From 276b07a3f1573cd5a3ea923262f7878c7e0f4e64 Mon Sep 17 00:00:00 2001 From: jbasney Date: Mon, 1 Jul 2002 15:28:09 +0000 Subject: [PATCH] merged OpenSSH 3.4p1 to trunk --- openssh/Makefile.in | 11 +- openssh/README.privsep | 19 +-- openssh/acconfig.h | 9 +- openssh/cipher.c | 14 ++- openssh/configure.ac | 51 +++++--- openssh/contrib/aix/README | 4 + openssh/contrib/aix/buildbff.sh | 213 ++++++++++++++++++++++++++------ openssh/defines.h | 26 ++-- openssh/kex.c | 6 +- openssh/key.c | 10 +- openssh/monitor.c | 15 +-- openssh/monitor_fdpass.h | 2 +- openssh/monitor_mm.c | 8 +- openssh/monitor_mm.h | 2 +- openssh/packet.c | 15 +-- openssh/servconf.c | 23 ++-- openssh/session.c | 41 +++--- openssh/session.h | 8 +- openssh/ssh-agent.c | 83 ++++++------- openssh/ssh.1 | 6 +- openssh/sshconnect2.c | 13 +- openssh/sshd.8 | 11 +- openssh/sshd.c | 48 +++++-- openssh/sshd_config.5 | 14 ++- 24 files changed, 443 insertions(+), 209 deletions(-) diff --git a/openssh/Makefile.in b/openssh/Makefile.in index cba469e..204f836 100644 --- a/openssh/Makefile.in +++ b/openssh/Makefile.in @@ -26,6 +26,7 @@ SFTP_SERVER=$(libexecdir)/sftp-server SSH_KEYSIGN=$(libexecdir)/ssh-keysign RAND_HELPER=$(libexecdir)/ssh-rand-helper PRIVSEP_PATH=@PRIVSEP_PATH@ +SSH_PRIVSEP_USER=@SSH_PRIVSEP_USER@ PATHS= -DSSHDIR=\"$(sysconfdir)\" \ -D_PATH_SSH_PROGRAM=\"$(SSH_PROGRAM)\" \ @@ -197,9 +198,13 @@ distprep: catman-do $(AUTORECONF) (cd scard && $(MAKE) -f Makefile.in distprep) -install: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files host-key +install: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files host-key check-user install-nokeys: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files +check-user: + id $(SSH_PRIVSEP_USER) || \ + echo "WARNING: Privilege separation user \"$(SSH_PRIVSEP_USER)\" does not exist" + scard-install: (cd scard && $(MAKE) DESTDIR=$(DESTDIR) install) @@ -212,6 +217,8 @@ install-files: scard-install $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)5 $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)8 $(srcdir)/mkinstalldirs $(DESTDIR)$(libexecdir) + $(srcdir)/mkinstalldirs $(DESTDIR)$(PRIVSEP_PATH) + chmod 0700 $(DESTDIR)$(PRIVSEP_PATH) $(INSTALL) -m 0755 -s ssh $(DESTDIR)$(bindir)/ssh $(INSTALL) -m 0755 -s scp $(DESTDIR)$(bindir)/scp $(INSTALL) -m 0755 -s ssh-add $(DESTDIR)$(bindir)/ssh-add @@ -234,7 +241,7 @@ install-files: scard-install $(INSTALL) -m 644 sshd_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/sshd_config.5 $(INSTALL) -m 644 ssh_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/ssh_config.5 $(INSTALL) -m 644 sshd.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sshd.8 - if [ ! -z "$(INSTALL_SSH_PRNG_CMDS)" ]; then \ + if [ ! -z "$(INSTALL_SSH_RAND_HELPER)" ]; then \ $(INSTALL) -m 644 ssh-rand-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-rand-helper.8 ; \ fi @NO_SFTP@$(INSTALL) -m 644 sftp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/sftp.1 diff --git a/openssh/README.privsep b/openssh/README.privsep index c2ce935..b99a667 100644 --- a/openssh/README.privsep +++ b/openssh/README.privsep @@ -12,19 +12,20 @@ On systems which lack mmap or anonymous (MAP_ANON) memory mapping, compression must be disabled in order for privilege separation to function. -When privsep is enabled, the pre-authentication sshd process will +When privsep is enabled, during the pre-authentication phase sshd will chroot(2) to "/var/empty" and change its privileges to the "sshd" user -and its primary group. You should do something like the following to -prepare the privsep preauth environment: +and its primary group. sshd is a pseudo-account that should not be +used by other daemons, and must be locked and should contain a +"nologin" or invalid shell. + +You should do something like the following to prepare the privsep +preauth environment: # mkdir /var/empty # chown root:sys /var/empty # chmod 755 /var/empty # groupadd sshd - # useradd -g sshd sshd - -If you are on UnixWare 7 or OpenUNIX 8 do this additional step. - # ln /usr/lib/.ns.so /usr/lib/ns.so.1 + # useradd -g sshd -c 'sshd privsep' -d /var/empty -s /bin/false sshd /var/empty should not contain any files. @@ -34,8 +35,8 @@ privsep user and chroot directory: --with-privsep-path=xxx Path for privilege separation chroot --with-privsep-user=user Specify non-privileged user for privilege separation -Privsep requires operating system support for file descriptor passing -and mmap(MAP_ANON). +Privsep requires operating system support for file descriptor passing. +Compression will be disabled on systems without a working mmap MAP_ANON. PAM-enabled OpenSSH is known to function with privsep on Linux. It does not function on HP-UX with a trusted system diff --git a/openssh/acconfig.h b/openssh/acconfig.h index 7e36262..3564029 100644 --- a/openssh/acconfig.h +++ b/openssh/acconfig.h @@ -234,9 +234,6 @@ /* Define if xauth is found in your path */ #undef XAUTH_PATH -/* Define if rsh is found in your path */ -#undef RSH_PATH - /* Define if you want to allow MD5 passwords */ #undef HAVE_MD5_PASSWORDS @@ -364,6 +361,12 @@ /* Path that unprivileged child will chroot() to in privep mode */ #undef PRIVSEP_PATH +/* Define if you have the `mmap' function that supports MAP_ANON|SHARED */ +#undef HAVE_MMAP_ANON_SHARED + +/* Define if sendmsg()/recvmsg() has problems passing file descriptors */ +#undef BROKEN_FD_PASSING + @BOTTOM@ /* ******************* Shouldn't need to edit below this line ************** */ diff --git a/openssh/cipher.c b/openssh/cipher.c index b18c701..6db340d 100644 --- a/openssh/cipher.c +++ b/openssh/cipher.c @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: cipher.c,v 1.59 2002/06/19 18:01:00 markus Exp $"); +RCSID("$OpenBSD: cipher.c,v 1.60 2002/06/23 03:26:52 deraadt Exp $"); #include "xmalloc.h" #include "log.h" @@ -95,11 +95,13 @@ cipher_blocksize(Cipher *c) { return (c->block_size); } + u_int cipher_keylen(Cipher *c) { return (c->key_len); } + u_int cipher_get_number(Cipher *c) { @@ -314,6 +316,7 @@ struct ssh1_3des_ctx { EVP_CIPHER_CTX k1, k2, k3; }; + static int ssh1_3des_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv, int enc) @@ -356,6 +359,7 @@ ssh1_3des_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv, #endif return (1); } + static int ssh1_3des_cbc(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src, u_int len) { @@ -377,6 +381,7 @@ ssh1_3des_cbc(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src, u_int len) #endif return (1); } + static int ssh1_3des_cleanup(EVP_CIPHER_CTX *ctx) { @@ -389,6 +394,7 @@ ssh1_3des_cleanup(EVP_CIPHER_CTX *ctx) } return (1); } + static const EVP_CIPHER * evp_ssh1_3des(void) { @@ -430,7 +436,9 @@ swap_bytes(const u_char *src, u_char *dst, int n) *dst++ = c[3]; } } + static int (*orig_bf)(EVP_CIPHER_CTX *, u_char *, const u_char *, u_int) = NULL; + static int bf_ssh1_cipher(EVP_CIPHER_CTX *ctx, u_char *out, const u_char *in, u_int len) { @@ -441,6 +449,7 @@ bf_ssh1_cipher(EVP_CIPHER_CTX *ctx, u_char *out, const u_char *in, u_int len) swap_bytes(out, out, len); return (ret); } + static const EVP_CIPHER * evp_ssh1_bf(void) { @@ -483,6 +492,7 @@ ssh_rijndael_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv, memcpy(c->r_iv, iv, RIJNDAEL_BLOCKSIZE); return (1); } + static int ssh_rijndael_cbc(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src, u_int len) @@ -528,6 +538,7 @@ ssh_rijndael_cbc(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src, } return (1); } + static int ssh_rijndael_cleanup(EVP_CIPHER_CTX *ctx) { @@ -540,6 +551,7 @@ ssh_rijndael_cleanup(EVP_CIPHER_CTX *ctx) } return (1); } + static const EVP_CIPHER * evp_rijndael(void) { diff --git a/openssh/configure.ac b/openssh/configure.ac index 2884f9d..9fd96ae 100644 --- a/openssh/configure.ac +++ b/openssh/configure.ac @@ -76,6 +76,7 @@ case "$host" in AC_DEFINE(BROKEN_REALPATH) dnl AIX handles lastlog as part of its login message AC_DEFINE(DISABLE_LASTLOG) + AC_DEFINE(LOGIN_NEEDS_UTMPX) ;; *-*-cygwin*) LIBS="$LIBS /usr/lib/textmode.o" @@ -85,6 +86,7 @@ case "$host" in AC_DEFINE(IPV4_DEFAULT) AC_DEFINE(IP_TOS_IS_BROKEN) AC_DEFINE(NO_X11_UNIX_SOCKETS) + AC_DEFINE(BROKEN_FD_PASSING) AC_DEFINE(SETGROUPS_NOOP) ;; *-*-dgux*) @@ -246,7 +248,6 @@ mips-sony-bsd|mips-sony-newsos4) CPPFLAGS="$CPPFLAGS -Dftruncate=chsize -I/usr/local/include" LDFLAGS="$LDFLAGS -L/usr/local/lib" LIBS="$LIBS -los -lprot -lx -ltinfo -lm" - rsh_path="/usr/bin/rcmd" RANLIB=true no_dev_ptmx=1 AC_DEFINE(BROKEN_SYS_TERMIO_H) @@ -263,10 +264,10 @@ mips-sony-bsd|mips-sony-newsos4) LDFLAGS="$LDFLAGS -L/usr/local/lib" LIBS="$LIBS -lprot -lx -ltinfo -lm" no_dev_ptmx=1 - rsh_path="/usr/bin/rcmd" AC_DEFINE(USE_PIPES) AC_DEFINE(HAVE_SECUREWARE) AC_DEFINE(DISABLE_SHADOW) + AC_DEFINE(BROKEN_FD_PASSING) AC_CHECK_FUNCS(getluid setluid) MANTYPE=man ;; @@ -274,6 +275,7 @@ mips-sony-bsd|mips-sony-newsos4) no_libsocket=1 no_libnsl=1 AC_DEFINE(USE_PIPES) + AC_DEFINE(BROKEN_FD_PASSING) LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal,-L/usr/local/lib" LIBS="$LIBS -lgen -lrsc" ;; @@ -676,6 +678,30 @@ AC_CHECK_FUNCS(arc4random b64_ntop bcopy bindresvport_sa \ socketpair strerror strlcat strlcpy strmode strsep sysconf tcgetpgrp \ truncate utimes vhangup vsnprintf waitpid __b64_ntop _getpty) +if test $ac_cv_func_mmap = yes ; then +AC_MSG_CHECKING([for mmap anon shared]) +AC_TRY_RUN( + [ +#include +#include +#if !defined(MAP_ANON) && defined(MAP_ANONYMOUS) +#define MAP_ANON MAP_ANONYMOUS +#endif +main() { char *p; +p = (char *) mmap(NULL, 10, PROT_WRITE|PROT_READ, MAP_ANON|MAP_SHARED, -1, 0); +if (p == (char *)-1) + exit(1); +exit(0); +} + ], + [ + AC_MSG_RESULT(yes) + AC_DEFINE(HAVE_MMAP_ANON_SHARED) + ], + [ AC_MSG_RESULT(no) ] +) +fi + dnl IRIX and Solaris 2.5.1 have dirname() in libgen AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[ AC_CHECK_LIB(gen, dirname,[ @@ -1022,16 +1048,17 @@ AC_ARG_WITH(entropy-timeout, ) AC_DEFINE_UNQUOTED(ENTROPY_TIMEOUT_MSEC, $entropy_timeout) -ssh_privsep_user=sshd +SSH_PRIVSEP_USER=sshd AC_ARG_WITH(privsep-user, [ --with-privsep-user=user Specify non-privileged user for privilege separation], [ if test -n "$withval"; then - ssh_privsep_user=$withval + SSH_PRIVSEP_USER=$withval fi ] ) -AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$ssh_privsep_user") +AC_DEFINE_UNQUOTED(SSH_PRIVSEP_USER, "$SSH_PRIVSEP_USER") +AC_SUBST(SSH_PRIVSEP_USER) # We do this little dance with the search path to insure # that programs that we select for use by installed programs @@ -1929,17 +1956,6 @@ AC_ARG_WITH(afs, LIBS="$LIBS $KLIBS $K5LIBS" # Looking for programs, paths and files -AC_ARG_WITH(rsh, - [ --with-rsh=PATH Specify path to remote shell program ], - [ - if test "x$withval" != "$no" ; then - rsh_path=$withval - fi - ], - [ - AC_PATH_PROG(rsh_path, rsh) - ] -) PRIVSEP_PATH=/var/empty AC_ARG_WITH(privsep-path, @@ -1975,9 +1991,6 @@ else XAUTH_PATH=$xauth_path AC_SUBST(XAUTH_PATH) fi -if test ! -z "$rsh_path" ; then - AC_DEFINE_UNQUOTED(RSH_PATH, "$rsh_path") -fi # Check for mail directory (last resort if we cannot get it from headers) if test ! -z "$MAIL" ; then diff --git a/openssh/contrib/aix/README b/openssh/contrib/aix/README index a08c084..033fd0a 100644 --- a/openssh/contrib/aix/README +++ b/openssh/contrib/aix/README @@ -25,6 +25,10 @@ Other notes: The script treats all packages as USR packages (not ROOT+USR when appropriate). It seems to work, though...... +If there are any patches to this that have not yet been integrated they +may be found at http://www.zip.com.au/~dtucker/openssh/ or +http://home.usf.advantra.com.au/~dtucker/openssh/. + Disclaimer: diff --git a/openssh/contrib/aix/buildbff.sh b/openssh/contrib/aix/buildbff.sh index 4095884..d531e53 100755 --- a/openssh/contrib/aix/buildbff.sh +++ b/openssh/contrib/aix/buildbff.sh @@ -9,28 +9,96 @@ # Based originally on Ben Lindstrom's buildpkg.sh for Solaris # +# +# Tunable configuration settings +# create a "config.local" in your build directory to override these. +# +PERMIT_ROOT_LOGIN=no +X11_FORWARDING=no + umask 022 + +# +# We still support running from contrib/aix, but this is depreciated +# +if pwd | egrep 'contrib/aix$' +then + echo "Changing directory to `pwd`/../.." + echo "Please run buildbff.sh from your build directory in future." + cd ../.. + contribaix=1 +fi + +if [ ! -f Makefile ] +then + echo "Makefile not found (did you run configure?)" + exit 1 +fi + +# +# Directories used during build: +# current dir = $objdir directory you ran ./configure in. +# $objdir/$PKGDIR/ directory package files are constructed in +# $objdir/$PKGDIR/root/ package root ($FAKE_ROOT) +# +objdir=`pwd` PKGNAME=openssh PKGDIR=package -PATH=`pwd`:$PATH # set path for external tools -export PATH +# Path to inventory.sh: same place as buildbff.sh +if echo $0 | egrep '^/' +then + inventory=`dirname $0`/inventory.sh # absolute path +else + inventory=`pwd`/`dirname $0`/inventory.sh # relative path +fi -# Clean build directory -rm -rf $PKGDIR -mkdir $PKGDIR +# +# Collect local configuration settings to override defaults +# +if [ -s ./config.local ] +then + echo Reading local settings from config.local + . ./config.local +fi + +# +# Fill in some details from Makefile, like prefix and sysconfdir +# the eval also expands variables like sysconfdir=${prefix}/etc +# provided they are eval'ed in the correct order +# +for confvar in prefix exec_prefix bindir sbindir libexecdir datadir mandir mansubdir sysconfdir piddir srcdir +do + eval $confvar=`grep "^$confvar=" $objdir/Makefile | cut -d = -f 2` +done + +# +# Collect values of privsep user and privsep path +# currently only found in config.h +# +for confvar in SSH_PRIVSEP_USER PRIVSEP_PATH +do + eval $confvar=`awk '/#define[ \t]'$confvar'/{print $3}' $objdir/config.h` +done -if [ ! -f ../../Makefile ] +# Set privsep defaults if not defined +if [ -z "$SSH_PRIVSEP_USER" ] then - echo "Top-level Makefile not found (did you run ./configure?)" - exit 1 + SSH_PRIVSEP_USER=sshd +fi +if [ -z "$PRIVSEP_PATH" ] +then + PRIVSEP_PATH=/var/empty fi -## Start by faking root install +# Clean package build directory +rm -rf $objdir/$PKGDIR +FAKE_ROOT=$objdir/$PKGDIR/root +mkdir -p $FAKE_ROOT + +# Start by faking root install echo "Faking root install..." -START=`pwd` -FAKE_ROOT=$START/$PKGDIR -cd ../.. +cd $objdir make install-nokeys DESTDIR=$FAKE_ROOT if [ $? -gt 0 ] @@ -39,6 +107,12 @@ then exit 1 fi +# +# Copy informational files to include in package +# +cp $srcdir/LICENCE $objdir/$PKGDIR/ +cp $srcdir/README* $objdir/$PKGDIR/ + # # Extract common info requires for the 'info' part of the package. # AIX requires 4-part version numbers @@ -47,24 +121,27 @@ VERSION=`./ssh -V 2>&1 | sed -e 's/,.*//' | cut -f 2 -d _` MAJOR=`echo $VERSION | cut -f 1 -d p | cut -f 1 -d .` MINOR=`echo $VERSION | cut -f 1 -d p | cut -f 2 -d .` PATCH=`echo $VERSION | cut -f 1 -d p | cut -f 3 -d .` -PORTABLE=`echo $VERSION | cut -f 2 -d p` -if [ "$PATCH" = "" ] -then - PATCH=0 -fi +PORTABLE=`echo $VERSION | awk 'BEGIN{FS="p"}{print $2}'` +[ "$PATCH" = "" ] && PATCH=0 +[ "$PORTABLE" = "" ] && PORTABLE=0 BFFVERSION=`printf "%d.%d.%d.%d" $MAJOR $MINOR $PATCH $PORTABLE` echo "Building BFF for $PKGNAME $VERSION (package version $BFFVERSION)" # -# Fill in some details, like prefix and sysconfdir -# the eval also expands variables like sysconfdir=${prefix}/etc -# provided they are eval'ed in the correct order +# Set ssh and sshd parameters as per config.local # -for confvar in prefix exec_prefix bindir sbindir libexecdir datadir mandir mansubdir sysconfdir piddir -do - eval $confvar=`grep "^$confvar=" Makefile | cut -d = -f 2` -done +if [ "${PERMIT_ROOT_LOGIN}" = no ] +then + perl -p -i -e "s/#PermitRootLogin yes/PermitRootLogin no/" \ + $FAKE_ROOT/${sysconfdir}/sshd_config +fi +if [ "${X11_FORWARDING}" = yes ] +then + perl -p -i -e "s/#X11Forwarding no/X11Forwarding yes/" \ + $FAKE_ROOT/${sysconfdir}/sshd_config +fi + # Rename config files; postinstall script will copy them if necessary for cfgfile in ssh_config sshd_config ssh_prng_cmds @@ -74,14 +151,18 @@ done # # Generate lpp control files. -# working dir is $FAKE_ROOT but files are generated in contrib/aix +# working dir is $FAKE_ROOT but files are generated in dir above # and moved into place just before creation of .bff # cd $FAKE_ROOT echo Generating LPP control files find . ! -name . -print >../openssh.al -inventory.sh >../openssh.inventory -cp ../../../LICENCE ../openssh.copyright +$inventory >../openssh.inventory + +cat <../openssh.copyright +This software is distributed under a BSD-style license. +For the full text of the license, see /usr/lpp/openssh/LICENCE +EOD # # Create postinstall script @@ -89,7 +170,7 @@ cp ../../../LICENCE ../openssh.copyright cat <>../openssh.post_i #!/bin/sh -# Create configs from defaults if necessary +echo Creating configs from defaults if necessary. for cfgfile in ssh_config sshd_config ssh_prng_cmds do if [ ! -f $sysconfdir/\$cfgfile ] @@ -100,8 +181,51 @@ do echo "\$cfgfile already exists." fi done +echo + +# Create PrivSep user if PrivSep not disabled in config +echo Creating PrivSep prereqs if required. +if egrep '^[ \t]*UsePrivilegeSeparation[ \t]+no' $sysconfdir/sshd_config >/dev/null +then + echo "UsePrivilegeSeparation disabled in config, not creating PrivSep user," + echo "group or chroot directory." +else + echo "UsePrivilegeSeparation enabled in config (or defaulting to on)." + + # create group if required + if cut -f1 -d: /etc/group | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null + then + echo "PrivSep group $SSH_PRIVSEP_USER already exists." + else + echo "Creating PrivSep group $SSH_PRIVSEP_USER." + mkgroup -A $SSH_PRIVSEP_USER + fi + + # Create user if required + if cut -f1 -d: /etc/passwd | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null + then + echo "PrivSep user $SSH_PRIVSEP_USER already exists." + else + echo "Creating PrivSep user $SSH_PRIVSEP_USER." + mkuser gecos='SSHD PrivSep User' login=false rlogin=false account_locked=true pgrp=$SSH_PRIVSEP_USER $SSH_PRIVSEP_USER + fi + + # create chroot directory if required + if [ -d $PRIVSEP_PATH ] + then + echo "PrivSep chroot directory $PRIVSEP_PATH already exists." + else + echo "Creating PrivSep chroot directory $PRIVSEP_PATH." + mkdir $PRIVSEP_PATH + chown 0 $PRIVSEP_PATH + chgrp 0 $PRIVSEP_PATH + chmod 755 $PRIVSEP_PATH + fi +fi +echo # Generate keys unless they already exist +echo Creating host keys if required. if [ -f "$sysconfdir/ssh_host_key" ] ; then echo "$sysconfdir/ssh_host_key already exists, skipping." else @@ -117,6 +241,7 @@ if [ -f $sysconfdir/ssh_host_rsa_key ] ; then else $bindir/ssh-keygen -t rsa -f $sysconfdir/ssh_host_rsa_key -N "" fi +echo # Add to system startup if required if grep $sbindir/sshd /etc/rc.tcpip >/dev/null @@ -135,10 +260,10 @@ EOF echo Creating liblpp.a ( cd .. - for i in al copyright inventory post_i + for i in openssh.al openssh.copyright openssh.inventory openssh.post_i LICENCE README* do - ar -r liblpp.a openssh.$i - rm openssh.$i + ar -r liblpp.a $i + rm $i done ) @@ -159,6 +284,8 @@ echo Creating liblpp.a # /usr/local/share 3 # % # ] +# } + echo Creating lpp_name cat <../lpp_name 4 R I $PKGNAME { @@ -167,11 +294,14 @@ $PKGNAME $BFFVERSION 1 N U en_US OpenSSH $VERSION Portable for AIX % EOF -for i in $bindir $sysconfdir $libexecdir $mandir/man1 $mandir/man8 $sbindir $datadir +for i in $bindir $sysconfdir $libexecdir $mandir/${mansubdir}1 $mandir/${mansubdir}8 $sbindir $datadir /usr/lpp/openssh do # get size in 512 byte blocks - size=`du $FAKE_ROOT/$i | awk '{print $1}'` - echo "$i $size" >>../lpp_name + if [ -d $FAKE_ROOT/$i ] + then + size=`du $FAKE_ROOT/$i | awk '{print $1}'` + echo "$i $size" >>../lpp_name + fi done echo '%' >>../lpp_name @@ -187,7 +317,7 @@ mv ../lpp_name . # # Now invoke backup to create .bff file -# note: lpp_name needs to be the first file do we generate the +# note: lpp_name needs to be the first file so we generate the # file list on the fly and feed it to backup using -i # echo Creating $PKGNAME-$VERSION.bff with backup... @@ -197,8 +327,17 @@ rm -f $PKGNAME-$VERSION.bff find . ! -name lpp_name -a ! -name . -print ) | backup -i -q -f ../$PKGNAME-$VERSION.bff $filelist -cd .. +# +# Move package into final location +# +if [ "$contribaix" = "1" ] +then + mv ../$PKGNAME-$VERSION.bff $objdir/contrib/aix +else + mv ../$PKGNAME-$VERSION.bff $objdir +fi + +rm -rf $objdir/$PKGDIR -rm -rf $PKGDIR echo $0: done. diff --git a/openssh/defines.h b/openssh/defines.h index f7adb34..3f5b28a 100644 --- a/openssh/defines.h +++ b/openssh/defines.h @@ -316,14 +316,6 @@ struct winsize { # define _PATH_MAILDIR MAILDIR #endif /* !defined(_PATH_MAILDIR) && defined(MAILDIR) */ -#ifndef _PATH_RSH -# ifdef RSH_PATH -# define _PATH_RSH RSH_PATH -# else /* RSH_PATH */ -# define _PATH_RSH "/usr/bin/rsh" -# endif /* RSH_PATH */ -#endif /* _PATH_RSH */ - #ifndef _PATH_NOLOGIN # define _PATH_NOLOGIN "/etc/nologin" #endif @@ -417,12 +409,18 @@ struct winsize { #endif #ifndef HAVE_GETOPT_OPTRESET -#define getopt(ac, av, o) BSDgetopt(ac, av, o) -#define opterr BSDopterr -#define optind BSDoptind -#define optopt BSDoptopt -#define optreset BSDoptreset -#define optarg BSDoptarg +# undef getopt +# undef opterr +# undef optind +# undef optopt +# undef optreset +# undef optarg +# define getopt(ac, av, o) BSDgetopt(ac, av, o) +# define opterr BSDopterr +# define optind BSDoptind +# define optopt BSDoptopt +# define optreset BSDoptreset +# define optarg BSDoptarg #endif /* In older versions of libpam, pam_strerror takes a single argument */ diff --git a/openssh/kex.c b/openssh/kex.c index b90d750..7b87aa3 100644 --- a/openssh/kex.c +++ b/openssh/kex.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: kex.c,v 1.50 2002/05/15 15:47:49 mouring Exp $"); +RCSID("$OpenBSD: kex.c,v 1.51 2002/06/24 14:55:38 markus Exp $"); #include @@ -206,8 +206,8 @@ kex_input_kexinit(int type, u_int32_t seq, void *ctxt) packet_get_char(); for (i = 0; i < PROPOSAL_MAX; i++) xfree(packet_get_string(NULL)); - packet_get_char(); - packet_get_int(); + (void) packet_get_char(); + (void) packet_get_int(); packet_check_eom(); kex_kexinit_finish(kex); diff --git a/openssh/key.c b/openssh/key.c index a456d80..7f3fe4a 100644 --- a/openssh/key.c +++ b/openssh/key.c @@ -32,7 +32,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: key.c,v 1.44 2002/05/31 13:16:48 markus Exp $"); +RCSID("$OpenBSD: key.c,v 1.45 2002/06/23 03:26:19 deraadt Exp $"); #include @@ -89,6 +89,7 @@ key_new(int type) } return k; } + Key * key_new_private(int type) { @@ -120,6 +121,7 @@ key_new_private(int type) } return k; } + void key_free(Key *k) { @@ -359,6 +361,7 @@ read_bignum(char **cpp, BIGNUM * value) *cpp = cp; return 1; } + static int write_bignum(FILE *f, BIGNUM *num) { @@ -485,6 +488,7 @@ key_read(Key *ret, char **cpp) } return success; } + int key_write(Key *key, FILE *f) { @@ -516,6 +520,7 @@ key_write(Key *key, FILE *f) } return success; } + char * key_type(Key *k) { @@ -532,6 +537,7 @@ key_type(Key *k) } return "unknown"; } + char * key_ssh_name(Key *k) { @@ -545,6 +551,7 @@ key_ssh_name(Key *k) } return "ssh-unknown"; } + u_int key_size(Key *k) { @@ -809,7 +816,6 @@ key_verify( } /* Converts a private to a public key */ - Key * key_demote(Key *k) { diff --git a/openssh/monitor.c b/openssh/monitor.c index 39b6248..89b712f 100644 --- a/openssh/monitor.c +++ b/openssh/monitor.c @@ -25,7 +25,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: monitor.c,v 1.16 2002/06/21 05:50:51 djm Exp $"); +RCSID("$OpenBSD: monitor.c,v 1.18 2002/06/26 13:20:57 deraadt Exp $"); #include @@ -188,9 +188,6 @@ struct mon_table mon_dispatch_proto15[] = { {MONITOR_REQ_KEYALLOWED, MON_ISAUTH, mm_answer_keyallowed}, {MONITOR_REQ_RSACHALLENGE, MON_ONCE, mm_answer_rsa_challenge}, {MONITOR_REQ_RSARESPONSE, MON_ONCE|MON_AUTHDECIDE, mm_answer_rsa_response}, -#ifdef USE_PAM - {MONITOR_REQ_PAM_START, MON_ONCE, mm_answer_pam_start}, -#endif #ifdef BSD_AUTH {MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery}, {MONITOR_REQ_BSDAUTHRESPOND, MON_AUTH,mm_answer_bsdauthrespond}, @@ -982,14 +979,14 @@ mm_answer_keyverify(int socket, Buffer *m) xfree(signature); xfree(data); + auth_method = key_blobtype == MM_USERKEY ? "publickey" : "hostbased"; + monitor_reset_key_state(); buffer_clear(m); buffer_put_int(m, verified); mm_request_send(socket, MONITOR_ANS_KEYVERIFY, m); - auth_method = key_blobtype == MM_USERKEY ? "publickey" : "hostbased"; - return (verified); } @@ -1456,9 +1453,13 @@ mm_get_keystate(struct monitor *pmonitor) void * mm_zalloc(struct mm_master *mm, u_int ncount, u_int size) { + int len = size * ncount; void *address; - address = mm_malloc(mm, size * ncount); + if (len <= 0) + fatal("%s: mm_zalloc(%u, %u)", __func__, ncount, size); + + address = mm_malloc(mm, len); return (address); } diff --git a/openssh/monitor_fdpass.h b/openssh/monitor_fdpass.h index cb12c41..31d080e 100644 --- a/openssh/monitor_fdpass.h +++ b/openssh/monitor_fdpass.h @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_fdpass.h,v 1.2 2002/03/26 03:24:01 stevesk Exp $ */ +/* $OpenBSD: monitor_fdpass.h,v 1.2 2002/03/26 03:24:01 stevesk Exp $ */ /* * Copyright 2002 Niels Provos diff --git a/openssh/monitor_mm.c b/openssh/monitor_mm.c index 0076c42..c363036 100644 --- a/openssh/monitor_mm.c +++ b/openssh/monitor_mm.c @@ -84,13 +84,13 @@ mm_create(struct mm_master *mmalloc, size_t size) */ mm->mmalloc = mmalloc; -#if defined(HAVE_MMAP) && defined(MAP_ANON) +#ifdef HAVE_MMAP_ANON_SHARED address = mmap(NULL, size, PROT_WRITE|PROT_READ, MAP_ANON|MAP_SHARED, -1, 0); if (address == MAP_FAILED) fatal("mmap(%lu): %s", (u_long)size, strerror(errno)); #else - fatal("%s: UsePrivilegeSeparation=yes not supported", + fatal("%s: UsePrivilegeSeparation=yes and Compression=yes not supported", __func__); #endif @@ -130,12 +130,12 @@ mm_destroy(struct mm_master *mm) mm_freelist(mm->mmalloc, &mm->rb_free); mm_freelist(mm->mmalloc, &mm->rb_allocated); -#ifdef HAVE_MMAP +#ifdef HAVE_MMAP_ANON_SHARED if (munmap(mm->address, mm->size) == -1) fatal("munmap(%p, %lu): %s", mm->address, (u_long)mm->size, strerror(errno)); #else - fatal("%s: UsePrivilegeSeparation=yes not supported", + fatal("%s: UsePrivilegeSeparation=yes and Compression=yes not supported", __func__); #endif if (mm->mmalloc == NULL) diff --git a/openssh/monitor_mm.h b/openssh/monitor_mm.h index c0af432..c0a66d5 100644 --- a/openssh/monitor_mm.h +++ b/openssh/monitor_mm.h @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_mm.h,v 1.2 2002/03/26 03:24:01 stevesk Exp $ */ +/* $OpenBSD: monitor_mm.h,v 1.2 2002/03/26 03:24:01 stevesk Exp $ */ /* * Copyright 2002 Niels Provos diff --git a/openssh/packet.c b/openssh/packet.c index 62f955e..4e6fc4a 100644 --- a/openssh/packet.c +++ b/openssh/packet.c @@ -37,7 +37,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: packet.c,v 1.95 2002/06/19 18:01:00 markus Exp $"); +RCSID("$OpenBSD: packet.c,v 1.96 2002/06/23 21:10:02 deraadt Exp $"); #include "xmalloc.h" #include "buffer.h" @@ -1015,7 +1015,7 @@ packet_read_poll2(u_int32_t *seqnr_p) int packet_read_poll_seqnr(u_int32_t *seqnr_p) { - int reason, seqnr; + u_int reason, seqnr; u_char type; char *msg; @@ -1038,14 +1038,15 @@ packet_read_poll_seqnr(u_int32_t *seqnr_p) case SSH2_MSG_DISCONNECT: reason = packet_get_int(); msg = packet_get_string(NULL); - log("Received disconnect from %s: %d: %.400s", get_remote_ipaddr(), - reason, msg); + log("Received disconnect from %s: %u: %.400s", + get_remote_ipaddr(), reason, msg); xfree(msg); fatal_cleanup(); break; case SSH2_MSG_UNIMPLEMENTED: seqnr = packet_get_int(); - debug("Received SSH2_MSG_UNIMPLEMENTED for %d", seqnr); + debug("Received SSH2_MSG_UNIMPLEMENTED for %u", + seqnr); break; default: return type; @@ -1063,8 +1064,8 @@ packet_read_poll_seqnr(u_int32_t *seqnr_p) break; case SSH_MSG_DISCONNECT: msg = packet_get_string(NULL); - log("Received disconnect from %s: %.400s", get_remote_ipaddr(), - msg); + log("Received disconnect from %s: %.400s", + get_remote_ipaddr(), msg); fatal_cleanup(); xfree(msg); break; diff --git a/openssh/servconf.c b/openssh/servconf.c index 92ed89a..0170f06 100644 --- a/openssh/servconf.c +++ b/openssh/servconf.c @@ -10,7 +10,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: servconf.c,v 1.111 2002/06/20 23:05:55 markus Exp $"); +RCSID("$OpenBSD: servconf.c,v 1.112 2002/06/23 09:46:51 deraadt Exp $"); #if defined(KRB4) #include @@ -273,7 +273,7 @@ fill_default_server_options(ServerOptions *options) if (use_privsep == -1) use_privsep = 1; -#if !defined(HAVE_MMAP) || !defined(MAP_ANON) +#if !defined(HAVE_MMAP_ANON_SHARED) if (use_privsep && options->compression == 1) { error("This platform does not support both privilege " "separation and compression"); @@ -449,7 +449,7 @@ add_one_listen_addr(ServerOptions *options, char *addr, u_short port) hints.ai_family = IPv4or6; hints.ai_socktype = SOCK_STREAM; hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0; - snprintf(strport, sizeof strport, "%d", port); + snprintf(strport, sizeof strport, "%u", port); if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0) fatal("bad addr or host: %s (%s)", addr ? addr : "", @@ -465,9 +465,8 @@ process_server_config_line(ServerOptions *options, char *line, const char *filename, int linenum) { char *cp, **charptr, *arg, *p; - int *intptr, value; + int *intptr, value, i, n; ServerOpCodes opcode; - int i, n; cp = line; arg = strdelim(&cp); @@ -805,7 +804,8 @@ parse_flag: if (options->num_allow_users >= MAX_ALLOW_USERS) fatal("%s line %d: too many allow users.", filename, linenum); - options->allow_users[options->num_allow_users++] = xstrdup(arg); + options->allow_users[options->num_allow_users++] = + xstrdup(arg); } break; @@ -814,7 +814,8 @@ parse_flag: if (options->num_deny_users >= MAX_DENY_USERS) fatal( "%s line %d: too many deny users.", filename, linenum); - options->deny_users[options->num_deny_users++] = xstrdup(arg); + options->deny_users[options->num_deny_users++] = + xstrdup(arg); } break; @@ -823,7 +824,8 @@ parse_flag: if (options->num_allow_groups >= MAX_ALLOW_GROUPS) fatal("%s line %d: too many allow groups.", filename, linenum); - options->allow_groups[options->num_allow_groups++] = xstrdup(arg); + options->allow_groups[options->num_allow_groups++] = + xstrdup(arg); } break; @@ -961,10 +963,9 @@ parse_flag: void read_server_config(ServerOptions *options, const char *filename) { - FILE *f; + int linenum, bad_options = 0; char line[1024]; - int linenum; - int bad_options = 0; + FILE *f; f = fopen(filename, "r"); if (!f) { diff --git a/openssh/session.c b/openssh/session.c index 6a1d6fd..59de795 100644 --- a/openssh/session.c +++ b/openssh/session.c @@ -33,7 +33,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: session.c,v 1.138 2002/06/20 23:05:55 markus Exp $"); +RCSID("$OpenBSD: session.c,v 1.142 2002/06/26 13:49:26 deraadt Exp $"); #include "ssh.h" #include "ssh1.h" @@ -256,8 +256,8 @@ do_authenticated1(Authctxt *authctxt) Session *s; char *command; int success, type, screen_flag; - int compression_level = 0, enable_compression_after_reply = 0; - u_int proto_len, data_len, dlen; + int enable_compression_after_reply = 0; + u_int proto_len, data_len, dlen, compression_level = 0; s = session_new(); s->authctxt = authctxt; @@ -865,6 +865,9 @@ child_set_env(char ***envp, u_int *envsizep, const char *name, } else { /* New variable. Expand if necessary. */ if (i >= (*envsizep) - 1) { + if (*envsizep >= 1000) + fatal("child_set_env: too many env vars," + " skipping: %.100s", name); (*envsizep) += 50; env = (*envp) = xrealloc(env, (*envsizep) * sizeof(char *)); } @@ -890,12 +893,15 @@ read_environment_file(char ***env, u_int *envsize, FILE *f; char buf[4096]; char *cp, *value; + u_int lineno = 0; f = fopen(filename, "r"); if (!f) return; while (fgets(buf, sizeof(buf), f)) { + if (++lineno > 1000) + fatal("Too many lines in environment file %s", filename); for (cp = buf; *cp == ' ' || *cp == '\t'; cp++) ; if (!*cp || *cp == '#' || *cp == '\n') @@ -904,7 +910,8 @@ read_environment_file(char ***env, u_int *envsize, *strchr(cp, '\n') = '\0'; value = strchr(cp, '='); if (value == NULL) { - fprintf(stderr, "Bad line in %.100s: %.200s\n", filename, buf); + fprintf(stderr, "Bad line %u in %.100s\n", lineno, + filename); continue; } /* @@ -1175,6 +1182,8 @@ do_nologin(struct passwd *pw) void do_setusercontext(struct passwd *pw) { + char tty='\0'; + #ifdef HAVE_CYGWIN if (is_winnt) { #else /* HAVE_CYGWIN */ @@ -1184,6 +1193,9 @@ do_setusercontext(struct passwd *pw) setpcred(pw->pw_name); #endif /* HAVE_SETPCRED */ #ifdef HAVE_LOGIN_CAP +#ifdef __bsdi__ + setpgid(0, 0); +#endif if (setusercontext(lc, pw, pw->pw_uid, (LOGIN_SETALL & ~LOGIN_SETPATH)) < 0) { perror("unable to set user context"); @@ -1219,6 +1231,10 @@ do_setusercontext(struct passwd *pw) # if defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY) irix_setusercontext(pw); # endif /* defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY) */ +# ifdef _AIX + /* XXX: Disable tty setting. Enabled if required later */ + aix_usrinfo(pw, &tty, -1); +# endif /* _AIX */ /* Permanently switch to the desired uid. */ permanently_set_uid(pw); #endif @@ -1281,9 +1297,6 @@ do_child(Session *s, const char *command) do_motd(); #else /* HAVE_OSF_SIA */ do_nologin(pw); -# ifdef _AIX - aix_usrinfo(pw, s->tty, s->ttyfd); -# endif /* _AIX */ do_setusercontext(pw); #endif /* HAVE_OSF_SIA */ } @@ -1993,9 +2006,9 @@ session_setup_x11fwd(Session *s) debug("X11 display already set."); return 0; } - s->display_number = x11_create_display_inet(options.x11_display_offset, - options.x11_use_localhost, s->single_connection); - if (s->display_number == -1) { + if (x11_create_display_inet(options.x11_display_offset, + options.x11_use_localhost, s->single_connection, + &s->display_number) == -1) { debug("x11_create_display_inet failed."); return 0; } @@ -2009,9 +2022,9 @@ session_setup_x11fwd(Session *s) * different than the DISPLAY string for localhost displays. */ if (options.x11_use_localhost) { - snprintf(display, sizeof display, "localhost:%d.%d", + snprintf(display, sizeof display, "localhost:%u.%u", s->display_number, s->screen); - snprintf(auth_display, sizeof auth_display, "unix:%d.%d", + snprintf(auth_display, sizeof auth_display, "unix:%u.%u", s->display_number, s->screen); s->display = xstrdup(display); s->auth_display = xstrdup(auth_display); @@ -2027,10 +2040,10 @@ session_setup_x11fwd(Session *s) return 0; } memcpy(&my_addr, he->h_addr_list[0], sizeof(struct in_addr)); - snprintf(display, sizeof display, "%.50s:%d.%d", inet_ntoa(my_addr), + snprintf(display, sizeof display, "%.50s:%u.%u", inet_ntoa(my_addr), s->display_number, s->screen); #else - snprintf(display, sizeof display, "%.400s:%d.%d", hostname, + snprintf(display, sizeof display, "%.400s:%u.%u", hostname, s->display_number, s->screen); #endif s->display = xstrdup(display); diff --git a/openssh/session.h b/openssh/session.h index befb7c1..ae4fb09 100644 --- a/openssh/session.h +++ b/openssh/session.h @@ -1,4 +1,4 @@ -/* $OpenBSD: session.h,v 1.17 2002/03/29 18:59:32 markus Exp $ */ +/* $OpenBSD: session.h,v 1.18 2002/06/23 21:06:41 deraadt Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -37,15 +37,15 @@ struct Session { /* tty */ char *term; int ptyfd, ttyfd, ptymaster; - int row, col, xpixel, ypixel; + u_int row, col, xpixel, ypixel; char tty[TTYSZ]; /* last login */ char hostname[MAXHOSTNAMELEN]; time_t last_login_time; /* X11 */ - int display_number; + u_int display_number; char *display; - int screen; + u_int screen; char *auth_display; char *auth_proto; char *auth_data; diff --git a/openssh/ssh-agent.c b/openssh/ssh-agent.c index 53bf051..ac16bae 100644 --- a/openssh/ssh-agent.c +++ b/openssh/ssh-agent.c @@ -35,7 +35,7 @@ #include "includes.h" #include "openbsd-compat/fake-queue.h" -RCSID("$OpenBSD: ssh-agent.c,v 1.95 2002/06/19 00:27:55 deraadt Exp $"); +RCSID("$OpenBSD: ssh-agent.c,v 1.97 2002/06/24 14:55:38 markus Exp $"); #include #include @@ -110,6 +110,7 @@ static void idtab_init(void) { int i; + for (i = 0; i <=2; i++) { TAILQ_INIT(&idtable[i].idlist); idtable[i].nentries = 0; @@ -152,8 +153,8 @@ static void process_request_identities(SocketEntry *e, int version) { Idtab *tab = idtab_lookup(version); - Buffer msg; Identity *id; + Buffer msg; buffer_init(&msg); buffer_put_char(&msg, (version == 1) ? @@ -182,21 +183,21 @@ process_request_identities(SocketEntry *e, int version) static void process_authentication_challenge1(SocketEntry *e) { - Identity *id; - Key *key; + u_char buf[32], mdbuf[16], session_id[16]; + u_int response_type; BIGNUM *challenge; + Identity *id; int i, len; Buffer msg; MD5_CTX md; - u_char buf[32], mdbuf[16], session_id[16]; - u_int response_type; + Key *key; buffer_init(&msg); key = key_new(KEY_RSA1); if ((challenge = BN_new()) == NULL) fatal("process_authentication_challenge1: BN_new failed"); - buffer_get_int(&e->request); /* ignored */ + (void) buffer_get_int(&e->request); /* ignored */ buffer_get_bignum(&e->request, key->rsa->e); buffer_get_bignum(&e->request, key->rsa->n); buffer_get_bignum(&e->request, challenge); @@ -251,13 +252,12 @@ send: static void process_sign_request2(SocketEntry *e) { - extern int datafellows; - Key *key; u_char *blob, *data, *signature = NULL; u_int blen, dlen, slen = 0; - int flags; + extern int datafellows; + int ok = -1, flags; Buffer msg; - int ok = -1; + Key *key; datafellows = 0; @@ -296,11 +296,10 @@ process_sign_request2(SocketEntry *e) static void process_remove_identity(SocketEntry *e, int version) { + u_int blen, bits; + int success = 0; Key *key = NULL; u_char *blob; - u_int blen; - u_int bits; - int success = 0; switch (version) { case 1: @@ -310,7 +309,7 @@ process_remove_identity(SocketEntry *e, int version) buffer_get_bignum(&e->request, key->rsa->n); if (bits != key_size(key)) - log("Warning: identity keysize mismatch: actual %d, announced %d", + log("Warning: identity keysize mismatch: actual %u, announced %u", key_size(key), bits); break; case 2: @@ -370,10 +369,10 @@ process_remove_all_identities(SocketEntry *e, int version) static void reaper(void) { - Idtab *tab; + u_int now = time(NULL); Identity *id, *nxt; int version; - u_int now = time(NULL); + Idtab *tab; for (version = 1; version < 3; version++) { tab = idtab_lookup(version); @@ -391,16 +390,15 @@ reaper(void) static void process_add_identity(SocketEntry *e, int version) { - Key *k = NULL; - char *type_name; - char *comment; - int type, success = 0, death = 0; Idtab *tab = idtab_lookup(version); + int type, success = 0, death = 0; + char *type_name, *comment; + Key *k = NULL; switch (version) { case 1: k = key_new_private(KEY_RSA1); - buffer_get_int(&e->request); /* ignored */ + (void) buffer_get_int(&e->request); /* ignored */ buffer_get_bignum(&e->request, k->rsa->n); buffer_get_bignum(&e->request, k->rsa->e); buffer_get_bignum(&e->request, k->rsa->d); @@ -481,8 +479,8 @@ send: static void process_lock_agent(SocketEntry *e, int lock) { - char *passwd; int success = 0; + char *passwd; passwd = buffer_get_string(&e->request, NULL); if (locked && !lock && strcmp(passwd, lock_passwd) == 0) { @@ -523,11 +521,11 @@ no_identities(SocketEntry *e, u_int type) static void process_add_smartcard_key (SocketEntry *e) { - Identity *id; - Idtab *tab; - Key **keys, *k; char *sc_reader_id = NULL, *pin; int i, version, success = 0; + Key **keys, *k; + Identity *id; + Idtab *tab; sc_reader_id = buffer_get_string(&e->request, NULL); pin = buffer_get_string(&e->request, NULL); @@ -566,11 +564,11 @@ send: static void process_remove_smartcard_key(SocketEntry *e) { - Identity *id; - Idtab *tab; - Key **keys, *k = NULL; char *sc_reader_id = NULL, *pin; int i, version, success = 0; + Key **keys, *k = NULL; + Identity *id; + Idtab *tab; sc_reader_id = buffer_get_string(&e->request, NULL); pin = buffer_get_string(&e->request, NULL); @@ -608,8 +606,7 @@ send: static void process_message(SocketEntry *e) { - u_int msg_len; - u_int type; + u_int msg_len, type; u_char *cp; /* kill dead keys */ @@ -622,6 +619,7 @@ process_message(SocketEntry *e) if (msg_len > 256 * 1024) { shutdown(e->fd, SHUT_RDWR); close(e->fd); + e->fd = -1; e->type = AUTH_UNUSED; buffer_free(&e->input); buffer_free(&e->output); @@ -717,6 +715,7 @@ static void new_socket(sock_type type, int fd) { u_int i, old_alloc; + if (fcntl(fd, F_SETFL, O_NONBLOCK) < 0) error("fcntl O_NONBLOCK: %s", strerror(errno)); @@ -801,11 +800,11 @@ prepare_select(fd_set **fdrp, fd_set **fdwp, int *fdl, int *nallocp) static void after_select(fd_set *readset, fd_set *writeset) { - u_int i; - int len, sock; + struct sockaddr_un sunaddr; socklen_t slen; char buf[1024]; - struct sockaddr_un sunaddr; + int len, sock; + u_int i; for (i = 0; i < sockets_alloc; i++) switch (sockets[i].type) { @@ -839,6 +838,7 @@ after_select(fd_set *readset, fd_set *writeset) if (len <= 0) { shutdown(sockets[i].fd, SHUT_RDWR); close(sockets[i].fd); + sockets[i].fd = -1; sockets[i].type = AUTH_UNUSED; buffer_free(&sockets[i].input); buffer_free(&sockets[i].output); @@ -858,6 +858,7 @@ after_select(fd_set *readset, fd_set *writeset) if (len <= 0) { shutdown(sockets[i].fd, SHUT_RDWR); close(sockets[i].fd); + sockets[i].fd = -1; sockets[i].type = AUTH_UNUSED; buffer_free(&sockets[i].input); buffer_free(&sockets[i].output); @@ -928,6 +929,8 @@ int main(int ac, char **av) { int sock, c_flag = 0, d_flag = 0, k_flag = 0, s_flag = 0, ch, nalloc; + char *shell, *format, *pidstr, *agentsocket = NULL; + fd_set *readsetp = NULL, *writesetp = NULL; struct sockaddr_un sunaddr; #ifdef HAVE_SETRLIMIT struct rlimit rlim; @@ -935,12 +938,10 @@ main(int ac, char **av) #ifdef HAVE_CYGWIN int prev_mask; #endif - pid_t pid; - char *shell, *format, *pidstr, pidstrbuf[1 + 3 * sizeof pid]; - char *agentsocket = NULL; - extern char *optarg; extern int optind; - fd_set *readsetp = NULL, *writesetp = NULL; + extern char *optarg; + pid_t pid; + char pidstrbuf[1 + 3 * sizeof pid]; SSLeay_add_all_algorithms(); @@ -948,11 +949,7 @@ main(int ac, char **av) init_rng(); seed_rng(); -#ifdef __GNU_LIBRARY__ - while ((ch = getopt(ac, av, "+cdksa:")) != -1) { -#else /* __GNU_LIBRARY__ */ while ((ch = getopt(ac, av, "cdksa:")) != -1) { -#endif /* __GNU_LIBRARY__ */ switch (ch) { case 'c': if (s_flag) diff --git a/openssh/ssh.1 b/openssh/ssh.1 index 8ada41f..1f3efca 100644 --- a/openssh/ssh.1 +++ b/openssh/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.158 2002/06/20 19:56:07 stevesk Exp $ +.\" $OpenBSD: ssh.1,v 1.160 2002/06/22 11:51:39 naddy Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -952,8 +952,8 @@ protocol versions 1.5 and 2.0. .Xr ssh-agent 1 , .Xr ssh-keygen 1 , .Xr telnet 1 , -.Xr ssh_config 4 , -.Xr ssh-keysign 8, +.Xr ssh_config 5 , +.Xr ssh-keysign 8 , .Xr sshd 8 .Rs .%A T. Ylonen diff --git a/openssh/sshconnect2.c b/openssh/sshconnect2.c index fdf6f69..4c2993c 100644 --- a/openssh/sshconnect2.c +++ b/openssh/sshconnect2.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect2.c,v 1.104 2002/06/19 00:27:55 deraadt Exp $"); +RCSID("$OpenBSD: sshconnect2.c,v 1.105 2002/06/23 03:30:17 deraadt Exp $"); #include "ssh.h" #include "ssh2.h" @@ -361,12 +361,14 @@ userauth(Authctxt *authctxt, char *authlist) } } } + void input_userauth_error(int type, u_int32_t seq, void *ctxt) { fatal("input_userauth_error: bad message during authentication: " "type %d", type); } + void input_userauth_banner(int type, u_int32_t seq, void *ctxt) { @@ -378,6 +380,7 @@ input_userauth_banner(int type, u_int32_t seq, void *ctxt) xfree(msg); xfree(lang); } + void input_userauth_success(int type, u_int32_t seq, void *ctxt) { @@ -391,6 +394,7 @@ input_userauth_success(int type, u_int32_t seq, void *ctxt) clear_auth_state(authctxt); authctxt->success = 1; /* break out */ } + void input_userauth_failure(int type, u_int32_t seq, void *ctxt) { @@ -439,7 +443,7 @@ input_userauth_pk_ok(int type, u_int32_t seq, void *ctxt) } packet_check_eom(); - debug("input_userauth_pk_ok: pkalg %s blen %d lastkey %p hint %d", + debug("input_userauth_pk_ok: pkalg %s blen %u lastkey %p hint %d", pkalg, blen, authctxt->last_key, authctxt->last_key_hint); do { @@ -1114,9 +1118,7 @@ input_userauth_info_req(int type, u_int32_t seq, void *ctxt) } static int -ssh_keysign( - Key *key, - u_char **sigp, u_int *lenp, +ssh_keysign(Key *key, u_char **sigp, u_int *lenp, u_char *data, u_int datalen) { Buffer b; @@ -1318,6 +1320,7 @@ authmethod_lookup(const char *name) static Authmethod *current = NULL; static char *supported = NULL; static char *preferred = NULL; + /* * Given the authentication method list sent by the server, return the * next method we should try. If the server initially sends a nil list, diff --git a/openssh/sshd.8 b/openssh/sshd.8 index 22f8143..37a7b58 100644 --- a/openssh/sshd.8 +++ b/openssh/sshd.8 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.184 2002/06/20 19:56:07 stevesk Exp $ +.\" $OpenBSD: sshd.8,v 1.186 2002/06/22 16:45:29 stevesk Exp $ .Dd September 25, 1999 .Dt SSHD 8 .Os @@ -578,11 +578,18 @@ These files are created using .Xr ssh-keygen 1 . .It Pa /etc/moduli Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange". +.It Pa /var/empty +.Xr chroot 2 +directory used by +.Nm +during privilege separation in the pre-authentication phase. +The directory should not contain any files and must be owned by root +and not group or world-writable. .It Pa /var/run/sshd.pid Contains the process ID of the .Nm listening for connections (if there are several daemons running -concurrently for different ports, this contains the pid of the one +concurrently for different ports, this contains the process ID of the one started last). The content of this file is not sensitive; it can be world-readable. .It Pa $HOME/.ssh/authorized_keys diff --git a/openssh/sshd.c b/openssh/sshd.c index 76089f8..63144fc 100644 --- a/openssh/sshd.c +++ b/openssh/sshd.c @@ -42,7 +42,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.246 2002/06/20 23:05:56 markus Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.251 2002/06/25 18:51:04 markus Exp $"); #include #include @@ -228,6 +228,7 @@ static void close_listen_socks(void) { int i; + for (i = 0; i < num_listen_socks; i++) close(listen_socks[i]); num_listen_socks = -1; @@ -237,6 +238,7 @@ static void close_startup_pipes(void) { int i; + if (startup_pipes) for (i = 0; i < options.max_startups; i++) if (startup_pipes[i] != -1) @@ -269,7 +271,8 @@ sighup_restart(void) close_listen_socks(); close_startup_pipes(); execv(saved_argv[0], saved_argv); - log("RESTART FAILED: av[0]='%.100s', error: %.100s.", saved_argv[0], strerror(errno)); + log("RESTART FAILED: av[0]='%.100s', error: %.100s.", saved_argv[0], + strerror(errno)); exit(1); } @@ -289,8 +292,8 @@ sigterm_handler(int sig) static void main_sigchld_handler(int sig) { - pid_t pid; int save_errno = errno; + pid_t pid; int status; while ((pid = waitpid(-1, &status, WNOHANG)) > 0 || @@ -350,6 +353,7 @@ static void key_regeneration_alarm(int sig) { int save_errno = errno; + signal(SIGALRM, SIG_DFL); errno = save_errno; key_do_regen = 1; @@ -381,7 +385,8 @@ sshd_exchange_identification(int sock_in, int sock_out) if (client_version_string == NULL) { /* Send our protocol version identification. */ - if (atomicio(write, sock_out, server_version_string, strlen(server_version_string)) + if (atomicio(write, sock_out, server_version_string, + strlen(server_version_string)) != strlen(server_version_string)) { log("Could not write ident string to %s", get_remote_ipaddr()); fatal_cleanup(); @@ -484,7 +489,6 @@ sshd_exchange_identification(int sock_in, int sock_out) } } - /* Destroy the host and server keys. They will no longer be needed. */ void destroy_sensitive_data(void) @@ -535,8 +539,9 @@ static void privsep_preauth_child(void) { u_int32_t rand[256]; - int i; + gid_t gidset[2]; struct passwd *pw; + int i; /* Enable challenge-response authentication for privilege separation */ privsep_challenge_enable(); @@ -564,7 +569,17 @@ privsep_preauth_child(void) /* Drop our privileges */ debug3("privsep user:group %u:%u", (u_int)pw->pw_uid, (u_int)pw->pw_gid); +#if 0 + /* XXX not ready, to heavy after chroot */ do_setusercontext(pw); +#else + gidset[0] = pw->pw_gid; + if (setgid(pw->pw_gid) < 0) + fatal("setgid failed for %u", pw->pw_gid ); + if (setgroups(1, gidset) < 0) + fatal("setgroups: %.100s", strerror(errno)); + permanently_set_uid(pw); +#endif } static Authctxt* @@ -618,7 +633,11 @@ privsep_postauth(Authctxt *authctxt) /* XXX - Remote port forwarding */ x_authctxt = authctxt; +#ifdef BROKEN_FD_PASSING + if (1) { +#else if (authctxt->pw->pw_uid == 0 || options.use_login) { +#endif /* File descriptor passing is broken or root login */ monitor_apply_keystate(pmonitor); use_privsep = 0; @@ -692,6 +711,7 @@ Key * get_hostkey_by_type(int type) { int i; + for (i = 0; i < options.num_host_key_files; i++) { Key *key = sensitive_data.host_keys[i]; if (key != NULL && key->type == type) @@ -712,6 +732,7 @@ int get_hostkey_index(Key *key) { int i; + for (i = 0; i < options.num_host_key_files; i++) { if (key == sensitive_data.host_keys[i]) return (i); @@ -1003,11 +1024,13 @@ main(int ac, char **av) * hate software patents. I dont know if this can go? Niels */ if (options.server_key_bits > - BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) - SSH_KEY_BITS_RESERVED && - options.server_key_bits < - BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) + SSH_KEY_BITS_RESERVED) { + BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) - + SSH_KEY_BITS_RESERVED && options.server_key_bits < + BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) + + SSH_KEY_BITS_RESERVED) { options.server_key_bits = - BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) + SSH_KEY_BITS_RESERVED; + BN_num_bits(sensitive_data.ssh1_host_key->rsa->n) + + SSH_KEY_BITS_RESERVED; debug("Forcing server key to %d bits to make it differ from host key.", options.server_key_bits); } @@ -1024,6 +1047,9 @@ main(int ac, char **av) (S_ISDIR(st.st_mode) == 0)) fatal("Missing privilege separation directory: %s", _PATH_PRIVSEP_CHROOT_DIR); + if (st.st_uid != 0 || (st.st_mode & (S_IWGRP|S_IWOTH)) != 0) + fatal("Bad owner or mode for %s", + _PATH_PRIVSEP_CHROOT_DIR); } /* Configuration looks good, so exit if in test mode. */ @@ -1367,7 +1393,7 @@ main(int ac, char **av) */ #if 0 /* XXX: this breaks Solaris */ - if (setsid() < 0) + if (!debug_flag && !inetd_flag && setsid() < 0) error("setsid: %.100s", strerror(errno)); #endif diff --git a/openssh/sshd_config.5 b/openssh/sshd_config.5 index d3e9800..28add0d 100644 --- a/openssh/sshd_config.5 +++ b/openssh/sshd_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.3 2002/06/20 23:37:12 markus Exp $ +.\" $OpenBSD: sshd_config.5,v 1.4 2002/06/22 16:45:29 stevesk Exp $ .Dd September 25, 1999 .Dt SSHD_CONFIG 5 .Os @@ -321,10 +321,6 @@ To disable keepalives, the value should be set to .It Cm KerberosAuthentication Specifies whether Kerberos authentication is allowed. This can be in the form of a Kerberos ticket, or if -.It Cm PAMAuthenticationViaKbdInt -Specifies whether PAM challenge response authentication is allowed. This -allows the use of most PAM challenge response authentication modules, but -it will allow password authentication regardless of whether .Cm PasswordAuthentication is yes, the password provided by the user will be validated through the Kerberos KDC. @@ -441,6 +437,12 @@ The probability increases linearly and all connection attempts are refused if the number of unauthenticated connections reaches .Dq full (60). +.It Cm PAMAuthenticationViaKbdInt +Specifies whether PAM challenge response authentication is allowed. This +allows the use of most PAM challenge response authentication modules, but +it will allow password authentication regardless of whether +.Cm PasswordAuthentication +is enabled. .It Cm PasswordAuthentication Specifies whether password authentication is allowed. The default is @@ -480,7 +482,7 @@ If this option is set to .Dq no root is not allowed to login. .It Cm PidFile -Specifies the file that contains the process identifier of the +Specifies the file that contains the process ID of the .Nm sshd daemon. The default is -- 2.45.1