From 5881cd602cf8b58856359c0d7a30c2a15d6ef9f8 Mon Sep 17 00:00:00 2001 From: damien Date: Thu, 28 Oct 1999 03:25:17 +0000 Subject: [PATCH] - Integrated patch from Dan Brosemer - Build fixes - Autoconf - Change binary names to open* - Fixed autoconf script to detect PAM on RH6.1 - Added tests for libpwdb, and OpenBSD functions to autoconf (not used yet) --- ChangeLog | 608 +++--------------------------------------------- ChangeLog.linux | 20 -- Makefile.GNU | 50 ---- Makefile.in | 73 ++++++ Makefile.inc | 11 - README.openssh | 4 +- acconfig.h | 7 + auth-rsa.c | 7 + authfd.c | 6 + authfile.c | 7 + bufaux.c | 8 + cipher.c | 6 + cipher.h | 8 + config.h.in | 139 +++++++++++ configure.in | 54 +++++ mpaux.c | 10 +- packet.h | 6 + rsa.h | 8 + ssh-agent.c | 6 + ssh.c | 1 + ssh.h | 14 ++ sshconnect.c | 10 +- 22 files changed, 400 insertions(+), 663 deletions(-) delete mode 100644 ChangeLog.linux delete mode 100644 Makefile.GNU create mode 100644 Makefile.in delete mode 100644 Makefile.inc create mode 100644 acconfig.h create mode 100644 config.h.in create mode 100644 configure.in diff --git a/ChangeLog b/ChangeLog index 08d90f78..f763d72e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,578 +1,30 @@ -Fri Nov 17 16:19:20 1995 Tatu Ylonen - - * Released 1.2.12. - - * channels.c: Commented out debugging messages about output draining. - - * Added file OVERVIEW to give some idea about the structure of the - ssh software. - -Thu Nov 16 16:40:17 1995 Tatu Ylonen - - * canohost.c (get_remote_hostname): Don't ever return NULL (causes - segmentation violation). - - * sshconnect.c: Host ip address printed incorrectly with -v. - - * Implemented SSH_TTY environment variable. - -Wed Nov 15 01:47:40 1995 Tatu Ylonen - - * Implemented server and client option KeepAlive to specify - whether to set SO_KEEPALIVE. Both default to "yes"; to disable - keepalives, set the value to "no" in both the server and the - client configuration files. Updated manual pages. - - * sshd.c: Fixed Solaris utmp problem: wrong pid stored in utmp - (patch from Petri Virkkula ). - - * login.c (record_logout): Fixed removing user from utmp on BSD - (with HAVE_LIBUTIL_LOGIN). - - * Added cleanup functions to be called from fatal(). Arranged for - utmp to be cleaned if sshd terminates by calling fatal (e.g., - after dropping connection). Eliminated separate client-side - fatal() functions and moved fatal() to log-client.c. Made all - cleanups, including channel_stop_listening() and packet_close() - be called using this mechanism. - -Thu Nov 9 09:58:05 1995 Tatu Ylonen - - * sshd.c: Permit immediate login with empty password only if - password authentication is allowed. - -Wed Nov 8 00:43:55 1995 Tatu Ylonen - - * Eliminated unix-domain X11 forwarding. Inet-domain forwarding is - now the only supported form. Renamed server option - X11InetForwarding to X11Forwarding, and eliminated - X11UnixForwarding. Updated documentation. Updated RFC (marked - the SSH_CMSG_X11_REQUEST_FORWARDING message (code 26) as - obsolete, and removed all references to it). Increased protocol - version number to 1.3. - - * scp.c (main): Added -B (BatchMode). Updated manual page. - - * Cleaned up and updated all manual pages. - - * clientloop.c: Added new escape sequences ~# (lists forwarded - connections), ~& (background ssh when waiting for forwarded - connections to terminate), ~? (list available escapes). - Polished the output of the connection listing. Updated - documentation. - - * uidswap.c: If _POSIX_SAVED_IDS is defined, don't change the real - uid. Assume that _POSIX_SAVED_IDS also applies to seteuid. - This may solve problems with tcp_wrappers (libwrap) showing - connections as coming from root. - -Tue Nov 7 20:28:57 1995 Tatu Ylonen - - * Added RandomSeed server configuration option. The argument - specifies the location of the random seed file. Updated - documentation. - - * Locate perl5 in configure. Generate make-ssh-known-hosts (with - the correct path for perl5) in Makefile.in, and install it with - the other programs. Updated manual page. - - * sshd.c (main): Added a call to umask to set the umask to a - reasonable value. - - * compress.c (buffer_compress): Fixed to follow the zlib - documentation (which is slightly confusing). - - * INSTALL: Added information about Linux libc.so.4 problem. - -Mon Nov 6 15:42:36 1995 Tatu Ylonen - - * (Actually autoconf fix) Installed patch to AC_ARG_PROGRAM. - - * sshd.c, sshd.8.in: Renamed $HOME/.environment -> - $HOME/.ssh/environment. - - * configure.in: Disable shadow password checking on convex. - Convex has /etc/shadow, but sets pw_passwd automatically if - running as root. - - * Eliminated HAVE_ETC_MASTER_PASSWD (NetBSD, FreeBSD); the - pw_passwd field is automatically filled if running as root. - Put explicit code in configure.in to prevent shadow password - checking on FreeBSD and NetBSD. - - * serverloop.c (signchld_handler): Don't print error if wait - returns -1. - - * Makefile.in (install): Fixed modes of data files. - - * Makefile.in (install): Make links for slogin.1. - - * make-ssh-known-hosts: Merged a patch from melo@ci.uminho.pt to - fix the ping command. - -Fri Nov 3 16:25:28 1995 Tatu Ylonen - - * ssh.1.in: Added more information about X11 forwarding. - -Thu Nov 2 18:42:13 1995 Tatu Ylonen - - * Changes to use O_NONBLOCK_BROKEN consistently. - - * pty.c (pty_make_controlling_tty): Use setpgid instead of - setsid() on Ultrix. - - * includes.h: Removed redundant #undefs for Ultrix and Sony News; - these are already handled in configure.in. - -Tue Oct 31 13:31:28 1995 Tatu Ylonen - - * configure.in: Define SSH_WTMP to /var/adm/wtmp is wtmp not found. - - * configure.in: Disable vhangup on Ultrix. I am told this fixes - the server problems. - -Sat Oct 28 14:22:05 1995 Tatu Ylonen - - * sshconnect.c: Fixed a bug in connecting to a multi-homed host. - Restructured the connecting code to never try to use the same - socket a second time after a failed connection. - - * Makefile.in: Added explicit -m option to install, and umask 022 - when creating directories and the host key. - -Fri Oct 27 01:05:10 1995 Tatu Ylonen - - * Makefile.in: Added cleaning of $(ZLIBDIR) to clean and distclean. - - * login.c (get_last_login_time): Fixed a typo (define -> defined). - -Thu Oct 26 01:28:07 1995 Tatu Ylonen - - * configure.in: Moved testing for ANSI C compiler after the host - specific code (problems on HPUX). - - * Minor fixes to /etc/default/login stuff from Bryan O'Sullivan. - - * Fixed .SH NAME sections in manual pages. - - * compress.c: Trying to fix a mysterious bug in the compression - glue. - - * ssh-1.2.11. - - * scp.c: disable agent forwarding when running ssh from scp. - - * Added compression of plaintext packets using the gzip library - (zlib). Client configuration options Compression and - CompressionLevel (1-9 as in gzip). New ssh and scp option -C - (to enable compression). Updated RFC. - -Wed Oct 25 05:11:55 1995 Tatu Ylonen - - * Implemented ProxyCommand stuff based on patches from Bryan - O'Sullivan . - - * Merged BSD login/logout/lastlog patches from Mark Treacy - . - - * sshd.c: Added chdir("/"). - -Tue Oct 24 00:29:01 1995 Tatu Ylonen - - * Merged RSA environment= patches from Felix Leitner - with some changes. - - * sshd.c: Made the packet code use two separate descriptors for - the connection (one for input, the other for output). This will - make future extensions easier (e.g., non-socket transports, etc.). - sshd -i now uses both stdin and stdout separately. - -Mon Oct 23 21:29:28 1995 Tatu Ylonen - - * sshd.c: Merged execle -> execve patches from Mark Martinec - . This may help with execle bugs on - Convex (environment not getting passed properly). This might - also solve similar problems on Sonys; please test! - - * Removed all compatibility code for protocol version 1.0. - THIS MEANS THAT WE ARE NO LONGER COMPATIBLE WITH SSH VERSIONS - PRIOR TO 1.1.0. - - * randoms.c (random_acquire_light_environmental_noise): If - /dev/random is available, read up to 32 bytes (256 bits) from - there in non-blocking mode, and mix the new random bytes into - the pool. - - * Added client configuration option StrictHostKeyChecking - (disabled by default). If this is enabled, the client will not - automatically add new host keys to $HOME/.ssh/known_hosts; - instead the connection will be refused if the host key is not - known. Similarly, if the host key has changed, the connection - will be refused instead if just issuing a warning. This - provides additional security against man-in-the-middle/trojan - horse attacks (especially in scripts where there is no-one to - see the warnings), but may be quite inconvenient in everyday - interactive use unless /etc/ssh_known_hosts is very complete, - because new host keys must now be added manually. - - * sshconnect.c (ssh_connect): Use the user's uid when creating the - socket and connecting it. I am hoping that this might help with - tcp_wrappers showing the remote user as root. - - * ssh.c: Try inet-domain X11 forwarding regardless of whether we - can get local authorization information. If we don't, we just - come up with fake information; the forwarding code will anyway - generate its own fake information and validate that the client - knows that information. It will then substitute our fake - information for that, but that info should get ignored by the - server if it doesn't support it. - - * Added option BatchMode to disable password/passphrase querying - in scripts. - - * auth-rh-rsa.c: Changed to use uid-swapping when reading - .ssh/known_hosts. - - * sshd.8.in (command): Improved documentation of file permissions - on the manual pages. - -Thu Oct 19 21:05:51 1995 Tatu Ylonen - - * ssh-add.c (add_file): Fixed a bug causing ssh to sometimes refer - to freed memory (comment -> saved_comment). - - * log-server.c: Added a prefix to debug/warning/error/fatal - messages describing message types. Syslog does not include that - information automatically. - -Sun Oct 8 01:56:01 1995 Tatu Ylonen - - * Merged /etc/default/login and MAIL environment variable changes - from Bryan O'Sullivan . - - mail spool file location - - process /etc/default/login - - add HAVE_ETC_DEFAULT_LOGIN - - new function child_get_env and read_etc_default_login (sshd.c) - - * ssh-add.c (add_file): Fixed asking for passphrase. - - * Makefile.in: Fixed installing configure-generated man pages when - compiling in a separate object directory. - - * sshd.c (main): Moved RSA key generation until after allocating - the port number. (Actually, the code got duplicated because we - never listen when run from inetd.) - - * ssh.c: Fixed a problem that caused scp to hang when called with - stdin closed. - -Sat Oct 7 03:08:06 1995 Tatu Ylonen - - * Added server config option StrictModes. It specifies whether to - check ownership and modes of home directory and .rhosts files. - - * ssh.c: If ssh is renamed/linked to a host name, connect to that - host. - - * serverloop.c, clientloop.c: Ignore EAGAIN reported on read from - connection. Solaris has a kernel bug which causes select() to - sometimes wake up even though there is no data available. - - * Display all open connections when printing the "Waiting for - forwarded connections to terminate" message. - - * sshd.c, readconf.c: Added X11InetForwarding and - X11UnixForwarding server config options. - -Thu Oct 5 17:41:16 1995 Tatu Ylonen - - * Some more SCO fixes. - -Tue Oct 3 01:04:34 1995 Tatu Ylonen - - * Fixes and cleanups in README, INSTALL, COPYING. - -Mon Oct 2 03:36:08 1995 Tatu Ylonen - - * ssh-add.c (add_file): Fixed a bug in ssh-add (xfree: NULL ...). - - * Removed .BR from ".SH NAME" in man pages. - -Sun Oct 1 04:16:07 1995 Tatu Ylonen - - * ssh-1.2.10. - - * configure.in: When checking that the compiler works, check that - it understands ANSI C prototypes. - - * Made uidswap error message a debug() to avoid confusing errors - on AIX (AIX geteuid is brain-damaged and fails even for root). - - * Fixed an error in sshd.8 (FacistLogging -> FascistLogging). - - * Fixed distribution in Makefile.in (missing manual page .in files). - -Sat Sep 30 17:38:46 1995 Tatu Ylonen - - * auth-rhosts.c: Fixed serious security problem in - /etc/hosts.equiv authentication. - -Fri Sep 29 00:41:02 1995 Tatu Ylonen - - * Include machine/endian.h on Paragon. - - * ssh-add.c (add_file): Made ssh-add keep asking for the - passphrase until the user just types return or cancels. - Make the dialog display the comment of the key. - - * Read use shosts.equiv in addition to /etc/hosts.equiv. - - * sshd.8 is now sshd.8.in and is processed by configure to - substitute the proper paths for various files. Ditto for ssh.1. - Ditto for make-ssh-known-hosts.1. - - * configure.in: Moved /etc/sshd_pid to PIDDIR/sshd.pid. PIDDIR - will be /var/run if it exists, and ETCDIR otherwise. - -Thu Sep 28 21:52:42 1995 Tatu Ylonen - - * On Ultrix, check if sys/syslog.h needs to be included in - addition to syslog.h. - - * make-ssh-known-hosts.pl: Merged Kivinen's fixes for HPUX. - - * configure.in: Put -lwrap, -lsocks, etc. at the head of LIBS. - - * Fixed case-insensitivity in auth-rhosts.c. - - * Added missing socketpair.c to EXTRA_SRCS (needed on SCO), plus - other SCO fixes. - - * Makefile.in: Fixed missing install_prefixes. - -Wed Sep 27 03:57:00 1995 Tatu Ylonen - - * ssh-1.2.9. - - * Added SOCKS support. - - * Fixed default setting of IgnoreRhosts option. - - * Pass the magic cookie to xauth in stdin instead of command line; - the command line is visible in ps. - - * Added processing $HOME/.ssh/rc and /etc/sshrc. - - * Added a section to sshd.8 on what happens at login time. - -Tue Sep 26 01:27:40 1995 Tatu Ylonen - - * Don't define speed_t on SunOS 4.1.1; it conflicts with system - headers. - - * Added support for .hushlogin. - - * Added --with-etcdir. - - * Read $HOME/.environment after /etc/environment. - -Mon Sep 25 03:26:06 1995 Tatu Ylonen - - * Merged patches for SCO Unix (from Michael Henits). - -Sun Sep 24 22:28:02 1995 Tatu Ylonen - - * Added ssh option ConnectionAttempts. - -Sat Sep 23 12:30:15 1995 Tatu Ylonen - - * sshd.c: Don't print last login time and /etc/motd if a command - has been specified (with ssh -t host command). - - * Added support for passing the screen number in X11 forwarding. - It is implemented as a compatible protocol extension, signalled - by SSH_PROTOFLAG_SCREEN_NUMBER by the child. - - * clientloop.c: Fixed bugs in the order in which things were - processed. This may solve problems with some data not getting - sent to the server as soon as possible (probably solves the TCP - forwarding delayed close problem). Also, it looked like window - changes might not get transmitted as early as possible in some - cases. - - * clientloop.c: Changed to detect window size change that - happened while ssh was suspended. - - * ssh.c: Moved the do_session function (client main loop) to - clientloop.c. Divided it into smaller functions. General cleanup. - - * ssh-1.2.8 - -Fri Sep 22 22:07:46 1995 Tatu Ylonen - - * sshconnect.c (ssh_login): Made ssh_login take the options - structure as argument, instead of the individual arguments. - - * auth-rhosts.c (check_rhosts_file): Added support for netgroups. - - * auth-rhosts.c (check_rhosts_file): Added support for negated - entries. - -Thu Sep 21 00:07:56 1995 Tatu Ylonen - - * auth-rhosts.c: Restructured rhosts authentication code. - Hosts.equiv now has same format as .rhosts: user names are allowed. - - * Added support for the Intel Paragon. - - * sshd.c: Don't use X11 forwarding with spoofing if no xauth - program. Changed configure.in to not define XAUTH_PATH if - there is no xauth program. - - * ssh-1.2.7 - - * sshd.c: Rewrote the code to build the environment. Now also reads - /etc/environment. - - * sshd.c: Fixed problems in libwrap code. --with-libwrap now - takes optional library name/path. - - * ssh-1.2.6 - - * Define USE_PIPES by default. - - * Added support for Univel Unixware and MachTen. - - * Added IgnoreRhosts server option. - - * Added USE_STRLEN_FOR_AF_UNIX; it is needed at least on MachTen. - -Wed Sep 20 02:41:02 1995 Tatu Ylonen - - * sshd.c (do_child): don't call packet_close when /etc/nologin, - because packet_close does shutdown, and the message does not get - sent. - - * pty.c (pty_allocate): Push ttcompat streams module. - - * randoms.c (random_acquire_light_environmental_noise): Don't use - the second argument to gettimeofday as it is not supported on - all systems. - - * login.c (record_login): Added NULL second argument to gettimeofday. - -Tue Sep 19 13:25:48 1995 Tatu Ylonen - - * fixed pclose wait() in sshd key regeneration (now only collects - easily available noise). - - * configure.in: test for bsdi before bsd*. - - * ssh.c: Don't print "Connection closed" if -q. - -Wed Sep 13 04:19:52 1995 Tatu Ylonen - - * Released ssh-1.2.5. - - * Hopefully fixed "Waiting for forwarded connections to terminate" - message. - - * randoms.c, md5.c: Large modifications to make these work on Cray - (which has no 32 bit integer type). - - * Fixed a problem with forwarded connection closes not being - reported immediately. - - * ssh.c: fixed rhosts authentication (broken by uid-swapping). - - * scp.c: Don't use -l if server user not specified (it made - setting User in the configuration file not work). - - * configure.in: don't use -pipe on BSDI. - - * randoms.c: Major modifications to make it work without 32 bit - integers (e.g. Cray). - - * md5.c: Major modifications to make it work without 32 bit - integers (e.g. Cray). - - * Eliminated HPSUX_BROKEN_PTYS. The code is now enabled by - default on all systems. - -Mon Sep 11 00:53:12 1995 Tatu Ylonen - - * sshd.c: don't include sshd pathname in log messages. - - * Added libwrap stuff (includes support for identd). - - * Added OSF/1 C2 extended security stuff. - - * Fixed interactions between getuid() and uid-swap stuff. - -Sun Sep 10 00:29:27 1995 Tatu Ylonen - - * serverloop.c: Don't send stdout data to client until after a few - milliseconds if there is very little data. This is because some - systems give data from pty one character at a time, which would - multiply data size by about 16. - - * serverloop.c: Moved server do_session to a separate file and - renamed it server_loop. Split it into several functions and - partially rewrote it. Fixed "cat /etc/termcap | ssh foo cat" hangup. - - * Screwed up something while checking stuff in under cvs. No harm, - but bogus log entries... - -Sat Sep 9 02:24:51 1995 Tatu Ylonen - - * minfd.c (_get_permanent_fd): Use SHELL environment variable. - - * channels.c (x11_create_display_inet): Created - HPSUX_NONSTANDARD_X11_KLUDGE; it causes DISPLAY to contain the - IP address of the host instead of the name, because HPSUX uses - some magic shared memory communication for local connections. - - * Changed SIGHUP processing in server; it should now work multiple - times. - - * Added length limits in many debug/log/error/fatal calls just in - case. - - * login.c (get_last_login_time): Fixed location of lastlog. - - * Rewrote all uid-swapping code. New files uidswap.h, uidswap.c. - - * Fixed several security problems involving chmod and chgrp (race - conditions). Added warnings about dubious modes for /tmp/.X11-unix. - -Fri Sep 8 20:03:36 1995 Tatu Ylonen - - * Changed readconf.c to never display anything from the config - file. This should now be prevented otherwise, but let's play safe. - - * log-server.c: Use %.500s in syslog() just to be sure (they - should already be shorter than 1024 though). - - * sshd.c: Moved setuid in child a little earlier (just to be - conservative, there was no security problem that I could detect). - - * README, INSTALL: Added info about mailing list and WWW page. - - * sshd.c: Added code to use SIGCHLD and wait zombies immediately. - - * Merged patch to set ut_addr in utmp. - - * Created ChangeLog and added it to Makefile.in. - - * Use read_passphrase instead of getpass(). - - * Added SSH_FALLBACK_CIPHER. Fixed a bug in default cipher - selection (IDEA used to be selected even if not supported by the - server). - - * Use no encryption for key files if empty passphrase. - - * Added section about --without-idea in INSTALL. - - * Version 1.2.0 was released a couple of days ago. - +19991028 + - Further PAM enhancements. + - Much cleaner + - Now uses account and session modules for all logins. + - Integrated patch from Dan Brosemer + - Build fixes + - Autoconf + - Change binary names to open* + - Fixed autoconf script to detect PAM on RH6.1 + - Added tests for libpwdb, and OpenBSD functions to autoconf +19991027 + - Adapted PAM patch. + - Released 1.0pre2 + + - Excised my buggy replacements for strlcpy and mkdtemp + - Imported correct OpenBSD strlcpy and mkdtemp routines. + - Reduced arc4random_stir entropy read to 32 bytes (256 bits) + - Picked up correct version number from OpenBSD + - Added sshd.pam PAM configuration file + - Added sshd.init Redhat init script + - Added openssh.spec RPM spec file + - Released 1.2pre3 + +19991026 + - Fixed include paths of OpenSSL functions + - Use OpenSSL MD5 routines + - Imported RC4 code from nanocrypt + - Wrote replacements for OpenBSD arc4random* functions + - Wrote replacements for strlcpy and mkdtemp + - Released 1.0pre1 diff --git a/ChangeLog.linux b/ChangeLog.linux deleted file mode 100644 index a28e577a..00000000 --- a/ChangeLog.linux +++ /dev/null @@ -1,20 +0,0 @@ -19991027 - - Adapted PAM patch. - - Released 1.0pre2 - - - Excised my buggy replacements for strlcpy and mkdtemp - - Imported correct OpenBSD strlcpy and mkdtemp routines. - - Reduced arc4random_stir entropy read to 32 bytes (256 bits) - - Picked up correct version number from OpenBSD - - Added sshd.pam PAM configuration file - - Added sshd.init Redhat init script - - Added openssh.spec RPM spec file - - Released 1.2pre3 - -19991026 - - Fixed include paths of OpenSSL functions - - Use OpenSSL MD5 routines - - Imported RC4 code from nanocrypt - - Wrote replacements for OpenBSD arc4random* functions - - Wrote replacements for strlcpy and mkdtemp - - Released 1.0pre1 diff --git a/Makefile.GNU b/Makefile.GNU deleted file mode 100644 index 09719952..00000000 --- a/Makefile.GNU +++ /dev/null @@ -1,50 +0,0 @@ -OPT_FLAGS=-g -CFLAGS=$(OPT_FLAGS) -Wall -DETCDIR=\"/etc/ssh\" -DHAVE_PAM -DHAVE_PWDB -TARGETS=bin/libssh.a bin/ssh bin/sshd bin/ssh-add bin/ssh-keygen bin/ssh-agent bin/scp -LFLAGS=-L./bin -LIBS=-lssh -lcrypto -lz -lutil -lpwdb -lpam -ldl -AR=ar -RANLIB=ranlib - -OBJS= authfd.o authfile.o auth-passwd.o auth-rhosts.o auth-rh-rsa.o \ - auth-rsa.o bufaux.o buffer.o canohost.o channels.o cipher.o \ - clientloop.o compress.o crc32.o deattack.o hostfile.o \ - log-client.o login.o log-server.o match.o mpaux.o packet.o pty.o \ - readconf.o readpass.o rsa.o servconf.o serverloop.o \ - sshconnect.o tildexpand.o ttymodes.o uidswap.o xmalloc.o \ - helper.o mktemp.o strlcpy.o rc4.o - -all: $(OBJS) $(TARGETS) - -bin/libssh.a: authfd.o authfile.o bufaux.o buffer.o canohost.o channels.o cipher.o compat.o compress.o crc32.o deattack.o hostfile.o match.o mpaux.o nchan.o packet.o readpass.o rsa.o tildexpand.o ttymodes.o uidswap.o xmalloc.o helper.o rc4.o mktemp.o strlcpy.o - [ -d bin ] || mkdir bin - $(AR) rv $@ $^ - $(RANLIB) $@ - -bin/ssh: ssh.o sshconnect.o log-client.o readconf.o clientloop.o - [ -d bin ] || mkdir bin - $(CC) -o $@ $^ $(LFLAGS) $(LIBS) - -bin/sshd: sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o pty.o log-server.o login.o servconf.o serverloop.o - [ -d bin ] || mkdir bin - $(CC) -o $@ $^ $(LFLAGS) $(LIBS) - -bin/scp: scp.o - [ -d bin ] || mkdir bin - $(CC) -o $@ $^ $(LFLAGS) $(LIBS) - -bin/ssh-add: ssh-add.o log-client.o - [ -d bin ] || mkdir bin - $(CC) -o $@ $^ $(LFLAGS) $(LIBS) - -bin/ssh-agent: ssh-agent.o log-client.o - [ -d bin ] || mkdir bin - $(CC) -o $@ $^ $(LFLAGS) $(LIBS) - -bin/ssh-keygen: ssh-keygen.o log-client.o - [ -d bin ] || mkdir bin - $(CC) -o $@ $^ $(LFLAGS) $(LIBS) - -clean: - rm -f *.o core bin/* - diff --git a/Makefile.in b/Makefile.in new file mode 100644 index 00000000..8e1d2f1a --- /dev/null +++ b/Makefile.in @@ -0,0 +1,73 @@ +prefix=@prefix@ +exec_prefix=@exec_prefix@ +bindir=@bindir@ +sbindir=@sbindir@ +libdir=@libdir@ + +CC=@CC@ +CFLAGS=-g -Wall -DETCDIR=\"/etc/ssh\" @DEFS@ +TARGETS=bin/libopenssh.a bin/openssh bin/opensshd bin/openssh-add bin/openssh-keygen bin/openssh-agent bin/openscp +LFLAGS=-L./bin +LIBS=-lopenssh @LIBS@ +AR=@AR@ +RANLIB=@RANLIB@ + +OBJS= authfd.o authfile.o auth-passwd.o auth-rhosts.o auth-rh-rsa.o \ + auth-rsa.o bufaux.o buffer.o canohost.o channels.o cipher.o \ + clientloop.o compress.o crc32.o deattack.o helper.o hostfile.o \ + log-client.o login.o log-server.o match.o mpaux.o packet.o pty.o \ + readconf.o readpass.o rsa.o servconf.o serverloop.o \ + sshconnect.o tildexpand.o ttymodes.o uidswap.o xmalloc.o \ + helper.o mktemp.o strlcpy.o rc4.o + +all: $(OBJS) $(TARGETS) + +bin/libopenssh.a: authfd.o authfile.o bufaux.o buffer.o canohost.o channels.o cipher.o compat.o compress.o crc32.o deattack.o hostfile.o match.o mpaux.o nchan.o packet.o readpass.o rsa.o tildexpand.o ttymodes.o uidswap.o xmalloc.o helper.o rc4.o mktemp.o strlcpy.o + [ -d bin ] || mkdir bin + $(AR) rv $@ $^ + $(RANLIB) $@ + +bin/openssh: ssh.o sshconnect.o log-client.o readconf.o clientloop.o + [ -d bin ] || mkdir bin + $(CC) -o $@ $^ $(LFLAGS) $(LIBS) + +bin/opensshd: sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o pty.o log-server.o login.o servconf.o serverloop.o + [ -d bin ] || mkdir bin + $(CC) -o $@ $^ $(LFLAGS) $(LIBS) + +bin/openscp: scp.o + [ -d bin ] || mkdir bin + $(CC) -o $@ $^ $(LFLAGS) $(LIBS) + +bin/openssh-add: ssh-add.o log-client.o + [ -d bin ] || mkdir bin + $(CC) -o $@ $^ $(LFLAGS) $(LIBS) + +bin/openssh-agent: ssh-agent.o log-client.o + [ -d bin ] || mkdir bin + $(CC) -o $@ $^ $(LFLAGS) $(LIBS) + +bin/openssh-keygen: ssh-keygen.o log-client.o + [ -d bin ] || mkdir bin + $(CC) -o $@ $^ $(LFLAGS) $(LIBS) + +clean: + rm -f *.o core bin/* config.status config.cache config.log + +install: + install -d $(bindir) + install -d $(sbindir) + install -d $(libdir) + install -c bin/openssh $(bindir)/openssh + install -c bin/openscp $(bindir)/openscp + install -c bin/openssh-add $(bindir)/openssh-add + install -c bin/openssh-agent $(bindir)/openssh-agent + install -c bin/openssh-keygen $(bindir)/openssh-keygen + install -c bin/opensshd $(sbindir)/opensshd + install -c bin/libopenssh.a $(libdir)/libopenssh.a + +distclean: clean + rm -f Makefile config.h *~ + rm -rf bin + +mrproper: distclean diff --git a/Makefile.inc b/Makefile.inc deleted file mode 100644 index fddf3da2..00000000 --- a/Makefile.inc +++ /dev/null @@ -1,11 +0,0 @@ -CFLAGS+= -I${.CURDIR}/.. - -.include - -.if exists(${.CURDIR}/../lib/${__objdir}) -LDADD+= -L${.CURDIR}/../lib/${__objdir} -lssh -DPADD+= ${.CURDIR}/../lib/${__objdir}/libssh.a -.else -LDADD+= -L${.CURDIR}/../lib -lssh -DPADD+= ${.CURDIR}/../lib/libssh.a -.endif diff --git a/README.openssh b/README.openssh index 02cb3c60..b5c9b5d9 100644 --- a/README.openssh +++ b/README.openssh @@ -33,8 +33,8 @@ The OpenBSD team Miscellania - This version of SSH is based upon code retrieved from the OpenBSD CVS -repository on 1999-10-26, which in turn was based on the last free -version of SSH released by Tatu Ylonen. +repository on 1999-10-26 patched by Damien Miller , which +in turn was based on the last free version of SSH released by Tatu Ylonen. Code in helper.[ch] is Copyright 1999 Internet Business Solutions and is released under a X11-style license (see source file for details). diff --git a/acconfig.h b/acconfig.h new file mode 100644 index 00000000..7119b94a --- /dev/null +++ b/acconfig.h @@ -0,0 +1,7 @@ +/* config.h.in. Generated by hand, don't use autoheader. */ + +/* Define if your ssl headers are included with #include */ +#undef HAVE_SSL + +/* Define if your ssl headers are included with #include */ +#undef HAVE_OPENSSL diff --git a/auth-rsa.c b/auth-rsa.c index 1c219686..0311f42f 100644 --- a/auth-rsa.c +++ b/auth-rsa.c @@ -15,6 +15,7 @@ validity of the host key. */ +#include "config.h" #include "includes.h" RCSID("$Id$"); @@ -25,8 +26,14 @@ RCSID("$Id$"); #include "mpaux.h" #include "uidswap.h" +#ifdef HAVE_OPENSSL #include #include +#endif +#ifdef HAVE_SSL +#include +#include +#endif /* Flags that may be set in authorized_keys options. */ extern int no_port_forwarding_flag; diff --git a/authfd.c b/authfd.c index fb03facc..ab82b337 100644 --- a/authfd.c +++ b/authfd.c @@ -13,6 +13,7 @@ Functions for connecting the local authentication agent. */ +#include "config.h" #include "includes.h" RCSID("$Id$"); @@ -24,7 +25,12 @@ RCSID("$Id$"); #include "xmalloc.h" #include "getput.h" +#ifdef HAVE_OPENSSL #include +#endif +#ifdef HAVE_SSL +#include +#endif /* Returns the number of the authentication fd, or -1 if there is none. */ diff --git a/authfile.c b/authfile.c index 90c470d5..5008f1f1 100644 --- a/authfile.c +++ b/authfile.c @@ -14,10 +14,17 @@ for reading the passphrase from the user. */ +#include "config.h" #include "includes.h" RCSID("$Id$"); +#ifdef HAVE_OPENSSL #include +#endif +#ifdef HAVE_SSL +#include +#endif + #include "xmalloc.h" #include "buffer.h" #include "bufaux.h" diff --git a/bufaux.c b/bufaux.c index 56e03464..59c8d732 100644 --- a/bufaux.c +++ b/bufaux.c @@ -14,11 +14,19 @@ Buffers. */ +#include "config.h" #include "includes.h" RCSID("$Id$"); #include "ssh.h" + +#ifdef HAVE_OPENSSL #include +#endif +#ifdef HAVE_SSL +#include +#endif + #include "bufaux.h" #include "xmalloc.h" #include "getput.h" diff --git a/cipher.c b/cipher.c index ac64a30d..ade17dbc 100644 --- a/cipher.c +++ b/cipher.c @@ -11,13 +11,19 @@ Created: Wed Apr 19 17:41:39 1995 ylo */ +#include "config.h" #include "includes.h" RCSID("$Id$"); #include "ssh.h" #include "cipher.h" +#ifdef HAVE_OPENSSL #include +#endif +#ifdef HAVE_SSL +#include +#endif /* * What kind of tripple DES are these 2 routines? diff --git a/cipher.h b/cipher.h index bded6243..d04855a4 100644 --- a/cipher.h +++ b/cipher.h @@ -13,11 +13,19 @@ Created: Wed Apr 19 16:50:42 1995 ylo /* RCSID("$Id$"); */ +#include "config.h" + #ifndef CIPHER_H #define CIPHER_H +#ifdef HAVE_OPENSSL #include #include +#endif +#ifdef HAVE_SSL +#include +#include +#endif /* Cipher types. New types can be added, but old types should not be removed for compatibility. The maximum allowed value is 31. */ diff --git a/config.h.in b/config.h.in new file mode 100644 index 00000000..44a5686d --- /dev/null +++ b/config.h.in @@ -0,0 +1,139 @@ +/* config.h.in. Generated automatically from configure.in by autoheader. */ + +/* Define to empty if the keyword does not work. */ +#undef const + +/* Define to `int' if doesn't define. */ +#undef gid_t + +/* Define if you don't have vprintf but do have _doprnt. */ +#undef HAVE_DOPRNT + +/* Define if your struct stat has st_blksize. */ +#undef HAVE_ST_BLKSIZE + +/* Define if you have that is POSIX.1 compatible. */ +#undef HAVE_SYS_WAIT_H + +/* Define if utime(file, NULL) sets file's timestamp to the present. */ +#undef HAVE_UTIME_NULL + +/* Define if you have the vprintf function. */ +#undef HAVE_VPRINTF + +/* Define as __inline if that's what the C compiler calls it. */ +#undef inline + +/* Define to `int' if doesn't define. */ +#undef mode_t + +/* Define to `long' if doesn't define. */ +#undef off_t + +/* Define as the return type of signal handlers (int or void). */ +#undef RETSIGTYPE + +/* Define to `unsigned' if doesn't define. */ +#undef size_t + +/* Define if you have the ANSI C header files. */ +#undef STDC_HEADERS + +/* Define if you can safely include both and . */ +#undef TIME_WITH_SYS_TIME + +/* Define to `int' if doesn't define. */ +#undef uid_t + +/* Define if your ssl headers are included with #include */ +#undef HAVE_SSL + +/* Define if your ssl headers are included with #include */ +#undef HAVE_OPENSSL + +/* Define if you have the arc4random function. */ +#undef HAVE_ARC4RANDOM + +/* Define if you have the gethostname function. */ +#undef HAVE_GETHOSTNAME + +/* Define if you have the gettimeofday function. */ +#undef HAVE_GETTIMEOFDAY + +/* Define if you have the mkdir function. */ +#undef HAVE_MKDIR + +/* Define if you have the mkdtemp function. */ +#undef HAVE_MKDTEMP + +/* Define if you have the rmdir function. */ +#undef HAVE_RMDIR + +/* Define if you have the select function. */ +#undef HAVE_SELECT + +/* Define if you have the setproctitle function. */ +#undef HAVE_SETPROCTITLE + +/* Define if you have the socket function. */ +#undef HAVE_SOCKET + +/* Define if you have the strerror function. */ +#undef HAVE_STRERROR + +/* Define if you have the strlcpy function. */ +#undef HAVE_STRLCPY + +/* Define if you have the strspn function. */ +#undef HAVE_STRSPN + +/* Define if you have the strtol function. */ +#undef HAVE_STRTOL + +/* Define if you have the header file. */ +#undef HAVE_DIRENT_H + +/* Define if you have the header file. */ +#undef HAVE_FCNTL_H + +/* Define if you have the header file. */ +#undef HAVE_NDIR_H + +/* Define if you have the header file. */ +#undef HAVE_PATHS_H + +/* Define if you have the header file. */ +#undef HAVE_SYS_DIR_H + +/* Define if you have the header file. */ +#undef HAVE_SYS_IOCTL_H + +/* Define if you have the header file. */ +#undef HAVE_SYS_NDIR_H + +/* Define if you have the header file. */ +#undef HAVE_SYS_TIME_H + +/* Define if you have the header file. */ +#undef HAVE_SYSLOG_H + +/* Define if you have the header file. */ +#undef HAVE_UNISTD_H + +/* Define if you have the crypto library (-lcrypto). */ +#undef HAVE_LIBCRYPTO + +/* Define if you have the dl library (-ldl). */ +#undef HAVE_LIBDL + +/* Define if you have the pam library (-lpam). */ +#undef HAVE_LIBPAM + +/* Define if you have the pwdb library (-lpwdb). */ +#undef HAVE_LIBPWDB + +/* Define if you have the util library (-lutil). */ +#undef HAVE_LIBUTIL + +/* Define if you have the z library (-lz). */ +#undef HAVE_LIBZ diff --git a/configure.in b/configure.in new file mode 100644 index 00000000..0fac461c --- /dev/null +++ b/configure.in @@ -0,0 +1,54 @@ +dnl Process this file with autoconf to produce a configure script. +AC_INIT(auth-krb4.c) + +AC_CONFIG_HEADER(config.h) + +dnl Checks for programs. +AC_PROG_CC +AC_PROG_RANLIB + +dnl Checks for libraries. +dnl Replace `main' with a function in -lcrypto: +AC_CHECK_LIB(crypto, CRYPTO_lock, ,AC_MSG_ERROR([*** libcrypto missing - please install first ***])) +dnl Replace `main' with a function in -lutil: +AC_CHECK_LIB(util, logout, ,AC_MSG_ERROR([*** -lutil missing - this is part of libc. ***])) +dnl Replace `main' with a function in -lz: +AC_CHECK_LIB(z, deflate, ,AC_MSG_ERROR([*** zlib missing - please install first ***])) +dnl check for pwdb +AC_CHECK_LIB(pwdb, pwdb_new, ,AC_MSG_ERROR([*** libpwdb missing - please install first ***])) +dnl check for dl +AC_CHECK_LIB(dl, dlopen, ,AC_MSG_ERROR([*** libdl missing - please install first ***])) +dnl check for pam +AC_CHECK_LIB(pam, pam_authenticate, ,AC_MSG_ERROR([*** PAM missing - please install first ***])) + +dnl Check for stuff in path. +AC_CHECK_PROG(AR, ar, ar) + +dnl Check for ssl headers +AC_CHECK_HEADER(openssl/bn.h, [AC_DEFINE(HAVE_OPENSSL)], [AC_CHECK_HEADER(ssl/bn.h, [AC_DEFINE(HAVE_SSL)], [AC_MSG_ERROR([*** ssl library missing - please install first ***])])]) + +dnl Checks for header files. +AC_HEADER_DIRENT +AC_HEADER_STDC +AC_HEADER_SYS_WAIT +AC_CHECK_HEADERS(fcntl.h paths.h sys/ioctl.h sys/time.h syslog.h unistd.h) + +dnl Checks for typedefs, structures, and compiler characteristics. +AC_C_CONST +AC_TYPE_UID_T +AC_C_INLINE +AC_TYPE_MODE_T +AC_TYPE_OFF_T +AC_TYPE_SIZE_T +AC_STRUCT_ST_BLKSIZE +AC_HEADER_TIME + +dnl Checks for library functions. +AC_PROG_GCC_TRADITIONAL +AC_FUNC_MEMCMP +AC_TYPE_SIGNAL +AC_FUNC_UTIME_NULL +AC_FUNC_VPRINTF +AC_CHECK_FUNCS(gethostname gettimeofday mkdir rmdir select socket strerror strspn strtol strlcpy mkdtemp arc4random setproctitle) + +AC_OUTPUT(Makefile) diff --git a/mpaux.c b/mpaux.c index 7760b4cf..c17df9e7 100644 --- a/mpaux.c +++ b/mpaux.c @@ -14,14 +14,22 @@ precision integers. */ +#include "config.h" #include "includes.h" RCSID("$Id$"); +#ifdef HAVE_OPENSSL #include +#include +#endif +#ifdef HAVE_SSL +#include +#include +#endif + #include "getput.h" #include "xmalloc.h" -#include void compute_session_id(unsigned char session_id[16], diff --git a/packet.h b/packet.h index 2ea0ae43..90db9c5f 100644 --- a/packet.h +++ b/packet.h @@ -15,10 +15,16 @@ Interface for the packet protocol functions. /* RCSID("$Id$"); */ +#include "config.h" #ifndef PACKET_H #define PACKET_H +#ifdef HAVE_OPENSSL #include +#endif +#ifdef HAVE_SSL +#include +#endif /* Sets the socket used for communication. Disables encryption until packet_set_encryption_key is called. It is permissible that fd_in diff --git a/rsa.h b/rsa.h index 16704607..bc3a3f5d 100644 --- a/rsa.h +++ b/rsa.h @@ -14,12 +14,20 @@ RSA key generation, encryption and decryption. */ /* RCSID("$Id$"); */ +#include "config.h" #ifndef RSA_H #define RSA_H +#ifdef HAVE_OPENSSL #include #include +#endif + +#ifdef HAVE_SSL +#include +#include +#endif /* Calls SSL RSA_generate_key, only copies to prv and pub */ void rsa_generate_key(RSA *prv, RSA *pub, unsigned int bits); diff --git a/ssh-agent.c b/ssh-agent.c index d07e3b81..6df3de43 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -13,6 +13,7 @@ The authentication agent program. */ +#include "config.h" #include "includes.h" RCSID("$Id$"); @@ -26,7 +27,12 @@ RCSID("$Id$"); #include "getput.h" #include "mpaux.h" +#ifdef HAVE_OPENSSL #include +#endif +#ifdef HAVE_SSL +#include +#endif typedef struct { diff --git a/ssh.c b/ssh.c index 9ec18336..d0f4817e 100644 --- a/ssh.c +++ b/ssh.c @@ -215,6 +215,7 @@ main(int ac, char **av) else cp = av0; if (strcmp(cp, "rsh") != 0 && strcmp(cp, "ssh") != 0 && + strcmp(cp, "openssh") != 0 && strcmp(cp, "openlogin") != 0 && strcmp(cp, "rlogin") != 0 && strcmp(cp, "slogin") != 0) host = cp; diff --git a/ssh.h b/ssh.h index 4284bc91..e619b0eb 100644 --- a/ssh.h +++ b/ssh.h @@ -18,6 +18,20 @@ Generic header file for ssh. #ifndef SSH_H #define SSH_H +/* Added by Dan */ +#ifndef SHUT_RDWR +enum +{ + SHUT_RD = 0, /* No more receptions. */ +#define SHUT_RD SHUT_RD + SHUT_WR, /* No more transmissions. */ +#define SHUT_WR SHUT_WR + SHUT_RDWR /* No more receptions or transmissions. */ +#define SHUT_RDWR SHUT_RDWR +}; +#endif + + #include "rsa.h" #include "cipher.h" diff --git a/sshconnect.c b/sshconnect.c index e87dc646..8d74aae1 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -14,10 +14,19 @@ login (authentication) dialog. */ +#include "config.h" #include "includes.h" RCSID("$Id$"); +#ifdef HAVE_OPENSSL #include +#include +#endif +#ifdef HAVE_SSL +#include +#include +#endif + #include "xmalloc.h" #include "rsa.h" #include "ssh.h" @@ -28,7 +37,6 @@ RCSID("$Id$"); #include "uidswap.h" #include "compat.h" -#include /* Session id for the current session. */ unsigned char session_id[16]; -- 2.45.2