20010105
- - (bal) Disable groupaccess by setting NGROUP_MAX to 0 for platforms
+ - (bal) Disable groupaccess by setting NGROUPS_MAX to 0 for platforms
that don't have NGROUPS_MAX.
- (bal) AIX patch for auth1.c by William L. Jones <jones@hpc.utexas.edu>
+ - (stevesk) OpenBSD sync:
+ - stevesk@cvs.openbsd.org 2001/02/04 08:32:27
+ [many files; did this manually to our top-level source dir]
+ unexpand and remove end-of-line whitespace; ok markus@
20010104
- (bal) I think this is the last of the bsd-*.h that don't belong.
/* Define if you are using Solaris-derived PAM which passes pam_messages */
/* to the conversation function with an extra level of indirection */
#undef PAM_SUN_CODEBASE
-
+
/* Set this to your mail directory if you don't have maillock.h */
#undef MAIL_DIRECTORY
get_challenge(Authctxt *authctxt, char *devs)
{
static char challenge[1024];
- struct skey skey;
+ struct skey skey;
if (skeychallenge(&skey, authctxt->user, challenge) == -1)
return NULL;
strlcat(challenge, "\nS/Key Password: ", sizeof challenge);
/* PAM will free this later */
reply = malloc(num_msg * sizeof(*reply));
if (reply == NULL)
- return PAM_CONV_ERR;
+ return PAM_CONV_ERR;
for (count = 0; count < num_msg; count++) {
switch(PAM_MSG_MEMBER(msg, count, msg_style)) {
}
reply[count].resp = xstrdup(pampasswd);
} else {
- reply[count].resp =
+ reply[count].resp =
xstrdup(read_passphrase(PAM_MSG_MEMBER(msg, count, msg), 1));
}
reply[count].resp_retcode = PAM_SUCCESS;
{
pam_retval = pam_close_session(pamh, 0);
if (pam_retval != PAM_SUCCESS) {
- log("Cannot close PAM session[%d]: %.200s",
+ log("Cannot close PAM session[%d]: %.200s",
pam_retval, PAM_STRERROR(pamh, pam_retval));
}
pam_retval = pam_setcred(pamh, PAM_DELETE_CRED);
if (pam_retval != PAM_SUCCESS) {
- debug("Cannot delete credentials[%d]: %.200s",
+ debug("Cannot delete credentials[%d]: %.200s",
pam_retval, PAM_STRERROR(pamh, pam_retval));
}
pam_retval = pam_end(pamh, pam_retval);
if (pam_retval != PAM_SUCCESS) {
- log("Cannot release PAM authentication[%d]: %.200s",
+ log("Cannot release PAM authentication[%d]: %.200s",
pam_retval, PAM_STRERROR(pamh, pam_retval));
}
}
return 0;
pampasswd = password;
-
+
pamstate = INITIAL_LOGIN;
pam_retval = do_pam_authenticate(0);
if (pam_retval == PAM_SUCCESS) {
- debug("PAM Password authentication accepted for user \"%.100s\"",
+ debug("PAM Password authentication accepted for user \"%.100s\"",
pw->pw_name);
return 1;
} else {
- debug("PAM Password authentication for \"%.100s\" failed[%d]: %s",
+ debug("PAM Password authentication for \"%.100s\" failed[%d]: %s",
pw->pw_name, pam_retval, PAM_STRERROR(pamh, pam_retval));
return 0;
}
{
int pam_retval;
extern ServerOptions options;
-
- debug("PAM setting rhost to \"%.200s\"",
+
+ debug("PAM setting rhost to \"%.200s\"",
get_canonical_hostname(options.reverse_mapping_check));
- pam_retval = pam_set_item(pamh, PAM_RHOST,
+ pam_retval = pam_set_item(pamh, PAM_RHOST,
get_canonical_hostname(options.reverse_mapping_check));
if (pam_retval != PAM_SUCCESS) {
- fatal("PAM set rhost failed[%d]: %.200s",
+ fatal("PAM set rhost failed[%d]: %.200s",
pam_retval, PAM_STRERROR(pamh, pam_retval));
}
debug("PAM setting ruser to \"%.200s\"", remote_user);
pam_retval = pam_set_item(pamh, PAM_RUSER, remote_user);
if (pam_retval != PAM_SUCCESS) {
- fatal("PAM set ruser failed[%d]: %.200s",
+ fatal("PAM set ruser failed[%d]: %.200s",
pam_retval, PAM_STRERROR(pamh, pam_retval));
}
}
password_change_required = 1;
break;
default:
- log("PAM rejected by account configuration[%d]: %.200s",
+ log("PAM rejected by account configuration[%d]: %.200s",
pam_retval, PAM_STRERROR(pamh, pam_retval));
return(0);
}
-
+
return(1);
}
debug("PAM setting tty to \"%.200s\"", ttyname);
pam_retval = pam_set_item(pamh, PAM_TTY, ttyname);
if (pam_retval != PAM_SUCCESS) {
- fatal("PAM set tty failed[%d]: %.200s",
+ fatal("PAM set tty failed[%d]: %.200s",
pam_retval, PAM_STRERROR(pamh, pam_retval));
}
}
pam_retval = pam_open_session(pamh, 0);
if (pam_retval != PAM_SUCCESS) {
- fatal("PAM session setup failed[%d]: %.200s",
+ fatal("PAM session setup failed[%d]: %.200s",
pam_retval, PAM_STRERROR(pamh, pam_retval));
}
}
-/* Set PAM credentials */
+/* Set PAM credentials */
void do_pam_setcred(void)
{
int pam_retval;
-
+
debug("PAM establishing creds");
pam_retval = pam_setcred(pamh, PAM_ESTABLISH_CRED);
if (pam_retval != PAM_SUCCESS) {
if(was_authenticated) {
- fatal("PAM setcred failed[%d]: %.200s",
+ fatal("PAM setcred failed[%d]: %.200s",
pam_retval, PAM_STRERROR(pamh, pam_retval));
} else {
- debug("PAM setcred failed[%d]: %.200s",
+ debug("PAM setcred failed[%d]: %.200s",
pam_retval, PAM_STRERROR(pamh, pam_retval));
}
}
return password_change_required;
}
-/*
+/*
* Have user change authentication token if pam_acct_mgmt() indicated
* it was expired. This needs to be called after an interactive
* session is established and the user's pty is connected to
do {
pam_retval = pam_chauthtok(pamh, PAM_CHANGE_EXPIRED_AUTHTOK);
if (pam_retval != PAM_SUCCESS) {
- log("PAM pam_chauthtok failed[%d]: %.200s",
+ log("PAM pam_chauthtok failed[%d]: %.200s",
pam_retval, PAM_STRERROR(pamh, pam_retval));
}
} while (pam_retval != PAM_SUCCESS);
pam_retval = pam_start(SSHD_PAM_SERVICE, user, &conv, &pamh);
if (pam_retval != PAM_SUCCESS) {
- fatal("PAM initialisation failed[%d]: %.200s",
+ fatal("PAM initialisation failed[%d]: %.200s",
pam_retval, PAM_STRERROR(pamh, pam_retval));
}
#ifdef PAM_TTY_KLUDGE
/*
* Some PAM modules (e.g. pam_time) require a TTY to operate,
- * and will fail in various stupid ways if they don't get one.
+ * and will fail in various stupid ways if they don't get one.
* sshd doesn't set the tty until too late in the auth process and may
* not even need one (for tty-less connections)
- * Kludge: Set a fake PAM_TTY
+ * Kludge: Set a fake PAM_TTY
*/
pam_retval = pam_set_item(pamh, PAM_TTY, "ssh");
if (pam_retval != PAM_SUCCESS) {
- fatal("PAM set tty failed[%d]: %.200s",
+ fatal("PAM set tty failed[%d]: %.200s",
pam_retval, PAM_STRERROR(pamh, pam_retval));
}
#endif /* PAM_TTY_KLUDGE */
char *p;
size_t new_msg_len;
size_t pam_msg_len;
-
+
new_msg_len = strlen(msg);
-
+
if (pam_msg) {
pam_msg_len = strlen(pam_msg);
pam_msg = xrealloc(pam_msg, new_msg_len + pam_msg_len + 2);
* Empty password is only possible on NT if the user has _really_
* an empty password and authentication is done, though.
*/
- if (!is_winnt)
+ if (!is_winnt)
#endif
if (*password == '\0' && options.permit_empty_passwd == 0)
return 0;
*/
#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
spw = getspnam(pw->pw_name);
- if (spw != NULL)
+ if (spw != NULL)
pw_password = spw->sp_pwdp;
#endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */
#ifdef HAVE_SCO_PROTECTED_PW
spw = getprpwnam(pw->pw_name);
- if (spw != NULL)
+ if (spw != NULL)
pw_password = spw->ufld.fd_encrypt;
#endif /* HAVE_SCO_PROTECTED_PW */
encrypted_password = md5_crypt(password, salt);
else
encrypted_password = crypt(password, salt);
-#else /* HAVE_MD5_PASSWORDS */
+#else /* HAVE_MD5_PASSWORDS */
# ifdef __hpux
if (iscomsec())
encrypted_password = bigcrypt(password, salt);
# else
encrypted_password = crypt(password, salt);
# endif /* __hpux */
-#endif /* HAVE_MD5_PASSWORDS */
+#endif /* HAVE_MD5_PASSWORDS */
/* Authentication is accepted if the encrypted passwords are identical. */
return (strcmp(encrypted_password, pw_password) == 0);
return 0;
/* Check password expiry */
- if ((spw->sp_lstchg >= 0) && (spw->sp_max >= 0) &&
+ if ((spw->sp_lstchg >= 0) && (spw->sp_max >= 0) &&
(days > (spw->sp_lstchg + spw->sp_max)))
return 0;
}
Authctxt *
authctxt_new(void)
{
- Authctxt *authctxt = xmalloc(sizeof(*authctxt));
- memset(authctxt, 0, sizeof(*authctxt));
- return authctxt;
+ Authctxt *authctxt = xmalloc(sizeof(*authctxt));
+ memset(authctxt, 0, sizeof(*authctxt));
+ return authctxt;
}
struct passwd *
authenticated = auth_pam_password(pw, password);
#elif defined(HAVE_OSF_SIA)
/* Do SIA auth with password */
- if (sia_validate_user(NULL, saved_argc, saved_argv,
- get_canonical_hostname(options.reverse_mapping_check),
+ if (sia_validate_user(NULL, saved_argc, saved_argv,
+ get_canonical_hostname(options.reverse_mapping_check),
pw->pw_name, NULL, 0, NULL, password) == SIASUCCESS) {
authenticated = 1;
}
fatal("INTERNAL ERROR: authenticated invalid user %s",
authctxt->user);
-#ifdef HAVE_CYGWIN
- if (authenticated &&
+#ifdef HAVE_CYGWIN
+ if (authenticated &&
!check_nt_auth(type == SSH_CMSG_AUTH_PASSWORD,pw->pw_uid)) {
packet_disconnect("Authentication rejected for uid %d.",
(int)pw->pw_uid);
if (authenticated && authctxt->pw->pw_uid == 0 && !auth_root_allowed())
authenticated = 0;
#endif
-#ifdef USE_PAM
+#ifdef USE_PAM
if (authenticated && !do_pam_account(pw->pw_name, client_user))
authenticated = 0;
#endif
return;
if (authctxt->failures++ > AUTH_FAIL_MAX) {
-#ifdef WITH_AIXAUTHENTICATE
- loginfailed(authctxt->user,
- get_canonical_hostname(options.reverse_mapping_check),
+#ifdef WITH_AIXAUTHENTICATE
+ loginfailed(authctxt->user,
+ get_canonical_hostname(options.reverse_mapping_check),
"ssh");
#endif /* WITH_AIXAUTHENTICATE */
packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
#ifdef WITH_AIXAUTHENTICATE
/* We don't have a pty yet, so just label the line as "ssh" */
- if (loginsuccess(authctxt->user,
+ if (loginsuccess(authctxt->user,
get_canonical_hostname(options.reverse_mapping_check),
"ssh", &aixloginmsg) < 0)
aixloginmsg = NULL;
if ((style = strchr(user, ':')) != NULL)
*style++ = 0;
- if (authctxt->attempt++ == 0) {
+ if (authctxt->attempt++ == 0) {
/* setup auth context */
struct passwd *pw = NULL;
setproctitle("%s", user);
return;
}
-void
+void
userauth_reply(Authctxt *authctxt, int authenticated)
{
char *methods;
if (authenticated) {
#ifdef WITH_AIXAUTHENTICATE
/* We don't have a pty yet, so just label the line as "ssh" */
- if (loginsuccess(authctxt->user?authctxt->user:"NOUSER",
- get_canonical_hostname(options.reverse_mapping_check),
+ if (loginsuccess(authctxt->user?authctxt->user:"NOUSER",
+ get_canonical_hostname(options.reverse_mapping_check),
"ssh", &aixloginmsg) < 0)
aixloginmsg = NULL;
#endif /* WITH_AIXAUTHENTICATE */
authctxt->success = 1;
} else {
if (authctxt->failures++ > AUTH_FAIL_MAX)
- packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
+ packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
methods = authmethods_get();
packet_start(SSH2_MSG_USERAUTH_FAILURE);
packet_put_cstring(methods);
if (m != NULL)
m->enabled = NULL;
packet_done();
- userauth_banner();
+ userauth_banner();
if (authctxt->valid == 0)
return(0);
-
+
#ifdef HAVE_CYGWIN
if (check_nt_auth(1, authctxt->pw->pw_uid) == 0)
return(0);
#ifdef USE_PAM
return auth_pam_password(authctxt->pw, "");
#elif defined(HAVE_OSF_SIA)
- return (sia_validate_user(NULL, saved_argc, saved_argv,
- get_canonical_hostname(options.reverse_mapping_check),
- authctxt->user?authctxt->user:"NOUSER", NULL, 0,
+ return (sia_validate_user(NULL, saved_argc, saved_argv,
+ get_canonical_hostname(options.reverse_mapping_check),
+ authctxt->user?authctxt->user:"NOUSER", NULL, 0,
NULL, "") == SIASUCCESS);
#else /* !HAVE_OSF_SIA && !USE_PAM */
return auth_password(authctxt->pw, "");
#ifdef USE_PAM
auth_pam_password(authctxt->pw, password) == 1)
#elif defined(HAVE_OSF_SIA)
- sia_validate_user(NULL, saved_argc, saved_argv,
- get_canonical_hostname(options.reverse_mapping_check),
- authctxt->user?authctxt->user:"NOUSER", NULL, 0, NULL,
+ sia_validate_user(NULL, saved_argc, saved_argv,
+ get_canonical_hostname(options.reverse_mapping_check),
+ authctxt->user?authctxt->user:"NOUSER", NULL, 0, NULL,
password) == SIASUCCESS)
#else /* !USE_PAM && !HAVE_OSF_SIA */
auth_password(authctxt->pw, password) == 1)
return decode_reply(type);
}
-int
+int
decode_reply(int type)
{
switch (type) {
port = from6->sin6_port;
memset(&from, 0, sizeof(from));
-
+
from4->sin_family = AF_INET;
memcpy(&from4->sin_addr, &addr, sizeof(addr));
from4->sin_port = port;
int err = 0;
int sz = sizeof(err);
c->type = SSH_CHANNEL_OPEN;
- if (getsockopt(c->sock, SOL_SOCKET, SO_ERROR, (char *)&err, &sz) < 0) {
+ if (getsockopt(c->sock, SOL_SOCKET, SO_ERROR, (char *)&err, &sz) < 0) {
debug("getsockopt SO_ERROR failed");
} else {
if (err == 0) {
if (remote_fwd) {
host = listen_address;
- ctype = SSH_CHANNEL_RPORT_LISTENER;
+ ctype = SSH_CHANNEL_RPORT_LISTENER;
} else {
host = host_to_connect;
ctype =SSH_CHANNEL_PORT_LISTENER;
error("bind: %.100s", strerror(errno));
else
verbose("bind: %.100s", strerror(errno));
-
+
close(sock);
continue;
}
error("connect %.100s port %s: %.100s", ntop, strport,
strerror(errno));
close(sock);
- continue; /* fail -- try next */
+ continue; /* fail -- try next */
}
break; /* success */
}
freeaddrinfo(aitop);
if (!ai) {
- error("connect %.100s port %d: failed.", host, host_port);
+ error("connect %.100s port %d: failed.", host, host_port);
return -1;
}
/* success */
fatal("gethostname: %.100s", strerror(errno));
#ifdef IPADDR_IN_DISPLAY
- /*
+ /*
* HPUX detects the local hostname in the DISPLAY variable and tries
* to set up a shared memory connection to the server, which it
* incorrectly supposes to be local.
memcpy(&my_addr, he->h_addr_list[0], sizeof(struct in_addr));
/* Set DISPLAY to <ip address>:screen.display */
- snprintf(display, sizeof(display), "%.50s:%d.%d", inet_ntoa(my_addr),
+ snprintf(display, sizeof(display), "%.50s:%d.%d", inet_ntoa(my_addr),
display_number, screen_number);
}
#else /* IPADDR_IN_DISPLAY */
}
c->dettach_user = NULL;
}
-void
+void
channel_register_filter(int id, channel_filter_fn *fn)
{
Channel *c = channel_lookup(id);
void
cast_setiv(CipherContext *cc, const u_char *iv, u_int ivlen)
{
- if (iv == NULL)
+ if (iv == NULL)
fatal("no IV for %s.", cc->cipher->name);
memcpy(cc->u.cast.iv, (char *)iv, 8);
}
void
rijndael_setiv(CipherContext *cc, const u_char *iv, u_int ivlen)
{
- if (iv == NULL)
+ if (iv == NULL)
fatal("no IV for %s.", cc->cipher->name);
memcpy((u_char *)cc->u.rijndael.iv, iv, RIJNDAEL_BLOCKSIZE);
}
SSH_CIPHER_SSH2, 16, 32,
rijndael_setkey, rijndael_setiv,
rijndael_cbc_encrypt, rijndael_cbc_decrypt },
- { NULL, SSH_CIPHER_ILLEGAL, 0, 0, NULL, NULL, NULL, NULL }
+ { NULL, SSH_CIPHER_ILLEGAL, 0, 0, NULL, NULL, NULL, NULL }
};
/*--*/
output = xmalloc(4*size);
for (p = output, i = 0; i < size; i++) {
- if (buf[i] == '\n')
- *p++ = buf[i];
- else
- p = vis(p, buf[i], 0, 0);
- }
+ if (buf[i] == '\n')
+ *p++ = buf[i];
+ else
+ p = vis(p, buf[i], 0, 0);
+ }
len = p - output;
for (pos = 0; pos < len; pos += ret) {
* of response depending on arg. Tries to ensure that no other userland
* buffer is storing the response.
*/
-char* cli_read_passphrase(const char* prompt, int from_stdin,
+char* cli_read_passphrase(const char* prompt, int from_stdin,
int echo_enable);
char* cli_prompt(char* prompt, int echo_enable);
void cli_mesg(char* mesg);
#endif
#ifdef HAVE_SYS_BITYPES_H
# include <sys/bitypes.h> /* For u_intXX_t */
-#endif
+#endif
#ifdef HAVE_PATHS_H
# include <paths.h> /* For _PATH_XXX */
-#endif
+#endif
#ifdef HAVE_LIMITS_H
# include <limits.h> /* For PATH_MAX */
-#endif
+#endif
#ifdef HAVE_SYS_TIME_H
# include <sys/time.h> /* For timersub */
#endif
#endif
#ifdef HAVE_SYS_CDEFS_H
# include <sys/cdefs.h> /* For __P() */
-#endif
+#endif
#ifdef HAVE_SYS_SYSMACROS_H
# include <sys/sysmacros.h> /* For MIN, MAX, etc */
#endif
# endif /* PATH_MAX */
#endif /* MAXPATHLEN */
-#ifndef STDIN_FILENO
+#ifndef STDIN_FILENO
# define STDIN_FILENO 0
-#endif
-#ifndef STDOUT_FILENO
+#endif
+#ifndef STDOUT_FILENO
# define STDOUT_FILENO 1
-#endif
-#ifndef STDERR_FILENO
+#endif
+#ifndef STDERR_FILENO
# define STDERR_FILENO 2
-#endif
+#endif
#ifndef NGROUPS_MAX /* Disable groupaccess if NGROUP_MAX is not set */
#define NGROUPS_MAX 0
#endif
#ifndef O_NONBLOCK /* Non Blocking Open */
-# define O_NONBLOCK 00004
+# define O_NONBLOCK 00004
#endif
#ifndef S_ISREG
(result)->tv_sec = (a)->tv_sec - (b)->tv_sec; \
(result)->tv_usec = (a)->tv_usec - (b)->tv_usec; \
if ((result)->tv_usec < 0) { \
- --(result)->tv_sec; \
- (result)->tv_usec += 1000000; \
+ --(result)->tv_sec; \
+ (result)->tv_usec += 1000000; \
} \
} while (0)
#endif
#ifndef SUN_LEN
#define SUN_LEN(su) \
- (sizeof(*(su)) - sizeof((su)->sun_path) + strlen((su)->sun_path))
+ (sizeof(*(su)) - sizeof((su)->sun_path) + strlen((su)->sun_path))
#endif /* SUN_LEN */
/* Function replacement / compatibility hacks */
if (type > 0 && type < DISPATCH_MAX && dispatch[type] != NULL)
(*dispatch[type])(type, plen, ctxt);
else
- packet_disconnect("protocol error: rcvd type %d", type);
+ packet_disconnect("protocol error: rcvd type %d", type);
if (done != NULL && *done)
return;
}
addr.sun_family = AF_UNIX;
strlcpy(addr.sun_path, EGD_SOCKET, sizeof(addr.sun_path));
addr_len = offsetof(struct sockaddr_un, sun_path) + sizeof(EGD_SOCKET);
-
+
fd = socket(AF_UNIX, SOCK_STREAM, 0);
if (fd == -1) {
error("Couldn't create AF_UNIX socket: %s", strerror(errno));
}
if (connect(fd, (struct sockaddr*)&addr, addr_len) == -1) {
- error("Couldn't connect to EGD socket \"%s\": %s",
+ error("Couldn't connect to EGD socket \"%s\": %s",
addr.sun_path, strerror(errno));
close(fd);
return(0);
msg[1] = len;
if (atomicio(write, fd, msg, sizeof(msg)) != sizeof(msg)) {
- error("Couldn't write to EGD socket \"%s\": %s",
+ error("Couldn't write to EGD socket \"%s\": %s",
EGD_SOCKET, strerror(errno));
close(fd);
return(0);
}
if (atomicio(read, fd, buf, len) != len) {
- error("Couldn't read from EGD socket \"%s\": %s",
+ error("Couldn't read from EGD socket \"%s\": %s",
EGD_SOCKET, strerror(errno));
close(fd);
return(0);
}
-
+
close(fd);
-
+
return(1);
}
#else /* !EGD_SOCKET */
random_pool = open(RANDOM_POOL, O_RDONLY);
if (random_pool == -1) {
- error("Couldn't open random pool \"%s\": %s",
+ error("Couldn't open random pool \"%s\": %s",
RANDOM_POOL, strerror(errno));
return(0);
}
-
+
if (atomicio(read, random_pool, buf, len) != len) {
- error("Couldn't read from random pool \"%s\": %s",
+ error("Couldn't read from random pool \"%s\": %s",
RANDOM_POOL, strerror(errno));
close(random_pool);
return(0);
}
-
+
close(random_pool);
-
+
return(1);
}
#endif /* RANDOM_POOL */
seed_rng(void)
{
char buf[32];
-
+
debug("Seeding random number generator");
if (!get_random_bytes(buf, sizeof(buf))) {
} else {
RAND_add(buf, sizeof(buf), sizeof(buf));
}
-
+
memset(buf, '\0', sizeof(buf));
}
#else /* defined(EGD_SOCKET) || defined(RANDOM_POOL) */
-/*
+/*
* FIXME: proper entropy estimations. All current values are guesses
* FIXME: (ATL) do estimates at compile time?
* FIXME: More entropy sources
/* this is initialised from a file, by prng_read_commands() */
entropy_source_t *entropy_sources = NULL;
-double
+double
stir_from_system(void)
{
double total_entropy_estimate;
long int i;
-
+
total_entropy_estimate = 0;
-
+
i = getpid();
RAND_add(&i, sizeof(i), 0.5);
total_entropy_estimate += 0.1;
-
+
i = getppid();
RAND_add(&i, sizeof(i), 0.5);
total_entropy_estimate += 0.1;
return(total_entropy_estimate);
}
-double
+double
stir_from_programs(void)
{
int i;
/* Scale back entropy estimate according to command's rate */
entropy_estimate *= entropy_sources[c].rate;
-
+
/* Upper bound of entropy estimate is SHA_DIGEST_LENGTH */
if (entropy_estimate > SHA_DIGEST_LENGTH)
entropy_estimate = SHA_DIGEST_LENGTH;
- /* Scale back estimates for subsequent passes through list */
+ /* Scale back estimates for subsequent passes through list */
entropy_estimate /= SCALE_PER_RUN * (i + 1.0);
-
+
/* Stir it in */
RAND_add(hash, sizeof(hash), entropy_estimate);
- debug3("Got %0.2f bytes of entropy from '%s'", entropy_estimate,
+ debug3("Got %0.2f bytes of entropy from '%s'", entropy_estimate,
entropy_sources[c].cmdstring);
total_entropy_estimate += entropy_estimate;
c++;
}
}
-
+
return(total_entropy_estimate);
}
stir_gettimeofday(double entropy_estimate)
{
struct timeval tv;
-
+
if (gettimeofday(&tv, NULL) == -1)
fatal("Couldn't gettimeofday: %s", strerror(errno));
RAND_add(&tv, sizeof(tv), entropy_estimate);
-
+
return(entropy_estimate);
}
{
#ifdef HAVE_CLOCK
clock_t c;
-
+
c = clock();
RAND_add(&c, sizeof(c), entropy_estimate);
-
+
return(entropy_estimate);
#else /* _HAVE_CLOCK */
return(0);
{
#ifdef HAVE_GETRUSAGE
struct rusage ru;
-
+
if (getrusage(who, &ru) == -1)
return(0);
int bytes_read;
int total_bytes_read;
SHA_CTX sha;
-
+
debug3("Reading output from \'%s\'", src->cmdstring);
if (devnull == -1) {
if (devnull == -1)
fatal("Couldn't open /dev/null: %s", strerror(errno));
}
-
+
if (pipe(p) == -1)
fatal("Couldn't open pipe: %s", strerror(errno));
close(p[0]);
debug3("Time elapsed: %d msec", msec_elapsed);
-
+
if (waitpid(pid, &status, 0) == -1) {
error("Couldn't wait for child '%s' completion: %s", src->cmdstring,
strerror(errno));
if (WEXITSTATUS(status)==0) {
return(total_bytes_read);
} else {
- debug2("Command '%s' exit status was %d", src->cmdstring,
+ debug2("Command '%s' exit status was %d", src->cmdstring,
WEXITSTATUS(status));
src->badness = src->sticky_badness = 128;
return (0.0);
}
} else if (WIFSIGNALED(status)) {
- debug2("Command '%s' returned on uncaught signal %d !", src->cmdstring,
+ debug2("Command '%s' returned on uncaught signal %d !", src->cmdstring,
status);
src->badness = src->sticky_badness = 128;
return(0.0);
if (lstat(filename, &st) == -1) {
/* Give up on hard errors */
if (errno != ENOENT)
- debug("WARNING: Couldn't stat random seed file \"%s\": %s",
+ debug("WARNING: Couldn't stat random seed file \"%s\": %s",
filename, strerror(errno));
return(0);
filename, getuid());
return(0);
}
-
+
return(1);
}
/* Don't bother if we have already saved a seed */
if (prng_seed_saved)
return;
-
+
setuid(original_uid);
-
+
prng_seed_saved = 1;
-
+
pw = getpwuid(original_uid);
if (pw == NULL)
- fatal("Couldn't get password entry for current user (%i): %s",
+ fatal("Couldn't get password entry for current user (%i): %s",
original_uid, strerror(errno));
-
+
/* Try to ensure that the parent directory is there */
- snprintf(filename, sizeof(filename), "%.512s/%s", pw->pw_dir,
+ snprintf(filename, sizeof(filename), "%.512s/%s", pw->pw_dir,
_PATH_SSH_USER_DIR);
mkdir(filename, 0700);
- snprintf(filename, sizeof(filename), "%.512s/%s", pw->pw_dir,
+ snprintf(filename, sizeof(filename), "%.512s/%s", pw->pw_dir,
SSH_PRNG_SEED_FILE);
debug("writing PRNG seed to file %.100s", filename);
/* Don't care if the seed doesn't exist */
prng_check_seedfile(filename);
-
+
if ((fd = open(filename, O_WRONLY|O_TRUNC|O_CREAT, 0600)) == -1) {
- debug("WARNING: couldn't access PRNG seedfile %.100s (%.100s)",
+ debug("WARNING: couldn't access PRNG seedfile %.100s (%.100s)",
filename, strerror(errno));
- } else {
+ } else {
if (atomicio(write, fd, &seed, sizeof(seed)) != sizeof(seed))
- fatal("problem writing PRNG seedfile %.100s (%.100s)", filename,
+ fatal("problem writing PRNG seedfile %.100s (%.100s)", filename,
strerror(errno));
close(fd);
char seed[1024];
char filename[1024];
struct passwd *pw;
-
+
pw = getpwuid(original_uid);
if (pw == NULL)
- fatal("Couldn't get password entry for current user (%i): %s",
+ fatal("Couldn't get password entry for current user (%i): %s",
original_uid, strerror(errno));
-
- snprintf(filename, sizeof(filename), "%.512s/%s", pw->pw_dir,
+
+ snprintf(filename, sizeof(filename), "%.512s/%s", pw->pw_dir,
SSH_PRNG_SEED_FILE);
debug("loading PRNG seed from file %.100s", filename);
/* open the file and read in the seed */
fd = open(filename, O_RDONLY);
if (fd == -1)
- fatal("could not open PRNG seedfile %.100s (%.100s)", filename,
+ fatal("could not open PRNG seedfile %.100s (%.100s)", filename,
strerror(errno));
if (atomicio(read, fd, &seed, sizeof(seed)) != sizeof(seed)) {
error("bad entropy command, %.100s line %d", cmdfilename,
linenum);
continue;
- }
+ }
/* first token, command args (incl. argv[0]) in double quotes */
cp = strtok(cp, "\"");
continue;
}
strlcpy(cmd, cp, sizeof(cmd));
-
+
/* second token, full command path */
if ((cp = strtok(NULL, WHITESPACE)) == NULL) {
error("missing command path, %.100s line %d -- ignored",
if (strncmp("undef", cp, 5) == 0)
continue;
- strlcpy(path, cp, sizeof(path));
+ strlcpy(path, cp, sizeof(path));
/* third token, entropy rate estimate for this command */
if ((cp = strtok(NULL, WHITESPACE)) == NULL) {
/* end of line */
if ((cp = strtok(NULL, WHITESPACE)) != NULL) {
- error("garbage at end of line %d in %.100s -- ignored", linenum,
+ error("garbage at end of line %d in %.100s -- ignored", linenum,
cmdfilename);
continue;
}
/* save the command for debug messages */
entcmd[cur_cmd].cmdstring = xstrdup(cmd);
-
+
/* split the command args */
cp = strtok(cmd, WHITESPACE);
arg = 0;
entcmd[cur_cmd].args[arg] = s;
arg++;
} while ((arg < 5) && (cp = strtok(NULL, WHITESPACE)));
-
+
if (strtok(NULL, WHITESPACE))
error("ignored extra command elements (max 5), %.100s line %d",
cmdfilename, linenum);
/*
* Write a keyfile at exit
- */
+ */
void
prng_seed_cleanup(void *junk)
{
if (!prng_initialised)
fatal("RNG not initialised");
-
+
/* Make sure some other sigchld handler doesn't reap our entropy */
/* commands */
old_sigchld_handler = signal(SIGCHLD, SIG_DFL);
fatal("Couldn't initialise builtin random number generator -- exiting.");
}
-void init_rng(void)
+void init_rng(void)
{
int original_euid;
-
+
original_uid = getuid();
original_euid = geteuid();
fatal("PRNG initialisation failed -- exiting.");
/* Set ourselves up to save a seed upon exit */
- prng_seed_saved = 0;
+ prng_seed_saved = 0;
/* Give up privs while reading seed file */
if ((original_uid != original_euid) && (seteuid(original_uid) == -1))
fatal("Couldn't give up privileges");
-
+
prng_read_seedfile();
if ((original_uid != original_euid) && (seteuid(original_euid) == -1))
#endif
#ifdef HAVE_BSTRING_H
# include <bstring.h>
-#endif
+#endif
#ifdef HAVE_NETGROUP_H
# include <netgroup.h>
-#endif
+#endif
#if defined(HAVE_NETDB_H)
# include <netdb.h>
-#endif
+#endif
#ifdef HAVE_ENDIAN_H
# include <endian.h>
#endif
debug("send KEXINIT");
packet_start(SSH2_MSG_KEXINIT);
- packet_put_raw(buffer_ptr(my_kexinit), buffer_len(my_kexinit));
+ packet_put_raw(buffer_ptr(my_kexinit), buffer_len(my_kexinit));
packet_send();
packet_write_wait();
debug("done");
buffer_put_bignum2(&b, client_dh_pub);
buffer_put_bignum2(&b, server_dh_pub);
buffer_put_bignum2(&b, shared_secret);
-
+
#ifdef DEBUG_KEX
buffer_dump(&b);
#endif
buffer_put_bignum2(&b, client_dh_pub);
buffer_put_bignum2(&b, server_dh_pub);
buffer_put_bignum2(&b, shared_secret);
-
+
#ifdef DEBUG_KEX
buffer_dump(&b);
#endif
c = cp = xstrdup(client);
s = sp = xstrdup(server);
- for ((p = strsep(&sp, SEP)), i=0; p && *p != '\0';
+ for ((p = strsep(&sp, SEP)), i=0; p && *p != '\0';
(p = strsep(&sp, SEP)), i++) {
if (i < MAX_PROP)
sproposals[i] = p;
}
nproposals = i;
- for ((p = strsep(&cp, SEP)), i=0; p && *p != '\0';
+ for ((p = strsep(&cp, SEP)), i=0; p && *p != '\0';
(p = strsep(&cp, SEP)), i++) {
for (j = 0; j < nproposals; j++) {
if (strcmp(p, sproposals[j]) == 0) {
DH_GRP1_SHA1,
DH_GEX_SHA1
};
-
+
typedef struct Kex Kex;
typedef struct Mac Mac;
typedef struct Comp Comp;
RSA *
rsa_generate_private_key(u_int bits)
{
- RSA *private;
- private = RSA_generate_key(bits, 35, NULL, NULL);
- if (private == NULL)
- fatal("rsa_generate_private_key: key generation failed.");
- return private;
+ RSA *private;
+ private = RSA_generate_key(bits, 35, NULL, NULL);
+ if (private == NULL)
+ fatal("rsa_generate_private_key: key generation failed.");
+ return private;
}
DSA*
if (private == NULL)
fatal("dsa_generate_private_key: DSA_generate_parameters failed");
if (!DSA_generate_key(private))
- fatal("dsa_generate_private_key: DSA_generate_key failed.");
- if (private == NULL)
- fatal("dsa_generate_private_key: NULL.");
+ fatal("dsa_generate_private_key: DSA_generate_key failed.");
+ if (private == NULL)
+ fatal("dsa_generate_private_key: NULL.");
return private;
}
{
Key *k = key_new(KEY_UNSPEC);
switch (type) {
- case KEY_DSA:
+ case KEY_DSA:
k->dsa = dsa_generate_private_key(bits);
break;
case KEY_RSA:
k->rsa = rsa_generate_private_key(bits);
break;
default:
- fatal("key_generate: unknown type %d", type);
+ fatal("key_generate: unknown type %d", type);
}
- k->type = type;
+ k->type = type;
return k;
}
{
Key *n = NULL;
switch (k->type) {
- case KEY_DSA:
+ case KEY_DSA:
n = key_new(k->type);
BN_copy(n->dsa->p, k->dsa->p);
BN_copy(n->dsa->q, k->dsa->q);
BN_copy(n->rsa->e, k->rsa->e);
break;
default:
- fatal("key_from_private: unknown type %d", k->type);
+ fatal("key_from_private: unknown type %d", k->type);
break;
}
return n;
SYSLOG_FACILITY_USER,
SYSLOG_FACILITY_AUTH,
#ifdef LOG_AUTHPRIV
- SYSLOG_FACILITY_AUTHPRIV,
+ SYSLOG_FACILITY_AUTHPRIV,
#endif
SYSLOG_FACILITY_LOCAL0,
SYSLOG_FACILITY_LOCAL1,
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
-/**
+/**
** loginrec.c: platform-independent login recording and lastlog retrieval
**/
requires very thorough testing so we do not corrupt local auditing
information. These files and their access methods are very system
specific indeed.
-
+
For utmpx systems, the corresponding library functions are
setutxent() etc. To the author's knowledge, all utmpx systems have
these library functions and so no direct write is attempted. If such
Calling the new code
--------------------
-
+
In OpenSSH all login recording and retrieval is performed in
login.c. Here you'll find working examples. Also, in the logintest.c
program there are more examples.
Internal handler calling method
-------------------------------
-
+
When a call is made to login_login() or login_logout(), both
routines set a struct logininfo flag defining which action (log in,
or log out) is to be taken. They both then call login_write(), which
with 'make logintest' as it's not built by default.)
Otherwise, patches to the specific method(s) are very helpful!
-
+
*/
/**
**/
/* login_login(struct logininfo *) -Record a login
- *
+ *
* Call with a pointer to a struct logininfo initialised with
* login_init_entry() or login_alloc_entry()
*
memset(li, '\0', sizeof(*li));
li->uid = uid;
- /*
+ /*
* If we don't have a 'real' lastlog, we need the username to
* reliably search wtmp(x) for the last login (see
- * wtmp_get_entry().)
+ * wtmp_get_entry().)
*/
pw = getpwuid(uid);
if (pw == NULL)
fatal("login_get_lastlog: Cannot find account for uid %i", uid);
-
+
/* No MIN_SIZEOF here - we absolutely *must not* truncate the
- * username */
+ * username */
strlcpy(li->username, pw->pw_name, sizeof(li->username));
if (getlast_entry(li))
/* login_alloc_entry(int, char*, char*, char*) - Allocate and initialise
- * a logininfo structure
- *
+ * a logininfo structure
+ *
* This function creates a new struct logininfo, a data structure
* meant to carry the information required to portably record login info.
*
/* login_init_entry(struct logininfo *, int, char*, char*, char*)
* - initialise a struct logininfo
- *
+ *
* Populates a new struct logininfo, a data structure meant to carry
* the information required to portably record login info.
*
* Returns: 1
*/
int
-login_init_entry(struct logininfo *li, int pid, const char *username,
+login_init_entry(struct logininfo *li, int pid, const char *username,
const char *hostname, const char *line)
{
struct passwd *pw;
-
+
memset(li, 0, sizeof(*li));
-
+
li->pid = pid;
/* set the line information */
struct timeval tv;
gettimeofday(&tv, NULL);
-
+
li->tv_sec = tv.tv_sec;
li->tv_usec = tv.tv_usec;
}
#else /* !USE_LASTLOG */
#ifdef DISABLE_LASTLOG
- /* On some systems we shouldn't even try to obtain last login
+ /* On some systems we shouldn't even try to obtain last login
* time, e.g. AIX */
return 0;
# else /* DISABLE_LASTLOG */
return 0;
# endif /* USE_WTMPX && (HAVE_TIME_IN_UTMPX || HAVE_TV_IN_UTMPX) */
# endif /* USE_WTMP && (HAVE_TIME_IN_UTMP || HAVE_TV_IN_UTMP) */
-# endif /* DISABLE_LASTLOG */
+# endif /* DISABLE_LASTLOG */
#endif /* USE_LASTLOG */
}
* NOTE: use strncpy because we do NOT necessarily want zero
* termination */
char *
-line_abbrevname(char *dst, const char *src, int dstsize)
+line_abbrevname(char *dst, const char *src, int dstsize)
{
size_t len;
-
+
memset(dst, '\0', dstsize);
-
+
/* Always skip prefix if present */
#ifdef sgi
if (strncmp(src, "/dev/tty", 8) == 0)
if (strncmp(src, "/dev/", 5) == 0)
src += 5;
#endif
-
+
len = strlen(src);
if (len > 0) {
src += ((int)len - dstsize);
/* note: _don't_ change this to strlcpy */
- strncpy(dst, src, (size_t)dstsize);
+ strncpy(dst, src, (size_t)dstsize);
}
-
+
return dst;
}
/*
* These fields are only used when logging in, and are blank
- * for logouts.
+ * for logouts.
*/
/* Use strncpy because we don't necessarily want null termination */
/* this is just a 32-bit IP address */
if (li->hostaddr.sa.sa_family == AF_INET)
ut->ut_addr = li->hostaddr.sa_in.sin_addr.s_addr;
-# endif
+# endif
}
#endif /* USE_UTMP || USE_WTMP || USE_LOGIN */
/*
* These fields are only used when logging in, and are blank
- * for logouts.
+ * for logouts.
*/
/* strncpy(): Don't necessarily want null termination */
* If the new ut_line is empty but the old one is not
* and ut_line and ut_name match, preserve the old ut_line.
*/
- if (atomicio(read, fd, &old_ut, sizeof(old_ut)) == sizeof(old_ut) &&
- (ut->ut_host[0] == '\0') && (old_ut.ut_host[0] != '\0') &&
- (strncmp(old_ut.ut_line, ut->ut_line, sizeof(ut->ut_line)) == 0) &&
+ if (atomicio(read, fd, &old_ut, sizeof(old_ut)) == sizeof(old_ut) &&
+ (ut->ut_host[0] == '\0') && (old_ut.ut_host[0] != '\0') &&
+ (strncmp(old_ut.ut_line, ut->ut_line, sizeof(ut->ut_line)) == 0) &&
(strncmp(old_ut.ut_name, ut->ut_name, sizeof(ut->ut_name)) == 0)) {
(void)memcpy(ut->ut_host, old_ut.ut_host, sizeof(ut->ut_host));
}
-
+
(void)lseek(fd, (off_t)(tty * sizeof(struct utmp)), SEEK_SET);
if (atomicio(write, fd, ut, sizeof(*ut)) != sizeof(*ut))
log("utmp_write_direct: error writing %s: %s",
UTMP_FILE, strerror(errno));
-
+
(void)close(fd);
return 1;
} else {
/* write a utmp entry direct to the file */
static int
utmpx_write_direct(struct logininfo *li, struct utmpx *utx)
-{
+{
log("utmpx_write_direct: not implemented!");
return 0;
}
** Low-level wtmp functions
**/
-#ifdef USE_WTMP
+#ifdef USE_WTMP
/* write a wtmp entry direct to the end of the file */
/* This is a slight modification of code in OpenBSD's logwtmp.c */
WTMP_FILE, strerror(errno));
return 0;
}
- if (fstat(fd, &buf) == 0)
+ if (fstat(fd, &buf) == 0)
if (atomicio(write, fd, ut, sizeof(*ut)) != sizeof(*ut)) {
ftruncate(fd, buf.st_size);
log("wtmp_write: problem writing %s: %s",
/* Notes on fetching login data from wtmp/wtmpx
- *
+ *
* Logouts are usually recorded with (amongst other things) a blank
* username on a given tty line. However, some systems (HP-UX is one)
* leave all fields set, but change the ut_type field to DEAD_PROCESS.
static int
wtmp_islogin(struct logininfo *li, struct utmp *ut)
{
- if (strncmp(li->username, ut->ut_name,
+ if (strncmp(li->username, ut->ut_name,
MIN_SIZEOF(li->username, ut->ut_name)) == 0) {
# ifdef HAVE_TYPE_IN_UTMP
if (ut->ut_type & USER_PROCESS)
WTMP_FILE, strerror(errno));
return 0;
}
- if (fstat(fd, &st) != 0) {
+ if (fstat(fd, &st) != 0) {
log("wtmp_get_entry: couldn't stat %s: %s",
WTMP_FILE, strerror(errno));
close(fd);
return 0;
}
- if (fstat(fd, &buf) == 0)
+ if (fstat(fd, &buf) == 0)
if (atomicio(write, fd, utx, sizeof(*utx)) != sizeof(*utx)) {
ftruncate(fd, buf.st_size);
log("wtmpx_write: problem writing %s: %s",
WTMPX_FILE, strerror(errno));
return 0;
}
- if (fstat(fd, &st) != 0) {
+ if (fstat(fd, &st) != 0) {
log("wtmpx_get_entry: couldn't stat %s: %s",
WTMP_FILE, strerror(errno));
close(fd);
return 0;
}
-
+
/* Seek to the start of the last struct utmpx */
if (lseek(fd, (off_t)(0-sizeof(struct utmpx)), SEEK_END) == -1 ) {
/* probably a newly rotated wtmpx file */
{
# ifdef HAVE_LOGOUT
char line[8];
-
+
(void)line_stripname(line, li->line, sizeof(line));
if (!logout(line)) {
{
/* clear the structure */
memset(last, '\0', sizeof(*last));
-
+
(void)line_stripname(last->ll_line, li->line, sizeof(last->ll_line));
strlcpy(last->ll_host, li->hostname,
MIN_SIZEOF(last->ll_host, li->hostname));
struct stat st;
if (stat(LASTLOG_FILE, &st) != 0) {
- log("lastlog_perform_login: Couldn't stat %s: %s", LASTLOG_FILE,
+ log("lastlog_perform_login: Couldn't stat %s: %s", LASTLOG_FILE,
strerror(errno));
return 0;
}
lastlog_file, strerror(errno));
return 0;
}
-
+
if (type == LL_FILE) {
/* find this uid's offset in the lastlog file */
offset = (off_t) ( (long)li->uid * sizeof(struct lastlog));
if ( lseek(*fd, offset, SEEK_SET) != offset ) {
log("lastlog_openseek: %s->lseek(): %s",
- lastlog_file, strerror(errno));
+ lastlog_file, strerror(errno));
return 0;
}
}
-
+
return 1;
}
if (!lastlog_openseek(li, &fd, O_RDWR|O_CREAT))
return(0);
-
+
/* write the entry */
if (atomicio(write, fd, &last, sizeof(last)) != sizeof(last)) {
close(fd);
lastlog_populate_entry(struct logininfo *li, struct lastlog *last)
{
line_fullname(li->line, last->ll_line, sizeof(li->line));
- strlcpy(li->hostname, last->ll_host,
+ strlcpy(li->hostname, last->ll_host,
MIN_SIZEOF(li->hostname, last->ll_host));
li->tv_sec = last->ll_time;
}
return 1;
}
} else {
- return 0;
+ return 0;
}
}
#endif /* USE_LASTLOG */
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
-/**
+/**
** loginrec.h: platform-independent login recording and lastlog retrieval
**/
* use time_t's value as tv_sec and set tv_usec to 0
*/
unsigned int tv_sec;
- unsigned int tv_usec;
+ unsigned int tv_usec;
union login_netinfo hostaddr; /* caller's host address(es) */
}; /* struct logininfo */
/* free a structure */
void login_free_entry(struct logininfo *li);
/* fill out a pre-allocated structure with useful information */
-int login_init_entry(struct logininfo *li, int pid, const char *username,
+int login_init_entry(struct logininfo *li, int pid, const char *username,
const char *hostname, const char *line);
/* place the current time in a logininfo struct */
void login_set_current_time(struct logininfo *li);
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
-/**
+/**
** logintest.c: simple test driver for platform-independent login recording
** and lastlog retrieval
**/
"\t\t\tfamily\t%d\n\t\t}\n"
"\t}\n"
"}\n",
- descname, li->progname, li->type,
+ descname, li->progname, li->type,
li->pid, li->uid, li->line,
- li->username, li->hostname, li->exit,
- li->termination, li->tv_sec, li->tv_usec,
+ li->username, li->hostname, li->exit,
+ li->termination, li->tv_sec, li->tv_usec,
li->hostaddr.sa.sa_family);
}
if (nologtest)
return 1;
-
+
line_stripname(stripline, li1->line, sizeof(stripline));
printf("Performing an invalid login attempt (no type field)\n--\n");
#endif
printf("--\n");
login_login(li1);
-
+
snprintf(cmdstring, sizeof(cmdstring), "who | grep '%s '",
stripline);
system(cmdstring);
-
+
printf("--\nPausing for %d second(s)...\n", PAUSE_BEFORE_LOGOUT);
sleep(PAUSE_BEFORE_LOGOUT);
#endif
printf("--\nThe output of 'last' shown next should have "
- "an entry for root \n on %s for the time shown above:\n--\n",
+ "an entry for root \n on %s for the time shown above:\n--\n",
stripline);
snprintf(cmdstring, sizeof(cmdstring), "last | grep '%s ' | head -3",
stripline);
system(cmdstring);
-
+
printf("--\nEnd of login test.\n");
login_free_entry(li1);
/* show which options got compiled in */
void
showOptions(void)
-{
+{
printf("**\n** Compile-time options\n**\n");
-
+
printf("login recording methods selected:\n");
#ifdef USE_LOGIN
printf("\tUSE_LOGIN\n");
else if (strncmp(argv[1], "-v", 3) == 0)
be_verbose=1;
}
-
+
if (!compile_opts_only) {
if (be_verbose && !testOutput())
return 1;
-
+
if (!testAPI())
return 1;
}
showOptions();
-
+
return 0;
} /* main() */
"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
static char *magic = "$1$"; /*
- * This string is magic for
- * this algorithm. Having
- * it this way, we can get
- * get better later on
- */
+ * This string is magic for
+ * this algorithm. Having
+ * it this way, we can get
+ * get better later on
+ */
static void
to64(char *s, unsigned long v, int n)
int
is_md5_salt(const char *salt)
{
- return (!strncmp(salt, magic, strlen(magic)));
+ return (!strncmp(salt, magic, strlen(magic)));
}
/*
return;
debug("channel %d: close_read", c->self);
if (c->sock != -1) {
- /*
+ /*
* shutdown(sock, SHUT_READ) may return ENOTCONN if the
* write side has been closed already. (bug on Linux)
*/
default:
return type;
break;
- }
+ }
} else {
switch(type) {
case SSH_MSG_IGNORE:
DBG(debug("received packet type %d", type));
return type;
break;
- }
+ }
}
}
}
*ptyfd = open(buf, O_RDWR | O_NOCTTY);
if (*ptyfd < 0)
continue;
- }
-
+ }
+
/* Open the slave side. */
*ttyfd = open(namebuf, O_RDWR | O_NOCTTY);
if (*ttyfd < 0) {
if (chown(ttyname, pw->pw_uid, gid) < 0) {
if (errno == EROFS && st.st_uid == pw->pw_uid)
error("chown(%.100s, %d, %d) failed: %.100s",
- ttyname, pw->pw_uid, gid,
+ ttyname, pw->pw_uid, gid,
strerror(errno));
else
fatal("chown(%.100s, %d, %d) failed: %.100s",
- ttyname, pw->pw_uid, gid,
+ ttyname, pw->pw_uid, gid,
strerror(errno));
}
}
#define bswap(x) ((rotl(x, 8) & 0x00ff00ff) | (rotr(x, 8) & 0xff00ff00))
-/* Extract byte from a 32 bit quantity (little endian notation) */
+/* Extract byte from a 32 bit quantity (little endian notation) */
#define byte(x,n) ((u1byte)((x) >> (8 * n)))
#define f_rn(bo, bi, n, k) \
bo[n] = ft_tab[0][byte(bi[n],0)] ^ \
- ft_tab[1][byte(bi[(n + 1) & 3],1)] ^ \
- ft_tab[2][byte(bi[(n + 2) & 3],2)] ^ \
- ft_tab[3][byte(bi[(n + 3) & 3],3)] ^ *(k + n)
+ ft_tab[1][byte(bi[(n + 1) & 3],1)] ^ \
+ ft_tab[2][byte(bi[(n + 2) & 3],2)] ^ \
+ ft_tab[3][byte(bi[(n + 3) & 3],3)] ^ *(k + n)
#define i_rn(bo, bi, n, k) \
bo[n] = it_tab[0][byte(bi[n],0)] ^ \
- it_tab[1][byte(bi[(n + 3) & 3],1)] ^ \
- it_tab[2][byte(bi[(n + 2) & 3],2)] ^ \
- it_tab[3][byte(bi[(n + 1) & 3],3)] ^ *(k + n)
+ it_tab[1][byte(bi[(n + 3) & 3],1)] ^ \
+ it_tab[2][byte(bi[(n + 2) & 3],2)] ^ \
+ it_tab[3][byte(bi[(n + 1) & 3],3)] ^ *(k + n)
#ifdef LARGE_TABLES
#define f_rl(bo, bi, n, k) \
bo[n] = fl_tab[0][byte(bi[n],0)] ^ \
- fl_tab[1][byte(bi[(n + 1) & 3],1)] ^ \
- fl_tab[2][byte(bi[(n + 2) & 3],2)] ^ \
- fl_tab[3][byte(bi[(n + 3) & 3],3)] ^ *(k + n)
+ fl_tab[1][byte(bi[(n + 1) & 3],1)] ^ \
+ fl_tab[2][byte(bi[(n + 2) & 3],2)] ^ \
+ fl_tab[3][byte(bi[(n + 3) & 3],3)] ^ *(k + n)
#define i_rl(bo, bi, n, k) \
bo[n] = il_tab[0][byte(bi[n],0)] ^ \
- il_tab[1][byte(bi[(n + 3) & 3],1)] ^ \
- il_tab[2][byte(bi[(n + 2) & 3],2)] ^ \
- il_tab[3][byte(bi[(n + 1) & 3],3)] ^ *(k + n)
+ il_tab[1][byte(bi[(n + 3) & 3],1)] ^ \
+ il_tab[2][byte(bi[(n + 2) & 3],2)] ^ \
+ il_tab[3][byte(bi[(n + 1) & 3],3)] ^ *(k + n)
#else
#define f_rl(bo, bi, n, k) \
bo[n] = (u4byte)sbx_tab[byte(bi[n],0)] ^ \
- rotl(((u4byte)sbx_tab[byte(bi[(n + 1) & 3],1)]), 8) ^ \
- rotl(((u4byte)sbx_tab[byte(bi[(n + 2) & 3],2)]), 16) ^ \
- rotl(((u4byte)sbx_tab[byte(bi[(n + 3) & 3],3)]), 24) ^ *(k + n)
+ rotl(((u4byte)sbx_tab[byte(bi[(n + 1) & 3],1)]), 8) ^ \
+ rotl(((u4byte)sbx_tab[byte(bi[(n + 2) & 3],2)]), 16) ^ \
+ rotl(((u4byte)sbx_tab[byte(bi[(n + 3) & 3],3)]), 24) ^ *(k + n)
#define i_rl(bo, bi, n, k) \
bo[n] = (u4byte)isb_tab[byte(bi[n],0)] ^ \
- rotl(((u4byte)isb_tab[byte(bi[(n + 3) & 3],1)]), 8) ^ \
- rotl(((u4byte)isb_tab[byte(bi[(n + 2) & 3],2)]), 16) ^ \
- rotl(((u4byte)isb_tab[byte(bi[(n + 1) & 3],3)]), 24) ^ *(k + n)
+ rotl(((u4byte)isb_tab[byte(bi[(n + 3) & 3],1)]), 8) ^ \
+ rotl(((u4byte)isb_tab[byte(bi[(n + 2) & 3],2)]), 16) ^ \
+ rotl(((u4byte)isb_tab[byte(bi[(n + 1) & 3],3)]), 24) ^ *(k + n)
#endif
log_tab[1] = 0; p = 1;
for(i = 0; i < 10; ++i) {
- rco_tab[i] = p;
+ rco_tab[i] = p;
p = (p << 1) ^ (p & 0x80 ? 0x1b : 0);
}
/* least significant end of a byte. */
for(i = 0; i < 256; ++i) {
- p = (i ? pow_tab[255 - log_tab[i]] : 0); q = p;
- q = (q >> 7) | (q << 1); p ^= q;
- q = (q >> 7) | (q << 1); p ^= q;
- q = (q >> 7) | (q << 1); p ^= q;
- q = (q >> 7) | (q << 1); p ^= q ^ 0x63;
+ p = (i ? pow_tab[255 - log_tab[i]] : 0); q = p;
+ q = (q >> 7) | (q << 1); p ^= q;
+ q = (q >> 7) | (q << 1); p ^= q;
+ q = (q >> 7) | (q << 1); p ^= q;
+ q = (q >> 7) | (q << 1); p ^= q ^ 0x63;
sbx_tab[i] = (u1byte)p; isb_tab[p] = (u1byte)i;
}
for(i = 0; i < 256; ++i) {
- p = sbx_tab[i];
+ p = sbx_tab[i];
+
+#ifdef LARGE_TABLES
-#ifdef LARGE_TABLES
-
t = p; fl_tab[0][i] = t;
fl_tab[1][i] = rotl(t, 8);
fl_tab[2][i] = rotl(t, 16);
((u4byte)p << 8) |
((u4byte)p << 16) |
((u4byte)ff_mult(3, p) << 24);
-
+
ft_tab[0][i] = t;
ft_tab[1][i] = rotl(t, 8);
ft_tab[2][i] = rotl(t, 16);
ft_tab[3][i] = rotl(t, 24);
- p = isb_tab[i];
+ p = isb_tab[i];
-#ifdef LARGE_TABLES
-
- t = p; il_tab[0][i] = t;
- il_tab[1][i] = rotl(t, 8);
- il_tab[2][i] = rotl(t, 16);
+#ifdef LARGE_TABLES
+
+ t = p; il_tab[0][i] = t;
+ il_tab[1][i] = rotl(t, 8);
+ il_tab[2][i] = rotl(t, 16);
il_tab[3][i] = rotl(t, 24);
-#endif
+#endif
t = ((u4byte)ff_mult(14, p)) |
((u4byte)ff_mult( 9, p) << 8) |
((u4byte)ff_mult(13, p) << 16) |
((u4byte)ff_mult(11, p) << 24);
-
- it_tab[0][i] = t;
- it_tab[1][i] = rotl(t, 8);
- it_tab[2][i] = rotl(t, 16);
- it_tab[3][i] = rotl(t, 24);
+
+ it_tab[0][i] = t;
+ it_tab[1][i] = rotl(t, 8);
+ it_tab[2][i] = rotl(t, 16);
+ it_tab[3][i] = rotl(t, 24);
}
tab_gen = 1;
t = w ^ (x); \
(y) = u ^ v ^ w; \
(y) ^= rotr(u ^ t, 8) ^ \
- rotr(v ^ t, 16) ^ \
- rotr(t,24)
+ rotr(v ^ t, 16) ^ \
+ rotr(t,24)
/* initialise the key schedule from the user supplied key */
rijndael_ctx *
rijndael_set_key(rijndael_ctx *ctx, const u4byte *in_key, const u4byte key_len,
int encrypt)
-{
+{
u4byte i, t, u, v, w;
u4byte *e_key = ctx->e_key;
u4byte *d_key = ctx->d_key;
e_key[0] = io_swap(in_key[0]); e_key[1] = io_swap(in_key[1]);
e_key[2] = io_swap(in_key[2]); e_key[3] = io_swap(in_key[3]);
-
+
switch(ctx->k_len) {
- case 4: t = e_key[3];
- for(i = 0; i < 10; ++i)
+ case 4: t = e_key[3];
+ for(i = 0; i < 10; ++i)
loop4(i);
- break;
+ break;
- case 6: e_key[4] = io_swap(in_key[4]); t = e_key[5] = io_swap(in_key[5]);
- for(i = 0; i < 8; ++i)
+ case 6: e_key[4] = io_swap(in_key[4]); t = e_key[5] = io_swap(in_key[5]);
+ for(i = 0; i < 8; ++i)
loop6(i);
- break;
+ break;
- case 8: e_key[4] = io_swap(in_key[4]); e_key[5] = io_swap(in_key[5]);
- e_key[6] = io_swap(in_key[6]); t = e_key[7] = io_swap(in_key[7]);
- for(i = 0; i < 7; ++i)
+ case 8: e_key[4] = io_swap(in_key[4]); e_key[5] = io_swap(in_key[5]);
+ e_key[6] = io_swap(in_key[6]); t = e_key[7] = io_swap(in_key[7]);
+ for(i = 0; i < 7; ++i)
loop8(i);
- break;
+ break;
}
if (!encrypt) {
void
rijndael_encrypt(rijndael_ctx *ctx, const u4byte *in_blk, u4byte *out_blk)
-{
+{
u4byte k_len = ctx->k_len;
u4byte *e_key = ctx->e_key;
u4byte b0[4], b1[4], *kp;
void
rijndael_decrypt(rijndael_ctx *ctx, const u4byte *in_blk, u4byte *out_blk)
-{
+{
u4byte b0[4], b1[4], *kp;
u4byte k_len = ctx->k_len;
u4byte *e_key = ctx->e_key;
* software must be clearly marked as such, and if the derived work is
* incompatible with the protocol description in the RFC file, it must be
* called by a name other than "ssh" or "Secure Shell".
- *
+ *
*
* Copyright (c) 1999 Niels Provos. All rights reserved.
*
remin = STDIN_FILENO;
remout = STDOUT_FILENO;
- if (fflag) {
+ if (fflag) {
/* Follow "protocol", send data. */
(void) response();
source(argc, argv);
size = blksize + (stb.st_blksize - blksize % stb.st_blksize) %
stb.st_blksize;
#else /* HAVE_ST_BLKSIZE */
- size = blksize;
+ size = blksize;
#endif /* HAVE_ST_BLKSIZE */
if (bp->cnt >= size)
return (bp);
{ "port", sPort },
{ "hostkey", sHostKeyFile },
{ "hostdsakey", sHostKeyFile }, /* alias */
- { "pidfile", sPidFile },
+ { "pidfile", sPidFile },
{ "serverkeybits", sServerKeyBits },
{ "logingracetime", sLoginGraceTime },
{ "keyregenerationinterval", sKeyRegenerationTime },
case sXAuthLocation:
charptr = &options->xauth_location;
goto parse_filename;
-
+
case sStrictModes:
intptr = &options->strict_modes;
goto parse_flag;
case sBanner:
charptr = &options->banner;
goto parse_filename;
-
+
default:
fprintf(stderr, "%s line %d: Missing handler for opcode %s (%d)\n",
filename, linenum, arg, opcode);
exit(1);
}
if ((arg = strdelim(&cp)) != NULL && *arg != '\0') {
- fprintf(stderr,
+ fprintf(stderr,
"%s line %d: garbage at end of line; \"%.200s\".\n",
filename, linenum, arg);
exit(1);
} else {
/* Keep the packets at reasonable size. */
if (len > packet_get_maxsize())
- len = packet_get_maxsize();
+ len = packet_get_maxsize();
}
packet_start(SSH_SMSG_STDOUT_DATA);
packet_put_string(buffer_ptr(&stdout_buffer), len);
xfree(ctype);
}
-void
+void
server_input_global_request(int type, int plen, void *ctxt)
{
char *rtype;
rtype = packet_get_string(NULL);
want_reply = packet_get_char();
debug("server_input_global_request: rtype %s want_reply %d", rtype, want_reply);
-
+
if (strcmp(rtype, "tcpip-forward") == 0) {
struct passwd *pw;
char *listen_address;
#endif /* WITH_IRIX_PROJECT */
#ifdef WITH_IRIX_JOBS
#include <sys/resource.h>
-#endif
+#endif
#ifdef WITH_IRIX_AUDIT
#include <sat.h>
#endif /* WITH_IRIX_AUDIT */
static char *xauthfile;
/* original command from peer. */
-char *original_command = NULL;
+char *original_command = NULL;
/* data */
#define MAX_SESSIONS 10
if ((pam_env = fetch_pam_environment()) == NULL)
return;
-
+
for(i = 0; pam_env[i] != NULL; i++) {
if ((equals = strstr(pam_env[i], "=")) == NULL)
continue;
-
+
if (strlen(pam_env[i]) < (sizeof(var_name) - 1)) {
memset(var_name, '\0', sizeof(var_name));
memset(var_val, '\0', sizeof(var_val));
for(i = 0; environ[i] != NULL; i++) {
if ((equals = strstr(environ[i], "=")) == NULL)
continue;
-
+
if (strlen(environ[i]) < (sizeof(var_name) - 1)) {
memset(var_name, '\0', sizeof(var_name));
memset(var_val, '\0', sizeof(var_val));
if (jid == -1) {
fatal("Failed to create job container: %.100s",
strerror(errno));
- }
+ }
# endif /* WITH_IRIX_JOBS */
# ifdef WITH_IRIX_ARRAY
/* initialize array session */
fprintf(f, "add %s %s %s\n", display,
auth_proto, auth_data);
#ifndef HAVE_CYGWIN /* Unix sockets are not supported */
- if (screen != NULL)
+ if (screen != NULL)
fprintf(f, "add %.*s/unix%s %s %s\n",
(int)(screen-display), display,
screen, auth_proto, auth_data);
session_close(s);
} else {
/* notify child, delay session cleanup */
- if (s->pid <= 1)
+ if (s->pid <= 1)
fatal("session_close_by_channel: Unsafe s->pid = %d", s->pid);
if (kill(s->pid, (s->ttyfd == -1) ? SIGTERM : SIGHUP) < 0)
error("session_close_by_channel: kill %d: %s",
get_msg(fd_in, &msg);
- /* Expecting a VERSION reply */
+ /* Expecting a VERSION reply */
if ((type = buffer_get_char(&msg)) != SSH2_FXP_VERSION) {
error("Invalid packet back from SSH2_FXP_INIT (type %d)",
type);
int ret, status;
char *shell;
pid_t pid;
-
+
if (!*args)
args = NULL;
-
+
if ((shell = getenv("SHELL")) == NULL)
shell = _PATH_BSHELL;
debug3("Executing %s", shell);
ret = execl(shell, shell, NULL);
}
- fprintf(stderr, "Couldn't execute \"%s\": %s\n", shell,
+ fprintf(stderr, "Couldn't execute \"%s\": %s\n", shell,
strerror(errno));
_exit(1);
}
error("Shell exited with status %d", WEXITSTATUS(status));
}
-void
+void
local_do_ls(const char *args)
{
if (!args || !*args)
if (get_pathname(&cp, path1))
return(-1);
if (*path1 == NULL) {
- error("You must specify a path after a %s command.",
+ error("You must specify a path after a %s command.",
cmd);
return(-1);
}
if (get_pathname(&cp, path1))
return(-1);
if (*path1 == NULL) {
- error("You must specify a path after a %s command.",
+ error("You must specify a path after a %s command.",
cmd);
return(-1);
}
int
handle_to_fd(int handle)
{
- if (handle_is_ok(handle, HANDLE_FILE))
+ if (handle_is_ok(handle, HANDLE_FILE))
return handles[handle].fd;
return -1;
}
id = get_int();
path = get_string(NULL);
TRACE("opendir id %d path %s", id, path);
- dirp = opendir(path);
+ dirp = opendir(path);
if (dirp == NULL) {
status = errno_to_portable(errno);
} else {
send_handle(id, handle);
status = SSH2_FX_OK;
}
-
+
}
if (status != SSH2_FX_OK)
send_status(id, status);
handle_init();
#ifdef DEBUG_SFTP_SERVER
- log_init("sftp-server", SYSLOG_LEVEL_DEBUG1, SYSLOG_FACILITY_AUTH, 0);
+ log_init("sftp-server", SYSLOG_LEVEL_DEBUG1, SYSLOG_FACILITY_AUTH, 0);
#endif
in = dup(STDIN_FILENO);
return(args);
}
-void
+void
usage(void)
{
fprintf(stderr, "usage: sftp [-vC] [-osshopt=value] [user@]host\n");
exit(1);
}
-int
+int
main(int argc, char **argv)
{
int in, out, i, debug_level, compress_flag;
__progname = get_progname(argv[0]);
init_rng();
- SSLeay_add_all_algorithms();
+ SSLeay_add_all_algorithms();
/* At first, get a connection to the authentication agent. */
ac = ssh_get_authentication_connection();
__progname = get_progname(av[0]);
init_rng();
-
+
#ifdef __GNU_LIBRARY__
while ((ch = getopt(ac, av, "+cks")) != -1) {
#else /* __GNU_LIBRARY__ */
memset(sigblob, 0, len);
xfree(sigblob);
}
-
+
/* sha1 the data */
dlen = evp_md->md_size;
digest = xmalloc(dlen);
#define SSH_COM_PUBLIC_BEGIN "---- BEGIN SSH2 PUBLIC KEY ----"
#define SSH_COM_PUBLIC_END "---- END SSH2 PUBLIC KEY ----"
#define SSH_COM_PRIVATE_BEGIN "---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ----"
-#define SSH_COM_PRIVATE_KEY_MAGIC 0x3f6ff9eb
+#define SSH_COM_PRIVATE_KEY_MAGIC 0x3f6ff9eb
void
do_convert_to_ssh2(struct passwd *pw)
c = tq.tqh_first;
while (c &&
(c->c_tv.tv_sec < now.tv_sec ||
- (c->c_tv.tv_sec == now.tv_sec && c->c_tv.tv_usec < now.tv_usec))) {
+ (c->c_tv.tv_sec == now.tv_sec && c->c_tv.tv_usec < now.tv_usec))) {
int s = c->c_fd;
c = c->c_link.tqe_next;
conrecycle(s);
#ifdef AFS
fprintf(stderr, " -k Disable Kerberos ticket and AFS token forwarding.\n");
#endif /* AFS */
- fprintf(stderr, " -X Enable X11 connection forwarding.\n");
+ fprintf(stderr, " -X Enable X11 connection forwarding.\n");
fprintf(stderr, " -x Disable X11 connection forwarding.\n");
fprintf(stderr, " -i file Identity for RSA authentication (default: ~/.ssh/identity).\n");
fprintf(stderr, " -t Tty; allocate a tty even if command is given.\n");
/* XXX should be pre-session */
ssh_init_forwarding();
-
+
/* If requested, let ssh continue in the background. */
if (fork_after_authentication_flag)
if (daemon(1, 1) < 0)
int remote_major, remote_minor, i, mismatch;
int connection_in = packet_get_connection_in();
int connection_out = packet_get_connection_out();
- int minor1 = PROTOCOL_MINOR_1;
+ int minor1 = PROTOCOL_MINOR_1;
/* Read other side\'s version identification. */
for (;;) {
error("X11 forwarding is disabled to avoid trojan horses.");
options.forward_x11 = 0;
}
- if (options.num_local_forwards > 0 || options.num_remote_forwards > 0) {
+ if (options.num_local_forwards > 0 || options.num_remote_forwards > 0) {
error("Port forwarding is disabled to avoid trojan horses.");
options.num_local_forwards = options.num_remote_forwards = 0;
}
/* diffie-hellman-group1-sha1 */
void
-ssh_dh1_client(Kex *kex, char *host, struct sockaddr *hostaddr,
+ssh_dh1_client(Kex *kex, char *host, struct sockaddr *hostaddr,
Buffer *client_kexinit, Buffer *server_kexinit)
{
#ifdef DEBUG_KEXDH
int
dh_estimate(int bits)
{
-
+
if (bits < 64)
return (512); /* O(2**63) */
if (bits < 128)
buffer_ptr(client_kexinit), buffer_len(client_kexinit),
buffer_ptr(server_kexinit), buffer_len(server_kexinit),
server_host_key_blob, sbloblen,
- nbits, dh->p, dh->g,
+ nbits, dh->p, dh->g,
dh->pub_key,
dh_server_pub,
shared_secret
for (;;) {
method = authmethod_get(authlist);
if (method == NULL)
- fatal("Unable to find an authentication method");
+ fatal("Unable to find an authentication method");
authctxt->method = method;
if (method->userauth(authctxt) != 0) {
debug2("we sent a %s packet, wait for reply", method->name);
debug2("we did not send a packet, disable method");
method->enabled = NULL;
}
- }
+ }
xfree(authlist);
}
buffer_init(&b);
if (datafellows & SSH_OLD_SESSIONID) {
buffer_append(&b, session_id2, session_id2_len);
- skip = session_id2_len;
+ skip = session_id2_len;
} else {
buffer_put_string(&b, session_id2, session_id2_len);
skip = buffer_len(&b);
} else {
buffer_put_cstring(&b, authctxt->method->name);
buffer_put_char(&b, have_sig);
- buffer_put_cstring(&b, key_ssh_name(k));
+ buffer_put_cstring(&b, key_ssh_name(k));
}
buffer_put_string(&b, blob, bloblen);
buffer_put_cstring(&b, authctxt->method->name);
buffer_put_char(&b, have_sig);
if (!(datafellows & SSH_BUG_PKAUTH))
- buffer_put_cstring(&b, key_ssh_name(k));
+ buffer_put_cstring(&b, key_ssh_name(k));
buffer_put_string(&b, blob, bloblen);
}
xfree(blob);
* use a built-in default list. If the server sends a nil list after
* previously sending a valid list, continue using the list originally
* sent.
- */
+ */
Authmethod *
authmethod_get(char *authlist)
{
char *name = NULL, *authname_old;
Authmethod *method = NULL;
-
+
/* Use a suitable default if we're passed a nil list. */
if (authlist == NULL || strlen(authlist) == 0)
authlist = def_authlist;
key_free(sensitive_data.server_key);
sensitive_data.server_key = NULL;
}
- for(i = 0; i < options.num_host_key_files; i++) {
+ for(i = 0; i < options.num_host_key_files; i++) {
if (sensitive_data.host_keys[i]) {
key_free(sensitive_data.host_keys[i]);
sensitive_data.host_keys[i] = NULL;
startups++;
break;
}
-
+
/*
* Got connection. Fork a child to handle it, unless
* we are in debugging mode.
fprintf(stderr, "\npub= ");
BN_print_fp(stderr, dh->pub_key);
fprintf(stderr, "\n");
- DHparams_print_fp(stderr, dh);
+ DHparams_print_fp(stderr, dh);
#endif
if (!dh_pub_is_valid(dh, dh_client_pub))
packet_disconnect("bad client public DH value");
fprintf(stderr, "\npub= ");
BN_print_fp(stderr, dh->pub_key);
fprintf(stderr, "\n");
- DHparams_print_fp(stderr, dh);
+ DHparams_print_fp(stderr, dh);
#endif
if (!dh_pub_is_valid(dh, dh_client_pub))
packet_disconnect("bad client public DH value");
* All rights reserved
* Versions of malloc and friends that check their results, and never return
* failure (they call fatal if they encounter an error).
- *
+ *
* As far as I am concerned, the code I have written for this software
* can be used freely for any purpose. Any derived versions of this
* software must be clearly marked as such, and if the derived work is