From a22aff1fb16cbb68775742f7b60c5bfa3f72c903 Mon Sep 17 00:00:00 2001 From: djm Date: Sat, 28 Oct 2000 03:19:58 +0000 Subject: [PATCH] - (djm) Sync with OpenBSD: - markus@cvs.openbsd.org 2000/10/16 15:46:32 [ssh.1] fixes from pekkas@netcore.fi - markus@cvs.openbsd.org 2000/10/17 14:28:11 [atomicio.c] return number of characters processed; ok deraadt@ - markus@cvs.openbsd.org 2000/10/18 12:04:02 [atomicio.c] undo - markus@cvs.openbsd.org 2000/10/18 12:23:02 [scp.c] replace atomicio(read,...) with read(); ok deraadt@ - markus@cvs.openbsd.org 2000/10/18 12:42:00 [session.c] restore old record login behaviour - deraadt@cvs.openbsd.org 2000/10/19 10:41:13 [auth-skey.c] fmt string problem in unused code - provos@cvs.openbsd.org 2000/10/19 10:45:16 [sshconnect2.c] don't reference freed memory. okay deraadt@ - markus@cvs.openbsd.org 2000/10/21 11:04:23 [canohost.c] typo, eramore@era-t.ericsson.se; ok niels@ - markus@cvs.openbsd.org 2000/10/23 13:31:55 [cipher.c] non-alignment dependent swap_bytes(); from simonb@wasabisystems.com/netbsd - markus@cvs.openbsd.org 2000/10/26 12:38:28 [compat.c] add older vandyke products - markus@cvs.openbsd.org 2000/10/27 01:32:19 [channels.c channels.h clientloop.c serverloop.c session.c] [ssh.c util.c] enable non-blocking IO on channels, and tty's (except for the client ttys). - markus@cvs.openbsd.org 2000/10/27 01:48:22 channels.c channels.h clientloop.c deny agent/x11 forwarding unless requested; thanks to jwl@pobox.com --- ChangeLog | 40 ++++++++++++++++++++++++++++++++ atomicio.c | 2 +- auth-skey.c | 4 ++-- canohost.c | 4 ++-- channels.c | 63 ++++++++++++++++++++++++++++++++++++--------------- channels.h | 11 ++++++--- cipher.c | 39 +++++++++++++------------------ clientloop.c | 18 ++++++++++----- compat.c | 7 ++++-- scp.c | 8 ++++--- serverloop.c | 6 +++-- session.c | 17 ++++++++------ ssh.1 | 7 +++--- ssh.c | 12 ++++++++-- sshconnect2.c | 15 ++++++------ util.c | 13 ++++------- 16 files changed, 177 insertions(+), 89 deletions(-) diff --git a/ChangeLog b/ChangeLog index 914891be..1bbfdcf0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,46 @@ - (djm) fix select hack in serverloop.c from Philippe WILLEM - (djm) Fix mangled AIXAUTHENTICATE code + - (djm) Sync with OpenBSD: + - markus@cvs.openbsd.org 2000/10/16 15:46:32 + [ssh.1] + fixes from pekkas@netcore.fi + - markus@cvs.openbsd.org 2000/10/17 14:28:11 + [atomicio.c] + return number of characters processed; ok deraadt@ + - markus@cvs.openbsd.org 2000/10/18 12:04:02 + [atomicio.c] + undo + - markus@cvs.openbsd.org 2000/10/18 12:23:02 + [scp.c] + replace atomicio(read,...) with read(); ok deraadt@ + - markus@cvs.openbsd.org 2000/10/18 12:42:00 + [session.c] + restore old record login behaviour + - deraadt@cvs.openbsd.org 2000/10/19 10:41:13 + [auth-skey.c] + fmt string problem in unused code + - provos@cvs.openbsd.org 2000/10/19 10:45:16 + [sshconnect2.c] + don't reference freed memory. okay deraadt@ + - markus@cvs.openbsd.org 2000/10/21 11:04:23 + [canohost.c] + typo, eramore@era-t.ericsson.se; ok niels@ + - markus@cvs.openbsd.org 2000/10/23 13:31:55 + [cipher.c] + non-alignment dependent swap_bytes(); from + simonb@wasabisystems.com/netbsd + - markus@cvs.openbsd.org 2000/10/26 12:38:28 + [compat.c] + add older vandyke products + - markus@cvs.openbsd.org 2000/10/27 01:32:19 + [channels.c channels.h clientloop.c serverloop.c session.c] + [ssh.c util.c] + enable non-blocking IO on channels, and tty's (except for the + client ttys). + - markus@cvs.openbsd.org 2000/10/27 01:48:22 + channels.c channels.h clientloop.c + deny agent/x11 forwarding unless requested; thanks to jwl@pobox.com 20001027 - (djm) Increase REKEY_BYTES to 2^24 for arc4random diff --git a/atomicio.c b/atomicio.c index f5b1812f..29ff16c4 100644 --- a/atomicio.c +++ b/atomicio.c @@ -24,7 +24,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: atomicio.c,v 1.5 2000/09/07 20:27:49 deraadt Exp $"); +RCSID("$OpenBSD: atomicio.c,v 1.7 2000/10/18 18:04:02 markus Exp $"); #include "xmalloc.h" #include "ssh.h" diff --git a/auth-skey.c b/auth-skey.c index 1e3cec86..7088b790 100644 --- a/auth-skey.c +++ b/auth-skey.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-skey.c,v 1.8 2000/09/07 20:27:49 deraadt Exp $"); +RCSID("$OpenBSD: auth-skey.c,v 1.9 2000/10/19 16:41:13 deraadt Exp $"); #ifdef SKEY #include "ssh.h" @@ -48,7 +48,7 @@ auth_skey_password(struct passwd * pw, const char *password) skeyinfo = skey_fake_keyinfo(pw->pw_name); } if (skeyinfo != NULL) - packet_send_debug(skeyinfo); + packet_send_debug("%s", skeyinfo); /* Try again. */ return 0; } else if (skey_haskey(pw->pw_name) == 0 && diff --git a/canohost.c b/canohost.c index 98ce9744..6d36dd11 100644 --- a/canohost.c +++ b/canohost.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: canohost.c,v 1.15 2000/09/07 21:13:37 markus Exp $"); +RCSID("$OpenBSD: canohost.c,v 1.16 2000/10/21 17:04:22 markus Exp $"); #include "packet.h" #include "xmalloc.h" @@ -147,7 +147,7 @@ check_ip_options: else ipproto = IPPROTO_IP; option_size = sizeof(options); - if (getsockopt(0, ipproto, IP_OPTIONS, (char *) options, + if (getsockopt(socket, ipproto, IP_OPTIONS, (char *) options, &option_size) >= 0 && option_size != 0) { cp = text; /* Note: "text" buffer must be at least 3x as big as options. */ diff --git a/channels.c b/channels.c index 96d8dc4b..028c09e6 100644 --- a/channels.c +++ b/channels.c @@ -40,7 +40,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: channels.c,v 1.70 2000/09/28 18:03:18 markus Exp $"); +RCSID("$OpenBSD: channels.c,v 1.72 2000/10/27 07:48:22 markus Exp $"); #include "ssh.h" #include "packet.h" @@ -174,7 +174,8 @@ channel_lookup(int id) */ void -channel_register_fds(Channel *c, int rfd, int wfd, int efd, int extusage) +channel_register_fds(Channel *c, int rfd, int wfd, int efd, + int extusage, int nonblock) { /* Update the maximum file descriptor value. */ if (rfd > channel_max_fd_value) @@ -190,12 +191,16 @@ channel_register_fds(Channel *c, int rfd, int wfd, int efd, int extusage) c->sock = (rfd == wfd) ? rfd : -1; c->efd = efd; c->extended_usage = extusage; - if (rfd != -1) - set_nonblock(rfd); - if (wfd != -1) - set_nonblock(wfd); - if (efd != -1) - set_nonblock(efd); + + /* enable nonblocking mode */ + if (nonblock) { + if (rfd != -1) + set_nonblock(rfd); + if (wfd != -1) + set_nonblock(wfd); + if (efd != -1) + set_nonblock(efd); + } } /* @@ -205,7 +210,7 @@ channel_register_fds(Channel *c, int rfd, int wfd, int efd, int extusage) int channel_new(char *ctype, int type, int rfd, int wfd, int efd, - int window, int maxpack, int extusage, char *remote_name) + int window, int maxpack, int extusage, char *remote_name, int nonblock) { int i, found; Channel *c; @@ -245,7 +250,7 @@ channel_new(char *ctype, int type, int rfd, int wfd, int efd, buffer_init(&c->output); buffer_init(&c->extended); chan_init_iostates(c); - channel_register_fds(c, rfd, wfd, efd, extusage); + channel_register_fds(c, rfd, wfd, efd, extusage, nonblock); c->self = found; c->type = type; c->ctype = ctype; @@ -269,7 +274,7 @@ channel_new(char *ctype, int type, int rfd, int wfd, int efd, int channel_allocate(int type, int sock, char *remote_name) { - return channel_new("", type, sock, sock, -1, 0, 0, 0, remote_name); + return channel_new("", type, sock, sock, -1, 0, 0, 0, remote_name, 1); } @@ -548,7 +553,7 @@ channel_post_x11_listener(Channel *c, fd_set * readset, fd_set * writeset) newch = channel_new("x11", SSH_CHANNEL_OPENING, newsock, newsock, -1, c->local_window_max, c->local_maxpacket, - 0, xstrdup(buf)); + 0, xstrdup(buf), 1); if (compat20) { packet_start(SSH2_MSG_CHANNEL_OPEN); packet_put_cstring("x11"); @@ -606,7 +611,7 @@ channel_post_port_listener(Channel *c, fd_set * readset, fd_set * writeset) newch = channel_new("direct-tcpip", SSH_CHANNEL_OPENING, newsock, newsock, -1, c->local_window_max, c->local_maxpacket, - 0, xstrdup(buf)); + 0, xstrdup(buf), 1); if (compat20) { packet_start(SSH2_MSG_CHANNEL_OPEN); packet_put_cstring("direct-tcpip"); @@ -1514,7 +1519,7 @@ channel_request_local_forwarding(u_short port, const char *host, "port listener", SSH_CHANNEL_PORT_LISTENER, sock, sock, -1, CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, - 0, xstrdup("port listener")); + 0, xstrdup("port listener"), 1); strlcpy(channels[ch].path, host, sizeof(channels[ch].path)); channels[ch].host_port = host_port; channels[ch].listening_port = port; @@ -1859,7 +1864,7 @@ x11_create_display_inet(int screen_number, int x11_display_offset) (void) channel_new("x11 listener", SSH_CHANNEL_X11_LISTENER, sock, sock, -1, CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT, - 0, xstrdup("X11 inet listener")); + 0, xstrdup("X11 inet listener"), 1); } /* Return a suitable value for the DISPLAY environment variable. */ @@ -2045,6 +2050,28 @@ x11_input_open(int type, int plen, void *ctxt) } } +/* dummy protocol handler that denies SSH-1 requests (agent/x11) */ +void +deny_input_open(int type, int plen, void *ctxt) +{ + int rchan = packet_get_int(); + switch(type){ + case SSH_SMSG_AGENT_OPEN: + error("Warning: ssh server tried agent forwarding."); + break; + case SSH_SMSG_X11_OPEN: + error("Warning: ssh server tried X11 forwarding."); + break; + default: + error("deny_input_open: type %d plen %d", type, plen); + break; + } + error("Warning: this is probably a break in attempt by a malicious server."); + packet_start(SSH_MSG_CHANNEL_OPEN_FAILURE); + packet_put_int(rchan); + packet_send(); +} + /* * Requests forwarding of X11 connections, generates fake authentication * data, and enables authentication spoofing. @@ -2349,13 +2376,13 @@ channel_register_filter(int id, channel_filter_fn *fn) } void -channel_set_fds(int id, int rfd, int wfd, int efd, int extusage) +channel_set_fds(int id, int rfd, int wfd, int efd, + int extusage, int nonblock) { Channel *c = channel_lookup(id); if (c == NULL || c->type != SSH_CHANNEL_LARVAL) fatal("channel_activate for non-larval channel %d.", id); - - channel_register_fds(c, rfd, wfd, efd, extusage); + channel_register_fds(c, rfd, wfd, efd, extusage, nonblock); c->type = SSH_CHANNEL_OPEN; /* XXX window size? */ c->local_window = c->local_window_max = c->local_maxpacket * 2; diff --git a/channels.h b/channels.h index a74f5926..00526860 100644 --- a/channels.h +++ b/channels.h @@ -32,7 +32,7 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -/* RCSID("$OpenBSD: channels.h,v 1.20 2000/09/21 11:25:33 markus Exp $"); */ +/* RCSID("$OpenBSD: channels.h,v 1.22 2000/10/27 07:48:22 markus Exp $"); */ #ifndef CHANNELS_H #define CHANNELS_H @@ -117,7 +117,6 @@ struct Channel { #define CHAN_X11_PACKET_DEFAULT (CHAN_X11_WINDOW_DEFAULT/2) -void channel_set_fds(int id, int rfd, int wfd, int efd, int extusage); void channel_open(int id); void channel_request(int id, char *service, int wantconfirm); void channel_request_start(int id, char *service, int wantconfirm); @@ -129,7 +128,13 @@ Channel *channel_lookup(int id); int channel_new(char *ctype, int type, int rfd, int wfd, int efd, - int window, int maxpack, int extended_usage, char *remote_name); + int window, int maxpack, int extended_usage, char *remote_name, + int nonblock); +void +channel_set_fds(int id, int rfd, int wfd, int efd, + int extusage, int nonblock); + +void deny_input_open(int type, int plen, void *ctxt); void channel_input_channel_request(int type, int plen, void *ctxt); void channel_input_close(int type, int plen, void *ctxt); diff --git a/cipher.c b/cipher.c index b9c1b28a..65cde473 100644 --- a/cipher.c +++ b/cipher.c @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: cipher.c,v 1.36 2000/10/14 10:01:15 markus Exp $"); +RCSID("$OpenBSD: cipher.c,v 1.37 2000/10/23 19:31:54 markus Exp $"); #include "ssh.h" #include "xmalloc.h" @@ -218,28 +218,21 @@ blowfish_cbc_decrypt(CipherContext *cc, u_char *dest, const u_char *src, * and after encryption/decryption. Thus the swap_bytes stuff (yuk). */ static void -swap_bytes(const unsigned char *src, unsigned char *dst_, int n) -{ - /* dst must be properly aligned. */ - u_int32_t *dst = (u_int32_t *) dst_; - union { - u_int32_t i; - char c[4]; - } t; - - /* Process 8 bytes every lap. */ - for (n = n / 8; n > 0; n--) { - t.c[3] = *src++; - t.c[2] = *src++; - t.c[1] = *src++; - t.c[0] = *src++; - *dst++ = t.i; - - t.c[3] = *src++; - t.c[2] = *src++; - t.c[1] = *src++; - t.c[0] = *src++; - *dst++ = t.i; +swap_bytes(const unsigned char *src, unsigned char *dst, int n) +{ + char c[4]; + + /* Process 4 bytes every lap. */ + for (n = n / 4; n > 0; n--) { + c[3] = *src++; + c[2] = *src++; + c[1] = *src++; + c[0] = *src++; + + *dst++ = c[0]; + *dst++ = c[1]; + *dst++ = c[2]; + *dst++ = c[3]; } } diff --git a/clientloop.c b/clientloop.c index 90a781ec..bccb9be2 100644 --- a/clientloop.c +++ b/clientloop.c @@ -59,7 +59,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: clientloop.c,v 1.37 2000/09/26 19:59:58 markus Exp $"); +RCSID("$OpenBSD: clientloop.c,v 1.39 2000/10/27 07:48:22 markus Exp $"); #include "xmalloc.h" #include "ssh.h" @@ -75,6 +75,10 @@ RCSID("$OpenBSD: clientloop.c,v 1.37 2000/09/26 19:59:58 markus Exp $"); #include "buffer.h" #include "bufaux.h" + +/* import options */ +extern Options options; + /* Flag indicating that stdin should be redirected from /dev/null. */ extern int stdin_null_flag; @@ -790,7 +794,6 @@ simple_escape_filter(Channel *c, char *buf, int len) int client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id) { - extern Options options; double start_time, total_time; int len; char buf[100]; @@ -1033,7 +1036,7 @@ client_input_channel_open(int type, int plen, void *ctxt) debug("client_input_channel_open: ctype %s rchan %d win %d max %d", ctype, rchan, rwindow, rmaxpack); - if (strcmp(ctype, "x11") == 0) { + if (strcmp(ctype, "x11") == 0 && options.forward_x11) { int sock; char *originator; int originator_port; @@ -1052,7 +1055,7 @@ client_input_channel_open(int type, int plen, void *ctxt) if (sock >= 0) { id = channel_new("x11", SSH_CHANNEL_X11_OPEN, sock, sock, -1, CHAN_X11_WINDOW_DEFAULT, - CHAN_X11_PACKET_DEFAULT, 0, xstrdup("x11")); + CHAN_X11_PACKET_DEFAULT, 0, xstrdup("x11"), 1); c = channel_lookup(id); } } @@ -1105,11 +1108,14 @@ client_init_dispatch_13() dispatch_set(SSH_MSG_CHANNEL_OPEN_CONFIRMATION, &channel_input_open_confirmation); dispatch_set(SSH_MSG_CHANNEL_OPEN_FAILURE, &channel_input_open_failure); dispatch_set(SSH_MSG_PORT_OPEN, &channel_input_port_open); - dispatch_set(SSH_SMSG_AGENT_OPEN, &auth_input_open_request); dispatch_set(SSH_SMSG_EXITSTATUS, &client_input_exit_status); dispatch_set(SSH_SMSG_STDERR_DATA, &client_input_stderr_data); dispatch_set(SSH_SMSG_STDOUT_DATA, &client_input_stdout_data); - dispatch_set(SSH_SMSG_X11_OPEN, &x11_input_open); + + dispatch_set(SSH_SMSG_AGENT_OPEN, options.forward_agent ? + &auth_input_open_request : &deny_input_open); + dispatch_set(SSH_SMSG_X11_OPEN, options.forward_x11 ? + &x11_input_open : &deny_input_open); } void client_init_dispatch_15() diff --git a/compat.c b/compat.c index 49bc0519..a4e05ebf 100644 --- a/compat.c +++ b/compat.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: compat.c,v 1.25 2000/10/14 12:16:56 markus Exp $"); +RCSID("$OpenBSD: compat.c,v 1.26 2000/10/26 18:38:28 markus Exp $"); #include "ssh.h" #include "packet.h" @@ -72,7 +72,10 @@ compat_datafellows(const char *version) SSH_BUG_PUBKEYAUTH|SSH_BUG_X11FWD }, { "^2\\.[23]\\.0 ", SSH_BUG_HMAC}, { "^2\\.[2-9]\\.", 0 }, - { "^2\\.", SSH_BUG_HMAC}, /* XXX fallback */ + { "^2\\.4$", SSH_OLD_SESSIONID}, /* Van Dyke */ + { "^3\\.0 SecureCRT", SSH_OLD_SESSIONID}, + { "^1\\.7 SecureFX", SSH_OLD_SESSIONID}, + { "^2\\.", SSH_BUG_HMAC}, /* XXX fallback */ { NULL, 0 } }; /* process table, return first match */ diff --git a/scp.c b/scp.c index 75e50ce2..86276d6d 100644 --- a/scp.c +++ b/scp.c @@ -75,7 +75,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: scp.c,v 1.42 2000/10/14 10:07:21 markus Exp $"); +RCSID("$OpenBSD: scp.c,v 1.43 2000/10/18 18:23:02 markus Exp $"); #include "ssh.h" #include "xmalloc.h" @@ -838,8 +838,10 @@ bad: run_err("%s: %s", np, strerror(errno)); amt = size - i; count += amt; do { - j = atomicio(read, remin, cp, amt); - if (j <= 0) { + j = read(remin, cp, amt); + if (j == -1 && (errno == EINTR || errno == EAGAIN)) { + continue; + } else if (j <= 0) { run_err("%s", j ? strerror(errno) : "dropped connection"); exit(1); diff --git a/serverloop.c b/serverloop.c index a9e47876..6a81806b 100644 --- a/serverloop.c +++ b/serverloop.c @@ -35,6 +35,8 @@ */ #include "includes.h" +RCSID("$OpenBSD: serverloop.c,v 1.34 2000/10/27 07:32:18 markus Exp $"); + #include "xmalloc.h" #include "ssh.h" #include "packet.h" @@ -766,7 +768,7 @@ input_direct_tcpip(void) return -1; return channel_new("direct-tcpip", SSH_CHANNEL_OPEN, sock, sock, -1, CHAN_TCP_WINDOW_DEFAULT, - CHAN_TCP_PACKET_DEFAULT, 0, xstrdup("direct-tcpip")); + CHAN_TCP_PACKET_DEFAULT, 0, xstrdup("direct-tcpip"), 1); } void @@ -800,7 +802,7 @@ server_input_channel_open(int type, int plen, void *ctxt) */ id = channel_new(ctype, SSH_CHANNEL_LARVAL, -1, -1, -1, 0, CHAN_SES_PACKET_DEFAULT, - 0, xstrdup("server-session")); + 0, xstrdup("server-session"), 1); if (session_open(id) == 1) { channel_register_callback(id, SSH2_MSG_CHANNEL_REQUEST, session_input_channel_req, (void *)0); diff --git a/session.c b/session.c index 4325ed3a..4b58131a 100644 --- a/session.c +++ b/session.c @@ -33,7 +33,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: session.c,v 1.40 2000/10/15 14:14:01 markus Exp $"); +RCSID("$OpenBSD: session.c,v 1.42 2000/10/27 07:32:18 markus Exp $"); #include "xmalloc.h" #include "ssh.h" @@ -119,7 +119,7 @@ void session_pty_cleanup(Session *s); void session_proctitle(Session *s); void do_exec_pty(Session *s, const char *command, struct passwd * pw); void do_exec_no_pty(Session *s, const char *command, struct passwd * pw); -void do_login(Session *s); +void do_login(Session *s, const char *command); void do_child(const char *command, struct passwd * pw, const char *term, @@ -627,8 +627,8 @@ do_exec_pty(Session *s, const char *command, struct passwd * pw) close(ttyfd); /* record login, etc. similar to login(1) */ - if (command == NULL && !options.use_login) - do_login(s); + if (!(options.use_login && command == NULL)) + do_login(s, command); /* Do common processing for the child, such as execing the command. */ do_child(command, pw, s->term, s->display, s->auth_proto, @@ -684,7 +684,7 @@ get_remote_name_or_ip(void) /* administrative, login(1)-like work */ void -do_login(Session *s) +do_login(Session *s, const char *command) { FILE *f; char *time_string; @@ -731,7 +731,9 @@ do_login(Session *s) } #endif - /* Done if .hushlogin exists. */ + /* Done if .hushlogin exists or a command given. */ + if (command != NULL) + return; snprintf(buf, sizeof(buf), "%.200s/.hushlogin", pw->pw_dir); #ifdef HAVE_LOGIN_CAP if (login_getcapbool(lc, "hushlogin", 0) || stat(buf, &st) >= 0) @@ -1778,7 +1780,8 @@ session_set_fds(Session *s, int fdin, int fdout, int fderr) fatal("no channel for session %d", s->self); channel_set_fds(s->chanid, fdout, fdin, fderr, - fderr == -1 ? CHAN_EXTENDED_IGNORE : CHAN_EXTENDED_READ); + fderr == -1 ? CHAN_EXTENDED_IGNORE : CHAN_EXTENDED_READ, + 1); } void diff --git a/ssh.1 b/ssh.1 index dac24a43..786df184 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,6 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" +.\" $OpenBSD: ssh.1,v 1.64 2000/10/16 21:46:31 markus Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -367,7 +368,7 @@ It is believed to be secure. (triple-des) is an encrypt-decrypt-encrypt triple with three different keys. It is presumably more secure than the .Ar des -cipher which is no longer supported in +cipher which is no longer fully supported in .Nm ssh . .Ar blowfish is a fast block cipher, it appears very secure and is much faster than @@ -628,9 +629,9 @@ If the option is set to the check will not be executed. .It Cm Cipher Specifies the cipher to use for encrypting the session -in protocol version 1 +in protocol version 1. Currently, -.Dq blowfish , +.Dq blowfish and .Dq 3des are supported. diff --git a/ssh.c b/ssh.c index ed31007a..429d571b 100644 --- a/ssh.c +++ b/ssh.c @@ -39,7 +39,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh.c,v 1.68 2000/10/11 20:27:24 markus Exp $"); +RCSID("$OpenBSD: ssh.c,v 1.69 2000/10/27 07:32:19 markus Exp $"); #include #include @@ -1008,6 +1008,14 @@ ssh_session2(void) if (in < 0 || out < 0 || err < 0) fatal("dup() in/out/err failed"); + /* enable nonblocking unless tty */ + if (!isatty(in)) + set_nonblock(in); + if (!isatty(out)) + set_nonblock(out); + if (!isatty(err)) + set_nonblock(err); + /* should be pre-session */ init_local_fwd(); @@ -1025,7 +1033,7 @@ ssh_session2(void) id = channel_new( "session", SSH_CHANNEL_OPENING, in, out, err, window, packetmax, CHAN_EXTENDED_WRITE, - xstrdup("client-session")); + xstrdup("client-session"), /*nonblock*/0); channel_open(id); channel_register_callback(id, SSH2_MSG_CHANNEL_OPEN_CONFIRMATION, client_init, (void *)0); diff --git a/sshconnect2.c b/sshconnect2.c index 1f3b5a26..6ba23d44 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect2.c,v 1.26 2000/10/14 12:16:56 markus Exp $"); +RCSID("$OpenBSD: sshconnect2.c,v 1.27 2000/10/19 16:45:16 provos Exp $"); #include #include @@ -979,7 +979,7 @@ authmethod_lookup(const char *name) Authmethod * authmethod_get(char *authlist) { - char *name = NULL; + char *name = NULL, *authname_old; Authmethod *method = NULL; /* Use a suitable default if we're passed a nil list. */ @@ -1013,16 +1013,17 @@ authmethod_get(char *authlist) method = NULL; } - if (authname_current != NULL) - xfree(authname_current); - + authname_old = authname_current; if (method != NULL) { debug("next auth method to try is %s", name); authname_current = xstrdup(name); - return method; } else { debug("no more auth methods to try"); authname_current = NULL; - return NULL; } + + if (authname_old != NULL) + xfree(authname_old); + + return (method); } diff --git a/util.c b/util.c index 71808f14..1a591a6f 100644 --- a/util.c +++ b/util.c @@ -1,4 +1,4 @@ -/* $OpenBSD: util.c,v 1.5 2000/09/07 20:27:55 deraadt Exp $ */ +/* $OpenBSD: util.c,v 1.6 2000/10/27 07:32:19 markus Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -25,7 +25,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: util.c,v 1.5 2000/09/07 20:27:55 deraadt Exp $"); +RCSID("$OpenBSD: util.c,v 1.6 2000/10/27 07:32:19 markus Exp $"); #include "ssh.h" @@ -48,18 +48,15 @@ void set_nonblock(int fd) { int val; - if (isatty(fd)) { - /* do not mess with tty's */ - debug("no set_nonblock for tty fd %d", fd); - return; - } val = fcntl(fd, F_GETFL, 0); if (val < 0) { error("fcntl(%d, F_GETFL, 0): %s", fd, strerror(errno)); return; } - if (val & O_NONBLOCK) + if (val & O_NONBLOCK) { + debug("fd %d IS O_NONBLOCK", fd); return; + } debug("fd %d setting O_NONBLOCK", fd); val |= O_NONBLOCK; if (fcntl(fd, F_SETFL, val) == -1) -- 2.45.2