From 2a304a951e17686dd272bec0a4c438bf641491f1 Mon Sep 17 00:00:00 2001 From: jbasney Date: Tue, 29 Jun 2004 19:19:51 +0000 Subject: [PATCH] OPENSSH_3_8_1P1_GSSAPI_20040629 merged to gpt-branch --- openssh/CVSNOTES | 22 + openssh/ChangeLog | 1324 +++------------------- openssh/README | 3 +- openssh/acconfig.h | 9 + openssh/auth-krb5.c | 8 + openssh/auth-pam.c | 37 +- openssh/auth-pam.h | 2 +- openssh/auth-passwd.c | 7 - openssh/auth-sia.c | 2 +- openssh/auth-sia.h | 2 +- openssh/auth-skey.c | 3 +- openssh/auth.h | 1 + openssh/auth1.c | 2 +- openssh/auth2-gss.c | 5 +- openssh/auth2.c | 6 +- openssh/canohost.c | 6 +- openssh/configure.ac | 134 ++- openssh/contrib/caldera/openssh.spec | 4 +- openssh/contrib/redhat/openssh.spec | 2 +- openssh/contrib/redhat/sshd.pam | 14 +- openssh/contrib/suse/openssh.spec | 2 +- openssh/defines.h | 21 + openssh/dh.c | 11 +- openssh/gss-serv-krb5.c | 46 +- openssh/gss-serv.c | 17 +- openssh/kexgsss.c | 6 - openssh/loginrec.c | 2 +- openssh/monitor.c | 26 +- openssh/monitor_wrap.c | 14 +- openssh/monitor_wrap.h | 2 +- openssh/openbsd-compat/bsd-cygwin_util.c | 10 +- openssh/openbsd-compat/bsd-misc.h | 4 + openssh/openbsd-compat/fake-rfc2553.h | 3 + openssh/openbsd-compat/setenv.c | 8 +- openssh/openbsd-compat/xcrypt.c | 4 - openssh/readconf.c | 12 +- openssh/readconf.h | 3 +- openssh/scp.1 | 3 +- openssh/session.c | 36 +- openssh/sftp-client.c | 13 +- openssh/sftp.1 | 3 +- openssh/sftp.c | 7 +- openssh/ssh-agent.c | 9 + openssh/ssh-keyscan.c | 4 +- openssh/ssh.1 | 3 +- openssh/ssh.c | 61 +- openssh/ssh_config.5 | 20 +- openssh/sshconnect2.c | 4 +- openssh/sshd.c | 47 +- openssh/sshd_config.5 | 11 +- openssh/sshlogin.c | 36 +- openssh/version.h | 6 +- 52 files changed, 653 insertions(+), 1394 deletions(-) diff --git a/openssh/CVSNOTES b/openssh/CVSNOTES index fca060b..d55355a 100644 --- a/openssh/CVSNOTES +++ b/openssh/CVSNOTES @@ -51,6 +51,28 @@ module that contains the GSI-OpenSSH code. Consider it a living document. [ History ] + 2004/06/29 + ---------- + Action: Merge + - occurred on: GPT branch + - orig base: OPENSSH_3_8P1_GSSAPI_20040422 + - new base: OPENSSH_3_8_P1_GSSAPI_20040629 + Conflicts: 4 + - ChangeLog + Old log entries were trimmed in the 3.8.1p1 release. + Not sure why this generated a conflict. + - configure.ac + Copyright statement added to head of configure.ac, which + generated a conflict due to nearby $Id$ evil. + - session.c + We do child_set_env("GLOBUS_LOCATION") on the branch, and + this conflicted with the child_set_env("LIBPATH") changes + on the trunk. Merged in child_set_env("GLOBUS_LOCATION") + with the new code. + - version.h + Should always get a conflict here on version changes. + Bumped version to OpenSSH_3.8.1P1 NCSA_GSSAPI_GPT_3.3. + 2004/04/22 ---------- Action: Merge diff --git a/openssh/ChangeLog b/openssh/ChangeLog index dec5e62..a8a7781 100644 --- a/openssh/ChangeLog +++ b/openssh/ChangeLog @@ -1,3 +1,192 @@ +20040418 + - (dtucker) [auth-pam.c] Log username and source host for failed PAM + authentication attempts. With & ok djm@ + - (djm) [openbsd-compat/bsd-cygwin_util.c] Recent versions of Cygwin allow + change of user context without a password, so relax auth method + restrictions; from vinschen AT redhat.com; ok dtucker@ + - Release 3.8.1p1 + +20040416 + - (dtucker) [regress/sftp-cmds.sh] Skip quoting test on Cygwin, since + FAT/NTFS does not permit quotes in filenames. From vinschen at redhat.com + - (djm) [auth-krb5.c auth.h session.c] Explicitly refer to Kerberos ccache + file using FILE: method, fixes problems on Mac OSX. + Patch from simon@sxw.org.uk; ok dtucker@ + - (tim) [configure.ac] Set SETEUID_BREAKS_SETUID, BROKEN_SETREUID and + BROKEN_SETREGID for SCO OpenServer 3 + +20040412 + - (dtucker) [sshd_config.5] Add PermitRootLogin without-password warning + from bug #701 (text from jfh at cise.ufl.edu). + - (dtucker) [acconfig.h configure.ac defines.h] Bug #673: check for 4-arg + skeychallenge(), eg on NetBSD. ok mouring@ + - (dtucker) [auth-skey.c defines.h monitor.c] Make skeychallenge explicitly + 4-arg, with compatibility for 3-arg versions. From djm@, ok me. + - (djm) [configure.ac] Fix detection of libwrap on OpenBSD; ok dtucker@ + +20040408 + - (dtucker) [loginrec.c] Use UT_LINESIZE if available, prevents truncating + pty name on Linux 2.6.x systems. Patch from jpe at eisenmenger.org. + - (bal) [monitor.c monitor_wrap.c] Second try. Put the zlib.h headers + back and #undef TARGET_OS_MAC instead. (Bug report pending with Apple) + - (dtucker) [defines.h loginrec.c] Define UT_LINESIZE if not defined and + simplify loginrec.c. ok tim@ + - (bal) [monitor.c monitor_wrap.c] Ok.. Last time. Promise. Tim suggested + limiting scope and dtucker@ agreed. + +20040407 + - (dtucker) [session.c] Flush stdout after displaying loginmsg. From + f_mohr at yahoo.de. + - (bal) [acconfig.h auth-krb5.c configure.ac gss-serv-krb5.c] Check to see + if Krb5 library exports krb5_init_etc() since some OSes (like MacOS/X) + are starting to restrict it as internal since it is not needed by + developers any more. (Patch based on Apple tree) + - (bal) [monitor.c monitor_wrap.c] monitor_wrap.c] moved zlib.h higher since + krb5 on MacOS/X conflicts. There may be a better solution, but this will + work for now. + +20040406 + - (dtucker) [acconfig.h configure.ac defines.h] Bug #820: don't use + updwtmpx() on IRIX since it seems to clobber utmp. ok djm@ + - (dtucker) [configure.ac] Bug #816, #748 (again): Attempt to detect + broken getaddrinfo and friends on HP-UX. ok djm@ + +20040330 + - (dtucker) [configure.ac] Bug #811: Use "!" for LOCKED_PASSWD_PREFIX on + Linuxes, since that's what many use. ok djm@ + - (dtucker) [auth-pam.c] rename the_authctxt to sshpam_authctxt in auth-pam.c + to reduce potential confusion with the one in sshd.c. ok djm@ + - (djm) Bug #825: Fix ip_options_check() for mapped IPv4/IPv6 connection; + with & ok dtucker@ + +20040327 + - (dtucker) [session.c] Bug #817: Clear loginmsg after fork to prevent + duplicate login messages for mutli-session logins. ok djm@ + +20040322 + - (djm) [sshd.c] Drop supplemental groups if started as root + - (djm) OpenBSD CVS Sync + - markus@cvs.openbsd.org 2004/03/09 22:11:05 + [ssh.c] + increase x11 cookie lifetime to 20 minutes; ok djm + - markus@cvs.openbsd.org 2004/03/10 09:45:06 + [ssh.c] + trim usage to match ssh(1) and look more like unix. ok djm@ + - markus@cvs.openbsd.org 2004/03/11 08:36:26 + [sshd.c] + trim usage; ok deraadt + - markus@cvs.openbsd.org 2004/03/11 10:21:17 + [ssh.c sshd.c] + ssh, sshd: sync version output, ok djm + - markus@cvs.openbsd.org 2004/03/20 10:40:59 + [version.h] + 3.8.1 + - (djm) Crank RPM spec versions + +20040311 + - (djm) [configure.ac] Add standard license to configure.ac; ok ben, dtucker + +20040310 + - (dtucker) [openbsd-compat/fake-rfc2553.h] Bug #812: #undef getaddrinfo + before redefining it, silences warnings on Tru64. + +20040308 + - (dtucker) [sshd.c] Back out rev 1.270 as it caused problems on some + platforms (eg SCO, HP-UX) with logging in the wrong TZ. ok djm@ + - (dtucker) [configure.ac sshd.c openbsd-compat/bsd-misc.h + openbsd-compat/setenv.c] Unset KRB5CCNAME on AIX to prevent it from being + inherited by the child. ok djm@ + - (dtucker) [auth-pam.c auth-pam.h auth1.c auth2.c monitor.c monitor_wrap.c + monitor_wrap.h] Bug #808: Ensure force_pwchange is correctly initialized + even if keyboard-interactive is not used by the client. Prevents + segfaults in some cases where the user's password is expired (note this + is not considered a security exposure). ok djm@ + - (djm) OpenBSD CVS Sync + - markus@cvs.openbsd.org 2004/03/03 06:47:52 + [sshd.c] + change proctiltle after accept(2); ok henning, deraadt, djm + - djm@cvs.openbsd.org 2004/03/03 09:30:42 + [sftp-client.c] + Don't print duplicate messages when progressmeter is off + Spotted by job317 AT mailvault.com; ok markus@ + - djm@cvs.openbsd.org 2004/03/03 09:31:20 + [sftp.c] + Fix initialisation of progress meter; ok markus@ + - markus@cvs.openbsd.org 2004/03/05 10:53:58 + [readconf.c readconf.h scp.1 sftp.1 ssh.1 ssh_config.5 sshconnect2.c] + add IdentitiesOnly; ok djm@, pb@ + - djm@cvs.openbsd.org 2004/03/08 09:38:05 + [ssh-keyscan.c] + explicitly initialise remote_major and remote_minor. + from cjwatson AT debian.org; ok markus@ + - dtucker@cvs.openbsd.org 2004/03/08 10:18:57 + [sshd_config.5] + Document KerberosGetAFSToken; ok markus@ + - (tim) [regress/README.regress] Document ssh-rand-helper issue. ok bal + +20040307 + - (tim) [regress/login-timeout.sh] fix building outside of source tree. + +20040304 + - (dtucker) [auth-pam.c] Don't try to export PAM when compiled with + -DUSE_POSIX_THREADS. From antoine.verheijen at ualbert ca. ok djm@ + - (dtucker) [auth-pam.c] Reset signal status when starting pam auth thread, + prevent hanging during PAM keyboard-interactive authentications. ok djm@ + - (dtucker) [auth-passwd.c auth-sia.c auth-sia.h defines.h + openbsd-compat/xcrypt.c] Bug #802: Fix build error on Tru64 when + configured --with-osfsia. ok djm@ + +20040303 + - (djm) [configure.ac ssh-agent.c] Use prctl to prevent ptrace on ssh-agent + ok dtucker + +20040229 + - (tim) [configure.ac] Put back bits mistakenly removed from Rev 1.188 + +20040229 + - (dtucker) OpenBSD CVS Sync + - djm@cvs.openbsd.org 2004/02/25 00:22:45 + [sshd.c] + typo in comment + - dtucker@cvs.openbsd.org 2004/02/27 22:42:47 + [dh.c] + Prevent sshd from sending DH groups with a primitive generator of zero or + one, even if they are listed in /etc/moduli. ok markus@ + - dtucker@cvs.openbsd.org 2004/02/27 22:44:56 + [dh.c] + Make /etc/moduli line buffer big enough for 8kbit primes, in case anyone + ever uses one. ok markus@ + - dtucker@cvs.openbsd.org 2004/02/27 22:49:27 + [dh.c] + Reset bit counter at the right time, fixes debug output in the case where + the DH group is rejected. ok markus@ + - dtucker@cvs.openbsd.org 2004/02/17 08:23:20 + [regress/Makefile regress/login-timeout.sh] + Add regression test for LoginGraceTime; ok markus@ + - markus@cvs.openbsd.org 2004/02/24 16:56:30 + [regress/test-exec.sh] + allow arguments in ${TEST_SSH_XXX} + - markus@cvs.openbsd.org 2004/02/24 17:06:52 + [regress/ssh-com-client.sh regress/ssh-com-keygen.sh + regress/ssh-com-sftp.sh regress/ssh-com.sh] + test against recent ssh.com releases + - dtucker@cvs.openbsd.org 2004/02/28 12:16:57 + [regress/dynamic-forward.sh] + Make dynamic-forward understand nc's new output. ok markus@ + - dtucker@cvs.openbsd.org 2004/02/28 13:44:45 + [regress/try-ciphers.sh] + Test acss too; ok markus@ + - (dtucker) [regress/try-ciphers.sh] Skip acss if not compiled in (eg if we + built with openssl < 0.9.7) + +20040226 + - (bal) KNF our sshlogin.c even if the code looks nothing like upstream + code due to diversity issues. + +20040225 + - (djm) Trim ChangeLog + - (djm) Don't specify path to PAM modules in Redhat sshd.pam; from Fedora + 20040224 - (dtucker) OpenBSD CVS Sync - markus@cvs.openbsd.org 2004/02/19 21:15:04 @@ -794,1139 +983,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -20030919 - - (djm) Bug #683: Remove reference to --with-ipv4-default from INSTALL; - djast AT cs.toronto.edu - - (djm) Bug #661: Remove duplicate check for basename; from - bugzilla-openssh AT thewrittenword.com - - (djm) Bug #641: Allow RedHat RPM building without GTK-2; Patch from - jason AT devrandom.org - - (djm) Bug #646: Fix location of x11-ssh-askpass; Jim - - (dtucker) [openbsd-compat/port-aix.h] Bug #640: Don't include audit.h - unless required. Reorder to reduce warnings. - - (dtucker) [session.c] Bug #643: Fix size_t -> u_int and fix null deref - when /etc/default/login doesn't exist or isn't readable. Fixes from - jparsons-lists at saffron.net and georg.oppenberg at deu mci com. - - (dtucker) [acconfig.h] Updated basename test needs HAVE_BASENAME - -20030918 - - (djm) Bug #652: Fix empty password auth - -20030917 - - (djm) Sync with V_3_7 branch - - (djm) OpenBSD Sync - - markus@cvs.openbsd.org 2003/09/16 21:02:40 - [buffer.c channels.c version.h] - more malloc/fatal fixes; ok millert/deraadt; ghudson at MIT.EDU - - (djm) Crank RPM spec file versions - - (tim) [openbsd-compat/inet_ntoa.c] 20030917 "Sync with V_3_7 branch" undid - 20030916 "Missed dead header in inet_ntoa.c" - -20030916 - - (dtucker) [acconfig.h configure.ac defines.h session.c] Bug #252: Retrieve - PATH (or SUPATH) and UMASK from /etc/default/login on platforms that have it - (eg Solaris, Reliant Unix). Patch from Robert.Dahlem at siemens.com. - ok djm@ - - (bal) OpenBSD Sync - - deraadt@cvs.openbsd.org 2003/09/16 03:03:47 - [buffer.c] - do not expand buffer before attempting to reallocate it; markus ok - - (tim) [configure.ac] Fix portability issues. - - (bal) Missed dead header in inet_ntoa.c - -20030914 - - (dtucker) [Makefile regress/Makefile] Fix portability issues preventing - the regression tests from running with Solaris' make. Patch from Brian - Poole (raj at cerias.purdue.edu). - - (dtucker) [regress/Makefile] AIX's make doesn't like " +=", so replace - with vanilla "=". - -20030913 - - (dtucker) [regress/agent-timeout.sh] Timeout of 5 sec is borderline for - slower hosts, increase to 10 sec. - - (dtucker) [auth-passwd.c] On AIX, call setauthdb() before loginsuccess(), - required to correctly reset failed login count when using a password - registry other than "files" (eg LDAP, see bug #543). - - (tim) [configure.ac] define WITH_ABBREV_NO_TTY for SCO. - Report by Roger Cornelius. - - (dtucker) [auth-pam.c] Use SSHD_PAM_SERVICE for PAM service name, patch - from cjwatson at debian.org. - -20030912 - - (tim) [regress/agent-ptrace.sh] sh doesn't like "if ! shell_function; then". - - (tim) [Makefile.in] only mkdir regress if it does not exist. - - (tim) [regress/yes-head.sh] shell portability fix. - -20030911 - - (dtucker) [configure.ac] Bug #588, #615: Move other libgen tests to after - the dirname test, to allow a broken dirname to be detected correctly. - Based partially on patch supplied by alex.kiernan at thus.net. ok djm@ - - (tim) [configure.ac] Move libgen tests to before libwrap to unbreak - UnixWare 2.03 using --with-tcp-wrappers. - - (tim) [configure.ac] Prefer setuid/setgid on UnixWare and Open Server. - - (tim) [regress/agent-ptrace.sh regress/dynamic-forward.sh - regress/sftp-cmds.sh regress/stderr-after-eof.sh regress/test-exec.sh] - no longer depends on which(1). patch by dtucker@ - -20030910 - - (dtucker) [configure.ac] Bug #636: Add support for Cray's new X1 machine. - Patch from wendyp at cray.com. - - (dtucker) [configure.ac] Part of bug #615: tcsendbreak might be a macro. - - (dtucker) [regressh/yes-head.sh] Some platforms (eg Solaris) don't have - "yes". - -20030909 - - (tim) [regress/Makefile] Fixes for building outside of a read-only - source tree. - - (tim) [regress/agent-timeout.sh] s/TIMEOUT/SSHAGENT_TIMEOUT/ Fixes conflict - with shell read-only variable. - - (tim) [regress/sftp-badcmds.sh regress/sftp-cmds.sh] Fix errors like - UX:rm: ERROR: Cannot remove '.' or '..' - -20030908 - - (tim) [configure.ac openbsd-compat/getrrsetbyname.c] wrap _getshort and - _getlong in #ifndef - - (tim) [configure.ac acconfig.h openbsd-compat/getrrsetbyname.c] test for - HEADER.ad in arpa/nameser.h - - (tim) [ssh-keygen.c] s/PATH_MAX/MAXPATHLEN/ ok mouring@ - -20030907 - - (dtucker) [agent-ptrace.sh dynamic-forward.sh (all regress/)] - Put "which" inside quotes. - - (dtucker) [dynamic-forward.sh forwarding.sh sftp-batch.sh (all regress/)] - Add ${EXEEXT}: required to work on Cygwin. - - (dtucker) [regress/sftp-batch.sh] Make temporary batch file name more - distinctive, so "rm ${BATCH}.*" doesn't match the script itself. - - (dtucker) [regress/sftp-cmds.sh] Skip quoted file test on Cygwin. - - (dtucker) [openbsd-compat/xcrypt.c] #elsif -> #elif - - (dtucker) [acconfig.h] Typo. - - (dtucker) [CREDITS Makefile.in configure.ac mdoc2man.awk mdoc2man.pl] - Replace mdoc2man.pl with mdoc2man.awk, provided by Peter Stuge. - -20030906 - - (dtucker) [acconfig.h configure.ac uidswap.c] Prefer setuid/setgid on AIX. - -20030905 - - (dtucker) [Makefile.in] Add distclean target for regress/, fix clean target. - -20030904 - - (dtucker) Portablize regression tests. Parts contributed by Roumen - Petrov, David M. Williams and Corinna Vinschen. - - [Makefile.in] Add "make tests" target and "make clean" hooks. - - [regress/agent-getpeereid.sh] Skip test on platforms that don't support - getpeereid. - - [regress/agent-ptrace.sh] Skip tests if platform doesn't support it or - gdb cannot be found. - - [regress/reconfigure/sh] Make path to sshd fully qualified if required. - - [regress/rekey.sh] Remove dependence on /dev/zero (not all platforms have - it). The sparse file will take less disk space too. - - [regress/sftp-cmds.sh] Ensure files used for test are readable. - - [regress/stderr-after-eof.sh] Search for a usable checksum program. - - [regress/sftp-badcmds.sh regress/sftp-cmds.sh regress/sftp.sh - regress/ssh-com-client.sh regress/ssh-com-sftp.sh regress/stderr-data.sh - regress/transfer.sh] Use ${EXEEXT} where appropriate. - - [regress/sftp.sh regress/ssh-com-sftp.sh] Remove dependency on /dev/stdin. - - [regress/agent-ptrace.sh regress/agent-timeout.sh] - "grep -q" -> "grep >/dev/null" - - [regress/agent.sh regress/proto-version.sh regress/ssh-com.sh - regress/test-exec.sh] Handle different ways of echoing without newlines. - - [regress/dynamic-forward.sh] Some "which" programs output on stderr. - - [regress/sftp-cmds.sh] Use portable "test" option. - - [regress/test-exec.sh] Use sudo, search for "whoami" equivalent, always - use Strictmodes no, wait longer for sshd startup. - - [regress/Makefile] Remove BSDisms. - - [regress/README.regress] Add a basic readme. - - [Makefile.in regress/agent-getpeereid.sh] config.h is now in $BUILDDIR - not $OBJ. - - [Makefile.in regress/agent-ptrace] Fix minor regress issues on Cygwin. - -20030903 - - (djm) OpenBSD CVS Sync - - markus@cvs.openbsd.org 2003/08/26 09:58:43 - [auth-passwd.c auth.c auth.h auth1.c auth2-none.c auth2-passwd.c] - [auth2.c monitor.c] - fix passwd auth for 'username leaks via timing'; with djm@, original - patches from solar - - markus@cvs.openbsd.org 2003/08/28 12:54:34 - [auth.h] - remove kerberos support from ssh1, since it has been replaced with GSSAPI; - but keep kerberos passwd auth for ssh1 and 2; ok djm, hin, henning, ... - - markus@cvs.openbsd.org 2003/09/02 16:40:29 - [version.h] - enter 3.7 - - jmc@cvs.openbsd.org 2003/09/02 18:50:06 - [sftp.1 ssh_config.5] - escape punctuation; - ok deraadt@ - -20030902 - - (djm) OpenBSD CVS Sync - - deraadt@cvs.openbsd.org 2003/08/24 17:36:51 - [auth2-gss.c] - 64 bit cleanups; markus ok - - markus@cvs.openbsd.org 2003/08/28 12:54:34 - [auth-krb5.c auth.h auth1.c monitor.c monitor.h monitor_wrap.c] - [monitor_wrap.h readconf.c servconf.c session.c ssh_config.5] - [sshconnect1.c sshd.c sshd_config sshd_config.5] - remove kerberos support from ssh1, since it has been replaced with GSSAPI; - but keep kerberos passwd auth for ssh1 and 2; ok djm, hin, henning, ... - - markus@cvs.openbsd.org 2003/08/29 10:03:15 - [compat.c compat.h] - SSH_BUG_K5USER is unused; ok henning@ - - markus@cvs.openbsd.org 2003/08/29 10:04:36 - [channels.c nchan.c] - be less chatty; debug -> debug2, cleanup; ok henning@ - - markus@cvs.openbsd.org 2003/08/31 10:26:04 - [progressmeter.c] - pass file_size + 1 to snprintf: fixes printing of truncated - file names; fix based on patch/report from sturm@; - - markus@cvs.openbsd.org 2003/08/31 12:14:22 - [progressmeter.c] - do write to buf[-1] - - markus@cvs.openbsd.org 2003/08/31 13:29:05 - [session.c] - call ssh_gssapi_storecreds conditionally from do_exec(); - with sxw@inf.ed.ac.uk - - markus@cvs.openbsd.org 2003/08/31 13:30:18 - [gss-serv.c] - correct string termination in parse_ename(); sxw@inf.ed.ac.uk - - markus@cvs.openbsd.org 2003/08/31 13:31:57 - [gss-serv.c] - whitspace KNF - - markus@cvs.openbsd.org 2003/09/01 09:50:04 - [sshd_config.5] - gss kex is not supported; sxw@inf.ed.ac.uk - - markus@cvs.openbsd.org 2003/09/01 12:50:46 - [readconf.c] - rm gssapidelegatecreds alias; never supported before - - markus@cvs.openbsd.org 2003/09/01 13:52:18 - [ssh.h] - rm whitespace - - markus@cvs.openbsd.org 2003/09/01 18:15:50 - [readconf.c readconf.h servconf.c servconf.h ssh.c] - remove unused kerberos code; ok henning@ - - markus@cvs.openbsd.org 2003/09/01 20:44:54 - [auth2-gss.c] - fix leak - - (djm) Don't initialise pam_conv structures inline. Avoids HP/UX compiler - error. Part of Bug #423, patch from michael_steffens AT hp.com - - (djm) Bug #423: reorder setting of PAM_TTY and calling of PAM session - management (now done in do_setusercontext). Largely from - michael_steffens AT hp.com - - (djm) Fix openbsd-compat/ again - remove references to strl(cpy|cat).h - -20030829 - - (bal) openbsd-compat/ clean up. Considate headers, add in Id on our - files, and added missing license to header. - -20030826 - - (djm) Bug #629: Mark ssh_config option "pamauthenticationviakbdint" - as deprecated. Remove mention from README.privsep. Patch from - aet AT cc.hut.fi - - (dtucker) OpenBSD CVS Sync - - markus@cvs.openbsd.org 2003/08/22 10:56:09 - [auth2.c auth2-gss.c auth.h compat.c compat.h gss-genr.c gss-serv-krb5.c - gss-serv.c monitor.c monitor.h monitor_wrap.c monitor_wrap.h readconf.c - readconf.h servconf.c servconf.h session.c session.h ssh-gss.h - ssh_config.5 sshconnect2.c sshd_config sshd_config.5] - support GSS API user authentication; patches from Simon Wilkinson, - stripped down and tested by Jakob and myself. - - markus@cvs.openbsd.org 2003/08/22 13:20:03 - [sshconnect2.c] - remove support for "kerberos-2@ssh.com" - - markus@cvs.openbsd.org 2003/08/22 13:22:27 - [auth2.c] (auth2-krb5.c removed) - nuke "kerberos-2@ssh.com" - - markus@cvs.openbsd.org 2003/08/22 20:55:06 - [LICENCE] - add Simon Wilkinson - - deraadt@cvs.openbsd.org 2003/08/24 17:36:52 - [monitor.c monitor_wrap.c sshconnect2.c] - 64 bit cleanups; markus ok - - fgsch@cvs.openbsd.org 2003/08/25 08:13:09 - [sftp-int.c] - fix div by zero when listing for filename lengths longer than width. - markus@ ok. - - djm@cvs.openbsd.org 2003/08/25 10:33:33 - [sshconnect2.c] - fprintf->logit to silence login banner with "ssh -q"; ok markus@ - - (dtucker) [Makefile.in acconfig.h auth-krb5.c auth-pam.c auth-pam.h - configure.ac defines.h gss-serv-krb5.c session.c ssh-gss.h sshconnect1.c - sshconnect2.c] Add Portable GSSAPI support, patch by Simon Wilkinson. - - (dtucker) [Makefile.in] Remove auth2-krb5. - - (dtucker) [contrib/aix/inventory.sh] Add public domain notice. ok mouring@ - (the original author) - - (dtucker) [auth.c] Do not check for locked accounts when PAM is enabled. - -20030825 - - (djm) Bug #621: Select OpenSC keys by usage attributes. Patch from - larsch@trustcenter.de - - (bal) openbsd-compat/ OpenBSD updates. Mostly licensing, ansifications - and minor fixes. OK djm@ - - (bal) redo how we handle 'mysignal()'. Move it to - openbsd-compat/bsd-misc.c, s/mysignal/signal/ and #define signal to - be our 'mysignal' by default. OK djm@ - - (dtucker) [acconfig.h auth.c configure.ac sshd.8] Bug #422 again: deny - any access to locked accounts. ok djm@ - - (djm) Bug #564: Perform PAM account checks for all authentications when - UsePAM=yes; ok dtucker - - (dtucker) [configure.ac] Bug #533, #551: define BROKEN_GETADDRINFO on - Tru64, solves getnameinfo and "bad addr or host" errors. ok djm@ - - (dtucker) [README buildbff.sh inventory.sh] (all in contrib/aix) - Update package builder: correctly handle config variables, use lsuser - rather than /etc/passwd, fix typos, add Id's. - -20030822 - - (djm) s/get_progname/ssh_get_progname/g to avoid conflict with Heimdal - -lbroken; ok dtucker - - (dtucker) [contrib/cygwin/ssh-user-config] Put keys in authorized_keys - rather that authorized_keys2. Patch from vinschen@redhat.com. - -20030821 - - (dtucker) OpenBSD CVS Sync - - markus@cvs.openbsd.org 2003/08/14 16:08:58 - [ssh-keygen.c] - exit after primetest, ok djm@ - - (dtucker) [defines.h] Put CMSG_DATA, CMSG_FIRSTHDR with other CMSG* macros, - change CMSG_DATA to use __CMSG_ALIGN (and thus work properly), reformat for - consistency. - - (dtucker) [configure.ac] Move openpty/ctty test outside of case statement - and after normal openpty test. - -20030813 - - (dtucker) [session.c] Remove #ifdef TIOCSBRK kludge. - - (dtucker) OpenBSD CVS Sync - - markus@cvs.openbsd.org 2003/08/13 08:33:02 - [session.c] - use more portable tcsendbreak(3) and ignore break_length; - ok deraadt, millert - - markus@cvs.openbsd.org 2003/08/13 08:46:31 - [auth1.c readconf.c readconf.h servconf.c servconf.h ssh.c ssh_config - ssh_config.5 sshconnect1.c sshd.8 sshd.c sshd_config sshd_config.5] - remove RhostsAuthentication; suggested by djm@ before; ok djm@, deraadt@, - fgsch@, miod@, henning@, jakob@ and others - - markus@cvs.openbsd.org 2003/08/13 09:07:10 - [readconf.c ssh.c] - socks4->socks, since with support both 4 and 5; dtucker@zip.com.au - - (dtucker) [configure.ac openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h] - Add a tcsendbreak function for platforms that don't have one, based on the - one from OpenBSD. - -20030811 - - (dtucker) OpenBSD CVS Sync - (thanks to Simon Wilkinson for help with this -dt) - - markus@cvs.openbsd.org 2003/07/16 15:02:06 - [auth-krb5.c] - mcc -> fcc; from Love Hörnquist Åstrand - otherwise the kerberos credentinal is stored in a memory cache - in the privileged sshd. ok jabob@, hin@ (some time ago) - - (dtucker) [openbsd-compat/xcrypt.c] Remove Cygwin #ifdef block (duplicate - in bsd-cygwin_util.h). - -20030808 - - (dtucker) [openbsd-compat/fake-rfc2553.h] Older Linuxes have AI_PASSIVE and - AI_CANONNAME in netdb.h but not AI_NUMERICHOST, so check each definition - separately before defining them. - - (dtucker) [auth-pam.c] Don't set PAM_TTY if tty is null. ok djm@ - -20030807 - - (dtucker) [session.c] Have session_break_req not attempt to send a break - if TIOCSBRK and TIOCCBRK are not defined (eg Cygwin). - - (dtucker) [canohost.c] Bug #336: Only check ip options if IP_OPTIONS is - defined (fixes compile error on really old Linuxes). - - (dtucker) [defines.h] Bug #336: Add CMSG_DATA and CMSG_FIRSTHDR macros if - not already defined (eg Linux with some versions of libc5), based on those - from OpenBSD. - - (dtucker) [openbsd-compat/bsd-cygwin_util.c openbsd-compat/bsd-cygwin_util.h] - Remove incorrect filenames from comments (file names are in Id tags). - - (dtucker) [session.c openbsd-compat/bsd-cygwin_util.h] Move Cygwin - specific defines and includes to bsd-cygwin_util.h. Fixes build error too. - -20030802 - - (dtucker) [monitor.h monitor_wrap.h] Remove excess ident tags. - - (dtucker) OpenBSD CVS Sync - - markus@cvs.openbsd.org 2003/07/22 13:35:22 - [auth1.c auth.h auth-passwd.c monitor.c monitor.h monitor_wrap.c - monitor_wrap.h readconf.c readconf.h servconf.c servconf.h session.c ssh.1 - ssh.c ssh_config.5 sshconnect1.c sshd.c sshd_config.5 ssh.h] - remove (already disabled) KRB4/AFS support, re-enable -k in ssh(1); - test+ok henning@ - - (dtucker) [Makefile.in acconfig.h configure.ac] Remove KRB4/AFS support. - - (dtucker) [auth-krb4.c radix.c radix.h] Remove KRB4/AFS specific files. - - (dtucker) OpenBSD CVS Sync - - markus@cvs.openbsd.org 2003/07/23 07:42:43 - [sshd_config] - remove AFS; itojun@ - - djm@cvs.openbsd.org 2003/07/28 09:49:56 - [ssh-keygen.1 ssh-keygen.c] - Support for generating Diffie-Hellman groups (/etc/moduli) from ssh-keygen. - Based on code from Phil Karn, William Allen Simpson and Niels Provos. - ok markus@, thanks jmc@ - - markus@cvs.openbsd.org 2003/07/29 18:24:00 - [LICENCE progressmeter.c] - replace 4 clause BSD licensed progressmeter code with a replacement - from Nils Nordman and myself; ok deraadt@ - (copied from OpenBSD an re-applied portable changes) - - markus@cvs.openbsd.org 2003/07/29 18:26:46 - [progressmeter.c] - fix length for "- stalled -" (included with previous import) - - markus@cvs.openbsd.org 2003/07/30 07:44:14 - [progressmeter.c] - use only 4 digits in format_size (included with previous import) - - markus@cvs.openbsd.org 2003/07/30 07:53:27 - [progressmeter.c] - whitespace (included with previous import) - - markus@cvs.openbsd.org 2003/07/31 09:21:02 - [auth2-none.c] - check whether passwd auth is allowd, similar to proto 1; rob@pitman.co.za - ok henning - - avsm@cvs.openbsd.org 2003/07/31 15:50:16 - [atomicio.c] - correct comment: atomicio takes vwrite, not write; deraadt@ ok - - markus@cvs.openbsd.org 2003/07/31 22:34:03 - [progressmeter.c] - print rate similar old version; round instead truncate; - (included in previous progressmeter.c commit) - - (dtucker) [openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h] - Add a tcgetpgrp function. - - (dtucker) [Makefile.in moduli.c moduli.h] Add new files and to Makefile. - - (dtucker) [openbsd-compat/bsd-misc.c] Fix cut-and-paste bug in tcgetpgrp. - -20030730 - - (djm) [auth-pam.c] Don't use crappy APIs like sprintf. Thanks bal - -20030726 - - (dtucker) [openbsd-compat/xcrypt.c] Fix typo: DISABLED_SHADOW -> - DISABLE_SHADOW. Fixes HP-UX compile error. - -20030724 - - (bal) [auth-passwd.c openbsd-compat/Makefile.in openbsd-compat/xcrypt.c - openbsd-compat/xcrypt.h] Split off encryption into xcrypt() interface, - and isolate shadow password functions. Tested in Solaris, but should - not break other platforms too badly (except maybe HP =). Also brings - auth-passwd.c into full sync with OpenBSD tree. - -20030723 - - (dtucker) [configure.ac] Back out change for bug #620. - -20030719 - - (dtucker) [configure.ac] Bug #620: Define BROKEN_GETADDRINFO for - Solaris/x86. Patch from jrhett at isite.net. - - (dtucker) OpenBSD CVS Sync - - markus@cvs.openbsd.org 2003/07/14 12:36:37 - [sshd.c] - remove undocumented -V option. would be only useful if openssh is used - as ssh v1 server for ssh.com's ssh v2. - - markus@cvs.openbsd.org 2003/07/16 10:34:53 - [ssh.c sshd.c] - don't exit on multiple -v or -d; ok deraadt@ - - markus@cvs.openbsd.org 2003/07/16 10:36:28 - [sshtty.c] - clear IUCLC in enter_raw_mode; from rob@pitman.co.za; ok deraadt@, fgs@ - - deraadt@cvs.openbsd.org 2003/07/18 01:54:25 - [scp.c] - userid is unsigned, but well, force it anyways; andrushock@korovino.net - - djm@cvs.openbsd.org 2003/07/19 00:45:53 - [sftp-int.c] - fix sftp filename parsing for arguments with escaped quotes. bz #517; - ok markus - - djm@cvs.openbsd.org 2003/07/19 00:46:31 - [regress/sftp-cmds.sh] - regress test for sftp arguments with escaped quotes; ok markus - -20030714 - - (dtucker) [acconfig.h configure.ac port-aix.c] Older AIXes don't declare - loginfailed at all, so assume 3-arg loginfailed if not declared. - - (dtucker) [port-aix.h] Work around name collision on AIX for r_type by - undef'ing it. - - (dtucker) Bug #543: [configure.ac port-aix.c port-aix.h] - Call setauthdb() before loginfailed(), which may load password registry- - specific functions. Based on patch by cawlfiel at us.ibm.com. - - (dtucker) [port-aix.h] Fix prototypes. - - (dtucker) OpenBSD CVS Sync - - avsm@cvs.openbsd.org 2003/07/09 13:58:19 - [key.c] - minor tweak: when generating the hex fingerprint, give strlcat the full - bound to the buffer, and add a comment below explaining why the - zero-termination is one less than the bound. markus@ ok - - markus@cvs.openbsd.org 2003/07/10 14:42:28 - [packet.c] - the 2^(blocksize*2) rekeying limit is too expensive for 3DES, - blowfish, etc, so enforce a 1GB limit for small blocksizes. - - markus@cvs.openbsd.org 2003/07/10 20:05:55 - [sftp.c] - sync usage with manpage, add missing -R - -20030708 - - (dtucker) [acconfig.h auth-passwd.c configure.ac session.c port-aix.[ch]] - Include AIX headers for authentication functions and make calls match - prototypes. Test for and handle 3-arg and 4-arg variants of loginfailed. - - (dtucker) [session.c] Check return value of setpcred(). - - (dtucker) [auth-passwd.c auth.c session.c sshd.c port-aix.c port-aix.h] - Convert aixloginmsg into platform-independant Buffer loginmsg. - -20030707 - - (dtucker) [configure.ac] Bug #600: Check that getrusage is declared before - searching libraries for it. Fixes build errors on NCR MP-RAS. - -20030706 - - (dtucker) [ssh-rand-helper.c loginrec.c] - Apply atomicio typing change to these too. - -20030703 - - (dtucker) OpenBSD CVS Sync - - djm@cvs.openbsd.org 2003/06/28 07:48:10 - [sshd.c] - report pidfile creation errors, based on patch from Roumen Petrov; - ok markus@ - - deraadt@cvs.openbsd.org 2003/06/28 16:23:06 - [atomicio.c atomicio.h authfd.c clientloop.c monitor_wrap.c msg.c - progressmeter.c scp.c sftp-client.c ssh-keyscan.c ssh.h sshconnect.c - sshd.c] - deal with typing of write vs read in atomicio - - markus@cvs.openbsd.org 2003/06/29 12:44:38 - [sshconnect.c] - memset 0, not \0; andrushock@korovino.net - - markus@cvs.openbsd.org 2003/07/02 12:56:34 - [channels.c] - deny dynamic forwarding with -R for v1, too; ok djm@ - - markus@cvs.openbsd.org 2003/07/02 14:51:16 - [channels.c ssh.1 ssh_config.5] - (re)add socks5 suppport to -D; ok djm@ - now ssh(1) can act both as a socks 4 and socks 5 server and - dynamically forward ports. - - markus@cvs.openbsd.org 2003/07/02 20:37:48 - [ssh.c] - convert hostkeyalias to lowercase, otherwise uppercase aliases will - not match at all; ok henning@ - - markus@cvs.openbsd.org 2003/07/03 08:21:46 - [regress/dynamic-forward.sh] - add socks5; speedup; reformat; based on patch from dtucker@zip.com.au - - markus@cvs.openbsd.org 2003/07/03 08:24:13 - [regress/Makefile] - enable tests for dynamic fwd via socks (-D), uses nc(1) - - djm@cvs.openbsd.org 2003/07/03 08:09:06 - [readconf.c readconf.h ssh-keysign.c ssh.c] - fix AddressFamily option in config file, from brent@graveland.net; - ok markus@ - -20030630 - - (djm) Search for support functions necessary to build our - getrrsetbyname() replacement. Patch from Roumen Petrov - -20030629 - - (dtucker) [includes.h] Bug #602: move #include of netdb.h to after in.h - (fixes compiler warnings on Solaris 2.5.1). - - (dtucker) [configure.ac] Add sanity test after system-dependant compiler - flag modifications. - -20030628 - - (djm) Bug #591: use PKCS#15 private key label as a comment in case - of OpenSC. Report and patch from larsch@trustcenter.de - - (djm) Bug #593: Sanity check OpenSC card reader number; patch from - aj@dungeon.inka.de - - (dtucker) OpenBSD CVS Sync - - markus@cvs.openbsd.org 2003/06/23 09:02:44 - [ssh_config.5] - document EnableSSHKeysign; bugzilla #599; ok deraadt@, jmc@ - - markus@cvs.openbsd.org 2003/06/24 08:23:46 - [auth2-hostbased.c auth2-pubkey.c auth2.c channels.c key.c key.h - monitor.c packet.c packet.h serverloop.c sshconnect2.c sshd.c] - int -> u_int; ok djm@, deraadt@, mouring@ - - miod@cvs.openbsd.org 2003/06/25 22:39:36 - [sftp-server.c] - Typo police: attribute is better written with an 'r'. - - markus@cvs.openbsd.org 2003/06/26 20:08:33 - [readconf.c] - do not dump core for 'ssh -o proxycommand host'; ok deraadt@ - - (dtucker) [regress/dynamic-forward.sh] Import new regression test. - - (dtucker) [configure.ac] Bug #570: Have ./configure --enable-FEATURE - actually enable the feature, for those normally disabled. Patch by - openssh (at) roumenpetrov.info. - -20030624 - - (dtucker) Have configure refer the user to config.log and - contrib/findssl.sh for OpenSSL header/library mismatches. - -20030622 - - (dtucker) OpenBSD CVS Sync - - markus@cvs.openbsd.org 2003/06/21 09:14:05 - [regress/reconfigure.sh] - missing $SUDO; from dtucker@zip.com.au - - markus@cvs.openbsd.org 2003/06/18 11:28:11 - [ssh-rsa.c] - backout last change, since it violates pkcs#1 - switch to share/misc/license.template - - djm@cvs.openbsd.org 2003/06/20 05:47:58 - [sshd_config.5] - sync description of protocol 2 cipher proposal; ok markus - - djm@cvs.openbsd.org 2003/06/20 05:48:21 - [sshd_config] - sync some implemented options; ok markus@ - - (dtucker) [regress/authorized_keys_root] Remove temp data file from CVS. - - (dtucker) [openbsd-compat/setproctitle.c] Ensure SPT_TYPE is defined before - testing its value. - -20030618 - - (djm) OpenBSD CVS Sync - - markus@cvs.openbsd.org 2003/06/12 07:57:38 - [monitor.c sshlogin.c sshpty.c] - typos; dtucker at zip.com.au - - djm@cvs.openbsd.org 2003/06/12 12:22:47 - [LICENCE] - mention more copyright holders; ok markus@ - - nino@cvs.openbsd.org 2003/06/12 15:34:09 - [scp.c] - Typo. Ok markus@. - - markus@cvs.openbsd.org 2003/06/12 19:12:03 - [scard.c scard.h ssh-agent.c ssh.c] - add sc_get_key_label; larsch at trustcenter.de; bugzilla#591 - - markus@cvs.openbsd.org 2003/06/16 08:22:35 - [ssh-rsa.c] - make sure the signature has at least the expected length (don't - insist on len == hlen + oidlen, since this breaks some smartcards) - bugzilla #592; ok djm@ - - markus@cvs.openbsd.org 2003/06/16 10:22:45 - [ssh-add.c] - print out key comment on each prompt; make ssh-askpass more useable; ok djm@ - - markus@cvs.openbsd.org 2003/06/17 18:14:23 - [cipher-ctr.c] - use license from /usr/share/misc/license.template for new code - - (dtucker) [reconfigure.sh rekey.sh sftp-badcmds.sh] - Import new regression tests from OpenBSD - - (dtucker) [regress/copy.1 regress/copy.2] Remove temp data files from CVS. - - (dtucker) OpenBSD CVS Sync (regress/) - - markus@cvs.openbsd.org 2003/04/02 12:21:13 - [Makefile] - enable rekey test - - djm@cvs.openbsd.org 2003/04/04 09:34:22 - [Makefile sftp-cmds.sh] - More regression tests, including recent directory rename bug; ok markus@ - - markus@cvs.openbsd.org 2003/05/14 22:08:27 - [ssh-com-client.sh ssh-com-keygen.sh ssh-com-sftp.sh ssh-com.sh] - test against some new commerical versions - - mouring@cvs.openbsd.org 2003/05/15 04:07:12 - [sftp-cmds.sh] - Advanced put/get testing for sftp. OK @djm - - markus@cvs.openbsd.org 2003/06/12 15:40:01 - [try-ciphers.sh] - add ctr - - markus@cvs.openbsd.org 2003/06/12 15:43:32 - [Makefile] - test -HUP; dtucker at zip.com.au - -20030614 - - (djm) Update license on fake-rfc2553.[ch]; ok itojun@ - -20030611 - - (djm) Mention portable copyright holders in LICENSE - - (djm) Put licenses on substantial header files - - (djm) Sync LICENSE against OpenBSD - - (djm) OpenBSD CVS Sync - - jmc@cvs.openbsd.org 2003/06/10 09:12:11 - [scp.1 sftp-server.8 ssh.1 ssh-add.1 ssh-agent.1 ssh_config.5] - [sshd.8 sshd_config.5 ssh-keygen.1 ssh-keyscan.1 ssh-keysign.8] - - section reorder - - COMPATIBILITY merge - - macro cleanup - - kill whitespace at EOL - - new sentence, new line - ssh pages ok markus@ - - deraadt@cvs.openbsd.org 2003/06/10 22:20:52 - [packet.c progressmeter.c] - mostly ansi cleanup; pval ok - - jakob@cvs.openbsd.org 2003/06/11 10:16:16 - [sshconnect.c] - clean up check_host_key() and improve SSHFP feedback. ok markus@ - - jakob@cvs.openbsd.org 2003/06/11 10:18:47 - [dns.c] - sync with check_host_key() change - - djm@cvs.openbsd.org 2003/06/11 11:18:38 - [authfd.c authfd.h ssh-add.c ssh-agent.c] - make agent constraints (lifetime, confirm) work with smartcard keys; - ok markus@ - - -20030609 - - (djm) Sync README.smartcard with OpenBSD -current - - (djm) Re-merge OpenSC info into README.smartcard - -20030606 - - (dtucker) [uidswap.c] Fix setreuid and add missing args to fatal(). ok djm@ - -20030605 - - (djm) Support AI_NUMERICHOST in fake-getaddrinfo.c. Needed for recent - canohost.c changes. - - (djm) Implement paranoid priv dropping checks, based on: - "SetUID demystified" - Hao Chen, David Wagner and Drew Dean - Proceedings of USENIX Security Symposium 2002 - - (djm) Don't use xmalloc() or pull in toplevel headers in fake-* code - - (djm) Merge all the openbsd/fake-* into fake-rfc2553.[ch] - - (djm) Bug #588 - Add scard-opensc.o back to Makefile.in - Patch from larsch@trustcenter.de - - (djm) Bug #589 - scard-opensc: load only keys with a private keys - Patch from larsch@trustcenter.de - - (dtucker) Add includes.h to fake-rfc2553.c so it will build. - - (dtucker) Define EAI_NONAME in fake-rfc2553.h (used by fake-rfc2553.c). - -20030604 - - (djm) Bug #573 - Remove unneeded Krb headers and compat goop. Patch from - simon@sxw.org.uk (Also matches a change in OpenBSD a while ago) - - (djm) Bug #577 - wrong flag in scard-opensc.c sc_private_decrypt. - Patch from larsch@trustcenter.de; ok markus@ - - (djm) Bug #584: scard-opensc.c doesn't work without PIN. Patch from - larsch@trustcenter.de; ok markus@ - - (djm) OpenBSD CVS Sync - - djm@cvs.openbsd.org 2003/06/04 08:25:18 - [sshconnect.c] - disable challenge/response and keyboard-interactive auth methods - upon hostkey mismatch. based on patch from fcusack AT fcusack.com. - bz #580; ok markus@ - - djm@cvs.openbsd.org 2003/06/04 10:23:48 - [sshd.c] - remove duplicated group-dropping code; ok markus@ - - djm@cvs.openbsd.org 2003/06/04 12:03:59 - [serverloop.c] - remove bitrotten commet; ok markus@ - - djm@cvs.openbsd.org 2003/06/04 12:18:49 - [scp.c] - ansify; ok markus@ - - djm@cvs.openbsd.org 2003/06/04 12:40:39 - [scp.c] - kill ssh process upon receipt of signal, bz #241. - based on patch from esb AT hawaii.edu; ok markus@ - - djm@cvs.openbsd.org 2003/06/04 12:41:22 - [sftp.c] - kill ssh process on receipt of signal; ok markus@ - - (djm) Update to fix of bug #584: lock card before return. - From larsch@trustcenter.de - - (djm) Always use mysignal() for SIGALRM - -20030603 - - (djm) Replace setproctitle replacement with code derived from - UCB sendmail - - (djm) OpenBSD CVS Sync - - markus@cvs.openbsd.org 2003/06/02 09:17:34 - [auth2-hostbased.c auth.c auth-options.c auth-rhosts.c auth-rh-rsa.c] - [canohost.c monitor.c servconf.c servconf.h session.c sshd_config] - [sshd_config.5] - deprecate VerifyReverseMapping since it's dangerous if combined - with IP based access control as noted by Mike Harding; replace with - a UseDNS option, UseDNS is on by default and includes the - VerifyReverseMapping check; with itojun@, provos@, jakob@ and deraadt@ - ok deraadt@, djm@ - - millert@cvs.openbsd.org 2003/06/03 02:56:16 - [scp.c] - Remove the advertising clause in the UCB license which Berkeley - rescinded 22 July 1999. Proofed by myself and Theo. - - (djm) Fix portable-specific uses of verify_reverse_mapping too - - (djm) Sync openbsd-compat with OpenBSD CVS. - - No more 4-term BSD licenses in linked code - - (dtucker) [port-aix.c bsd-cray.c] Fix uses of verify_reverse_mapping. - -20030602 - - (djm) Fix segv from bad reordering in auth-pam.c - - (djm) Always use saved_argv in sshd.c as compat_init_setproctitle may - clobber - - (tim) openbsd-compat/xmmap.[ch] License clarifications. Add missing - CVS ID. - - (djm) Remove "noip6" option from RedHat spec file. This may now be - set at runtime using AddressFamily option. - - (djm) Fix use of macro before #define in cipher-aes.c - - (djm) Sync license on openbsd-compat/bindresvport.c with OpenBSD CVS - - (djm) OpenBSD CVS Sync - - djm@cvs.openbsd.org 2003/05/26 12:54:40 - [sshconnect.c] - fix format strings; ok markus@ - - deraadt@cvs.openbsd.org 2003/05/29 16:58:45 - [sshd.c uidswap.c] - seteuid and setegid; markus ok - - jakob@cvs.openbsd.org 2003/06/02 08:31:10 - [ssh_config.5] - VerifyHostKeyDNS is v2 only. ok markus@ - -20030530 - - (dtucker) Add missing semicolon in md5crypt.c, patch from openssh at - roumenpetrov.info - - (dtucker) Define SSHD_ACQUIRES_CTTY for NCR MP-RAS and Reliant Unix. - -20030526 - - (djm) Avoid auth2-chall.c warning when compiling without - PAM, BSD_AUTH and SKEY - -20030525 -- (djm) OpenBSD CVS Sync - - djm@cvs.openbsd.org 2003/05/24 09:02:22 - [log.c] - pass logged data through strnvis; ok markus - - djm@cvs.openbsd.org 2003/05/24 09:30:40 - [authfile.c monitor.c sftp-common.c sshpty.c] - cast some types for printing; ok markus@ - -20030524 - - (dtucker) Correct --osfsia in INSTALL. Patch by skeleten at shillest.net - -20030523 - - (djm) Use VIS_SAFE on logged strings rather than default strnvis - encoding (which encodes many more characters) - - OpenBSD CVS Sync - - jmc@cvs.openbsd.org 2003/05/20 12:03:35 - [sftp.1] - - new sentence, new line - - added .Xr's - - typos - ok djm@ - - jmc@cvs.openbsd.org 2003/05/20 12:09:31 - [ssh.1 ssh_config.5 sshd.8 sshd_config.5 ssh-keygen.1] - new sentence, new line - - djm@cvs.openbsd.org 2003/05/23 08:29:30 - [sshconnect.c] - fix leak; ok markus@ - -20030520 - - (djm) OpenBSD CVS Sync - - deraadt@cvs.openbsd.org 2003/05/18 23:22:01 - [log.c] - use syslog_r() in a signal handler called place; markus ok - - (djm) Configure logic to detect syslog_r and friends - -20030519 - - (djm) Sync auth-pam.h with what we actually implement - -20030518 - - (djm) Return of the dreaded PAM_TTY_KLUDGE, which went missing in - recent merge - - (djm) OpenBSD CVS Sync - - djm@cvs.openbsd.org 2003/05/16 03:27:12 - [readconf.c ssh_config ssh_config.5 ssh-keysign.c] - add AddressFamily option to ssh_config (like -4, -6 on commandline). - Portable bug #534; ok markus@ - - itojun@cvs.openbsd.org 2003/05/17 03:25:58 - [auth-rhosts.c] - just in case, put numbers to sscanf %s arg. - - markus@cvs.openbsd.org 2003/05/17 04:27:52 - [cipher.c cipher-ctr.c myproposal.h] - experimental support for aes-ctr modes from - http://www.ietf.org/internet-drafts/draft-ietf-secsh-newmodes-00.txt - ok djm@ - - (djm) Remove IPv4 by default hack now that we can specify AF in config - - (djm) Tidy and trim TODO - - (djm) Sync openbsd-compat/ with OpenBSD CVS head - - (djm) Big KNF on openbsd-compat/ - - (djm) KNF on md5crypt.[ch] - - (djm) KNF on auth-sia.[ch] - -20030517 - - (bal) strcat -> strlcat on openbsd-compat/realpath.c (rev 1.8 OpenBSD) - -20030516 - - (djm) OpenBSD CVS Sync - - djm@cvs.openbsd.org 2003/05/15 13:52:10 - [ssh.c] - Make "ssh -V" print the OpenSSL version in a human readable form. Patch - from Craig Leres (mindrot at ee.lbl.gov); ok markus@ - - jakob@cvs.openbsd.org 2003/05/15 14:02:47 - [readconf.c servconf.c] - warn for unsupported config option. ok markus@ - - markus@cvs.openbsd.org 2003/05/15 14:09:21 - [auth2-krb5.c] - fix 64bit issue; report itojun@ - - djm@cvs.openbsd.org 2003/05/15 14:55:25 - [readconf.c readconf.h ssh_config ssh_config.5 sshconnect.c] - add a ConnectTimeout option to ssh, based on patch from - Jean-Charles Longuet (jclonguet at free.fr); portable #207 ok markus@ - - (djm) Add warning for UsePAM when built without PAM support - - (djm) A few type mismatch fixes from Bug #565 - - (djm) Guard free_pam_environment against NULL argument. Works around - HP/UX PAM problems debugged by dtucker - -20030515 - - (djm) OpenBSD CVS Sync - - jmc@cvs.openbsd.org 2003/05/14 13:11:56 - [ssh-agent.1] - setup -> set up; - from wiz@netbsd - - jakob@cvs.openbsd.org 2003/05/14 18:16:20 - [key.c key.h readconf.c readconf.h ssh_config.5 sshconnect.c] - [dns.c dns.h README.dns ssh-keygen.1 ssh-keygen.c] - add experimental support for verifying hos keys using DNS as described - in draft-ietf-secsh-dns-xx.txt. more information in README.dns. - ok markus@ and henning@ - - markus@cvs.openbsd.org 2003/05/14 22:24:42 - [clientloop.c session.c ssh.1] - allow to send a BREAK to the remote system; ok various - - markus@cvs.openbsd.org 2003/05/15 00:28:28 - [sshconnect2.c] - cleanup unregister of per-method packet handlers; ok djm@ - - jakob@cvs.openbsd.org 2003/05/15 01:48:10 - [readconf.c readconf.h servconf.c servconf.h] - always parse kerberos options. ok djm@ markus@ - - jakob@cvs.openbsd.org 2003/05/15 02:27:15 - [dns.c] - add missing freerrset - - markus@cvs.openbsd.org 2003/05/15 03:08:29 - [cipher.c cipher-bf1.c cipher-aes.c cipher-3des1.c] - split out custom EVP ciphers - - djm@cvs.openbsd.org 2003/05/15 03:10:52 - [ssh-keygen.c] - avoid warning; ok jakob@ - - mouring@cvs.openbsd.org 2003/05/15 03:39:07 - [sftp-int.c] - Make put/get (globed and nonglobed) code more consistant. OK djm@ - - mouring@cvs.openbsd.org 2003/05/15 03:43:59 - [sftp-int.c sftp.c] - Teach ls how to display multiple column display and allow users - to return to single column format via 'ls -1'. OK @djm - - jakob@cvs.openbsd.org 2003/05/15 04:08:44 - [readconf.c servconf.c] - disable kerberos when not supported. ok markus@ - - markus@cvs.openbsd.org 2003/05/15 04:08:41 - [ssh.1] - ~B is ssh2 only - - (djm) Always parse UsePAM - - (djm) Configure glue for DNS support (code doesn't work in portable yet) - - (djm) Import getrrsetbyname() function from OpenBSD libc (for DNS support) - - (djm) Tidy Makefile clean targets - - (djm) Adapt README.dns for portable - - (djm) Avoid uuencode.c warnings - - (djm) Enable UsePAM when built --with-pam - - (djm) Only build getrrsetbyname replacement when using --with-dns - - (djm) Bug #529: sshd doesn't work correctly after SIGHUP (copy argv - correctly) - - (djm) Bug #444: Wrong paths after reconfigure - - (dtucker) HP-UX needs to include for TIOCSBRK - -20030514 - - (djm) Bug #117: Don't lie to PAM about username - - (djm) RCSID sync w/ OpenBSD - - (djm) OpenBSD CVS Sync - - djm@cvs.openbsd.org 2003/04/09 12:00:37 - [readconf.c] - strip trailing whitespace from config lines before parsing. - Fixes bz 528; ok markus@ - - markus@cvs.openbsd.org 2003/04/12 10:13:57 - [cipher.c] - hide cipher details; ok djm@ - - markus@cvs.openbsd.org 2003/04/12 10:15:36 - [misc.c] - debug->debug2 - - naddy@cvs.openbsd.org 2003/04/12 11:40:15 - [ssh.1] - document -V switch, fix wording; ok markus@ - - markus@cvs.openbsd.org 2003/04/14 14:17:50 - [channels.c sshconnect.c sshd.c ssh-keyscan.c] - avoid hardcoded SOCK_xx; with itojun@; should allow ssh over SCTP - - mouring@cvs.openbsd.org 2003/04/14 21:31:27 - [sftp-int.c] - Missing globfree(&g) in process_put() spotted by Vince Brimhall - . ok@ Theo - - markus@cvs.openbsd.org 2003/04/16 14:35:27 - [auth.h] - document struct Authctxt; with solar - - deraadt@cvs.openbsd.org 2003/04/26 04:29:49 - [ssh-keyscan.c] - -t in usage(); rogier@quaak.org - - mouring@cvs.openbsd.org 2003/04/30 01:16:20 - [sshd.8 sshd_config.5] - Escape ?, * and ! in .Ql for nroff compatibility. OpenSSH Portable - Bug #550 and * escaping suggested by jmc@. - - david@cvs.openbsd.org 2003/04/30 20:41:07 - [sshd.8] - fix invalid .Pf macro usage introduced in previous commit - ok jmc@ mouring@ - - markus@cvs.openbsd.org 2003/05/11 16:56:48 - [authfile.c ssh-keygen.c] - change key_load_public to try to read a public from: - rsa1 private or rsa1 public and ssh2 keys. - this makes ssh-keygen -e fail for ssh1 keys more gracefully - for example; report from itojun (netbsd pr 20550). - - markus@cvs.openbsd.org 2003/05/11 20:30:25 - [channels.c clientloop.c serverloop.c session.c ssh.c] - make channel_new() strdup the 'remote_name' (not the caller); ok theo - - markus@cvs.openbsd.org 2003/05/12 16:55:37 - [sshconnect2.c] - for pubkey authentication try the user keys in the following order: - 1. agent keys that are found in the config file - 2. other agent keys - 3. keys that are only listed in the config file - this helps when an agent has many keys, where the server might - close the connection before the correct key is used. report & ok pb@ - - markus@cvs.openbsd.org 2003/05/12 18:35:18 - [ssh-keyscan.1] - typo: DSA keys are of type ssh-dss; Brian Poole - - markus@cvs.openbsd.org 2003/05/14 00:52:59 - [ssh2.h] - ranges for per auth method messages - - djm@cvs.openbsd.org 2003/05/14 01:00:44 - [sftp.1] - emphasise the batchmode functionality and make reference to pubkey auth, - both of which are FAQs; ok markus@ - - markus@cvs.openbsd.org 2003/05/14 02:15:47 - [auth2.c monitor.c sshconnect2.c auth2-krb5.c] - implement kerberos over ssh2 ("kerberos-2@ssh.com"); tested with jakob@ - server interops with commercial client; ok jakob@ djm@ - - jmc@cvs.openbsd.org 2003/05/14 08:25:39 - [sftp.1] - - better formatting in SYNOPSIS - - whitespace at EOL - ok djm@ - - markus@cvs.openbsd.org 2003/05/14 08:57:49 - [monitor.c] - http://bugzilla.mindrot.org/show_bug.cgi?id=560 - Privsep child continues to run after monitor killed. - Pass monitor signals through to child; Darren Tucker - - (djm) Make portable build with MIT krb5 (some issues remain) - - (djm) Add new UsePAM configuration directive to allow runtime control - over usage of PAM. This allows non-root use of sshd when built with - --with-pam - - (djm) Die screaming if start_pam() is called when UsePAM=no - - (djm) Avoid KrbV leak for MIT Kerberos - - (dtucker) Set ai_socktype and ai_protocol in fake-getaddrinfo.c. ok djm@ - - (djm) Bug #258: sscanf("[0-9]") -> sscanf("[0123456789]") for portability - -20030512 - - (djm) Redhat spec: Don't install profile.d scripts when not - building with GNOME/GTK askpass (patch from bet@rahul.net) - -20030510 - - (dtucker) Bug #318: Create ssh_prng_cmds.out during "make" rather than - "make install". Patch by roth@feep.net. - - (dtucker) Bug #536: Test for and work around openpty/controlling tty - problem on Linux (fixes "could not set controlling tty" errors). - - (djm) Merge FreeBSD PAM code: replaces PAM password auth kludge with - proper challenge-response module - - (djm) 2-clause license on loginrec.c, with permission from - andre@ae-35.com - -20030504 - - (dtucker) Bug #497: Move #include of bsd-cygwin_util.h to openbsd-compat.h. - Patch from vinschen@redhat.com. - -20030503 - - (dtucker) Add missing "void" to record_failed_login in bsd-cray.c. Noted - by wendyp@cray.com. - -20030502 - - (dtucker) Bug #544: ignore invalid cmsg_type on Linux 2.0 kernels, - privsep should now work. - - (dtucker) Move handling of bad password authentications into a platform - specific record_failed_login() function (affects AIX & Unicos). ok mouring@ - -20030429 - - (djm) Add back radix.o (used by AFS support), after it went missing from - Makefile many moons ago - - (djm) Apply "owl-always-auth" patch from Openwall/Solar Designer - - (djm) Fix blibpath specification for AIX/gcc - - (djm) Some systems have basename in -lgen. Fix from ayamura@ayamura.org - -20030428 - - (bal) [defines.h progressmeter.c scp.c] Some more culling of non 64bit - hacked code. - -20030427 - - (bal) Bug #541: return; was dropped by mistake. Reported by - furrier@iglou.com - - (bal) Since we don't support platforms lacking u_int_64. We may - as well clean out some of those evil #ifdefs - - (bal) auth1.c minor resync while looking at the code. - - (bal) auth2.c same changed as above. - -20030409 - - (djm) Bug #539: Specify creation mode with O_CREAT for lastlog. Report - from matth@eecs.berkeley.edu - - (djm) Make the spec work with Redhat 9.0 (which renames sharutils) - - (djm) OpenBSD CVS Sync - - markus@cvs.openbsd.org 2003/04/02 09:48:07 - [clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c] - [readconf.h serverloop.c sshconnect2.c] - reapply rekeying chage, tested by henning@, ok djm@ - - markus@cvs.openbsd.org 2003/04/02 14:36:26 - [ssh-keysign.c] - potential segfault if KEY_UNSPEC; cjwatson@debian.org; bug #526 - - itojun@cvs.openbsd.org 2003/04/03 07:25:27 - [progressmeter.c] - $OpenBSD$ - - itojun@cvs.openbsd.org 2003/04/03 10:17:35 - [progressmeter.c] - remove $OpenBSD$, as other *.c does not have it. - - markus@cvs.openbsd.org 2003/04/07 08:29:57 - [monitor_wrap.c] - typo: get correct counters; introduced during rekeying change. - - millert@cvs.openbsd.org 2003/04/07 21:58:05 - [progressmeter.c] - The UCB copyright here is incorrect. This code did not originate - at UCB, it was written by Luke Mewburn. Updated the copyright at - the author's request. markus@ OK - - itojun@cvs.openbsd.org 2003/04/08 20:21:29 - [*.c *.h] - rename log() into logit() to avoid name conflict. markus ok, from - netbsd - - (djm) XXX - Performed locally using: - "perl -p -i -e 's/(\s|^)log\(/$1logit\(/g' *.c *.h" - - hin@cvs.openbsd.org 2003/04/09 08:23:52 - [servconf.c] - Don't include when compiling with Kerberos 5 support - - (djm) Fix up missing include for packet.c - - (djm) Fix missed log => logit occurance (reference by function pointer) - -20030402 - - (bal) if IP_TOS is not found or broken don't try to compile in - packet_set_tos() function call. bug #527 - -20030401 - - (djm) OpenBSD CVS Sync - - jmc@cvs.openbsd.org 2003/03/28 10:11:43 - [scp.1 sftp.1 ssh.1 ssh-add.1 ssh-agent.1 ssh_config.5 sshd_config.5] - [ssh-keygen.1 ssh-keyscan.1 ssh-keysign.8] - - killed whitespace - - new sentence new line - - .Bk for arguments - ok markus@ - - markus@cvs.openbsd.org 2003/04/01 10:10:23 - [clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c] - [readconf.h serverloop.c sshconnect2.c] - rekeying bugfixes and automatic rekeying: - * both client and server rekey _automatically_ - (a) after 2^31 packets, because after 2^32 packets - the sequence number for packets wraps - (b) after 2^(blocksize_in_bits/4) blocks - (see: draft-ietf-secsh-newmodes-00.txt) - (a) and (b) are _enabled_ by default, and only disabled for known - openssh versions, that don't support rekeying properly. - * client option 'RekeyLimit' - * do not reply to requests during rekeying - - markus@cvs.openbsd.org 2003/04/01 10:22:21 - [clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c] - [readconf.h serverloop.c sshconnect2.c] - backout rekeying changes (for 3.6.1) - - markus@cvs.openbsd.org 2003/04/01 10:31:26 - [compat.c compat.h kex.c] - bugfix causes stalled connections for ssh.com < 3.0; noticed by ho@; - tested by ho@ and myself - - markus@cvs.openbsd.org 2003/04/01 10:56:46 - [version.h] - 3.6.1 - - (djm) Crank spec file versions - - (djm) Release 3.6.1p1 - -20030326 - - (djm) OpenBSD CVS Sync - - deraadt@cvs.openbsd.org 2003/03/26 04:02:51 - [sftp-server.c] - one last fix to the tree: race fix broke stuff; pr 3169; - srp@srparish.net, help from djm - -20030325 - - (djm) Fix getpeerid support for 64 bit BE systems. From - Arnd Bergmann - -20030324 - - (djm) OpenBSD CVS Sync - - markus@cvs.openbsd.org 2003/03/23 19:02:00 - [monitor.c] - unbreak rekeying for privsep; ok millert@ - - Release 3.6p1 - - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. - Report from murple@murple.net, diagnosis from dtucker@zip.com.au - $Id$ diff --git a/openssh/README b/openssh/README index fb571d7..d70edb7 100644 --- a/openssh/README +++ b/openssh/README @@ -1,5 +1,4 @@ -See: -http://www.openssh.com/txt/release-3.8 for the release notes. +See http://www.openssh.com/txt/release-3.8.1 for the release notes. - A Japanese translation of this document and of the OpenSSH FAQ is - available at http://www.unixuser.org/~haruyama/security/openssh/index.html diff --git a/openssh/acconfig.h b/openssh/acconfig.h index 77e0322..fd14c1a 100644 --- a/openssh/acconfig.h +++ b/openssh/acconfig.h @@ -131,6 +131,9 @@ /* Define if your AIX loginfailed() function takes 4 arguments (AIX >= 5.2) */ #undef AIX_LOGINFAILED_4ARG +/* Define if your skeychallenge() function takes 4 arguments (eg NetBSD) */ +#undef SKEYCHALLENGE_4ARG + /* Define if you have/want arrays (cluster-wide session managment, not C arrays) */ #undef WITH_IRIX_ARRAY @@ -202,6 +205,9 @@ /* Define if you don't want to use lastlog in session.c */ #undef NO_SSH_LASTLOG +/* Define if have krb5_init_ets */ +#undef KRB5_INIT_ETS + /* Define if you don't want to use utmp */ #undef DISABLE_UTMP @@ -360,6 +366,9 @@ /* getaddrinfo is broken (if present) */ #undef BROKEN_GETADDRINFO +/* updwtmpx is broken (if present) */ +#undef BROKEN_UPDWTMPX + /* Workaround more Linux IPv6 quirks */ #undef DONT_TRY_OTHER_AF diff --git a/openssh/auth-krb5.c b/openssh/auth-krb5.c index 8594924..a728eba 100644 --- a/openssh/auth-krb5.c +++ b/openssh/auth-krb5.c @@ -54,7 +54,9 @@ krb5_init(void *context) problem = krb5_init_context(&authctxt->krb5_ctx); if (problem) return (problem); +#ifdef KRB5_INIT_ETS krb5_init_ets(authctxt->krb5_ctx); +#endif } return (0); } @@ -70,6 +72,7 @@ auth_krb5_password(Authctxt *authctxt, const char *password) #endif krb5_error_code problem; krb5_ccache ccache = NULL; + int len; if (!authctxt->valid) return (0); @@ -175,6 +178,11 @@ auth_krb5_password(Authctxt *authctxt, const char *password) authctxt->krb5_ticket_file = (char *)krb5_cc_get_name(authctxt->krb5_ctx, authctxt->krb5_fwd_ccache); + len = strlen(authctxt->krb5_ticket_file) + 6; + authctxt->krb5_ccname = xmalloc(len); + snprintf(authctxt->krb5_ccname, len, "FILE:%s", + authctxt->krb5_ticket_file); + out: restore_uid(); diff --git a/openssh/auth-pam.c b/openssh/auth-pam.c index 7157e72..9eb3174 100644 --- a/openssh/auth-pam.c +++ b/openssh/auth-pam.c @@ -58,6 +58,7 @@ RCSID("$Id$"); extern ServerOptions options; extern Buffer loginmsg; extern int compat20; +extern u_int utmp_len; #ifdef USE_POSIX_THREADS #include @@ -117,6 +118,7 @@ pthread_create(sp_pthread_t *thread, const void *attr __unused, { pid_t pid; + sshpam_thread_status = -1; switch ((pid = fork())) { case -1: error("fork(): %s", strerror(errno)); @@ -159,7 +161,7 @@ static int sshpam_session_open = 0; static int sshpam_cred_established = 0; static int sshpam_account_status = -1; static char **sshpam_env = NULL; -static int *force_pwchange; +static Authctxt *sshpam_authctxt = NULL; /* Some PAM implementations don't implement this */ #ifndef HAVE_PAM_GETENVLIST @@ -179,7 +181,9 @@ void pam_password_change_required(int reqd) { debug3("%s %d", __func__, reqd); - *force_pwchange = reqd; + if (sshpam_authctxt == NULL) + fatal("%s: PAM authctxt not initialized", __func__); + sshpam_authctxt->force_pwchange = reqd; if (reqd) { no_port_forwarding_flag |= 2; no_agent_forwarding_flag |= 2; @@ -201,6 +205,7 @@ import_environments(Buffer *b) debug3("PAM: %s entering", __func__); +#ifndef USE_POSIX_THREADS /* Import variables set by do_pam_account */ sshpam_account_status = buffer_get_int(b); pam_password_change_required(buffer_get_int(b)); @@ -228,6 +233,7 @@ import_environments(Buffer *b) } #endif } +#endif } /* @@ -336,6 +342,9 @@ sshpam_thread(void *ctxtp) sshpam_conv.conv = sshpam_thread_conv; sshpam_conv.appdata_ptr = ctxt; + if (sshpam_authctxt == NULL) + fatal("%s: PAM authctxt not initialized", __func__); + buffer_init(&buffer); sshpam_err = pam_set_item(sshpam_handle, PAM_CONV, (const void *)&sshpam_conv); @@ -348,7 +357,7 @@ sshpam_thread(void *ctxtp) if (compat20) { if (!do_pam_account()) goto auth_fail; - if (*force_pwchange) { + if (sshpam_authctxt->force_pwchange) { sshpam_err = pam_chauthtok(sshpam_handle, PAM_CHANGE_EXPIRED_AUTHTOK); if (sshpam_err != PAM_SUCCESS) @@ -362,7 +371,7 @@ sshpam_thread(void *ctxtp) #ifndef USE_POSIX_THREADS /* Export variables set by do_pam_account */ buffer_put_int(&buffer, sshpam_account_status); - buffer_put_int(&buffer, *force_pwchange); + buffer_put_int(&buffer, sshpam_authctxt->force_pwchange); /* Export any environment strings set in child */ for(i = 0; environ[i] != NULL; i++) @@ -443,11 +452,10 @@ sshpam_cleanup(void) } static int -sshpam_init(const char *user) +sshpam_init(Authctxt *authctxt) { - extern u_int utmp_len; extern char *__progname; - const char *pam_rhost, *pam_user; + const char *pam_rhost, *pam_user, *user = authctxt->user; if (sshpam_handle != NULL) { /* We already have a PAM context; check if the user matches */ @@ -461,6 +469,8 @@ sshpam_init(const char *user) debug("PAM: initializing for \"%s\"", user); sshpam_err = pam_start(SSHD_PAM_SERVICE, user, &null_conv, &sshpam_handle); + sshpam_authctxt = authctxt; + if (sshpam_err != PAM_SUCCESS) { pam_end(sshpam_handle, sshpam_err); sshpam_handle = NULL; @@ -503,7 +513,7 @@ sshpam_init_ctx(Authctxt *authctxt) return NULL; /* Initialize PAM */ - if (sshpam_init(authctxt->user) == -1) { + if (sshpam_init(authctxt) == -1) { error("PAM: initialization failed"); return (NULL); } @@ -511,8 +521,6 @@ sshpam_init_ctx(Authctxt *authctxt) ctxt = xmalloc(sizeof *ctxt); memset(ctxt, 0, sizeof(*ctxt)); - force_pwchange = &(authctxt->force_pwchange); - /* Start the authentication thread */ if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, socks) == -1) { error("PAM: failed create sockets: %s", strerror(errno)); @@ -591,7 +599,10 @@ sshpam_query(void *ctx, char **name, char **info, xfree(msg); return (0); } - error("PAM: %s", msg); + error("PAM: %s for %s%.100s from %.100s", msg, + sshpam_authctxt->valid ? "" : "illegal user ", + sshpam_authctxt->user, + get_remote_name_or_ip(utmp_len, options.use_dns)); /* FALLTHROUGH */ default: *num = 0; @@ -671,12 +682,12 @@ KbdintDevice mm_sshpam_device = { * This replaces auth-pam.c */ void -start_pam(const char *user) +start_pam(Authctxt *authctxt) { if (!options.use_pam) fatal("PAM: initialisation requested when UsePAM=no"); - if (sshpam_init(user) == -1) + if (sshpam_init(authctxt) == -1) fatal("PAM: initialisation failed"); } diff --git a/openssh/auth-pam.h b/openssh/auth-pam.h index 0682ca0..ff501f6 100644 --- a/openssh/auth-pam.h +++ b/openssh/auth-pam.h @@ -31,7 +31,7 @@ # define SSHD_PAM_SERVICE __progname #endif -void start_pam(const char *); +void start_pam(Authctxt *); void finish_pam(void); u_int do_pam_account(void); void do_pam_session(void); diff --git a/openssh/auth-passwd.c b/openssh/auth-passwd.c index b9679ab..beaf0fa 100644 --- a/openssh/auth-passwd.c +++ b/openssh/auth-passwd.c @@ -73,13 +73,6 @@ auth_password(Authctxt *authctxt, const char *password) if (*password == '\0' && options.permit_empty_passwd == 0) return 0; -#if defined(HAVE_OSF_SIA) - /* - * XXX: any reason this is before krb? could be moved to - * sys_auth_passwd()? -dt - */ - return auth_sia_password(authctxt, password) && ok; -#endif #ifdef KRB5 if (options.kerberos_authentication == 1) { int ret = auth_krb5_password(authctxt, password); diff --git a/openssh/auth-sia.c b/openssh/auth-sia.c index cd2dcb8..63f55d0 100644 --- a/openssh/auth-sia.c +++ b/openssh/auth-sia.c @@ -47,7 +47,7 @@ extern int saved_argc; extern char **saved_argv; int -auth_sia_password(Authctxt *authctxt, char *pass) +sys_auth_passwd(Authctxt *authctxt, char *pass) { int ret; SIAENTITY *ent = NULL; diff --git a/openssh/auth-sia.h b/openssh/auth-sia.h index 38164ff..ca55e91 100644 --- a/openssh/auth-sia.h +++ b/openssh/auth-sia.h @@ -26,7 +26,7 @@ #ifdef HAVE_OSF_SIA -int auth_sia_password(Authctxt *, char *); +int sys_auth_passwd(Authctxt *, char *); void session_setup_sia(struct passwd *, char *); #endif /* HAVE_OSF_SIA */ diff --git a/openssh/auth-skey.c b/openssh/auth-skey.c index f9ea03f..ac1af69 100644 --- a/openssh/auth-skey.c +++ b/openssh/auth-skey.c @@ -47,7 +47,8 @@ skey_query(void *ctx, char **name, char **infotxt, int len; struct skey skey; - if (skeychallenge(&skey, authctxt->user, challenge) == -1) + if (_compat_skeychallenge(&skey, authctxt->user, challenge, + sizeof(challenge)) == -1) return -1; *name = xstrdup(""); diff --git a/openssh/auth.h b/openssh/auth.h index 7e7562b..b916fa6 100644 --- a/openssh/auth.h +++ b/openssh/auth.h @@ -69,6 +69,7 @@ struct Authctxt { krb5_ccache krb5_fwd_ccache; krb5_principal krb5_user; char *krb5_ticket_file; + char *krb5_ccname; #endif #ifdef SESSION_HOOKS char *session_env_file; diff --git a/openssh/auth1.c b/openssh/auth1.c index 82fe5fb..f145cf0 100644 --- a/openssh/auth1.c +++ b/openssh/auth1.c @@ -307,7 +307,7 @@ do_authentication(Authctxt *authctxt) #ifdef USE_PAM if (options.use_pam) - PRIVSEP(start_pam(user)); + PRIVSEP(start_pam(authctxt)); #endif /* diff --git a/openssh/auth2-gss.c b/openssh/auth2-gss.c index ad85e1f..cdc8945 100644 --- a/openssh/auth2-gss.c +++ b/openssh/auth2-gss.c @@ -141,7 +141,7 @@ input_gssapi_token(int type, u_int32_t plen, void *ctxt) Gssctxt *gssctxt; gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER; gss_buffer_desc recv_tok; - OM_uint32 maj_status, min_status, flags; + OM_uint32 maj_status, min_status, flags=0; u_int len; if (authctxt == NULL || (authctxt->methoddata == NULL && !use_privsep)) @@ -242,7 +242,8 @@ gssapi_set_implicit_username(Authctxt *authctxt) } if (authctxt->pw) { #ifdef USE_PAM - PRIVSEP(start_pam(authctxt->pw->pw_name)); + if (options.use_pam) + PRIVSEP(start_pam(authctxt->pw->pw_name)); #endif } } diff --git a/openssh/auth2.c b/openssh/auth2.c index eaa377f..03fe49e 100644 --- a/openssh/auth2.c +++ b/openssh/auth2.c @@ -200,19 +200,20 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt) } else { #endif authctxt->pw = PRIVSEP(getpwnamallow(user)); + authctxt->user = xstrdup(user); if (authctxt->pw && strcmp(service, "ssh-connection")==0) { authctxt->valid = 1; debug2("input_userauth_request: setting up authctxt for %s", user); #ifdef USE_PAM if (options.use_pam) - PRIVSEP(start_pam(authctxt->pw->pw_name)); + PRIVSEP(start_pam(authctxt)); #endif } else { logit("input_userauth_request: illegal user %s", user); authctxt->pw = fakepw(); #ifdef USE_PAM if (options.use_pam) - PRIVSEP(start_pam(user)); + PRIVSEP(start_pam(authctxt)); #endif } #ifdef GSSAPI @@ -220,7 +221,6 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt) #endif setproctitle("%s%s", authctxt->pw ? user : "unknown", use_privsep ? " [net]" : ""); - authctxt->user = xstrdup(user); authctxt->service = xstrdup(service); authctxt->style = style ? xstrdup(style) : NULL; if (use_privsep && (authctxt->attempt == 1)) diff --git a/openssh/canohost.c b/openssh/canohost.c index 0bb27c9..3c26885 100644 --- a/openssh/canohost.c +++ b/openssh/canohost.c @@ -44,6 +44,9 @@ get_remote_hostname(int socket, int use_dns) cleanup_exit(255); } + if (from.ss_family == AF_INET) + check_ip_options(socket, ntop); + ipv64_normalise_mapped(&from, &fromlen); if (from.ss_family == AF_INET6) @@ -56,9 +59,6 @@ get_remote_hostname(int socket, int use_dns) if (!use_dns) return xstrdup(ntop); - if (from.ss_family == AF_INET) - check_ip_options(socket, ntop); - debug3("Trying to reverse map address %.100s.", ntop); /* Map the IP address to a host name. */ if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name), diff --git a/openssh/configure.ac b/openssh/configure.ac index bcc4f14..cbaaba3 100644 --- a/openssh/configure.ac +++ b/openssh/configure.ac @@ -1,4 +1,18 @@ # $Id$ +# +# Copyright (c) 1999-2004 Damien Miller +# +# Permission to use, copy, modify, and distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT AC_CONFIG_SRCDIR([ssh.c]) @@ -140,16 +154,7 @@ case "$host" in AC_DEFINE(BROKEN_SETREGID) ;; *-*-darwin*) - AC_MSG_CHECKING(if we have working getaddrinfo) - AC_TRY_RUN([#include -main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) - exit(0); - else - exit(1); -}], [AC_MSG_RESULT(working)], - [AC_MSG_RESULT(buggy) - AC_DEFINE(BROKEN_GETADDRINFO)], - [AC_MSG_RESULT(assume it is working)]) + AC_DEFINE(BROKEN_GETADDRINFO) AC_DEFINE(SETEUID_BREAKS_SETUID) AC_DEFINE(BROKEN_SETREUID) AC_DEFINE(BROKEN_SETREGID) @@ -195,10 +200,7 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) AC_DEFINE(DISABLE_UTMP) AC_DEFINE(LOCKED_PASSWD_STRING, "*") AC_DEFINE(SPT_TYPE,SPT_PSTAT) - case "$host" in - *-*-hpux11.11*) - AC_DEFINE(BROKEN_GETADDRINFO);; - esac + check_for_hpux_broken_getaddrinfo=1 LIBS="$LIBS -lsec" AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])) ;; @@ -221,6 +223,7 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) AC_DEFINE(SETEUID_BREAKS_SETUID) AC_DEFINE(BROKEN_SETREUID) AC_DEFINE(BROKEN_SETREGID) + AC_DEFINE(BROKEN_UPDWTMPX) AC_DEFINE(WITH_ABBREV_NO_TTY) AC_DEFINE(LOCKED_PASSWD_STRING, "*LK*") ;; @@ -230,7 +233,7 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) check_for_openpty_ctty_bug=1 AC_DEFINE(DONT_TRY_OTHER_AF) AC_DEFINE(PAM_TTY_KLUDGE) - AC_DEFINE(LOCKED_PASSWD_PREFIX, "!!") + AC_DEFINE(LOCKED_PASSWD_PREFIX, "!") AC_DEFINE(SPT_TYPE,SPT_REUSEARGV) inet6_default_4in6=yes case `uname -r` in @@ -268,6 +271,9 @@ mips-sony-bsd|mips-sony-newsos4) AC_DEFINE(BROKEN_SAVED_UIDS) ;; *-*-solaris*) + if test "x$withval" != "xno" ; then + need_dash_r=1 + fi AC_DEFINE(PAM_SUN_CODEBASE) AC_DEFINE(LOGIN_NEEDS_UTMPX) AC_DEFINE(LOGIN_NEEDS_TERM) @@ -344,6 +350,9 @@ mips-sony-bsd|mips-sony-newsos4) AC_DEFINE(HAVE_SECUREWARE) AC_DEFINE(DISABLE_SHADOW) AC_DEFINE(BROKEN_SAVED_UIDS) + AC_DEFINE(SETEUID_BREAKS_SETUID) + AC_DEFINE(BROKEN_SETREUID) + AC_DEFINE(BROKEN_SETREGID) AC_DEFINE(WITH_ABBREV_NO_TTY) AC_CHECK_FUNCS(getluid setluid) MANTYPE=man @@ -491,10 +500,10 @@ AC_CHECK_HEADERS(bstring.h crypt.h endian.h features.h floatingpoint.h \ netinet/in_systm.h pam/pam_appl.h paths.h pty.h readpassphrase.h \ rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \ strings.h sys/strtio.h sys/audit.h sys/bitypes.h sys/bsdtty.h \ - sys/cdefs.h sys/mman.h sys/pstat.h sys/ptms.h sys/select.h sys/stat.h \ - sys/stream.h sys/stropts.h sys/sysmacros.h sys/time.h sys/timers.h \ - sys/un.h time.h tmpdir.h ttyent.h usersec.h \ - util.h utime.h utmp.h utmpx.h vis.h) + sys/cdefs.h sys/mman.h sys/prctl.h sys/pstat.h sys/ptms.h \ + sys/select.h sys/stat.h sys/stream.h sys/stropts.h \ + sys/sysmacros.h sys/time.h sys/timers.h sys/un.h time.h tmpdir.h \ + ttyent.h usersec.h util.h utime.h utmp.h utmpx.h vis.h) # Checks for libraries. AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match)) @@ -903,6 +912,15 @@ int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); } AC_MSG_RESULT(no) AC_MSG_ERROR([** Incomplete or missing s/key libraries.]) ]) + AC_MSG_CHECKING(if skeychallenge takes 4 arguments) + AC_TRY_COMPILE( + [#include + #include ], + [(void)skeychallenge(NULL,"name","",0);], + [AC_MSG_RESULT(yes) + AC_DEFINE(SKEYCHALLENGE_4ARG)], + [AC_MSG_RESULT(no)] + ) fi ] ) @@ -942,6 +960,9 @@ AC_ARG_WITH(tcp-wrappers, AC_MSG_CHECKING(for libwrap) AC_TRY_LINK( [ +#include +#include +#include #include int deny_severity = 0, allow_severity = 0; ], @@ -969,12 +990,12 @@ AC_CHECK_FUNCS(\ getpeereid _getpty getrlimit getttyent glob inet_aton \ inet_ntoa inet_ntop innetgr login_getcapbool md5_crypt memmove \ mkdtemp mmap ngetaddrinfo nsleep ogetaddrinfo openlog_r openpty \ - pstat readpassphrase realpath recvmsg rresvport_af sendmsg \ + pstat prctl readpassphrase realpath recvmsg rresvport_af sendmsg \ setdtablesize setegid setenv seteuid setgroups setlogin setpcred \ setproctitle setregid setreuid setrlimit \ setsid setvbuf sigaction sigvec snprintf socketpair strerror \ strlcat strlcpy strmode strnvis strtoul sysconf tcgetpgrp \ - truncate updwtmpx utimes vhangup vsnprintf waitpid \ + truncate unsetenv updwtmpx utimes vhangup vsnprintf waitpid \ ) # IRIX has a const char return value for gai_strerror() @@ -1142,6 +1163,74 @@ main() ) fi +if test "x$ac_cv_func_getaddrinfo" = "xyes" -a "x$check_for_hpux_broken_getaddrinfo" = "x1"; then + AC_MSG_CHECKING(if getaddrinfo seems to work) + AC_TRY_RUN( + [ +#include +#include +#include +#include +#include + +#define TEST_PORT "2222" + +int +main(void) +{ + int err, sock; + struct addrinfo *gai_ai, *ai, hints; + char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; + + memset(&hints, 0, sizeof(hints)); + hints.ai_family = PF_UNSPEC; + hints.ai_socktype = SOCK_STREAM; + hints.ai_flags = AI_PASSIVE; + + err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); + if (err != 0) { + fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); + exit(1); + } + + for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { + if (ai->ai_family != AF_INET6) + continue; + + err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, + sizeof(ntop), strport, sizeof(strport), + NI_NUMERICHOST|NI_NUMERICSERV); + + if (err != 0) { + if (err == EAI_SYSTEM) + perror("getnameinfo EAI_SYSTEM"); + else + fprintf(stderr, "getnameinfo failed: %s\n", + gai_strerror(err)); + exit(2); + } + + sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); + if (sock < 0) + perror("socket"); + if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) { + if (errno == EBADF) + exit(3); + } + } + exit(0); +} + ], + [ + AC_MSG_RESULT(yes) + ], + [ + AC_MSG_RESULT(no) + AC_DEFINE(BROKEN_GETADDRINFO) + ] + ) +fi + AC_FUNC_GETPGRP # Check for PAM libs @@ -2351,6 +2440,7 @@ AC_ARG_WITH(kerberos5, LIBS="$LIBS $K5LIBS" AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS)) + AC_SEARCH_LIBS(krb5_init_ets, $K5LIBS, AC_DEFINE(KRB5_INIT_ETS)) ] ) @@ -2371,7 +2461,7 @@ AC_ARG_WITH(afs-krb5, AC_MSG_WARN([AFS_KRB5 requires Kerberos 5 support, build may fail]) fi - LIBS="-lkrbafs $LIBS" + LIBS="-lkrbafs -lkrb4 $LIBS" if test ! -z "$AFS_LIBS" ; then LIBS="$LIBS $AFS_LIBS" fi diff --git a/openssh/contrib/caldera/openssh.spec b/openssh/contrib/caldera/openssh.spec index cae94b6..71396ff 100644 --- a/openssh/contrib/caldera/openssh.spec +++ b/openssh/contrib/caldera/openssh.spec @@ -17,11 +17,11 @@ #old cvs stuff. please update before use. may be deprecated. %define use_stable 1 %if %{use_stable} - %define version 3.8p1 + %define version 3.8.1p1 %define cvs %{nil} %define release 1 %else - %define version 3.8p1 + %define version 3.8.1p1 %define cvs cvs20011009 %define release 0r1 %endif diff --git a/openssh/contrib/redhat/openssh.spec b/openssh/contrib/redhat/openssh.spec index 05750e3..b747009 100644 --- a/openssh/contrib/redhat/openssh.spec +++ b/openssh/contrib/redhat/openssh.spec @@ -1,4 +1,4 @@ -%define ver 3.8p1 +%define ver 3.8.1p1 %define rel 1 # OpenSSH privilege separation requires a user & group ID diff --git a/openssh/contrib/redhat/sshd.pam b/openssh/contrib/redhat/sshd.pam index d2ab073..24f3b46 100644 --- a/openssh/contrib/redhat/sshd.pam +++ b/openssh/contrib/redhat/sshd.pam @@ -1,8 +1,8 @@ #%PAM-1.0 -auth required /lib/security/pam_stack.so service=system-auth -auth required /lib/security/pam_nologin.so -account required /lib/security/pam_stack.so service=system-auth -password required /lib/security/pam_stack.so service=system-auth -session required /lib/security/pam_stack.so service=system-auth -session required /lib/security/pam_limits.so -session optional /lib/security/pam_console.so +auth required pam_stack.so service=system-auth +auth required pam_nologin.so +account required pam_stack.so service=system-auth +password required pam_stack.so service=system-auth +session required pam_stack.so service=system-auth +session required pam_limits.so +session optional pam_console.so diff --git a/openssh/contrib/suse/openssh.spec b/openssh/contrib/suse/openssh.spec index 7eb71ad..2b43d03 100644 --- a/openssh/contrib/suse/openssh.spec +++ b/openssh/contrib/suse/openssh.spec @@ -1,6 +1,6 @@ Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation Name: openssh -Version: 3.8p1 +Version: 3.8.1p1 URL: http://www.openssh.com/ Release: 1 Source0: openssh-%{version}.tar.gz diff --git a/openssh/defines.h b/openssh/defines.h index 3d6b688..889b918 100644 --- a/openssh/defines.h +++ b/openssh/defines.h @@ -507,6 +507,10 @@ struct winsize { # undef HAVE_GAI_STRERROR #endif +#if defined(BROKEN_UPDWTMPX) && defined(HAVE_UPDWTMPX) +# undef HAVE_UPDWTMPX +#endif + #if !defined(HAVE_MEMMOVE) && defined(HAVE_BCOPY) # define memmove(s1, s2, n) bcopy((s2), (s1), (n)) #endif /* !defined(HAVE_MEMMOVE) && defined(HAVE_BCOPY) */ @@ -534,6 +538,12 @@ struct winsize { # define krb5_get_err_text(context,code) error_message(code) #endif +#if defined(SKEYCHALLENGE_4ARG) +# define _compat_skeychallenge(a,b,c,d) skeychallenge(a,b,c,d) +#else +# define _compat_skeychallenge(a,b,c,d) skeychallenge(a,b,c) +#endif + /* Maximum number of file descriptors available */ #ifdef HAVE_SYSCONF # define SSH_SYSFDMAX sysconf(_SC_OPEN_MAX) @@ -611,11 +621,22 @@ struct winsize { #endif +#ifndef UT_LINESIZE +# define UT_LINESIZE 8 +#endif + /* I hope that the presence of LASTLOG_FILE is enough to detect this */ #if defined(LASTLOG_FILE) && !defined(DISABLE_LASTLOG) # define USE_LASTLOG #endif +#ifdef HAVE_OSF_SIA +# ifdef USE_SHADOW +# undef USE_SHADOW +# endif +# define CUSTOM_SYS_AUTH_PASSWD 1 +#endif + /** end of login recorder definitions */ #endif /* _DEFINES_H */ diff --git a/openssh/dh.c b/openssh/dh.c index c7a3e18..afd1e05 100644 --- a/openssh/dh.c +++ b/openssh/dh.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: dh.c,v 1.26 2003/12/16 15:51:54 markus Exp $"); +RCSID("$OpenBSD: dh.c,v 1.29 2004/02/27 22:49:27 dtucker Exp $"); #include "xmalloc.h" @@ -91,6 +91,9 @@ parse_prime(int linenum, char *line, struct dhgroup *dhg) if (BN_num_bits(dhg->p) != dhg->size) goto failclean; + if (BN_is_zero(dhg->g) || BN_is_one(dhg->g)) + goto failclean; + return (1); failclean: @@ -105,7 +108,7 @@ DH * choose_dh(int min, int wantbits, int max) { FILE *f; - char line[2048]; + char line[4096]; int best, bestcount, which; int linenum; struct dhgroup dhg; @@ -194,7 +197,7 @@ dh_pub_is_valid(DH *dh, BIGNUM *dh_pub) void dh_gen_key(DH *dh, int need) { - int i, bits_set = 0, tries = 0; + int i, bits_set, tries = 0; if (dh->p == NULL) fatal("dh_gen_key: dh->p == NULL"); @@ -211,7 +214,7 @@ dh_gen_key(DH *dh, int need) fatal("dh_gen_key: BN_rand failed"); if (DH_generate_key(dh) == 0) fatal("DH_generate_key"); - for (i = 0; i <= BN_num_bits(dh->priv_key); i++) + for (i = 0, bits_set = 0; i <= BN_num_bits(dh->priv_key); i++) if (BN_is_bit_set(dh->priv_key, i)) bits_set++; debug2("dh_gen_key: priv key bits set: %d/%d", diff --git a/openssh/gss-serv-krb5.c b/openssh/gss-serv-krb5.c index dbe2b0b..485ecd6 100644 --- a/openssh/gss-serv-krb5.c +++ b/openssh/gss-serv-krb5.c @@ -49,6 +49,30 @@ extern ServerOptions options; #endif static krb5_context krb_context = NULL; +static int ssh_gssapi_krb5_init(); +static int ssh_gssapi_krb5_userok(ssh_gssapi_client *client, char *name); +static int ssh_gssapi_krb5_localname(ssh_gssapi_client *client, char **user); +static void ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client); + +ssh_gssapi_mech gssapi_kerberos_mech = { + "toWM5Slw5Ew8Mqkay+al2g==", + "Kerberos", + {9, "\x2A\x86\x48\x86\xF7\x12\x01\x02\x02"}, + NULL, + &ssh_gssapi_krb5_userok, + &ssh_gssapi_krb5_localname, + &ssh_gssapi_krb5_storecreds +}; + +ssh_gssapi_mech gssapi_kerberos_mech_old = { + "Se3H81ismmOC3OE+FwYCiQ==", + "Kerberos", + {9, "\x2A\x86\x48\x86\xF7\x12\x01\x02\x02"}, + &ssh_gssapi_krb5_init, + &ssh_gssapi_krb5_userok, + &ssh_gssapi_krb5_localname, + &ssh_gssapi_krb5_storecreds +}; /* Initialise the krb5 library, for the stuff that GSSAPI won't do */ @@ -65,7 +89,9 @@ ssh_gssapi_krb5_init() logit("Cannot initialize krb5 context"); return 0; } +#ifdef KRB5_INIT_ETS krb5_init_ets(krb_context); +#endif return 1; } @@ -235,26 +261,6 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client) return; } -ssh_gssapi_mech gssapi_kerberos_mech = { - "toWM5Slw5Ew8Mqkay+al2g==", - "Kerberos", - {9, "\x2A\x86\x48\x86\xF7\x12\x01\x02\x02"}, - NULL, - &ssh_gssapi_krb5_userok, - &ssh_gssapi_krb5_localname, - &ssh_gssapi_krb5_storecreds -}; - -ssh_gssapi_mech gssapi_kerberos_mech_old = { - "Se3H81ismmOC3OE+FwYCiQ==", - "Kerberos", - {9, "\x2A\x86\x48\x86\xF7\x12\x01\x02\x02"}, - &ssh_gssapi_krb5_init, - &ssh_gssapi_krb5_userok, - &ssh_gssapi_krb5_localname, - &ssh_gssapi_krb5_storecreds -}; - #endif /* KRB5 */ #endif /* GSSAPI */ diff --git a/openssh/gss-serv.c b/openssh/gss-serv.c index f5bfa03..2c26762 100644 --- a/openssh/gss-serv.c +++ b/openssh/gss-serv.c @@ -76,6 +76,10 @@ ssh_gssapi_mech* supported_mechs[]= { &gssapi_null_mech, }; +#ifdef GSS_C_GLOBUS_LIMITED_PROXY_FLAG +static int limited = 0; +#endif + /* Unpriviledged */ void ssh_gssapi_supported_oids(gss_OID_set *oidset) @@ -86,7 +90,8 @@ ssh_gssapi_supported_oids(gss_OID_set *oidset) gss_OID_set supported; gss_create_empty_oid_set(&min_status, oidset); - gss_indicate_mechs(&min_status, &supported); + /* Ask priviledged process what mechanisms it supports. */ + PRIVSEP(gss_indicate_mechs(&min_status, &supported)); while (supported_mechs[i]->name != NULL) { if (GSS_ERROR(gss_test_oid_set_member(&min_status, @@ -136,6 +141,10 @@ ssh_gssapi_accept_ctx(Gssctxt *ctx, gss_buffer_desc *recv_tok, (*flags & GSS_C_INTEG_FLAG))) && (ctx->major == GSS_S_COMPLETE)) { if (ssh_gssapi_getclient(ctx, &gssapi_client)) fatal("Couldn't convert client name"); +#ifdef GSS_C_GLOBUS_LIMITED_PROXY_FLAG + if (flags && (*flags & GSS_C_GLOBUS_LIMITED_PROXY_FLAG)) + limited=1; +#endif } return (status); @@ -306,6 +315,12 @@ ssh_gssapi_userok(char *user) debug("No suitable client data"); return 0; } +#ifdef GSS_C_GLOBUS_LIMITED_PROXY_FLAG + if (limited) { + debug("limited proxy not acceptable for remote login"); + return 0; + } +#endif if (gssapi_client.mech && gssapi_client.mech->userok) return ((*gssapi_client.mech->userok)(&gssapi_client, user)); else diff --git a/openssh/kexgsss.c b/openssh/kexgsss.c index b4e0f2c..468f410 100644 --- a/openssh/kexgsss.c +++ b/openssh/kexgsss.c @@ -112,12 +112,6 @@ kexgss_server(Kex *kex) gss_release_buffer(&min_status,&recv_tok); -#ifdef GSS_C_GLOBUS_LIMITED_PROXY_FLAG - if (ret_flags & GSS_C_GLOBUS_LIMITED_PROXY_FLAG) { - packet_disconnect("Limited proxy is not allowed in gssapi key exchange."); - } -#endif - if (maj_status!=GSS_S_COMPLETE && send_tok.length==0) { fatal("Zero length token output when incomplete"); } diff --git a/openssh/loginrec.c b/openssh/loginrec.c index d975443..897921c 100644 --- a/openssh/loginrec.c +++ b/openssh/loginrec.c @@ -1354,7 +1354,7 @@ static int syslogin_perform_logout(struct logininfo *li) { # ifdef HAVE_LOGOUT - char line[8]; + char line[UT_LINESIZE]; (void)line_stripname(line, li->line, sizeof(line)); diff --git a/openssh/monitor.c b/openssh/monitor.c index b432050..494c430 100644 --- a/openssh/monitor.c +++ b/openssh/monitor.c @@ -37,7 +37,13 @@ RCSID("$OpenBSD: monitor.c,v 1.55 2004/02/05 05:37:17 dtucker Exp $"); #include "auth.h" #include "kex.h" #include "dh.h" +#ifdef TARGET_OS_MAC /* XXX Broken krb5 headers on Mac */ +#undef TARGET_OS_MAC #include "zlib.h" +#define TARGET_OS_MAC 1 +#else +#include "zlib.h" +#endif #include "packet.h" #include "auth-options.h" #include "sshpty.h" @@ -781,7 +787,8 @@ mm_answer_skeyquery(int socket, Buffer *m) char challenge[1024]; u_int success; - success = skeychallenge(&skey, authctxt->user, challenge) < 0 ? 0 : 1; + success = _compat_skeychallenge(&skey, authctxt->user, challenge, + sizeof(challenge)) < 0 ? 0 : 1; buffer_clear(m); buffer_put_int(m, success); @@ -825,16 +832,10 @@ mm_answer_skeyrespond(int socket, Buffer *m) int mm_answer_pam_start(int socket, Buffer *m) { - char *user; - if (!options.use_pam) fatal("UsePAM not set, but ended up in %s anyway", __func__); - user = buffer_get_string(m, NULL); - - start_pam(user); - - xfree(user); + start_pam(authctxt); monitor_permit(mon_dispatch, MONITOR_REQ_PAM_ACCOUNT, 1); @@ -1891,11 +1892,13 @@ int mm_answer_gss_sign(int socket, Buffer *m) { gss_buffer_desc data,hash; OM_uint32 major,minor; + u_int len; - data.value = buffer_get_string(m,&data.length); - if (data.length != 16) { /* HACK - i.e. we are using SSHv1 */ + data.value = buffer_get_string(m, &len); + data.length = len; if (data.length != 20) - fatal("%s: data length incorrect: %d", __func__, data.length); + fatal("%s: data length incorrect: %d", __func__, + (int)data.length); /* Save the session ID - only first time round */ if (session_id2_len == 0) { @@ -1903,7 +1906,6 @@ mm_answer_gss_sign(int socket, Buffer *m) { session_id2 = xmalloc(session_id2_len); memcpy(session_id2, data.value, session_id2_len); } - } /* HACK - end */ major=ssh_gssapi_sign(gsscontext, &data, &hash); xfree(data.value); diff --git a/openssh/monitor_wrap.c b/openssh/monitor_wrap.c index 567c9c6..396ec32 100644 --- a/openssh/monitor_wrap.c +++ b/openssh/monitor_wrap.c @@ -40,7 +40,13 @@ RCSID("$OpenBSD: monitor_wrap.c,v 1.35 2003/11/17 11:06:07 markus Exp $"); #include "packet.h" #include "mac.h" #include "log.h" +#ifdef TARGET_OS_MAC /* XXX Broken krb5 headers on Mac */ +#undef TARGET_OS_MAC #include "zlib.h" +#define TARGET_OS_MAC 1 +#else +#include "zlib.h" +#endif #include "monitor.h" #include "monitor_wrap.h" #include "xmalloc.h" @@ -686,7 +692,7 @@ mm_session_pty_cleanup2(Session *s) #ifdef USE_PAM void -mm_start_pam(char *user) +mm_start_pam(Authctxt *authctxt) { Buffer m; @@ -695,8 +701,6 @@ mm_start_pam(char *user) fatal("UsePAM=no, but ended up in %s anyway", __func__); buffer_init(&m); - buffer_put_cstring(&m, user); - mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_START, &m); buffer_free(&m); @@ -1176,6 +1180,7 @@ OM_uint32 mm_ssh_gssapi_sign(Gssctxt *ctx, gss_buffer_desc *data, gss_buffer_desc *hash) { Buffer m; OM_uint32 major; + u_int len; buffer_init(&m); buffer_put_string(&m, data->value, data->length); @@ -1184,7 +1189,8 @@ mm_ssh_gssapi_sign(Gssctxt *ctx, gss_buffer_desc *data, gss_buffer_desc *hash) { mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSSIGN, &m); major=buffer_get_int(&m); - hash->value = buffer_get_string(&m, &hash->length); + hash->value = buffer_get_string(&m, &len); + hash->length = len; buffer_free(&m); diff --git a/openssh/monitor_wrap.h b/openssh/monitor_wrap.h index c4e8f30..6874984 100644 --- a/openssh/monitor_wrap.h +++ b/openssh/monitor_wrap.h @@ -72,7 +72,7 @@ char *mm_ssh_gssapi_last_error(Gssctxt *ctxt, OM_uint32 *maj, OM_uint32 *min); #endif #ifdef USE_PAM -void mm_start_pam(char *); +void mm_start_pam(struct Authctxt *); u_int mm_do_pam_account(void); void *mm_sshpam_init_ctx(struct Authctxt *); int mm_sshpam_query(void *, char **, char **, u_int *, char ***, u_int **); diff --git a/openssh/openbsd-compat/bsd-cygwin_util.c b/openssh/openbsd-compat/bsd-cygwin_util.c index bbb0388..238a866 100644 --- a/openssh/openbsd-compat/bsd-cygwin_util.c +++ b/openssh/openbsd-compat/bsd-cygwin_util.c @@ -77,6 +77,7 @@ binary_pipe(int fd[2]) #define HAS_CREATE_TOKEN 1 #define HAS_NTSEC_BY_DEFAULT 2 +#define HAS_CREATE_TOKEN_WO_NTSEC 3 static int has_capability(int what) @@ -84,6 +85,7 @@ has_capability(int what) static int inited; static int has_create_token; static int has_ntsec_by_default; + static int has_create_token_wo_ntsec; /* * has_capability() basically calls uname() and checks if @@ -113,6 +115,9 @@ has_capability(int what) has_create_token = 1; if (api_major_version > 0 || api_minor_version >= 56) has_ntsec_by_default = 1; + if (major_high > 1 || + (major_high == 1 && major_low >= 5)) + has_create_token_wo_ntsec = 1; inited = 1; } } @@ -121,6 +126,8 @@ has_capability(int what) return (has_create_token); case HAS_NTSEC_BY_DEFAULT: return (has_ntsec_by_default); + case HAS_CREATE_TOKEN_WO_NTSEC: + return (has_create_token_wo_ntsec); } return (0); } @@ -151,7 +158,8 @@ check_nt_auth(int pwd_authenticated, struct passwd *pw) if (has_capability(HAS_CREATE_TOKEN) && (ntsec_on(cygwin) || (has_capability(HAS_NTSEC_BY_DEFAULT) && - !ntsec_off(cygwin)))) + !ntsec_off(cygwin)) || + has_capability(HAS_CREATE_TOKEN_WO_NTSEC))) has_create_token = 1; } if (has_create_token < 1 && diff --git a/openssh/openbsd-compat/bsd-misc.h b/openssh/openbsd-compat/bsd-misc.h index aabc395..f746653 100644 --- a/openssh/openbsd-compat/bsd-misc.h +++ b/openssh/openbsd-compat/bsd-misc.h @@ -89,6 +89,10 @@ pid_t tcgetpgrp(int); int tcsendbreak(int, int); #endif +#ifndef HAVE_UNSETENV +void unsetenv(const char *); +#endif + /* wrapper for signal interface */ typedef void (*mysig_t)(int); mysig_t mysignal(int sig, mysig_t act); diff --git a/openssh/openbsd-compat/fake-rfc2553.h b/openssh/openbsd-compat/fake-rfc2553.h index 47b790f..0928ef7 100644 --- a/openssh/openbsd-compat/fake-rfc2553.h +++ b/openssh/openbsd-compat/fake-rfc2553.h @@ -133,6 +133,9 @@ struct addrinfo { #endif /* !HAVE_STRUCT_ADDRINFO */ #ifndef HAVE_GETADDRINFO +#ifdef getaddrinfo +# undef getaddrinfo +#endif #define getaddrinfo(a,b,c,d) (ssh_getaddrinfo(a,b,c,d)) int getaddrinfo(const char *, const char *, const struct addrinfo *, struct addrinfo **); diff --git a/openssh/openbsd-compat/setenv.c b/openssh/openbsd-compat/setenv.c index b7ba0ce..c3a86c6 100644 --- a/openssh/openbsd-compat/setenv.c +++ b/openssh/openbsd-compat/setenv.c @@ -30,7 +30,7 @@ */ #include "includes.h" -#ifndef HAVE_SETENV +#if !defined(HAVE_SETENV) || !defined(HAVE_UNSETENV) #if defined(LIBC_SCCS) && !defined(lint) static char *rcsid = "$OpenBSD: setenv.c,v 1.6 2003/06/02 20:18:38 millert Exp $"; @@ -77,6 +77,7 @@ __findenv(name, offset) return (NULL); } +#ifndef HAVE_SETENV /* * setenv -- * Set the value of the environmental variable "name" to be @@ -138,7 +139,9 @@ setenv(name, value, rewrite) ; return (0); } +#endif /* HAVE_SETENV */ +#ifndef HAVE_UNSETENV /* * unsetenv(name) -- * Delete environmental variable "name". @@ -157,5 +160,6 @@ unsetenv(name) if (!(*P = *(P + 1))) break; } +#endif /* HAVE_UNSETENV */ -#endif /* HAVE_SETENV */ +#endif /* !defined(HAVE_SETENV) || !defined(HAVE_UNSETENV) */ diff --git a/openssh/openbsd-compat/xcrypt.c b/openssh/openbsd-compat/xcrypt.c index a0fe6c6..c3cea3c 100644 --- a/openssh/openbsd-compat/xcrypt.c +++ b/openssh/openbsd-compat/xcrypt.c @@ -24,8 +24,6 @@ #include "includes.h" -#if !defined(HAVE_OSF_SIA) - # ifdef HAVE_CRYPT_H # include # endif @@ -108,5 +106,3 @@ shadow_pw(struct passwd *pw) return pw_password; } - -#endif /* !defined(HAVE_OSF_SIA) */ diff --git a/openssh/readconf.c b/openssh/readconf.c index b2278e3..a51848e 100644 --- a/openssh/readconf.c +++ b/openssh/readconf.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: readconf.c,v 1.127 2003/12/16 15:49:51 markus Exp $"); +RCSID("$OpenBSD: readconf.c,v 1.128 2004/03/05 10:53:58 markus Exp $"); #include "ssh.h" #include "xmalloc.h" @@ -105,7 +105,7 @@ typedef enum { oClearAllForwardings, oNoHostAuthenticationForLocalhost, oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, oAddressFamily, oGssAuthentication, oGssKeyEx, oGssDelegateCreds, - oServerAliveInterval, oServerAliveCountMax, + oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, oDeprecated, oUnsupported } OpCodes; @@ -149,6 +149,7 @@ static struct { { "usersh", oDeprecated }, { "identityfile", oIdentityFile }, { "identityfile2", oIdentityFile }, /* alias */ + { "identitiesonly", oIdentitiesOnly }, { "hostname", oHostName }, { "hostkeyalias", oHostKeyAlias }, { "proxycommand", oProxyCommand }, @@ -742,6 +743,10 @@ parse_int: intptr = &options->enable_ssh_keysign; goto parse_flag; + case oIdentitiesOnly: + intptr = &options->identities_only; + goto parse_flag; + case oServerAliveInterval: intptr = &options->server_alive_interval; goto parse_time; @@ -876,6 +881,7 @@ initialize_options(Options * options) options->smartcard_device = NULL; options->enable_ssh_keysign = - 1; options->no_host_authentication_for_localhost = - 1; + options->identities_only = - 1; options->rekey_limit = - 1; options->verify_host_key_dns = -1; options->server_alive_interval = -1; @@ -990,6 +996,8 @@ fill_default_options(Options * options) clear_forwardings(options); if (options->no_host_authentication_for_localhost == - 1) options->no_host_authentication_for_localhost = 0; + if (options->identities_only == -1) + options->identities_only = 0; if (options->enable_ssh_keysign == -1) options->enable_ssh_keysign = 0; if (options->rekey_limit == -1) diff --git a/openssh/readconf.h b/openssh/readconf.h index d0ac671..091d533 100644 --- a/openssh/readconf.h +++ b/openssh/readconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.h,v 1.59 2003/12/16 15:49:51 markus Exp $ */ +/* $OpenBSD: readconf.h,v 1.60 2004/03/05 10:53:58 markus Exp $ */ /* * Author: Tatu Ylonen @@ -103,6 +103,7 @@ typedef struct { int enable_ssh_keysign; int rekey_limit; int no_host_authentication_for_localhost; + int identities_only; int server_alive_interval; int server_alive_count_max; } Options; diff --git a/openssh/scp.1 b/openssh/scp.1 index f5ca1e4..5a32211 100644 --- a/openssh/scp.1 +++ b/openssh/scp.1 @@ -9,7 +9,7 @@ .\" .\" Created: Sun May 7 00:14:37 1995 ylo .\" -.\" $OpenBSD: scp.1,v 1.32 2003/12/16 15:49:51 markus Exp $ +.\" $OpenBSD: scp.1,v 1.33 2004/03/05 10:53:58 markus Exp $ .\" .Dd September 25, 1999 .Dt SCP 1 @@ -137,6 +137,7 @@ For full details of the options listed below, and their possible values, see .It HostKeyAlias .It HostName .It IdentityFile +.It IdentitiesOnly .It LogLevel .It MACs .It NoHostAuthenticationForLocalhost diff --git a/openssh/session.c b/openssh/session.c index 56856db..f8c6e94 100644 --- a/openssh/session.c +++ b/openssh/session.c @@ -206,6 +206,7 @@ display_loginmsg(void) printf("%s\n", (char *)buffer_ptr(&loginmsg)); buffer_clear(&loginmsg); } + fflush(stdout); } void @@ -511,6 +512,13 @@ do_exec_no_pty(Session *s, const char *command) close(inout[0]); close(err[0]); + /* + * Clear loginmsg, since it's the child's responsibility to display + * it to the user, otherwise multiple sessions may accumulate + * multiple copies of the login messages. + */ + buffer_clear(&loginmsg); + /* * Enter the interactive session. Note: server_loop must be able to * handle the case that fdin and fdout are the same. @@ -1159,9 +1167,6 @@ do_setup_env(Session *s, const char *shell) * needed for loading shared libraries. So the path better * remains intact here. */ - if (getenv("LD_LIBRARY_PATH")) - child_set_env(&env, &envsize, "LD_LIBRARY_PATH", - getenv("LD_LIBRARY_PATH")); # ifdef HAVE_ETC_DEFAULT_LOGIN read_etc_default_login(&env, &envsize, pw->pw_uid); path = child_get_env(env, "PATH"); @@ -1184,10 +1189,23 @@ do_setup_env(Session *s, const char *shell) if (getenv("TZ")) child_set_env(&env, &envsize, "TZ", getenv("TZ")); -#ifdef GSI - if (getenv("GLOBUS_LOCATION")) - child_set_env(&env, &envsize, "GLOBUS_LOCATION", - getenv("GLOBUS_LOCATION")); +#ifdef GSI /* GSI shared libs typically installed in non-system locations. */ + { + char *cp; + + if ((cp = getenv("LD_LIBRARY_PATH")) != NULL) + child_set_env(&env, &envsize, "LD_LIBRARY_PATH", cp); + if ((cp = getenv("LIBPATH")) != NULL) + child_set_env(&env, &envsize, "LIBPATH", cp); + if ((cp = getenv("SHLIB_PATH")) != NULL) + child_set_env(&env, &envsize, "SHLIB_PATH", cp); + if ((cp = getenv("LD_LIBRARYN32_PATH")) != NULL) + child_set_env(&env, &envsize, "LD_LIBRARYN32_PATH",cp); + if ((cp = getenv("LD_LIBRARY64_PATH")) != NULL) + child_set_env(&env, &envsize, "LD_LIBRARY64_PATH",cp); + if ((cp = getenv("GLOBUS_LOCATION")) != NULL) + child_set_env(&env, &envsize, "GLOBUS_LOCATION",cp); + } #endif /* Set custom environment options from RSA authentication. */ @@ -1246,9 +1264,9 @@ do_setup_env(Session *s, const char *shell) } #endif #ifdef KRB5 - if (s->authctxt->krb5_ticket_file) + if (s->authctxt->krb5_ccname) child_set_env(&env, &envsize, "KRB5CCNAME", - s->authctxt->krb5_ticket_file); + s->authctxt->krb5_ccname); #endif #ifdef USE_PAM /* diff --git a/openssh/sftp-client.c b/openssh/sftp-client.c index 81c5dd4..781d982 100644 --- a/openssh/sftp-client.c +++ b/openssh/sftp-client.c @@ -20,7 +20,7 @@ /* XXX: copy between two remote sites */ #include "includes.h" -RCSID("$OpenBSD: sftp-client.c,v 1.46 2004/02/17 05:39:51 djm Exp $"); +RCSID("$OpenBSD: sftp-client.c,v 1.47 2004/03/03 09:30:42 djm Exp $"); #include "openbsd-compat/sys-queue.h" @@ -805,13 +805,8 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path, max_req = 1; progress_counter = 0; - if (showprogress) { - if (size) - start_progress_meter(remote_path, size, - &progress_counter); - else - printf("Fetching %s to %s\n", remote_path, local_path); - } + if (showprogress && size != 0) + start_progress_meter(remote_path, size, &progress_counter); while (num_req > 0 || max_req > 0) { char *data; @@ -1036,8 +1031,6 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path, offset = 0; if (showprogress) start_progress_meter(local_path, sb.st_size, &offset); - else - printf("Uploading %s to %s\n", local_path, remote_path); for (;;) { int len; diff --git a/openssh/sftp.1 b/openssh/sftp.1 index 2a67a88..b2cab0c 100644 --- a/openssh/sftp.1 +++ b/openssh/sftp.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: sftp.1,v 1.51 2004/01/13 12:17:33 jmc Exp $ +.\" $OpenBSD: sftp.1,v 1.52 2004/03/05 10:53:58 markus Exp $ .\" .\" Copyright (c) 2001 Damien Miller. All rights reserved. .\" @@ -163,6 +163,7 @@ For full details of the options listed below, and their possible values, see .It HostKeyAlias .It HostName .It IdentityFile +.It IdentitiesOnly .It LogLevel .It MACs .It NoHostAuthenticationForLocalhost diff --git a/openssh/sftp.c b/openssh/sftp.c index 7b7199c..0743adc 100644 --- a/openssh/sftp.c +++ b/openssh/sftp.c @@ -16,7 +16,7 @@ #include "includes.h" -RCSID("$OpenBSD: sftp.c,v 1.44 2004/02/17 11:03:08 djm Exp $"); +RCSID("$OpenBSD: sftp.c,v 1.45 2004/03/03 09:31:20 djm Exp $"); #include "buffer.h" #include "xmalloc.h" @@ -44,7 +44,7 @@ size_t num_requests = 16; static pid_t sshpid = -1; /* This is set to 0 if the progressmeter is not desired. */ -int showprogress; +int showprogress = 1; int remote_glob(struct sftp_conn *, const char *, int, int (*)(const char *, int), glob_t *); /* proto for sftp-glob.c */ @@ -1359,6 +1359,9 @@ main(int argc, char **argv) } } + if (!isatty(STDERR_FILENO)) + showprogress = 0; + log_init(argv[0], ll, SYSLOG_FACILITY_USER, 1); if (sftp_direct == NULL) { diff --git a/openssh/ssh-agent.c b/openssh/ssh-agent.c index 3914708..0307d9c 100644 --- a/openssh/ssh-agent.c +++ b/openssh/ssh-agent.c @@ -58,6 +58,10 @@ RCSID("$OpenBSD: ssh-agent.c,v 1.117 2003/12/02 17:01:15 markus Exp $"); #include "scard.h" #endif +#if defined(HAVE_SYS_PRCTL_H) +#include /* For prctl() and PR_SET_DUMPABLE */ +#endif + typedef enum { AUTH_UNUSED, AUTH_SOCKET, @@ -1024,6 +1028,11 @@ main(int ac, char **av) setegid(getgid()); setgid(getgid()); +#if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE) + /* Disable ptrace on Linux without sgid bit */ + prctl(PR_SET_DUMPABLE, 0); +#endif + SSLeay_add_all_algorithms(); __progname = ssh_get_progname(av[0]); diff --git a/openssh/ssh-keyscan.c b/openssh/ssh-keyscan.c index dce8651..e74c81a 100644 --- a/openssh/ssh-keyscan.c +++ b/openssh/ssh-keyscan.c @@ -7,7 +7,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-keyscan.c,v 1.46 2003/11/23 23:17:34 djm Exp $"); +RCSID("$OpenBSD: ssh-keyscan.c,v 1.47 2004/03/08 09:38:05 djm Exp $"); #include "openbsd-compat/sys-queue.h" @@ -490,7 +490,7 @@ conrecycle(int s) static void congreet(int s) { - int remote_major, remote_minor, n = 0; + int remote_major = 0, remote_minor = 0, n = 0; char buf[256], *cp; char remote_version[sizeof buf]; size_t bufsiz; diff --git a/openssh/ssh.1 b/openssh/ssh.1 index e2cd5d3..31eb66c 100644 --- a/openssh/ssh.1 +++ b/openssh/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.181 2003/12/16 15:49:51 markus Exp $ +.\" $OpenBSD: ssh.1,v 1.182 2004/03/05 10:53:58 markus Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -634,6 +634,7 @@ For full details of the options listed below, and their possible values, see .It HostKeyAlias .It HostName .It IdentityFile +.It IdentitiesOnly .It LocalForward .It LogLevel .It MACs diff --git a/openssh/ssh.c b/openssh/ssh.c index 3a9b7a7..10266c1 100644 --- a/openssh/ssh.c +++ b/openssh/ssh.c @@ -40,7 +40,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh.c,v 1.206 2003/12/16 15:49:51 markus Exp $"); +RCSID("$OpenBSD: ssh.c,v 1.209 2004/03/11 10:21:17 markus Exp $"); #include #include @@ -146,49 +146,12 @@ pid_t proxy_command_pid = 0; static void usage(void) { - fprintf(stderr, "Usage: %s [options] host [command]\n", __progname); - fprintf(stderr, "Options:\n"); - fprintf(stderr, " -l user Log in using this user name.\n"); - fprintf(stderr, " -n Redirect input from " _PATH_DEVNULL ".\n"); - fprintf(stderr, " -F config Config file (default: ~/%s).\n", - _PATH_SSH_USER_CONFFILE); - fprintf(stderr, " -A Enable authentication agent forwarding.\n"); - fprintf(stderr, " -a Disable authentication agent forwarding (default).\n"); - fprintf(stderr, " -X Enable X11 connection forwarding.\n"); - fprintf(stderr, " -Y Enable trusted X11 connection forwarding.\n"); - fprintf(stderr, " -x Disable X11 connection forwarding (default).\n"); - fprintf(stderr, " -i file Identity for public key authentication " - "(default: ~/.ssh/identity)\n"); -#ifdef SMARTCARD - fprintf(stderr, " -I reader Set smartcard reader.\n"); -#endif - fprintf(stderr, " -t Tty; allocate a tty even if command is given.\n"); - fprintf(stderr, " -T Do not allocate a tty.\n"); - fprintf(stderr, " -v Verbose; display verbose debugging messages.\n"); - fprintf(stderr, " Multiple -v increases verbosity.\n"); - fprintf(stderr, " -V Display version number only.\n"); - fprintf(stderr, " -q Quiet; don't display any warning messages.\n"); - fprintf(stderr, " -f Fork into background after authentication.\n"); - fprintf(stderr, " -e char Set escape character; ``none'' = disable (default: ~).\n"); - - fprintf(stderr, " -c cipher Select encryption algorithm\n"); - fprintf(stderr, " -m macs Specify MAC algorithms for protocol version 2.\n"); - fprintf(stderr, " -p port Connect to this port. Server must be on the same port.\n"); - fprintf(stderr, " -L listen-port:host:port Forward local port to remote address\n"); - fprintf(stderr, " -R listen-port:host:port Forward remote port to local address\n"); - fprintf(stderr, " These cause %s to listen for connections on a port, and\n", __progname); - fprintf(stderr, " forward them to the other side by connecting to host:port.\n"); - fprintf(stderr, " -D port Enable dynamic application-level port forwarding.\n"); - fprintf(stderr, " -C Enable compression.\n"); - fprintf(stderr, " -N Do not execute a shell or command.\n"); - fprintf(stderr, " -g Allow remote hosts to connect to forwarded ports.\n"); - fprintf(stderr, " -1 Force protocol version 1.\n"); - fprintf(stderr, " -2 Force protocol version 2.\n"); - fprintf(stderr, " -4 Use IPv4 only.\n"); - fprintf(stderr, " -6 Use IPv6 only.\n"); - fprintf(stderr, " -o 'option' Process the option as if it was read from a configuration file.\n"); - fprintf(stderr, " -s Invoke command (mandatory) as SSH2 subsystem.\n"); - fprintf(stderr, " -b addr Local IP address.\n"); + fprintf(stderr, +"usage: ssh [-1246AaCfghkNnqsTtVvXxY] [-b bind_address] [-c cipher_spec]\n" +" [-D port] [-e escape_char] [-F configfile] [-i identity_file]\n" +" [-L port:host:hostport] [-l login_name] [-m mac_spec] [-o option]\n" +" [-p port] [-R port:host:hostport] [user@]hostname [command]\n" + ); exit(1); } @@ -348,12 +311,8 @@ again: } /* fallthrough */ case 'V': - fprintf(stderr, - "%s, SSH protocols %d.%d/%d.%d, %s\n", - SSH_VERSION, - PROTOCOL_MAJOR_1, PROTOCOL_MINOR_1, - PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, - SSLeay_version(SSLEAY_VERSION)); + fprintf(stderr, "%s, %s\n", + SSH_VERSION, SSLeay_version(SSLEAY_VERSION)); if (opt == 'V') exit(0); break; @@ -804,7 +763,7 @@ x11_get_proto(char **_proto, char **_data) xauthdir); snprintf(cmd, sizeof(cmd), "%s -f %s generate %s " SSH_X11_PROTO - " untrusted timeout 120 2>" _PATH_DEVNULL, + " untrusted timeout 1200 2>" _PATH_DEVNULL, options.xauth_location, xauthfile, display); debug2("x11_get_proto: %s", cmd); if (system(cmd) == 0) diff --git a/openssh/ssh_config.5 b/openssh/ssh_config.5 index 95c3fe2..a5be8f5 100644 --- a/openssh/ssh_config.5 +++ b/openssh/ssh_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.28 2003/12/16 15:49:51 markus Exp $ +.\" $OpenBSD: ssh_config.5,v 1.29 2004/03/05 10:53:58 markus Exp $ .Dd September 25, 1999 .Dt SSH_CONFIG 5 .Os @@ -418,6 +418,24 @@ syntax to refer to a user's home directory. It is possible to have multiple identity files specified in configuration files; all these identities will be tried in sequence. +.It Cm IdentitiesOnly +Specifies that +.Nm ssh +should only use the authentication identity files configured in the +.Nm +files, +even if the +.Nm ssh-agent +offers more identities. +The argument to this keyword must be +.Dq yes +or +.Dq no . +This option is intented for situations where +.Nm ssh-agent +offers many different identities. +The default is +.Dq no . .It Cm LocalForward Specifies that a TCP/IP port on the local machine be forwarded over the secure channel to the specified host and port from the remote machine. diff --git a/openssh/sshconnect2.c b/openssh/sshconnect2.c index 4da1990..bb69171 100644 --- a/openssh/sshconnect2.c +++ b/openssh/sshconnect2.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect2.c,v 1.134 2004/01/19 21:25:15 markus Exp $"); +RCSID("$OpenBSD: sshconnect2.c,v 1.135 2004/03/05 10:53:58 markus Exp $"); #include "openbsd-compat/sys-queue.h" @@ -1147,7 +1147,7 @@ pubkey_prepare(Authctxt *authctxt) break; } } - if (!found) { + if (!found && !options.identities_only) { id = xmalloc(sizeof(*id)); memset(id, 0, sizeof(*id)); id->key = key; diff --git a/openssh/sshd.c b/openssh/sshd.c index c2ab903..9c65119 100644 --- a/openssh/sshd.c +++ b/openssh/sshd.c @@ -42,7 +42,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.286 2004/02/23 12:02:33 markus Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.290 2004/03/11 10:21:17 markus Exp $"); #include #include @@ -110,7 +110,6 @@ extern char *__progname; #else char *__progname; #endif -extern char **environ; /* Server configuration options. */ ServerOptions options; @@ -577,7 +576,7 @@ privsep_preauth_child(void) debug3("privsep user:group %u:%u", (u_int)pw->pw_uid, (u_int)pw->pw_gid); #if 0 - /* XXX not ready, to heavy after chroot */ + /* XXX not ready, too heavy after chroot */ do_setusercontext(pw); #else gidset[0] = pw->pw_gid; @@ -773,26 +772,12 @@ drop_connection(int startups) static void usage(void) { - fprintf(stderr, "sshd version %s, %s\n", + fprintf(stderr, "%s, %s\n", SSH_VERSION, SSLeay_version(SSLEAY_VERSION)); - fprintf(stderr, "Usage: %s [options]\n", __progname); - fprintf(stderr, "Options:\n"); - fprintf(stderr, " -f file Configuration file (default %s)\n", _PATH_SERVER_CONFIG_FILE); - fprintf(stderr, " -d Debugging mode (multiple -d means more debugging)\n"); - fprintf(stderr, " -i Started from inetd\n"); - fprintf(stderr, " -D Do not fork into daemon mode\n"); - fprintf(stderr, " -t Only test configuration file and keys\n"); - fprintf(stderr, " -q Quiet (no logging)\n"); - fprintf(stderr, " -p port Listen on the specified port (default: 22)\n"); - fprintf(stderr, " -k seconds Regenerate server key every this many seconds (default: 3600)\n"); - fprintf(stderr, " -g seconds Grace period for authentication (default: 600)\n"); - fprintf(stderr, " -b bits Size of server RSA key (default: 768 bits)\n"); - fprintf(stderr, " -h file File from which to read host key (default: %s)\n", - _PATH_HOST_KEY_FILE); - fprintf(stderr, " -u len Maximum hostname length for utmp recording\n"); - fprintf(stderr, " -4 Use IPv4 only\n"); - fprintf(stderr, " -6 Use IPv6 only\n"); - fprintf(stderr, " -o option Process the option as if it was read from a configuration file.\n"); + fprintf(stderr, +"usage: sshd [-46Ddeiqt] [-b bits] [-f config_file] [-g login_grace_time]\n" +" [-h host_key_file] [-k key_gen_time] [-o option] [-p port] [-u len]\n" + ); exit(1); } @@ -843,6 +828,9 @@ main(int ac, char **av) av = saved_argv; #endif + if (geteuid() == 0 && setgroups(0, NULL) == -1) + debug("setgroups(): %.200s", strerror(errno)); + /* Initialize configuration options to their default values. */ initialize_server_options(&options); @@ -951,6 +939,13 @@ main(int ac, char **av) SYSLOG_FACILITY_AUTH : options.log_facility, log_stderr || !inetd_flag); +#ifdef _AIX + /* + * Unset KRB5CCNAME, otherwise the user's session may inherit it from + * root's environment + */ + unsetenv("KRB5CCNAME"); +#endif /* _AIX */ #ifdef _UNICOS /* Cray can define user privs drop all prives now! * Not needed on PRIV_SU systems! @@ -1120,13 +1115,6 @@ main(int ac, char **av) unmounted if desired. */ chdir("/"); -#ifndef HAVE_CYGWIN -#ifndef GSI /* GSI gets configuration from environment! */ - /* Clear environment */ - environ[0] = NULL; -#endif -#endif - /* ignore SIGPIPE */ signal(SIGPIPE, SIG_IGN); @@ -1405,6 +1393,7 @@ main(int ac, char **av) } /* This is the child processing a new connection. */ + setproctitle("%s", "[accepted]"); /* * Create a new session and process group since the 4.4BSD diff --git a/openssh/sshd_config.5 b/openssh/sshd_config.5 index 168fd23..c53480d 100644 --- a/openssh/sshd_config.5 +++ b/openssh/sshd_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.28 2004/02/17 19:35:21 jmc Exp $ +.\" $OpenBSD: sshd_config.5,v 1.29 2004/03/08 10:18:57 dtucker Exp $ .Dd September 25, 1999 .Dt SSHD_CONFIG 5 .Os @@ -312,6 +312,11 @@ To use this option, the server needs a Kerberos servtab which allows the verification of the KDC's identity. Default is .Dq no . +.It Cm KerberosGetAFSToken +If AFS is active and the user has a Kerberos 5 TGT, attempt to aquire +an AFS token before accessing the user's home directory. +Default is +.Dq no . .It Cm KerberosOrLocalPasswd If set then if password authentication through Kerberos fails then the password will be validated via any additional local mechanism @@ -441,7 +446,9 @@ The default is .Pp If this option is set to .Dq without-password -password authentication is disabled for root. +password authentication is disabled for root. Note that other authentication +methods (e.g., keyboard-interactive/PAM) may still allow root to login using +a password. .Pp If this option is set to .Dq forced-commands-only diff --git a/openssh/sshlogin.c b/openssh/sshlogin.c index 36b6489..e1cc4cc 100644 --- a/openssh/sshlogin.c +++ b/openssh/sshlogin.c @@ -52,11 +52,11 @@ u_long get_last_login_time(uid_t uid, const char *logname, char *buf, u_int bufsize) { - struct logininfo li; + struct logininfo li; - login_get_lastlog(&li, uid); - strlcpy(buf, li.hostname, bufsize); - return li.tv_sec; + login_get_lastlog(&li, uid); + strlcpy(buf, li.hostname, bufsize); + return li.tv_sec; } /* @@ -67,12 +67,12 @@ void record_login(pid_t pid, const char *ttyname, const char *user, uid_t uid, const char *host, struct sockaddr * addr, socklen_t addrlen) { - struct logininfo *li; + struct logininfo *li; - li = login_alloc_entry(pid, user, host, ttyname); - login_set_addr(li, addr, addrlen); - login_login(li); - login_free_entry(li); + li = login_alloc_entry(pid, user, host, ttyname); + login_set_addr(li, addr, addrlen); + login_login(li); + login_free_entry(li); } #ifdef LOGIN_NEEDS_UTMPX @@ -80,12 +80,12 @@ void record_utmp_only(pid_t pid, const char *ttyname, const char *user, const char *host, struct sockaddr * addr, socklen_t addrlen) { - struct logininfo *li; + struct logininfo *li; - li = login_alloc_entry(pid, user, host, ttyname); - login_set_addr(li, addr, addrlen); - login_utmp_only(li); - login_free_entry(li); + li = login_alloc_entry(pid, user, host, ttyname); + login_set_addr(li, addr, addrlen); + login_utmp_only(li); + login_free_entry(li); } #endif @@ -93,9 +93,9 @@ record_utmp_only(pid_t pid, const char *ttyname, const char *user, void record_logout(pid_t pid, const char *ttyname, const char *user) { - struct logininfo *li; + struct logininfo *li; - li = login_alloc_entry(pid, user, NULL, ttyname); - login_logout(li); - login_free_entry(li); + li = login_alloc_entry(pid, user, NULL, ttyname); + login_logout(li); + login_free_entry(li); } diff --git a/openssh/version.h b/openssh/version.h index af528cd..f514218 100644 --- a/openssh/version.h +++ b/openssh/version.h @@ -1,4 +1,4 @@ -/* $OpenBSD: version.h,v 1.40 2004/02/23 15:16:46 markus Exp $ */ +/* $OpenBSD: version.h,v 1.41 2004/03/20 10:40:59 markus Exp $ */ #ifdef GSI #define GSI_VERSION " GSI" @@ -18,6 +18,6 @@ #define MGLUE_VERSION "" #endif -#define SSH_VERSION "OpenSSH_3.8p1" \ - " NCSA_GSSAPI_GPT_3.1" \ +#define SSH_VERSION "OpenSSH_3.8.1p1" \ + " NCSA_GSSAPI_GPT_3.3" \ GSI_VERSION KRB5_VERSION MGLUE_VERSION -- 2.45.2