[auth-rsa.c]
log fingerprint on successful public key authentication, simplify
usage of key structs; ok markus@
+ - deraadt@cvs.openbsd.org 2001/12/19 07:18:56
+ [auth1.c auth2.c auth2-chall.c auth-bsdauth.c auth.c authfile.c auth.h]
+ [auth-krb4.c auth-rhosts.c auth-skey.c bufaux.c canohost.c channels.c]
+ [cipher.c clientloop.c compat.c compress.c deattack.c key.c log.c mac.c]
+ [match.c misc.c nchan.c packet.c readconf.c rijndael.c rijndael.h scard.c]
+ [servconf.c servconf.h serverloop.c session.c sftp.c sftp-client.c]
+ [sftp-glob.c sftp-int.c sftp-server.c ssh-add.c ssh-agent.c ssh.c]
+ [sshconnect1.c sshconnect2.c sshconnect.c sshd.8 sshd.c sshd_config]
+ [ssh-keygen.c sshlogin.c sshpty.c sshtty.c ttymodes.c uidswap.c]
+ basic KNF done while i was looking for something else
20011219
- (stevesk) OpenBSD CVS sync X11 localhost display
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
-RCSID("$OpenBSD: auth-bsdauth.c,v 1.1 2001/05/18 14:13:28 markus Exp $");
+RCSID("$OpenBSD: auth-bsdauth.c,v 1.2 2001/12/19 07:18:56 deraadt Exp $");
#ifdef BSD_AUTH
#include "xmalloc.h"
}
static int
-bsdauth_query(void *ctx, char **name, char **infotxt,
+bsdauth_query(void *ctx, char **name, char **infotxt,
u_int *numprompts, char ***prompts, u_int **echo_on)
{
- Authctxt *authctxt = ctx;
- char *challenge = NULL;
-
- if (authctxt->as != NULL) {
- debug2("bsdauth_query: try reuse session");
- challenge = auth_getitem(authctxt->as, AUTHV_CHALLENGE);
- if (challenge == NULL) {
- auth_close(authctxt->as);
- authctxt->as = NULL;
- }
- }
-
- if (challenge == NULL) {
- debug2("bsdauth_query: new bsd auth session");
- debug3("bsdauth_query: style %s",
+ Authctxt *authctxt = ctx;
+ char *challenge = NULL;
+
+ if (authctxt->as != NULL) {
+ debug2("bsdauth_query: try reuse session");
+ challenge = auth_getitem(authctxt->as, AUTHV_CHALLENGE);
+ if (challenge == NULL) {
+ auth_close(authctxt->as);
+ authctxt->as = NULL;
+ }
+ }
+
+ if (challenge == NULL) {
+ debug2("bsdauth_query: new bsd auth session");
+ debug3("bsdauth_query: style %s",
authctxt->style ? authctxt->style : "<default>");
- authctxt->as = auth_userchallenge(authctxt->user,
+ authctxt->as = auth_userchallenge(authctxt->user,
authctxt->style, "auth-ssh", &challenge);
- if (authctxt->as == NULL)
- challenge = NULL;
- debug2("bsdauth_query: <%s>", challenge ? challenge : "empty");
- }
-
- if (challenge == NULL)
- return -1;
-
- *name = xstrdup("");
- *infotxt = xstrdup("");
- *numprompts = 1;
- *prompts = xmalloc(*numprompts * sizeof(char*));
- *echo_on = xmalloc(*numprompts * sizeof(u_int));
- (*echo_on)[0] = 0;
- (*prompts)[0] = xstrdup(challenge);
-
- return 0;
+ if (authctxt->as == NULL)
+ challenge = NULL;
+ debug2("bsdauth_query: <%s>", challenge ? challenge : "empty");
+ }
+
+ if (challenge == NULL)
+ return -1;
+
+ *name = xstrdup("");
+ *infotxt = xstrdup("");
+ *numprompts = 1;
+ *prompts = xmalloc(*numprompts * sizeof(char*));
+ *echo_on = xmalloc(*numprompts * sizeof(u_int));
+ (*echo_on)[0] = 0;
+ (*prompts)[0] = xstrdup(challenge);
+
+ return 0;
}
static int
bsdauth_respond(void *ctx, u_int numresponses, char **responses)
{
- Authctxt *authctxt = ctx;
- int authok;
-
- if (authctxt->as == 0)
- error("bsdauth_respond: no bsd auth session");
+ Authctxt *authctxt = ctx;
+ int authok;
+
+ if (authctxt->as == 0)
+ error("bsdauth_respond: no bsd auth session");
- if (numresponses != 1)
- return -1;
+ if (numresponses != 1)
+ return -1;
- authok = auth_userresponse(authctxt->as, responses[0], 0);
- authctxt->as = NULL;
- debug3("bsdauth_respond: <%s> = <%d>", responses[0], authok);
+ authok = auth_userresponse(authctxt->as, responses[0], 0);
+ authctxt->as = NULL;
+ debug3("bsdauth_respond: <%s> = <%d>", responses[0], authok);
- return (authok == 0) ? -1 : 0;
+ return (authok == 0) ? -1 : 0;
}
static void
bsdauth_free_ctx(void *ctx)
{
- Authctxt *authctxt = ctx;
+ Authctxt *authctxt = ctx;
- if (authctxt && authctxt->as) {
- auth_close(authctxt->as);
- authctxt->as = NULL;
- }
+ if (authctxt && authctxt->as) {
+ auth_close(authctxt->as);
+ authctxt->as = NULL;
+ }
}
KbdintDevice bsdauth_device = {
*/
#include "includes.h"
-RCSID("$OpenBSD: auth-krb4.c,v 1.24 2001/06/26 16:15:22 dugsong Exp $");
+RCSID("$OpenBSD: auth-krb4.c,v 1.25 2001/12/19 07:18:56 deraadt Exp $");
#include "ssh.h"
#include "ssh1.h"
const char *tkt_root = TKT_ROOT;
struct stat st;
int fd;
-
+
if (!authctxt->krb4_ticket_file) {
/* Set unique ticket string manually since we're still root. */
authctxt->krb4_ticket_file = xmalloc(MAXPATHLEN);
}
/* Failure - cancel cleanup function, leaving ticket for inspection. */
log("WARNING: bad ticket file %s", authctxt->krb4_ticket_file);
-
+
fatal_remove_cleanup(krb4_cleanup_proc, authctxt);
cleanup_registered = 0;
-
+
xfree(authctxt->krb4_ticket_file);
authctxt->krb4_ticket_file = NULL;
-
+
return (0);
}
char localhost[MAXHOSTNAMELEN], phost[INST_SZ], realm[REALM_SZ];
u_int32_t faddr;
int r;
-
+
if ((pw = authctxt->pw) == NULL)
return (0);
-
+
/*
* Try Kerberos password authentication only for non-root
* users and only if Kerberos is installed.
}
/* Successful authentication. */
chown(tkt_string(), pw->pw_uid, pw->pw_gid);
-
+
/*
* Now that we have a TGT, try to get a local
* "rcmd" ticket to ensure that we are not talking
strlcpy(phost, (char *)krb_get_phost(localhost),
sizeof(phost));
r = krb_mk_req(&tkt, KRB4_SERVICE_NAME, phost, realm, 33);
-
+
if (r == KSUCCESS) {
if ((hp = gethostbyname(localhost)) == NULL) {
log("Couldn't get local host address!");
}
memmove((void *)&faddr, (void *)hp->h_addr,
sizeof(faddr));
-
+
/* Verify our "rcmd" ticket. */
r = krb_rd_req(&tkt, KRB4_SERVICE_NAME, phost,
faddr, &adata, "");
} else
/* Logging in as root or no local Kerberos realm. */
debug("Unable to authenticate to Kerberos.");
-
+
failure:
krb4_cleanup_proc(authctxt);
-
+
if (!options.kerberos_or_local_passwd)
return (0);
-
+
/* Fall back to ordinary passwd authentication. */
return (-1);
}
socklen_t slen;
u_int cksum;
int r, s;
-
+
s = packet_get_connection_in();
-
+
slen = sizeof(local);
memset(&local, 0, sizeof(local));
if (getsockname(s, (struct sockaddr *) & local, &slen) < 0)
}
instance[0] = '*';
instance[1] = 0;
-
+
/* Get the encrypted request, challenge, and session key. */
if ((r = krb_rd_req(auth, KRB4_SERVICE_NAME, instance,
0, &adat, ""))) {
return (0);
}
des_key_sched((des_cblock *) adat.session, schedule);
-
+
*client = xmalloc(MAX_K_NAME_SZ);
(void) snprintf(*client, MAX_K_NAME_SZ, "%s%s%s@%s", adat.pname,
*adat.pinst ? "." : "", adat.pinst, adat.prealm);
-
+
/* Check ~/.klogin authorization now. */
if (kuserok(&adat, authctxt->user) != KSUCCESS) {
log("Kerberos v4 .klogin authorization failed for %s to "
session key. */
cksum = adat.checksum + 1;
cksum = htonl(cksum);
-
+
/* If we can't successfully encrypt the checksum, we send back an
empty message, admitting our failure. */
if ((r = krb_mk_priv((u_char *) & cksum, reply.dat, sizeof(cksum) + 1,
reply.length = 0;
} else
reply.length = r;
-
+
/* Clear session key. */
memset(&adat.session, 0, sizeof(&adat.session));
-
+
packet_start(SSH_SMSG_AUTH_KERBEROS_RESPONSE);
packet_put_string((char *) reply.dat, reply.length);
packet_send();
{
CREDENTIALS creds;
struct passwd *pw;
-
+
if ((pw = authctxt->pw) == NULL)
goto failure;
-
+
temporarily_use_uid(pw);
-
+
if (!radix_to_creds(string, &creds)) {
log("Protocol error decoding Kerberos v4 TGT");
goto failure;
}
if (strncmp(creds.service, "", 1) == 0) /* backward compatibility */
strlcpy(creds.service, "krbtgt", sizeof creds.service);
-
+
if (strcmp(creds.service, "krbtgt")) {
log("Kerberos v4 TGT (%s%s%s@%s) rejected for %s",
creds.pname, creds.pinst[0] ? "." : "", creds.pinst,
}
if (!krb4_init(authctxt))
goto failure;
-
+
if (in_tkt(creds.pname, creds.pinst) != KSUCCESS)
goto failure;
-
+
if (save_credentials(creds.service, creds.instance, creds.realm,
creds.session, creds.lifetime, creds.kvno, &creds.ticket_st,
creds.issue_date) != KSUCCESS) {
}
/* Successful authentication, passed all checks. */
chown(tkt_string(), pw->pw_uid, pw->pw_gid);
-
+
debug("Kerberos v4 TGT accepted (%s%s%s@%s)",
creds.pname, creds.pinst[0] ? "." : "", creds.pinst, creds.realm);
memset(&creds, 0, sizeof(creds));
-
+
restore_uid();
-
+
return (1);
-
+
failure:
krb4_cleanup_proc(authctxt);
memset(&creds, 0, sizeof(creds));
restore_uid();
-
+
return (0);
}
CREDENTIALS creds;
struct passwd *pw;
uid_t uid;
-
+
if ((pw = authctxt->pw) == NULL)
return (0);
-
+
if (!radix_to_creds(token_string, &creds)) {
log("Protocol error decoding AFS token");
return (0);
}
if (strncmp(creds.service, "", 1) == 0) /* backward compatibility */
strlcpy(creds.service, "afs", sizeof creds.service);
-
+
if (strncmp(creds.pname, "AFS ID ", 7) == 0)
uid = atoi(creds.pname + 7);
else
uid = pw->pw_uid;
-
+
if (kafs_settoken(creds.realm, uid, &creds)) {
log("AFS token (%s@%s) rejected for %s",
creds.pname, creds.realm, pw->pw_name);
}
debug("AFS token accepted (%s@%s)", creds.pname, creds.realm);
memset(&creds, 0, sizeof(creds));
-
+
return (1);
}
#endif /* AFS */
*/
#include "includes.h"
-RCSID("$OpenBSD: auth-rhosts.c,v 1.24 2001/06/23 15:12:17 itojun Exp $");
+RCSID("$OpenBSD: auth-rhosts.c,v 1.25 2001/12/19 07:18:56 deraadt Exp $");
#include "packet.h"
#include "xmalloc.h"
* servers.
*/
for (rhosts_file_index = 0; rhosts_files[rhosts_file_index];
- rhosts_file_index++) {
+ rhosts_file_index++) {
/* Check users .rhosts or .shosts. */
snprintf(buf, sizeof buf, "%.500s/%.100s",
pw->pw_dir, rhosts_files[rhosts_file_index]);
/* If not logging in as superuser, try /etc/hosts.equiv and shosts.equiv. */
if (pw->pw_uid != 0) {
- if (check_rhosts_file(_PATH_RHOSTS_EQUIV, hostname, ipaddr, client_user,
- pw->pw_name)) {
+ if (check_rhosts_file(_PATH_RHOSTS_EQUIV, hostname, ipaddr,
+ client_user, pw->pw_name)) {
packet_send_debug("Accepted for %.100s [%.100s] by /etc/hosts.equiv.",
- hostname, ipaddr);
+ hostname, ipaddr);
return 1;
}
- if (check_rhosts_file(_PATH_SSH_HOSTS_EQUIV, hostname, ipaddr, client_user,
- pw->pw_name)) {
+ if (check_rhosts_file(_PATH_SSH_HOSTS_EQUIV, hostname, ipaddr,
+ client_user, pw->pw_name)) {
packet_send_debug("Accepted for %.100s [%.100s] by %.100s.",
- hostname, ipaddr, _PATH_SSH_HOSTS_EQUIV);
+ hostname, ipaddr, _PATH_SSH_HOSTS_EQUIV);
return 1;
}
}
}
if (options.strict_modes &&
((st.st_uid != 0 && st.st_uid != pw->pw_uid) ||
- (st.st_mode & 022) != 0)) {
+ (st.st_mode & 022) != 0)) {
log("Rhosts authentication refused for %.100s: bad ownership or modes for home directory.",
pw->pw_name);
packet_send_debug("Rhosts authentication refused for %.100s: bad ownership or modes for home directory.",
/* Check all .rhosts files (currently .shosts and .rhosts). */
for (rhosts_file_index = 0; rhosts_files[rhosts_file_index];
- rhosts_file_index++) {
+ rhosts_file_index++) {
/* Check users .rhosts or .shosts. */
snprintf(buf, sizeof buf, "%.500s/%.100s",
pw->pw_dir, rhosts_files[rhosts_file_index]);
*/
if (options.strict_modes &&
((st.st_uid != 0 && st.st_uid != pw->pw_uid) ||
- (st.st_mode & 022) != 0)) {
+ (st.st_mode & 022) != 0)) {
log("Rhosts authentication refused for %.100s: bad modes for %.200s",
pw->pw_name, buf);
packet_send_debug("Bad file modes for %.200s", buf);
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
-RCSID("$OpenBSD: auth-skey.c,v 1.12 2001/05/18 14:13:28 markus Exp $");
+RCSID("$OpenBSD: auth-skey.c,v 1.13 2001/12/19 07:18:56 deraadt Exp $");
#ifdef SKEY
#define PROMPT "\nS/Key Password: "
static int
-skey_query(void *ctx, char **name, char **infotxt,
+skey_query(void *ctx, char **name, char **infotxt,
u_int* numprompts, char ***prompts, u_int **echo_on)
{
Authctxt *authctxt = ctx;
skey_respond(void *ctx, u_int numresponses, char **responses)
{
Authctxt *authctxt = ctx;
-
+
if (authctxt->valid &&
- numresponses == 1 &&
+ numresponses == 1 &&
skey_haskey(authctxt->pw->pw_name) == 0 &&
skey_passcheck(authctxt->pw->pw_name, responses[0]) != -1)
return 0;
*/
#include "includes.h"
-RCSID("$OpenBSD: auth.c,v 1.30 2001/11/17 19:14:34 stevesk Exp $");
+RCSID("$OpenBSD: auth.c,v 1.31 2001/12/19 07:18:56 deraadt Exp $");
#ifdef HAVE_LOGIN_H
#include <login.h>
}
if (cp[0] == '%' && cp[1] == 'u') {
buffer_append(&buffer, pw->pw_name,
- strlen(pw->pw_name));
+ strlen(pw->pw_name));
cp++;
continue;
}
if (options.strict_modes &&
(stat(user_hostfile, &st) == 0) &&
((st.st_uid != 0 && st.st_uid != pw->pw_uid) ||
- (st.st_mode & 022) != 0)) {
+ (st.st_mode & 022) != 0)) {
log("Authentication refused for %.100s: "
"bad owner or modes for %.200s",
pw->pw_name, user_hostfile);
if (stat(buf, &st) < 0 ||
(st.st_uid != 0 && st.st_uid != uid) ||
(st.st_mode & 022) != 0) {
- snprintf(err, errlen,
+ snprintf(err, errlen,
"bad ownership or modes for directory %s", buf);
return -1;
}
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
- * $OpenBSD: auth.h,v 1.24 2001/12/18 10:04:21 jakob Exp $
+ * $OpenBSD: auth.h,v 1.25 2001/12/19 07:18:56 deraadt Exp $
*/
#ifndef AUTH_H
#define AUTH_H
/*
* Keyboard interactive device:
- * init_ctx returns: non NULL upon success
- * query returns: 0 - success, otherwise failure
+ * init_ctx returns: non NULL upon success
+ * query returns: 0 - success, otherwise failure
* respond returns: 0 - success, 1 - need further interaction,
* otherwise - failure
*/
*/
#include "includes.h"
-RCSID("$OpenBSD: auth1.c,v 1.26 2001/12/05 03:56:39 itojun Exp $");
+RCSID("$OpenBSD: auth1.c,v 1.27 2001/12/19 07:18:56 deraadt Exp $");
#include "xmalloc.h"
#include "rsa.h"
struct passwd *pw = authctxt->pw;
debug("Attempting authentication for %s%.100s.",
- authctxt->valid ? "" : "illegal user ", authctxt->user);
+ authctxt->valid ? "" : "illegal user ", authctxt->user);
/* If the user has no password, accept authentication immediately. */
if (options.password_authentication &&
verbose("Kerberos authentication disabled.");
} else {
char *kdata = packet_get_string(&dlen);
-
+
packet_integrity_check(plen, 4 + dlen, type);
-
+
if (kdata[0] == 4) { /* KRB_PROT_VERSION */
#ifdef KRB4
KTEXT_ST tkt;
-
+
tkt.length = dlen;
if (tkt.length < MAX_KTXT_LEN)
memcpy(tkt.dat, kdata, tkt.length);
-
+
if (auth_krb4(authctxt, &tkt, &client_user)) {
authenticated = 1;
snprintf(info, sizeof(info),
krb5_data tkt;
tkt.length = dlen;
tkt.data = kdata;
-
+
if (auth_krb5(authctxt, &tkt, &client_user)) {
authenticated = 1;
snprintf(info, sizeof(info),
}
break;
#endif /* KRB4 || KRB5 */
-
+
#if defined(AFS) || defined(KRB5)
/* XXX - punt on backward compatibility here. */
case SSH_CMSG_HAVE_KERBEROS_TGT:
break;
#endif /* AFS */
#endif /* AFS || KRB5 */
-
+
case SSH_CMSG_AUTH_RHOSTS:
if (!options.rhosts_authentication) {
verbose("Rhosts authentication disabled.");
/* XXX - SSH.com Kerberos v5 braindeath. */
if ((p = strchr(user, '@')) != NULL)
*p = '\0';
-
+
authctxt = authctxt_new();
authctxt->user = user;
authctxt->style = style;
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
-RCSID("$OpenBSD: auth2-chall.c,v 1.9 2001/12/09 18:45:56 markus Exp $");
+RCSID("$OpenBSD: auth2-chall.c,v 1.10 2001/12/19 07:18:56 deraadt Exp $");
#include "ssh2.h"
#include "auth.h"
if (authctxt->user == NULL || !devs)
return 0;
- if (authctxt->kbdintctxt == NULL)
+ if (authctxt->kbdintctxt == NULL)
authctxt->kbdintctxt = kbdint_alloc(devs);
return auth2_challenge_start(authctxt);
}
*/
#include "includes.h"
-RCSID("$OpenBSD: auth2.c,v 1.76 2001/12/18 10:05:15 jakob Exp $");
+RCSID("$OpenBSD: auth2.c,v 1.77 2001/12/19 07:18:56 deraadt Exp $");
#include <openssl/evp.h>
file, linenum);
fp = key_fingerprint(found, SSH_FP_MD5, SSH_FP_HEX);
verbose("Found matching %s key: %s",
- key_type(found), fp);
+ key_type(found), fp);
xfree(fp);
break;
}
*/
#include "includes.h"
-RCSID("$OpenBSD: authfile.c,v 1.40 2001/12/05 10:06:12 deraadt Exp $");
+RCSID("$OpenBSD: authfile.c,v 1.41 2001/12/19 07:18:56 deraadt Exp $");
#include <openssl/err.h>
#include <openssl/evp.h>
if (write(fd, buffer_ptr(&encrypted), buffer_len(&encrypted)) !=
buffer_len(&encrypted)) {
error("write to key file %s failed: %s", filename,
- strerror(errno));
+ strerror(errno));
buffer_free(&encrypted);
close(fd);
unlink(filename);
debug("PEM_read_PrivateKey failed");
(void)ERR_get_error();
} else if (pk->type == EVP_PKEY_RSA &&
- (type == KEY_UNSPEC||type==KEY_RSA)) {
+ (type == KEY_UNSPEC||type==KEY_RSA)) {
prv = key_new(KEY_UNSPEC);
prv->rsa = EVP_PKEY_get1_RSA(pk);
prv->type = KEY_RSA;
RSA_print_fp(stderr, prv->rsa, 8);
#endif
} else if (pk->type == EVP_PKEY_DSA &&
- (type == KEY_UNSPEC||type==KEY_DSA)) {
+ (type == KEY_UNSPEC||type==KEY_DSA)) {
prv = key_new(KEY_UNSPEC);
prv->dsa = EVP_PKEY_get1_DSA(pk);
prv->type = KEY_DSA;
*/
#include "includes.h"
-RCSID("$OpenBSD: bufaux.c,v 1.18 2001/12/05 10:06:12 deraadt Exp $");
+RCSID("$OpenBSD: bufaux.c,v 1.19 2001/12/19 07:18:56 deraadt Exp $");
#include <openssl/bn.h>
#include "bufaux.h"
oi = BN_bn2bin(value, buf);
if (oi != bin_size)
fatal("buffer_put_bignum: BN_bn2bin() failed: oi %d != bin_size %d",
- oi, bin_size);
+ oi, bin_size);
/* Store the number of bits in the buffer in two bytes, msb first. */
PUT_16BIT(msg, bits);
oi = BN_bn2bin(value, buf+1);
if (oi != bytes-1)
fatal("buffer_put_bignum: BN_bn2bin() failed: oi %d != bin_size %d",
- oi, bytes);
+ oi, bytes);
hasnohigh = (buf[1] & 0x80) ? 0 : 1;
if (value->neg) {
/**XXX should be two's-complement */
int i, carry;
u_char *uc = buf;
log("negativ!");
- for(i = bytes-1, carry = 1; i>=0; i--) {
+ for (i = bytes-1, carry = 1; i>=0; i--) {
uc[i] ^= 0xff;
if (carry)
carry = !++uc[i];
*/
#include "includes.h"
-RCSID("$OpenBSD: canohost.c,v 1.28 2001/12/05 03:56:39 itojun Exp $");
+RCSID("$OpenBSD: canohost.c,v 1.29 2001/12/19 07:18:56 deraadt Exp $");
#include "packet.h"
#include "xmalloc.h"
check_ip_options(socket, ntop);
if (getnameinfo((struct sockaddr *)&from, fromlen, ntop, sizeof(ntop),
- NULL, 0, NI_NUMERICHOST) != 0)
+ NULL, 0, NI_NUMERICHOST) != 0)
fatal("get_remote_hostname: getnameinfo NI_NUMERICHOST failed");
debug3("Trying to reverse map address %.100s.", ntop);
/* Map the IP address to a host name. */
if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name),
- NULL, 0, NI_NAMEREQD) != 0) {
+ NULL, 0, NI_NAMEREQD) != 0) {
/* Host name not found. Use ip address. */
log("Could not reverse map address %.100s.", ntop);
return xstrdup(ntop);
}
/* Get the address in ascii. */
if (getnameinfo((struct sockaddr *)&addr, addrlen, ntop, sizeof(ntop),
- NULL, 0, flags) != 0) {
+ NULL, 0, flags) != 0) {
error("get_socket_ipaddr: getnameinfo %d failed", flags);
return NULL;
}
}
/* Return port number. */
if (getnameinfo((struct sockaddr *)&from, fromlen, NULL, 0,
- strport, sizeof(strport), NI_NUMERICSERV) != 0)
+ strport, sizeof(strport), NI_NUMERICSERV) != 0)
fatal("get_sock_port: getnameinfo NI_NUMERICSERV failed");
return atoi(strport);
}
*/
#include "includes.h"
-RCSID("$OpenBSD: channels.c,v 1.147 2001/12/08 17:49:28 stevesk Exp $");
+RCSID("$OpenBSD: channels.c,v 1.148 2001/12/19 07:18:56 deraadt Exp $");
#include "ssh.h"
#include "ssh1.h"
data_len = ucp[8] + 256 * ucp[9];
} else {
debug("Initial X11 packet contains bad byte order byte: 0x%x",
- ucp[0]);
+ ucp[0]);
return -1;
}
{
u_char *p, *host;
int len, have, i, found;
- char username[256];
+ char username[256];
struct {
u_int8_t version;
u_int8_t command;
host = inet_ntoa(s4_req.dest_addr);
strlcpy(c->path, host, sizeof(c->path));
c->host_port = ntohs(s4_req.dest_port);
-
+
debug("channel %d: dynamic request: socks4 host %s port %u command %u",
c->self, host, c->host_port, s4_req.command);
FD_ISSET(c->efd, readset)) {
len = read(c->efd, buf, sizeof(buf));
debug2("channel %d: read %d from efd %d",
- c->self, len, c->efd);
+ c->self, len, c->efd);
if (len < 0 && (errno == EINTR || errno == EAGAIN))
return 1;
if (len <= 0) {
channel_handler_init(void)
{
int i;
- for(i = 0; i < SSH_CHANNEL_MAX_TYPE; i++) {
+ for (i = 0; i < SSH_CHANNEL_MAX_TYPE; i++) {
channel_pre[i] = NULL;
channel_post[i] = NULL;
}
int gaierr, n, num_socks = 0, socks[NUM_SOCKS];
for (display_number = x11_display_offset;
- display_number < MAX_DISPLAYS;
- display_number++) {
+ display_number < MAX_DISPLAYS;
+ display_number++) {
port = 6000 + display_number;
memset(&hints, 0, sizeof(hints));
hints.ai_family = IPv4or6;
/* Connect to the unix domain socket. */
if (sscanf(strrchr(display, ':') + 1, "%d", &display_number) != 1) {
error("Could not parse display number from DISPLAY: %.100s",
- display);
+ display);
return -1;
}
/* Create a socket. */
/* buf now contains the host name. But first we parse the display number. */
if (sscanf(cp + 1, "%d", &display_number) != 1) {
error("Could not parse display number from DISPLAY: %.100s",
- display);
+ display);
return -1;
}
*/
#include "includes.h"
-RCSID("$OpenBSD: cipher.c,v 1.47 2001/08/23 11:31:59 markus Exp $");
+RCSID("$OpenBSD: cipher.c,v 1.48 2001/12/19 07:18:56 deraadt Exp $");
#include "xmalloc.h"
#include "log.h"
}
static void
blowfish_cbc_encrypt(CipherContext *cc, u_char *dest, const u_char *src,
- u_int len)
+ u_int len)
{
BF_cbc_encrypt((void *)src, dest, len, &cc->u.bf.key, cc->u.bf.iv,
BF_ENCRYPT);
}
static void
blowfish_cbc_decrypt(CipherContext *cc, u_char *dest, const u_char *src,
- u_int len)
+ u_int len)
{
BF_cbc_encrypt((void *)src, dest, len, &cc->u.bf.key, cc->u.bf.iv,
BF_DECRYPT);
static void
rijndael_setiv(CipherContext *cc, const u_char *iv, u_int ivlen)
{
- if (iv == NULL || ivlen != RIJNDAEL_BLOCKSIZE)
+ if (iv == NULL || ivlen != RIJNDAEL_BLOCKSIZE)
fatal("bad/no IV for %s.", cc->cipher->name);
memcpy(cc->u.rijndael.iv, iv, RIJNDAEL_BLOCKSIZE);
}
cipher_mask_ssh1(int client)
{
u_int mask = 0;
- mask |= 1 << SSH_CIPHER_3DES; /* Mandatory */
+ mask |= 1 << SSH_CIPHER_3DES; /* Mandatory */
mask |= 1 << SSH_CIPHER_BLOWFISH;
if (client) {
mask |= 1 << SSH_CIPHER_DES;
return 0;
ciphers = cp = xstrdup(names);
for ((p = strsep(&cp, CIPHER_SEP)); p && *p != '\0';
- (p = strsep(&cp, CIPHER_SEP))) {
+ (p = strsep(&cp, CIPHER_SEP))) {
c = cipher_by_name(p);
if (c == NULL || c->number != SSH_CIPHER_SSH2) {
debug("bad cipher %s [%s]", p, names);
*/
#include "includes.h"
-RCSID("$OpenBSD: clientloop.c,v 1.89 2001/12/05 03:50:01 itojun Exp $");
+RCSID("$OpenBSD: clientloop.c,v 1.90 2001/12/19 07:18:56 deraadt Exp $");
#include "ssh.h"
#include "ssh1.h"
/* Send buffered stdin data to the server. */
while (buffer_len(&stdin_buffer) > 0 &&
- packet_not_very_much_data_to_write()) {
+ packet_not_very_much_data_to_write()) {
len = buffer_len(&stdin_buffer);
/* Keep the packets at reasonable size. */
if (len > packet_get_maxsize())
/* Check if the window size has changed. */
if (ioctl(fileno(stdin), TIOCGWINSZ, &newws) >= 0 &&
(oldws.ws_row != newws.ws_row ||
- oldws.ws_col != newws.ws_col ||
- oldws.ws_xpixel != newws.ws_xpixel ||
- oldws.ws_ypixel != newws.ws_ypixel))
+ oldws.ws_col != newws.ws_col ||
+ oldws.ws_xpixel != newws.ws_xpixel ||
+ oldws.ws_ypixel != newws.ws_ypixel))
received_window_change_signal = 1;
/* OK, we have been continued by the user. Reinitialize buffers. */
/* Report bytes transferred, and transfer rates. */
total_time = get_current_time() - start_time;
debug("Transferred: stdin %lu, stdout %lu, stderr %lu bytes in %.1f seconds",
- stdin_bytes, stdout_bytes, stderr_bytes, total_time);
+ stdin_bytes, stdout_bytes, stderr_bytes, total_time);
if (total_time > 0)
debug("Bytes per second: stdin %.1f, stdout %.1f, stderr %.1f",
- stdin_bytes / total_time, stdout_bytes / total_time,
- stderr_bytes / total_time);
+ stdin_bytes / total_time, stdout_bytes / total_time,
+ stderr_bytes / total_time);
/* Return the exit status of the program. */
debug("Exit status %d", exit_status);
*/
#include "includes.h"
-RCSID("$OpenBSD: compat.c,v 1.55 2001/12/05 16:54:51 markus Exp $");
+RCSID("$OpenBSD: compat.c,v 1.56 2001/12/19 07:18:56 deraadt Exp $");
#include "packet.h"
#include "xmalloc.h"
{ "2.1 *", SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
SSH_OLD_SESSIONID|SSH_BUG_DEBUG|
SSH_BUG_RSASIGMD5|SSH_BUG_HBSERVICE },
- { "2.0.13*,"
- "2.0.14*,"
- "2.0.15*,"
- "2.0.16*,"
- "2.0.17*,"
- "2.0.18*,"
+ { "2.0.13*,"
+ "2.0.14*,"
+ "2.0.15*,"
+ "2.0.16*,"
+ "2.0.17*,"
+ "2.0.18*,"
"2.0.19*", SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
SSH_OLD_SESSIONID|SSH_BUG_DEBUG|
SSH_BUG_PKSERVICE|SSH_BUG_X11FWD|
SSH_BUG_PKOK|SSH_BUG_RSASIGMD5|
SSH_BUG_HBSERVICE|SSH_BUG_OPENFAILURE|
SSH_BUG_DUMMYCHAN },
- { "2.0.11*,"
+ { "2.0.11*,"
"2.0.12*", SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
SSH_OLD_SESSIONID|SSH_BUG_DEBUG|
SSH_BUG_PKSERVICE|SSH_BUG_X11FWD|
{ "1.3.2*", SSH_BUG_IGNOREMSG }, /* f-secure */
{ "*SSH Compatible Server*", /* Netscreen */
SSH_BUG_PASSWORDPAD },
- { "*OSU_0*,"
+ { "*OSU_0*,"
"OSU_1.0*,"
"OSU_1.1*,"
"OSU_1.2*,"
*/
#include "includes.h"
-RCSID("$OpenBSD: compress.c,v 1.15 2001/09/27 11:58:16 markus Exp $");
+RCSID("$OpenBSD: compress.c,v 1.16 2001/12/19 07:18:56 deraadt Exp $");
#include "log.h"
#include "buffer.h"
buffer_compress_uninit(void)
{
debug("compress outgoing: raw data %lu, compressed %lu, factor %.2f",
- outgoing_stream.total_in, outgoing_stream.total_out,
- outgoing_stream.total_in == 0 ? 0.0 :
- (double) outgoing_stream.total_out / outgoing_stream.total_in);
+ outgoing_stream.total_in, outgoing_stream.total_out,
+ outgoing_stream.total_in == 0 ? 0.0 :
+ (double) outgoing_stream.total_out / outgoing_stream.total_in);
debug("compress incoming: raw data %lu, compressed %lu, factor %.2f",
- incoming_stream.total_out, incoming_stream.total_in,
- incoming_stream.total_out == 0 ? 0.0 :
- (double) incoming_stream.total_in / incoming_stream.total_out);
+ incoming_stream.total_out, incoming_stream.total_in,
+ incoming_stream.total_out == 0 ? 0.0 :
+ (double) incoming_stream.total_in / incoming_stream.total_out);
if (compress_init_recv_called == 1)
inflateEnd(&incoming_stream);
if (compress_init_send_called == 1)
-/* $OpenBSD: deattack.c,v 1.16 2001/12/05 03:56:39 itojun Exp $ */
+/* $OpenBSD: deattack.c,v 1.17 2001/12/19 07:18:56 deraadt Exp $ */
/*
* Cryptographic attack detector for ssh - source code
#define HASH_FACTOR(x) ((x)*3/2)
#define HASH_UNUSEDCHAR (0xff)
#define HASH_UNUSED (0xffff)
-#define HASH_IV (0xfffe)
+#define HASH_IV (0xfffe)
#define HASH_MINBLOCKS (7*SSH_BLOCKSIZE)
for (c = buf, j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) {
for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED;
- i = (i + 1) & (n - 1)) {
+ i = (i + 1) & (n - 1)) {
if (h[i] == HASH_IV) {
if (!CMP(c, IV)) {
if (check_crc(c, buf, len, IV))
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
-RCSID("$OpenBSD: key.c,v 1.35 2001/12/05 10:06:12 deraadt Exp $");
+RCSID("$OpenBSD: key.c,v 1.36 2001/12/19 07:18:56 deraadt Exp $");
#include <openssl/evp.h>
retval = xmalloc(dgst_raw_len * 3 + 1);
retval[0] = '\0';
- for(i = 0; i < dgst_raw_len; i++) {
+ for (i = 0; i < dgst_raw_len; i++) {
char hex[4];
snprintf(hex, sizeof(hex), "%02x:", dgst_raw[i]);
strlcat(retval, hex, dgst_raw_len * 3);
char *retval = NULL;
u_char *dgst_raw;
size_t dgst_raw_len;
-
+
dgst_raw = key_fingerprint_raw(k, dgst_type, &dgst_raw_len);
if (!dgst_raw)
fatal("key_fingerprint: null from key_fingerprint_raw()");
return 0;
s = cp = xstrdup(names);
for ((p = strsep(&cp, ",")); p && *p != '\0';
- (p = strsep(&cp, ","))) {
+ (p = strsep(&cp, ","))) {
switch (key_type_from_name(p)) {
case KEY_RSA1:
case KEY_UNSPEC:
*/
#include "includes.h"
-RCSID("$OpenBSD: log.c,v 1.18 2001/06/26 17:27:23 markus Exp $");
+RCSID("$OpenBSD: log.c,v 1.19 2001/12/19 07:18:56 deraadt Exp $");
#include "log.h"
#include "xmalloc.h"
for (cu = fatal_cleanups; cu; cu = next_cu) {
next_cu = cu->next;
debug("Calling cleanup 0x%lx(0x%lx)",
- (u_long) cu->proc, (u_long) cu->context);
+ (u_long) cu->proc, (u_long) cu->context);
(*cu->proc) (cu->context);
}
exit(255);
*/
#include "includes.h"
-RCSID("$OpenBSD: mac.c,v 1.2 2001/04/05 10:42:51 markus Exp $");
+RCSID("$OpenBSD: mac.c,v 1.3 2001/12/19 07:18:56 deraadt Exp $");
#include <openssl/hmac.h>
return (0);
maclist = cp = xstrdup(names);
for ((p = strsep(&cp, MAC_SEP)); p && *p != '\0';
- (p = strsep(&cp, MAC_SEP))) {
+ (p = strsep(&cp, MAC_SEP))) {
if (mac_init(NULL, p) < 0) {
debug("bad mac %s [%s]", p, names);
xfree(maclist);
*/
#include "includes.h"
-RCSID("$OpenBSD: match.c,v 1.15 2001/12/05 16:54:51 markus Exp $");
+RCSID("$OpenBSD: match.c,v 1.16 2001/12/19 07:18:56 deraadt Exp $");
#include "match.h"
#include "xmalloc.h"
* subpattern to lowercase.
*/
for (subi = 0;
- i < len && subi < sizeof(sub) - 1 && pattern[i] != ',';
- subi++, i++)
+ i < len && subi < sizeof(sub) - 1 && pattern[i] != ',';
+ subi++, i++)
sub[subi] = dolower && isupper(pattern[i]) ?
- tolower(pattern[i]) : pattern[i];
+ tolower(pattern[i]) : pattern[i];
/* If subpattern too long, return failure (no match). */
if (subi >= sizeof(sub) - 1)
return 0;
s = sp = xstrdup(server);
for ((p = strsep(&sp, SEP)), i=0; p && *p != '\0';
- (p = strsep(&sp, SEP)), i++) {
+ (p = strsep(&sp, SEP)), i++) {
if (i < MAX_PROP)
sproposals[i] = p;
else
nproposals = i;
for ((p = strsep(&cp, SEP)), i=0; p && *p != '\0';
- (p = strsep(&cp, SEP)), i++) {
+ (p = strsep(&cp, SEP)), i++) {
for (j = 0; j < nproposals; j++) {
if (strcmp(p, sproposals[j]) == 0) {
ret = xstrdup(p);
-/* $OpenBSD: misc.c,v 1.13 2001/12/05 10:06:12 deraadt Exp $ */
+/* $OpenBSD: misc.c,v 1.14 2001/12/19 07:18:56 deraadt Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*/
#include "includes.h"
-RCSID("$OpenBSD: misc.c,v 1.13 2001/12/05 10:06:12 deraadt Exp $");
+RCSID("$OpenBSD: misc.c,v 1.14 2001/12/19 07:18:56 deraadt Exp $");
#include "misc.h"
#include "log.h"
if (args->list == NULL) {
args->nalloc = 32;
args->num = 0;
- } else if (args->num+2 >= args->nalloc)
+ } else if (args->num+2 >= args->nalloc)
args->nalloc *= 2;
args->list = xrealloc(args->list, args->nalloc * sizeof(char *));
*/
#include "includes.h"
-RCSID("$OpenBSD: nchan.c,v 1.32 2001/10/10 22:18:47 markus Exp $");
+RCSID("$OpenBSD: nchan.c,v 1.33 2001/12/19 07:18:56 deraadt Exp $");
#include "ssh1.h"
#include "ssh2.h"
break;
default:
error("channel %d: cannot send oclose for ostate %d",
- c->self, c->ostate);
+ c->self, c->ostate);
break;
}
}
debug("channel %d: ibuf empty", c->self);
if (buffer_len(&c->input)) {
error("channel %d: chan_ibuf_empty for non empty buffer",
- c->self);
+ c->self);
return;
}
switch (c->istate) {
break;
default:
error("channel %d: chan_ibuf_empty for istate %d",
- c->self, c->istate);
+ c->self, c->istate);
break;
}
}
debug2("channel %d: active efd: %d len %d type %s",
c->self, c->efd, buffer_len(&c->extended),
c->extended_usage==CHAN_EXTENDED_READ ?
- "read": "write");
+ "read": "write");
} else {
if (!(c->flags & CHAN_CLOSE_SENT)) {
if (send) {
*/
#include "includes.h"
-RCSID("$OpenBSD: packet.c,v 1.74 2001/12/05 10:06:12 deraadt Exp $");
+RCSID("$OpenBSD: packet.c,v 1.75 2001/12/19 07:18:56 deraadt Exp $");
#include "xmalloc.h"
#include "buffer.h"
buffer_compress(&outgoing_packet, &compression_buffer);
buffer_clear(&outgoing_packet);
buffer_append(&outgoing_packet, buffer_ptr(&compression_buffer),
- buffer_len(&compression_buffer));
+ buffer_len(&compression_buffer));
}
/* Compute packet length without padding (add checksum, remove padding). */
len = buffer_len(&outgoing_packet) + 4 - 8;
buffer_append(&output, buf, 4);
buffer_append_space(&output, &cp, buffer_len(&outgoing_packet));
cipher_encrypt(&send_context, cp, buffer_ptr(&outgoing_packet),
- buffer_len(&outgoing_packet));
+ buffer_len(&outgoing_packet));
#ifdef PACKET_DEBUG
fprintf(stderr, "encrypted: ");
packet_start(compat20 ? SSH2_MSG_IGNORE : SSH_MSG_IGNORE);
packet_put_int(nbytes);
- for(i = 0; i < nbytes; i++) {
+ for (i = 0; i < nbytes; i++) {
if (i % 4 == 0)
rand = arc4random();
packet_put_char(rand & 0xff);
*/
#include "includes.h"
-RCSID("$OpenBSD: readconf.c,v 1.92 2001/11/17 19:14:34 stevesk Exp $");
+RCSID("$OpenBSD: readconf.c,v 1.93 2001/12/19 07:18:56 deraadt Exp $");
#include "ssh.h"
#include "xmalloc.h"
oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
oHostKeyAlgorithms, oBindAddress, oSmartcardDevice,
- oClearAllForwardings, oNoHostAuthenticationForLocalhost
+ oClearAllForwardings, oNoHostAuthenticationForLocalhost
} OpCodes;
/* Textual representations of the tokens. */
{ "hostkeyalgorithms", oHostKeyAlgorithms },
{ "bindaddress", oBindAddress },
{ "smartcarddevice", oSmartcardDevice },
- { "clearallforwardings", oClearAllForwardings },
- { "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost },
+ { "clearallforwardings", oClearAllForwardings },
+ { "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost },
{ NULL, oBadOption }
};
Forward *fwd;
if (options->num_remote_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION)
fatal("Too many remote forwards (max %d).",
- SSH_MAX_FORWARDS_PER_DIRECTION);
+ SSH_MAX_FORWARDS_PER_DIRECTION);
fwd = &options->remote_forwards[options->num_remote_forwards++];
fwd->port = port;
fwd->host = xstrdup(host);
arg = strdelim(&s);
if (!arg || *arg == '\0')
fatal("%.200s line %d: Missing yes/no/ask argument.",
- filename, linenum);
+ filename, linenum);
value = 0; /* To avoid compiler warning... */
if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0)
value = 1;
intptr = &options->num_identity_files;
if (*intptr >= SSH_MAX_IDENTITY_FILES)
fatal("%.200s line %d: Too many identity files specified (max %d).",
- filename, linenum, SSH_MAX_IDENTITY_FILES);
+ filename, linenum, SSH_MAX_IDENTITY_FILES);
charptr = &options->identity_files[*intptr];
*charptr = xstrdup(arg);
*intptr = *intptr + 1;
value = cipher_number(arg);
if (value == -1)
fatal("%.200s line %d: Bad cipher '%s'.",
- filename, linenum, arg ? arg : "<NONE>");
+ filename, linenum, arg ? arg : "<NONE>");
if (*activep && *intptr == -1)
*intptr = value;
break;
fatal("%.200s line %d: Missing argument.", filename, linenum);
if (!ciphers_valid(arg))
fatal("%.200s line %d: Bad SSH2 cipher spec '%s'.",
- filename, linenum, arg ? arg : "<NONE>");
+ filename, linenum, arg ? arg : "<NONE>");
if (*activep && options->ciphers == NULL)
options->ciphers = xstrdup(arg);
break;
fatal("%.200s line %d: Missing argument.", filename, linenum);
if (!mac_valid(arg))
fatal("%.200s line %d: Bad SSH2 Mac spec '%s'.",
- filename, linenum, arg ? arg : "<NONE>");
+ filename, linenum, arg ? arg : "<NONE>");
if (*activep && options->macs == NULL)
options->macs = xstrdup(arg);
break;
fatal("%.200s line %d: Missing argument.", filename, linenum);
if (!key_names_valid2(arg))
fatal("%.200s line %d: Bad protocol 2 host key algorithms '%s'.",
- filename, linenum, arg ? arg : "<NONE>");
+ filename, linenum, arg ? arg : "<NONE>");
if (*activep && options->hostkeyalgorithms == NULL)
options->hostkeyalgorithms = xstrdup(arg);
break;
value = proto_spec(arg);
if (value == SSH_PROTO_UNKNOWN)
fatal("%.200s line %d: Bad protocol spec '%s'.",
- filename, linenum, arg ? arg : "<NONE>");
+ filename, linenum, arg ? arg : "<NONE>");
if (*activep && *intptr == SSH_PROTO_UNKNOWN)
*intptr = value;
break;
value = log_level_number(arg);
if (value == (LogLevel) - 1)
fatal("%.200s line %d: unsupported log level '%s'",
- filename, linenum, arg ? arg : "<NONE>");
+ filename, linenum, arg ? arg : "<NONE>");
if (*activep && (LogLevel) * intptr == -1)
*intptr = (LogLevel) value;
break;
value = SSH_ESCAPECHAR_NONE;
else {
fatal("%.200s line %d: Bad escape character.",
- filename, linenum);
+ filename, linenum);
/* NOTREACHED */
value = 0; /* Avoid compiler warning. */
}
/* Check that there is no garbage at end of line. */
if ((arg = strdelim(&s)) != NULL && *arg != '\0') {
fatal("%.200s line %d: garbage at end of line; \"%.200s\".",
- filename, linenum, arg);
+ filename, linenum, arg);
}
return 0;
}
fclose(f);
if (bad_options > 0)
fatal("%s: terminating, %d bad configuration options",
- filename, bad_options);
+ filename, bad_options);
return 1;
}
-/* $OpenBSD: rijndael.c,v 1.12 2001/09/13 09:48:39 markus Exp $ */
+/* $OpenBSD: rijndael.c,v 1.13 2001/12/19 07:18:56 deraadt Exp $ */
/**
* rijndael-alg-fst.c
rk[6] = GETU32(cipherKey + 24);
rk[7] = GETU32(cipherKey + 28);
if (keyBits == 256) {
- for (;;) {
- temp = rk[ 7];
- rk[ 8] = rk[ 0] ^
- (Te4[(temp >> 16) & 0xff] & 0xff000000) ^
- (Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^
- (Te4[(temp ) & 0xff] & 0x0000ff00) ^
- (Te4[(temp >> 24) ] & 0x000000ff) ^
- rcon[i];
- rk[ 9] = rk[ 1] ^ rk[ 8];
- rk[10] = rk[ 2] ^ rk[ 9];
- rk[11] = rk[ 3] ^ rk[10];
- if (++i == 7) {
- return 14;
- }
- temp = rk[11];
- rk[12] = rk[ 4] ^
- (Te4[(temp >> 24) ] & 0xff000000) ^
- (Te4[(temp >> 16) & 0xff] & 0x00ff0000) ^
- (Te4[(temp >> 8) & 0xff] & 0x0000ff00) ^
- (Te4[(temp ) & 0xff] & 0x000000ff);
- rk[13] = rk[ 5] ^ rk[12];
- rk[14] = rk[ 6] ^ rk[13];
- rk[15] = rk[ 7] ^ rk[14];
-
+ for (;;) {
+ temp = rk[ 7];
+ rk[ 8] = rk[ 0] ^
+ (Te4[(temp >> 16) & 0xff] & 0xff000000) ^
+ (Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^
+ (Te4[(temp ) & 0xff] & 0x0000ff00) ^
+ (Te4[(temp >> 24) ] & 0x000000ff) ^
+ rcon[i];
+ rk[ 9] = rk[ 1] ^ rk[ 8];
+ rk[10] = rk[ 2] ^ rk[ 9];
+ rk[11] = rk[ 3] ^ rk[10];
+ if (++i == 7) {
+ return 14;
+ }
+ temp = rk[11];
+ rk[12] = rk[ 4] ^
+ (Te4[(temp >> 24) ] & 0xff000000) ^
+ (Te4[(temp >> 16) & 0xff] & 0x00ff0000) ^
+ (Te4[(temp >> 8) & 0xff] & 0x0000ff00) ^
+ (Te4[(temp ) & 0xff] & 0x000000ff);
+ rk[13] = rk[ 5] ^ rk[12];
+ rk[14] = rk[ 6] ^ rk[13];
+ rk[15] = rk[ 7] ^ rk[14];
rk += 8;
- }
+ }
}
return 0;
}
t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[38];
t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[39];
if (Nr > 10) {
- /* round 10: */
- s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[40];
- s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[41];
- s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[42];
- s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[43];
- /* round 11: */
- t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[44];
- t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[45];
- t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[46];
- t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[47];
- if (Nr > 12) {
- /* round 12: */
- s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[48];
- s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[49];
- s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[50];
- s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[51];
- /* round 13: */
- t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[52];
- t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[53];
- t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[54];
- t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[55];
- }
+ /* round 10: */
+ s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[40];
+ s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[41];
+ s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[42];
+ s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[43];
+ /* round 11: */
+ t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[44];
+ t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[45];
+ t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[46];
+ t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[47];
+ if (Nr > 12) {
+ /* round 12: */
+ s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[48];
+ s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[49];
+ s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[50];
+ s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[51];
+ /* round 13: */
+ t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[52];
+ t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[53];
+ t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[54];
+ t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[55];
+ }
}
rk += Nr << 2;
#else /* !FULL_UNROLL */
*/
r = Nr >> 1;
for (;;) {
- t0 =
- Te0[(s0 >> 24) ] ^
- Te1[(s1 >> 16) & 0xff] ^
- Te2[(s2 >> 8) & 0xff] ^
- Te3[(s3 ) & 0xff] ^
- rk[4];
- t1 =
- Te0[(s1 >> 24) ] ^
- Te1[(s2 >> 16) & 0xff] ^
- Te2[(s3 >> 8) & 0xff] ^
- Te3[(s0 ) & 0xff] ^
- rk[5];
- t2 =
- Te0[(s2 >> 24) ] ^
- Te1[(s3 >> 16) & 0xff] ^
- Te2[(s0 >> 8) & 0xff] ^
- Te3[(s1 ) & 0xff] ^
- rk[6];
- t3 =
- Te0[(s3 >> 24) ] ^
- Te1[(s0 >> 16) & 0xff] ^
- Te2[(s1 >> 8) & 0xff] ^
- Te3[(s2 ) & 0xff] ^
- rk[7];
+ t0 =
+ Te0[(s0 >> 24) ] ^
+ Te1[(s1 >> 16) & 0xff] ^
+ Te2[(s2 >> 8) & 0xff] ^
+ Te3[(s3 ) & 0xff] ^
+ rk[4];
+ t1 =
+ Te0[(s1 >> 24) ] ^
+ Te1[(s2 >> 16) & 0xff] ^
+ Te2[(s3 >> 8) & 0xff] ^
+ Te3[(s0 ) & 0xff] ^
+ rk[5];
+ t2 =
+ Te0[(s2 >> 24) ] ^
+ Te1[(s3 >> 16) & 0xff] ^
+ Te2[(s0 >> 8) & 0xff] ^
+ Te3[(s1 ) & 0xff] ^
+ rk[6];
+ t3 =
+ Te0[(s3 >> 24) ] ^
+ Te1[(s0 >> 16) & 0xff] ^
+ Te2[(s1 >> 8) & 0xff] ^
+ Te3[(s2 ) & 0xff] ^
+ rk[7];
- rk += 8;
- if (--r == 0) {
- break;
- }
+ rk += 8;
+ if (--r == 0) {
+ break;
+ }
- s0 =
- Te0[(t0 >> 24) ] ^
- Te1[(t1 >> 16) & 0xff] ^
- Te2[(t2 >> 8) & 0xff] ^
- Te3[(t3 ) & 0xff] ^
- rk[0];
- s1 =
- Te0[(t1 >> 24) ] ^
- Te1[(t2 >> 16) & 0xff] ^
- Te2[(t3 >> 8) & 0xff] ^
- Te3[(t0 ) & 0xff] ^
- rk[1];
- s2 =
- Te0[(t2 >> 24) ] ^
- Te1[(t3 >> 16) & 0xff] ^
- Te2[(t0 >> 8) & 0xff] ^
- Te3[(t1 ) & 0xff] ^
- rk[2];
- s3 =
- Te0[(t3 >> 24) ] ^
- Te1[(t0 >> 16) & 0xff] ^
- Te2[(t1 >> 8) & 0xff] ^
- Te3[(t2 ) & 0xff] ^
- rk[3];
+ s0 =
+ Te0[(t0 >> 24) ] ^
+ Te1[(t1 >> 16) & 0xff] ^
+ Te2[(t2 >> 8) & 0xff] ^
+ Te3[(t3 ) & 0xff] ^
+ rk[0];
+ s1 =
+ Te0[(t1 >> 24) ] ^
+ Te1[(t2 >> 16) & 0xff] ^
+ Te2[(t3 >> 8) & 0xff] ^
+ Te3[(t0 ) & 0xff] ^
+ rk[1];
+ s2 =
+ Te0[(t2 >> 24) ] ^
+ Te1[(t3 >> 16) & 0xff] ^
+ Te2[(t0 >> 8) & 0xff] ^
+ Te3[(t1 ) & 0xff] ^
+ rk[2];
+ s3 =
+ Te0[(t3 >> 24) ] ^
+ Te1[(t0 >> 16) & 0xff] ^
+ Te2[(t1 >> 8) & 0xff] ^
+ Te3[(t2 ) & 0xff] ^
+ rk[3];
}
#endif /* ?FULL_UNROLL */
/*
t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[38];
t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[39];
if (Nr > 10) {
- /* round 10: */
- s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[40];
- s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[41];
- s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[42];
- s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[43];
- /* round 11: */
- t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[44];
- t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[45];
- t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[46];
- t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[47];
- if (Nr > 12) {
- /* round 12: */
- s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[48];
- s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[49];
- s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[50];
- s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[51];
- /* round 13: */
- t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[52];
- t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[53];
- t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[54];
- t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[55];
- }
+ /* round 10: */
+ s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[40];
+ s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[41];
+ s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[42];
+ s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[43];
+ /* round 11: */
+ t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[44];
+ t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[45];
+ t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[46];
+ t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[47];
+ if (Nr > 12) {
+ /* round 12: */
+ s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[48];
+ s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[49];
+ s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[50];
+ s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[51];
+ /* round 13: */
+ t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[52];
+ t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[53];
+ t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[54];
+ t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[55];
+ }
}
rk += Nr << 2;
#else /* !FULL_UNROLL */
*/
r = Nr >> 1;
for (;;) {
- t0 =
- Td0[(s0 >> 24) ] ^
- Td1[(s3 >> 16) & 0xff] ^
- Td2[(s2 >> 8) & 0xff] ^
- Td3[(s1 ) & 0xff] ^
- rk[4];
- t1 =
- Td0[(s1 >> 24) ] ^
- Td1[(s0 >> 16) & 0xff] ^
- Td2[(s3 >> 8) & 0xff] ^
- Td3[(s2 ) & 0xff] ^
- rk[5];
- t2 =
- Td0[(s2 >> 24) ] ^
- Td1[(s1 >> 16) & 0xff] ^
- Td2[(s0 >> 8) & 0xff] ^
- Td3[(s3 ) & 0xff] ^
- rk[6];
- t3 =
- Td0[(s3 >> 24) ] ^
- Td1[(s2 >> 16) & 0xff] ^
- Td2[(s1 >> 8) & 0xff] ^
- Td3[(s0 ) & 0xff] ^
- rk[7];
+ t0 =
+ Td0[(s0 >> 24) ] ^
+ Td1[(s3 >> 16) & 0xff] ^
+ Td2[(s2 >> 8) & 0xff] ^
+ Td3[(s1 ) & 0xff] ^
+ rk[4];
+ t1 =
+ Td0[(s1 >> 24) ] ^
+ Td1[(s0 >> 16) & 0xff] ^
+ Td2[(s3 >> 8) & 0xff] ^
+ Td3[(s2 ) & 0xff] ^
+ rk[5];
+ t2 =
+ Td0[(s2 >> 24) ] ^
+ Td1[(s1 >> 16) & 0xff] ^
+ Td2[(s0 >> 8) & 0xff] ^
+ Td3[(s3 ) & 0xff] ^
+ rk[6];
+ t3 =
+ Td0[(s3 >> 24) ] ^
+ Td1[(s2 >> 16) & 0xff] ^
+ Td2[(s1 >> 8) & 0xff] ^
+ Td3[(s0 ) & 0xff] ^
+ rk[7];
- rk += 8;
- if (--r == 0) {
- break;
- }
+ rk += 8;
+ if (--r == 0) {
+ break;
+ }
- s0 =
- Td0[(t0 >> 24) ] ^
- Td1[(t3 >> 16) & 0xff] ^
- Td2[(t2 >> 8) & 0xff] ^
- Td3[(t1 ) & 0xff] ^
- rk[0];
- s1 =
- Td0[(t1 >> 24) ] ^
- Td1[(t0 >> 16) & 0xff] ^
- Td2[(t3 >> 8) & 0xff] ^
- Td3[(t2 ) & 0xff] ^
- rk[1];
- s2 =
- Td0[(t2 >> 24) ] ^
- Td1[(t1 >> 16) & 0xff] ^
- Td2[(t0 >> 8) & 0xff] ^
- Td3[(t3 ) & 0xff] ^
- rk[2];
- s3 =
- Td0[(t3 >> 24) ] ^
- Td1[(t2 >> 16) & 0xff] ^
- Td2[(t1 >> 8) & 0xff] ^
- Td3[(t0 ) & 0xff] ^
- rk[3];
+ s0 =
+ Td0[(t0 >> 24) ] ^
+ Td1[(t3 >> 16) & 0xff] ^
+ Td2[(t2 >> 8) & 0xff] ^
+ Td3[(t1 ) & 0xff] ^
+ rk[0];
+ s1 =
+ Td0[(t1 >> 24) ] ^
+ Td1[(t0 >> 16) & 0xff] ^
+ Td2[(t3 >> 8) & 0xff] ^
+ Td3[(t2 ) & 0xff] ^
+ rk[1];
+ s2 =
+ Td0[(t2 >> 24) ] ^
+ Td1[(t1 >> 16) & 0xff] ^
+ Td2[(t0 >> 8) & 0xff] ^
+ Td3[(t3 ) & 0xff] ^
+ rk[2];
+ s3 =
+ Td0[(t3 >> 24) ] ^
+ Td1[(t2 >> 16) & 0xff] ^
+ Td2[(t1 >> 8) & 0xff] ^
+ Td3[(t0 ) & 0xff] ^
+ rk[3];
}
#endif /* ?FULL_UNROLL */
/*
rijndael_set_key(rijndael_ctx *ctx, u_char *key, int bits, int encrypt)
{
ctx->Nr = rijndaelKeySetupEnc(ctx->ek, key, bits);
- if (encrypt) {
+ if (encrypt) {
ctx->decrypt = 0;
memset(ctx->dk, 0, sizeof(ctx->dk));
} else {
ctx->decrypt = 1;
memcpy(ctx->dk, ctx->ek, sizeof(ctx->ek));
- rijndaelKeySetupDec(ctx->dk, key, bits, ctx->Nr);
+ rijndaelKeySetupDec(ctx->dk, key, bits, ctx->Nr);
}
}
-/* $OpenBSD: rijndael.h,v 1.11 2001/09/13 09:48:39 markus Exp $ */
+/* $OpenBSD: rijndael.h,v 1.12 2001/12/19 07:18:56 deraadt Exp $ */
/**
* rijndael-alg-fst.h
#define MAXKB (256/8)
#define MAXNR 14
-typedef unsigned char u8;
-typedef unsigned short u16;
+typedef unsigned char u8;
+typedef unsigned short u16;
typedef unsigned int u32;
/* The structure for key information */
#include "includes.h"
#ifdef SMARTCARD
-RCSID("$OpenBSD: scard.c,v 1.15 2001/09/28 09:49:31 djm Exp $");
+RCSID("$OpenBSD: scard.c,v 1.16 2001/12/19 07:18:56 deraadt Exp $");
#include <openssl/engine.h>
#include <sectok.h>
/* interface to libsectok */
-static int
+static int
sc_open(void)
{
int sw;
return sc_fd;
}
-static int
+static int
sc_enable_applet(void)
{
static u_char aid[] = {0xfc, 0x53, 0x73, 0x68, 0x2e, 0x62, 0x69, 0x6e};
return 0;
}
-static int
+static int
sc_init(void)
{
int status;
return 0;
}
-static int
+static int
sc_read_pubkey(Key * k)
{
u_char buf[2], *n;
/* get key size */
sectok_apdu(sc_fd, CLA_SSH, INS_GET_KEYLENGTH, 0, 0, 0, NULL,
- sizeof(buf), buf, &sw);
+ sizeof(buf), buf, &sw);
if (!sectok_swOK(sw)) {
error("could not obtain key length: %s", sectok_get_sw(sw));
goto err;
goto err;
}
sectok_apdu(sc_fd, CLA_SSH, INS_GET_RESPONSE, 0, 0, 0, NULL,
- len, padded, &sw);
+ len, padded, &sw);
if (!sectok_swOK(sw)) {
error("sc_private_decrypt: INS_GET_RESPONSE failed: %s",
sectok_get_sw(sw));
goto err;
}
sectok_apdu(sc_fd, CLA_SSH, INS_GET_RESPONSE, 0, 0, 0, NULL,
- len, to, &sw);
+ len, to, &sw);
if (!sectok_swOK(sw)) {
error("sc_private_decrypt: INS_GET_RESPONSE failed: %s",
sectok_get_sw(sw));
*/
#include "includes.h"
-RCSID("$OpenBSD: servconf.c,v 1.94 2001/12/06 13:30:05 markus Exp $");
+RCSID("$OpenBSD: servconf.c,v 1.95 2001/12/19 07:18:56 deraadt Exp $");
#if defined(KRB4) || defined(KRB5)
#include <krb.h>
if (options->kerberos_tgt_passing == -1)
options->kerberos_tgt_passing = 0;
#endif
-#ifdef AFS
+#ifdef AFS
if (options->afs_token_passing == -1)
options->afs_token_passing = k_hasafs();
#endif
if (options->reverse_mapping_check == -1)
options->reverse_mapping_check = 0;
if (options->client_alive_interval == -1)
- options->client_alive_interval = 0;
+ options->client_alive_interval = 0;
if (options->client_alive_count_max == -1)
options->client_alive_count_max = 3;
if (options->authorized_keys_file2 == NULL) {
sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups,
sBanner, sReverseMappingCheck, sHostbasedAuthentication,
- sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
+ sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
sDeprecated
} ServerOpCodes;
value = proto_spec(arg);
if (value == SSH_PROTO_UNKNOWN)
fatal("%s line %d: Bad protocol spec '%s'.",
- filename, linenum, arg ? arg : "<NONE>");
+ filename, linenum, arg ? arg : "<NONE>");
if (*intptr == SSH_PROTO_UNKNOWN)
*intptr = value;
break;
case sSubsystem:
if (options->num_subsystems >= MAX_SUBSYSTEMS) {
fatal("%s line %d: too many subsystems defined.",
- filename, linenum);
+ filename, linenum);
}
arg = strdelim(&cp);
if (!arg || *arg == '\0')
fatal("%s line %d: Missing subsystem name.",
- filename, linenum);
+ filename, linenum);
for (i = 0; i < options->num_subsystems; i++)
if (strcmp(arg, options->subsystem_name[i]) == 0)
fatal("%s line %d: Subsystem '%s' already defined.",
- filename, linenum, arg);
+ filename, linenum, arg);
options->subsystem_name[options->num_subsystems] = xstrdup(arg);
arg = strdelim(&cp);
if (!arg || *arg == '\0')
fatal("%s line %d: Missing subsystem command.",
- filename, linenum);
+ filename, linenum);
options->subsystem_command[options->num_subsystems] = xstrdup(arg);
options->num_subsystems++;
break;
arg = strdelim(&cp);
if (!arg || *arg == '\0')
fatal("%s line %d: Missing MaxStartups spec.",
- filename, linenum);
+ filename, linenum);
if ((n = sscanf(arg, "%d:%d:%d",
&options->max_startups_begin,
&options->max_startups_rate,
* called by a name other than "ssh" or "Secure Shell".
*/
-/* RCSID("$OpenBSD: servconf.h,v 1.50 2001/12/06 13:30:05 markus Exp $"); */
+/* RCSID("$OpenBSD: servconf.h,v 1.51 2001/12/19 07:18:56 deraadt Exp $"); */
#ifndef SERVCONF_H
#define SERVCONF_H
char *banner; /* SSH-2 banner message */
int reverse_mapping_check; /* cross-check ip and dns */
int client_alive_interval; /*
- * poke the client this often to
- * see if it's still there
+ * poke the client this often to
+ * see if it's still there
*/
int client_alive_count_max; /*
* If the client is unresponsive
* for this many intervals above,
- * disconnect the session
+ * disconnect the session
*/
char *authorized_keys_file; /* File containing public keys */
*/
#include "includes.h"
-RCSID("$OpenBSD: serverloop.c,v 1.85 2001/12/05 03:50:01 itojun Exp $");
+RCSID("$OpenBSD: serverloop.c,v 1.86 2001/12/19 07:18:56 deraadt Exp $");
#include "xmalloc.h"
#include "packet.h"
int client_alive_scheduled = 0;
/*
- * if using client_alive, set the max timeout accordingly,
+ * if using client_alive, set the max timeout accordingly,
* and indicate that this particular timeout was for client
* alive by setting the client_alive_scheduled flag.
*
* this could be randomized somewhat to make traffic
- * analysis more difficult, but we're not doing it yet.
+ * analysis more difficult, but we're not doing it yet.
*/
if (compat20 &&
max_time_milliseconds == 0 && options.client_alive_interval) {
drain_output();
debug("End of interactive session; stdin %ld, stdout (read %ld, sent %ld), stderr %ld bytes.",
- stdin_bytes, fdout_bytes, stdout_bytes, stderr_bytes);
+ stdin_bytes, fdout_bytes, stdout_bytes, stderr_bytes);
/* Free and clear the buffers. */
buffer_free(&stdin_buffer);
server_input_channel_failure(int type, int plen, void *ctxt)
{
debug("Got CHANNEL_FAILURE for keepalive");
- /*
+ /*
* reset timeout, since we got a sane answer from the client.
* even if this was generated by something other than
* the bogus CHANNEL_REQUEST we send for keepalives.
*/
- client_alive_timeouts = 0;
+ client_alive_timeouts = 0;
}
*/
#include "includes.h"
-RCSID("$OpenBSD: session.c,v 1.111 2001/12/06 18:09:23 stevesk Exp $");
+RCSID("$OpenBSD: session.c,v 1.112 2001/12/19 07:18:56 deraadt Exp $");
#include "ssh.h"
#include "ssh1.h"
compression_level = packet_get_int();
if (compression_level < 1 || compression_level > 9) {
packet_send_debug("Received illegal compression level %d.",
- compression_level);
+ compression_level);
break;
}
/* Enable compression after we have responded with SUCCESS. */
if (packet_set_maxsize(packet_get_int()) > 0)
success = 1;
break;
-
+
#if defined(AFS) || defined(KRB5)
case SSH_CMSG_HAVE_KERBEROS_TGT:
if (!options.kerberos_tgt_passing) {
} else {
char *kdata = packet_get_string(&dlen);
packet_integrity_check(plen, 4 + dlen, type);
-
+
/* XXX - 0x41, see creds_to_radix version */
if (kdata[0] != 0x41) {
#ifdef KRB5
krb5_data tgt;
tgt.data = kdata;
tgt.length = dlen;
-
+
if (auth_krb5_tgt(s->authctxt, &tgt))
success = 1;
else
}
break;
#endif /* AFS || KRB5 */
-
+
#ifdef AFS
case SSH_CMSG_HAVE_AFS_TOKEN:
if (!options.afs_token_passing || !k_hasafs()) {
/* Accept AFS token. */
char *token = packet_get_string(&dlen);
packet_integrity_check(plen, 4 + dlen, type);
-
+
if (auth_afs_token(s->authctxt, token))
success = 1;
else
if (packet_connection_is_on_socket()) {
fromlen = sizeof(from);
if (getpeername(packet_get_connection_in(),
- (struct sockaddr *) & from, &fromlen) < 0) {
+ (struct sockaddr *) & from, &fromlen) < 0) {
debug("getpeername: %.100s", strerror(errno));
fatal_cleanup();
}
*/
static void
child_set_env(char ***envp, u_int *envsizep, const char *name,
- const char *value)
+ const char *value)
{
u_int i, namelen;
char **env;
*/
static void
read_environment_file(char ***env, u_int *envsize,
- const char *filename)
+ const char *filename)
{
FILE *f;
char buf[4096];
if (auth_get_socket_name() != NULL)
child_set_env(&env, &envsize, SSH_AUTHSOCKET_ENV_NAME,
- auth_get_socket_name());
+ auth_get_socket_name());
/* read $HOME/.ssh/environment. */
if (!options.use_login) {
/* Try to get AFS tokens for the local cell. */
if (k_hasafs()) {
char cell[64];
-
+
if (k_afs_cell_of_file(pw->pw_dir, cell, sizeof(cell)) == 0)
krb_afslog(cell, 0);
-
+
krb_afslog(0, 0);
}
#endif /* AFS */
execl(LOGIN_PROGRAM, "login", "-h", hostname,
#ifdef LOGIN_NEEDS_TERM
- s->term? s->term : "unknown",
+ s->term? s->term : "unknown",
#endif
- "-p", "-f", "--", pw->pw_name, (char *)NULL);
+ "-p", "-f", "--", pw->pw_name, (char *)NULL);
/* Login couldn't be executed, die. */
static int did_init = 0;
if (!did_init) {
debug("session_new: init");
- for(i = 0; i < MAX_SESSIONS; i++) {
+ for (i = 0; i < MAX_SESSIONS; i++) {
sessions[i].used = 0;
}
did_init = 1;
}
- for(i = 0; i < MAX_SESSIONS; i++) {
+ for (i = 0; i < MAX_SESSIONS; i++) {
Session *s = &sessions[i];
if (! s->used) {
memset(s, 0, sizeof(*s));
session_dump(void)
{
int i;
- for(i = 0; i < MAX_SESSIONS; i++) {
+ for (i = 0; i < MAX_SESSIONS; i++) {
Session *s = &sessions[i];
debug("dump: used %d session %d %p channel %d pid %d",
s->used,
session_by_channel(int id)
{
int i;
- for(i = 0; i < MAX_SESSIONS; i++) {
+ for (i = 0; i < MAX_SESSIONS; i++) {
Session *s = &sessions[i];
if (s->used && s->chanid == id) {
debug("session_by_channel: session %d channel %d", i, id);
{
int i;
debug("session_by_pid: pid %d", pid);
- for(i = 0; i < MAX_SESSIONS; i++) {
+ for (i = 0; i < MAX_SESSIONS; i++) {
Session *s = &sessions[i];
if (s->used && s->pid == pid)
return s;
session_destroy_all(void)
{
int i;
- for(i = 0; i < MAX_SESSIONS; i++) {
+ for (i = 0; i < MAX_SESSIONS; i++) {
Session *s = &sessions[i];
- if (s->used)
+ if (s->used)
session_close(s);
}
}
static char buf[1024];
int i;
buf[0] = '\0';
- for(i = 0; i < MAX_SESSIONS; i++) {
+ for (i = 0; i < MAX_SESSIONS; i++) {
Session *s = &sessions[i];
if (s->used && s->ttyfd != -1) {
if (buf[0] != '\0')
/* XXX: copy between two remote sites */
#include "includes.h"
-RCSID("$OpenBSD: sftp-client.c,v 1.18 2001/07/14 15:10:16 stevesk Exp $");
+RCSID("$OpenBSD: sftp-client.c,v 1.19 2001/12/19 07:18:56 deraadt Exp $");
#include "buffer.h"
#include "bufaux.h"
*dir = xmalloc(sizeof(**dir));
(*dir)[0] = NULL;
}
-
- for(;;) {
+ for (;;) {
int count;
id = expected_id = msg_id++;
if (count == 0)
break;
debug3("Received %d SSH2_FXP_NAME responses", count);
- for(i = 0; i < count; i++) {
+ for (i = 0; i < count; i++) {
char *filename, *longname;
Attrib *a;
void free_sftp_dirents(SFTP_DIRENT **s)
{
int i;
-
- for(i = 0; s[i]; i++) {
+
+ for (i = 0; s[i]; i++) {
xfree(s[i]->filename);
xfree(s[i]->longname);
xfree(s[i]);
/* Read from remote and write to local */
offset = 0;
- for(;;) {
+ for (;;) {
u_int len;
char *data;
else {
error("Couldn't read from remote "
"file \"%s\" : %s", remote_path,
- fx2txt(status));
+ fx2txt(status));
do_close(fd_in, fd_out, handle, handle_len);
goto done;
}
/* Read from local and write to remote */
offset = 0;
- for(;;) {
+ for (;;) {
int len;
char data[COPY_SIZE];
*/
#include "includes.h"
-RCSID("$OpenBSD: sftp-glob.c,v 1.8 2001/07/14 15:10:17 stevesk Exp $");
+RCSID("$OpenBSD: sftp-glob.c,v 1.9 2001/12/19 07:18:56 deraadt Exp $");
#include "buffer.h"
#include "bufaux.h"
fudge_opendir(const char *path)
{
struct SFTP_OPENDIR *r;
-
+
r = xmalloc(sizeof(*r));
-
+
if (do_readdir(cur.fd_in, cur.fd_out, (char*)path, &r->dir))
return(NULL);
attrib_to_stat(Attrib *a, struct stat *st)
{
memset(st, 0, sizeof(*st));
-
+
if (a->flags & SSH2_FILEXFER_ATTR_SIZE)
st->st_size = a->size;
if (a->flags & SSH2_FILEXFER_ATTR_UIDGID) {
fudge_lstat(const char *path, struct stat *st)
{
Attrib *a;
-
+
if (!(a = do_lstat(cur.fd_in, cur.fd_out, (char*)path, 0)))
return(-1);
-
+
attrib_to_stat(a, st);
-
+
return(0);
}
fudge_stat(const char *path, struct stat *st)
{
Attrib *a;
-
+
if (!(a = do_stat(cur.fd_in, cur.fd_out, (char*)path, 0)))
return(-1);
-
+
attrib_to_stat(a, st);
-
+
return(0);
}
pglob->gl_closedir = (void (*)(void *))fudge_closedir;
pglob->gl_lstat = fudge_lstat;
pglob->gl_stat = fudge_stat;
-
+
memset(&cur, 0, sizeof(cur));
cur.fd_in = fd_in;
cur.fd_out = fd_out;
/* XXX: recursive operations */
#include "includes.h"
-RCSID("$OpenBSD: sftp-int.c,v 1.40 2001/08/14 09:23:02 markus Exp $");
+RCSID("$OpenBSD: sftp-int.c,v 1.41 2001/12/19 07:18:56 deraadt Exp $");
#include "buffer.h"
#include "xmalloc.h"
ret = xmalloc(len);
strlcpy(ret, p1, len);
- if (strcmp(p1, "/") != 0)
+ if (strcmp(p1, "/") != 0)
strlcat(ret, "/", len);
strlcat(ret, p2, len);
goto out;
}
- for(i = 0; g.gl_pathv[i]; i++) {
+ for (i = 0; g.gl_pathv[i]; i++) {
if (infer_path(g.gl_pathv[i], &tmp)) {
err = -1;
goto out;
goto out;
}
- for(i = 0; g.gl_pathv[i]; i++) {
+ for (i = 0; g.gl_pathv[i]; i++) {
if (infer_path(g.gl_pathv[i], &tmp)) {
err = -1;
goto out;
return(-1);
/* Figure out which command we have */
- for(i = 0; cmds[i].c; i++) {
+ for (i = 0; cmds[i].c; i++) {
int cmdlen = strlen(cmds[i].c);
/* Check for command followed by whitespace */
case I_RM:
path1 = make_absolute(path1, *pwd);
remote_glob(in, out, path1, GLOB_NOCHECK, NULL, &g);
- for(i = 0; g.gl_pathv[i]; i++) {
+ for (i = 0; g.gl_pathv[i]; i++) {
printf("Removing %s\n", g.gl_pathv[i]);
if (do_rm(in, out, g.gl_pathv[i]) == -1)
err = -1;
a.flags |= SSH2_FILEXFER_ATTR_PERMISSIONS;
a.perm = n_arg;
remote_glob(in, out, path1, GLOB_NOCHECK, NULL, &g);
- for(i = 0; g.gl_pathv[i]; i++) {
+ for (i = 0; g.gl_pathv[i]; i++) {
printf("Changing mode on %s\n", g.gl_pathv[i]);
do_setstat(in, out, g.gl_pathv[i], &a);
}
case I_CHOWN:
path1 = make_absolute(path1, *pwd);
remote_glob(in, out, path1, GLOB_NOCHECK, NULL, &g);
- for(i = 0; g.gl_pathv[i]; i++) {
+ for (i = 0; g.gl_pathv[i]; i++) {
if (!(aa = do_stat(in, out, g.gl_pathv[i], 0)))
continue;
if (!(aa->flags & SSH2_FILEXFER_ATTR_UIDGID)) {
case I_CHGRP:
path1 = make_absolute(path1, *pwd);
remote_glob(in, out, path1, GLOB_NOCHECK, NULL, &g);
- for(i = 0; g.gl_pathv[i]; i++) {
+ for (i = 0; g.gl_pathv[i]; i++) {
if (!(aa = do_stat(in, out, g.gl_pathv[i], 0)))
continue;
if (!(aa->flags & SSH2_FILEXFER_ATTR_UIDGID)) {
setlinebuf(infile);
#endif
- for(;;) {
+ for (;;) {
char *cp;
printf("sftp> ");
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
-RCSID("$OpenBSD: sftp-server.c,v 1.30 2001/07/31 12:42:50 jakob Exp $");
+RCSID("$OpenBSD: sftp-server.c,v 1.31 2001/12/19 07:18:56 deraadt Exp $");
#include "buffer.h"
#include "bufaux.h"
{
int i;
- for(i = 0; i < sizeof(handles)/sizeof(Handle); i++)
+ for (i = 0; i < sizeof(handles)/sizeof(Handle); i++)
handles[i].use = HANDLE_UNUSED;
}
{
int i;
- for(i = 0; i < sizeof(handles)/sizeof(Handle); i++) {
+ for (i = 0; i < sizeof(handles)/sizeof(Handle); i++) {
if (handles[i].use == HANDLE_UNUSED) {
handles[i].use = use;
handles[i].dirp = dirp;
}
if (count > 0) {
send_names(id, count, stats);
- for(i = 0; i < count; i++) {
+ for (i = 0; i < count; i++) {
xfree(stats[i].name);
xfree(stats[i].long_name);
}
send_status(id, errno_to_portable(errno));
else {
Stat s;
-
+
link[len] = '\0';
attrib_clear(&s.attrib);
s.name = s.long_name = link;
#include "includes.h"
-RCSID("$OpenBSD: sftp.c,v 1.21 2001/09/19 19:24:19 stevesk Exp $");
+RCSID("$OpenBSD: sftp.c,v 1.22 2001/12/19 07:18:56 deraadt Exp $");
/* XXX: commandline mode */
/* XXX: short-form remote directory listings (like 'ls -C') */
__progname = get_progname(argv[0]);
args.list = NULL;
- addargs(&args, "ssh"); /* overwritten with ssh_program */
+ addargs(&args, "ssh"); /* overwritten with ssh_program */
addargs(&args, "-oFallBackToRsh no");
addargs(&args, "-oForwardX11 no");
addargs(&args, "-oForwardAgent no");
addargs(&args, "-oProtocol %d", sshver);
/* no subsystem if the server-spec contains a '/' */
- if (sftp_server == NULL || strchr(sftp_server, '/') == NULL)
+ if (sftp_server == NULL || strchr(sftp_server, '/') == NULL)
addargs(&args, "-s");
addargs(&args, "%s", host);
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh-add.c,v 1.46 2001/10/02 08:38:50 djm Exp $");
+RCSID("$OpenBSD: ssh-add.c,v 1.47 2001/12/19 07:18:56 deraadt Exp $");
#include <openssl/evp.h>
key_free(public);
xfree(comment);
-
+
return ret;
}
xfree(comment);
key_free(private);
-
+
return ret;
}
{
if (ssh_update_card(ac, add, id)) {
fprintf(stderr, "Card %s: %s\n",
- add ? "added" : "removed", id);
+ add ? "added" : "removed", id);
return 0;
} else {
fprintf(stderr, "Could not %s card: %s\n",
- add ? "add" : "remove", id);
+ add ? "add" : "remove", id);
return -1;
}
}
for (version = 1; version <= 2; version++) {
for (key = ssh_get_first_identity(ac, &comment, version);
- key != NULL;
- key = ssh_get_next_identity(ac, &comment, version)) {
+ key != NULL;
+ key = ssh_get_next_identity(ac, &comment, version)) {
had_identities = 1;
if (do_fp) {
fp = key_fingerprint(key, SSH_FP_MD5,
fprintf(stderr, "Could not open a connection to your authentication agent.\n");
exit(1);
}
- while ((ch = getopt(argc, argv, "lLdDe:s:")) != -1) {
+ while ((ch = getopt(argc, argv, "lLdDe:s:")) != -1) {
switch (ch) {
case 'l':
case 'L':
sc_reader_id = optarg;
break;
case 'e':
- deleting = 1;
+ deleting = 1;
sc_reader_id = optarg;
break;
default:
-/* $OpenBSD: ssh-agent.c,v 1.74 2001/12/05 10:06:12 deraadt Exp $ */
+/* $OpenBSD: ssh-agent.c,v 1.75 2001/12/19 07:18:56 deraadt Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh-agent.c,v 1.74 2001/12/05 10:06:12 deraadt Exp $");
+RCSID("$OpenBSD: ssh-agent.c,v 1.75 2001/12/19 07:18:56 deraadt Exp $");
#include <openssl/evp.h>
#include <openssl/md5.h>
Key *n = NULL, *k = NULL;
char *sc_reader_id = NULL;
int success = 0;
-
+
sc_reader_id = buffer_get_string(&e->input, NULL);
k = sc_get_key(sc_reader_id);
xfree(sc_reader_id);
#ifdef SMARTCARD
case SSH_AGENTC_ADD_SMARTCARD_KEY:
process_add_smartcard_key(e);
- break;
+ break;
case SSH_AGENTC_REMOVE_SMARTCARD_KEY:
process_remove_smartcard_key(e);
- break;
+ break;
#endif /* SMARTCARD */
default:
/* Unknown message. Respond with failure. */
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh-keygen.c,v 1.85 2001/12/05 10:06:12 deraadt Exp $");
+RCSID("$OpenBSD: ssh-keygen.c,v 1.86 2001/12/19 07:18:56 deraadt Exp $");
#include <openssl/evp.h>
#include <openssl/pem.h>
read_passphrase("Enter new passphrase (empty for no "
"passphrase): ", RP_ALLOW_STDIN);
passphrase2 = read_passphrase("Enter same passphrase again: ",
- RP_ALLOW_STDIN);
+ RP_ALLOW_STDIN);
/* Verify that they are the same. */
if (strcmp(passphrase1, passphrase2) != 0) {
fprintf(stderr, "Comments are only supported for RSA1 keys.\n");
key_free(private);
exit(1);
- }
+ }
printf("Key now has comment '%s'\n", comment);
if (identity_comment) {
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh.c,v 1.150 2001/11/30 20:39:28 stevesk Exp $");
+RCSID("$OpenBSD: ssh.c,v 1.151 2001/12/19 07:18:56 deraadt Exp $");
#include <openssl/evp.h>
#include <openssl/err.h>
fwd_host_port);
else if (opt == 'R')
add_remote_forward(&options, fwd_port, buf,
- fwd_host_port);
+ fwd_host_port);
break;
case 'D':
channel_send_open(c->self);
if (!no_shell_flag)
channel_register_callback(c->self,
- SSH2_MSG_CHANNEL_OPEN_CONFIRMATION,
- ssh_session2_setup, (void *)0);
+ SSH2_MSG_CHANNEL_OPEN_CONFIRMATION,
+ ssh_session2_setup, (void *)0);
return c->self;
}
*/
#include "includes.h"
-RCSID("$OpenBSD: sshconnect.c,v 1.117 2001/12/06 18:02:32 stevesk Exp $");
+RCSID("$OpenBSD: sshconnect.c,v 1.118 2001/12/19 07:18:56 deraadt Exp $");
#include <openssl/bn.h>
/* Create pipes for communicating with the proxy. */
if (pipe(pin) < 0 || pipe(pout) < 0)
fatal("Could not create pipes to communicate with the proxy: %.100s",
- strerror(errno));
+ strerror(errno));
debug("Executing proxy command: %.500s", command_string);
int full_failure = 1;
debug("ssh_connect: getuid %u geteuid %u anon %d",
- (u_int) getuid(), (u_int) geteuid(), anonymous);
+ (u_int) getuid(), (u_int) geteuid(), anonymous);
/* Get default port if port has not been set. */
if (port == 0) {
&remote_major, &remote_minor, remote_version) != 3)
fatal("Bad remote protocol version identification: '%.100s'", buf);
debug("Remote protocol version %d.%d, remote software version %.100s",
- remote_major, remote_minor, remote_version);
+ remote_major, remote_minor, remote_version);
compat_datafellows(remote_version);
mismatch = 0;
*/
host_file = user_hostfile;
host_status = check_host_in_hostfile(host_file, host, host_key,
- file_key, &host_line);
+ file_key, &host_line);
if (host_status == HOST_NEW) {
host_file = system_hostfile;
host_status = check_host_in_hostfile(host_file, host, host_key,
"'%.128s' not in list of known hosts.",
type, ip);
else if (!add_host_to_hostfile(user_hostfile, ip,
- host_key))
+ host_key))
log("Failed to add the %s host key for IP "
"address '%.128s' to the list of known "
"hosts (%.30s).", type, ip, user_hostfile);
error("Port forwarding is disabled to avoid "
"man-in-the-middle attacks.");
options.num_local_forwards =
- options.num_remote_forwards = 0;
+ options.num_remote_forwards = 0;
}
/*
* XXX Should permit the user to change to use the new id.
error("Exiting, you have requested strict checking.");
goto fail;
} else if (options.strict_host_key_checking == 2) {
- if (!confirm("Are you sure you want "
+ if (!confirm("Are you sure you want "
"to continue connecting (yes/no)? ")) {
goto fail;
}
*/
#include "includes.h"
-RCSID("$OpenBSD: sshconnect1.c,v 1.41 2001/10/06 11:18:19 markus Exp $");
+RCSID("$OpenBSD: sshconnect1.c,v 1.42 2001/12/19 07:18:56 deraadt Exp $");
#include <openssl/bn.h>
#include <openssl/evp.h>
/* Loop through identities served by the agent. */
for (key = ssh_get_first_identity(auth, &comment, 1);
- key != NULL;
- key = ssh_get_next_identity(auth, &comment, 1)) {
+ key != NULL;
+ key = ssh_get_next_identity(auth, &comment, 1)) {
/* Try this identity. */
debug("Trying RSA authentication via agent with '%.100s'", comment);
/* Don't do anything if we don't have any tickets. */
if (stat(tkt_string(), &st) < 0)
return 0;
-
+
strlcpy(inst, (char *)krb_get_phost(get_canonical_hostname(1)),
INST_SZ);
-
+
realm = (char *)krb_realmofhost(get_canonical_hostname(1));
if (!realm) {
debug("Kerberos v4: no realm for %s", get_canonical_hostname(1));
}
/* This can really be anything. */
checksum = (u_long)getpid();
-
+
r = krb_mk_req(&auth, KRB4_SERVICE_NAME, inst, realm, checksum);
if (r != KSUCCESS) {
debug("Kerberos v4 krb_mk_req failed: %s", krb_err_txt[r]);
return 0;
}
des_key_sched((des_cblock *) cred.session, schedule);
-
+
/* Send authentication info to server. */
packet_start(SSH_CMSG_AUTH_KERBEROS);
packet_put_string((char *) auth.dat, auth.length);
packet_send();
packet_write_wait();
-
+
/* Zero the buffer. */
(void) memset(auth.dat, 0, MAX_KTXT_LEN);
-
+
slen = sizeof(local);
memset(&local, 0, sizeof(local));
if (getsockname(packet_get_connection_in(),
(struct sockaddr *)&local, &slen) < 0)
debug("getsockname failed: %s", strerror(errno));
-
+
slen = sizeof(foreign);
memset(&foreign, 0, sizeof(foreign));
if (getpeername(packet_get_connection_in(),
debug("Kerberos v4 authentication failed.");
return 0;
break;
-
+
case SSH_SMSG_AUTH_KERBEROS_RESPONSE:
/* SSH_SMSG_AUTH_KERBEROS_SUCCESS */
debug("Kerberos v4 authentication accepted.");
-
+
/* Get server's response. */
reply = packet_get_string((u_int *) &auth.length);
memcpy(auth.dat, reply, auth.length);
xfree(reply);
-
+
packet_integrity_check(plen, 4 + auth.length, type);
-
+
/*
* If his response isn't properly encrypted with the session
* key, and the decrypted checksum fails to match, he's
memcpy((char *)&cksum, (char *)msg_data.app_data,
sizeof(cksum));
cksum = ntohl(cksum);
-
+
/* If it matches, we're golden. */
if (cksum == checksum + 1) {
debug("Kerberos v4 challenge successful.");
} else
packet_disconnect("Kerberos v4 challenge failed!");
break;
-
+
default:
packet_disconnect("Protocol error on Kerberos v4 response: %d", type);
}
int type, payload_len;
krb5_ap_rep_enc_part *reply = NULL;
int ret;
-
+
memset(&ap, 0, sizeof(ap));
-
+
problem = krb5_init_context(context);
if (problem) {
debug("Kerberos v5: krb5_init_context failed");
ret = 0;
goto out;
}
-
+
tkfile = krb5_cc_default_name(*context);
if (strncmp(tkfile, "FILE:", 5) == 0)
tkfile += 5;
-
+
if (stat(tkfile, &buf) == 0 && getuid() != buf.st_uid) {
debug("Kerberos v5: could not get default ccache (permission denied).");
ret = 0;
goto out;
}
-
+
problem = krb5_cc_default(*context, &ccache);
if (problem) {
debug("Kerberos v5: krb5_cc_default failed: %s",
ret = 0;
goto out;
}
-
+
remotehost = get_canonical_hostname(1);
-
+
problem = krb5_mk_req(*context, auth_context, AP_OPTS_MUTUAL_REQUIRED,
"host", remotehost, NULL, ccache, &ap);
if (problem) {
ret = 0;
goto out;
}
-
+
packet_start(SSH_CMSG_AUTH_KERBEROS);
packet_put_string((char *) ap.data, ap.length);
packet_send();
packet_write_wait();
-
+
xfree(ap.data);
ap.length = 0;
-
+
type = packet_read(&payload_len);
switch (type) {
- case SSH_SMSG_FAILURE:
- /* Should really be SSH_SMSG_AUTH_KERBEROS_FAILURE */
- debug("Kerberos v5 authentication failed.");
- ret = 0;
- break;
-
+ case SSH_SMSG_FAILURE:
+ /* Should really be SSH_SMSG_AUTH_KERBEROS_FAILURE */
+ debug("Kerberos v5 authentication failed.");
+ ret = 0;
+ break;
+
case SSH_SMSG_AUTH_KERBEROS_RESPONSE:
- /* SSH_SMSG_AUTH_KERBEROS_SUCCESS */
- debug("Kerberos v5 authentication accepted.");
-
- /* Get server's response. */
- ap.data = packet_get_string((unsigned int *) &ap.length);
-
- packet_integrity_check(payload_len, 4 + ap.length, type);
- /* XXX je to dobre? */
-
- problem = krb5_rd_rep(*context, *auth_context, &ap, &reply);
- if (problem) {
+ /* SSH_SMSG_AUTH_KERBEROS_SUCCESS */
+ debug("Kerberos v5 authentication accepted.");
+
+ /* Get server's response. */
+ ap.data = packet_get_string((unsigned int *) &ap.length);
+
+ packet_integrity_check(payload_len, 4 + ap.length, type);
+ /* XXX je to dobre? */
+
+ problem = krb5_rd_rep(*context, *auth_context, &ap, &reply);
+ if (problem) {
ret = 0;
}
ret = 1;
break;
-
+
default:
packet_disconnect("Protocol error on Kerberos v5 response: %d",
type);
ret = 0;
break;
-
+
}
-
+
out:
if (ccache != NULL)
krb5_cc_close(*context, ccache);
krb5_free_ap_rep_enc_part(*context, reply);
if (ap.length > 0)
krb5_data_free(&ap);
-
+
return (ret);
}
krb5_creds creds;
krb5_kdc_flags flags;
const char *remotehost;
-
+
memset(&creds, 0, sizeof(creds));
memset(&outbuf, 0, sizeof(outbuf));
-
+
fd = packet_get_connection_in();
-
+
problem = krb5_auth_con_setaddrs_from_fd(context, auth_context, &fd);
if (problem)
goto out;
-
+
problem = krb5_cc_default(context, &ccache);
if (problem)
goto out;
-
+
problem = krb5_cc_get_principal(context, ccache, &creds.client);
if (problem)
goto out;
-
+
problem = krb5_build_principal(context, &creds.server,
strlen(creds.client->realm), creds.client->realm,
"krbtgt", creds.client->realm, NULL);
if (problem)
goto out;
-
+
creds.times.endtime = 0;
-
+
flags.i = 0;
flags.b.forwarded = 1;
flags.b.forwardable = krb5_config_get_bool(context, NULL,
"libdefaults", "forwardable", NULL);
-
+
remotehost = get_canonical_hostname(1);
-
+
problem = krb5_get_forwarded_creds(context, auth_context,
ccache, flags.i, remotehost, &creds, &outbuf);
if (problem)
goto out;
-
+
packet_start(SSH_CMSG_HAVE_KERBEROS_TGT);
packet_put_string((char *)outbuf.data, outbuf.length);
packet_send();
packet_write_wait();
-
+
type = packet_read(&payload_len);
-
+
if (type == SSH_SMSG_SUCCESS) {
char *pname;
-
+
krb5_unparse_name(context, creds.client, &pname);
debug("Kerberos v5 TGT forwarded (%s).", pname);
xfree(pname);
} else
debug("Kerberos v5 TGT forwarding failed.");
-
+
return;
-
+
out:
if (problem)
debug("Kerberos v5 TGT forwarding failed: %s",
struct stat st;
char buffer[4096], pname[ANAME_SZ], pinst[INST_SZ], prealm[REALM_SZ];
int problem, type, len;
-
+
/* Don't do anything if we don't have any tickets. */
if (stat(tkt_string(), &st) < 0)
return;
-
+
creds = xmalloc(sizeof(*creds));
-
+
problem = krb_get_tf_fullname(TKT_FILE, pname, pinst, prealm);
if (problem)
goto out;
-
+
problem = krb_get_cred("krbtgt", prealm, prealm, creds);
if (problem)
goto out;
-
+
if (time(0) > krb_life_to_time(creds->issue_date, creds->lifetime)) {
problem = RD_AP_EXP;
goto out;
}
creds_to_radix(creds, (u_char *)buffer, sizeof(buffer));
-
+
packet_start(SSH_CMSG_HAVE_KERBEROS_TGT);
packet_put_cstring(buffer);
packet_send();
packet_write_wait();
-
+
type = packet_read(&len);
-
+
if (type == SSH_SMSG_SUCCESS)
debug("Kerberos v4 TGT forwarded (%s%s%s@%s).",
creds->pname, creds->pinst[0] ? "." : "",
creds->pinst, creds->realm);
else
debug("Kerberos v4 TGT rejected.");
-
+
xfree(creds);
return;
-
+
out:
debug("Kerberos v4 TGT passing failed: %s", krb_err_txt[problem]);
xfree(creds);
int i, type, len;
char buf[2048], *p, *server_cell;
char buffer[8192];
-
+
/* Move over ktc_GetToken, here's something leaner. */
for (i = 0; i < 100; i++) { /* just in case */
parms.in = (char *) &i;
if (k_pioctl(0, VIOCGETTOK, &parms, 0) != 0)
break;
p = buf;
-
+
/* Get secret token. */
memcpy(&creds.ticket_st.length, p, sizeof(u_int));
if (creds.ticket_st.length > MAX_KTXT_LEN)
p += sizeof(u_int);
memcpy(creds.ticket_st.dat, p, creds.ticket_st.length);
p += creds.ticket_st.length;
-
+
/* Get clear token. */
memcpy(&len, p, sizeof(len));
if (len != sizeof(struct ClearToken))
p += len;
p += sizeof(len); /* primary flag */
server_cell = p;
-
+
/* Flesh out our credentials. */
strlcpy(creds.service, "afs", sizeof(creds.service));
creds.instance[0] = '\0';
creds.kvno = ct.AuthHandle;
snprintf(creds.pname, sizeof(creds.pname), "AFS ID %d", ct.ViceId);
creds.pinst[0] = '\0';
-
+
/* Encode token, ship it off. */
if (creds_to_radix(&creds, (u_char *)buffer,
sizeof(buffer)) <= 0)
/* Roger, Roger. Clearance, Clarence. What's your vector,
Victor? */
type = packet_read(&len);
-
+
if (type == SSH_SMSG_FAILURE)
debug("AFS token for cell %s rejected.", server_cell);
else if (type != SSH_SMSG_SUCCESS)
challenge = packet_get_string(&clen);
packet_integrity_check(payload_len, (4 + clen), type);
snprintf(prompt, sizeof prompt, "%s%s", challenge,
- strchr(challenge, '\n') ? "" : "\nResponse: ");
+ strchr(challenge, '\n') ? "" : "\nResponse: ");
xfree(challenge);
if (i != 0)
error("Permission denied, please try again.");
supported_authentications = packet_get_int();
debug("Received server public key (%d bits) and host key (%d bits).",
- BN_num_bits(public_key->n), BN_num_bits(host_key->n));
+ BN_num_bits(public_key->n), BN_num_bits(host_key->n));
packet_integrity_check(payload_len,
- 8 + 4 + sum_len + 0 + 4 + 0 + 0 + 4 + 4 + 4,
- SSH_SMSG_PUBLIC_KEY);
+ 8 + 4 + sum_len + 0 + 4 + 0 + 0 + 4 + 4 + 4,
+ SSH_SMSG_PUBLIC_KEY);
k.type = KEY_RSA1;
k.rsa = host_key;
if (verify_host_key(host, hostaddr, &k) == -1)
if (BN_num_bits(host_key->n) <
BN_num_bits(public_key->n) + SSH_KEY_BITS_RESERVED) {
fatal("respond_to_rsa_challenge: host_key %d < public_key %d + "
- "SSH_KEY_BITS_RESERVED %d",
- BN_num_bits(host_key->n),
- BN_num_bits(public_key->n),
- SSH_KEY_BITS_RESERVED);
+ "SSH_KEY_BITS_RESERVED %d",
+ BN_num_bits(host_key->n),
+ BN_num_bits(public_key->n),
+ SSH_KEY_BITS_RESERVED);
}
rsa_public_encrypt(key, key, public_key);
rsa_public_encrypt(key, key, host_key);
if (BN_num_bits(public_key->n) <
BN_num_bits(host_key->n) + SSH_KEY_BITS_RESERVED) {
fatal("respond_to_rsa_challenge: public_key %d < host_key %d + "
- "SSH_KEY_BITS_RESERVED %d",
- BN_num_bits(public_key->n),
- BN_num_bits(host_key->n),
- SSH_KEY_BITS_RESERVED);
+ "SSH_KEY_BITS_RESERVED %d",
+ BN_num_bits(public_key->n),
+ BN_num_bits(host_key->n),
+ SSH_KEY_BITS_RESERVED);
}
rsa_public_encrypt(key, key, host_key);
rsa_public_encrypt(key, key, public_key);
/* Check that the selected cipher is supported. */
if (!(supported_ciphers & (1 << options.cipher)))
fatal("Selected cipher type %.100s not supported by server.",
- cipher_name(options.cipher));
+ cipher_name(options.cipher));
debug("Encryption type: %.100s", cipher_name(options.cipher));
#endif
int i, type;
int payload_len;
-
+
if (supported_authentications == 0)
fatal("ssh_userauth1: server supports no auth methods");
goto success;
if (type != SSH_SMSG_FAILURE)
packet_disconnect("Protocol error: got %d in response to SSH_CMSG_USER", type);
-
+
#ifdef KRB5
if ((supported_authentications & (1 << SSH_AUTH_KERBEROS)) &&
- options.kerberos_authentication) {
+ options.kerberos_authentication) {
debug("Trying Kerberos v5 authentication.");
-
+
if (try_krb5_authentication(&context, &auth_context)) {
type = packet_read(&payload_len);
if (type == SSH_SMSG_SUCCESS)
}
}
#endif /* KRB5 */
-
+
#ifdef KRB4
if ((supported_authentications & (1 << SSH_AUTH_KERBEROS)) &&
options.kerberos_authentication) {
debug("Trying Kerberos v4 authentication.");
-
+
if (try_krb4_authentication()) {
type = packet_read(&payload_len);
if (type == SSH_SMSG_SUCCESS)
}
}
#endif /* KRB4 */
-
+
/*
* Use rhosts authentication if running in privileged socket and we
* do not wish to remain anonymous.
if (context)
krb5_free_context(context);
#endif
-
+
#ifdef AFS
/* Try Kerberos v4 TGT passing if the server supports it. */
if ((supported_authentications & (1 << SSH_PASS_KERBEROS_TGT)) &&
*/
#include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.87 2001/12/05 10:06:13 deraadt Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.88 2001/12/19 07:18:56 deraadt Exp $");
#include <openssl/bn.h>
#include <openssl/md5.h>
myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
}
if (options.hostkeyalgorithms != NULL)
- myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] =
+ myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] =
options.hostkeyalgorithms;
/* start key exchange */
if (options.batch_mode)
return NULL;
snprintf(prompt, sizeof prompt,
- "Enter passphrase for key '%.100s': ", filename);
+ "Enter passphrase for key '%.100s': ", filename);
for (i = 0; i < options.number_of_password_prompts; i++) {
passphrase = read_passphrase(prompt, 0);
if (strcmp(passphrase, "") != 0) {
return -1;
/* private key is stored in external hardware */
- if (options.identity_keys[idx]->flags & KEY_FLAG_EXT)
+ if (options.identity_keys[idx]->flags & KEY_FLAG_EXT)
return key_sign(options.identity_keys[idx], sigp, lenp, data, datalen);
private = load_identity_file(options.identity_files[idx]);
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: sshd.8,v 1.156 2001/12/06 13:30:06 markus Exp $
+.\" $OpenBSD: sshd.8,v 1.157 2001/12/19 07:18:56 deraadt Exp $
.Dd September 25, 1999
.Dt SSHD 8
.Os
.It Fl t
Test mode.
Only check the validity of the configuration file and sanity of the keys.
-This is useful for updating
+This is useful for updating
.Nm
reliably as configuration options may change.
.It Fl u Ar len
*/
#include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.216 2001/12/10 16:45:04 stevesk Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.217 2001/12/19 07:18:56 deraadt Exp $");
#include <openssl/dh.h>
#include <openssl/bn.h>
fatal_cleanup();
}
debug("Client protocol version %d.%d; client software version %.100s",
- remote_major, remote_minor, remote_version);
+ remote_major, remote_minor, remote_version);
compat_datafellows(remote_version);
key_free(sensitive_data.server_key);
sensitive_data.server_key = NULL;
}
- for(i = 0; i < options.num_host_key_files; i++) {
+ for (i = 0; i < options.num_host_key_files; i++) {
if (sensitive_data.host_keys[i]) {
key_free(sensitive_data.host_keys[i]);
sensitive_data.host_keys[i] = NULL;
static char buf[1024];
int i;
buf[0] = '\0';
- for(i = 0; i < options.num_host_key_files; i++) {
+ for (i = 0; i < options.num_host_key_files; i++) {
Key *key = sensitive_data.host_keys[i];
if (key == NULL)
continue;
get_hostkey_by_type(int type)
{
int i;
- for(i = 0; i < options.num_host_key_files; i++) {
+ for (i = 0; i < options.num_host_key_files; i++) {
Key *key = sensitive_data.host_keys[i];
if (key != NULL && key->type == type)
return key;
utmp_len = atoi(optarg);
break;
case 'o':
- if (process_server_config_line(&options, optarg,
+ if (process_server_config_line(&options, optarg,
"command-line", 0) != 0)
- exit(1);
+ exit(1);
break;
case '?':
default:
/* load private host keys */
sensitive_data.host_keys = xmalloc(options.num_host_key_files*sizeof(Key*));
- for(i = 0; i < options.num_host_key_files; i++)
+ for (i = 0; i < options.num_host_key_files; i++)
sensitive_data.host_keys[i] = NULL;
sensitive_data.server_key = NULL;
sensitive_data.ssh1_host_key = NULL;
sensitive_data.have_ssh1_key = 0;
sensitive_data.have_ssh2_key = 0;
- for(i = 0; i < options.num_host_key_files; i++) {
+ for (i = 0; i < options.num_host_key_files; i++) {
key = key_load_private(options.host_key_files[i], "", NULL);
sensitive_data.host_keys[i] = key;
if (key == NULL) {
/* Chdir to the root directory so that the current disk can be
unmounted if desired. */
chdir("/");
-
+
/* ignore SIGPIPE */
signal(SIGPIPE, SIG_IGN);
-# $OpenBSD: sshd_config,v 1.42 2001/09/20 20:57:51 mouring Exp $
+# $OpenBSD: sshd_config,v 1.43 2001/12/19 07:18:56 deraadt Exp $
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
PasswordAuthentication yes
PermitEmptyPasswords no
-# Uncomment to disable s/key passwords
+# Uncomment to disable s/key passwords
#ChallengeResponseAuthentication no
# Uncomment to enable PAM keyboard-interactive authentication
*/
#include "includes.h"
-RCSID("$OpenBSD: sshlogin.c,v 1.2 2001/03/24 16:43:27 stevesk Exp $");
+RCSID("$OpenBSD: sshlogin.c,v 1.3 2001/12/19 07:18:56 deraadt Exp $");
#include "loginrec.h"
void
record_login(pid_t pid, const char *ttyname, const char *user, uid_t uid,
- const char *host, struct sockaddr * addr)
+ const char *host, struct sockaddr * addr)
{
struct logininfo *li;
*/
#include "includes.h"
-RCSID("$OpenBSD: sshpty.c,v 1.3 2001/07/22 21:32:27 markus Exp $");
+RCSID("$OpenBSD: sshpty.c,v 1.4 2001/12/19 07:18:56 deraadt Exp $");
#ifdef HAVE_UTIL_H
# include <util.h>
*ttyfd = open(name, O_RDWR | O_NOCTTY);
if (*ttyfd < 0) {
error("Could not open pty slave side %.100s: %.100s",
- name, strerror(errno));
+ name, strerror(errno));
close(*ptyfd);
return 0;
}
fd = open(_PATH_TTY, O_WRONLY);
if (fd < 0)
error("open /dev/tty failed - could not set controlling tty: %.100s",
- strerror(errno));
+ strerror(errno));
else {
close(fd);
}
void
pty_change_window_size(int ptyfd, int row, int col,
- int xpixel, int ypixel)
+ int xpixel, int ypixel)
{
struct winsize w;
w.ws_row = row;
if (st.st_uid != pw->pw_uid || st.st_gid != gid) {
if (chown(ttyname, pw->pw_uid, gid) < 0) {
- if (errno == EROFS &&
+ if (errno == EROFS &&
(st.st_uid == pw->pw_uid || st.st_uid == 0))
error("chown(%.100s, %d, %d) failed: %.100s",
- ttyname, pw->pw_uid, gid,
- strerror(errno));
+ ttyname, pw->pw_uid, gid,
+ strerror(errno));
else
fatal("chown(%.100s, %d, %d) failed: %.100s",
- ttyname, pw->pw_uid, gid,
- strerror(errno));
+ ttyname, pw->pw_uid, gid,
+ strerror(errno));
}
}
if (errno == EROFS &&
(st.st_mode & (S_IRGRP | S_IROTH)) == 0)
error("chmod(%.100s, 0%o) failed: %.100s",
- ttyname, mode, strerror(errno));
+ ttyname, mode, strerror(errno));
else
fatal("chmod(%.100s, 0%o) failed: %.100s",
- ttyname, mode, strerror(errno));
+ ttyname, mode, strerror(errno));
}
}
}
-/* $OpenBSD: sshtty.c,v 1.1 2001/04/14 16:33:20 stevesk Exp $ */
+/* $OpenBSD: sshtty.c,v 1.2 2001/12/19 07:18:56 deraadt Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
int
in_raw_mode(void)
{
- return _in_raw_mode;
+ return _in_raw_mode;
}
struct termios
*/
#include "includes.h"
-RCSID("$OpenBSD: ttymodes.c,v 1.14 2001/06/24 17:18:31 markus Exp $");
+RCSID("$OpenBSD: ttymodes.c,v 1.15 2001/12/19 07:18:56 deraadt Exp $");
#include "packet.h"
#include "log.h"
default:
debug("Ignoring unsupported tty mode opcode %d (0x%x)",
- opcode, opcode);
+ opcode, opcode);
if (!compat20) {
/*
* SSH1:
*/
#include "includes.h"
-RCSID("$OpenBSD: uidswap.c,v 1.18 2001/08/08 21:34:19 markus Exp $");
+RCSID("$OpenBSD: uidswap.c,v 1.19 2001/12/19 07:18:56 deraadt Exp $");
#include "log.h"
#include "uidswap.h"
privileged = 1;
temporarily_use_uid_effective = 1;
- saved_egroupslen = getgroups(NGROUPS_MAX, saved_egroups);
+ saved_egroupslen = getgroups(NGROUPS_MAX, saved_egroups);
if (saved_egroupslen < 0)
fatal("getgroups: %.100s", strerror(errno));
if (initgroups(pw->pw_name, pw->pw_gid) < 0)
fatal("initgroups: %s: %.100s", pw->pw_name,
strerror(errno));
- user_groupslen = getgroups(NGROUPS_MAX, user_groups);
+ user_groupslen = getgroups(NGROUPS_MAX, user_groups);
if (user_groupslen < 0)
fatal("getgroups: %.100s", strerror(errno));
}