From: mouring Date: Thu, 18 Jan 2001 02:04:35 +0000 (+0000) Subject: NOTE: This update changes the RSA key generation. *NEW RSA KEYS X-Git-Tag: PRE-REORDER~50 X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/commitdiff_plain/b5c334cca53c7bd1dfa559da8208bacb9c476cd0 NOTE: This update changes the RSA key generation. *NEW RSA KEYS NEED TO BE GENERATED* =) Refer to to entry "2001/01/16 19:20:06" for more details. 20010118 - (bal) Super Sized OpenBSD Resync - markus@cvs.openbsd.org 2001/01/11 22:14:20 GMT 2001 by markus [sshd.c] maxfd+1 - markus@cvs.openbsd.org 2001/01/13 17:59:18 [ssh-keygen.1] small ssh-keygen manpage cleanup; stevesk@pobox.com - markus@cvs.openbsd.org 2001/01/13 18:03:07 [scp.c ssh-keygen.c sshd.c] getopt() returns -1 not EOF; stevesk@pobox.com - markus@cvs.openbsd.org 2001/01/13 18:06:54 [ssh-keyscan.c] use SSH_DEFAULT_PORT; from stevesk@pobox.com - markus@cvs.openbsd.org 2001/01/13 18:12:47 [ssh-keyscan.c] free() -> xfree(); fix memory leak; from stevesk@pobox.com - markus@cvs.openbsd.org 2001/01/13 18:14:13 [ssh-add.c] typo, from stevesk@sweden.hp.com - markus@cvs.openbsd.org 2001/01/13 18:32:50 [packet.c session.c ssh.c sshconnect.c sshd.c] split out keepalive from packet_interactive (from dale@accentre.com) set IPTOS_LOWDELAY TCP_NODELAY IPTOS_THROUGHPUT for ssh2, too. - markus@cvs.openbsd.org 2001/01/13 18:36:45 [packet.c packet.h] reorder, typo - markus@cvs.openbsd.org 2001/01/13 18:38:00 [auth-options.c] fix comment - markus@cvs.openbsd.org 2001/01/13 18:43:31 [session.c] Wall - markus@cvs.openbsd.org 2001/01/13 19:14:08 [clientloop.h clientloop.c ssh.c] move callback to headerfile - markus@cvs.openbsd.org 2001/01/15 21:40:10 [ssh.c] use log() instead of stderr - markus@cvs.openbsd.org 2001/01/15 21:43:51 [dh.c] use error() not stderr! - markus@cvs.openbsd.org 2001/01/15 21:45:29 [sftp-server.c] rename must fail if newpath exists, debug off by default - markus@cvs.openbsd.org 2001/01/15 21:46:38 [sftp-server.c] readable long listing for sftp-server, ok deraadt@ - markus@cvs.openbsd.org 2001/01/16 19:20:06 [key.c ssh-rsa.c] make "ssh-rsa" key format for ssh2 confirm to the ietf-drafts; from galb@vandyke.com. note that you have to delete older ssh2-rsa keys, since they are in the wrong format, too. they must be removed from .ssh/authorized_keys2 and .ssh/known_hosts2, etc. (cd; grep -v ssh-rsa .ssh/authorized_keys2 > TMP && mv TMP .ssh/authorized_keys2) additionally, we now check that BN_num_bits(rsa->n) >= 768. - markus@cvs.openbsd.org 2001/01/16 20:54:27 [sftp-server.c] remove some statics. simpler handles; idea from nisse@lysator.liu.se - deraadt@cvs.openbsd.org 2001/01/16 23:58:08 [bufaux.c radix.c sshconnect.h sshconnect1.c] indent - (bal) Added bsd-strmode.[ch] since some non-OpenBSD platforms may be missing such feature. --- diff --git a/ChangeLog b/ChangeLog index f3edcd44..656779c2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,70 @@ +20010118 + - (bal) Super Sized OpenBSD Resync + - markus@cvs.openbsd.org 2001/01/11 22:14:20 GMT 2001 by markus + [sshd.c] + maxfd+1 + - markus@cvs.openbsd.org 2001/01/13 17:59:18 + [ssh-keygen.1] + small ssh-keygen manpage cleanup; stevesk@pobox.com + - markus@cvs.openbsd.org 2001/01/13 18:03:07 + [scp.c ssh-keygen.c sshd.c] + getopt() returns -1 not EOF; stevesk@pobox.com + - markus@cvs.openbsd.org 2001/01/13 18:06:54 + [ssh-keyscan.c] + use SSH_DEFAULT_PORT; from stevesk@pobox.com + - markus@cvs.openbsd.org 2001/01/13 18:12:47 + [ssh-keyscan.c] + free() -> xfree(); fix memory leak; from stevesk@pobox.com + - markus@cvs.openbsd.org 2001/01/13 18:14:13 + [ssh-add.c] + typo, from stevesk@sweden.hp.com + - markus@cvs.openbsd.org 2001/01/13 18:32:50 + [packet.c session.c ssh.c sshconnect.c sshd.c] + split out keepalive from packet_interactive (from dale@accentre.com) + set IPTOS_LOWDELAY TCP_NODELAY IPTOS_THROUGHPUT for ssh2, too. + - markus@cvs.openbsd.org 2001/01/13 18:36:45 + [packet.c packet.h] + reorder, typo + - markus@cvs.openbsd.org 2001/01/13 18:38:00 + [auth-options.c] + fix comment + - markus@cvs.openbsd.org 2001/01/13 18:43:31 + [session.c] + Wall + - markus@cvs.openbsd.org 2001/01/13 19:14:08 + [clientloop.h clientloop.c ssh.c] + move callback to headerfile + - markus@cvs.openbsd.org 2001/01/15 21:40:10 + [ssh.c] + use log() instead of stderr + - markus@cvs.openbsd.org 2001/01/15 21:43:51 + [dh.c] + use error() not stderr! + - markus@cvs.openbsd.org 2001/01/15 21:45:29 + [sftp-server.c] + rename must fail if newpath exists, debug off by default + - markus@cvs.openbsd.org 2001/01/15 21:46:38 + [sftp-server.c] + readable long listing for sftp-server, ok deraadt@ + - markus@cvs.openbsd.org 2001/01/16 19:20:06 + [key.c ssh-rsa.c] + make "ssh-rsa" key format for ssh2 confirm to the ietf-drafts; from + galb@vandyke.com. note that you have to delete older ssh2-rsa keys, + since they are in the wrong format, too. they must be removed from + .ssh/authorized_keys2 and .ssh/known_hosts2, etc. + (cd; grep -v ssh-rsa .ssh/authorized_keys2 > TMP && mv TMP + .ssh/authorized_keys2) additionally, we now check that + BN_num_bits(rsa->n) >= 768. + - markus@cvs.openbsd.org 2001/01/16 20:54:27 + [sftp-server.c] + remove some statics. simpler handles; idea from nisse@lysator.liu.se + - deraadt@cvs.openbsd.org 2001/01/16 23:58:08 + [bufaux.c radix.c sshconnect.h sshconnect1.c] + indent + - (bal) Added bsd-strmode.[ch] since some non-OpenBSD platforms may + be missing such feature. + + 20010117 - (djm) Only write random seed file at exit - (djm) Make PAM support optional, enable with --with-pam diff --git a/Makefile.in b/Makefile.in index 1080f26e..d56cd640 100644 --- a/Makefile.in +++ b/Makefile.in @@ -39,7 +39,7 @@ TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keys LIBSSH_OBJS=atomicio.o authfd.o authfile.o bufaux.o buffer.o canohost.o channels.o cipher.o cli.o compat.o compress.o crc32.o cygwin_util.o deattack.o dispatch.o hmac.o hostfile.o key.o kex.o log.o match.o mpaux.o nchan.o packet.o radix.o rijndael.o entropy.o readpass.o rsa.o ssh-dss.o ssh-rsa.o tildexpand.o ttymodes.o uidswap.o util.o uuencode.o xmalloc.o -LIBOPENBSD_COMPAT_OBJS=bsd-arc4random.o bsd-base64.o bsd-bindresvport.o bsd-daemon.o bsd-getcwd.o bsd-getgrouplist.o bsd-inet_aton.o bsd-inet_ntoa.o bsd-misc.o bsd-mktemp.o bsd-realpath.o bsd-rresvport.o bsd-setenv.o bsd-sigaction.o bsd-snprintf.o bsd-strlcat.o bsd-strlcpy.o bsd-strsep.o bsd-strtok.o bsd-vis.o bsd-setproctitle.o bsd-waitpid.o fake-getaddrinfo.o fake-getnameinfo.o next-posix.o +LIBOPENBSD_COMPAT_OBJS=bsd-arc4random.o bsd-base64.o bsd-bindresvport.o bsd-daemon.o bsd-getcwd.o bsd-getgrouplist.o bsd-inet_aton.o bsd-inet_ntoa.o bsd-misc.o bsd-mktemp.o bsd-realpath.o bsd-rresvport.o bsd-setenv.o bsd-sigaction.o bsd-snprintf.o bsd-strlcat.o bsd-strlcpy.o bsd-strmode.o bsd-strsep.o bsd-strtok.o bsd-vis.o bsd-setproctitle.o bsd-waitpid.o fake-getaddrinfo.o fake-getnameinfo.o next-posix.o SSHOBJS= ssh.o sshconnect.o sshconnect1.o sshconnect2.o log-client.o readconf.o clientloop.o diff --git a/auth-options.c b/auth-options.c index c598f70d..ef61d8df 100644 --- a/auth-options.c +++ b/auth-options.c @@ -2,10 +2,6 @@ * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved - * RSA-based authentication. This code determines whether to admit a login - * based on RSA authentication. This file also contains functions to check - * validity of the host key. - * * As far as I am concerned, the code I have written for this software * can be used freely for any purpose. Any derived versions of this * software must be clearly marked as such, and if the derived work is @@ -14,7 +10,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-options.c,v 1.7 2000/12/19 23:17:54 markus Exp $"); +RCSID("$OpenBSD: auth-options.c,v 1.8 2001/01/13 18:38:00 markus Exp $"); #include "ssh.h" #include "packet.h" diff --git a/bsd-strmode.c b/bsd-strmode.c new file mode 100644 index 00000000..2e2d9054 --- /dev/null +++ b/bsd-strmode.c @@ -0,0 +1,156 @@ +/*- + * Copyright (c) 1990 The Regents of the University of California. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "includes.h" +#ifndef HAVE_STRMODE + +#if defined(LIBC_SCCS) && !defined(lint) +static char *rcsid = "$OpenBSD: strmode.c,v 1.3 1997/06/13 13:57:20 deraadt Exp $"; +#endif /* LIBC_SCCS and not lint */ + +#include +#include +#include + +void +strmode(mode, p) + register mode_t mode; + register char *p; +{ + /* print type */ + switch (mode & S_IFMT) { + case S_IFDIR: /* directory */ + *p++ = 'd'; + break; + case S_IFCHR: /* character special */ + *p++ = 'c'; + break; + case S_IFBLK: /* block special */ + *p++ = 'b'; + break; + case S_IFREG: /* regular */ + *p++ = '-'; + break; + case S_IFLNK: /* symbolic link */ + *p++ = 'l'; + break; + case S_IFSOCK: /* socket */ + *p++ = 's'; + break; +#ifdef S_IFIFO + case S_IFIFO: /* fifo */ + *p++ = 'p'; + break; +#endif +#ifdef S_IFWHT + case S_IFWHT: /* whiteout */ + *p++ = 'w'; + break; +#endif + default: /* unknown */ + *p++ = '?'; + break; + } + /* usr */ + if (mode & S_IRUSR) + *p++ = 'r'; + else + *p++ = '-'; + if (mode & S_IWUSR) + *p++ = 'w'; + else + *p++ = '-'; + switch (mode & (S_IXUSR | S_ISUID)) { + case 0: + *p++ = '-'; + break; + case S_IXUSR: + *p++ = 'x'; + break; + case S_ISUID: + *p++ = 'S'; + break; + case S_IXUSR | S_ISUID: + *p++ = 's'; + break; + } + /* group */ + if (mode & S_IRGRP) + *p++ = 'r'; + else + *p++ = '-'; + if (mode & S_IWGRP) + *p++ = 'w'; + else + *p++ = '-'; + switch (mode & (S_IXGRP | S_ISGID)) { + case 0: + *p++ = '-'; + break; + case S_IXGRP: + *p++ = 'x'; + break; + case S_ISGID: + *p++ = 'S'; + break; + case S_IXGRP | S_ISGID: + *p++ = 's'; + break; + } + /* other */ + if (mode & S_IROTH) + *p++ = 'r'; + else + *p++ = '-'; + if (mode & S_IWOTH) + *p++ = 'w'; + else + *p++ = '-'; + switch (mode & (S_IXOTH | S_ISVTX)) { + case 0: + *p++ = '-'; + break; + case S_IXOTH: + *p++ = 'x'; + break; + case S_ISVTX: + *p++ = 'T'; + break; + case S_IXOTH | S_ISVTX: + *p++ = 't'; + break; + } + *p++ = ' '; /* will be a '+' if ACL's implemented */ + *p = '\0'; +} +#endif diff --git a/bsd-strmode.h b/bsd-strmode.h new file mode 100644 index 00000000..773d6bdc --- /dev/null +++ b/bsd-strmode.h @@ -0,0 +1,5 @@ +#ifndef HAVE_STRMODE + +void strmode( register mode_t mode, register char *p); + +#endif diff --git a/bufaux.c b/bufaux.c index 149677f7..2d20ad6d 100644 --- a/bufaux.c +++ b/bufaux.c @@ -37,7 +37,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: bufaux.c,v 1.15 2001/01/10 22:56:22 markus Exp $"); +RCSID("$OpenBSD: bufaux.c,v 1.16 2001/01/16 23:58:08 deraadt Exp $"); #include "ssh.h" #include @@ -90,7 +90,7 @@ buffer_get_bignum(Buffer *buffer, BIGNUM *value) bytes = (bits + 7) / 8; if (buffer_len(buffer) < bytes) fatal("buffer_get_bignum: input buffer too small"); - bin = (u_char*) buffer_ptr(buffer); + bin = (u_char *) buffer_ptr(buffer); BN_bin2bn(bin, bytes, value); buffer_consume(buffer, bytes); diff --git a/clientloop.c b/clientloop.c index 44a79d0e..9079bcda 100644 --- a/clientloop.c +++ b/clientloop.c @@ -59,7 +59,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: clientloop.c,v 1.42 2000/12/19 23:17:56 markus Exp $"); +RCSID("$OpenBSD: clientloop.c,v 1.43 2001/01/13 19:14:08 markus Exp $"); #include "xmalloc.h" #include "ssh.h" @@ -79,6 +79,7 @@ RCSID("$OpenBSD: clientloop.c,v 1.42 2000/12/19 23:17:56 markus Exp $"); #include #include "key.h" #include "authfd.h" +#include "clientloop.h" /* import options */ extern Options options; @@ -1247,9 +1248,9 @@ client_input_channel_req(int id, void *arg) } void -client_set_session_ident(int id) +clientloop_set_session_ident(int id) { - debug2("client_set_session_ident: id %d", id); + debug2("clientloop_set_session_ident: id %d", id); session_ident = id; channel_register_callback(id, SSH2_MSG_CHANNEL_REQUEST, client_input_channel_req, (void *)0); diff --git a/clientloop.h b/clientloop.h new file mode 100644 index 00000000..3ad72aa5 --- /dev/null +++ b/clientloop.h @@ -0,0 +1,24 @@ +/* + * Copyright (c) 2001 Markus Friedl. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +void clientloop_set_session_ident(int id); diff --git a/configure.in b/configure.in index 0dd8c004..ad05a6e7 100644 --- a/configure.in +++ b/configure.in @@ -315,7 +315,7 @@ AC_CHECK_FUNC(utimes, AC_CHECK_HEADERS(bstring.h endian.h floatingpoint.h getopt.h lastlog.h limits.h login.h login_cap.h maillock.h netdb.h netgroup.h netinet/in_systm.h paths.h poll.h pty.h shadow.h security/pam_appl.h sys/bitypes.h sys/bsdtty.h sys/cdefs.h sys/poll.h sys/queue.h sys/select.h sys/stat.h sys/stropts.h sys/sysmacros.h sys/time.h sys/ttcompat.h sys/un.h stddef.h time.h ttyent.h usersec.h util.h utime.h utmp.h utmpx.h vis.h) dnl Checks for library functions. -AC_CHECK_FUNCS(arc4random atexit b64_ntop bcopy bindresvport_af clock fchmod freeaddrinfo futimes gai_strerror getcwd getaddrinfo getgrouplist getnameinfo getrlimit getrusage getttyent inet_aton inet_ntoa innetgr login_getcapbool md5_crypt memmove mkdtemp on_exit openpty realpath rresvport_af setdtablesize setenv seteuid setlogin setproctitle setreuid setrlimit setsid sigaction sigvec snprintf strerror strlcat strlcpy strsep strtok_r sysconf utimes vsnprintf vhangup vis waitpid _getpty __b64_ntop) +AC_CHECK_FUNCS(arc4random atexit b64_ntop bcopy bindresvport_af clock fchmod freeaddrinfo futimes gai_strerror getcwd getaddrinfo getgrouplist getnameinfo getrlimit getrusage getttyent inet_aton inet_ntoa innetgr login_getcapbool md5_crypt memmove mkdtemp on_exit openpty realpath rresvport_af setdtablesize setenv seteuid setlogin setproctitle setreuid setrlimit setsid sigaction sigvec snprintf strerror strlcat strlcpy strmode strsep strtok_r sysconf utimes vsnprintf vhangup vis waitpid _getpty __b64_ntop) dnl Checks for time functions AC_CHECK_FUNCS(gettimeofday time) dnl Checks for libutil functions diff --git a/dh.c b/dh.c index 35e90143..87a47845 100644 --- a/dh.c +++ b/dh.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: dh.c,v 1.3 2000/11/16 17:55:43 markus Exp $"); +RCSID("$OpenBSD: dh.c,v 1.4 2001/01/15 21:43:51 markus Exp $"); #include "xmalloc.h" @@ -87,7 +87,7 @@ parse_prime(int linenum, char *line, struct dhgroup *dhg) return (1); fail: - fprintf(stderr, "Bad prime description in line %d\n", linenum); + error("Bad prime description in line %d\n", linenum); return (0); } diff --git a/key.c b/key.c index f9474b16..21e13b86 100644 --- a/key.c +++ b/key.c @@ -46,7 +46,7 @@ #include "buffer.h" #include "bufaux.h" -RCSID("$OpenBSD: key.c,v 1.13 2000/12/19 23:17:56 markus Exp $"); +RCSID("$OpenBSD: key.c,v 1.14 2001/01/16 19:20:06 markus Exp $"); Key * key_new(int type) @@ -555,8 +555,8 @@ key_from_blob(char *blob, int blen) switch(type){ case KEY_RSA: key = key_new(type); - buffer_get_bignum2(&b, key->rsa->n); buffer_get_bignum2(&b, key->rsa->e); + buffer_get_bignum2(&b, key->rsa->n); #ifdef DEBUG_PK RSA_print_fp(stderr, key->rsa, 8); #endif @@ -608,8 +608,8 @@ key_to_blob(Key *key, u_char **blobp, u_int *lenp) break; case KEY_RSA: buffer_put_cstring(&b, key_ssh_name(key)); - buffer_put_bignum2(&b, key->rsa->n); buffer_put_bignum2(&b, key->rsa->e); + buffer_put_bignum2(&b, key->rsa->n); break; default: error("key_to_blob: illegal key type %d", key->type); diff --git a/openbsd-compat.h b/openbsd-compat.h index 9213bead..01dcb4a7 100644 --- a/openbsd-compat.h +++ b/openbsd-compat.h @@ -12,6 +12,7 @@ #include "bsd-misc.h" #include "bsd-strlcpy.h" #include "bsd-strlcat.h" +#include "bsd-strmode.h" #include "bsd-mktemp.h" #include "bsd-snprintf.h" #include "bsd-daemon.h" diff --git a/packet.c b/packet.c index cd42f2f7..bf3a7ee0 100644 --- a/packet.c +++ b/packet.c @@ -37,7 +37,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: packet.c,v 1.42 2001/01/09 21:19:50 markus Exp $"); +RCSID("$OpenBSD: packet.c,v 1.44 2001/01/13 18:36:45 markus Exp $"); #include "xmalloc.h" #include "buffer.h" @@ -1230,22 +1230,23 @@ packet_not_very_much_data_to_write() /* Informs that the current session is interactive. Sets IP flags for that. */ void -packet_set_interactive(int interactive, int keepalives) +packet_set_interactive(int interactive) { + static int called = 0; + int lowdelay = IPTOS_LOWDELAY; + int throughput = IPTOS_THROUGHPUT; int on = 1; + if (called) + return; + called = 1; + /* Record that we are in interactive mode. */ interactive_mode = interactive; /* Only set socket options if using a socket. */ if (!packet_connection_is_on_socket()) return; - if (keepalives) { - /* Set keepalives if requested. */ - if (setsockopt(connection_in, SOL_SOCKET, SO_KEEPALIVE, (void *) &on, - sizeof(on)) < 0) - error("setsockopt SO_KEEPALIVE: %.100s", strerror(errno)); - } /* * IPTOS_LOWDELAY and IPTOS_THROUGHPUT are IPv4 only */ @@ -1256,7 +1257,6 @@ packet_set_interactive(int interactive, int keepalives) */ #if defined(IP_TOS) && !defined(IP_TOS_IS_BROKEN) if (packet_connection_is_ipv4()) { - int lowdelay = IPTOS_LOWDELAY; if (setsockopt(connection_in, IPPROTO_IP, IP_TOS, (void *) &lowdelay, sizeof(lowdelay)) < 0) error("setsockopt IPTOS_LOWDELAY: %.100s", @@ -1272,7 +1272,6 @@ packet_set_interactive(int interactive, int keepalives) * IPTOS_THROUGHPUT. */ #if defined(IP_TOS) && !defined(IP_TOS_IS_BROKEN) - int throughput = IPTOS_THROUGHPUT; if (setsockopt(connection_in, IPPROTO_IP, IP_TOS, (void *) &throughput, sizeof(throughput)) < 0) error("setsockopt IPTOS_THROUGHPUT: %.100s", strerror(errno)); diff --git a/packet.h b/packet.h index 597fbb15..00f0c377 100644 --- a/packet.h +++ b/packet.h @@ -11,7 +11,7 @@ * called by a name other than "ssh" or "Secure Shell". */ -/* RCSID("$OpenBSD: packet.h,v 1.18 2000/12/19 23:17:57 markus Exp $"); */ +/* RCSID("$OpenBSD: packet.h,v 1.19 2001/01/13 18:32:50 markus Exp $"); */ #ifndef PACKET_H #define PACKET_H @@ -65,7 +65,7 @@ void packet_start_compression(int level); * Informs that the current session is interactive. Sets IP flags for * optimal performance in interactive use. */ -void packet_set_interactive(int interactive, int keepalives); +void packet_set_interactive(int interactive); /* Returns true if the current connection is interactive. */ int packet_is_interactive(void); diff --git a/radix.c b/radix.c index 939d0f7f..3b149a82 100644 --- a/radix.c +++ b/radix.c @@ -25,7 +25,7 @@ #include "includes.h" #include "uuencode.h" -RCSID("$OpenBSD: radix.c,v 1.14 2000/12/19 23:17:57 markus Exp $"); +RCSID("$OpenBSD: radix.c,v 1.15 2001/01/16 23:58:09 deraadt Exp $"); #ifdef AFS #include @@ -37,7 +37,7 @@ typedef u_short my_u_short; /* Nasty macros from BIND-4.9.2 */ #define GETSHORT(s, cp) { \ - register my_u_char *t_cp = (my_u_char*)(cp); \ + register my_u_char *t_cp = (my_u_char *)(cp); \ (s) = (((my_u_short)t_cp[0]) << 8) \ | (((my_u_short)t_cp[1])) \ ; \ @@ -45,7 +45,7 @@ typedef u_short my_u_short; } #define GETLONG(l, cp) { \ - register my_u_char *t_cp = (my_u_char*)(cp); \ + register my_u_char *t_cp = (my_u_char *)(cp); \ (l) = (((my_u_int32_t)t_cp[0]) << 24) \ | (((my_u_int32_t)t_cp[1]) << 16) \ | (((my_u_int32_t)t_cp[2]) << 8) \ @@ -56,7 +56,7 @@ typedef u_short my_u_short; #define PUTSHORT(s, cp) { \ register my_u_short t_s = (my_u_short)(s); \ - register my_u_char *t_cp = (my_u_char*)(cp); \ + register my_u_char *t_cp = (my_u_char *)(cp); \ *t_cp++ = t_s >> 8; \ *t_cp = t_s; \ (cp) += 2; \ @@ -64,7 +64,7 @@ typedef u_short my_u_short; #define PUTLONG(l, cp) { \ register my_u_int32_t t_l = (my_u_int32_t)(l); \ - register my_u_char *t_cp = (my_u_char*)(cp); \ + register my_u_char *t_cp = (my_u_char *)(cp); \ *t_cp++ = t_l >> 24; \ *t_cp++ = t_l >> 16; \ *t_cp++ = t_l >> 8; \ @@ -73,9 +73,9 @@ typedef u_short my_u_short; } #define GETSTRING(s, p, p_l) { \ - register char* p_targ = (p) + p_l; \ - register char* s_c = (s); \ - register char* p_c = (p); \ + register char *p_targ = (p) + p_l; \ + register char *s_c = (s); \ + register char *p_c = (p); \ while (*p_c && (p_c < p_targ)) { \ *s_c++ = *p_c++; \ } \ diff --git a/scp.c b/scp.c index 74774928..d353b5ea 100644 --- a/scp.c +++ b/scp.c @@ -75,7 +75,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: scp.c,v 1.48 2001/01/01 14:52:49 markus Exp $"); +RCSID("$OpenBSD: scp.c,v 1.49 2001/01/13 18:03:07 markus Exp $"); #include "ssh.h" #include "xmalloc.h" @@ -247,7 +247,7 @@ main(argc, argv) addargs("-oFallBackToRsh no"); fflag = tflag = 0; - while ((ch = getopt(argc, argv, "dfprtvBCc:i:P:q46S:o:")) != EOF) + while ((ch = getopt(argc, argv, "dfprtvBCc:i:P:q46S:o:")) != -1) switch (ch) { /* User-visible flags. */ case '4': diff --git a/session.c b/session.c index 74f5fe25..e52aed5a 100644 --- a/session.c +++ b/session.c @@ -33,7 +33,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: session.c,v 1.46 2001/01/04 22:41:03 markus Exp $"); +RCSID("$OpenBSD: session.c,v 1.48 2001/01/13 18:43:31 markus Exp $"); #include "xmalloc.h" #include "ssh.h" @@ -405,10 +405,6 @@ do_authenticated(struct passwd * pw) case SSH_CMSG_EXEC_SHELL: case SSH_CMSG_EXEC_CMD: - /* Set interactive/non-interactive mode. */ - packet_set_interactive(have_pty || s->display != NULL, - options.keepalives); - if (type == SSH_CMSG_EXEC_CMD) { command = packet_get_string(&dlen); debug("Exec command '%.500s'", command); @@ -548,6 +544,8 @@ do_exec_no_pty(Session *s, const char *command, struct passwd * pw) if (pid < 0) packet_disconnect("fork failed: %.100s", strerror(errno)); s->pid = pid; + /* Set interactive/non-interactive mode. */ + packet_set_interactive(s->display != NULL); #ifdef USE_PIPES /* We are the parent. Close the child sides of the pipes. */ close(pin[0]); @@ -665,6 +663,7 @@ do_exec_pty(Session *s, const char *command, struct passwd * pw) s->ptymaster = ptymaster; /* Enter interactive session. */ + packet_set_interactive(1); if (compat20) { session_set_fds(s, ptyfd, fdout, -1); } else { diff --git a/sftp-server.c b/sftp-server.c index e4432ca5..b99f087f 100644 --- a/sftp-server.c +++ b/sftp-server.c @@ -22,7 +22,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: sftp-server.c,v 1.10 2001/01/10 22:56:22 markus Exp $"); +RCSID("$OpenBSD: sftp-server.c,v 1.13 2001/01/16 20:54:27 markus Exp $"); #include "ssh.h" #include "buffer.h" @@ -189,23 +189,21 @@ encode_attrib(Buffer *b, Attrib *a) } } -Attrib * -stat_to_attrib(struct stat *st) +void +stat_to_attrib(struct stat *st, Attrib *a) { - static Attrib a; - attrib_clear(&a); - a.flags = 0; - a.flags |= SSH2_FILEXFER_ATTR_SIZE; - a.size = st->st_size; - a.flags |= SSH2_FILEXFER_ATTR_UIDGID; - a.uid = st->st_uid; - a.gid = st->st_gid; - a.flags |= SSH2_FILEXFER_ATTR_PERMISSIONS; - a.perm = st->st_mode; - a.flags |= SSH2_FILEXFER_ATTR_ACMODTIME; - a.atime = st->st_atime; - a.mtime = st->st_mtime; - return &a; + attrib_clear(a); + a->flags = 0; + a->flags |= SSH2_FILEXFER_ATTR_SIZE; + a->size = st->st_size; + a->flags |= SSH2_FILEXFER_ATTR_UIDGID; + a->uid = st->st_uid; + a->gid = st->st_gid; + a->flags |= SSH2_FILEXFER_ATTR_PERMISSIONS; + a->perm = st->st_mode; + a->flags |= SSH2_FILEXFER_ATTR_ACMODTIME; + a->atime = st->st_atime; + a->mtime = st->st_mtime; } Attrib * @@ -264,24 +262,21 @@ handle_is_ok(int i, int type) int handle_to_string(int handle, char **stringp, int *hlenp) { - char buf[1024]; if (stringp == NULL || hlenp == NULL) return -1; - snprintf(buf, sizeof buf, "%d", handle); - *stringp = xstrdup(buf); - *hlenp = strlen(*stringp); + *stringp = xmalloc(sizeof(int32_t)); + PUT_32BIT(*stringp, handle); + *hlenp = sizeof(int32_t); return 0; } int handle_from_string(char *handle, u_int hlen) { -/* XXX OVERFLOW ? */ - char *ep; - long lval = strtol(handle, &ep, 10); - int val = lval; - if (*ep != '\0') + int val; + if (hlen != sizeof(int32_t)) return -1; + val = GET_32BIT(handle); if (handle_is_ok(val, HANDLE_FILE) || handle_is_ok(val, HANDLE_DIR)) return val; @@ -568,7 +563,7 @@ process_write(void) void process_do_stat(int do_lstat) { - Attrib *a; + Attrib a; struct stat st; u_int32_t id; char *name; @@ -581,8 +576,8 @@ process_do_stat(int do_lstat) if (ret < 0) { status = errno_to_portable(errno); } else { - a = stat_to_attrib(&st); - send_attrib(id, a); + stat_to_attrib(&st, &a); + send_attrib(id, &a); status = SSH2_FX_OK; } if (status != SSH2_FX_OK) @@ -605,7 +600,7 @@ process_lstat(void) void process_fstat(void) { - Attrib *a; + Attrib a; struct stat st; u_int32_t id; int fd, ret, handle, status = SSH2_FX_FAILURE; @@ -619,8 +614,8 @@ process_fstat(void) if (ret < 0) { status = errno_to_portable(errno); } else { - a = stat_to_attrib(&st); - send_attrib(id, a); + stat_to_attrib(&st, &a); + send_attrib(id, &a); status = SSH2_FX_OK; } } @@ -736,18 +731,41 @@ process_opendir(void) } /* - * XXX, draft-ietf-secsh-filexfer-00.txt says: - * The recommended format for the longname field is as follows: - * -rwxr-xr-x 1 mjos staff 348911 Mar 25 14:29 t-filexfer - * 1234567890 123 12345678 12345678 12345678 123456789012 + * drwxr-xr-x 5 markus markus 1024 Jan 13 18:39 .ssh */ char * ls_file(char *name, struct stat *st) { - char buf[1024]; - snprintf(buf, sizeof buf, "0%o %d %d %lld %d %s", - st->st_mode, st->st_uid, st->st_gid, (long long)st->st_size, - (int)st->st_mtime, name); + int sz = 0; + struct passwd *pw; + struct group *gr; + struct tm *ltime = localtime(&st->st_mtime); + char *user, *group; + char buf[1024], mode[11+1], tbuf[12+1], ubuf[11+1], gbuf[11+1]; + + strmode(st->st_mode, mode); + if ((pw = getpwuid(st->st_uid)) != NULL) { + user = pw->pw_name; + } else { + snprintf(ubuf, sizeof ubuf, "%d", st->st_uid); + user = ubuf; + } + if ((gr = getgrgid(st->st_gid)) != NULL) { + group = gr->gr_name; + } else { + snprintf(gbuf, sizeof gbuf, "%d", st->st_gid); + group = gbuf; + } + if (ltime != NULL) { + if (time(NULL) - st->st_mtime < (365*24*60*60)/2) + sz = strftime(tbuf, sizeof tbuf, "%b %e %H:%M", ltime); + else + sz = strftime(tbuf, sizeof tbuf, "%b %e %Y", ltime); + } + if (sz == 0) + tbuf[0] = '\0'; + snprintf(buf, sizeof buf, "%s %3d %-8.8s %-8.8s %8qd %s %s", mode, + st->st_nlink, user, group, (long long)st->st_size, tbuf, name); return xstrdup(buf); } @@ -768,7 +786,6 @@ process_readdir(void) if (dirp == NULL || path == NULL) { send_status(id, SSH2_FX_FAILURE); } else { - Attrib *a; struct stat st; char pathname[1024]; Stat *stats; @@ -784,12 +801,12 @@ process_readdir(void) "%s/%s", path, dp->d_name); if (lstat(pathname, &st) < 0) continue; - a = stat_to_attrib(&st); - stats[count].attrib = *a; + stat_to_attrib(&st, &(stats[count].attrib)); stats[count].name = xstrdup(dp->d_name); stats[count].long_name = ls_file(dp->d_name, &st); count++; /* send up to 100 entries in one message */ + /* XXX check packet size instead */ if (count == 100) break; } @@ -888,15 +905,19 @@ void process_rename(void) { u_int32_t id; + struct stat st; char *oldpath, *newpath; - int ret, status; + int ret, status = SSH2_FX_FAILURE; id = get_int(); oldpath = get_string(NULL); newpath = get_string(NULL); TRACE("rename id %d old %s new %s", id, oldpath, newpath); - ret = rename(oldpath, newpath); - status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; + /* fail if 'newpath' exists */ + if (stat(newpath, &st) == -1) { + ret = rename(oldpath, newpath); + status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; + } send_status(id, status); xfree(oldpath); xfree(newpath); @@ -1006,7 +1027,9 @@ main(int ac, char **av) __progname = get_progname(av[0]); handle_init(); +#ifdef DEBUG_SFTP_SERVER log_init("sftp-server", SYSLOG_LEVEL_DEBUG1, SYSLOG_FACILITY_AUTH, 0); +#endif in = dup(STDIN_FILENO); out = dup(STDOUT_FILENO); diff --git a/ssh-add.c b/ssh-add.c index 857f3d74..c3b3ab4a 100644 --- a/ssh-add.c +++ b/ssh-add.c @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-add.c,v 1.23 2000/11/12 19:50:38 markus Exp $"); +RCSID("$OpenBSD: ssh-add.c,v 1.24 2001/01/13 18:14:13 markus Exp $"); #include #include @@ -91,7 +91,7 @@ delete_all(AuthenticationConnection *ac) if (success) fprintf(stderr, "All identities removed.\n"); else - fprintf(stderr, "Failed to remove all identitities.\n"); + fprintf(stderr, "Failed to remove all identities.\n"); } char * diff --git a/ssh-keygen.1 b/ssh-keygen.1 index b1430f14..f7b08c98 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1 @@ -81,7 +81,7 @@ generates and manages authentication keys for defaults to generating an RSA key for use by protocols 1.3 and 1.5; specifying the .Fl t -allows you to create a key for use by protocol 2.0. +option allows you to create a key for use by protocol 2.0. .Pp Normally each user wishing to use SSH with RSA or DSA authentication runs this once to create the authentication @@ -100,7 +100,7 @@ The public key is stored in a file with the same name but appended. The program also asks for a passphrase. The passphrase may be empty to indicate no passphrase -(host keys must have empty passphrase), or it may be a string of +(host keys must have an empty passphrase), or it may be a string of arbitrary length. Good passphrases are 10-30 characters long and are not simple sentences or otherwise easily guessable (English diff --git a/ssh-keygen.c b/ssh-keygen.c index 87be6a5f..5d9fa644 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-keygen.c,v 1.38 2000/12/28 18:58:39 markus Exp $"); +RCSID("$OpenBSD: ssh-keygen.c,v 1.39 2001/01/13 18:03:07 markus Exp $"); #include #include @@ -643,7 +643,7 @@ main(int ac, char **av) exit(1); } - while ((opt = getopt(ac, av, "dqpclRxXyb:f:t:P:N:C:")) != EOF) { + while ((opt = getopt(ac, av, "dqpclRxXyb:f:t:P:N:C:")) != -1) { switch (opt) { case 'b': bits = atoi(optarg); diff --git a/ssh-keyscan.c b/ssh-keyscan.c index 5d5427aa..69b029b0 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c @@ -8,7 +8,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-keyscan.c,v 1.7 2001/01/08 22:03:23 markus Exp $"); +RCSID("$OpenBSD: ssh-keyscan.c,v 1.9 2001/01/13 18:12:47 markus Exp $"); #if defined(HAVE_SYS_QUEUE_H) && !defined(HAVE_BOGUS_SYS_QUEUE_H) #include @@ -31,7 +31,6 @@ static int argno = 1; /* Number of argument currently being parsed */ int family = AF_UNSPEC; /* IPv4, IPv6 or both */ -#define PORT 22 #define MAXMAXFD 256 /* The number of seconds after which to give up on a TCP connection */ @@ -103,7 +102,7 @@ Linebuf_alloc(const char *filename, void (*errfun) (const char *,...)) if (filename) { lb->filename = filename; if (!(lb->stream = fopen(filename, "r"))) { - free(lb); + xfree(lb); if (errfun) (*errfun) ("%s: %s\n", filename, strerror(errno)); return (NULL); @@ -116,7 +115,7 @@ Linebuf_alloc(const char *filename, void (*errfun) (const char *,...)) if (!(lb->buf = malloc(lb->size = LINEBUF_SIZE))) { if (errfun) (*errfun) ("linebuf (%s): malloc failed\n", lb->filename); - free(lb); + xfree(lb); return (NULL); } lb->errfun = errfun; @@ -128,8 +127,8 @@ static inline void Linebuf_free(Linebuf * lb) { fclose(lb->stream); - free(lb->buf); - free(lb); + xfree(lb->buf); + xfree(lb); } static inline void @@ -298,7 +297,7 @@ tcpconnect(char *host) char strport[NI_MAXSERV]; int gaierr, s = -1; - snprintf(strport, sizeof strport, "%d", PORT); + snprintf(strport, sizeof strport, "%d", SSH_DEFAULT_PORT); memset(&hints, 0, sizeof(hints)); hints.ai_family = family; hints.ai_socktype = SOCK_STREAM; @@ -335,7 +334,7 @@ conalloc(char *iname, char *oname) do { name = xstrsep(&namelist, ","); if (!name) { - free(namebase); + xfree(namebase); return (-1); } } while ((s = tcpconnect(name)) < 0); @@ -368,10 +367,10 @@ confree(int s) close(s); if (s >= maxfd || fdcon[s].c_status == CS_UNUSED) fatal("confree: attempt to free bad fdno %d", s); - free(fdcon[s].c_namebase); - free(fdcon[s].c_output_name); + xfree(fdcon[s].c_namebase); + xfree(fdcon[s].c_output_name); if (fdcon[s].c_status == CS_KEYS) - free(fdcon[s].c_data); + xfree(fdcon[s].c_data); fdcon[s].c_status = CS_UNUSED; TAILQ_REMOVE(&tq, &fdcon[s], c_link); FD_CLR(s, &read_wait); @@ -395,11 +394,11 @@ conrecycle(int s) char *iname, *oname; iname = xstrdup(c->c_namelist); - oname = c->c_output_name; - c->c_output_name = NULL;/* prevent it from being freed */ + oname = xstrdup(c->c_output_name); confree(s); ret = conalloc(iname, oname); - free(iname); + xfree(iname); + xfree(oname); return (ret); } diff --git a/ssh-rsa.c b/ssh-rsa.c index aab9168e..e53af9e0 100644 --- a/ssh-rsa.c +++ b/ssh-rsa.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-rsa.c,v 1.3 2001/01/06 11:23:27 markus Exp $"); +RCSID("$OpenBSD: ssh-rsa.c,v 1.4 2001/01/16 19:20:06 markus Exp $"); #include "ssh.h" #include "xmalloc.h" @@ -122,6 +122,11 @@ ssh_rsa_verify( error("ssh_rsa_verify: no RSA key"); return -1; } + if (BN_num_bits(key->rsa->n) < 768) { + error("ssh_rsa_verify: n too small: %d bits", + BN_num_bits(key->rsa->n)); + return -1; + } buffer_init(&b); buffer_append(&b, (char *) signature, signaturelen); ktype = buffer_get_string(&b, NULL); diff --git a/ssh.c b/ssh.c index 7035486e..f1beb8c5 100644 --- a/ssh.c +++ b/ssh.c @@ -39,7 +39,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh.c,v 1.79 2000/12/27 11:51:54 markus Exp $"); +RCSID("$OpenBSD: ssh.c,v 1.82 2001/01/15 21:40:10 markus Exp $"); #include #include @@ -59,6 +59,7 @@ RCSID("$OpenBSD: ssh.c,v 1.79 2000/12/27 11:51:54 markus Exp $"); #include "key.h" #include "authfd.h" #include "authfile.h" +#include "clientloop.h" #ifdef HAVE___PROGNAME extern char *__progname; @@ -526,14 +527,14 @@ main(int ac, char **av) /* Do not allocate a tty if stdin is not a tty. */ if (!isatty(fileno(stdin)) && !force_tty_flag) { if (tty_flag) - fprintf(stderr, "Pseudo-terminal will not be allocated because stdin is not a terminal.\n"); + log("Pseudo-terminal will not be allocated because stdin is not a terminal.\n"); tty_flag = 0; } /* Get user data. */ pw = getpwuid(original_real_uid); if (!pw) { - fprintf(stderr, "You don't exist, go away!\n"); + log("You don't exist, go away!\n"); exit(1); } /* Take a copy of the returned structure. */ @@ -870,8 +871,7 @@ ssh_session(void) } } /* Tell the packet module whether this is an interactive session. */ - packet_set_interactive(interactive, options.keepalives); - + packet_set_interactive(interactive); /* Request authentication agent forwarding if appropriate. */ check_agent_present(); @@ -919,12 +919,12 @@ ssh_session(void) return client_loop(have_tty, tty_flag ? options.escape_char : -1, 0); } -extern void client_set_session_ident(int id); - void ssh_session2_callback(int id, void *arg) { int len; + int interactive = 0; + debug("client_init id %d arg %d", id, (int)arg); if (no_shell_flag) @@ -948,6 +948,7 @@ ssh_session2_callback(int id, void *arg) packet_put_int(ws.ws_ypixel); packet_put_cstring(""); /* XXX: encode terminal modes */ packet_send(); + interactive = 1; /* XXX wait for reply */ } if (options.forward_x11 && @@ -958,6 +959,7 @@ ssh_session2_callback(int id, void *arg) /* Request forwarding with authentication spoofing. */ debug("Requesting X11 forwarding with authentication spoofing."); x11_request_forwarding_with_spoofing(id, proto, data); + interactive = 1; /* XXX wait for reply */ } @@ -982,7 +984,8 @@ ssh_session2_callback(int id, void *arg) /* channel_callback(id, SSH2_MSG_OPEN_CONFIGMATION, client_init, 0); */ done: /* register different callback, etc. XXX */ - client_set_session_ident(id); + packet_set_interactive(interactive); + clientloop_set_session_ident(id); } int diff --git a/sshconnect.c b/sshconnect.c index 59b273a9..e40ba984 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -13,7 +13,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect.c,v 1.89 2001/01/04 22:41:03 markus Exp $"); +RCSID("$OpenBSD: sshconnect.c,v 1.90 2001/01/13 18:32:50 markus Exp $"); #include #include @@ -187,12 +187,13 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr, int anonymous, uid_t original_real_uid, const char *proxy_command) { + int gaierr; + int on = 1; int sock = -1, attempt; - struct servent *sp; - struct addrinfo hints, *ai, *aitop; char ntop[NI_MAXHOST], strport[NI_MAXSERV]; - int gaierr; + struct addrinfo hints, *ai, *aitop; struct linger linger; + struct servent *sp; debug("ssh_connect: getuid %u geteuid %u anon %d", (u_int) getuid(), (u_int) geteuid(), anonymous); @@ -298,7 +299,13 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr, /* setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (void *)&on, sizeof(on)); */ linger.l_onoff = 1; linger.l_linger = 5; - setsockopt(sock, SOL_SOCKET, SO_LINGER, (void *) &linger, sizeof(linger)); + setsockopt(sock, SOL_SOCKET, SO_LINGER, (void *)&linger, sizeof(linger)); + + /* Set keepalives if requested. */ + if (options.keepalives && + setsockopt(sock, SOL_SOCKET, SO_KEEPALIVE, (void *)&on, + sizeof(on)) < 0) + error("setsockopt SO_KEEPALIVE: %.100s", strerror(errno)); /* Set the connection. */ packet_set_connection(sock, sock); diff --git a/sshconnect.h b/sshconnect.h index 146a65ba..72000467 100644 --- a/sshconnect.h +++ b/sshconnect.h @@ -30,7 +30,7 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, void ssh_kex(char *host, struct sockaddr *hostaddr); void -ssh_userauth(const char* local_user, const char* server_user, char *host, +ssh_userauth(const char * local_user, const char * server_user, char *host, int host_key_valid, RSA *own_host_key); void ssh_kex2(char *host, struct sockaddr *hostaddr); diff --git a/sshconnect1.c b/sshconnect1.c index 09d0210a..17b381c1 100644 --- a/sshconnect1.c +++ b/sshconnect1.c @@ -13,7 +13,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect1.c,v 1.14 2001/01/08 21:55:41 markus Exp $"); +RCSID("$OpenBSD: sshconnect1.c,v 1.15 2001/01/16 23:58:09 deraadt Exp $"); #include #include @@ -577,7 +577,7 @@ send_afs_tokens(void) creds.pinst[0] = '\0'; /* Encode token, ship it off. */ - if (creds_to_radix(&creds, (u_char*) buffer, sizeof buffer) <= 0) + if (creds_to_radix(&creds, (u_char *) buffer, sizeof buffer) <= 0) break; packet_start(SSH_CMSG_HAVE_AFS_TOKEN); packet_put_string(buffer, strlen(buffer)); @@ -897,8 +897,8 @@ ssh_kex(char *host, struct sockaddr *hostaddr) */ void ssh_userauth( - const char* local_user, - const char* server_user, + const char *local_user, + const char *server_user, char *host, int host_key_valid, RSA *own_host_key) { diff --git a/sshd.c b/sshd.c index 298a1b6b..be7ae5ab 100644 --- a/sshd.c +++ b/sshd.c @@ -40,7 +40,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.147 2001/01/10 19:43:20 deraadt Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.150 2001/01/13 18:32:51 markus Exp $"); #include "xmalloc.h" #include "rsa.h" @@ -580,7 +580,7 @@ main(int ac, char **av) initialize_server_options(&options); /* Parse command-line arguments. */ - while ((opt = getopt(ac, av, "f:p:b:k:h:g:V:u:dDiqQ46")) != EOF) { + while ((opt = getopt(ac, av, "f:p:b:k:h:g:V:u:dDiqQ46")) != -1) { switch (opt) { case '4': IPv4or6 = AF_INET; @@ -927,7 +927,7 @@ main(int ac, char **av) sighup_restart(); if (fdset != NULL) xfree(fdset); - fdsetsz = howmany(maxfd, NFDBITS) * sizeof(fd_mask); + fdsetsz = howmany(maxfd+1, NFDBITS) * sizeof(fd_mask); fdset = (fd_set *)xmalloc(fdsetsz); memset(fdset, 0, fdsetsz); @@ -938,7 +938,7 @@ main(int ac, char **av) FD_SET(startup_pipes[i], fdset); /* Wait in select until there is a connection. */ - if (select(maxfd + 1, fdset, NULL, NULL, NULL) < 0) { + if (select(maxfd+1, fdset, NULL, NULL, NULL) < 0) { if (errno != EINTR) error("select: %.100s", strerror(errno)); continue; @@ -1080,6 +1080,12 @@ main(int ac, char **av) linger.l_linger = 5; setsockopt(sock_in, SOL_SOCKET, SO_LINGER, (void *) &linger, sizeof(linger)); + /* Set keepalives if requested. */ + if (options.keepalives && + setsockopt(sock_in, SOL_SOCKET, SO_KEEPALIVE, (void *)&on, + sizeof(on)) < 0) + error("setsockopt SO_KEEPALIVE: %.100s", strerror(errno)); + /* * Register our connection. This turns encryption off because we do * not have a key.