+20010122
+ - (bal) OpenBSD Resync
+ - markus@cvs.openbsd.org 2001/01/19 12:45:26 GMT 2001 by markus
+ [servconf.c ssh.h sshd.c]
+ only auth-chall.c needs #ifdef SKEY
+ - markus@cvs.openbsd.org 2001/01/19 15:55:10 GMT 2001 by markus
+ [auth-krb4.c auth-options.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
+ auth1.c auth2.c channels.c clientloop.c dh.c dispatch.c nchan.c
+ packet.c pathname.h readconf.c scp.c servconf.c serverloop.c
+ session.c ssh-add.c ssh-keygen.c ssh-keyscan.c ssh.c ssh.h
+ ssh1.h sshconnect1.c sshd.c ttymodes.c]
+ move ssh1 definitions to ssh1.h, pathnames to pathnames.h
+ - markus@cvs.openbsd.org 2001/01/19 16:48:14
+ [sshd.8]
+ fix typo; from stevesk@
+ - markus@cvs.openbsd.org 2001/01/19 16:50:58
+ [ssh-dss.c]
+ clear and free digest, make consistent with other code (use dlen); from
+ stevesk@
+ - markus@cvs.openbsd.org 2001/01/20 15:55:20 GMT 2001 by markus
+ [auth-options.c auth-options.h auth-rsa.c auth2.c]
+ pass the filename to auth_parse_options()
+ - markus@cvs.openbsd.org 2001/01/20 17:59:40 GMT 2001
+ [readconf.c]
+ fix SIGSEGV from -o ""; problem noted by jehsom@togetherweb.com
+ - stevesk@cvs.openbsd.org 2001/01/20 18:20:29
+ [sshconnect2.c]
+ dh_new_group() does not return NULL. ok markus@
+ - markus@cvs.openbsd.org 2001/01/20 21:33:42
+ [ssh-add.c]
+ do not loop forever if askpass does not exist; from
+ andrew@pimlott.ne.mediaone.net
+ - djm@cvs.openbsd.org 2001/01/20 23:00:56
+ [servconf.c]
+ Check for NULL return from strdelim; ok markus
+ - djm@cvs.openbsd.org 2001/01/20 23:02:07
+ [readconf.c]
+ KNF; ok markus
+ - jakob@cvs.openbsd.org 2001/01/21 9:00:33
+ [ssh-keygen.1]
+ remove -R flag; ok markus@
+ - markus@cvs.openbsd.org 2001/01/21 19:05:40
+ [atomicio.c automicio.h auth-chall.c auth-krb4.c auth-options.c
+ auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
+ auth.c auth.h auth1.c auth2-chall.c auth2.c authfd.c authfile.c
+ bufaux.c bufaux.h buffer.c canahost.c canahost.h channels.c
+ cipher.c cli.c clientloop.c clientloop.h compat.c compress.c
+ deattack.c dh.c dispatch.c groupaccess.c hmac.c hostfile.c kex.c
+ key.c key.h log-client.c log-server.c log.c log.h login.c login.h
+ match.c misc.c misc.h nchan.c packet.c pty.c radix.h readconf.c
+ readpass.c readpass.h rsa.c scp.c servconf.c serverloop.c serverloop.h
+ session.c sftp-server.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c
+ ssh-keyscan.c ssh-rsa.c ssh.c ssh.h sshconnect.c sshconnect.h
+ sshconnect1.c sshconnect2.c sshd.c tildexpand.c tildexpand.h
+ ttysmodes.c uidswap.c xmalloc.c]
+ split ssh.h and try to cleanup the #include mess. remove unnecessary
+ #includes. rename util.[ch] -> misc.[ch]
+ - (bal) renamed 'PIDDIR' to '_PATH_SSH_PIDDIR' to match OpenBSD tree
+ - (bal) Moved #ifdef KRB4 in auth-krb4.c above the #include to resolve
+ conflict when compiling for non-kerb install
+ - (bal) removed the #ifdef SKEY in auth1.c to match Markus' changes
+ on 1/19.
+
20010120
- (bal) OpenBSD Resync
- markus@cvs.openbsd.org 2001/01/19 12:45:26
TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-agent$(EXEEXT) scp$(EXEEXT) $(SFTP-SERVER)
-LIBSSH_OBJS=atomicio.o authfd.o authfile.o bufaux.o buffer.o canohost.o channels.o cipher.o cli.o compat.o compress.o crc32.o cygwin_util.o deattack.o dispatch.o hmac.o hostfile.o key.o kex.o log.o match.o mpaux.o nchan.o packet.o radix.o rijndael.o entropy.o readpass.o rsa.o ssh-dss.o ssh-rsa.o tildexpand.o ttymodes.o uidswap.o util.o uuencode.o xmalloc.o
+LIBSSH_OBJS=atomicio.o authfd.o authfile.o bufaux.o buffer.o canohost.o channels.o cipher.o cli.o compat.o compress.o crc32.o cygwin_util.o deattack.o dispatch.o hmac.o hostfile.o key.o kex.o log.o match.o misc.o mpaux.o nchan.o packet.o radix.o rijndael.o entropy.o readpass.o rsa.o ssh-dss.o ssh-rsa.o tildexpand.o ttymodes.o uidswap.o uuencode.o xmalloc.o
LIBOPENBSD_COMPAT_OBJS=bsd-arc4random.o bsd-base64.o bsd-bindresvport.o bsd-daemon.o bsd-getcwd.o bsd-getgrouplist.o bsd-inet_aton.o bsd-inet_ntoa.o bsd-misc.o bsd-mktemp.o bsd-realpath.o bsd-rresvport.o bsd-setenv.o bsd-sigaction.o bsd-snprintf.o bsd-strlcat.o bsd-strlcpy.o bsd-strmode.o bsd-strsep.o bsd-strtok.o bsd-vis.o bsd-setproctitle.o bsd-waitpid.o fake-getaddrinfo.o fake-getnameinfo.o next-posix.o
#undef USER_PATH
/* Specify location of ssh.pid */
-#undef PIDDIR
+#undef _PATH_SSH_PIDDIR
/* Use IPv4 for connection by default, IPv6 can still if explicity asked */
#undef IPV4_DEFAULT
*/
#include "includes.h"
-RCSID("$OpenBSD: atomicio.c,v 1.7 2000/10/18 18:04:02 markus Exp $");
+RCSID("$OpenBSD: atomicio.c,v 1.8 2001/01/21 19:05:40 markus Exp $");
#include "xmalloc.h"
-#include "ssh.h"
+#include "atomicio.h"
/*
* ensure all of data on socket comes through. f==read || f==write
--- /dev/null
+/*
+ * Copyright (c) 1995,1999 Theo de Raadt
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * Ensure all of data on socket comes through. f==read || f==write
+ */
+ssize_t atomicio(ssize_t (*f)(), int fd, void *s, size_t n);
*/
#include "includes.h"
-RCSID("$OpenBSD: auth-chall.c,v 1.2 2001/01/19 12:45:26 markus Exp $");
+RCSID("$OpenBSD: auth-chall.c,v 1.3 2001/01/21 19:05:41 markus Exp $");
-#include "ssh.h"
#include "auth.h"
#ifdef SKEY
*/
#include "includes.h"
+RCSID("$OpenBSD: auth-krb4.c,v 1.22 2001/01/21 19:05:41 markus Exp $");
+
+#ifdef KRB4
+#include "ssh.h"
+#include "ssh1.h"
#include "packet.h"
#include "xmalloc.h"
-#include "ssh.h"
+#include "log.h"
#include "servconf.h"
+#include "auth.h"
+#include "radix.h"
-RCSID("$OpenBSD: auth-krb4.c,v 1.20 2000/12/19 23:17:54 markus Exp $");
-
-#ifdef KRB4
char *ticket = NULL;
extern ServerOptions options;
*/
#include "includes.h"
-RCSID("$OpenBSD: auth-options.c,v 1.8 2001/01/13 18:38:00 markus Exp $");
+RCSID("$OpenBSD: auth-options.c,v 1.11 2001/01/21 19:05:41 markus Exp $");
-#include "ssh.h"
#include "packet.h"
#include "xmalloc.h"
#include "match.h"
+#include "log.h"
+#include "canohost.h"
+#include "auth-options.h"
/* Flags set authorized_keys flags */
int no_port_forwarding_flag = 0;
}
}
-/* return 1 if access is granted, 0 if not. side effect: sets key option flags */
+/*
+ * return 1 if access is granted, 0 if not.
+ * side effect: sets key option flags
+ */
int
-auth_parse_options(struct passwd *pw, char *options, u_long linenum)
+auth_parse_options(struct passwd *pw, char *options, char *file, u_long linenum)
{
const char *cp;
if (!options)
}
if (!*options) {
debug("%.100s, line %lu: missing end quote",
- SSH_USER_PERMITTED_KEYS, linenum);
+ file, linenum);
packet_send_debug("%.100s, line %lu: missing end quote",
- SSH_USER_PERMITTED_KEYS, linenum);
+ file, linenum);
continue;
}
forced_command[i] = 0;
}
if (!*options) {
debug("%.100s, line %lu: missing end quote",
- SSH_USER_PERMITTED_KEYS, linenum);
+ file, linenum);
packet_send_debug("%.100s, line %lu: missing end quote",
- SSH_USER_PERMITTED_KEYS, linenum);
+ file, linenum);
continue;
}
s[i] = 0;
}
if (!*options) {
debug("%.100s, line %lu: missing end quote",
- SSH_USER_PERMITTED_KEYS, linenum);
+ file, linenum);
packet_send_debug("%.100s, line %lu: missing end quote",
- SSH_USER_PERMITTED_KEYS, linenum);
+ file, linenum);
continue;
}
patterns[i] = 0;
bad_option:
log("Bad options in %.100s file, line %lu: %.50s",
- SSH_USER_PERMITTED_KEYS, linenum, options);
+ file, linenum, options);
packet_send_debug("Bad options in %.100s file, line %lu: %.50s",
- SSH_USER_PERMITTED_KEYS, linenum, options);
+ file, linenum, options);
/* deny access */
return 0;
}
* called by a name other than "ssh" or "Secure Shell".
*/
-/* $OpenBSD: auth-options.h,v 1.6 2000/12/19 23:17:55 markus Exp $ */
+/* $OpenBSD: auth-options.h,v 1.8 2001/01/21 19:05:42 markus Exp $ */
#ifndef AUTH_OPTIONS_H
#define AUTH_OPTIONS_H
+
+/* Linked list of custom environment strings */
+struct envstring {
+ struct envstring *next;
+ char *s;
+};
+
/* Flags that may be set in authorized_keys options. */
extern int no_port_forwarding_flag;
extern int no_agent_forwarding_flag;
extern char *forced_command;
extern struct envstring *custom_environment;
-/* return 1 if access is granted, 0 if not. side effect: sets key option flags */
-int auth_parse_options(struct passwd *pw, char *options, u_long linenum);
+/*
+ * return 1 if access is granted, 0 if not.
+ * side effect: sets key option flags
+ */
+int
+auth_parse_options(struct passwd *pw, char *options, char *file,
+ u_long linenum);
+
/* reset options flags */
void auth_clear_options(void);
#ifdef USE_PAM
#include "ssh.h"
#include "xmalloc.h"
+#include "log.h"
#include "servconf.h"
+#include "canohost.h"
+#include "readpass.h"
RCSID("$Id$");
*/
#include "includes.h"
-RCSID("$OpenBSD: auth-passwd.c,v 1.19 2001/01/18 16:59:59 markus Exp $");
+RCSID("$OpenBSD: auth-passwd.c,v 1.20 2001/01/21 19:05:42 markus Exp $");
#if !defined(USE_PAM) && !defined(HAVE_OSF_SIA)
#include "packet.h"
-#include "ssh.h"
-#include "servconf.h"
#include "xmalloc.h"
-
+#include "log.h"
+#include "servconf.h"
#include "auth.h"
#ifdef WITH_AIXAUTHENTICATE
*/
#include "includes.h"
-RCSID("$OpenBSD: auth-rh-rsa.c,v 1.19 2000/12/21 15:10:16 markus Exp $");
+RCSID("$OpenBSD: auth-rh-rsa.c,v 1.21 2001/01/21 19:05:42 markus Exp $");
#include "packet.h"
-#include "ssh.h"
#include "xmalloc.h"
#include "uidswap.h"
+#include "log.h"
#include "servconf.h"
-
-#include <openssl/rsa.h>
-#include <openssl/dsa.h>
#include "key.h"
#include "hostfile.h"
+#include "pathnames.h"
+#include "auth.h"
+#include "tildexpand.h"
+#include "canohost.h"
/*
* Tries to authenticate the user using the .rhosts file and the host using
found = key_new(KEY_RSA1);
/* Check if we know the host and its host key. */
- host_status = check_host_in_hostfile(SSH_SYSTEM_HOSTFILE, canonical_hostname,
+ host_status = check_host_in_hostfile(_PATH_SSH_SYSTEM_HOSTFILE, canonical_hostname,
client_key, found, NULL);
/* Check user host file unless ignored. */
if (host_status != HOST_OK && !options.ignore_user_known_hosts) {
struct stat st;
- char *user_hostfile = tilde_expand_filename(SSH_USER_HOSTFILE, pw->pw_uid);
+ char *user_hostfile = tilde_expand_filename(_PATH_SSH_USER_HOSTFILE, pw->pw_uid);
/*
- * Check file permissions of SSH_USER_HOSTFILE, auth_rsa()
+ * Check file permissions of _PATH_SSH_USER_HOSTFILE, auth_rsa()
* did already check pw->pw_dir, but there is a race XXX
*/
if (options.strict_modes &&
*/
#include "includes.h"
-RCSID("$OpenBSD: auth-rhosts.c,v 1.17 2000/12/19 23:17:55 markus Exp $");
+RCSID("$OpenBSD: auth-rhosts.c,v 1.19 2001/01/21 19:05:42 markus Exp $");
#include "packet.h"
-#include "ssh.h"
#include "xmalloc.h"
#include "uidswap.h"
+#include "pathnames.h"
+#include "log.h"
#include "servconf.h"
+#include "canohost.h"
/*
* This function processes an rhosts-style file (.rhosts, .shosts, or
/* Deny if The user has no .shosts or .rhosts file and there are no system-wide files. */
if (!rhosts_files[rhosts_file_index] &&
- stat("/etc/hosts.equiv", &st) < 0 &&
- stat(SSH_HOSTS_EQUIV, &st) < 0)
+ stat(_PATH_RHOSTS_EQUIV, &st) < 0 &&
+ stat(_PATH_SSH_HOSTS_EQUIV, &st) < 0)
return 0;
hostname = get_canonical_hostname();
hostname, ipaddr);
return 1;
}
- if (check_rhosts_file(SSH_HOSTS_EQUIV, hostname, ipaddr, client_user,
+ if (check_rhosts_file(_PATH_SSH_HOSTS_EQUIV, hostname, ipaddr, client_user,
pw->pw_name)) {
packet_send_debug("Accepted for %.100s [%.100s] by %.100s.",
- hostname, ipaddr, SSH_HOSTS_EQUIV);
+ hostname, ipaddr, _PATH_SSH_HOSTS_EQUIV);
return 1;
}
}
*/
#include "includes.h"
-RCSID("$OpenBSD: auth-rsa.c,v 1.34 2000/12/19 23:17:55 markus Exp $");
+RCSID("$OpenBSD: auth-rsa.c,v 1.38 2001/01/21 19:05:42 markus Exp $");
+
+#include <openssl/rsa.h>
+#include <openssl/md5.h>
#include "rsa.h"
#include "packet.h"
#include "xmalloc.h"
-#include "ssh.h"
+#include "ssh1.h"
#include "mpaux.h"
#include "uidswap.h"
#include "match.h"
-#include "servconf.h"
#include "auth-options.h"
-
-#include <openssl/rsa.h>
-#include <openssl/md5.h>
-
+#include "pathnames.h"
+#include "log.h"
+#include "servconf.h"
+#include "auth.h"
/* import */
extern ServerOptions options;
int
auth_rsa(struct passwd *pw, BIGNUM *client_n)
{
- char line[8192], file[1024];
+ char line[8192], file[MAXPATHLEN];
int authenticated;
u_int bits;
FILE *f;
/* The authorized keys. */
snprintf(file, sizeof file, "%.500s/%.100s", pw->pw_dir,
- SSH_USER_PERMITTED_KEYS);
+ _PATH_SSH_USER_PERMITTED_KEYS);
/* Fail quietly if file does not exist */
if (stat(file, &st) < 0) {
"bad ownership or modes for '%s'.", pw->pw_name, file);
fail = 1;
} else {
- /* Check path to SSH_USER_PERMITTED_KEYS */
+ /* Check path to _PATH_SSH_USER_PERMITTED_KEYS */
int i;
static const char *check[] = {
- "", SSH_USER_DIR, NULL
+ "", _PATH_SSH_USER_DIR, NULL
};
for (i = 0; check[i]; i++) {
snprintf(line, sizeof line, "%.500s/%.100s", pw->pw_dir, check[i]);
/* Parse the key from the line. */
if (!auth_rsa_read_key(&cp, &bits, pk->e, pk->n)) {
debug("%.100s, line %lu: bad key syntax",
- SSH_USER_PERMITTED_KEYS, linenum);
+ file, linenum);
packet_send_debug("%.100s, line %lu: bad key syntax",
- SSH_USER_PERMITTED_KEYS, linenum);
+ file, linenum);
continue;
}
/* cp now points to the comment part. */
* If our options do not allow this key to be used,
* do not send challenge.
*/
- if (!auth_parse_options(pw, options, linenum))
+ if (!auth_parse_options(pw, options, file, linenum))
continue;
/* Perform the challenge-response dialog for this key. */
*/
#include "includes.h"
-RCSID("$OpenBSD: auth.c,v 1.13 2001/01/18 16:59:59 markus Exp $");
+RCSID("$OpenBSD: auth.c,v 1.14 2001/01/21 19:05:43 markus Exp $");
-#include "xmalloc.h"
-#include "ssh.h"
-#include "match.h"
-#include "servconf.h"
-#include "groupaccess.h"
#ifdef HAVE_LOGIN_H
#include <login.h>
#endif
#include <shadow.h>
#endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */
+#include "xmalloc.h"
+#include "match.h"
+#include "groupaccess.h"
+#include "log.h"
+#include "servconf.h"
#include "auth.h"
#include "auth-options.h"
+#include "canohost.h"
/* import */
extern ServerOptions options;
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
- * $OpenBSD: auth.h,v 1.9 2001/01/18 16:59:59 markus Exp $
+ * $OpenBSD: auth.h,v 1.10 2001/01/21 19:05:43 markus Exp $
*/
#ifndef AUTH_H
#define AUTH_H
+#include <openssl/rsa.h>
+
typedef struct Authctxt Authctxt;
struct Authctxt {
int success;
char *style;
};
+/*
+ * Tries to authenticate the user using the .rhosts file. Returns true if
+ * authentication succeeds. If ignore_rhosts is non-zero, this will not
+ * consider .rhosts and .shosts (/etc/hosts.equiv will still be used).
+ */
+int auth_rhosts(struct passwd * pw, const char *client_user);
+
+/*
+ * Tries to authenticate the user using the .rhosts file and the host using
+ * its host key. Returns true if authentication succeeds.
+ */
+int
+auth_rhosts_rsa(struct passwd * pw, const char *client_user, RSA* client_host_key);
+
+/*
+ * Tries to authenticate the user using password. Returns true if
+ * authentication succeeds.
+ */
+int auth_password(struct passwd * pw, const char *password);
+
+/*
+ * Performs the RSA authentication dialog with the client. This returns 0 if
+ * the client could not be authenticated, and 1 if authentication was
+ * successful. This may exit if there is a serious protocol violation.
+ */
+int auth_rsa(struct passwd * pw, BIGNUM * client_n);
+
+/*
+ * Parses an RSA key (number of bits, e, n) from a string. Moves the pointer
+ * over the key. Skips any whitespace at the beginning and at end.
+ */
+int auth_rsa_read_key(char **cpp, u_int *bitsp, BIGNUM * e, BIGNUM * n);
+
+/*
+ * Performs the RSA authentication challenge-response dialog with the client,
+ * and returns true (non-zero) if the client gave the correct answer to our
+ * challenge; returns zero if the client gives a wrong answer.
+ */
+int auth_rsa_challenge_dialog(RSA *pk);
+
+#ifdef KRB4
+#include <krb.h>
+/*
+ * Performs Kerberos v4 mutual authentication with the client. This returns 0
+ * if the client could not be authenticated, and 1 if authentication was
+ * successful. This may exit if there is a serious protocol violation.
+ */
+int auth_krb4(const char *server_user, KTEXT auth, char **client);
+int krb4_init(uid_t uid);
+void krb4_cleanup_proc(void *ignore);
+int auth_krb4_password(struct passwd * pw, const char *password);
+
+#ifdef AFS
+#include <kafs.h>
+
+/* Accept passed Kerberos v4 ticket-granting ticket and AFS tokens. */
+int auth_kerberos_tgt(struct passwd * pw, const char *string);
+int auth_afs_token(struct passwd * pw, const char *token_string);
+#endif /* AFS */
+
+#endif /* KRB4 */
+
#include "auth-pam.h"
#include "auth2-pam.h"
*/
#include "includes.h"
-RCSID("$OpenBSD: auth1.c,v 1.11 2001/01/18 16:59:59 markus Exp $");
+RCSID("$OpenBSD: auth1.c,v 1.13 2001/01/21 19:05:43 markus Exp $");
#ifdef HAVE_OSF_SIA
# include <sia.h>
#include "xmalloc.h"
#include "rsa.h"
-#include "ssh.h"
+#include "ssh1.h"
#include "packet.h"
#include "buffer.h"
#include "mpaux.h"
+#include "log.h"
#include "servconf.h"
#include "compat.h"
#include "auth.h"
xfree(password);
break;
-#ifdef SKEY /* ISSUE: Is this right? we don't define
- having skey_authentication in
- servconf.h by default so I assume
- we need to deal with this via #ifdef
- in some reasonable way */
case SSH_CMSG_AUTH_TIS:
debug("rcvd SSH_CMSG_AUTH_TIS");
if (options.skey_authentication == 1) {
}
}
break;
+
case SSH_CMSG_AUTH_TIS_RESPONSE:
debug("rcvd SSH_CMSG_AUTH_TIS_RESPONSE");
if (options.skey_authentication == 1) {
xfree(response);
}
break;
-#endif /* ISSUE: End of wrong SKEY defines */
default:
/*
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
-RCSID("$OpenBSD: auth2-chall.c,v 1.1 2001/01/18 17:12:43 markus Exp $");
+RCSID("$OpenBSD: auth2-chall.c,v 1.2 2001/01/21 19:05:43 markus Exp $");
-#include "ssh.h"
#include "ssh2.h"
#include "auth.h"
#include "packet.h"
#include "xmalloc.h"
#include "dispatch.h"
+#include "log.h"
void send_userauth_into_request(Authctxt *authctxt, char *challenge, int echo);
void input_userauth_info_response(int type, int plen, void *ctxt);
RCSID("$Id$");
#ifdef USE_PAM
+#include <security/pam_appl.h>
+
#include "ssh.h"
#include "ssh2.h"
#include "auth.h"
#include "packet.h"
#include "xmalloc.h"
#include "dispatch.h"
-#include <security/pam_appl.h>
+#include "log.h"
struct {
int finished, num_received, num_expected;
auth2_pam(Authctxt *authctxt)
{
int retval = -1;
- char *method = "PAM";
if (authctxt->user == NULL)
fatal("auth2_pam: internal error: no user");
*/
#include "includes.h"
-RCSID("$OpenBSD: auth2.c,v 1.28 2001/01/18 17:00:00 markus Exp $");
+RCSID("$OpenBSD: auth2.c,v 1.32 2001/01/21 19:05:44 markus Exp $");
#ifdef HAVE_OSF_SIA
# include <sia.h>
# include <siad.h>
#endif
-#include <openssl/dsa.h>
-#include <openssl/rsa.h>
#include <openssl/evp.h>
+#include "ssh2.h"
#include "xmalloc.h"
#include "rsa.h"
-#include "ssh.h"
#include "pty.h"
#include "packet.h"
#include "buffer.h"
+#include "log.h"
#include "servconf.h"
#include "compat.h"
#include "channels.h"
#include "bufaux.h"
-#include "ssh2.h"
#include "auth.h"
#include "session.h"
#include "dispatch.h"
#include "auth.h"
+#include "cipher.h"
#include "key.h"
#include "kex.h"
+#include "pathnames.h"
#include "uidswap.h"
#include "auth-options.h"
int
user_key_allowed(struct passwd *pw, Key *key)
{
- char line[8192], file[1024];
+ char line[8192], file[MAXPATHLEN];
int found_key = 0;
FILE *f;
u_long linenum = 0;
/* The authorized keys. */
snprintf(file, sizeof file, "%.500s/%.100s", pw->pw_dir,
- SSH_USER_PERMITTED_KEYS2);
+ _PATH_SSH_USER_PERMITTED_KEYS2);
/* Fail quietly if file does not exist */
if (stat(file, &st) < 0) {
key_type(key), pw->pw_name, file);
fail = 1;
} else {
- /* Check path to SSH_USER_PERMITTED_KEYS */
+ /* Check path to _PATH_SSH_USER_PERMITTED_KEYS */
int i;
static const char *check[] = {
- "", SSH_USER_DIR, NULL
+ "", _PATH_SSH_USER_DIR, NULL
};
for (i = 0; check[i]; i++) {
snprintf(line, sizeof line, "%.500s/%.100s",
}
}
if (key_equal(found, key) &&
- auth_parse_options(pw, options, linenum) == 1) {
+ auth_parse_options(pw, options, file, linenum) == 1) {
found_key = 1;
debug("matching key found: file %s, line %ld",
file, linenum);
*/
#include "includes.h"
-RCSID("$OpenBSD: authfd.c,v 1.32 2000/12/20 19:37:21 markus Exp $");
+RCSID("$OpenBSD: authfd.c,v 1.33 2001/01/21 19:05:44 markus Exp $");
+
+#include <openssl/evp.h>
#include "ssh.h"
#include "rsa.h"
#include "bufaux.h"
#include "xmalloc.h"
#include "getput.h"
-
-#include <openssl/rsa.h>
-#include <openssl/dsa.h>
-#include <openssl/evp.h>
#include "key.h"
#include "authfd.h"
+#include "cipher.h"
#include "kex.h"
#include "compat.h"
+#include "log.h"
+#include "atomicio.h"
+#include "authfd.h"
/* helper */
int decode_reply(int type);
*/
#include "includes.h"
-RCSID("$OpenBSD: authfile.c,v 1.24 2000/12/20 19:26:56 markus Exp $");
+RCSID("$OpenBSD: authfile.c,v 1.25 2001/01/21 19:05:44 markus Exp $");
-#include <openssl/bn.h>
-#include <openssl/dsa.h>
-#include <openssl/rsa.h>
#include <openssl/err.h>
-#include <openssl/pem.h>
#include <openssl/evp.h>
+#include <openssl/pem.h>
+#include "cipher.h"
#include "xmalloc.h"
#include "buffer.h"
#include "bufaux.h"
-#include "ssh.h"
#include "key.h"
+#include "ssh.h"
+#include "log.h"
/* Version identification string for identity files. */
#define AUTHFILE_ID_STRING "SSH PRIVATE KEY FILE FORMAT 1.1\n"
*/
#include "includes.h"
-RCSID("$OpenBSD: bufaux.c,v 1.16 2001/01/16 23:58:08 deraadt Exp $");
+RCSID("$OpenBSD: bufaux.c,v 1.17 2001/01/21 19:05:45 markus Exp $");
-#include "ssh.h"
#include <openssl/bn.h>
#include "bufaux.h"
#include "xmalloc.h"
#include "getput.h"
+#include "log.h"
/*
* Stores an BIGNUM in the buffer with a 2-byte msb first bit count, followed
* called by a name other than "ssh" or "Secure Shell".
*/
-/* RCSID("$OpenBSD: bufaux.h,v 1.10 2001/01/10 22:56:22 markus Exp $"); */
+/* RCSID("$OpenBSD: bufaux.h,v 1.11 2001/01/21 19:05:45 markus Exp $"); */
#ifndef BUFAUX_H
#define BUFAUX_H
#include "buffer.h"
+#include <openssl/bn.h>
/*
* Stores an BIGNUM in the buffer with a 2-byte msb first bit count, followed
*/
#include "includes.h"
-RCSID("$OpenBSD: buffer.c,v 1.9 2000/12/19 23:17:55 markus Exp $");
+RCSID("$OpenBSD: buffer.c,v 1.10 2001/01/21 19:05:45 markus Exp $");
#include "xmalloc.h"
#include "buffer.h"
-#include "ssh.h"
+#include "log.h"
/* Initializes the buffer structure. */
*/
#include "includes.h"
-RCSID("$OpenBSD: canohost.c,v 1.17 2000/12/19 23:17:55 markus Exp $");
+RCSID("$OpenBSD: canohost.c,v 1.18 2001/01/21 19:05:45 markus Exp $");
#include "packet.h"
#include "xmalloc.h"
-#include "ssh.h"
+#include "log.h"
/*
* Return the canonical name of the host at the other end of the socket. The
--- /dev/null
+/*
+ * Author: Tatu Ylonen <ylo@cs.hut.fi>
+ * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
+ * All rights reserved
+ *
+ * As far as I am concerned, the code I have written for this software
+ * can be used freely for any purpose. Any derived versions of this
+ * software must be clearly marked as such, and if the derived work is
+ * incompatible with the protocol description in the RFC file, it must be
+ * called by a name other than "ssh" or "Secure Shell".
+ */
+/*
+ * Returns the name of the machine at the other end of the socket. The
+ * returned string should be freed by the caller.
+ */
+char *get_remote_hostname(int socket);
+
+/*
+ * Return the canonical name of the host in the other side of the current
+ * connection (as returned by packet_get_connection). The host name is
+ * cached, so it is efficient to call this several times.
+ */
+const char *get_canonical_hostname(void);
+
+/*
+ * Returns the remote IP address as an ascii string. The value need not be
+ * freed by the caller.
+ */
+const char *get_remote_ipaddr(void);
+
+/* Returns the port number of the peer of the socket. */
+int get_peer_port(int sock);
+
+/* Returns the port number of the remote/local host. */
+int get_remote_port(void);
+int get_local_port(void);
*/
#include "includes.h"
-RCSID("$OpenBSD: channels.c,v 1.80 2001/01/08 22:03:23 markus Exp $");
+RCSID("$OpenBSD: channels.c,v 1.82 2001/01/21 19:05:46 markus Exp $");
+
+#include <openssl/rsa.h>
+#include <openssl/dsa.h>
#include "ssh.h"
+#include "ssh1.h"
+#include "ssh2.h"
#include "packet.h"
#include "xmalloc.h"
#include "buffer.h"
#include "uidswap.h"
-#include "readconf.h"
-#include "servconf.h"
-
+#include "log.h"
+#include "misc.h"
#include "channels.h"
#include "nchan.h"
#include "compat.h"
-
-#include "ssh2.h"
-
-#include <openssl/rsa.h>
-#include <openssl/dsa.h>
+#include "canohost.h"
#include "key.h"
#include "authfd.h"
/* This is set to true if both sides support SSH_PROTOFLAG_HOST_IN_FWD_OPEN. */
static int have_hostname_in_open = 0;
+/* AF_UNSPEC or AF_INET or AF_INET6 */
+extern int IPv4or6;
+
/* Sets specific protocol options. */
void
*/
#include "includes.h"
-RCSID("$OpenBSD: cipher.c,v 1.41 2000/12/19 23:17:56 markus Exp $");
+RCSID("$OpenBSD: cipher.c,v 1.42 2001/01/21 19:05:46 markus Exp $");
-#include "ssh.h"
#include "xmalloc.h"
+#include "log.h"
+#include "cipher.h"
#include <openssl/md5.h>
#include "includes.h"
-RCSID("$OpenBSD: cli.c,v 1.5 2001/01/08 08:50:29 markus Exp $");
+RCSID("$OpenBSD: cli.c,v 1.6 2001/01/21 19:05:47 markus Exp $");
#include "xmalloc.h"
-#include "ssh.h"
+#include "log.h"
static int cli_input = -1;
static int cli_output = -1;
*/
#include "includes.h"
-RCSID("$OpenBSD: clientloop.c,v 1.43 2001/01/13 19:14:08 markus Exp $");
+RCSID("$OpenBSD: clientloop.c,v 1.45 2001/01/21 19:05:47 markus Exp $");
-#include "xmalloc.h"
#include "ssh.h"
+#include "ssh1.h"
+#include "ssh2.h"
+#include "xmalloc.h"
#include "packet.h"
#include "buffer.h"
-#include "readconf.h"
-
-#include "ssh2.h"
#include "compat.h"
#include "channels.h"
#include "dispatch.h"
-
#include "buffer.h"
#include "bufaux.h"
-
-#include <openssl/dsa.h>
-#include <openssl/rsa.h>
#include "key.h"
-#include "authfd.h"
+#include "log.h"
+#include "readconf.h"
#include "clientloop.h"
+#include "authfd.h"
+#include "atomicio.h"
/* import options */
extern Options options;
+/*
+ * Author: Tatu Ylonen <ylo@cs.hut.fi>
+ * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
+ * All rights reserved
+ *
+ * As far as I am concerned, the code I have written for this software
+ * can be used freely for any purpose. Any derived versions of this
+ * software must be clearly marked as such, and if the derived work is
+ * incompatible with the protocol description in the RFC file, it must be
+ * called by a name other than "ssh" or "Secure Shell".
+ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
*
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
+
void clientloop_set_session_ident(int id);
+
+/* Client side main loop for the interactive session. */
+int client_loop(int have_pty, int escape_char, int id);
#include "includes.h"
RCSID("$OpenBSD: compat.c,v 1.33 2001/01/08 22:29:05 markus Exp $");
-#include "ssh.h"
-#include "packet.h"
-#include "xmalloc.h"
-#include "compat.h"
#ifdef HAVE_LIBPCRE
# include <pcreposix.h>
#else /* Use native regex libraries */
# endif
#endif /* HAVE_LIBPCRE */
+#include "packet.h"
+#include "xmalloc.h"
+#include "compat.h"
+#include "log.h"
+
int compat13 = 0;
int compat20 = 0;
int datafellows = 0;
*/
#include "includes.h"
-RCSID("$OpenBSD: compress.c,v 1.11 2000/12/20 19:37:21 markus Exp $");
+RCSID("$OpenBSD: compress.c,v 1.12 2001/01/21 19:05:48 markus Exp $");
-#include "ssh.h"
+#include "log.h"
#include "buffer.h"
#include "zlib.h"
esac
fi
-AC_DEFINE_UNQUOTED(PIDDIR, "$piddir")
+AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir")
AC_SUBST(piddir)
dnl allow user to disable some login recording features
-/* $OpenBSD: deattack.c,v 1.11 2000/12/19 23:17:56 markus Exp $ */
+/* $OpenBSD: deattack.c,v 1.12 2001/01/21 19:05:48 markus Exp $ */
/*
* Cryptographic attack detector for ssh - source code
#include "includes.h"
#include "deattack.h"
-#include "ssh.h"
+#include "log.h"
#include "crc32.h"
#include "getput.h"
#include "xmalloc.h"
*/
#include "includes.h"
-RCSID("$OpenBSD: dh.c,v 1.4 2001/01/15 21:43:51 markus Exp $");
+RCSID("$OpenBSD: dh.c,v 1.6 2001/01/21 19:05:49 markus Exp $");
#include "xmalloc.h"
#include <openssl/dh.h>
#include <openssl/evp.h>
-#include "ssh.h"
#include "buffer.h"
+#include "cipher.h"
#include "kex.h"
#include "dh.h"
+#include "pathnames.h"
+#include "log.h"
+#include "misc.h"
int
parse_prime(int linenum, char *line, struct dhgroup *dhg)
int linenum;
struct dhgroup dhg;
- f = fopen(DH_PRIMES, "r");
+ f = fopen(_PATH_DH_PRIMES, "r");
if (!f) {
- log("WARNING: %s does not exist, using old prime", DH_PRIMES);
+ log("WARNING: %s does not exist, using old prime", _PATH_DH_PRIMES);
return (dh_new_group1());
}
fclose (f);
if (bestcount == 0) {
- log("WARNING: no primes in %s, using old prime", DH_PRIMES);
+ log("WARNING: no primes in %s, using old prime", _PATH_DH_PRIMES);
return (dh_new_group1());
}
- f = fopen(DH_PRIMES, "r");
+ f = fopen(_PATH_DH_PRIMES, "r");
if (!f) {
- fatal("WARNING: %s dissappeared, giving up", DH_PRIMES);
+ fatal("WARNING: %s dissappeared, giving up", _PATH_DH_PRIMES);
}
linenum = 0;
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
-RCSID("$OpenBSD: dispatch.c,v 1.5 2000/09/21 11:25:34 markus Exp $");
-#include "ssh.h"
+RCSID("$OpenBSD: dispatch.c,v 1.7 2001/01/21 19:05:49 markus Exp $");
+
+#include "ssh1.h"
+#include "log.h"
#include "dispatch.h"
#include "packet.h"
#include "includes.h"
-#include "ssh.h"
-#include "xmalloc.h"
-
#include <openssl/rand.h>
#include <openssl/sha.h>
# include <floatingpoint.h>
#endif /* HAVE_FLOATINGPOINT_H */
+#include "ssh.h"
+#include "xmalloc.h"
+#include "atomicio.h"
+#include "log.h"
+
RCSID("$Id$");
#ifndef offsetof
#include "includes.h"
#include "groupaccess.h"
-#include "ssh.h"
#include "xmalloc.h"
#include "match.h"
+#include "log.h"
static int ngroups;
static char *groups_byname[NGROUPS_MAX + 1]; /* +1 for base/primary group */
*/
#include "includes.h"
-RCSID("$OpenBSD: hmac.c,v 1.5 2000/12/19 23:17:56 markus Exp $");
+RCSID("$OpenBSD: hmac.c,v 1.6 2001/01/21 19:05:49 markus Exp $");
#include "xmalloc.h"
-#include "ssh.h"
#include "getput.h"
+#include "log.h"
#include <openssl/hmac.h>
*/
#include "includes.h"
-RCSID("$OpenBSD: hostfile.c,v 1.23 2000/12/21 15:10:16 markus Exp $");
+RCSID("$OpenBSD: hostfile.c,v 1.24 2001/01/21 19:05:49 markus Exp $");
#include "packet.h"
#include "match.h"
-#include "ssh.h"
-#include <openssl/rsa.h>
-#include <openssl/dsa.h>
#include "key.h"
#include "hostfile.h"
+#include "log.h"
/*
* Parses an RSA (number of bits, e, n) or DSA key from a string. Moves the
*/
#include "includes.h"
-RCSID("$OpenBSD: kex.c,v 1.17 2001/01/08 21:48:17 markus Exp $");
-
-#include "ssh.h"
-#include "ssh2.h"
-#include "xmalloc.h"
-#include "buffer.h"
-#include "bufaux.h"
-#include "packet.h"
-#include "compat.h"
-
-#include <openssl/bn.h>
-#include <openssl/dh.h>
+RCSID("$OpenBSD: kex.c,v 1.18 2001/01/21 19:05:49 markus Exp $");
#include <openssl/crypto.h>
#include <openssl/bio.h>
#include <openssl/dh.h>
#include <openssl/pem.h>
+#include "ssh2.h"
+#include "xmalloc.h"
+#include "buffer.h"
+#include "bufaux.h"
+#include "packet.h"
+#include "compat.h"
+#include "cipher.h"
#include "kex.h"
#include "key.h"
+#include "log.h"
#define KEX_COOKIE_LEN 16
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
-
#include "includes.h"
-#include "ssh.h"
-#include <openssl/rsa.h>
-#include <openssl/dsa.h>
+RCSID("$OpenBSD: key.c,v 1.15 2001/01/21 19:05:50 markus Exp $");
+
#include <openssl/evp.h>
+
#include "xmalloc.h"
#include "key.h"
#include "rsa.h"
#include "uuencode.h"
#include "buffer.h"
#include "bufaux.h"
-
-RCSID("$OpenBSD: key.c,v 1.14 2001/01/16 19:20:06 markus Exp $");
+#include "log.h"
Key *
key_new(int type)
#ifndef KEY_H
#define KEY_H
+#include <openssl/rsa.h>
+#include <openssl/dsa.h>
+
typedef struct Key Key;
enum types {
KEY_RSA1,
*/
#include "includes.h"
-RCSID("$OpenBSD: log-client.c,v 1.14 2001/01/18 16:20:21 markus Exp $");
+RCSID("$OpenBSD: log-client.c,v 1.15 2001/01/21 19:05:50 markus Exp $");
#include "xmalloc.h"
-#include "ssh.h"
+#include "log.h"
static LogLevel log_level = SYSLOG_LEVEL_INFO;
*/
#include "includes.h"
-RCSID("$OpenBSD: log-server.c,v 1.19 2001/01/18 16:20:21 markus Exp $");
+RCSID("$OpenBSD: log-server.c,v 1.20 2001/01/21 19:05:50 markus Exp $");
#include <syslog.h>
#include "packet.h"
#include "xmalloc.h"
-#include "ssh.h"
+#include "log.h"
static LogLevel log_level = SYSLOG_LEVEL_INFO;
static int log_on_stderr = 0;
*/
#include "includes.h"
-RCSID("$OpenBSD: log.c,v 1.14 2001/01/18 16:20:21 markus Exp $");
+RCSID("$OpenBSD: log.c,v 1.15 2001/01/21 19:05:51 markus Exp $");
-#include "ssh.h"
+#include "log.h"
#include "xmalloc.h"
/* Fatal messages. This function never returns. */
--- /dev/null
+/*
+ * Author: Tatu Ylonen <ylo@cs.hut.fi>
+ * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
+ * All rights reserved
+ *
+ * As far as I am concerned, the code I have written for this software
+ * can be used freely for any purpose. Any derived versions of this
+ * software must be clearly marked as such, and if the derived work is
+ * incompatible with the protocol description in the RFC file, it must be
+ * called by a name other than "ssh" or "Secure Shell".
+ */
+
+#ifndef SSH_LOG_H
+#define SSH_LOG_H
+
+/* Supported syslog facilities and levels. */
+typedef enum {
+ SYSLOG_FACILITY_DAEMON,
+ SYSLOG_FACILITY_USER,
+ SYSLOG_FACILITY_AUTH,
+#ifdef LOG_AUTHPRIV
+ SYSLOG_FACILITY_AUTHPRIV,
+#endif
+ SYSLOG_FACILITY_LOCAL0,
+ SYSLOG_FACILITY_LOCAL1,
+ SYSLOG_FACILITY_LOCAL2,
+ SYSLOG_FACILITY_LOCAL3,
+ SYSLOG_FACILITY_LOCAL4,
+ SYSLOG_FACILITY_LOCAL5,
+ SYSLOG_FACILITY_LOCAL6,
+ SYSLOG_FACILITY_LOCAL7
+} SyslogFacility;
+
+typedef enum {
+ SYSLOG_LEVEL_QUIET,
+ SYSLOG_LEVEL_FATAL,
+ SYSLOG_LEVEL_ERROR,
+ SYSLOG_LEVEL_INFO,
+ SYSLOG_LEVEL_VERBOSE,
+ SYSLOG_LEVEL_DEBUG1,
+ SYSLOG_LEVEL_DEBUG2,
+ SYSLOG_LEVEL_DEBUG3
+} LogLevel;
+/* Initializes logging. */
+void log_init(char *av0, LogLevel level, SyslogFacility facility, int on_stderr);
+
+/* Logging implementation, depending on server or client */
+void do_log(LogLevel level, const char *fmt, va_list args);
+
+/* name to facility/level */
+SyslogFacility log_facility_number(char *name);
+LogLevel log_level_number(char *name);
+
+/* Output a message to syslog or stderr */
+void fatal(const char *fmt,...) __attribute__((format(printf, 1, 2)));
+void error(const char *fmt,...) __attribute__((format(printf, 1, 2)));
+void log(const char *fmt,...) __attribute__((format(printf, 1, 2)));
+void verbose(const char *fmt,...) __attribute__((format(printf, 1, 2)));
+void debug(const char *fmt,...) __attribute__((format(printf, 1, 2)));
+void debug2(const char *fmt,...) __attribute__((format(printf, 1, 2)));
+void debug3(const char *fmt,...) __attribute__((format(printf, 1, 2)));
+
+/* same as fatal() but w/o logging */
+void fatal_cleanup(void);
+
+/*
+ * Registers a cleanup function to be called by fatal()/fatal_cleanup()
+ * before exiting. It is permissible to call fatal_remove_cleanup for the
+ * function itself from the function.
+ */
+void fatal_add_cleanup(void (*proc) (void *context), void *context);
+
+/* Removes a cleanup function to be called at fatal(). */
+void fatal_remove_cleanup(void (*proc) (void *context), void *context);
+
+#endif
*/
#include "includes.h"
-RCSID("$OpenBSD: login.c,v 1.16 2000/12/19 23:17:57 markus Exp $");
+RCSID("$OpenBSD: login.c,v 1.17 2001/01/21 19:05:51 markus Exp $");
#include "loginrec.h"
--- /dev/null
+/*
+ * Author: Tatu Ylonen <ylo@cs.hut.fi>
+ * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
+ * All rights reserved
+ *
+ * As far as I am concerned, the code I have written for this software
+ * can be used freely for any purpose. Any derived versions of this
+ * software must be clearly marked as such, and if the derived work is
+ * incompatible with the protocol description in the RFC file, it must be
+ * called by a name other than "ssh" or "Secure Shell".
+ */
+#ifndef LOGIN_H
+#define LOGIN_H
+
+/*
+ * Returns the time when the user last logged in. Returns 0 if the
+ * information is not available. This must be called before record_login.
+ * The host from which the user logged in is stored in buf.
+ */
+u_long
+get_last_login_time(uid_t uid, const char *logname,
+ char *buf, u_int bufsize);
+
+/*
+ * Records that the user has logged in. This does many things normally done
+ * by login(1).
+ */
+void
+record_login(pid_t pid, const char *ttyname, const char *user, uid_t uid,
+ const char *host, struct sockaddr *addr);
+
+/*
+ * Records that the user has logged out. This does many thigs normally done
+ * by login(1) or init.
+ */
+void record_logout(pid_t pid, const char *ttyname);
+
+#endif
#include "ssh.h"
#include "xmalloc.h"
#include "loginrec.h"
+#include "log.h"
+#include "atomicio.h"
RCSID("$Id$");
*/
#include "includes.h"
-RCSID("$OpenBSD: match.c,v 1.10 2000/12/19 23:17:57 markus Exp $");
+RCSID("$OpenBSD: match.c,v 1.11 2001/01/21 19:05:52 markus Exp $");
-#include "ssh.h"
+#include "match.h"
/*
* Returns true if the given string matches the pattern (which may contain ?
RCSID("$OpenBSD: util.c,v 1.6 2000/10/27 07:32:19 markus Exp $");
#include "ssh.h"
+#include "log.h"
char *
chop(char *s)
--- /dev/null
+/*
+ * Author: Tatu Ylonen <ylo@cs.hut.fi>
+ * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
+ * All rights reserved
+ *
+ * As far as I am concerned, the code I have written for this software
+ * can be used freely for any purpose. Any derived versions of this
+ * software must be clearly marked as such, and if the derived work is
+ * incompatible with the protocol description in the RFC file, it must be
+ * called by a name other than "ssh" or "Secure Shell".
+ */
+/* remove newline at end of string */
+char *chop(char *s);
+
+/* return next token in configuration line */
+char *strdelim(char **s);
+
+/* set filedescriptor to non-blocking */
+void set_nonblock(int fd);
*/
#include "includes.h"
-RCSID("$OpenBSD: nchan.c,v 1.20 2000/11/06 23:04:56 markus Exp $");
-
-#include "ssh.h"
+RCSID("$OpenBSD: nchan.c,v 1.22 2001/01/21 19:05:52 markus Exp $");
+#include "ssh1.h"
+#include "ssh2.h"
#include "buffer.h"
#include "packet.h"
#include "channels.h"
#include "nchan.h"
-
-#include "ssh2.h"
#include "compat.h"
+#include "log.h"
/* functions manipulating channel states */
/*
*/
#include "includes.h"
-RCSID("$OpenBSD: packet.c,v 1.44 2001/01/13 18:36:45 markus Exp $");
+RCSID("$OpenBSD: packet.c,v 1.46 2001/01/21 19:05:53 markus Exp $");
#include "xmalloc.h"
#include "buffer.h"
#include "packet.h"
#include "bufaux.h"
-#include "ssh.h"
#include "crc32.h"
#include "getput.h"
#include "channels.h"
#include "compat.h"
+#include "ssh1.h"
#include "ssh2.h"
#include <openssl/bn.h>
#include "cipher.h"
#include "kex.h"
#include "hmac.h"
+#include "log.h"
+#include "canohost.h"
#ifdef PACKET_DEBUG
#define DBG(x) x
--- /dev/null
+/*
+ * Author: Tatu Ylonen <ylo@cs.hut.fi>
+ * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
+ * All rights reserved
+ *
+ * As far as I am concerned, the code I have written for this software
+ * can be used freely for any purpose. Any derived versions of this
+ * software must be clearly marked as such, and if the derived work is
+ * incompatible with the protocol description in the RFC file, it must be
+ * called by a name other than "ssh" or "Secure Shell".
+ */
+
+#ifndef ETCDIR
+#define ETCDIR "/etc"
+#endif
+
+#ifndef _PATH_SSH_PIDDIR
+#define _PATH_SSH_PIDDIR "/var/run"
+#endif
+
+/*
+ * System-wide file containing host keys of known hosts. This file should be
+ * world-readable.
+ */
+#define _PATH_SSH_SYSTEM_HOSTFILE ETCDIR "/ssh_known_hosts"
+#define _PATH_SSH_SYSTEM_HOSTFILE2 ETCDIR "/ssh_known_hosts2"
+
+/*
+ * Of these, ssh_host_key must be readable only by root, whereas ssh_config
+ * should be world-readable.
+ */
+#define _PATH_HOST_KEY_FILE ETCDIR "/ssh_host_key"
+#define _PATH_SERVER_CONFIG_FILE ETCDIR "/sshd_config"
+#define _PATH_HOST_CONFIG_FILE ETCDIR "/ssh_config"
+#define _PATH_HOST_DSA_KEY_FILE ETCDIR "/ssh_host_dsa_key"
+#define _PATH_DH_PRIMES ETCDIR "/primes"
+
+#define _PATH_SSH_PROGRAM "/usr/bin/ssh"
+
+/*
+ * The process id of the daemon listening for connections is saved here to
+ * make it easier to kill the correct daemon when necessary.
+ */
+#define _PATH_SSH_DAEMON_PID_FILE _PATH_SSH_PIDDIR "/sshd.pid"
+
+/*
+ * The directory in user\'s home directory in which the files reside. The
+ * directory should be world-readable (though not all files are).
+ */
+#define _PATH_SSH_USER_DIR ".ssh"
+
+/*
+ * Per-user file containing host keys of known hosts. This file need not be
+ * readable by anyone except the user him/herself, though this does not
+ * contain anything particularly secret.
+ */
+#define _PATH_SSH_USER_HOSTFILE "~/.ssh/known_hosts"
+#define _PATH_SSH_USER_HOSTFILE2 "~/.ssh/known_hosts2"
+
+/*
+ * Name of the default file containing client-side authentication key. This
+ * file should only be readable by the user him/herself.
+ */
+#define _PATH_SSH_CLIENT_IDENTITY ".ssh/identity"
+#define _PATH_SSH_CLIENT_ID_DSA ".ssh/id_dsa"
+#define _PATH_SSH_CLIENT_ID_RSA ".ssh/id_rsa"
+
+/*
+ * Configuration file in user\'s home directory. This file need not be
+ * readable by anyone but the user him/herself, but does not contain anything
+ * particularly secret. If the user\'s home directory resides on an NFS
+ * volume where root is mapped to nobody, this may need to be world-readable.
+ */
+#define _PATH_SSH_USER_CONFFILE ".ssh/config"
+
+/*
+ * File containing a list of those rsa keys that permit logging in as this
+ * user. This file need not be readable by anyone but the user him/herself,
+ * but does not contain anything particularly secret. If the user\'s home
+ * directory resides on an NFS volume where root is mapped to nobody, this
+ * may need to be world-readable. (This file is read by the daemon which is
+ * running as root.)
+ */
+#define _PATH_SSH_USER_PERMITTED_KEYS ".ssh/authorized_keys"
+#define _PATH_SSH_USER_PERMITTED_KEYS2 ".ssh/authorized_keys2"
+
+/*
+ * Per-user and system-wide ssh "rc" files. These files are executed with
+ * /bin/sh before starting the shell or command if they exist. They will be
+ * passed "proto cookie" as arguments if X11 forwarding with spoofing is in
+ * use. xauth will be run if neither of these exists.
+ */
+#define _PATH_SSH_USER_RC ".ssh/rc"
+#define _PATH_SSH_SYSTEM_RC ETCDIR "/sshrc"
+
+/*
+ * Ssh-only version of /etc/hosts.equiv. Additionally, the daemon may use
+ * ~/.rhosts and /etc/hosts.equiv if rhosts authentication is enabled.
+ */
+#define _PATH_SSH_HOSTS_EQUIV ETCDIR "/shosts.equiv"
+#define _PATH_RHOSTS_EQUIV "/etc/hosts.equiv"
+
+/*
+ * Default location of askpass
+ */
+#define _PATH_SSH_ASKPASS_DEFAULT "/usr/X11R6/bin/ssh-askpass"
+
+/* for scp */
+#ifndef _PATH_CP
+#define _PATH_CP "cp"
+#endif
+
+/* path to login program */
+#ifndef LOGIN_PROGRAM
+# ifdef LOGIN_PROGRAM_FALLBACK
+# define LOGIN_PROGRAM LOGIN_PROGRAM_FALLBACK
+# else
+# define LOGIN_PROGRAM "/usr/bin/login"
+# endif
+#endif /* LOGIN_PROGRAM */
+
+/* Askpass program define */
+#ifndef ASKPASS_PROGRAM
+#define ASKPASS_PROGRAM "/usr/lib/ssh/ssh-askpass"
+#endif /* ASKPASS_PROGRAM */
+
+/*
+ * Relevant only when using builtin PRNG.
+ */
+#ifndef SSH_PRNG_SEED_FILE
+# define SSH_PRNG_SEED_FILE SSH_USER_DIR"/prng_seed"
+#endif /* SSH_PRNG_SEED_FILE */
+#ifndef SSH_PRNG_COMMAND_FILE
+# define SSH_PRNG_COMMAND_FILE ETCDIR "/ssh_prng_cmds"
+#endif /* SSH_PRNG_COMMAND_FILE */
+
*/
#include "includes.h"
-RCSID("$OpenBSD: pty.c,v 1.19 2000/12/20 20:00:34 markus Exp $");
+RCSID("$OpenBSD: pty.c,v 1.20 2001/01/21 19:05:53 markus Exp $");
#ifdef HAVE_UTIL_H
# include <util.h>
#endif /* HAVE_UTIL_H */
#include "pty.h"
-#include "ssh.h"
+#include "log.h"
/* Pty allocated with _getpty gets broken if we do I_PUSH:es to it. */
#if defined(HAVE__GETPTY) || defined(HAVE_OPENPTY)
--- /dev/null
+/*
+ * Copyright (c) 1999 Dug Song. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+int creds_to_radix(CREDENTIALS * creds, u_char *buf, size_t buflen);
+int radix_to_creds(const char *buf, CREDENTIALS * creds);
*/
#include "includes.h"
-RCSID("$OpenBSD: readconf.c,v 1.54 2001/01/18 16:20:22 markus Exp $");
+RCSID("$OpenBSD: readconf.c,v 1.58 2001/01/21 19:05:53 markus Exp $");
#include "ssh.h"
-#include "readconf.h"
-#include "match.h"
#include "xmalloc.h"
#include "compat.h"
+#include "cipher.h"
+#include "pathnames.h"
+#include "log.h"
+#include "readconf.h"
+#include "match.h"
+#include "misc.h"
/* Format of the configuration file:
/* Ignore leading whitespace. */
if (*keyword == '\0')
keyword = strdelim(&s);
- if (!*keyword || *keyword == '\n' || *keyword == '#')
+ if (keyword == NULL || !*keyword || *keyword == '\n' || *keyword == '#')
return 0;
opcode = parse_token(keyword, filename, linenum);
}
/* Check that there is no garbage at end of line. */
- if ((arg = strdelim(&s)) != NULL && *arg != '\0')
- {
+ if ((arg = strdelim(&s)) != NULL && *arg != '\0') {
fatal("%.200s line %d: garbage at end of line; \"%.200s\".",
filename, linenum, arg);
}
if (options->num_identity_files == 0) {
if (options->protocol & SSH_PROTO_1) {
options->identity_files[options->num_identity_files] =
- xmalloc(2 + strlen(SSH_CLIENT_IDENTITY) + 1);
+ xmalloc(2 + strlen(_PATH_SSH_CLIENT_IDENTITY) + 1);
sprintf(options->identity_files[options->num_identity_files++],
- "~/%.100s", SSH_CLIENT_IDENTITY);
+ "~/%.100s", _PATH_SSH_CLIENT_IDENTITY);
}
if (options->protocol & SSH_PROTO_2) {
options->identity_files[options->num_identity_files] =
- xmalloc(2 + strlen(SSH_CLIENT_ID_DSA) + 1);
+ xmalloc(2 + strlen(_PATH_SSH_CLIENT_ID_DSA) + 1);
sprintf(options->identity_files[options->num_identity_files++],
- "~/%.100s", SSH_CLIENT_ID_DSA);
+ "~/%.100s", _PATH_SSH_CLIENT_ID_DSA);
}
}
if (options->escape_char == -1)
options->escape_char = '~';
if (options->system_hostfile == NULL)
- options->system_hostfile = SSH_SYSTEM_HOSTFILE;
+ options->system_hostfile = _PATH_SSH_SYSTEM_HOSTFILE;
if (options->user_hostfile == NULL)
- options->user_hostfile = SSH_USER_HOSTFILE;
+ options->user_hostfile = _PATH_SSH_USER_HOSTFILE;
if (options->system_hostfile2 == NULL)
- options->system_hostfile2 = SSH_SYSTEM_HOSTFILE2;
+ options->system_hostfile2 = _PATH_SSH_SYSTEM_HOSTFILE2;
if (options->user_hostfile2 == NULL)
- options->user_hostfile2 = SSH_USER_HOSTFILE2;
+ options->user_hostfile2 = _PATH_SSH_USER_HOSTFILE2;
if (options->log_level == (LogLevel) - 1)
options->log_level = SYSLOG_LEVEL_INFO;
/* options->proxy_command should not be set by default */
*/
#include "includes.h"
-RCSID("$OpenBSD: readpass.c,v 1.12 2000/10/11 20:14:39 markus Exp $");
+RCSID("$OpenBSD: readpass.c,v 1.13 2001/01/21 19:05:54 markus Exp $");
#include "xmalloc.h"
-#include "ssh.h"
#include "cli.h"
/*
--- /dev/null
+/*
+ * Author: Tatu Ylonen <ylo@cs.hut.fi>
+ * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
+ * All rights reserved
+ *
+ * As far as I am concerned, the code I have written for this software
+ * can be used freely for any purpose. Any derived versions of this
+ * software must be clearly marked as such, and if the derived work is
+ * incompatible with the protocol description in the RFC file, it must be
+ * called by a name other than "ssh" or "Secure Shell".
+ */
+
+/*
+ * Reads a passphrase from /dev/tty with echo turned off. Returns the
+ * passphrase (allocated with xmalloc). Exits if EOF is encountered. If
+ * from_stdin is true, the passphrase will be read from stdin instead.
+ */
+char *read_passphrase(char *prompt, int from_stdin);
*/
#include "includes.h"
-RCSID("$OpenBSD: rsa.c,v 1.18 2000/12/19 23:17:57 markus Exp $");
+RCSID("$OpenBSD: rsa.c,v 1.19 2001/01/21 19:05:54 markus Exp $");
#include "rsa.h"
-#include "ssh.h"
+#include "log.h"
#include "xmalloc.h"
void
*/
#include "includes.h"
-RCSID("$OpenBSD: scp.c,v 1.49 2001/01/13 18:03:07 markus Exp $");
+RCSID("$OpenBSD: scp.c,v 1.51 2001/01/21 19:05:55 markus Exp $");
-#include "ssh.h"
#include "xmalloc.h"
-
-#ifndef _PATH_CP
-#define _PATH_CP "cp"
-#endif
+#include "atomicio.h"
+#include "pathnames.h"
+#include "log.h"
#ifdef HAVE___PROGNAME
extern char *__progname;
int showprogress = 1;
/* This is the program to execute for the secured connection. ("ssh" or -S) */
-char *ssh_program = SSH_PROGRAM;
+char *ssh_program = _PATH_SSH_PROGRAM;
/* This is the list of arguments that scp passes to ssh */
struct {
*/
#include "includes.h"
-RCSID("$OpenBSD: servconf.c,v 1.59 2001/01/19 12:45:26 markus Exp $");
+RCSID("$OpenBSD: servconf.c,v 1.62 2001/01/21 19:05:55 markus Exp $");
+
+#ifdef KRB4
+#include <krb.h>
+#endif
+#ifdef AFS
+#include <kafs.h>
+#endif
#include "ssh.h"
+#include "log.h"
#include "servconf.h"
#include "xmalloc.h"
#include "compat.h"
+#include "pathnames.h"
+#include "tildexpand.h"
+#include "misc.h"
+#include "cipher.h"
+
/* add listen address */
void add_listen_addr(ServerOptions *options, char *addr);
+/* AF_UNSPEC or AF_INET or AF_INET6 */
+extern int IPv4or6;
+
/* Initializes the server options to their default values. */
void
if (options->num_host_key_files == 0) {
/* fill default hostkeys for protocols */
if (options->protocol & SSH_PROTO_1)
- options->host_key_files[options->num_host_key_files++] = HOST_KEY_FILE;
+ options->host_key_files[options->num_host_key_files++] = _PATH_HOST_KEY_FILE;
if (options->protocol & SSH_PROTO_2)
- options->host_key_files[options->num_host_key_files++] = HOST_DSA_KEY_FILE;
+ options->host_key_files[options->num_host_key_files++] = _PATH_HOST_DSA_KEY_FILE;
}
if (options->num_ports == 0)
options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
if (options->listen_addrs == NULL)
add_listen_addr(options, NULL);
if (options->pid_file == NULL)
- options->pid_file = SSH_DAEMON_PID_FILE;
+ options->pid_file = _PATH_SSH_DAEMON_PID_FILE;
if (options->server_key_bits == -1)
options->server_key_bits = 768;
if (options->login_grace_time == -1)
void
add_listen_addr(ServerOptions *options, char *addr)
{
- extern int IPv4or6;
struct addrinfo hints, *ai, *aitop;
char strport[NI_MAXSERV];
int gaierr;
/* Ignore leading whitespace */
if (*arg == '\0')
arg = strdelim(&cp);
- if (!*arg || *arg == '#')
+ if (!arg || !*arg || *arg == '#')
continue;
intptr = NULL;
charptr = NULL;
*/
#include "includes.h"
-RCSID("$OpenBSD: serverloop.c,v 1.40 2001/01/18 17:00:00 markus Exp $");
+RCSID("$OpenBSD: serverloop.c,v 1.42 2001/01/21 19:05:55 markus Exp $");
#include "xmalloc.h"
-#include "ssh.h"
#include "packet.h"
#include "buffer.h"
+#include "log.h"
#include "servconf.h"
#include "pty.h"
#include "channels.h"
-
#include "compat.h"
+#include "ssh1.h"
#include "ssh2.h"
#include "auth.h"
#include "session.h"
#include "dispatch.h"
#include "auth-options.h"
+#include "serverloop.h"
+#include "misc.h"
extern ServerOptions options;
--- /dev/null
+/*
+ * Author: Tatu Ylonen <ylo@cs.hut.fi>
+ * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
+ * All rights reserved
+ *
+ * As far as I am concerned, the code I have written for this software
+ * can be used freely for any purpose. Any derived versions of this
+ * software must be clearly marked as such, and if the derived work is
+ * incompatible with the protocol description in the RFC file, it must be
+ * called by a name other than "ssh" or "Secure Shell".
+ */
+/*
+ * Performs the interactive session. This handles data transmission between
+ * the client and the program. Note that the notion of stdin, stdout, and
+ * stderr in this function is sort of reversed: this function writes to stdin
+ * (of the child program), and reads from stdout and stderr (of the child
+ * program).
+ */
+void server_loop(pid_t pid, int fdin, int fdout, int fderr);
+void server_loop2(void);
*/
#include "includes.h"
-RCSID("$OpenBSD: session.c,v 1.49 2001/01/18 17:00:00 markus Exp $");
+RCSID("$OpenBSD: session.c,v 1.51 2001/01/21 19:05:56 markus Exp $");
-#include "xmalloc.h"
#include "ssh.h"
+#include "ssh1.h"
+#include "ssh2.h"
+#include "xmalloc.h"
#include "pty.h"
#include "packet.h"
#include "buffer.h"
#include "mpaux.h"
-#include "servconf.h"
#include "uidswap.h"
#include "compat.h"
#include "channels.h"
#include "nchan.h"
-
#include "bufaux.h"
-#include "ssh2.h"
#include "auth.h"
#include "auth-options.h"
+#include "pathnames.h"
+#include "log.h"
+#include "servconf.h"
+#include "login.h"
+#include "serverloop.h"
+#include "canohost.h"
#ifdef WITH_IRIX_PROJECT
#include <proj.h>
* in this order).
*/
if (!options.use_login) {
- if (stat(SSH_USER_RC, &st) >= 0) {
+ if (stat(_PATH_SSH_USER_RC, &st) >= 0) {
if (debug_flag)
- fprintf(stderr, "Running %s %s\n", _PATH_BSHELL, SSH_USER_RC);
+ fprintf(stderr, "Running %s %s\n", _PATH_BSHELL, _PATH_SSH_USER_RC);
- f = popen(_PATH_BSHELL " " SSH_USER_RC, "w");
+ f = popen(_PATH_BSHELL " " _PATH_SSH_USER_RC, "w");
if (f) {
if (auth_proto != NULL && auth_data != NULL)
fprintf(f, "%s %s\n", auth_proto, auth_data);
pclose(f);
} else
- fprintf(stderr, "Could not run %s\n", SSH_USER_RC);
- } else if (stat(SSH_SYSTEM_RC, &st) >= 0) {
+ fprintf(stderr, "Could not run %s\n", _PATH_SSH_USER_RC);
+ } else if (stat(_PATH_SSH_SYSTEM_RC, &st) >= 0) {
if (debug_flag)
- fprintf(stderr, "Running %s %s\n", _PATH_BSHELL, SSH_SYSTEM_RC);
+ fprintf(stderr, "Running %s %s\n", _PATH_BSHELL, _PATH_SSH_SYSTEM_RC);
- f = popen(_PATH_BSHELL " " SSH_SYSTEM_RC, "w");
+ f = popen(_PATH_BSHELL " " _PATH_SSH_SYSTEM_RC, "w");
if (f) {
if (auth_proto != NULL && auth_data != NULL)
fprintf(f, "%s %s\n", auth_proto, auth_data);
pclose(f);
} else
- fprintf(stderr, "Could not run %s\n", SSH_SYSTEM_RC);
+ fprintf(stderr, "Could not run %s\n", _PATH_SSH_SYSTEM_RC);
} else if (options.xauth_location != NULL) {
/* Add authority data to .Xauthority if appropriate. */
if (auth_proto != NULL && auth_data != NULL) {
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
-RCSID("$OpenBSD: sftp-server.c,v 1.13 2001/01/16 20:54:27 markus Exp $");
+RCSID("$OpenBSD: sftp-server.c,v 1.14 2001/01/21 19:05:56 markus Exp $");
-#include "ssh.h"
#include "buffer.h"
#include "bufaux.h"
#include "getput.h"
+#include "log.h"
#include "xmalloc.h"
#include "sftp.h"
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh-add.c,v 1.24 2001/01/13 18:14:13 markus Exp $");
+RCSID("$OpenBSD: ssh-add.c,v 1.27 2001/01/21 19:05:56 markus Exp $");
#include <openssl/evp.h>
-#include <openssl/rsa.h>
-#include <openssl/dsa.h>
-#include "rsa.h"
#include "ssh.h"
+#include "rsa.h"
+#include "log.h"
#include "xmalloc.h"
#include "key.h"
#include "authfd.h"
#include "authfile.h"
+#include "pathnames.h"
+#include "readpass.h"
#ifdef HAVE___PROGNAME
extern char *__progname;
int p[2], status;
char buf[1024];
+ if (fflush(stdout) != 0)
+ error("ssh_askpass: fflush: %s", strerror(errno));
if (askpass == NULL)
fatal("internal error: askpass undefined");
if (pipe(p) < 0)
fatal("ssh_askpass: exec(%s): %s", askpass, strerror(errno));
}
close(p[1]);
- buf[0] = '\0';
- atomicio(read, p[0], buf, sizeof buf);
- len = strlen(buf);
+ len = read(p[0], buf, sizeof buf);
close(p[0]);
while (waitpid(pid, &status, 0) < 0)
if (errno != EINTR)
if (getenv(SSH_ASKPASS_ENV))
askpass = getenv(SSH_ASKPASS_ENV);
else
- askpass = SSH_ASKPASS_DEFAULT;
+ askpass = _PATH_SSH_ASKPASS_DEFAULT;
}
/* At first, try empty passphrase */
ssh_close_authentication_connection(ac);
exit(1);
}
- snprintf(buf, sizeof buf, "%s/%s", pw->pw_dir, SSH_CLIENT_IDENTITY);
+ snprintf(buf, sizeof buf, "%s/%s", pw->pw_dir, _PATH_SSH_CLIENT_IDENTITY);
if (deleting)
delete_file(ac, buf);
else
-/* $OpenBSD: ssh-agent.c,v 1.45 2000/12/19 23:17:58 markus Exp $ */
+/* $OpenBSD: ssh-agent.c,v 1.47 2001/01/21 19:05:56 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh-agent.c,v 1.45 2000/12/19 23:17:58 markus Exp $");
+RCSID("$OpenBSD: ssh-agent.c,v 1.47 2001/01/21 19:05:56 markus Exp $");
+
+#include <openssl/evp.h>
+#include <openssl/md5.h>
#include "ssh.h"
#include "rsa.h"
#include "packet.h"
#include "getput.h"
#include "mpaux.h"
-
-#include <openssl/evp.h>
-#include <openssl/md5.h>
-#include <openssl/dsa.h>
-#include <openssl/rsa.h>
#include "key.h"
#include "authfd.h"
+#include "cipher.h"
#include "kex.h"
#include "compat.h"
+#include "log.h"
typedef struct {
int fd;
char *__progname;
#endif
+int prepare_select(fd_set **, fd_set **, int *);
+
void
idtab_init(void)
{
if (bits != key_size(key))
log("Warning: identity keysize mismatch: actual %d, announced %d",
- key_size(key), bits);
+ key_size(key), bits);
break;
case 2:
blob = buffer_get_string(&e->input, &blen);
switch (version) {
case 1:
k = key_new_private(KEY_RSA1);
- buffer_get_int(&e->input); /* ignored */
+ buffer_get_int(&e->input); /* ignored */
buffer_get_bignum(&e->input, k->rsa->n);
buffer_get_bignum(&e->input, k->rsa->e);
buffer_get_bignum(&e->input, k->rsa->d);
break;
case 2:
type_name = buffer_get_string(&e->input, NULL);
- type = key_type_from_name(type_name);
+ type = key_type_from_name(type_name);
xfree(type_name);
switch(type) {
case KEY_DSA:
buffer_init(&sockets[old_alloc].output);
}
-void
-prepare_select(fd_set *readset, fd_set *writeset)
+int
+prepare_select(fd_set **fdrp, fd_set **fdwp, int *fdl)
{
- u_int i;
- for (i = 0; i < sockets_alloc; i++)
+ u_int i, sz;
+ int n = 0;
+
+ for (i = 0; i < sockets_alloc; i++) {
switch (sockets[i].type) {
case AUTH_SOCKET:
case AUTH_CONNECTION:
- FD_SET(sockets[i].fd, readset);
- if (buffer_len(&sockets[i].output) > 0)
- FD_SET(sockets[i].fd, writeset);
+ n = MAX(n, sockets[i].fd);
break;
case AUTH_UNUSED:
break;
fatal("Unknown socket type %d", sockets[i].type);
break;
}
+ }
+
+ sz = howmany(n+1, NFDBITS) * sizeof(fd_mask);
+ if (*fdrp == NULL || n > *fdl) {
+ if (*fdrp)
+ free(*fdrp);
+ if (*fdwp)
+ free(*fdwp);
+ *fdrp = xmalloc(sz);
+ *fdwp = xmalloc(sz);
+ *fdl = n;
+ }
+ memset(*fdrp, 0, sz);
+ memset(*fdwp, 0, sz);
+
+ for (i = 0; i < sockets_alloc; i++) {
+ switch (sockets[i].type) {
+ case AUTH_SOCKET:
+ case AUTH_CONNECTION:
+ FD_SET(sockets[i].fd, *fdrp);
+ if (buffer_len(&sockets[i].output) > 0)
+ FD_SET(sockets[i].fd, *fdwp);
+ break;
+ default:
+ break;
+ }
+ }
+ return (1);
}
void
case AUTH_SOCKET:
if (FD_ISSET(sockets[i].fd, readset)) {
slen = sizeof(sunaddr);
- sock = accept(sockets[i].fd, (struct sockaddr *) & sunaddr, &slen);
+ sock = accept(sockets[i].fd,
+ (struct sockaddr *) &sunaddr, &slen);
if (sock < 0) {
perror("accept from AUTH_SOCKET");
break;
case AUTH_CONNECTION:
if (buffer_len(&sockets[i].output) > 0 &&
FD_ISSET(sockets[i].fd, writeset)) {
- len = write(sockets[i].fd, buffer_ptr(&sockets[i].output),
- buffer_len(&sockets[i].output));
+ len = write(sockets[i].fd,
+ buffer_ptr(&sockets[i].output),
+ buffer_len(&sockets[i].output));
if (len <= 0) {
shutdown(sockets[i].fd, SHUT_RDWR);
close(sockets[i].fd);
void
check_parent_exists(int sig)
{
+ int save_errno = errno;
+
if (parent_pid != -1 && kill(parent_pid, 0) < 0) {
/* printf("Parent has died - Authentication agent exiting.\n"); */
exit(1);
}
signal(SIGALRM, check_parent_exists);
alarm(10);
+ errno = save_errno;
}
void
{
fprintf(stderr, "ssh-agent version %s\n", SSH_VERSION);
fprintf(stderr, "Usage: %s [-c | -s] [-k] [command {args...]]\n",
- __progname);
+ __progname);
exit(1);
}
int
main(int ac, char **av)
{
- fd_set readset, writeset;
int sock, c_flag = 0, k_flag = 0, s_flag = 0, ch;
struct sockaddr_un sunaddr;
#ifdef HAVE_SETRLIMIT
pid_t pid;
char *shell, *format, *pidstr, pidstrbuf[1 + 3 * sizeof pid];
extern int optind;
+ fd_set *readsetp = NULL, *writesetp = NULL;
__progname = get_progname(av[0]);
init_rng();
pidstr = getenv(SSH_AGENTPID_ENV_NAME);
if (pidstr == NULL) {
fprintf(stderr, "%s not set, cannot kill agent\n",
- SSH_AGENTPID_ENV_NAME);
+ SSH_AGENTPID_ENV_NAME);
exit(1);
}
pid = atoi(pidstr);
- if (pid < 1) { /* XXX PID_MAX check too */
- /* Yes, PID_MAX check please */
+ if (pid < 1) {
fprintf(stderr, "%s=\"%s\", which is not a good PID\n",
- SSH_AGENTPID_ENV_NAME, pidstr);
+ SSH_AGENTPID_ENV_NAME, pidstr);
exit(1);
}
if (kill(pid, SIGTERM) == -1) {
exit(1);
}
snprintf(socket_name, sizeof socket_name, "%s/agent.%d", socket_dir,
- parent_pid);
+ parent_pid);
/*
* Create socket early so it will exist before command gets run from
perror("listen");
cleanup_exit(1);
}
+
/*
* Fork, and have the parent execute the command, if any, or present
* the socket data. The child continues as the authentication agent.
if (ac == 0) {
format = c_flag ? "setenv %s %s;\n" : "%s=%s; export %s;\n";
printf(format, SSH_AUTHSOCKET_ENV_NAME, socket_name,
- SSH_AUTHSOCKET_ENV_NAME);
+ SSH_AUTHSOCKET_ENV_NAME);
printf(format, SSH_AGENTPID_ENV_NAME, pidstrbuf,
- SSH_AGENTPID_ENV_NAME);
+ SSH_AGENTPID_ENV_NAME);
printf("echo Agent pid %d;\n", pid);
exit(0);
}
signal(SIGHUP, cleanup_exit);
signal(SIGTERM, cleanup_exit);
while (1) {
- FD_ZERO(&readset);
- FD_ZERO(&writeset);
- prepare_select(&readset, &writeset);
- if (select(max_fd + 1, &readset, &writeset, NULL, NULL) < 0) {
+ prepare_select(&readsetp, &writesetp, &max_fd);
+ if (select(max_fd + 1, readsetp, writesetp, NULL, NULL) < 0) {
if (errno == EINTR)
continue;
exit(1);
}
- after_select(&readset, &writeset);
+ after_select(readsetp, writesetp);
}
/* NOTREACHED */
}
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh-dss.c,v 1.2 2000/12/19 23:17:58 markus Exp $");
+RCSID("$OpenBSD: ssh-dss.c,v 1.4 2001/01/21 19:05:57 markus Exp $");
+
+#include <openssl/bn.h>
+#include <openssl/evp.h>
-#include "ssh.h"
#include "xmalloc.h"
#include "buffer.h"
#include "bufaux.h"
#include "compat.h"
-
-#include <openssl/bn.h>
-#include <openssl/rsa.h>
-#include <openssl/dsa.h>
-#include <openssl/evp.h>
-
+#include "log.h"
#include "key.h"
#define INTBLOB_LEN 20
EVP_MD_CTX md;
u_int rlen;
u_int slen;
- u_int len;
+ u_int len, dlen;
u_char sigblob[SIGBLOB_LEN];
Buffer b;
error("ssh_dss_sign: no DSA key");
return -1;
}
- digest = xmalloc(evp_md->md_size);
+ dlen = evp_md->md_size;
+ digest = xmalloc(dlen);
EVP_DigestInit(&md, evp_md);
EVP_DigestUpdate(&md, data, datalen);
EVP_DigestFinal(&md, digest, NULL);
- sig = DSA_do_sign(digest, evp_md->md_size, key->dsa);
+ sig = DSA_do_sign(digest, dlen, key->dsa);
if (sig == NULL) {
fatal("ssh_dss_sign: cannot sign");
}
+ memset(digest, 0, dlen);
+ xfree(digest);
rlen = BN_num_bytes(sig->r);
slen = BN_num_bytes(sig->s);
.Nm ssh-keygen
.Fl l
.Op Fl f Ar input_keyfile
-.Nm ssh-keygen
-.Fl R
.Sh DESCRIPTION
.Nm
generates and manages authentication keys for
Provides the new passphrase.
.It Fl P Ar passphrase
Provides the (old) passphrase.
-.It Fl R
-If RSA support is functional, immediately exits with code 0. If RSA
-support is not functional, exits with code 1. This flag will be
-removed once the RSA patent expires.
.It Fl x
This option will read a private
OpenSSH DSA format file and print a SSH2-compatible public key to stdout.
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh-keygen.c,v 1.39 2001/01/13 18:03:07 markus Exp $");
+RCSID("$OpenBSD: ssh-keygen.c,v 1.41 2001/01/21 19:05:57 markus Exp $");
#include <openssl/evp.h>
#include <openssl/pem.h>
-#include <openssl/rsa.h>
-#include <openssl/dsa.h>
-#include "ssh.h"
#include "xmalloc.h"
#include "key.h"
-#include "rsa.h"
#include "authfile.h"
#include "uuencode.h"
-
#include "buffer.h"
#include "bufaux.h"
+#include "pathnames.h"
+#include "log.h"
+#include "readpass.h"
/* Number of bits in the RSA/DSA key. This value can be changed on the command line. */
int bits = 1024;
switch (key_type_from_name(key_type_name)) {
case KEY_RSA1:
- name = SSH_CLIENT_IDENTITY;
+ name = _PATH_SSH_CLIENT_IDENTITY;
break;
case KEY_DSA:
- name = SSH_CLIENT_ID_DSA;
+ name = _PATH_SSH_CLIENT_ID_DSA;
break;
case KEY_RSA:
- name = SSH_CLIENT_ID_RSA;
+ name = _PATH_SSH_CLIENT_ID_RSA;
break;
default:
fprintf(stderr, "bad key type");
ask_filename(pw, "Enter file in which to save the key");
/* Create ~/.ssh directory if it doesn\'t already exist. */
- snprintf(dotsshdir, sizeof dotsshdir, "%s/%s", pw->pw_dir, SSH_USER_DIR);
+ snprintf(dotsshdir, sizeof dotsshdir, "%s/%s", pw->pw_dir, _PATH_SSH_USER_DIR);
if (strstr(identity_file, dotsshdir) != NULL &&
stat(dotsshdir, &st) < 0) {
if (mkdir(dotsshdir, 0700) < 0)
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh-keyscan.c,v 1.9 2001/01/13 18:12:47 markus Exp $");
+RCSID("$OpenBSD: ssh-keyscan.c,v 1.11 2001/01/21 19:05:57 markus Exp $");
#if defined(HAVE_SYS_QUEUE_H) && !defined(HAVE_BOGUS_SYS_QUEUE_H)
#include <sys/queue.h>
#include <errno.h>
#include <openssl/bn.h>
-#include <openssl/rsa.h>
-#include <openssl/dsa.h>
#include "xmalloc.h"
#include "ssh.h"
+#include "ssh1.h"
#include "key.h"
#include "buffer.h"
#include "bufaux.h"
+#include "log.h"
static int argno = 1; /* Number of argument currently being parsed */
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh-rsa.c,v 1.4 2001/01/16 19:20:06 markus Exp $");
-
-#include "ssh.h"
-#include "xmalloc.h"
-#include "buffer.h"
-#include "bufaux.h"
+RCSID("$OpenBSD: ssh-rsa.c,v 1.5 2001/01/21 19:05:58 markus Exp $");
#include <openssl/evp.h>
-#include <openssl/dsa.h>
-#include <openssl/rsa.h>
#include <openssl/err.h>
+#include "xmalloc.h"
+#include "log.h"
+#include "buffer.h"
+#include "bufaux.h"
#include "key.h"
/* RSASSA-PKCS1-v1_5 (PKCS #1 v2.0 signature) with SHA1 */
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh.c,v 1.82 2001/01/15 21:40:10 markus Exp $");
+RCSID("$OpenBSD: ssh.c,v 1.84 2001/01/21 19:05:58 markus Exp $");
#include <openssl/evp.h>
-#include <openssl/dsa.h>
-#include <openssl/rsa.h>
#include <openssl/err.h>
-#include "xmalloc.h"
#include "ssh.h"
+#include "ssh1.h"
+#include "ssh2.h"
+#include "compat.h"
+#include "cipher.h"
+#include "xmalloc.h"
#include "packet.h"
#include "buffer.h"
-#include "readconf.h"
#include "uidswap.h"
-
-#include "ssh2.h"
-#include "compat.h"
#include "channels.h"
#include "key.h"
#include "authfd.h"
#include "authfile.h"
+#include "pathnames.h"
#include "clientloop.h"
+#include "log.h"
+#include "readconf.h"
+#include "sshconnect.h"
+#include "tildexpand.h"
+#include "misc.h"
#ifdef HAVE___PROGNAME
extern char *__progname;
log_init(av[0], options.log_level, SYSLOG_FACILITY_USER, 0);
/* Read per-user configuration file. */
- snprintf(buf, sizeof buf, "%.100s/%.100s", pw->pw_dir, SSH_USER_CONFFILE);
+ snprintf(buf, sizeof buf, "%.100s/%.100s", pw->pw_dir, _PATH_SSH_USER_CONFFILE);
read_config_file(buf, host, &options);
/* Read systemwide configuration file. */
- read_config_file(HOST_CONFIG_FILE, host, &options);
+ read_config_file(_PATH_HOST_CONFIG_FILE, host, &options);
/* Fill configuration defaults. */
fill_default_options(&options);
host_private_key = RSA_new();
k.type = KEY_RSA1;
k.rsa = host_private_key;
- if (load_private_key(HOST_KEY_FILE, "", &k, NULL))
+ if (load_private_key(_PATH_HOST_KEY_FILE, "", &k, NULL))
host_private_key_loaded = 1;
}
/*
* Now that we are back to our own permissions, create ~/.ssh
* directory if it doesn\'t already exist.
*/
- snprintf(buf, sizeof buf, "%.100s/%.100s", pw->pw_dir, SSH_USER_DIR);
+ snprintf(buf, sizeof buf, "%.100s/%.100s", pw->pw_dir, _PATH_SSH_USER_DIR);
if (stat(buf, &st) < 0)
if (mkdir(buf, 0700) < 0)
error("Could not create directory '%.200s'.", buf);
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
*
- * Generic header file for ssh.
- *
* As far as I am concerned, the code I have written for this software
* can be used freely for any purpose. Any derived versions of this
* software must be clearly marked as such, and if the derived work is
* called by a name other than "ssh" or "Secure Shell".
*/
-/* RCSID("$OpenBSD: ssh.h,v 1.59 2001/01/19 12:45:27 markus Exp $"); */
+/* RCSID("$OpenBSD: ssh.h,v 1.61 2001/01/21 19:05:59 markus Exp $"); */
#ifndef SSH_H
#define SSH_H
#ifdef HAVE_SYS_SELECT_H
# include <sys/select.h>
#endif
-#include "rsa.h"
-#include "cipher.h"
+
+//#include "rsa.h"
+//#include "cipher.h"
/* Cipher used for encrypting authentication files. */
#define SSH_AUTHFILE_CIPHER SSH_CIPHER_3DES
# define SSHD_PAM_SERVICE "sshd"
#endif
-#ifndef ETCDIR
-#define ETCDIR "/etc"
-#endif /* ETCDIR */
-
-#ifndef PIDDIR
-#define PIDDIR "/var/run"
-#endif /* PIDDIR */
-
-/*
- * System-wide file containing host keys of known hosts. This file should be
- * world-readable.
- */
-#define SSH_SYSTEM_HOSTFILE ETCDIR "/ssh_known_hosts"
-#define SSH_SYSTEM_HOSTFILE2 ETCDIR "/ssh_known_hosts2"
-
-/*
- * Of these, ssh_host_key must be readable only by root, whereas ssh_config
- * should be world-readable.
- */
-#define HOST_KEY_FILE ETCDIR "/ssh_host_key"
-#define SERVER_CONFIG_FILE ETCDIR "/sshd_config"
-#define HOST_CONFIG_FILE ETCDIR "/ssh_config"
-#define HOST_DSA_KEY_FILE ETCDIR "/ssh_host_dsa_key"
-#define DH_PRIMES ETCDIR "/primes"
-
-#ifndef SSH_PROGRAM
-#define SSH_PROGRAM "/usr/bin/ssh"
-#endif /* SSH_PROGRAM */
-
-#ifndef LOGIN_PROGRAM
-# ifdef LOGIN_PROGRAM_FALLBACK
-# define LOGIN_PROGRAM LOGIN_PROGRAM_FALLBACK
-# else
-# define LOGIN_PROGRAM "/usr/bin/login"
-# endif
-#endif /* LOGIN_PROGRAM */
-
-#ifndef ASKPASS_PROGRAM
-#define ASKPASS_PROGRAM "/usr/lib/ssh/ssh-askpass"
-#endif /* ASKPASS_PROGRAM */
-
-/*
- * The process id of the daemon listening for connections is saved here to
- * make it easier to kill the correct daemon when necessary.
- */
-#define SSH_DAEMON_PID_FILE PIDDIR "/sshd.pid"
-
-/*
- * The directory in user\'s home directory in which the files reside. The
- * directory should be world-readable (though not all files are).
- */
-#define SSH_USER_DIR ".ssh"
-
-/*
- * Relevant only when using builtin PRNG.
- */
-#ifndef SSH_PRNG_SEED_FILE
-# define SSH_PRNG_SEED_FILE SSH_USER_DIR"/prng_seed"
-#endif /* SSH_PRNG_SEED_FILE */
-#ifndef SSH_PRNG_COMMAND_FILE
-# define SSH_PRNG_COMMAND_FILE ETCDIR "/ssh_prng_cmds"
-#endif /* SSH_PRNG_COMMAND_FILE */
-
-/*
- * Per-user file containing host keys of known hosts. This file need not be
- * readable by anyone except the user him/herself, though this does not
- * contain anything particularly secret.
- */
-#define SSH_USER_HOSTFILE "~/.ssh/known_hosts"
-#define SSH_USER_HOSTFILE2 "~/.ssh/known_hosts2"
-
-/*
- * Name of the default file containing client-side authentication key. This
- * file should only be readable by the user him/herself.
- */
-#define SSH_CLIENT_IDENTITY ".ssh/identity"
-#define SSH_CLIENT_ID_DSA ".ssh/id_dsa"
-#define SSH_CLIENT_ID_RSA ".ssh/id_rsa"
-
-/*
- * Configuration file in user\'s home directory. This file need not be
- * readable by anyone but the user him/herself, but does not contain anything
- * particularly secret. If the user\'s home directory resides on an NFS
- * volume where root is mapped to nobody, this may need to be world-readable.
- */
-#define SSH_USER_CONFFILE ".ssh/config"
-
-/*
- * File containing a list of those rsa keys that permit logging in as this
- * user. This file need not be readable by anyone but the user him/herself,
- * but does not contain anything particularly secret. If the user\'s home
- * directory resides on an NFS volume where root is mapped to nobody, this
- * may need to be world-readable. (This file is read by the daemon which is
- * running as root.)
- */
-#define SSH_USER_PERMITTED_KEYS ".ssh/authorized_keys"
-#define SSH_USER_PERMITTED_KEYS2 ".ssh/authorized_keys2"
-
-/*
- * Per-user and system-wide ssh "rc" files. These files are executed with
- * /bin/sh before starting the shell or command if they exist. They will be
- * passed "proto cookie" as arguments if X11 forwarding with spoofing is in
- * use. xauth will be run if neither of these exists.
- */
-#define SSH_USER_RC ".ssh/rc"
-#define SSH_SYSTEM_RC ETCDIR "/sshrc"
-
-/*
- * Ssh-only version of /etc/hosts.equiv. Additionally, the daemon may use
- * ~/.rhosts and /etc/hosts.equiv if rhosts authentication is enabled.
- */
-#define SSH_HOSTS_EQUIV ETCDIR "/shosts.equiv"
-
/*
* Name of the environment variable containing the pathname of the
* authentication socket.
*/
-#define SSH_AUTHSOCKET_ENV_NAME "SSH_AUTH_SOCK"
+#define SSH_AGENTPID_ENV_NAME "SSH_AGENT_PID"
/*
* Name of the environment variable containing the pathname of the
* authentication socket.
*/
-#define SSH_AGENTPID_ENV_NAME "SSH_AGENT_PID"
+#define SSH_AUTHSOCKET_ENV_NAME "SSH_AUTH_SOCK"
/*
- * Default path to ssh-askpass used by ssh-add,
- * environment variable for overwriting the default location
+ * Environment variable for overwriting the default location of askpass
*/
-#ifndef SSH_ASKPASS_DEFAULT
-# define SSH_ASKPASS_DEFAULT "/usr/X11R6/bin/ssh-askpass"
-#endif
#define SSH_ASKPASS_ENV "SSH_ASKPASS"
/*
/* Name of Kerberos service for SSH to use. */
#define KRB4_SERVICE_NAME "rcmd"
-/*
- * Authentication methods. New types can be added, but old types should not
- * be removed for compatibility. The maximum allowed value is 31.
- */
-#define SSH_AUTH_RHOSTS 1
-#define SSH_AUTH_RSA 2
-#define SSH_AUTH_PASSWORD 3
-#define SSH_AUTH_RHOSTS_RSA 4
-#define SSH_AUTH_TIS 5
-#define SSH_AUTH_KERBEROS 6
-#define SSH_PASS_KERBEROS_TGT 7
- /* 8 to 15 are reserved */
-#define SSH_PASS_AFS_TOKEN 21
-
-/* Protocol flags. These are bit masks. */
-#define SSH_PROTOFLAG_SCREEN_NUMBER 1 /* X11 forwarding includes screen */
-#define SSH_PROTOFLAG_HOST_IN_FWD_OPEN 2 /* forwarding opens contain host */
-
-/*
- * Definition of message types. New values can be added, but old values
- * should not be removed or without careful consideration of the consequences
- * for compatibility. The maximum value is 254; value 255 is reserved for
- * future extension.
- */
-/* Message name */ /* msg code */ /* arguments */
-#define SSH_MSG_NONE 0 /* no message */
-#define SSH_MSG_DISCONNECT 1 /* cause (string) */
-#define SSH_SMSG_PUBLIC_KEY 2 /* ck,msk,srvk,hostk */
-#define SSH_CMSG_SESSION_KEY 3 /* key (BIGNUM) */
-#define SSH_CMSG_USER 4 /* user (string) */
-#define SSH_CMSG_AUTH_RHOSTS 5 /* user (string) */
-#define SSH_CMSG_AUTH_RSA 6 /* modulus (BIGNUM) */
-#define SSH_SMSG_AUTH_RSA_CHALLENGE 7 /* int (BIGNUM) */
-#define SSH_CMSG_AUTH_RSA_RESPONSE 8 /* int (BIGNUM) */
-#define SSH_CMSG_AUTH_PASSWORD 9 /* pass (string) */
-#define SSH_CMSG_REQUEST_PTY 10 /* TERM, tty modes */
-#define SSH_CMSG_WINDOW_SIZE 11 /* row,col,xpix,ypix */
-#define SSH_CMSG_EXEC_SHELL 12 /* */
-#define SSH_CMSG_EXEC_CMD 13 /* cmd (string) */
-#define SSH_SMSG_SUCCESS 14 /* */
-#define SSH_SMSG_FAILURE 15 /* */
-#define SSH_CMSG_STDIN_DATA 16 /* data (string) */
-#define SSH_SMSG_STDOUT_DATA 17 /* data (string) */
-#define SSH_SMSG_STDERR_DATA 18 /* data (string) */
-#define SSH_CMSG_EOF 19 /* */
-#define SSH_SMSG_EXITSTATUS 20 /* status (int) */
-#define SSH_MSG_CHANNEL_OPEN_CONFIRMATION 21 /* channel (int) */
-#define SSH_MSG_CHANNEL_OPEN_FAILURE 22 /* channel (int) */
-#define SSH_MSG_CHANNEL_DATA 23 /* ch,data (int,str) */
-#define SSH_MSG_CHANNEL_CLOSE 24 /* channel (int) */
-#define SSH_MSG_CHANNEL_CLOSE_CONFIRMATION 25 /* channel (int) */
-/* SSH_CMSG_X11_REQUEST_FORWARDING 26 OBSOLETE */
-#define SSH_SMSG_X11_OPEN 27 /* channel (int) */
-#define SSH_CMSG_PORT_FORWARD_REQUEST 28 /* p,host,hp (i,s,i) */
-#define SSH_MSG_PORT_OPEN 29 /* ch,h,p (i,s,i) */
-#define SSH_CMSG_AGENT_REQUEST_FORWARDING 30 /* */
-#define SSH_SMSG_AGENT_OPEN 31 /* port (int) */
-#define SSH_MSG_IGNORE 32 /* string */
-#define SSH_CMSG_EXIT_CONFIRMATION 33 /* */
-#define SSH_CMSG_X11_REQUEST_FORWARDING 34 /* proto,data (s,s) */
-#define SSH_CMSG_AUTH_RHOSTS_RSA 35 /* user,mod (s,mpi) */
-#define SSH_MSG_DEBUG 36 /* string */
-#define SSH_CMSG_REQUEST_COMPRESSION 37 /* level 1-9 (int) */
-#define SSH_CMSG_MAX_PACKET_SIZE 38 /* size 4k-1024k (int) */
-#define SSH_CMSG_AUTH_TIS 39 /* we use this for s/key */
-#define SSH_SMSG_AUTH_TIS_CHALLENGE 40 /* challenge (string) */
-#define SSH_CMSG_AUTH_TIS_RESPONSE 41 /* response (string) */
-#define SSH_CMSG_AUTH_KERBEROS 42 /* (KTEXT) */
-#define SSH_SMSG_AUTH_KERBEROS_RESPONSE 43 /* (KTEXT) */
-#define SSH_CMSG_HAVE_KERBEROS_TGT 44 /* credentials (s) */
-#define SSH_CMSG_HAVE_AFS_TOKEN 65 /* token (s) */
-
-/*------------ definitions for login.c -------------*/
-
-/*
- * Returns the time when the user last logged in. Returns 0 if the
- * information is not available. This must be called before record_login.
- * The host from which the user logged in is stored in buf.
- */
-u_long
-get_last_login_time(uid_t uid, const char *logname,
- char *buf, u_int bufsize);
-
-/*
- * Records that the user has logged in. This does many things normally done
- * by login(1).
- */
-void
-record_login(pid_t pid, const char *ttyname, const char *user, uid_t uid,
- const char *host, struct sockaddr *addr);
-
-/*
- * Records that the user has logged out. This does many thigs normally done
- * by login(1) or init.
- */
-void record_logout(pid_t pid, const char *ttyname);
-
-/*------------ definitions for sshconnect.c ----------*/
-
-/*
- * Opens a TCP/IP connection to the remote server on the given host. If port
- * is 0, the default port will be used. If anonymous is zero, a privileged
- * port will be allocated to make the connection. This requires super-user
- * privileges if anonymous is false. Connection_attempts specifies the
- * maximum number of tries, one per second. This returns true on success,
- * and zero on failure. If the connection is successful, this calls
- * packet_set_connection for the connection.
- */
-int
-ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
- u_short port, int connection_attempts,
- int anonymous, uid_t original_real_uid,
- const char *proxy_command);
-
-/*
- * Starts a dialog with the server, and authenticates the current user on the
- * server. This does not need any extra privileges. The basic connection to
- * the server must already have been established before this is called. If
- * login fails, this function prints an error and never returns. This
- * initializes the random state, and leaves it initialized (it will also have
- * references from the packet module).
- */
-
-void
-ssh_login(int host_key_valid, RSA * host_key, const char *host,
- struct sockaddr * hostaddr, uid_t original_real_uid);
-
-/*------------ Definitions for various authentication methods. -------*/
-
-/*
- * Tries to authenticate the user using the .rhosts file. Returns true if
- * authentication succeeds. If ignore_rhosts is non-zero, this will not
- * consider .rhosts and .shosts (/etc/hosts.equiv will still be used).
- */
-int auth_rhosts(struct passwd * pw, const char *client_user);
-
-/*
- * Tries to authenticate the user using the .rhosts file and the host using
- * its host key. Returns true if authentication succeeds.
- */
-int
-auth_rhosts_rsa(struct passwd * pw, const char *client_user, RSA* client_host_key);
-
-/*
- * Tries to authenticate the user using password. Returns true if
- * authentication succeeds.
- */
-int auth_password(struct passwd * pw, const char *password);
-
-/*
- * Performs the RSA authentication dialog with the client. This returns 0 if
- * the client could not be authenticated, and 1 if authentication was
- * successful. This may exit if there is a serious protocol violation.
- */
-int auth_rsa(struct passwd * pw, BIGNUM * client_n);
-
-/*
- * Parses an RSA key (number of bits, e, n) from a string. Moves the pointer
- * over the key. Skips any whitespace at the beginning and at end.
- */
-int auth_rsa_read_key(char **cpp, u_int *bitsp, BIGNUM * e, BIGNUM * n);
-
-/*
- * Returns the name of the machine at the other end of the socket. The
- * returned string should be freed by the caller.
- */
-char *get_remote_hostname(int socket);
-
-/*
- * Return the canonical name of the host in the other side of the current
- * connection (as returned by packet_get_connection). The host name is
- * cached, so it is efficient to call this several times.
- */
-const char *get_canonical_hostname(void);
-
-/*
- * Returns the remote IP address as an ascii string. The value need not be
- * freed by the caller.
- */
-const char *get_remote_ipaddr(void);
-
-/* Returns the port number of the peer of the socket. */
-int get_peer_port(int sock);
-
-/* Returns the port number of the remote/local host. */
-int get_remote_port(void);
-int get_local_port(void);
-
-
-/*
- * Performs the RSA authentication challenge-response dialog with the client,
- * and returns true (non-zero) if the client gave the correct answer to our
- * challenge; returns zero if the client gives a wrong answer.
- */
-int auth_rsa_challenge_dialog(RSA *pk);
-
-/*
- * Reads a passphrase from /dev/tty with echo turned off. Returns the
- * passphrase (allocated with xmalloc). Exits if EOF is encountered. If
- * from_stdin is true, the passphrase will be read from stdin instead.
- */
-char *read_passphrase(const char *prompt, int from_stdin);
-
-
-/*------------ Definitions for logging. -----------------------*/
-
-/* Supported syslog facilities and levels. */
-typedef enum {
- SYSLOG_FACILITY_DAEMON,
- SYSLOG_FACILITY_USER,
- SYSLOG_FACILITY_AUTH,
-#ifdef LOG_AUTHPRIV
- SYSLOG_FACILITY_AUTHPRIV,
-#endif
- SYSLOG_FACILITY_LOCAL0,
- SYSLOG_FACILITY_LOCAL1,
- SYSLOG_FACILITY_LOCAL2,
- SYSLOG_FACILITY_LOCAL3,
- SYSLOG_FACILITY_LOCAL4,
- SYSLOG_FACILITY_LOCAL5,
- SYSLOG_FACILITY_LOCAL6,
- SYSLOG_FACILITY_LOCAL7
-} SyslogFacility;
-
-typedef enum {
- SYSLOG_LEVEL_QUIET,
- SYSLOG_LEVEL_FATAL,
- SYSLOG_LEVEL_ERROR,
- SYSLOG_LEVEL_INFO,
- SYSLOG_LEVEL_VERBOSE,
- SYSLOG_LEVEL_DEBUG1,
- SYSLOG_LEVEL_DEBUG2,
- SYSLOG_LEVEL_DEBUG3
-} LogLevel;
-/* Initializes logging. */
-void log_init(char *av0, LogLevel level, SyslogFacility facility, int on_stderr);
-
-/* Logging implementation, depending on server or client */
-void do_log(LogLevel level, const char *fmt, va_list args);
-
-/* name to facility/level */
-SyslogFacility log_facility_number(char *name);
-LogLevel log_level_number(char *name);
-
-/* Output a message to syslog or stderr */
-void fatal(const char *fmt,...) __attribute__((format(printf, 1, 2)));
-void error(const char *fmt,...) __attribute__((format(printf, 1, 2)));
-void log(const char *fmt,...) __attribute__((format(printf, 1, 2)));
-void verbose(const char *fmt,...) __attribute__((format(printf, 1, 2)));
-void debug(const char *fmt,...) __attribute__((format(printf, 1, 2)));
-void debug2(const char *fmt,...) __attribute__((format(printf, 1, 2)));
-void debug3(const char *fmt,...) __attribute__((format(printf, 1, 2)));
-
-/* same as fatal() but w/o logging */
-void fatal_cleanup(void);
-
-/*
- * Registers a cleanup function to be called by fatal()/fatal_cleanup()
- * before exiting. It is permissible to call fatal_remove_cleanup for the
- * function itself from the function.
- */
-void fatal_add_cleanup(void (*proc) (void *context), void *context);
-
-/* Removes a cleanup function to be called at fatal(). */
-void fatal_remove_cleanup(void (*proc) (void *context), void *context);
-
-/* ---- misc */
-
-/*
- * Expands tildes in the file name. Returns data allocated by xmalloc.
- * Warning: this calls getpw*.
- */
-char *tilde_expand_filename(const char *filename, uid_t my_uid);
-
-/* remove newline at end of string */
-char *chop(char *s);
-
-/* return next token in configuration line */
-char *strdelim(char **s);
-
-/* set filedescriptor to non-blocking */
-void set_nonblock(int fd);
-
-/*
- * Performs the interactive session. This handles data transmission between
- * the client and the program. Note that the notion of stdin, stdout, and
- * stderr in this function is sort of reversed: this function writes to stdin
- * (of the child program), and reads from stdout and stderr (of the child
- * program).
- */
-void server_loop(pid_t pid, int fdin, int fdout, int fderr);
-void server_loop2(void);
-
-/* Client side main loop for the interactive session. */
-int client_loop(int have_pty, int escape_char, int id);
-
-/* Linked list of custom environment strings (see auth-rsa.c). */
-struct envstring {
- struct envstring *next;
- char *s;
-};
-
-/*
- * Ensure all of data on socket comes through. f==read || f==write
- */
-ssize_t atomicio(ssize_t (*f)(), int fd, void *s, size_t n);
-
-#ifdef KRB4
-#include <krb.h>
-/*
- * Performs Kerberos v4 mutual authentication with the client. This returns 0
- * if the client could not be authenticated, and 1 if authentication was
- * successful. This may exit if there is a serious protocol violation.
- */
-int auth_krb4(const char *server_user, KTEXT auth, char **client);
-int krb4_init(uid_t uid);
-void krb4_cleanup_proc(void *ignore);
-int auth_krb4_password(struct passwd * pw, const char *password);
-
-#ifdef AFS
-#include <kafs.h>
-
-/* Accept passed Kerberos v4 ticket-granting ticket and AFS tokens. */
-int auth_kerberos_tgt(struct passwd * pw, const char *string);
-int auth_afs_token(struct passwd * pw, const char *token_string);
-
-int creds_to_radix(CREDENTIALS * creds, u_char *buf, size_t buflen);
-int radix_to_creds(const char *buf, CREDENTIALS * creds);
-#endif /* AFS */
-
-#endif /* KRB4 */
-
-/* AF_UNSPEC or AF_INET or AF_INET6 */
-extern int IPv4or6;
-
#endif /* SSH_H */
--- /dev/null
+/*
+ * Author: Tatu Ylonen <ylo@cs.hut.fi>
+ * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
+ * All rights reserved
+ *
+ * As far as I am concerned, the code I have written for this software
+ * can be used freely for any purpose. Any derived versions of this
+ * software must be clearly marked as such, and if the derived work is
+ * incompatible with the protocol description in the RFC file, it must be
+ * called by a name other than "ssh" or "Secure Shell".
+ */
+
+/*
+ * Definition of message types. New values can be added, but old values
+ * should not be removed or without careful consideration of the consequences
+ * for compatibility. The maximum value is 254; value 255 is reserved for
+ * future extension.
+ */
+/* Message name */ /* msg code */ /* arguments */
+#define SSH_MSG_NONE 0 /* no message */
+#define SSH_MSG_DISCONNECT 1 /* cause (string) */
+#define SSH_SMSG_PUBLIC_KEY 2 /* ck,msk,srvk,hostk */
+#define SSH_CMSG_SESSION_KEY 3 /* key (BIGNUM) */
+#define SSH_CMSG_USER 4 /* user (string) */
+#define SSH_CMSG_AUTH_RHOSTS 5 /* user (string) */
+#define SSH_CMSG_AUTH_RSA 6 /* modulus (BIGNUM) */
+#define SSH_SMSG_AUTH_RSA_CHALLENGE 7 /* int (BIGNUM) */
+#define SSH_CMSG_AUTH_RSA_RESPONSE 8 /* int (BIGNUM) */
+#define SSH_CMSG_AUTH_PASSWORD 9 /* pass (string) */
+#define SSH_CMSG_REQUEST_PTY 10 /* TERM, tty modes */
+#define SSH_CMSG_WINDOW_SIZE 11 /* row,col,xpix,ypix */
+#define SSH_CMSG_EXEC_SHELL 12 /* */
+#define SSH_CMSG_EXEC_CMD 13 /* cmd (string) */
+#define SSH_SMSG_SUCCESS 14 /* */
+#define SSH_SMSG_FAILURE 15 /* */
+#define SSH_CMSG_STDIN_DATA 16 /* data (string) */
+#define SSH_SMSG_STDOUT_DATA 17 /* data (string) */
+#define SSH_SMSG_STDERR_DATA 18 /* data (string) */
+#define SSH_CMSG_EOF 19 /* */
+#define SSH_SMSG_EXITSTATUS 20 /* status (int) */
+#define SSH_MSG_CHANNEL_OPEN_CONFIRMATION 21 /* channel (int) */
+#define SSH_MSG_CHANNEL_OPEN_FAILURE 22 /* channel (int) */
+#define SSH_MSG_CHANNEL_DATA 23 /* ch,data (int,str) */
+#define SSH_MSG_CHANNEL_CLOSE 24 /* channel (int) */
+#define SSH_MSG_CHANNEL_CLOSE_CONFIRMATION 25 /* channel (int) */
+/* SSH_CMSG_X11_REQUEST_FORWARDING 26 OBSOLETE */
+#define SSH_SMSG_X11_OPEN 27 /* channel (int) */
+#define SSH_CMSG_PORT_FORWARD_REQUEST 28 /* p,host,hp (i,s,i) */
+#define SSH_MSG_PORT_OPEN 29 /* ch,h,p (i,s,i) */
+#define SSH_CMSG_AGENT_REQUEST_FORWARDING 30 /* */
+#define SSH_SMSG_AGENT_OPEN 31 /* port (int) */
+#define SSH_MSG_IGNORE 32 /* string */
+#define SSH_CMSG_EXIT_CONFIRMATION 33 /* */
+#define SSH_CMSG_X11_REQUEST_FORWARDING 34 /* proto,data (s,s) */
+#define SSH_CMSG_AUTH_RHOSTS_RSA 35 /* user,mod (s,mpi) */
+#define SSH_MSG_DEBUG 36 /* string */
+#define SSH_CMSG_REQUEST_COMPRESSION 37 /* level 1-9 (int) */
+#define SSH_CMSG_MAX_PACKET_SIZE 38 /* size 4k-1024k (int) */
+#define SSH_CMSG_AUTH_TIS 39 /* we use this for s/key */
+#define SSH_SMSG_AUTH_TIS_CHALLENGE 40 /* challenge (string) */
+#define SSH_CMSG_AUTH_TIS_RESPONSE 41 /* response (string) */
+#define SSH_CMSG_AUTH_KERBEROS 42 /* (KTEXT) */
+#define SSH_SMSG_AUTH_KERBEROS_RESPONSE 43 /* (KTEXT) */
+#define SSH_CMSG_HAVE_KERBEROS_TGT 44 /* credentials (s) */
+#define SSH_CMSG_HAVE_AFS_TOKEN 65 /* token (s) */
+
+/*
+ * Authentication methods. New types can be added, but old types should not
+ * be removed for compatibility. The maximum allowed value is 31.
+ */
+#define SSH_AUTH_RHOSTS 1
+#define SSH_AUTH_RSA 2
+#define SSH_AUTH_PASSWORD 3
+#define SSH_AUTH_RHOSTS_RSA 4
+#define SSH_AUTH_TIS 5
+#define SSH_AUTH_KERBEROS 6
+#define SSH_PASS_KERBEROS_TGT 7
+ /* 8 to 15 are reserved */
+#define SSH_PASS_AFS_TOKEN 21
+
+/* Protocol flags. These are bit masks. */
+#define SSH_PROTOFLAG_SCREEN_NUMBER 1 /* X11 forwarding includes screen */
+#define SSH_PROTOFLAG_HOST_IN_FWD_OPEN 2 /* forwarding opens contain host */
+
*/
#include "includes.h"
-RCSID("$OpenBSD: sshconnect.c,v 1.90 2001/01/13 18:32:50 markus Exp $");
+RCSID("$OpenBSD: sshconnect.c,v 1.91 2001/01/21 19:05:59 markus Exp $");
#include <openssl/bn.h>
-#include <openssl/dsa.h>
-#include <openssl/rsa.h>
+#include "ssh.h"
#include "xmalloc.h"
#include "rsa.h"
-#include "ssh.h"
#include "buffer.h"
#include "packet.h"
#include "uidswap.h"
#include "compat.h"
-#include "readconf.h"
#include "key.h"
#include "sshconnect.h"
#include "hostfile.h"
+#include "log.h"
+#include "readconf.h"
+#include "atomicio.h"
+#include "misc.h"
char *client_version_string = NULL;
char *server_version_string = NULL;
extern Options options;
extern char *__progname;
+/* AF_UNSPEC or AF_INET or AF_INET6 */
+extern int IPv4or6;
+
/*
* Connect to the given ssh server using a proxy command.
*/
*/
#ifndef SSHCONNECT_H
#define SSHCONNECT_H
+/*
+ * Opens a TCP/IP connection to the remote server on the given host. If port
+ * is 0, the default port will be used. If anonymous is zero, a privileged
+ * port will be allocated to make the connection. This requires super-user
+ * privileges if anonymous is false. Connection_attempts specifies the
+ * maximum number of tries, one per second. This returns true on success,
+ * and zero on failure. If the connection is successful, this calls
+ * packet_set_connection for the connection.
+ */
+int
+ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
+ u_short port, int connection_attempts,
+ int anonymous, uid_t original_real_uid,
+ const char *proxy_command);
+
+/*
+ * Starts a dialog with the server, and authenticates the current user on the
+ * server. This does not need any extra privileges. The basic connection to
+ * the server must already have been established before this is called. If
+ * login fails, this function prints an error and never returns. This
+ * initializes the random state, and leaves it initialized (it will also have
+ * references from the packet module).
+ */
+
+void
+ssh_login(int host_key_valid, RSA * host_key, const char *host,
+ struct sockaddr * hostaddr, uid_t original_real_uid);
+
void
check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
*/
#include "includes.h"
-RCSID("$OpenBSD: sshconnect1.c,v 1.16 2001/01/18 17:00:00 markus Exp $");
+RCSID("$OpenBSD: sshconnect1.c,v 1.18 2001/01/21 19:06:00 markus Exp $");
#include <openssl/bn.h>
-#include <openssl/dsa.h>
-#include <openssl/rsa.h>
#include <openssl/evp.h>
+#ifdef KRB4
+#include <krb.h>
+#include "radix.h"
+#endif
+#ifdef AFS
+#include <kafs.h>
+#endif
+
+#include "ssh.h"
+#include "ssh1.h"
#include "xmalloc.h"
#include "rsa.h"
-#include "ssh.h"
#include "buffer.h"
#include "packet.h"
#include "mpaux.h"
#include "uidswap.h"
+#include "log.h"
#include "readconf.h"
#include "key.h"
#include "authfd.h"
#include "sshconnect.h"
#include "authfile.h"
+#include "readpass.h"
+#include "cipher.h"
+#include "canohost.h"
/* Session id for the current session. */
u_char session_id[16];
*/
#include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.35 2001/01/04 22:21:26 markus Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.37 2001/01/21 19:06:00 markus Exp $");
#include <openssl/bn.h>
-#include <openssl/rsa.h>
-#include <openssl/dsa.h>
#include <openssl/md5.h>
#include <openssl/dh.h>
#include <openssl/hmac.h>
#include "ssh.h"
+#include "ssh2.h"
#include "xmalloc.h"
#include "rsa.h"
#include "buffer.h"
#include "packet.h"
#include "uidswap.h"
#include "compat.h"
-#include "readconf.h"
#include "bufaux.h"
-#include "ssh2.h"
+#include "cipher.h"
#include "kex.h"
#include "myproposal.h"
#include "key.h"
#include "cli.h"
#include "dispatch.h"
#include "authfd.h"
+#include "log.h"
+#include "readconf.h"
+#include "readpass.h"
void ssh_dh1_client(Kex *, char *, struct sockaddr *, Buffer *, Buffer *);
void ssh_dhgex_client(Kex *, char *, struct sockaddr *, Buffer *, Buffer *);
if ((g = BN_new()) == NULL)
fatal("BN_new");
packet_get_bignum2(g, &dlen);
- if ((dh = dh_new_group(g, p)) == NULL)
- fatal("dh_new_group");
+ dh = dh_new_group(g, p);
dh_gen_key(dh);
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: sshd.8,v 1.82 2001/01/18 16:20:22 markus Exp $
+.\" $OpenBSD: sshd.8,v 1.83 2001/01/19 16:48:14 markus Exp $
.Dd September 25, 1999
.Dt SSHD 8
.Os
used by SSH protocol versions 1 and 2.
Note that
.Nm
-if this file is group/world-accessible.
+will refuse to use a file if it is group/world-accessible.
It is possible to have multiple host key files.
.Dq rsa1
keys are used for version 1 and
*/
#include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.153 2001/01/19 12:45:27 markus Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.155 2001/01/21 19:06:00 markus Exp $");
+#include <openssl/dh.h>
+#include <openssl/bn.h>
+#include <openssl/hmac.h>
+
+#include "ssh.h"
+#include "ssh1.h"
+#include "ssh2.h"
#include "xmalloc.h"
#include "rsa.h"
-#include "ssh.h"
#include "pty.h"
#include "packet.h"
#include "mpaux.h"
+#include "log.h"
#include "servconf.h"
#include "uidswap.h"
#include "compat.h"
#include "buffer.h"
-
-#include "ssh2.h"
-#include <openssl/dh.h>
-#include <openssl/bn.h>
-#include <openssl/hmac.h>
+#include "cipher.h"
#include "kex.h"
-#include <openssl/dsa.h>
-#include <openssl/rsa.h>
#include "key.h"
#include "dh.h"
-
-#include "auth.h"
#include "myproposal.h"
#include "authfile.h"
+#include "pathnames.h"
+#include "atomicio.h"
+#include "canohost.h"
+#include "auth.h"
+#include "misc.h"
#ifdef LIBWRAP
#include <tcpd.h>
ServerOptions options;
/* Name of the server configuration file. */
-char *config_file_name = SERVER_CONFIG_FILE;
+char *config_file_name = _PATH_SERVER_CONFIG_FILE;
/*
* Flag indicating whether IPv4 or IPv6. This can be set on the command line.
fprintf(stderr, "sshd version %s\n", SSH_VERSION);
fprintf(stderr, "Usage: %s [options]\n", __progname);
fprintf(stderr, "Options:\n");
- fprintf(stderr, " -f file Configuration file (default %s)\n", SERVER_CONFIG_FILE);
+ fprintf(stderr, " -f file Configuration file (default %s)\n", _PATH_SERVER_CONFIG_FILE);
fprintf(stderr, " -d Debugging mode (multiple -d means more debugging)\n");
fprintf(stderr, " -i Started from inetd\n");
fprintf(stderr, " -D Do not fork into daemon mode\n");
fprintf(stderr, " -g seconds Grace period for authentication (default: 600)\n");
fprintf(stderr, " -b bits Size of server RSA key (default: 768 bits)\n");
fprintf(stderr, " -h file File from which to read host key (default: %s)\n",
- HOST_KEY_FILE);
+ _PATH_HOST_KEY_FILE);
fprintf(stderr, " -u len Maximum hostname length for utmp recording\n");
fprintf(stderr, " -4 Use IPv4 only\n");
fprintf(stderr, " -6 Use IPv6 only\n");
*/
#include "includes.h"
-RCSID("$OpenBSD: tildexpand.c,v 1.9 2000/12/19 23:17:59 markus Exp $");
+RCSID("$OpenBSD: tildexpand.c,v 1.10 2001/01/21 19:06:01 markus Exp $");
#include "xmalloc.h"
-#include "ssh.h"
+#include "log.h"
/*
* Expands tildes in the file name. Returns data allocated by xmalloc.
--- /dev/null
+/*
+ * Author: Tatu Ylonen <ylo@cs.hut.fi>
+ * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
+ * All rights reserved
+ *
+ * As far as I am concerned, the code I have written for this software
+ * can be used freely for any purpose. Any derived versions of this
+ * software must be clearly marked as such, and if the derived work is
+ * incompatible with the protocol description in the RFC file, it must be
+ * called by a name other than "ssh" or "Secure Shell".
+ */
+
+/*
+ * Expands tildes in the file name. Returns data allocated by xmalloc.
+ * Warning: this calls getpw*.
+ */
+char *tilde_expand_filename(const char *filename, uid_t my_uid);
*/
#include "includes.h"
-RCSID("$OpenBSD: ttymodes.c,v 1.8 2000/09/07 20:27:55 deraadt Exp $");
+RCSID("$OpenBSD: ttymodes.c,v 1.10 2001/01/21 19:06:01 markus Exp $");
#include "packet.h"
-#include "ssh.h"
+#include "log.h"
+#include "ssh1.h"
#define TTY_OP_END 0
#define TTY_OP_ISPEED 192 /* int follows */
*/
#include "includes.h"
-RCSID("$OpenBSD: uidswap.c,v 1.12 2000/12/29 10:48:56 markus Exp $");
+RCSID("$OpenBSD: uidswap.c,v 1.13 2001/01/21 19:06:01 markus Exp $");
-#include "ssh.h"
+#include "log.h"
#include "uidswap.h"
/*
*/
#include "includes.h"
-RCSID("$OpenBSD: xmalloc.c,v 1.8 2000/09/07 20:27:55 deraadt Exp $");
+RCSID("$OpenBSD: xmalloc.c,v 1.9 2001/01/21 19:06:02 markus Exp $");
-#include "ssh.h"
+#include "xmalloc.h"
+#include "log.h"
void *
xmalloc(size_t size)
andersk / openssh.git / commitdiff
