- OpenBSD CVS Changes

    - [channels.c]
      make this compile, bad markus
    - [log.c readconf.c servconf.c ssh.h]
      bugfix: loglevels are per host in clientconfig,
      factor out common log-level parsing code.
    - [servconf.c]
      remove unused index (-Wall)
    - [ssh-agent.c]
      only one 'extern char *__progname'
    - [sshd.8]
      document SIGHUP, -Q to synopsis
    - [sshconnect.c serverloop.c sshd.c packet.c packet.h]
      [channels.c clientloop.c]
      SSH_CMSG_MAX_PACKET_SIZE, some clients use this, some need this, niels@
      [hope this time my ISP stays alive during commit]

diff --git a/ChangeLog b/ChangeLog
index 69a477ec724d693a0ced80fb2f42cd2c3406a15c..3a7b120a04835094cdaa6417ecd22271996f7064 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,21 @@
+19991121
+  - OpenBSD CVS Changes
+    - [channels.c]
+      make this compile, bad markus
+    - [log.c readconf.c servconf.c ssh.h]
+      bugfix: loglevels are per host in clientconfig,
+      factor out common log-level parsing code.
+    - [servconf.c]
+      remove unused index (-Wall)
+    - [ssh-agent.c]
+      only one 'extern char *__progname'
+    - [sshd.8]
+      document SIGHUP, -Q to synopsis
+    - [sshconnect.c serverloop.c sshd.c packet.c packet.h]
+      [channels.c clientloop.c]
+      SSH_CMSG_MAX_PACKET_SIZE, some clients use this, some need this, niels@
+      [hope this time my ISP stays alive during commit]
+
 19991120
  - Merged more Solaris support from Marc G. Fournier 
    <marc.fournier@acadiau.ca>

diff --git a/channels.c b/channels.c
index e1211b642e2ad0ebd1b24543c8a7091cc5f096eb..60a6216d1101b593c1b45028b6b564f41cb82a6a 100644 (file)
--- a/channels.c
+++ b/channels.c
@@ -208,7 +208,7 @@ void channel_prepare_select(fd_set *readset, fd_set *writeset)
 
        case SSH_CHANNEL_OPEN:
          if(compat13){
-           if (buffer_len(&ch->input) < 32768)
+           if (buffer_len(&ch->input) < packet_get_maxsize())
              FD_SET(ch->sock, readset);
            if (buffer_len(&ch->output) > 0)
              FD_SET(ch->sock, writeset);
@@ -216,7 +216,7 @@ void channel_prepare_select(fd_set *readset, fd_set *writeset)
          }
          /* test whether sockets are 'alive' for read/write */
           if (ch->istate == CHAN_INPUT_OPEN)
-            if (buffer_len(&ch->input) < 32768)
+            if (buffer_len(&ch->input) < packet_get_maxsize())
               FD_SET(ch->sock, readset);
           if (ch->ostate == CHAN_OUTPUT_OPEN || ch->ostate == CHAN_OUTPUT_WAIT_DRAIN){
             if (buffer_len(&ch->output) > 0){
@@ -611,9 +611,9 @@ int channel_not_very_much_buffered_data()
        case SSH_CHANNEL_AUTH_SOCKET:
          continue;
        case SSH_CHANNEL_OPEN:
-         if (buffer_len(&ch->input) > 32768)
+         if (buffer_len(&ch->input) > packet_get_maxsize())
            return 0;
-         if (buffer_len(&ch->output) > 32768)
+         if (buffer_len(&ch->output) > packet_get_maxsize())
            return 0;
          continue;
        case SSH_CHANNEL_INPUT_DRAINING:

diff --git a/clientloop.c b/clientloop.c
index 815ae67bb3d3dd5e091bf8ae0eea087e188da16b..4d1728d704e1aad4a84dc12e8f76d2c1a25a6c7d 100644 (file)
--- a/clientloop.c
+++ b/clientloop.c
@@ -322,8 +322,8 @@ void client_make_packets_from_stdin_data()
         packet_not_very_much_data_to_write())
     {
       len = buffer_len(&stdin_buffer);
-      if (len > 32768)
-       len = 32768;  /* Keep the packets at reasonable size. */
+      if (len > packet_get_maxsize())
+       len = packet_get_maxsize();  /* Keep the packets at reasonable size. */
       packet_start(SSH_CMSG_STDIN_DATA);
       packet_put_string(buffer_ptr(&stdin_buffer), len);
       packet_send();

diff --git a/log.c b/log.c
index 3e840ecb5c93ea9afa9358b517aac60219db59b2..1ce534ea57df18bbffe5bdcea2e0278b15035f34 100644 (file)
--- a/log.c
+++ b/log.c
@@ -5,7 +5,7 @@ Shared versions of debug(), log(), etc.
 */
 
 #include "includes.h"
-RCSID("$OpenBSD: log.c,v 1.1 1999/11/10 23:36:44 markus Exp $");
+RCSID("$OpenBSD: log.c,v 1.2 1999/11/19 16:04:17 markus Exp $");
 
 #include "ssh.h"
 #include "xmalloc.h"
@@ -133,3 +133,63 @@ fatal_cleanup(void)
 
   exit(255);
 }
+
+/* textual representation of log-facilities/levels */
+
+
+static struct 
+{
+  const char *name;
+  SyslogFacility val;
+} log_facilities[] =
+{
+  { "DAEMON", SYSLOG_FACILITY_DAEMON },
+  { "USER", SYSLOG_FACILITY_USER },
+  { "AUTH", SYSLOG_FACILITY_AUTH },
+  { "LOCAL0", SYSLOG_FACILITY_LOCAL0 },
+  { "LOCAL1", SYSLOG_FACILITY_LOCAL1 },
+  { "LOCAL2", SYSLOG_FACILITY_LOCAL2 },
+  { "LOCAL3", SYSLOG_FACILITY_LOCAL3 },
+  { "LOCAL4", SYSLOG_FACILITY_LOCAL4 },
+  { "LOCAL5", SYSLOG_FACILITY_LOCAL5 },
+  { "LOCAL6", SYSLOG_FACILITY_LOCAL6 },
+  { "LOCAL7", SYSLOG_FACILITY_LOCAL7 },
+  { NULL, 0 }
+};
+
+static struct 
+{
+  const char *name;
+  LogLevel val;
+} log_levels[] =
+{
+  { "QUIET",   SYSLOG_LEVEL_QUIET },
+  { "FATAL",   SYSLOG_LEVEL_FATAL },
+  { "ERROR",   SYSLOG_LEVEL_ERROR },
+  { "INFO",    SYSLOG_LEVEL_INFO },
+  { "CHAT",    SYSLOG_LEVEL_CHAT },
+  { "DEBUG",   SYSLOG_LEVEL_DEBUG },
+  { NULL, 0 }
+};
+
+SyslogFacility
+log_facility_number(char *name)
+{
+  int i;
+  if (name != NULL)
+    for (i = 0; log_facilities[i].name; i++)
+      if (strcasecmp(log_facilities[i].name, name) == 0)
+        return log_facilities[i].val;
+  return (SyslogFacility)-1;
+}
+
+LogLevel
+log_level_number(char *name)
+{
+  int i;
+  if (name != NULL)
+    for (i = 0; log_levels[i].name; i++)
+      if (strcasecmp(log_levels[i].name, name) == 0)
+        return log_levels[i].val;
+  return (LogLevel)-1;
+}

diff --git a/packet.c b/packet.c
index 18692082a78d9d4601bd70ed4c32b304f97355eb..6b861916a5090b7ac0b2ebfb6bab2c30ac04e1b2 100644 (file)
--- a/packet.c
+++ b/packet.c
@@ -66,6 +66,9 @@ static Buffer compression_buffer;
 /* Flag indicating whether packet compression/decompression is enabled. */
 static int packet_compression = 0;
 
+/* default maximum packet size */
+int max_packet_size = 32768;
+
 /* Flag indicating whether this module has been initialized. */
 static int initialized = 0;
 
@@ -745,3 +748,20 @@ packet_is_interactive()
 {
   return interactive_mode;
 }
+
+int
+packet_set_maxsize(int s)
+{
+  static int called = 0;
+  if (called) {
+    log("packet_set_maxsize: called twice: old %d new %d", max_packet_size, s);
+    return -1;
+  }
+  if (s < 4*1024 || s > 1024*1024) {
+    log("packet_set_maxsize: bad size %d", s);
+    return -1;
+  }
+  log("packet_set_maxsize: setting to %d", s);
+  max_packet_size = s;
+  return s;
+}

diff --git a/packet.h b/packet.h
index f317f4a17d9cb8961c5fef7033a20d5cd7fd7747..d542e9ae92d8e2dbe544dca1bd2fa9f1da43b4de 100644 (file)
--- a/packet.h
+++ b/packet.h
@@ -154,6 +154,11 @@ int packet_have_data_to_write(void);
 /* Returns true if there is not too much data to write to the connection. */
 int packet_not_very_much_data_to_write(void);
 
+/* maximum packet size, requested by client with SSH_CMSG_MAX_PACKET_SIZE */
+extern int max_packet_size;
+int packet_set_maxsize(int s);
+#define packet_get_maxsize() max_packet_size
+
 /* Stores tty modes from the fd into current packet. */
 void tty_make_modes(int fd);
 

diff --git a/readconf.c b/readconf.c
index 1f43ba0f51a99bceb3d8136a06b385a2317d47f3..9e4bd5f980dd29189dc4bb027b38be5794dbb8ff 100644 (file)
--- a/readconf.c
+++ b/readconf.c
@@ -155,23 +155,6 @@ static struct
   { NULL, 0 }
 };
 
-/* textual representation of log-levels */
-
-static struct 
-{
-  const char *name;
-  LogLevel level;
-} log_levels[] =
-{
-  { "QUIET", SYSLOG_LEVEL_QUIET },
-  { "FATAL", SYSLOG_LEVEL_FATAL },
-  { "ERROR", SYSLOG_LEVEL_ERROR },
-  { "INFO",  SYSLOG_LEVEL_INFO },
-  { "CHAT",  SYSLOG_LEVEL_CHAT },
-  { "DEBUG", SYSLOG_LEVEL_DEBUG },
-  { NULL, 0 }
-};
-
 /* Characters considered whitespace in strtok calls. */
 #define WHITESPACE " \t\r\n"
 
@@ -237,7 +220,7 @@ process_config_line(Options *options, const char *host,
                         int *activep)
 {
   char buf[256], *cp, *string, **charptr;
-  int opcode, *intptr, value, fwd_port, fwd_host_port, i;
+  int opcode, *intptr, value, fwd_port, fwd_host_port;
 
   /* Skip leading whitespace. */
   cp = line + strspn(line, WHITESPACE);
@@ -462,30 +445,21 @@ process_config_line(Options *options, const char *host,
       cp = strtok(NULL, WHITESPACE);
       value = cipher_number(cp);
       if (value == -1)
-       fatal("%.200s line %d: Bad cipher.", filename, linenum);
+       fatal("%.200s line %d: Bad cipher '%s'.",
+             filename, linenum, cp ? cp : "<NONE>");
       if (*activep && *intptr == -1)
        *intptr = value;
       break;
 
     case oLogLevel:
+      intptr = (int *)&options->log_level;
       cp = strtok(NULL, WHITESPACE);
-      if (!cp)
-        {
-          fprintf(stderr, "%s line %d: missing level name.\n",
-                 filename, linenum);
-          exit(1);
-        }
-      for (i = 0; log_levels[i].name; i++)
-        if (strcasecmp(log_levels[i].name, cp) == 0)
-          break;
-      if (!log_levels[i].name)
-        {
-          fprintf(stderr, "%s line %d: unsupported log level %s\n",
-                 filename, linenum, cp);
-          exit(1);
-        }
-      if (options->log_level == (LogLevel)(-1))
-        options->log_level = log_levels[i].level;
+      value = log_level_number(cp);
+      if (value == (LogLevel)-1)
+        fatal("%.200s line %d: unsupported log level '%s'\n",
+             filename, linenum, cp ? cp : "<NONE>");
+      if (*activep && (LogLevel)*intptr == -1)
+       *intptr = (LogLevel)value;
       break;
       
     case oRemoteForward:

diff --git a/servconf.c b/servconf.c
index f573e9afb02a96b8c340ba38875b92ea8f41a18d..e24aed8dfc8bf28a49b20e4d5ac068553a4da507 100644 (file)
--- a/servconf.c
+++ b/servconf.c
@@ -214,41 +214,6 @@ static struct
   { NULL, 0 }
 };
 
-static struct 
-{
-  const char *name;
-  SyslogFacility facility;
-} log_facilities[] =
-{
-  { "DAEMON", SYSLOG_FACILITY_DAEMON },
-  { "USER", SYSLOG_FACILITY_USER },
-  { "AUTH", SYSLOG_FACILITY_AUTH },
-  { "LOCAL0", SYSLOG_FACILITY_LOCAL0 },
-  { "LOCAL1", SYSLOG_FACILITY_LOCAL1 },
-  { "LOCAL2", SYSLOG_FACILITY_LOCAL2 },
-  { "LOCAL3", SYSLOG_FACILITY_LOCAL3 },
-  { "LOCAL4", SYSLOG_FACILITY_LOCAL4 },
-  { "LOCAL5", SYSLOG_FACILITY_LOCAL5 },
-  { "LOCAL6", SYSLOG_FACILITY_LOCAL6 },
-  { "LOCAL7", SYSLOG_FACILITY_LOCAL7 },
-  { NULL, 0 }
-};
-
-static struct 
-{
-  const char *name;
-  LogLevel level;
-} log_levels[] =
-{
-  { "QUIET", SYSLOG_LEVEL_QUIET },
-  { "FATAL", SYSLOG_LEVEL_FATAL },
-  { "ERROR", SYSLOG_LEVEL_ERROR },
-  { "INFO",  SYSLOG_LEVEL_INFO },
-  { "CHAT",  SYSLOG_LEVEL_CHAT },
-  { "DEBUG", SYSLOG_LEVEL_DEBUG },
-  { NULL, 0 }
-};
-
 /* Returns the number of the token pointed to by cp of length len.
    Never returns if the token is not known. */
 
@@ -273,7 +238,7 @@ void read_server_config(ServerOptions *options, const char *filename)
   FILE *f;
   char line[1024];
   char *cp, **charptr;
-  int linenum, *intptr, i, value;
+  int linenum, *intptr, value;
   int bad_options = 0;
   ServerOpCodes opcode;
 
@@ -495,45 +460,25 @@ void read_server_config(ServerOptions *options, const char *filename)
           goto parse_flag;
 
        case sLogFacility:
+         intptr = (int *)&options->log_facility;
          cp = strtok(NULL, WHITESPACE);
-         if (!cp)
-           {
-             fprintf(stderr, "%s line %d: missing facility name.\n",
-                     filename, linenum);
-             exit(1);
-           }
-         for (i = 0; log_facilities[i].name; i++)
-           if (strcasecmp(log_facilities[i].name, cp) == 0)
-             break;
-         if (!log_facilities[i].name)
-           {
-             fprintf(stderr, "%s line %d: unsupported log facility %s\n",
-                     filename, linenum, cp);
-             exit(1);
-           }
-         if (options->log_facility == (SyslogFacility)(-1))
-           options->log_facility = log_facilities[i].facility;
+         value = log_facility_number(cp);
+         if (value == (SyslogFacility)-1)
+           fatal("%.200s line %d: unsupported log facility '%s'\n",
+             filename, linenum, cp ? cp : "<NONE>");
+         if (*intptr == -1)
+           *intptr = (SyslogFacility)value;
          break;
 
        case sLogLevel:
+         intptr = (int *)&options->log_level;
          cp = strtok(NULL, WHITESPACE);
-         if (!cp)
-           {
-             fprintf(stderr, "%s line %d: missing level name.\n",
-                     filename, linenum);
-             exit(1);
-           }
-         for (i = 0; log_levels[i].name; i++)
-           if (strcasecmp(log_levels[i].name, cp) == 0)
-             break;
-         if (!log_levels[i].name)
-           {
-             fprintf(stderr, "%s line %d: unsupported log level %s\n",
-                     filename, linenum, cp);
-             exit(1);
-           }
-         if (options->log_level == (LogLevel)(-1))
-           options->log_level = log_levels[i].level;
+         value = log_level_number(cp);
+         if (value == (LogLevel)-1)
+           fatal("%.200s line %d: unsupported log level '%s'\n",
+             filename, linenum, cp ? cp : "<NONE>");
+         if (*intptr == -1)
+           *intptr = (LogLevel)value;
          break;
          
        case sAllowUsers:

diff --git a/serverloop.c b/serverloop.c
index 2aec2cf194e3d79ba07882b2f9a2389cb0ef350c..9961170a5b32e4d07cf5dec484808275809b6edb 100644 (file)
--- a/serverloop.c
+++ b/serverloop.c
@@ -176,8 +176,8 @@ void make_packets_from_stderr_data()
        }
       else
        {
-         if (len > 32768)
-           len = 32768;  /* Keep the packets at reasonable size. */
+         if (len > packet_get_maxsize())
+           len = packet_get_maxsize();  /* Keep the packets at reasonable size. */
        }
       packet_start(SSH_SMSG_STDERR_DATA);
       packet_put_string(buffer_ptr(&stderr_buffer), len);
@@ -206,8 +206,8 @@ void make_packets_from_stdout_data()
        }
       else
        {
-         if (len > 32768)
-           len = 32768;  /* Keep the packets at reasonable size. */
+         if (len > packet_get_maxsize())
+           len = packet_get_maxsize();  /* Keep the packets at reasonable size. */
        }
       packet_start(SSH_SMSG_STDOUT_DATA);
       packet_put_string(buffer_ptr(&stdout_buffer), len);

diff --git a/ssh-agent.c b/ssh-agent.c
index 296bb4c762739147e8f9ae3e9e8054e8a5e3039d..f1ceb5692b4e113cc0dbc97e00ad339aadb327f1 100644 (file)
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: ssh-agent.c,v 1.19 1999/11/18 14:00:49 markus Exp $   */
+/*     $OpenBSD: ssh-agent.c,v 1.20 1999/11/19 10:20:51 markus Exp $   */
 
 /*
 
@@ -16,7 +16,7 @@ The authentication agent program.
 */
 
 #include "includes.h"
-RCSID("$OpenBSD: ssh-agent.c,v 1.19 1999/11/18 14:00:49 markus Exp $");
+RCSID("$OpenBSD: ssh-agent.c,v 1.20 1999/11/19 10:20:51 markus Exp $");
 
 #include "ssh.h"
 #include "rsa.h"

diff --git a/ssh.h b/ssh.h
index 783324712efc3c1d2d21b99ad9b6eff1909128d5..f5f7bd9248d39ccd314e1406bb207ba32e2da893 100644 (file)
--- a/ssh.h
+++ b/ssh.h
@@ -392,6 +392,10 @@ void log_init(char *av0, LogLevel level, SyslogFacility facility, int on_stderr)
 /* Logging implementation, depending on server or client */
 void do_log(LogLevel level, const char *fmt, va_list args);
 
+/* name to facility/level */
+SyslogFacility log_facility_number(char *name);
+LogLevel log_level_number(char *name);
+
 /* Output a message to syslog or stderr */
 void fatal(const char *fmt, ...);
 void error(const char *fmt, ...);

diff --git a/sshconnect.c b/sshconnect.c
index 3f6277f0d4e7a3a885378fb7d5b86728bd4005ff..53495bca8322c631cf4cffacde72aa5f56528552 100644 (file)
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -906,7 +906,7 @@ void ssh_exchange_identification()
   for (i = 0; i < sizeof(buf) - 1; i++)
     {
       if (read(connection_in, &buf[i], 1) != 1)
-       fatal("read: %.100s", strerror(errno));
+       fatal("ssh_exchange_identification: read: %.100s", strerror(errno));
       if (buf[i] == '\r')
        {
          buf[i] = '\n';

diff --git a/sshd.8 b/sshd.8
index ff546858948a638b335a52a77bded97a463055e4..f8a46f1d175086bdd872b7e077f49024f5d70d5e 100644 (file)
--- a/sshd.8
+++ b/sshd.8
@@ -19,7 +19,7 @@
 .Nd secure shell daemon
 .Sh SYNOPSIS
 .Nm sshd
-.Op Fl diq
+.Op Fl diqQ
 .Op Fl b Ar bits
 .Op Fl f Ar config_file
 .Op Fl g Ar login_grace_time
@@ -106,6 +106,10 @@ can be configured using command-line options or a configuration
 file.  Command-line options override values specified in the
 configuration file.
 .Pp
+.Nm
+rereads its configuration file when it receives a hangup signal,
+.Dv SIGHUP .
+.Pp
 The options are as follows:
 .Bl -tag -width Ds
 .It Fl b Ar bits

diff --git a/sshd.c b/sshd.c
index cbd555f093166876dafdcbc93e06f21d373b990a..95a820de95a7a14aaeb590c80e6b330673aa65d3 100644 (file)
--- a/sshd.c
+++ b/sshd.c
@@ -1753,6 +1753,11 @@ void do_authenticated(struct passwd *pw)
          channel_input_port_forward_request(pw->pw_uid == 0);
          break;
 
+       case SSH_CMSG_MAX_PACKET_SIZE:
+          if (packet_set_maxsize(packet_get_int()) < 0)
+           goto fail;
+         break;
+
        case SSH_CMSG_EXEC_SHELL:
          /* Set interactive/non-interactive mode. */
          packet_set_interactive(have_pty || display != NULL, 
@@ -1791,10 +1796,6 @@ void do_authenticated(struct passwd *pw)
          xfree(command);
          return;
 
-       case SSH_CMSG_MAX_PACKET_SIZE:
-         debug("The server does not support limiting packet size.");
-         goto fail;
-
        default:
          /* Any unknown messages in this phase are ignored, and a failure
             message is returned. */