[many files; did this manually to our top-level source dir]
unexpand and remove end-of-line whitespace; ok markus@
49 files changed:
- - (bal) Disable groupaccess by setting NGROUP_MAX to 0 for platforms
+ - (bal) Disable groupaccess by setting NGROUPS_MAX to 0 for platforms
that don't have NGROUPS_MAX.
- (bal) AIX patch for auth1.c by William L. Jones <jones@hpc.utexas.edu>
that don't have NGROUPS_MAX.
- (bal) AIX patch for auth1.c by William L. Jones <jones@hpc.utexas.edu>
+ - (stevesk) OpenBSD sync:
+ - stevesk@cvs.openbsd.org 2001/02/04 08:32:27
+ [many files; did this manually to our top-level source dir]
+ unexpand and remove end-of-line whitespace; ok markus@
20010104
- (bal) I think this is the last of the bsd-*.h that don't belong.
20010104
- (bal) I think this is the last of the bsd-*.h that don't belong.
/* Define if you are using Solaris-derived PAM which passes pam_messages */
/* to the conversation function with an extra level of indirection */
#undef PAM_SUN_CODEBASE
/* Define if you are using Solaris-derived PAM which passes pam_messages */
/* to the conversation function with an extra level of indirection */
#undef PAM_SUN_CODEBASE
/* Set this to your mail directory if you don't have maillock.h */
#undef MAIL_DIRECTORY
/* Set this to your mail directory if you don't have maillock.h */
#undef MAIL_DIRECTORY
get_challenge(Authctxt *authctxt, char *devs)
{
static char challenge[1024];
get_challenge(Authctxt *authctxt, char *devs)
{
static char challenge[1024];
if (skeychallenge(&skey, authctxt->user, challenge) == -1)
return NULL;
strlcat(challenge, "\nS/Key Password: ", sizeof challenge);
if (skeychallenge(&skey, authctxt->user, challenge) == -1)
return NULL;
strlcat(challenge, "\nS/Key Password: ", sizeof challenge);
/* PAM will free this later */
reply = malloc(num_msg * sizeof(*reply));
if (reply == NULL)
/* PAM will free this later */
reply = malloc(num_msg * sizeof(*reply));
if (reply == NULL)
for (count = 0; count < num_msg; count++) {
switch(PAM_MSG_MEMBER(msg, count, msg_style)) {
for (count = 0; count < num_msg; count++) {
switch(PAM_MSG_MEMBER(msg, count, msg_style)) {
}
reply[count].resp = xstrdup(pampasswd);
} else {
}
reply[count].resp = xstrdup(pampasswd);
} else {
xstrdup(read_passphrase(PAM_MSG_MEMBER(msg, count, msg), 1));
}
reply[count].resp_retcode = PAM_SUCCESS;
xstrdup(read_passphrase(PAM_MSG_MEMBER(msg, count, msg), 1));
}
reply[count].resp_retcode = PAM_SUCCESS;
{
pam_retval = pam_close_session(pamh, 0);
if (pam_retval != PAM_SUCCESS) {
{
pam_retval = pam_close_session(pamh, 0);
if (pam_retval != PAM_SUCCESS) {
- log("Cannot close PAM session[%d]: %.200s",
+ log("Cannot close PAM session[%d]: %.200s",
pam_retval, PAM_STRERROR(pamh, pam_retval));
}
pam_retval = pam_setcred(pamh, PAM_DELETE_CRED);
if (pam_retval != PAM_SUCCESS) {
pam_retval, PAM_STRERROR(pamh, pam_retval));
}
pam_retval = pam_setcred(pamh, PAM_DELETE_CRED);
if (pam_retval != PAM_SUCCESS) {
- debug("Cannot delete credentials[%d]: %.200s",
+ debug("Cannot delete credentials[%d]: %.200s",
pam_retval, PAM_STRERROR(pamh, pam_retval));
}
pam_retval = pam_end(pamh, pam_retval);
if (pam_retval != PAM_SUCCESS) {
pam_retval, PAM_STRERROR(pamh, pam_retval));
}
pam_retval = pam_end(pamh, pam_retval);
if (pam_retval != PAM_SUCCESS) {
- log("Cannot release PAM authentication[%d]: %.200s",
+ log("Cannot release PAM authentication[%d]: %.200s",
pam_retval, PAM_STRERROR(pamh, pam_retval));
}
}
pam_retval, PAM_STRERROR(pamh, pam_retval));
}
}
return 0;
pampasswd = password;
return 0;
pampasswd = password;
pamstate = INITIAL_LOGIN;
pam_retval = do_pam_authenticate(0);
if (pam_retval == PAM_SUCCESS) {
pamstate = INITIAL_LOGIN;
pam_retval = do_pam_authenticate(0);
if (pam_retval == PAM_SUCCESS) {
- debug("PAM Password authentication accepted for user \"%.100s\"",
+ debug("PAM Password authentication accepted for user \"%.100s\"",
pw->pw_name);
return 1;
} else {
pw->pw_name);
return 1;
} else {
- debug("PAM Password authentication for \"%.100s\" failed[%d]: %s",
+ debug("PAM Password authentication for \"%.100s\" failed[%d]: %s",
pw->pw_name, pam_retval, PAM_STRERROR(pamh, pam_retval));
return 0;
}
pw->pw_name, pam_retval, PAM_STRERROR(pamh, pam_retval));
return 0;
}
{
int pam_retval;
extern ServerOptions options;
{
int pam_retval;
extern ServerOptions options;
-
- debug("PAM setting rhost to \"%.200s\"",
+
+ debug("PAM setting rhost to \"%.200s\"",
get_canonical_hostname(options.reverse_mapping_check));
get_canonical_hostname(options.reverse_mapping_check));
- pam_retval = pam_set_item(pamh, PAM_RHOST,
+ pam_retval = pam_set_item(pamh, PAM_RHOST,
get_canonical_hostname(options.reverse_mapping_check));
if (pam_retval != PAM_SUCCESS) {
get_canonical_hostname(options.reverse_mapping_check));
if (pam_retval != PAM_SUCCESS) {
- fatal("PAM set rhost failed[%d]: %.200s",
+ fatal("PAM set rhost failed[%d]: %.200s",
pam_retval, PAM_STRERROR(pamh, pam_retval));
}
pam_retval, PAM_STRERROR(pamh, pam_retval));
}
debug("PAM setting ruser to \"%.200s\"", remote_user);
pam_retval = pam_set_item(pamh, PAM_RUSER, remote_user);
if (pam_retval != PAM_SUCCESS) {
debug("PAM setting ruser to \"%.200s\"", remote_user);
pam_retval = pam_set_item(pamh, PAM_RUSER, remote_user);
if (pam_retval != PAM_SUCCESS) {
- fatal("PAM set ruser failed[%d]: %.200s",
+ fatal("PAM set ruser failed[%d]: %.200s",
pam_retval, PAM_STRERROR(pamh, pam_retval));
}
}
pam_retval, PAM_STRERROR(pamh, pam_retval));
}
}
password_change_required = 1;
break;
default:
password_change_required = 1;
break;
default:
- log("PAM rejected by account configuration[%d]: %.200s",
+ log("PAM rejected by account configuration[%d]: %.200s",
pam_retval, PAM_STRERROR(pamh, pam_retval));
return(0);
}
pam_retval, PAM_STRERROR(pamh, pam_retval));
return(0);
}
debug("PAM setting tty to \"%.200s\"", ttyname);
pam_retval = pam_set_item(pamh, PAM_TTY, ttyname);
if (pam_retval != PAM_SUCCESS) {
debug("PAM setting tty to \"%.200s\"", ttyname);
pam_retval = pam_set_item(pamh, PAM_TTY, ttyname);
if (pam_retval != PAM_SUCCESS) {
- fatal("PAM set tty failed[%d]: %.200s",
+ fatal("PAM set tty failed[%d]: %.200s",
pam_retval, PAM_STRERROR(pamh, pam_retval));
}
}
pam_retval = pam_open_session(pamh, 0);
if (pam_retval != PAM_SUCCESS) {
pam_retval, PAM_STRERROR(pamh, pam_retval));
}
}
pam_retval = pam_open_session(pamh, 0);
if (pam_retval != PAM_SUCCESS) {
- fatal("PAM session setup failed[%d]: %.200s",
+ fatal("PAM session setup failed[%d]: %.200s",
pam_retval, PAM_STRERROR(pamh, pam_retval));
}
}
pam_retval, PAM_STRERROR(pamh, pam_retval));
}
}
-/* Set PAM credentials */
+/* Set PAM credentials */
void do_pam_setcred(void)
{
int pam_retval;
void do_pam_setcred(void)
{
int pam_retval;
debug("PAM establishing creds");
pam_retval = pam_setcred(pamh, PAM_ESTABLISH_CRED);
if (pam_retval != PAM_SUCCESS) {
if(was_authenticated) {
debug("PAM establishing creds");
pam_retval = pam_setcred(pamh, PAM_ESTABLISH_CRED);
if (pam_retval != PAM_SUCCESS) {
if(was_authenticated) {
- fatal("PAM setcred failed[%d]: %.200s",
+ fatal("PAM setcred failed[%d]: %.200s",
pam_retval, PAM_STRERROR(pamh, pam_retval));
} else {
pam_retval, PAM_STRERROR(pamh, pam_retval));
} else {
- debug("PAM setcred failed[%d]: %.200s",
+ debug("PAM setcred failed[%d]: %.200s",
pam_retval, PAM_STRERROR(pamh, pam_retval));
}
}
pam_retval, PAM_STRERROR(pamh, pam_retval));
}
}
return password_change_required;
}
return password_change_required;
}
* Have user change authentication token if pam_acct_mgmt() indicated
* it was expired. This needs to be called after an interactive
* session is established and the user's pty is connected to
* Have user change authentication token if pam_acct_mgmt() indicated
* it was expired. This needs to be called after an interactive
* session is established and the user's pty is connected to
do {
pam_retval = pam_chauthtok(pamh, PAM_CHANGE_EXPIRED_AUTHTOK);
if (pam_retval != PAM_SUCCESS) {
do {
pam_retval = pam_chauthtok(pamh, PAM_CHANGE_EXPIRED_AUTHTOK);
if (pam_retval != PAM_SUCCESS) {
- log("PAM pam_chauthtok failed[%d]: %.200s",
+ log("PAM pam_chauthtok failed[%d]: %.200s",
pam_retval, PAM_STRERROR(pamh, pam_retval));
}
} while (pam_retval != PAM_SUCCESS);
pam_retval, PAM_STRERROR(pamh, pam_retval));
}
} while (pam_retval != PAM_SUCCESS);
pam_retval = pam_start(SSHD_PAM_SERVICE, user, &conv, &pamh);
if (pam_retval != PAM_SUCCESS) {
pam_retval = pam_start(SSHD_PAM_SERVICE, user, &conv, &pamh);
if (pam_retval != PAM_SUCCESS) {
- fatal("PAM initialisation failed[%d]: %.200s",
+ fatal("PAM initialisation failed[%d]: %.200s",
pam_retval, PAM_STRERROR(pamh, pam_retval));
}
#ifdef PAM_TTY_KLUDGE
/*
* Some PAM modules (e.g. pam_time) require a TTY to operate,
pam_retval, PAM_STRERROR(pamh, pam_retval));
}
#ifdef PAM_TTY_KLUDGE
/*
* Some PAM modules (e.g. pam_time) require a TTY to operate,
- * and will fail in various stupid ways if they don't get one.
+ * and will fail in various stupid ways if they don't get one.
* sshd doesn't set the tty until too late in the auth process and may
* not even need one (for tty-less connections)
* sshd doesn't set the tty until too late in the auth process and may
* not even need one (for tty-less connections)
- * Kludge: Set a fake PAM_TTY
+ * Kludge: Set a fake PAM_TTY
*/
pam_retval = pam_set_item(pamh, PAM_TTY, "ssh");
if (pam_retval != PAM_SUCCESS) {
*/
pam_retval = pam_set_item(pamh, PAM_TTY, "ssh");
if (pam_retval != PAM_SUCCESS) {
- fatal("PAM set tty failed[%d]: %.200s",
+ fatal("PAM set tty failed[%d]: %.200s",
pam_retval, PAM_STRERROR(pamh, pam_retval));
}
#endif /* PAM_TTY_KLUDGE */
pam_retval, PAM_STRERROR(pamh, pam_retval));
}
#endif /* PAM_TTY_KLUDGE */
char *p;
size_t new_msg_len;
size_t pam_msg_len;
char *p;
size_t new_msg_len;
size_t pam_msg_len;
new_msg_len = strlen(msg);
new_msg_len = strlen(msg);
if (pam_msg) {
pam_msg_len = strlen(pam_msg);
pam_msg = xrealloc(pam_msg, new_msg_len + pam_msg_len + 2);
if (pam_msg) {
pam_msg_len = strlen(pam_msg);
pam_msg = xrealloc(pam_msg, new_msg_len + pam_msg_len + 2);
* Empty password is only possible on NT if the user has _really_
* an empty password and authentication is done, though.
*/
* Empty password is only possible on NT if the user has _really_
* an empty password and authentication is done, though.
*/
#endif
if (*password == '\0' && options.permit_empty_passwd == 0)
return 0;
#endif
if (*password == '\0' && options.permit_empty_passwd == 0)
return 0;
*/
#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
spw = getspnam(pw->pw_name);
*/
#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
spw = getspnam(pw->pw_name);
pw_password = spw->sp_pwdp;
#endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */
#ifdef HAVE_SCO_PROTECTED_PW
spw = getprpwnam(pw->pw_name);
pw_password = spw->sp_pwdp;
#endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */
#ifdef HAVE_SCO_PROTECTED_PW
spw = getprpwnam(pw->pw_name);
pw_password = spw->ufld.fd_encrypt;
#endif /* HAVE_SCO_PROTECTED_PW */
pw_password = spw->ufld.fd_encrypt;
#endif /* HAVE_SCO_PROTECTED_PW */
encrypted_password = md5_crypt(password, salt);
else
encrypted_password = crypt(password, salt);
encrypted_password = md5_crypt(password, salt);
else
encrypted_password = crypt(password, salt);
-#else /* HAVE_MD5_PASSWORDS */
+#else /* HAVE_MD5_PASSWORDS */
# ifdef __hpux
if (iscomsec())
encrypted_password = bigcrypt(password, salt);
# ifdef __hpux
if (iscomsec())
encrypted_password = bigcrypt(password, salt);
# else
encrypted_password = crypt(password, salt);
# endif /* __hpux */
# else
encrypted_password = crypt(password, salt);
# endif /* __hpux */
-#endif /* HAVE_MD5_PASSWORDS */
+#endif /* HAVE_MD5_PASSWORDS */
/* Authentication is accepted if the encrypted passwords are identical. */
return (strcmp(encrypted_password, pw_password) == 0);
/* Authentication is accepted if the encrypted passwords are identical. */
return (strcmp(encrypted_password, pw_password) == 0);
return 0;
/* Check password expiry */
return 0;
/* Check password expiry */
- if ((spw->sp_lstchg >= 0) && (spw->sp_max >= 0) &&
+ if ((spw->sp_lstchg >= 0) && (spw->sp_max >= 0) &&
(days > (spw->sp_lstchg + spw->sp_max)))
return 0;
}
(days > (spw->sp_lstchg + spw->sp_max)))
return 0;
}
Authctxt *
authctxt_new(void)
{
Authctxt *
authctxt_new(void)
{
- Authctxt *authctxt = xmalloc(sizeof(*authctxt));
- memset(authctxt, 0, sizeof(*authctxt));
- return authctxt;
+ Authctxt *authctxt = xmalloc(sizeof(*authctxt));
+ memset(authctxt, 0, sizeof(*authctxt));
+ return authctxt;
authenticated = auth_pam_password(pw, password);
#elif defined(HAVE_OSF_SIA)
/* Do SIA auth with password */
authenticated = auth_pam_password(pw, password);
#elif defined(HAVE_OSF_SIA)
/* Do SIA auth with password */
- if (sia_validate_user(NULL, saved_argc, saved_argv,
- get_canonical_hostname(options.reverse_mapping_check),
+ if (sia_validate_user(NULL, saved_argc, saved_argv,
+ get_canonical_hostname(options.reverse_mapping_check),
pw->pw_name, NULL, 0, NULL, password) == SIASUCCESS) {
authenticated = 1;
}
pw->pw_name, NULL, 0, NULL, password) == SIASUCCESS) {
authenticated = 1;
}
fatal("INTERNAL ERROR: authenticated invalid user %s",
authctxt->user);
fatal("INTERNAL ERROR: authenticated invalid user %s",
authctxt->user);
-#ifdef HAVE_CYGWIN
- if (authenticated &&
+#ifdef HAVE_CYGWIN
+ if (authenticated &&
!check_nt_auth(type == SSH_CMSG_AUTH_PASSWORD,pw->pw_uid)) {
packet_disconnect("Authentication rejected for uid %d.",
(int)pw->pw_uid);
!check_nt_auth(type == SSH_CMSG_AUTH_PASSWORD,pw->pw_uid)) {
packet_disconnect("Authentication rejected for uid %d.",
(int)pw->pw_uid);
if (authenticated && authctxt->pw->pw_uid == 0 && !auth_root_allowed())
authenticated = 0;
#endif
if (authenticated && authctxt->pw->pw_uid == 0 && !auth_root_allowed())
authenticated = 0;
#endif
if (authenticated && !do_pam_account(pw->pw_name, client_user))
authenticated = 0;
#endif
if (authenticated && !do_pam_account(pw->pw_name, client_user))
authenticated = 0;
#endif
return;
if (authctxt->failures++ > AUTH_FAIL_MAX) {
return;
if (authctxt->failures++ > AUTH_FAIL_MAX) {
-#ifdef WITH_AIXAUTHENTICATE
- loginfailed(authctxt->user,
- get_canonical_hostname(options.reverse_mapping_check),
+#ifdef WITH_AIXAUTHENTICATE
+ loginfailed(authctxt->user,
+ get_canonical_hostname(options.reverse_mapping_check),
"ssh");
#endif /* WITH_AIXAUTHENTICATE */
packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
"ssh");
#endif /* WITH_AIXAUTHENTICATE */
packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
#ifdef WITH_AIXAUTHENTICATE
/* We don't have a pty yet, so just label the line as "ssh" */
#ifdef WITH_AIXAUTHENTICATE
/* We don't have a pty yet, so just label the line as "ssh" */
- if (loginsuccess(authctxt->user,
+ if (loginsuccess(authctxt->user,
get_canonical_hostname(options.reverse_mapping_check),
"ssh", &aixloginmsg) < 0)
aixloginmsg = NULL;
get_canonical_hostname(options.reverse_mapping_check),
"ssh", &aixloginmsg) < 0)
aixloginmsg = NULL;
if ((style = strchr(user, ':')) != NULL)
*style++ = 0;
if ((style = strchr(user, ':')) != NULL)
*style++ = 0;
- if (authctxt->attempt++ == 0) {
+ if (authctxt->attempt++ == 0) {
/* setup auth context */
struct passwd *pw = NULL;
setproctitle("%s", user);
/* setup auth context */
struct passwd *pw = NULL;
setproctitle("%s", user);
userauth_reply(Authctxt *authctxt, int authenticated)
{
char *methods;
userauth_reply(Authctxt *authctxt, int authenticated)
{
char *methods;
if (authenticated) {
#ifdef WITH_AIXAUTHENTICATE
/* We don't have a pty yet, so just label the line as "ssh" */
if (authenticated) {
#ifdef WITH_AIXAUTHENTICATE
/* We don't have a pty yet, so just label the line as "ssh" */
- if (loginsuccess(authctxt->user?authctxt->user:"NOUSER",
- get_canonical_hostname(options.reverse_mapping_check),
+ if (loginsuccess(authctxt->user?authctxt->user:"NOUSER",
+ get_canonical_hostname(options.reverse_mapping_check),
"ssh", &aixloginmsg) < 0)
aixloginmsg = NULL;
#endif /* WITH_AIXAUTHENTICATE */
"ssh", &aixloginmsg) < 0)
aixloginmsg = NULL;
#endif /* WITH_AIXAUTHENTICATE */
authctxt->success = 1;
} else {
if (authctxt->failures++ > AUTH_FAIL_MAX)
authctxt->success = 1;
} else {
if (authctxt->failures++ > AUTH_FAIL_MAX)
- packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
+ packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
methods = authmethods_get();
packet_start(SSH2_MSG_USERAUTH_FAILURE);
packet_put_cstring(methods);
methods = authmethods_get();
packet_start(SSH2_MSG_USERAUTH_FAILURE);
packet_put_cstring(methods);
if (m != NULL)
m->enabled = NULL;
packet_done();
if (m != NULL)
m->enabled = NULL;
packet_done();
if (authctxt->valid == 0)
return(0);
if (authctxt->valid == 0)
return(0);
#ifdef HAVE_CYGWIN
if (check_nt_auth(1, authctxt->pw->pw_uid) == 0)
return(0);
#ifdef HAVE_CYGWIN
if (check_nt_auth(1, authctxt->pw->pw_uid) == 0)
return(0);
#ifdef USE_PAM
return auth_pam_password(authctxt->pw, "");
#elif defined(HAVE_OSF_SIA)
#ifdef USE_PAM
return auth_pam_password(authctxt->pw, "");
#elif defined(HAVE_OSF_SIA)
- return (sia_validate_user(NULL, saved_argc, saved_argv,
- get_canonical_hostname(options.reverse_mapping_check),
- authctxt->user?authctxt->user:"NOUSER", NULL, 0,
+ return (sia_validate_user(NULL, saved_argc, saved_argv,
+ get_canonical_hostname(options.reverse_mapping_check),
+ authctxt->user?authctxt->user:"NOUSER", NULL, 0,
NULL, "") == SIASUCCESS);
#else /* !HAVE_OSF_SIA && !USE_PAM */
return auth_password(authctxt->pw, "");
NULL, "") == SIASUCCESS);
#else /* !HAVE_OSF_SIA && !USE_PAM */
return auth_password(authctxt->pw, "");
#ifdef USE_PAM
auth_pam_password(authctxt->pw, password) == 1)
#elif defined(HAVE_OSF_SIA)
#ifdef USE_PAM
auth_pam_password(authctxt->pw, password) == 1)
#elif defined(HAVE_OSF_SIA)
- sia_validate_user(NULL, saved_argc, saved_argv,
- get_canonical_hostname(options.reverse_mapping_check),
- authctxt->user?authctxt->user:"NOUSER", NULL, 0, NULL,
+ sia_validate_user(NULL, saved_argc, saved_argv,
+ get_canonical_hostname(options.reverse_mapping_check),
+ authctxt->user?authctxt->user:"NOUSER", NULL, 0, NULL,
password) == SIASUCCESS)
#else /* !USE_PAM && !HAVE_OSF_SIA */
auth_password(authctxt->pw, password) == 1)
password) == SIASUCCESS)
#else /* !USE_PAM && !HAVE_OSF_SIA */
auth_password(authctxt->pw, password) == 1)
return decode_reply(type);
}
return decode_reply(type);
}
decode_reply(int type)
{
switch (type) {
decode_reply(int type)
{
switch (type) {
port = from6->sin6_port;
memset(&from, 0, sizeof(from));
port = from6->sin6_port;
memset(&from, 0, sizeof(from));
from4->sin_family = AF_INET;
memcpy(&from4->sin_addr, &addr, sizeof(addr));
from4->sin_port = port;
from4->sin_family = AF_INET;
memcpy(&from4->sin_addr, &addr, sizeof(addr));
from4->sin_port = port;
int err = 0;
int sz = sizeof(err);
c->type = SSH_CHANNEL_OPEN;
int err = 0;
int sz = sizeof(err);
c->type = SSH_CHANNEL_OPEN;
- if (getsockopt(c->sock, SOL_SOCKET, SO_ERROR, (char *)&err, &sz) < 0) {
+ if (getsockopt(c->sock, SOL_SOCKET, SO_ERROR, (char *)&err, &sz) < 0) {
debug("getsockopt SO_ERROR failed");
} else {
if (err == 0) {
debug("getsockopt SO_ERROR failed");
} else {
if (err == 0) {
if (remote_fwd) {
host = listen_address;
if (remote_fwd) {
host = listen_address;
- ctype = SSH_CHANNEL_RPORT_LISTENER;
+ ctype = SSH_CHANNEL_RPORT_LISTENER;
} else {
host = host_to_connect;
ctype =SSH_CHANNEL_PORT_LISTENER;
} else {
host = host_to_connect;
ctype =SSH_CHANNEL_PORT_LISTENER;
error("bind: %.100s", strerror(errno));
else
verbose("bind: %.100s", strerror(errno));
error("bind: %.100s", strerror(errno));
else
verbose("bind: %.100s", strerror(errno));
error("connect %.100s port %s: %.100s", ntop, strport,
strerror(errno));
close(sock);
error("connect %.100s port %s: %.100s", ntop, strport,
strerror(errno));
close(sock);
- continue; /* fail -- try next */
+ continue; /* fail -- try next */
}
break; /* success */
}
freeaddrinfo(aitop);
if (!ai) {
}
break; /* success */
}
freeaddrinfo(aitop);
if (!ai) {
- error("connect %.100s port %d: failed.", host, host_port);
+ error("connect %.100s port %d: failed.", host, host_port);
return -1;
}
/* success */
return -1;
}
/* success */
fatal("gethostname: %.100s", strerror(errno));
#ifdef IPADDR_IN_DISPLAY
fatal("gethostname: %.100s", strerror(errno));
#ifdef IPADDR_IN_DISPLAY
* HPUX detects the local hostname in the DISPLAY variable and tries
* to set up a shared memory connection to the server, which it
* incorrectly supposes to be local.
* HPUX detects the local hostname in the DISPLAY variable and tries
* to set up a shared memory connection to the server, which it
* incorrectly supposes to be local.
memcpy(&my_addr, he->h_addr_list[0], sizeof(struct in_addr));
/* Set DISPLAY to <ip address>:screen.display */
memcpy(&my_addr, he->h_addr_list[0], sizeof(struct in_addr));
/* Set DISPLAY to <ip address>:screen.display */
- snprintf(display, sizeof(display), "%.50s:%d.%d", inet_ntoa(my_addr),
+ snprintf(display, sizeof(display), "%.50s:%d.%d", inet_ntoa(my_addr),
display_number, screen_number);
}
#else /* IPADDR_IN_DISPLAY */
display_number, screen_number);
}
#else /* IPADDR_IN_DISPLAY */
}
c->dettach_user = NULL;
}
}
c->dettach_user = NULL;
}
channel_register_filter(int id, channel_filter_fn *fn)
{
Channel *c = channel_lookup(id);
channel_register_filter(int id, channel_filter_fn *fn)
{
Channel *c = channel_lookup(id);
void
cast_setiv(CipherContext *cc, const u_char *iv, u_int ivlen)
{
void
cast_setiv(CipherContext *cc, const u_char *iv, u_int ivlen)
{
fatal("no IV for %s.", cc->cipher->name);
memcpy(cc->u.cast.iv, (char *)iv, 8);
}
fatal("no IV for %s.", cc->cipher->name);
memcpy(cc->u.cast.iv, (char *)iv, 8);
}
void
rijndael_setiv(CipherContext *cc, const u_char *iv, u_int ivlen)
{
void
rijndael_setiv(CipherContext *cc, const u_char *iv, u_int ivlen)
{
fatal("no IV for %s.", cc->cipher->name);
memcpy((u_char *)cc->u.rijndael.iv, iv, RIJNDAEL_BLOCKSIZE);
}
fatal("no IV for %s.", cc->cipher->name);
memcpy((u_char *)cc->u.rijndael.iv, iv, RIJNDAEL_BLOCKSIZE);
}
SSH_CIPHER_SSH2, 16, 32,
rijndael_setkey, rijndael_setiv,
rijndael_cbc_encrypt, rijndael_cbc_decrypt },
SSH_CIPHER_SSH2, 16, 32,
rijndael_setkey, rijndael_setiv,
rijndael_cbc_encrypt, rijndael_cbc_decrypt },
- { NULL, SSH_CIPHER_ILLEGAL, 0, 0, NULL, NULL, NULL, NULL }
+ { NULL, SSH_CIPHER_ILLEGAL, 0, 0, NULL, NULL, NULL, NULL }
output = xmalloc(4*size);
for (p = output, i = 0; i < size; i++) {
output = xmalloc(4*size);
for (p = output, i = 0; i < size; i++) {
- if (buf[i] == '\n')
- *p++ = buf[i];
- else
- p = vis(p, buf[i], 0, 0);
- }
+ if (buf[i] == '\n')
+ *p++ = buf[i];
+ else
+ p = vis(p, buf[i], 0, 0);
+ }
len = p - output;
for (pos = 0; pos < len; pos += ret) {
len = p - output;
for (pos = 0; pos < len; pos += ret) {
* of response depending on arg. Tries to ensure that no other userland
* buffer is storing the response.
*/
* of response depending on arg. Tries to ensure that no other userland
* buffer is storing the response.
*/
-char* cli_read_passphrase(const char* prompt, int from_stdin,
+char* cli_read_passphrase(const char* prompt, int from_stdin,
int echo_enable);
char* cli_prompt(char* prompt, int echo_enable);
void cli_mesg(char* mesg);
int echo_enable);
char* cli_prompt(char* prompt, int echo_enable);
void cli_mesg(char* mesg);
#endif
#ifdef HAVE_SYS_BITYPES_H
# include <sys/bitypes.h> /* For u_intXX_t */
#endif
#ifdef HAVE_SYS_BITYPES_H
# include <sys/bitypes.h> /* For u_intXX_t */
#ifdef HAVE_PATHS_H
# include <paths.h> /* For _PATH_XXX */
#ifdef HAVE_PATHS_H
# include <paths.h> /* For _PATH_XXX */
#ifdef HAVE_LIMITS_H
# include <limits.h> /* For PATH_MAX */
#ifdef HAVE_LIMITS_H
# include <limits.h> /* For PATH_MAX */
#ifdef HAVE_SYS_TIME_H
# include <sys/time.h> /* For timersub */
#endif
#ifdef HAVE_SYS_TIME_H
# include <sys/time.h> /* For timersub */
#endif
#endif
#ifdef HAVE_SYS_CDEFS_H
# include <sys/cdefs.h> /* For __P() */
#endif
#ifdef HAVE_SYS_CDEFS_H
# include <sys/cdefs.h> /* For __P() */
#ifdef HAVE_SYS_SYSMACROS_H
# include <sys/sysmacros.h> /* For MIN, MAX, etc */
#endif
#ifdef HAVE_SYS_SYSMACROS_H
# include <sys/sysmacros.h> /* For MIN, MAX, etc */
#endif
# endif /* PATH_MAX */
#endif /* MAXPATHLEN */
# endif /* PATH_MAX */
#endif /* MAXPATHLEN */
-#endif
-#ifndef STDOUT_FILENO
+#endif
+#ifndef STDOUT_FILENO
-#endif
-#ifndef STDERR_FILENO
+#endif
+#ifndef STDERR_FILENO
#ifndef NGROUPS_MAX /* Disable groupaccess if NGROUP_MAX is not set */
#define NGROUPS_MAX 0
#endif
#ifndef O_NONBLOCK /* Non Blocking Open */
#ifndef NGROUPS_MAX /* Disable groupaccess if NGROUP_MAX is not set */
#define NGROUPS_MAX 0
#endif
#ifndef O_NONBLOCK /* Non Blocking Open */
-# define O_NONBLOCK 00004
+# define O_NONBLOCK 00004
(result)->tv_sec = (a)->tv_sec - (b)->tv_sec; \
(result)->tv_usec = (a)->tv_usec - (b)->tv_usec; \
if ((result)->tv_usec < 0) { \
(result)->tv_sec = (a)->tv_sec - (b)->tv_sec; \
(result)->tv_usec = (a)->tv_usec - (b)->tv_usec; \
if ((result)->tv_usec < 0) { \
- --(result)->tv_sec; \
- (result)->tv_usec += 1000000; \
+ --(result)->tv_sec; \
+ (result)->tv_usec += 1000000; \
#ifndef SUN_LEN
#define SUN_LEN(su) \
#ifndef SUN_LEN
#define SUN_LEN(su) \
- (sizeof(*(su)) - sizeof((su)->sun_path) + strlen((su)->sun_path))
+ (sizeof(*(su)) - sizeof((su)->sun_path) + strlen((su)->sun_path))
#endif /* SUN_LEN */
/* Function replacement / compatibility hacks */
#endif /* SUN_LEN */
/* Function replacement / compatibility hacks */
if (type > 0 && type < DISPATCH_MAX && dispatch[type] != NULL)
(*dispatch[type])(type, plen, ctxt);
else
if (type > 0 && type < DISPATCH_MAX && dispatch[type] != NULL)
(*dispatch[type])(type, plen, ctxt);
else
- packet_disconnect("protocol error: rcvd type %d", type);
+ packet_disconnect("protocol error: rcvd type %d", type);
if (done != NULL && *done)
return;
}
if (done != NULL && *done)
return;
}
addr.sun_family = AF_UNIX;
strlcpy(addr.sun_path, EGD_SOCKET, sizeof(addr.sun_path));
addr_len = offsetof(struct sockaddr_un, sun_path) + sizeof(EGD_SOCKET);
addr.sun_family = AF_UNIX;
strlcpy(addr.sun_path, EGD_SOCKET, sizeof(addr.sun_path));
addr_len = offsetof(struct sockaddr_un, sun_path) + sizeof(EGD_SOCKET);
fd = socket(AF_UNIX, SOCK_STREAM, 0);
if (fd == -1) {
error("Couldn't create AF_UNIX socket: %s", strerror(errno));
fd = socket(AF_UNIX, SOCK_STREAM, 0);
if (fd == -1) {
error("Couldn't create AF_UNIX socket: %s", strerror(errno));
}
if (connect(fd, (struct sockaddr*)&addr, addr_len) == -1) {
}
if (connect(fd, (struct sockaddr*)&addr, addr_len) == -1) {
- error("Couldn't connect to EGD socket \"%s\": %s",
+ error("Couldn't connect to EGD socket \"%s\": %s",
addr.sun_path, strerror(errno));
close(fd);
return(0);
addr.sun_path, strerror(errno));
close(fd);
return(0);
msg[1] = len;
if (atomicio(write, fd, msg, sizeof(msg)) != sizeof(msg)) {
msg[1] = len;
if (atomicio(write, fd, msg, sizeof(msg)) != sizeof(msg)) {
- error("Couldn't write to EGD socket \"%s\": %s",
+ error("Couldn't write to EGD socket \"%s\": %s",
EGD_SOCKET, strerror(errno));
close(fd);
return(0);
}
if (atomicio(read, fd, buf, len) != len) {
EGD_SOCKET, strerror(errno));
close(fd);
return(0);
}
if (atomicio(read, fd, buf, len) != len) {
- error("Couldn't read from EGD socket \"%s\": %s",
+ error("Couldn't read from EGD socket \"%s\": %s",
EGD_SOCKET, strerror(errno));
close(fd);
return(0);
}
EGD_SOCKET, strerror(errno));
close(fd);
return(0);
}
return(1);
}
#else /* !EGD_SOCKET */
return(1);
}
#else /* !EGD_SOCKET */
random_pool = open(RANDOM_POOL, O_RDONLY);
if (random_pool == -1) {
random_pool = open(RANDOM_POOL, O_RDONLY);
if (random_pool == -1) {
- error("Couldn't open random pool \"%s\": %s",
+ error("Couldn't open random pool \"%s\": %s",
RANDOM_POOL, strerror(errno));
return(0);
}
RANDOM_POOL, strerror(errno));
return(0);
}
if (atomicio(read, random_pool, buf, len) != len) {
if (atomicio(read, random_pool, buf, len) != len) {
- error("Couldn't read from random pool \"%s\": %s",
+ error("Couldn't read from random pool \"%s\": %s",
RANDOM_POOL, strerror(errno));
close(random_pool);
return(0);
}
RANDOM_POOL, strerror(errno));
close(random_pool);
return(0);
}
return(1);
}
#endif /* RANDOM_POOL */
return(1);
}
#endif /* RANDOM_POOL */
seed_rng(void)
{
char buf[32];
seed_rng(void)
{
char buf[32];
debug("Seeding random number generator");
if (!get_random_bytes(buf, sizeof(buf))) {
debug("Seeding random number generator");
if (!get_random_bytes(buf, sizeof(buf))) {
} else {
RAND_add(buf, sizeof(buf), sizeof(buf));
}
} else {
RAND_add(buf, sizeof(buf), sizeof(buf));
}
memset(buf, '\0', sizeof(buf));
}
memset(buf, '\0', sizeof(buf));
}
#else /* defined(EGD_SOCKET) || defined(RANDOM_POOL) */
#else /* defined(EGD_SOCKET) || defined(RANDOM_POOL) */
* FIXME: proper entropy estimations. All current values are guesses
* FIXME: (ATL) do estimates at compile time?
* FIXME: More entropy sources
* FIXME: proper entropy estimations. All current values are guesses
* FIXME: (ATL) do estimates at compile time?
* FIXME: More entropy sources
/* this is initialised from a file, by prng_read_commands() */
entropy_source_t *entropy_sources = NULL;
/* this is initialised from a file, by prng_read_commands() */
entropy_source_t *entropy_sources = NULL;
stir_from_system(void)
{
double total_entropy_estimate;
long int i;
stir_from_system(void)
{
double total_entropy_estimate;
long int i;
total_entropy_estimate = 0;
total_entropy_estimate = 0;
i = getpid();
RAND_add(&i, sizeof(i), 0.5);
total_entropy_estimate += 0.1;
i = getpid();
RAND_add(&i, sizeof(i), 0.5);
total_entropy_estimate += 0.1;
i = getppid();
RAND_add(&i, sizeof(i), 0.5);
total_entropy_estimate += 0.1;
i = getppid();
RAND_add(&i, sizeof(i), 0.5);
total_entropy_estimate += 0.1;
return(total_entropy_estimate);
}
return(total_entropy_estimate);
}
stir_from_programs(void)
{
int i;
stir_from_programs(void)
{
int i;
/* Scale back entropy estimate according to command's rate */
entropy_estimate *= entropy_sources[c].rate;
/* Scale back entropy estimate according to command's rate */
entropy_estimate *= entropy_sources[c].rate;
/* Upper bound of entropy estimate is SHA_DIGEST_LENGTH */
if (entropy_estimate > SHA_DIGEST_LENGTH)
entropy_estimate = SHA_DIGEST_LENGTH;
/* Upper bound of entropy estimate is SHA_DIGEST_LENGTH */
if (entropy_estimate > SHA_DIGEST_LENGTH)
entropy_estimate = SHA_DIGEST_LENGTH;
- /* Scale back estimates for subsequent passes through list */
+ /* Scale back estimates for subsequent passes through list */
entropy_estimate /= SCALE_PER_RUN * (i + 1.0);
entropy_estimate /= SCALE_PER_RUN * (i + 1.0);
/* Stir it in */
RAND_add(hash, sizeof(hash), entropy_estimate);
/* Stir it in */
RAND_add(hash, sizeof(hash), entropy_estimate);
- debug3("Got %0.2f bytes of entropy from '%s'", entropy_estimate,
+ debug3("Got %0.2f bytes of entropy from '%s'", entropy_estimate,
entropy_sources[c].cmdstring);
total_entropy_estimate += entropy_estimate;
entropy_sources[c].cmdstring);
total_entropy_estimate += entropy_estimate;
return(total_entropy_estimate);
}
return(total_entropy_estimate);
}
stir_gettimeofday(double entropy_estimate)
{
struct timeval tv;
stir_gettimeofday(double entropy_estimate)
{
struct timeval tv;
if (gettimeofday(&tv, NULL) == -1)
fatal("Couldn't gettimeofday: %s", strerror(errno));
RAND_add(&tv, sizeof(tv), entropy_estimate);
if (gettimeofday(&tv, NULL) == -1)
fatal("Couldn't gettimeofday: %s", strerror(errno));
RAND_add(&tv, sizeof(tv), entropy_estimate);
return(entropy_estimate);
}
return(entropy_estimate);
}
{
#ifdef HAVE_CLOCK
clock_t c;
{
#ifdef HAVE_CLOCK
clock_t c;
c = clock();
RAND_add(&c, sizeof(c), entropy_estimate);
c = clock();
RAND_add(&c, sizeof(c), entropy_estimate);
return(entropy_estimate);
#else /* _HAVE_CLOCK */
return(0);
return(entropy_estimate);
#else /* _HAVE_CLOCK */
return(0);
{
#ifdef HAVE_GETRUSAGE
struct rusage ru;
{
#ifdef HAVE_GETRUSAGE
struct rusage ru;
if (getrusage(who, &ru) == -1)
return(0);
if (getrusage(who, &ru) == -1)
return(0);
int bytes_read;
int total_bytes_read;
SHA_CTX sha;
int bytes_read;
int total_bytes_read;
SHA_CTX sha;
debug3("Reading output from \'%s\'", src->cmdstring);
if (devnull == -1) {
debug3("Reading output from \'%s\'", src->cmdstring);
if (devnull == -1) {
if (devnull == -1)
fatal("Couldn't open /dev/null: %s", strerror(errno));
}
if (devnull == -1)
fatal("Couldn't open /dev/null: %s", strerror(errno));
}
if (pipe(p) == -1)
fatal("Couldn't open pipe: %s", strerror(errno));
if (pipe(p) == -1)
fatal("Couldn't open pipe: %s", strerror(errno));
close(p[0]);
debug3("Time elapsed: %d msec", msec_elapsed);
close(p[0]);
debug3("Time elapsed: %d msec", msec_elapsed);
if (waitpid(pid, &status, 0) == -1) {
error("Couldn't wait for child '%s' completion: %s", src->cmdstring,
strerror(errno));
if (waitpid(pid, &status, 0) == -1) {
error("Couldn't wait for child '%s' completion: %s", src->cmdstring,
strerror(errno));
if (WEXITSTATUS(status)==0) {
return(total_bytes_read);
} else {
if (WEXITSTATUS(status)==0) {
return(total_bytes_read);
} else {
- debug2("Command '%s' exit status was %d", src->cmdstring,
+ debug2("Command '%s' exit status was %d", src->cmdstring,
WEXITSTATUS(status));
src->badness = src->sticky_badness = 128;
return (0.0);
}
} else if (WIFSIGNALED(status)) {
WEXITSTATUS(status));
src->badness = src->sticky_badness = 128;
return (0.0);
}
} else if (WIFSIGNALED(status)) {
- debug2("Command '%s' returned on uncaught signal %d !", src->cmdstring,
+ debug2("Command '%s' returned on uncaught signal %d !", src->cmdstring,
status);
src->badness = src->sticky_badness = 128;
return(0.0);
status);
src->badness = src->sticky_badness = 128;
return(0.0);
if (lstat(filename, &st) == -1) {
/* Give up on hard errors */
if (errno != ENOENT)
if (lstat(filename, &st) == -1) {
/* Give up on hard errors */
if (errno != ENOENT)
- debug("WARNING: Couldn't stat random seed file \"%s\": %s",
+ debug("WARNING: Couldn't stat random seed file \"%s\": %s",
filename, strerror(errno));
return(0);
filename, strerror(errno));
return(0);
filename, getuid());
return(0);
}
filename, getuid());
return(0);
}
/* Don't bother if we have already saved a seed */
if (prng_seed_saved)
return;
/* Don't bother if we have already saved a seed */
if (prng_seed_saved)
return;
pw = getpwuid(original_uid);
if (pw == NULL)
pw = getpwuid(original_uid);
if (pw == NULL)
- fatal("Couldn't get password entry for current user (%i): %s",
+ fatal("Couldn't get password entry for current user (%i): %s",
original_uid, strerror(errno));
original_uid, strerror(errno));
/* Try to ensure that the parent directory is there */
/* Try to ensure that the parent directory is there */
- snprintf(filename, sizeof(filename), "%.512s/%s", pw->pw_dir,
+ snprintf(filename, sizeof(filename), "%.512s/%s", pw->pw_dir,
_PATH_SSH_USER_DIR);
mkdir(filename, 0700);
_PATH_SSH_USER_DIR);
mkdir(filename, 0700);
- snprintf(filename, sizeof(filename), "%.512s/%s", pw->pw_dir,
+ snprintf(filename, sizeof(filename), "%.512s/%s", pw->pw_dir,
SSH_PRNG_SEED_FILE);
debug("writing PRNG seed to file %.100s", filename);
SSH_PRNG_SEED_FILE);
debug("writing PRNG seed to file %.100s", filename);
/* Don't care if the seed doesn't exist */
prng_check_seedfile(filename);
/* Don't care if the seed doesn't exist */
prng_check_seedfile(filename);
if ((fd = open(filename, O_WRONLY|O_TRUNC|O_CREAT, 0600)) == -1) {
if ((fd = open(filename, O_WRONLY|O_TRUNC|O_CREAT, 0600)) == -1) {
- debug("WARNING: couldn't access PRNG seedfile %.100s (%.100s)",
+ debug("WARNING: couldn't access PRNG seedfile %.100s (%.100s)",
filename, strerror(errno));
filename, strerror(errno));
if (atomicio(write, fd, &seed, sizeof(seed)) != sizeof(seed))
if (atomicio(write, fd, &seed, sizeof(seed)) != sizeof(seed))
- fatal("problem writing PRNG seedfile %.100s (%.100s)", filename,
+ fatal("problem writing PRNG seedfile %.100s (%.100s)", filename,
strerror(errno));
close(fd);
strerror(errno));
close(fd);
char seed[1024];
char filename[1024];
struct passwd *pw;
char seed[1024];
char filename[1024];
struct passwd *pw;
pw = getpwuid(original_uid);
if (pw == NULL)
pw = getpwuid(original_uid);
if (pw == NULL)
- fatal("Couldn't get password entry for current user (%i): %s",
+ fatal("Couldn't get password entry for current user (%i): %s",
original_uid, strerror(errno));
original_uid, strerror(errno));
-
- snprintf(filename, sizeof(filename), "%.512s/%s", pw->pw_dir,
+
+ snprintf(filename, sizeof(filename), "%.512s/%s", pw->pw_dir,
SSH_PRNG_SEED_FILE);
debug("loading PRNG seed from file %.100s", filename);
SSH_PRNG_SEED_FILE);
debug("loading PRNG seed from file %.100s", filename);
/* open the file and read in the seed */
fd = open(filename, O_RDONLY);
if (fd == -1)
/* open the file and read in the seed */
fd = open(filename, O_RDONLY);
if (fd == -1)
- fatal("could not open PRNG seedfile %.100s (%.100s)", filename,
+ fatal("could not open PRNG seedfile %.100s (%.100s)", filename,
strerror(errno));
if (atomicio(read, fd, &seed, sizeof(seed)) != sizeof(seed)) {
strerror(errno));
if (atomicio(read, fd, &seed, sizeof(seed)) != sizeof(seed)) {
error("bad entropy command, %.100s line %d", cmdfilename,
linenum);
continue;
error("bad entropy command, %.100s line %d", cmdfilename,
linenum);
continue;
/* first token, command args (incl. argv[0]) in double quotes */
cp = strtok(cp, "\"");
/* first token, command args (incl. argv[0]) in double quotes */
cp = strtok(cp, "\"");
continue;
}
strlcpy(cmd, cp, sizeof(cmd));
continue;
}
strlcpy(cmd, cp, sizeof(cmd));
/* second token, full command path */
if ((cp = strtok(NULL, WHITESPACE)) == NULL) {
error("missing command path, %.100s line %d -- ignored",
/* second token, full command path */
if ((cp = strtok(NULL, WHITESPACE)) == NULL) {
error("missing command path, %.100s line %d -- ignored",
if (strncmp("undef", cp, 5) == 0)
continue;
if (strncmp("undef", cp, 5) == 0)
continue;
- strlcpy(path, cp, sizeof(path));
+ strlcpy(path, cp, sizeof(path));
/* third token, entropy rate estimate for this command */
if ((cp = strtok(NULL, WHITESPACE)) == NULL) {
/* third token, entropy rate estimate for this command */
if ((cp = strtok(NULL, WHITESPACE)) == NULL) {
/* end of line */
if ((cp = strtok(NULL, WHITESPACE)) != NULL) {
/* end of line */
if ((cp = strtok(NULL, WHITESPACE)) != NULL) {
- error("garbage at end of line %d in %.100s -- ignored", linenum,
+ error("garbage at end of line %d in %.100s -- ignored", linenum,
cmdfilename);
continue;
}
/* save the command for debug messages */
entcmd[cur_cmd].cmdstring = xstrdup(cmd);
cmdfilename);
continue;
}
/* save the command for debug messages */
entcmd[cur_cmd].cmdstring = xstrdup(cmd);
/* split the command args */
cp = strtok(cmd, WHITESPACE);
arg = 0;
/* split the command args */
cp = strtok(cmd, WHITESPACE);
arg = 0;
entcmd[cur_cmd].args[arg] = s;
arg++;
} while ((arg < 5) && (cp = strtok(NULL, WHITESPACE)));
entcmd[cur_cmd].args[arg] = s;
arg++;
} while ((arg < 5) && (cp = strtok(NULL, WHITESPACE)));
if (strtok(NULL, WHITESPACE))
error("ignored extra command elements (max 5), %.100s line %d",
cmdfilename, linenum);
if (strtok(NULL, WHITESPACE))
error("ignored extra command elements (max 5), %.100s line %d",
cmdfilename, linenum);
/*
* Write a keyfile at exit
/*
* Write a keyfile at exit
void
prng_seed_cleanup(void *junk)
{
void
prng_seed_cleanup(void *junk)
{
if (!prng_initialised)
fatal("RNG not initialised");
if (!prng_initialised)
fatal("RNG not initialised");
/* Make sure some other sigchld handler doesn't reap our entropy */
/* commands */
old_sigchld_handler = signal(SIGCHLD, SIG_DFL);
/* Make sure some other sigchld handler doesn't reap our entropy */
/* commands */
old_sigchld_handler = signal(SIGCHLD, SIG_DFL);
fatal("Couldn't initialise builtin random number generator -- exiting.");
}
fatal("Couldn't initialise builtin random number generator -- exiting.");
}
original_uid = getuid();
original_euid = geteuid();
original_uid = getuid();
original_euid = geteuid();
fatal("PRNG initialisation failed -- exiting.");
/* Set ourselves up to save a seed upon exit */
fatal("PRNG initialisation failed -- exiting.");
/* Set ourselves up to save a seed upon exit */
/* Give up privs while reading seed file */
if ((original_uid != original_euid) && (seteuid(original_uid) == -1))
fatal("Couldn't give up privileges");
/* Give up privs while reading seed file */
if ((original_uid != original_euid) && (seteuid(original_uid) == -1))
fatal("Couldn't give up privileges");
prng_read_seedfile();
if ((original_uid != original_euid) && (seteuid(original_euid) == -1))
prng_read_seedfile();
if ((original_uid != original_euid) && (seteuid(original_euid) == -1))
#endif
#ifdef HAVE_BSTRING_H
# include <bstring.h>
#endif
#ifdef HAVE_BSTRING_H
# include <bstring.h>
#ifdef HAVE_NETGROUP_H
# include <netgroup.h>
#ifdef HAVE_NETGROUP_H
# include <netgroup.h>
#if defined(HAVE_NETDB_H)
# include <netdb.h>
#if defined(HAVE_NETDB_H)
# include <netdb.h>
#ifdef HAVE_ENDIAN_H
# include <endian.h>
#endif
#ifdef HAVE_ENDIAN_H
# include <endian.h>
#endif
debug("send KEXINIT");
packet_start(SSH2_MSG_KEXINIT);
debug("send KEXINIT");
packet_start(SSH2_MSG_KEXINIT);
- packet_put_raw(buffer_ptr(my_kexinit), buffer_len(my_kexinit));
+ packet_put_raw(buffer_ptr(my_kexinit), buffer_len(my_kexinit));
packet_send();
packet_write_wait();
debug("done");
packet_send();
packet_write_wait();
debug("done");
buffer_put_bignum2(&b, client_dh_pub);
buffer_put_bignum2(&b, server_dh_pub);
buffer_put_bignum2(&b, shared_secret);
buffer_put_bignum2(&b, client_dh_pub);
buffer_put_bignum2(&b, server_dh_pub);
buffer_put_bignum2(&b, shared_secret);
#ifdef DEBUG_KEX
buffer_dump(&b);
#endif
#ifdef DEBUG_KEX
buffer_dump(&b);
#endif
buffer_put_bignum2(&b, client_dh_pub);
buffer_put_bignum2(&b, server_dh_pub);
buffer_put_bignum2(&b, shared_secret);
buffer_put_bignum2(&b, client_dh_pub);
buffer_put_bignum2(&b, server_dh_pub);
buffer_put_bignum2(&b, shared_secret);
#ifdef DEBUG_KEX
buffer_dump(&b);
#endif
#ifdef DEBUG_KEX
buffer_dump(&b);
#endif
c = cp = xstrdup(client);
s = sp = xstrdup(server);
c = cp = xstrdup(client);
s = sp = xstrdup(server);
- for ((p = strsep(&sp, SEP)), i=0; p && *p != '\0';
+ for ((p = strsep(&sp, SEP)), i=0; p && *p != '\0';
(p = strsep(&sp, SEP)), i++) {
if (i < MAX_PROP)
sproposals[i] = p;
(p = strsep(&sp, SEP)), i++) {
if (i < MAX_PROP)
sproposals[i] = p;
- for ((p = strsep(&cp, SEP)), i=0; p && *p != '\0';
+ for ((p = strsep(&cp, SEP)), i=0; p && *p != '\0';
(p = strsep(&cp, SEP)), i++) {
for (j = 0; j < nproposals; j++) {
if (strcmp(p, sproposals[j]) == 0) {
(p = strsep(&cp, SEP)), i++) {
for (j = 0; j < nproposals; j++) {
if (strcmp(p, sproposals[j]) == 0) {
DH_GRP1_SHA1,
DH_GEX_SHA1
};
DH_GRP1_SHA1,
DH_GEX_SHA1
};
typedef struct Kex Kex;
typedef struct Mac Mac;
typedef struct Comp Comp;
typedef struct Kex Kex;
typedef struct Mac Mac;
typedef struct Comp Comp;
RSA *
rsa_generate_private_key(u_int bits)
{
RSA *
rsa_generate_private_key(u_int bits)
{
- RSA *private;
- private = RSA_generate_key(bits, 35, NULL, NULL);
- if (private == NULL)
- fatal("rsa_generate_private_key: key generation failed.");
- return private;
+ RSA *private;
+ private = RSA_generate_key(bits, 35, NULL, NULL);
+ if (private == NULL)
+ fatal("rsa_generate_private_key: key generation failed.");
+ return private;
if (private == NULL)
fatal("dsa_generate_private_key: DSA_generate_parameters failed");
if (!DSA_generate_key(private))
if (private == NULL)
fatal("dsa_generate_private_key: DSA_generate_parameters failed");
if (!DSA_generate_key(private))
- fatal("dsa_generate_private_key: DSA_generate_key failed.");
- if (private == NULL)
- fatal("dsa_generate_private_key: NULL.");
+ fatal("dsa_generate_private_key: DSA_generate_key failed.");
+ if (private == NULL)
+ fatal("dsa_generate_private_key: NULL.");
{
Key *k = key_new(KEY_UNSPEC);
switch (type) {
{
Key *k = key_new(KEY_UNSPEC);
switch (type) {
k->dsa = dsa_generate_private_key(bits);
break;
case KEY_RSA:
k->dsa = dsa_generate_private_key(bits);
break;
case KEY_RSA:
k->rsa = rsa_generate_private_key(bits);
break;
default:
k->rsa = rsa_generate_private_key(bits);
break;
default:
- fatal("key_generate: unknown type %d", type);
+ fatal("key_generate: unknown type %d", type);
{
Key *n = NULL;
switch (k->type) {
{
Key *n = NULL;
switch (k->type) {
n = key_new(k->type);
BN_copy(n->dsa->p, k->dsa->p);
BN_copy(n->dsa->q, k->dsa->q);
n = key_new(k->type);
BN_copy(n->dsa->p, k->dsa->p);
BN_copy(n->dsa->q, k->dsa->q);
BN_copy(n->rsa->e, k->rsa->e);
break;
default:
BN_copy(n->rsa->e, k->rsa->e);
break;
default:
- fatal("key_from_private: unknown type %d", k->type);
+ fatal("key_from_private: unknown type %d", k->type);
SYSLOG_FACILITY_USER,
SYSLOG_FACILITY_AUTH,
#ifdef LOG_AUTHPRIV
SYSLOG_FACILITY_USER,
SYSLOG_FACILITY_AUTH,
#ifdef LOG_AUTHPRIV
- SYSLOG_FACILITY_AUTHPRIV,
+ SYSLOG_FACILITY_AUTHPRIV,
#endif
SYSLOG_FACILITY_LOCAL0,
SYSLOG_FACILITY_LOCAL1,
#endif
SYSLOG_FACILITY_LOCAL0,
SYSLOG_FACILITY_LOCAL1,
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
** loginrec.c: platform-independent login recording and lastlog retrieval
**/
** loginrec.c: platform-independent login recording and lastlog retrieval
**/
requires very thorough testing so we do not corrupt local auditing
information. These files and their access methods are very system
specific indeed.
requires very thorough testing so we do not corrupt local auditing
information. These files and their access methods are very system
specific indeed.
For utmpx systems, the corresponding library functions are
setutxent() etc. To the author's knowledge, all utmpx systems have
these library functions and so no direct write is attempted. If such
For utmpx systems, the corresponding library functions are
setutxent() etc. To the author's knowledge, all utmpx systems have
these library functions and so no direct write is attempted. If such
Calling the new code
--------------------
Calling the new code
--------------------
In OpenSSH all login recording and retrieval is performed in
login.c. Here you'll find working examples. Also, in the logintest.c
program there are more examples.
Internal handler calling method
-------------------------------
In OpenSSH all login recording and retrieval is performed in
login.c. Here you'll find working examples. Also, in the logintest.c
program there are more examples.
Internal handler calling method
-------------------------------
When a call is made to login_login() or login_logout(), both
routines set a struct logininfo flag defining which action (log in,
or log out) is to be taken. They both then call login_write(), which
When a call is made to login_login() or login_logout(), both
routines set a struct logininfo flag defining which action (log in,
or log out) is to be taken. They both then call login_write(), which
with 'make logintest' as it's not built by default.)
Otherwise, patches to the specific method(s) are very helpful!
with 'make logintest' as it's not built by default.)
Otherwise, patches to the specific method(s) are very helpful!
**/
/* login_login(struct logininfo *) -Record a login
**/
/* login_login(struct logininfo *) -Record a login
* Call with a pointer to a struct logininfo initialised with
* login_init_entry() or login_alloc_entry()
*
* Call with a pointer to a struct logininfo initialised with
* login_init_entry() or login_alloc_entry()
*
memset(li, '\0', sizeof(*li));
li->uid = uid;
memset(li, '\0', sizeof(*li));
li->uid = uid;
* If we don't have a 'real' lastlog, we need the username to
* reliably search wtmp(x) for the last login (see
* If we don't have a 'real' lastlog, we need the username to
* reliably search wtmp(x) for the last login (see
*/
pw = getpwuid(uid);
if (pw == NULL)
fatal("login_get_lastlog: Cannot find account for uid %i", uid);
*/
pw = getpwuid(uid);
if (pw == NULL)
fatal("login_get_lastlog: Cannot find account for uid %i", uid);
/* No MIN_SIZEOF here - we absolutely *must not* truncate the
/* No MIN_SIZEOF here - we absolutely *must not* truncate the
strlcpy(li->username, pw->pw_name, sizeof(li->username));
if (getlast_entry(li))
strlcpy(li->username, pw->pw_name, sizeof(li->username));
if (getlast_entry(li))
/* login_alloc_entry(int, char*, char*, char*) - Allocate and initialise
/* login_alloc_entry(int, char*, char*, char*) - Allocate and initialise
- * a logininfo structure
- *
+ * a logininfo structure
+ *
* This function creates a new struct logininfo, a data structure
* meant to carry the information required to portably record login info.
*
* This function creates a new struct logininfo, a data structure
* meant to carry the information required to portably record login info.
*
/* login_init_entry(struct logininfo *, int, char*, char*, char*)
* - initialise a struct logininfo
/* login_init_entry(struct logininfo *, int, char*, char*, char*)
* - initialise a struct logininfo
* Populates a new struct logininfo, a data structure meant to carry
* the information required to portably record login info.
*
* Returns: 1
*/
int
* Populates a new struct logininfo, a data structure meant to carry
* the information required to portably record login info.
*
* Returns: 1
*/
int
-login_init_entry(struct logininfo *li, int pid, const char *username,
+login_init_entry(struct logininfo *li, int pid, const char *username,
const char *hostname, const char *line)
{
struct passwd *pw;
const char *hostname, const char *line)
{
struct passwd *pw;
memset(li, 0, sizeof(*li));
memset(li, 0, sizeof(*li));
li->pid = pid;
/* set the line information */
li->pid = pid;
/* set the line information */
struct timeval tv;
gettimeofday(&tv, NULL);
struct timeval tv;
gettimeofday(&tv, NULL);
li->tv_sec = tv.tv_sec;
li->tv_usec = tv.tv_usec;
}
li->tv_sec = tv.tv_sec;
li->tv_usec = tv.tv_usec;
}
#else /* !USE_LASTLOG */
#ifdef DISABLE_LASTLOG
#else /* !USE_LASTLOG */
#ifdef DISABLE_LASTLOG
- /* On some systems we shouldn't even try to obtain last login
+ /* On some systems we shouldn't even try to obtain last login
* time, e.g. AIX */
return 0;
# else /* DISABLE_LASTLOG */
* time, e.g. AIX */
return 0;
# else /* DISABLE_LASTLOG */
return 0;
# endif /* USE_WTMPX && (HAVE_TIME_IN_UTMPX || HAVE_TV_IN_UTMPX) */
# endif /* USE_WTMP && (HAVE_TIME_IN_UTMP || HAVE_TV_IN_UTMP) */
return 0;
# endif /* USE_WTMPX && (HAVE_TIME_IN_UTMPX || HAVE_TV_IN_UTMPX) */
# endif /* USE_WTMP && (HAVE_TIME_IN_UTMP || HAVE_TV_IN_UTMP) */
-# endif /* DISABLE_LASTLOG */
+# endif /* DISABLE_LASTLOG */
#endif /* USE_LASTLOG */
}
#endif /* USE_LASTLOG */
}
* NOTE: use strncpy because we do NOT necessarily want zero
* termination */
char *
* NOTE: use strncpy because we do NOT necessarily want zero
* termination */
char *
-line_abbrevname(char *dst, const char *src, int dstsize)
+line_abbrevname(char *dst, const char *src, int dstsize)
memset(dst, '\0', dstsize);
memset(dst, '\0', dstsize);
/* Always skip prefix if present */
#ifdef sgi
if (strncmp(src, "/dev/tty", 8) == 0)
/* Always skip prefix if present */
#ifdef sgi
if (strncmp(src, "/dev/tty", 8) == 0)
if (strncmp(src, "/dev/", 5) == 0)
src += 5;
#endif
if (strncmp(src, "/dev/", 5) == 0)
src += 5;
#endif
len = strlen(src);
if (len > 0) {
len = strlen(src);
if (len > 0) {
src += ((int)len - dstsize);
/* note: _don't_ change this to strlcpy */
src += ((int)len - dstsize);
/* note: _don't_ change this to strlcpy */
- strncpy(dst, src, (size_t)dstsize);
+ strncpy(dst, src, (size_t)dstsize);
/*
* These fields are only used when logging in, and are blank
/*
* These fields are only used when logging in, and are blank
*/
/* Use strncpy because we don't necessarily want null termination */
*/
/* Use strncpy because we don't necessarily want null termination */
/* this is just a 32-bit IP address */
if (li->hostaddr.sa.sa_family == AF_INET)
ut->ut_addr = li->hostaddr.sa_in.sin_addr.s_addr;
/* this is just a 32-bit IP address */
if (li->hostaddr.sa.sa_family == AF_INET)
ut->ut_addr = li->hostaddr.sa_in.sin_addr.s_addr;
}
#endif /* USE_UTMP || USE_WTMP || USE_LOGIN */
}
#endif /* USE_UTMP || USE_WTMP || USE_LOGIN */
/*
* These fields are only used when logging in, and are blank
/*
* These fields are only used when logging in, and are blank
*/
/* strncpy(): Don't necessarily want null termination */
*/
/* strncpy(): Don't necessarily want null termination */
* If the new ut_line is empty but the old one is not
* and ut_line and ut_name match, preserve the old ut_line.
*/
* If the new ut_line is empty but the old one is not
* and ut_line and ut_name match, preserve the old ut_line.
*/
- if (atomicio(read, fd, &old_ut, sizeof(old_ut)) == sizeof(old_ut) &&
- (ut->ut_host[0] == '\0') && (old_ut.ut_host[0] != '\0') &&
- (strncmp(old_ut.ut_line, ut->ut_line, sizeof(ut->ut_line)) == 0) &&
+ if (atomicio(read, fd, &old_ut, sizeof(old_ut)) == sizeof(old_ut) &&
+ (ut->ut_host[0] == '\0') && (old_ut.ut_host[0] != '\0') &&
+ (strncmp(old_ut.ut_line, ut->ut_line, sizeof(ut->ut_line)) == 0) &&
(strncmp(old_ut.ut_name, ut->ut_name, sizeof(ut->ut_name)) == 0)) {
(void)memcpy(ut->ut_host, old_ut.ut_host, sizeof(ut->ut_host));
}
(strncmp(old_ut.ut_name, ut->ut_name, sizeof(ut->ut_name)) == 0)) {
(void)memcpy(ut->ut_host, old_ut.ut_host, sizeof(ut->ut_host));
}
(void)lseek(fd, (off_t)(tty * sizeof(struct utmp)), SEEK_SET);
if (atomicio(write, fd, ut, sizeof(*ut)) != sizeof(*ut))
log("utmp_write_direct: error writing %s: %s",
UTMP_FILE, strerror(errno));
(void)lseek(fd, (off_t)(tty * sizeof(struct utmp)), SEEK_SET);
if (atomicio(write, fd, ut, sizeof(*ut)) != sizeof(*ut))
log("utmp_write_direct: error writing %s: %s",
UTMP_FILE, strerror(errno));
(void)close(fd);
return 1;
} else {
(void)close(fd);
return 1;
} else {
/* write a utmp entry direct to the file */
static int
utmpx_write_direct(struct logininfo *li, struct utmpx *utx)
/* write a utmp entry direct to the file */
static int
utmpx_write_direct(struct logininfo *li, struct utmpx *utx)
log("utmpx_write_direct: not implemented!");
return 0;
}
log("utmpx_write_direct: not implemented!");
return 0;
}
** Low-level wtmp functions
**/
** Low-level wtmp functions
**/
/* write a wtmp entry direct to the end of the file */
/* This is a slight modification of code in OpenBSD's logwtmp.c */
/* write a wtmp entry direct to the end of the file */
/* This is a slight modification of code in OpenBSD's logwtmp.c */
WTMP_FILE, strerror(errno));
return 0;
}
WTMP_FILE, strerror(errno));
return 0;
}
- if (fstat(fd, &buf) == 0)
+ if (fstat(fd, &buf) == 0)
if (atomicio(write, fd, ut, sizeof(*ut)) != sizeof(*ut)) {
ftruncate(fd, buf.st_size);
log("wtmp_write: problem writing %s: %s",
if (atomicio(write, fd, ut, sizeof(*ut)) != sizeof(*ut)) {
ftruncate(fd, buf.st_size);
log("wtmp_write: problem writing %s: %s",
/* Notes on fetching login data from wtmp/wtmpx
/* Notes on fetching login data from wtmp/wtmpx
* Logouts are usually recorded with (amongst other things) a blank
* username on a given tty line. However, some systems (HP-UX is one)
* leave all fields set, but change the ut_type field to DEAD_PROCESS.
* Logouts are usually recorded with (amongst other things) a blank
* username on a given tty line. However, some systems (HP-UX is one)
* leave all fields set, but change the ut_type field to DEAD_PROCESS.
static int
wtmp_islogin(struct logininfo *li, struct utmp *ut)
{
static int
wtmp_islogin(struct logininfo *li, struct utmp *ut)
{
- if (strncmp(li->username, ut->ut_name,
+ if (strncmp(li->username, ut->ut_name,
MIN_SIZEOF(li->username, ut->ut_name)) == 0) {
# ifdef HAVE_TYPE_IN_UTMP
if (ut->ut_type & USER_PROCESS)
MIN_SIZEOF(li->username, ut->ut_name)) == 0) {
# ifdef HAVE_TYPE_IN_UTMP
if (ut->ut_type & USER_PROCESS)
WTMP_FILE, strerror(errno));
return 0;
}
WTMP_FILE, strerror(errno));
return 0;
}
- if (fstat(fd, &st) != 0) {
+ if (fstat(fd, &st) != 0) {
log("wtmp_get_entry: couldn't stat %s: %s",
WTMP_FILE, strerror(errno));
close(fd);
log("wtmp_get_entry: couldn't stat %s: %s",
WTMP_FILE, strerror(errno));
close(fd);
- if (fstat(fd, &buf) == 0)
+ if (fstat(fd, &buf) == 0)
if (atomicio(write, fd, utx, sizeof(*utx)) != sizeof(*utx)) {
ftruncate(fd, buf.st_size);
log("wtmpx_write: problem writing %s: %s",
if (atomicio(write, fd, utx, sizeof(*utx)) != sizeof(*utx)) {
ftruncate(fd, buf.st_size);
log("wtmpx_write: problem writing %s: %s",
WTMPX_FILE, strerror(errno));
return 0;
}
WTMPX_FILE, strerror(errno));
return 0;
}
- if (fstat(fd, &st) != 0) {
+ if (fstat(fd, &st) != 0) {
log("wtmpx_get_entry: couldn't stat %s: %s",
WTMP_FILE, strerror(errno));
close(fd);
return 0;
}
log("wtmpx_get_entry: couldn't stat %s: %s",
WTMP_FILE, strerror(errno));
close(fd);
return 0;
}
/* Seek to the start of the last struct utmpx */
if (lseek(fd, (off_t)(0-sizeof(struct utmpx)), SEEK_END) == -1 ) {
/* probably a newly rotated wtmpx file */
/* Seek to the start of the last struct utmpx */
if (lseek(fd, (off_t)(0-sizeof(struct utmpx)), SEEK_END) == -1 ) {
/* probably a newly rotated wtmpx file */
{
# ifdef HAVE_LOGOUT
char line[8];
{
# ifdef HAVE_LOGOUT
char line[8];
(void)line_stripname(line, li->line, sizeof(line));
if (!logout(line)) {
(void)line_stripname(line, li->line, sizeof(line));
if (!logout(line)) {
{
/* clear the structure */
memset(last, '\0', sizeof(*last));
{
/* clear the structure */
memset(last, '\0', sizeof(*last));
(void)line_stripname(last->ll_line, li->line, sizeof(last->ll_line));
strlcpy(last->ll_host, li->hostname,
MIN_SIZEOF(last->ll_host, li->hostname));
(void)line_stripname(last->ll_line, li->line, sizeof(last->ll_line));
strlcpy(last->ll_host, li->hostname,
MIN_SIZEOF(last->ll_host, li->hostname));
struct stat st;
if (stat(LASTLOG_FILE, &st) != 0) {
struct stat st;
if (stat(LASTLOG_FILE, &st) != 0) {
- log("lastlog_perform_login: Couldn't stat %s: %s", LASTLOG_FILE,
+ log("lastlog_perform_login: Couldn't stat %s: %s", LASTLOG_FILE,
strerror(errno));
return 0;
}
strerror(errno));
return 0;
}
lastlog_file, strerror(errno));
return 0;
}
lastlog_file, strerror(errno));
return 0;
}
if (type == LL_FILE) {
/* find this uid's offset in the lastlog file */
offset = (off_t) ( (long)li->uid * sizeof(struct lastlog));
if ( lseek(*fd, offset, SEEK_SET) != offset ) {
log("lastlog_openseek: %s->lseek(): %s",
if (type == LL_FILE) {
/* find this uid's offset in the lastlog file */
offset = (off_t) ( (long)li->uid * sizeof(struct lastlog));
if ( lseek(*fd, offset, SEEK_SET) != offset ) {
log("lastlog_openseek: %s->lseek(): %s",
- lastlog_file, strerror(errno));
+ lastlog_file, strerror(errno));
if (!lastlog_openseek(li, &fd, O_RDWR|O_CREAT))
return(0);
if (!lastlog_openseek(li, &fd, O_RDWR|O_CREAT))
return(0);
/* write the entry */
if (atomicio(write, fd, &last, sizeof(last)) != sizeof(last)) {
close(fd);
/* write the entry */
if (atomicio(write, fd, &last, sizeof(last)) != sizeof(last)) {
close(fd);
lastlog_populate_entry(struct logininfo *li, struct lastlog *last)
{
line_fullname(li->line, last->ll_line, sizeof(li->line));
lastlog_populate_entry(struct logininfo *li, struct lastlog *last)
{
line_fullname(li->line, last->ll_line, sizeof(li->line));
- strlcpy(li->hostname, last->ll_host,
+ strlcpy(li->hostname, last->ll_host,
MIN_SIZEOF(li->hostname, last->ll_host));
li->tv_sec = last->ll_time;
}
MIN_SIZEOF(li->hostname, last->ll_host));
li->tv_sec = last->ll_time;
}
}
}
#endif /* USE_LASTLOG */
}
}
#endif /* USE_LASTLOG */
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
** loginrec.h: platform-independent login recording and lastlog retrieval
**/
** loginrec.h: platform-independent login recording and lastlog retrieval
**/
* use time_t's value as tv_sec and set tv_usec to 0
*/
unsigned int tv_sec;
* use time_t's value as tv_sec and set tv_usec to 0
*/
unsigned int tv_sec;
union login_netinfo hostaddr; /* caller's host address(es) */
}; /* struct logininfo */
union login_netinfo hostaddr; /* caller's host address(es) */
}; /* struct logininfo */
/* free a structure */
void login_free_entry(struct logininfo *li);
/* fill out a pre-allocated structure with useful information */
/* free a structure */
void login_free_entry(struct logininfo *li);
/* fill out a pre-allocated structure with useful information */
-int login_init_entry(struct logininfo *li, int pid, const char *username,
+int login_init_entry(struct logininfo *li, int pid, const char *username,
const char *hostname, const char *line);
/* place the current time in a logininfo struct */
void login_set_current_time(struct logininfo *li);
const char *hostname, const char *line);
/* place the current time in a logininfo struct */
void login_set_current_time(struct logininfo *li);
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
** logintest.c: simple test driver for platform-independent login recording
** and lastlog retrieval
**/
** logintest.c: simple test driver for platform-independent login recording
** and lastlog retrieval
**/
"\t\t\tfamily\t%d\n\t\t}\n"
"\t}\n"
"}\n",
"\t\t\tfamily\t%d\n\t\t}\n"
"\t}\n"
"}\n",
- descname, li->progname, li->type,
+ descname, li->progname, li->type,
li->pid, li->uid, li->line,
li->pid, li->uid, li->line,
- li->username, li->hostname, li->exit,
- li->termination, li->tv_sec, li->tv_usec,
+ li->username, li->hostname, li->exit,
+ li->termination, li->tv_sec, li->tv_usec,
li->hostaddr.sa.sa_family);
}
li->hostaddr.sa.sa_family);
}
line_stripname(stripline, li1->line, sizeof(stripline));
printf("Performing an invalid login attempt (no type field)\n--\n");
line_stripname(stripline, li1->line, sizeof(stripline));
printf("Performing an invalid login attempt (no type field)\n--\n");
#endif
printf("--\n");
login_login(li1);
#endif
printf("--\n");
login_login(li1);
snprintf(cmdstring, sizeof(cmdstring), "who | grep '%s '",
stripline);
system(cmdstring);
snprintf(cmdstring, sizeof(cmdstring), "who | grep '%s '",
stripline);
system(cmdstring);
printf("--\nPausing for %d second(s)...\n", PAUSE_BEFORE_LOGOUT);
sleep(PAUSE_BEFORE_LOGOUT);
printf("--\nPausing for %d second(s)...\n", PAUSE_BEFORE_LOGOUT);
sleep(PAUSE_BEFORE_LOGOUT);
#endif
printf("--\nThe output of 'last' shown next should have "
#endif
printf("--\nThe output of 'last' shown next should have "
- "an entry for root \n on %s for the time shown above:\n--\n",
+ "an entry for root \n on %s for the time shown above:\n--\n",
stripline);
snprintf(cmdstring, sizeof(cmdstring), "last | grep '%s ' | head -3",
stripline);
system(cmdstring);
stripline);
snprintf(cmdstring, sizeof(cmdstring), "last | grep '%s ' | head -3",
stripline);
system(cmdstring);
printf("--\nEnd of login test.\n");
login_free_entry(li1);
printf("--\nEnd of login test.\n");
login_free_entry(li1);
/* show which options got compiled in */
void
showOptions(void)
/* show which options got compiled in */
void
showOptions(void)
printf("**\n** Compile-time options\n**\n");
printf("**\n** Compile-time options\n**\n");
printf("login recording methods selected:\n");
#ifdef USE_LOGIN
printf("\tUSE_LOGIN\n");
printf("login recording methods selected:\n");
#ifdef USE_LOGIN
printf("\tUSE_LOGIN\n");
else if (strncmp(argv[1], "-v", 3) == 0)
be_verbose=1;
}
else if (strncmp(argv[1], "-v", 3) == 0)
be_verbose=1;
}
if (!compile_opts_only) {
if (be_verbose && !testOutput())
return 1;
if (!compile_opts_only) {
if (be_verbose && !testOutput())
return 1;
if (!testAPI())
return 1;
}
showOptions();
if (!testAPI())
return 1;
}
showOptions();
"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
static char *magic = "$1$"; /*
"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
static char *magic = "$1$"; /*
- * This string is magic for
- * this algorithm. Having
- * it this way, we can get
- * get better later on
- */
+ * This string is magic for
+ * this algorithm. Having
+ * it this way, we can get
+ * get better later on
+ */
static void
to64(char *s, unsigned long v, int n)
static void
to64(char *s, unsigned long v, int n)
int
is_md5_salt(const char *salt)
{
int
is_md5_salt(const char *salt)
{
- return (!strncmp(salt, magic, strlen(magic)));
+ return (!strncmp(salt, magic, strlen(magic)));
return;
debug("channel %d: close_read", c->self);
if (c->sock != -1) {
return;
debug("channel %d: close_read", c->self);
if (c->sock != -1) {
* shutdown(sock, SHUT_READ) may return ENOTCONN if the
* write side has been closed already. (bug on Linux)
*/
* shutdown(sock, SHUT_READ) may return ENOTCONN if the
* write side has been closed already. (bug on Linux)
*/
default:
return type;
break;
default:
return type;
break;
} else {
switch(type) {
case SSH_MSG_IGNORE:
} else {
switch(type) {
case SSH_MSG_IGNORE:
DBG(debug("received packet type %d", type));
return type;
break;
DBG(debug("received packet type %d", type));
return type;
break;
*ptyfd = open(buf, O_RDWR | O_NOCTTY);
if (*ptyfd < 0)
continue;
*ptyfd = open(buf, O_RDWR | O_NOCTTY);
if (*ptyfd < 0)
continue;
/* Open the slave side. */
*ttyfd = open(namebuf, O_RDWR | O_NOCTTY);
if (*ttyfd < 0) {
/* Open the slave side. */
*ttyfd = open(namebuf, O_RDWR | O_NOCTTY);
if (*ttyfd < 0) {
if (chown(ttyname, pw->pw_uid, gid) < 0) {
if (errno == EROFS && st.st_uid == pw->pw_uid)
error("chown(%.100s, %d, %d) failed: %.100s",
if (chown(ttyname, pw->pw_uid, gid) < 0) {
if (errno == EROFS && st.st_uid == pw->pw_uid)
error("chown(%.100s, %d, %d) failed: %.100s",
- ttyname, pw->pw_uid, gid,
+ ttyname, pw->pw_uid, gid,
strerror(errno));
else
fatal("chown(%.100s, %d, %d) failed: %.100s",
strerror(errno));
else
fatal("chown(%.100s, %d, %d) failed: %.100s",
- ttyname, pw->pw_uid, gid,
+ ttyname, pw->pw_uid, gid,
#define bswap(x) ((rotl(x, 8) & 0x00ff00ff) | (rotr(x, 8) & 0xff00ff00))
#define bswap(x) ((rotl(x, 8) & 0x00ff00ff) | (rotr(x, 8) & 0xff00ff00))
-/* Extract byte from a 32 bit quantity (little endian notation) */
+/* Extract byte from a 32 bit quantity (little endian notation) */
#define byte(x,n) ((u1byte)((x) >> (8 * n)))
#define byte(x,n) ((u1byte)((x) >> (8 * n)))
#define f_rn(bo, bi, n, k) \
bo[n] = ft_tab[0][byte(bi[n],0)] ^ \
#define f_rn(bo, bi, n, k) \
bo[n] = ft_tab[0][byte(bi[n],0)] ^ \
- ft_tab[1][byte(bi[(n + 1) & 3],1)] ^ \
- ft_tab[2][byte(bi[(n + 2) & 3],2)] ^ \
- ft_tab[3][byte(bi[(n + 3) & 3],3)] ^ *(k + n)
+ ft_tab[1][byte(bi[(n + 1) & 3],1)] ^ \
+ ft_tab[2][byte(bi[(n + 2) & 3],2)] ^ \
+ ft_tab[3][byte(bi[(n + 3) & 3],3)] ^ *(k + n)
#define i_rn(bo, bi, n, k) \
bo[n] = it_tab[0][byte(bi[n],0)] ^ \
#define i_rn(bo, bi, n, k) \
bo[n] = it_tab[0][byte(bi[n],0)] ^ \
- it_tab[1][byte(bi[(n + 3) & 3],1)] ^ \
- it_tab[2][byte(bi[(n + 2) & 3],2)] ^ \
- it_tab[3][byte(bi[(n + 1) & 3],3)] ^ *(k + n)
+ it_tab[1][byte(bi[(n + 3) & 3],1)] ^ \
+ it_tab[2][byte(bi[(n + 2) & 3],2)] ^ \
+ it_tab[3][byte(bi[(n + 1) & 3],3)] ^ *(k + n)
#define f_rl(bo, bi, n, k) \
bo[n] = fl_tab[0][byte(bi[n],0)] ^ \
#define f_rl(bo, bi, n, k) \
bo[n] = fl_tab[0][byte(bi[n],0)] ^ \
- fl_tab[1][byte(bi[(n + 1) & 3],1)] ^ \
- fl_tab[2][byte(bi[(n + 2) & 3],2)] ^ \
- fl_tab[3][byte(bi[(n + 3) & 3],3)] ^ *(k + n)
+ fl_tab[1][byte(bi[(n + 1) & 3],1)] ^ \
+ fl_tab[2][byte(bi[(n + 2) & 3],2)] ^ \
+ fl_tab[3][byte(bi[(n + 3) & 3],3)] ^ *(k + n)
#define i_rl(bo, bi, n, k) \
bo[n] = il_tab[0][byte(bi[n],0)] ^ \
#define i_rl(bo, bi, n, k) \
bo[n] = il_tab[0][byte(bi[n],0)] ^ \
- il_tab[1][byte(bi[(n + 3) & 3],1)] ^ \
- il_tab[2][byte(bi[(n + 2) & 3],2)] ^ \
- il_tab[3][byte(bi[(n + 1) & 3],3)] ^ *(k + n)
+ il_tab[1][byte(bi[(n + 3) & 3],1)] ^ \
+ il_tab[2][byte(bi[(n + 2) & 3],2)] ^ \
+ il_tab[3][byte(bi[(n + 1) & 3],3)] ^ *(k + n)
#define f_rl(bo, bi, n, k) \
bo[n] = (u4byte)sbx_tab[byte(bi[n],0)] ^ \
#define f_rl(bo, bi, n, k) \
bo[n] = (u4byte)sbx_tab[byte(bi[n],0)] ^ \
- rotl(((u4byte)sbx_tab[byte(bi[(n + 1) & 3],1)]), 8) ^ \
- rotl(((u4byte)sbx_tab[byte(bi[(n + 2) & 3],2)]), 16) ^ \
- rotl(((u4byte)sbx_tab[byte(bi[(n + 3) & 3],3)]), 24) ^ *(k + n)
+ rotl(((u4byte)sbx_tab[byte(bi[(n + 1) & 3],1)]), 8) ^ \
+ rotl(((u4byte)sbx_tab[byte(bi[(n + 2) & 3],2)]), 16) ^ \
+ rotl(((u4byte)sbx_tab[byte(bi[(n + 3) & 3],3)]), 24) ^ *(k + n)
#define i_rl(bo, bi, n, k) \
bo[n] = (u4byte)isb_tab[byte(bi[n],0)] ^ \
#define i_rl(bo, bi, n, k) \
bo[n] = (u4byte)isb_tab[byte(bi[n],0)] ^ \
- rotl(((u4byte)isb_tab[byte(bi[(n + 3) & 3],1)]), 8) ^ \
- rotl(((u4byte)isb_tab[byte(bi[(n + 2) & 3],2)]), 16) ^ \
- rotl(((u4byte)isb_tab[byte(bi[(n + 1) & 3],3)]), 24) ^ *(k + n)
+ rotl(((u4byte)isb_tab[byte(bi[(n + 3) & 3],1)]), 8) ^ \
+ rotl(((u4byte)isb_tab[byte(bi[(n + 2) & 3],2)]), 16) ^ \
+ rotl(((u4byte)isb_tab[byte(bi[(n + 1) & 3],3)]), 24) ^ *(k + n)
log_tab[1] = 0; p = 1;
for(i = 0; i < 10; ++i) {
log_tab[1] = 0; p = 1;
for(i = 0; i < 10; ++i) {
p = (p << 1) ^ (p & 0x80 ? 0x1b : 0);
}
p = (p << 1) ^ (p & 0x80 ? 0x1b : 0);
}
/* least significant end of a byte. */
for(i = 0; i < 256; ++i) {
/* least significant end of a byte. */
for(i = 0; i < 256; ++i) {
- p = (i ? pow_tab[255 - log_tab[i]] : 0); q = p;
- q = (q >> 7) | (q << 1); p ^= q;
- q = (q >> 7) | (q << 1); p ^= q;
- q = (q >> 7) | (q << 1); p ^= q;
- q = (q >> 7) | (q << 1); p ^= q ^ 0x63;
+ p = (i ? pow_tab[255 - log_tab[i]] : 0); q = p;
+ q = (q >> 7) | (q << 1); p ^= q;
+ q = (q >> 7) | (q << 1); p ^= q;
+ q = (q >> 7) | (q << 1); p ^= q;
+ q = (q >> 7) | (q << 1); p ^= q ^ 0x63;
sbx_tab[i] = (u1byte)p; isb_tab[p] = (u1byte)i;
}
for(i = 0; i < 256; ++i) {
sbx_tab[i] = (u1byte)p; isb_tab[p] = (u1byte)i;
}
for(i = 0; i < 256; ++i) {
+ p = sbx_tab[i];
+
+#ifdef LARGE_TABLES
t = p; fl_tab[0][i] = t;
fl_tab[1][i] = rotl(t, 8);
fl_tab[2][i] = rotl(t, 16);
t = p; fl_tab[0][i] = t;
fl_tab[1][i] = rotl(t, 8);
fl_tab[2][i] = rotl(t, 16);
((u4byte)p << 8) |
((u4byte)p << 16) |
((u4byte)ff_mult(3, p) << 24);
((u4byte)p << 8) |
((u4byte)p << 16) |
((u4byte)ff_mult(3, p) << 24);
ft_tab[0][i] = t;
ft_tab[1][i] = rotl(t, 8);
ft_tab[2][i] = rotl(t, 16);
ft_tab[3][i] = rotl(t, 24);
ft_tab[0][i] = t;
ft_tab[1][i] = rotl(t, 8);
ft_tab[2][i] = rotl(t, 16);
ft_tab[3][i] = rotl(t, 24);
-#ifdef LARGE_TABLES
-
- t = p; il_tab[0][i] = t;
- il_tab[1][i] = rotl(t, 8);
- il_tab[2][i] = rotl(t, 16);
+#ifdef LARGE_TABLES
+
+ t = p; il_tab[0][i] = t;
+ il_tab[1][i] = rotl(t, 8);
+ il_tab[2][i] = rotl(t, 16);
il_tab[3][i] = rotl(t, 24);
il_tab[3][i] = rotl(t, 24);
t = ((u4byte)ff_mult(14, p)) |
((u4byte)ff_mult( 9, p) << 8) |
((u4byte)ff_mult(13, p) << 16) |
((u4byte)ff_mult(11, p) << 24);
t = ((u4byte)ff_mult(14, p)) |
((u4byte)ff_mult( 9, p) << 8) |
((u4byte)ff_mult(13, p) << 16) |
((u4byte)ff_mult(11, p) << 24);
-
- it_tab[0][i] = t;
- it_tab[1][i] = rotl(t, 8);
- it_tab[2][i] = rotl(t, 16);
- it_tab[3][i] = rotl(t, 24);
+
+ it_tab[0][i] = t;
+ it_tab[1][i] = rotl(t, 8);
+ it_tab[2][i] = rotl(t, 16);
+ it_tab[3][i] = rotl(t, 24);
t = w ^ (x); \
(y) = u ^ v ^ w; \
(y) ^= rotr(u ^ t, 8) ^ \
t = w ^ (x); \
(y) = u ^ v ^ w; \
(y) ^= rotr(u ^ t, 8) ^ \
- rotr(v ^ t, 16) ^ \
- rotr(t,24)
+ rotr(v ^ t, 16) ^ \
+ rotr(t,24)
/* initialise the key schedule from the user supplied key */
/* initialise the key schedule from the user supplied key */
rijndael_ctx *
rijndael_set_key(rijndael_ctx *ctx, const u4byte *in_key, const u4byte key_len,
int encrypt)
rijndael_ctx *
rijndael_set_key(rijndael_ctx *ctx, const u4byte *in_key, const u4byte key_len,
int encrypt)
u4byte i, t, u, v, w;
u4byte *e_key = ctx->e_key;
u4byte *d_key = ctx->d_key;
u4byte i, t, u, v, w;
u4byte *e_key = ctx->e_key;
u4byte *d_key = ctx->d_key;
e_key[0] = io_swap(in_key[0]); e_key[1] = io_swap(in_key[1]);
e_key[2] = io_swap(in_key[2]); e_key[3] = io_swap(in_key[3]);
e_key[0] = io_swap(in_key[0]); e_key[1] = io_swap(in_key[1]);
e_key[2] = io_swap(in_key[2]); e_key[3] = io_swap(in_key[3]);
- case 4: t = e_key[3];
- for(i = 0; i < 10; ++i)
+ case 4: t = e_key[3];
+ for(i = 0; i < 10; ++i)
- case 6: e_key[4] = io_swap(in_key[4]); t = e_key[5] = io_swap(in_key[5]);
- for(i = 0; i < 8; ++i)
+ case 6: e_key[4] = io_swap(in_key[4]); t = e_key[5] = io_swap(in_key[5]);
+ for(i = 0; i < 8; ++i)
- case 8: e_key[4] = io_swap(in_key[4]); e_key[5] = io_swap(in_key[5]);
- e_key[6] = io_swap(in_key[6]); t = e_key[7] = io_swap(in_key[7]);
- for(i = 0; i < 7; ++i)
+ case 8: e_key[4] = io_swap(in_key[4]); e_key[5] = io_swap(in_key[5]);
+ e_key[6] = io_swap(in_key[6]); t = e_key[7] = io_swap(in_key[7]);
+ for(i = 0; i < 7; ++i)
void
rijndael_encrypt(rijndael_ctx *ctx, const u4byte *in_blk, u4byte *out_blk)
void
rijndael_encrypt(rijndael_ctx *ctx, const u4byte *in_blk, u4byte *out_blk)
u4byte k_len = ctx->k_len;
u4byte *e_key = ctx->e_key;
u4byte b0[4], b1[4], *kp;
u4byte k_len = ctx->k_len;
u4byte *e_key = ctx->e_key;
u4byte b0[4], b1[4], *kp;
void
rijndael_decrypt(rijndael_ctx *ctx, const u4byte *in_blk, u4byte *out_blk)
void
rijndael_decrypt(rijndael_ctx *ctx, const u4byte *in_blk, u4byte *out_blk)
u4byte b0[4], b1[4], *kp;
u4byte k_len = ctx->k_len;
u4byte *e_key = ctx->e_key;
u4byte b0[4], b1[4], *kp;
u4byte k_len = ctx->k_len;
u4byte *e_key = ctx->e_key;
* software must be clearly marked as such, and if the derived work is
* incompatible with the protocol description in the RFC file, it must be
* called by a name other than "ssh" or "Secure Shell".
* software must be clearly marked as such, and if the derived work is
* incompatible with the protocol description in the RFC file, it must be
* called by a name other than "ssh" or "Secure Shell".
*
* Copyright (c) 1999 Niels Provos. All rights reserved.
*
*
* Copyright (c) 1999 Niels Provos. All rights reserved.
*
remin = STDIN_FILENO;
remout = STDOUT_FILENO;
remin = STDIN_FILENO;
remout = STDOUT_FILENO;
/* Follow "protocol", send data. */
(void) response();
source(argc, argv);
/* Follow "protocol", send data. */
(void) response();
source(argc, argv);
size = blksize + (stb.st_blksize - blksize % stb.st_blksize) %
stb.st_blksize;
#else /* HAVE_ST_BLKSIZE */
size = blksize + (stb.st_blksize - blksize % stb.st_blksize) %
stb.st_blksize;
#else /* HAVE_ST_BLKSIZE */
#endif /* HAVE_ST_BLKSIZE */
if (bp->cnt >= size)
return (bp);
#endif /* HAVE_ST_BLKSIZE */
if (bp->cnt >= size)
return (bp);
{ "port", sPort },
{ "hostkey", sHostKeyFile },
{ "hostdsakey", sHostKeyFile }, /* alias */
{ "port", sPort },
{ "hostkey", sHostKeyFile },
{ "hostdsakey", sHostKeyFile }, /* alias */
- { "pidfile", sPidFile },
+ { "pidfile", sPidFile },
{ "serverkeybits", sServerKeyBits },
{ "logingracetime", sLoginGraceTime },
{ "keyregenerationinterval", sKeyRegenerationTime },
{ "serverkeybits", sServerKeyBits },
{ "logingracetime", sLoginGraceTime },
{ "keyregenerationinterval", sKeyRegenerationTime },
case sXAuthLocation:
charptr = &options->xauth_location;
goto parse_filename;
case sXAuthLocation:
charptr = &options->xauth_location;
goto parse_filename;
case sStrictModes:
intptr = &options->strict_modes;
goto parse_flag;
case sStrictModes:
intptr = &options->strict_modes;
goto parse_flag;
case sBanner:
charptr = &options->banner;
goto parse_filename;
case sBanner:
charptr = &options->banner;
goto parse_filename;
default:
fprintf(stderr, "%s line %d: Missing handler for opcode %s (%d)\n",
filename, linenum, arg, opcode);
exit(1);
}
if ((arg = strdelim(&cp)) != NULL && *arg != '\0') {
default:
fprintf(stderr, "%s line %d: Missing handler for opcode %s (%d)\n",
filename, linenum, arg, opcode);
exit(1);
}
if ((arg = strdelim(&cp)) != NULL && *arg != '\0') {
"%s line %d: garbage at end of line; \"%.200s\".\n",
filename, linenum, arg);
exit(1);
"%s line %d: garbage at end of line; \"%.200s\".\n",
filename, linenum, arg);
exit(1);
} else {
/* Keep the packets at reasonable size. */
if (len > packet_get_maxsize())
} else {
/* Keep the packets at reasonable size. */
if (len > packet_get_maxsize())
- len = packet_get_maxsize();
+ len = packet_get_maxsize();
}
packet_start(SSH_SMSG_STDOUT_DATA);
packet_put_string(buffer_ptr(&stdout_buffer), len);
}
packet_start(SSH_SMSG_STDOUT_DATA);
packet_put_string(buffer_ptr(&stdout_buffer), len);
server_input_global_request(int type, int plen, void *ctxt)
{
char *rtype;
server_input_global_request(int type, int plen, void *ctxt)
{
char *rtype;
rtype = packet_get_string(NULL);
want_reply = packet_get_char();
debug("server_input_global_request: rtype %s want_reply %d", rtype, want_reply);
rtype = packet_get_string(NULL);
want_reply = packet_get_char();
debug("server_input_global_request: rtype %s want_reply %d", rtype, want_reply);
if (strcmp(rtype, "tcpip-forward") == 0) {
struct passwd *pw;
char *listen_address;
if (strcmp(rtype, "tcpip-forward") == 0) {
struct passwd *pw;
char *listen_address;
#endif /* WITH_IRIX_PROJECT */
#ifdef WITH_IRIX_JOBS
#include <sys/resource.h>
#endif /* WITH_IRIX_PROJECT */
#ifdef WITH_IRIX_JOBS
#include <sys/resource.h>
#ifdef WITH_IRIX_AUDIT
#include <sat.h>
#endif /* WITH_IRIX_AUDIT */
#ifdef WITH_IRIX_AUDIT
#include <sat.h>
#endif /* WITH_IRIX_AUDIT */
static char *xauthfile;
/* original command from peer. */
static char *xauthfile;
/* original command from peer. */
-char *original_command = NULL;
+char *original_command = NULL;
/* data */
#define MAX_SESSIONS 10
/* data */
#define MAX_SESSIONS 10
if ((pam_env = fetch_pam_environment()) == NULL)
return;
if ((pam_env = fetch_pam_environment()) == NULL)
return;
for(i = 0; pam_env[i] != NULL; i++) {
if ((equals = strstr(pam_env[i], "=")) == NULL)
continue;
for(i = 0; pam_env[i] != NULL; i++) {
if ((equals = strstr(pam_env[i], "=")) == NULL)
continue;
if (strlen(pam_env[i]) < (sizeof(var_name) - 1)) {
memset(var_name, '\0', sizeof(var_name));
memset(var_val, '\0', sizeof(var_val));
if (strlen(pam_env[i]) < (sizeof(var_name) - 1)) {
memset(var_name, '\0', sizeof(var_name));
memset(var_val, '\0', sizeof(var_val));
for(i = 0; environ[i] != NULL; i++) {
if ((equals = strstr(environ[i], "=")) == NULL)
continue;
for(i = 0; environ[i] != NULL; i++) {
if ((equals = strstr(environ[i], "=")) == NULL)
continue;
if (strlen(environ[i]) < (sizeof(var_name) - 1)) {
memset(var_name, '\0', sizeof(var_name));
memset(var_val, '\0', sizeof(var_val));
if (strlen(environ[i]) < (sizeof(var_name) - 1)) {
memset(var_name, '\0', sizeof(var_name));
memset(var_val, '\0', sizeof(var_val));
if (jid == -1) {
fatal("Failed to create job container: %.100s",
strerror(errno));
if (jid == -1) {
fatal("Failed to create job container: %.100s",
strerror(errno));
# endif /* WITH_IRIX_JOBS */
# ifdef WITH_IRIX_ARRAY
/* initialize array session */
# endif /* WITH_IRIX_JOBS */
# ifdef WITH_IRIX_ARRAY
/* initialize array session */
fprintf(f, "add %s %s %s\n", display,
auth_proto, auth_data);
#ifndef HAVE_CYGWIN /* Unix sockets are not supported */
fprintf(f, "add %s %s %s\n", display,
auth_proto, auth_data);
#ifndef HAVE_CYGWIN /* Unix sockets are not supported */
fprintf(f, "add %.*s/unix%s %s %s\n",
(int)(screen-display), display,
screen, auth_proto, auth_data);
fprintf(f, "add %.*s/unix%s %s %s\n",
(int)(screen-display), display,
screen, auth_proto, auth_data);
session_close(s);
} else {
/* notify child, delay session cleanup */
session_close(s);
} else {
/* notify child, delay session cleanup */
fatal("session_close_by_channel: Unsafe s->pid = %d", s->pid);
if (kill(s->pid, (s->ttyfd == -1) ? SIGTERM : SIGHUP) < 0)
error("session_close_by_channel: kill %d: %s",
fatal("session_close_by_channel: Unsafe s->pid = %d", s->pid);
if (kill(s->pid, (s->ttyfd == -1) ? SIGTERM : SIGHUP) < 0)
error("session_close_by_channel: kill %d: %s",
- /* Expecting a VERSION reply */
+ /* Expecting a VERSION reply */
if ((type = buffer_get_char(&msg)) != SSH2_FXP_VERSION) {
error("Invalid packet back from SSH2_FXP_INIT (type %d)",
type);
if ((type = buffer_get_char(&msg)) != SSH2_FXP_VERSION) {
error("Invalid packet back from SSH2_FXP_INIT (type %d)",
type);
int ret, status;
char *shell;
pid_t pid;
int ret, status;
char *shell;
pid_t pid;
if ((shell = getenv("SHELL")) == NULL)
shell = _PATH_BSHELL;
if ((shell = getenv("SHELL")) == NULL)
shell = _PATH_BSHELL;
debug3("Executing %s", shell);
ret = execl(shell, shell, NULL);
}
debug3("Executing %s", shell);
ret = execl(shell, shell, NULL);
}
- fprintf(stderr, "Couldn't execute \"%s\": %s\n", shell,
+ fprintf(stderr, "Couldn't execute \"%s\": %s\n", shell,
strerror(errno));
_exit(1);
}
strerror(errno));
_exit(1);
}
error("Shell exited with status %d", WEXITSTATUS(status));
}
error("Shell exited with status %d", WEXITSTATUS(status));
}
local_do_ls(const char *args)
{
if (!args || !*args)
local_do_ls(const char *args)
{
if (!args || !*args)
if (get_pathname(&cp, path1))
return(-1);
if (*path1 == NULL) {
if (get_pathname(&cp, path1))
return(-1);
if (*path1 == NULL) {
- error("You must specify a path after a %s command.",
+ error("You must specify a path after a %s command.",
if (get_pathname(&cp, path1))
return(-1);
if (*path1 == NULL) {
if (get_pathname(&cp, path1))
return(-1);
if (*path1 == NULL) {
- error("You must specify a path after a %s command.",
+ error("You must specify a path after a %s command.",
int
handle_to_fd(int handle)
{
int
handle_to_fd(int handle)
{
- if (handle_is_ok(handle, HANDLE_FILE))
+ if (handle_is_ok(handle, HANDLE_FILE))
return handles[handle].fd;
return -1;
}
return handles[handle].fd;
return -1;
}
id = get_int();
path = get_string(NULL);
TRACE("opendir id %d path %s", id, path);
id = get_int();
path = get_string(NULL);
TRACE("opendir id %d path %s", id, path);
if (dirp == NULL) {
status = errno_to_portable(errno);
} else {
if (dirp == NULL) {
status = errno_to_portable(errno);
} else {
send_handle(id, handle);
status = SSH2_FX_OK;
}
send_handle(id, handle);
status = SSH2_FX_OK;
}
}
if (status != SSH2_FX_OK)
send_status(id, status);
}
if (status != SSH2_FX_OK)
send_status(id, status);
handle_init();
#ifdef DEBUG_SFTP_SERVER
handle_init();
#ifdef DEBUG_SFTP_SERVER
- log_init("sftp-server", SYSLOG_LEVEL_DEBUG1, SYSLOG_FACILITY_AUTH, 0);
+ log_init("sftp-server", SYSLOG_LEVEL_DEBUG1, SYSLOG_FACILITY_AUTH, 0);
#endif
in = dup(STDIN_FILENO);
#endif
in = dup(STDIN_FILENO);
usage(void)
{
fprintf(stderr, "usage: sftp [-vC] [-osshopt=value] [user@]host\n");
exit(1);
}
usage(void)
{
fprintf(stderr, "usage: sftp [-vC] [-osshopt=value] [user@]host\n");
exit(1);
}
main(int argc, char **argv)
{
int in, out, i, debug_level, compress_flag;
main(int argc, char **argv)
{
int in, out, i, debug_level, compress_flag;
__progname = get_progname(argv[0]);
init_rng();
__progname = get_progname(argv[0]);
init_rng();
- SSLeay_add_all_algorithms();
+ SSLeay_add_all_algorithms();
/* At first, get a connection to the authentication agent. */
ac = ssh_get_authentication_connection();
/* At first, get a connection to the authentication agent. */
ac = ssh_get_authentication_connection();
__progname = get_progname(av[0]);
init_rng();
__progname = get_progname(av[0]);
init_rng();
#ifdef __GNU_LIBRARY__
while ((ch = getopt(ac, av, "+cks")) != -1) {
#else /* __GNU_LIBRARY__ */
#ifdef __GNU_LIBRARY__
while ((ch = getopt(ac, av, "+cks")) != -1) {
#else /* __GNU_LIBRARY__ */
memset(sigblob, 0, len);
xfree(sigblob);
}
memset(sigblob, 0, len);
xfree(sigblob);
}
/* sha1 the data */
dlen = evp_md->md_size;
digest = xmalloc(dlen);
/* sha1 the data */
dlen = evp_md->md_size;
digest = xmalloc(dlen);
#define SSH_COM_PUBLIC_BEGIN "---- BEGIN SSH2 PUBLIC KEY ----"
#define SSH_COM_PUBLIC_END "---- END SSH2 PUBLIC KEY ----"
#define SSH_COM_PRIVATE_BEGIN "---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ----"
#define SSH_COM_PUBLIC_BEGIN "---- BEGIN SSH2 PUBLIC KEY ----"
#define SSH_COM_PUBLIC_END "---- END SSH2 PUBLIC KEY ----"
#define SSH_COM_PRIVATE_BEGIN "---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ----"
-#define SSH_COM_PRIVATE_KEY_MAGIC 0x3f6ff9eb
+#define SSH_COM_PRIVATE_KEY_MAGIC 0x3f6ff9eb
void
do_convert_to_ssh2(struct passwd *pw)
void
do_convert_to_ssh2(struct passwd *pw)
c = tq.tqh_first;
while (c &&
(c->c_tv.tv_sec < now.tv_sec ||
c = tq.tqh_first;
while (c &&
(c->c_tv.tv_sec < now.tv_sec ||
- (c->c_tv.tv_sec == now.tv_sec && c->c_tv.tv_usec < now.tv_usec))) {
+ (c->c_tv.tv_sec == now.tv_sec && c->c_tv.tv_usec < now.tv_usec))) {
int s = c->c_fd;
c = c->c_link.tqe_next;
conrecycle(s);
int s = c->c_fd;
c = c->c_link.tqe_next;
conrecycle(s);
#ifdef AFS
fprintf(stderr, " -k Disable Kerberos ticket and AFS token forwarding.\n");
#endif /* AFS */
#ifdef AFS
fprintf(stderr, " -k Disable Kerberos ticket and AFS token forwarding.\n");
#endif /* AFS */
- fprintf(stderr, " -X Enable X11 connection forwarding.\n");
+ fprintf(stderr, " -X Enable X11 connection forwarding.\n");
fprintf(stderr, " -x Disable X11 connection forwarding.\n");
fprintf(stderr, " -i file Identity for RSA authentication (default: ~/.ssh/identity).\n");
fprintf(stderr, " -t Tty; allocate a tty even if command is given.\n");
fprintf(stderr, " -x Disable X11 connection forwarding.\n");
fprintf(stderr, " -i file Identity for RSA authentication (default: ~/.ssh/identity).\n");
fprintf(stderr, " -t Tty; allocate a tty even if command is given.\n");
/* XXX should be pre-session */
ssh_init_forwarding();
/* XXX should be pre-session */
ssh_init_forwarding();
/* If requested, let ssh continue in the background. */
if (fork_after_authentication_flag)
if (daemon(1, 1) < 0)
/* If requested, let ssh continue in the background. */
if (fork_after_authentication_flag)
if (daemon(1, 1) < 0)
int remote_major, remote_minor, i, mismatch;
int connection_in = packet_get_connection_in();
int connection_out = packet_get_connection_out();
int remote_major, remote_minor, i, mismatch;
int connection_in = packet_get_connection_in();
int connection_out = packet_get_connection_out();
- int minor1 = PROTOCOL_MINOR_1;
+ int minor1 = PROTOCOL_MINOR_1;
/* Read other side\'s version identification. */
for (;;) {
/* Read other side\'s version identification. */
for (;;) {
error("X11 forwarding is disabled to avoid trojan horses.");
options.forward_x11 = 0;
}
error("X11 forwarding is disabled to avoid trojan horses.");
options.forward_x11 = 0;
}
- if (options.num_local_forwards > 0 || options.num_remote_forwards > 0) {
+ if (options.num_local_forwards > 0 || options.num_remote_forwards > 0) {
error("Port forwarding is disabled to avoid trojan horses.");
options.num_local_forwards = options.num_remote_forwards = 0;
}
error("Port forwarding is disabled to avoid trojan horses.");
options.num_local_forwards = options.num_remote_forwards = 0;
}
/* diffie-hellman-group1-sha1 */
void
/* diffie-hellman-group1-sha1 */
void
-ssh_dh1_client(Kex *kex, char *host, struct sockaddr *hostaddr,
+ssh_dh1_client(Kex *kex, char *host, struct sockaddr *hostaddr,
Buffer *client_kexinit, Buffer *server_kexinit)
{
#ifdef DEBUG_KEXDH
Buffer *client_kexinit, Buffer *server_kexinit)
{
#ifdef DEBUG_KEXDH
int
dh_estimate(int bits)
{
int
dh_estimate(int bits)
{
if (bits < 64)
return (512); /* O(2**63) */
if (bits < 128)
if (bits < 64)
return (512); /* O(2**63) */
if (bits < 128)
buffer_ptr(client_kexinit), buffer_len(client_kexinit),
buffer_ptr(server_kexinit), buffer_len(server_kexinit),
server_host_key_blob, sbloblen,
buffer_ptr(client_kexinit), buffer_len(client_kexinit),
buffer_ptr(server_kexinit), buffer_len(server_kexinit),
server_host_key_blob, sbloblen,
dh->pub_key,
dh_server_pub,
shared_secret
dh->pub_key,
dh_server_pub,
shared_secret
for (;;) {
method = authmethod_get(authlist);
if (method == NULL)
for (;;) {
method = authmethod_get(authlist);
if (method == NULL)
- fatal("Unable to find an authentication method");
+ fatal("Unable to find an authentication method");
authctxt->method = method;
if (method->userauth(authctxt) != 0) {
debug2("we sent a %s packet, wait for reply", method->name);
authctxt->method = method;
if (method->userauth(authctxt) != 0) {
debug2("we sent a %s packet, wait for reply", method->name);
debug2("we did not send a packet, disable method");
method->enabled = NULL;
}
debug2("we did not send a packet, disable method");
method->enabled = NULL;
}
buffer_init(&b);
if (datafellows & SSH_OLD_SESSIONID) {
buffer_append(&b, session_id2, session_id2_len);
buffer_init(&b);
if (datafellows & SSH_OLD_SESSIONID) {
buffer_append(&b, session_id2, session_id2_len);
- skip = session_id2_len;
+ skip = session_id2_len;
} else {
buffer_put_string(&b, session_id2, session_id2_len);
skip = buffer_len(&b);
} else {
buffer_put_string(&b, session_id2, session_id2_len);
skip = buffer_len(&b);
} else {
buffer_put_cstring(&b, authctxt->method->name);
buffer_put_char(&b, have_sig);
} else {
buffer_put_cstring(&b, authctxt->method->name);
buffer_put_char(&b, have_sig);
- buffer_put_cstring(&b, key_ssh_name(k));
+ buffer_put_cstring(&b, key_ssh_name(k));
}
buffer_put_string(&b, blob, bloblen);
}
buffer_put_string(&b, blob, bloblen);
buffer_put_cstring(&b, authctxt->method->name);
buffer_put_char(&b, have_sig);
if (!(datafellows & SSH_BUG_PKAUTH))
buffer_put_cstring(&b, authctxt->method->name);
buffer_put_char(&b, have_sig);
if (!(datafellows & SSH_BUG_PKAUTH))
- buffer_put_cstring(&b, key_ssh_name(k));
+ buffer_put_cstring(&b, key_ssh_name(k));
buffer_put_string(&b, blob, bloblen);
}
xfree(blob);
buffer_put_string(&b, blob, bloblen);
}
xfree(blob);
* use a built-in default list. If the server sends a nil list after
* previously sending a valid list, continue using the list originally
* sent.
* use a built-in default list. If the server sends a nil list after
* previously sending a valid list, continue using the list originally
* sent.
Authmethod *
authmethod_get(char *authlist)
{
char *name = NULL, *authname_old;
Authmethod *method = NULL;
Authmethod *
authmethod_get(char *authlist)
{
char *name = NULL, *authname_old;
Authmethod *method = NULL;
/* Use a suitable default if we're passed a nil list. */
if (authlist == NULL || strlen(authlist) == 0)
authlist = def_authlist;
/* Use a suitable default if we're passed a nil list. */
if (authlist == NULL || strlen(authlist) == 0)
authlist = def_authlist;
key_free(sensitive_data.server_key);
sensitive_data.server_key = NULL;
}
key_free(sensitive_data.server_key);
sensitive_data.server_key = NULL;
}
- for(i = 0; i < options.num_host_key_files; i++) {
+ for(i = 0; i < options.num_host_key_files; i++) {
if (sensitive_data.host_keys[i]) {
key_free(sensitive_data.host_keys[i]);
sensitive_data.host_keys[i] = NULL;
if (sensitive_data.host_keys[i]) {
key_free(sensitive_data.host_keys[i]);
sensitive_data.host_keys[i] = NULL;
/*
* Got connection. Fork a child to handle it, unless
* we are in debugging mode.
/*
* Got connection. Fork a child to handle it, unless
* we are in debugging mode.
fprintf(stderr, "\npub= ");
BN_print_fp(stderr, dh->pub_key);
fprintf(stderr, "\n");
fprintf(stderr, "\npub= ");
BN_print_fp(stderr, dh->pub_key);
fprintf(stderr, "\n");
- DHparams_print_fp(stderr, dh);
+ DHparams_print_fp(stderr, dh);
#endif
if (!dh_pub_is_valid(dh, dh_client_pub))
packet_disconnect("bad client public DH value");
#endif
if (!dh_pub_is_valid(dh, dh_client_pub))
packet_disconnect("bad client public DH value");
fprintf(stderr, "\npub= ");
BN_print_fp(stderr, dh->pub_key);
fprintf(stderr, "\n");
fprintf(stderr, "\npub= ");
BN_print_fp(stderr, dh->pub_key);
fprintf(stderr, "\n");
- DHparams_print_fp(stderr, dh);
+ DHparams_print_fp(stderr, dh);
#endif
if (!dh_pub_is_valid(dh, dh_client_pub))
packet_disconnect("bad client public DH value");
#endif
if (!dh_pub_is_valid(dh, dh_client_pub))
packet_disconnect("bad client public DH value");
* All rights reserved
* Versions of malloc and friends that check their results, and never return
* failure (they call fatal if they encounter an error).
* All rights reserved
* Versions of malloc and friends that check their results, and never return
* failure (they call fatal if they encounter an error).
* As far as I am concerned, the code I have written for this software
* can be used freely for any purpose. Any derived versions of this
* software must be clearly marked as such, and if the derived work is
* As far as I am concerned, the code I have written for this software
* can be used freely for any purpose. Any derived versions of this
* software must be clearly marked as such, and if the derived work is