for all affected users, also already exising user +configurations. In the latter case, file and directory permissions are +checked and changed, if requireed to match the host configuration. + +Important note for Windows 2003 Server users: +--------------------------------------------- + +2003 Server has a funny new feature. When starting services under SYSTEM +account, these services have nearly all user rights which SYSTEM holds... +except for the "Create a token object" right, which is needed to allow +public key authentication :-( + +There's no way around this, except for creating a substitute account which +has the appropriate privileges. Basically, this account should be member +of the administrators group, plus it should have the following user rights: + + Create a token object + Logon as a service + Replace a process level token + Increase Quota + +The ssh-host-config script asks you, if it should create such an account, +called "sshd_server". If you say "no" here, you're on your own. Please +follow the instruction in ssh-host-config exactly if possible. Note that +ssh-user-config sets the permissions on 2003 Server machines dependent of +whether a sshd_server account exists or not. +=========================================================================== =========================================================================== Important change since 3.4p1-2: @@ -58,7 +103,7 @@ features of the FAT/FAT32 filesystems. If you are installing OpenSSH the first time, you can generate global config files and server keys by running - + /usr/bin/ssh-host-config Note that this binary archive doesn't contain default config files in /etc. @@ -114,54 +159,6 @@ ${SYSTEMROOT}/system32/drivers/etc/services file: ssh 22/tcp #SSH daemon -=========================================================================== -The following restrictions only apply to Cygwin versions up to 1.3.1 -=========================================================================== - -Authentication to sshd is possible in one of two ways. -You'll have to decide before starting sshd! - -- If you want to authenticate via RSA and you want to login to that - machine to exactly one user account you can do so by running sshd - under that user account. You must change /etc/sshd_config - to contain the following: - - RSAAuthentication yes - - Moreover it's possible to use rhosts and/or rhosts with - RSA authentication by setting the following in sshd_config: - - RhostsAuthentication yes - RhostsRSAAuthentication yes - -- If you want to be able to login to different user accounts you'll - have to start sshd under system account or any other account that - is able to switch user context. Note that administrators are _not_ - able to do that by default! You'll have to give the following - special user rights to the user: - "Act as part of the operating system" - "Replace process level token" - "Increase quotas" - and if used via service manager - "Logon as a service". - - The system account does of course own that user rights by default. - - Unfortunately, if you choose that way, you can only logon with - NT password authentification and you should change - /etc/sshd_config to contain the following: - - PasswordAuthentication yes - RhostsAuthentication no - RhostsRSAAuthentication no - RSAAuthentication no - - However you can login to the user which has started sshd with - RSA authentication anyway. If you want that, change the RSA - authentication setting back to "yes": - - RSAAuthentication yes - Please note that OpenSSH does never use the value of $HOME to search for the users configuration files! It always uses the value of the pw_dir field in /etc/passwd as the home directory. @@ -169,7 +166,7 @@ If no home diretory is set in /etc/passwd, the root directory is used instead! You may use all features of the CYGWIN=ntsec setting the same -way as they are used by the `login' port on sources.redhat.com: +way as they are used by Cygwin's login(1) port: The pw_gecos field may contain an additional field, that begins with (upper case!) "U-", followed by the domain and the username @@ -186,6 +183,8 @@ way as they are used by the `login' port on sources.redhat.com: locuser::1104:513:John Doe,U-user,S-1-5-21-... +Note that the CYGWIN=ntsec setting is required for public key authentication. + SSH2 server and user keys are generated by the `ssh-*-config' scripts as well. @@ -194,15 +193,30 @@ configure are used for the Cygwin binary distribution: --prefix=/usr \ --sysconfdir=/etc \ - --libexecdir='${exec_prefix}/sbin' - -You must have installed the zlib and openssl packages to be able to + --libexecdir='$(sbindir)' \ + --localstatedir=/var \ + --datadir='$(prefix)/share' \ + --mandir='$(datadir)/man' \ + --with-tcp-wrappers + +If you want to create a Cygwin package, equivalent to the one +in the Cygwin binary distribution, install like this: + + mkdir /tmp/cygwin-ssh + cd $(builddir) + make install DESTDIR=/tmp/cygwin-ssh + cd $(srcdir)/contrib/cygwin + make cygwin-postinstall DESTDIR=/tmp/cygwin-ssh + cd /tmp/cygwin-ssh + find * \! -type d | tar cvjfT my-openssh.tar.bz2 - + +You must have installed the zlib and openssl-devel packages to be able to build OpenSSH! Please send requests, error reports etc. to cygwin@cygwin.com. Have fun, -Corinna Vinschen +Corinna Vinschen Cygwin Developer Red Hat Inc. diff --git a/openssh/contrib/cygwin/ssh-host-config b/openssh/contrib/cygwin/ssh-host-config index e9c56ae..9c0dabf 100644 --- a/openssh/contrib/cygwin/ssh-host-config +++ b/openssh/contrib/cygwin/ssh-host-config @@ -1,6 +1,6 @@ -#!/bin/sh +#!/bin/bash # -# ssh-host-config, Copyright 2000, Red Hat Inc. +# ssh-host-config, Copyright 2000, 2001, 2002, 2003 Red Hat Inc. # # This file is part of the Cygwin port of OpenSSH. @@ -9,10 +9,7 @@ PREFIX=/usr # Directory where the config files are stored SYSCONFDIR=/etc - -# Subdirectory where an old package might be installed -OLDPREFIX=/usr/local -OLDSYSCONFDIR=${OLDPREFIX}/etc +LOCALSTATEDIR=/var progname=$0 auto_answer="" @@ -27,9 +24,11 @@ request() { if [ "${auto_answer}" = "yes" ] then + echo "$1 (yes/no) yes" return 0 elif [ "${auto_answer}" = "no" ] then + echo "$1 (yes/no) no" return 1 fi @@ -37,7 +36,7 @@ request() while [ "X${answer}" != "Xyes" -a "X${answer}" != "Xno" ] do echo -n "$1 (yes/no) " - read answer + read -e answer done if [ "X${answer}" = "Xyes" ] then @@ -60,7 +59,7 @@ do option=$1 shift - case "$option" in + case "${option}" in -d | --debug ) set -x ;; @@ -73,21 +72,33 @@ do auto_answer=no ;; + -c | --cygwin ) + cygwin_value="$1" + shift + ;; + -p | --port ) port_number=$1 shift ;; + -w | --pwd ) + password_value="$1" + shift + ;; + *) echo "usage: ${progname} [OPTION]..." echo echo "This script creates an OpenSSH host configuration." echo echo "Options:" - echo " --debug -d Enable shell's debug output." - echo " --yes -y Answer all questions with \"yes\" automatically." - echo " --no -n Answer all questions with \"no\" automatically." - echo " --port -p sshd listens on port n." + echo " --debug -d Enable shell's debug output." + echo " --yes -y Answer all questions with \"yes\" automatically." + echo " --no -n Answer all questions with \"no\" automatically." + echo " --cygwin -c Use \"options\" as value for CYGWIN environment var." + echo " --port -p sshd listens on port n." + echo " --pwd -w Use \"pwd\" as password for user 'sshd_server'." echo exit 1 ;; @@ -96,8 +107,13 @@ do done # Check if running on NT -_sys="`uname -a`" -_nt=`expr "$_sys" : "CYGWIN_NT"` +_sys="`uname`" +_nt=`expr "${_sys}" : "CYGWIN_NT"` +# If running on NT, check if running under 2003 Server or later +if [ ${_nt} -gt 0 ] +then + _nt2003=`uname | awk -F- '{print ( $2 >= 5.2 ) ? 1 : 0;}'` +fi # Check for running ssh/sshd processes first. Refuse to do anything while # some ssh processes are still running @@ -137,87 +153,33 @@ fi # Create /var/log and /var/log/lastlog if not already existing -if [ -f /var/log ] +if [ -f ${LOCALSTATEDIR}/log ] then - echo "Creating /var/log failed\!" + echo "Creating ${LOCALSTATEDIR}/log failed!" else - if [ ! -d /var/log ] + if [ ! -d ${LOCALSTATEDIR}/log ] then - mkdir -p /var/log + mkdir -p ${LOCALSTATEDIR}/log fi - if [ -d /var/log/lastlog ] + if [ -d ${LOCALSTATEDIR}/log/lastlog ] then - echo "Creating /var/log/lastlog failed\!" - elif [ ! -f /var/log/lastlog ] + chmod 777 ${LOCALSTATEDIR}/log/lastlog + elif [ ! -f ${LOCALSTATEDIR}/log/lastlog ] then - cat /dev/null > /var/log/lastlog + cat /dev/null > ${LOCALSTATEDIR}/log/lastlog + chmod 666 ${LOCALSTATEDIR}/log/lastlog fi fi # Create /var/empty file used as chroot jail for privilege separation -if [ -f /var/empty ] +if [ -f ${LOCALSTATEDIR}/empty ] then - echo "Creating /var/empty failed\!" + echo "Creating ${LOCALSTATEDIR}/empty failed!" else - mkdir -p /var/empty - # On NT change ownership of that dir to user "system" - if [ $_nt -gt 0 ] + mkdir -p ${LOCALSTATEDIR}/empty + if [ ${_nt} -gt 0 ] then - chmod 755 /var/empty - chown system.system /var/empty - fi -fi - -# Check for an old installation in ${OLDPREFIX} unless ${OLDPREFIX} isn't -# the same as ${PREFIX} - -old_install=0 -if [ "${OLDPREFIX}" != "${PREFIX}" ] -then - if [ -f "${OLDPREFIX}/sbin/sshd" ] - then - echo - echo "You seem to have an older installation in ${OLDPREFIX}." - echo - # Check if old global configuration files exist - if [ -f "${OLDSYSCONFDIR}/ssh_host_key" ] - then - if request "Do you want to copy your config files to your new installation?" - then - cp -f ${OLDSYSCONFDIR}/ssh_host_key ${SYSCONFDIR} - cp -f ${OLDSYSCONFDIR}/ssh_host_key.pub ${SYSCONFDIR} - cp -f ${OLDSYSCONFDIR}/ssh_host_dsa_key ${SYSCONFDIR} - cp -f ${OLDSYSCONFDIR}/ssh_host_dsa_key.pub ${SYSCONFDIR} - cp -f ${OLDSYSCONFDIR}/ssh_config ${SYSCONFDIR} - cp -f ${OLDSYSCONFDIR}/sshd_config ${SYSCONFDIR} - fi - fi - if request "Do you want to erase your old installation?" - then - rm -f ${OLDPREFIX}/bin/ssh.exe - rm -f ${OLDPREFIX}/bin/ssh-config - rm -f ${OLDPREFIX}/bin/scp.exe - rm -f ${OLDPREFIX}/bin/ssh-add.exe - rm -f ${OLDPREFIX}/bin/ssh-agent.exe - rm -f ${OLDPREFIX}/bin/ssh-keygen.exe - rm -f ${OLDPREFIX}/bin/slogin - rm -f ${OLDSYSCONFDIR}/ssh_host_key - rm -f ${OLDSYSCONFDIR}/ssh_host_key.pub - rm -f ${OLDSYSCONFDIR}/ssh_host_dsa_key - rm -f ${OLDSYSCONFDIR}/ssh_host_dsa_key.pub - rm -f ${OLDSYSCONFDIR}/ssh_config - rm -f ${OLDSYSCONFDIR}/sshd_config - rm -f ${OLDPREFIX}/man/man1/ssh.1 - rm -f ${OLDPREFIX}/man/man1/scp.1 - rm -f ${OLDPREFIX}/man/man1/ssh-add.1 - rm -f ${OLDPREFIX}/man/man1/ssh-agent.1 - rm -f ${OLDPREFIX}/man/man1/ssh-keygen.1 - rm -f ${OLDPREFIX}/man/man1/slogin.1 - rm -f ${OLDPREFIX}/man/man8/sshd.8 - rm -f ${OLDPREFIX}/sbin/sshd.exe - rm -f ${OLDPREFIX}/sbin/sftp-server.exe - fi - old_install=1 + chmod 755 ${LOCALSTATEDIR}/empty fi fi @@ -255,52 +217,16 @@ then fi fi -# Create default ssh_config from here script +# Create default ssh_config from skeleton file in /etc/defaults/etc if [ ! -f "${SYSCONFDIR}/ssh_config" ] then echo "Generating ${SYSCONFDIR}/ssh_config file" - cat > ${SYSCONFDIR}/ssh_config << EOF -# This is the ssh client system-wide configuration file. See -# ssh_config(5) for more information. This file provides defaults for -# users, and the values can be changed in per-user configuration files -# or on the command line. - -# Configuration data is parsed as follows: -# 1. command line options -# 2. user-specific file -# 3. system-wide file -# Any configuration value is only changed the first time it is set. -# Thus, host-specific definitions should be at the beginning of the -# configuration file, and defaults at the end. - -# Site-wide defaults for various options - -# Host * -# ForwardAgent no -# ForwardX11 no -# RhostsRSAAuthentication no -# RSAAuthentication yes -# PasswordAuthentication yes -# HostbasedAuthentication no -# BatchMode no -# CheckHostIP yes -# AddressFamily any -# ConnectTimeout 0 -# StrictHostKeyChecking ask -# IdentityFile ~/.ssh/identity -# IdentityFile ~/.ssh/id_dsa -# IdentityFile ~/.ssh/id_rsa -# Port 22 -# Protocol 2,1 -# Cipher 3des -# Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc -# EscapeChar ~ -EOF - if [ "$port_number" != "22" ] + cp ${SYSCONFDIR}/defaults/etc/ssh_config ${SYSCONFDIR}/ssh_config + if [ "${port_number}" != "22" ] then echo "Host localhost" >> ${SYSCONFDIR}/ssh_config - echo " Port $port_number" >> ${SYSCONFDIR}/ssh_config + echo " Port ${port_number}" >> ${SYSCONFDIR}/ssh_config fi fi @@ -322,35 +248,35 @@ fi # Prior to creating or modifying sshd_config, care for privilege separation -if [ "$privsep_configured" != "yes" ] +if [ "${privsep_configured}" != "yes" ] then - if [ $_nt -gt 0 ] + if [ ${_nt} -gt 0 ] then echo "Privilege separation is set to yes by default since OpenSSH 3.3." echo "However, this requires a non-privileged account called 'sshd'." - echo "For more info on privilege separation read /usr/doc/openssh/README.privsep." + echo "For more info on privilege separation read /usr/share/doc/openssh/README.privsep." echo - if request "Shall privilege separation be used?" + if request "Should privilege separation be used?" then privsep_used=yes grep -q '^sshd:' ${SYSCONFDIR}/passwd && sshd_in_passwd=yes net user sshd >/dev/null 2>&1 && sshd_in_sam=yes - if [ "$sshd_in_passwd" != "yes" ] + if [ "${sshd_in_passwd}" != "yes" ] then - if [ "$sshd_in_sam" != "yes" ] + if [ "${sshd_in_sam}" != "yes" ] then echo "Warning: The following function requires administrator privileges!" - if request "Shall this script create a local user 'sshd' on this machine?" + if request "Should this script create a local user 'sshd' on this machine?" then - dos_var_empty=`cygpath -w /var/empty` - net user sshd /add /fullname:"sshd privsep" "/homedir:$dos_var_empty" /active:no > /dev/null 2>&1 && sshd_in_sam=yes - if [ "$sshd_in_sam" != "yes" ] + dos_var_empty=`cygpath -w ${LOCALSTATEDIR}/empty` + net user sshd /add /fullname:"sshd privsep" "/homedir:${dos_var_empty}" /active:no > /dev/null 2>&1 && sshd_in_sam=yes + if [ "${sshd_in_sam}" != "yes" ] then echo "Warning: Creating the user 'sshd' failed!" fi fi fi - if [ "$sshd_in_sam" != "yes" ] + if [ "${sshd_in_sam}" != "yes" ] then echo "Warning: Can't create user 'sshd' in ${SYSCONFDIR}/passwd!" echo " Privilege separation set to 'no' again!" @@ -365,161 +291,85 @@ then fi else # On 9x don't use privilege separation. Since security isn't - # available it just adds useless addtional processes. + # available it just adds useless additional processes. privsep_used=no fi fi -# Create default sshd_config from here script or modify to add the -# missing privsep configuration option +# Create default sshd_config from skeleton files in /etc/defaults/etc or +# modify to add the missing privsep configuration option if [ ! -f "${SYSCONFDIR}/sshd_config" ] then echo "Generating ${SYSCONFDIR}/sshd_config file" - cat > ${SYSCONFDIR}/sshd_config << EOF -# This is the sshd server system-wide configuration file. See -# sshd_config(5) for more information. - -# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin - -# The strategy used for options in the default sshd_config shipped with -# OpenSSH is to specify options with their default value where -# possible, but leave them commented. Uncommented options change a -# default value. - -Port $port_number -#Protocol 2,1 -#ListenAddress 0.0.0.0 -#ListenAddress :: - -# HostKey for protocol version 1 -#HostKey ${SYSCONFDIR}/ssh_host_key -# HostKeys for protocol version 2 -#HostKey ${SYSCONFDIR}/ssh_host_rsa_key -#HostKey ${SYSCONFDIR}/ssh_host_dsa_key - -# Lifetime and size of ephemeral version 1 server key -#KeyRegenerationInterval 1h -#ServerKeyBits 768 - -# Logging -#obsoletes QuietMode and FascistLogging -#SyslogFacility AUTH -#LogLevel INFO - -# Authentication: - -#LoginGraceTime 2m -#PermitRootLogin yes -# The following setting overrides permission checks on host key files -# and directories. For security reasons set this to "yes" when running -# NT/W2K, NTFS and CYGWIN=ntsec. -StrictModes no - -#RSAAuthentication yes -#PubkeyAuthentication yes -#AuthorizedKeysFile .ssh/authorized_keys - -# For this to work you will also need host keys in ${SYSCONFDIR}/ssh_known_hosts -#RhostsRSAAuthentication no -# similar for protocol version 2 -#HostbasedAuthentication no -# Change to yes if you don't trust ~/.ssh/known_hosts for -# RhostsRSAAuthentication and HostbasedAuthentication -#IgnoreUserKnownHosts no -# Don't read the user's ~/.rhosts and ~/.shosts files -#IgnoreRhosts yes - -# To disable tunneled clear text passwords, change to no here! -#PasswordAuthentication yes -#PermitEmptyPasswords no - -# Change to no to disable s/key passwords -#ChallengeResponseAuthentication yes - -#AllowTcpForwarding yes -#GatewayPorts no -#X11Forwarding no -#X11DisplayOffset 10 -#X11UseLocalhost yes -#PrintMotd yes -#PrintLastLog yes -#KeepAlive yes -#UseLogin no -UsePrivilegeSeparation $privsep_used -#PermitUserEnvironment no -#Compression yes -#ClientAliveInterval 0 -#ClientAliveCountMax 3 -#UseDNS yes -#PidFile /var/run/sshd.pid -#MaxStartups 10 - -# no default banner path -#Banner /some/path - -# override default of no subsystems -Subsystem sftp /usr/sbin/sftp-server -EOF -elif [ "$privsep_configured" != "yes" ] + sed -e "s/^#UsePrivilegeSeparation yes/UsePrivilegeSeparation ${privsep_used}/ + s/^#Port 22/Port ${port_number}/ + s/^#StrictModes yes/StrictModes no/" \ + < ${SYSCONFDIR}/defaults/etc/sshd_config \ + > ${SYSCONFDIR}/sshd_config +elif [ "${privsep_configured}" != "yes" ] then echo >> ${SYSCONFDIR}/sshd_config - echo "UsePrivilegeSeparation $privsep_used" >> ${SYSCONFDIR}/sshd_config + echo "UsePrivilegeSeparation ${privsep_used}" >> ${SYSCONFDIR}/sshd_config fi # Care for services file -if [ $_nt -gt 0 ] +_my_etcdir="/ssh-host-config.$$" +if [ ${_nt} -gt 0 ] then - _wservices="${SYSTEMROOT}\\system32\\drivers\\etc\\services" - _wserv_tmp="${SYSTEMROOT}\\system32\\drivers\\etc\\srv.out.$$" + _win_etcdir="${SYSTEMROOT}\\system32\\drivers\\etc" + _services="${_my_etcdir}/services" + # On NT, 27 spaces, no space after the hash + _spaces=" #" else - _wservices="${WINDIR}\\SERVICES" - _wserv_tmp="${WINDIR}\\SERV.$$" + _win_etcdir="${WINDIR}" + _services="${_my_etcdir}/SERVICES" + # On 9x, 18 spaces (95 is very touchy), a space after the hash + _spaces=" # " fi -_services=`cygpath -u "${_wservices}"` -_serv_tmp=`cygpath -u "${_wserv_tmp}"` +_serv_tmp="${_my_etcdir}/srv.out.$$" -mount -t -f "${_wservices}" "${_services}" -mount -t -f "${_wserv_tmp}" "${_serv_tmp}" +mount -t -f "${_win_etcdir}" "${_my_etcdir}" + +# Depends on the above mount +_wservices=`cygpath -w "${_services}"` # Remove sshd 22/port from services if [ `grep -q 'sshd[ \t][ \t]*22' "${_services}"; echo $?` -eq 0 ] then grep -v 'sshd[ \t][ \t]*22' "${_services}" > "${_serv_tmp}" if [ -f "${_serv_tmp}" ] - then + then if mv "${_serv_tmp}" "${_services}" then - echo "Removing sshd from ${_services}" + echo "Removing sshd from ${_wservices}" else - echo "Removing sshd from ${_services} failed\!" - fi + echo "Removing sshd from ${_wservices} failed!" + fi rm -f "${_serv_tmp}" else - echo "Removing sshd from ${_services} failed\!" + echo "Removing sshd from ${_wservices} failed!" fi fi # Add ssh 22/tcp and ssh 22/udp to services if [ `grep -q 'ssh[ \t][ \t]*22' "${_services}"; echo $?` -ne 0 ] then - awk '{ if ( $2 ~ /^23\/tcp/ ) print "ssh 22/tcp #SSH Remote Login Protocol\nssh 22/udp #SSH Remote Login Protocol"; print $0; }' < "${_services}" > "${_serv_tmp}" - if [ -f "${_serv_tmp}" ] + if awk '{ if ( $2 ~ /^23\/tcp/ ) print "ssh 22/tcp'"${_spaces}"'SSH Remote Login Protocol\nssh 22/udp'"${_spaces}"'SSH Remote Login Protocol"; print $0; }' < "${_services}" > "${_serv_tmp}" then if mv "${_serv_tmp}" "${_services}" then - echo "Added ssh to ${_services}" + echo "Added ssh to ${_wservices}" else - echo "Adding ssh to ${_services} failed\!" + echo "Adding ssh to ${_wservices} failed!" fi rm -f "${_serv_tmp}" else - echo "Adding ssh to ${_services} failed\!" + echo "WARNING: Adding ssh to ${_wservices} failed!" fi fi -umount "${_services}" -umount "${_serv_tmp}" +umount "${_my_etcdir}" # Care for inetd.conf file _inetcnf="${SYSCONFDIR}/inetd.conf" @@ -538,13 +388,13 @@ then then if mv "${_inetcnf_tmp}" "${_inetcnf}" then - echo "Removed sshd from ${_inetcnf}" + echo "Removed sshd from ${_inetcnf}" else - echo "Removing sshd from ${_inetcnf} failed\!" + echo "Removing sshd from ${_inetcnf} failed!" fi rm -f "${_inetcnf_tmp}" else - echo "Removing sshd from ${_inetcnf} failed\!" + echo "Removing sshd from ${_inetcnf} failed!" fi fi @@ -562,34 +412,181 @@ then fi # On NT ask if sshd should be installed as service -if [ $_nt -gt 0 ] +if [ ${_nt} -gt 0 ] then - echo - echo "Do you want to install sshd as service?" - if request "(Say \"no\" if it's already installed as service)" + # But only if it is not already installed + if ! cygrunsrv -Q sshd > /dev/null 2>&1 then echo - echo "Which value should the environment variable CYGWIN have when" - echo "sshd starts? It's recommended to set at least \"ntsec\" to be" - echo "able to change user context without password." - echo -n "Default is \"binmode ntsec tty\". CYGWIN=" - read _cygwin - [ -z "${_cygwin}" ] && _cygwin="binmode ntsec tty" - if cygrunsrv -I sshd -d "CYGWIN sshd" -p /usr/sbin/sshd -a -D -e "CYGWIN=${_cygwin}" + echo + echo "Warning: The following functions require administrator privileges!" + echo + echo "Do you want to install sshd as service?" + if request "(Say \"no\" if it's already installed as service)" + then + if [ $_nt2003 -gt 0 ] + then + grep -q '^sshd_server:' ${SYSCONFDIR}/passwd && sshd_server_in_passwd=yes + if [ "${sshd_server_in_passwd}" = "yes" ] + then + # Drop sshd_server from passwd since it could have wrong settings + grep -v '^sshd_server:' ${SYSCONFDIR}/passwd > ${SYSCONFDIR}/passwd.$$ + rm -f ${SYSCONFDIR}/passwd + mv ${SYSCONFDIR}/passwd.$$ ${SYSCONFDIR}/passwd + chmod g-w,o-w ${SYSCONFDIR}/passwd + fi + net user sshd_server >/dev/null 2>&1 && sshd_server_in_sam=yes + if [ "${sshd_server_in_sam}" != "yes" ] + then + echo + echo "You appear to be running Windows 2003 Server or later. On 2003 and" + echo "later systems, it's not possible to use the LocalSystem account" + echo "if sshd should allow passwordless logon (e. g. public key authentication)." + echo "If you want to enable that functionality, it's required to create a new" + echo "account 'sshd_server' with special privileges, which is then used to run" + echo "the sshd service under." + echo + echo "Should this script create a new local account 'sshd_server' which has" + if request "the required privileges?" + then + _admingroup=`awk -F: '{if ( $2 == "S-1-5-32-544" ) print $1;}' ${SYSCONFDIR}/group` + if [ -z "${_admingroup}" ] + then + echo "There's no group with SID S-1-5-32-544 (Local administrators group) in" + echo "your ${SYSCONFDIR}/group file. Please regenerate this entry using 'mkgroup -l'" + echo "and restart this script." + exit 1 + fi + dos_var_empty=`cygpath -w ${LOCALSTATEDIR}/empty` + while [ "${sshd_server_in_sam}" != "yes" ] + do + if [ -n "${password_value}" ] + then + _password="${password_value}" + # Allow to ask for password if first try fails + password_value="" + else + echo + echo "Please enter a password for new user 'sshd_server'. Please be sure that" + echo "this password matches the password rules given on your system." + echo -n "Entering no password will exit the configuration. PASSWORD=" + read -e _password + if [ -z "${_password}" ] + then + echo + echo "Exiting configuration. No user sshd_server has been created," + echo "no sshd service installed." + exit 1 + fi + fi + net user sshd_server "${_password}" /add /fullname:"sshd server account" "/homedir:${dos_var_empty}" /yes > /tmp/nu.$$ 2>&1 && sshd_server_in_sam=yes + if [ "${sshd_server_in_sam}" != "yes" ] + then + echo "Creating the user 'sshd_server' failed! Reason:" + cat /tmp/nu.$$ + rm /tmp/nu.$$ + fi + done + net localgroup "${_admingroup}" sshd_server /add > /dev/null 2>&1 && sshd_server_in_admingroup=yes + if [ "${sshd_server_in_admingroup}" != "yes" ] + then + echo "WARNING: Adding user sshd_server to local group ${_admingroup} failed!" + echo "Please add sshd_server to local group ${_admingroup} before" + echo "starting the sshd service!" + echo + fi + passwd_has_expiry_flags=`passwd -v | awk '/^passwd /{print ( $3 >= 1.5 ) ? "yes" : "no";}'` + if [ "${passwd_has_expiry_flags}" != "yes" ] + then + echo + echo "WARNING: User sshd_server has password expiry set to system default." + echo "Please check that password never expires or set it to your needs." + elif ! passwd -e sshd_server + then + echo + echo "WARNING: Setting password expiry for user sshd_server failed!" + echo "Please check that password never expires or set it to your needs." + fi + editrights -a SeAssignPrimaryTokenPrivilege -u sshd_server && + editrights -a SeCreateTokenPrivilege -u sshd_server && + editrights -a SeDenyInteractiveLogonRight -u sshd_server && + editrights -a SeDenyNetworkLogonRight -u sshd_server && + editrights -a SeDenyRemoteInteractiveLogonRight -u sshd_server && + editrights -a SeIncreaseQuotaPrivilege -u sshd_server && + editrights -a SeServiceLogonRight -u sshd_server && + sshd_server_got_all_rights="yes" + if [ "${sshd_server_got_all_rights}" != "yes" ] + then + echo + echo "Assigning the appropriate privileges to user 'sshd_server' failed!" + echo "Can't create sshd service!" + exit 1 + fi + echo + echo "User 'sshd_server' has been created with password '${_password}'." + echo "If you change the password, please keep in mind to change the password" + echo "for the sshd service, too." + echo + echo "Also keep in mind that the user sshd_server needs read permissions on all" + echo "users' .ssh/authorized_keys file to allow public key authentication for" + echo "these users!. (Re-)running ssh-user-config for each user will set the" + echo "required permissions correctly." + echo + fi + fi + if [ "${sshd_server_in_sam}" = "yes" ] + then + mkpasswd -l -u sshd_server | sed -e 's/bash$/false/' >> ${SYSCONFDIR}/passwd + fi + fi + if [ -n "${cygwin_value}" ] + then + _cygwin="${cygwin_value}" + else + echo + echo "Which value should the environment variable CYGWIN have when" + echo "sshd starts? It's recommended to set at least \"ntsec\" to be" + echo "able to change user context without password." + echo -n "Default is \"ntsec\". CYGWIN=" + read -e _cygwin + fi + [ -z "${_cygwin}" ] && _cygwin="ntsec" + if [ $_nt2003 -gt 0 -a "${sshd_server_in_sam}" = "yes" ] + then + if cygrunsrv -I sshd -d "CYGWIN sshd" -p /usr/sbin/sshd -a -D -u sshd_server -w "${_password}" -e "CYGWIN=${_cygwin}" + then + echo + echo "The service has been installed under sshd_server account." + echo "To start the service, call \`net start sshd' or \`cygrunsrv -S sshd'." + fi + else + if cygrunsrv -I sshd -d "CYGWIN sshd" -p /usr/sbin/sshd -a -D -e "CYGWIN=${_cygwin}" + then + echo + echo "The service has been installed under LocalSystem account." + echo "To start the service, call \`net start sshd' or \`cygrunsrv -S sshd'." + fi + fi + fi + # Now check if sshd has been successfully installed. This allows to + # set the ownership of the affected files correctly. + if cygrunsrv -Q sshd > /dev/null 2>&1 then - chown system ${SYSCONFDIR}/ssh* - echo - echo "The service has been installed under LocalSystem account." + if [ $_nt2003 -gt 0 -a "${sshd_server_in_sam}" = "yes" ] + then + _user="sshd_server" + else + _user="system" + fi + chown "${_user}" ${SYSCONFDIR}/ssh* + chown "${_user}".544 ${LOCALSTATEDIR}/empty + if [ -f ${LOCALSTATEDIR}/log/sshd.log ] + then + chown "${_user}".544 ${LOCALSTATEDIR}/log/sshd.log + fi fi fi fi -if [ "${old_install}" = "1" ] -then - echo - echo "Note: If you have used sshd as service or from inetd, don't forget to" - echo " change the path to sshd.exe in the service entry or in inetd.conf." -fi - echo echo "Host configuration finished. Have fun!" diff --git a/openssh/contrib/cygwin/ssh-user-config b/openssh/contrib/cygwin/ssh-user-config index 4da1131..fe07ce3 100644 --- a/openssh/contrib/cygwin/ssh-user-config +++ b/openssh/contrib/cygwin/ssh-user-config @@ -1,9 +1,12 @@ #!/bin/sh # -# ssh-user-config, Copyright 2000, Red Hat Inc. +# ssh-user-config, Copyright 2000, 2001, 2002, 2003, Red Hat Inc. # # This file is part of the Cygwin port of OpenSSH. +# Directory where the config files are stored +SYSCONFDIR=/etc + progname=$0 auto_answer="" auto_passphrase="no" @@ -33,6 +36,15 @@ request() fi } +# Check if running on NT +_sys="`uname -a`" +_nt=`expr "$_sys" : "CYGWIN_NT"` +# If running on NT, check if running under 2003 Server or later +if [ $_nt -gt 0 ] +then + _nt2003=`uname | awk -F- '{print ( $2 >= 5.2 ) ? 1 : 0;}'` +fi + # Check options while : @@ -84,27 +96,27 @@ done # Ask user if user identity should be generated -if [ ! -f /etc/passwd ] +if [ ! -f ${SYSCONFDIR}/passwd ] then - echo '/etc/passwd is nonexistant. Please generate an /etc/passwd file' + echo "${SYSCONFDIR}/passwd is nonexistant. Please generate an ${SYSCONFDIR}/passwd file" echo 'first using mkpasswd. Check if it contains an entry for you and' echo 'please care for the home directory in your entry as well.' exit 1 fi uid=`id -u` -pwdhome=`awk -F: '{ if ( $3 == '${uid}' ) print $6; }' < /etc/passwd` +pwdhome=`awk -F: '{ if ( $3 == '${uid}' ) print $6; }' < ${SYSCONFDIR}/passwd` if [ "X${pwdhome}" = "X" ] then - echo 'There is no home directory set for you in /etc/passwd.' + echo "There is no home directory set for you in ${SYSCONFDIR}/passwd." echo 'Setting $HOME is not sufficient!' exit 1 fi if [ ! -d "${pwdhome}" ] then - echo "${pwdhome} is set in /etc/passwd as your home directory" + echo "${pwdhome} is set in ${SYSCONFDIR}/passwd as your home directory" echo 'but it is not a valid directory. Cannot create user identity files.' exit 1 fi @@ -114,7 +126,7 @@ fi if [ "X${pwdhome}" = "X/" ] then # But first raise a warning! - echo 'Your home directory in /etc/passwd is set to root (/). This is not recommended!' + echo "Your home directory in ${SYSCONFDIR}/passwd is set to root (/). This is not recommended!" if request "Would you like to proceed anyway?" then pwdhome='' @@ -123,6 +135,17 @@ then fi fi +if [ -d "${pwdhome}" -a $_nt -gt 0 -a -n "`chmod -c g-w,o-w "${pwdhome}"`" ] +then + echo + echo 'WARNING: group and other have been revoked write permission to your home' + echo " directory ${pwdhome}." + echo ' This is required by OpenSSH to allow public key authentication using' + echo ' the key files stored in your .ssh subdirectory.' + echo ' Revert this change ONLY if you know what you are doing!' + echo +fi + if [ -e "${pwdhome}/.ssh" -a ! -d "${pwdhome}/.ssh" ] then echo "${pwdhome}/.ssh is existant but not a directory. Cannot create user identity files." @@ -139,6 +162,21 @@ then fi fi +if [ $_nt -gt 0 ] +then + _user="system" + if [ $_nt2003 -gt 0 ] + then + grep -q '^sshd_server:' ${SYSCONFDIR}/passwd && _user="sshd_server" + fi + if ! setfacl -m "u::rwx,u:${_user}:r--,g::---,o::---" "${pwdhome}/.ssh" + then + echo "${pwdhome}/.ssh couldn't be given the correct permissions." + echo "Please try to solve this problem first." + exit 1 + fi +fi + if [ ! -f "${pwdhome}/.ssh/identity" ] then if request "Shall I create an SSH1 RSA identity file for you?" @@ -196,5 +234,17 @@ then fi fi +if [ $_nt -gt 0 -a -e "${pwdhome}/.ssh/authorized_keys" ] +then + if ! setfacl -m "u::rw-,u:${_user}:r--,g::---,o::---" "${pwdhome}/.ssh/authorized_keys" + then + echo + echo "WARNING: Setting correct permissions to ${pwdhome}/.ssh/authorized_keys" + echo "failed. Please care for the correct permissions. The minimum requirement" + echo "is, the owner and ${_user} both need read permissions." + echo + fi +fi + echo echo "Configuration finished. Have fun!" diff --git a/openssh/contrib/findssl.sh b/openssh/contrib/findssl.sh index 271870f..c01f35a 100644 --- a/openssh/contrib/findssl.sh +++ b/openssh/contrib/findssl.sh @@ -14,19 +14,19 @@ # 2002-08-04: Added public domain notice. # 2003-06-24: Incorporated readme, set library paths. First cvs version. # -# "OpenSSL headers do not match your library" are usually caused by +# "OpenSSL headers do not match your library" are usually caused by # OpenSSH's configure picking up an older version of OpenSSL headers # or libraries. You can use the following # procedure to help identify # the cause. -# +# # The output of configure will tell you the versions of the OpenSSL # headers and libraries that were picked up, for example: -# +# # checking OpenSSL header version... 90604f (OpenSSL 0.9.6d 9 May 2002) # checking OpenSSL library version... 90602f (OpenSSL 0.9.6b [engine] 9 Jul 2001) # checking whether OpenSSL's headers match the library... no # configure: error: Your OpenSSL headers do not match your library -# +# # Now run findssl.sh. This should identify the headers and libraries # present and their versions. You should be able to identify the # libraries and headers used and adjust your CFLAGS or remove incorrect @@ -37,7 +37,7 @@ # Searching for OpenSSL header files. # 0x0090604fL /usr/include/openssl/opensslv.h # 0x0090604fL /usr/local/ssl/include/openssl/opensslv.h -# +# # Searching for OpenSSL shared library files. # 0x0090602fL /lib/libcrypto.so.0.9.6b # 0x0090602fL /lib/libcrypto.so.2 @@ -46,11 +46,11 @@ # 0x0090581fL /usr/lib/libcrypto.so.0.9.5a # 0x0090600fL /usr/lib/libcrypto.so.0.9.6 # 0x0090600fL /usr/lib/libcrypto.so.1 -# +# # Searching for OpenSSL static library files. # 0x0090602fL /usr/lib/libcrypto.a # 0x0090604fL /usr/local/ssl/lib/libcrypto.a -# +# # In this example, I gave configure no extra flags, so it's picking up # the OpenSSL header from /usr/include/openssl (90604f) and the library # from /usr/lib/ (90602f). diff --git a/openssh/contrib/gnome-ssh-askpass1.c b/openssh/contrib/gnome-ssh-askpass1.c index b6b342b..4d51032 100644 --- a/openssh/contrib/gnome-ssh-askpass1.c +++ b/openssh/contrib/gnome-ssh-askpass1.c @@ -23,14 +23,14 @@ */ /* - * This is a simple GNOME SSH passphrase grabber. To use it, set the - * environment variable SSH_ASKPASS to point to the location of - * gnome-ssh-askpass before calling "ssh-add < /dev/null". + * This is a simple GNOME SSH passphrase grabber. To use it, set the + * environment variable SSH_ASKPASS to point to the location of + * gnome-ssh-askpass before calling "ssh-add < /dev/null". * * There is only two run-time options: if you set the environment variable * "GNOME_SSH_ASKPASS_GRAB_SERVER=true" then gnome-ssh-askpass will grab - * the X server. If you set "GNOME_SSH_ASKPASS_GRAB_POINTER=true", then the - * pointer will be grabbed too. These may have some benefit to security if + * the X server. If you set "GNOME_SSH_ASKPASS_GRAB_POINTER=true", then the + * pointer will be grabbed too. These may have some benefit to security if * you don't trust your X server. We grab the keyboard always. */ @@ -87,7 +87,7 @@ passphrase_dialog(char *message) } entry = gtk_entry_new(); - gtk_box_pack_start(GTK_BOX(GNOME_DIALOG(dialog)->vbox), entry, FALSE, + gtk_box_pack_start(GTK_BOX(GNOME_DIALOG(dialog)->vbox), entry, FALSE, FALSE, 0); gtk_entry_set_visibility(GTK_ENTRY(entry), FALSE); gtk_widget_grab_focus(entry); @@ -105,7 +105,7 @@ passphrase_dialog(char *message) /* Grab focus */ if (grab_server) XGrabServer(GDK_DISPLAY()); - if (grab_pointer && gdk_pointer_grab(dialog->window, TRUE, 0, + if (grab_pointer && gdk_pointer_grab(dialog->window, TRUE, 0, NULL, NULL, GDK_CURRENT_TIME)) goto nograb; if (gdk_keyboard_grab(dialog->window, FALSE, GDK_CURRENT_TIME)) diff --git a/openssh/contrib/gnome-ssh-askpass2.c b/openssh/contrib/gnome-ssh-askpass2.c index 9e8eaf9..0ce8dae 100644 --- a/openssh/contrib/gnome-ssh-askpass2.c +++ b/openssh/contrib/gnome-ssh-askpass2.c @@ -25,14 +25,14 @@ /* GTK2 support by Nalin Dahyabhai */ /* - * This is a simple GNOME SSH passphrase grabber. To use it, set the - * environment variable SSH_ASKPASS to point to the location of - * gnome-ssh-askpass before calling "ssh-add < /dev/null". + * This is a simple GNOME SSH passphrase grabber. To use it, set the + * environment variable SSH_ASKPASS to point to the location of + * gnome-ssh-askpass before calling "ssh-add < /dev/null". * * There is only two run-time options: if you set the environment variable * "GNOME_SSH_ASKPASS_GRAB_SERVER=true" then gnome-ssh-askpass will grab - * the X server. If you set "GNOME_SSH_ASKPASS_GRAB_POINTER=true", then the - * pointer will be grabbed too. These may have some benefit to security if + * the X server. If you set "GNOME_SSH_ASKPASS_GRAB_POINTER=true", then the + * pointer will be grabbed too. These may have some benefit to security if * you don't trust your X server. We grab the keyboard always. */ @@ -103,7 +103,7 @@ passphrase_dialog(char *message) message); entry = gtk_entry_new(); - gtk_box_pack_start(GTK_BOX(GTK_DIALOG(dialog)->vbox), entry, FALSE, + gtk_box_pack_start(GTK_BOX(GTK_DIALOG(dialog)->vbox), entry, FALSE, FALSE, 0); gtk_entry_set_visibility(GTK_ENTRY(entry), FALSE); gtk_widget_grab_focus(entry); @@ -124,7 +124,7 @@ passphrase_dialog(char *message) if (grab_pointer) { for(;;) { status = gdk_pointer_grab( - (GTK_WIDGET(dialog))->window, TRUE, 0, NULL, + (GTK_WIDGET(dialog))->window, TRUE, 0, NULL, NULL, GDK_CURRENT_TIME); if (status == GDK_GRAB_SUCCESS) break; diff --git a/openssh/contrib/redhat/openssh.spec b/openssh/contrib/redhat/openssh.spec index 20ccb6f..a4d49f6 100644 --- a/openssh/contrib/redhat/openssh.spec +++ b/openssh/contrib/redhat/openssh.spec @@ -34,6 +34,11 @@ %{?skip_x11_askpass:%define no_x11_askpass 1} %{?skip_gnome_askpass:%define no_gnome_askpass 1} +# Add option to build without GTK2 for older platforms with only GTK+. +# RedHat <= 7.2 and Red Hat Advanced Server 2.1 are examples. +# rpm -ba|--rebuild --define 'no_gtk2 1' +%{?no_gtk2:%define gtk2 0} + # Is this a build for RHL 6.x or earlier? %{?build_6x:%define build6x 1} @@ -185,16 +190,17 @@ CFLAGS="$RPM_OPT_FLAGS -Os"; export CFLAGS --with-default-path=/usr/local/bin:/bin:/usr/bin \ --with-superuser-path=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin \ --with-privsep-path=%{_var}/empty/sshd \ + --with-md5-passwords \ %if %{scard} --with-smartcard \ %endif %if %{rescue} - --without-pam --with-md5-passwords \ + --without-pam \ %else --with-pam \ %endif %if %{kerberos5} - --with-kerberos5=/usr/kerberos \ + --with-kerberos5=/usr/kerberos \ %endif @@ -392,7 +398,7 @@ fi %changelog * Mon Jun 2 2003 Damien Miller -- Remove noip6 option. This may be controlled at run-time in client config +- Remove noip6 option. This may be controlled at run-time in client config file using new AddressFamily directive * Mon May 12 2003 Damien Miller @@ -552,7 +558,7 @@ fi * Sun Apr 8 2001 Preston Brown - remove explicit openssl requirement, fixes builddistro issue -- make initscript stop() function wait until sshd really dead to avoid +- make initscript stop() function wait until sshd really dead to avoid races in condrestart * Mon Apr 2 2001 Nalin Dahyabhai diff --git a/openssh/contrib/solaris/README b/openssh/contrib/solaris/README index 9b0a46e..eb4c590 100644 --- a/openssh/contrib/solaris/README +++ b/openssh/contrib/solaris/README @@ -17,7 +17,7 @@ Directions: If all goes well you should have a solaris package ready to be installed. -If you have any problems with this script please post them to +If you have any problems with this script please post them to openssh-unix-dev@mindrot.org and I will try to assist you as best as I can. - Ben Lindstrom diff --git a/openssh/contrib/solaris/buildpkg.sh b/openssh/contrib/solaris/buildpkg.sh index c41b3f9..55203d7 100755 --- a/openssh/contrib/solaris/buildpkg.sh +++ b/openssh/contrib/solaris/buildpkg.sh @@ -5,7 +5,7 @@ # The following code has been provide under Public Domain License. I really # don't care what you use it for. Just as long as you don't complain to me # nor my employer if you break it. - Ben Lindstrom (mouring@eviladmin.org) -# +# umask 022 # # Options for building the package @@ -13,7 +13,7 @@ umask 022 # # uncommenting TEST_DIR and using # configure --prefix=/var/tmp --with-privsep-path=/var/tmp/empty -# and +# and # PKGNAME=tOpenSSH should allow testing a package without interfering # with a real OpenSSH package on a system. This is not needed on systems # that support the -R option to pkgadd. @@ -81,7 +81,7 @@ export PATH # we will look for config.local to override the above options [ -s ./config.local ] && . ./config.local -## Start by faking root install +## Start by faking root install echo "Faking root install..." START=`pwd` OPENSSHD_IN=`dirname $0`/opensshd.in @@ -98,20 +98,20 @@ fi ## Fill in some details, like prefix and sysconfdir for confvar in prefix exec_prefix bindir sbindir libexecdir datadir mandir sysconfdir piddir do - eval $confvar=`grep "^$confvar=" Makefile | cut -d = -f 2` + eval $confvar=`grep "^$confvar=" Makefile | cut -d = -f 2` done ## Collect value of privsep user for confvar in SSH_PRIVSEP_USER do - eval $confvar=`awk '/#define[ \t]'$confvar'/{print $3}' config.h` + eval $confvar=`awk '/#define[ \t]'$confvar'/{print $3}' config.h` done ## Set privsep defaults if not defined if [ -z "$SSH_PRIVSEP_USER" ] then - SSH_PRIVSEP_USER=sshd + SSH_PRIVSEP_USER=sshd fi ## Extract common info requires for the 'info' part of the package. @@ -243,16 +243,16 @@ fi if egrep '^[ \t]*UsePrivilegeSeparation[ \t]+no' \${PKG_INSTALL_ROOT}/$sysconfdir/sshd_config >/dev/null then - echo "UsePrivilegeSeparation disabled in config, not creating PrivSep user" - echo "or group." + echo "UsePrivilegeSeparation disabled in config, not creating PrivSep user" + echo "or group." else - echo "UsePrivilegeSeparation enabled in config (or defaulting to on)." + echo "UsePrivilegeSeparation enabled in config (or defaulting to on)." - # create group if required - if cut -f1 -d: \${PKG_INSTALL_ROOT}/etc/group | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null - then - echo "PrivSep group $SSH_PRIVSEP_USER already exists." - else + # create group if required + if cut -f1 -d: \${PKG_INSTALL_ROOT}/etc/group | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null + then + echo "PrivSep group $SSH_PRIVSEP_USER already exists." + else # Use gid of 67 if possible if cut -f3 -d: \${PKG_INSTALL_ROOT}/etc/group | egrep '^'$SSHDGID'\$' >/dev/null then @@ -260,15 +260,15 @@ else else sshdgid="-g $SSHDGID" fi - echo "Creating PrivSep group $SSH_PRIVSEP_USER." - \$chroot /usr/sbin/groupadd \$sshdgid $SSH_PRIVSEP_USER - fi - - # Create user if required - if cut -f1 -d: \${PKG_INSTALL_ROOT}/etc/passwd | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null - then - echo "PrivSep user $SSH_PRIVSEP_USER already exists." - else + echo "Creating PrivSep group $SSH_PRIVSEP_USER." + \$chroot /usr/sbin/groupadd \$sshdgid $SSH_PRIVSEP_USER + fi + + # Create user if required + if cut -f1 -d: \${PKG_INSTALL_ROOT}/etc/passwd | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null + then + echo "PrivSep user $SSH_PRIVSEP_USER already exists." + else # Use uid of 67 if possible if cut -f3 -d: \${PKG_INSTALL_ROOT}/etc/passwd | egrep '^'$SSHDGID'\$' >/dev/null then @@ -276,10 +276,10 @@ else else sshduid="-u $SSHDUID" fi - echo "Creating PrivSep user $SSH_PRIVSEP_USER." + echo "Creating PrivSep user $SSH_PRIVSEP_USER." \$chroot /usr/sbin/useradd -c 'SSHD PrivSep User' -s /bin/false -g $SSH_PRIVSEP_USER \$sshduid $SSH_PRIVSEP_USER \$chroot /usr/bin/passwd -l $SSH_PRIVSEP_USER - fi + fi fi [ "\${POST_INS_START}" = "yes" ] && ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} start @@ -358,12 +358,12 @@ cat >mk-proto.awk << _EOF BEGIN { print "i pkginfo"; print "i preinstall"; \\ print "i postinstall"; print "i preremove"; \\ print "i request"; print "i space"; \\ - split("$SYSTEM_DIR",sys_files); } + split("$SYSTEM_DIR",sys_files); } { for (dir in sys_files) { if ( \$3 != sys_files[dir] ) - { \$5="root"; \$6="sys"; } - else - { \$4="?"; \$5="?"; \$6="?"; break;} + { \$5="root"; \$6="sys"; } + else + { \$4="?"; \$5="?"; \$6="?"; break;} } } { print; } _EOF diff --git a/openssh/contrib/solaris/opensshd.in b/openssh/contrib/solaris/opensshd.in index 48b6c57..50e18de 100755 --- a/openssh/contrib/solaris/opensshd.in +++ b/openssh/contrib/solaris/opensshd.in @@ -22,24 +22,24 @@ HOST_KEY_RSA=$etcdir/ssh_host_rsa_key checkkeys() { if [ ! -f $HOST_KEY_RSA1 ]; then - ${SSH_KEYGEN} -t rsa1 -f ${HOST_KEY_RSA1} -N "" + ${SSH_KEYGEN} -t rsa1 -f ${HOST_KEY_RSA1} -N "" fi if [ ! -f $HOST_KEY_DSA ]; then - ${SSH_KEYGEN} -t dsa -f ${HOST_KEY_DSA} -N "" + ${SSH_KEYGEN} -t dsa -f ${HOST_KEY_DSA} -N "" fi if [ ! -f $HOST_KEY_RSA ]; then - ${SSH_KEYGEN} -t rsa -f ${HOST_KEY_RSA} -N "" + ${SSH_KEYGEN} -t rsa -f ${HOST_KEY_RSA} -N "" fi } stop_service() { if [ -r $PIDFILE -a ! -z ${PIDFILE} ]; then - PID=`${CAT} ${PIDFILE}` + PID=`${CAT} ${PIDFILE}` fi if [ ${PID:=0} -gt 1 -a ! "X$PID" = "X " ]; then - ${KILL} ${PID} + ${KILL} ${PID} else - echo "Unable to read PID file" + echo "Unable to read PID file" fi } @@ -55,8 +55,8 @@ start_service() { sshd_rc=$? if [ $sshd_rc -ne 0 ]; then - echo "$0: Error ${sshd_rc} starting ${SSHD}... bailing." - exit $sshd_rc + echo "$0: Error ${sshd_rc} starting ${SSHD}... bailing." + exit $sshd_rc fi echo done. } diff --git a/openssh/contrib/ssh-copy-id b/openssh/contrib/ssh-copy-id index a1ad34a..a1c0a92 100644 --- a/openssh/contrib/ssh-copy-id +++ b/openssh/contrib/ssh-copy-id @@ -38,7 +38,7 @@ if [ "$#" -lt 1 ] || [ "$1" = "-h" ] || [ "$1" = "--help" ]; then exit 1 fi -{ eval "$GET_ID" ; } | ssh $1 "umask 077; test -d .ssh || mkdir .ssh ; cat >> .ssh/authorized_keys" +{ eval "$GET_ID" ; } | ssh $1 "umask 077; test -d .ssh || mkdir .ssh ; cat >> .ssh/authorized_keys" || exit 1 cat <&2 fi if [ ! -f /etc/ssh/ssh_host_dsa_key -o ! -s /etc/ssh/ssh_host_dsa_key ]; then - echo "Generating SSH DSA host key..." + echo "Generating SSH DSA host key..." /usr/bin/ssh-keygen -d -f /etc/ssh/ssh_host_dsa_key -N '' >&2 fi if test -r /var/run/sshd.pid then - echo "Restarting the running SSH daemon..." + echo "Restarting the running SSH daemon..." /usr/sbin/rcsshd restart >&2 fi %preun if [ "$1" = 0 ] then - echo "Stopping the SSH daemon..." + echo "Stopping the SSH daemon..." /usr/sbin/rcsshd stop >&2 echo "Removing SSH stop/start scripts from the rc directories..." - rm /sbin/init.d/rc2.d/K20sshd - rm /sbin/init.d/rc2.d/S20sshd - rm /sbin/init.d/rc3.d/K20sshd - rm /sbin/init.d/rc3.d/S20sshd + rm /sbin/init.d/rc2.d/K20sshd + rm /sbin/init.d/rc2.d/S20sshd + rm /sbin/init.d/rc3.d/K20sshd + rm /sbin/init.d/rc3.d/S20sshd fi %files %defattr(-,root,root) -%doc ChangeLog OVERVIEW README* +%doc ChangeLog OVERVIEW README* %doc RFC.nroff TODO CREDITS LICENCE %attr(0755,root,root) %dir /etc/ssh %attr(0644,root,root) %config /etc/ssh/ssh_config diff --git a/openssh/defines.h b/openssh/defines.h index 2a01853..c20d466 100644 --- a/openssh/defines.h +++ b/openssh/defines.h @@ -84,7 +84,7 @@ enum # define S_ISDIR(mode) (((mode) & (_S_IFMT)) == (_S_IFDIR)) #endif /* S_ISDIR */ -#ifndef S_ISREG +#ifndef S_ISREG # define S_ISREG(mode) (((mode) & (_S_IFMT)) == (_S_IFREG)) #endif /* S_ISREG */ @@ -240,6 +240,7 @@ typedef unsigned char u_char; #ifndef HAVE_SIZE_T typedef unsigned int size_t; # define HAVE_SIZE_T +# define SIZE_T_MAX UINT_MAX #endif /* HAVE_SIZE_T */ #ifndef HAVE_SSIZE_T @@ -529,6 +530,14 @@ struct winsize { # define krb5_get_err_text(context,code) error_message(code) #endif +/* Maximum number of file descriptors available */ +#ifdef HAVE_SYSCONF +# define SSH_SYSFDMAX sysconf(_SC_OPEN_MAX) +#else +# define SSH_SYSFDMAX 10000 +#endif + + /* * Define this to use pipes instead of socketpairs for communicating with the * client program. Socketpairs do not seem to work on all systems. diff --git a/openssh/dh.c b/openssh/dh.c index 996428b..c7a3e18 100644 --- a/openssh/dh.c +++ b/openssh/dh.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: dh.c,v 1.24 2003/04/08 20:21:28 itojun Exp $"); +RCSID("$OpenBSD: dh.c,v 1.26 2003/12/16 15:51:54 markus Exp $"); #include "xmalloc.h" @@ -198,7 +198,7 @@ dh_gen_key(DH *dh, int need) if (dh->p == NULL) fatal("dh_gen_key: dh->p == NULL"); - if (2*need >= BN_num_bits(dh->p)) + if (need > INT_MAX / 2 || 2 * need >= BN_num_bits(dh->p)) fatal("dh_gen_key: group too small: %d (2*need %d)", BN_num_bits(dh->p), 2*need); do { @@ -279,11 +279,9 @@ int dh_estimate(int bits) { - if (bits < 64) - return (512); /* O(2**63) */ - if (bits < 128) + if (bits <= 128) return (1024); /* O(2**86) */ - if (bits < 192) + if (bits <= 192) return (2048); /* O(2**116) */ return (4096); /* O(2**156) */ } diff --git a/openssh/dns.c b/openssh/dns.c index 90ab560..ad634f1 100644 --- a/openssh/dns.c +++ b/openssh/dns.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dns.c,v 1.6 2003/06/11 10:18:47 jakob Exp $ */ +/* $OpenBSD: dns.c,v 1.9 2003/11/21 11:57:03 djm Exp $ */ /* * Copyright (c) 2003 Wesley Griffin. All rights reserved. @@ -28,7 +28,6 @@ #include "includes.h" -#ifdef DNS #include #ifdef LWRES #include @@ -44,7 +43,7 @@ #include "uuencode.h" extern char *__progname; -RCSID("$OpenBSD: dns.c,v 1.6 2003/06/11 10:18:47 jakob Exp $"); +RCSID("$OpenBSD: dns.c,v 1.9 2003/11/21 11:57:03 djm Exp $"); #ifndef LWRES static const char *errset_text[] = { @@ -84,7 +83,7 @@ dns_result_totext(unsigned int error) */ static int dns_read_key(u_int8_t *algorithm, u_int8_t *digest_type, - u_char **digest, u_int *digest_len, Key *key) + u_char **digest, u_int *digest_len, const Key *key) { int success = 0; @@ -146,16 +145,15 @@ dns_read_rdata(u_int8_t *algorithm, u_int8_t *digest_type, /* * Verify the given hostname, address and host key using DNS. - * Returns 0 if key verifies or -1 if key does NOT verify + * Returns 0 if lookup succeeds, -1 otherwise */ int verify_host_key_dns(const char *hostname, struct sockaddr *address, - Key *hostkey) + const Key *hostkey, int *flags) { int counter; int result; struct rrsetinfo *fingerprints = NULL; - int failures = 0; u_int8_t hostkey_algorithm; u_int8_t hostkey_digest_type; @@ -167,6 +165,7 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address, u_char *dnskey_digest; u_int dnskey_digest_len; + *flags = 0; debug3("verify_hostkey_dns"); if (hostkey == NULL) @@ -176,28 +175,29 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address, DNS_RDATATYPE_SSHFP, 0, &fingerprints); if (result) { verbose("DNS lookup error: %s", dns_result_totext(result)); - return DNS_VERIFY_ERROR; + return -1; } -#ifdef DNSSEC - /* Only accept validated answers */ - if (!fingerprints->rri_flags & RRSET_VALIDATED) { - error("Ignored unvalidated fingerprint from DNS."); - freerrset(fingerprints); - return DNS_VERIFY_ERROR; + if (fingerprints->rri_flags & RRSET_VALIDATED) { + *flags |= DNS_VERIFY_SECURE; + debug("found %d secure fingerprints in DNS", + fingerprints->rri_nrdatas); + } else { + debug("found %d insecure fingerprints in DNS", + fingerprints->rri_nrdatas); } -#endif - - debug("found %d fingerprints in DNS", fingerprints->rri_nrdatas); /* Initialize host key parameters */ if (!dns_read_key(&hostkey_algorithm, &hostkey_digest_type, &hostkey_digest, &hostkey_digest_len, hostkey)) { error("Error calculating host key fingerprint."); freerrset(fingerprints); - return DNS_VERIFY_ERROR; + return -1; } + if (fingerprints->rri_nrdatas) + *flags |= DNS_VERIFY_FOUND; + for (counter = 0 ; counter < fingerprints->rri_nrdatas ; counter++) { /* * Extract the key from the answer. Ignore any badly @@ -219,35 +219,22 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address, memcmp(hostkey_digest, dnskey_digest, hostkey_digest_len) == 0) { - /* Matching algoritm and digest. */ - freerrset(fingerprints); - debug("matching host key fingerprint found in DNS"); - return DNS_VERIFY_OK; - } else { - /* Correct algorithm but bad digest */ - debug("verify_hostkey_dns: failed"); - failures++; + *flags |= DNS_VERIFY_MATCH; } } } freerrset(fingerprints); - if (failures) { - error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); - error("@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @"); - error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); - error("IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!"); - error("Someone could be eavesdropping on you right now (man-in-the-middle attack)!"); - error("It is also possible that the %s host key has just been changed.", - key_type(hostkey)); - error("Please contact your system administrator."); - return DNS_VERIFY_FAILED; - } - - debug("fingerprints found in DNS, but none of them matched"); + if (*flags & DNS_VERIFY_FOUND) + if (*flags & DNS_VERIFY_MATCH) + debug("matching host key fingerprint found in DNS"); + else + debug("mismatching host key fingerprint found in DNS"); + else + debug("no host key fingerprint found in DNS"); - return DNS_VERIFY_ERROR; + return 0; } @@ -255,7 +242,7 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address, * Export the fingerprint of a key as a DNS resource record */ int -export_dns_rr(const char *hostname, Key *key, FILE *f, int generic) +export_dns_rr(const char *hostname, const Key *key, FILE *f, int generic) { u_int8_t rdata_pubkey_algorithm = 0; u_int8_t rdata_digest_type = SSHFP_HASH_SHA1; @@ -286,5 +273,3 @@ export_dns_rr(const char *hostname, Key *key, FILE *f, int generic) return success; } - -#endif /* DNS */ diff --git a/openssh/dns.h b/openssh/dns.h index ba0ea9f..c5da22e 100644 --- a/openssh/dns.h +++ b/openssh/dns.h @@ -1,4 +1,4 @@ -/* $OpenBSD: dns.h,v 1.3 2003/05/14 22:56:51 jakob Exp $ */ +/* $OpenBSD: dns.h,v 1.5 2003/11/12 16:39:58 jakob Exp $ */ /* * Copyright (c) 2003 Wesley Griffin. All rights reserved. @@ -28,7 +28,6 @@ #include "includes.h" -#ifdef DNS #ifndef DNS_H #define DNS_H @@ -46,12 +45,12 @@ enum sshfp_hashes { #define DNS_RDATACLASS_IN 1 #define DNS_RDATATYPE_SSHFP 44 -#define DNS_VERIFY_FAILED -1 -#define DNS_VERIFY_OK 0 -#define DNS_VERIFY_ERROR 1 +#define DNS_VERIFY_FOUND 0x00000001 +#define DNS_VERIFY_MATCH 0x00000002 +#define DNS_VERIFY_SECURE 0x00000004 -int verify_host_key_dns(const char *, struct sockaddr *, Key *); -int export_dns_rr(const char *, Key *, FILE *, int); + +int verify_host_key_dns(const char *, struct sockaddr *, const Key *, int *); +int export_dns_rr(const char *, const Key *, FILE *, int); #endif /* DNS_H */ -#endif /* DNS */ diff --git a/openssh/entropy.c b/openssh/entropy.c index 2d8cec0..431d5ea 100644 --- a/openssh/entropy.c +++ b/openssh/entropy.c @@ -36,9 +36,9 @@ /* * Portable OpenSSH PRNG seeding: - * If OpenSSL has not "internally seeded" itself (e.g. pulled data from - * /dev/random), then we execute a "ssh-rand-helper" program which - * collects entropy and writes it to stdout. The child program must + * If OpenSSL has not "internally seeded" itself (e.g. pulled data from + * /dev/random), then we execute a "ssh-rand-helper" program which + * collects entropy and writes it to stdout. The child program must * write at least RANDOM_SEED_SIZE bytes. The child is run with stderr * attached, so error/debugging output should be visible. * @@ -86,16 +86,16 @@ seed_rng(void) close(p[1]); close(devnull); - if (original_uid != original_euid && - ( seteuid(getuid()) == -1 || + if (original_uid != original_euid && + ( seteuid(getuid()) == -1 || setuid(original_uid) == -1) ) { - fprintf(stderr, "(rand child) setuid(%li): %s\n", + fprintf(stderr, "(rand child) setuid(%li): %s\n", (long int)original_uid, strerror(errno)); _exit(1); } - + execl(SSH_RAND_HELPER, "ssh-rand-helper", NULL); - fprintf(stderr, "(rand child) Couldn't exec '%s': %s\n", + fprintf(stderr, "(rand child) Couldn't exec '%s': %s\n", SSH_RAND_HELPER, strerror(errno)); _exit(1); } @@ -114,12 +114,12 @@ seed_rng(void) close(p[0]); if (waitpid(pid, &ret, 0) == -1) - fatal("Couldn't wait for ssh-rand-helper completion: %s", + fatal("Couldn't wait for ssh-rand-helper completion: %s", strerror(errno)); signal(SIGCHLD, old_sigchld); /* We don't mind if the child exits upon a SIGPIPE */ - if (!WIFEXITED(ret) && + if (!WIFEXITED(ret) && (!WIFSIGNALED(ret) || WTERMSIG(ret) != SIGPIPE)) fatal("ssh-rand-helper terminated abnormally"); if (WEXITSTATUS(ret) != 0) @@ -134,7 +134,7 @@ seed_rng(void) } void -init_rng(void) +init_rng(void) { /* * OpenSSL version numbers: MNNFFPPS: major minor fix patch status diff --git a/openssh/fatal.c b/openssh/fatal.c index 9e7d160..ae1aaac 100644 --- a/openssh/fatal.c +++ b/openssh/fatal.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: fatal.c,v 1.1 2002/02/22 12:20:34 markus Exp $"); +RCSID("$OpenBSD: fatal.c,v 1.2 2003/09/23 20:17:11 markus Exp $"); #include "log.h" @@ -36,5 +36,5 @@ fatal(const char *fmt,...) va_start(args, fmt); do_log(SYSLOG_LEVEL_FATAL, fmt, args); va_end(args); - fatal_cleanup(); + cleanup_exit(255); } diff --git a/openssh/fixprogs b/openssh/fixprogs index 61840cf..af76ee3 100755 --- a/openssh/fixprogs +++ b/openssh/fixprogs @@ -65,7 +65,7 @@ foreach (@infile) { ($null, $null, $rate) = split(/,/, $ent[0]); $est = $rate / $entscale; # scale the estimate back } - } + } print OUT "\"$cmd\" $path $est\n"; } diff --git a/openssh/gss-genr.c b/openssh/gss-genr.c index bda12d6..3f5727b 100644 --- a/openssh/gss-genr.c +++ b/openssh/gss-genr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: gss-genr.c,v 1.1 2003/08/22 10:56:09 markus Exp $ */ +/* $OpenBSD: gss-genr.c,v 1.3 2003/11/21 11:57:03 djm Exp $ */ /* * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. @@ -33,9 +33,12 @@ #include "compat.h" #include "log.h" #include "monitor_wrap.h" +#include "ssh2.h" #include "ssh-gss.h" +extern u_char *session_id2; +extern u_int session_id2_len; /* Check that the OID in a data stream matches that in the context */ int @@ -244,6 +247,28 @@ ssh_gssapi_acquire_cred(Gssctxt *ctx) return (ctx->major); } +OM_uint32 +ssh_gssapi_sign(Gssctxt *ctx, gss_buffer_t buffer, gss_buffer_t hash) +{ + if ((ctx->major = gss_get_mic(&ctx->minor, ctx->context, + GSS_C_QOP_DEFAULT, buffer, hash))) + ssh_gssapi_error(ctx); + + return (ctx->major); +} + +void +ssh_gssapi_buildmic(Buffer *b, const char *user, const char *service, + const char *context) +{ + buffer_init(b); + buffer_put_string(b, session_id2, session_id2_len); + buffer_put_char(b, SSH2_MSG_USERAUTH_REQUEST); + buffer_put_cstring(b, user); + buffer_put_cstring(b, service); + buffer_put_cstring(b, context); +} + OM_uint32 ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID oid) { if (*ctx) diff --git a/openssh/gss-serv-krb5.c b/openssh/gss-serv-krb5.c index f48e099..e358bcb 100644 --- a/openssh/gss-serv-krb5.c +++ b/openssh/gss-serv-krb5.c @@ -1,4 +1,4 @@ -/* $OpenBSD: gss-serv-krb5.c,v 1.1 2003/08/22 10:56:09 markus Exp $ */ +/* $OpenBSD: gss-serv-krb5.c,v 1.2 2003/11/21 11:57:03 djm Exp $ */ /* * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. @@ -48,7 +48,7 @@ static krb5_context krb_context = NULL; /* Initialise the krb5 library, for the stuff that GSSAPI won't do */ -static int +static int ssh_gssapi_krb5_init() { krb5_error_code problem; @@ -127,10 +127,10 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client) { int tmpfd; char ccname[40]; - - snprintf(ccname, sizeof(ccname), + + snprintf(ccname, sizeof(ccname), "FILE:/tmp/krb5cc_%d_XXXXXX", geteuid()); - + if ((tmpfd = mkstemp(ccname + strlen("FILE:"))) == -1) { logit("mkstemp(): %.100s", strerror(errno)); problem = errno; @@ -151,7 +151,7 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client) } #endif /* #ifdef HEIMDAL */ - if ((problem = krb5_parse_name(krb_context, + if ((problem = krb5_parse_name(krb_context, client->exportedname.value, &princ))) { logit("krb5_parse_name(): %.100s", krb5_get_err_text(krb_context, problem)); @@ -169,7 +169,7 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client) krb5_free_principal(krb_context, princ); - if ((maj_status = gss_krb5_copy_ccache(&min_status, + if ((maj_status = gss_krb5_copy_ccache(&min_status, client->creds, ccache))) { logit("gss_krb5_copy_ccache() failed"); krb5_cc_destroy(krb_context, ccache); diff --git a/openssh/gss-serv.c b/openssh/gss-serv.c index 8fd1d63..de32a3f 100644 --- a/openssh/gss-serv.c +++ b/openssh/gss-serv.c @@ -1,4 +1,4 @@ -/* $OpenBSD: gss-serv.c,v 1.3 2003/08/31 13:31:57 markus Exp $ */ +/* $OpenBSD: gss-serv.c,v 1.5 2003/11/17 11:06:07 markus Exp $ */ /* * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. @@ -232,9 +232,9 @@ ssh_gssapi_getclient(Gssctxt *ctx, ssh_gssapi_client *client) return (ctx->major); } -/* As user - called through fatal cleanup hook */ +/* As user - called on fatal/exit */ void -ssh_gssapi_cleanup_creds(void *ignored) +ssh_gssapi_cleanup_creds(void) { if (gssapi_client.store.filename != NULL) { /* Unlink probably isn't sufficient */ @@ -249,8 +249,6 @@ ssh_gssapi_storecreds(void) { if (gssapi_client.mech && gssapi_client.mech->storecreds) { (*gssapi_client.mech->storecreds)(&gssapi_client); - if (options.gss_cleanup_creds) - fatal_add_cleanup(ssh_gssapi_cleanup_creds, NULL); } else debug("ssh_gssapi_storecreds: Not a GSSAPI mechanism"); } @@ -289,4 +287,14 @@ ssh_gssapi_userok(char *user) return (0); } +/* Priviledged */ +OM_uint32 +ssh_gssapi_checkmic(Gssctxt *ctx, gss_buffer_t gssbuf, gss_buffer_t gssmic) +{ + ctx->major = gss_verify_mic(&ctx->minor, ctx->context, + gssbuf, gssmic, NULL); + + return (ctx->major); +} + #endif diff --git a/openssh/hostfile.c b/openssh/hostfile.c index 42a8aa7..88c0549 100644 --- a/openssh/hostfile.c +++ b/openssh/hostfile.c @@ -36,7 +36,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: hostfile.c,v 1.31 2003/04/08 20:21:28 itojun Exp $"); +RCSID("$OpenBSD: hostfile.c,v 1.32 2003/11/10 16:23:41 jakob Exp $"); #include "packet.h" #include "match.h" @@ -72,7 +72,7 @@ hostfile_read_key(char **cpp, u_int *bitsp, Key *ret) } static int -hostfile_check_key(int bits, Key *key, const char *host, const char *filename, int linenum) +hostfile_check_key(int bits, const Key *key, const char *host, const char *filename, int linenum) { if (key == NULL || key->type != KEY_RSA1 || key->rsa == NULL) return 1; @@ -98,7 +98,7 @@ hostfile_check_key(int bits, Key *key, const char *host, const char *filename, i static HostStatus check_host_in_hostfile_by_key_or_type(const char *filename, - const char *host, Key *key, int keytype, Key *found, int *numret) + const char *host, const Key *key, int keytype, Key *found, int *numret) { FILE *f; char line[8192]; @@ -188,7 +188,7 @@ check_host_in_hostfile_by_key_or_type(const char *filename, } HostStatus -check_host_in_hostfile(const char *filename, const char *host, Key *key, +check_host_in_hostfile(const char *filename, const char *host, const Key *key, Key *found, int *numret) { if (key == NULL) @@ -211,7 +211,7 @@ lookup_key_in_hostfile_by_type(const char *filename, const char *host, */ int -add_host_to_hostfile(const char *filename, const char *host, Key *key) +add_host_to_hostfile(const char *filename, const char *host, const Key *key) { FILE *f; int success = 0; diff --git a/openssh/hostfile.h b/openssh/hostfile.h index e3d1165..efcddc9 100644 --- a/openssh/hostfile.h +++ b/openssh/hostfile.h @@ -1,4 +1,4 @@ -/* $OpenBSD: hostfile.h,v 1.13 2002/11/21 23:03:51 deraadt Exp $ */ +/* $OpenBSD: hostfile.h,v 1.14 2003/11/10 16:23:41 jakob Exp $ */ /* * Author: Tatu Ylonen @@ -20,8 +20,8 @@ typedef enum { int hostfile_read_key(char **, u_int *, Key *); HostStatus check_host_in_hostfile(const char *, const char *, - Key *, Key *, int *); -int add_host_to_hostfile(const char *, const char *, Key *); + const Key *, Key *, int *); +int add_host_to_hostfile(const char *, const char *, const Key *); int lookup_key_in_hostfile_by_type(const char *, const char *, int, Key *, int *); diff --git a/openssh/includes.h b/openssh/includes.h index 033cd91..ac9a950 100644 --- a/openssh/includes.h +++ b/openssh/includes.h @@ -147,7 +147,11 @@ static /**/const char *const rcsid[] = { (char *)rcsid, "\100(#)" msg } # include /* For INADDR_LOOPBACK */ #endif #ifdef USE_PAM +#if defined(HAVE_SECURITY_PAM_APPL_H) # include +#elif defined (HAVE_PAM_PAM_APPL_H) +# include +#endif #endif #ifdef HAVE_READPASSPHRASE_H # include diff --git a/openssh/install-sh b/openssh/install-sh index e9de238..220abbf 100755 --- a/openssh/install-sh +++ b/openssh/install-sh @@ -125,7 +125,7 @@ if [ x"$dir_arg" != x ]; then else # Waiting for this to be detected by the "$instcmd $src $dsttmp" command -# might cause directories to be created, which would be especially bad +# might cause directories to be created, which would be especially bad # if $src (and thus $dsttmp) contains '*'. if [ -f $src -o -d $src ] @@ -180,7 +180,7 @@ while [ $# -ne 0 ] ; do shift if [ ! -d "${pathcomp}" ] ; - then + then $mkdirprog "${pathcomp}" else true @@ -202,17 +202,17 @@ else # If we're going to rename the final executable, determine the name now. - if [ x"$transformarg" = x ] + if [ x"$transformarg" = x ] then dstfile=`basename $dst` else - dstfile=`basename $dst $transformbasename | + dstfile=`basename $dst $transformbasename | sed $transformarg`$transformbasename fi # don't allow the sed command to completely eliminate the filename - if [ x"$dstfile" = x ] + if [ x"$dstfile" = x ] then dstfile=`basename $dst` else @@ -243,7 +243,7 @@ else # Now rename the file to the real destination. $doit $rmcmd -f $dstdir/$dstfile && - $doit $mvcmd $dsttmp $dstdir/$dstfile + $doit $mvcmd $dsttmp $dstdir/$dstfile fi && diff --git a/openssh/kex.c b/openssh/kex.c index b070ccf..5a952c9 100644 --- a/openssh/kex.c +++ b/openssh/kex.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: kex.c,v 1.55 2003/04/01 10:31:26 markus Exp $"); +RCSID("$OpenBSD: kex.c,v 1.56 2003/11/21 11:57:03 djm Exp $"); #include @@ -310,7 +310,7 @@ choose_hostkeyalg(Kex *k, char *client, char *server) xfree(hostkeyalg); } -static int +static int proposals_match(char *my[PROPOSAL_MAX], char *peer[PROPOSAL_MAX]) { static int check[] = { @@ -392,7 +392,7 @@ kex_choose_conf(Kex *kex) kex->we_need = need; /* ignore the next message if the proposals do not match */ - if (first_kex_follows && !proposals_match(my, peer) && + if (first_kex_follows && !proposals_match(my, peer) && !(datafellows & SSH_BUG_FIRSTKEX)) { type = packet_read(); debug2("skipping next packet (type %u)", type); diff --git a/openssh/kexgexc.c b/openssh/kexgexc.c index f14ac44..0193183 100644 --- a/openssh/kexgexc.c +++ b/openssh/kexgexc.c @@ -24,7 +24,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: kexgexc.c,v 1.1 2003/02/16 17:09:57 markus Exp $"); +RCSID("$OpenBSD: kexgexc.c,v 1.2 2003/12/08 11:00:47 markus Exp $"); #include "xmalloc.h" #include "key.h" @@ -49,16 +49,14 @@ kexgex_client(Kex *kex) nbits = dh_estimate(kex->we_need * 8); if (datafellows & SSH_OLD_DHGEX) { - debug("SSH2_MSG_KEX_DH_GEX_REQUEST_OLD sent"); - /* Old GEX request */ packet_start(SSH2_MSG_KEX_DH_GEX_REQUEST_OLD); packet_put_int(nbits); min = DH_GRP_MIN; max = DH_GRP_MAX; - } else { - debug("SSH2_MSG_KEX_DH_GEX_REQUEST sent"); + debug("SSH2_MSG_KEX_DH_GEX_REQUEST_OLD(%u) sent", nbits); + } else { /* New GEX request */ min = DH_GRP_MIN; max = DH_GRP_MAX; @@ -66,6 +64,9 @@ kexgex_client(Kex *kex) packet_put_int(min); packet_put_int(nbits); packet_put_int(max); + + debug("SSH2_MSG_KEX_DH_GEX_REQUEST(%u<%u<%u) sent", + min, nbits, max); } #ifdef DEBUG_KEXDH fprintf(stderr, "\nmin = %d, nbits = %d, max = %d\n", diff --git a/openssh/key.c b/openssh/key.c index 54318cb..323e6ff 100644 --- a/openssh/key.c +++ b/openssh/key.c @@ -32,7 +32,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: key.c,v 1.54 2003/07/09 13:58:19 avsm Exp $"); +RCSID("$OpenBSD: key.c,v 1.55 2003/11/10 16:23:41 jakob Exp $"); #include @@ -143,8 +143,9 @@ key_free(Key *k) } xfree(k); } + int -key_equal(Key *a, Key *b) +key_equal(const Key *a, const Key *b) { if (a == NULL || b == NULL || a->type != b->type) return 0; @@ -170,7 +171,8 @@ key_equal(Key *a, Key *b) } u_char* -key_fingerprint_raw(Key *k, enum fp_type dgst_type, u_int *dgst_raw_length) +key_fingerprint_raw(const Key *k, enum fp_type dgst_type, + u_int *dgst_raw_length) { const EVP_MD *md = NULL; EVP_MD_CTX ctx; @@ -292,7 +294,7 @@ key_fingerprint_bubblebabble(u_char *dgst_raw, u_int dgst_raw_len) } char * -key_fingerprint(Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep) +key_fingerprint(const Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep) { char *retval = NULL; u_char *dgst_raw; @@ -490,7 +492,7 @@ key_read(Key *ret, char **cpp) } int -key_write(Key *key, FILE *f) +key_write(const Key *key, FILE *f) { int n, success = 0; u_int len, bits = 0; @@ -522,8 +524,8 @@ key_write(Key *key, FILE *f) return success; } -char * -key_type(Key *k) +const char * +key_type(const Key *k) { switch (k->type) { case KEY_RSA1: @@ -539,8 +541,8 @@ key_type(Key *k) return "unknown"; } -char * -key_ssh_name(Key *k) +const char * +key_ssh_name(const Key *k) { switch (k->type) { case KEY_RSA: @@ -554,7 +556,7 @@ key_ssh_name(Key *k) } u_int -key_size(Key *k) +key_size(const Key *k) { switch (k->type) { case KEY_RSA1: @@ -611,7 +613,7 @@ key_generate(int type, u_int bits) } Key * -key_from_private(Key *k) +key_from_private(const Key *k) { Key *n = NULL; switch (k->type) { @@ -676,7 +678,7 @@ key_names_valid2(const char *names) } Key * -key_from_blob(u_char *blob, u_int blen) +key_from_blob(const u_char *blob, u_int blen) { Buffer b; char *ktype; @@ -726,7 +728,7 @@ key_from_blob(u_char *blob, u_int blen) } int -key_to_blob(Key *key, u_char **blobp, u_int *lenp) +key_to_blob(const Key *key, u_char **blobp, u_int *lenp) { Buffer b; int len; @@ -768,9 +770,9 @@ key_to_blob(Key *key, u_char **blobp, u_int *lenp) int key_sign( - Key *key, + const Key *key, u_char **sigp, u_int *lenp, - u_char *data, u_int datalen) + const u_char *data, u_int datalen) { switch (key->type) { case KEY_DSA: @@ -792,9 +794,9 @@ key_sign( */ int key_verify( - Key *key, - u_char *signature, u_int signaturelen, - u_char *data, u_int datalen) + const Key *key, + const u_char *signature, u_int signaturelen, + const u_char *data, u_int datalen) { if (signaturelen == 0) return -1; @@ -815,7 +817,7 @@ key_verify( /* Converts a private to a public key */ Key * -key_demote(Key *k) +key_demote(const Key *k) { Key *pk; diff --git a/openssh/key.h b/openssh/key.h index 28753fd..50df850 100644 --- a/openssh/key.h +++ b/openssh/key.h @@ -1,4 +1,4 @@ -/* $OpenBSD: key.h,v 1.22 2003/06/24 08:23:46 markus Exp $ */ +/* $OpenBSD: key.h,v 1.23 2003/11/10 16:23:41 jakob Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -55,33 +55,33 @@ struct Key { DSA *dsa; }; -Key *key_new(int); -Key *key_new_private(int); -void key_free(Key *); -Key *key_demote(Key *); -int key_equal(Key *, Key *); -char *key_fingerprint(Key *, enum fp_type, enum fp_rep); -u_char *key_fingerprint_raw(Key *, enum fp_type, u_int *); -char *key_type(Key *); -int key_write(Key *, FILE *); -int key_read(Key *, char **); -u_int key_size(Key *); +Key *key_new(int); +Key *key_new_private(int); +void key_free(Key *); +Key *key_demote(const Key *); +int key_equal(const Key *, const Key *); +char *key_fingerprint(const Key *, enum fp_type, enum fp_rep); +u_char *key_fingerprint_raw(const Key *, enum fp_type, u_int *); +const char *key_type(const Key *); +int key_write(const Key *, FILE *); +int key_read(Key *, char **); +u_int key_size(const Key *); Key *key_generate(int, u_int); -Key *key_from_private(Key *); +Key *key_from_private(const Key *); int key_type_from_name(char *); -Key *key_from_blob(u_char *, u_int); -int key_to_blob(Key *, u_char **, u_int *); -char *key_ssh_name(Key *); -int key_names_valid2(const char *); +Key *key_from_blob(const u_char *, u_int); +int key_to_blob(const Key *, u_char **, u_int *); +const char *key_ssh_name(const Key *); +int key_names_valid2(const char *); -int key_sign(Key *, u_char **, u_int *, u_char *, u_int); -int key_verify(Key *, u_char *, u_int, u_char *, u_int); +int key_sign(const Key *, u_char **, u_int *, const u_char *, u_int); +int key_verify(const Key *, const u_char *, u_int, const u_char *, u_int); -int ssh_dss_sign(Key *, u_char **, u_int *, u_char *, u_int); -int ssh_dss_verify(Key *, u_char *, u_int, u_char *, u_int); -int ssh_rsa_sign(Key *, u_char **, u_int *, u_char *, u_int); -int ssh_rsa_verify(Key *, u_char *, u_int, u_char *, u_int); +int ssh_dss_sign(const Key *, u_char **, u_int *, const u_char *, u_int); +int ssh_dss_verify(const Key *, const u_char *, u_int, const u_char *, u_int); +int ssh_rsa_sign(const Key *, u_char **, u_int *, const u_char *, u_int); +int ssh_rsa_verify(const Key *, const u_char *, u_int, const u_char *, u_int); #endif diff --git a/openssh/log.c b/openssh/log.c index 9bce255..686a2a4 100644 --- a/openssh/log.c +++ b/openssh/log.c @@ -34,7 +34,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: log.c,v 1.28 2003/05/24 09:02:22 djm Exp $"); +RCSID("$OpenBSD: log.c,v 1.29 2003/09/23 20:17:11 markus Exp $"); #include "log.h" #include "xmalloc.h" @@ -183,83 +183,6 @@ debug3(const char *fmt,...) va_end(args); } -/* Fatal cleanup */ - -struct fatal_cleanup { - struct fatal_cleanup *next; - void (*proc) (void *); - void *context; -}; - -static struct fatal_cleanup *fatal_cleanups = NULL; - -/* Registers a cleanup function to be called by fatal() before exiting. */ - -void -fatal_add_cleanup(void (*proc) (void *), void *context) -{ - struct fatal_cleanup *cu; - - cu = xmalloc(sizeof(*cu)); - cu->proc = proc; - cu->context = context; - cu->next = fatal_cleanups; - fatal_cleanups = cu; -} - -/* Removes a cleanup frunction to be called at fatal(). */ - -void -fatal_remove_cleanup(void (*proc) (void *context), void *context) -{ - struct fatal_cleanup **cup, *cu; - - for (cup = &fatal_cleanups; *cup; cup = &cu->next) { - cu = *cup; - if (cu->proc == proc && cu->context == context) { - *cup = cu->next; - xfree(cu); - return; - } - } - fatal("fatal_remove_cleanup: no such cleanup function: 0x%lx 0x%lx", - (u_long) proc, (u_long) context); -} - -/* Remove all cleanups, to be called after fork() */ -void -fatal_remove_all_cleanups(void) -{ - struct fatal_cleanup *cu, *next_cu; - - for (cu = fatal_cleanups; cu; cu = next_cu) { - next_cu = cu->next; - xfree(cu); - } - fatal_cleanups = NULL; -} - -/* Cleanup and exit */ -void -fatal_cleanup(void) -{ - struct fatal_cleanup *cu, *next_cu; - static int called = 0; - - if (called) - exit(255); - called = 1; - /* Call cleanup functions. */ - for (cu = fatal_cleanups; cu; cu = next_cu) { - next_cu = cu->next; - debug("Calling cleanup 0x%lx(0x%lx)", - (u_long) cu->proc, (u_long) cu->context); - (*cu->proc) (cu->context); - } - exit(255); -} - - /* * Initialize the log. */ diff --git a/openssh/log.h b/openssh/log.h index c366681..e026319 100644 --- a/openssh/log.h +++ b/openssh/log.h @@ -1,4 +1,4 @@ -/* $OpenBSD: log.h,v 1.9 2003/04/08 20:21:28 itojun Exp $ */ +/* $OpenBSD: log.h,v 1.10 2003/09/23 20:17:11 markus Exp $ */ /* * Author: Tatu Ylonen @@ -61,11 +61,6 @@ void debug(const char *, ...) __attribute__((format(printf, 1, 2))); void debug2(const char *, ...) __attribute__((format(printf, 1, 2))); void debug3(const char *, ...) __attribute__((format(printf, 1, 2))); -void fatal_cleanup(void); -void fatal_add_cleanup(void (*) (void *), void *); -void fatal_remove_cleanup(void (*) (void *), void *); -void fatal_remove_all_cleanups(void); - void do_log(LogLevel, const char *, va_list); - +void cleanup_exit(int); #endif diff --git a/openssh/loginrec.c b/openssh/loginrec.c index 8a7092b..ef3e8e2 100644 --- a/openssh/loginrec.c +++ b/openssh/loginrec.c @@ -442,7 +442,7 @@ login_write (struct logininfo *li) int login_utmp_only(struct logininfo *li) { - li->type = LTYPE_LOGIN; + li->type = LTYPE_LOGIN; login_set_current_time(li); # ifdef USE_UTMP utmp_write_entry(li); @@ -1534,7 +1534,7 @@ lastlog_get_entry(struct logininfo *li) lastlog_populate_entry(li, &last); return (1); case -1: - error("%s: Error reading from %s: %s", __func__, + error("%s: Error reading from %s: %s", __func__, LASTLOG_FILE, strerror(errno)); return (0); default: diff --git a/openssh/mac.c b/openssh/mac.c index ab9a03d..097f0b9 100644 --- a/openssh/mac.c +++ b/openssh/mac.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: mac.c,v 1.5 2002/05/16 22:02:50 markus Exp $"); +RCSID("$OpenBSD: mac.c,v 1.6 2003/09/18 13:02:21 miod Exp $"); #include @@ -77,7 +77,7 @@ mac_compute(Mac *mac, u_int32_t seqno, u_char *data, int datalen) if (mac->key == NULL) fatal("mac_compute: no key"); - if (mac->mac_len > sizeof(m)) + if ((u_int)mac->mac_len > sizeof(m)) fatal("mac_compute: mac too long"); HMAC_Init(&c, mac->key, mac->key_len, mac->md); PUT_32BIT(b, seqno); diff --git a/openssh/md5crypt.c b/openssh/md5crypt.c index 7140a3d..2833698 100644 --- a/openssh/md5crypt.c +++ b/openssh/md5crypt.c @@ -1,9 +1,9 @@ /* * ---------------------------------------------------------------------------- * "THE BEER-WARE LICENSE" (Revision 42): - * wrote this file. As long as you retain this - * notice you can do whatever you want with this stuff. If we meet some - * day, and you think this stuff is worth it, you can buy me a beer in + * wrote this file. As long as you retain this + * notice you can do whatever you want with this stuff. If we meet some + * day, and you think this stuff is worth it, you can buy me a beer in * return. Poul-Henning Kamp * ---------------------------------------------------------------------------- */ @@ -35,7 +35,7 @@ to64(unsigned long v, int n) *s++ = itoa64[v&0x3f]; v >>= 6; } - + return (buf); } diff --git a/openssh/mdoc2man.awk b/openssh/mdoc2man.awk index 856e2d7..9135af0 100644 --- a/openssh/mdoc2man.awk +++ b/openssh/mdoc2man.awk @@ -76,19 +76,19 @@ function add(str) { skip=1 ext=1 if(length(line)&&!(match(line," $")||prenl)) - add(OFS) + add(OFS) } else if(match(words[w],"^Xc$")) { skip=1 ext=0 if(!extopt) - prenl++ + prenl++ w=nwords } else if(match(words[w],"^Bd$")) { skip=1 if(match(words[w+1],"-literal")) { - literal=1 - prenl++ - w=nwords + literal=1 + prenl++ + w=nwords } } else if(match(words[w],"^Ed$")) { skip=1 @@ -96,7 +96,7 @@ function add(str) { } else if(match(words[w],"^Ns$")) { skip=1 if(!nospace) - nospace=1 + nospace=1 sub(" $","",line) } else if(match(words[w],"^No$")) { skip=1 @@ -107,20 +107,20 @@ function add(str) { add("``") add(words[++w]) while(w0;i--) { - add(refauthors[i]) - if(i>1) - add(", ") + add(refauthors[i]) + if(i>1) + add(", ") } if(nrefauthors>1) - add(" and ") + add(" and ") add(refauthors[0] ", \\fI" reftitle "\\fP") if(length(refissue)) - add(", " refissue) + add(", " refissue) if(length(refdate)) - add(", " refdate) + add(", " refdate) if(length(refopt)) - add(", " refopt) + add(", " refopt) add(".") reference=0 } else if(reference) { if(match(words[w],"^%A$")) { refauthors[nrefauthors++]=wtail() } if(match(words[w],"^%T$")) { - reftitle=wtail() - sub("^\"","",reftitle) - sub("\"$","",reftitle) + reftitle=wtail() + sub("^\"","",reftitle) + sub("\"$","",reftitle) } if(match(words[w],"^%N$")) { refissue=wtail() } if(match(words[w],"^%D$")) { refdate=wtail() } if(match(words[w],"^%O$")) { refopt=wtail() } } else if(match(words[w],"^Nm$")) { if(synopsis) { - add(".br") - prenl++ + add(".br") + prenl++ } n=words[++w] if(!length(name)) - name=n + name=n if(!length(n)) - n=name + n=name add("\\fB" n "\\fP") if(!nospace&&match(words[w+1],"^[\\.,]")) - nospace=1 + nospace=1 } else if(match(words[w],"^Nd$")) { add("\\- " wtail()) } else if(match(words[w],"^Fl$")) { add("\\fB\\-" words[++w] "\\fP") if(!nospace&&match(words[w+1],"^[\\.,]")) - nospace=1 + nospace=1 } else if(match(words[w],"^Ar$")) { add("\\fI") if(w==nwords) - add("file ...\\fP") + add("file ...\\fP") else { - add(words[++w] "\\fP") - while(match(words[w+1],"^\\|$")) - add(OFS words[++w] " \\fI" words[++w] "\\fP") + add(words[++w] "\\fP") + while(match(words[w+1],"^\\|$")) + add(OFS words[++w] " \\fI" words[++w] "\\fP") } if(!nospace&&match(words[w+1],"^[\\.,]")) - nospace=1 + nospace=1 } else if(match(words[w],"^Cm$")) { add("\\fB" words[++w] "\\fP") while(w * Copyright 1996-1998, 2003 William Allen Simpson @@ -44,15 +44,6 @@ #include - -/* - * Debugging defines - */ - -/* define DEBUG_LARGE 1 */ -/* define DEBUG_SMALL 1 */ -/* define DEBUG_TEST 1 */ - /* * File output defines */ @@ -81,9 +72,10 @@ #define QTEST_JACOBI (0x08) #define QTEST_ELLIPTIC (0x10) -/* Size: decimal. +/* + * Size: decimal. * Specifies the number of the most significant bit (0 to M). - ** WARNING: internally, usually 1 to N. + * WARNING: internally, usually 1 to N. */ #define QSIZE_MINIMUM (511) @@ -151,7 +143,7 @@ qfileout(FILE * ofile, u_int32_t otype, u_int32_t otests, u_int32_t otries, time(&time_now); gtm = gmtime(&time_now); - + res = fprintf(ofile, "%04d%02d%02d%02d%02d%02d %u %u %u %u %x ", gtm->tm_year + 1900, gtm->tm_mon + 1, gtm->tm_mday, gtm->tm_hour, gtm->tm_min, gtm->tm_sec, @@ -178,7 +170,7 @@ sieve_large(u_int32_t s) { u_int32_t r, u; - debug2("sieve_large %u", s); + debug3("sieve_large %u", s); largetries++; /* r = largebase mod s */ r = BN_mod_word(largebase, s); @@ -244,9 +236,9 @@ gen_candidates(FILE *out, int memory, int power, BIGNUM *start) largememory = memory; /* - * Set power to the length in bits of the prime to be generated. - * This is changed to 1 less than the desired safe prime moduli p. - */ + * Set power to the length in bits of the prime to be generated. + * This is changed to 1 less than the desired safe prime moduli p. + */ if (power > TEST_MAXIMUM) { error("Too many bits: %u > %lu", power, TEST_MAXIMUM); return (-1); @@ -257,16 +249,16 @@ gen_candidates(FILE *out, int memory, int power, BIGNUM *start) power--; /* decrement before squaring */ /* - * The density of ordinary primes is on the order of 1/bits, so the - * density of safe primes should be about (1/bits)**2. Set test range - * to something well above bits**2 to be reasonably sure (but not - * guaranteed) of catching at least one safe prime. + * The density of ordinary primes is on the order of 1/bits, so the + * density of safe primes should be about (1/bits)**2. Set test range + * to something well above bits**2 to be reasonably sure (but not + * guaranteed) of catching at least one safe prime. */ largewords = ((power * power) >> (SHIFT_WORD - TEST_POWER)); /* - * Need idea of how much memory is available. We don't have to use all - * of it. + * Need idea of how much memory is available. We don't have to use all + * of it. */ if (largememory > LARGE_MAXIMUM) { logit("Limited memory: %u MB; limit %lu MB", @@ -315,8 +307,8 @@ gen_candidates(FILE *out, int memory, int power, BIGNUM *start) q = BN_new(); /* - * Generate random starting point for subprime search, or use - * specified parameter. + * Generate random starting point for subprime search, or use + * specified parameter. */ largebase = BN_new(); if (start == NULL) @@ -329,13 +321,13 @@ gen_candidates(FILE *out, int memory, int power, BIGNUM *start) time(&time_start); - logit("%.24s Sieve next %u plus %u-bit", ctime(&time_start), + logit("%.24s Sieve next %u plus %u-bit", ctime(&time_start), largenumbers, power); debug2("start point: 0x%s", BN_bn2hex(largebase)); /* - * TinySieve - */ + * TinySieve + */ for (i = 0; i < tinybits; i++) { if (BIT_TEST(TinySieve, i)) continue; /* 2*i+3 is composite */ @@ -351,9 +343,9 @@ gen_candidates(FILE *out, int memory, int power, BIGNUM *start) } /* - * Start the small block search at the next possible prime. To avoid - * fencepost errors, the last pass is skipped. - */ + * Start the small block search at the next possible prime. To avoid + * fencepost errors, the last pass is skipped. + */ for (smallbase = TINY_NUMBER + 3; smallbase < (SMALL_MAXIMUM - TINY_NUMBER); smallbase += TINY_NUMBER) { @@ -386,8 +378,8 @@ gen_candidates(FILE *out, int memory, int power, BIGNUM *start) } /* - * SmallSieve - */ + * SmallSieve + */ for (i = 0; i < smallbits; i++) { if (BIT_TEST(SmallSieve, i)) continue; /* 2*i+smallbase is composite */ @@ -438,7 +430,7 @@ gen_candidates(FILE *out, int memory, int power, BIGNUM *start) * The result is a list of so-call "safe" primes */ int -prime_test(FILE *in, FILE *out, u_int32_t trials, +prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted) { BIGNUM *q, *p, *a; @@ -483,6 +475,7 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, debug2("%10u: known composite", count_in); continue; } + /* tries */ in_tries = strtoul(cp, &cp, 10); @@ -507,13 +500,20 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, in_size += 1; generator_known = 0; break; - default: + case QTYPE_UNSTRUCTURED: + case QTYPE_SAFE: + case QTYPE_SCHNOOR: + case QTYPE_STRONG: + case QTYPE_UNKNOWN: debug2("%10u: (%u)", count_in, in_type); a = p; BN_hex2bn(&a, cp); /* q = (p-1) / 2 */ BN_rshift(q, p, 1); break; + default: + debug2("Unknown prime type"); + break; } /* @@ -533,6 +533,7 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, in_tries += trials; else in_tries = trials; + /* * guess unknown generator */ @@ -544,9 +545,8 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, else { u_int32_t r = BN_mod_word(p, 10); - if (r == 3 || r == 7) { + if (r == 3 || r == 7) generator_known = 5; - } } } /* @@ -559,30 +559,39 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, continue; } + /* + * Primes with no known generator are useless for DH, so + * skip those. + */ + if (generator_known == 0) { + debug2("%10u: no known generator", count_in); + continue; + } + count_possible++; /* - * The (1/4)^N performance bound on Miller-Rabin is - * extremely pessimistic, so don't spend a lot of time - * really verifying that q is prime until after we know - * that p is also prime. A single pass will weed out the + * The (1/4)^N performance bound on Miller-Rabin is + * extremely pessimistic, so don't spend a lot of time + * really verifying that q is prime until after we know + * that p is also prime. A single pass will weed out the * vast majority of composite q's. */ if (BN_is_prime(q, 1, NULL, ctx, NULL) <= 0) { - debug2("%10u: q failed first possible prime test", + debug("%10u: q failed first possible prime test", count_in); continue; } - + /* - * q is possibly prime, so go ahead and really make sure - * that p is prime. If it is, then we can go back and do - * the same for q. If p is composite, chances are that + * q is possibly prime, so go ahead and really make sure + * that p is prime. If it is, then we can go back and do + * the same for q. If p is composite, chances are that * will show up on the first Rabin-Miller iteration so it * doesn't hurt to specify a high iteration count. */ if (!BN_is_prime(p, trials, NULL, ctx, NULL)) { - debug2("%10u: p is not prime", count_in); + debug("%10u: p is not prime", count_in); continue; } debug("%10u: p is almost certainly prime", count_in); @@ -594,7 +603,7 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, } debug("%10u: q is almost certainly prime", count_in); - if (qfileout(out, QTYPE_SAFE, (in_tests | QTEST_MILLER_RABIN), + if (qfileout(out, QTYPE_SAFE, (in_tests | QTEST_MILLER_RABIN), in_tries, in_size, generator_known, p)) { res = -1; break; @@ -610,7 +619,7 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, BN_CTX_free(ctx); logit("%.24s Found %u safe primes of %u candidates in %ld seconds", - ctime(&time_stop), count_out, count_possible, + ctime(&time_stop), count_out, count_possible, (long) (time_stop - time_start)); return (res); diff --git a/openssh/monitor.c b/openssh/monitor.c index e565647..46e8d16 100644 --- a/openssh/monitor.c +++ b/openssh/monitor.c @@ -25,7 +25,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: monitor.c,v 1.49 2003/08/28 12:54:34 markus Exp $"); +RCSID("$OpenBSD: monitor.c,v 1.54 2003/11/21 11:57:03 djm Exp $"); #include @@ -134,6 +134,7 @@ int mm_answer_pam_free_ctx(int, Buffer *); int mm_answer_gss_setup_ctx(int, Buffer *); int mm_answer_gss_accept_ctx(int, Buffer *); int mm_answer_gss_userok(int, Buffer *); +int mm_answer_gss_checkmic(int, Buffer *); #endif static Authctxt *authctxt; @@ -193,6 +194,7 @@ struct mon_table mon_dispatch_proto20[] = { {MONITOR_REQ_GSSSETUP, MON_ISAUTH, mm_answer_gss_setup_ctx}, {MONITOR_REQ_GSSSTEP, MON_ISAUTH, mm_answer_gss_accept_ctx}, {MONITOR_REQ_GSSUSEROK, MON_AUTH, mm_answer_gss_userok}, + {MONITOR_REQ_GSSCHECKMIC, MON_ISAUTH, mm_answer_gss_checkmic}, #endif {0, 0, NULL} }; @@ -272,14 +274,17 @@ monitor_permit_authentications(int permit) } } -Authctxt * -monitor_child_preauth(struct monitor *pmonitor) +void +monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor) { struct mon_table *ent; int authenticated = 0; debug3("preauth child monitor started"); + authctxt = _authctxt; + memset(authctxt, 0, sizeof(*authctxt)); + if (compat20) { mon_dispatch = mon_dispatch_proto20; @@ -292,8 +297,6 @@ monitor_child_preauth(struct monitor *pmonitor) monitor_permit(mon_dispatch, MONITOR_REQ_SESSKEY, 1); } - authctxt = authctxt_new(); - /* The first few requests do not require asynchronous access */ while (!authenticated) { authenticated = monitor_read(pmonitor, mon_dispatch, &ent); @@ -306,11 +309,11 @@ monitor_child_preauth(struct monitor *pmonitor) authenticated = 0; #ifdef USE_PAM /* PAM needs to perform account checks after auth */ - if (options.use_pam) { + if (options.use_pam && authenticated) { Buffer m; buffer_init(&m); - mm_request_receive_expect(pmonitor->m_sendfd, + mm_request_receive_expect(pmonitor->m_sendfd, MONITOR_REQ_PAM_ACCOUNT, &m); authenticated = mm_answer_pam_account(pmonitor->m_sendfd, &m); buffer_free(&m); @@ -333,8 +336,6 @@ monitor_child_preauth(struct monitor *pmonitor) __func__, authctxt->user); mm_get_keystate(pmonitor); - - return (authctxt); } static void @@ -566,6 +567,7 @@ mm_answer_pwnamallow(int socket, Buffer *m) if (pwent == NULL) { buffer_put_char(m, 0); + authctxt->pw = fakepw(); goto out; } @@ -781,7 +783,7 @@ int mm_answer_pam_start(int socket, Buffer *m) { char *user; - + if (!options.use_pam) fatal("UsePAM not set, but ended up in %s anyway", __func__); @@ -800,7 +802,7 @@ int mm_answer_pam_account(int socket, Buffer *m) { u_int ret; - + if (!options.use_pam) fatal("UsePAM not set, but ended up in %s anyway", __func__); @@ -947,7 +949,7 @@ mm_answer_keyallowed(int socket, Buffer *m) debug3("%s: key_from_blob: %p", __func__, key); - if (key != NULL && authctxt->pw != NULL) { + if (key != NULL && authctxt->valid) { switch(type) { case MM_USERKEY: allowed = options.pubkey_authentication && @@ -1185,7 +1187,7 @@ mm_record_login(Session *s, struct passwd *pw) if (getpeername(packet_get_connection_in(), (struct sockaddr *) & from, &fromlen) < 0) { debug("getpeername: %.100s", strerror(errno)); - fatal_cleanup(); + cleanup_exit(255); } } /* Record that there was a login on that tty from the remote host. */ @@ -1200,7 +1202,6 @@ mm_session_close(Session *s) debug3("%s: session %d pid %ld", __func__, s->self, (long)s->pid); if (s->ttyfd != -1) { debug3("%s: tty %s ptyfd %d", __func__, s->tty, s->ptyfd); - fatal_remove_cleanup(session_pty_cleanup2, (void *)s); session_pty_cleanup2(s); } s->used = 0; @@ -1225,7 +1226,6 @@ mm_answer_pty(int socket, Buffer *m) res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty)); if (res == 0) goto error; - fatal_add_cleanup(session_pty_cleanup2, (void *)s); pty_setowner(authctxt->pw, s->tty); buffer_put_int(m, 1); @@ -1784,14 +1784,42 @@ mm_answer_gss_accept_ctx(int socket, Buffer *m) gss_release_buffer(&minor, &out); - /* Complete - now we can do signing */ if (major==GSS_S_COMPLETE) { monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 0); monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1); + monitor_permit(mon_dispatch, MONITOR_REQ_GSSCHECKMIC, 1); } return (0); } +int +mm_answer_gss_checkmic(int socket, Buffer *m) +{ + gss_buffer_desc gssbuf, mic; + OM_uint32 ret; + u_int len; + + gssbuf.value = buffer_get_string(m, &len); + gssbuf.length = len; + mic.value = buffer_get_string(m, &len); + mic.length = len; + + ret = ssh_gssapi_checkmic(gsscontext, &gssbuf, &mic); + + xfree(gssbuf.value); + xfree(mic.value); + + buffer_clear(m); + buffer_put_int(m, ret); + + mm_request_send(socket, MONITOR_ANS_GSSCHECKMIC, m); + + if (!GSS_ERROR(ret)) + monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1); + + return (0); +} + int mm_answer_gss_userok(int socket, Buffer *m) { @@ -1805,7 +1833,7 @@ mm_answer_gss_userok(int socket, Buffer *m) debug3("%s: sending result %d", __func__, authenticated); mm_request_send(socket, MONITOR_ANS_GSSUSEROK, m); - auth_method="gssapi"; + auth_method="gssapi-with-mic"; /* Monitor loop will terminate if authenticated */ return (authenticated); diff --git a/openssh/monitor.h b/openssh/monitor.h index 2461156..621a4ad 100644 --- a/openssh/monitor.h +++ b/openssh/monitor.h @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.h,v 1.11 2003/08/28 12:54:34 markus Exp $ */ +/* $OpenBSD: monitor.h,v 1.13 2003/11/17 11:06:07 markus Exp $ */ /* * Copyright 2002 Niels Provos @@ -52,6 +52,7 @@ enum monitor_reqtype { MONITOR_REQ_GSSSETUP, MONITOR_ANS_GSSSETUP, MONITOR_REQ_GSSSTEP, MONITOR_ANS_GSSSTEP, MONITOR_REQ_GSSUSEROK, MONITOR_ANS_GSSUSEROK, + MONITOR_REQ_GSSCHECKMIC, MONITOR_ANS_GSSCHECKMIC, MONITOR_REQ_PAM_START, MONITOR_REQ_PAM_ACCOUNT, MONITOR_ANS_PAM_ACCOUNT, MONITOR_REQ_PAM_INIT_CTX, MONITOR_ANS_PAM_INIT_CTX, @@ -76,7 +77,7 @@ void monitor_reinit(struct monitor *); void monitor_sync(struct monitor *); struct Authctxt; -struct Authctxt *monitor_child_preauth(struct monitor *); +void monitor_child_preauth(struct Authctxt *, struct monitor *); void monitor_child_postauth(struct monitor *); struct mon_table; diff --git a/openssh/monitor_wrap.c b/openssh/monitor_wrap.c index 4034d56..e7c15ce 100644 --- a/openssh/monitor_wrap.c +++ b/openssh/monitor_wrap.c @@ -25,7 +25,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: monitor_wrap.c,v 1.31 2003/08/28 12:54:34 markus Exp $"); +RCSID("$OpenBSD: monitor_wrap.c,v 1.35 2003/11/17 11:06:07 markus Exp $"); #include #include @@ -66,6 +66,16 @@ extern struct monitor *pmonitor; extern Buffer input, output; extern ServerOptions options; +int +mm_is_monitor(void) +{ + /* + * m_pid is only set in the privileged part, and + * points to the unprivileged child. + */ + return (pmonitor && pmonitor->m_pid > 0); +} + void mm_request_send(int socket, enum monitor_reqtype type, Buffer *m) { @@ -94,7 +104,7 @@ mm_request_receive(int socket, Buffer *m) res = atomicio(read, socket, buf, sizeof(buf)); if (res != sizeof(buf)) { if (res == 0) - fatal_cleanup(); + cleanup_exit(255); fatal("%s: read: %ld", __func__, (long)res); } msg_len = GET_32BIT(buf); @@ -214,7 +224,8 @@ mm_getpwnamallow(const char *login) return (pw); } -char *mm_auth2_read_banner(void) +char * +mm_auth2_read_banner(void) { Buffer m; char *banner; @@ -225,10 +236,16 @@ char *mm_auth2_read_banner(void) mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTH2_READ_BANNER, &m); buffer_clear(&m); - mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUTH2_READ_BANNER, &m); + mm_request_receive_expect(pmonitor->m_recvfd, + MONITOR_ANS_AUTH2_READ_BANNER, &m); banner = buffer_get_string(&m, NULL); buffer_free(&m); + /* treat empty banner as missing banner */ + if (strlen(banner) == 0) { + xfree(banner); + banner = NULL; + } return (banner); } @@ -648,9 +665,8 @@ mm_pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, int namebuflen) } void -mm_session_pty_cleanup2(void *session) +mm_session_pty_cleanup2(Session *s) { - Session *s = session; Buffer m; if (s->ttyfd == -1) @@ -699,12 +715,12 @@ mm_do_pam_account(void) buffer_init(&m); mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_ACCOUNT, &m); - mm_request_receive_expect(pmonitor->m_recvfd, + mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_ACCOUNT, &m); ret = buffer_get_int(&m); buffer_free(&m); - + debug3("%s returning %d", __func__, ret); return (ret); @@ -1118,6 +1134,25 @@ mm_ssh_gssapi_accept_ctx(Gssctxt *ctx, gss_buffer_desc *in, return (major); } +OM_uint32 +mm_ssh_gssapi_checkmic(Gssctxt *ctx, gss_buffer_t gssbuf, gss_buffer_t gssmic) +{ + Buffer m; + OM_uint32 major; + + buffer_init(&m); + buffer_put_string(&m, gssbuf->value, gssbuf->length); + buffer_put_string(&m, gssmic->value, gssmic->length); + + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSCHECKMIC, &m); + mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSCHECKMIC, + &m); + + major = buffer_get_int(&m); + buffer_free(&m); + return(major); +} + int mm_ssh_gssapi_userok(char *user) { diff --git a/openssh/monitor_wrap.h b/openssh/monitor_wrap.h index 5e03345..55be10b 100644 --- a/openssh/monitor_wrap.h +++ b/openssh/monitor_wrap.h @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_wrap.h,v 1.11 2003/08/28 12:54:34 markus Exp $ */ +/* $OpenBSD: monitor_wrap.h,v 1.13 2003/11/17 11:06:07 markus Exp $ */ /* * Copyright 2002 Niels Provos @@ -40,6 +40,7 @@ struct mm_master; struct passwd; struct Authctxt; +int mm_is_monitor(void); DH *mm_choose_dh(int, int, int); int mm_key_sign(Key *, u_char **, u_int *, u_char *, u_int); void mm_inform_authserv(char *, char *); @@ -61,6 +62,7 @@ OM_uint32 mm_ssh_gssapi_server_ctx(Gssctxt **ctxt, gss_OID oid); OM_uint32 mm_ssh_gssapi_accept_ctx(Gssctxt *ctxt, gss_buffer_desc *recv, gss_buffer_desc *send, OM_uint32 *flags); int mm_ssh_gssapi_userok(char *user); +OM_uint32 mm_ssh_gssapi_checkmic(Gssctxt *, gss_buffer_t, gss_buffer_t); #endif #ifdef USE_PAM @@ -72,9 +74,10 @@ int mm_sshpam_respond(void *, u_int, char **); void mm_sshpam_free_ctx(void *); #endif +struct Session; void mm_terminate(void); int mm_pty_allocate(int *, int *, char *, int); -void mm_session_pty_cleanup2(void *); +void mm_session_pty_cleanup2(struct Session *); /* SSHv1 interfaces */ void mm_ssh1_session_id(u_char *); diff --git a/openssh/msg.c b/openssh/msg.c index 6a806c3..30bc3f1 100644 --- a/openssh/msg.c +++ b/openssh/msg.c @@ -22,7 +22,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: msg.c,v 1.6 2003/06/28 16:23:06 deraadt Exp $"); +RCSID("$OpenBSD: msg.c,v 1.7 2003/11/17 09:45:39 djm Exp $"); #include "buffer.h" #include "getput.h" @@ -30,7 +30,7 @@ RCSID("$OpenBSD: msg.c,v 1.6 2003/06/28 16:23:06 deraadt Exp $"); #include "atomicio.h" #include "msg.h" -void +int ssh_msg_send(int fd, u_char type, Buffer *m) { u_char buf[5]; @@ -40,10 +40,15 @@ ssh_msg_send(int fd, u_char type, Buffer *m) PUT_32BIT(buf, mlen + 1); buf[4] = type; /* 1st byte of payload is mesg-type */ - if (atomicio(vwrite, fd, buf, sizeof(buf)) != sizeof(buf)) - fatal("ssh_msg_send: write"); - if (atomicio(vwrite, fd, buffer_ptr(m), mlen) != mlen) - fatal("ssh_msg_send: write"); + if (atomicio(vwrite, fd, buf, sizeof(buf)) != sizeof(buf)) { + error("ssh_msg_send: write"); + return (-1); + } + if (atomicio(vwrite, fd, buffer_ptr(m), mlen) != mlen) { + error("ssh_msg_send: write"); + return (-1); + } + return (0); } int @@ -57,17 +62,21 @@ ssh_msg_recv(int fd, Buffer *m) res = atomicio(read, fd, buf, sizeof(buf)); if (res != sizeof(buf)) { - if (res == 0) - return -1; - fatal("ssh_msg_recv: read: header %ld", (long)res); + if (res != 0) + error("ssh_msg_recv: read: header %ld", (long)res); + return (-1); } msg_len = GET_32BIT(buf); - if (msg_len > 256 * 1024) - fatal("ssh_msg_recv: read: bad msg_len %u", msg_len); + if (msg_len > 256 * 1024) { + error("ssh_msg_recv: read: bad msg_len %u", msg_len); + return (-1); + } buffer_clear(m); buffer_append_space(m, msg_len); res = atomicio(read, fd, buffer_ptr(m), msg_len); - if (res != msg_len) - fatal("ssh_msg_recv: read: %ld != msg_len", (long)res); - return 0; + if (res != msg_len) { + error("ssh_msg_recv: read: %ld != msg_len", (long)res); + return (-1); + } + return (0); } diff --git a/openssh/msg.h b/openssh/msg.h index c07df88..0d3ea06 100644 --- a/openssh/msg.h +++ b/openssh/msg.h @@ -1,4 +1,4 @@ -/* $OpenBSD: msg.h,v 1.2 2002/12/19 00:07:02 djm Exp $ */ +/* $OpenBSD: msg.h,v 1.3 2003/11/17 09:45:39 djm Exp $ */ /* * Copyright (c) 2002 Markus Friedl. All rights reserved. * @@ -25,7 +25,7 @@ #ifndef SSH_MSG_H #define SSH_MSG_H -void ssh_msg_send(int, u_char, Buffer *); +int ssh_msg_send(int, u_char, Buffer *); int ssh_msg_recv(int, Buffer *); #endif diff --git a/openssh/nchan.ms b/openssh/nchan.ms index 2d08022..5757601 100644 --- a/openssh/nchan.ms +++ b/openssh/nchan.ms @@ -1,8 +1,8 @@ -.\" $OpenBSD: nchan.ms,v 1.7 2001/01/29 01:58:17 niklas Exp $ +.\" $OpenBSD: nchan.ms,v 1.8 2003/11/21 11:57:03 djm Exp $ +.\" .\" -.\" .\" Copyright (c) 1999 Markus Friedl. All rights reserved. -.\" +.\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: @@ -11,7 +11,7 @@ .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. -.\" +.\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR .\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES .\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. diff --git a/openssh/nchan2.ms b/openssh/nchan2.ms index 1cc51fa..a7a67b1 100644 --- a/openssh/nchan2.ms +++ b/openssh/nchan2.ms @@ -1,7 +1,7 @@ -.\" $OpenBSD: nchan2.ms,v 1.2 2001/10/03 10:05:57 markus Exp $ -.\" +.\" $OpenBSD: nchan2.ms,v 1.3 2003/11/21 11:57:03 djm Exp $ +.\" .\" Copyright (c) 2000 Markus Friedl. All rights reserved. -.\" +.\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: @@ -10,7 +10,7 @@ .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. -.\" +.\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR .\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES .\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. diff --git a/openssh/openbsd-compat/Makefile.in b/openssh/openbsd-compat/Makefile.in index 89468d2..a4aea7a 100644 --- a/openssh/openbsd-compat/Makefile.in +++ b/openssh/openbsd-compat/Makefile.in @@ -16,7 +16,7 @@ RANLIB=@RANLIB@ INSTALL=@INSTALL@ LDFLAGS=-L. @LDFLAGS@ -OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o getcwd.o getgrouplist.o getopt.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sigact.o strlcat.o strlcpy.o strmode.o strsep.o vis.o +OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o getcwd.o getgrouplist.o getopt.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sigact.o strlcat.o strlcpy.o strmode.o strsep.o strtoul.o vis.o COMPAT=bsd-arc4random.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-snprintf.o bsd-waitpid.o fake-rfc2553.o xmmap.o xcrypt.o diff --git a/openssh/openbsd-compat/base64.c b/openssh/openbsd-compat/base64.c index 91a5ab0..dcaa03e 100644 --- a/openssh/openbsd-compat/base64.c +++ b/openssh/openbsd-compat/base64.c @@ -1,3 +1,5 @@ +/* OPENBSD ORIGINAL: lib/libc/net/base64.c */ + /* $OpenBSD: base64.c,v 1.4 2002/01/02 23:00:10 deraadt Exp $ */ /* diff --git a/openssh/openbsd-compat/basename.c b/openssh/openbsd-compat/basename.c index 2054c80..552dc1e 100644 --- a/openssh/openbsd-compat/basename.c +++ b/openssh/openbsd-compat/basename.c @@ -1,3 +1,5 @@ +/* OPENBSD ORIGINAL: lib/libc/gen/basename.c */ + /* $OpenBSD: basename.c,v 1.11 2003/06/17 21:56:23 millert Exp $ */ /* diff --git a/openssh/openbsd-compat/bsd-misc.c b/openssh/openbsd-compat/bsd-misc.c index 4373ce2..99cb678 100644 --- a/openssh/openbsd-compat/bsd-misc.c +++ b/openssh/openbsd-compat/bsd-misc.c @@ -164,7 +164,6 @@ int nanosleep(const struct timespec *req, struct timespec *rem) return(rc); } - #endif #ifndef HAVE_TCGETPGRP @@ -223,6 +222,7 @@ mysignal(int sig, mysig_t act) } return (osa.sa_handler); #else + #undef signal return (signal(sig, act)); #endif } diff --git a/openssh/openbsd-compat/daemon.c b/openssh/openbsd-compat/daemon.c index 6dd45f6..c0be5ff 100644 --- a/openssh/openbsd-compat/daemon.c +++ b/openssh/openbsd-compat/daemon.c @@ -1,3 +1,5 @@ +/* OPENBSD ORIGINAL: lib/libc/gen/daemon.c */ + /*- * Copyright (c) 1990, 1993 * The Regents of the University of California. All rights reserved. diff --git a/openssh/openbsd-compat/dirname.c b/openssh/openbsd-compat/dirname.c index 1ab7516..25ab34d 100644 --- a/openssh/openbsd-compat/dirname.c +++ b/openssh/openbsd-compat/dirname.c @@ -1,3 +1,5 @@ +/* OPENBSD ORIGINAL: lib/libc/gen/dirname.c */ + /* $OpenBSD: dirname.c,v 1.10 2003/06/17 21:56:23 millert Exp $ */ /* diff --git a/openssh/openbsd-compat/getcwd.c b/openssh/openbsd-compat/getcwd.c index 31d1cfe..19be591 100644 --- a/openssh/openbsd-compat/getcwd.c +++ b/openssh/openbsd-compat/getcwd.c @@ -1,3 +1,5 @@ +/* OPENBSD ORIGINAL: lib/libc/gen/getcwd.c */ + /* * Copyright (c) 1989, 1991, 1993 * The Regents of the University of California. All rights reserved. diff --git a/openssh/openbsd-compat/getgrouplist.c b/openssh/openbsd-compat/getgrouplist.c index 085cda8..59c164f 100644 --- a/openssh/openbsd-compat/getgrouplist.c +++ b/openssh/openbsd-compat/getgrouplist.c @@ -1,3 +1,5 @@ +/* OPENBSD ORIGINAL: lib/libc/gen/getgrouplist.c */ + /* * Copyright (c) 1991, 1993 * The Regents of the University of California. All rights reserved. diff --git a/openssh/openbsd-compat/getopt.c b/openssh/openbsd-compat/getopt.c index 2136fbf..f5ee677 100644 --- a/openssh/openbsd-compat/getopt.c +++ b/openssh/openbsd-compat/getopt.c @@ -1,3 +1,5 @@ +/* OPENBSD ORIGINAL: lib/libc/stdlib/getopt.c */ + /* * Copyright (c) 1987, 1993, 1994 * The Regents of the University of California. All rights reserved. diff --git a/openssh/openbsd-compat/getrrsetbyname.c b/openssh/openbsd-compat/getrrsetbyname.c index 44fa275..bb5451c 100644 --- a/openssh/openbsd-compat/getrrsetbyname.c +++ b/openssh/openbsd-compat/getrrsetbyname.c @@ -1,3 +1,5 @@ +/* OPENBSD ORIGINAL: lib/libc/net/getrrsetbyname.c */ + /* $OpenBSD: getrrsetbyname.c,v 1.7 2003/03/07 07:34:14 itojun Exp $ */ /* @@ -45,7 +47,7 @@ #include "includes.h" -#if defined(DNS) && !defined(HAVE_GETRRSETBYNAME) +#ifndef HAVE_GETRRSETBYNAME #include "getrrsetbyname.h" @@ -575,4 +577,4 @@ count_dns_rr(struct dns_rr *p, u_int16_t class, u_int16_t type) return (n); } -#endif /* defined(DNS) && !defined(HAVE_GETRRSETBYNAME) */ +#endif /* !defined(HAVE_GETRRSETBYNAME) */ diff --git a/openssh/openbsd-compat/getrrsetbyname.h b/openssh/openbsd-compat/getrrsetbyname.h index 6466a54..67937ef 100644 --- a/openssh/openbsd-compat/getrrsetbyname.h +++ b/openssh/openbsd-compat/getrrsetbyname.h @@ -1,3 +1,5 @@ +/* OPENBSD BASED ON : include/netdb.h */ + /* $OpenBSD: getrrsetbyname.c,v 1.4 2001/08/16 18:16:43 ho Exp $ */ /* @@ -48,7 +50,7 @@ #include "includes.h" -#if defined(DNS) && !defined(HAVE_GETRRSETBYNAME) +#ifndef HAVE_GETRRSETBYNAME #include #include @@ -95,6 +97,6 @@ struct rrsetinfo { int getrrsetbyname(const char *, unsigned int, unsigned int, unsigned int, struct rrsetinfo **); void freerrset(struct rrsetinfo *); -#endif /* defined(DNS) && !defined(HAVE_GETRRSETBYNAME) */ +#endif /* !defined(HAVE_GETRRSETBYNAME) */ #endif /* _GETRRSETBYNAME_H */ diff --git a/openssh/openbsd-compat/glob.c b/openssh/openbsd-compat/glob.c index 50f35c3..7fafc8c 100644 --- a/openssh/openbsd-compat/glob.c +++ b/openssh/openbsd-compat/glob.c @@ -1,3 +1,5 @@ +/* OPENBSD ORIGINAL: lib/libc/gen/glob.c */ + /* * Copyright (c) 1989, 1993 * The Regents of the University of California. All rights reserved. diff --git a/openssh/openbsd-compat/glob.h b/openssh/openbsd-compat/glob.h index aceddbc..3428b20 100644 --- a/openssh/openbsd-compat/glob.h +++ b/openssh/openbsd-compat/glob.h @@ -1,3 +1,5 @@ +/* OPENBSD ORIGINAL: include/glob.h */ + /* $OpenBSD: glob.h,v 1.8 2003/06/02 19:34:12 millert Exp $ */ /* $NetBSD: glob.h,v 1.5 1994/10/26 00:55:56 cgd Exp $ */ diff --git a/openssh/openbsd-compat/inet_aton.c b/openssh/openbsd-compat/inet_aton.c index 5de4986..c141bcc 100644 --- a/openssh/openbsd-compat/inet_aton.c +++ b/openssh/openbsd-compat/inet_aton.c @@ -1,3 +1,5 @@ +/* OPENBSD ORIGINAL: lib/libc/net/inet_addr.c */ + /* $OpenBSD: inet_addr.c,v 1.7 2003/06/02 20:18:35 millert Exp $ */ /* diff --git a/openssh/openbsd-compat/inet_ntoa.c b/openssh/openbsd-compat/inet_ntoa.c index f9fdc9e..dc010dc 100644 --- a/openssh/openbsd-compat/inet_ntoa.c +++ b/openssh/openbsd-compat/inet_ntoa.c @@ -1,3 +1,5 @@ +/* OPENBSD ORIGINAL: lib/libc/net/inet_ntoa.c */ + /* * Copyright (c) 1983, 1993 * The Regents of the University of California. All rights reserved. diff --git a/openssh/openbsd-compat/inet_ntop.c b/openssh/openbsd-compat/inet_ntop.c index 075eac4..7031625 100644 --- a/openssh/openbsd-compat/inet_ntop.c +++ b/openssh/openbsd-compat/inet_ntop.c @@ -1,3 +1,5 @@ +/* OPENBSD ORIGINAL: lib/libc/net/inet_ntop.c */ + /* $OpenBSD: inet_ntop.c,v 1.5 2002/08/23 16:27:31 itojun Exp $ */ /* Copyright (c) 1996 by Internet Software Consortium. diff --git a/openssh/openbsd-compat/mktemp.c b/openssh/openbsd-compat/mktemp.c index 2cd7478..aff8d20 100644 --- a/openssh/openbsd-compat/mktemp.c +++ b/openssh/openbsd-compat/mktemp.c @@ -1,3 +1,5 @@ +/* OPENBSD ORIGINAL: lib/libc/stdio/mktemp.c */ + /* THIS FILE HAS BEEN MODIFIED FROM THE ORIGINAL OPENBSD SOURCE */ /* Changes: Removed mktemp */ diff --git a/openssh/openbsd-compat/port-aix.c b/openssh/openbsd-compat/port-aix.c index 9fbcce9..a9cbf49 100644 --- a/openssh/openbsd-compat/port-aix.c +++ b/openssh/openbsd-compat/port-aix.c @@ -29,6 +29,7 @@ #include "servconf.h" #include "canohost.h" #include "xmalloc.h" +#include "buffer.h" #ifdef _AIX @@ -36,6 +37,7 @@ #include "port-aix.h" extern ServerOptions options; +extern Buffer loginmsg; /* * AIX has a "usrinfo" area where logname and other stuff is stored - @@ -63,7 +65,7 @@ aix_usrinfo(struct passwd *pw) xfree(cp); } -#ifdef WITH_AIXAUTHENTICATE +# ifdef WITH_AIXAUTHENTICATE /* * Remove embedded newlines in string (if any). * Used before logging messages returned by AIX authentication functions @@ -83,27 +85,68 @@ aix_remove_embedded_newlines(char *p) if (*--p == ' ') *p = '\0'; } -#endif /* WITH_AIXAUTHENTICATE */ + +/* + * Do authentication via AIX's authenticate routine. We loop until the + * reenter parameter is 0, but normally authenticate is called only once. + * + * Note: this function returns 1 on success, whereas AIX's authenticate() + * returns 0. + */ +int +aix_authenticate(const char *name, const char *password, const char *host) +{ + char *authmsg = NULL, *msg; + int authsuccess = 0, reenter, result; + + do { + result = authenticate((char *)name, (char *)password, &reenter, + &authmsg); + aix_remove_embedded_newlines(authmsg); + debug3("AIX/authenticate result %d, msg %.100s", result, + authmsg); + } while (reenter); + + if (result == 0) { + authsuccess = 1; + + /* No pty yet, so just label the line as "ssh" */ + aix_setauthdb(name); + if (loginsuccess((char *)name, (char *)host, "ssh", &msg) == 0) { + if (msg != NULL) { + debug("%s: msg %s", __func__, msg); + buffer_append(&loginmsg, msg, strlen(msg)); + xfree(msg); + } + } + } + + if (authmsg != NULL) + xfree(authmsg); + + return authsuccess; +} -# ifdef CUSTOM_FAILED_LOGIN +# ifdef CUSTOM_FAILED_LOGIN /* * record_failed_login: generic "login failed" interface function */ void record_failed_login(const char *user, const char *ttyname) { - char *hostname = get_canonical_hostname(options.use_dns); + char *hostname = (char *)get_canonical_hostname(options.use_dns); if (geteuid() != 0) return; aix_setauthdb(user); -# ifdef AIX_LOGINFAILED_4ARG +# ifdef AIX_LOGINFAILED_4ARG loginfailed((char *)user, hostname, (char *)ttyname, AUDIT_FAIL_AUTH); -# else +# else loginfailed((char *)user, hostname, (char *)ttyname); -# endif +# endif } +# endif /* CUSTOM_FAILED_LOGIN */ /* * If we have setauthdb, retrieve the password registry for the user's @@ -135,8 +178,9 @@ aix_setauthdb(const char *user) debug3("%s: Could not read S_REGISTRY for user: %s", __func__, strerror(errno)); enduserdb(); -# endif +# endif /* HAVE_SETAUTHDB */ } -# endif /* CUSTOM_FAILED_LOGIN */ -#endif /* _AIX */ +# endif /* WITH_AIXAUTHENTICATE */ + +#endif /* _AIX */ diff --git a/openssh/openbsd-compat/port-aix.h b/openssh/openbsd-compat/port-aix.h index 8a95816..8c8e1fb 100644 --- a/openssh/openbsd-compat/port-aix.h +++ b/openssh/openbsd-compat/port-aix.h @@ -51,12 +51,14 @@ # include #endif +void aix_usrinfo(struct passwd *); + #ifdef WITH_AIXAUTHENTICATE # define CUSTOM_FAILED_LOGIN 1 void record_failed_login(const char *, const char *); -void aix_setauthdb(const char *); #endif -void aix_usrinfo(struct passwd *); +int aix_authenticate(const char *, const char *, const char *); +void aix_setauthdb(const char *); void aix_remove_embedded_newlines(char *); #endif /* _AIX */ diff --git a/openssh/openbsd-compat/readpassphrase.c b/openssh/openbsd-compat/readpassphrase.c index 0d0baf5..4ee1be5 100644 --- a/openssh/openbsd-compat/readpassphrase.c +++ b/openssh/openbsd-compat/readpassphrase.c @@ -1,3 +1,5 @@ +/* OPENBSD ORIGINAL: lib/libc/gen/readpassphrase.c */ + /* $OpenBSD: readpassphrase.c,v 1.16 2003/06/17 21:56:23 millert Exp $ */ /* diff --git a/openssh/openbsd-compat/readpassphrase.h b/openssh/openbsd-compat/readpassphrase.h index 92908a4..178edf3 100644 --- a/openssh/openbsd-compat/readpassphrase.h +++ b/openssh/openbsd-compat/readpassphrase.h @@ -1,3 +1,5 @@ +/* OPENBSD ORIGINAL: include/readpassphrase.h */ + /* $OpenBSD: readpassphrase.h,v 1.3 2002/06/28 12:32:22 millert Exp $ */ /* diff --git a/openssh/openbsd-compat/realpath.c b/openssh/openbsd-compat/realpath.c index 77da14e..218fbec 100644 --- a/openssh/openbsd-compat/realpath.c +++ b/openssh/openbsd-compat/realpath.c @@ -1,3 +1,5 @@ +/* OPENBSD ORIGINAL: lib/libc/stdlib/realpath.c */ + /* * Copyright (c) 1994 * The Regents of the University of California. All rights reserved. @@ -150,7 +152,7 @@ loop: serrno = ENAMETOOLONG; goto err1; } - if (needslash == 0) + if (needslash) strlcat(resolved, "/", MAXPATHLEN); strlcat(resolved, wbuf, MAXPATHLEN); } diff --git a/openssh/openbsd-compat/rresvport.c b/openssh/openbsd-compat/rresvport.c index 608a3b1..7516706 100644 --- a/openssh/openbsd-compat/rresvport.c +++ b/openssh/openbsd-compat/rresvport.c @@ -1,3 +1,5 @@ +/* OPENBSD ORIGINAL: lib/libc/net/rresvport.c */ + /* * Copyright (c) 1995, 1996, 1998 Theo de Raadt. All rights reserved. * Copyright (c) 1983, 1993, 1994 diff --git a/openssh/openbsd-compat/setenv.c b/openssh/openbsd-compat/setenv.c index c9941c1..b7ba0ce 100644 --- a/openssh/openbsd-compat/setenv.c +++ b/openssh/openbsd-compat/setenv.c @@ -1,3 +1,5 @@ +/* OPENBSD ORIGINAL: lib/libc/stdlib/setenv.c */ + /* * Copyright (c) 1987 Regents of the University of California. * All rights reserved. diff --git a/openssh/openbsd-compat/sigact.c b/openssh/openbsd-compat/sigact.c index 35fbab0..2772ac5 100644 --- a/openssh/openbsd-compat/sigact.c +++ b/openssh/openbsd-compat/sigact.c @@ -1,3 +1,5 @@ +/* OPENBSD ORIGINAL: lib/libcurses/base/sigaction.c */ + /* $OpenBSD: sigaction.c,v 1.3 1999/06/27 08:14:21 millert Exp $ */ /**************************************************************************** diff --git a/openssh/openbsd-compat/strlcat.c b/openssh/openbsd-compat/strlcat.c index cae1665..70f01cb 100644 --- a/openssh/openbsd-compat/strlcat.c +++ b/openssh/openbsd-compat/strlcat.c @@ -1,3 +1,5 @@ +/* OPENBSD ORIGINAL: lib/libc/string/strlcat.c */ + /* $OpenBSD: strlcat.c,v 1.11 2003/06/17 21:56:24 millert Exp $ */ /* diff --git a/openssh/openbsd-compat/strlcpy.c b/openssh/openbsd-compat/strlcpy.c index c8fe299..ccfa12a 100644 --- a/openssh/openbsd-compat/strlcpy.c +++ b/openssh/openbsd-compat/strlcpy.c @@ -1,3 +1,5 @@ +/* OPENBSD ORIGINAL: lib/libc/string/strlcpy.c */ + /* $OpenBSD: strlcpy.c,v 1.8 2003/06/17 21:56:24 millert Exp $ */ /* diff --git a/openssh/openbsd-compat/strmode.c b/openssh/openbsd-compat/strmode.c index adf5e27..ea8d515 100644 --- a/openssh/openbsd-compat/strmode.c +++ b/openssh/openbsd-compat/strmode.c @@ -1,3 +1,5 @@ +/* OPENBSD ORIGINAL: lib/libc/string/strmode.c */ + /*- * Copyright (c) 1990 The Regents of the University of California. * All rights reserved. diff --git a/openssh/openbsd-compat/strsep.c b/openssh/openbsd-compat/strsep.c index b136713..330d84c 100644 --- a/openssh/openbsd-compat/strsep.c +++ b/openssh/openbsd-compat/strsep.c @@ -1,3 +1,5 @@ +/* OPENBSD ORIGINAL: lib/libc/string/strsep.c */ + /* $OpenBSD: strsep.c,v 1.5 2003/06/11 21:08:16 deraadt Exp $ */ /*- diff --git a/openssh/openbsd-compat/strtoul.c b/openssh/openbsd-compat/strtoul.c new file mode 100644 index 0000000..24d0e25 --- /dev/null +++ b/openssh/openbsd-compat/strtoul.c @@ -0,0 +1,114 @@ +/* OPENBSD ORIGINAL: lib/libc/stdlib/strtoul.c */ + +/* + * Copyright (c) 1990 Regents of the University of California. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "includes.h" +#ifndef HAVE_STRTOUL + +#if defined(LIBC_SCCS) && !defined(lint) +static char *rcsid = "$OpenBSD: strtoul.c,v 1.5 2003/06/02 20:18:38 millert Exp $"; +#endif /* LIBC_SCCS and not lint */ + +#include +#include +#include +#include + +/* + * Convert a string to an unsigned long integer. + * + * Ignores `locale' stuff. Assumes that the upper and lower case + * alphabets and digits are each contiguous. + */ +unsigned long +strtoul(nptr, endptr, base) + const char *nptr; + char **endptr; + register int base; +{ + register const char *s; + register unsigned long acc, cutoff; + register int c; + register int neg, any, cutlim; + + /* + * See strtol for comments as to the logic used. + */ + s = nptr; + do { + c = (unsigned char) *s++; + } while (isspace(c)); + if (c == '-') { + neg = 1; + c = *s++; + } else { + neg = 0; + if (c == '+') + c = *s++; + } + if ((base == 0 || base == 16) && + c == '0' && (*s == 'x' || *s == 'X')) { + c = s[1]; + s += 2; + base = 16; + } + if (base == 0) + base = c == '0' ? 8 : 10; + + cutoff = ULONG_MAX / (unsigned long)base; + cutlim = ULONG_MAX % (unsigned long)base; + for (acc = 0, any = 0;; c = (unsigned char) *s++) { + if (isdigit(c)) + c -= '0'; + else if (isalpha(c)) + c -= isupper(c) ? 'A' - 10 : 'a' - 10; + else + break; + if (c >= base) + break; + if (any < 0) + continue; + if (acc > cutoff || acc == cutoff && c > cutlim) { + any = -1; + acc = ULONG_MAX; + errno = ERANGE; + } else { + any = 1; + acc *= (unsigned long)base; + acc += c; + } + } + if (neg && any > 0) + acc = -acc; + if (endptr != 0) + *endptr = (char *) (any ? s - 1 : nptr); + return (acc); +} +#endif /* !HAVE_STRTOUL */ diff --git a/openssh/openbsd-compat/sys-queue.h b/openssh/openbsd-compat/sys-queue.h index dd5c475..8ff19e4 100644 --- a/openssh/openbsd-compat/sys-queue.h +++ b/openssh/openbsd-compat/sys-queue.h @@ -1,3 +1,5 @@ +/* OPENBSD ORIGINAL: sys/sys/queue.h */ + /* $OpenBSD: queue.h,v 1.23 2003/06/02 23:28:21 millert Exp $ */ /* $NetBSD: queue.h,v 1.11 1996/05/16 05:17:14 mycroft Exp $ */ diff --git a/openssh/openbsd-compat/sys-tree.h b/openssh/openbsd-compat/sys-tree.h index 927ca04..73cfbe7 100644 --- a/openssh/openbsd-compat/sys-tree.h +++ b/openssh/openbsd-compat/sys-tree.h @@ -1,3 +1,5 @@ +/* OPENBSD ORIGINAL: sys/sys/tree.h */ + /* $OpenBSD: tree.h,v 1.7 2002/10/17 21:51:54 art Exp $ */ /* * Copyright 2002 Niels Provos diff --git a/openssh/openbsd-compat/vis.c b/openssh/openbsd-compat/vis.c index e6a2ce9..1fb7a01 100644 --- a/openssh/openbsd-compat/vis.c +++ b/openssh/openbsd-compat/vis.c @@ -1,3 +1,5 @@ +/* OPENBSD ORIGINAL: lib/libc/gen/vis.c */ + /*- * Copyright (c) 1989, 1993 * The Regents of the University of California. All rights reserved. diff --git a/openssh/openbsd-compat/vis.h b/openssh/openbsd-compat/vis.h index 1c131cc..663355a 100644 --- a/openssh/openbsd-compat/vis.h +++ b/openssh/openbsd-compat/vis.h @@ -1,3 +1,5 @@ +/* OPENBSD ORIGINAL: include/vis.h */ + /* $OpenBSD: vis.h,v 1.6 2003/06/02 19:34:12 millert Exp $ */ /* $NetBSD: vis.h,v 1.4 1994/10/26 00:56:41 cgd Exp $ */ diff --git a/openssh/openbsd-compat/xcrypt.c b/openssh/openbsd-compat/xcrypt.c index 5b5d69c..a0fe6c6 100644 --- a/openssh/openbsd-compat/xcrypt.c +++ b/openssh/openbsd-compat/xcrypt.c @@ -104,10 +104,6 @@ shadow_pw(struct passwd *pw) if (spw != NULL) pw_password = spw->ufld.fd_encrypt; -# elif defined(__hpux) && !defined(HAVE_SECUREWARE) - struct pr_passwd *spw; - if (iscomsec() && (spw = getprpwnam(pw->pw_name)) != NULL) - pw_password = spw->ufld.fd_encrypt; # endif return pw_password; diff --git a/openssh/packet.c b/openssh/packet.c index 02b629f..daae9ff 100644 --- a/openssh/packet.c +++ b/openssh/packet.c @@ -37,7 +37,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: packet.c,v 1.110 2003/09/19 09:02:02 markus Exp $"); +RCSID("$OpenBSD: packet.c,v 1.112 2003/09/23 20:17:11 markus Exp $"); #include "openbsd-compat/sys-queue.h" @@ -165,8 +165,6 @@ packet_set_connection(int fd_in, int fd_out) buffer_init(&incoming_packet); TAILQ_INIT(&outgoing); } - /* Kludge: arrange the close function to be called from fatal(). */ - fatal_add_cleanup((void (*) (void *)) packet_close, NULL); } /* Returns 1 if remote host is connected via socket, 0 if not. */ @@ -306,7 +304,7 @@ packet_connection_is_ipv4(void) if (to.ss_family == AF_INET) return 1; #ifdef IPV4_IN_IPV6 - if (to.ss_family == AF_INET6 && + if (to.ss_family == AF_INET6 && IN6_IS_ADDR_V4MAPPED(&((struct sockaddr_in6 *)&to)->sin6_addr)) return 1; #endif @@ -870,7 +868,7 @@ packet_read_seqnr(u_int32_t *seqnr_p) len = read(connection_in, buf, sizeof(buf)); if (len == 0) { logit("Connection closed by %.200s", get_remote_ipaddr()); - fatal_cleanup(); + cleanup_exit(255); } if (len < 0) fatal("Read from socket failed: %.100s", strerror(errno)); @@ -1136,7 +1134,7 @@ packet_read_poll_seqnr(u_int32_t *seqnr_p) logit("Received disconnect from %s: %u: %.400s", get_remote_ipaddr(), reason, msg); xfree(msg); - fatal_cleanup(); + cleanup_exit(255); break; case SSH2_MSG_UNIMPLEMENTED: seqnr = packet_get_int(); @@ -1161,7 +1159,7 @@ packet_read_poll_seqnr(u_int32_t *seqnr_p) msg = packet_get_string(NULL); logit("Received disconnect from %s: %.400s", get_remote_ipaddr(), msg); - fatal_cleanup(); + cleanup_exit(255); xfree(msg); break; default: @@ -1338,8 +1336,7 @@ packet_disconnect(const char *fmt,...) /* Close the connection. */ packet_close(); - - fatal_cleanup(); + cleanup_exit(255); } /* Checks if there is any buffered output, and tries to write some of the output. */ @@ -1406,10 +1403,10 @@ packet_not_very_much_data_to_write(void) } -#if defined(IP_TOS) && !defined(IP_TOS_IS_BROKEN) static void packet_set_tos(int interactive) { +#if defined(IP_TOS) && !defined(IP_TOS_IS_BROKEN) int tos = interactive ? IPTOS_LOWDELAY : IPTOS_THROUGHPUT; if (!packet_connection_is_on_socket() || @@ -1419,8 +1416,8 @@ packet_set_tos(int interactive) sizeof(tos)) < 0) error("setsockopt IP_TOS %d: %.100s:", tos, strerror(errno)); -} #endif +} /* Informs that the current session is interactive. Sets IP flags for that. */ @@ -1441,10 +1438,7 @@ packet_set_interactive(int interactive) return; if (interactive) set_nodelay(connection_in); -#if defined(IP_TOS) && !defined(IP_TOS_IS_BROKEN) packet_set_tos(interactive); -#endif - } /* Returns true if the current connection is interactive. */ diff --git a/openssh/progressmeter.c b/openssh/progressmeter.c index c315464..7b76c95 100644 --- a/openssh/progressmeter.c +++ b/openssh/progressmeter.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: progressmeter.c,v 1.15 2003/08/31 12:14:22 markus Exp $"); +RCSID("$OpenBSD: progressmeter.c,v 1.18 2003/12/02 12:15:10 markus Exp $"); #include "progressmeter.h" #include "atomicio.h" @@ -80,7 +80,7 @@ format_rate(char *buf, int size, off_t bytes) bytes = (bytes + 512) / 1024; } snprintf(buf, size, "%3lld.%1lld%c%s", - (int64_t) bytes / 100, + (int64_t) (bytes + 5) / 100, (int64_t) (bytes + 5) / 10 % 10, unit[i], i ? "B" : " "); @@ -120,14 +120,18 @@ refresh_progress_meter(void) if (bytes_left > 0) elapsed = now - last_update; - else + else { elapsed = now - start; + /* Calculate true total speed when done */ + transferred = end_pos; + bytes_per_second = 0; + } /* calculate speed */ if (elapsed != 0) cur_speed = (transferred / elapsed); else - cur_speed = 0; + cur_speed = transferred; #define AGE_FACTOR 0.9 if (bytes_per_second != 0) { @@ -200,7 +204,7 @@ refresh_progress_meter(void) strlcat(buf, " ", win_size); } - atomicio(vwrite, STDOUT_FILENO, buf, win_size); + atomicio(vwrite, STDOUT_FILENO, buf, win_size - 1); last_update = now; } diff --git a/openssh/readconf.c b/openssh/readconf.c index 13987ff..2591e0d 100644 --- a/openssh/readconf.c +++ b/openssh/readconf.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: readconf.c,v 1.121 2003/09/01 18:15:50 markus Exp $"); +RCSID("$OpenBSD: readconf.c,v 1.127 2003/12/16 15:49:51 markus Exp $"); #include "ssh.h" #include "xmalloc.h" @@ -78,7 +78,7 @@ RCSID("$OpenBSD: readconf.c,v 1.121 2003/09/01 18:15:50 markus Exp $"); RSAAuthentication yes RhostsRSAAuthentication yes StrictHostKeyChecking yes - KeepAlives no + TcpKeepAlive no IdentityFile ~/.ssh/identity Port 22 EscapeChar ~ @@ -89,14 +89,14 @@ RCSID("$OpenBSD: readconf.c,v 1.121 2003/09/01 18:15:50 markus Exp $"); typedef enum { oBadOption, - oForwardAgent, oForwardX11, oGatewayPorts, + oForwardAgent, oForwardX11, oForwardX11Trusted, oGatewayPorts, oPasswordAuthentication, oRSAAuthentication, oChallengeResponseAuthentication, oXAuthLocation, oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward, oUser, oHost, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand, oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts, oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression, - oCompressionLevel, oKeepAlives, oNumberOfPasswordPrompts, + oCompressionLevel, oTCPKeepAlive, oNumberOfPasswordPrompts, oUsePrivilegedPort, oLogLevel, oCiphers, oProtocol, oMacs, oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication, oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias, @@ -105,6 +105,7 @@ typedef enum { oClearAllForwardings, oNoHostAuthenticationForLocalhost, oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, oAddressFamily, oGssAuthentication, oGssDelegateCreds, + oServerAliveInterval, oServerAliveCountMax, oDeprecated, oUnsupported } OpCodes; @@ -116,6 +117,7 @@ static struct { } keywords[] = { { "forwardagent", oForwardAgent }, { "forwardx11", oForwardX11 }, + { "forwardx11trusted", oForwardX11Trusted }, { "xauthlocation", oXAuthLocation }, { "gatewayports", oGatewayPorts }, { "useprivilegedport", oUsePrivilegedPort }, @@ -168,7 +170,8 @@ static struct { { "stricthostkeychecking", oStrictHostKeyChecking }, { "compression", oCompression }, { "compressionlevel", oCompressionLevel }, - { "keepalive", oKeepAlives }, + { "tcpkeepalive", oTCPKeepAlive }, + { "keepalive", oTCPKeepAlive }, /* obsolete */ { "numberofpasswordprompts", oNumberOfPasswordPrompts }, { "loglevel", oLogLevel }, { "dynamicforward", oDynamicForward }, @@ -182,15 +185,13 @@ static struct { #endif { "clearallforwardings", oClearAllForwardings }, { "enablesshkeysign", oEnableSSHKeysign }, -#ifdef DNS { "verifyhostkeydns", oVerifyHostKeyDNS }, -#else - { "verifyhostkeydns", oUnsupported }, -#endif { "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost }, { "rekeylimit", oRekeyLimit }, { "connecttimeout", oConnectTimeout }, { "addressfamily", oAddressFamily }, + { "serveraliveinterval", oServerAliveInterval }, + { "serveralivecountmax", oServerAliveCountMax }, { NULL, oBadOption } }; @@ -309,7 +310,7 @@ process_config_line(Options *options, const char *host, /* NOTREACHED */ case oConnectTimeout: intptr = &options->connection_timeout; -/* parse_time: */ +parse_time: arg = strdelim(&s); if (!arg || *arg == '\0') fatal("%s line %d: missing time value.", @@ -342,6 +343,10 @@ parse_flag: intptr = &options->forward_x11; goto parse_flag; + case oForwardX11Trusted: + intptr = &options->forward_x11_trusted; + goto parse_flag; + case oGatewayPorts: intptr = &options->gateway_ports; goto parse_flag; @@ -400,10 +405,11 @@ parse_flag: case oVerifyHostKeyDNS: intptr = &options->verify_host_key_dns; - goto parse_flag; + goto parse_yesnoask; case oStrictHostKeyChecking: intptr = &options->strict_host_key_checking; +parse_yesnoask: arg = strdelim(&s); if (!arg || *arg == '\0') fatal("%.200s line %d: Missing yes/no/ask argument.", @@ -425,8 +431,8 @@ parse_flag: intptr = &options->compression; goto parse_flag; - case oKeepAlives: - intptr = &options->keepalives; + case oTCPKeepAlive: + intptr = &options->tcp_keep_alive; goto parse_flag; case oNoHostAuthenticationForLocalhost: @@ -730,6 +736,14 @@ parse_int: intptr = &options->enable_ssh_keysign; goto parse_flag; + case oServerAliveInterval: + intptr = &options->server_alive_interval; + goto parse_time; + + case oServerAliveCountMax: + intptr = &options->server_alive_count_max; + goto parse_int; + case oDeprecated: debug("%s line %d: Deprecated option \"%s\"", filename, linenum, keyword); @@ -806,6 +820,7 @@ initialize_options(Options * options) memset(options, 'X', sizeof(*options)); options->forward_agent = -1; options->forward_x11 = -1; + options->forward_x11_trusted = -1; options->xauth_location = NULL; options->gateway_ports = -1; options->use_privileged_port = -1; @@ -823,7 +838,7 @@ initialize_options(Options * options) options->check_host_ip = -1; options->strict_host_key_checking = -1; options->compression = -1; - options->keepalives = -1; + options->tcp_keep_alive = -1; options->compression_level = -1; options->port = -1; options->address_family = -1; @@ -856,6 +871,8 @@ initialize_options(Options * options) options->no_host_authentication_for_localhost = - 1; options->rekey_limit = - 1; options->verify_host_key_dns = -1; + options->server_alive_interval = -1; + options->server_alive_count_max = -1; } /* @@ -872,6 +889,8 @@ fill_default_options(Options * options) options->forward_agent = 0; if (options->forward_x11 == -1) options->forward_x11 = 0; + if (options->forward_x11_trusted == -1) + options->forward_x11_trusted = 0; if (options->xauth_location == NULL) options->xauth_location = _PATH_XAUTH; if (options->gateway_ports == -1) @@ -885,7 +904,7 @@ fill_default_options(Options * options) if (options->challenge_response_authentication == -1) options->challenge_response_authentication = 1; if (options->gss_authentication == -1) - options->gss_authentication = 1; + options->gss_authentication = 0; if (options->gss_deleg_creds == -1) options->gss_deleg_creds = 0; if (options->password_authentication == -1) @@ -904,8 +923,8 @@ fill_default_options(Options * options) options->strict_host_key_checking = 2; /* 2 is default */ if (options->compression == -1) options->compression = 0; - if (options->keepalives == -1) - options->keepalives = 1; + if (options->tcp_keep_alive == -1) + options->tcp_keep_alive = 1; if (options->compression_level == -1) options->compression_level = 6; if (options->port == -1) @@ -968,6 +987,10 @@ fill_default_options(Options * options) options->rekey_limit = 0; if (options->verify_host_key_dns == -1) options->verify_host_key_dns = 0; + if (options->server_alive_interval == -1) + options->server_alive_interval = 0; + if (options->server_alive_count_max == -1) + options->server_alive_count_max = 3; /* options->proxy_command should not be set by default */ /* options->user will be set in the main program if appropriate */ /* options->hostname will be set in the main program if appropriate */ diff --git a/openssh/readconf.h b/openssh/readconf.h index 60287f7..3f27af9 100644 --- a/openssh/readconf.h +++ b/openssh/readconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.h,v 1.55 2003/09/01 18:15:50 markus Exp $ */ +/* $OpenBSD: readconf.h,v 1.59 2003/12/16 15:49:51 markus Exp $ */ /* * Author: Tatu Ylonen @@ -30,6 +30,7 @@ typedef struct { typedef struct { int forward_agent; /* Forward authentication agent. */ int forward_x11; /* Forward X11 display. */ + int forward_x11_trusted; /* Trust Forward X11 display. */ char *xauth_location; /* Location for xauth program */ int gateway_ports; /* Allow remote connects to forwarded ports. */ int use_privileged_port; /* Don't use privileged port if false. */ @@ -52,7 +53,7 @@ typedef struct { int compression; /* Compress packets in both directions. */ int compression_level; /* Compression level 1 (fast) to 9 * (best). */ - int keepalives; /* Set SO_KEEPALIVE. */ + int tcp_keep_alive; /* Set SO_KEEPALIVE. */ LogLevel log_level; /* Level for logging. */ int port; /* Port to connect. */ @@ -60,7 +61,7 @@ typedef struct { int connection_attempts; /* Max attempts (seconds) before * giving up */ int connection_timeout; /* Max time (seconds) before - * aborting connection attempt */ + * aborting connection attempt */ int number_of_password_prompts; /* Max number of password * prompts. */ int cipher; /* Cipher to use. */ @@ -99,6 +100,8 @@ typedef struct { int enable_ssh_keysign; int rekey_limit; int no_host_authentication_for_localhost; + int server_alive_interval; + int server_alive_count_max; } Options; diff --git a/openssh/regress/Makefile b/openssh/regress/Makefile index 623be8d..da4a673 100644 --- a/openssh/regress/Makefile +++ b/openssh/regress/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.24 2003/07/03 08:24:13 markus Exp $ +# $OpenBSD: Makefile,v 1.25 2003/10/07 01:52:13 dtucker Exp $ REGRESS_TARGETS= t1 t2 t3 t4 t5 t6 t7 t-exec tests: $(REGRESS_TARGETS) @@ -14,6 +14,7 @@ LTESTS= connect \ proto-mismatch \ exit-status \ transfer \ + banner \ rekey \ stderr-data \ stderr-after-eof \ @@ -40,7 +41,7 @@ CLEANFILES= t2.out t6.out1 t6.out2 t7.out t7.out.pub copy.1 copy.2 \ ssh_config ssh_proxy sshd_config sshd_proxy \ rsa.pub rsa rsa1.pub rsa1 host.rsa host.rsa1 \ rsa-agent rsa-agent.pub rsa1-agent rsa1-agent.pub \ - ls.copy remote_pid + ls.copy banner.in banner.out remote_pid #LTESTS += ssh-com ssh-com-client ssh-com-keygen ssh-com-sftp diff --git a/openssh/regress/agent-ptrace.sh b/openssh/regress/agent-ptrace.sh index cd9c002..bd79d7c 100644 --- a/openssh/regress/agent-ptrace.sh +++ b/openssh/regress/agent-ptrace.sh @@ -5,7 +5,7 @@ tid="disallow agent ptrace attach" if have_prog uname ; then case `uname` in - Linux|HP-UX|SunOS|NetBSD|AIX|CYGWIN*) + AIX|CYGWIN*) echo "skipped (not supported on this platform)" exit 0 ;; @@ -19,6 +19,15 @@ else exit 0 fi +if test -z "$SUDO" ; then + echo "skipped (SUDO not set)" + exit 0 +else + $SUDO chown 0 ${SSHAGENT} + $SUDO chgrp 0 ${SSHAGENT} + $SUDO chmod 2755 ${SSHAGENT} +fi + trace "start agent" eval `${SSHAGENT} -s` > /dev/null r=$? @@ -32,7 +41,7 @@ EOF if [ $? -ne 0 ]; then fail "gdb failed: exit code $?" fi - grep 'ptrace: Operation not permitted.' >/dev/null ${OBJ}/gdb.out + egrep 'ptrace: Operation not permitted.|procfs:.*Permission denied.|ttrace attach: Permission denied.' >/dev/null ${OBJ}/gdb.out r=$? rm -f ${OBJ}/gdb.out if [ $r -ne 0 ]; then diff --git a/openssh/regress/banner.sh b/openssh/regress/banner.sh new file mode 100644 index 0000000..0f6a68d --- /dev/null +++ b/openssh/regress/banner.sh @@ -0,0 +1,29 @@ +# $OpenBSD: banner.sh,v 1.1 2003/10/07 01:52:13 dtucker Exp $ +# Placed in the Public Domain. + +tid="banner" +echo "Banner $OBJ/banner.in" >> $OBJ/sshd_proxy + +for s in 0 10 100 1000 10000 100000 ; do + if [ "$s" = "0" ]; then + # create empty banner + rm -f $OBJ/banner.in + touch $OBJ/banner.in + elif [ "$s" = "10" ]; then + # create 10-byte banner file + echo "abcdefghi" >$OBJ/banner.in + else + # increase size 10x + cp $OBJ/banner.in $OBJ/banner.out + for i in 0 1 2 3 4 5 6 7 8 ; do + cat $OBJ/banner.out >> $OBJ/banner.in + done + fi + + trace "test banner size $s" + verbose "test $tid: size $s" + ${SSH} -2 -F $OBJ/ssh_proxy otherhost true 2>$OBJ/banner.out + cmp $OBJ/banner.in $OBJ/banner.out || fail "banner size $s mismatch" +done + +rm -f $OBJ/banner.out $OBJ/banner.in diff --git a/openssh/regress/sftp-cmds.sh b/openssh/regress/sftp-cmds.sh index 1256aeb..3669b19 100644 --- a/openssh/regress/sftp-cmds.sh +++ b/openssh/regress/sftp-cmds.sh @@ -1,4 +1,4 @@ -# $OpenBSD: sftp-cmds.sh,v 1.5 2003/07/19 00:46:31 djm Exp $ +# $OpenBSD: sftp-cmds.sh,v 1.6 2003/10/07 07:04:52 djm Exp $ # Placed in the Public Domain. # XXX - TODO: @@ -79,6 +79,20 @@ echo "get $DATA $COPY" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \ || fail "get failed" cmp $DATA ${COPY} || fail "corrupted copy after get" +rm -f ${COPY} +verbose "$tid: get quoted" +echo "get \"$DATA\" $COPY" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \ + || fail "get failed" +cmp $DATA ${COPY} || fail "corrupted copy after get" + +rm -f ${QUOTECOPY} +cp $DATA ${QUOTECOPY} +verbose "$tid: get filename with quotes" +echo "get \"$QUOTECOPY_ARG\" ${COPY}" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \ + || fail "put failed" +cmp ${COPY} ${QUOTECOPY} || fail "corrupted copy after get with quotes" +rm -f ${QUOTECOPY} ${COPY} + rm -f ${COPY}.dd/* verbose "$tid: get to directory" echo "get $DATA ${COPY}.dd" | ${SFTP} -P ${SFTPSERVER} >/dev/null 2>&1 \ diff --git a/openssh/rijndael.c b/openssh/rijndael.c index 6965ca3..1cd24de 100644 --- a/openssh/rijndael.c +++ b/openssh/rijndael.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rijndael.c,v 1.14 2002/07/10 17:53:54 deraadt Exp $ */ +/* $OpenBSD: rijndael.c,v 1.15 2003/11/21 11:57:03 djm Exp $ */ /** * rijndael-alg-fst.c @@ -725,7 +725,7 @@ static const u32 rcon[] = { * @return the number of rounds for the given cipher key size. */ static int rijndaelKeySetupEnc(u32 rk[/*4*(Nr + 1)*/], const u8 cipherKey[], int keyBits) { - int i = 0; + int i = 0; u32 temp; rk[0] = GETU32(cipherKey ); @@ -797,7 +797,7 @@ static int rijndaelKeySetupEnc(u32 rk[/*4*(Nr + 1)*/], const u8 cipherKey[], int (Te4[(temp ) & 0xff] & 0x000000ff); rk[13] = rk[ 5] ^ rk[12]; rk[14] = rk[ 6] ^ rk[13]; - rk[15] = rk[ 7] ^ rk[14]; + rk[15] = rk[ 7] ^ rk[14]; rk += 8; } } @@ -871,50 +871,50 @@ static void rijndaelEncrypt(const u32 rk[/*4*(Nr + 1)*/], int Nr, const u8 pt[16 s3 = GETU32(pt + 12) ^ rk[3]; #ifdef FULL_UNROLL /* round 1: */ - t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[ 4]; - t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[ 5]; - t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[ 6]; - t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[ 7]; - /* round 2: */ - s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[ 8]; - s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[ 9]; - s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[10]; - s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[11]; + t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[ 4]; + t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[ 5]; + t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[ 6]; + t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[ 7]; + /* round 2: */ + s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[ 8]; + s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[ 9]; + s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[10]; + s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[11]; /* round 3: */ - t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[12]; - t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[13]; - t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[14]; - t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[15]; - /* round 4: */ - s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[16]; - s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[17]; - s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[18]; - s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[19]; + t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[12]; + t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[13]; + t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[14]; + t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[15]; + /* round 4: */ + s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[16]; + s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[17]; + s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[18]; + s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[19]; /* round 5: */ - t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[20]; - t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[21]; - t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[22]; - t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[23]; - /* round 6: */ - s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[24]; - s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[25]; - s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[26]; - s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[27]; + t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[20]; + t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[21]; + t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[22]; + t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[23]; + /* round 6: */ + s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[24]; + s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[25]; + s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[26]; + s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[27]; /* round 7: */ - t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[28]; - t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[29]; - t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[30]; - t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[31]; - /* round 8: */ - s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[32]; - s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[33]; - s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[34]; - s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[35]; + t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[28]; + t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[29]; + t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[30]; + t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[31]; + /* round 8: */ + s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[32]; + s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[33]; + s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[34]; + s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[35]; /* round 9: */ - t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[36]; - t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[37]; - t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[38]; - t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[39]; + t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[36]; + t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[37]; + t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[38]; + t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[39]; if (Nr > 10) { /* round 10: */ s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[40]; @@ -1187,33 +1187,33 @@ static void rijndaelDecrypt(const u32 rk[/*4*(Nr + 1)*/], int Nr, const u8 ct[16 * apply last round and * map cipher state to byte array block: */ - s0 = - (Td4[(t0 >> 24) ] & 0xff000000) ^ - (Td4[(t3 >> 16) & 0xff] & 0x00ff0000) ^ - (Td4[(t2 >> 8) & 0xff] & 0x0000ff00) ^ - (Td4[(t1 ) & 0xff] & 0x000000ff) ^ - rk[0]; + s0 = + (Td4[(t0 >> 24) ] & 0xff000000) ^ + (Td4[(t3 >> 16) & 0xff] & 0x00ff0000) ^ + (Td4[(t2 >> 8) & 0xff] & 0x0000ff00) ^ + (Td4[(t1 ) & 0xff] & 0x000000ff) ^ + rk[0]; PUTU32(pt , s0); - s1 = - (Td4[(t1 >> 24) ] & 0xff000000) ^ - (Td4[(t0 >> 16) & 0xff] & 0x00ff0000) ^ - (Td4[(t3 >> 8) & 0xff] & 0x0000ff00) ^ - (Td4[(t2 ) & 0xff] & 0x000000ff) ^ - rk[1]; + s1 = + (Td4[(t1 >> 24) ] & 0xff000000) ^ + (Td4[(t0 >> 16) & 0xff] & 0x00ff0000) ^ + (Td4[(t3 >> 8) & 0xff] & 0x0000ff00) ^ + (Td4[(t2 ) & 0xff] & 0x000000ff) ^ + rk[1]; PUTU32(pt + 4, s1); - s2 = - (Td4[(t2 >> 24) ] & 0xff000000) ^ - (Td4[(t1 >> 16) & 0xff] & 0x00ff0000) ^ - (Td4[(t0 >> 8) & 0xff] & 0x0000ff00) ^ - (Td4[(t3 ) & 0xff] & 0x000000ff) ^ - rk[2]; + s2 = + (Td4[(t2 >> 24) ] & 0xff000000) ^ + (Td4[(t1 >> 16) & 0xff] & 0x00ff0000) ^ + (Td4[(t0 >> 8) & 0xff] & 0x0000ff00) ^ + (Td4[(t3 ) & 0xff] & 0x000000ff) ^ + rk[2]; PUTU32(pt + 8, s2); - s3 = - (Td4[(t3 >> 24) ] & 0xff000000) ^ - (Td4[(t2 >> 16) & 0xff] & 0x00ff0000) ^ - (Td4[(t1 >> 8) & 0xff] & 0x0000ff00) ^ - (Td4[(t0 ) & 0xff] & 0x000000ff) ^ - rk[3]; + s3 = + (Td4[(t3 >> 24) ] & 0xff000000) ^ + (Td4[(t2 >> 16) & 0xff] & 0x00ff0000) ^ + (Td4[(t1 >> 8) & 0xff] & 0x0000ff00) ^ + (Td4[(t0 ) & 0xff] & 0x000000ff) ^ + rk[3]; PUTU32(pt + 12, s3); } diff --git a/openssh/scard-opensc.c b/openssh/scard-opensc.c index 2489fec..a9b7ebc 100644 --- a/openssh/scard-opensc.c +++ b/openssh/scard-opensc.c @@ -1,7 +1,7 @@ /* * Copyright (c) 2002 Juha Yrjölä. All rights reserved. * Copyright (c) 2001 Markus Friedl. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -81,7 +81,7 @@ sc_close(void) } } -static int +static int sc_init(void) { int r; @@ -91,7 +91,7 @@ sc_init(void) goto err; if (sc_reader_id >= ctx->reader_count) { r = SC_ERROR_NO_READERS_FOUND; - error("Illegal reader number %d (max %d)", sc_reader_id, + error("Illegal reader number %d (max %d)", sc_reader_id, ctx->reader_count -1); goto err; } @@ -131,7 +131,7 @@ sc_prkey_op_init(RSA *rsa, struct sc_pkcs15_object **key_obj_out, goto err; } } - r = sc_pkcs15_find_prkey_by_id_usage(p15card, &priv->cert_id, + r = sc_pkcs15_find_prkey_by_id_usage(p15card, &priv->cert_id, usage, &key_obj); if (r) { error("Unable to find private key from SmartCard: %s", @@ -189,11 +189,11 @@ sc_private_decrypt(int flen, u_char *from, u_char *to, RSA *rsa, int r; if (padding != RSA_PKCS1_PADDING) - return -1; + return -1; r = sc_prkey_op_init(rsa, &key_obj, SC_USAGE_DECRYPT); if (r) return -1; - r = sc_pkcs15_decipher(p15card, key_obj, SC_ALGORITHM_RSA_PAD_PKCS1, + r = sc_pkcs15_decipher(p15card, key_obj, SC_ALGORITHM_RSA_PAD_PKCS1, from, flen, to, flen); sc_unlock(card); if (r < 0) { @@ -223,7 +223,7 @@ sc_sign(int type, u_char *m, unsigned int m_len, * the key will be rejected as using a non-repudiation key * for authentication is not recommended. Note: This does not * prevent the use of a non-repudiation key for authentication - * if the sign or signrecover flag is set as well. + * if the sign or signrecover flag is set as well. */ r = sc_prkey_op_init(rsa, &key_obj, SC_USAGE_SIGN); if (r) @@ -325,7 +325,7 @@ static void convert_rsa_to_rsa1(Key * in, Key * out) { struct sc_priv_data *priv; - + out->rsa->flags = in->rsa->flags; out->flags = in->flags; RSA_set_method(out->rsa, RSA_get_method(in->rsa)); @@ -337,7 +337,7 @@ convert_rsa_to_rsa1(Key * in, Key * out) return; } -static int +static int sc_read_pubkey(Key * k, const struct sc_pkcs15_object *cert_obj) { int r; @@ -349,7 +349,7 @@ sc_read_pubkey(Key * k, const struct sc_pkcs15_object *cert_obj) EVP_PKEY *pubkey = NULL; u8 *p; char *tmp; - + debug("sc_read_pubkey() with cert id %02X", cinfo->id.value[0]); r = sc_pkcs15_read_certificate(p15card, cinfo, &cert); if (r) { @@ -358,7 +358,7 @@ sc_read_pubkey(Key * k, const struct sc_pkcs15_object *cert_obj) } x509 = X509_new(); if (x509 == NULL) { - r = -1; + r = -1; goto err; } p = cert->data; @@ -391,7 +391,7 @@ sc_read_pubkey(Key * k, const struct sc_pkcs15_object *cert_obj) tmp = key_fingerprint(k, SSH_FP_MD5, SSH_FP_HEX); debug("fingerprint %d %s", key_size(k), tmp); xfree(tmp); - + return 0; err: if (cert) diff --git a/openssh/scp.1 b/openssh/scp.1 index a971500..f5ca1e4 100644 --- a/openssh/scp.1 +++ b/openssh/scp.1 @@ -9,7 +9,7 @@ .\" .\" Created: Sun May 7 00:14:37 1995 ylo .\" -.\" $OpenBSD: scp.1,v 1.28 2003/06/10 09:12:11 jmc Exp $ +.\" $OpenBSD: scp.1,v 1.32 2003/12/16 15:49:51 markus Exp $ .\" .Dd September 25, 1999 .Dt SCP 1 @@ -20,24 +20,24 @@ .Sh SYNOPSIS .Nm scp .Bk -words -.Op Fl pqrvBC1246 -.Op Fl F Ar ssh_config -.Op Fl S Ar program -.Op Fl P Ar port +.Op Fl 1246BCpqrv .Op Fl c Ar cipher +.Op Fl F Ar ssh_config .Op Fl i Ar identity_file .Op Fl l Ar limit .Op Fl o Ar ssh_option +.Op Fl P Ar port +.Op Fl S Ar program .Sm off .Oo -.Op Ar user@ +.Op Ar user No @ .Ar host1 No : .Oc Ns Ar file1 .Sm on .Op Ar ... .Sm off .Oo -.Op Ar user@ +.Op Ar user No @ .Ar host2 No : .Oc Ar file2 .Sm on @@ -62,35 +62,24 @@ Copies between two remote hosts are permitted. .Pp The options are as follows: .Bl -tag -width Ds -.It Fl c Ar cipher -Selects the cipher to use for encrypting the data transfer. -This option is directly passed to -.Xr ssh 1 . -.It Fl i Ar identity_file -Selects the file from which the identity (private key) for RSA -authentication is read. -This option is directly passed to -.Xr ssh 1 . -.It Fl l Ar limit -Limits the used bandwidth, specified in Kbit/s. -.It Fl p -Preserves modification times, access times, and modes from the -original file. -.It Fl r -Recursively copy entire directories. -.It Fl v -Verbose mode. -Causes +.It Fl 1 +Forces .Nm -and -.Xr ssh 1 -to print debugging messages about their progress. -This is helpful in -debugging connection, authentication, and configuration problems. +to use protocol 1. +.It Fl 2 +Forces +.Nm +to use protocol 2. +.It Fl 4 +Forces +.Nm +to use IPv4 addresses only. +.It Fl 6 +Forces +.Nm +to use IPv6 addresses only. .It Fl B Selects batch mode (prevents asking for passwords or passphrases). -.It Fl q -Disables the progress meter. .It Fl C Compression enable. Passes the @@ -98,12 +87,78 @@ Passes the flag to .Xr ssh 1 to enable compression. +.It Fl c Ar cipher +Selects the cipher to use for encrypting the data transfer. +This option is directly passed to +.Xr ssh 1 . .It Fl F Ar ssh_config Specifies an alternative per-user configuration file for .Nm ssh . This option is directly passed to .Xr ssh 1 . +.It Fl i Ar identity_file +Selects the file from which the identity (private key) for RSA +authentication is read. +This option is directly passed to +.Xr ssh 1 . +.It Fl l Ar limit +Limits the used bandwidth, specified in Kbit/s. +.It Fl o Ar ssh_option +Can be used to pass options to +.Nm ssh +in the format used in +.Xr ssh_config 5 . +This is useful for specifying options +for which there is no separate +.Nm scp +command-line flag. +For full details of the options listed below, and their possible values, see +.Xr ssh_config 5 . +.Pp +.Bl -tag -width Ds -offset indent -compact +.It AddressFamily +.It BatchMode +.It BindAddress +.It ChallengeResponseAuthentication +.It CheckHostIP +.It Cipher +.It Ciphers +.It Compression +.It CompressionLevel +.It ConnectionAttempts +.It ConnectionTimeout +.It GlobalKnownHostsFile +.It GSSAPIAuthentication +.It GSSAPIDelegateCredentials +.It Host +.It HostbasedAuthentication +.It HostKeyAlgorithms +.It HostKeyAlias +.It HostName +.It IdentityFile +.It LogLevel +.It MACs +.It NoHostAuthenticationForLocalhost +.It NumberOfPasswordPrompts +.It PasswordAuthentication +.It Port +.It PreferredAuthentications +.It Protocol +.It ProxyCommand +.It PubkeyAuthentication +.It RhostsRSAAuthentication +.It RSAAuthentication +.It ServerAliveInterval +.It ServerAliveCountMax +.It SmartcardDevice +.It StrictHostKeyChecking +.It TCPKeepAlive +.It UsePrivilegedPort +.It User +.It UserKnownHostsFile +.It VerifyHostKeyDNS +.El .It Fl P Ar port Specifies the port to connect to on the remote host. Note that this option is written with a capital @@ -112,6 +167,13 @@ because .Fl p is already reserved for preserving the times and modes of the file in .Xr rcp 1 . +.It Fl p +Preserves modification times, access times, and modes from the +original file. +.It Fl q +Disables the progress meter. +.It Fl r +Recursively copy entire directories. .It Fl S Ar program Name of .Ar program @@ -119,31 +181,15 @@ to use for the encrypted connection. The program must understand .Xr ssh 1 options. -.It Fl o Ar ssh_option -Can be used to pass options to -.Nm ssh -in the format used in -.Xr ssh_config 5 . -This is useful for specifying options -for which there is no separate -.Nm scp -command-line flag. -.It Fl 1 -Forces -.Nm -to use protocol 1. -.It Fl 2 -Forces -.Nm -to use protocol 2. -.It Fl 4 -Forces -.Nm -to use IPv4 addresses only. -.It Fl 6 -Forces +.It Fl v +Verbose mode. +Causes .Nm -to use IPv6 addresses only. +and +.Xr ssh 1 +to print debugging messages about their progress. +This is helpful in +debugging connection, authentication, and configuration problems. .El .Sh DIAGNOSTICS .Nm @@ -165,5 +211,4 @@ program in BSD source code from the Regents of the University of California. .Sh AUTHORS .An Timo Rinne Aq tri@iki.fi -and .An Tatu Ylonen Aq ylo@cs.hut.fi diff --git a/openssh/scp.c b/openssh/scp.c index 4f9247c..1daa2cc 100644 --- a/openssh/scp.c +++ b/openssh/scp.c @@ -71,7 +71,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: scp.c,v 1.108 2003/07/18 01:54:25 deraadt Exp $"); +RCSID("$OpenBSD: scp.c,v 1.113 2003/11/23 23:21:21 djm Exp $"); #include "xmalloc.h" #include "atomicio.h" @@ -92,7 +92,7 @@ void bwlimit(int); arglist args; /* Bandwidth limit */ -off_t limitbw = 0; +off_t limit_rate = 0; /* Name of current file being transferred. */ char *curfile; @@ -257,7 +257,7 @@ main(int argc, char **argv) speed = strtod(optarg, &endp); if (speed <= 0 || *endp != '\0') usage(); - limitbw = speed * 1024; + limit_rate = speed * 1024; break; case 'p': pflag = 1; @@ -273,6 +273,7 @@ main(int argc, char **argv) verbose_mode = 1; break; case 'q': + addargs(&args, "-q"); showprogress = 0; break; @@ -426,7 +427,8 @@ toremote(char *targ, int argc, char **argv) } if (verbose_mode) fprintf(stderr, "Executing: %s\n", bp); - (void) system(bp); + if (system(bp) != 0) + errs = 1; (void) xfree(bp); } else { /* local to remote */ if (remin == -1) { @@ -587,7 +589,7 @@ next: (void) close(fd); haderr = result >= 0 ? EIO : errno; statbytes += result; } - if (limitbw) + if (limit_rate) bwlimit(amt); } if (showprogress) @@ -679,7 +681,7 @@ bwlimit(int amount) return; lamt *= 8; - wait = (double)1000000L * lamt / limitbw; + wait = (double)1000000L * lamt / limit_rate; bwstart.tv_sec = wait / 1000000L; bwstart.tv_usec = wait % 1000000L; @@ -905,8 +907,8 @@ bad: run_err("%s: %s", np, strerror(errno)); cp += j; statbytes += j; } while (amt > 0); - - if (limitbw) + + if (limit_rate) bwlimit(4096); if (count == bp->cnt) { @@ -1018,8 +1020,8 @@ void usage(void) { (void) fprintf(stderr, - "usage: scp [-pqrvBC1246] [-F config] [-S program] [-P port]\n" - " [-c cipher] [-i identity] [-l limit] [-o option]\n" + "usage: scp [-1246BCpqrv] [-c cipher] [-F ssh_config] [-i identity_file]\n" + " [-l limit] [-o ssh_option] [-P port] [-S program]\n" " [[user@]host1:]file1 [...] [[user@]host2:]file2\n"); exit(1); } diff --git a/openssh/servconf.c b/openssh/servconf.c index 58f49a2..b832c75 100644 --- a/openssh/servconf.c +++ b/openssh/servconf.c @@ -10,7 +10,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: servconf.c,v 1.127 2003/09/01 18:15:50 markus Exp $"); +RCSID("$OpenBSD: servconf.c,v 1.130 2003/12/23 16:12:10 jakob Exp $"); #include "ssh.h" #include "log.h" @@ -61,7 +61,7 @@ initialize_server_options(ServerOptions *options) options->x11_use_localhost = -1; options->xauth_location = NULL; options->strict_modes = -1; - options->keepalives = -1; + options->tcp_keep_alive = -1; options->log_facility = SYSLOG_FACILITY_NOT_SET; options->log_level = SYSLOG_LEVEL_NOT_SET; options->rhosts_rsa_authentication = -1; @@ -72,6 +72,7 @@ initialize_server_options(ServerOptions *options) options->kerberos_authentication = -1; options->kerberos_or_local_passwd = -1; options->kerberos_ticket_cleanup = -1; + options->kerberos_get_afs_token = -1; options->gss_authentication=-1; options->gss_cleanup_creds = -1; options->password_authentication = -1; @@ -159,8 +160,8 @@ fill_default_server_options(ServerOptions *options) options->xauth_location = _PATH_XAUTH; if (options->strict_modes == -1) options->strict_modes = 1; - if (options->keepalives == -1) - options->keepalives = 1; + if (options->tcp_keep_alive == -1) + options->tcp_keep_alive = 1; if (options->log_facility == SYSLOG_FACILITY_NOT_SET) options->log_facility = SYSLOG_FACILITY_AUTH; if (options->log_level == SYSLOG_LEVEL_NOT_SET) @@ -181,6 +182,8 @@ fill_default_server_options(ServerOptions *options) options->kerberos_or_local_passwd = 1; if (options->kerberos_ticket_cleanup == -1) options->kerberos_ticket_cleanup = 1; + if (options->kerberos_get_afs_token == -1) + options->kerberos_get_afs_token = 0; if (options->gss_authentication == -1) options->gss_authentication = 0; if (options->gss_cleanup_creds == -1) @@ -250,11 +253,12 @@ typedef enum { sPermitRootLogin, sLogFacility, sLogLevel, sRhostsRSAAuthentication, sRSAAuthentication, sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup, + sKerberosGetAFSToken, sKerberosTgtPassing, sChallengeResponseAuthentication, sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress, sPrintMotd, sPrintLastLog, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, - sStrictModes, sEmptyPasswd, sKeepAlives, + sStrictModes, sEmptyPasswd, sTCPKeepAlive, sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile, @@ -301,19 +305,21 @@ static struct { { "kerberosauthentication", sKerberosAuthentication }, { "kerberosorlocalpasswd", sKerberosOrLocalPasswd }, { "kerberosticketcleanup", sKerberosTicketCleanup }, + { "kerberosgetafstoken", sKerberosGetAFSToken }, #else { "kerberosauthentication", sUnsupported }, { "kerberosorlocalpasswd", sUnsupported }, { "kerberosticketcleanup", sUnsupported }, + { "kerberosgetafstoken", sUnsupported }, #endif { "kerberostgtpassing", sUnsupported }, { "afstokenpassing", sUnsupported }, #ifdef GSSAPI { "gssapiauthentication", sGssAuthentication }, - { "gssapicleanupcreds", sGssCleanupCreds }, + { "gssapicleanupcredentials", sGssCleanupCreds }, #else { "gssapiauthentication", sUnsupported }, - { "gssapicleanupcreds", sUnsupported }, + { "gssapicleanupcredentials", sUnsupported }, #endif { "passwordauthentication", sPasswordAuthentication }, { "kbdinteractiveauthentication", sKbdInteractiveAuthentication }, @@ -334,7 +340,8 @@ static struct { { "permituserenvironment", sPermitUserEnvironment }, { "uselogin", sUseLogin }, { "compression", sCompression }, - { "keepalive", sKeepAlives }, + { "tcpkeepalive", sTCPKeepAlive }, + { "keepalive", sTCPKeepAlive }, /* obsolete alias */ { "allowtcpforwarding", sAllowTcpForwarding }, { "allowusers", sAllowUsers }, { "denyusers", sDenyUsers }, @@ -629,6 +636,10 @@ parse_flag: intptr = &options->kerberos_ticket_cleanup; goto parse_flag; + case sKerberosGetAFSToken: + intptr = &options->kerberos_get_afs_token; + goto parse_flag; + case sGssAuthentication: intptr = &options->gss_authentication; goto parse_flag; @@ -677,8 +688,8 @@ parse_flag: intptr = &options->strict_modes; goto parse_flag; - case sKeepAlives: - intptr = &options->keepalives; + case sTCPKeepAlive: + intptr = &options->tcp_keep_alive; goto parse_flag; case sEmptyPasswd: diff --git a/openssh/servconf.h b/openssh/servconf.h index 828e94c..57c7e5f 100644 --- a/openssh/servconf.h +++ b/openssh/servconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.h,v 1.65 2003/09/01 18:15:50 markus Exp $ */ +/* $OpenBSD: servconf.h,v 1.67 2003/12/23 16:12:10 jakob Exp $ */ /* * Author: Tatu Ylonen @@ -58,7 +58,7 @@ typedef struct { int x11_use_localhost; /* If true, use localhost for fake X11 server. */ char *xauth_location; /* Location of xauth program */ int strict_modes; /* If true, require string home dir modes. */ - int keepalives; /* If true, set SO_KEEPALIVE. */ + int tcp_keep_alive; /* If true, set SO_KEEPALIVE. */ char *ciphers; /* Supported SSH2 ciphers. */ char *macs; /* Supported SSH2 macs. */ int protocol; /* Supported protocol versions. */ @@ -80,6 +80,8 @@ typedef struct { * /etc/passwd */ int kerberos_ticket_cleanup; /* If true, destroy ticket * file on logout. */ + int kerberos_get_afs_token; /* If true, try to get AFS token if + * authenticated with Kerberos. */ int gss_authentication; /* If true, permit GSSAPI authentication */ int gss_cleanup_creds; /* If true, destroy cred cache on logout */ int password_authentication; /* If true, permit password diff --git a/openssh/serverloop.c b/openssh/serverloop.c index a953902..bc7cd65 100644 --- a/openssh/serverloop.c +++ b/openssh/serverloop.c @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: serverloop.c,v 1.110 2003/06/24 08:23:46 markus Exp $"); +RCSID("$OpenBSD: serverloop.c,v 1.114 2003/12/09 15:28:43 markus Exp $"); #include "xmalloc.h" #include "packet.h" @@ -60,7 +60,7 @@ extern ServerOptions options; /* XXX */ extern Kex *xxx_kex; -static Authctxt *xxx_authctxt; +extern Authctxt *the_authctxt; static Buffer stdin_buffer; /* Buffer for stdin data. */ static Buffer stdout_buffer; /* Buffer for stdout data. */ @@ -212,26 +212,23 @@ make_packets_from_stdout_data(void) static void client_alive_check(void) { - static int had_channel = 0; - int id; - - id = channel_find_open(); - if (id == -1) { - if (!had_channel) - return; - packet_disconnect("No open channels after timeout!"); - } - had_channel = 1; + int channel_id; /* timeout, check to see how many we have had */ if (++client_alive_timeouts > options.client_alive_count_max) packet_disconnect("Timeout, your session not responding."); /* - * send a bogus channel request with "wantreply", + * send a bogus global/channel request with "wantreply", * we should get back a failure */ - channel_request_start(id, "keepalive@openssh.com", 1); + if ((channel_id = channel_find_open()) == -1) { + packet_start(SSH2_MSG_GLOBAL_REQUEST); + packet_put_cstring("keepalive@openssh.com"); + packet_put_char(1); /* boolean: want reply */ + } else { + channel_request_start(channel_id, "keepalive@openssh.com", 1); + } packet_send(); } @@ -355,13 +352,13 @@ process_input(fd_set * readset) connection_closed = 1; if (compat20) return; - fatal_cleanup(); + cleanup_exit(255); } else if (len < 0) { if (errno != EINTR && errno != EAGAIN) { verbose("Read error from remote host " "%.100s: %.100s", get_remote_ipaddr(), strerror(errno)); - fatal_cleanup(); + cleanup_exit(255); } } else { /* Buffer any received data. */ @@ -756,8 +753,6 @@ server_loop2(Authctxt *authctxt) max_fd = MAX(connection_in, connection_out); max_fd = MAX(max_fd, notify_pipe[0]); - xxx_authctxt = authctxt; - server_init_dispatch(); for (;;) { @@ -799,9 +794,9 @@ server_loop2(Authctxt *authctxt) } static void -server_input_channel_failure(int type, u_int32_t seq, void *ctxt) +server_input_keep_alive(int type, u_int32_t seq, void *ctxt) { - debug("Got CHANNEL_FAILURE for keepalive"); + debug("Got %d/%u for keepalive", type, seq); /* * reset timeout, since we got a sane answer from the client. * even if this was generated by something other than @@ -810,7 +805,6 @@ server_input_channel_failure(int type, u_int32_t seq, void *ctxt) client_alive_timeouts = 0; } - static void server_input_stdin_data(int type, u_int32_t seq, void *ctxt) { @@ -900,7 +894,7 @@ server_request_session(char *ctype) c = channel_new(ctype, SSH_CHANNEL_LARVAL, -1, -1, -1, /*window size*/0, CHAN_SES_PACKET_DEFAULT, 0, "server-session", 1); - if (session_open(xxx_authctxt, c->self) != 1) { + if (session_open(the_authctxt, c->self) != 1) { debug("session open failed, free channel %d", c->self); channel_free(c); return NULL; @@ -974,9 +968,9 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt) char *listen_address; u_short listen_port; - pw = auth_get_user(); - if (pw == NULL) - fatal("server_input_global_request: no user"); + pw = the_authctxt->pw; + if (pw == NULL || !the_authctxt->valid) + fatal("server_input_global_request: no/invalid user"); listen_address = packet_get_string(NULL); listen_port = (u_short)packet_get_int(); debug("server_input_global_request: tcpip-forward listen %s port %d", @@ -1050,7 +1044,9 @@ server_init_dispatch_20(void) dispatch_set(SSH2_MSG_CHANNEL_WINDOW_ADJUST, &channel_input_window_adjust); dispatch_set(SSH2_MSG_GLOBAL_REQUEST, &server_input_global_request); /* client_alive */ - dispatch_set(SSH2_MSG_CHANNEL_FAILURE, &server_input_channel_failure); + dispatch_set(SSH2_MSG_CHANNEL_FAILURE, &server_input_keep_alive); + dispatch_set(SSH2_MSG_REQUEST_SUCCESS, &server_input_keep_alive); + dispatch_set(SSH2_MSG_REQUEST_FAILURE, &server_input_keep_alive); /* rekeying */ dispatch_set(SSH2_MSG_KEXINIT, &kex_input_kexinit); } diff --git a/openssh/session.c b/openssh/session.c index 2898ac5..03a5ec5 100644 --- a/openssh/session.c +++ b/openssh/session.c @@ -33,7 +33,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: session.c,v 1.164 2003/09/18 08:49:45 markus Exp $"); +RCSID("$OpenBSD: session.c,v 1.170 2003/12/23 16:12:10 jakob Exp $"); #include "ssh.h" #include "ssh1.h" @@ -66,7 +66,7 @@ RCSID("$OpenBSD: session.c,v 1.164 2003/09/18 08:49:45 markus Exp $"); Session *session_new(void); void session_set_fds(Session *, int, int, int); -void session_pty_cleanup(void *); +void session_pty_cleanup(Session *); void session_proctitle(Session *); int session_setup_x11fwd(Session *); void do_exec_pty(Session *, const char *); @@ -106,6 +106,8 @@ Session sessions[MAX_SESSIONS]; login_cap_t *lc; #endif +static int is_child = 0; + /* Name and directory of socket for authentication agent forwarding. */ static char *auth_sock_name = NULL; static char *auth_sock_dir = NULL; @@ -113,10 +115,8 @@ static char *auth_sock_dir = NULL; /* removes the agent forwarding socket */ static void -auth_sock_cleanup_proc(void *_pw) +auth_sock_cleanup_proc(struct passwd *pw) { - struct passwd *pw = _pw; - if (auth_sock_name != NULL) { temporarily_use_uid(pw); unlink(auth_sock_name); @@ -144,7 +144,7 @@ auth_input_request_forwarding(struct passwd * pw) /* Allocate a buffer for the socket name, and format the name. */ auth_sock_name = xmalloc(MAXPATHLEN); auth_sock_dir = xmalloc(MAXPATHLEN); - strlcpy(auth_sock_dir, "/tmp/ssh-XXXXXXXX", MAXPATHLEN); + strlcpy(auth_sock_dir, "/tmp/ssh-XXXXXXXXXX", MAXPATHLEN); /* Create private directory for socket */ if (mkdtemp(auth_sock_dir) == NULL) { @@ -160,9 +160,6 @@ auth_input_request_forwarding(struct passwd * pw) snprintf(auth_sock_name, MAXPATHLEN, "%s/agent.%ld", auth_sock_dir, (long) getpid()); - /* delete agent socket on fatal() */ - fatal_add_cleanup(auth_sock_cleanup_proc, pw); - /* Create the socket. */ sock = socket(AF_UNIX, SOCK_STREAM, 0); if (sock < 0) @@ -180,7 +177,7 @@ auth_input_request_forwarding(struct passwd * pw) restore_uid(); /* Start listening on the socket. */ - if (listen(sock, 5) < 0) + if (listen(sock, SSH_LISTEN_BACKLOG) < 0) packet_disconnect("listen: %.100s", strerror(errno)); /* Allocate a channel for the authentication agent socket. */ @@ -207,7 +204,6 @@ do_authenticated(Authctxt *authctxt) close(startup_pipe); startup_pipe = -1; } - /* setup the channel layer */ if (!no_port_forwarding_flag && options.allow_tcp_forwarding) channel_permit_all_opens(); @@ -217,13 +213,7 @@ do_authenticated(Authctxt *authctxt) else do_authenticated1(authctxt); - /* remove agent socket */ - if (auth_sock_name != NULL) - auth_sock_cleanup_proc(authctxt->pw); -#ifdef KRB5 - if (options.kerberos_ticket_cleanup) - krb5_cleanup_proc(authctxt); -#endif + do_cleanup(authctxt); } /* @@ -405,7 +395,7 @@ do_exec_no_pty(Session *s, const char *command) /* Fork the child. */ if ((pid = fork()) == 0) { - fatal_remove_all_cleanups(); + is_child = 1; /* Child. Reinitialize the log since the pid has changed. */ log_init(__progname, options.log_level, options.log_facility, log_stderr); @@ -531,7 +521,7 @@ do_exec_pty(Session *s, const char *command) /* Fork the child. */ if ((pid = fork()) == 0) { - fatal_remove_all_cleanups(); + is_child = 1; /* Child. Reinitialize the log because the pid has changed. */ log_init(__progname, options.log_level, options.log_facility, log_stderr); @@ -627,7 +617,7 @@ do_pre_login(Session *s) if (getpeername(packet_get_connection_in(), (struct sockaddr *) & from, &fromlen) < 0) { debug("getpeername: %.100s", strerror(errno)); - fatal_cleanup(); + cleanup_exit(255); } } @@ -687,7 +677,7 @@ do_login(Session *s, const char *command) if (getpeername(packet_get_connection_in(), (struct sockaddr *) & from, &fromlen) < 0) { debug("getpeername: %.100s", strerror(errno)); - fatal_cleanup(); + cleanup_exit(255); } } @@ -915,7 +905,7 @@ read_etc_default_login(char ***env, u_int *envsize, uid_t uid) { char **tmpenv = NULL, *var; u_int i, tmpenvsize = 0; - mode_t mask; + u_long mask; /* * We don't want to copy the whole file to the child's environment, @@ -933,11 +923,11 @@ read_etc_default_login(char ***env, u_int *envsize, uid_t uid) var = child_get_env(tmpenv, "PATH"); if (var != NULL) child_set_env(env, envsize, "PATH", var); - + if ((var = child_get_env(tmpenv, "UMASK")) != NULL) if (sscanf(var, "%5lo", &mask) == 1) - umask(mask); - + umask((mode_t)mask); + for (i = 0; tmpenv[i] != NULL; i++) xfree(tmpenv[i]); xfree(tmpenv); @@ -962,7 +952,7 @@ void copy_environment(char **source, char ***env, u_int *envsize) debug3("Copy environment: %s=%s", var_name, var_val); child_set_env(env, envsize, var_name, var_val); - + xfree(var_name); } } @@ -989,7 +979,7 @@ do_setup_env(Session *s, const char *shell) #endif #ifdef GSSAPI - /* Allow any GSSAPI methods that we've used to alter + /* Allow any GSSAPI methods that we've used to alter * the childs environment as they see fit */ ssh_gssapi_do_child(&env, &envsize); @@ -1021,7 +1011,7 @@ do_setup_env(Session *s, const char *shell) path = child_get_env(env, "PATH"); # endif /* HAVE_ETC_DEFAULT_LOGIN */ if (path == NULL || *path == '\0') { - child_set_env(&env, &envsize, "PATH", + child_set_env(&env, &envsize, "PATH", s->pw->pw_uid == 0 ? SUPERUSER_PATH : _PATH_STDPATH); } @@ -1104,8 +1094,13 @@ do_setup_env(Session *s, const char *shell) * been set by PAM. */ if (options.use_pam) { - char **p = fetch_pam_environment(); + char **p; + p = fetch_pam_child_environment(); + copy_environment(p, &env, &envsize); + free_pam_environment(p); + + p = fetch_pam_environment(); copy_environment(p, &env, &envsize); free_pam_environment(p); } @@ -1178,7 +1173,7 @@ do_rc_files(Session *s, const char *shell) if (debug_flag) { fprintf(stderr, "Running %.500s remove %.100s\n", - options.xauth_location, s->auth_display); + options.xauth_location, s->auth_display); fprintf(stderr, "%.500s add %.100s %.100s %.100s\n", options.xauth_location, s->auth_display, @@ -1270,7 +1265,7 @@ do_setusercontext(struct passwd *pw) endgrent(); # ifdef USE_PAM /* - * PAM credentials may take the form of supplementary groups. + * PAM credentials may take the form of supplementary groups. * These will have been wiped by the above initgroups() call. * Reestablish them here. */ @@ -1420,6 +1415,32 @@ do_child(Session *s, const char *command) */ environ = env; +#ifdef KRB5 + /* + * At this point, we check to see if AFS is active and if we have + * a valid Kerberos 5 TGT. If so, it seems like a good idea to see + * if we can (and need to) extend the ticket into an AFS token. If + * we don't do this, we run into potential problems if the user's + * home directory is in AFS and it's not world-readable. + */ + + if (options.kerberos_get_afs_token && k_hasafs() && + (s->authctxt->krb5_ctx != NULL)) { + char cell[64]; + + debug("Getting AFS token"); + + k_setpag(); + + if (k_afs_cell_of_file(pw->pw_dir, cell, sizeof(cell)) == 0) + krb5_afslog(s->authctxt->krb5_ctx, + s->authctxt->krb5_fwd_ccache, cell, NULL); + + krb5_afslog_home(s->authctxt->krb5_ctx, + s->authctxt->krb5_fwd_ccache, NULL, NULL, pw->pw_dir); + } +#endif + /* Change current directory to the user\'s home directory. */ if (chdir(pw->pw_dir) < 0) { fprintf(stderr, "Could not chdir to home directory %s: %s\n", @@ -1541,7 +1562,7 @@ session_open(Authctxt *authctxt, int chanid) } s->authctxt = authctxt; s->pw = authctxt->pw; - if (s->pw == NULL) + if (s->pw == NULL || !authctxt->valid) fatal("no user for session %d", s->self); debug("session_open: session %d: link with channel %d", s->self, chanid); s->chanid = chanid; @@ -1663,11 +1684,6 @@ session_pty_req(Session *s) n_bytes = packet_remaining(); tty_parse_modes(s->ttyfd, &n_bytes); - /* - * Add a cleanup function to clear the utmp entry and record logout - * time in case we call fatal() (e.g., the connection gets closed). - */ - fatal_add_cleanup(session_pty_cleanup, (void *)s); if (!use_privsep) pty_setowner(s->pw, s->tty); @@ -1849,10 +1865,8 @@ session_set_fds(Session *s, int fdin, int fdout, int fderr) * (e.g., due to a dropped connection). */ void -session_pty_cleanup2(void *session) +session_pty_cleanup2(Session *s) { - Session *s = session; - if (s == NULL) { error("session_pty_cleanup: no session"); return; @@ -1883,9 +1897,9 @@ session_pty_cleanup2(void *session) } void -session_pty_cleanup(void *session) +session_pty_cleanup(Session *s) { - PRIVSEP(session_pty_cleanup2(session)); + PRIVSEP(session_pty_cleanup2(s)); } static char * @@ -1958,10 +1972,8 @@ void session_close(Session *s) { debug("session_close: session %d pid %ld", s->self, (long)s->pid); - if (s->ttyfd != -1) { - fatal_remove_cleanup(session_pty_cleanup, (void *)s); + if (s->ttyfd != -1) session_pty_cleanup(s); - } if (s->term) xfree(s->term); if (s->display) @@ -2010,10 +2022,8 @@ session_close_by_channel(int id, void *arg) * delay detach of session, but release pty, since * the fd's to the child are already closed */ - if (s->ttyfd != -1) { - fatal_remove_cleanup(session_pty_cleanup, (void *)s); + if (s->ttyfd != -1) session_pty_cleanup(s); - } return; } /* detach by removing callback */ @@ -2048,13 +2058,13 @@ session_tty_list(void) for (i = 0; i < MAX_SESSIONS; i++) { Session *s = &sessions[i]; if (s->used && s->ttyfd != -1) { - + if (strncmp(s->tty, "/dev/", 5) != 0) { cp = strrchr(s->tty, '/'); cp = (cp == NULL) ? s->tty : cp + 1; } else cp = s->tty + 5; - + if (buf[0] != '\0') strlcat(buf, ",", sizeof buf); strlcat(buf, cp, sizeof buf); @@ -2154,8 +2164,51 @@ static void do_authenticated2(Authctxt *authctxt) { server_loop2(authctxt); -#if defined(GSSAPI) - if (options.gss_cleanup_creds) - ssh_gssapi_cleanup_creds(NULL); +} + +void +do_cleanup(Authctxt *authctxt) +{ + static int called = 0; + + debug("do_cleanup"); + + /* no cleanup if we're in the child for login shell */ + if (is_child) + return; + + /* avoid double cleanup */ + if (called) + return; + called = 1; + + if (authctxt == NULL) + return; +#ifdef KRB5 + if (options.kerberos_ticket_cleanup && + authctxt->krb5_ctx) + krb5_cleanup_proc(authctxt); +#endif + +#ifdef GSSAPI + if (compat20 && options.gss_cleanup_creds) + ssh_gssapi_cleanup_creds(); #endif + +#ifdef USE_PAM + if (options.use_pam) { + sshpam_cleanup(); + sshpam_thread_cleanup(); + } +#endif + + /* remove agent socket */ + auth_sock_cleanup_proc(authctxt->pw); + + /* + * Cleanup ptys/utmp only if privsep is disabled, + * or if running in monitor. + */ + if (!use_privsep || mm_is_monitor()) + session_destroy_all(session_pty_cleanup2); } diff --git a/openssh/session.h b/openssh/session.h index 525e47f..405b8fe 100644 --- a/openssh/session.h +++ b/openssh/session.h @@ -1,4 +1,4 @@ -/* $OpenBSD: session.h,v 1.20 2003/08/22 10:56:09 markus Exp $ */ +/* $OpenBSD: session.h,v 1.21 2003/09/23 20:17:11 markus Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -56,13 +56,14 @@ struct Session { }; void do_authenticated(Authctxt *); +void do_cleanup(Authctxt *); int session_open(Authctxt *, int); int session_input_channel_req(Channel *, const char *); void session_close_by_pid(pid_t, int); void session_close_by_channel(int, void *); void session_destroy_all(void (*)(Session *)); -void session_pty_cleanup2(void *); +void session_pty_cleanup2(Session *); Session *session_new(void); Session *session_by_tty(char *); diff --git a/openssh/sftp-client.c b/openssh/sftp-client.c index ffff0fe..8e657d1 100644 --- a/openssh/sftp-client.c +++ b/openssh/sftp-client.c @@ -28,7 +28,7 @@ /* XXX: copy between two remote sites */ #include "includes.h" -RCSID("$OpenBSD: sftp-client.c,v 1.44 2003/06/28 16:23:06 deraadt Exp $"); +RCSID("$OpenBSD: sftp-client.c,v 1.45 2003/11/21 11:57:03 djm Exp $"); #include "openbsd-compat/sys-queue.h" @@ -798,7 +798,7 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path, return(-1); } - local_fd = open(local_path, O_WRONLY | O_CREAT | O_TRUNC, + local_fd = open(local_path, O_WRONLY | O_CREAT | O_TRUNC, mode | S_IWRITE); if (local_fd == -1) { error("Couldn't open local file \"%s\" for writing: %s", @@ -946,7 +946,7 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path, /* Override umask and utimes if asked */ #ifdef HAVE_FCHMOD if (pflag && fchmod(local_fd, mode) == -1) -#else +#else if (pflag && chmod(local_path, mode) == -1) #endif /* HAVE_FCHMOD */ error("Couldn't set mode on \"%s\": %s", local_path, diff --git a/openssh/sftp-common.c b/openssh/sftp-common.c index 5313b13..4cea3c3 100644 --- a/openssh/sftp-common.c +++ b/openssh/sftp-common.c @@ -24,7 +24,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sftp-common.c,v 1.9 2003/05/24 09:30:40 djm Exp $"); +RCSID("$OpenBSD: sftp-common.c,v 1.10 2003/11/10 16:23:41 jakob Exp $"); #include "buffer.h" #include "bufaux.h" @@ -49,7 +49,7 @@ attrib_clear(Attrib *a) /* Convert from struct stat to filexfer attribs */ void -stat_to_attrib(struct stat *st, Attrib *a) +stat_to_attrib(const struct stat *st, Attrib *a) { attrib_clear(a); a->flags = 0; @@ -67,7 +67,7 @@ stat_to_attrib(struct stat *st, Attrib *a) /* Convert from filexfer attribs to struct stat */ void -attrib_to_stat(Attrib *a, struct stat *st) +attrib_to_stat(const Attrib *a, struct stat *st) { memset(st, 0, sizeof(*st)); @@ -124,7 +124,7 @@ decode_attrib(Buffer *b) /* Encode attributes to buffer */ void -encode_attrib(Buffer *b, Attrib *a) +encode_attrib(Buffer *b, const Attrib *a) { buffer_put_int(b, a->flags); if (a->flags & SSH2_FILEXFER_ATTR_SIZE) @@ -174,7 +174,7 @@ fx2txt(int status) * drwxr-xr-x 5 markus markus 1024 Jan 13 18:39 .ssh */ char * -ls_file(char *name, struct stat *st, int remote) +ls_file(const char *name, const struct stat *st, int remote) { int ulen, glen, sz = 0; struct passwd *pw; diff --git a/openssh/sftp-common.h b/openssh/sftp-common.h index 201611c..b42ba91 100644 --- a/openssh/sftp-common.h +++ b/openssh/sftp-common.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-common.h,v 1.4 2002/09/11 22:41:50 djm Exp $ */ +/* $OpenBSD: sftp-common.h,v 1.5 2003/11/10 16:23:41 jakob Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -39,10 +39,10 @@ struct Attrib { }; void attrib_clear(Attrib *); -void stat_to_attrib(struct stat *, Attrib *); -void attrib_to_stat(Attrib *, struct stat *); +void stat_to_attrib(const struct stat *, Attrib *); +void attrib_to_stat(const Attrib *, struct stat *); Attrib *decode_attrib(Buffer *); -void encode_attrib(Buffer *, Attrib *); -char *ls_file(char *, struct stat *, int); +void encode_attrib(Buffer *, const Attrib *); +char *ls_file(const char *, const struct stat *, int); const char *fx2txt(int); diff --git a/openssh/sftp-glob.c b/openssh/sftp-glob.c index ee122a2..f099227 100644 --- a/openssh/sftp-glob.c +++ b/openssh/sftp-glob.c @@ -70,7 +70,7 @@ fudge_readdir(struct SFTP_OPENDIR *od) #ifdef __GNU_LIBRARY__ static int inum = 1; #endif /* __GNU_LIBRARY__ */ - + if (od->dir[od->offset] == NULL) return(NULL); @@ -89,7 +89,7 @@ fudge_readdir(struct SFTP_OPENDIR *od) #ifdef __GNU_LIBRARY__ /* * Idiot glibc uses extensions to struct dirent for readdir with - * ALTDIRFUNCs. Not that this is documented anywhere but the + * ALTDIRFUNCs. Not that this is documented anywhere but the * source... Fake an inode number to appease it. */ ret->d_ino = inum++; diff --git a/openssh/sftp-int.c b/openssh/sftp-int.c index c93eaab..edb475b 100644 --- a/openssh/sftp-int.c +++ b/openssh/sftp-int.c @@ -25,7 +25,7 @@ /* XXX: recursive operations */ #include "includes.h" -RCSID("$OpenBSD: sftp-int.c,v 1.62 2003/08/25 08:13:09 fgsch Exp $"); +RCSID("$OpenBSD: sftp-int.c,v 1.65 2003/11/21 11:57:03 djm Exp $"); #include "buffer.h" #include "xmalloc.h" @@ -50,7 +50,7 @@ extern int num_requests; /* This is set to 0 if the progressmeter is not desired. */ int showprogress = 1; -/* Seperators for interactive commands */ +/* Separators for interactive commands */ #define WHITESPACE " \t\r\n" /* Define what type of ls view (0 - multi-column) */ @@ -350,8 +350,8 @@ get_pathname(const char **cpp, char **path) /* Search for terminating quote, unescape some chars */ for (i = j = 0; i <= strlen(cp); i++) { if (cp[i] == quot) { /* Found quote */ - (*path)[j] = '\0'; i++; + (*path)[j] = '\0'; break; } if (cp[i] == '\0') { /* End of string */ @@ -360,7 +360,7 @@ get_pathname(const char **cpp, char **path) } if (cp[i] == '\\') { /* Escaped characters */ i++; - if (cp[i] != '\'' && cp[i] != '\"' && + if (cp[i] != '\'' && cp[i] != '\"' && cp[i] != '\\') { error("Bad escaped character '\%c'", cp[i]); @@ -388,8 +388,8 @@ get_pathname(const char **cpp, char **path) return (0); fail: - xfree(*path); - *path = NULL; + xfree(*path); + *path = NULL; return (-1); } @@ -529,7 +529,7 @@ process_put(struct sftp_conn *conn, char *src, char *dst, char *pwd, int pflag) for (i = 0; g.gl_pathv[i]; i++) { if (!is_reg(g.gl_pathv[i])) { - error("skipping non-regular file %s", + error("skipping non-regular file %s", g.gl_pathv[i]); continue; } @@ -597,7 +597,7 @@ do_ls_dir(struct sftp_conn *conn, char *path, char *strip_path, int lflag) for (n = 0; d[n] != NULL; n++) m = MAX(m, strlen(d[n]->filename)); - if (ioctl(fileno(stdin), TIOCGWINSZ, &ws) != -1) + if (ioctl(fileno(stdin), TIOCGWINSZ, &ws) != -1) width = ws.ws_col; columns = width / (m + 2); @@ -667,7 +667,7 @@ do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path, strncmp(path, g.gl_pathv[0], strlen(g.gl_pathv[0]) - 1) == 0) { if ((a = do_lstat(conn, path, 1)) == NULL) { globfree(&g); - return (-1); + return (-1); } if ((a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) && S_ISDIR(a->perm)) { @@ -678,10 +678,10 @@ do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path, if (!(lflag & SHORT_VIEW)) { int m = 0, width = 80; - struct winsize ws; + struct winsize ws; /* Count entries for sort and find longest filename */ - for (i = 0; g.gl_pathv[i]; i++) + for (i = 0; g.gl_pathv[i]; i++) m = MAX(m, strlen(g.gl_pathv[i])); if (ioctl(fileno(stdin), TIOCGWINSZ, &ws) != -1) @@ -758,7 +758,7 @@ parse_args(const char **cpp, int *pflag, int *lflag, int *iflag, *iflag = 1; cp++; } - + /* Figure out which command we have */ for (i = 0; cmds[i].c; i++) { int cmdlen = strlen(cmds[i].c); diff --git a/openssh/sftp-server.8 b/openssh/sftp-server.8 index 871f837..42f5d43 100644 --- a/openssh/sftp-server.8 +++ b/openssh/sftp-server.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: sftp-server.8,v 1.9 2003/06/10 09:12:11 jmc Exp $ +.\" $OpenBSD: sftp-server.8,v 1.10 2003/10/08 08:27:36 jmc Exp $ .\" .\" Copyright (c) 2000 Markus Friedl. All rights reserved. .\" @@ -41,11 +41,12 @@ using the .Cm Subsystem option. See -.Xr sshd 8 +.Xr sshd_config 5 for more information. .Sh SEE ALSO .Xr sftp 1 , .Xr ssh 1 , +.Xr sshd_config 5 , .Xr sshd 8 .Rs .%A T. Ylonen diff --git a/openssh/sftp-server.c b/openssh/sftp-server.c index 9166853..d528a1d 100644 --- a/openssh/sftp-server.c +++ b/openssh/sftp-server.c @@ -22,7 +22,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: sftp-server.c,v 1.43 2003/06/25 22:39:36 miod Exp $"); +RCSID("$OpenBSD: sftp-server.c,v 1.44 2003/11/10 16:23:41 jakob Exp $"); #include "buffer.h" #include "bufaux.h" @@ -149,7 +149,7 @@ handle_init(void) } static int -handle_new(int use, char *name, int fd, DIR *dirp) +handle_new(int use, const char *name, int fd, DIR *dirp) { int i; @@ -184,7 +184,7 @@ handle_to_string(int handle, char **stringp, int *hlenp) } static int -handle_from_string(char *handle, u_int hlen) +handle_from_string(const char *handle, u_int hlen) { int val; @@ -298,7 +298,7 @@ send_status(u_int32_t id, u_int32_t error) buffer_free(&msg); } static void -send_data_or_handle(char type, u_int32_t id, char *data, int dlen) +send_data_or_handle(char type, u_int32_t id, const char *data, int dlen) { Buffer msg; @@ -311,7 +311,7 @@ send_data_or_handle(char type, u_int32_t id, char *data, int dlen) } static void -send_data(u_int32_t id, char *data, int dlen) +send_data(u_int32_t id, const char *data, int dlen) { TRACE("sent data id %u len %d", id, dlen); send_data_or_handle(SSH2_FXP_DATA, id, data, dlen); @@ -330,7 +330,7 @@ send_handle(u_int32_t id, int handle) } static void -send_names(u_int32_t id, int count, Stat *stats) +send_names(u_int32_t id, int count, const Stat *stats) { Buffer msg; int i; @@ -350,7 +350,7 @@ send_names(u_int32_t id, int count, Stat *stats) } static void -send_attrib(u_int32_t id, Attrib *a) +send_attrib(u_int32_t id, const Attrib *a) { Buffer msg; @@ -567,7 +567,7 @@ process_fstat(void) } static struct timeval * -attrib_to_tv(Attrib *a) +attrib_to_tv(const Attrib *a) { static struct timeval tv[2]; diff --git a/openssh/sftp.1 b/openssh/sftp.1 index 753a4f2..8563e2b 100644 --- a/openssh/sftp.1 +++ b/openssh/sftp.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: sftp.1,v 1.45 2003/09/02 18:50:06 jmc Exp $ +.\" $OpenBSD: sftp.1,v 1.49 2003/12/16 15:49:51 markus Exp $ .\" .\" Copyright (c) 2001 Damien Miller. All rights reserved. .\" @@ -31,15 +31,15 @@ .Sh SYNOPSIS .Nm sftp .Bk -words -.Op Fl vC1 -.Op Fl b Ar batchfile -.Op Fl o Ar ssh_option -.Op Fl s Ar subsystem | sftp_server +.Op Fl 1Cv .Op Fl B Ar buffer_size +.Op Fl b Ar batchfile .Op Fl F Ar ssh_config -.Op Fl P Ar sftp_server path +.Op Fl o Ar ssh_option +.Op Fl P Ar sftp_server_path .Op Fl R Ar num_requests .Op Fl S Ar program +.Op Fl s Ar subsystem | sftp_server .Ar host .Ek .Nm sftp @@ -84,6 +84,15 @@ and for details). The options are as follows: .Bl -tag -width Ds +.It Fl 1 +Specify the use of protocol version 1. +.It Fl B Ar buffer_size +Specify the size of the buffer that +.Nm +uses when transferring files. +Larger buffers require fewer round trips at the cost of higher +memory consumption. +The default is 32768 bytes. .It Fl b Ar batchfile Batch mode reads a series of commands from an input .Ar batchfile @@ -104,6 +113,16 @@ prefixing the command with a .Sq Ic \- character (for example, .Ic -rm /tmp/blah* ) . +.It Fl C +Enables compression (via ssh's +.Fl C +flag). +.It Fl F Ar ssh_config +Specifies an alternative +per-user configuration file for +.Xr ssh 1 . +This option is directly passed to +.Xr ssh 1 . .It Fl o Ar ssh_option Can be used to pass options to .Nm ssh @@ -115,35 +134,53 @@ for which there is no separate command-line flag. For example, to specify an alternate port use: .Ic sftp -oPort=24 . -.It Fl s Ar subsystem | sftp_server -Specifies the SSH2 subsystem or the path for an sftp server -on the remote host. -A path is useful for using -.Nm -over protocol version 1, or when the remote -.Xr sshd 8 -does not have an sftp subsystem configured. -.It Fl v -Raise logging level. -This option is also passed to ssh. -.It Fl B Ar buffer_size -Specify the size of the buffer that -.Nm -uses when transferring files. -Larger buffers require fewer round trips at the cost of higher -memory consumption. -The default is 32768 bytes. -.It Fl C -Enables compression (via ssh's -.Fl C -flag). -.It Fl F Ar ssh_config -Specifies an alternative -per-user configuration file for -.Xr ssh 1 . -This option is directly passed to -.Xr ssh 1 . -.It Fl P Ar sftp_server path +For full details of the options listed below, and their possible values, see +.Xr ssh_config 5 . +.Pp +.Bl -tag -width Ds -offset indent -compact +.It AddressFamily +.It BatchMode +.It BindAddress +.It ChallengeResponseAuthentication +.It CheckHostIP +.It Cipher +.It Ciphers +.It Compression +.It CompressionLevel +.It ConnectionAttempts +.It ConnectionTimeout +.It GlobalKnownHostsFile +.It GSSAPIAuthentication +.It GSSAPIDelegateCredentials +.It Host +.It HostbasedAuthentication +.It HostKeyAlgorithms +.It HostKeyAlias +.It HostName +.It IdentityFile +.It LogLevel +.It MACs +.It NoHostAuthenticationForLocalhost +.It NumberOfPasswordPrompts +.It PasswordAuthentication +.It Port +.It PreferredAuthentications +.It Protocol +.It ProxyCommand +.It PubkeyAuthentication +.It RhostsRSAAuthentication +.It RSAAuthentication +.It ServerAliveInterval +.It ServerAliveCountMax +.It SmartcardDevice +.It StrictHostKeyChecking +.It TCPKeepAlive +.It UsePrivilegedPort +.It User +.It UserKnownHostsFile +.It VerifyHostKeyDNS +.El +.It Fl P Ar sftp_server_path Connect directly to a local sftp server (rather than via .Xr ssh 1 ) @@ -160,8 +197,17 @@ to use for the encrypted connection. The program must understand .Xr ssh 1 options. -.It Fl 1 -Specify the use of protocol version 1. +.It Fl s Ar subsystem | sftp_server +Specifies the SSH2 subsystem or the path for an sftp server +on the remote host. +A path is useful for using +.Nm +over protocol version 1, or when the remote +.Xr sshd 8 +does not have an sftp subsystem configured. +.It Fl v +Raise logging level. +This option is also passed to ssh. .El .Sh INTERACTIVE COMMANDS Once in interactive mode, @@ -170,16 +216,13 @@ understands a set of commands similar to those of .Xr ftp 1 . Commands are case insensitive and pathnames may be enclosed in quotes if they contain spaces. -.Bl -tag -width Ds +.Bl -tag -width "lmdir path" .It Ic bye Quit .Nm sftp . .It Ic cd Ar path Change remote directory to .Ar path . -.It Ic lcd Ar path -Change local directory to -.Ar path . .It Ic chgrp Ar grp Ar path Change group of file .Ar path @@ -219,6 +262,9 @@ flag is specified, then the file's full permission and access time are copied too. .It Ic help Display help text. +.It Ic lcd Ar path +Change local directory to +.Ar path . .It Ic lls Op Ar ls-options Op Ar path Display local directory listing of either .Ar path @@ -280,12 +326,12 @@ Rename remote file from .Ar oldpath to .Ar newpath . -.It Ic rmdir Ar path -Remove remote directory specified by -.Ar path . .It Ic rm Ar path Delete remote file specified by .Ar path . +.It Ic rmdir Ar path +Remove remote directory specified by +.Ar path . .It Ic symlink Ar oldpath Ar newpath Create a symbolic link from .Ar oldpath @@ -305,6 +351,7 @@ Escape to local shell. Synonym for help. .El .Sh SEE ALSO +.Xr ftp 1 , .Xr scp 1 , .Xr ssh 1 , .Xr ssh-add 1 , diff --git a/openssh/sftp.c b/openssh/sftp.c index c2a6593..fddc687 100644 --- a/openssh/sftp.c +++ b/openssh/sftp.c @@ -24,7 +24,7 @@ #include "includes.h" -RCSID("$OpenBSD: sftp.c,v 1.37 2003/07/10 20:05:55 markus Exp $"); +RCSID("$OpenBSD: sftp.c,v 1.38 2003/10/08 08:27:36 jmc Exp $"); #include "buffer.h" #include "xmalloc.h" @@ -112,10 +112,12 @@ usage(void) extern char *__progname; fprintf(stderr, - "usage: %s [-vC1] [-b batchfile] [-o ssh_option] [-s subsystem | sftp_server]\n" - " [-B buffer_size] [-F ssh_config] [-P sftp_server path]\n" - " [-R num_requests] [-S program]\n" - " [user@]host[:file [file]]\n", __progname); + "usage: %s [-1Cv] [-B buffer_size] [-b batchfile] [-F ssh_config]\n" + " [-o ssh_option] [-P sftp_server_path] [-R num_requests]\n" + " [-S program] [-s subsystem | sftp_server] host\n" + " %s [[user@]host[:file [file]]]\n" + " %s [[user@]host[:dir[/]]]\n" + " %s -b batchfile [user@]host\n", __progname, __progname, __progname, __progname); exit(1); } diff --git a/openssh/ssh-add.1 b/openssh/ssh-add.1 index fe01908..6348197 100644 --- a/openssh/ssh-add.1 +++ b/openssh/ssh-add.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-add.1,v 1.39 2003/06/10 09:12:11 jmc Exp $ +.\" $OpenBSD: ssh-add.1,v 1.40 2003/11/25 23:10:08 matthieu Exp $ .\" .\" -*- nroff -*- .\" @@ -69,8 +69,9 @@ The passphrase is read from the user's tty. .Nm retries the last passphrase if multiple identity files are given. .Pp -The authentication agent must be running and must be an ancestor of -the current process for +The authentication agent must be running and the +.Ev SSH_AUTH_SOCK +environment variable must contain the name of its socket for .Nm to work. .Pp diff --git a/openssh/ssh-add.c b/openssh/ssh-add.c index 2e394e5..e7699c9 100644 --- a/openssh/ssh-add.c +++ b/openssh/ssh-add.c @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-add.c,v 1.68 2003/06/16 10:22:45 markus Exp $"); +RCSID("$OpenBSD: ssh-add.c,v 1.69 2003/11/21 11:57:03 djm Exp $"); #include @@ -169,14 +169,14 @@ add_file(AuthenticationConnection *ac, const char *filename) } } - if (ssh_add_identity_constrained(ac, private, comment, lifetime, - confirm)) { + if (ssh_add_identity_constrained(ac, private, comment, lifetime, + confirm)) { fprintf(stderr, "Identity added: %s (%s)\n", filename, comment); ret = 0; if (lifetime != 0) fprintf(stderr, "Lifetime set to %d seconds\n", lifetime); - if (confirm != 0) + if (confirm != 0) fprintf(stderr, "The user has to confirm each use of the key\n"); } else if (ssh_add_identity(ac, private, comment)) { diff --git a/openssh/ssh-agent.c b/openssh/ssh-agent.c index e1e6cae..e5232fc 100644 --- a/openssh/ssh-agent.c +++ b/openssh/ssh-agent.c @@ -35,7 +35,7 @@ #include "includes.h" #include "openbsd-compat/sys-queue.h" -RCSID("$OpenBSD: ssh-agent.c,v 1.112 2003/09/18 08:49:45 markus Exp $"); +RCSID("$OpenBSD: ssh-agent.c,v 1.117 2003/12/02 17:01:15 markus Exp $"); #include #include @@ -179,7 +179,7 @@ confirm_key(Identity *id) p = read_passphrase(prompt, RP_ALLOW_EOF); if (p != NULL) { /* - * Accept empty responses and responses consisting + * Accept empty responses and responses consisting * of the word "yes" as affirmative. */ if (*p == '\0' || *p == '\n' || strcasecmp(p, "yes") == 0) @@ -949,7 +949,7 @@ after_select(fd_set *readset, fd_set *writeset) } static void -cleanup_socket(void *p) +cleanup_socket(void) { if (socket_name[0]) unlink(socket_name); @@ -957,17 +957,17 @@ cleanup_socket(void *p) rmdir(socket_dir); } -static void +void cleanup_exit(int i) { - cleanup_socket(NULL); - exit(i); + cleanup_socket(); + _exit(i); } static void cleanup_handler(int sig) { - cleanup_socket(NULL); + cleanup_socket(); _exit(2); } @@ -1100,7 +1100,7 @@ main(int ac, char **av) if (agentsocket == NULL) { /* Create private directory for agent socket */ - strlcpy(socket_dir, "/tmp/ssh-XXXXXXXX", sizeof socket_dir); + strlcpy(socket_dir, "/tmp/ssh-XXXXXXXXXX", sizeof socket_dir); if (mkdtemp(socket_dir) == NULL) { perror("mkdtemp: private socket dir"); exit(1); @@ -1138,7 +1138,7 @@ main(int ac, char **av) #ifdef HAVE_CYGWIN umask(prev_mask); #endif - if (listen(sock, 128) < 0) { + if (listen(sock, SSH_LISTEN_BACKLOG) < 0) { perror("listen"); cleanup_exit(1); } @@ -1209,7 +1209,6 @@ main(int ac, char **av) #endif skip: - fatal_add_cleanup(cleanup_socket, NULL); new_socket(AUTH_SOCKET, sock); if (ac > 0) { mysignal(SIGALRM, check_parent_exists); diff --git a/openssh/ssh-dss.c b/openssh/ssh-dss.c index 6cedcc4..381b7de 100644 --- a/openssh/ssh-dss.c +++ b/openssh/ssh-dss.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-dss.c,v 1.18 2003/02/12 09:33:04 markus Exp $"); +RCSID("$OpenBSD: ssh-dss.c,v 1.19 2003/11/10 16:23:41 jakob Exp $"); #include #include @@ -39,8 +39,8 @@ RCSID("$OpenBSD: ssh-dss.c,v 1.18 2003/02/12 09:33:04 markus Exp $"); #define SIGBLOB_LEN (2*INTBLOB_LEN) int -ssh_dss_sign(Key *key, u_char **sigp, u_int *lenp, - u_char *data, u_int datalen) +ssh_dss_sign(const Key *key, u_char **sigp, u_int *lenp, + const u_char *data, u_int datalen) { DSA_SIG *sig; const EVP_MD *evp_md = EVP_sha1(); @@ -101,8 +101,8 @@ ssh_dss_sign(Key *key, u_char **sigp, u_int *lenp, return 0; } int -ssh_dss_verify(Key *key, u_char *signature, u_int signaturelen, - u_char *data, u_int datalen) +ssh_dss_verify(const Key *key, const u_char *signature, u_int signaturelen, + const u_char *data, u_int datalen) { DSA_SIG *sig; const EVP_MD *evp_md = EVP_sha1(); @@ -119,7 +119,8 @@ ssh_dss_verify(Key *key, u_char *signature, u_int signaturelen, /* fetch signature */ if (datafellows & SSH_BUG_SIGBLOB) { - sigblob = signature; + sigblob = xmalloc(signaturelen); + memcpy(sigblob, signature, signaturelen); len = signaturelen; } else { /* ietf-drafts */ @@ -159,10 +160,9 @@ ssh_dss_verify(Key *key, u_char *signature, u_int signaturelen, BN_bin2bn(sigblob, INTBLOB_LEN, sig->r); BN_bin2bn(sigblob+ INTBLOB_LEN, INTBLOB_LEN, sig->s); - if (!(datafellows & SSH_BUG_SIGBLOB)) { - memset(sigblob, 0, len); - xfree(sigblob); - } + /* clean up */ + memset(sigblob, 0, len); + xfree(sigblob); /* sha1 the data */ EVP_DigestInit(&md, evp_md); diff --git a/openssh/ssh-gss.h b/openssh/ssh-gss.h index 6b58adb..2b6fe21 100644 --- a/openssh/ssh-gss.h +++ b/openssh/ssh-gss.h @@ -1,3 +1,4 @@ +/* $OpenBSD: ssh-gss.h,v 1.4 2003/11/17 11:06:07 markus Exp $ */ /* * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. * @@ -49,6 +50,7 @@ #define SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE 63 #define SSH2_MSG_USERAUTH_GSSAPI_ERROR 64 #define SSH2_MSG_USERAUTH_GSSAPI_ERRTOK 65 +#define SSH2_MSG_USERAUTH_GSSAPI_MIC 66 #define SSH_GSS_OIDTYPE 0x06 @@ -107,13 +109,15 @@ void ssh_gssapi_error(Gssctxt *ctx); char *ssh_gssapi_last_error(Gssctxt *ctxt, OM_uint32 *maj, OM_uint32 *min); void ssh_gssapi_build_ctx(Gssctxt **ctx); void ssh_gssapi_delete_ctx(Gssctxt **ctx); +OM_uint32 ssh_gssapi_sign(Gssctxt *, gss_buffer_t, gss_buffer_t); OM_uint32 ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID oid); +void ssh_gssapi_buildmic(Buffer *, const char *, const char *, const char *); /* In the server */ int ssh_gssapi_userok(char *name); - +OM_uint32 ssh_gssapi_checkmic(Gssctxt *, gss_buffer_t, gss_buffer_t); void ssh_gssapi_do_child(char ***envp, u_int *envsizep); -void ssh_gssapi_cleanup_creds(void *ignored); +void ssh_gssapi_cleanup_creds(void); void ssh_gssapi_storecreds(void); #endif /* GSSAPI */ diff --git a/openssh/ssh-keygen.1 b/openssh/ssh-keygen.1 index dc4bcac..6dd6154 100644 --- a/openssh/ssh-keygen.1 +++ b/openssh/ssh-keygen.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keygen.1,v 1.60 2003/07/28 09:49:56 djm Exp $ +.\" $OpenBSD: ssh-keygen.1,v 1.61 2003/12/22 09:16:58 djm Exp $ .\" .\" -*- nroff -*- .\" @@ -89,12 +89,14 @@ .Op Fl g .Nm ssh-keygen .Fl G Ar output_file +.Op Fl v .Op Fl b Ar bits .Op Fl M Ar memory .Op Fl S Ar start_point .Nm ssh-keygen .Fl T Ar output_file .Fl f Ar input_file +.Op Fl v .Op Fl a Ar num_trials .Op Fl W Ar generator .Sh DESCRIPTION @@ -263,6 +265,16 @@ Specify desired generator when testing candidate moduli for DH-GEX. .It Fl U Ar reader Upload an existing RSA private key into the smartcard in .Ar reader . +.It Fl v +Verbose mode. +Causes +.Nm +to print debugging messages about its progress. +This is helpful for debugging moduli generation. +Multiple +.Fl v +options increase the verbosity. +The maximum is 3. .It Fl r Ar hostname Print DNS resource record with the specified .Ar hostname . diff --git a/openssh/ssh-keygen.c b/openssh/ssh-keygen.c index e74d3cd..1156a01 100644 --- a/openssh/ssh-keygen.c +++ b/openssh/ssh-keygen.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-keygen.c,v 1.108 2003/08/14 16:08:58 markus Exp $"); +RCSID("$OpenBSD: ssh-keygen.c,v 1.113 2003/12/22 09:16:58 djm Exp $"); #include #include @@ -32,9 +32,7 @@ RCSID("$OpenBSD: ssh-keygen.c,v 1.108 2003/08/14 16:08:58 markus Exp $"); #ifdef SMARTCARD #include "scard.h" #endif -#ifdef DNS #include "dns.h" -#endif /* Number of bits in the RSA/DSA key. This value can be changed on the command line. */ int bits = 1024; @@ -191,8 +189,8 @@ do_convert_to_ssh2(struct passwd *pw) static void buffer_get_bignum_bits(Buffer *b, BIGNUM *value) { - int bits = buffer_get_int(b); - int bytes = (bits + 7) / 8; + u_int bits = buffer_get_int(b); + u_int bytes = (bits + 7) / 8; if (buffer_len(b) < bytes) fatal("buffer_get_bignum_bits: input buffer too small: " @@ -625,7 +623,6 @@ do_change_passphrase(struct passwd *pw) exit(0); } -#ifdef DNS /* * Print the SSHFP RR. */ @@ -655,7 +652,6 @@ do_print_resource_record(struct passwd *pw, char *hostname) printf("failed to read v2 public key from %s.\n", identity_file); exit(1); } -#endif /* DNS */ /* * Change the comment of a private key file. @@ -774,9 +770,7 @@ usage(void) fprintf(stderr, " -C comment Provide new comment.\n"); fprintf(stderr, " -N phrase Provide new passphrase.\n"); fprintf(stderr, " -P phrase Provide old passphrase.\n"); -#ifdef DNS fprintf(stderr, " -r hostname Print DNS resource record.\n"); -#endif /* DNS */ #ifdef SMARTCARD fprintf(stderr, " -D reader Download public key from smartcard.\n"); fprintf(stderr, " -U reader Upload private key to smartcard.\n"); @@ -803,6 +797,7 @@ main(int ac, char **av) int opt, type, fd, download = 0, memory = 0; int generator_wanted = 0, trials = 100; int do_gen_candidates = 0, do_screen_candidates = 0; + int log_level = SYSLOG_LEVEL_INFO; BIGNUM *start = NULL; FILE *f; @@ -829,7 +824,7 @@ main(int ac, char **av) } while ((opt = getopt(ac, av, - "degiqpclBRxXyb:f:t:U:D:P:N:C:r:g:T:G:M:S:a:W:")) != -1) { + "degiqpclBRvxXyb:f:t:U:D:P:N:C:r:g:T:G:M:S:a:W:")) != -1) { switch (opt) { case 'b': bits = atoi(optarg); @@ -897,6 +892,15 @@ main(int ac, char **av) case 'U': reader_id = optarg; break; + case 'v': + if (log_level == SYSLOG_LEVEL_INFO) + log_level = SYSLOG_LEVEL_DEBUG1; + else { + if (log_level >= SYSLOG_LEVEL_DEBUG1 && + log_level < SYSLOG_LEVEL_DEBUG3) + log_level++; + } + break; case 'r': resource_record_hostname = optarg; break; @@ -908,13 +912,13 @@ main(int ac, char **av) case 'a': trials = atoi(optarg); if (trials < TRIAL_MINIMUM) { - fatal("Minimum primality trials is %d", + fatal("Minimum primality trials is %d", TRIAL_MINIMUM); } break; case 'M': memory = atoi(optarg); - if (memory != 0 && + if (memory != 0 && (memory < LARGE_MINIMUM || memory > LARGE_MAXIMUM)) { fatal("Invalid memory amount (min %ld, max %ld)", LARGE_MINIMUM, LARGE_MAXIMUM); @@ -938,6 +942,10 @@ main(int ac, char **av) usage(); } } + + /* reinit */ + log_init(av[0], log_level, SYSLOG_FACILITY_USER, 1); + if (optind < ac) { printf("Too many arguments.\n"); usage(); @@ -959,11 +967,7 @@ main(int ac, char **av) if (print_public) do_print_public(pw); if (resource_record_hostname != NULL) { -#ifdef DNS do_print_resource_record(pw, resource_record_hostname); -#else /* DNS */ - fatal("no DNS support."); -#endif /* DNS */ } if (reader_id != NULL) { #ifdef SMARTCARD @@ -978,7 +982,7 @@ main(int ac, char **av) if (do_gen_candidates) { FILE *out = fopen(out_file, "w"); - + if (out == NULL) { error("Couldn't open modulus candidate file \"%s\": %s", out_file, strerror(errno)); @@ -997,7 +1001,7 @@ main(int ac, char **av) if (have_identity && strcmp(identity_file, "-") != 0) { if ((in = fopen(identity_file, "r")) == NULL) { fatal("Couldn't open modulus candidate " - "file \"%s\": %s", identity_file, + "file \"%s\": %s", identity_file, strerror(errno)); } } else diff --git a/openssh/ssh-keyscan.c b/openssh/ssh-keyscan.c index 9fa8aae..68b6a0a 100644 --- a/openssh/ssh-keyscan.c +++ b/openssh/ssh-keyscan.c @@ -7,7 +7,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-keyscan.c,v 1.44 2003/06/28 16:23:06 deraadt Exp $"); +RCSID("$OpenBSD: ssh-keyscan.c,v 1.46 2003/11/23 23:17:34 djm Exp $"); #include "openbsd-compat/sys-queue.h" @@ -214,13 +214,11 @@ fdlim_get(int hard) if (getrlimit(RLIMIT_NOFILE, &rlfd) < 0) return (-1); if ((hard ? rlfd.rlim_max : rlfd.rlim_cur) == RLIM_INFINITY) - return 10000; + return SSH_SYSFDMAX; else return hard ? rlfd.rlim_max : rlfd.rlim_cur; -#elif defined (HAVE_SYSCONF) - return sysconf (_SC_OPEN_MAX); #else - return 10000; + return SSH_SYSFDMAX; #endif } @@ -675,7 +673,7 @@ fatal(const char *fmt,...) if (nonfatal_fatal) longjmp(kexjmp, -1); else - fatal_cleanup(); + exit(255); } static void diff --git a/openssh/ssh-keysign.c b/openssh/ssh-keysign.c index c7ca5c4..b3db628 100644 --- a/openssh/ssh-keysign.c +++ b/openssh/ssh-keysign.c @@ -22,7 +22,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: ssh-keysign.c,v 1.13 2003/07/03 08:09:06 djm Exp $"); +RCSID("$OpenBSD: ssh-keysign.c,v 1.14 2003/11/17 09:45:39 djm Exp $"); #include #include @@ -233,7 +233,8 @@ main(int argc, char **argv) /* send reply */ buffer_clear(&b); buffer_put_string(&b, signature, slen); - ssh_msg_send(STDOUT_FILENO, version, &b); + if (ssh_msg_send(STDOUT_FILENO, version, &b) == -1) + fatal("ssh_msg_send failed"); return (0); } diff --git a/openssh/ssh-rand-helper.8 b/openssh/ssh-rand-helper.8 index bcf542e..59c1e0b 100644 --- a/openssh/ssh-rand-helper.8 +++ b/openssh/ssh-rand-helper.8 @@ -34,22 +34,22 @@ .Op Fl b Ar bytes .Sh DESCRIPTION .Nm -is a small helper program used by +is a small helper program used by .Xr ssh 1 , .Xr ssh-add 1 , .Xr ssh-agent 1 , .Xr ssh-keygen 1 , -.Xr ssh-keyscan 1 +.Xr ssh-keyscan 1 and .Xr sshd 8 -to gather random numbers of cryptographic quality if the +to gather random numbers of cryptographic quality if the .Xr openssl 4 library has not been configured to provide them itself. .Pp -Normally +Normally .Nm will generate a strong random seed and provide it to the calling -program via standard output. If standard output is a tty, +program via standard output. If standard output is a tty, .Nm will instead print the seed in hexidecimal format unless told otherwise. .Pp @@ -57,19 +57,19 @@ will instead print the seed in hexidecimal format unless told otherwise. will by default gather random numbers from the system commands listed in .Pa /etc/ssh/ssh_prng_cmds . -The output of each of the commands listed will be hashed and used to -generate a random seed for the calling program. +The output of each of the commands listed will be hashed and used to +generate a random seed for the calling program. .Nm -will also store seed files in +will also store seed files in .Pa ~/.ssh/prng_seed between executions. .Pp -Alternately, +Alternately, .Nm -may be configured at build time to collect random numbers from a +may be configured at build time to collect random numbers from a EGD/PRNGd server via a unix domain or localhost tcp socket. .Pp -This program is not intended to be run by the end-user, so the few +This program is not intended to be run by the end-user, so the few commandline options are for debugging purposes only. .Bl -tag -width Ds .It Fl b Ar bytes diff --git a/openssh/ssh-rand-helper.c b/openssh/ssh-rand-helper.c index 79f78d9..9c9c495 100644 --- a/openssh/ssh-rand-helper.c +++ b/openssh/ssh-rand-helper.c @@ -115,19 +115,19 @@ double stir_gettimeofday(double entropy_estimate); double stir_clock(double entropy_estimate); double stir_rusage(int who, double entropy_estimate); double hash_command_output(entropy_cmd_t *src, unsigned char *hash); -int get_random_bytes_prngd(unsigned char *buf, int len, +int get_random_bytes_prngd(unsigned char *buf, int len, unsigned short tcp_port, char *socket_path); /* * Collect 'len' bytes of entropy into 'buf' from PRNGD/EGD daemon * listening either on 'tcp_port', or via Unix domain socket at * * 'socket_path'. - * Either a non-zero tcp_port or a non-null socket_path must be + * Either a non-zero tcp_port or a non-null socket_path must be * supplied. * Returns 0 on success, -1 on error */ int -get_random_bytes_prngd(unsigned char *buf, int len, +get_random_bytes_prngd(unsigned char *buf, int len, unsigned short tcp_port, char *socket_path) { int fd, addr_len, rval, errors; @@ -289,7 +289,7 @@ hash_command_output(entropy_cmd_t *src, unsigned char *hash) if (devnull == -1) { devnull = open("/dev/null", O_RDWR); if (devnull == -1) - fatal("Couldn't open /dev/null: %s", + fatal("Couldn't open /dev/null: %s", strerror(errno)); } @@ -314,7 +314,7 @@ hash_command_output(entropy_cmd_t *src, unsigned char *hash) execv(src->path, (char**)(src->args)); - debug("(child) Couldn't exec '%s': %s", + debug("(child) Couldn't exec '%s': %s", src->cmdstring, strerror(errno)); _exit(-1); default: /* Parent */ @@ -376,7 +376,7 @@ hash_command_output(entropy_cmd_t *src, unsigned char *hash) case -1: default: /* error */ - debug("Command '%s': select() failed: %s", + debug("Command '%s': select() failed: %s", src->cmdstring, strerror(errno)); error_abort = 1; break; @@ -400,8 +400,8 @@ hash_command_output(entropy_cmd_t *src, unsigned char *hash) if (error_abort) { /* * Closing p[0] on timeout causes the entropy command to - * SIGPIPE. Take whatever output we got, and mark this - * command as slow + * SIGPIPE. Take whatever output we got, and mark this + * command as slow */ debug2("Command '%s' timed out", src->cmdstring); src->sticky_badness *= 2; @@ -479,7 +479,7 @@ stir_from_programs(void) /* Stir it in */ RAND_add(hash, sizeof(hash), entropy); - debug3("Got %0.2f bytes of entropy from '%s'", + debug3("Got %0.2f bytes of entropy from '%s'", entropy, entropy_cmds[c].cmdstring); total_entropy += entropy; @@ -491,7 +491,7 @@ stir_from_programs(void) total_entropy += stir_rusage(RUSAGE_CHILDREN, 0.1); } else { debug2("Command '%s' disabled (badness %d)", - entropy_cmds[c].cmdstring, + entropy_cmds[c].cmdstring, entropy_cmds[c].badness); if (entropy_cmds[c].badness > 0) @@ -511,8 +511,8 @@ prng_check_seedfile(char *filename) struct stat st; /* - * XXX raceable: eg replace seed between this stat and subsequent - * open. Not such a problem because we don't really trust the + * XXX raceable: eg replace seed between this stat and subsequent + * open. Not such a problem because we don't really trust the * seed file anyway. * XXX: use secure path checking as elsewhere in OpenSSH */ @@ -563,7 +563,7 @@ prng_write_seedfile(void) debug("writing PRNG seed to file %.100s", filename); if (RAND_bytes(seed, sizeof(seed)) <= 0) - fatal("PRNG seed extration failed"); + fatal("PRNG seed extraction failed"); /* Don't care if the seed doesn't exist */ prng_check_seedfile(filename); @@ -651,7 +651,7 @@ prng_read_commands(char *cmdfilename) continue; /* done with this line */ /* - * The first non-whitespace char should be a double quote + * The first non-whitespace char should be a double quote * delimiting the commandline */ if (*cp != '"') { @@ -726,7 +726,7 @@ prng_read_commands(char *cmdfilename) /* * If we've filled the array, reallocate it twice the size - * Do this now because even if this we're on the last + * Do this now because even if this we're on the last * command we need another slot to mark the last entry */ if (cur_cmd == num_cmds) { @@ -761,7 +761,7 @@ usage(void) OUTPUT_SEED_SIZE); } -int +int main(int argc, char **argv) { unsigned char *buf; @@ -779,7 +779,7 @@ main(int argc, char **argv) /* Don't write binary data to a tty, unless we are forced to */ if (isatty(STDOUT_FILENO)) output_hex = 1; - + while ((ch = getopt(argc, argv, "vxXhb:")) != -1) { switch (ch) { case 'v': @@ -806,7 +806,7 @@ main(int argc, char **argv) } log_init(argv[0], ll, SYSLOG_FACILITY_USER, 1); - + #ifdef USE_SEED_FILES prng_read_seedfile(); #endif @@ -816,11 +816,11 @@ main(int argc, char **argv) /* * Seed the RNG from wherever we can */ - + /* Take whatever is on the stack, but don't credit it */ RAND_add(buf, bytes, 0); - debug("Seeded RNG with %i bytes from system calls", + debug("Seeded RNG with %i bytes from system calls", (int)stir_from_system()); #ifdef PRNGD_PORT @@ -835,7 +835,7 @@ main(int argc, char **argv) /* Read in collection commands */ if (prng_read_commands(SSH_PRNG_COMMAND_FILE) == -1) fatal("PRNG initialisation failed -- exiting."); - debug("Seeded RNG with %i bytes from programs", + debug("Seeded RNG with %i bytes from programs", (int)stir_from_programs()); #endif @@ -859,9 +859,9 @@ main(int argc, char **argv) printf("\n"); } else ret = atomicio(vwrite, STDOUT_FILENO, buf, bytes); - + memset(buf, '\0', bytes); xfree(buf); - + return ret == bytes ? 0 : 1; } diff --git a/openssh/ssh-rsa.c b/openssh/ssh-rsa.c index 53e5023..6e3be0a 100644 --- a/openssh/ssh-rsa.c +++ b/openssh/ssh-rsa.c @@ -14,7 +14,7 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include "includes.h" -RCSID("$OpenBSD: ssh-rsa.c,v 1.30 2003/06/18 11:28:11 markus Exp $"); +RCSID("$OpenBSD: ssh-rsa.c,v 1.31 2003/11/10 16:23:41 jakob Exp $"); #include #include @@ -31,8 +31,8 @@ static int openssh_RSA_verify(int, u_char *, u_int, u_char *, u_int, RSA *); /* RSASSA-PKCS1-v1_5 (PKCS #1 v2.0 signature) with SHA1 */ int -ssh_rsa_sign(Key *key, u_char **sigp, u_int *lenp, - u_char *data, u_int datalen) +ssh_rsa_sign(const Key *key, u_char **sigp, u_int *lenp, + const u_char *data, u_int datalen) { const EVP_MD *evp_md; EVP_MD_CTX md; @@ -96,8 +96,8 @@ ssh_rsa_sign(Key *key, u_char **sigp, u_int *lenp, } int -ssh_rsa_verify(Key *key, u_char *signature, u_int signaturelen, - u_char *data, u_int datalen) +ssh_rsa_verify(const Key *key, const u_char *signature, u_int signaturelen, + const u_char *data, u_int datalen) { Buffer b; const EVP_MD *evp_md; diff --git a/openssh/ssh.1 b/openssh/ssh.1 index c81cb42..e2cd5d3 100644 --- a/openssh/ssh.1 +++ b/openssh/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.175 2003/07/22 13:35:22 markus Exp $ +.\" $OpenBSD: ssh.1,v 1.181 2003/12/16 15:49:51 markus Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -43,22 +43,14 @@ .Nd OpenSSH SSH client (remote login program) .Sh SYNOPSIS .Nm ssh -.Op Fl l Ar login_name -.Ar hostname | user@hostname -.Op Ar command -.Pp -.Nm ssh -.Bk -words -.Op Fl afgknqstvxACNTVX1246 +.Op Fl 1246AaCfgkNnqsTtVvXxY .Op Fl b Ar bind_address .Op Fl c Ar cipher_spec +.Op Fl D Ar port .Op Fl e Ar escape_char -.Op Fl i Ar identity_file -.Op Fl l Ar login_name -.Op Fl m Ar mac_spec -.Op Fl o Ar option -.Op Fl p Ar port .Op Fl F Ar configfile +.Op Fl i Ar identity_file +.Bk -words .Oo Fl L Xo .Sm off .Ar port : @@ -68,7 +60,12 @@ .Xc .Oc .Ek +.Op Fl l Ar login_name +.Op Fl m Ar mac_spec +.Op Fl o Ar option .Bk -words +.Op Fl p Ar port +.Ek .Oo Fl R Xo .Sm off .Ar port : @@ -77,29 +74,34 @@ .Sm on .Xc .Oc -.Op Fl D Ar port -.Ar hostname | user@hostname +.Oo Ar user Ns @ Oc Ns Ar hostname .Op Ar command -.Ek .Sh DESCRIPTION .Nm (SSH client) is a program for logging into a remote machine and for executing commands on a remote machine. -It is intended to replace -rlogin and rsh, and provide secure encrypted communications between +It is intended to replace rlogin and rsh, +and provide secure encrypted communications between two untrusted hosts over an insecure network. -X11 connections and -arbitrary TCP/IP ports can also be forwarded over the secure channel. +X11 connections and arbitrary TCP/IP ports +can also be forwarded over the secure channel. .Pp .Nm connects and logs into the specified -.Ar hostname . +.Ar hostname +(with optional +.Ar user +name). The user must prove his/her identity to the remote machine using one of several methods -depending on the protocol version used: +depending on the protocol version used. .Pp +If +.Ar command +is specified, +.Ar command +is executed on the remote host instead of a login shell. .Ss SSH protocol version 1 -.Pp First, if the machine the user logs in from is listed in .Pa /etc/hosts.equiv or @@ -107,9 +109,9 @@ or on the remote machine, and the user names are the same on both sides, the user is immediately permitted to log in. Second, if -.Pa \&.rhosts +.Pa .rhosts or -.Pa \&.shosts +.Pa .shosts exists in the user's home directory on the remote machine and contains a line containing the name of the client machine and the name of the user on that machine, the user is @@ -118,9 +120,9 @@ This form of authentication alone is normally not allowed by the server because it is not secure. .Pp The second authentication method is the -.Pa rhosts +.Em rhosts or -.Pa hosts.equiv +.Em hosts.equiv method combined with RSA-based host authentication. It means that if the login would be permitted by .Pa $HOME/.rhosts , @@ -135,7 +137,7 @@ and .Pa $HOME/.ssh/known_hosts in the .Sx FILES -section), only then login is permitted. +section), only then is login permitted. This authentication method closes security holes due to IP spoofing, DNS spoofing and routing spoofing. [Note to the administrator: @@ -154,24 +156,23 @@ RSA is one such system. The idea is that each user creates a public/private key pair for authentication purposes. The server knows the public key, and only the user knows the private key. +.Pp The file .Pa $HOME/.ssh/authorized_keys -lists the public keys that are permitted for logging -in. +lists the public keys that are permitted for logging in. When the user logs in, the .Nm program tells the server which key pair it would like to use for authentication. -The server checks if this key is permitted, and if -so, sends the user (actually the +The server checks if this key is permitted, and if so, +sends the user (actually the .Nm program running on behalf of the user) a challenge, a random number, encrypted by the user's public key. -The challenge can only be -decrypted using the proper private key. -The user's client then decrypts the -challenge using the private key, proving that he/she knows the private -key but without disclosing it to the server. +The challenge can only be decrypted using the proper private key. +The user's client then decrypts the challenge using the private key, +proving that he/she knows the private key +but without disclosing it to the server. .Pp .Nm implements the RSA authentication protocol automatically. @@ -179,7 +180,7 @@ The user creates his/her RSA key pair by running .Xr ssh-keygen 1 . This stores the private key in .Pa $HOME/.ssh/identity -and the public key in +and stores the public key in .Pa $HOME/.ssh/identity.pub in the user's home directory. The user should then copy the @@ -193,8 +194,9 @@ file corresponds to the conventional file, and has one key per line, though the lines can be very long). After this, the user can log in without giving the password. -RSA authentication is much -more secure than rhosts authentication. +RSA authentication is much more secure than +.Em rhosts +authentication. .Pp The most convenient way to use RSA authentication may be with an authentication agent. @@ -208,16 +210,14 @@ prompts the user for a password. The password is sent to the remote host for checking; however, since all communications are encrypted, the password cannot be seen by someone listening on the network. -.Pp .Ss SSH protocol version 2 -.Pp -When a user connects using protocol version 2 +When a user connects using protocol version 2, similar authentication methods are available. Using the default values for .Cm PreferredAuthentications , the client will try to authenticate first using the hostbased method; -if this method fails public key authentication is attempted, -and finally if this method fails keyboard-interactive and +if this method fails, public key authentication is attempted, +and finally if this method fails, keyboard-interactive and password authentication are tried. .Pp The public key method is similar to RSA authentication described @@ -233,8 +233,8 @@ and grants access if both the key is found and the signature is correct. The session identifier is derived from a shared Diffie-Hellman value and is only known to the client and the server. .Pp -If public key authentication fails or is not available a password -can be sent encrypted to the remote host for proving the user's identity. +If public key authentication fails or is not available, a password +can be sent encrypted to the remote host to prove the user's identity. .Pp Additionally, .Nm @@ -245,9 +245,7 @@ Protocol 2 provides additional mechanisms for confidentiality and integrity (hmac-md5, hmac-sha1). Note that protocol 1 lacks a strong mechanism for ensuring the integrity of the connection. -.Pp .Ss Login session and remote execution -.Pp When the user's identity has been accepted by the server, the server either executes the given command, or logs into the machine and gives the user a normal shell on the remote machine. @@ -257,23 +255,20 @@ the remote command or shell will be automatically encrypted. If a pseudo-terminal has been allocated (normal login session), the user may use the escape characters noted below. .Pp -If no pseudo tty has been allocated, the -session is transparent and can be used to reliably transfer binary -data. +If no pseudo-tty has been allocated, +the session is transparent and can be used to reliably transfer binary data. On most systems, setting the escape character to .Dq none will also make the session transparent even if a tty is used. .Pp The session terminates when the command or shell on the remote machine exits and all X11 and TCP/IP connections have been closed. -The exit status of the remote program is returned as the exit status -of +The exit status of the remote program is returned as the exit status of .Nm ssh . -.Pp .Ss Escape Characters -.Pp -When a pseudo terminal has been requested, ssh supports a number of functions -through the use of an escape character. +When a pseudo-terminal has been requested, +.Nm +supports a number of functions through the use of an escape character. .Pp A single tilde character can be sent as .Ic ~~ @@ -291,37 +286,37 @@ The supported escapes (assuming the default are: .Bl -tag -width Ds .It Cm ~. -Disconnect +Disconnect. .It Cm ~^Z -Background ssh +Background +.Nm ssh . .It Cm ~# -List forwarded connections +List forwarded connections. .It Cm ~& -Background ssh at logout when waiting for forwarded connection / X11 sessions -to terminate +Background +.Nm +at logout when waiting for forwarded connection / X11 sessions to terminate. .It Cm ~? -Display a list of escape characters +Display a list of escape characters. .It Cm ~B -Send a BREAK to the remote system (only useful for SSH protocol version 2 -and if the peer supports it) +Send a BREAK to the remote system +(only useful for SSH protocol version 2 and if the peer supports it). .It Cm ~C Open command line (only useful for adding port forwardings using the .Fl L and .Fl R -options) +options). .It Cm ~R -Request rekeying of the connection (only useful for SSH protocol version 2 -and if the peer supports it) +Request rekeying of the connection +(only useful for SSH protocol version 2 and if the peer supports it). .El -.Pp .Ss X11 and TCP forwarding -.Pp If the .Cm ForwardX11 variable is set to .Dq yes -(or, see the description of the +(or see the description of the .Fl X and .Fl x @@ -342,8 +337,7 @@ The .Ev DISPLAY value set by .Nm -will point to the server machine, but with a display number greater -than zero. +will point to the server machine, but with a display number greater than zero. This is normal, and happens because .Nm creates a @@ -364,7 +358,7 @@ If the .Cm ForwardAgent variable is set to .Dq yes -(or, see the description of the +(or see the description of the .Fl A and .Fl a @@ -376,9 +370,7 @@ Forwarding of arbitrary TCP/IP connections over the secure channel can be specified either on the command line or in a configuration file. One possible application of TCP/IP forwarding is a secure connection to an electronic purse; another is going through firewalls. -.Pp .Ss Server authentication -.Pp .Nm automatically maintains and checks a database containing identifications for all hosts it has ever been used with. @@ -389,14 +381,12 @@ Additionally, the file .Pa /etc/ssh/ssh_known_hosts is automatically checked for known hosts. Any new hosts are automatically added to the user's file. -If a host's identification -ever changes, +If a host's identification ever changes, .Nm warns about this and disables password authentication to prevent a trojan horse from getting the user's password. -Another purpose of -this mechanism is to prevent man-in-the-middle attacks which could -otherwise be used to circumvent the encryption. +Another purpose of this mechanism is to prevent man-in-the-middle attacks +which could otherwise be used to circumvent the encryption. The .Cm StrictHostKeyChecking option can be used to prevent logins to machines whose @@ -404,8 +394,22 @@ host key is not known or has changed. .Pp The options are as follows: .Bl -tag -width Ds -.It Fl a -Disables forwarding of the authentication agent connection. +.It Fl 1 +Forces +.Nm +to try protocol version 1 only. +.It Fl 2 +Forces +.Nm +to try protocol version 2 only. +.It Fl 4 +Forces +.Nm +to use IPv4 addresses only. +.It Fl 6 +Forces +.Nm +to use IPv6 addresses only. .It Fl A Enables forwarding of the authentication agent connection. This can also be specified on a per-host basis in a configuration file. @@ -417,10 +421,28 @@ can access the local agent through the forwarded connection. An attacker cannot obtain key material from the agent, however they can perform operations on the keys that enable them to authenticate using the identities loaded into the agent. +.It Fl a +Disables forwarding of the authentication agent connection. .It Fl b Ar bind_address Specify the interface to transmit from on machines with multiple interfaces or aliased addresses. -.It Fl c Ar blowfish|3des|des +.It Fl C +Requests compression of all data (including stdin, stdout, stderr, and +data for forwarded X11 and TCP/IP connections). +The compression algorithm is the same used by +.Xr gzip 1 , +and the +.Dq level +can be controlled by the +.Cm CompressionLevel +option for protocol version 1. +Compression is desirable on modem lines and other +slow connections, but will only slow down things on fast networks. +The default value can be set on a host-by-host basis in the +configuration files; see the +.Cm Compression +option. +.It Fl c Ar blowfish | 3des | des Selects the cipher to use for encrypting the session. .Ar 3des is used by default. @@ -428,7 +450,7 @@ It is believed to be secure. .Ar 3des (triple-des) is an encrypt-decrypt-encrypt triple with three different keys. .Ar blowfish -is a fast block cipher, it appears very secure and is much faster than +is a fast block cipher; it appears very secure and is much faster than .Ar 3des . .Ar des is only supported in the @@ -444,18 +466,41 @@ be specified in order of preference. See .Cm Ciphers for more information. -.It Fl e Ar ch|^ch|none +.It Fl D Ar port +Specifies a local +.Dq dynamic +application-level port forwarding. +This works by allocating a socket to listen to +.Ar port +on the local side, and whenever a connection is made to this port, the +connection is forwarded over the secure channel, and the application +protocol is then used to determine where to connect to from the +remote machine. +Currently the SOCKS4 and SOCKS5 protocols are supported, and +.Nm +will act as a SOCKS server. +Only root can forward privileged ports. +Dynamic port forwardings can also be specified in the configuration file. +.It Fl e Ar ch | ^ch | none Sets the escape character for sessions with a pty (default: .Ql ~ ) . The escape character is only recognized at the beginning of a line. The escape character followed by a dot .Pq Ql \&. -closes the connection, followed -by control-Z suspends the connection, and followed by itself sends the -escape character once. +closes the connection; +followed by control-Z suspends the connection; +and followed by itself sends the escape character once. Setting the character to .Dq none disables any escapes and makes the session fully transparent. +.It Fl F Ar configfile +Specifies an alternative per-user configuration file. +If a configuration file is given on the command line, +the system-wide configuration file +.Pq Pa /etc/ssh/ssh_config +will be ignored. +The default for the per-user configuration file is +.Pa $HOME/.ssh/config . .It Fl f Requests .Nm @@ -471,6 +516,12 @@ something like .Ic ssh -f host xterm . .It Fl g Allows remote hosts to connect to local forwarded ports. +.It Fl I Ar smartcard_device +Specifies which smartcard device to use. +The argument is the device +.Nm +should use to communicate with a smartcard used for storing the user's +private RSA key. .It Fl i Ar identity_file Selects a file from which the identity (private key) for RSA or DSA authentication is read. @@ -487,15 +538,33 @@ It is possible to have multiple .Fl i options (and multiple identities specified in configuration files). -.It Fl I Ar smartcard_device -Specifies which smartcard device to use. -The argument is the device -.Nm -should use to communicate with a smartcard used for storing the user's -private RSA key. .It Fl k -Disables forwarding of Kerberos tickets. -This may also be specified on a per-host basis in the configuration file. +Disables forwarding (delegation) of GSSAPI credentials to the server. +.It Fl L Xo +.Sm off +.Ar port : host : hostport +.Sm on +.Xc +Specifies that the given port on the local (client) host is to be +forwarded to the given host and port on the remote side. +This works by allocating a socket to listen to +.Ar port +on the local side, and whenever a connection is made to this port, the +connection is forwarded over the secure channel, and a connection is +made to +.Ar host +port +.Ar hostport +from the remote machine. +Port forwardings can also be specified in the configuration file. +Only root can forward privileged ports. +IPv6 addresses can be specified with an alternative syntax: +.Sm off +.Xo +.Ar port No / Ar host No / +.Ar hostport . +.Xc +.Sm on .It Fl l Ar login_name Specifies the user to log in as on the remote machine. This also may be specified on a per-host basis in the configuration file. @@ -506,6 +575,10 @@ be specified in order of preference. See the .Cm MACs keyword for more information. +.It Fl N +Do not execute a remote command. +This is useful for just forwarding ports +(protocol version 2 only). .It Fl n Redirects stdin from .Pa /dev/null @@ -526,14 +599,66 @@ program will be put in the background. needs to ask for a password or passphrase; see also the .Fl f option.) -.It Fl N -Do not execute a remote command. -This is useful for just forwarding ports -(protocol version 2 only). .It Fl o Ar option Can be used to give options in the format used in the configuration file. This is useful for specifying options for which there is no separate command-line flag. +For full details of the options listed below, and their possible values, see +.Xr ssh_config 5 . +.Pp +.Bl -tag -width Ds -offset indent -compact +.It AddressFamily +.It BatchMode +.It BindAddress +.It ChallengeResponseAuthentication +.It CheckHostIP +.It Cipher +.It Ciphers +.It ClearAllForwardings +.It Compression +.It CompressionLevel +.It ConnectionAttempts +.It ConnectionTimeout +.It DynamicForward +.It EscapeChar +.It ForwardAgent +.It ForwardX11 +.It ForwardX11Trusted +.It GatewayPorts +.It GlobalKnownHostsFile +.It GSSAPIAuthentication +.It GSSAPIDelegateCredentials +.It Host +.It HostbasedAuthentication +.It HostKeyAlgorithms +.It HostKeyAlias +.It HostName +.It IdentityFile +.It LocalForward +.It LogLevel +.It MACs +.It NoHostAuthenticationForLocalhost +.It NumberOfPasswordPrompts +.It PasswordAuthentication +.It Port +.It PreferredAuthentications +.It Protocol +.It ProxyCommand +.It PubkeyAuthentication +.It RemoteForward +.It RhostsRSAAuthentication +.It RSAAuthentication +.It ServerAliveInterval +.It ServerAliveCountMax +.It SmartcardDevice +.It StrictHostKeyChecking +.It TCPKeepAlive +.It UsePrivilegedPort +.It User +.It UserKnownHostsFile +.It VerifyHostKeyDNS +.It XAuthLocation +.El .It Fl p Ar port Port to connect to on the remote host. This can be specified on a @@ -541,11 +666,40 @@ per-host basis in the configuration file. .It Fl q Quiet mode. Causes all warning and diagnostic messages to be suppressed. +.It Fl R Xo +.Sm off +.Ar port : host : hostport +.Sm on +.Xc +Specifies that the given port on the remote (server) host is to be +forwarded to the given host and port on the local side. +This works by allocating a socket to listen to +.Ar port +on the remote side, and whenever a connection is made to this port, the +connection is forwarded over the secure channel, and a connection is +made to +.Ar host +port +.Ar hostport +from the local machine. +Port forwardings can also be specified in the configuration file. +Privileged ports can be forwarded only when +logging in as root on the remote machine. +IPv6 addresses can be specified with an alternative syntax: +.Sm off +.Xo +.Ar port No / Ar host No / +.Ar hostport . +.Xc +.Sm on .It Fl s May be used to request invocation of a subsystem on the remote system. Subsystems are a feature of the SSH2 protocol which facilitate the use -of SSH as a secure transport for other applications (eg. sftp). +of SSH as a secure transport for other applications (eg.\& +.Xr sftp 1 ) . The subsystem is specified as the remote command. +.It Fl T +Disable pseudo-tty allocation. .It Fl t Force pseudo-tty allocation. This can be used to execute arbitrary @@ -556,8 +710,8 @@ Multiple options force tty allocation, even if .Nm has no local tty. -.It Fl T -Disable pseudo-tty allocation. +.It Fl V +Display the version number and exit. .It Fl v Verbose mode. Causes @@ -569,10 +723,6 @@ Multiple .Fl v options increase the verbosity. The maximum is 3. -.It Fl V -Display the version number and exit. -.It Fl x -Disables X11 forwarding. .It Fl X Enables X11 forwarding. This can also be specified on a per-host basis in a configuration file. @@ -582,94 +732,10 @@ Users with the ability to bypass file permissions on the remote host (for the user's X authorization database) can access the local X11 display through the forwarded connection. An attacker may then be able to perform activities such as keystroke monitoring. -.It Fl C -Requests compression of all data (including stdin, stdout, stderr, and -data for forwarded X11 and TCP/IP connections). -The compression algorithm is the same used by -.Xr gzip 1 , -and the -.Dq level -can be controlled by the -.Cm CompressionLevel -option for protocol version 1. -Compression is desirable on modem lines and other -slow connections, but will only slow down things on fast networks. -The default value can be set on a host-by-host basis in the -configuration files; see the -.Cm Compression -option. -.It Fl F Ar configfile -Specifies an alternative per-user configuration file. -If a configuration file is given on the command line, -the system-wide configuration file -.Pq Pa /etc/ssh/ssh_config -will be ignored. -The default for the per-user configuration file is -.Pa $HOME/.ssh/config . -.It Fl L Ar port:host:hostport -Specifies that the given port on the local (client) host is to be -forwarded to the given host and port on the remote side. -This works by allocating a socket to listen to -.Ar port -on the local side, and whenever a connection is made to this port, the -connection is forwarded over the secure channel, and a connection is -made to -.Ar host -port -.Ar hostport -from the remote machine. -Port forwardings can also be specified in the configuration file. -Only root can forward privileged ports. -IPv6 addresses can be specified with an alternative syntax: -.Ar port/host/hostport -.It Fl R Ar port:host:hostport -Specifies that the given port on the remote (server) host is to be -forwarded to the given host and port on the local side. -This works by allocating a socket to listen to -.Ar port -on the remote side, and whenever a connection is made to this port, the -connection is forwarded over the secure channel, and a connection is -made to -.Ar host -port -.Ar hostport -from the local machine. -Port forwardings can also be specified in the configuration file. -Privileged ports can be forwarded only when -logging in as root on the remote machine. -IPv6 addresses can be specified with an alternative syntax: -.Ar port/host/hostport -.It Fl D Ar port -Specifies a local -.Dq dynamic -application-level port forwarding. -This works by allocating a socket to listen to -.Ar port -on the local side, and whenever a connection is made to this port, the -connection is forwarded over the secure channel, and the application -protocol is then used to determine where to connect to from the -remote machine. -Currently the SOCKS4 and SOCKS5 protocols are supported, and -.Nm -will act as a SOCKS server. -Only root can forward privileged ports. -Dynamic port forwardings can also be specified in the configuration file. -.It Fl 1 -Forces -.Nm -to try protocol version 1 only. -.It Fl 2 -Forces -.Nm -to try protocol version 2 only. -.It Fl 4 -Forces -.Nm -to use IPv4 addresses only. -.It Fl 6 -Forces -.Nm -to use IPv6 addresses only. +.It Fl x +Disables X11 forwarding. +.It Fl Y +Enables trusted X11 forwarding. .El .Sh CONFIGURATION FILES .Nm @@ -680,7 +746,7 @@ The file format and configuration options are described in .Sh ENVIRONMENT .Nm will normally set the following environment variables: -.Bl -tag -width Ds +.Bl -tag -width LOGNAME .It Ev DISPLAY The .Ev DISPLAY @@ -690,7 +756,7 @@ It is automatically set by to point to a value of the form .Dq hostname:n where hostname indicates -the host where the shell runs, and n is an integer >= 1. +the host where the shell runs, and n is an integer \*(Ge 1. .Nm uses this special value to forward X11 connections over the secure channel. @@ -768,7 +834,7 @@ and adds lines of the format .Dq VARNAME=value to the environment if the file exists and if users are allowed to change their environment. -See the +For more information, see the .Cm PermitUserEnvironment option in .Xr sshd_config 5 . @@ -797,7 +863,7 @@ Contains the public key for authentication (public part of the identity file in human-readable form). The contents of the .Pa $HOME/.ssh/identity.pub -file should be added to +file should be added to the file .Pa $HOME/.ssh/authorized_keys on all machines where the user wishes to log in using protocol version 1 RSA authentication. @@ -823,7 +889,8 @@ Lists the public keys (RSA/DSA) that can be used for logging in as this user. The format of this file is described in the .Xr sshd 8 manual page. -In the simplest form the format is the same as the .pub +In the simplest form the format is the same as the +.Pa .pub identity files. This file is not highly sensitive, but the recommended permissions are read/write for the user, and not accessible by others. @@ -839,7 +906,7 @@ by spaces): system name, public key and optional comment field. When different names are used for the same machine, all such names should be listed, separated by commas. -The format is described on the +The format is described in the .Xr sshd 8 manual page. .Pp @@ -879,7 +946,7 @@ By default is not setuid root. .It Pa $HOME/.rhosts This file is used in -.Pa \&.rhosts +.Em rhosts authentication to list the host/user pairs that are permitted to log in. (Note that this file is @@ -901,7 +968,9 @@ accessible by others. Note that by default .Xr sshd 8 will be installed so that it requires successful RSA host -authentication before permitting \s+2.\s0rhosts authentication. +authentication before permitting +.Em rhosts +authentication. If the server machine does not have the client's host key in .Pa /etc/ssh/ssh_known_hosts , it can be stored in @@ -912,21 +981,20 @@ will automatically add the host key to .Pa $HOME/.ssh/known_hosts . .It Pa $HOME/.shosts This file is used exactly the same way as -.Pa \&.rhosts . +.Pa .rhosts . The purpose for having this file is to be able to use rhosts authentication with .Nm without permitting login with -.Nm rlogin +.Xr rlogin or .Xr rsh 1 . .It Pa /etc/hosts.equiv This file is used during -.Pa \&.rhosts +.Em rhosts authentication. It contains -canonical hosts names, one per line (the full format is described on -the +canonical hosts names, one per line (the full format is described in the .Xr sshd 8 manual page). If the client host is found in this file, login is @@ -966,6 +1034,7 @@ above. exits with the exit status of the remote command or with 255 if an error occurred. .Sh SEE ALSO +.Xr gzip 1 , .Xr rsh 1 , .Xr scp 1 , .Xr sftp 1 , @@ -973,6 +1042,7 @@ if an error occurred. .Xr ssh-agent 1 , .Xr ssh-keygen 1 , .Xr telnet 1 , +.Xr hosts.equiv 5 , .Xr ssh_config 5 , .Xr ssh-keysign 8 , .Xr sshd 8 diff --git a/openssh/ssh.c b/openssh/ssh.c index 35418f6..da390c1 100644 --- a/openssh/ssh.c +++ b/openssh/ssh.c @@ -13,7 +13,7 @@ * called by a name other than "ssh" or "Secure Shell". * * Copyright (c) 1999 Niels Provos. All rights reserved. - * Copyright (c) 2000, 2001, 2002 Markus Friedl. All rights reserved. + * Copyright (c) 2000, 2001, 2002, 2003 Markus Friedl. All rights reserved. * * Modified to work with SSL by Niels Provos * in Canada (German citizen). @@ -40,7 +40,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh.c,v 1.201 2003/09/01 18:15:50 markus Exp $"); +RCSID("$OpenBSD: ssh.c,v 1.206 2003/12/16 15:49:51 markus Exp $"); #include #include @@ -155,6 +155,7 @@ usage(void) fprintf(stderr, " -A Enable authentication agent forwarding.\n"); fprintf(stderr, " -a Disable authentication agent forwarding (default).\n"); fprintf(stderr, " -X Enable X11 connection forwarding.\n"); + fprintf(stderr, " -Y Enable trusted X11 connection forwarding.\n"); fprintf(stderr, " -x Disable X11 connection forwarding (default).\n"); fprintf(stderr, " -i file Identity for public key authentication " "(default: ~/.ssh/identity)\n"); @@ -204,7 +205,7 @@ main(int ac, char **av) int i, opt, exit_status; u_short fwd_port, fwd_host_port; char sfwd_port[6], sfwd_host_port[6]; - char *p, *cp, buf[256]; + char *p, *cp, *line, buf[256]; struct stat st; struct passwd *pw; int dummy; @@ -220,7 +221,7 @@ main(int ac, char **av) */ original_real_uid = getuid(); original_effective_uid = geteuid(); - + /* * Use uid-swapping to give up root privileges for the duration of * option processing. We will re-instantiate the rights when we are @@ -264,7 +265,7 @@ main(int ac, char **av) again: while ((opt = getopt(ac, av, - "1246ab:c:e:fgi:kl:m:no:p:qstvxACD:F:I:L:NPR:TVX")) != -1) { + "1246ab:c:e:fgi:kl:m:no:p:qstvxACD:F:I:L:NPR:TVXY")) != -1) { switch (opt) { case '1': options.protocol = SSH_PROTO_1; @@ -291,6 +292,10 @@ again: case 'X': options.forward_x11 = 1; break; + case 'Y': + options.forward_x11 = 1; + options.forward_x11_trusted = 1; + break; case 'g': options.gateway_ports = 1; break; @@ -304,7 +309,7 @@ again: options.forward_agent = 1; break; case 'k': - /* ignored for backward compatibility */ + options.gss_deleg_creds = 0; break; case 'i': if (stat(optarg, &st) < 0) { @@ -459,9 +464,11 @@ again: break; case 'o': dummy = 1; + line = xstrdup(optarg); if (process_config_line(&options, host ? host : "", - optarg, "command-line", 0, &dummy) != 0) + line, "command-line", 0, &dummy) != 0) exit(1); + xfree(line); break; case 's': subsystem_flag = 1; @@ -712,7 +719,7 @@ again: packet_close(); /* - * Send SIGHUP to proxy command if used. We don't wait() in + * Send SIGHUP to proxy command if used. We don't wait() in * case it hangs and instead rely on init to reap the child */ if (proxy_command_pid > 1) @@ -721,19 +728,25 @@ again: return exit_status; } +#define SSH_X11_PROTO "MIT-MAGIC-COOKIE-1" + static void x11_get_proto(char **_proto, char **_data) { + char cmd[1024]; char line[512]; + char xdisplay[512]; static char proto[512], data[512]; FILE *f; - int got_data = 0, i; - char *display; + int got_data = 0, generated = 0, do_unlink = 0, i; + char *display, *xauthdir, *xauthfile; struct stat st; + xauthdir = xauthfile = NULL; *_proto = proto; *_data = data; proto[0] = data[0] = '\0'; + if (!options.xauth_location || (stat(options.xauth_location, &st) == -1)) { debug("No xauth program."); @@ -742,28 +755,59 @@ x11_get_proto(char **_proto, char **_data) debug("x11_get_proto: DISPLAY not set"); return; } - /* Try to get Xauthority information for the display. */ - if (strncmp(display, "localhost:", 10) == 0) - /* - * Handle FamilyLocal case where $DISPLAY does - * not match an authorization entry. For this we - * just try "xauth list unix:displaynum.screennum". - * XXX: "localhost" match to determine FamilyLocal - * is not perfect. - */ - snprintf(line, sizeof line, "%s list unix:%s 2>" - _PATH_DEVNULL, options.xauth_location, display+10); - else - snprintf(line, sizeof line, "%s list %.200s 2>" - _PATH_DEVNULL, options.xauth_location, display); - debug2("x11_get_proto: %s", line); - f = popen(line, "r"); + /* + * Handle FamilyLocal case where $DISPLAY does + * not match an authorization entry. For this we + * just try "xauth list unix:displaynum.screennum". + * XXX: "localhost" match to determine FamilyLocal + * is not perfect. + */ + if (strncmp(display, "localhost:", 10) == 0) { + snprintf(xdisplay, sizeof(xdisplay), "unix:%s", + display + 10); + display = xdisplay; + } + if (options.forward_x11_trusted == 0) { + xauthdir = xmalloc(MAXPATHLEN); + xauthfile = xmalloc(MAXPATHLEN); + strlcpy(xauthdir, "/tmp/ssh-XXXXXXXXXX", MAXPATHLEN); + if (mkdtemp(xauthdir) != NULL) { + do_unlink = 1; + snprintf(xauthfile, MAXPATHLEN, "%s/xauthfile", + xauthdir); + snprintf(cmd, sizeof(cmd), + "%s -f %s generate %s " SSH_X11_PROTO + " untrusted timeout 120 2>" _PATH_DEVNULL, + options.xauth_location, xauthfile, display); + debug2("x11_get_proto: %s", cmd); + if (system(cmd) == 0) + generated = 1; + } + } + snprintf(cmd, sizeof(cmd), + "%s %s%s list %s . 2>" _PATH_DEVNULL, + options.xauth_location, + generated ? "-f " : "" , + generated ? xauthfile : "", + display); + debug2("x11_get_proto: %s", cmd); + f = popen(cmd, "r"); if (f && fgets(line, sizeof(line), f) && sscanf(line, "%*s %511s %511s", proto, data) == 2) got_data = 1; if (f) pclose(f); } + + if (do_unlink) { + unlink(xauthfile); + rmdir(xauthdir); + } + if (xauthdir) + xfree(xauthdir); + if (xauthfile) + xfree(xauthfile); + /* * If we didn't get authentication data, just make up some * data. The forwarding code will check the validity of the @@ -775,12 +819,14 @@ x11_get_proto(char **_proto, char **_data) if (!got_data) { u_int32_t rand = 0; - logit("Warning: No xauth data; using fake authentication data for X11 forwarding."); - strlcpy(proto, "MIT-MAGIC-COOKIE-1", sizeof proto); + logit("Warning: No xauth data; " + "using fake authentication data for X11 forwarding."); + strlcpy(proto, SSH_X11_PROTO, sizeof proto); for (i = 0; i < 16; i++) { if (i % 4 == 0) rand = arc4random(); - snprintf(data + 2 * i, sizeof data - 2 * i, "%02x", rand & 0xff); + snprintf(data + 2 * i, sizeof data - 2 * i, "%02x", + rand & 0xff); rand >>= 8; } } @@ -983,16 +1029,13 @@ client_subsystem_reply(int type, u_int32_t seq, void *ctxt) } void -client_global_request_reply(int type, u_int32_t seq, void *ctxt) +client_global_request_reply_fwd(int type, u_int32_t seq, void *ctxt) { int i; i = client_global_request_id++; - if (i >= options.num_remote_forwards) { - debug("client_global_request_reply: too many replies %d > %d", - i, options.num_remote_forwards); + if (i >= options.num_remote_forwards) return; - } debug("remote forward %s for: listen %d, connect %s:%d", type == SSH2_MSG_REQUEST_SUCCESS ? "success" : "failure", options.remote_forwards[i].port, diff --git a/openssh/ssh.h b/openssh/ssh.h index e88b9b8..a3b2ebb 100644 --- a/openssh/ssh.h +++ b/openssh/ssh.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.h,v 1.74 2003/09/01 13:52:18 markus Exp $ */ +/* $OpenBSD: ssh.h,v 1.75 2003/12/02 17:01:15 markus Exp $ */ /* * Author: Tatu Ylonen @@ -103,4 +103,7 @@ /* Minimum modulus size (n) for RSA keys. */ #define SSH_RSA_MINIMUM_MODULUS_SIZE 768 +/* Listen backlog for sshd, ssh-agent and forwarding sockets */ +#define SSH_LISTEN_BACKLOG 128 + #endif /* SSH_H */ diff --git a/openssh/ssh_config.5 b/openssh/ssh_config.5 index 7a435a9..210da05 100644 --- a/openssh/ssh_config.5 +++ b/openssh/ssh_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.20 2003/09/02 18:50:06 jmc Exp $ +.\" $OpenBSD: ssh_config.5,v 1.28 2003/12/16 15:49:51 markus Exp $ .Dd September 25, 1999 .Dt SSH_CONFIG 5 .Os @@ -186,7 +186,6 @@ Specifies the ciphers allowed for protocol version 2 in order of preference. Multiple ciphers must be comma-separated. The default is -.Pp .Bd -literal ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour, aes192-cbc,aes256-cbc'' @@ -260,6 +259,7 @@ or .Dq no . The default is .Dq no . +This option should be placed in the non-hostspecific section. See .Xr ssh-keysign 8 for more information. @@ -306,9 +306,27 @@ The default is .Pp X11 forwarding should be enabled with caution. Users with the ability to bypass file permissions on the remote host -(for the user's X authorization database) +(for the user's X11 authorization database) can access the local X11 display through the forwarded connection. -An attacker may then be able to perform activities such as keystroke monitoring. +An attacker may then be able to perform activities such as keystroke monitoring +if the +.Cm ForwardX11Trusted +option is also enabled. +.It Cm ForwardX11Trusted +If the this option is set to +.Dq yes +then remote X11 clients will have full access to the original X11 display. +If this option is set to +.Dq no +then remote X11 clients will be considered untrusted and prevented +from stealing or tampering with data belonging to trusted X11 +clients. +.Pp +The default is +.Dq no . +.Pp +See the X11 SECURITY extension specification for full details on +the restrictions imposed on untrusted clients. .It Cm GatewayPorts Specifies whether remote hosts are allowed to connect to local forwarded ports. @@ -332,11 +350,9 @@ Specifies a file to use for the global host key database instead of .Pa /etc/ssh/ssh_known_hosts . .It Cm GSSAPIAuthentication -Specifies whether authentication based on GSSAPI may be used, either using -the result of a successful key exchange, or using GSSAPI user -authentication. +Specifies whether user authentication based on GSSAPI is allowed. The default is -.Dq yes . +.Dq no . Note that this option applies to protocol version 2 only. .It Cm GSSAPIDelegateCredentials Forward (delegate) credentials to the server. @@ -390,23 +406,6 @@ syntax to refer to a user's home directory. It is possible to have multiple identity files specified in configuration files; all these identities will be tried in sequence. -.It Cm KeepAlive -Specifies whether the system should send TCP keepalive messages to the -other side. -If they are sent, death of the connection or crash of one -of the machines will be properly noticed. -However, this means that -connections will die if the route is down temporarily, and some people -find it annoying. -.Pp -The default is -.Dq yes -(to send keepalives), and the client will notice -if the network goes down or the remote host dies. -This is important in scripts, and many users want it too. -.Pp -To disable keepalives, the value should be set to -.Dq no . .It Cm LocalForward Specifies that a TCP/IP port on the local machine be forwarded over the secure channel to the specified host and port from the remote machine. @@ -553,6 +552,42 @@ running. The default is .Dq yes . Note that this option applies to protocol version 1 only. +.It Cm ServerAliveInterval +Sets a timeout interval in seconds after which if no data has been received +from the server, +.Nm ssh +will send a message through the encrypted +channel to request a response from the server. +The default +is 0, indicating that these messages will not be sent to the server. +This option applies to protocol version 2 only. +.It Cm ServerAliveCountMax +Sets the number of server alive messages (see above) which may be +sent without +.Nm ssh +receiving any messages back from the server. +If this threshold is reached while server alive messages are being sent, +.Nm ssh +will disconnect from the server, terminating the session. +It is important to note that the use of server alive messages is very +different from +.Cm TCPKeepAlive +(below). +The server alive messages are sent through the encrypted channel +and therefore will not be spoofable. +The TCP keepalive option enabled by +.Cm TCPKeepAlive +is spoofable. +The server alive mechanism is valuable when the client or +server depend on knowing when a connection has become inactive. +.Pp +The default value is 3. +If, for example, +.Cm ServerAliveInterval +(above) is set to 15, and +.Cm ServerAliveCountMax +is left at the default, if the server becomes unresponsive ssh +will disconnect after approximately 45 seconds. .It Cm SmartcardDevice Specifies which smartcard device to use. The argument to this keyword is the device @@ -595,6 +630,23 @@ or .Dq ask . The default is .Dq ask . +.It Cm TCPKeepAlive +Specifies whether the system should send TCP keepalive messages to the +other side. +If they are sent, death of the connection or crash of one +of the machines will be properly noticed. +However, this means that +connections will die if the route is down temporarily, and some people +find it annoying. +.Pp +The default is +.Dq yes +(to send TCP keepalive messages), and the client will notice +if the network goes down or the remote host dies. +This is important in scripts, and many users want it too. +.Pp +To disable TCP keepalive messages, the value should be set to +.Dq no . .It Cm UsePrivilegedPort Specifies whether to use a privileged port for outgoing connections. The argument must be @@ -624,6 +676,23 @@ host key database instead of .It Cm VerifyHostKeyDNS Specifies whether to verify the remote key using DNS and SSHFP resource records. +If this option is set to +.Dq yes , +the client will implicitly trust keys that match a secure fingerprint +from DNS. +Insecure fingerprints will be handled as if this option was set to +.Dq ask . +If this option is set to +.Dq ask , +information on fingerprint match will be displayed, but the user will still +need to confirm new host keys according to the +.Cm StrictHostKeyChecking +option. +The argument must be +.Dq yes , +.Dq no +or +.Dq ask . The default is .Dq no . Note that this option applies to protocol version 2 only. diff --git a/openssh/ssh_prng_cmds.in b/openssh/ssh_prng_cmds.in index 6c8d793..46eba9e 100644 --- a/openssh/ssh_prng_cmds.in +++ b/openssh/ssh_prng_cmds.in @@ -2,7 +2,7 @@ # Format is: "program-name args" path rate -# The "rate" represents the number of bits of usuable entropy per +# The "rate" represents the number of bits of usuable entropy per # byte of command output. Be conservative. # # $Id$ diff --git a/openssh/sshconnect.c b/openssh/sshconnect.c index f29ac80..80b45c7 100644 --- a/openssh/sshconnect.c +++ b/openssh/sshconnect.c @@ -13,7 +13,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect.c,v 1.148 2003/09/18 07:52:54 markus Exp $"); +RCSID("$OpenBSD: sshconnect.c,v 1.155 2003/12/09 21:53:37 markus Exp $"); #include @@ -33,16 +33,12 @@ RCSID("$OpenBSD: sshconnect.c,v 1.148 2003/09/18 07:52:54 markus Exp $"); #include "misc.h" #include "readpass.h" -#ifdef DNS #include "dns.h" -#endif char *client_version_string = NULL; char *server_version_string = NULL; -#ifdef DNS -int verified_host_key_dns = 0; -#endif +int matching_host_key_dns = 0; /* import */ extern Options options; @@ -56,6 +52,7 @@ extern pid_t proxy_command_pid; #endif static int show_other_keys(const char *, Key *); +static void warn_changed_key(Key *); /* * Connect to the given ssh server using a proxy command. @@ -77,7 +74,7 @@ ssh_proxy_connect(const char *host, u_short port, const char *proxy_command) * Build the final command string in the buffer by making the * appropriate substitutions to the given proxy command. * - * Use "exec" to avoid "sh -c" processes on some platforms + * Use "exec" to avoid "sh -c" processes on some platforms * (e.g. Solaris) */ buffer_init(&command); @@ -264,15 +261,15 @@ timeout_connect(int sockfd, const struct sockaddr *serv_addr, break; case -1: /* Select error */ - debug("select: %s", strerror(errno)); + debug("select: %s", strerror(errno)); break; case 1: /* Completed or failed */ optval = 0; optlen = sizeof(optval); - if (getsockopt(sockfd, SOL_SOCKET, SO_ERROR, &optval, + if (getsockopt(sockfd, SOL_SOCKET, SO_ERROR, &optval, &optlen) == -1) { - debug("getsockopt: %s", strerror(errno)); + debug("getsockopt: %s", strerror(errno)); break; } if (optval != 0) { @@ -418,8 +415,8 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr, debug("Connection established."); - /* Set keepalives if requested. */ - if (options.keepalives && + /* Set SO_KEEPALIVE if requested. */ + if (options.tcp_keep_alive && setsockopt(sock, SOL_SOCKET, SO_KEEPALIVE, (void *)&on, sizeof(on)) < 0) error("setsockopt SO_KEEPALIVE: %.100s", strerror(errno)); @@ -566,7 +563,7 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, int readonly, const char *user_hostfile, const char *system_hostfile) { Key *file_key; - char *type = key_type(host_key); + const char *type = key_type(host_key); char *ip = NULL; char hostline[1000], *hostp, *fp; HostStatus host_status; @@ -730,9 +727,8 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, /* The default */ fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX); msg2[0] = '\0'; -#ifdef DNS if (options.verify_host_key_dns) { - if (verified_host_key_dns) + if (matching_host_key_dns) snprintf(msg2, sizeof(msg2), "Matching host key fingerprint" " found in DNS.\n"); @@ -741,7 +737,6 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, "No matching host key fingerprint" " found in DNS.\n"); } -#endif snprintf(msg, sizeof(msg), "The authenticity of host '%.200s (%s)' can't be " "established%s\n" @@ -791,20 +786,10 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, error("Offending key for IP in %s:%d", ip_file, ip_line); } /* The host key has changed. */ - fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX); - error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); - error("@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @"); - error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); - error("IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!"); - error("Someone could be eavesdropping on you right now (man-in-the-middle attack)!"); - error("It is also possible that the %s host key has just been changed.", type); - error("The fingerprint for the %s key sent by the remote host is\n%s.", - type, fp); - error("Please contact your system administrator."); + warn_changed_key(host_key); error("Add correct host key in %.100s to get rid of this message.", user_hostfile); error("Offending key in %s:%d", host_file, host_line); - xfree(fp); /* * If strict host key checking is in use, the user will have @@ -907,27 +892,27 @@ int verify_host_key(char *host, struct sockaddr *hostaddr, Key *host_key) { struct stat st; + int flags = 0; -#ifdef DNS - if (options.verify_host_key_dns) { - switch(verify_host_key_dns(host, hostaddr, host_key)) { - case DNS_VERIFY_OK: -#ifdef DNSSEC - return 0; -#else - verified_host_key_dns = 1; - break; -#endif - case DNS_VERIFY_FAILED: - return -1; - case DNS_VERIFY_ERROR: - break; - default: - debug3("bad return value from verify_host_key_dns"); - break; + if (options.verify_host_key_dns && + verify_host_key_dns(host, hostaddr, host_key, &flags) == 0) { + + if (flags & DNS_VERIFY_FOUND) { + + if (options.verify_host_key_dns == 1 && + flags & DNS_VERIFY_MATCH && + flags & DNS_VERIFY_SECURE) + return 0; + + if (flags & DNS_VERIFY_MATCH) { + matching_host_key_dns = 1; + } else { + warn_changed_key(host_key); + error("Update the SSHFP RR in DNS with the new " + "host key to get rid of this message."); + } } } -#endif /* DNS */ /* return ok if the key can be found in an old keyfile */ if (stat(options.system_hostfile2, &st) == 0 || @@ -1053,3 +1038,24 @@ show_other_keys(const char *host, Key *key) } return (found); } + +static void +warn_changed_key(Key *host_key) +{ + char *fp; + const char *type = key_type(host_key); + + fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX); + + error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); + error("@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @"); + error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); + error("IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!"); + error("Someone could be eavesdropping on you right now (man-in-the-middle attack)!"); + error("It is also possible that the %s host key has just been changed.", type); + error("The fingerprint for the %s key sent by the remote host is\n%s.", + type, fp); + error("Please contact your system administrator."); + + xfree(fp); +} diff --git a/openssh/sshconnect2.c b/openssh/sshconnect2.c index 933c223..281fecd 100644 --- a/openssh/sshconnect2.c +++ b/openssh/sshconnect2.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect2.c,v 1.124 2003/08/25 10:33:33 djm Exp $"); +RCSID("$OpenBSD: sshconnect2.c,v 1.133 2003/11/21 11:57:03 djm Exp $"); #include "openbsd-compat/sys-queue.h" @@ -222,7 +222,7 @@ static char *authmethods_get(void); Authmethod authmethods[] = { #ifdef GSSAPI - {"gssapi", + {"gssapi-with-mic", userauth_gssapi, &options.gss_authentication, NULL}, @@ -358,10 +358,12 @@ void input_userauth_banner(int type, u_int32_t seq, void *ctxt) { char *msg, *lang; + debug3("input_userauth_banner"); msg = packet_get_string(NULL); lang = packet_get_string(NULL); - logit("%s", msg); + if (options.log_level > SYSLOG_LEVEL_QUIET) + fprintf(stderr, "%s", msg); xfree(msg); xfree(lang); } @@ -372,10 +374,14 @@ input_userauth_success(int type, u_int32_t seq, void *ctxt) Authctxt *authctxt = ctxt; if (authctxt == NULL) fatal("input_userauth_success: no authentication context"); - if (authctxt->authlist) + if (authctxt->authlist) { xfree(authctxt->authlist); - if (authctxt->methoddata) + authctxt->authlist = NULL; + } + if (authctxt->methoddata) { xfree(authctxt->methoddata); + authctxt->methoddata = NULL; + } authctxt->success = 1; /* break out */ } @@ -447,7 +453,12 @@ input_userauth_pk_ok(int type, u_int32_t seq, void *ctxt) debug2("input_userauth_pk_ok: fp %s", fp); xfree(fp); - TAILQ_FOREACH(id, &authctxt->keys, next) { + /* + * search keys in the reverse order, because last candidate has been + * moved to the end of the queue. this also avoids confusion by + * duplicate keys + */ + TAILQ_FOREACH_REVERSE(id, &authctxt->keys, next, idlist) { if (key_equal(key, id->key)) { sent = sign_and_send_pubkey(authctxt, id); break; @@ -465,11 +476,11 @@ done: } #ifdef GSSAPI -int +int userauth_gssapi(Authctxt *authctxt) { Gssctxt *gssctxt = NULL; - static gss_OID_set supported = NULL; + static gss_OID_set gss_supported = NULL; static int mech = 0; OM_uint32 min; int ok = 0; @@ -477,18 +488,18 @@ userauth_gssapi(Authctxt *authctxt) /* Try one GSSAPI method at a time, rather than sending them all at * once. */ - if (supported == NULL) - gss_indicate_mechs(&min, &supported); + if (gss_supported == NULL) + gss_indicate_mechs(&min, &gss_supported); /* Check to see if the mechanism is usable before we offer it */ - while (mechcount && !ok) { + while (mech < gss_supported->count && !ok) { if (gssctxt) ssh_gssapi_delete_ctx(&gssctxt); ssh_gssapi_build_ctx(&gssctxt); - ssh_gssapi_set_oid(gssctxt, &supported->elements[mech]); + ssh_gssapi_set_oid(gssctxt, &gss_supported->elements[mech]); /* My DER encoding requires length<128 */ - if (supported->elements[mech].length < 128 && + if (gss_supported->elements[mech].length < 128 && !GSS_ERROR(ssh_gssapi_import_name(gssctxt, authctxt->host))) { ok = 1; /* Mechanism works */ @@ -508,17 +519,11 @@ userauth_gssapi(Authctxt *authctxt) packet_put_int(1); - /* Some servers encode the OID incorrectly (as we used to) */ - if (datafellows & SSH_BUG_GSSAPI_BER) { - packet_put_string(supported->elements[mech].elements, - supported->elements[mech].length); - } else { - packet_put_int((supported->elements[mech].length)+2); - packet_put_char(SSH_GSS_OIDTYPE); - packet_put_char(supported->elements[mech].length); - packet_put_raw(supported->elements[mech].elements, - supported->elements[mech].length); - } + packet_put_int((gss_supported->elements[mech].length) + 2); + packet_put_char(SSH_GSS_OIDTYPE); + packet_put_char(gss_supported->elements[mech].length); + packet_put_raw(gss_supported->elements[mech].elements, + gss_supported->elements[mech].length); packet_send(); @@ -532,15 +537,66 @@ userauth_gssapi(Authctxt *authctxt) return 1; } +static OM_uint32 +process_gssapi_token(void *ctxt, gss_buffer_t recv_tok) +{ + Authctxt *authctxt = ctxt; + Gssctxt *gssctxt = authctxt->methoddata; + gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER; + gss_buffer_desc gssbuf, mic; + OM_uint32 status, ms, flags; + Buffer b; + + status = ssh_gssapi_init_ctx(gssctxt, options.gss_deleg_creds, + recv_tok, &send_tok, &flags); + + if (send_tok.length > 0) { + if (GSS_ERROR(status)) + packet_start(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK); + else + packet_start(SSH2_MSG_USERAUTH_GSSAPI_TOKEN); + + packet_put_string(send_tok.value, send_tok.length); + packet_send(); + gss_release_buffer(&ms, &send_tok); + } + + if (status == GSS_S_COMPLETE) { + /* send either complete or MIC, depending on mechanism */ + if (!(flags & GSS_C_INTEG_FLAG)) { + packet_start(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE); + packet_send(); + } else { + ssh_gssapi_buildmic(&b, authctxt->server_user, + authctxt->service, "gssapi-with-mic"); + + gssbuf.value = buffer_ptr(&b); + gssbuf.length = buffer_len(&b); + + status = ssh_gssapi_sign(gssctxt, &gssbuf, &mic); + + if (!GSS_ERROR(status)) { + packet_start(SSH2_MSG_USERAUTH_GSSAPI_MIC); + packet_put_string(mic.value, mic.length); + + packet_send(); + } + + buffer_free(&b); + gss_release_buffer(&ms, &mic); + } + } + + return status; +} + void input_gssapi_response(int type, u_int32_t plen, void *ctxt) { Authctxt *authctxt = ctxt; Gssctxt *gssctxt; - OM_uint32 status, ms; int oidlen; char *oidv; - gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER; if (authctxt == NULL) fatal("input_gssapi_response: no authentication context"); @@ -549,94 +605,55 @@ input_gssapi_response(int type, u_int32_t plen, void *ctxt) /* Setup our OID */ oidv = packet_get_string(&oidlen); - if (datafellows & SSH_BUG_GSSAPI_BER) { - if (!ssh_gssapi_check_oid(gssctxt, oidv, oidlen)) - fatal("Server returned different OID than expected"); - } else { - if(oidv[0] != SSH_GSS_OIDTYPE || oidv[1] != oidlen-2) { - debug("Badly encoded mechanism OID received"); - userauth(authctxt, NULL); - xfree(oidv); - return; - } - if (!ssh_gssapi_check_oid(gssctxt, oidv+2, oidlen-2)) - fatal("Server returned different OID than expected"); + if (oidlen <= 2 || + oidv[0] != SSH_GSS_OIDTYPE || + oidv[1] != oidlen - 2) { + xfree(oidv); + debug("Badly encoded mechanism OID received"); + userauth(authctxt, NULL); + return; } + if (!ssh_gssapi_check_oid(gssctxt, oidv + 2, oidlen - 2)) + fatal("Server returned different OID than expected"); + packet_check_eom(); xfree(oidv); - status = ssh_gssapi_init_ctx(gssctxt, options.gss_deleg_creds, - GSS_C_NO_BUFFER, &send_tok, NULL); - if (GSS_ERROR(status)) { - if (send_tok.length > 0) { - packet_start(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK); - packet_put_string(send_tok.value, send_tok.length); - packet_send(); - gss_release_buffer(&ms, &send_tok); - } + if (GSS_ERROR(process_gssapi_token(ctxt, GSS_C_NO_BUFFER))) { /* Start again with next method on list */ debug("Trying to start again"); userauth(authctxt, NULL); return; } - - /* We must have data to send */ - packet_start(SSH2_MSG_USERAUTH_GSSAPI_TOKEN); - packet_put_string(send_tok.value, send_tok.length); - packet_send(); - gss_release_buffer(&ms, &send_tok); } void input_gssapi_token(int type, u_int32_t plen, void *ctxt) { Authctxt *authctxt = ctxt; - Gssctxt *gssctxt; - gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER; gss_buffer_desc recv_tok; - OM_uint32 status, ms; + OM_uint32 status; u_int slen; if (authctxt == NULL) fatal("input_gssapi_response: no authentication context"); - gssctxt = authctxt->methoddata; recv_tok.value = packet_get_string(&slen); recv_tok.length = slen; /* safe typecast */ packet_check_eom(); - status=ssh_gssapi_init_ctx(gssctxt, options.gss_deleg_creds, - &recv_tok, &send_tok, NULL); + status = process_gssapi_token(ctxt, &recv_tok); xfree(recv_tok.value); if (GSS_ERROR(status)) { - if (send_tok.length > 0) { - packet_start(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK); - packet_put_string(send_tok.value, send_tok.length); - packet_send(); - gss_release_buffer(&ms, &send_tok); - } /* Start again with the next method in the list */ userauth(authctxt, NULL); return; } - - if (send_tok.length > 0) { - packet_start(SSH2_MSG_USERAUTH_GSSAPI_TOKEN); - packet_put_string(send_tok.value, send_tok.length); - packet_send(); - gss_release_buffer(&ms, &send_tok); - } - - if (status == GSS_S_COMPLETE) { - /* If that succeeded, send a exchange complete message */ - packet_start(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE); - packet_send(); - } } void @@ -1016,7 +1033,7 @@ pubkey_prepare(Authctxt *authctxt) key = ssh_get_next_identity(ac, &comment, 2)) { found = 0; TAILQ_FOREACH(id, &files, next) { - /* agent keys from the config file are preferred */ + /* agent keys from the config file are preferred */ if (key_equal(key, id->key)) { key_free(key); xfree(comment); @@ -1080,6 +1097,7 @@ userauth_pubkey(Authctxt *authctxt) while ((id = TAILQ_FIRST(&authctxt->keys))) { if (id->tried++) return (0); + /* move key to the end of the queue */ TAILQ_REMOVE(&authctxt->keys, id, next); TAILQ_INSERT_TAIL(&authctxt->keys, id, next); /* @@ -1244,7 +1262,8 @@ ssh_keysign(Key *key, u_char **sigp, u_int *lenp, buffer_init(&b); buffer_put_int(&b, packet_get_connection_in()); /* send # of socket */ buffer_put_string(&b, data, datalen); - ssh_msg_send(to[1], version, &b); + if (ssh_msg_send(to[1], version, &b) == -1) + fatal("ssh_keysign: couldn't send request"); if (ssh_msg_recv(from[0], &b) < 0) { error("ssh_keysign: no reply"); diff --git a/openssh/sshd.8 b/openssh/sshd.8 index 0eeea66..34413e2 100644 --- a/openssh/sshd.8 +++ b/openssh/sshd.8 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.199 2003/08/13 08:46:31 markus Exp $ +.\" $OpenBSD: sshd.8,v 1.200 2003/10/08 08:27:36 jmc Exp $ .Dd September 25, 1999 .Dt SSHD 8 .Os @@ -44,7 +44,7 @@ .Sh SYNOPSIS .Nm sshd .Bk -words -.Op Fl deiqtD46 +.Op Fl 46Ddeiqt .Op Fl b Ar bits .Op Fl f Ar config_file .Op Fl g Ar login_grace_time @@ -78,9 +78,7 @@ This implementation of supports both SSH protocol version 1 and 2 simultaneously. .Nm works as follows: -.Pp .Ss SSH protocol version 1 -.Pp Each host has a host-specific RSA key (normally 1024 bits) used to identify the host. Additionally, when @@ -92,7 +90,7 @@ Whenever a client connects, the daemon responds with its public host and server keys. The client compares the RSA host key against its own database to verify that it has not changed. -The client then generates a 256 bit random number. +The client then generates a 256-bit random number. It encrypts this random number using both the host key and the server key, and sends the encrypted number to the server. @@ -107,9 +105,9 @@ to use from those offered by the server. .Pp Next, the server and the client enter an authentication dialog. The client tries to authenticate itself using -.Pa .rhosts +.Em .rhosts authentication, -.Pa .rhosts +.Em .rhosts authentication combined with RSA host authentication, RSA challenge-response authentication, or password based authentication. @@ -137,7 +135,8 @@ or .Ql \&*NP\&* ). .Pp -Rhosts authentication is normally disabled +.Em rhosts +authentication is normally disabled because it is fundamentally insecure, but can be enabled in the server configuration file if desired. System security is not improved unless @@ -150,9 +149,7 @@ are disabled (thus completely disabling and .Xr rsh into the machine). -.Pp .Ss SSH protocol version 2 -.Pp Version 2 works similarly: Each host has a host-specific key (RSA or DSA) used to identify the host. However, when the daemon starts, it does not generate a server key. @@ -160,7 +157,7 @@ Forward security is provided through a Diffie-Hellman key agreement. This key agreement results in a shared session key. .Pp The rest of the session is encrypted using a symmetric cipher, currently -128 bit AES, Blowfish, 3DES, CAST128, Arcfour, 192 bit AES, or 256 bit AES. +128-bit AES, Blowfish, 3DES, CAST128, Arcfour, 192-bit AES, or 256-bit AES. The client selects the encryption algorithm to use from those offered by the server. Additionally, session integrity is provided @@ -171,9 +168,7 @@ Protocol version 2 provides a public key based user (PubkeyAuthentication) or client host (HostbasedAuthentication) authentication method, conventional password authentication and challenge response based methods. -.Pp .Ss Command execution and data forwarding -.Pp If the client successfully authenticates itself, a dialog for preparing the session is entered. At this time the client may request @@ -192,8 +187,9 @@ connections have been closed, the server sends command exit status to the client, and both sides exit. .Pp .Nm -can be configured using command-line options or a configuration -file. +can be configured using command-line options or a configuration file +(by default +.Xr sshd_config 5 ) . Command-line options override values specified in the configuration file. .Pp @@ -205,9 +201,23 @@ by executing itself with the name it was started as, i.e., .Pp The options are as follows: .Bl -tag -width Ds +.It Fl 4 +Forces +.Nm +to use IPv4 addresses only. +.It Fl 6 +Forces +.Nm +to use IPv6 addresses only. .It Fl b Ar bits Specifies the number of bits in the ephemeral protocol version 1 server key (default 768). +.It Fl D +When this option is specified, +.Nm +will not detach and does not become a daemon. +This allows easy monitoring of +.Nm sshd . .It Fl d Debug mode. The server sends verbose debug output to the system @@ -267,7 +277,7 @@ be feasible. Specifies how often the ephemeral protocol version 1 server key is regenerated (default 3600 seconds, or one hour). The motivation for regenerating the key fairly -often is that the key is not stored anywhere, and after about an hour, +often is that the key is not stored anywhere, and after about an hour it becomes impossible to recover the key for decrypting intercepted communications even if the machine is cracked into or physically seized. @@ -276,6 +286,8 @@ A value of zero indicates that the key will never be regenerated. Can be used to give options in the format used in the configuration file. This is useful for specifying options for which there is no separate command-line flag. +For full details of the options, and their values, see +.Xr sshd_config 5 . .It Fl p Ar port Specifies the port on which the server listens for connections (default 22). @@ -325,20 +337,6 @@ USER@HOST pattern in .Cm AllowUsers or .Cm DenyUsers . -.It Fl D -When this option is specified -.Nm -will not detach and does not become a daemon. -This allows easy monitoring of -.Nm sshd . -.It Fl 4 -Forces -.Nm -to use IPv4 addresses only. -.It Fl 6 -Forces -.Nm -to use IPv6 addresses only. .El .Sh CONFIGURATION FILE .Nm @@ -375,9 +373,9 @@ Changes to run with normal user privileges. .It Sets up basic environment. .It -Reads -.Pa $HOME/.ssh/environment -if it exists and users are allowed to change their environment. +Reads the file +.Pa $HOME/.ssh/environment , +if it exists, and users are allowed to change their environment. See the .Cm PermitUserEnvironment option in @@ -516,7 +514,7 @@ Limit local port forwarding such that it may only connect to the specified host and port. IPv6 addresses can be specified with an alternative syntax: -.Ar host/port . +.Ar host Ns / Ns Ar port . Multiple .Cm permitopen options may be applied separated by commas. @@ -524,13 +522,13 @@ No pattern matching is performed on the specified hostnames, they must be literal domains or addresses. .El .Ss Examples -1024 33 12121.\|.\|.\|312314325 ylo@foo.bar +1024 33 12121...312314325 ylo@foo.bar .Pp -from="*.niksula.hut.fi,!pc.niksula.hut.fi" 1024 35 23.\|.\|.\|2334 ylo@niksula +from="*.niksula.hut.fi,!pc.niksula.hut.fi" 1024 35 23...2334 ylo@niksula .Pp -command="dump /home",no-pty,no-port-forwarding 1024 33 23.\|.\|.\|2323 backup.hut.fi +command="dump /home",no-pty,no-port-forwarding 1024 33 23...2323 backup.hut.fi .Pp -permitopen="10.2.1.55:80",permitopen="10.2.1.56:25" 1024 33 23.\|.\|.\|2323 +permitopen="10.2.1.55:80",permitopen="10.2.1.56:25" 1024 33 23...2323 .Sh SSH_KNOWN_HOSTS FILE FORMAT The .Pa /etc/ssh/ssh_known_hosts @@ -588,7 +586,7 @@ or by taking and adding the host names at the front. .Ss Examples .Bd -literal -closenet,.\|.\|.\|,130.233.208.41 1024 37 159.\|.\|.93 closenet.hut.fi +closenet,...,130.233.208.41 1024 37 159...93 closenet.hut.fi cvs.openbsd.org,199.185.137.3 ssh-rsa AAAA1234.....= .Ed .Sh FILES @@ -647,7 +645,7 @@ and/or .Pa id_rsa.pub files into this file, as described in .Xr ssh-keygen 1 . -.It Pa "/etc/ssh/ssh_known_hosts" and "$HOME/.ssh/known_hosts" +.It Pa "/etc/ssh/ssh_known_hosts", "$HOME/.ssh/known_hosts" These files are consulted when using rhosts with RSA host authentication or protocol version 2 hostbased authentication to check the public key of the host. @@ -681,7 +679,7 @@ The file must be writable only by the user; it is recommended that it not be accessible by others. .Pp -If is also possible to use netgroups in the file. +It is also possible to use netgroups in the file. Either host or user name may be of the form +@groupname to specify all hosts or all users in the group. @@ -693,7 +691,7 @@ However, this file is not used by rlogin and rshd, so using this permits access using SSH only. .It Pa /etc/hosts.equiv This file is used during -.Pa .rhosts +.Em rhosts authentication. In the simplest form, this file contains host names, one per line. Users on @@ -800,9 +798,12 @@ This file should be writable only by root, and should be world-readable. .Xr ssh-add 1 , .Xr ssh-agent 1 , .Xr ssh-keygen 1 , +.Xr chroot 2 , +.Xr hosts_access 5 , .Xr login.conf 5 , .Xr moduli 5 , .Xr sshd_config 5 , +.Xr inetd 8 , .Xr sftp-server 8 .Rs .%A T. Ylonen diff --git a/openssh/sshd.c b/openssh/sshd.c index 47df9ca..ab029b0 100644 --- a/openssh/sshd.c +++ b/openssh/sshd.c @@ -42,7 +42,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.276 2003/08/28 12:54:34 markus Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.284 2003/12/09 21:53:37 markus Exp $"); #include #include @@ -204,6 +204,9 @@ struct monitor *pmonitor; /* message to be displayed after login */ Buffer loginmsg; +/* global authentication context */ +Authctxt *the_authctxt = NULL; + /* Prototypes for various functions defined later in this file. */ void destroy_sensitive_data(void); void demote_sensitive_data(void); @@ -375,7 +378,7 @@ sshd_exchange_identification(int sock_in, int sock_out) strlen(server_version_string)) != strlen(server_version_string)) { logit("Could not write ident string to %s", get_remote_ipaddr()); - fatal_cleanup(); + cleanup_exit(255); } /* Read other sides version identification. */ @@ -384,7 +387,7 @@ sshd_exchange_identification(int sock_in, int sock_out) if (atomicio(read, sock_in, &buf[i], 1) != 1) { logit("Did not receive identification string from %s", get_remote_ipaddr()); - fatal_cleanup(); + cleanup_exit(255); } if (buf[i] == '\r') { buf[i] = 0; @@ -414,7 +417,7 @@ sshd_exchange_identification(int sock_in, int sock_out) close(sock_out); logit("Bad protocol version identification '%.100s' from %s", client_version_string, get_remote_ipaddr()); - fatal_cleanup(); + cleanup_exit(255); } debug("Client protocol version %d.%d; client software version %.100s", remote_major, remote_minor, remote_version); @@ -424,13 +427,13 @@ sshd_exchange_identification(int sock_in, int sock_out) if (datafellows & SSH_BUG_PROBE) { logit("probed from %s with %s. Don't panic.", get_remote_ipaddr(), client_version_string); - fatal_cleanup(); + cleanup_exit(255); } if (datafellows & SSH_BUG_SCANNER) { logit("scanned from %s with %s. Don't panic.", get_remote_ipaddr(), client_version_string); - fatal_cleanup(); + cleanup_exit(255); } mismatch = 0; @@ -476,7 +479,7 @@ sshd_exchange_identification(int sock_in, int sock_out) logit("Protocol major versions differ for %s: %.200s vs. %.200s", get_remote_ipaddr(), server_version_string, client_version_string); - fatal_cleanup(); + cleanup_exit(255); } } @@ -571,10 +574,9 @@ privsep_preauth_child(void) #endif } -static Authctxt * -privsep_preauth(void) +static int +privsep_preauth(Authctxt *authctxt) { - Authctxt *authctxt = NULL; int status; pid_t pid; @@ -587,12 +589,10 @@ privsep_preauth(void) if (pid == -1) { fatal("fork of unprivileged child failed"); } else if (pid != 0) { - fatal_remove_cleanup((void (*) (void *)) packet_close, NULL); - debug2("Network child is on pid %ld", (long)pid); close(pmonitor->m_recvfd); - authctxt = monitor_child_preauth(pmonitor); + monitor_child_preauth(authctxt, pmonitor); close(pmonitor->m_sendfd); /* Sync memory */ @@ -602,11 +602,7 @@ privsep_preauth(void) while (waitpid(pid, &status, 0) < 0) if (errno != EINTR) break; - - /* Reinstall, since the child has finished */ - fatal_add_cleanup((void (*) (void *)) packet_close, NULL); - - return (authctxt); + return (1); } else { /* child */ @@ -617,17 +613,12 @@ privsep_preauth(void) privsep_preauth_child(); setproctitle("%s", "[net]"); } - return (NULL); + return (0); } static void privsep_postauth(Authctxt *authctxt) { - extern Authctxt *x_authctxt; - - /* XXX - Remote port forwarding */ - x_authctxt = authctxt; - #ifdef DISABLE_FD_PASSING if (1) { #else @@ -653,8 +644,6 @@ privsep_postauth(Authctxt *authctxt) if (pmonitor->m_pid == -1) fatal("fork of unprivileged child failed"); else if (pmonitor->m_pid != 0) { - fatal_remove_cleanup((void (*) (void *)) packet_close, NULL); - debug2("User child is on pid %ld", (long)pmonitor->m_pid); close(pmonitor->m_recvfd); monitor_child_postauth(pmonitor); @@ -679,7 +668,8 @@ static char * list_hostkey_types(void) { Buffer b; - char *p; + const char *p; + char *ret; int i; buffer_init(&b); @@ -698,10 +688,10 @@ list_hostkey_types(void) } } buffer_append(&b, "\0", 1); - p = xstrdup(buffer_ptr(&b)); + ret = xstrdup(buffer_ptr(&b)); buffer_free(&b); - debug("list_hostkey_types: %s", p); - return p; + debug("list_hostkey_types: %s", ret); + return ret; } Key * @@ -769,7 +759,8 @@ drop_connection(int startups) static void usage(void) { - fprintf(stderr, "sshd version %s\n", SSH_VERSION); + fprintf(stderr, "sshd version %s, %s\n", + SSH_VERSION, SSLeay_version(SSLEAY_VERSION)); fprintf(stderr, "Usage: %s [options]\n", __progname); fprintf(stderr, "Options:\n"); fprintf(stderr, " -f file Configuration file (default %s)\n", _PATH_SERVER_CONFIG_FILE); @@ -809,11 +800,12 @@ main(int ac, char **av) FILE *f; struct addrinfo *ai; char ntop[NI_MAXHOST], strport[NI_MAXSERV]; + char *line; int listen_sock, maxfd; int startup_p[2]; int startups = 0; - Authctxt *authctxt; Key *key; + Authctxt *authctxt; int ret, key_used = 0; #ifdef HAVE_SECUREWARE @@ -917,9 +909,11 @@ main(int ac, char **av) } break; case 'o': - if (process_server_config_line(&options, optarg, + line = xstrdup(optarg); + if (process_server_config_line(&options, line, "command-line", 0) != 0) exit(1); + xfree(line); break; case '?': default: @@ -1064,8 +1058,8 @@ main(int ac, char **av) /* * Clear out any supplemental groups we may have inherited. This * prevents inadvertent creation of files with bad modes (in the - * portable version at least, it's certainly possible for PAM - * to create a file, and we can't control the code in every + * portable version at least, it's certainly possible for PAM + * to create a file, and we can't control the code in every * module which might be used). */ if (setgroups(0, NULL) < 0) @@ -1147,11 +1141,6 @@ main(int ac, char **av) verbose("socket: %.100s", strerror(errno)); continue; } - if (fcntl(listen_sock, F_SETFL, O_NONBLOCK) < 0) { - error("listen_sock O_NONBLOCK: %s", strerror(errno)); - close(listen_sock); - continue; - } /* * Set socket options. * Allow local port reuse in TIME_WAIT. @@ -1175,7 +1164,7 @@ main(int ac, char **av) /* Start listening on the port. */ logit("Server listening on %s port %s.", ntop, strport); - if (listen(listen_sock, 5) < 0) + if (listen(listen_sock, SSH_LISTEN_BACKLOG) < 0) fatal("listen: %.100s", strerror(errno)); } @@ -1291,11 +1280,6 @@ main(int ac, char **av) error("accept: %.100s", strerror(errno)); continue; } - if (fcntl(newsock, F_SETFL, 0) < 0) { - error("newsock del O_NONBLOCK: %s", strerror(errno)); - close(newsock); - continue; - } if (drop_connection(startups) == 1) { debug("drop connection #%d", startups); close(newsock); @@ -1414,8 +1398,8 @@ main(int ac, char **av) signal(SIGCHLD, SIG_DFL); signal(SIGINT, SIG_DFL); - /* Set keepalives if requested. */ - if (options.keepalives && + /* Set SO_KEEPALIVE if requested. */ + if (options.tcp_keep_alive && setsockopt(sock_in, SOL_SOCKET, SO_KEEPALIVE, &on, sizeof(on)) < 0) error("setsockopt SO_KEEPALIVE: %.100s", strerror(errno)); @@ -1465,21 +1449,28 @@ main(int ac, char **av) packet_set_nonblocking(); - /* prepare buffers to collect authentication messages */ + /* prepare buffers to collect authentication messages */ buffer_init(&loginmsg); + /* allocate authentication context */ + authctxt = xmalloc(sizeof(*authctxt)); + memset(authctxt, 0, sizeof(*authctxt)); + + /* XXX global for cleanup, access from other modules */ + the_authctxt = authctxt; + if (use_privsep) - if ((authctxt = privsep_preauth()) != NULL) + if (privsep_preauth(authctxt) == 1) goto authenticated; /* perform the key exchange */ /* authenticate user and start session */ if (compat20) { do_ssh2_kex(); - authctxt = do_authentication2(); + do_authentication2(authctxt); } else { do_ssh1_kex(); - authctxt = do_authentication(); + do_authentication(authctxt); } /* * If we use privilege separation, the unprivileged child transfers @@ -1502,7 +1493,7 @@ main(int ac, char **av) destroy_sensitive_data(); } - /* Perform session preparation. */ + /* Start session. */ do_authenticated(authctxt); /* The connection has been terminated. */ @@ -1795,3 +1786,12 @@ do_ssh2_kex(void) #endif debug("KEX done"); } + +/* server specific fatal cleanup */ +void +cleanup_exit(int i) +{ + if (the_authctxt) + do_cleanup(the_authctxt); + _exit(i); +} diff --git a/openssh/sshd_config b/openssh/sshd_config index dd53f10..b45c8c5 100644 --- a/openssh/sshd_config +++ b/openssh/sshd_config @@ -1,4 +1,4 @@ -# $OpenBSD: sshd_config,v 1.65 2003/08/28 12:54:34 markus Exp $ +# $OpenBSD: sshd_config,v 1.68 2003/12/29 16:39:50 millert Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. @@ -61,15 +61,16 @@ #KerberosAuthentication no #KerberosOrLocalPasswd yes #KerberosTicketCleanup yes +#KerberosGetAFSToken no # GSSAPI options #GSSAPIAuthentication no -#GSSAPICleanupCreds yes +#GSSAPICleanupCredentials yes # Set this to 'yes' to enable PAM authentication (via challenge-response) # and session processing. Depending on your PAM configuration, this may -# bypass the setting of 'PasswordAuthentication' -#UsePAM yes +# bypass the setting of 'PasswordAuthentication' and 'PermitEmptyPasswords' +#UsePAM no #AllowTcpForwarding yes #GatewayPorts no @@ -78,7 +79,7 @@ #X11UseLocalhost yes #PrintMotd yes #PrintLastLog yes -#KeepAlive yes +#TCPKeepAlive yes #UseLogin no #UsePrivilegeSeparation yes #PermitUserEnvironment no diff --git a/openssh/sshd_config.5 b/openssh/sshd_config.5 index 727fdb1..ad3cf76 100644 --- a/openssh/sshd_config.5 +++ b/openssh/sshd_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.25 2003/09/01 09:50:04 markus Exp $ +.\" $OpenBSD: sshd_config.5,v 1.27 2003/12/09 21:53:37 markus Exp $ .Dd September 25, 1999 .Dt SSHD_CONFIG 5 .Os @@ -156,12 +156,12 @@ If this threshold is reached while client alive messages are being sent, will disconnect the client, terminating the session. It is important to note that the use of client alive messages is very different from -.Cm KeepAlive +.Cm TCPKeepAlive (below). The client alive messages are sent through the encrypted channel and therefore will not be spoofable. The TCP keepalive option enabled by -.Cm KeepAlive +.Cm TCPKeepAlive is spoofable. The client alive mechanism is valuable when the client or server depend on knowing when a connection has become inactive. @@ -227,7 +227,7 @@ The default is .Dq no . .It Cm GSSAPIAuthentication Specifies whether user authentication based on GSSAPI is allowed. -The default is +The default is .Dq no . Note that this option applies to protocol version 2 only. .It Cm GSSAPICleanupCredentials @@ -292,27 +292,6 @@ or .Cm HostbasedAuthentication . The default is .Dq no . -.It Cm KeepAlive -Specifies whether the system should send TCP keepalive messages to the -other side. -If they are sent, death of the connection or crash of one -of the machines will be properly noticed. -However, this means that -connections will die if the route is down temporarily, and some people -find it annoying. -On the other hand, if keepalives are not sent, -sessions may hang indefinitely on the server, leaving -.Dq ghost -users and consuming server resources. -.Pp -The default is -.Dq yes -(to send keepalives), and the server will notice -if the network goes down or the client host crashes. -This avoids infinitely hanging sessions. -.Pp -To disable keepalives, the value should be set to -.Dq no . .It Cm KerberosAuthentication Specifies whether the password provided by the user for .Cm PasswordAuthentication @@ -580,6 +559,27 @@ Gives the facility code that is used when logging messages from The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. The default is AUTH. +.It Cm TCPKeepAlive +Specifies whether the system should send TCP keepalive messages to the +other side. +If they are sent, death of the connection or crash of one +of the machines will be properly noticed. +However, this means that +connections will die if the route is down temporarily, and some people +find it annoying. +On the other hand, if TCP keepalives are not sent, +sessions may hang indefinitely on the server, leaving +.Dq ghost +users and consuming server resources. +.Pp +The default is +.Dq yes +(to send TCP keepalive messages), and the server will notice +if the network goes down or the client host crashes. +This avoids infinitely hanging sessions. +.Pp +To disable TCP keepalive messages, the value should be set to +.Dq no . .It Cm UseDNS Specifies whether .Nm sshd @@ -608,12 +608,13 @@ If .Cm UsePrivilegeSeparation is specified, it will be disabled after authentication. .It Cm UsePAM -Enables PAM authentication (via challenge-response) and session set up. -If you enable this, you should probably disable +Enables PAM authentication (via challenge-response) and session set up. +If you enable this, you should probably disable .Cm PasswordAuthentication . -If you enable +If you enable .CM UsePAM -then you will not be able to run sshd as a non-root user. +then you will not be able to run sshd as a non-root user. The default is +.Dq no . .It Cm UsePrivilegeSeparation Specifies whether .Nm sshd diff --git a/openssh/sshpty.c b/openssh/sshpty.c index 4747cea..50b1f2b 100644 --- a/openssh/sshpty.c +++ b/openssh/sshpty.c @@ -343,7 +343,7 @@ pty_make_controlling_tty(int *ttyfd, const char *ttyname) if (fd < 0) error("open /dev/tty failed - could not set controlling tty: %.100s", strerror(errno)); - else + else close(fd); #endif /* _UNICOS */ } diff --git a/openssh/sshtty.c b/openssh/sshtty.c index 2f47b06..4fb2d3d 100644 --- a/openssh/sshtty.c +++ b/openssh/sshtty.c @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshtty.c,v 1.4 2003/07/16 10:36:28 markus Exp $"); +RCSID("$OpenBSD: sshtty.c,v 1.5 2003/09/19 17:43:35 markus Exp $"); #include "sshtty.h" #include "log.h" @@ -43,12 +43,6 @@ RCSID("$OpenBSD: sshtty.c,v 1.4 2003/07/16 10:36:28 markus Exp $"); static struct termios _saved_tio; static int _in_raw_mode = 0; -int -in_raw_mode(void) -{ - return _in_raw_mode; -} - struct termios get_saved_tio(void) { @@ -64,8 +58,6 @@ leave_raw_mode(void) perror("tcsetattr"); else _in_raw_mode = 0; - - fatal_remove_cleanup((void (*) (void *)) leave_raw_mode, NULL); } void @@ -94,6 +86,4 @@ enter_raw_mode(void) perror("tcsetattr"); else _in_raw_mode = 1; - - fatal_add_cleanup((void (*) (void *)) leave_raw_mode, NULL); } diff --git a/openssh/sshtty.h b/openssh/sshtty.h index 7ba4a26..723b278 100644 --- a/openssh/sshtty.h +++ b/openssh/sshtty.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sshtty.h,v 1.2 2001/06/26 17:27:25 markus Exp $ */ +/* $OpenBSD: sshtty.h,v 1.3 2003/09/19 17:43:35 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -40,7 +40,6 @@ #include -int in_raw_mode(void); struct termios get_saved_tio(void); void leave_raw_mode(void); void enter_raw_mode(void); diff --git a/openssh/uidswap.c b/openssh/uidswap.c index 9e161d0..4cabaa4 100644 --- a/openssh/uidswap.c +++ b/openssh/uidswap.c @@ -151,7 +151,7 @@ permanently_set_uid(struct passwd *pw) debug("permanently_set_uid: %u/%u", (u_int)pw->pw_uid, (u_int)pw->pw_gid); -#if defined(HAVE_SETRESGID) +#if defined(HAVE_SETRESGID) && !defined(BROKEN_SETRESGID) if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) < 0) fatal("setresgid %u: %.100s", (u_int)pw->pw_gid, strerror(errno)); #elif defined(HAVE_SETREGID) && !defined(BROKEN_SETREGID) @@ -164,7 +164,7 @@ permanently_set_uid(struct passwd *pw) fatal("setgid %u: %.100s", (u_int)pw->pw_gid, strerror(errno)); #endif -#if defined(HAVE_SETRESUID) +#if defined(HAVE_SETRESUID) && !defined(BROKEN_SETRESUID) if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) < 0) fatal("setresuid %u: %.100s", (u_int)pw->pw_uid, strerror(errno)); #elif defined(HAVE_SETREUID) && !defined(BROKEN_SETREUID) @@ -180,28 +180,28 @@ permanently_set_uid(struct passwd *pw) #endif /* Try restoration of GID if changed (test clearing of saved gid) */ - if (old_gid != pw->pw_gid && + if (old_gid != pw->pw_gid && (setgid(old_gid) != -1 || setegid(old_gid) != -1)) fatal("%s: was able to restore old [e]gid", __func__); /* Verify GID drop was successful */ if (getgid() != pw->pw_gid || getegid() != pw->pw_gid) { - fatal("%s: egid incorrect gid:%u egid:%u (should be %u)", - __func__, (u_int)getgid(), (u_int)getegid(), + fatal("%s: egid incorrect gid:%u egid:%u (should be %u)", + __func__, (u_int)getgid(), (u_int)getegid(), (u_int)pw->pw_gid); } #ifndef HAVE_CYGWIN /* Try restoration of UID if changed (test clearing of saved uid) */ - if (old_uid != pw->pw_uid && + if (old_uid != pw->pw_uid && (setuid(old_uid) != -1 || seteuid(old_uid) != -1)) fatal("%s: was able to restore old [e]uid", __func__); #endif /* Verify UID drop was successful */ if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid) { - fatal("%s: euid incorrect uid:%u euid:%u (should be %u)", - __func__, (u_int)getuid(), (u_int)geteuid(), + fatal("%s: euid incorrect uid:%u euid:%u (should be %u)", + __func__, (u_int)getuid(), (u_int)geteuid(), (u_int)pw->pw_uid); } } diff --git a/openssh/uuencode.c b/openssh/uuencode.c index 21eaf4d..0a7c8d1 100644 --- a/openssh/uuencode.c +++ b/openssh/uuencode.c @@ -23,13 +23,13 @@ */ #include "includes.h" -RCSID("$OpenBSD: uuencode.c,v 1.16 2002/09/09 14:54:15 markus Exp $"); +RCSID("$OpenBSD: uuencode.c,v 1.17 2003/11/10 16:23:41 jakob Exp $"); #include "xmalloc.h" #include "uuencode.h" int -uuencode(u_char *src, u_int srclength, +uuencode(const u_char *src, u_int srclength, char *target, size_t targsize) { return __b64_ntop(src, srclength, target, targsize); diff --git a/openssh/uuencode.h b/openssh/uuencode.h index 682b623..08e87c4 100644 --- a/openssh/uuencode.h +++ b/openssh/uuencode.h @@ -1,4 +1,4 @@ -/* $OpenBSD: uuencode.h,v 1.9 2002/02/25 16:33:27 markus Exp $ */ +/* $OpenBSD: uuencode.h,v 1.10 2003/11/10 16:23:41 jakob Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -26,7 +26,7 @@ #ifndef UUENCODE_H #define UUENCODE_H -int uuencode(u_char *, u_int, char *, size_t); +int uuencode(const u_char *, u_int, char *, size_t); int uudecode(const char *, u_char *, size_t); void dump_base64(FILE *, u_char *, u_int); #endif -- 2.45.1