+20001123
+ - (bal) Merge OpenBSD changes:
+ - markus@cvs.openbsd.org 2000/11/15 22:31:36
+ [auth-options.c]
+ case insensitive key options; from stevesk@sweeden.hp.com
+ - markus@cvs.openbsd.org 2000/11/16 17:55:43
+ [dh.c]
+ do not use perror() in sshd, after child is forked()
+ - markus@cvs.openbsd.org 2000/11/14 23:42:40
+ [auth-rsa.c]
+ parse option only if key matches; fix some confusing seen by the client
+ - markus@cvs.openbsd.org 2000/11/14 23:44:19
+ [session.c]
+ check no_agent_forward_flag for ssh-2, too
+ - markus@cvs.openbsd.org 2000/11/15
+ [ssh-agent.1]
+ reorder SYNOPSIS; typo, use .It
+ - markus@cvs.openbsd.org 2000/11/14 23:48:55
+ [ssh-agent.c]
+ do not reorder keys if a key is removed
+ - markus@cvs.openbsd.org 2000/11/15 19:58:08
+ [ssh.c]
+ just ignore non existing user keys
+ - millert@cvs.openbsd.org 200/11/15 20:24:43
+ [ssh-keygen.c]
+ Add missing \n at end of error message.
+
20001122
- (bal) Minor patch to ensure platforms lacking IRIX job limit supports
are compilable.
*/
#include "includes.h"
-RCSID("$OpenBSD: auth-options.c,v 1.5 2000/10/09 21:32:34 markus Exp $");
+RCSID("$OpenBSD: auth-options.c,v 1.6 2000/11/15 22:31:36 markus Exp $");
#include "ssh.h"
#include "packet.h"
while (*options && *options != ' ' && *options != '\t') {
cp = "no-port-forwarding";
- if (strncmp(options, cp, strlen(cp)) == 0) {
+ if (strncasecmp(options, cp, strlen(cp)) == 0) {
packet_send_debug("Port forwarding disabled.");
no_port_forwarding_flag = 1;
options += strlen(cp);
goto next_option;
}
cp = "no-agent-forwarding";
- if (strncmp(options, cp, strlen(cp)) == 0) {
+ if (strncasecmp(options, cp, strlen(cp)) == 0) {
packet_send_debug("Agent forwarding disabled.");
no_agent_forwarding_flag = 1;
options += strlen(cp);
goto next_option;
}
cp = "no-X11-forwarding";
- if (strncmp(options, cp, strlen(cp)) == 0) {
+ if (strncasecmp(options, cp, strlen(cp)) == 0) {
packet_send_debug("X11 forwarding disabled.");
no_x11_forwarding_flag = 1;
options += strlen(cp);
goto next_option;
}
cp = "no-pty";
- if (strncmp(options, cp, strlen(cp)) == 0) {
+ if (strncasecmp(options, cp, strlen(cp)) == 0) {
packet_send_debug("Pty allocation disabled.");
no_pty_flag = 1;
options += strlen(cp);
goto next_option;
}
cp = "command=\"";
- if (strncmp(options, cp, strlen(cp)) == 0) {
+ if (strncasecmp(options, cp, strlen(cp)) == 0) {
int i;
options += strlen(cp);
forced_command = xmalloc(strlen(options) + 1);
goto next_option;
}
cp = "environment=\"";
- if (strncmp(options, cp, strlen(cp)) == 0) {
+ if (strncasecmp(options, cp, strlen(cp)) == 0) {
int i;
char *s;
struct envstring *new_envstring;
goto next_option;
}
cp = "from=\"";
- if (strncmp(options, cp, strlen(cp)) == 0) {
+ if (strncasecmp(options, cp, strlen(cp)) == 0) {
int mname, mip;
char *patterns = xmalloc(strlen(options) + 1);
int i;
*/
#include "includes.h"
-RCSID("$OpenBSD: auth-rsa.c,v 1.32 2000/10/14 12:19:45 markus Exp $");
+RCSID("$OpenBSD: auth-rsa.c,v 1.33 2000/11/14 23:42:40 markus Exp $");
#include "rsa.h"
#include "packet.h"
}
} else
options = NULL;
- /*
- * If our options do not allow this key to be used,
- * do not send challenge.
- */
- if (!auth_parse_options(pw, options, linenum))
- continue;
/* Parse the key from the line. */
if (!auth_rsa_read_key(&cp, &bits, pk->e, pk->n)) {
file, linenum, BN_num_bits(pk->n), bits);
/* We have found the desired key. */
+ /*
+ * If our options do not allow this key to be used,
+ * do not send challenge.
+ */
+ if (!auth_parse_options(pw, options, linenum))
+ continue;
/* Perform the challenge-response dialog for this key. */
if (!auth_rsa_challenge_dialog(pk)) {
*/
#include "includes.h"
-RCSID("$OpenBSD: dh.c,v 1.2 2000/10/11 20:11:35 markus Exp $");
+RCSID("$OpenBSD: dh.c,v 1.3 2000/11/16 17:55:43 markus Exp $");
#include "xmalloc.h"
f = fopen(DH_PRIMES, "r");
if (!f) {
- perror(DH_PRIMES);
log("WARNING: %s does not exist, using old prime", DH_PRIMES);
return (dh_new_group1());
}
f = fopen(DH_PRIMES, "r");
if (!f) {
- perror(DH_PRIMES);
- exit(1);
+ fatal("WARNING: %s dissappeared, giving up", DH_PRIMES);
}
linenum = 0;
*/
#include "includes.h"
-RCSID("$OpenBSD: session.c,v 1.43 2000/11/06 23:04:56 markus Exp $");
+RCSID("$OpenBSD: session.c,v 1.44 2000/11/14 23:44:19 markus Exp $");
#include "xmalloc.h"
#include "ssh.h"
{
static int called = 0;
packet_done();
+ if (no_agent_forwarding_flag) {
+ debug("session_auth_agent_req: no_agent_forwarding_flag");
+ return 0;
+ }
if (called) {
return 0;
} else {
-.\" $OpenBSD: ssh-agent.1,v 1.17 2000/11/10 05:10:40 aaron Exp $
+.\" $OpenBSD: ssh-agent.1,v 1.19 2000/11/15 20:09:01 markus Exp $
.\"
.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
.Nd authentication agent
.Sh SYNOPSIS
.Nm ssh-agent
-.Op Fl c Li | Fl s
-.Op Fl k
-.Oo
.Ar command
-.Op Ar args ...
-.Oc
+.Ar args ...
+.Nm ssh-agent
+.Op Fl c Li | Fl s
+.Nm ssh-agent
+.Fl k
.Sh DESCRIPTION
.Nm
is a program to hold private keys used for public key authentication
at login time.
.It Pa $HOME/.ssh/id_dsa
Contains the DSA authentication identity of the user.
-.Pq Pa /tmp/ssh-XXXXXXXX/agent.<pid> ,
+.It Pa /tmp/ssh-XXXXXXXX/agent.<pid>
Unix-domain sockets used to contain the connection to the
authentication agent.
These sockets should only be readable by the owner.
.Bl -bullet
.It
has all components of a restrictive nature (i.e., patents, see
-.Xr crypto 3 )
+.Xr ssl 8 )
directly removed from the source code; any licensed or patented components
are chosen from
external libraries.
.Xr ssh-add 1 ,
.Xr ssh-keygen 1 ,
.Xr sshd 8 ,
-.Xr crypto 3
+.Xr ssl 8
-/* $OpenBSD: ssh-agent.c,v 1.39 2000/11/12 19:50:38 markus Exp $ */
+/* $OpenBSD: ssh-agent.c,v 1.40 2000/11/14 23:48:55 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh-agent.c,v 1.39 2000/11/12 19:50:38 markus Exp $");
+RCSID("$OpenBSD: ssh-agent.c,v 1.40 2000/11/14 23:48:55 markus Exp $");
#include "ssh.h"
#include "rsa.h"
/*
* We have this key. Free the old key. Since we
* don\'t want to leave empty slots in the middle of
- * the array, we actually free the key there and copy
- * data from the last entry.
+ * the array, we actually free the key there and move
+ * all the entries between the empty slot and the end
+ * of the array.
*/
Idtab *tab = idtab_lookup(version);
key_free(tab->identities[idx].key);
fatal("process_remove_identity: "
"internal error: tab->nentries %d",
tab->nentries);
- if (idx != tab->nentries - 1)
- tab->identities[idx] = tab->identities[tab->nentries - 1];
+ if (idx != tab->nentries - 1) {
+ int i;
+ for (i = idx; i < tab->nentries - 1; i++)
+ tab->identities[i] = tab->identities[i+1];
+ }
+ tab->identities[tab->nentries - 1].key = NULL;
+ tab->identities[tab->nentries - 1].comment = NULL;
tab->nentries--;
success = 1;
}
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh-keygen.c,v 1.33 2000/11/12 19:50:38 markus Exp $");
+RCSID("$OpenBSD: ssh-keygen.c,v 1.34 2000/11/15 20:24:43 millert Exp $");
#include <openssl/evp.h>
#include <openssl/pem.h>
if (key_type_name != NULL) {
type = key_type_from_name(key_type_name);
if (type == KEY_UNSPEC) {
- fprintf(stderr, "unknown key type %s", key_type_name);
+ fprintf(stderr, "unknown key type %s\n", key_type_name);
exit(1);
}
}
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh.c,v 1.72 2000/11/12 19:50:38 markus Exp $");
+RCSID("$OpenBSD: ssh.c,v 1.73 2000/11/15 19:58:08 markus Exp $");
#include <openssl/evp.h>
#include <openssl/dsa.h>
int type = KEY_RSA1; /* default */
if (stat(filename, &st) < 0) {
- perror(filename);
+ /* ignore this key */
return KEY_UNSPEC;
}
public = key_new(type);
andersk / openssh.git / commitdiff
