diff options
author | Colin Watson <cjwatson@debian.org> | 2013-09-14 15:43:03 +0100 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2013-09-14 15:43:03 +0100 |
commit | 8faf8c84430cf3c19705b1d9f8889d256e7fd1fd (patch) | |
tree | e6cb74192adb00fda5e4d1457547851d7e0d86af | |
parent | 328b60656f29db6306994d7498dede386ec2d1c3 (diff) | |
parent | c41345ad7ee5a22689e2c009595e85fa27b4b39a (diff) |
merge 6.3p1
221 files changed, 5477 insertions, 3186 deletions
@@ -1,17 +1,628 @@ | |||
1 | 20130913 | ||
2 | - (djm) [channels.c] Fix unaligned access on sparc machines in SOCKS5 code; | ||
3 | ok dtucker@ | ||
4 | - (djm) [channels.c] sigh, typo s/buffet_/buffer_/ | ||
5 | - (djm) Release 6.3p1 | ||
6 | |||
7 | 20130808 | ||
8 | - (dtucker) [regress/Makefile regress/test-exec.sh] Don't try to use test -nt | ||
9 | since some platforms (eg really old FreeBSD) don't have it. Instead, | ||
10 | run "make clean" before a complete regress run. ok djm. | ||
11 | - (dtucker) [misc.c] Fall back to time(2) at runtime if clock_gettime( | ||
12 | CLOCK_MONOTONIC...) fails. Some older versions of RHEL have the | ||
13 | CLOCK_MONOTONIC define but don't actually support it. Found and tested | ||
14 | by Kevin Brott, ok djm. | ||
15 | - (dtucker) [misc.c] Remove define added for fallback testing that was | ||
16 | mistakenly included in the previous commit. | ||
17 | - (dtucker) [regress/Makefile regress/test-exec.sh] Roll back the -nt | ||
18 | removal. The "make clean" removes modpipe which is built by the top-level | ||
19 | directory before running the tests. Spotted by tim@ | ||
20 | |||
21 | 20130804 | ||
22 | - (dtucker) [auth-krb5.c configure.ac openbsd-compat/bsd-misc.h] Add support | ||
23 | for building with older Heimdal versions. ok djm. | ||
24 | |||
25 | 20130801 | ||
26 | - (djm) [channels.c channels.h] bz#2135: On Solaris, isatty() on a non- | ||
27 | blocking connecting socket will clear any stored errno that might | ||
28 | otherwise have been retrievable via getsockopt(). A hack to limit writes | ||
29 | to TTYs on AIX was triggering this. Since only AIX needs the hack, wrap | ||
30 | it in an #ifdef. Diagnosis and patch from Ivo Raisr. | ||
31 | - (djm) [sshlogin.h] Fix prototype merge botch from 2006; bz#2134 | ||
32 | |||
33 | 20130725 | ||
34 | - (djm) OpenBSD CVS Sync | ||
35 | - djm@cvs.openbsd.org 2013/07/20 22:20:42 | ||
36 | [krl.c] | ||
37 | fix verification error in (as-yet usused) KRL signature checking path | ||
38 | - djm@cvs.openbsd.org 2013/07/22 05:00:17 | ||
39 | [umac.c] | ||
40 | make MAC key, data to be hashed and nonce for final hash const; | ||
41 | checked with -Wcast-qual | ||
42 | - djm@cvs.openbsd.org 2013/07/22 12:20:02 | ||
43 | [umac.h] | ||
44 | oops, forgot to commit corresponding header change; | ||
45 | spotted by jsg and jasper | ||
46 | - djm@cvs.openbsd.org 2013/07/25 00:29:10 | ||
47 | [ssh.c] | ||
48 | daemonise backgrounded (ControlPersist'ed) multiplexing master to ensure | ||
49 | it is fully detached from its controlling terminal. based on debugging | ||
50 | - djm@cvs.openbsd.org 2013/07/25 00:56:52 | ||
51 | [sftp-client.c sftp-client.h sftp.1 sftp.c] | ||
52 | sftp support for resuming partial downloads; patch mostly by Loganaden | ||
53 | Velvindron/AfriNIC with some tweaks by me; feedback and ok dtucker@ | ||
54 | "Just be careful" deraadt@ | ||
55 | - djm@cvs.openbsd.org 2013/07/25 00:57:37 | ||
56 | [version.h] | ||
57 | openssh-6.3 for release | ||
58 | - dtucker@cvs.openbsd.org 2013/05/30 20:12:32 | ||
59 | [regress/test-exec.sh] | ||
60 | use ssh and sshd as testdata since it needs to be >256k for the rekey test | ||
61 | - dtucker@cvs.openbsd.org 2013/06/10 21:56:43 | ||
62 | [regress/forwarding.sh] | ||
63 | Add test for forward config parsing | ||
64 | - djm@cvs.openbsd.org 2013/06/21 02:26:26 | ||
65 | [regress/sftp-cmds.sh regress/test-exec.sh] | ||
66 | unbreak sftp-cmds for renamed test data (s/ls/data/) | ||
67 | - (tim) [sftp-client.c] Use of a gcc extension trips up native compilers on | ||
68 | Solaris and UnixWare. Feedback and OK djm@ | ||
69 | - (tim) [regress/forwarding.sh] Fix for building outside source tree. | ||
70 | |||
71 | 20130720 | ||
72 | - (djm) OpenBSD CVS Sync | ||
73 | - markus@cvs.openbsd.org 2013/07/19 07:37:48 | ||
74 | [auth.h kex.h kexdhs.c kexecdhs.c kexgexs.c monitor.c servconf.c] | ||
75 | [servconf.h session.c sshd.c sshd_config.5] | ||
76 | add ssh-agent(1) support to sshd(8); allows encrypted hostkeys, | ||
77 | or hostkeys on smartcards; most of the work by Zev Weiss; bz #1974 | ||
78 | ok djm@ | ||
79 | - djm@cvs.openbsd.org 2013/07/20 01:43:46 | ||
80 | [umac.c] | ||
81 | use a union to ensure correct alignment; ok deraadt | ||
82 | - djm@cvs.openbsd.org 2013/07/20 01:44:37 | ||
83 | [ssh-keygen.c ssh.c] | ||
84 | More useful error message on missing current user in /etc/passwd | ||
85 | - djm@cvs.openbsd.org 2013/07/20 01:50:20 | ||
86 | [ssh-agent.c] | ||
87 | call cleanup_handler on SIGINT when in debug mode to ensure sockets | ||
88 | are cleaned up on manual exit; bz#2120 | ||
89 | - djm@cvs.openbsd.org 2013/07/20 01:55:13 | ||
90 | [auth-krb5.c gss-serv-krb5.c gss-serv.c] | ||
91 | fix kerberos/GSSAPI deprecation warnings and linking; "looks okay" millert@ | ||
92 | |||
93 | 20130718 | ||
94 | - (djm) OpenBSD CVS Sync | ||
95 | - dtucker@cvs.openbsd.org 2013/06/10 19:19:44 | ||
96 | [readconf.c] | ||
97 | revert 1.203 while we investigate crashes reported by okan@ | ||
98 | - guenther@cvs.openbsd.org 2013/06/17 04:48:42 | ||
99 | [scp.c] | ||
100 | Handle time_t values as long long's when formatting them and when | ||
101 | parsing them from remote servers. | ||
102 | Improve error checking in parsing of 'T' lines. | ||
103 | ok dtucker@ deraadt@ | ||
104 | - markus@cvs.openbsd.org 2013/06/20 19:15:06 | ||
105 | [krl.c] | ||
106 | don't leak the rdata blob on errors; ok djm@ | ||
107 | - djm@cvs.openbsd.org 2013/06/21 00:34:49 | ||
108 | [auth-rsa.c auth.h auth2-hostbased.c auth2-pubkey.c monitor.c] | ||
109 | for hostbased authentication, print the client host and user on | ||
110 | the auth success/failure line; bz#2064, ok dtucker@ | ||
111 | - djm@cvs.openbsd.org 2013/06/21 00:37:49 | ||
112 | [ssh_config.5] | ||
113 | explicitly mention that IdentitiesOnly can be used with IdentityFile | ||
114 | to control which keys are offered from an agent. | ||
115 | - djm@cvs.openbsd.org 2013/06/21 05:42:32 | ||
116 | [dh.c] | ||
117 | sprinkle in some error() to explain moduli(5) parse failures | ||
118 | - djm@cvs.openbsd.org 2013/06/21 05:43:10 | ||
119 | [scp.c] | ||
120 | make this -Wsign-compare clean after time_t conversion | ||
121 | - djm@cvs.openbsd.org 2013/06/22 06:31:57 | ||
122 | [scp.c] | ||
123 | improved time_t overflow check suggested by guenther@ | ||
124 | - jmc@cvs.openbsd.org 2013/06/27 14:05:37 | ||
125 | [ssh-keygen.1 ssh.1 ssh_config.5 sshd.8 sshd_config.5] | ||
126 | do not use Sx for sections outwith the man page - ingo informs me that | ||
127 | stuff like html will render with broken links; | ||
128 | issue reported by Eric S. Raymond, via djm | ||
129 | - markus@cvs.openbsd.org 2013/07/02 12:31:43 | ||
130 | [dh.c] | ||
131 | remove extra whitespace | ||
132 | - djm@cvs.openbsd.org 2013/07/12 00:19:59 | ||
133 | [auth-options.c auth-rsa.c bufaux.c buffer.h channels.c hostfile.c] | ||
134 | [hostfile.h mux.c packet.c packet.h roaming_common.c serverloop.c] | ||
135 | fix pointer-signedness warnings from clang/llvm-3.3; "seems nice" deraadt@ | ||
136 | - djm@cvs.openbsd.org 2013/07/12 00:20:00 | ||
137 | [sftp.c ssh-keygen.c ssh-pkcs11.c] | ||
138 | fix pointer-signedness warnings from clang/llvm-3.3; "seems nice" deraadt@ | ||
139 | - djm@cvs.openbsd.org 2013/07/12 00:43:50 | ||
140 | [misc.c] | ||
141 | in ssh_gai_strerror() don't fallback to strerror for EAI_SYSTEM when | ||
142 | errno == 0. Avoids confusing error message in some broken resolver | ||
143 | cases. bz#2122 patch from plautrba AT redhat.com; ok dtucker | ||
144 | - djm@cvs.openbsd.org 2013/07/12 05:42:03 | ||
145 | [ssh-keygen.c] | ||
146 | do_print_resource_record() can never be called with a NULL filename, so | ||
147 | don't attempt (and bungle) asking for one if it has not been specified | ||
148 | bz#2127 ok dtucker@ | ||
149 | - djm@cvs.openbsd.org 2013/07/12 05:48:55 | ||
150 | [ssh.c] | ||
151 | set TCP nodelay for connections started with -N; bz#2124 ok dtucker@ | ||
152 | - schwarze@cvs.openbsd.org 2013/07/16 00:07:52 | ||
153 | [scp.1 sftp-server.8 ssh-keyscan.1 ssh-keysign.8 ssh-pkcs11-helper.8] | ||
154 | use .Mt for email addresses; from Jan Stary <hans at stare dot cz>; ok jmc@ | ||
155 | - djm@cvs.openbsd.org 2013/07/18 01:12:26 | ||
156 | [ssh.1] | ||
157 | be more exact wrt perms for ~/.ssh/config; bz#2078 | ||
158 | |||
159 | 20130702 | ||
160 | - (dtucker) [contrib/cygwin/README contrib/cygwin/ssh-host-config | ||
161 | contrib/cygwin/ssh-user-config] Modernizes and improve readability of | ||
162 | the Cygwin README file (which hasn't been updated for ages), drop | ||
163 | unsupported OSes from the ssh-host-config help text, and drop an | ||
164 | unneeded option from ssh-user-config. Patch from vinschen at redhat com. | ||
165 | |||
166 | 20130610 | ||
167 | - (djm) OpenBSD CVS Sync | ||
168 | - dtucker@cvs.openbsd.org 2013/06/07 15:37:52 | ||
169 | [channels.c channels.h clientloop.c] | ||
170 | Add an "ABANDONED" channel state and use for mux sessions that are | ||
171 | disconnected via the ~. escape sequence. Channels in this state will | ||
172 | be able to close if the server responds, but do not count as active channels. | ||
173 | This means that if you ~. all of the mux clients when using ControlPersist | ||
174 | on a broken network, the backgrounded mux master will exit when the | ||
175 | Control Persist time expires rather than hanging around indefinitely. | ||
176 | bz#1917, also reported and tested by tedu@. ok djm@ markus@. | ||
177 | - (dtucker) [Makefile.in configure.ac fixalgorithms] Remove unsupported | ||
178 | algorithms (Ciphers, MACs and HostKeyAlgorithms) from man pages. | ||
179 | - (dtucker) [myproposal.h] Do not advertise AES GSM ciphers if we don't have | ||
180 | the required OpenSSL support. Patch from naddy at freebsd. | ||
181 | - (dtucker) [myproposal.h] Make the conditional algorithm support consistent | ||
182 | and add some comments so it's clear what goes where. | ||
183 | |||
184 | 20130605 | ||
185 | - (dtucker) [myproposal.h] Enable sha256 kex methods based on the presence of | ||
186 | the necessary functions, not from the openssl version. | ||
187 | - (dtucker) [contrib/ssh-copy-id] bz#2117: Use portable operator in test. | ||
188 | Patch from cjwatson at debian. | ||
189 | - (dtucker) [regress/forwarding.sh] For (as yet unknown) reason, the | ||
190 | forwarding test is extremely slow copying data on some machines so switch | ||
191 | back to copying the much smaller ls binary until we can figure out why | ||
192 | this is. | ||
193 | - (dtucker) [Makefile.in] append $CFLAGS to compiler options when building | ||
194 | modpipe in case there's anything in there we need. | ||
195 | - (dtucker) OpenBSD CVS Sync | ||
196 | - dtucker@cvs.openbsd.org 2013/06/02 21:01:51 | ||
197 | [channels.h] | ||
198 | typo in comment | ||
199 | - dtucker@cvs.openbsd.org 2013/06/02 23:36:29 | ||
200 | [clientloop.h clientloop.c mux.c] | ||
201 | No need for the mux cleanup callback to be visible so restore it to static | ||
202 | and call it through the detach_user function pointer. ok djm@ | ||
203 | - dtucker@cvs.openbsd.org 2013/06/03 00:03:18 | ||
204 | [mac.c] | ||
205 | force the MAC output to be 64-bit aligned so umac won't see unaligned | ||
206 | accesses on strict-alignment architectures. bz#2101, patch from | ||
207 | tomas.kuthan at oracle.com, ok djm@ | ||
208 | - dtucker@cvs.openbsd.org 2013/06/04 19:12:23 | ||
209 | [scp.c] | ||
210 | use MAXPATHLEN for buffer size instead of fixed value. ok markus | ||
211 | - dtucker@cvs.openbsd.org 2013/06/04 20:42:36 | ||
212 | [sftp.c] | ||
213 | Make sftp's libedit interface marginally multibyte aware by building up | ||
214 | the quoted string by character instead of by byte. Prevents failures | ||
215 | when linked against a libedit built with wide character support (bz#1990). | ||
216 | "looks ok" djm | ||
217 | - dtucker@cvs.openbsd.org 2013/06/05 02:07:29 | ||
218 | [mux.c] | ||
219 | fix leaks in mux error paths, from Zhenbo Xu, found by Melton. bz#1967, | ||
220 | ok djm | ||
221 | - dtucker@cvs.openbsd.org 2013/06/05 02:27:50 | ||
222 | [sshd.c] | ||
223 | When running sshd -D, close stderr unless we have explicitly requesting | ||
224 | logging to stderr. From james.hunt at ubuntu.com via bz#1976, djm's patch | ||
225 | so, err, ok dtucker. | ||
226 | - dtucker@cvs.openbsd.org 2013/06/05 12:52:38 | ||
227 | [sshconnect2.c] | ||
228 | Fix memory leaks found by Zhenbo Xu and the Melton tool. bz#1967, ok djm | ||
229 | - dtucker@cvs.openbsd.org 2013/06/05 22:00:28 | ||
230 | [readconf.c] | ||
231 | plug another memleak. bz#1967, from Zhenbo Xu, detected by Melton, ok djm | ||
232 | - (dtucker) [configure.ac sftp.c openbsd-compat/openbsd-compat.h] Cater for | ||
233 | platforms that don't have multibyte character support (specifically, | ||
234 | mblen). | ||
235 | |||
236 | 20130602 | ||
237 | - (tim) [Makefile.in] Make Solaris, UnixWare, & OpenServer linkers happy | ||
238 | linking regress/modpipe. | ||
239 | - (dtucker) OpenBSD CVS Sync | ||
240 | - dtucker@cvs.openbsd.org 2013/06/02 13:33:05 | ||
241 | [progressmeter.c] | ||
242 | Add misc.h for monotime prototype. (ID sync only). | ||
243 | - dtucker@cvs.openbsd.org 2013/06/02 13:35:58 | ||
244 | [ssh-agent.c] | ||
245 | Make parent_alive_interval time_t to avoid signed/unsigned comparison | ||
246 | - (dtucker) [configure.ac] sys/un.h needs sys/socket.h on some platforms | ||
247 | to prevent noise from configure. Patch from Nathan Osman. (bz#2114). | ||
248 | - (dtucker) [configure.ac] bz#2111: don't try to use lastlog on Android. | ||
249 | Patch from Nathan Osman. | ||
250 | - (tim) [configure.ac regress/Makefile] With rev 1.47 of test-exec.sh we | ||
251 | need a shell that can handle "[ file1 -nt file2 ]". Rather than keep | ||
252 | dealing with shell portability issues in regression tests, we let | ||
253 | configure find us a capable shell on those platforms with an old /bin/sh. | ||
254 | - (tim) [aclocal.m4] Enhance OSSH_CHECK_CFLAG_COMPILE to check stderr. | ||
255 | feedback and ok dtucker | ||
256 | - (tim) [regress/sftp-chroot.sh] skip if no sudo. ok dtucker | ||
257 | - (dtucker) [configure.ac] Some platforms need sys/types.h before sys/un.h. | ||
258 | - (dtucker) [configure.ac] Some other platforms need sys/types.h before | ||
259 | sys/socket.h. | ||
260 | |||
261 | 20130601 | ||
262 | - (dtucker) [configure.ac openbsd-compat/xcrypt.c] bz#2112: fall back to | ||
263 | using openssl's DES_crypt function on platorms that don't have a native | ||
264 | one, eg Android. Based on a patch from Nathan Osman. | ||
265 | - (dtucker) [configure.ac defines.h] Test for fd_mask, howmany and NFDBITS | ||
266 | rather than trying to enumerate the plaforms that don't have them. | ||
267 | Based on a patch from Nathan Osman, with help from tim@. | ||
268 | - (dtucker) OpenBSD CVS Sync | ||
269 | - djm@cvs.openbsd.org 2013/05/17 00:13:13 | ||
270 | [xmalloc.h cipher.c sftp-glob.c ssh-keyscan.c ssh.c sftp-common.c | ||
271 | ssh-ecdsa.c auth2-chall.c compat.c readconf.c kexgexs.c monitor.c | ||
272 | gss-genr.c cipher-3des1.c kex.c monitor_wrap.c ssh-pkcs11-client.c | ||
273 | auth-options.c rsa.c auth2-pubkey.c sftp.c hostfile.c auth2.c | ||
274 | servconf.c auth.c authfile.c xmalloc.c uuencode.c sftp-client.c | ||
275 | auth2-gss.c sftp-server.c bufaux.c mac.c session.c jpake.c kexgexc.c | ||
276 | sshconnect.c auth-chall.c auth2-passwd.c sshconnect1.c buffer.c | ||
277 | kexecdhs.c kexdhs.c ssh-rsa.c auth1.c ssh-pkcs11.c auth2-kbdint.c | ||
278 | kexdhc.c sshd.c umac.c ssh-dss.c auth2-jpake.c bufbn.c clientloop.c | ||
279 | monitor_mm.c scp.c roaming_client.c serverloop.c key.c auth-rsa.c | ||
280 | ssh-pkcs11-helper.c ssh-keysign.c ssh-keygen.c match.c channels.c | ||
281 | sshconnect2.c addrmatch.c mux.c canohost.c kexecdhc.c schnorr.c | ||
282 | ssh-add.c misc.c auth2-hostbased.c ssh-agent.c bufec.c groupaccess.c | ||
283 | dns.c packet.c readpass.c authfd.c moduli.c] | ||
284 | bye, bye xfree(); ok markus@ | ||
285 | - djm@cvs.openbsd.org 2013/05/19 02:38:28 | ||
286 | [auth2-pubkey.c] | ||
287 | fix failure to recognise cert-authority keys if a key of a different type | ||
288 | appeared in authorized_keys before it; ok markus@ | ||
289 | - djm@cvs.openbsd.org 2013/05/19 02:42:42 | ||
290 | [auth.h auth.c key.c monitor.c auth-rsa.c auth2.c auth1.c key.h] | ||
291 | Standardise logging of supplemental information during userauth. Keys | ||
292 | and ruser is now logged in the auth success/failure message alongside | ||
293 | the local username, remote host/port and protocol in use. Certificates | ||
294 | contents and CA are logged too. | ||
295 | Pushing all logging onto a single line simplifies log analysis as it is | ||
296 | no longer necessary to relate information scattered across multiple log | ||
297 | entries. "I like it" markus@ | ||
298 | - dtucker@cvs.openbsd.org 2013/05/31 12:28:10 | ||
299 | [ssh-agent.c] | ||
300 | Use time_t where appropriate. ok djm | ||
301 | - dtucker@cvs.openbsd.org 2013/06/01 13:15:52 | ||
302 | [ssh-agent.c clientloop.c misc.h packet.c progressmeter.c misc.c | ||
303 | channels.c sandbox-systrace.c] | ||
304 | Use clock_gettime(CLOCK_MONOTONIC ...) for ssh timers so that things like | ||
305 | keepalives and rekeying will work properly over clock steps. Suggested by | ||
306 | markus@, "looks good" djm@. | ||
307 | - dtucker@cvs.openbsd.org 2013/06/01 20:59:25 | ||
308 | [scp.c sftp-client.c] | ||
309 | Replace S_IWRITE, which isn't standardized, with S_IWUSR, which is. Patch | ||
310 | from Nathan Osman via bz#2085. ok deraadt. | ||
311 | - dtucker@cvs.openbsd.org 2013/06/01 22:34:50 | ||
312 | [sftp-client.c] | ||
313 | Update progressmeter when data is acked, not when it's sent. bz#2108, from | ||
314 | Debian via Colin Watson, ok djm@ | ||
315 | - (dtucker) [M auth-chall.c auth-krb5.c auth-pam.c cipher-aes.c cipher-ctr.c | ||
316 | groupaccess.c loginrec.c monitor.c monitor_wrap.c session.c sshd.c | ||
317 | sshlogin.c uidswap.c openbsd-compat/bsd-cygwin_util.c | ||
318 | openbsd-compat/getrrsetbyname-ldns.c openbsd-compat/port-aix.c | ||
319 | openbsd-compat/port-linux.c] Replace portable-specific instances of xfree | ||
320 | with the equivalent calls to free. | ||
321 | - (dtucker) [configure.ac misc.c] Look for clock_gettime in librt and fall | ||
322 | back to time(NULL) if we can't find it anywhere. | ||
323 | - (dtucker) [sandbox-seccomp-filter.c] Allow clock_gettimeofday. | ||
324 | |||
325 | 20130529 | ||
326 | - (dtucker) [configure.ac openbsd-compat/bsd-misc.h] bz#2087: Add a null | ||
327 | implementation of endgrent for platforms that don't have it (eg Android). | ||
328 | Loosely based on a patch from Nathan Osman, ok djm | ||
329 | |||
330 | 20130517 | ||
331 | - (dtucker) OpenBSD CVS Sync | ||
332 | - djm@cvs.openbsd.org 2013/03/07 00:20:34 | ||
333 | [regress/proxy-connect.sh] | ||
334 | repeat test with a style appended to the username | ||
335 | - dtucker@cvs.openbsd.org 2013/03/23 11:09:43 | ||
336 | [regress/test-exec.sh] | ||
337 | Only regenerate host keys if they don't exist or if ssh-keygen has changed | ||
338 | since they were. Reduces test runtime by 5-30% depending on machine | ||
339 | speed. | ||
340 | - dtucker@cvs.openbsd.org 2013/04/06 06:00:22 | ||
341 | [regress/rekey.sh regress/test-exec.sh regress/integrity.sh | ||
342 | regress/multiplex.sh Makefile regress/cfgmatch.sh] | ||
343 | Split the regress log into 3 parts: the debug output from ssh, the debug | ||
344 | log from sshd and the output from the client command (ssh, scp or sftp). | ||
345 | Somewhat functional now, will become more useful when ssh/sshd -E is added. | ||
346 | - dtucker@cvs.openbsd.org 2013/04/07 02:16:03 | ||
347 | [regress/Makefile regress/rekey.sh regress/integrity.sh | ||
348 | regress/sshd-log-wrapper.sh regress/forwarding.sh regress/test-exec.sh] | ||
349 | use -E option for ssh and sshd to write debuging logs to ssh{,d}.log and | ||
350 | save the output from any failing tests. If a test fails the debug output | ||
351 | from ssh and sshd for the failing tests (and only the failing tests) should | ||
352 | be available in failed-ssh{,d}.log. | ||
353 | - djm@cvs.openbsd.org 2013/04/18 02:46:12 | ||
354 | [regress/Makefile regress/sftp-chroot.sh] | ||
355 | test sshd ChrootDirectory+internal-sftp; feedback & ok dtucker@ | ||
356 | - dtucker@cvs.openbsd.org 2013/04/22 07:23:08 | ||
357 | [regress/multiplex.sh] | ||
358 | Write mux master logs to regress.log instead of ssh.log to keep separate | ||
359 | - djm@cvs.openbsd.org 2013/05/10 03:46:14 | ||
360 | [regress/modpipe.c] | ||
361 | sync some portability changes from portable OpenSSH (id sync only) | ||
362 | - dtucker@cvs.openbsd.org 2013/05/16 02:10:35 | ||
363 | [regress/rekey.sh] | ||
364 | Add test for time-based rekeying | ||
365 | - dtucker@cvs.openbsd.org 2013/05/16 03:33:30 | ||
366 | [regress/rekey.sh] | ||
367 | test rekeying when there's no data being transferred | ||
368 | - dtucker@cvs.openbsd.org 2013/05/16 04:26:10 | ||
369 | [regress/rekey.sh] | ||
370 | add server-side rekey test | ||
371 | - dtucker@cvs.openbsd.org 2013/05/16 05:48:31 | ||
372 | [regress/rekey.sh] | ||
373 | add tests for RekeyLimit parsing | ||
374 | - dtucker@cvs.openbsd.org 2013/05/17 00:37:40 | ||
375 | [regress/agent.sh regress/keytype.sh regress/cfgmatch.sh | ||
376 | regress/forcecommand.sh regress/proto-version.sh regress/test-exec.sh | ||
377 | regress/cipher-speed.sh regress/cert-hostkey.sh regress/cert-userkey.sh | ||
378 | regress/ssh-com.sh] | ||
379 | replace 'echo -n' with 'printf' since it's more portable | ||
380 | also remove "echon" hack. | ||
381 | - dtucker@cvs.openbsd.org 2013/05/17 01:16:09 | ||
382 | [regress/agent-timeout.sh] | ||
383 | Pull back some portability changes from -portable: | ||
384 | - TIMEOUT is a read-only variable in some shells | ||
385 | - not all greps have -q so redirect to /dev/null instead. | ||
386 | (ID sync only) | ||
387 | - dtucker@cvs.openbsd.org 2013/05/17 01:32:11 | ||
388 | [regress/integrity.sh] | ||
389 | don't print output from ssh before getting it (it's available in ssh.log) | ||
390 | - dtucker@cvs.openbsd.org 2013/05/17 04:29:14 | ||
391 | [regress/sftp.sh regress/putty-ciphers.sh regress/cipher-speed.sh | ||
392 | regress/test-exec.sh regress/sftp-batch.sh regress/dynamic-forward.sh | ||
393 | regress/putty-transfer.sh regress/conch-ciphers.sh regress/sftp-cmds.sh | ||
394 | regress/scp.sh regress/ssh-com-sftp.sh regress/rekey.sh | ||
395 | regress/putty-kex.sh regress/stderr-data.sh regress/stderr-after-eof.sh | ||
396 | regress/sftp-badcmds.sh regress/reexec.sh regress/ssh-com-client.sh | ||
397 | regress/sftp-chroot.sh regress/forwarding.sh regress/transfer.sh | ||
398 | regress/multiplex.sh] | ||
399 | Move the setting of DATA and COPY into test-exec.sh | ||
400 | - dtucker@cvs.openbsd.org 2013/05/17 10:16:26 | ||
401 | [regress/try-ciphers.sh] | ||
402 | use expr for math to keep diffs vs portable down | ||
403 | (id sync only) | ||
404 | - dtucker@cvs.openbsd.org 2013/05/17 10:23:52 | ||
405 | [regress/login-timeout.sh regress/reexec.sh regress/test-exec.sh] | ||
406 | Use SUDO when cat'ing pid files and running the sshd log wrapper so that | ||
407 | it works with a restrictive umask and the pid files are not world readable. | ||
408 | Changes from -portable. (id sync only) | ||
409 | - dtucker@cvs.openbsd.org 2013/05/17 10:24:48 | ||
410 | [regress/localcommand.sh] | ||
411 | use backticks for portability. (id sync only) | ||
412 | - dtucker@cvs.openbsd.org 2013/05/17 10:26:26 | ||
413 | [regress/sftp-badcmds.sh] | ||
414 | remove unused BATCH variable. (id sync only) | ||
415 | - dtucker@cvs.openbsd.org 2013/05/17 10:28:11 | ||
416 | [regress/sftp.sh] | ||
417 | only compare copied data if sftp succeeds. from portable (id sync only) | ||
418 | - dtucker@cvs.openbsd.org 2013/05/17 10:30:07 | ||
419 | [regress/test-exec.sh] | ||
420 | wait a bit longer for startup and use case for absolute path. | ||
421 | from portable (id sync only) | ||
422 | - dtucker@cvs.openbsd.org 2013/05/17 10:33:09 | ||
423 | [regress/agent-getpeereid.sh] | ||
424 | don't redirect stdout from sudo. from portable (id sync only) | ||
425 | - dtucker@cvs.openbsd.org 2013/05/17 10:34:30 | ||
426 | [regress/portnum.sh] | ||
427 | use a more portable negated if structure. from portable (id sync only) | ||
428 | - dtucker@cvs.openbsd.org 2013/05/17 10:35:43 | ||
429 | [regress/scp.sh] | ||
430 | use a file extention that's not special on some platforms. from portable | ||
431 | (id sync only) | ||
432 | - (dtucker) [regress/bsd.regress.mk] Remove unused file. We've never used it | ||
433 | in portable and it's long gone in openbsd. | ||
434 | - (dtucker) [regress/integrity.sh]. Force fixed Diffie-Hellman key exchange | ||
435 | methods. When the openssl version doesn't support ECDH then next one on | ||
436 | the list is DH group exchange, but that causes a bit more traffic which can | ||
437 | mean that the tests flip bits in the initial exchange rather than the MACed | ||
438 | traffic and we get different errors to what the tests look for. | ||
439 | - (dtucker) [openbsd-compat/getopt.h] Remove unneeded bits. | ||
440 | - (dtucker) [regress/cfgmatch.sh] Resync config file setup with openbsd. | ||
441 | - (dtucker) [regress/agent-getpeereid.sh] Resync spaces with openbsd. | ||
442 | - (dtucker) [regress/integrity.sh regress/krl.sh regress/test-exec.sh] | ||
443 | Move the jot helper function to portable-specific part of test-exec.sh. | ||
444 | - (dtucker) [regress/test-exec.sh] Move the portable-specific functions | ||
445 | together and add a couple of missing lines from openbsd. | ||
446 | - (dtucker) [regress/stderr-after-eof.sh regress/test-exec.sh] Move the md5 | ||
447 | helper function to the portable part of test-exec.sh. | ||
448 | - (dtucker) [regress/runtests.sh] Remove obsolete test driver script. | ||
449 | - (dtucker) [regress/cfgmatch.sh] Remove unneeded sleep renderd obsolete by | ||
450 | rev 1.6 which calls wait. | ||
451 | |||
1 | 20130516 | 452 | 20130516 |
2 | - (djm) [contrib/ssh-copy-id] Fix bug that could cause "rm *" to be | 453 | - (djm) [contrib/ssh-copy-id] Fix bug that could cause "rm *" to be |
3 | executed if mktemp failed; bz#2105 ok dtucker@ | 454 | executed if mktemp failed; bz#2105 ok dtucker@ |
4 | - (djm) Release 6.2p2 | 455 | - (dtucker) OpenBSD CVS Sync |
456 | - tedu@cvs.openbsd.org 2013/04/23 17:49:45 | ||
457 | [misc.c] | ||
458 | use xasprintf instead of a series of strlcats and strdup. ok djm | ||
459 | - tedu@cvs.openbsd.org 2013/04/24 16:01:46 | ||
460 | [misc.c] | ||
461 | remove extra parens noticed by nicm | ||
462 | - dtucker@cvs.openbsd.org 2013/05/06 07:35:12 | ||
463 | [sftp-server.8] | ||
464 | Reference the version of the sftp draft we actually implement. ok djm@ | ||
465 | - djm@cvs.openbsd.org 2013/05/10 03:40:07 | ||
466 | [sshconnect2.c] | ||
467 | fix bzero(ptr_to_struct, sizeof(ptr_to_struct)); bz#2100 from | ||
468 | Colin Watson | ||
469 | - djm@cvs.openbsd.org 2013/05/10 04:08:01 | ||
470 | [key.c] | ||
471 | memleak in cert_free(), wasn't actually freeing the struct; | ||
472 | bz#2096 from shm AT digitalsun.pl | ||
473 | - dtucker@cvs.openbsd.org 2013/05/10 10:13:50 | ||
474 | [ssh-pkcs11-helper.c] | ||
475 | remove unused extern optarg. ok markus@ | ||
476 | - dtucker@cvs.openbsd.org 2013/05/16 02:00:34 | ||
477 | [ssh_config sshconnect2.c packet.c readconf.h readconf.c clientloop.c | ||
478 | ssh_config.5 packet.h] | ||
479 | Add an optional second argument to RekeyLimit in the client to allow | ||
480 | rekeying based on elapsed time in addition to amount of traffic. | ||
481 | with djm@ jmc@, ok djm | ||
482 | - dtucker@cvs.openbsd.org 2013/05/16 04:09:14 | ||
483 | [sshd_config.5 servconf.c servconf.h packet.c serverloop.c monitor.c sshd_config | ||
484 | sshd.c] Add RekeyLimit to sshd with the same syntax as the client allowing | ||
485 | rekeying based on traffic volume or time. ok djm@, help & ok jmc@ for the man | ||
486 | page. | ||
487 | - djm@cvs.openbsd.org 2013/05/16 04:27:50 | ||
488 | [ssh_config.5 readconf.h readconf.c] | ||
489 | add the ability to ignore specific unrecognised ssh_config options; | ||
490 | bz#866; ok markus@ | ||
491 | - jmc@cvs.openbsd.org 2013/05/16 06:28:45 | ||
492 | [ssh_config.5] | ||
493 | put IgnoreUnknown in the right place; | ||
494 | - jmc@cvs.openbsd.org 2013/05/16 06:30:06 | ||
495 | [sshd_config.5] | ||
496 | oops! avoid Xr to self; | ||
497 | - dtucker@cvs.openbsd.org 2013/05/16 09:08:41 | ||
498 | [log.c scp.c sshd.c serverloop.c schnorr.c sftp.c] | ||
499 | Fix some "unused result" warnings found via clang and -portable. | ||
500 | ok markus@ | ||
501 | - dtucker@cvs.openbsd.org 2013/05/16 09:12:31 | ||
502 | [readconf.c servconf.c] | ||
503 | switch RekeyLimit traffic volume parsing to scan_scaled. ok djm@ | ||
504 | - dtucker@cvs.openbsd.org 2013/05/16 10:43:34 | ||
505 | [servconf.c readconf.c] | ||
506 | remove now-unused variables | ||
507 | - dtucker@cvs.openbsd.org 2013/05/16 10:44:06 | ||
508 | [servconf.c] | ||
509 | remove another now-unused variable | ||
510 | - (dtucker) [configure.ac readconf.c servconf.c | ||
511 | openbsd-compat/openbsd-compat.h] Add compat bits for scan_scaled. | ||
5 | 512 | ||
6 | 20130510 | 513 | 20130510 |
7 | - (djm) OpenBSD CVS Cherrypick | 514 | - (dtucker) [configure.ac] Enable -Wsizeof-pointer-memaccess if the compiler |
515 | supports it. Mentioned by Colin Watson in bz#2100, ok djm. | ||
516 | - (dtucker) [openbsd-compat/getopt.c] Factor out portibility changes to | ||
517 | getopt.c. Preprocessed source is identical other than line numbers. | ||
518 | - (dtucker) [openbsd-compat/getopt_long.c] Import from OpenBSD. No | ||
519 | portability changes yet. | ||
520 | - (dtucker) [openbsd-compat/Makefile.in openbsd-compat/getopt.c | ||
521 | openbsd-compat/getopt_long.c regress/modpipe.c] Remove getopt.c, add | ||
522 | portability code to getopt_long.c and switch over Makefile and the ugly | ||
523 | hack in modpipe.c. Fixes bz#1448. | ||
524 | - (dtucker) [openbsd-compat/getopt.h openbsd-compat/getopt_long.c | ||
525 | openbsd-compat/openbsd-compat.h] pull in getopt.h from openbsd and plumb | ||
526 | in to use it when we're using our own getopt. | ||
527 | - (dtucker) [kex.c] Only include sha256 and ECC key exchange methods when the | ||
528 | underlying libraries support them. | ||
529 | - (dtucker) [configure.ac] Add -Werror to the -Qunused-arguments test so | ||
530 | we don't get a warning on compilers that *don't* support it. Add | ||
531 | -Wno-unknown-warning-option. Move both to the start of the list for | ||
532 | maximum noise suppression. Tested with gcc 4.6.3, gcc 2.95.4 and clang 2.9. | ||
533 | |||
534 | 20130423 | ||
535 | - (djm) [auth.c configure.ac misc.c monitor.c monitor_wrap.c] Support | ||
536 | platforms, such as Android, that lack struct passwd.pw_gecos. Report | ||
537 | and initial patch from Nathan Osman bz#2086; feedback tim@ ok dtucker@ | ||
538 | - (djm) OpenBSD CVS Sync | ||
539 | - markus@cvs.openbsd.org 2013/03/05 20:16:09 | ||
540 | [sshconnect2.c] | ||
541 | reset pubkey order on partial success; ok djm@ | ||
542 | - djm@cvs.openbsd.org 2013/03/06 23:35:23 | ||
543 | [session.c] | ||
544 | fatal() when ChrootDirectory specified by running without root privileges; | ||
545 | ok markus@ | ||
546 | - djm@cvs.openbsd.org 2013/03/06 23:36:53 | ||
547 | [readconf.c] | ||
548 | g/c unused variable (-Wunused) | ||
549 | - djm@cvs.openbsd.org 2013/03/07 00:19:59 | ||
550 | [auth2-pubkey.c monitor.c] | ||
551 | reconstruct the original username that was sent by the client, which may | ||
552 | have included a style (e.g. "root:skey") when checking public key | ||
553 | signatures. Fixes public key and hostbased auth when the client specified | ||
554 | a style; ok markus@ | ||
555 | - markus@cvs.openbsd.org 2013/03/07 19:27:25 | ||
556 | [auth.h auth2-chall.c auth2.c monitor.c sshd_config.5] | ||
557 | add submethod support to AuthenticationMethods; ok and freedback djm@ | ||
558 | - djm@cvs.openbsd.org 2013/03/08 06:32:58 | ||
559 | [ssh.c] | ||
560 | allow "ssh -f none ..." ok markus@ | ||
561 | - djm@cvs.openbsd.org 2013/04/05 00:14:00 | ||
562 | [auth2-gss.c krl.c sshconnect2.c] | ||
563 | hush some {unused, printf type} warnings | ||
564 | - djm@cvs.openbsd.org 2013/04/05 00:31:49 | ||
565 | [pathnames.h] | ||
566 | use the existing _PATH_SSH_USER_RC define to construct the other | ||
567 | pathnames; bz#2077, ok dtucker@ (no binary change) | ||
568 | - djm@cvs.openbsd.org 2013/04/05 00:58:51 | ||
569 | [mux.c] | ||
570 | cleanup mux-created channels that are in SSH_CHANNEL_OPENING state too | ||
571 | (in addition to ones already in OPEN); bz#2079, ok dtucker@ | ||
572 | - markus@cvs.openbsd.org 2013/04/06 16:07:00 | ||
573 | [channels.c sshd.c] | ||
574 | handle ECONNABORTED for accept(); ok deraadt some time ago... | ||
575 | - dtucker@cvs.openbsd.org 2013/04/07 02:10:33 | ||
576 | [log.c log.h ssh.1 ssh.c sshd.8 sshd.c] | ||
577 | Add -E option to ssh and sshd to append debugging logs to a specified file | ||
578 | instead of stderr or syslog. ok markus@, man page help jmc@ | ||
579 | - dtucker@cvs.openbsd.org 2013/04/07 09:40:27 | ||
580 | [sshd.8] | ||
581 | clarify -e text. suggested by & ok jmc@ | ||
8 | - djm@cvs.openbsd.org 2013/04/11 02:27:50 | 582 | - djm@cvs.openbsd.org 2013/04/11 02:27:50 |
9 | [packet.c] | 583 | [packet.c] |
10 | quiet disconnect notifications on the server from error() back to logit() | 584 | quiet disconnect notifications on the server from error() back to logit() |
11 | if it is a normal client closure; bz#2057 ok+feedback dtucker@ | 585 | if it is a normal client closure; bz#2057 ok+feedback dtucker@ |
12 | - (djm) [version.h contrib/caldera/openssh.spec contrib/redhat/openssh.spec] | 586 | - dtucker@cvs.openbsd.org 2013/04/17 09:04:09 |
13 | [contrib/suse/openssh.spec] Crank version numbers for release. | 587 | [session.c] |
14 | - (djm) [README] Update release notes URL | 588 | revert rev 1.262; it fails because uid is already set here. ok djm@ |
589 | - djm@cvs.openbsd.org 2013/04/18 02:16:07 | ||
590 | [sftp.c] | ||
591 | make "sftp -q" do what it says on the sticker: hush everything but errors; | ||
592 | ok dtucker@ | ||
593 | - djm@cvs.openbsd.org 2013/04/19 01:00:10 | ||
594 | [sshd_config.5] | ||
595 | document the requirment that the AuthorizedKeysCommand be owned by root; | ||
596 | ok dtucker@ markus@ | ||
597 | - djm@cvs.openbsd.org 2013/04/19 01:01:00 | ||
598 | [ssh-keygen.c] | ||
599 | fix some memory leaks; bz#2088 ok dtucker@ | ||
600 | - djm@cvs.openbsd.org 2013/04/19 01:03:01 | ||
601 | [session.c] | ||
602 | reintroduce 1.262 without the connection-killing bug: | ||
603 | fatal() when ChrootDirectory specified by running without root privileges; | ||
604 | ok markus@ | ||
605 | - djm@cvs.openbsd.org 2013/04/19 01:06:50 | ||
606 | [authfile.c cipher.c cipher.h kex.c kex.h kexecdh.c kexecdhc.c kexecdhs.c] | ||
607 | [key.c key.h mac.c mac.h packet.c ssh.1 ssh.c] | ||
608 | add the ability to query supported ciphers, MACs, key type and KEX | ||
609 | algorithms to ssh. Includes some refactoring of KEX and key type handling | ||
610 | to be table-driven; ok markus@ | ||
611 | - djm@cvs.openbsd.org 2013/04/19 11:10:18 | ||
612 | [ssh.c] | ||
613 | add -Q to usage; reminded by jmc@ | ||
614 | - djm@cvs.openbsd.org 2013/04/19 12:07:08 | ||
615 | [kex.c] | ||
616 | remove duplicated list entry pointed out by naddy@ | ||
617 | - dtucker@cvs.openbsd.org 2013/04/22 01:17:18 | ||
618 | [mux.c] | ||
619 | typo in debug output: evitval->exitval | ||
620 | |||
621 | 20130418 | ||
622 | - (djm) [config.guess config.sub] Update to last versions before they switch | ||
623 | to GPL3. ok dtucker@ | ||
624 | - (dtucker) [configure.ac] Use -Qunused-arguments to suppress warnings from | ||
625 | unused argument warnings (in particular, -fno-builtin-memset) from clang. | ||
15 | 626 | ||
16 | 20130404 | 627 | 20130404 |
17 | - (dtucker) OpenBSD CVS Sync | 628 | - (dtucker) OpenBSD CVS Sync |
@@ -40,10 +651,16 @@ | |||
40 | to avoid conflicting definitions of __int64, adding the required bits. | 651 | to avoid conflicting definitions of __int64, adding the required bits. |
41 | Patch from Corinna Vinschen. | 652 | Patch from Corinna Vinschen. |
42 | 653 | ||
654 | 20120323 | ||
655 | - (tim) [Makefile.in] remove some duplication introduced in 20130220 commit. | ||
656 | |||
43 | 20120322 | 657 | 20120322 |
44 | - (djm) [contrib/ssh-copy-id contrib/ssh-copy-id.1] Updated to Phil | 658 | - (djm) [contrib/ssh-copy-id contrib/ssh-copy-id.1] Updated to Phil |
45 | Hands' greatly revised version. | 659 | Hands' greatly revised version. |
46 | - (djm) Release 6.2p1 | 660 | - (djm) Release 6.2p1 |
661 | - (dtucker) [configure.ac] Add stdlib.h to zlib check for exit() prototype. | ||
662 | - (dtucker) [includes.h] Check if _GNU_SOURCE is already defined before | ||
663 | defining it again. Prevents warnings if someone, eg, sets it in CFLAGS. | ||
47 | 664 | ||
48 | 20120318 | 665 | 20120318 |
49 | - (djm) [configure.ac log.c scp.c sshconnect2.c openbsd-compat/vis.c] | 666 | - (djm) [configure.ac log.c scp.c sshconnect2.c openbsd-compat/vis.c] |
diff --git a/Makefile.in b/Makefile.in index dd0502e63..f9799268a 100644 --- a/Makefile.in +++ b/Makefile.in | |||
@@ -1,4 +1,4 @@ | |||
1 | # $Id: Makefile.in,v 1.336 2013/03/07 15:37:13 tim Exp $ | 1 | # $Id: Makefile.in,v 1.340 2013/06/11 01:26:10 dtucker Exp $ |
2 | 2 | ||
3 | # uncomment if you run a non bourne compatable shell. Ie. csh | 3 | # uncomment if you run a non bourne compatable shell. Ie. csh |
4 | #SHELL = @SH@ | 4 | #SHELL = @SH@ |
@@ -122,6 +122,8 @@ PATHSUBS = \ | |||
122 | -e 's|/usr/bin:/bin:/usr/sbin:/sbin|@user_path@|g' | 122 | -e 's|/usr/bin:/bin:/usr/sbin:/sbin|@user_path@|g' |
123 | 123 | ||
124 | FIXPATHSCMD = $(SED) $(PATHSUBS) | 124 | FIXPATHSCMD = $(SED) $(PATHSUBS) |
125 | FIXALGORITHMSCMD= $(SHELL) $(srcdir)/fixalgorithms $(SED) \ | ||
126 | @UNSUPPORTED_ALGORITHMS@ | ||
125 | 127 | ||
126 | all: $(CONFIGFILES) $(MANPAGES) $(TARGETS) | 128 | all: $(CONFIGFILES) $(MANPAGES) $(TARGETS) |
127 | 129 | ||
@@ -185,9 +187,10 @@ $(MANPAGES): $(MANPAGES_IN) | |||
185 | manpage=$(srcdir)/`echo $@ | sed 's/\.out$$//'`; \ | 187 | manpage=$(srcdir)/`echo $@ | sed 's/\.out$$//'`; \ |
186 | fi; \ | 188 | fi; \ |
187 | if test "$(MANTYPE)" = "man"; then \ | 189 | if test "$(MANTYPE)" = "man"; then \ |
188 | $(FIXPATHSCMD) $${manpage} | $(AWK) -f $(srcdir)/mdoc2man.awk > $@; \ | 190 | $(FIXPATHSCMD) $${manpage} | $(FIXALGORITHMSCMD) | \ |
191 | $(AWK) -f $(srcdir)/mdoc2man.awk > $@; \ | ||
189 | else \ | 192 | else \ |
190 | $(FIXPATHSCMD) $${manpage} > $@; \ | 193 | $(FIXPATHSCMD) $${manpage} | $(FIXALGORITHMSCMD) > $@; \ |
191 | fi | 194 | fi |
192 | 195 | ||
193 | $(CONFIGFILES): $(CONFIGFILES_IN) | 196 | $(CONFIGFILES): $(CONFIGFILES_IN) |
@@ -383,15 +386,14 @@ uninstall: | |||
383 | -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1 | 386 | -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1 |
384 | 387 | ||
385 | regress/modpipe$(EXEEXT): $(srcdir)/regress/modpipe.c | 388 | regress/modpipe$(EXEEXT): $(srcdir)/regress/modpipe.c |
386 | [ -d `pwd`/regress ] || mkdir -p `pwd`/regress; \ | 389 | [ -d `pwd`/regress ] || mkdir -p `pwd`/regress |
387 | $(CC) $(CPPFLAGS) -o $@ $? \ | 390 | [ -f `pwd`/regress/Makefile ] || \ |
388 | $(LDFLAGS) -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS) | 391 | ln -s `cd $(srcdir) && pwd`/regress/Makefile `pwd`/regress/Makefile |
392 | $(CC) $(CFLAGS) $(CPPFLAGS) -o $@ $? \ | ||
393 | $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS) | ||
389 | 394 | ||
390 | tests interop-tests: $(TARGETS) regress/modpipe$(EXEEXT) | 395 | tests interop-tests: $(TARGETS) regress/modpipe$(EXEEXT) |
391 | BUILDDIR=`pwd`; \ | 396 | BUILDDIR=`pwd`; \ |
392 | [ -d `pwd`/regress ] || mkdir -p `pwd`/regress; \ | ||
393 | [ -f `pwd`/regress/Makefile ] || \ | ||
394 | ln -s `cd $(srcdir) && pwd`/regress/Makefile `pwd`/regress/Makefile ; \ | ||
395 | TEST_SHELL="@TEST_SHELL@"; \ | 397 | TEST_SHELL="@TEST_SHELL@"; \ |
396 | TEST_SSH_SSH="$${BUILDDIR}/ssh"; \ | 398 | TEST_SSH_SSH="$${BUILDDIR}/ssh"; \ |
397 | TEST_SSH_SSHD="$${BUILDDIR}/sshd"; \ | 399 | TEST_SSH_SSHD="$${BUILDDIR}/sshd"; \ |
@@ -1,4 +1,4 @@ | |||
1 | See http://www.openssh.com/txt/release-6.2p2 for the release notes. | 1 | See http://www.openssh.com/txt/release-6.3 for the release notes. |
2 | 2 | ||
3 | - A Japanese translation of this document and of the OpenSSH FAQ is | 3 | - A Japanese translation of this document and of the OpenSSH FAQ is |
4 | - available at http://www.unixuser.org/~haruyama/security/openssh/index.html | 4 | - available at http://www.unixuser.org/~haruyama/security/openssh/index.html |
@@ -62,4 +62,4 @@ References - | |||
62 | [6] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9 | 62 | [6] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9 |
63 | [7] http://www.openssh.com/faq.html | 63 | [7] http://www.openssh.com/faq.html |
64 | 64 | ||
65 | $Id: README,v 1.82.2.1 2013/05/10 06:12:54 djm Exp $ | 65 | $Id: README,v 1.83 2013/07/25 02:34:00 djm Exp $ |
diff --git a/aclocal.m4 b/aclocal.m4 index 9bdea5ec2..1b3bed790 100644 --- a/aclocal.m4 +++ b/aclocal.m4 | |||
@@ -1,4 +1,4 @@ | |||
1 | dnl $Id: aclocal.m4,v 1.8 2011/05/20 01:45:25 djm Exp $ | 1 | dnl $Id: aclocal.m4,v 1.9 2013/06/02 21:31:27 tim Exp $ |
2 | dnl | 2 | dnl |
3 | dnl OpenSSH-specific autoconf macros | 3 | dnl OpenSSH-specific autoconf macros |
4 | dnl | 4 | dnl |
@@ -14,8 +14,15 @@ AC_DEFUN([OSSH_CHECK_CFLAG_COMPILE], [{ | |||
14 | _define_flag="$2" | 14 | _define_flag="$2" |
15 | test "x$_define_flag" = "x" && _define_flag="$1" | 15 | test "x$_define_flag" = "x" && _define_flag="$1" |
16 | AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int main(void) { return 0; }]])], | 16 | AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int main(void) { return 0; }]])], |
17 | [ AC_MSG_RESULT([yes]) | 17 | [ |
18 | CFLAGS="$saved_CFLAGS $_define_flag"], | 18 | if `grep -i "unrecognized option" conftest.err >/dev/null` |
19 | then | ||
20 | AC_MSG_RESULT([no]) | ||
21 | CFLAGS="$saved_CFLAGS" | ||
22 | else | ||
23 | AC_MSG_RESULT([yes]) | ||
24 | CFLAGS="$saved_CFLAGS $_define_flag" | ||
25 | fi], | ||
19 | [ AC_MSG_RESULT([no]) | 26 | [ AC_MSG_RESULT([no]) |
20 | CFLAGS="$saved_CFLAGS" ] | 27 | CFLAGS="$saved_CFLAGS" ] |
21 | ) | 28 | ) |
diff --git a/addrmatch.c b/addrmatch.c index 388603cae..fb6de92e7 100644 --- a/addrmatch.c +++ b/addrmatch.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: addrmatch.c,v 1.6 2012/06/21 00:16:07 dtucker Exp $ */ | 1 | /* $OpenBSD: addrmatch.c,v 1.7 2013/05/17 00:13:13 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2004-2008 Damien Miller <djm@mindrot.org> | 4 | * Copyright (c) 2004-2008 Damien Miller <djm@mindrot.org> |
@@ -420,7 +420,7 @@ addr_match_list(const char *addr, const char *_list) | |||
420 | goto foundit; | 420 | goto foundit; |
421 | } | 421 | } |
422 | } | 422 | } |
423 | xfree(o); | 423 | free(o); |
424 | 424 | ||
425 | return ret; | 425 | return ret; |
426 | } | 426 | } |
@@ -494,7 +494,7 @@ addr_match_cidr_list(const char *addr, const char *_list) | |||
494 | continue; | 494 | continue; |
495 | } | 495 | } |
496 | } | 496 | } |
497 | xfree(o); | 497 | free(o); |
498 | 498 | ||
499 | return ret; | 499 | return ret; |
500 | } | 500 | } |
diff --git a/auth-chall.c b/auth-chall.c index 919b1eaa4..0005aa88b 100644 --- a/auth-chall.c +++ b/auth-chall.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth-chall.c,v 1.12 2006/08/03 03:34:41 deraadt Exp $ */ | 1 | /* $OpenBSD: auth-chall.c,v 1.13 2013/05/17 00:13:13 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -69,11 +69,11 @@ get_challenge(Authctxt *authctxt) | |||
69 | fatal("get_challenge: numprompts < 1"); | 69 | fatal("get_challenge: numprompts < 1"); |
70 | challenge = xstrdup(prompts[0]); | 70 | challenge = xstrdup(prompts[0]); |
71 | for (i = 0; i < numprompts; i++) | 71 | for (i = 0; i < numprompts; i++) |
72 | xfree(prompts[i]); | 72 | free(prompts[i]); |
73 | xfree(prompts); | 73 | free(prompts); |
74 | xfree(name); | 74 | free(name); |
75 | xfree(echo_on); | 75 | free(echo_on); |
76 | xfree(info); | 76 | free(info); |
77 | 77 | ||
78 | return (challenge); | 78 | return (challenge); |
79 | } | 79 | } |
@@ -102,11 +102,11 @@ verify_response(Authctxt *authctxt, const char *response) | |||
102 | authenticated = 1; | 102 | authenticated = 1; |
103 | 103 | ||
104 | for (i = 0; i < numprompts; i++) | 104 | for (i = 0; i < numprompts; i++) |
105 | xfree(prompts[i]); | 105 | free(prompts[i]); |
106 | xfree(prompts); | 106 | free(prompts); |
107 | xfree(name); | 107 | free(name); |
108 | xfree(echo_on); | 108 | free(echo_on); |
109 | xfree(info); | 109 | free(info); |
110 | break; | 110 | break; |
111 | } | 111 | } |
112 | device->free_ctx(authctxt->kbdintctxt); | 112 | device->free_ctx(authctxt->kbdintctxt); |
diff --git a/auth-krb5.c b/auth-krb5.c index 4c2375462..5613b5772 100644 --- a/auth-krb5.c +++ b/auth-krb5.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth-krb5.c,v 1.19 2006/08/03 03:34:41 deraadt Exp $ */ | 1 | /* $OpenBSD: auth-krb5.c,v 1.20 2013/07/20 01:55:13 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Kerberos v5 authentication and ticket-passing routines. | 3 | * Kerberos v5 authentication and ticket-passing routines. |
4 | * | 4 | * |
@@ -79,6 +79,7 @@ auth_krb5_password(Authctxt *authctxt, const char *password) | |||
79 | krb5_ccache ccache = NULL; | 79 | krb5_ccache ccache = NULL; |
80 | int len; | 80 | int len; |
81 | char *client, *platform_client; | 81 | char *client, *platform_client; |
82 | const char *errmsg; | ||
82 | 83 | ||
83 | /* get platform-specific kerberos client principal name (if it exists) */ | 84 | /* get platform-specific kerberos client principal name (if it exists) */ |
84 | platform_client = platform_krb5_get_principal_name(authctxt->pw->pw_name); | 85 | platform_client = platform_krb5_get_principal_name(authctxt->pw->pw_name); |
@@ -96,7 +97,12 @@ auth_krb5_password(Authctxt *authctxt, const char *password) | |||
96 | goto out; | 97 | goto out; |
97 | 98 | ||
98 | #ifdef HEIMDAL | 99 | #ifdef HEIMDAL |
100 | # ifdef HAVE_KRB5_CC_NEW_UNIQUE | ||
101 | problem = krb5_cc_new_unique(authctxt->krb5_ctx, | ||
102 | krb5_mcc_ops.prefix, NULL, &ccache); | ||
103 | # else | ||
99 | problem = krb5_cc_gen_new(authctxt->krb5_ctx, &krb5_mcc_ops, &ccache); | 104 | problem = krb5_cc_gen_new(authctxt->krb5_ctx, &krb5_mcc_ops, &ccache); |
105 | # endif | ||
100 | if (problem) | 106 | if (problem) |
101 | goto out; | 107 | goto out; |
102 | 108 | ||
@@ -115,8 +121,13 @@ auth_krb5_password(Authctxt *authctxt, const char *password) | |||
115 | if (problem) | 121 | if (problem) |
116 | goto out; | 122 | goto out; |
117 | 123 | ||
124 | # ifdef HAVE_KRB5_CC_NEW_UNIQUE | ||
125 | problem = krb5_cc_new_unique(authctxt->krb5_ctx, | ||
126 | krb5_fcc_ops.prefix, NULL, &authctxt->krb5_fwd_ccache); | ||
127 | # else | ||
118 | problem = krb5_cc_gen_new(authctxt->krb5_ctx, &krb5_fcc_ops, | 128 | problem = krb5_cc_gen_new(authctxt->krb5_ctx, &krb5_fcc_ops, |
119 | &authctxt->krb5_fwd_ccache); | 129 | &authctxt->krb5_fwd_ccache); |
130 | # endif | ||
120 | if (problem) | 131 | if (problem) |
121 | goto out; | 132 | goto out; |
122 | 133 | ||
@@ -186,17 +197,19 @@ auth_krb5_password(Authctxt *authctxt, const char *password) | |||
186 | out: | 197 | out: |
187 | restore_uid(); | 198 | restore_uid(); |
188 | 199 | ||
189 | if (platform_client != NULL) | 200 | free(platform_client); |
190 | xfree(platform_client); | ||
191 | 201 | ||
192 | if (problem) { | 202 | if (problem) { |
193 | if (ccache) | 203 | if (ccache) |
194 | krb5_cc_destroy(authctxt->krb5_ctx, ccache); | 204 | krb5_cc_destroy(authctxt->krb5_ctx, ccache); |
195 | 205 | ||
196 | if (authctxt->krb5_ctx != NULL && problem!=-1) | 206 | if (authctxt->krb5_ctx != NULL && problem!=-1) { |
197 | debug("Kerberos password authentication failed: %s", | 207 | errmsg = krb5_get_error_message(authctxt->krb5_ctx, |
198 | krb5_get_err_text(authctxt->krb5_ctx, problem)); | 208 | problem); |
199 | else | 209 | debug("Kerberos password authentication failed: %s", |
210 | errmsg); | ||
211 | krb5_free_error_message(authctxt->krb5_ctx, errmsg); | ||
212 | } else | ||
200 | debug("Kerberos password authentication failed: %d", | 213 | debug("Kerberos password authentication failed: %d", |
201 | problem); | 214 | problem); |
202 | 215 | ||
diff --git a/auth-options.c b/auth-options.c index 23d0423e1..80d59ee95 100644 --- a/auth-options.c +++ b/auth-options.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth-options.c,v 1.57 2012/12/02 20:46:11 djm Exp $ */ | 1 | /* $OpenBSD: auth-options.c,v 1.59 2013/07/12 00:19:58 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -72,15 +72,15 @@ auth_clear_options(void) | |||
72 | while (custom_environment) { | 72 | while (custom_environment) { |
73 | struct envstring *ce = custom_environment; | 73 | struct envstring *ce = custom_environment; |
74 | custom_environment = ce->next; | 74 | custom_environment = ce->next; |
75 | xfree(ce->s); | 75 | free(ce->s); |
76 | xfree(ce); | 76 | free(ce); |
77 | } | 77 | } |
78 | if (forced_command) { | 78 | if (forced_command) { |
79 | xfree(forced_command); | 79 | free(forced_command); |
80 | forced_command = NULL; | 80 | forced_command = NULL; |
81 | } | 81 | } |
82 | if (authorized_principals) { | 82 | if (authorized_principals) { |
83 | xfree(authorized_principals); | 83 | free(authorized_principals); |
84 | authorized_principals = NULL; | 84 | authorized_principals = NULL; |
85 | } | 85 | } |
86 | forced_tun_device = -1; | 86 | forced_tun_device = -1; |
@@ -149,7 +149,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) | |||
149 | if (strncasecmp(opts, cp, strlen(cp)) == 0) { | 149 | if (strncasecmp(opts, cp, strlen(cp)) == 0) { |
150 | opts += strlen(cp); | 150 | opts += strlen(cp); |
151 | if (forced_command != NULL) | 151 | if (forced_command != NULL) |
152 | xfree(forced_command); | 152 | free(forced_command); |
153 | forced_command = xmalloc(strlen(opts) + 1); | 153 | forced_command = xmalloc(strlen(opts) + 1); |
154 | i = 0; | 154 | i = 0; |
155 | while (*opts) { | 155 | while (*opts) { |
@@ -167,7 +167,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) | |||
167 | file, linenum); | 167 | file, linenum); |
168 | auth_debug_add("%.100s, line %lu: missing end quote", | 168 | auth_debug_add("%.100s, line %lu: missing end quote", |
169 | file, linenum); | 169 | file, linenum); |
170 | xfree(forced_command); | 170 | free(forced_command); |
171 | forced_command = NULL; | 171 | forced_command = NULL; |
172 | goto bad_option; | 172 | goto bad_option; |
173 | } | 173 | } |
@@ -180,7 +180,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) | |||
180 | if (strncasecmp(opts, cp, strlen(cp)) == 0) { | 180 | if (strncasecmp(opts, cp, strlen(cp)) == 0) { |
181 | opts += strlen(cp); | 181 | opts += strlen(cp); |
182 | if (authorized_principals != NULL) | 182 | if (authorized_principals != NULL) |
183 | xfree(authorized_principals); | 183 | free(authorized_principals); |
184 | authorized_principals = xmalloc(strlen(opts) + 1); | 184 | authorized_principals = xmalloc(strlen(opts) + 1); |
185 | i = 0; | 185 | i = 0; |
186 | while (*opts) { | 186 | while (*opts) { |
@@ -198,7 +198,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) | |||
198 | file, linenum); | 198 | file, linenum); |
199 | auth_debug_add("%.100s, line %lu: missing end quote", | 199 | auth_debug_add("%.100s, line %lu: missing end quote", |
200 | file, linenum); | 200 | file, linenum); |
201 | xfree(authorized_principals); | 201 | free(authorized_principals); |
202 | authorized_principals = NULL; | 202 | authorized_principals = NULL; |
203 | goto bad_option; | 203 | goto bad_option; |
204 | } | 204 | } |
@@ -232,7 +232,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) | |||
232 | file, linenum); | 232 | file, linenum); |
233 | auth_debug_add("%.100s, line %lu: missing end quote", | 233 | auth_debug_add("%.100s, line %lu: missing end quote", |
234 | file, linenum); | 234 | file, linenum); |
235 | xfree(s); | 235 | free(s); |
236 | goto bad_option; | 236 | goto bad_option; |
237 | } | 237 | } |
238 | s[i] = '\0'; | 238 | s[i] = '\0'; |
@@ -269,7 +269,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) | |||
269 | file, linenum); | 269 | file, linenum); |
270 | auth_debug_add("%.100s, line %lu: missing end quote", | 270 | auth_debug_add("%.100s, line %lu: missing end quote", |
271 | file, linenum); | 271 | file, linenum); |
272 | xfree(patterns); | 272 | free(patterns); |
273 | goto bad_option; | 273 | goto bad_option; |
274 | } | 274 | } |
275 | patterns[i] = '\0'; | 275 | patterns[i] = '\0'; |
@@ -277,7 +277,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) | |||
277 | switch (match_host_and_ip(remote_host, remote_ip, | 277 | switch (match_host_and_ip(remote_host, remote_ip, |
278 | patterns)) { | 278 | patterns)) { |
279 | case 1: | 279 | case 1: |
280 | xfree(patterns); | 280 | free(patterns); |
281 | /* Host name matches. */ | 281 | /* Host name matches. */ |
282 | goto next_option; | 282 | goto next_option; |
283 | case -1: | 283 | case -1: |
@@ -287,7 +287,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) | |||
287 | "invalid criteria", file, linenum); | 287 | "invalid criteria", file, linenum); |
288 | /* FALLTHROUGH */ | 288 | /* FALLTHROUGH */ |
289 | case 0: | 289 | case 0: |
290 | xfree(patterns); | 290 | free(patterns); |
291 | logit("Authentication tried for %.100s with " | 291 | logit("Authentication tried for %.100s with " |
292 | "correct key but not from a permitted " | 292 | "correct key but not from a permitted " |
293 | "host (host=%.200s, ip=%.200s).", | 293 | "host (host=%.200s, ip=%.200s).", |
@@ -323,7 +323,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) | |||
323 | file, linenum); | 323 | file, linenum); |
324 | auth_debug_add("%.100s, line %lu: missing " | 324 | auth_debug_add("%.100s, line %lu: missing " |
325 | "end quote", file, linenum); | 325 | "end quote", file, linenum); |
326 | xfree(patterns); | 326 | free(patterns); |
327 | goto bad_option; | 327 | goto bad_option; |
328 | } | 328 | } |
329 | patterns[i] = '\0'; | 329 | patterns[i] = '\0'; |
@@ -337,7 +337,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) | |||
337 | auth_debug_add("%.100s, line %lu: " | 337 | auth_debug_add("%.100s, line %lu: " |
338 | "Bad permitopen specification", file, | 338 | "Bad permitopen specification", file, |
339 | linenum); | 339 | linenum); |
340 | xfree(patterns); | 340 | free(patterns); |
341 | goto bad_option; | 341 | goto bad_option; |
342 | } | 342 | } |
343 | host = cleanhostname(host); | 343 | host = cleanhostname(host); |
@@ -346,12 +346,12 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) | |||
346 | "<%.100s>", file, linenum, p ? p : ""); | 346 | "<%.100s>", file, linenum, p ? p : ""); |
347 | auth_debug_add("%.100s, line %lu: " | 347 | auth_debug_add("%.100s, line %lu: " |
348 | "Bad permitopen port", file, linenum); | 348 | "Bad permitopen port", file, linenum); |
349 | xfree(patterns); | 349 | free(patterns); |
350 | goto bad_option; | 350 | goto bad_option; |
351 | } | 351 | } |
352 | if ((options.allow_tcp_forwarding & FORWARD_LOCAL) != 0) | 352 | if ((options.allow_tcp_forwarding & FORWARD_LOCAL) != 0) |
353 | channel_add_permitted_opens(host, port); | 353 | channel_add_permitted_opens(host, port); |
354 | xfree(patterns); | 354 | free(patterns); |
355 | goto next_option; | 355 | goto next_option; |
356 | } | 356 | } |
357 | cp = "tunnel=\""; | 357 | cp = "tunnel=\""; |
@@ -370,13 +370,13 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) | |||
370 | file, linenum); | 370 | file, linenum); |
371 | auth_debug_add("%.100s, line %lu: missing end quote", | 371 | auth_debug_add("%.100s, line %lu: missing end quote", |
372 | file, linenum); | 372 | file, linenum); |
373 | xfree(tun); | 373 | free(tun); |
374 | forced_tun_device = -1; | 374 | forced_tun_device = -1; |
375 | goto bad_option; | 375 | goto bad_option; |
376 | } | 376 | } |
377 | tun[i] = '\0'; | 377 | tun[i] = '\0'; |
378 | forced_tun_device = a2tun(tun, NULL); | 378 | forced_tun_device = a2tun(tun, NULL); |
379 | xfree(tun); | 379 | free(tun); |
380 | if (forced_tun_device == SSH_TUNID_ERR) { | 380 | if (forced_tun_device == SSH_TUNID_ERR) { |
381 | debug("%.100s, line %lu: invalid tun device", | 381 | debug("%.100s, line %lu: invalid tun device", |
382 | file, linenum); | 382 | file, linenum); |
@@ -432,7 +432,8 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw, | |||
432 | { | 432 | { |
433 | char *command, *allowed; | 433 | char *command, *allowed; |
434 | const char *remote_ip; | 434 | const char *remote_ip; |
435 | u_char *name = NULL, *data_blob = NULL; | 435 | char *name = NULL; |
436 | u_char *data_blob = NULL; | ||
436 | u_int nlen, dlen, clen; | 437 | u_int nlen, dlen, clen; |
437 | Buffer c, data; | 438 | Buffer c, data; |
438 | int ret = -1, found; | 439 | int ret = -1, found; |
@@ -484,7 +485,7 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw, | |||
484 | if (*cert_forced_command != NULL) { | 485 | if (*cert_forced_command != NULL) { |
485 | error("Certificate has multiple " | 486 | error("Certificate has multiple " |
486 | "force-command options"); | 487 | "force-command options"); |
487 | xfree(command); | 488 | free(command); |
488 | goto out; | 489 | goto out; |
489 | } | 490 | } |
490 | *cert_forced_command = command; | 491 | *cert_forced_command = command; |
@@ -500,7 +501,7 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw, | |||
500 | if ((*cert_source_address_done)++) { | 501 | if ((*cert_source_address_done)++) { |
501 | error("Certificate has multiple " | 502 | error("Certificate has multiple " |
502 | "source-address options"); | 503 | "source-address options"); |
503 | xfree(allowed); | 504 | free(allowed); |
504 | goto out; | 505 | goto out; |
505 | } | 506 | } |
506 | remote_ip = get_remote_ipaddr(); | 507 | remote_ip = get_remote_ipaddr(); |
@@ -508,7 +509,7 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw, | |||
508 | allowed)) { | 509 | allowed)) { |
509 | case 1: | 510 | case 1: |
510 | /* accepted */ | 511 | /* accepted */ |
511 | xfree(allowed); | 512 | free(allowed); |
512 | break; | 513 | break; |
513 | case 0: | 514 | case 0: |
514 | /* no match */ | 515 | /* no match */ |
@@ -521,12 +522,12 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw, | |||
521 | "is not permitted to use this " | 522 | "is not permitted to use this " |
522 | "certificate for login.", | 523 | "certificate for login.", |
523 | remote_ip); | 524 | remote_ip); |
524 | xfree(allowed); | 525 | free(allowed); |
525 | goto out; | 526 | goto out; |
526 | case -1: | 527 | case -1: |
527 | error("Certificate source-address " | 528 | error("Certificate source-address " |
528 | "contents invalid"); | 529 | "contents invalid"); |
529 | xfree(allowed); | 530 | free(allowed); |
530 | goto out; | 531 | goto out; |
531 | } | 532 | } |
532 | found = 1; | 533 | found = 1; |
@@ -548,9 +549,10 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw, | |||
548 | goto out; | 549 | goto out; |
549 | } | 550 | } |
550 | buffer_clear(&data); | 551 | buffer_clear(&data); |
551 | xfree(name); | 552 | free(name); |
552 | xfree(data_blob); | 553 | free(data_blob); |
553 | name = data_blob = NULL; | 554 | name = NULL; |
555 | data_blob = NULL; | ||
554 | } | 556 | } |
555 | /* successfully parsed all options */ | 557 | /* successfully parsed all options */ |
556 | ret = 0; | 558 | ret = 0; |
@@ -559,13 +561,13 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw, | |||
559 | if (ret != 0 && | 561 | if (ret != 0 && |
560 | cert_forced_command != NULL && | 562 | cert_forced_command != NULL && |
561 | *cert_forced_command != NULL) { | 563 | *cert_forced_command != NULL) { |
562 | xfree(*cert_forced_command); | 564 | free(*cert_forced_command); |
563 | *cert_forced_command = NULL; | 565 | *cert_forced_command = NULL; |
564 | } | 566 | } |
565 | if (name != NULL) | 567 | if (name != NULL) |
566 | xfree(name); | 568 | free(name); |
567 | if (data_blob != NULL) | 569 | if (data_blob != NULL) |
568 | xfree(data_blob); | 570 | free(data_blob); |
569 | buffer_free(&data); | 571 | buffer_free(&data); |
570 | buffer_free(&c); | 572 | buffer_free(&c); |
571 | return ret; | 573 | return ret; |
@@ -627,7 +629,7 @@ auth_cert_options(Key *k, struct passwd *pw) | |||
627 | /* CA-specified forced command supersedes key option */ | 629 | /* CA-specified forced command supersedes key option */ |
628 | if (cert_forced_command != NULL) { | 630 | if (cert_forced_command != NULL) { |
629 | if (forced_command != NULL) | 631 | if (forced_command != NULL) |
630 | xfree(forced_command); | 632 | free(forced_command); |
631 | forced_command = cert_forced_command; | 633 | forced_command = cert_forced_command; |
632 | } | 634 | } |
633 | return 0; | 635 | return 0; |
diff --git a/auth-pam.c b/auth-pam.c index 675006e6f..d51318b3a 100644 --- a/auth-pam.c +++ b/auth-pam.c | |||
@@ -412,10 +412,9 @@ sshpam_thread_conv(int n, sshpam_const struct pam_message **msg, | |||
412 | 412 | ||
413 | fail: | 413 | fail: |
414 | for(i = 0; i < n; i++) { | 414 | for(i = 0; i < n; i++) { |
415 | if (reply[i].resp != NULL) | 415 | free(reply[i].resp); |
416 | xfree(reply[i].resp); | ||
417 | } | 416 | } |
418 | xfree(reply); | 417 | free(reply); |
419 | buffer_free(&buffer); | 418 | buffer_free(&buffer); |
420 | return (PAM_CONV_ERR); | 419 | return (PAM_CONV_ERR); |
421 | } | 420 | } |
@@ -586,10 +585,9 @@ sshpam_store_conv(int n, sshpam_const struct pam_message **msg, | |||
586 | 585 | ||
587 | fail: | 586 | fail: |
588 | for(i = 0; i < n; i++) { | 587 | for(i = 0; i < n; i++) { |
589 | if (reply[i].resp != NULL) | 588 | free(reply[i].resp); |
590 | xfree(reply[i].resp); | ||
591 | } | 589 | } |
592 | xfree(reply); | 590 | free(reply); |
593 | return (PAM_CONV_ERR); | 591 | return (PAM_CONV_ERR); |
594 | } | 592 | } |
595 | 593 | ||
@@ -693,7 +691,7 @@ sshpam_init_ctx(Authctxt *authctxt) | |||
693 | /* Start the authentication thread */ | 691 | /* Start the authentication thread */ |
694 | if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, socks) == -1) { | 692 | if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, socks) == -1) { |
695 | error("PAM: failed create sockets: %s", strerror(errno)); | 693 | error("PAM: failed create sockets: %s", strerror(errno)); |
696 | xfree(ctxt); | 694 | free(ctxt); |
697 | return (NULL); | 695 | return (NULL); |
698 | } | 696 | } |
699 | ctxt->pam_psock = socks[0]; | 697 | ctxt->pam_psock = socks[0]; |
@@ -703,7 +701,7 @@ sshpam_init_ctx(Authctxt *authctxt) | |||
703 | strerror(errno)); | 701 | strerror(errno)); |
704 | close(socks[0]); | 702 | close(socks[0]); |
705 | close(socks[1]); | 703 | close(socks[1]); |
706 | xfree(ctxt); | 704 | free(ctxt); |
707 | return (NULL); | 705 | return (NULL); |
708 | } | 706 | } |
709 | cleanup_ctxt = ctxt; | 707 | cleanup_ctxt = ctxt; |
@@ -742,7 +740,7 @@ sshpam_query(void *ctx, char **name, char **info, | |||
742 | strlcpy(**prompts + plen, msg, len - plen); | 740 | strlcpy(**prompts + plen, msg, len - plen); |
743 | plen += mlen; | 741 | plen += mlen; |
744 | **echo_on = (type == PAM_PROMPT_ECHO_ON); | 742 | **echo_on = (type == PAM_PROMPT_ECHO_ON); |
745 | xfree(msg); | 743 | free(msg); |
746 | return (0); | 744 | return (0); |
747 | case PAM_ERROR_MSG: | 745 | case PAM_ERROR_MSG: |
748 | case PAM_TEXT_INFO: | 746 | case PAM_TEXT_INFO: |
@@ -753,7 +751,7 @@ sshpam_query(void *ctx, char **name, char **info, | |||
753 | plen += mlen; | 751 | plen += mlen; |
754 | strlcat(**prompts + plen, "\n", len - plen); | 752 | strlcat(**prompts + plen, "\n", len - plen); |
755 | plen++; | 753 | plen++; |
756 | xfree(msg); | 754 | free(msg); |
757 | break; | 755 | break; |
758 | case PAM_ACCT_EXPIRED: | 756 | case PAM_ACCT_EXPIRED: |
759 | sshpam_account_status = 0; | 757 | sshpam_account_status = 0; |
@@ -766,7 +764,7 @@ sshpam_query(void *ctx, char **name, char **info, | |||
766 | *num = 0; | 764 | *num = 0; |
767 | **echo_on = 0; | 765 | **echo_on = 0; |
768 | ctxt->pam_done = -1; | 766 | ctxt->pam_done = -1; |
769 | xfree(msg); | 767 | free(msg); |
770 | return 0; | 768 | return 0; |
771 | } | 769 | } |
772 | /* FALLTHROUGH */ | 770 | /* FALLTHROUGH */ |
@@ -776,7 +774,7 @@ sshpam_query(void *ctx, char **name, char **info, | |||
776 | debug("PAM: %s", **prompts); | 774 | debug("PAM: %s", **prompts); |
777 | buffer_append(&loginmsg, **prompts, | 775 | buffer_append(&loginmsg, **prompts, |
778 | strlen(**prompts)); | 776 | strlen(**prompts)); |
779 | xfree(**prompts); | 777 | free(**prompts); |
780 | **prompts = NULL; | 778 | **prompts = NULL; |
781 | } | 779 | } |
782 | if (type == PAM_SUCCESS) { | 780 | if (type == PAM_SUCCESS) { |
@@ -790,7 +788,7 @@ sshpam_query(void *ctx, char **name, char **info, | |||
790 | *num = 0; | 788 | *num = 0; |
791 | **echo_on = 0; | 789 | **echo_on = 0; |
792 | ctxt->pam_done = 1; | 790 | ctxt->pam_done = 1; |
793 | xfree(msg); | 791 | free(msg); |
794 | return (0); | 792 | return (0); |
795 | } | 793 | } |
796 | error("PAM: %s for %s%.100s from %.100s", msg, | 794 | error("PAM: %s for %s%.100s from %.100s", msg, |
@@ -801,7 +799,7 @@ sshpam_query(void *ctx, char **name, char **info, | |||
801 | default: | 799 | default: |
802 | *num = 0; | 800 | *num = 0; |
803 | **echo_on = 0; | 801 | **echo_on = 0; |
804 | xfree(msg); | 802 | free(msg); |
805 | ctxt->pam_done = -1; | 803 | ctxt->pam_done = -1; |
806 | return (-1); | 804 | return (-1); |
807 | } | 805 | } |
@@ -852,7 +850,7 @@ sshpam_free_ctx(void *ctxtp) | |||
852 | 850 | ||
853 | debug3("PAM: %s entering", __func__); | 851 | debug3("PAM: %s entering", __func__); |
854 | sshpam_thread_cleanup(); | 852 | sshpam_thread_cleanup(); |
855 | xfree(ctxt); | 853 | free(ctxt); |
856 | /* | 854 | /* |
857 | * We don't call sshpam_cleanup() here because we may need the PAM | 855 | * We don't call sshpam_cleanup() here because we may need the PAM |
858 | * handle at a later stage, e.g. when setting up a session. It's | 856 | * handle at a later stage, e.g. when setting up a session. It's |
@@ -1006,10 +1004,9 @@ sshpam_tty_conv(int n, sshpam_const struct pam_message **msg, | |||
1006 | 1004 | ||
1007 | fail: | 1005 | fail: |
1008 | for(i = 0; i < n; i++) { | 1006 | for(i = 0; i < n; i++) { |
1009 | if (reply[i].resp != NULL) | 1007 | free(reply[i].resp); |
1010 | xfree(reply[i].resp); | ||
1011 | } | 1008 | } |
1012 | xfree(reply); | 1009 | free(reply); |
1013 | return (PAM_CONV_ERR); | 1010 | return (PAM_CONV_ERR); |
1014 | } | 1011 | } |
1015 | 1012 | ||
@@ -1081,7 +1078,7 @@ do_pam_putenv(char *name, char *value) | |||
1081 | 1078 | ||
1082 | snprintf(compound, len, "%s=%s", name, value); | 1079 | snprintf(compound, len, "%s=%s", name, value); |
1083 | ret = pam_putenv(sshpam_handle, compound); | 1080 | ret = pam_putenv(sshpam_handle, compound); |
1084 | xfree(compound); | 1081 | free(compound); |
1085 | #endif | 1082 | #endif |
1086 | 1083 | ||
1087 | return (ret); | 1084 | return (ret); |
@@ -1108,8 +1105,8 @@ free_pam_environment(char **env) | |||
1108 | return; | 1105 | return; |
1109 | 1106 | ||
1110 | for (envp = env; *envp; envp++) | 1107 | for (envp = env; *envp; envp++) |
1111 | xfree(*envp); | 1108 | free(*envp); |
1112 | xfree(env); | 1109 | free(env); |
1113 | } | 1110 | } |
1114 | 1111 | ||
1115 | /* | 1112 | /* |
@@ -1165,10 +1162,9 @@ sshpam_passwd_conv(int n, sshpam_const struct pam_message **msg, | |||
1165 | 1162 | ||
1166 | fail: | 1163 | fail: |
1167 | for(i = 0; i < n; i++) { | 1164 | for(i = 0; i < n; i++) { |
1168 | if (reply[i].resp != NULL) | 1165 | free(reply[i].resp); |
1169 | xfree(reply[i].resp); | ||
1170 | } | 1166 | } |
1171 | xfree(reply); | 1167 | free(reply); |
1172 | return (PAM_CONV_ERR); | 1168 | return (PAM_CONV_ERR); |
1173 | } | 1169 | } |
1174 | 1170 | ||
diff --git a/auth-rsa.c b/auth-rsa.c index 2c8a7cb35..545aa496a 100644 --- a/auth-rsa.c +++ b/auth-rsa.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth-rsa.c,v 1.81 2012/10/30 21:29:54 djm Exp $ */ | 1 | /* $OpenBSD: auth-rsa.c,v 1.85 2013/07/12 00:19:58 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -164,9 +164,8 @@ static int | |||
164 | rsa_key_allowed_in_file(struct passwd *pw, char *file, | 164 | rsa_key_allowed_in_file(struct passwd *pw, char *file, |
165 | const BIGNUM *client_n, Key **rkey) | 165 | const BIGNUM *client_n, Key **rkey) |
166 | { | 166 | { |
167 | char line[SSH_MAX_PUBKEY_BYTES]; | 167 | char *fp, line[SSH_MAX_PUBKEY_BYTES]; |
168 | int allowed = 0; | 168 | int allowed = 0, bits; |
169 | u_int bits; | ||
170 | FILE *f; | 169 | FILE *f; |
171 | u_long linenum = 0; | 170 | u_long linenum = 0; |
172 | Key *key; | 171 | Key *key; |
@@ -227,11 +226,16 @@ rsa_key_allowed_in_file(struct passwd *pw, char *file, | |||
227 | 226 | ||
228 | /* check the real bits */ | 227 | /* check the real bits */ |
229 | keybits = BN_num_bits(key->rsa->n); | 228 | keybits = BN_num_bits(key->rsa->n); |
230 | if (keybits < 0 || bits != (u_int)keybits) | 229 | if (keybits < 0 || bits != keybits) |
231 | logit("Warning: %s, line %lu: keysize mismatch: " | 230 | logit("Warning: %s, line %lu: keysize mismatch: " |
232 | "actual %d vs. announced %d.", | 231 | "actual %d vs. announced %d.", |
233 | file, linenum, BN_num_bits(key->rsa->n), bits); | 232 | file, linenum, BN_num_bits(key->rsa->n), bits); |
234 | 233 | ||
234 | fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); | ||
235 | debug("matching key found: file %s, line %lu %s %s", | ||
236 | file, linenum, key_type(key), fp); | ||
237 | free(fp); | ||
238 | |||
235 | /* Never accept a revoked key */ | 239 | /* Never accept a revoked key */ |
236 | if (auth_key_is_revoked(key)) | 240 | if (auth_key_is_revoked(key)) |
237 | break; | 241 | break; |
@@ -281,7 +285,7 @@ auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey) | |||
281 | file = expand_authorized_keys( | 285 | file = expand_authorized_keys( |
282 | options.authorized_keys_files[i], pw); | 286 | options.authorized_keys_files[i], pw); |
283 | allowed = rsa_key_allowed_in_file(pw, file, client_n, rkey); | 287 | allowed = rsa_key_allowed_in_file(pw, file, client_n, rkey); |
284 | xfree(file); | 288 | free(file); |
285 | } | 289 | } |
286 | 290 | ||
287 | restore_uid(); | 291 | restore_uid(); |
@@ -298,7 +302,6 @@ int | |||
298 | auth_rsa(Authctxt *authctxt, BIGNUM *client_n) | 302 | auth_rsa(Authctxt *authctxt, BIGNUM *client_n) |
299 | { | 303 | { |
300 | Key *key; | 304 | Key *key; |
301 | char *fp; | ||
302 | struct passwd *pw = authctxt->pw; | 305 | struct passwd *pw = authctxt->pw; |
303 | 306 | ||
304 | /* no user given */ | 307 | /* no user given */ |
@@ -328,11 +331,7 @@ auth_rsa(Authctxt *authctxt, BIGNUM *client_n) | |||
328 | * options; this will be reset if the options cause the | 331 | * options; this will be reset if the options cause the |
329 | * authentication to be rejected. | 332 | * authentication to be rejected. |
330 | */ | 333 | */ |
331 | fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); | 334 | pubkey_auth_info(authctxt, key, NULL); |
332 | verbose("Found matching %s key: %s", | ||
333 | key_type(key), fp); | ||
334 | xfree(fp); | ||
335 | key_free(key); | ||
336 | 335 | ||
337 | packet_send_debug("RSA authentication accepted."); | 336 | packet_send_debug("RSA authentication accepted."); |
338 | return (1); | 337 | return (1); |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth.c,v 1.101 2013/02/06 00:22:21 dtucker Exp $ */ | 1 | /* $OpenBSD: auth.c,v 1.103 2013/05/19 02:42:42 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -72,6 +72,7 @@ | |||
72 | #include "authfile.h" | 72 | #include "authfile.h" |
73 | #include "monitor_wrap.h" | 73 | #include "monitor_wrap.h" |
74 | #include "krl.h" | 74 | #include "krl.h" |
75 | #include "compat.h" | ||
75 | 76 | ||
76 | /* import */ | 77 | /* import */ |
77 | extern ServerOptions options; | 78 | extern ServerOptions options; |
@@ -165,17 +166,17 @@ allowed_user(struct passwd * pw) | |||
165 | if (stat(shell, &st) != 0) { | 166 | if (stat(shell, &st) != 0) { |
166 | logit("User %.100s not allowed because shell %.100s " | 167 | logit("User %.100s not allowed because shell %.100s " |
167 | "does not exist", pw->pw_name, shell); | 168 | "does not exist", pw->pw_name, shell); |
168 | xfree(shell); | 169 | free(shell); |
169 | return 0; | 170 | return 0; |
170 | } | 171 | } |
171 | if (S_ISREG(st.st_mode) == 0 || | 172 | if (S_ISREG(st.st_mode) == 0 || |
172 | (st.st_mode & (S_IXOTH|S_IXUSR|S_IXGRP)) == 0) { | 173 | (st.st_mode & (S_IXOTH|S_IXUSR|S_IXGRP)) == 0) { |
173 | logit("User %.100s not allowed because shell %.100s " | 174 | logit("User %.100s not allowed because shell %.100s " |
174 | "is not executable", pw->pw_name, shell); | 175 | "is not executable", pw->pw_name, shell); |
175 | xfree(shell); | 176 | free(shell); |
176 | return 0; | 177 | return 0; |
177 | } | 178 | } |
178 | xfree(shell); | 179 | free(shell); |
179 | } | 180 | } |
180 | 181 | ||
181 | if (options.num_deny_users > 0 || options.num_allow_users > 0 || | 182 | if (options.num_deny_users > 0 || options.num_allow_users > 0 || |
@@ -252,8 +253,25 @@ allowed_user(struct passwd * pw) | |||
252 | } | 253 | } |
253 | 254 | ||
254 | void | 255 | void |
256 | auth_info(Authctxt *authctxt, const char *fmt, ...) | ||
257 | { | ||
258 | va_list ap; | ||
259 | int i; | ||
260 | |||
261 | free(authctxt->info); | ||
262 | authctxt->info = NULL; | ||
263 | |||
264 | va_start(ap, fmt); | ||
265 | i = vasprintf(&authctxt->info, fmt, ap); | ||
266 | va_end(ap); | ||
267 | |||
268 | if (i < 0 || authctxt->info == NULL) | ||
269 | fatal("vasprintf failed"); | ||
270 | } | ||
271 | |||
272 | void | ||
255 | auth_log(Authctxt *authctxt, int authenticated, int partial, | 273 | auth_log(Authctxt *authctxt, int authenticated, int partial, |
256 | const char *method, const char *submethod, const char *info) | 274 | const char *method, const char *submethod) |
257 | { | 275 | { |
258 | void (*authlog) (const char *fmt,...) = verbose; | 276 | void (*authlog) (const char *fmt,...) = verbose; |
259 | char *authmsg; | 277 | char *authmsg; |
@@ -275,7 +293,7 @@ auth_log(Authctxt *authctxt, int authenticated, int partial, | |||
275 | else | 293 | else |
276 | authmsg = authenticated ? "Accepted" : "Failed"; | 294 | authmsg = authenticated ? "Accepted" : "Failed"; |
277 | 295 | ||
278 | authlog("%s %s%s%s for %s%.100s from %.200s port %d%s", | 296 | authlog("%s %s%s%s for %s%.100s from %.200s port %d %s%s%s", |
279 | authmsg, | 297 | authmsg, |
280 | method, | 298 | method, |
281 | submethod != NULL ? "/" : "", submethod == NULL ? "" : submethod, | 299 | submethod != NULL ? "/" : "", submethod == NULL ? "" : submethod, |
@@ -283,7 +301,11 @@ auth_log(Authctxt *authctxt, int authenticated, int partial, | |||
283 | authctxt->user, | 301 | authctxt->user, |
284 | get_remote_ipaddr(), | 302 | get_remote_ipaddr(), |
285 | get_remote_port(), | 303 | get_remote_port(), |
286 | info); | 304 | compat20 ? "ssh2" : "ssh1", |
305 | authctxt->info != NULL ? ": " : "", | ||
306 | authctxt->info != NULL ? authctxt->info : ""); | ||
307 | free(authctxt->info); | ||
308 | authctxt->info = NULL; | ||
287 | 309 | ||
288 | #ifdef CUSTOM_FAILED_LOGIN | 310 | #ifdef CUSTOM_FAILED_LOGIN |
289 | if (authenticated == 0 && !authctxt->postponed && | 311 | if (authenticated == 0 && !authctxt->postponed && |
@@ -355,7 +377,7 @@ expand_authorized_keys(const char *filename, struct passwd *pw) | |||
355 | i = snprintf(ret, sizeof(ret), "%s/%s", pw->pw_dir, file); | 377 | i = snprintf(ret, sizeof(ret), "%s/%s", pw->pw_dir, file); |
356 | if (i < 0 || (size_t)i >= sizeof(ret)) | 378 | if (i < 0 || (size_t)i >= sizeof(ret)) |
357 | fatal("expand_authorized_keys: path too long"); | 379 | fatal("expand_authorized_keys: path too long"); |
358 | xfree(file); | 380 | free(file); |
359 | return (xstrdup(ret)); | 381 | return (xstrdup(ret)); |
360 | } | 382 | } |
361 | 383 | ||
@@ -397,7 +419,7 @@ check_key_in_hostfiles(struct passwd *pw, Key *key, const char *host, | |||
397 | load_hostkeys(hostkeys, host, user_hostfile); | 419 | load_hostkeys(hostkeys, host, user_hostfile); |
398 | restore_uid(); | 420 | restore_uid(); |
399 | } | 421 | } |
400 | xfree(user_hostfile); | 422 | free(user_hostfile); |
401 | } | 423 | } |
402 | host_status = check_key_in_hostkeys(hostkeys, key, &found); | 424 | host_status = check_key_in_hostkeys(hostkeys, key, &found); |
403 | if (host_status == HOST_REVOKED) | 425 | if (host_status == HOST_REVOKED) |
@@ -666,7 +688,7 @@ auth_key_is_revoked(Key *key) | |||
666 | key_fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); | 688 | key_fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); |
667 | error("WARNING: authentication attempt with a revoked " | 689 | error("WARNING: authentication attempt with a revoked " |
668 | "%s key %s ", key_type(key), key_fp); | 690 | "%s key %s ", key_type(key), key_fp); |
669 | xfree(key_fp); | 691 | free(key_fp); |
670 | return 1; | 692 | return 1; |
671 | } | 693 | } |
672 | fatal("key_in_file returned junk"); | 694 | fatal("key_in_file returned junk"); |
@@ -697,7 +719,7 @@ auth_debug_send(void) | |||
697 | while (buffer_len(&auth_debug)) { | 719 | while (buffer_len(&auth_debug)) { |
698 | msg = buffer_get_string(&auth_debug, NULL); | 720 | msg = buffer_get_string(&auth_debug, NULL); |
699 | packet_send_debug("%s", msg); | 721 | packet_send_debug("%s", msg); |
700 | xfree(msg); | 722 | free(msg); |
701 | } | 723 | } |
702 | } | 724 | } |
703 | 725 | ||
@@ -721,10 +743,12 @@ fakepw(void) | |||
721 | fake.pw_name = "NOUSER"; | 743 | fake.pw_name = "NOUSER"; |
722 | fake.pw_passwd = | 744 | fake.pw_passwd = |
723 | "$2a$06$r3.juUaHZDlIbQaO2dS9FuYxL1W9M81R1Tc92PoSNmzvpEqLkLGrK"; | 745 | "$2a$06$r3.juUaHZDlIbQaO2dS9FuYxL1W9M81R1Tc92PoSNmzvpEqLkLGrK"; |
746 | #ifdef HAVE_STRUCT_PASSWD_PW_GECOS | ||
724 | fake.pw_gecos = "NOUSER"; | 747 | fake.pw_gecos = "NOUSER"; |
748 | #endif | ||
725 | fake.pw_uid = privsep_pw == NULL ? (uid_t)-1 : privsep_pw->pw_uid; | 749 | fake.pw_uid = privsep_pw == NULL ? (uid_t)-1 : privsep_pw->pw_uid; |
726 | fake.pw_gid = privsep_pw == NULL ? (gid_t)-1 : privsep_pw->pw_gid; | 750 | fake.pw_gid = privsep_pw == NULL ? (gid_t)-1 : privsep_pw->pw_gid; |
727 | #ifdef HAVE_PW_CLASS_IN_PASSWD | 751 | #ifdef HAVE_STRUCT_PASSWD_PW_CLASS |
728 | fake.pw_class = ""; | 752 | fake.pw_class = ""; |
729 | #endif | 753 | #endif |
730 | fake.pw_dir = "/nonexist"; | 754 | fake.pw_dir = "/nonexist"; |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth.h,v 1.72 2012/12/02 20:34:09 djm Exp $ */ | 1 | /* $OpenBSD: auth.h,v 1.76 2013/07/19 07:37:48 markus Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
@@ -60,6 +60,7 @@ struct Authctxt { | |||
60 | struct passwd *pw; /* set if 'valid' */ | 60 | struct passwd *pw; /* set if 'valid' */ |
61 | char *style; | 61 | char *style; |
62 | void *kbdintctxt; | 62 | void *kbdintctxt; |
63 | char *info; /* Extra info for next auth_log */ | ||
63 | void *jpake_ctx; | 64 | void *jpake_ctx; |
64 | #ifdef BSD_AUTH | 65 | #ifdef BSD_AUTH |
65 | auth_session_t *as; | 66 | auth_session_t *as; |
@@ -121,6 +122,8 @@ int auth_rsa_key_allowed(struct passwd *, BIGNUM *, Key **); | |||
121 | int auth_rhosts_rsa_key_allowed(struct passwd *, char *, char *, Key *); | 122 | int auth_rhosts_rsa_key_allowed(struct passwd *, char *, char *, Key *); |
122 | int hostbased_key_allowed(struct passwd *, const char *, char *, Key *); | 123 | int hostbased_key_allowed(struct passwd *, const char *, char *, Key *); |
123 | int user_key_allowed(struct passwd *, Key *); | 124 | int user_key_allowed(struct passwd *, Key *); |
125 | void pubkey_auth_info(Authctxt *, const Key *, const char *, ...) | ||
126 | __attribute__((__format__ (printf, 3, 4))); | ||
124 | 127 | ||
125 | struct stat; | 128 | struct stat; |
126 | int auth_secure_path(const char *, struct stat *, const char *, uid_t, | 129 | int auth_secure_path(const char *, struct stat *, const char *, uid_t, |
@@ -148,8 +151,10 @@ void disable_forwarding(void); | |||
148 | void do_authentication(Authctxt *); | 151 | void do_authentication(Authctxt *); |
149 | void do_authentication2(Authctxt *); | 152 | void do_authentication2(Authctxt *); |
150 | 153 | ||
151 | void auth_log(Authctxt *, int, int, const char *, const char *, | 154 | void auth_info(Authctxt *authctxt, const char *, ...) |
152 | const char *); | 155 | __attribute__((__format__ (printf, 2, 3))) |
156 | __attribute__((__nonnull__ (2))); | ||
157 | void auth_log(Authctxt *, int, int, const char *, const char *); | ||
153 | void userauth_finish(Authctxt *, int, const char *, const char *); | 158 | void userauth_finish(Authctxt *, int, const char *, const char *); |
154 | int auth_root_allowed(const char *); | 159 | int auth_root_allowed(const char *); |
155 | 160 | ||
@@ -157,8 +162,9 @@ void userauth_send_banner(const char *); | |||
157 | 162 | ||
158 | char *auth2_read_banner(void); | 163 | char *auth2_read_banner(void); |
159 | int auth2_methods_valid(const char *, int); | 164 | int auth2_methods_valid(const char *, int); |
160 | int auth2_update_methods_lists(Authctxt *, const char *); | 165 | int auth2_update_methods_lists(Authctxt *, const char *, const char *); |
161 | int auth2_setup_methods_lists(Authctxt *); | 166 | int auth2_setup_methods_lists(Authctxt *); |
167 | int auth2_method_allowed(Authctxt *, const char *, const char *); | ||
162 | 168 | ||
163 | void privsep_challenge_enable(void); | 169 | void privsep_challenge_enable(void); |
164 | 170 | ||
@@ -192,10 +198,12 @@ check_key_in_hostfiles(struct passwd *, Key *, const char *, | |||
192 | 198 | ||
193 | /* hostkey handling */ | 199 | /* hostkey handling */ |
194 | Key *get_hostkey_by_index(int); | 200 | Key *get_hostkey_by_index(int); |
201 | Key *get_hostkey_public_by_index(int); | ||
195 | Key *get_hostkey_public_by_type(int); | 202 | Key *get_hostkey_public_by_type(int); |
196 | Key *get_hostkey_private_by_type(int); | 203 | Key *get_hostkey_private_by_type(int); |
197 | int get_hostkey_index(Key *); | 204 | int get_hostkey_index(Key *); |
198 | int ssh1_session_key(BIGNUM *); | 205 | int ssh1_session_key(BIGNUM *); |
206 | void sshd_hostkey_sign(Key *, Key *, u_char **, u_int *, u_char *, u_int); | ||
199 | 207 | ||
200 | /* debug messages during authentication */ | 208 | /* debug messages during authentication */ |
201 | void auth_debug_add(const char *fmt,...) __attribute__((format(printf, 1, 2))); | 209 | void auth_debug_add(const char *fmt,...) __attribute__((format(printf, 1, 2))); |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth1.c,v 1.77 2012/12/02 20:34:09 djm Exp $ */ | 1 | /* $OpenBSD: auth1.c,v 1.79 2013/05/19 02:42:42 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
4 | * All rights reserved | 4 | * All rights reserved |
@@ -45,11 +45,11 @@ | |||
45 | extern ServerOptions options; | 45 | extern ServerOptions options; |
46 | extern Buffer loginmsg; | 46 | extern Buffer loginmsg; |
47 | 47 | ||
48 | static int auth1_process_password(Authctxt *, char *, size_t); | 48 | static int auth1_process_password(Authctxt *); |
49 | static int auth1_process_rsa(Authctxt *, char *, size_t); | 49 | static int auth1_process_rsa(Authctxt *); |
50 | static int auth1_process_rhosts_rsa(Authctxt *, char *, size_t); | 50 | static int auth1_process_rhosts_rsa(Authctxt *); |
51 | static int auth1_process_tis_challenge(Authctxt *, char *, size_t); | 51 | static int auth1_process_tis_challenge(Authctxt *); |
52 | static int auth1_process_tis_response(Authctxt *, char *, size_t); | 52 | static int auth1_process_tis_response(Authctxt *); |
53 | 53 | ||
54 | static char *client_user = NULL; /* Used to fill in remote user for PAM */ | 54 | static char *client_user = NULL; /* Used to fill in remote user for PAM */ |
55 | 55 | ||
@@ -57,7 +57,7 @@ struct AuthMethod1 { | |||
57 | int type; | 57 | int type; |
58 | char *name; | 58 | char *name; |
59 | int *enabled; | 59 | int *enabled; |
60 | int (*method)(Authctxt *, char *, size_t); | 60 | int (*method)(Authctxt *); |
61 | }; | 61 | }; |
62 | 62 | ||
63 | const struct AuthMethod1 auth1_methods[] = { | 63 | const struct AuthMethod1 auth1_methods[] = { |
@@ -112,7 +112,7 @@ get_authname(int type) | |||
112 | 112 | ||
113 | /*ARGSUSED*/ | 113 | /*ARGSUSED*/ |
114 | static int | 114 | static int |
115 | auth1_process_password(Authctxt *authctxt, char *info, size_t infolen) | 115 | auth1_process_password(Authctxt *authctxt) |
116 | { | 116 | { |
117 | int authenticated = 0; | 117 | int authenticated = 0; |
118 | char *password; | 118 | char *password; |
@@ -130,14 +130,14 @@ auth1_process_password(Authctxt *authctxt, char *info, size_t infolen) | |||
130 | authenticated = PRIVSEP(auth_password(authctxt, password)); | 130 | authenticated = PRIVSEP(auth_password(authctxt, password)); |
131 | 131 | ||
132 | memset(password, 0, dlen); | 132 | memset(password, 0, dlen); |
133 | xfree(password); | 133 | free(password); |
134 | 134 | ||
135 | return (authenticated); | 135 | return (authenticated); |
136 | } | 136 | } |
137 | 137 | ||
138 | /*ARGSUSED*/ | 138 | /*ARGSUSED*/ |
139 | static int | 139 | static int |
140 | auth1_process_rsa(Authctxt *authctxt, char *info, size_t infolen) | 140 | auth1_process_rsa(Authctxt *authctxt) |
141 | { | 141 | { |
142 | int authenticated = 0; | 142 | int authenticated = 0; |
143 | BIGNUM *n; | 143 | BIGNUM *n; |
@@ -155,7 +155,7 @@ auth1_process_rsa(Authctxt *authctxt, char *info, size_t infolen) | |||
155 | 155 | ||
156 | /*ARGSUSED*/ | 156 | /*ARGSUSED*/ |
157 | static int | 157 | static int |
158 | auth1_process_rhosts_rsa(Authctxt *authctxt, char *info, size_t infolen) | 158 | auth1_process_rhosts_rsa(Authctxt *authctxt) |
159 | { | 159 | { |
160 | int keybits, authenticated = 0; | 160 | int keybits, authenticated = 0; |
161 | u_int bits; | 161 | u_int bits; |
@@ -187,14 +187,14 @@ auth1_process_rhosts_rsa(Authctxt *authctxt, char *info, size_t infolen) | |||
187 | client_host_key); | 187 | client_host_key); |
188 | key_free(client_host_key); | 188 | key_free(client_host_key); |
189 | 189 | ||
190 | snprintf(info, infolen, " ruser %.100s", client_user); | 190 | auth_info(authctxt, "ruser %.100s", client_user); |
191 | 191 | ||
192 | return (authenticated); | 192 | return (authenticated); |
193 | } | 193 | } |
194 | 194 | ||
195 | /*ARGSUSED*/ | 195 | /*ARGSUSED*/ |
196 | static int | 196 | static int |
197 | auth1_process_tis_challenge(Authctxt *authctxt, char *info, size_t infolen) | 197 | auth1_process_tis_challenge(Authctxt *authctxt) |
198 | { | 198 | { |
199 | char *challenge; | 199 | char *challenge; |
200 | 200 | ||
@@ -204,7 +204,7 @@ auth1_process_tis_challenge(Authctxt *authctxt, char *info, size_t infolen) | |||
204 | debug("sending challenge '%s'", challenge); | 204 | debug("sending challenge '%s'", challenge); |
205 | packet_start(SSH_SMSG_AUTH_TIS_CHALLENGE); | 205 | packet_start(SSH_SMSG_AUTH_TIS_CHALLENGE); |
206 | packet_put_cstring(challenge); | 206 | packet_put_cstring(challenge); |
207 | xfree(challenge); | 207 | free(challenge); |
208 | packet_send(); | 208 | packet_send(); |
209 | packet_write_wait(); | 209 | packet_write_wait(); |
210 | 210 | ||
@@ -213,7 +213,7 @@ auth1_process_tis_challenge(Authctxt *authctxt, char *info, size_t infolen) | |||
213 | 213 | ||
214 | /*ARGSUSED*/ | 214 | /*ARGSUSED*/ |
215 | static int | 215 | static int |
216 | auth1_process_tis_response(Authctxt *authctxt, char *info, size_t infolen) | 216 | auth1_process_tis_response(Authctxt *authctxt) |
217 | { | 217 | { |
218 | int authenticated = 0; | 218 | int authenticated = 0; |
219 | char *response; | 219 | char *response; |
@@ -223,7 +223,7 @@ auth1_process_tis_response(Authctxt *authctxt, char *info, size_t infolen) | |||
223 | packet_check_eom(); | 223 | packet_check_eom(); |
224 | authenticated = verify_response(authctxt, response); | 224 | authenticated = verify_response(authctxt, response); |
225 | memset(response, 'r', dlen); | 225 | memset(response, 'r', dlen); |
226 | xfree(response); | 226 | free(response); |
227 | 227 | ||
228 | return (authenticated); | 228 | return (authenticated); |
229 | } | 229 | } |
@@ -236,7 +236,6 @@ static void | |||
236 | do_authloop(Authctxt *authctxt) | 236 | do_authloop(Authctxt *authctxt) |
237 | { | 237 | { |
238 | int authenticated = 0; | 238 | int authenticated = 0; |
239 | char info[1024]; | ||
240 | int prev = 0, type = 0; | 239 | int prev = 0, type = 0; |
241 | const struct AuthMethod1 *meth; | 240 | const struct AuthMethod1 *meth; |
242 | 241 | ||
@@ -254,7 +253,7 @@ do_authloop(Authctxt *authctxt) | |||
254 | #endif | 253 | #endif |
255 | { | 254 | { |
256 | auth_log(authctxt, 1, 0, "without authentication", | 255 | auth_log(authctxt, 1, 0, "without authentication", |
257 | NULL, ""); | 256 | NULL); |
258 | return; | 257 | return; |
259 | } | 258 | } |
260 | } | 259 | } |
@@ -268,7 +267,6 @@ do_authloop(Authctxt *authctxt) | |||
268 | /* default to fail */ | 267 | /* default to fail */ |
269 | authenticated = 0; | 268 | authenticated = 0; |
270 | 269 | ||
271 | info[0] = '\0'; | ||
272 | 270 | ||
273 | /* Get a packet from the client. */ | 271 | /* Get a packet from the client. */ |
274 | prev = type; | 272 | prev = type; |
@@ -298,7 +296,7 @@ do_authloop(Authctxt *authctxt) | |||
298 | goto skip; | 296 | goto skip; |
299 | } | 297 | } |
300 | 298 | ||
301 | authenticated = meth->method(authctxt, info, sizeof(info)); | 299 | authenticated = meth->method(authctxt); |
302 | if (authenticated == -1) | 300 | if (authenticated == -1) |
303 | continue; /* "postponed" */ | 301 | continue; /* "postponed" */ |
304 | 302 | ||
@@ -353,13 +351,10 @@ do_authloop(Authctxt *authctxt) | |||
353 | 351 | ||
354 | skip: | 352 | skip: |
355 | /* Log before sending the reply */ | 353 | /* Log before sending the reply */ |
356 | auth_log(authctxt, authenticated, 0, get_authname(type), | 354 | auth_log(authctxt, authenticated, 0, get_authname(type), NULL); |
357 | NULL, info); | ||
358 | 355 | ||
359 | if (client_user != NULL) { | 356 | free(client_user); |
360 | xfree(client_user); | 357 | client_user = NULL; |
361 | client_user = NULL; | ||
362 | } | ||
363 | 358 | ||
364 | if (authenticated) | 359 | if (authenticated) |
365 | return; | 360 | return; |
diff --git a/auth2-chall.c b/auth2-chall.c index 6505d4009..98f3093ce 100644 --- a/auth2-chall.c +++ b/auth2-chall.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth2-chall.c,v 1.36 2012/12/03 00:14:06 djm Exp $ */ | 1 | /* $OpenBSD: auth2-chall.c,v 1.38 2013/05/17 00:13:13 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. |
4 | * Copyright (c) 2001 Per Allansson. All rights reserved. | 4 | * Copyright (c) 2001 Per Allansson. All rights reserved. |
@@ -147,15 +147,13 @@ kbdint_free(KbdintAuthctxt *kbdintctxt) | |||
147 | { | 147 | { |
148 | if (kbdintctxt->device) | 148 | if (kbdintctxt->device) |
149 | kbdint_reset_device(kbdintctxt); | 149 | kbdint_reset_device(kbdintctxt); |
150 | if (kbdintctxt->devices) { | 150 | free(kbdintctxt->devices); |
151 | xfree(kbdintctxt->devices); | 151 | bzero(kbdintctxt, sizeof(*kbdintctxt)); |
152 | kbdintctxt->devices = NULL; | 152 | free(kbdintctxt); |
153 | } | ||
154 | xfree(kbdintctxt); | ||
155 | } | 153 | } |
156 | /* get next device */ | 154 | /* get next device */ |
157 | static int | 155 | static int |
158 | kbdint_next_device(KbdintAuthctxt *kbdintctxt) | 156 | kbdint_next_device(Authctxt *authctxt, KbdintAuthctxt *kbdintctxt) |
159 | { | 157 | { |
160 | size_t len; | 158 | size_t len; |
161 | char *t; | 159 | char *t; |
@@ -169,12 +167,16 @@ kbdint_next_device(KbdintAuthctxt *kbdintctxt) | |||
169 | 167 | ||
170 | if (len == 0) | 168 | if (len == 0) |
171 | break; | 169 | break; |
172 | for (i = 0; devices[i]; i++) | 170 | for (i = 0; devices[i]; i++) { |
171 | if (!auth2_method_allowed(authctxt, | ||
172 | "keyboard-interactive", devices[i]->name)) | ||
173 | continue; | ||
173 | if (strncmp(kbdintctxt->devices, devices[i]->name, len) == 0) | 174 | if (strncmp(kbdintctxt->devices, devices[i]->name, len) == 0) |
174 | kbdintctxt->device = devices[i]; | 175 | kbdintctxt->device = devices[i]; |
176 | } | ||
175 | t = kbdintctxt->devices; | 177 | t = kbdintctxt->devices; |
176 | kbdintctxt->devices = t[len] ? xstrdup(t+len+1) : NULL; | 178 | kbdintctxt->devices = t[len] ? xstrdup(t+len+1) : NULL; |
177 | xfree(t); | 179 | free(t); |
178 | debug2("kbdint_next_device: devices %s", kbdintctxt->devices ? | 180 | debug2("kbdint_next_device: devices %s", kbdintctxt->devices ? |
179 | kbdintctxt->devices : "<empty>"); | 181 | kbdintctxt->devices : "<empty>"); |
180 | } while (kbdintctxt->devices && !kbdintctxt->device); | 182 | } while (kbdintctxt->devices && !kbdintctxt->device); |
@@ -221,7 +223,7 @@ auth2_challenge_start(Authctxt *authctxt) | |||
221 | debug2("auth2_challenge_start: devices %s", | 223 | debug2("auth2_challenge_start: devices %s", |
222 | kbdintctxt->devices ? kbdintctxt->devices : "<empty>"); | 224 | kbdintctxt->devices ? kbdintctxt->devices : "<empty>"); |
223 | 225 | ||
224 | if (kbdint_next_device(kbdintctxt) == 0) { | 226 | if (kbdint_next_device(authctxt, kbdintctxt) == 0) { |
225 | auth2_challenge_stop(authctxt); | 227 | auth2_challenge_stop(authctxt); |
226 | return 0; | 228 | return 0; |
227 | } | 229 | } |
@@ -268,11 +270,11 @@ send_userauth_info_request(Authctxt *authctxt) | |||
268 | packet_write_wait(); | 270 | packet_write_wait(); |
269 | 271 | ||
270 | for (i = 0; i < kbdintctxt->nreq; i++) | 272 | for (i = 0; i < kbdintctxt->nreq; i++) |
271 | xfree(prompts[i]); | 273 | free(prompts[i]); |
272 | xfree(prompts); | 274 | free(prompts); |
273 | xfree(echo_on); | 275 | free(echo_on); |
274 | xfree(name); | 276 | free(name); |
275 | xfree(instr); | 277 | free(instr); |
276 | return 1; | 278 | return 1; |
277 | } | 279 | } |
278 | 280 | ||
@@ -311,10 +313,9 @@ input_userauth_info_response(int type, u_int32_t seq, void *ctxt) | |||
311 | 313 | ||
312 | for (i = 0; i < nresp; i++) { | 314 | for (i = 0; i < nresp; i++) { |
313 | memset(response[i], 'r', strlen(response[i])); | 315 | memset(response[i], 'r', strlen(response[i])); |
314 | xfree(response[i]); | 316 | free(response[i]); |
315 | } | 317 | } |
316 | if (response) | 318 | free(response); |
317 | xfree(response); | ||
318 | 319 | ||
319 | switch (res) { | 320 | switch (res) { |
320 | case 0: | 321 | case 0: |
diff --git a/auth2-gss.c b/auth2-gss.c index 17d4a3a84..3c3cbb966 100644 --- a/auth2-gss.c +++ b/auth2-gss.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth2-gss.c,v 1.18 2012/12/02 20:34:09 djm Exp $ */ | 1 | /* $OpenBSD: auth2-gss.c,v 1.20 2013/05/17 00:13:13 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2001-2007 Simon Wilkinson. All rights reserved. | 4 | * Copyright (c) 2001-2007 Simon Wilkinson. All rights reserved. |
@@ -115,8 +115,7 @@ userauth_gssapi(Authctxt *authctxt) | |||
115 | do { | 115 | do { |
116 | mechs--; | 116 | mechs--; |
117 | 117 | ||
118 | if (doid) | 118 | free(doid); |
119 | xfree(doid); | ||
120 | 119 | ||
121 | present = 0; | 120 | present = 0; |
122 | doid = packet_get_string(&len); | 121 | doid = packet_get_string(&len); |
@@ -135,7 +134,7 @@ userauth_gssapi(Authctxt *authctxt) | |||
135 | gss_release_oid_set(&ms, &supported); | 134 | gss_release_oid_set(&ms, &supported); |
136 | 135 | ||
137 | if (!present) { | 136 | if (!present) { |
138 | xfree(doid); | 137 | free(doid); |
139 | authctxt->server_caused_failure = 1; | 138 | authctxt->server_caused_failure = 1; |
140 | return (0); | 139 | return (0); |
141 | } | 140 | } |
@@ -143,7 +142,7 @@ userauth_gssapi(Authctxt *authctxt) | |||
143 | if (GSS_ERROR(PRIVSEP(ssh_gssapi_server_ctx(&ctxt, &goid)))) { | 142 | if (GSS_ERROR(PRIVSEP(ssh_gssapi_server_ctx(&ctxt, &goid)))) { |
144 | if (ctxt != NULL) | 143 | if (ctxt != NULL) |
145 | ssh_gssapi_delete_ctx(&ctxt); | 144 | ssh_gssapi_delete_ctx(&ctxt); |
146 | xfree(doid); | 145 | free(doid); |
147 | authctxt->server_caused_failure = 1; | 146 | authctxt->server_caused_failure = 1; |
148 | return (0); | 147 | return (0); |
149 | } | 148 | } |
@@ -156,7 +155,7 @@ userauth_gssapi(Authctxt *authctxt) | |||
156 | packet_put_string(doid, len); | 155 | packet_put_string(doid, len); |
157 | 156 | ||
158 | packet_send(); | 157 | packet_send(); |
159 | xfree(doid); | 158 | free(doid); |
160 | 159 | ||
161 | dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, &input_gssapi_token); | 160 | dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, &input_gssapi_token); |
162 | dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, &input_gssapi_errtok); | 161 | dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, &input_gssapi_errtok); |
@@ -187,7 +186,7 @@ input_gssapi_token(int type, u_int32_t plen, void *ctxt) | |||
187 | maj_status = PRIVSEP(ssh_gssapi_accept_ctx(gssctxt, &recv_tok, | 186 | maj_status = PRIVSEP(ssh_gssapi_accept_ctx(gssctxt, &recv_tok, |
188 | &send_tok, &flags)); | 187 | &send_tok, &flags)); |
189 | 188 | ||
190 | xfree(recv_tok.value); | 189 | free(recv_tok.value); |
191 | 190 | ||
192 | if (GSS_ERROR(maj_status)) { | 191 | if (GSS_ERROR(maj_status)) { |
193 | if (send_tok.length != 0) { | 192 | if (send_tok.length != 0) { |
@@ -242,7 +241,7 @@ input_gssapi_errtok(int type, u_int32_t plen, void *ctxt) | |||
242 | maj_status = PRIVSEP(ssh_gssapi_accept_ctx(gssctxt, &recv_tok, | 241 | maj_status = PRIVSEP(ssh_gssapi_accept_ctx(gssctxt, &recv_tok, |
243 | &send_tok, NULL)); | 242 | &send_tok, NULL)); |
244 | 243 | ||
245 | xfree(recv_tok.value); | 244 | free(recv_tok.value); |
246 | 245 | ||
247 | /* We can't return anything to the client, even if we wanted to */ | 246 | /* We can't return anything to the client, even if we wanted to */ |
248 | dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL); | 247 | dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL); |
@@ -263,14 +262,11 @@ static void | |||
263 | input_gssapi_exchange_complete(int type, u_int32_t plen, void *ctxt) | 262 | input_gssapi_exchange_complete(int type, u_int32_t plen, void *ctxt) |
264 | { | 263 | { |
265 | Authctxt *authctxt = ctxt; | 264 | Authctxt *authctxt = ctxt; |
266 | Gssctxt *gssctxt; | ||
267 | int authenticated; | 265 | int authenticated; |
268 | 266 | ||
269 | if (authctxt == NULL || (authctxt->methoddata == NULL && !use_privsep)) | 267 | if (authctxt == NULL || (authctxt->methoddata == NULL && !use_privsep)) |
270 | fatal("No authentication or GSSAPI context"); | 268 | fatal("No authentication or GSSAPI context"); |
271 | 269 | ||
272 | gssctxt = authctxt->methoddata; | ||
273 | |||
274 | /* | 270 | /* |
275 | * We don't need to check the status, because we're only enabled in | 271 | * We don't need to check the status, because we're only enabled in |
276 | * the dispatcher once the exchange is complete | 272 | * the dispatcher once the exchange is complete |
@@ -320,7 +316,7 @@ input_gssapi_mic(int type, u_int32_t plen, void *ctxt) | |||
320 | logit("GSSAPI MIC check failed"); | 316 | logit("GSSAPI MIC check failed"); |
321 | 317 | ||
322 | buffer_free(&b); | 318 | buffer_free(&b); |
323 | xfree(mic.value); | 319 | free(mic.value); |
324 | 320 | ||
325 | authctxt->postponed = 0; | 321 | authctxt->postponed = 0; |
326 | dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL); | 322 | dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL); |
diff --git a/auth2-hostbased.c b/auth2-hostbased.c index cdf442f97..a344dcc1f 100644 --- a/auth2-hostbased.c +++ b/auth2-hostbased.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth2-hostbased.c,v 1.14 2010/08/04 05:42:47 djm Exp $ */ | 1 | /* $OpenBSD: auth2-hostbased.c,v 1.16 2013/06/21 00:34:49 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -116,6 +116,10 @@ userauth_hostbased(Authctxt *authctxt) | |||
116 | #ifdef DEBUG_PK | 116 | #ifdef DEBUG_PK |
117 | buffer_dump(&b); | 117 | buffer_dump(&b); |
118 | #endif | 118 | #endif |
119 | |||
120 | pubkey_auth_info(authctxt, key, | ||
121 | "client user \"%.100s\", client host \"%.100s\"", cuser, chost); | ||
122 | |||
119 | /* test for allowed key and correct signature */ | 123 | /* test for allowed key and correct signature */ |
120 | authenticated = 0; | 124 | authenticated = 0; |
121 | if (PRIVSEP(hostbased_key_allowed(authctxt->pw, cuser, chost, key)) && | 125 | if (PRIVSEP(hostbased_key_allowed(authctxt->pw, cuser, chost, key)) && |
@@ -128,11 +132,11 @@ done: | |||
128 | debug2("userauth_hostbased: authenticated %d", authenticated); | 132 | debug2("userauth_hostbased: authenticated %d", authenticated); |
129 | if (key != NULL) | 133 | if (key != NULL) |
130 | key_free(key); | 134 | key_free(key); |
131 | xfree(pkalg); | 135 | free(pkalg); |
132 | xfree(pkblob); | 136 | free(pkblob); |
133 | xfree(cuser); | 137 | free(cuser); |
134 | xfree(chost); | 138 | free(chost); |
135 | xfree(sig); | 139 | free(sig); |
136 | return authenticated; | 140 | return authenticated; |
137 | } | 141 | } |
138 | 142 | ||
@@ -207,7 +211,7 @@ hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost, | |||
207 | verbose("Accepted %s public key %s from %s@%s", | 211 | verbose("Accepted %s public key %s from %s@%s", |
208 | key_type(key), fp, cuser, lookup); | 212 | key_type(key), fp, cuser, lookup); |
209 | } | 213 | } |
210 | xfree(fp); | 214 | free(fp); |
211 | } | 215 | } |
212 | 216 | ||
213 | return (host_status == HOST_OK); | 217 | return (host_status == HOST_OK); |
diff --git a/auth2-jpake.c b/auth2-jpake.c index ed0eba47b..78a6b8817 100644 --- a/auth2-jpake.c +++ b/auth2-jpake.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth2-jpake.c,v 1.5 2012/12/02 20:34:09 djm Exp $ */ | 1 | /* $OpenBSD: auth2-jpake.c,v 1.6 2013/05/17 00:13:13 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2008 Damien Miller. All rights reserved. | 3 | * Copyright (c) 2008 Damien Miller. All rights reserved. |
4 | * | 4 | * |
@@ -179,7 +179,7 @@ derive_rawsalt(const char *username, u_char *rawsalt, u_int len) | |||
179 | __func__, len, digest_len); | 179 | __func__, len, digest_len); |
180 | memcpy(rawsalt, digest, len); | 180 | memcpy(rawsalt, digest, len); |
181 | bzero(digest, digest_len); | 181 | bzero(digest, digest_len); |
182 | xfree(digest); | 182 | free(digest); |
183 | } | 183 | } |
184 | 184 | ||
185 | /* ASCII an integer [0, 64) for inclusion in a password/salt */ | 185 | /* ASCII an integer [0, 64) for inclusion in a password/salt */ |
@@ -258,7 +258,7 @@ fake_salt_and_scheme(Authctxt *authctxt, char **salt, char **scheme) | |||
258 | makesalt(22, authctxt->user)); | 258 | makesalt(22, authctxt->user)); |
259 | *scheme = xstrdup("bcrypt"); | 259 | *scheme = xstrdup("bcrypt"); |
260 | } | 260 | } |
261 | xfree(style); | 261 | free(style); |
262 | debug3("%s: fake %s salt for user %s: %s", | 262 | debug3("%s: fake %s salt for user %s: %s", |
263 | __func__, *scheme, authctxt->user, *salt); | 263 | __func__, *scheme, authctxt->user, *salt); |
264 | } | 264 | } |
@@ -361,7 +361,7 @@ auth2_jpake_get_pwdata(Authctxt *authctxt, BIGNUM **s, | |||
361 | JPAKE_DEBUG_BN((*s, "%s: s = ", __func__)); | 361 | JPAKE_DEBUG_BN((*s, "%s: s = ", __func__)); |
362 | #endif | 362 | #endif |
363 | bzero(secret, secret_len); | 363 | bzero(secret, secret_len); |
364 | xfree(secret); | 364 | free(secret); |
365 | } | 365 | } |
366 | 366 | ||
367 | /* | 367 | /* |
@@ -403,12 +403,12 @@ auth2_jpake_start(Authctxt *authctxt) | |||
403 | 403 | ||
404 | bzero(hash_scheme, strlen(hash_scheme)); | 404 | bzero(hash_scheme, strlen(hash_scheme)); |
405 | bzero(salt, strlen(salt)); | 405 | bzero(salt, strlen(salt)); |
406 | xfree(hash_scheme); | 406 | free(hash_scheme); |
407 | xfree(salt); | 407 | free(salt); |
408 | bzero(x3_proof, x3_proof_len); | 408 | bzero(x3_proof, x3_proof_len); |
409 | bzero(x4_proof, x4_proof_len); | 409 | bzero(x4_proof, x4_proof_len); |
410 | xfree(x3_proof); | 410 | free(x3_proof); |
411 | xfree(x4_proof); | 411 | free(x4_proof); |
412 | 412 | ||
413 | /* Expect step 1 packet from peer */ | 413 | /* Expect step 1 packet from peer */ |
414 | dispatch_set(SSH2_MSG_USERAUTH_JPAKE_CLIENT_STEP1, | 414 | dispatch_set(SSH2_MSG_USERAUTH_JPAKE_CLIENT_STEP1, |
@@ -455,8 +455,8 @@ input_userauth_jpake_client_step1(int type, u_int32_t seq, void *ctxt) | |||
455 | 455 | ||
456 | bzero(x1_proof, x1_proof_len); | 456 | bzero(x1_proof, x1_proof_len); |
457 | bzero(x2_proof, x2_proof_len); | 457 | bzero(x2_proof, x2_proof_len); |
458 | xfree(x1_proof); | 458 | free(x1_proof); |
459 | xfree(x2_proof); | 459 | free(x2_proof); |
460 | 460 | ||
461 | if (!use_privsep) | 461 | if (!use_privsep) |
462 | JPAKE_DEBUG_CTX((pctx, "step 2 sending in %s", __func__)); | 462 | JPAKE_DEBUG_CTX((pctx, "step 2 sending in %s", __func__)); |
@@ -469,7 +469,7 @@ input_userauth_jpake_client_step1(int type, u_int32_t seq, void *ctxt) | |||
469 | packet_write_wait(); | 469 | packet_write_wait(); |
470 | 470 | ||
471 | bzero(x4_s_proof, x4_s_proof_len); | 471 | bzero(x4_s_proof, x4_s_proof_len); |
472 | xfree(x4_s_proof); | 472 | free(x4_s_proof); |
473 | 473 | ||
474 | /* Expect step 2 packet from peer */ | 474 | /* Expect step 2 packet from peer */ |
475 | dispatch_set(SSH2_MSG_USERAUTH_JPAKE_CLIENT_STEP2, | 475 | dispatch_set(SSH2_MSG_USERAUTH_JPAKE_CLIENT_STEP2, |
@@ -510,7 +510,7 @@ input_userauth_jpake_client_step2(int type, u_int32_t seq, void *ctxt) | |||
510 | &pctx->h_k_sid_sessid, &pctx->h_k_sid_sessid_len)); | 510 | &pctx->h_k_sid_sessid, &pctx->h_k_sid_sessid_len)); |
511 | 511 | ||
512 | bzero(x2_s_proof, x2_s_proof_len); | 512 | bzero(x2_s_proof, x2_s_proof_len); |
513 | xfree(x2_s_proof); | 513 | free(x2_s_proof); |
514 | 514 | ||
515 | if (!use_privsep) | 515 | if (!use_privsep) |
516 | JPAKE_DEBUG_CTX((pctx, "confirm sending in %s", __func__)); | 516 | JPAKE_DEBUG_CTX((pctx, "confirm sending in %s", __func__)); |
diff --git a/auth2-kbdint.c b/auth2-kbdint.c index fae67da6e..c39bdc62d 100644 --- a/auth2-kbdint.c +++ b/auth2-kbdint.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth2-kbdint.c,v 1.5 2006/08/03 03:34:41 deraadt Exp $ */ | 1 | /* $OpenBSD: auth2-kbdint.c,v 1.6 2013/05/17 00:13:13 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -56,8 +56,8 @@ userauth_kbdint(Authctxt *authctxt) | |||
56 | if (options.challenge_response_authentication) | 56 | if (options.challenge_response_authentication) |
57 | authenticated = auth2_challenge(authctxt, devs); | 57 | authenticated = auth2_challenge(authctxt, devs); |
58 | 58 | ||
59 | xfree(devs); | 59 | free(devs); |
60 | xfree(lang); | 60 | free(lang); |
61 | return authenticated; | 61 | return authenticated; |
62 | } | 62 | } |
63 | 63 | ||
diff --git a/auth2-passwd.c b/auth2-passwd.c index 5f1f3635f..21bc5047d 100644 --- a/auth2-passwd.c +++ b/auth2-passwd.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth2-passwd.c,v 1.9 2006/08/03 03:34:41 deraadt Exp $ */ | 1 | /* $OpenBSD: auth2-passwd.c,v 1.10 2013/05/17 00:13:13 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -60,7 +60,7 @@ userauth_passwd(Authctxt *authctxt) | |||
60 | /* discard new password from packet */ | 60 | /* discard new password from packet */ |
61 | newpass = packet_get_string(&newlen); | 61 | newpass = packet_get_string(&newlen); |
62 | memset(newpass, 0, newlen); | 62 | memset(newpass, 0, newlen); |
63 | xfree(newpass); | 63 | free(newpass); |
64 | } | 64 | } |
65 | packet_check_eom(); | 65 | packet_check_eom(); |
66 | 66 | ||
@@ -69,7 +69,7 @@ userauth_passwd(Authctxt *authctxt) | |||
69 | else if (PRIVSEP(auth_password(authctxt, password)) == 1) | 69 | else if (PRIVSEP(auth_password(authctxt, password)) == 1) |
70 | authenticated = 1; | 70 | authenticated = 1; |
71 | memset(password, 0, len); | 71 | memset(password, 0, len); |
72 | xfree(password); | 72 | free(password); |
73 | return authenticated; | 73 | return authenticated; |
74 | } | 74 | } |
75 | 75 | ||
diff --git a/auth2-pubkey.c b/auth2-pubkey.c index 3ff6faa8b..2b3ecb104 100644 --- a/auth2-pubkey.c +++ b/auth2-pubkey.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth2-pubkey.c,v 1.34 2013/02/14 21:35:59 djm Exp $ */ | 1 | /* $OpenBSD: auth2-pubkey.c,v 1.38 2013/06/21 00:34:49 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -75,7 +75,7 @@ userauth_pubkey(Authctxt *authctxt) | |||
75 | { | 75 | { |
76 | Buffer b; | 76 | Buffer b; |
77 | Key *key = NULL; | 77 | Key *key = NULL; |
78 | char *pkalg; | 78 | char *pkalg, *userstyle; |
79 | u_char *pkblob, *sig; | 79 | u_char *pkblob, *sig; |
80 | u_int alen, blen, slen; | 80 | u_int alen, blen, slen; |
81 | int have_sig, pktype; | 81 | int have_sig, pktype; |
@@ -127,7 +127,11 @@ userauth_pubkey(Authctxt *authctxt) | |||
127 | } | 127 | } |
128 | /* reconstruct packet */ | 128 | /* reconstruct packet */ |
129 | buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST); | 129 | buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST); |
130 | buffer_put_cstring(&b, authctxt->user); | 130 | xasprintf(&userstyle, "%s%s%s", authctxt->user, |
131 | authctxt->style ? ":" : "", | ||
132 | authctxt->style ? authctxt->style : ""); | ||
133 | buffer_put_cstring(&b, userstyle); | ||
134 | free(userstyle); | ||
131 | buffer_put_cstring(&b, | 135 | buffer_put_cstring(&b, |
132 | datafellows & SSH_BUG_PKSERVICE ? | 136 | datafellows & SSH_BUG_PKSERVICE ? |
133 | "ssh-userauth" : | 137 | "ssh-userauth" : |
@@ -143,6 +147,8 @@ userauth_pubkey(Authctxt *authctxt) | |||
143 | #ifdef DEBUG_PK | 147 | #ifdef DEBUG_PK |
144 | buffer_dump(&b); | 148 | buffer_dump(&b); |
145 | #endif | 149 | #endif |
150 | pubkey_auth_info(authctxt, key, NULL); | ||
151 | |||
146 | /* test for correct signature */ | 152 | /* test for correct signature */ |
147 | authenticated = 0; | 153 | authenticated = 0; |
148 | if (PRIVSEP(user_key_allowed(authctxt->pw, key)) && | 154 | if (PRIVSEP(user_key_allowed(authctxt->pw, key)) && |
@@ -150,7 +156,7 @@ userauth_pubkey(Authctxt *authctxt) | |||
150 | buffer_len(&b))) == 1) | 156 | buffer_len(&b))) == 1) |
151 | authenticated = 1; | 157 | authenticated = 1; |
152 | buffer_free(&b); | 158 | buffer_free(&b); |
153 | xfree(sig); | 159 | free(sig); |
154 | } else { | 160 | } else { |
155 | debug("test whether pkalg/pkblob are acceptable"); | 161 | debug("test whether pkalg/pkblob are acceptable"); |
156 | packet_check_eom(); | 162 | packet_check_eom(); |
@@ -178,11 +184,45 @@ done: | |||
178 | debug2("userauth_pubkey: authenticated %d pkalg %s", authenticated, pkalg); | 184 | debug2("userauth_pubkey: authenticated %d pkalg %s", authenticated, pkalg); |
179 | if (key != NULL) | 185 | if (key != NULL) |
180 | key_free(key); | 186 | key_free(key); |
181 | xfree(pkalg); | 187 | free(pkalg); |
182 | xfree(pkblob); | 188 | free(pkblob); |
183 | return authenticated; | 189 | return authenticated; |
184 | } | 190 | } |
185 | 191 | ||
192 | void | ||
193 | pubkey_auth_info(Authctxt *authctxt, const Key *key, const char *fmt, ...) | ||
194 | { | ||
195 | char *fp, *extra; | ||
196 | va_list ap; | ||
197 | int i; | ||
198 | |||
199 | extra = NULL; | ||
200 | if (fmt != NULL) { | ||
201 | va_start(ap, fmt); | ||
202 | i = vasprintf(&extra, fmt, ap); | ||
203 | va_end(ap); | ||
204 | if (i < 0 || extra == NULL) | ||
205 | fatal("%s: vasprintf failed", __func__); | ||
206 | } | ||
207 | |||
208 | if (key_is_cert(key)) { | ||
209 | fp = key_fingerprint(key->cert->signature_key, | ||
210 | SSH_FP_MD5, SSH_FP_HEX); | ||
211 | auth_info(authctxt, "%s ID %s (serial %llu) CA %s %s%s%s", | ||
212 | key_type(key), key->cert->key_id, | ||
213 | (unsigned long long)key->cert->serial, | ||
214 | key_type(key->cert->signature_key), fp, | ||
215 | extra == NULL ? "" : ", ", extra == NULL ? "" : extra); | ||
216 | free(fp); | ||
217 | } else { | ||
218 | fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); | ||
219 | auth_info(authctxt, "%s %s%s%s", key_type(key), fp, | ||
220 | extra == NULL ? "" : ", ", extra == NULL ? "" : extra); | ||
221 | free(fp); | ||
222 | } | ||
223 | free(extra); | ||
224 | } | ||
225 | |||
186 | static int | 226 | static int |
187 | match_principals_option(const char *principal_list, struct KeyCert *cert) | 227 | match_principals_option(const char *principal_list, struct KeyCert *cert) |
188 | { | 228 | { |
@@ -196,7 +236,7 @@ match_principals_option(const char *principal_list, struct KeyCert *cert) | |||
196 | principal_list, NULL)) != NULL) { | 236 | principal_list, NULL)) != NULL) { |
197 | debug3("matched principal from key options \"%.100s\"", | 237 | debug3("matched principal from key options \"%.100s\"", |
198 | result); | 238 | result); |
199 | xfree(result); | 239 | free(result); |
200 | return 1; | 240 | return 1; |
201 | } | 241 | } |
202 | } | 242 | } |
@@ -276,11 +316,13 @@ check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw) | |||
276 | char *fp; | 316 | char *fp; |
277 | 317 | ||
278 | found_key = 0; | 318 | found_key = 0; |
279 | found = key_new(key_is_cert(key) ? KEY_UNSPEC : key->type); | ||
280 | 319 | ||
320 | found = NULL; | ||
281 | while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) { | 321 | while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) { |
282 | char *cp, *key_options = NULL; | 322 | char *cp, *key_options = NULL; |
283 | 323 | if (found != NULL) | |
324 | key_free(found); | ||
325 | found = key_new(key_is_cert(key) ? KEY_UNSPEC : key->type); | ||
284 | auth_clear_options(); | 326 | auth_clear_options(); |
285 | 327 | ||
286 | /* Skip leading whitespace, empty and comment lines. */ | 328 | /* Skip leading whitespace, empty and comment lines. */ |
@@ -332,7 +374,7 @@ check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw) | |||
332 | reason = "Certificate does not contain an " | 374 | reason = "Certificate does not contain an " |
333 | "authorized principal"; | 375 | "authorized principal"; |
334 | fail_reason: | 376 | fail_reason: |
335 | xfree(fp); | 377 | free(fp); |
336 | error("%s", reason); | 378 | error("%s", reason); |
337 | auth_debug_add("%s", reason); | 379 | auth_debug_add("%s", reason); |
338 | continue; | 380 | continue; |
@@ -342,13 +384,13 @@ check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw) | |||
342 | &reason) != 0) | 384 | &reason) != 0) |
343 | goto fail_reason; | 385 | goto fail_reason; |
344 | if (auth_cert_options(key, pw) != 0) { | 386 | if (auth_cert_options(key, pw) != 0) { |
345 | xfree(fp); | 387 | free(fp); |
346 | continue; | 388 | continue; |
347 | } | 389 | } |
348 | verbose("Accepted certificate ID \"%s\" " | 390 | verbose("Accepted certificate ID \"%s\" " |
349 | "signed by %s CA %s via %s", key->cert->key_id, | 391 | "signed by %s CA %s via %s", key->cert->key_id, |
350 | key_type(found), fp, file); | 392 | key_type(found), fp, file); |
351 | xfree(fp); | 393 | free(fp); |
352 | found_key = 1; | 394 | found_key = 1; |
353 | break; | 395 | break; |
354 | } else if (key_equal(found, key)) { | 396 | } else if (key_equal(found, key)) { |
@@ -358,16 +400,15 @@ check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw) | |||
358 | if (key_is_cert_authority) | 400 | if (key_is_cert_authority) |
359 | continue; | 401 | continue; |
360 | found_key = 1; | 402 | found_key = 1; |
361 | debug("matching key found: file %s, line %lu", | ||
362 | file, linenum); | ||
363 | fp = key_fingerprint(found, SSH_FP_MD5, SSH_FP_HEX); | 403 | fp = key_fingerprint(found, SSH_FP_MD5, SSH_FP_HEX); |
364 | verbose("Found matching %s key: %s", | 404 | debug("matching key found: file %s, line %lu %s %s", |
365 | key_type(found), fp); | 405 | file, linenum, key_type(found), fp); |
366 | xfree(fp); | 406 | free(fp); |
367 | break; | 407 | break; |
368 | } | 408 | } |
369 | } | 409 | } |
370 | key_free(found); | 410 | if (found != NULL) |
411 | key_free(found); | ||
371 | if (!found_key) | 412 | if (!found_key) |
372 | debug2("key not found"); | 413 | debug2("key not found"); |
373 | return found_key; | 414 | return found_key; |
@@ -421,10 +462,8 @@ user_cert_trusted_ca(struct passwd *pw, Key *key) | |||
421 | ret = 1; | 462 | ret = 1; |
422 | 463 | ||
423 | out: | 464 | out: |
424 | if (principals_file != NULL) | 465 | free(principals_file); |
425 | xfree(principals_file); | 466 | free(ca_fp); |
426 | if (ca_fp != NULL) | ||
427 | xfree(ca_fp); | ||
428 | return ret; | 467 | return ret; |
429 | } | 468 | } |
430 | 469 | ||
@@ -629,7 +668,7 @@ user_key_allowed(struct passwd *pw, Key *key) | |||
629 | options.authorized_keys_files[i], pw); | 668 | options.authorized_keys_files[i], pw); |
630 | 669 | ||
631 | success = user_key_allowed2(pw, key, file); | 670 | success = user_key_allowed2(pw, key, file); |
632 | xfree(file); | 671 | free(file); |
633 | } | 672 | } |
634 | 673 | ||
635 | return success; | 674 | return success; |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth2.c,v 1.126 2012/12/02 20:34:09 djm Exp $ */ | 1 | /* $OpenBSD: auth2.c,v 1.129 2013/05/19 02:42:42 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -100,8 +100,12 @@ static void input_userauth_request(int, u_int32_t, void *); | |||
100 | /* helper */ | 100 | /* helper */ |
101 | static Authmethod *authmethod_lookup(Authctxt *, const char *); | 101 | static Authmethod *authmethod_lookup(Authctxt *, const char *); |
102 | static char *authmethods_get(Authctxt *authctxt); | 102 | static char *authmethods_get(Authctxt *authctxt); |
103 | static int method_allowed(Authctxt *, const char *); | 103 | |
104 | static int list_starts_with(const char *, const char *); | 104 | #define MATCH_NONE 0 /* method or submethod mismatch */ |
105 | #define MATCH_METHOD 1 /* method matches (no submethod specified) */ | ||
106 | #define MATCH_BOTH 2 /* method and submethod match */ | ||
107 | #define MATCH_PARTIAL 3 /* method matches, submethod can't be checked */ | ||
108 | static int list_starts_with(const char *, const char *, const char *); | ||
105 | 109 | ||
106 | char * | 110 | char * |
107 | auth2_read_banner(void) | 111 | auth2_read_banner(void) |
@@ -128,7 +132,7 @@ auth2_read_banner(void) | |||
128 | close(fd); | 132 | close(fd); |
129 | 133 | ||
130 | if (n != len) { | 134 | if (n != len) { |
131 | xfree(banner); | 135 | free(banner); |
132 | return (NULL); | 136 | return (NULL); |
133 | } | 137 | } |
134 | banner[n] = '\0'; | 138 | banner[n] = '\0'; |
@@ -164,8 +168,7 @@ userauth_banner(void) | |||
164 | userauth_send_banner(banner); | 168 | userauth_send_banner(banner); |
165 | 169 | ||
166 | done: | 170 | done: |
167 | if (banner) | 171 | free(banner); |
168 | xfree(banner); | ||
169 | } | 172 | } |
170 | 173 | ||
171 | /* | 174 | /* |
@@ -210,7 +213,7 @@ input_service_request(int type, u_int32_t seq, void *ctxt) | |||
210 | debug("bad service request %s", service); | 213 | debug("bad service request %s", service); |
211 | packet_disconnect("bad service request %s", service); | 214 | packet_disconnect("bad service request %s", service); |
212 | } | 215 | } |
213 | xfree(service); | 216 | free(service); |
214 | } | 217 | } |
215 | 218 | ||
216 | /*ARGSUSED*/ | 219 | /*ARGSUSED*/ |
@@ -290,9 +293,9 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt) | |||
290 | } | 293 | } |
291 | userauth_finish(authctxt, authenticated, method, NULL); | 294 | userauth_finish(authctxt, authenticated, method, NULL); |
292 | 295 | ||
293 | xfree(service); | 296 | free(service); |
294 | xfree(user); | 297 | free(user); |
295 | xfree(method); | 298 | free(method); |
296 | } | 299 | } |
297 | 300 | ||
298 | void | 301 | void |
@@ -318,14 +321,14 @@ userauth_finish(Authctxt *authctxt, int authenticated, const char *method, | |||
318 | } | 321 | } |
319 | 322 | ||
320 | if (authenticated && options.num_auth_methods != 0) { | 323 | if (authenticated && options.num_auth_methods != 0) { |
321 | if (!auth2_update_methods_lists(authctxt, method)) { | 324 | if (!auth2_update_methods_lists(authctxt, method, submethod)) { |
322 | authenticated = 0; | 325 | authenticated = 0; |
323 | partial = 1; | 326 | partial = 1; |
324 | } | 327 | } |
325 | } | 328 | } |
326 | 329 | ||
327 | /* Log before sending the reply */ | 330 | /* Log before sending the reply */ |
328 | auth_log(authctxt, authenticated, partial, method, submethod, " ssh2"); | 331 | auth_log(authctxt, authenticated, partial, method, submethod); |
329 | 332 | ||
330 | if (authctxt->postponed) | 333 | if (authctxt->postponed) |
331 | return; | 334 | return; |
@@ -380,7 +383,7 @@ userauth_finish(Authctxt *authctxt, int authenticated, const char *method, | |||
380 | packet_put_char(partial); | 383 | packet_put_char(partial); |
381 | packet_send(); | 384 | packet_send(); |
382 | packet_write_wait(); | 385 | packet_write_wait(); |
383 | xfree(methods); | 386 | free(methods); |
384 | } | 387 | } |
385 | } | 388 | } |
386 | 389 | ||
@@ -389,8 +392,9 @@ userauth_finish(Authctxt *authctxt, int authenticated, const char *method, | |||
389 | * methods list. Returns 1 if allowed, or no methods lists configured. | 392 | * methods list. Returns 1 if allowed, or no methods lists configured. |
390 | * 0 otherwise. | 393 | * 0 otherwise. |
391 | */ | 394 | */ |
392 | static int | 395 | int |
393 | method_allowed(Authctxt *authctxt, const char *method) | 396 | auth2_method_allowed(Authctxt *authctxt, const char *method, |
397 | const char *submethod) | ||
394 | { | 398 | { |
395 | u_int i; | 399 | u_int i; |
396 | 400 | ||
@@ -401,7 +405,8 @@ method_allowed(Authctxt *authctxt, const char *method) | |||
401 | if (options.num_auth_methods == 0) | 405 | if (options.num_auth_methods == 0) |
402 | return 1; | 406 | return 1; |
403 | for (i = 0; i < authctxt->num_auth_methods; i++) { | 407 | for (i = 0; i < authctxt->num_auth_methods; i++) { |
404 | if (list_starts_with(authctxt->auth_methods[i], method)) | 408 | if (list_starts_with(authctxt->auth_methods[i], method, |
409 | submethod) != MATCH_NONE) | ||
405 | return 1; | 410 | return 1; |
406 | } | 411 | } |
407 | return 0; | 412 | return 0; |
@@ -421,7 +426,8 @@ authmethods_get(Authctxt *authctxt) | |||
421 | if (authmethods[i]->enabled == NULL || | 426 | if (authmethods[i]->enabled == NULL || |
422 | *(authmethods[i]->enabled) == 0) | 427 | *(authmethods[i]->enabled) == 0) |
423 | continue; | 428 | continue; |
424 | if (!method_allowed(authctxt, authmethods[i]->name)) | 429 | if (!auth2_method_allowed(authctxt, authmethods[i]->name, |
430 | NULL)) | ||
425 | continue; | 431 | continue; |
426 | if (buffer_len(&b) > 0) | 432 | if (buffer_len(&b) > 0) |
427 | buffer_append(&b, ",", 1); | 433 | buffer_append(&b, ",", 1); |
@@ -444,7 +450,8 @@ authmethod_lookup(Authctxt *authctxt, const char *name) | |||
444 | if (authmethods[i]->enabled != NULL && | 450 | if (authmethods[i]->enabled != NULL && |
445 | *(authmethods[i]->enabled) != 0 && | 451 | *(authmethods[i]->enabled) != 0 && |
446 | strcmp(name, authmethods[i]->name) == 0 && | 452 | strcmp(name, authmethods[i]->name) == 0 && |
447 | method_allowed(authctxt, authmethods[i]->name)) | 453 | auth2_method_allowed(authctxt, |
454 | authmethods[i]->name, NULL)) | ||
448 | return authmethods[i]; | 455 | return authmethods[i]; |
449 | debug2("Unrecognized authentication method name: %s", | 456 | debug2("Unrecognized authentication method name: %s", |
450 | name ? name : "NULL"); | 457 | name ? name : "NULL"); |
@@ -459,7 +466,7 @@ authmethod_lookup(Authctxt *authctxt, const char *name) | |||
459 | int | 466 | int |
460 | auth2_methods_valid(const char *_methods, int need_enable) | 467 | auth2_methods_valid(const char *_methods, int need_enable) |
461 | { | 468 | { |
462 | char *methods, *omethods, *method; | 469 | char *methods, *omethods, *method, *p; |
463 | u_int i, found; | 470 | u_int i, found; |
464 | int ret = -1; | 471 | int ret = -1; |
465 | 472 | ||
@@ -470,6 +477,8 @@ auth2_methods_valid(const char *_methods, int need_enable) | |||
470 | omethods = methods = xstrdup(_methods); | 477 | omethods = methods = xstrdup(_methods); |
471 | while ((method = strsep(&methods, ",")) != NULL) { | 478 | while ((method = strsep(&methods, ",")) != NULL) { |
472 | for (found = i = 0; !found && authmethods[i] != NULL; i++) { | 479 | for (found = i = 0; !found && authmethods[i] != NULL; i++) { |
480 | if ((p = strchr(method, ':')) != NULL) | ||
481 | *p = '\0'; | ||
473 | if (strcmp(method, authmethods[i]->name) != 0) | 482 | if (strcmp(method, authmethods[i]->name) != 0) |
474 | continue; | 483 | continue; |
475 | if (need_enable) { | 484 | if (need_enable) { |
@@ -535,15 +544,30 @@ auth2_setup_methods_lists(Authctxt *authctxt) | |||
535 | } | 544 | } |
536 | 545 | ||
537 | static int | 546 | static int |
538 | list_starts_with(const char *methods, const char *method) | 547 | list_starts_with(const char *methods, const char *method, |
548 | const char *submethod) | ||
539 | { | 549 | { |
540 | size_t l = strlen(method); | 550 | size_t l = strlen(method); |
551 | int match; | ||
552 | const char *p; | ||
541 | 553 | ||
542 | if (strncmp(methods, method, l) != 0) | 554 | if (strncmp(methods, method, l) != 0) |
543 | return 0; | 555 | return MATCH_NONE; |
544 | if (methods[l] != ',' && methods[l] != '\0') | 556 | p = methods + l; |
545 | return 0; | 557 | match = MATCH_METHOD; |
546 | return 1; | 558 | if (*p == ':') { |
559 | if (!submethod) | ||
560 | return MATCH_PARTIAL; | ||
561 | l = strlen(submethod); | ||
562 | p += 1; | ||
563 | if (strncmp(submethod, p, l)) | ||
564 | return MATCH_NONE; | ||
565 | p += l; | ||
566 | match = MATCH_BOTH; | ||
567 | } | ||
568 | if (*p != ',' && *p != '\0') | ||
569 | return MATCH_NONE; | ||
570 | return match; | ||
547 | } | 571 | } |
548 | 572 | ||
549 | /* | 573 | /* |
@@ -552,14 +576,21 @@ list_starts_with(const char *methods, const char *method) | |||
552 | * if it did. | 576 | * if it did. |
553 | */ | 577 | */ |
554 | static int | 578 | static int |
555 | remove_method(char **methods, const char *method) | 579 | remove_method(char **methods, const char *method, const char *submethod) |
556 | { | 580 | { |
557 | char *omethods = *methods; | 581 | char *omethods = *methods, *p; |
558 | size_t l = strlen(method); | 582 | size_t l = strlen(method); |
583 | int match; | ||
559 | 584 | ||
560 | if (!list_starts_with(omethods, method)) | 585 | match = list_starts_with(omethods, method, submethod); |
586 | if (match != MATCH_METHOD && match != MATCH_BOTH) | ||
561 | return 0; | 587 | return 0; |
562 | *methods = xstrdup(omethods + l + (omethods[l] == ',' ? 1 : 0)); | 588 | p = omethods + l; |
589 | if (submethod && match == MATCH_BOTH) | ||
590 | p += 1 + strlen(submethod); /* include colon */ | ||
591 | if (*p == ',') | ||
592 | p++; | ||
593 | *methods = xstrdup(p); | ||
563 | free(omethods); | 594 | free(omethods); |
564 | return 1; | 595 | return 1; |
565 | } | 596 | } |
@@ -571,13 +602,15 @@ remove_method(char **methods, const char *method) | |||
571 | * Returns 1 if the method completed any authentication list or 0 otherwise. | 602 | * Returns 1 if the method completed any authentication list or 0 otherwise. |
572 | */ | 603 | */ |
573 | int | 604 | int |
574 | auth2_update_methods_lists(Authctxt *authctxt, const char *method) | 605 | auth2_update_methods_lists(Authctxt *authctxt, const char *method, |
606 | const char *submethod) | ||
575 | { | 607 | { |
576 | u_int i, found = 0; | 608 | u_int i, found = 0; |
577 | 609 | ||
578 | debug3("%s: updating methods list after \"%s\"", __func__, method); | 610 | debug3("%s: updating methods list after \"%s\"", __func__, method); |
579 | for (i = 0; i < authctxt->num_auth_methods; i++) { | 611 | for (i = 0; i < authctxt->num_auth_methods; i++) { |
580 | if (!remove_method(&(authctxt->auth_methods[i]), method)) | 612 | if (!remove_method(&(authctxt->auth_methods[i]), method, |
613 | submethod)) | ||
581 | continue; | 614 | continue; |
582 | found = 1; | 615 | found = 1; |
583 | if (*authctxt->auth_methods[i] == '\0') { | 616 | if (*authctxt->auth_methods[i] == '\0') { |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: authfd.c,v 1.86 2011/07/06 18:09:21 tedu Exp $ */ | 1 | /* $OpenBSD: authfd.c,v 1.87 2013/05/17 00:13:13 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -224,7 +224,7 @@ ssh_close_authentication_connection(AuthenticationConnection *auth) | |||
224 | { | 224 | { |
225 | buffer_free(&auth->identities); | 225 | buffer_free(&auth->identities); |
226 | close(auth->fd); | 226 | close(auth->fd); |
227 | xfree(auth); | 227 | free(auth); |
228 | } | 228 | } |
229 | 229 | ||
230 | /* Lock/unlock agent */ | 230 | /* Lock/unlock agent */ |
@@ -343,7 +343,7 @@ ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int versio | |||
343 | blob = buffer_get_string(&auth->identities, &blen); | 343 | blob = buffer_get_string(&auth->identities, &blen); |
344 | *comment = buffer_get_string(&auth->identities, NULL); | 344 | *comment = buffer_get_string(&auth->identities, NULL); |
345 | key = key_from_blob(blob, blen); | 345 | key = key_from_blob(blob, blen); |
346 | xfree(blob); | 346 | free(blob); |
347 | break; | 347 | break; |
348 | default: | 348 | default: |
349 | return NULL; | 349 | return NULL; |
@@ -436,7 +436,7 @@ ssh_agent_sign(AuthenticationConnection *auth, | |||
436 | buffer_put_string(&msg, blob, blen); | 436 | buffer_put_string(&msg, blob, blen); |
437 | buffer_put_string(&msg, data, datalen); | 437 | buffer_put_string(&msg, data, datalen); |
438 | buffer_put_int(&msg, flags); | 438 | buffer_put_int(&msg, flags); |
439 | xfree(blob); | 439 | free(blob); |
440 | 440 | ||
441 | if (ssh_request_reply(auth, &msg, &msg) == 0) { | 441 | if (ssh_request_reply(auth, &msg, &msg) == 0) { |
442 | buffer_free(&msg); | 442 | buffer_free(&msg); |
@@ -612,7 +612,7 @@ ssh_remove_identity(AuthenticationConnection *auth, Key *key) | |||
612 | key_to_blob(key, &blob, &blen); | 612 | key_to_blob(key, &blob, &blen); |
613 | buffer_put_char(&msg, SSH2_AGENTC_REMOVE_IDENTITY); | 613 | buffer_put_char(&msg, SSH2_AGENTC_REMOVE_IDENTITY); |
614 | buffer_put_string(&msg, blob, blen); | 614 | buffer_put_string(&msg, blob, blen); |
615 | xfree(blob); | 615 | free(blob); |
616 | } else { | 616 | } else { |
617 | buffer_free(&msg); | 617 | buffer_free(&msg); |
618 | return 0; | 618 | return 0; |
diff --git a/authfile.c b/authfile.c index 3544d170b..63ae16bbd 100644 --- a/authfile.c +++ b/authfile.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: authfile.c,v 1.95 2013/01/08 18:49:04 markus Exp $ */ | 1 | /* $OpenBSD: authfile.c,v 1.97 2013/05/17 00:13:13 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -89,7 +89,7 @@ key_private_rsa1_to_blob(Key *key, Buffer *blob, const char *passphrase, | |||
89 | u_char buf[100], *cp; | 89 | u_char buf[100], *cp; |
90 | int i, cipher_num; | 90 | int i, cipher_num; |
91 | CipherContext ciphercontext; | 91 | CipherContext ciphercontext; |
92 | Cipher *cipher; | 92 | const Cipher *cipher; |
93 | u_int32_t rnd; | 93 | u_int32_t rnd; |
94 | 94 | ||
95 | /* | 95 | /* |
@@ -421,7 +421,7 @@ key_parse_private_rsa1(Buffer *blob, const char *passphrase, char **commentp) | |||
421 | Buffer decrypted; | 421 | Buffer decrypted; |
422 | u_char *cp; | 422 | u_char *cp; |
423 | CipherContext ciphercontext; | 423 | CipherContext ciphercontext; |
424 | Cipher *cipher; | 424 | const Cipher *cipher; |
425 | Key *prv = NULL; | 425 | Key *prv = NULL; |
426 | Buffer copy; | 426 | Buffer copy; |
427 | 427 | ||
@@ -509,8 +509,8 @@ key_parse_private_rsa1(Buffer *blob, const char *passphrase, char **commentp) | |||
509 | return prv; | 509 | return prv; |
510 | 510 | ||
511 | fail: | 511 | fail: |
512 | if (commentp) | 512 | if (commentp != NULL) |
513 | xfree(*commentp); | 513 | free(*commentp); |
514 | key_free(prv); | 514 | key_free(prv); |
515 | return NULL; | 515 | return NULL; |
516 | } | 516 | } |
@@ -832,10 +832,10 @@ key_load_cert(const char *filename) | |||
832 | pub = key_new(KEY_UNSPEC); | 832 | pub = key_new(KEY_UNSPEC); |
833 | xasprintf(&file, "%s-cert.pub", filename); | 833 | xasprintf(&file, "%s-cert.pub", filename); |
834 | if (key_try_load_public(pub, file, NULL) == 1) { | 834 | if (key_try_load_public(pub, file, NULL) == 1) { |
835 | xfree(file); | 835 | free(file); |
836 | return pub; | 836 | return pub; |
837 | } | 837 | } |
838 | xfree(file); | 838 | free(file); |
839 | key_free(pub); | 839 | key_free(pub); |
840 | return NULL; | 840 | return NULL; |
841 | } | 841 | } |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: bufaux.c,v 1.50 2010/08/31 09:58:37 djm Exp $ */ | 1 | /* $OpenBSD: bufaux.c,v 1.52 2013/07/12 00:19:58 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -181,7 +181,7 @@ buffer_get_string_ret(Buffer *buffer, u_int *length_ptr) | |||
181 | /* Get the string. */ | 181 | /* Get the string. */ |
182 | if (buffer_get_ret(buffer, value, len) == -1) { | 182 | if (buffer_get_ret(buffer, value, len) == -1) { |
183 | error("buffer_get_string_ret: buffer_get failed"); | 183 | error("buffer_get_string_ret: buffer_get failed"); |
184 | xfree(value); | 184 | free(value); |
185 | return (NULL); | 185 | return (NULL); |
186 | } | 186 | } |
187 | /* Append a null character to make processing easier. */ | 187 | /* Append a null character to make processing easier. */ |
@@ -216,7 +216,7 @@ buffer_get_cstring_ret(Buffer *buffer, u_int *length_ptr) | |||
216 | error("buffer_get_cstring_ret: string contains \\0"); | 216 | error("buffer_get_cstring_ret: string contains \\0"); |
217 | else { | 217 | else { |
218 | bzero(ret, length); | 218 | bzero(ret, length); |
219 | xfree(ret); | 219 | free(ret); |
220 | return NULL; | 220 | return NULL; |
221 | } | 221 | } |
222 | } | 222 | } |
@@ -285,7 +285,7 @@ buffer_put_cstring(Buffer *buffer, const char *s) | |||
285 | * Returns a character from the buffer (0 - 255). | 285 | * Returns a character from the buffer (0 - 255). |
286 | */ | 286 | */ |
287 | int | 287 | int |
288 | buffer_get_char_ret(char *ret, Buffer *buffer) | 288 | buffer_get_char_ret(u_char *ret, Buffer *buffer) |
289 | { | 289 | { |
290 | if (buffer_get_ret(buffer, ret, 1) == -1) { | 290 | if (buffer_get_ret(buffer, ret, 1) == -1) { |
291 | error("buffer_get_char_ret: buffer_get_ret failed"); | 291 | error("buffer_get_char_ret: buffer_get_ret failed"); |
@@ -297,11 +297,11 @@ buffer_get_char_ret(char *ret, Buffer *buffer) | |||
297 | int | 297 | int |
298 | buffer_get_char(Buffer *buffer) | 298 | buffer_get_char(Buffer *buffer) |
299 | { | 299 | { |
300 | char ch; | 300 | u_char ch; |
301 | 301 | ||
302 | if (buffer_get_char_ret(&ch, buffer) == -1) | 302 | if (buffer_get_char_ret(&ch, buffer) == -1) |
303 | fatal("buffer_get_char: buffer error"); | 303 | fatal("buffer_get_char: buffer error"); |
304 | return (u_char) ch; | 304 | return ch; |
305 | } | 305 | } |
306 | 306 | ||
307 | /* | 307 | /* |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: bufbn.c,v 1.6 2007/06/02 09:04:58 djm Exp $*/ | 1 | /* $OpenBSD: bufbn.c,v 1.7 2013/05/17 00:13:13 djm Exp $*/ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -69,7 +69,7 @@ buffer_put_bignum_ret(Buffer *buffer, const BIGNUM *value) | |||
69 | if (oi != bin_size) { | 69 | if (oi != bin_size) { |
70 | error("buffer_put_bignum_ret: BN_bn2bin() failed: oi %d != bin_size %d", | 70 | error("buffer_put_bignum_ret: BN_bn2bin() failed: oi %d != bin_size %d", |
71 | oi, bin_size); | 71 | oi, bin_size); |
72 | xfree(buf); | 72 | free(buf); |
73 | return (-1); | 73 | return (-1); |
74 | } | 74 | } |
75 | 75 | ||
@@ -80,7 +80,7 @@ buffer_put_bignum_ret(Buffer *buffer, const BIGNUM *value) | |||
80 | buffer_append(buffer, buf, oi); | 80 | buffer_append(buffer, buf, oi); |
81 | 81 | ||
82 | memset(buf, 0, bin_size); | 82 | memset(buf, 0, bin_size); |
83 | xfree(buf); | 83 | free(buf); |
84 | 84 | ||
85 | return (0); | 85 | return (0); |
86 | } | 86 | } |
@@ -167,13 +167,13 @@ buffer_put_bignum2_ret(Buffer *buffer, const BIGNUM *value) | |||
167 | if (oi < 0 || (u_int)oi != bytes - 1) { | 167 | if (oi < 0 || (u_int)oi != bytes - 1) { |
168 | error("buffer_put_bignum2_ret: BN_bn2bin() failed: " | 168 | error("buffer_put_bignum2_ret: BN_bn2bin() failed: " |
169 | "oi %d != bin_size %d", oi, bytes); | 169 | "oi %d != bin_size %d", oi, bytes); |
170 | xfree(buf); | 170 | free(buf); |
171 | return (-1); | 171 | return (-1); |
172 | } | 172 | } |
173 | hasnohigh = (buf[1] & 0x80) ? 0 : 1; | 173 | hasnohigh = (buf[1] & 0x80) ? 0 : 1; |
174 | buffer_put_string(buffer, buf+hasnohigh, bytes-hasnohigh); | 174 | buffer_put_string(buffer, buf+hasnohigh, bytes-hasnohigh); |
175 | memset(buf, 0, bytes); | 175 | memset(buf, 0, bytes); |
176 | xfree(buf); | 176 | free(buf); |
177 | return (0); | 177 | return (0); |
178 | } | 178 | } |
179 | 179 | ||
@@ -197,21 +197,21 @@ buffer_get_bignum2_ret(Buffer *buffer, BIGNUM *value) | |||
197 | 197 | ||
198 | if (len > 0 && (bin[0] & 0x80)) { | 198 | if (len > 0 && (bin[0] & 0x80)) { |
199 | error("buffer_get_bignum2_ret: negative numbers not supported"); | 199 | error("buffer_get_bignum2_ret: negative numbers not supported"); |
200 | xfree(bin); | 200 | free(bin); |
201 | return (-1); | 201 | return (-1); |
202 | } | 202 | } |
203 | if (len > 8 * 1024) { | 203 | if (len > 8 * 1024) { |
204 | error("buffer_get_bignum2_ret: cannot handle BN of size %d", | 204 | error("buffer_get_bignum2_ret: cannot handle BN of size %d", |
205 | len); | 205 | len); |
206 | xfree(bin); | 206 | free(bin); |
207 | return (-1); | 207 | return (-1); |
208 | } | 208 | } |
209 | if (BN_bin2bn(bin, len, value) == NULL) { | 209 | if (BN_bin2bn(bin, len, value) == NULL) { |
210 | error("buffer_get_bignum2_ret: BN_bin2bn failed"); | 210 | error("buffer_get_bignum2_ret: BN_bin2bn failed"); |
211 | xfree(bin); | 211 | free(bin); |
212 | return (-1); | 212 | return (-1); |
213 | } | 213 | } |
214 | xfree(bin); | 214 | free(bin); |
215 | return (0); | 215 | return (0); |
216 | } | 216 | } |
217 | 217 | ||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: bufec.c,v 1.1 2010/08/31 11:54:45 djm Exp $ */ | 1 | /* $OpenBSD: bufec.c,v 1.2 2013/05/17 00:13:13 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2010 Damien Miller <djm@mindrot.org> | 3 | * Copyright (c) 2010 Damien Miller <djm@mindrot.org> |
4 | * | 4 | * |
@@ -78,7 +78,7 @@ buffer_put_ecpoint_ret(Buffer *buffer, const EC_GROUP *curve, | |||
78 | out: | 78 | out: |
79 | if (buf != NULL) { | 79 | if (buf != NULL) { |
80 | bzero(buf, len); | 80 | bzero(buf, len); |
81 | xfree(buf); | 81 | free(buf); |
82 | } | 82 | } |
83 | BN_CTX_free(bnctx); | 83 | BN_CTX_free(bnctx); |
84 | return ret; | 84 | return ret; |
@@ -131,7 +131,7 @@ buffer_get_ecpoint_ret(Buffer *buffer, const EC_GROUP *curve, | |||
131 | out: | 131 | out: |
132 | BN_CTX_free(bnctx); | 132 | BN_CTX_free(bnctx); |
133 | bzero(buf, len); | 133 | bzero(buf, len); |
134 | xfree(buf); | 134 | free(buf); |
135 | return ret; | 135 | return ret; |
136 | } | 136 | } |
137 | 137 | ||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: buffer.c,v 1.32 2010/02/09 03:56:28 djm Exp $ */ | 1 | /* $OpenBSD: buffer.c,v 1.33 2013/05/17 00:13:13 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -50,7 +50,7 @@ buffer_free(Buffer *buffer) | |||
50 | if (buffer->alloc > 0) { | 50 | if (buffer->alloc > 0) { |
51 | memset(buffer->buf, 0, buffer->alloc); | 51 | memset(buffer->buf, 0, buffer->alloc); |
52 | buffer->alloc = 0; | 52 | buffer->alloc = 0; |
53 | xfree(buffer->buf); | 53 | free(buffer->buf); |
54 | } | 54 | } |
55 | } | 55 | } |
56 | 56 | ||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: buffer.h,v 1.21 2010/08/31 11:54:45 djm Exp $ */ | 1 | /* $OpenBSD: buffer.h,v 1.22 2013/07/12 00:19:58 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
@@ -84,7 +84,7 @@ int buffer_get_int64_ret(u_int64_t *, Buffer *); | |||
84 | void *buffer_get_string_ret(Buffer *, u_int *); | 84 | void *buffer_get_string_ret(Buffer *, u_int *); |
85 | char *buffer_get_cstring_ret(Buffer *, u_int *); | 85 | char *buffer_get_cstring_ret(Buffer *, u_int *); |
86 | void *buffer_get_string_ptr_ret(Buffer *, u_int *); | 86 | void *buffer_get_string_ptr_ret(Buffer *, u_int *); |
87 | int buffer_get_char_ret(char *, Buffer *); | 87 | int buffer_get_char_ret(u_char *, Buffer *); |
88 | 88 | ||
89 | #ifdef OPENSSL_HAS_ECC | 89 | #ifdef OPENSSL_HAS_ECC |
90 | #include <openssl/ec.h> | 90 | #include <openssl/ec.h> |
diff --git a/canohost.c b/canohost.c index dabd8a31a..69e8e6f6d 100644 --- a/canohost.c +++ b/canohost.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: canohost.c,v 1.66 2010/01/13 01:20:20 dtucker Exp $ */ | 1 | /* $OpenBSD: canohost.c,v 1.67 2013/05/17 00:13:13 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -41,7 +41,7 @@ static int cached_port = -1; | |||
41 | 41 | ||
42 | /* | 42 | /* |
43 | * Return the canonical name of the host at the other end of the socket. The | 43 | * Return the canonical name of the host at the other end of the socket. The |
44 | * caller should free the returned string with xfree. | 44 | * caller should free the returned string. |
45 | */ | 45 | */ |
46 | 46 | ||
47 | static char * | 47 | static char * |
@@ -323,10 +323,8 @@ get_local_name(int fd) | |||
323 | void | 323 | void |
324 | clear_cached_addr(void) | 324 | clear_cached_addr(void) |
325 | { | 325 | { |
326 | if (canonical_host_ip != NULL) { | 326 | free(canonical_host_ip); |
327 | xfree(canonical_host_ip); | 327 | canonical_host_ip = NULL; |
328 | canonical_host_ip = NULL; | ||
329 | } | ||
330 | cached_port = -1; | 328 | cached_port = -1; |
331 | } | 329 | } |
332 | 330 | ||
diff --git a/channels.c b/channels.c index 9cf85a38d..ac675c742 100644 --- a/channels.c +++ b/channels.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: channels.c,v 1.319 2012/12/02 20:46:11 djm Exp $ */ | 1 | /* $OpenBSD: channels.c,v 1.324 2013/07/12 00:19:58 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -213,6 +213,7 @@ channel_lookup(int id) | |||
213 | case SSH_CHANNEL_OPEN: | 213 | case SSH_CHANNEL_OPEN: |
214 | case SSH_CHANNEL_INPUT_DRAINING: | 214 | case SSH_CHANNEL_INPUT_DRAINING: |
215 | case SSH_CHANNEL_OUTPUT_DRAINING: | 215 | case SSH_CHANNEL_OUTPUT_DRAINING: |
216 | case SSH_CHANNEL_ABANDONED: | ||
216 | return (c); | 217 | return (c); |
217 | } | 218 | } |
218 | logit("Non-public channel %d, type %d.", id, c->type); | 219 | logit("Non-public channel %d, type %d.", id, c->type); |
@@ -247,7 +248,10 @@ channel_register_fds(Channel *c, int rfd, int wfd, int efd, | |||
247 | 248 | ||
248 | if ((c->isatty = is_tty) != 0) | 249 | if ((c->isatty = is_tty) != 0) |
249 | debug2("channel %d: rfd %d isatty", c->self, c->rfd); | 250 | debug2("channel %d: rfd %d isatty", c->self, c->rfd); |
251 | #ifdef _AIX | ||
252 | /* XXX: Later AIX versions can't push as much data to tty */ | ||
250 | c->wfd_isatty = is_tty || isatty(c->wfd); | 253 | c->wfd_isatty = is_tty || isatty(c->wfd); |
254 | #endif | ||
251 | 255 | ||
252 | /* enable nonblocking mode */ | 256 | /* enable nonblocking mode */ |
253 | if (nonblock) { | 257 | if (nonblock) { |
@@ -401,7 +405,7 @@ channel_free(Channel *c) | |||
401 | 405 | ||
402 | s = channel_open_message(); | 406 | s = channel_open_message(); |
403 | debug3("channel %d: status: %s", c->self, s); | 407 | debug3("channel %d: status: %s", c->self, s); |
404 | xfree(s); | 408 | free(s); |
405 | 409 | ||
406 | if (c->sock != -1) | 410 | if (c->sock != -1) |
407 | shutdown(c->sock, SHUT_RDWR); | 411 | shutdown(c->sock, SHUT_RDWR); |
@@ -409,29 +413,23 @@ channel_free(Channel *c) | |||
409 | buffer_free(&c->input); | 413 | buffer_free(&c->input); |
410 | buffer_free(&c->output); | 414 | buffer_free(&c->output); |
411 | buffer_free(&c->extended); | 415 | buffer_free(&c->extended); |
412 | if (c->remote_name) { | 416 | free(c->remote_name); |
413 | xfree(c->remote_name); | 417 | c->remote_name = NULL; |
414 | c->remote_name = NULL; | 418 | free(c->path); |
415 | } | 419 | c->path = NULL; |
416 | if (c->path) { | 420 | free(c->listening_addr); |
417 | xfree(c->path); | 421 | c->listening_addr = NULL; |
418 | c->path = NULL; | ||
419 | } | ||
420 | if (c->listening_addr) { | ||
421 | xfree(c->listening_addr); | ||
422 | c->listening_addr = NULL; | ||
423 | } | ||
424 | while ((cc = TAILQ_FIRST(&c->status_confirms)) != NULL) { | 422 | while ((cc = TAILQ_FIRST(&c->status_confirms)) != NULL) { |
425 | if (cc->abandon_cb != NULL) | 423 | if (cc->abandon_cb != NULL) |
426 | cc->abandon_cb(c, cc->ctx); | 424 | cc->abandon_cb(c, cc->ctx); |
427 | TAILQ_REMOVE(&c->status_confirms, cc, entry); | 425 | TAILQ_REMOVE(&c->status_confirms, cc, entry); |
428 | bzero(cc, sizeof(*cc)); | 426 | bzero(cc, sizeof(*cc)); |
429 | xfree(cc); | 427 | free(cc); |
430 | } | 428 | } |
431 | if (c->filter_cleanup != NULL && c->filter_ctx != NULL) | 429 | if (c->filter_cleanup != NULL && c->filter_ctx != NULL) |
432 | c->filter_cleanup(c->self, c->filter_ctx); | 430 | c->filter_cleanup(c->self, c->filter_ctx); |
433 | channels[c->self] = NULL; | 431 | channels[c->self] = NULL; |
434 | xfree(c); | 432 | free(c); |
435 | } | 433 | } |
436 | 434 | ||
437 | void | 435 | void |
@@ -536,6 +534,7 @@ channel_still_open(void) | |||
536 | case SSH_CHANNEL_DYNAMIC: | 534 | case SSH_CHANNEL_DYNAMIC: |
537 | case SSH_CHANNEL_CONNECTING: | 535 | case SSH_CHANNEL_CONNECTING: |
538 | case SSH_CHANNEL_ZOMBIE: | 536 | case SSH_CHANNEL_ZOMBIE: |
537 | case SSH_CHANNEL_ABANDONED: | ||
539 | continue; | 538 | continue; |
540 | case SSH_CHANNEL_LARVAL: | 539 | case SSH_CHANNEL_LARVAL: |
541 | if (!compat20) | 540 | if (!compat20) |
@@ -581,6 +580,7 @@ channel_find_open(void) | |||
581 | case SSH_CHANNEL_OPENING: | 580 | case SSH_CHANNEL_OPENING: |
582 | case SSH_CHANNEL_CONNECTING: | 581 | case SSH_CHANNEL_CONNECTING: |
583 | case SSH_CHANNEL_ZOMBIE: | 582 | case SSH_CHANNEL_ZOMBIE: |
583 | case SSH_CHANNEL_ABANDONED: | ||
584 | continue; | 584 | continue; |
585 | case SSH_CHANNEL_LARVAL: | 585 | case SSH_CHANNEL_LARVAL: |
586 | case SSH_CHANNEL_AUTH_SOCKET: | 586 | case SSH_CHANNEL_AUTH_SOCKET: |
@@ -628,6 +628,7 @@ channel_open_message(void) | |||
628 | case SSH_CHANNEL_CLOSED: | 628 | case SSH_CHANNEL_CLOSED: |
629 | case SSH_CHANNEL_AUTH_SOCKET: | 629 | case SSH_CHANNEL_AUTH_SOCKET: |
630 | case SSH_CHANNEL_ZOMBIE: | 630 | case SSH_CHANNEL_ZOMBIE: |
631 | case SSH_CHANNEL_ABANDONED: | ||
631 | case SSH_CHANNEL_MUX_CLIENT: | 632 | case SSH_CHANNEL_MUX_CLIENT: |
632 | case SSH_CHANNEL_MUX_LISTENER: | 633 | case SSH_CHANNEL_MUX_LISTENER: |
633 | continue; | 634 | continue; |
@@ -1080,10 +1081,8 @@ channel_decode_socks4(Channel *c, fd_set *readset, fd_set *writeset) | |||
1080 | strlcpy(username, p, sizeof(username)); | 1081 | strlcpy(username, p, sizeof(username)); |
1081 | buffer_consume(&c->input, len); | 1082 | buffer_consume(&c->input, len); |
1082 | 1083 | ||
1083 | if (c->path != NULL) { | 1084 | free(c->path); |
1084 | xfree(c->path); | 1085 | c->path = NULL; |
1085 | c->path = NULL; | ||
1086 | } | ||
1087 | if (need == 1) { /* SOCKS4: one string */ | 1086 | if (need == 1) { /* SOCKS4: one string */ |
1088 | host = inet_ntoa(s4_req.dest_addr); | 1087 | host = inet_ntoa(s4_req.dest_addr); |
1089 | c->path = xstrdup(host); | 1088 | c->path = xstrdup(host); |
@@ -1143,7 +1142,8 @@ channel_decode_socks5(Channel *c, fd_set *readset, fd_set *writeset) | |||
1143 | u_int8_t atyp; | 1142 | u_int8_t atyp; |
1144 | } s5_req, s5_rsp; | 1143 | } s5_req, s5_rsp; |
1145 | u_int16_t dest_port; | 1144 | u_int16_t dest_port; |
1146 | u_char *p, dest_addr[255+1], ntop[INET6_ADDRSTRLEN]; | 1145 | char dest_addr[255+1], ntop[INET6_ADDRSTRLEN]; |
1146 | u_char *p; | ||
1147 | u_int have, need, i, found, nmethods, addrlen, af; | 1147 | u_int have, need, i, found, nmethods, addrlen, af; |
1148 | 1148 | ||
1149 | debug2("channel %d: decode socks5", c->self); | 1149 | debug2("channel %d: decode socks5", c->self); |
@@ -1213,13 +1213,11 @@ channel_decode_socks5(Channel *c, fd_set *readset, fd_set *writeset) | |||
1213 | buffer_consume(&c->input, sizeof(s5_req)); | 1213 | buffer_consume(&c->input, sizeof(s5_req)); |
1214 | if (s5_req.atyp == SSH_SOCKS5_DOMAIN) | 1214 | if (s5_req.atyp == SSH_SOCKS5_DOMAIN) |
1215 | buffer_consume(&c->input, 1); /* host string length */ | 1215 | buffer_consume(&c->input, 1); /* host string length */ |
1216 | buffer_get(&c->input, (char *)&dest_addr, addrlen); | 1216 | buffer_get(&c->input, &dest_addr, addrlen); |
1217 | buffer_get(&c->input, (char *)&dest_port, 2); | 1217 | buffer_get(&c->input, (char *)&dest_port, 2); |
1218 | dest_addr[addrlen] = '\0'; | 1218 | dest_addr[addrlen] = '\0'; |
1219 | if (c->path != NULL) { | 1219 | free(c->path); |
1220 | xfree(c->path); | 1220 | c->path = NULL; |
1221 | c->path = NULL; | ||
1222 | } | ||
1223 | if (s5_req.atyp == SSH_SOCKS5_DOMAIN) { | 1221 | if (s5_req.atyp == SSH_SOCKS5_DOMAIN) { |
1224 | if (addrlen >= NI_MAXHOST) { | 1222 | if (addrlen >= NI_MAXHOST) { |
1225 | error("channel %d: dynamic request: socks5 hostname " | 1223 | error("channel %d: dynamic request: socks5 hostname " |
@@ -1241,11 +1239,10 @@ channel_decode_socks5(Channel *c, fd_set *readset, fd_set *writeset) | |||
1241 | s5_rsp.command = SSH_SOCKS5_SUCCESS; | 1239 | s5_rsp.command = SSH_SOCKS5_SUCCESS; |
1242 | s5_rsp.reserved = 0; /* ignored */ | 1240 | s5_rsp.reserved = 0; /* ignored */ |
1243 | s5_rsp.atyp = SSH_SOCKS5_IPV4; | 1241 | s5_rsp.atyp = SSH_SOCKS5_IPV4; |
1244 | ((struct in_addr *)&dest_addr)->s_addr = INADDR_ANY; | ||
1245 | dest_port = 0; /* ignored */ | 1242 | dest_port = 0; /* ignored */ |
1246 | 1243 | ||
1247 | buffer_append(&c->output, &s5_rsp, sizeof(s5_rsp)); | 1244 | buffer_append(&c->output, &s5_rsp, sizeof(s5_rsp)); |
1248 | buffer_append(&c->output, &dest_addr, sizeof(struct in_addr)); | 1245 | buffer_put_int(&c->output, ntohl(INADDR_ANY)); /* bind address */ |
1249 | buffer_append(&c->output, &dest_port, sizeof(dest_port)); | 1246 | buffer_append(&c->output, &dest_port, sizeof(dest_port)); |
1250 | return 1; | 1247 | return 1; |
1251 | } | 1248 | } |
@@ -1324,7 +1321,7 @@ channel_post_x11_listener(Channel *c, fd_set *readset, fd_set *writeset) | |||
1324 | { | 1321 | { |
1325 | Channel *nc; | 1322 | Channel *nc; |
1326 | struct sockaddr_storage addr; | 1323 | struct sockaddr_storage addr; |
1327 | int newsock; | 1324 | int newsock, oerrno; |
1328 | socklen_t addrlen; | 1325 | socklen_t addrlen; |
1329 | char buf[16384], *remote_ipaddr; | 1326 | char buf[16384], *remote_ipaddr; |
1330 | int remote_port; | 1327 | int remote_port; |
@@ -1334,14 +1331,18 @@ channel_post_x11_listener(Channel *c, fd_set *readset, fd_set *writeset) | |||
1334 | addrlen = sizeof(addr); | 1331 | addrlen = sizeof(addr); |
1335 | newsock = accept(c->sock, (struct sockaddr *)&addr, &addrlen); | 1332 | newsock = accept(c->sock, (struct sockaddr *)&addr, &addrlen); |
1336 | if (c->single_connection) { | 1333 | if (c->single_connection) { |
1334 | oerrno = errno; | ||
1337 | debug2("single_connection: closing X11 listener."); | 1335 | debug2("single_connection: closing X11 listener."); |
1338 | channel_close_fd(&c->sock); | 1336 | channel_close_fd(&c->sock); |
1339 | chan_mark_dead(c); | 1337 | chan_mark_dead(c); |
1338 | errno = oerrno; | ||
1340 | } | 1339 | } |
1341 | if (newsock < 0) { | 1340 | if (newsock < 0) { |
1342 | error("accept: %.100s", strerror(errno)); | 1341 | if (errno != EINTR && errno != EWOULDBLOCK && |
1342 | errno != ECONNABORTED) | ||
1343 | error("accept: %.100s", strerror(errno)); | ||
1343 | if (errno == EMFILE || errno == ENFILE) | 1344 | if (errno == EMFILE || errno == ENFILE) |
1344 | c->notbefore = time(NULL) + 1; | 1345 | c->notbefore = monotime() + 1; |
1345 | return; | 1346 | return; |
1346 | } | 1347 | } |
1347 | set_nodelay(newsock); | 1348 | set_nodelay(newsock); |
@@ -1375,7 +1376,7 @@ channel_post_x11_listener(Channel *c, fd_set *readset, fd_set *writeset) | |||
1375 | packet_put_cstring(buf); | 1376 | packet_put_cstring(buf); |
1376 | packet_send(); | 1377 | packet_send(); |
1377 | } | 1378 | } |
1378 | xfree(remote_ipaddr); | 1379 | free(remote_ipaddr); |
1379 | } | 1380 | } |
1380 | } | 1381 | } |
1381 | 1382 | ||
@@ -1389,7 +1390,7 @@ port_open_helper(Channel *c, char *rtype) | |||
1389 | 1390 | ||
1390 | if (remote_port == -1) { | 1391 | if (remote_port == -1) { |
1391 | /* Fake addr/port to appease peers that validate it (Tectia) */ | 1392 | /* Fake addr/port to appease peers that validate it (Tectia) */ |
1392 | xfree(remote_ipaddr); | 1393 | free(remote_ipaddr); |
1393 | remote_ipaddr = xstrdup("127.0.0.1"); | 1394 | remote_ipaddr = xstrdup("127.0.0.1"); |
1394 | remote_port = 65535; | 1395 | remote_port = 65535; |
1395 | } | 1396 | } |
@@ -1402,7 +1403,7 @@ port_open_helper(Channel *c, char *rtype) | |||
1402 | rtype, c->listening_port, c->path, c->host_port, | 1403 | rtype, c->listening_port, c->path, c->host_port, |
1403 | remote_ipaddr, remote_port); | 1404 | remote_ipaddr, remote_port); |
1404 | 1405 | ||
1405 | xfree(c->remote_name); | 1406 | free(c->remote_name); |
1406 | c->remote_name = xstrdup(buf); | 1407 | c->remote_name = xstrdup(buf); |
1407 | 1408 | ||
1408 | if (compat20) { | 1409 | if (compat20) { |
@@ -1434,7 +1435,7 @@ port_open_helper(Channel *c, char *rtype) | |||
1434 | packet_put_cstring(c->remote_name); | 1435 | packet_put_cstring(c->remote_name); |
1435 | packet_send(); | 1436 | packet_send(); |
1436 | } | 1437 | } |
1437 | xfree(remote_ipaddr); | 1438 | free(remote_ipaddr); |
1438 | } | 1439 | } |
1439 | 1440 | ||
1440 | static void | 1441 | static void |
@@ -1484,9 +1485,11 @@ channel_post_port_listener(Channel *c, fd_set *readset, fd_set *writeset) | |||
1484 | addrlen = sizeof(addr); | 1485 | addrlen = sizeof(addr); |
1485 | newsock = accept(c->sock, (struct sockaddr *)&addr, &addrlen); | 1486 | newsock = accept(c->sock, (struct sockaddr *)&addr, &addrlen); |
1486 | if (newsock < 0) { | 1487 | if (newsock < 0) { |
1487 | error("accept: %.100s", strerror(errno)); | 1488 | if (errno != EINTR && errno != EWOULDBLOCK && |
1489 | errno != ECONNABORTED) | ||
1490 | error("accept: %.100s", strerror(errno)); | ||
1488 | if (errno == EMFILE || errno == ENFILE) | 1491 | if (errno == EMFILE || errno == ENFILE) |
1489 | c->notbefore = time(NULL) + 1; | 1492 | c->notbefore = monotime() + 1; |
1490 | return; | 1493 | return; |
1491 | } | 1494 | } |
1492 | set_nodelay(newsock); | 1495 | set_nodelay(newsock); |
@@ -1522,7 +1525,7 @@ channel_post_auth_listener(Channel *c, fd_set *readset, fd_set *writeset) | |||
1522 | error("accept from auth socket: %.100s", | 1525 | error("accept from auth socket: %.100s", |
1523 | strerror(errno)); | 1526 | strerror(errno)); |
1524 | if (errno == EMFILE || errno == ENFILE) | 1527 | if (errno == EMFILE || errno == ENFILE) |
1525 | c->notbefore = time(NULL) + 1; | 1528 | c->notbefore = monotime() + 1; |
1526 | return; | 1529 | return; |
1527 | } | 1530 | } |
1528 | nc = channel_new("accepted auth socket", | 1531 | nc = channel_new("accepted auth socket", |
@@ -1685,7 +1688,7 @@ channel_handle_wfd(Channel *c, fd_set *readset, fd_set *writeset) | |||
1685 | if (c->datagram) { | 1688 | if (c->datagram) { |
1686 | /* ignore truncated writes, datagrams might get lost */ | 1689 | /* ignore truncated writes, datagrams might get lost */ |
1687 | len = write(c->wfd, buf, dlen); | 1690 | len = write(c->wfd, buf, dlen); |
1688 | xfree(data); | 1691 | free(data); |
1689 | if (len < 0 && (errno == EINTR || errno == EAGAIN || | 1692 | if (len < 0 && (errno == EINTR || errno == EAGAIN || |
1690 | errno == EWOULDBLOCK)) | 1693 | errno == EWOULDBLOCK)) |
1691 | return 1; | 1694 | return 1; |
@@ -1926,7 +1929,7 @@ channel_post_mux_listener(Channel *c, fd_set *readset, fd_set *writeset) | |||
1926 | &addrlen)) == -1) { | 1929 | &addrlen)) == -1) { |
1927 | error("%s accept: %s", __func__, strerror(errno)); | 1930 | error("%s accept: %s", __func__, strerror(errno)); |
1928 | if (errno == EMFILE || errno == ENFILE) | 1931 | if (errno == EMFILE || errno == ENFILE) |
1929 | c->notbefore = time(NULL) + 1; | 1932 | c->notbefore = monotime() + 1; |
1930 | return; | 1933 | return; |
1931 | } | 1934 | } |
1932 | 1935 | ||
@@ -2089,7 +2092,7 @@ channel_handler(chan_fn *ftab[], fd_set *readset, fd_set *writeset, | |||
2089 | channel_handler_init(); | 2092 | channel_handler_init(); |
2090 | did_init = 1; | 2093 | did_init = 1; |
2091 | } | 2094 | } |
2092 | now = time(NULL); | 2095 | now = monotime(); |
2093 | if (unpause_secs != NULL) | 2096 | if (unpause_secs != NULL) |
2094 | *unpause_secs = 0; | 2097 | *unpause_secs = 0; |
2095 | for (i = 0, oalloc = channels_alloc; i < oalloc; i++) { | 2098 | for (i = 0, oalloc = channels_alloc; i < oalloc; i++) { |
@@ -2219,7 +2222,7 @@ channel_output_poll(void) | |||
2219 | debug("channel %d: datagram " | 2222 | debug("channel %d: datagram " |
2220 | "too big for channel", | 2223 | "too big for channel", |
2221 | c->self); | 2224 | c->self); |
2222 | xfree(data); | 2225 | free(data); |
2223 | continue; | 2226 | continue; |
2224 | } | 2227 | } |
2225 | packet_start(SSH2_MSG_CHANNEL_DATA); | 2228 | packet_start(SSH2_MSG_CHANNEL_DATA); |
@@ -2227,7 +2230,7 @@ channel_output_poll(void) | |||
2227 | packet_put_string(data, dlen); | 2230 | packet_put_string(data, dlen); |
2228 | packet_send(); | 2231 | packet_send(); |
2229 | c->remote_window -= dlen + 4; | 2232 | c->remote_window -= dlen + 4; |
2230 | xfree(data); | 2233 | free(data); |
2231 | } | 2234 | } |
2232 | continue; | 2235 | continue; |
2233 | } | 2236 | } |
@@ -2399,13 +2402,13 @@ channel_input_extended_data(int type, u_int32_t seq, void *ctxt) | |||
2399 | if (data_len > c->local_window) { | 2402 | if (data_len > c->local_window) { |
2400 | logit("channel %d: rcvd too much extended_data %d, win %d", | 2403 | logit("channel %d: rcvd too much extended_data %d, win %d", |
2401 | c->self, data_len, c->local_window); | 2404 | c->self, data_len, c->local_window); |
2402 | xfree(data); | 2405 | free(data); |
2403 | return; | 2406 | return; |
2404 | } | 2407 | } |
2405 | debug2("channel %d: rcvd ext data %d", c->self, data_len); | 2408 | debug2("channel %d: rcvd ext data %d", c->self, data_len); |
2406 | c->local_window -= data_len; | 2409 | c->local_window -= data_len; |
2407 | buffer_append(&c->extended, data, data_len); | 2410 | buffer_append(&c->extended, data, data_len); |
2408 | xfree(data); | 2411 | free(data); |
2409 | } | 2412 | } |
2410 | 2413 | ||
2411 | /* ARGSUSED */ | 2414 | /* ARGSUSED */ |
@@ -2495,7 +2498,7 @@ channel_input_close_confirmation(int type, u_int32_t seq, void *ctxt) | |||
2495 | if (c == NULL) | 2498 | if (c == NULL) |
2496 | packet_disconnect("Received close confirmation for " | 2499 | packet_disconnect("Received close confirmation for " |
2497 | "out-of-range channel %d.", id); | 2500 | "out-of-range channel %d.", id); |
2498 | if (c->type != SSH_CHANNEL_CLOSED) | 2501 | if (c->type != SSH_CHANNEL_CLOSED && c->type != SSH_CHANNEL_ABANDONED) |
2499 | packet_disconnect("Received close confirmation for " | 2502 | packet_disconnect("Received close confirmation for " |
2500 | "non-closed channel %d (type %d).", id, c->type); | 2503 | "non-closed channel %d (type %d).", id, c->type); |
2501 | channel_free(c); | 2504 | channel_free(c); |
@@ -2571,10 +2574,8 @@ channel_input_open_failure(int type, u_int32_t seq, void *ctxt) | |||
2571 | } | 2574 | } |
2572 | logit("channel %d: open failed: %s%s%s", id, | 2575 | logit("channel %d: open failed: %s%s%s", id, |
2573 | reason2txt(reason), msg ? ": ": "", msg ? msg : ""); | 2576 | reason2txt(reason), msg ? ": ": "", msg ? msg : ""); |
2574 | if (msg != NULL) | 2577 | free(msg); |
2575 | xfree(msg); | 2578 | free(lang); |
2576 | if (lang != NULL) | ||
2577 | xfree(lang); | ||
2578 | if (c->open_confirm) { | 2579 | if (c->open_confirm) { |
2579 | debug2("callback start"); | 2580 | debug2("callback start"); |
2580 | c->open_confirm(c->self, 0, c->open_confirm_ctx); | 2581 | c->open_confirm(c->self, 0, c->open_confirm_ctx); |
@@ -2632,8 +2633,8 @@ channel_input_port_open(int type, u_int32_t seq, void *ctxt) | |||
2632 | packet_check_eom(); | 2633 | packet_check_eom(); |
2633 | c = channel_connect_to(host, host_port, | 2634 | c = channel_connect_to(host, host_port, |
2634 | "connected socket", originator_string); | 2635 | "connected socket", originator_string); |
2635 | xfree(originator_string); | 2636 | free(originator_string); |
2636 | xfree(host); | 2637 | free(host); |
2637 | if (c == NULL) { | 2638 | if (c == NULL) { |
2638 | packet_start(SSH_MSG_CHANNEL_OPEN_FAILURE); | 2639 | packet_start(SSH_MSG_CHANNEL_OPEN_FAILURE); |
2639 | packet_put_int(remote_id); | 2640 | packet_put_int(remote_id); |
@@ -2668,7 +2669,7 @@ channel_input_status_confirm(int type, u_int32_t seq, void *ctxt) | |||
2668 | cc->cb(type, c, cc->ctx); | 2669 | cc->cb(type, c, cc->ctx); |
2669 | TAILQ_REMOVE(&c->status_confirms, cc, entry); | 2670 | TAILQ_REMOVE(&c->status_confirms, cc, entry); |
2670 | bzero(cc, sizeof(*cc)); | 2671 | bzero(cc, sizeof(*cc)); |
2671 | xfree(cc); | 2672 | free(cc); |
2672 | } | 2673 | } |
2673 | 2674 | ||
2674 | /* -- tcp forwarding */ | 2675 | /* -- tcp forwarding */ |
@@ -3048,7 +3049,7 @@ channel_request_rforward_cancel(const char *host, u_short port) | |||
3048 | 3049 | ||
3049 | permitted_opens[i].listen_port = 0; | 3050 | permitted_opens[i].listen_port = 0; |
3050 | permitted_opens[i].port_to_connect = 0; | 3051 | permitted_opens[i].port_to_connect = 0; |
3051 | xfree(permitted_opens[i].host_to_connect); | 3052 | free(permitted_opens[i].host_to_connect); |
3052 | permitted_opens[i].host_to_connect = NULL; | 3053 | permitted_opens[i].host_to_connect = NULL; |
3053 | 3054 | ||
3054 | return 0; | 3055 | return 0; |
@@ -3089,7 +3090,7 @@ channel_input_port_forward_request(int is_root, int gateway_ports) | |||
3089 | host_port, gateway_ports); | 3090 | host_port, gateway_ports); |
3090 | 3091 | ||
3091 | /* Free the argument string. */ | 3092 | /* Free the argument string. */ |
3092 | xfree(hostname); | 3093 | free(hostname); |
3093 | 3094 | ||
3094 | return (success ? 0 : -1); | 3095 | return (success ? 0 : -1); |
3095 | } | 3096 | } |
@@ -3144,7 +3145,7 @@ channel_update_permitted_opens(int idx, int newport) | |||
3144 | } else { | 3145 | } else { |
3145 | permitted_opens[idx].listen_port = 0; | 3146 | permitted_opens[idx].listen_port = 0; |
3146 | permitted_opens[idx].port_to_connect = 0; | 3147 | permitted_opens[idx].port_to_connect = 0; |
3147 | xfree(permitted_opens[idx].host_to_connect); | 3148 | free(permitted_opens[idx].host_to_connect); |
3148 | permitted_opens[idx].host_to_connect = NULL; | 3149 | permitted_opens[idx].host_to_connect = NULL; |
3149 | } | 3150 | } |
3150 | } | 3151 | } |
@@ -3177,12 +3178,9 @@ channel_clear_permitted_opens(void) | |||
3177 | int i; | 3178 | int i; |
3178 | 3179 | ||
3179 | for (i = 0; i < num_permitted_opens; i++) | 3180 | for (i = 0; i < num_permitted_opens; i++) |
3180 | if (permitted_opens[i].host_to_connect != NULL) | 3181 | free(permitted_opens[i].host_to_connect); |
3181 | xfree(permitted_opens[i].host_to_connect); | 3182 | free(permitted_opens); |
3182 | if (num_permitted_opens > 0) { | 3183 | permitted_opens = NULL; |
3183 | xfree(permitted_opens); | ||
3184 | permitted_opens = NULL; | ||
3185 | } | ||
3186 | num_permitted_opens = 0; | 3184 | num_permitted_opens = 0; |
3187 | } | 3185 | } |
3188 | 3186 | ||
@@ -3192,12 +3190,9 @@ channel_clear_adm_permitted_opens(void) | |||
3192 | int i; | 3190 | int i; |
3193 | 3191 | ||
3194 | for (i = 0; i < num_adm_permitted_opens; i++) | 3192 | for (i = 0; i < num_adm_permitted_opens; i++) |
3195 | if (permitted_adm_opens[i].host_to_connect != NULL) | 3193 | free(permitted_adm_opens[i].host_to_connect); |
3196 | xfree(permitted_adm_opens[i].host_to_connect); | 3194 | free(permitted_adm_opens); |
3197 | if (num_adm_permitted_opens > 0) { | 3195 | permitted_adm_opens = NULL; |
3198 | xfree(permitted_adm_opens); | ||
3199 | permitted_adm_opens = NULL; | ||
3200 | } | ||
3201 | num_adm_permitted_opens = 0; | 3196 | num_adm_permitted_opens = 0; |
3202 | } | 3197 | } |
3203 | 3198 | ||
@@ -3291,7 +3286,7 @@ connect_next(struct channel_connect *cctx) | |||
3291 | static void | 3286 | static void |
3292 | channel_connect_ctx_free(struct channel_connect *cctx) | 3287 | channel_connect_ctx_free(struct channel_connect *cctx) |
3293 | { | 3288 | { |
3294 | xfree(cctx->host); | 3289 | free(cctx->host); |
3295 | if (cctx->aitop) | 3290 | if (cctx->aitop) |
3296 | freeaddrinfo(cctx->aitop); | 3291 | freeaddrinfo(cctx->aitop); |
3297 | bzero(cctx, sizeof(*cctx)); | 3292 | bzero(cctx, sizeof(*cctx)); |
@@ -3686,7 +3681,7 @@ x11_input_open(int type, u_int32_t seq, void *ctxt) | |||
3686 | c->remote_id = remote_id; | 3681 | c->remote_id = remote_id; |
3687 | c->force_drain = 1; | 3682 | c->force_drain = 1; |
3688 | } | 3683 | } |
3689 | xfree(remote_host); | 3684 | free(remote_host); |
3690 | if (c == NULL) { | 3685 | if (c == NULL) { |
3691 | /* Send refusal to the remote host. */ | 3686 | /* Send refusal to the remote host. */ |
3692 | packet_start(SSH_MSG_CHANNEL_OPEN_FAILURE); | 3687 | packet_start(SSH_MSG_CHANNEL_OPEN_FAILURE); |
@@ -3794,7 +3789,7 @@ x11_request_forwarding_with_spoofing(int client_session_id, const char *disp, | |||
3794 | packet_put_int(screen_number); | 3789 | packet_put_int(screen_number); |
3795 | packet_send(); | 3790 | packet_send(); |
3796 | packet_write_wait(); | 3791 | packet_write_wait(); |
3797 | xfree(new_data); | 3792 | free(new_data); |
3798 | } | 3793 | } |
3799 | 3794 | ||
3800 | 3795 | ||
diff --git a/channels.h b/channels.h index d75b800f7..4fab9d7c4 100644 --- a/channels.h +++ b/channels.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: channels.h,v 1.111 2012/04/11 13:16:19 djm Exp $ */ | 1 | /* $OpenBSD: channels.h,v 1.113 2013/06/07 15:37:52 dtucker Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
@@ -55,7 +55,8 @@ | |||
55 | #define SSH_CHANNEL_ZOMBIE 14 /* Almost dead. */ | 55 | #define SSH_CHANNEL_ZOMBIE 14 /* Almost dead. */ |
56 | #define SSH_CHANNEL_MUX_LISTENER 15 /* Listener for mux conn. */ | 56 | #define SSH_CHANNEL_MUX_LISTENER 15 /* Listener for mux conn. */ |
57 | #define SSH_CHANNEL_MUX_CLIENT 16 /* Conn. to mux slave */ | 57 | #define SSH_CHANNEL_MUX_CLIENT 16 /* Conn. to mux slave */ |
58 | #define SSH_CHANNEL_MAX_TYPE 17 | 58 | #define SSH_CHANNEL_ABANDONED 17 /* Abandoned session, eg mux */ |
59 | #define SSH_CHANNEL_MAX_TYPE 18 | ||
59 | 60 | ||
60 | #define CHANNEL_CANCEL_PORT_STATIC -1 | 61 | #define CHANNEL_CANCEL_PORT_STATIC -1 |
61 | 62 | ||
@@ -102,7 +103,9 @@ struct Channel { | |||
102 | int sock; /* sock fd */ | 103 | int sock; /* sock fd */ |
103 | int ctl_chan; /* control channel (multiplexed connections) */ | 104 | int ctl_chan; /* control channel (multiplexed connections) */ |
104 | int isatty; /* rfd is a tty */ | 105 | int isatty; /* rfd is a tty */ |
106 | #ifdef _AIX | ||
105 | int wfd_isatty; /* wfd is a tty */ | 107 | int wfd_isatty; /* wfd is a tty */ |
108 | #endif | ||
106 | int client_tty; /* (client) TTY has been requested */ | 109 | int client_tty; /* (client) TTY has been requested */ |
107 | int force_drain; /* force close on iEOF */ | 110 | int force_drain; /* force close on iEOF */ |
108 | time_t notbefore; /* Pause IO until deadline (time_t) */ | 111 | time_t notbefore; /* Pause IO until deadline (time_t) */ |
@@ -110,7 +113,7 @@ struct Channel { | |||
110 | * channels are delayed until the first call | 113 | * channels are delayed until the first call |
111 | * to a matching pre-select handler. | 114 | * to a matching pre-select handler. |
112 | * this way post-select handlers are not | 115 | * this way post-select handlers are not |
113 | * accidenly called if a FD gets reused */ | 116 | * accidentally called if a FD gets reused */ |
114 | Buffer input; /* data read from socket, to be sent over | 117 | Buffer input; /* data read from socket, to be sent over |
115 | * encrypted connection */ | 118 | * encrypted connection */ |
116 | Buffer output; /* data received over encrypted connection for | 119 | Buffer output; /* data received over encrypted connection for |
diff --git a/cipher-3des1.c b/cipher-3des1.c index b7aa588cd..c8a70244b 100644 --- a/cipher-3des1.c +++ b/cipher-3des1.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: cipher-3des1.c,v 1.7 2010/10/01 23:05:32 djm Exp $ */ | 1 | /* $OpenBSD: cipher-3des1.c,v 1.8 2013/05/17 00:13:13 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2003 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2003 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -94,7 +94,7 @@ ssh1_3des_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv, | |||
94 | EVP_CipherInit(&c->k2, EVP_des_cbc(), k2, NULL, !enc) == 0 || | 94 | EVP_CipherInit(&c->k2, EVP_des_cbc(), k2, NULL, !enc) == 0 || |
95 | EVP_CipherInit(&c->k3, EVP_des_cbc(), k3, NULL, enc) == 0) { | 95 | EVP_CipherInit(&c->k3, EVP_des_cbc(), k3, NULL, enc) == 0) { |
96 | memset(c, 0, sizeof(*c)); | 96 | memset(c, 0, sizeof(*c)); |
97 | xfree(c); | 97 | free(c); |
98 | EVP_CIPHER_CTX_set_app_data(ctx, NULL); | 98 | EVP_CIPHER_CTX_set_app_data(ctx, NULL); |
99 | return (0); | 99 | return (0); |
100 | } | 100 | } |
@@ -135,7 +135,7 @@ ssh1_3des_cleanup(EVP_CIPHER_CTX *ctx) | |||
135 | EVP_CIPHER_CTX_cleanup(&c->k2); | 135 | EVP_CIPHER_CTX_cleanup(&c->k2); |
136 | EVP_CIPHER_CTX_cleanup(&c->k3); | 136 | EVP_CIPHER_CTX_cleanup(&c->k3); |
137 | memset(c, 0, sizeof(*c)); | 137 | memset(c, 0, sizeof(*c)); |
138 | xfree(c); | 138 | free(c); |
139 | EVP_CIPHER_CTX_set_app_data(ctx, NULL); | 139 | EVP_CIPHER_CTX_set_app_data(ctx, NULL); |
140 | } | 140 | } |
141 | return (1); | 141 | return (1); |
diff --git a/cipher-aes.c b/cipher-aes.c index 07ec7aa5d..8b1017272 100644 --- a/cipher-aes.c +++ b/cipher-aes.c | |||
@@ -120,7 +120,7 @@ ssh_rijndael_cleanup(EVP_CIPHER_CTX *ctx) | |||
120 | 120 | ||
121 | if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) != NULL) { | 121 | if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) != NULL) { |
122 | memset(c, 0, sizeof(*c)); | 122 | memset(c, 0, sizeof(*c)); |
123 | xfree(c); | 123 | free(c); |
124 | EVP_CIPHER_CTX_set_app_data(ctx, NULL); | 124 | EVP_CIPHER_CTX_set_app_data(ctx, NULL); |
125 | } | 125 | } |
126 | return (1); | 126 | return (1); |
diff --git a/cipher-ctr.c b/cipher-ctr.c index d1fe69f57..ea0f9b3b7 100644 --- a/cipher-ctr.c +++ b/cipher-ctr.c | |||
@@ -104,7 +104,7 @@ ssh_aes_ctr_cleanup(EVP_CIPHER_CTX *ctx) | |||
104 | 104 | ||
105 | if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) != NULL) { | 105 | if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) != NULL) { |
106 | memset(c, 0, sizeof(*c)); | 106 | memset(c, 0, sizeof(*c)); |
107 | xfree(c); | 107 | free(c); |
108 | EVP_CIPHER_CTX_set_app_data(ctx, NULL); | 108 | EVP_CIPHER_CTX_set_app_data(ctx, NULL); |
109 | } | 109 | } |
110 | return (1); | 110 | return (1); |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: cipher.c,v 1.87 2013/01/26 06:11:05 djm Exp $ */ | 1 | /* $OpenBSD: cipher.c,v 1.89 2013/05/17 00:13:13 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -65,7 +65,9 @@ struct Cipher { | |||
65 | u_int discard_len; | 65 | u_int discard_len; |
66 | u_int cbc_mode; | 66 | u_int cbc_mode; |
67 | const EVP_CIPHER *(*evptype)(void); | 67 | const EVP_CIPHER *(*evptype)(void); |
68 | } ciphers[] = { | 68 | }; |
69 | |||
70 | static const struct Cipher ciphers[] = { | ||
69 | { "none", SSH_CIPHER_NONE, 8, 0, 0, 0, 0, 0, EVP_enc_null }, | 71 | { "none", SSH_CIPHER_NONE, 8, 0, 0, 0, 0, 0, EVP_enc_null }, |
70 | { "des", SSH_CIPHER_DES, 8, 8, 0, 0, 0, 1, EVP_des_cbc }, | 72 | { "des", SSH_CIPHER_DES, 8, 8, 0, 0, 0, 1, EVP_des_cbc }, |
71 | { "3des", SSH_CIPHER_3DES, 8, 16, 0, 0, 0, 1, evp_ssh1_3des }, | 73 | { "3des", SSH_CIPHER_3DES, 8, 16, 0, 0, 0, 1, evp_ssh1_3des }, |
@@ -98,6 +100,27 @@ struct Cipher { | |||
98 | 100 | ||
99 | /*--*/ | 101 | /*--*/ |
100 | 102 | ||
103 | /* Returns a comma-separated list of supported ciphers. */ | ||
104 | char * | ||
105 | cipher_alg_list(void) | ||
106 | { | ||
107 | char *ret = NULL; | ||
108 | size_t nlen, rlen = 0; | ||
109 | const Cipher *c; | ||
110 | |||
111 | for (c = ciphers; c->name != NULL; c++) { | ||
112 | if (c->number != SSH_CIPHER_SSH2) | ||
113 | continue; | ||
114 | if (ret != NULL) | ||
115 | ret[rlen++] = '\n'; | ||
116 | nlen = strlen(c->name); | ||
117 | ret = xrealloc(ret, 1, rlen + nlen + 2); | ||
118 | memcpy(ret + rlen, c->name, nlen + 1); | ||
119 | rlen += nlen; | ||
120 | } | ||
121 | return ret; | ||
122 | } | ||
123 | |||
101 | u_int | 124 | u_int |
102 | cipher_blocksize(const Cipher *c) | 125 | cipher_blocksize(const Cipher *c) |
103 | { | 126 | { |
@@ -146,20 +169,20 @@ cipher_mask_ssh1(int client) | |||
146 | return mask; | 169 | return mask; |
147 | } | 170 | } |
148 | 171 | ||
149 | Cipher * | 172 | const Cipher * |
150 | cipher_by_name(const char *name) | 173 | cipher_by_name(const char *name) |
151 | { | 174 | { |
152 | Cipher *c; | 175 | const Cipher *c; |
153 | for (c = ciphers; c->name != NULL; c++) | 176 | for (c = ciphers; c->name != NULL; c++) |
154 | if (strcmp(c->name, name) == 0) | 177 | if (strcmp(c->name, name) == 0) |
155 | return c; | 178 | return c; |
156 | return NULL; | 179 | return NULL; |
157 | } | 180 | } |
158 | 181 | ||
159 | Cipher * | 182 | const Cipher * |
160 | cipher_by_number(int id) | 183 | cipher_by_number(int id) |
161 | { | 184 | { |
162 | Cipher *c; | 185 | const Cipher *c; |
163 | for (c = ciphers; c->name != NULL; c++) | 186 | for (c = ciphers; c->name != NULL; c++) |
164 | if (c->number == id) | 187 | if (c->number == id) |
165 | return c; | 188 | return c; |
@@ -170,7 +193,7 @@ cipher_by_number(int id) | |||
170 | int | 193 | int |
171 | ciphers_valid(const char *names) | 194 | ciphers_valid(const char *names) |
172 | { | 195 | { |
173 | Cipher *c; | 196 | const Cipher *c; |
174 | char *cipher_list, *cp; | 197 | char *cipher_list, *cp; |
175 | char *p; | 198 | char *p; |
176 | 199 | ||
@@ -182,14 +205,14 @@ ciphers_valid(const char *names) | |||
182 | c = cipher_by_name(p); | 205 | c = cipher_by_name(p); |
183 | if (c == NULL || c->number != SSH_CIPHER_SSH2) { | 206 | if (c == NULL || c->number != SSH_CIPHER_SSH2) { |
184 | debug("bad cipher %s [%s]", p, names); | 207 | debug("bad cipher %s [%s]", p, names); |
185 | xfree(cipher_list); | 208 | free(cipher_list); |
186 | return 0; | 209 | return 0; |
187 | } else { | 210 | } else { |
188 | debug3("cipher ok: %s [%s]", p, names); | 211 | debug3("cipher ok: %s [%s]", p, names); |
189 | } | 212 | } |
190 | } | 213 | } |
191 | debug3("ciphers ok: [%s]", names); | 214 | debug3("ciphers ok: [%s]", names); |
192 | xfree(cipher_list); | 215 | free(cipher_list); |
193 | return 1; | 216 | return 1; |
194 | } | 217 | } |
195 | 218 | ||
@@ -201,7 +224,7 @@ ciphers_valid(const char *names) | |||
201 | int | 224 | int |
202 | cipher_number(const char *name) | 225 | cipher_number(const char *name) |
203 | { | 226 | { |
204 | Cipher *c; | 227 | const Cipher *c; |
205 | if (name == NULL) | 228 | if (name == NULL) |
206 | return -1; | 229 | return -1; |
207 | for (c = ciphers; c->name != NULL; c++) | 230 | for (c = ciphers; c->name != NULL; c++) |
@@ -213,12 +236,12 @@ cipher_number(const char *name) | |||
213 | char * | 236 | char * |
214 | cipher_name(int id) | 237 | cipher_name(int id) |
215 | { | 238 | { |
216 | Cipher *c = cipher_by_number(id); | 239 | const Cipher *c = cipher_by_number(id); |
217 | return (c==NULL) ? "<unknown>" : c->name; | 240 | return (c==NULL) ? "<unknown>" : c->name; |
218 | } | 241 | } |
219 | 242 | ||
220 | void | 243 | void |
221 | cipher_init(CipherContext *cc, Cipher *cipher, | 244 | cipher_init(CipherContext *cc, const Cipher *cipher, |
222 | const u_char *key, u_int keylen, const u_char *iv, u_int ivlen, | 245 | const u_char *key, u_int keylen, const u_char *iv, u_int ivlen, |
223 | int do_encrypt) | 246 | int do_encrypt) |
224 | { | 247 | { |
@@ -291,8 +314,8 @@ cipher_init(CipherContext *cc, Cipher *cipher, | |||
291 | cipher->discard_len) == 0) | 314 | cipher->discard_len) == 0) |
292 | fatal("evp_crypt: EVP_Cipher failed during discard"); | 315 | fatal("evp_crypt: EVP_Cipher failed during discard"); |
293 | memset(discard, 0, cipher->discard_len); | 316 | memset(discard, 0, cipher->discard_len); |
294 | xfree(junk); | 317 | free(junk); |
295 | xfree(discard); | 318 | free(discard); |
296 | } | 319 | } |
297 | } | 320 | } |
298 | 321 | ||
@@ -364,7 +387,7 @@ cipher_cleanup(CipherContext *cc) | |||
364 | */ | 387 | */ |
365 | 388 | ||
366 | void | 389 | void |
367 | cipher_set_key_string(CipherContext *cc, Cipher *cipher, | 390 | cipher_set_key_string(CipherContext *cc, const Cipher *cipher, |
368 | const char *passphrase, int do_encrypt) | 391 | const char *passphrase, int do_encrypt) |
369 | { | 392 | { |
370 | MD5_CTX md; | 393 | MD5_CTX md; |
@@ -389,7 +412,7 @@ cipher_set_key_string(CipherContext *cc, Cipher *cipher, | |||
389 | int | 412 | int |
390 | cipher_get_keyiv_len(const CipherContext *cc) | 413 | cipher_get_keyiv_len(const CipherContext *cc) |
391 | { | 414 | { |
392 | Cipher *c = cc->cipher; | 415 | const Cipher *c = cc->cipher; |
393 | int ivlen; | 416 | int ivlen; |
394 | 417 | ||
395 | if (c->number == SSH_CIPHER_3DES) | 418 | if (c->number == SSH_CIPHER_3DES) |
@@ -402,7 +425,7 @@ cipher_get_keyiv_len(const CipherContext *cc) | |||
402 | void | 425 | void |
403 | cipher_get_keyiv(CipherContext *cc, u_char *iv, u_int len) | 426 | cipher_get_keyiv(CipherContext *cc, u_char *iv, u_int len) |
404 | { | 427 | { |
405 | Cipher *c = cc->cipher; | 428 | const Cipher *c = cc->cipher; |
406 | int evplen; | 429 | int evplen; |
407 | 430 | ||
408 | switch (c->number) { | 431 | switch (c->number) { |
@@ -438,7 +461,7 @@ cipher_get_keyiv(CipherContext *cc, u_char *iv, u_int len) | |||
438 | void | 461 | void |
439 | cipher_set_keyiv(CipherContext *cc, u_char *iv) | 462 | cipher_set_keyiv(CipherContext *cc, u_char *iv) |
440 | { | 463 | { |
441 | Cipher *c = cc->cipher; | 464 | const Cipher *c = cc->cipher; |
442 | int evplen = 0; | 465 | int evplen = 0; |
443 | 466 | ||
444 | switch (c->number) { | 467 | switch (c->number) { |
@@ -471,7 +494,7 @@ cipher_set_keyiv(CipherContext *cc, u_char *iv) | |||
471 | int | 494 | int |
472 | cipher_get_keycontext(const CipherContext *cc, u_char *dat) | 495 | cipher_get_keycontext(const CipherContext *cc, u_char *dat) |
473 | { | 496 | { |
474 | Cipher *c = cc->cipher; | 497 | const Cipher *c = cc->cipher; |
475 | int plen = 0; | 498 | int plen = 0; |
476 | 499 | ||
477 | if (c->evptype == EVP_rc4) { | 500 | if (c->evptype == EVP_rc4) { |
@@ -486,7 +509,7 @@ cipher_get_keycontext(const CipherContext *cc, u_char *dat) | |||
486 | void | 509 | void |
487 | cipher_set_keycontext(CipherContext *cc, u_char *dat) | 510 | cipher_set_keycontext(CipherContext *cc, u_char *dat) |
488 | { | 511 | { |
489 | Cipher *c = cc->cipher; | 512 | const Cipher *c = cc->cipher; |
490 | int plen; | 513 | int plen; |
491 | 514 | ||
492 | if (c->evptype == EVP_rc4) { | 515 | if (c->evptype == EVP_rc4) { |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: cipher.h,v 1.39 2013/01/08 18:49:04 markus Exp $ */ | 1 | /* $OpenBSD: cipher.h,v 1.40 2013/04/19 01:06:50 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
@@ -66,21 +66,22 @@ struct CipherContext { | |||
66 | int plaintext; | 66 | int plaintext; |
67 | int encrypt; | 67 | int encrypt; |
68 | EVP_CIPHER_CTX evp; | 68 | EVP_CIPHER_CTX evp; |
69 | Cipher *cipher; | 69 | const Cipher *cipher; |
70 | }; | 70 | }; |
71 | 71 | ||
72 | u_int cipher_mask_ssh1(int); | 72 | u_int cipher_mask_ssh1(int); |
73 | Cipher *cipher_by_name(const char *); | 73 | const Cipher *cipher_by_name(const char *); |
74 | Cipher *cipher_by_number(int); | 74 | const Cipher *cipher_by_number(int); |
75 | int cipher_number(const char *); | 75 | int cipher_number(const char *); |
76 | char *cipher_name(int); | 76 | char *cipher_name(int); |
77 | int ciphers_valid(const char *); | 77 | int ciphers_valid(const char *); |
78 | void cipher_init(CipherContext *, Cipher *, const u_char *, u_int, | 78 | char *cipher_alg_list(void); |
79 | void cipher_init(CipherContext *, const Cipher *, const u_char *, u_int, | ||
79 | const u_char *, u_int, int); | 80 | const u_char *, u_int, int); |
80 | void cipher_crypt(CipherContext *, u_char *, const u_char *, | 81 | void cipher_crypt(CipherContext *, u_char *, const u_char *, |
81 | u_int, u_int, u_int); | 82 | u_int, u_int, u_int); |
82 | void cipher_cleanup(CipherContext *); | 83 | void cipher_cleanup(CipherContext *); |
83 | void cipher_set_key_string(CipherContext *, Cipher *, const char *, int); | 84 | void cipher_set_key_string(CipherContext *, const Cipher *, const char *, int); |
84 | u_int cipher_blocksize(const Cipher *); | 85 | u_int cipher_blocksize(const Cipher *); |
85 | u_int cipher_keylen(const Cipher *); | 86 | u_int cipher_keylen(const Cipher *); |
86 | u_int cipher_authlen(const Cipher *); | 87 | u_int cipher_authlen(const Cipher *); |
diff --git a/clientloop.c b/clientloop.c index 2ef816ab3..86695cc16 100644 --- a/clientloop.c +++ b/clientloop.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: clientloop.c,v 1.248 2013/01/02 00:32:07 djm Exp $ */ | 1 | /* $OpenBSD: clientloop.c,v 1.253 2013/06/07 15:37:52 dtucker Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -277,7 +277,7 @@ set_control_persist_exit_time(void) | |||
277 | control_persist_exit_time = 0; | 277 | control_persist_exit_time = 0; |
278 | } else if (control_persist_exit_time <= 0) { | 278 | } else if (control_persist_exit_time <= 0) { |
279 | /* a client connection has recently closed */ | 279 | /* a client connection has recently closed */ |
280 | control_persist_exit_time = time(NULL) + | 280 | control_persist_exit_time = monotime() + |
281 | (time_t)options.control_persist_timeout; | 281 | (time_t)options.control_persist_timeout; |
282 | debug2("%s: schedule exit in %d seconds", __func__, | 282 | debug2("%s: schedule exit in %d seconds", __func__, |
283 | options.control_persist_timeout); | 283 | options.control_persist_timeout); |
@@ -360,7 +360,7 @@ client_x11_get_proto(const char *display, const char *xauth_path, | |||
360 | if (system(cmd) == 0) | 360 | if (system(cmd) == 0) |
361 | generated = 1; | 361 | generated = 1; |
362 | if (x11_refuse_time == 0) { | 362 | if (x11_refuse_time == 0) { |
363 | now = time(NULL) + 1; | 363 | now = monotime() + 1; |
364 | if (UINT_MAX - timeout < now) | 364 | if (UINT_MAX - timeout < now) |
365 | x11_refuse_time = UINT_MAX; | 365 | x11_refuse_time = UINT_MAX; |
366 | else | 366 | else |
@@ -397,10 +397,8 @@ client_x11_get_proto(const char *display, const char *xauth_path, | |||
397 | unlink(xauthfile); | 397 | unlink(xauthfile); |
398 | rmdir(xauthdir); | 398 | rmdir(xauthdir); |
399 | } | 399 | } |
400 | if (xauthdir) | 400 | free(xauthdir); |
401 | xfree(xauthdir); | 401 | free(xauthfile); |
402 | if (xauthfile) | ||
403 | xfree(xauthfile); | ||
404 | 402 | ||
405 | /* | 403 | /* |
406 | * If we didn't get authentication data, just make up some | 404 | * If we didn't get authentication data, just make up some |
@@ -556,7 +554,7 @@ client_global_request_reply(int type, u_int32_t seq, void *ctxt) | |||
556 | if (--gc->ref_count <= 0) { | 554 | if (--gc->ref_count <= 0) { |
557 | TAILQ_REMOVE(&global_confirms, gc, entry); | 555 | TAILQ_REMOVE(&global_confirms, gc, entry); |
558 | bzero(gc, sizeof(*gc)); | 556 | bzero(gc, sizeof(*gc)); |
559 | xfree(gc); | 557 | free(gc); |
560 | } | 558 | } |
561 | 559 | ||
562 | packet_set_alive_timeouts(0); | 560 | packet_set_alive_timeouts(0); |
@@ -587,7 +585,7 @@ client_wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp, | |||
587 | { | 585 | { |
588 | struct timeval tv, *tvp; | 586 | struct timeval tv, *tvp; |
589 | int timeout_secs; | 587 | int timeout_secs; |
590 | time_t minwait_secs = 0; | 588 | time_t minwait_secs = 0, server_alive_time = 0, now = monotime(); |
591 | int ret; | 589 | int ret; |
592 | 590 | ||
593 | /* Add any selections by the channel mechanism. */ | 591 | /* Add any selections by the channel mechanism. */ |
@@ -636,12 +634,16 @@ client_wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp, | |||
636 | */ | 634 | */ |
637 | 635 | ||
638 | timeout_secs = INT_MAX; /* we use INT_MAX to mean no timeout */ | 636 | timeout_secs = INT_MAX; /* we use INT_MAX to mean no timeout */ |
639 | if (options.server_alive_interval > 0 && compat20) | 637 | if (options.server_alive_interval > 0 && compat20) { |
640 | timeout_secs = options.server_alive_interval; | 638 | timeout_secs = options.server_alive_interval; |
639 | server_alive_time = now + options.server_alive_interval; | ||
640 | } | ||
641 | if (options.rekey_interval > 0 && compat20 && !rekeying) | ||
642 | timeout_secs = MIN(timeout_secs, packet_get_rekey_timeout()); | ||
641 | set_control_persist_exit_time(); | 643 | set_control_persist_exit_time(); |
642 | if (control_persist_exit_time > 0) { | 644 | if (control_persist_exit_time > 0) { |
643 | timeout_secs = MIN(timeout_secs, | 645 | timeout_secs = MIN(timeout_secs, |
644 | control_persist_exit_time - time(NULL)); | 646 | control_persist_exit_time - now); |
645 | if (timeout_secs < 0) | 647 | if (timeout_secs < 0) |
646 | timeout_secs = 0; | 648 | timeout_secs = 0; |
647 | } | 649 | } |
@@ -673,8 +675,15 @@ client_wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp, | |||
673 | snprintf(buf, sizeof buf, "select: %s\r\n", strerror(errno)); | 675 | snprintf(buf, sizeof buf, "select: %s\r\n", strerror(errno)); |
674 | buffer_append(&stderr_buffer, buf, strlen(buf)); | 676 | buffer_append(&stderr_buffer, buf, strlen(buf)); |
675 | quit_pending = 1; | 677 | quit_pending = 1; |
676 | } else if (ret == 0) | 678 | } else if (ret == 0) { |
677 | server_alive_check(); | 679 | /* |
680 | * Timeout. Could have been either keepalive or rekeying. | ||
681 | * Keepalive we check here, rekeying is checked in clientloop. | ||
682 | */ | ||
683 | if (server_alive_time != 0 && server_alive_time <= monotime()) | ||
684 | server_alive_check(); | ||
685 | } | ||
686 | |||
678 | } | 687 | } |
679 | 688 | ||
680 | static void | 689 | static void |
@@ -819,13 +828,13 @@ client_status_confirm(int type, Channel *c, void *ctx) | |||
819 | chan_write_failed(c); | 828 | chan_write_failed(c); |
820 | } | 829 | } |
821 | } | 830 | } |
822 | xfree(cr); | 831 | free(cr); |
823 | } | 832 | } |
824 | 833 | ||
825 | static void | 834 | static void |
826 | client_abandon_status_confirm(Channel *c, void *ctx) | 835 | client_abandon_status_confirm(Channel *c, void *ctx) |
827 | { | 836 | { |
828 | xfree(ctx); | 837 | free(ctx); |
829 | } | 838 | } |
830 | 839 | ||
831 | void | 840 | void |
@@ -992,12 +1001,9 @@ process_cmdline(void) | |||
992 | out: | 1001 | out: |
993 | signal(SIGINT, handler); | 1002 | signal(SIGINT, handler); |
994 | enter_raw_mode(options.request_tty == REQUEST_TTY_FORCE); | 1003 | enter_raw_mode(options.request_tty == REQUEST_TTY_FORCE); |
995 | if (cmd) | 1004 | free(cmd); |
996 | xfree(cmd); | 1005 | free(fwd.listen_host); |
997 | if (fwd.listen_host != NULL) | 1006 | free(fwd.connect_host); |
998 | xfree(fwd.listen_host); | ||
999 | if (fwd.connect_host != NULL) | ||
1000 | xfree(fwd.connect_host); | ||
1001 | } | 1007 | } |
1002 | 1008 | ||
1003 | /* reasons to suppress output of an escape command in help output */ | 1009 | /* reasons to suppress output of an escape command in help output */ |
@@ -1107,8 +1113,11 @@ process_escapes(Channel *c, Buffer *bin, Buffer *bout, Buffer *berr, | |||
1107 | if (c && c->ctl_chan != -1) { | 1113 | if (c && c->ctl_chan != -1) { |
1108 | chan_read_failed(c); | 1114 | chan_read_failed(c); |
1109 | chan_write_failed(c); | 1115 | chan_write_failed(c); |
1110 | mux_master_session_cleanup_cb(c->self, | 1116 | if (c->detach_user) |
1111 | NULL); | 1117 | c->detach_user(c->self, NULL); |
1118 | c->type = SSH_CHANNEL_ABANDONED; | ||
1119 | buffer_clear(&c->input); | ||
1120 | chan_ibuf_empty(c); | ||
1112 | return 0; | 1121 | return 0; |
1113 | } else | 1122 | } else |
1114 | quit_pending = 1; | 1123 | quit_pending = 1; |
@@ -1254,7 +1263,7 @@ process_escapes(Channel *c, Buffer *bin, Buffer *bout, Buffer *berr, | |||
1254 | buffer_append(berr, string, strlen(string)); | 1263 | buffer_append(berr, string, strlen(string)); |
1255 | s = channel_open_message(); | 1264 | s = channel_open_message(); |
1256 | buffer_append(berr, s, strlen(s)); | 1265 | buffer_append(berr, s, strlen(s)); |
1257 | xfree(s); | 1266 | free(s); |
1258 | continue; | 1267 | continue; |
1259 | 1268 | ||
1260 | case 'C': | 1269 | case 'C': |
@@ -1443,7 +1452,7 @@ client_new_escape_filter_ctx(int escape_char) | |||
1443 | void | 1452 | void |
1444 | client_filter_cleanup(int cid, void *ctx) | 1453 | client_filter_cleanup(int cid, void *ctx) |
1445 | { | 1454 | { |
1446 | xfree(ctx); | 1455 | free(ctx); |
1447 | } | 1456 | } |
1448 | 1457 | ||
1449 | int | 1458 | int |
@@ -1657,16 +1666,14 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id) | |||
1657 | * connections, then quit. | 1666 | * connections, then quit. |
1658 | */ | 1667 | */ |
1659 | if (control_persist_exit_time > 0) { | 1668 | if (control_persist_exit_time > 0) { |
1660 | if (time(NULL) >= control_persist_exit_time) { | 1669 | if (monotime() >= control_persist_exit_time) { |
1661 | debug("ControlPersist timeout expired"); | 1670 | debug("ControlPersist timeout expired"); |
1662 | break; | 1671 | break; |
1663 | } | 1672 | } |
1664 | } | 1673 | } |
1665 | } | 1674 | } |
1666 | if (readset) | 1675 | free(readset); |
1667 | xfree(readset); | 1676 | free(writeset); |
1668 | if (writeset) | ||
1669 | xfree(writeset); | ||
1670 | 1677 | ||
1671 | /* Terminate the session. */ | 1678 | /* Terminate the session. */ |
1672 | 1679 | ||
@@ -1768,7 +1775,7 @@ client_input_stdout_data(int type, u_int32_t seq, void *ctxt) | |||
1768 | packet_check_eom(); | 1775 | packet_check_eom(); |
1769 | buffer_append(&stdout_buffer, data, data_len); | 1776 | buffer_append(&stdout_buffer, data, data_len); |
1770 | memset(data, 0, data_len); | 1777 | memset(data, 0, data_len); |
1771 | xfree(data); | 1778 | free(data); |
1772 | } | 1779 | } |
1773 | static void | 1780 | static void |
1774 | client_input_stderr_data(int type, u_int32_t seq, void *ctxt) | 1781 | client_input_stderr_data(int type, u_int32_t seq, void *ctxt) |
@@ -1778,7 +1785,7 @@ client_input_stderr_data(int type, u_int32_t seq, void *ctxt) | |||
1778 | packet_check_eom(); | 1785 | packet_check_eom(); |
1779 | buffer_append(&stderr_buffer, data, data_len); | 1786 | buffer_append(&stderr_buffer, data, data_len); |
1780 | memset(data, 0, data_len); | 1787 | memset(data, 0, data_len); |
1781 | xfree(data); | 1788 | free(data); |
1782 | } | 1789 | } |
1783 | static void | 1790 | static void |
1784 | client_input_exit_status(int type, u_int32_t seq, void *ctxt) | 1791 | client_input_exit_status(int type, u_int32_t seq, void *ctxt) |
@@ -1858,8 +1865,8 @@ client_request_forwarded_tcpip(const char *request_type, int rchan) | |||
1858 | c = channel_connect_by_listen_address(listen_port, | 1865 | c = channel_connect_by_listen_address(listen_port, |
1859 | "forwarded-tcpip", originator_address); | 1866 | "forwarded-tcpip", originator_address); |
1860 | 1867 | ||
1861 | xfree(originator_address); | 1868 | free(originator_address); |
1862 | xfree(listen_address); | 1869 | free(listen_address); |
1863 | return c; | 1870 | return c; |
1864 | } | 1871 | } |
1865 | 1872 | ||
@@ -1877,7 +1884,7 @@ client_request_x11(const char *request_type, int rchan) | |||
1877 | "malicious server."); | 1884 | "malicious server."); |
1878 | return NULL; | 1885 | return NULL; |
1879 | } | 1886 | } |
1880 | if (x11_refuse_time != 0 && time(NULL) >= x11_refuse_time) { | 1887 | if (x11_refuse_time != 0 && monotime() >= x11_refuse_time) { |
1881 | verbose("Rejected X11 connection after ForwardX11Timeout " | 1888 | verbose("Rejected X11 connection after ForwardX11Timeout " |
1882 | "expired"); | 1889 | "expired"); |
1883 | return NULL; | 1890 | return NULL; |
@@ -1893,7 +1900,7 @@ client_request_x11(const char *request_type, int rchan) | |||
1893 | /* XXX check permission */ | 1900 | /* XXX check permission */ |
1894 | debug("client_request_x11: request from %s %d", originator, | 1901 | debug("client_request_x11: request from %s %d", originator, |
1895 | originator_port); | 1902 | originator_port); |
1896 | xfree(originator); | 1903 | free(originator); |
1897 | sock = x11_connect_display(); | 1904 | sock = x11_connect_display(); |
1898 | if (sock < 0) | 1905 | if (sock < 0) |
1899 | return NULL; | 1906 | return NULL; |
@@ -2020,7 +2027,7 @@ client_input_channel_open(int type, u_int32_t seq, void *ctxt) | |||
2020 | } | 2027 | } |
2021 | packet_send(); | 2028 | packet_send(); |
2022 | } | 2029 | } |
2023 | xfree(ctype); | 2030 | free(ctype); |
2024 | } | 2031 | } |
2025 | static void | 2032 | static void |
2026 | client_input_channel_req(int type, u_int32_t seq, void *ctxt) | 2033 | client_input_channel_req(int type, u_int32_t seq, void *ctxt) |
@@ -2066,7 +2073,7 @@ client_input_channel_req(int type, u_int32_t seq, void *ctxt) | |||
2066 | packet_put_int(c->remote_id); | 2073 | packet_put_int(c->remote_id); |
2067 | packet_send(); | 2074 | packet_send(); |
2068 | } | 2075 | } |
2069 | xfree(rtype); | 2076 | free(rtype); |
2070 | } | 2077 | } |
2071 | static void | 2078 | static void |
2072 | client_input_global_request(int type, u_int32_t seq, void *ctxt) | 2079 | client_input_global_request(int type, u_int32_t seq, void *ctxt) |
@@ -2085,7 +2092,7 @@ client_input_global_request(int type, u_int32_t seq, void *ctxt) | |||
2085 | packet_send(); | 2092 | packet_send(); |
2086 | packet_write_wait(); | 2093 | packet_write_wait(); |
2087 | } | 2094 | } |
2088 | xfree(rtype); | 2095 | free(rtype); |
2089 | } | 2096 | } |
2090 | 2097 | ||
2091 | void | 2098 | void |
@@ -2135,7 +2142,7 @@ client_session2_setup(int id, int want_tty, int want_subsystem, | |||
2135 | /* Split */ | 2142 | /* Split */ |
2136 | name = xstrdup(env[i]); | 2143 | name = xstrdup(env[i]); |
2137 | if ((val = strchr(name, '=')) == NULL) { | 2144 | if ((val = strchr(name, '=')) == NULL) { |
2138 | xfree(name); | 2145 | free(name); |
2139 | continue; | 2146 | continue; |
2140 | } | 2147 | } |
2141 | *val++ = '\0'; | 2148 | *val++ = '\0'; |
@@ -2149,7 +2156,7 @@ client_session2_setup(int id, int want_tty, int want_subsystem, | |||
2149 | } | 2156 | } |
2150 | if (!matched) { | 2157 | if (!matched) { |
2151 | debug3("Ignored env %s", name); | 2158 | debug3("Ignored env %s", name); |
2152 | xfree(name); | 2159 | free(name); |
2153 | continue; | 2160 | continue; |
2154 | } | 2161 | } |
2155 | 2162 | ||
@@ -2158,7 +2165,7 @@ client_session2_setup(int id, int want_tty, int want_subsystem, | |||
2158 | packet_put_cstring(name); | 2165 | packet_put_cstring(name); |
2159 | packet_put_cstring(val); | 2166 | packet_put_cstring(val); |
2160 | packet_send(); | 2167 | packet_send(); |
2161 | xfree(name); | 2168 | free(name); |
2162 | } | 2169 | } |
2163 | } | 2170 | } |
2164 | 2171 | ||
diff --git a/clientloop.h b/clientloop.h index d2baa0324..338d45186 100644 --- a/clientloop.h +++ b/clientloop.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: clientloop.h,v 1.30 2012/08/17 00:45:45 dtucker Exp $ */ | 1 | /* $OpenBSD: clientloop.h,v 1.31 2013/06/02 23:36:29 dtucker Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
@@ -76,5 +76,4 @@ void muxserver_listen(void); | |||
76 | void muxclient(const char *); | 76 | void muxclient(const char *); |
77 | void mux_exit_message(Channel *, int); | 77 | void mux_exit_message(Channel *, int); |
78 | void mux_tty_alloc_failed(Channel *); | 78 | void mux_tty_alloc_failed(Channel *); |
79 | void mux_master_session_cleanup_cb(int, void *); | ||
80 | 79 | ||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: compat.c,v 1.80 2012/08/17 01:30:00 djm Exp $ */ | 1 | /* $OpenBSD: compat.c,v 1.81 2013/05/17 00:13:13 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -204,7 +204,7 @@ proto_spec(const char *spec) | |||
204 | break; | 204 | break; |
205 | } | 205 | } |
206 | } | 206 | } |
207 | xfree(s); | 207 | free(s); |
208 | return ret; | 208 | return ret; |
209 | } | 209 | } |
210 | 210 | ||
@@ -230,7 +230,7 @@ compat_cipher_proposal(char *cipher_prop) | |||
230 | buffer_append(&b, "\0", 1); | 230 | buffer_append(&b, "\0", 1); |
231 | fix_ciphers = xstrdup(buffer_ptr(&b)); | 231 | fix_ciphers = xstrdup(buffer_ptr(&b)); |
232 | buffer_free(&b); | 232 | buffer_free(&b); |
233 | xfree(orig_prop); | 233 | free(orig_prop); |
234 | debug2("Original cipher proposal: %s", cipher_prop); | 234 | debug2("Original cipher proposal: %s", cipher_prop); |
235 | debug2("Compat cipher proposal: %s", fix_ciphers); | 235 | debug2("Compat cipher proposal: %s", fix_ciphers); |
236 | if (!*fix_ciphers) | 236 | if (!*fix_ciphers) |
diff --git a/config.guess b/config.guess index 78553c4ea..b94cde8ef 100755 --- a/config.guess +++ b/config.guess | |||
@@ -2,9 +2,9 @@ | |||
2 | # Attempt to guess a canonical system name. | 2 | # Attempt to guess a canonical system name. |
3 | # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, | 3 | # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, |
4 | # 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, | 4 | # 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, |
5 | # 2011 Free Software Foundation, Inc. | 5 | # 2011, 2012, 2013 Free Software Foundation, Inc. |
6 | 6 | ||
7 | timestamp='2011-01-23' | 7 | timestamp='2012-12-23' |
8 | 8 | ||
9 | # This file is free software; you can redistribute it and/or modify it | 9 | # This file is free software; you can redistribute it and/or modify it |
10 | # under the terms of the GNU General Public License as published by | 10 | # under the terms of the GNU General Public License as published by |
@@ -17,9 +17,7 @@ timestamp='2011-01-23' | |||
17 | # General Public License for more details. | 17 | # General Public License for more details. |
18 | # | 18 | # |
19 | # You should have received a copy of the GNU General Public License | 19 | # You should have received a copy of the GNU General Public License |
20 | # along with this program; if not, write to the Free Software | 20 | # along with this program; if not, see <http://www.gnu.org/licenses/>. |
21 | # Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA | ||
22 | # 02110-1301, USA. | ||
23 | # | 21 | # |
24 | # As a special exception to the GNU General Public License, if you | 22 | # As a special exception to the GNU General Public License, if you |
25 | # distribute this file as part of a program that contains a | 23 | # distribute this file as part of a program that contains a |
@@ -57,8 +55,8 @@ GNU config.guess ($timestamp) | |||
57 | 55 | ||
58 | Originally written by Per Bothner. | 56 | Originally written by Per Bothner. |
59 | Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, | 57 | Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, |
60 | 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free | 58 | 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, |
61 | Software Foundation, Inc. | 59 | 2012, 2013 Free Software Foundation, Inc. |
62 | 60 | ||
63 | This is free software; see the source for copying conditions. There is NO | 61 | This is free software; see the source for copying conditions. There is NO |
64 | warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." | 62 | warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." |
@@ -145,7 +143,7 @@ UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown | |||
145 | case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in | 143 | case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in |
146 | *:NetBSD:*:*) | 144 | *:NetBSD:*:*) |
147 | # NetBSD (nbsd) targets should (where applicable) match one or | 145 | # NetBSD (nbsd) targets should (where applicable) match one or |
148 | # more of the tupples: *-*-netbsdelf*, *-*-netbsdaout*, | 146 | # more of the tuples: *-*-netbsdelf*, *-*-netbsdaout*, |
149 | # *-*-netbsdecoff* and *-*-netbsd*. For targets that recently | 147 | # *-*-netbsdecoff* and *-*-netbsd*. For targets that recently |
150 | # switched to ELF, *-*-netbsd* would select the old | 148 | # switched to ELF, *-*-netbsd* would select the old |
151 | # object file format. This provides both forward | 149 | # object file format. This provides both forward |
@@ -181,7 +179,7 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in | |||
181 | fi | 179 | fi |
182 | ;; | 180 | ;; |
183 | *) | 181 | *) |
184 | os=netbsd | 182 | os=netbsd |
185 | ;; | 183 | ;; |
186 | esac | 184 | esac |
187 | # The OS release | 185 | # The OS release |
@@ -202,6 +200,10 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in | |||
202 | # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used. | 200 | # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used. |
203 | echo "${machine}-${os}${release}" | 201 | echo "${machine}-${os}${release}" |
204 | exit ;; | 202 | exit ;; |
203 | *:Bitrig:*:*) | ||
204 | UNAME_MACHINE_ARCH=`arch | sed 's/Bitrig.//'` | ||
205 | echo ${UNAME_MACHINE_ARCH}-unknown-bitrig${UNAME_RELEASE} | ||
206 | exit ;; | ||
205 | *:OpenBSD:*:*) | 207 | *:OpenBSD:*:*) |
206 | UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'` | 208 | UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'` |
207 | echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE} | 209 | echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE} |
@@ -224,7 +226,7 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in | |||
224 | UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'` | 226 | UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'` |
225 | ;; | 227 | ;; |
226 | *5.*) | 228 | *5.*) |
227 | UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'` | 229 | UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'` |
228 | ;; | 230 | ;; |
229 | esac | 231 | esac |
230 | # According to Compaq, /usr/sbin/psrinfo has been available on | 232 | # According to Compaq, /usr/sbin/psrinfo has been available on |
@@ -299,12 +301,12 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in | |||
299 | echo s390-ibm-zvmoe | 301 | echo s390-ibm-zvmoe |
300 | exit ;; | 302 | exit ;; |
301 | *:OS400:*:*) | 303 | *:OS400:*:*) |
302 | echo powerpc-ibm-os400 | 304 | echo powerpc-ibm-os400 |
303 | exit ;; | 305 | exit ;; |
304 | arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*) | 306 | arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*) |
305 | echo arm-acorn-riscix${UNAME_RELEASE} | 307 | echo arm-acorn-riscix${UNAME_RELEASE} |
306 | exit ;; | 308 | exit ;; |
307 | arm:riscos:*:*|arm:RISCOS:*:*) | 309 | arm*:riscos:*:*|arm*:RISCOS:*:*) |
308 | echo arm-unknown-riscos | 310 | echo arm-unknown-riscos |
309 | exit ;; | 311 | exit ;; |
310 | SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*) | 312 | SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*) |
@@ -398,23 +400,23 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in | |||
398 | # MiNT. But MiNT is downward compatible to TOS, so this should | 400 | # MiNT. But MiNT is downward compatible to TOS, so this should |
399 | # be no problem. | 401 | # be no problem. |
400 | atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*) | 402 | atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*) |
401 | echo m68k-atari-mint${UNAME_RELEASE} | 403 | echo m68k-atari-mint${UNAME_RELEASE} |
402 | exit ;; | 404 | exit ;; |
403 | atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*) | 405 | atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*) |
404 | echo m68k-atari-mint${UNAME_RELEASE} | 406 | echo m68k-atari-mint${UNAME_RELEASE} |
405 | exit ;; | 407 | exit ;; |
406 | *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*) | 408 | *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*) |
407 | echo m68k-atari-mint${UNAME_RELEASE} | 409 | echo m68k-atari-mint${UNAME_RELEASE} |
408 | exit ;; | 410 | exit ;; |
409 | milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*) | 411 | milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*) |
410 | echo m68k-milan-mint${UNAME_RELEASE} | 412 | echo m68k-milan-mint${UNAME_RELEASE} |
411 | exit ;; | 413 | exit ;; |
412 | hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*) | 414 | hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*) |
413 | echo m68k-hades-mint${UNAME_RELEASE} | 415 | echo m68k-hades-mint${UNAME_RELEASE} |
414 | exit ;; | 416 | exit ;; |
415 | *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*) | 417 | *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*) |
416 | echo m68k-unknown-mint${UNAME_RELEASE} | 418 | echo m68k-unknown-mint${UNAME_RELEASE} |
417 | exit ;; | 419 | exit ;; |
418 | m68k:machten:*:*) | 420 | m68k:machten:*:*) |
419 | echo m68k-apple-machten${UNAME_RELEASE} | 421 | echo m68k-apple-machten${UNAME_RELEASE} |
420 | exit ;; | 422 | exit ;; |
@@ -484,8 +486,8 @@ EOF | |||
484 | echo m88k-motorola-sysv3 | 486 | echo m88k-motorola-sysv3 |
485 | exit ;; | 487 | exit ;; |
486 | AViiON:dgux:*:*) | 488 | AViiON:dgux:*:*) |
487 | # DG/UX returns AViiON for all architectures | 489 | # DG/UX returns AViiON for all architectures |
488 | UNAME_PROCESSOR=`/usr/bin/uname -p` | 490 | UNAME_PROCESSOR=`/usr/bin/uname -p` |
489 | if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ] | 491 | if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ] |
490 | then | 492 | then |
491 | if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \ | 493 | if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \ |
@@ -498,7 +500,7 @@ EOF | |||
498 | else | 500 | else |
499 | echo i586-dg-dgux${UNAME_RELEASE} | 501 | echo i586-dg-dgux${UNAME_RELEASE} |
500 | fi | 502 | fi |
501 | exit ;; | 503 | exit ;; |
502 | M88*:DolphinOS:*:*) # DolphinOS (SVR3) | 504 | M88*:DolphinOS:*:*) # DolphinOS (SVR3) |
503 | echo m88k-dolphin-sysv3 | 505 | echo m88k-dolphin-sysv3 |
504 | exit ;; | 506 | exit ;; |
@@ -598,52 +600,52 @@ EOF | |||
598 | 9000/[678][0-9][0-9]) | 600 | 9000/[678][0-9][0-9]) |
599 | if [ -x /usr/bin/getconf ]; then | 601 | if [ -x /usr/bin/getconf ]; then |
600 | sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null` | 602 | sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null` |
601 | sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null` | 603 | sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null` |
602 | case "${sc_cpu_version}" in | 604 | case "${sc_cpu_version}" in |
603 | 523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0 | 605 | 523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0 |
604 | 528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1 | 606 | 528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1 |
605 | 532) # CPU_PA_RISC2_0 | 607 | 532) # CPU_PA_RISC2_0 |
606 | case "${sc_kernel_bits}" in | 608 | case "${sc_kernel_bits}" in |
607 | 32) HP_ARCH="hppa2.0n" ;; | 609 | 32) HP_ARCH="hppa2.0n" ;; |
608 | 64) HP_ARCH="hppa2.0w" ;; | 610 | 64) HP_ARCH="hppa2.0w" ;; |
609 | '') HP_ARCH="hppa2.0" ;; # HP-UX 10.20 | 611 | '') HP_ARCH="hppa2.0" ;; # HP-UX 10.20 |
610 | esac ;; | 612 | esac ;; |
611 | esac | 613 | esac |
612 | fi | 614 | fi |
613 | if [ "${HP_ARCH}" = "" ]; then | 615 | if [ "${HP_ARCH}" = "" ]; then |
614 | eval $set_cc_for_build | 616 | eval $set_cc_for_build |
615 | sed 's/^ //' << EOF >$dummy.c | 617 | sed 's/^ //' << EOF >$dummy.c |
616 | 618 | ||
617 | #define _HPUX_SOURCE | 619 | #define _HPUX_SOURCE |
618 | #include <stdlib.h> | 620 | #include <stdlib.h> |
619 | #include <unistd.h> | 621 | #include <unistd.h> |
620 | 622 | ||
621 | int main () | 623 | int main () |
622 | { | 624 | { |
623 | #if defined(_SC_KERNEL_BITS) | 625 | #if defined(_SC_KERNEL_BITS) |
624 | long bits = sysconf(_SC_KERNEL_BITS); | 626 | long bits = sysconf(_SC_KERNEL_BITS); |
625 | #endif | 627 | #endif |
626 | long cpu = sysconf (_SC_CPU_VERSION); | 628 | long cpu = sysconf (_SC_CPU_VERSION); |
627 | 629 | ||
628 | switch (cpu) | 630 | switch (cpu) |
629 | { | 631 | { |
630 | case CPU_PA_RISC1_0: puts ("hppa1.0"); break; | 632 | case CPU_PA_RISC1_0: puts ("hppa1.0"); break; |
631 | case CPU_PA_RISC1_1: puts ("hppa1.1"); break; | 633 | case CPU_PA_RISC1_1: puts ("hppa1.1"); break; |
632 | case CPU_PA_RISC2_0: | 634 | case CPU_PA_RISC2_0: |
633 | #if defined(_SC_KERNEL_BITS) | 635 | #if defined(_SC_KERNEL_BITS) |
634 | switch (bits) | 636 | switch (bits) |
635 | { | 637 | { |
636 | case 64: puts ("hppa2.0w"); break; | 638 | case 64: puts ("hppa2.0w"); break; |
637 | case 32: puts ("hppa2.0n"); break; | 639 | case 32: puts ("hppa2.0n"); break; |
638 | default: puts ("hppa2.0"); break; | 640 | default: puts ("hppa2.0"); break; |
639 | } break; | 641 | } break; |
640 | #else /* !defined(_SC_KERNEL_BITS) */ | 642 | #else /* !defined(_SC_KERNEL_BITS) */ |
641 | puts ("hppa2.0"); break; | 643 | puts ("hppa2.0"); break; |
642 | #endif | 644 | #endif |
643 | default: puts ("hppa1.0"); break; | 645 | default: puts ("hppa1.0"); break; |
644 | } | 646 | } |
645 | exit (0); | 647 | exit (0); |
646 | } | 648 | } |
647 | EOF | 649 | EOF |
648 | (CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy` | 650 | (CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy` |
649 | test -z "$HP_ARCH" && HP_ARCH=hppa | 651 | test -z "$HP_ARCH" && HP_ARCH=hppa |
@@ -734,22 +736,22 @@ EOF | |||
734 | exit ;; | 736 | exit ;; |
735 | C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*) | 737 | C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*) |
736 | echo c1-convex-bsd | 738 | echo c1-convex-bsd |
737 | exit ;; | 739 | exit ;; |
738 | C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*) | 740 | C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*) |
739 | if getsysinfo -f scalar_acc | 741 | if getsysinfo -f scalar_acc |
740 | then echo c32-convex-bsd | 742 | then echo c32-convex-bsd |
741 | else echo c2-convex-bsd | 743 | else echo c2-convex-bsd |
742 | fi | 744 | fi |
743 | exit ;; | 745 | exit ;; |
744 | C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*) | 746 | C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*) |
745 | echo c34-convex-bsd | 747 | echo c34-convex-bsd |
746 | exit ;; | 748 | exit ;; |
747 | C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*) | 749 | C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*) |
748 | echo c38-convex-bsd | 750 | echo c38-convex-bsd |
749 | exit ;; | 751 | exit ;; |
750 | C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*) | 752 | C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*) |
751 | echo c4-convex-bsd | 753 | echo c4-convex-bsd |
752 | exit ;; | 754 | exit ;; |
753 | CRAY*Y-MP:*:*:*) | 755 | CRAY*Y-MP:*:*:*) |
754 | echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' | 756 | echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' |
755 | exit ;; | 757 | exit ;; |
@@ -773,14 +775,14 @@ EOF | |||
773 | exit ;; | 775 | exit ;; |
774 | F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*) | 776 | F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*) |
775 | FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` | 777 | FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` |
776 | FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` | 778 | FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` |
777 | FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'` | 779 | FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'` |
778 | echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" | 780 | echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" |
779 | exit ;; | 781 | exit ;; |
780 | 5000:UNIX_System_V:4.*:*) | 782 | 5000:UNIX_System_V:4.*:*) |
781 | FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` | 783 | FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` |
782 | FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'` | 784 | FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'` |
783 | echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" | 785 | echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" |
784 | exit ;; | 786 | exit ;; |
785 | i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*) | 787 | i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*) |
786 | echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE} | 788 | echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE} |
@@ -792,30 +794,35 @@ EOF | |||
792 | echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE} | 794 | echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE} |
793 | exit ;; | 795 | exit ;; |
794 | *:FreeBSD:*:*) | 796 | *:FreeBSD:*:*) |
795 | case ${UNAME_MACHINE} in | 797 | UNAME_PROCESSOR=`/usr/bin/uname -p` |
796 | pc98) | 798 | case ${UNAME_PROCESSOR} in |
797 | echo i386-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; | ||
798 | amd64) | 799 | amd64) |
799 | echo x86_64-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; | 800 | echo x86_64-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; |
800 | *) | 801 | *) |
801 | echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; | 802 | echo ${UNAME_PROCESSOR}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; |
802 | esac | 803 | esac |
803 | exit ;; | 804 | exit ;; |
804 | i*:CYGWIN*:*) | 805 | i*:CYGWIN*:*) |
805 | echo ${UNAME_MACHINE}-pc-cygwin | 806 | echo ${UNAME_MACHINE}-pc-cygwin |
806 | exit ;; | 807 | exit ;; |
808 | *:MINGW64*:*) | ||
809 | echo ${UNAME_MACHINE}-pc-mingw64 | ||
810 | exit ;; | ||
807 | *:MINGW*:*) | 811 | *:MINGW*:*) |
808 | echo ${UNAME_MACHINE}-pc-mingw32 | 812 | echo ${UNAME_MACHINE}-pc-mingw32 |
809 | exit ;; | 813 | exit ;; |
814 | i*:MSYS*:*) | ||
815 | echo ${UNAME_MACHINE}-pc-msys | ||
816 | exit ;; | ||
810 | i*:windows32*:*) | 817 | i*:windows32*:*) |
811 | # uname -m includes "-pc" on this system. | 818 | # uname -m includes "-pc" on this system. |
812 | echo ${UNAME_MACHINE}-mingw32 | 819 | echo ${UNAME_MACHINE}-mingw32 |
813 | exit ;; | 820 | exit ;; |
814 | i*:PW*:*) | 821 | i*:PW*:*) |
815 | echo ${UNAME_MACHINE}-pc-pw32 | 822 | echo ${UNAME_MACHINE}-pc-pw32 |
816 | exit ;; | 823 | exit ;; |
817 | *:Interix*:*) | 824 | *:Interix*:*) |
818 | case ${UNAME_MACHINE} in | 825 | case ${UNAME_MACHINE} in |
819 | x86) | 826 | x86) |
820 | echo i586-pc-interix${UNAME_RELEASE} | 827 | echo i586-pc-interix${UNAME_RELEASE} |
821 | exit ;; | 828 | exit ;; |
@@ -861,6 +868,13 @@ EOF | |||
861 | i*86:Minix:*:*) | 868 | i*86:Minix:*:*) |
862 | echo ${UNAME_MACHINE}-pc-minix | 869 | echo ${UNAME_MACHINE}-pc-minix |
863 | exit ;; | 870 | exit ;; |
871 | aarch64:Linux:*:*) | ||
872 | echo ${UNAME_MACHINE}-unknown-linux-gnu | ||
873 | exit ;; | ||
874 | aarch64_be:Linux:*:*) | ||
875 | UNAME_MACHINE=aarch64_be | ||
876 | echo ${UNAME_MACHINE}-unknown-linux-gnu | ||
877 | exit ;; | ||
864 | alpha:Linux:*:*) | 878 | alpha:Linux:*:*) |
865 | case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in | 879 | case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in |
866 | EV5) UNAME_MACHINE=alphaev5 ;; | 880 | EV5) UNAME_MACHINE=alphaev5 ;; |
@@ -870,7 +884,7 @@ EOF | |||
870 | EV6) UNAME_MACHINE=alphaev6 ;; | 884 | EV6) UNAME_MACHINE=alphaev6 ;; |
871 | EV67) UNAME_MACHINE=alphaev67 ;; | 885 | EV67) UNAME_MACHINE=alphaev67 ;; |
872 | EV68*) UNAME_MACHINE=alphaev68 ;; | 886 | EV68*) UNAME_MACHINE=alphaev68 ;; |
873 | esac | 887 | esac |
874 | objdump --private-headers /bin/sh | grep -q ld.so.1 | 888 | objdump --private-headers /bin/sh | grep -q ld.so.1 |
875 | if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi | 889 | if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi |
876 | echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC} | 890 | echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC} |
@@ -882,20 +896,29 @@ EOF | |||
882 | then | 896 | then |
883 | echo ${UNAME_MACHINE}-unknown-linux-gnu | 897 | echo ${UNAME_MACHINE}-unknown-linux-gnu |
884 | else | 898 | else |
885 | echo ${UNAME_MACHINE}-unknown-linux-gnueabi | 899 | if echo __ARM_PCS_VFP | $CC_FOR_BUILD -E - 2>/dev/null \ |
900 | | grep -q __ARM_PCS_VFP | ||
901 | then | ||
902 | echo ${UNAME_MACHINE}-unknown-linux-gnueabi | ||
903 | else | ||
904 | echo ${UNAME_MACHINE}-unknown-linux-gnueabihf | ||
905 | fi | ||
886 | fi | 906 | fi |
887 | exit ;; | 907 | exit ;; |
888 | avr32*:Linux:*:*) | 908 | avr32*:Linux:*:*) |
889 | echo ${UNAME_MACHINE}-unknown-linux-gnu | 909 | echo ${UNAME_MACHINE}-unknown-linux-gnu |
890 | exit ;; | 910 | exit ;; |
891 | cris:Linux:*:*) | 911 | cris:Linux:*:*) |
892 | echo cris-axis-linux-gnu | 912 | echo ${UNAME_MACHINE}-axis-linux-gnu |
893 | exit ;; | 913 | exit ;; |
894 | crisv32:Linux:*:*) | 914 | crisv32:Linux:*:*) |
895 | echo crisv32-axis-linux-gnu | 915 | echo ${UNAME_MACHINE}-axis-linux-gnu |
896 | exit ;; | 916 | exit ;; |
897 | frv:Linux:*:*) | 917 | frv:Linux:*:*) |
898 | echo frv-unknown-linux-gnu | 918 | echo ${UNAME_MACHINE}-unknown-linux-gnu |
919 | exit ;; | ||
920 | hexagon:Linux:*:*) | ||
921 | echo ${UNAME_MACHINE}-unknown-linux-gnu | ||
899 | exit ;; | 922 | exit ;; |
900 | i*86:Linux:*:*) | 923 | i*86:Linux:*:*) |
901 | LIBC=gnu | 924 | LIBC=gnu |
@@ -937,7 +960,7 @@ EOF | |||
937 | test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; } | 960 | test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; } |
938 | ;; | 961 | ;; |
939 | or32:Linux:*:*) | 962 | or32:Linux:*:*) |
940 | echo or32-unknown-linux-gnu | 963 | echo ${UNAME_MACHINE}-unknown-linux-gnu |
941 | exit ;; | 964 | exit ;; |
942 | padre:Linux:*:*) | 965 | padre:Linux:*:*) |
943 | echo sparc-unknown-linux-gnu | 966 | echo sparc-unknown-linux-gnu |
@@ -963,7 +986,7 @@ EOF | |||
963 | echo ${UNAME_MACHINE}-ibm-linux | 986 | echo ${UNAME_MACHINE}-ibm-linux |
964 | exit ;; | 987 | exit ;; |
965 | sh64*:Linux:*:*) | 988 | sh64*:Linux:*:*) |
966 | echo ${UNAME_MACHINE}-unknown-linux-gnu | 989 | echo ${UNAME_MACHINE}-unknown-linux-gnu |
967 | exit ;; | 990 | exit ;; |
968 | sh*:Linux:*:*) | 991 | sh*:Linux:*:*) |
969 | echo ${UNAME_MACHINE}-unknown-linux-gnu | 992 | echo ${UNAME_MACHINE}-unknown-linux-gnu |
@@ -972,16 +995,16 @@ EOF | |||
972 | echo ${UNAME_MACHINE}-unknown-linux-gnu | 995 | echo ${UNAME_MACHINE}-unknown-linux-gnu |
973 | exit ;; | 996 | exit ;; |
974 | tile*:Linux:*:*) | 997 | tile*:Linux:*:*) |
975 | echo ${UNAME_MACHINE}-tilera-linux-gnu | 998 | echo ${UNAME_MACHINE}-unknown-linux-gnu |
976 | exit ;; | 999 | exit ;; |
977 | vax:Linux:*:*) | 1000 | vax:Linux:*:*) |
978 | echo ${UNAME_MACHINE}-dec-linux-gnu | 1001 | echo ${UNAME_MACHINE}-dec-linux-gnu |
979 | exit ;; | 1002 | exit ;; |
980 | x86_64:Linux:*:*) | 1003 | x86_64:Linux:*:*) |
981 | echo x86_64-unknown-linux-gnu | 1004 | echo ${UNAME_MACHINE}-unknown-linux-gnu |
982 | exit ;; | 1005 | exit ;; |
983 | xtensa*:Linux:*:*) | 1006 | xtensa*:Linux:*:*) |
984 | echo ${UNAME_MACHINE}-unknown-linux-gnu | 1007 | echo ${UNAME_MACHINE}-unknown-linux-gnu |
985 | exit ;; | 1008 | exit ;; |
986 | i*86:DYNIX/ptx:4*:*) | 1009 | i*86:DYNIX/ptx:4*:*) |
987 | # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. | 1010 | # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. |
@@ -990,11 +1013,11 @@ EOF | |||
990 | echo i386-sequent-sysv4 | 1013 | echo i386-sequent-sysv4 |
991 | exit ;; | 1014 | exit ;; |
992 | i*86:UNIX_SV:4.2MP:2.*) | 1015 | i*86:UNIX_SV:4.2MP:2.*) |
993 | # Unixware is an offshoot of SVR4, but it has its own version | 1016 | # Unixware is an offshoot of SVR4, but it has its own version |
994 | # number series starting with 2... | 1017 | # number series starting with 2... |
995 | # I am not positive that other SVR4 systems won't match this, | 1018 | # I am not positive that other SVR4 systems won't match this, |
996 | # I just have to hope. -- rms. | 1019 | # I just have to hope. -- rms. |
997 | # Use sysv4.2uw... so that sysv4* matches it. | 1020 | # Use sysv4.2uw... so that sysv4* matches it. |
998 | echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION} | 1021 | echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION} |
999 | exit ;; | 1022 | exit ;; |
1000 | i*86:OS/2:*:*) | 1023 | i*86:OS/2:*:*) |
@@ -1026,7 +1049,7 @@ EOF | |||
1026 | fi | 1049 | fi |
1027 | exit ;; | 1050 | exit ;; |
1028 | i*86:*:5:[678]*) | 1051 | i*86:*:5:[678]*) |
1029 | # UnixWare 7.x, OpenUNIX and OpenServer 6. | 1052 | # UnixWare 7.x, OpenUNIX and OpenServer 6. |
1030 | case `/bin/uname -X | grep "^Machine"` in | 1053 | case `/bin/uname -X | grep "^Machine"` in |
1031 | *486*) UNAME_MACHINE=i486 ;; | 1054 | *486*) UNAME_MACHINE=i486 ;; |
1032 | *Pentium) UNAME_MACHINE=i586 ;; | 1055 | *Pentium) UNAME_MACHINE=i586 ;; |
@@ -1054,13 +1077,13 @@ EOF | |||
1054 | exit ;; | 1077 | exit ;; |
1055 | pc:*:*:*) | 1078 | pc:*:*:*) |
1056 | # Left here for compatibility: | 1079 | # Left here for compatibility: |
1057 | # uname -m prints for DJGPP always 'pc', but it prints nothing about | 1080 | # uname -m prints for DJGPP always 'pc', but it prints nothing about |
1058 | # the processor, so we play safe by assuming i586. | 1081 | # the processor, so we play safe by assuming i586. |
1059 | # Note: whatever this is, it MUST be the same as what config.sub | 1082 | # Note: whatever this is, it MUST be the same as what config.sub |
1060 | # prints for the "djgpp" host, or else GDB configury will decide that | 1083 | # prints for the "djgpp" host, or else GDB configury will decide that |
1061 | # this is a cross-build. | 1084 | # this is a cross-build. |
1062 | echo i586-pc-msdosdjgpp | 1085 | echo i586-pc-msdosdjgpp |
1063 | exit ;; | 1086 | exit ;; |
1064 | Intel:Mach:3*:*) | 1087 | Intel:Mach:3*:*) |
1065 | echo i386-pc-mach3 | 1088 | echo i386-pc-mach3 |
1066 | exit ;; | 1089 | exit ;; |
@@ -1095,8 +1118,8 @@ EOF | |||
1095 | /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ | 1118 | /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ |
1096 | && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;; | 1119 | && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;; |
1097 | 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*) | 1120 | 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*) |
1098 | /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ | 1121 | /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ |
1099 | && { echo i486-ncr-sysv4; exit; } ;; | 1122 | && { echo i486-ncr-sysv4; exit; } ;; |
1100 | NCR*:*:4.2:* | MPRAS*:*:4.2:*) | 1123 | NCR*:*:4.2:* | MPRAS*:*:4.2:*) |
1101 | OS_REL='.3' | 1124 | OS_REL='.3' |
1102 | test -r /etc/.relid \ | 1125 | test -r /etc/.relid \ |
@@ -1139,10 +1162,10 @@ EOF | |||
1139 | echo ns32k-sni-sysv | 1162 | echo ns32k-sni-sysv |
1140 | fi | 1163 | fi |
1141 | exit ;; | 1164 | exit ;; |
1142 | PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort | 1165 | PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort |
1143 | # says <Richard.M.Bartel@ccMail.Census.GOV> | 1166 | # says <Richard.M.Bartel@ccMail.Census.GOV> |
1144 | echo i586-unisys-sysv4 | 1167 | echo i586-unisys-sysv4 |
1145 | exit ;; | 1168 | exit ;; |
1146 | *:UNIX_System_V:4*:FTX*) | 1169 | *:UNIX_System_V:4*:FTX*) |
1147 | # From Gerald Hewes <hewes@openmarket.com>. | 1170 | # From Gerald Hewes <hewes@openmarket.com>. |
1148 | # How about differentiating between stratus architectures? -djm | 1171 | # How about differentiating between stratus architectures? -djm |
@@ -1168,11 +1191,11 @@ EOF | |||
1168 | exit ;; | 1191 | exit ;; |
1169 | R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*) | 1192 | R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*) |
1170 | if [ -d /usr/nec ]; then | 1193 | if [ -d /usr/nec ]; then |
1171 | echo mips-nec-sysv${UNAME_RELEASE} | 1194 | echo mips-nec-sysv${UNAME_RELEASE} |
1172 | else | 1195 | else |
1173 | echo mips-unknown-sysv${UNAME_RELEASE} | 1196 | echo mips-unknown-sysv${UNAME_RELEASE} |
1174 | fi | 1197 | fi |
1175 | exit ;; | 1198 | exit ;; |
1176 | BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only. | 1199 | BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only. |
1177 | echo powerpc-be-beos | 1200 | echo powerpc-be-beos |
1178 | exit ;; | 1201 | exit ;; |
@@ -1185,6 +1208,9 @@ EOF | |||
1185 | BePC:Haiku:*:*) # Haiku running on Intel PC compatible. | 1208 | BePC:Haiku:*:*) # Haiku running on Intel PC compatible. |
1186 | echo i586-pc-haiku | 1209 | echo i586-pc-haiku |
1187 | exit ;; | 1210 | exit ;; |
1211 | x86_64:Haiku:*:*) | ||
1212 | echo x86_64-unknown-haiku | ||
1213 | exit ;; | ||
1188 | SX-4:SUPER-UX:*:*) | 1214 | SX-4:SUPER-UX:*:*) |
1189 | echo sx4-nec-superux${UNAME_RELEASE} | 1215 | echo sx4-nec-superux${UNAME_RELEASE} |
1190 | exit ;; | 1216 | exit ;; |
@@ -1240,7 +1266,7 @@ EOF | |||
1240 | NEO-?:NONSTOP_KERNEL:*:*) | 1266 | NEO-?:NONSTOP_KERNEL:*:*) |
1241 | echo neo-tandem-nsk${UNAME_RELEASE} | 1267 | echo neo-tandem-nsk${UNAME_RELEASE} |
1242 | exit ;; | 1268 | exit ;; |
1243 | NSE-?:NONSTOP_KERNEL:*:*) | 1269 | NSE-*:NONSTOP_KERNEL:*:*) |
1244 | echo nse-tandem-nsk${UNAME_RELEASE} | 1270 | echo nse-tandem-nsk${UNAME_RELEASE} |
1245 | exit ;; | 1271 | exit ;; |
1246 | NSR-?:NONSTOP_KERNEL:*:*) | 1272 | NSR-?:NONSTOP_KERNEL:*:*) |
@@ -1285,13 +1311,13 @@ EOF | |||
1285 | echo pdp10-unknown-its | 1311 | echo pdp10-unknown-its |
1286 | exit ;; | 1312 | exit ;; |
1287 | SEI:*:*:SEIUX) | 1313 | SEI:*:*:SEIUX) |
1288 | echo mips-sei-seiux${UNAME_RELEASE} | 1314 | echo mips-sei-seiux${UNAME_RELEASE} |
1289 | exit ;; | 1315 | exit ;; |
1290 | *:DragonFly:*:*) | 1316 | *:DragonFly:*:*) |
1291 | echo ${UNAME_MACHINE}-unknown-dragonfly`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` | 1317 | echo ${UNAME_MACHINE}-unknown-dragonfly`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` |
1292 | exit ;; | 1318 | exit ;; |
1293 | *:*VMS:*:*) | 1319 | *:*VMS:*:*) |
1294 | UNAME_MACHINE=`(uname -p) 2>/dev/null` | 1320 | UNAME_MACHINE=`(uname -p) 2>/dev/null` |
1295 | case "${UNAME_MACHINE}" in | 1321 | case "${UNAME_MACHINE}" in |
1296 | A*) echo alpha-dec-vms ; exit ;; | 1322 | A*) echo alpha-dec-vms ; exit ;; |
1297 | I*) echo ia64-dec-vms ; exit ;; | 1323 | I*) echo ia64-dec-vms ; exit ;; |
@@ -1309,11 +1335,11 @@ EOF | |||
1309 | i*86:AROS:*:*) | 1335 | i*86:AROS:*:*) |
1310 | echo ${UNAME_MACHINE}-pc-aros | 1336 | echo ${UNAME_MACHINE}-pc-aros |
1311 | exit ;; | 1337 | exit ;; |
1338 | x86_64:VMkernel:*:*) | ||
1339 | echo ${UNAME_MACHINE}-unknown-esx | ||
1340 | exit ;; | ||
1312 | esac | 1341 | esac |
1313 | 1342 | ||
1314 | #echo '(No uname command or uname output not recognized.)' 1>&2 | ||
1315 | #echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2 | ||
1316 | |||
1317 | eval $set_cc_for_build | 1343 | eval $set_cc_for_build |
1318 | cat >$dummy.c <<EOF | 1344 | cat >$dummy.c <<EOF |
1319 | #ifdef _SEQUENT_ | 1345 | #ifdef _SEQUENT_ |
@@ -1331,11 +1357,11 @@ main () | |||
1331 | #include <sys/param.h> | 1357 | #include <sys/param.h> |
1332 | printf ("m68k-sony-newsos%s\n", | 1358 | printf ("m68k-sony-newsos%s\n", |
1333 | #ifdef NEWSOS4 | 1359 | #ifdef NEWSOS4 |
1334 | "4" | 1360 | "4" |
1335 | #else | 1361 | #else |
1336 | "" | 1362 | "" |
1337 | #endif | 1363 | #endif |
1338 | ); exit (0); | 1364 | ); exit (0); |
1339 | #endif | 1365 | #endif |
1340 | #endif | 1366 | #endif |
1341 | 1367 | ||
diff --git a/config.h.in b/config.h.in index 67858ef6d..34f1c9c53 100644 --- a/config.h.in +++ b/config.h.in | |||
@@ -230,6 +230,9 @@ | |||
230 | /* Define to 1 if you have the `clock' function. */ | 230 | /* Define to 1 if you have the `clock' function. */ |
231 | #undef HAVE_CLOCK | 231 | #undef HAVE_CLOCK |
232 | 232 | ||
233 | /* Have clock_gettime */ | ||
234 | #undef HAVE_CLOCK_GETTIME | ||
235 | |||
233 | /* define if you have clock_t data type */ | 236 | /* define if you have clock_t data type */ |
234 | #undef HAVE_CLOCK_T | 237 | #undef HAVE_CLOCK_T |
235 | 238 | ||
@@ -242,6 +245,9 @@ | |||
242 | /* Define if your system uses ancillary data style file descriptor passing */ | 245 | /* Define if your system uses ancillary data style file descriptor passing */ |
243 | #undef HAVE_CONTROL_IN_MSGHDR | 246 | #undef HAVE_CONTROL_IN_MSGHDR |
244 | 247 | ||
248 | /* Define to 1 if you have the `crypt' function. */ | ||
249 | #undef HAVE_CRYPT | ||
250 | |||
245 | /* Define to 1 if you have the <crypto/sha2.h> header file. */ | 251 | /* Define to 1 if you have the <crypto/sha2.h> header file. */ |
246 | #undef HAVE_CRYPTO_SHA2_H | 252 | #undef HAVE_CRYPTO_SHA2_H |
247 | 253 | ||
@@ -266,6 +272,10 @@ | |||
266 | and to 0 if you don't. */ | 272 | and to 0 if you don't. */ |
267 | #undef HAVE_DECL_GSS_C_NT_HOSTBASED_SERVICE | 273 | #undef HAVE_DECL_GSS_C_NT_HOSTBASED_SERVICE |
268 | 274 | ||
275 | /* Define to 1 if you have the declaration of `howmany', and to 0 if you | ||
276 | don't. */ | ||
277 | #undef HAVE_DECL_HOWMANY | ||
278 | |||
269 | /* Define to 1 if you have the declaration of `h_errno', and to 0 if you | 279 | /* Define to 1 if you have the declaration of `h_errno', and to 0 if you |
270 | don't. */ | 280 | don't. */ |
271 | #undef HAVE_DECL_H_ERRNO | 281 | #undef HAVE_DECL_H_ERRNO |
@@ -286,6 +296,10 @@ | |||
286 | don't. */ | 296 | don't. */ |
287 | #undef HAVE_DECL_MAXSYMLINKS | 297 | #undef HAVE_DECL_MAXSYMLINKS |
288 | 298 | ||
299 | /* Define to 1 if you have the declaration of `NFDBITS', and to 0 if you | ||
300 | don't. */ | ||
301 | #undef HAVE_DECL_NFDBITS | ||
302 | |||
289 | /* Define to 1 if you have the declaration of `offsetof', and to 0 if you | 303 | /* Define to 1 if you have the declaration of `offsetof', and to 0 if you |
290 | don't. */ | 304 | don't. */ |
291 | #undef HAVE_DECL_OFFSETOF | 305 | #undef HAVE_DECL_OFFSETOF |
@@ -318,6 +332,9 @@ | |||
318 | don't. */ | 332 | don't. */ |
319 | #undef HAVE_DECL__GETSHORT | 333 | #undef HAVE_DECL__GETSHORT |
320 | 334 | ||
335 | /* Define to 1 if you have the `DES_crypt' function. */ | ||
336 | #undef HAVE_DES_CRYPT | ||
337 | |||
321 | /* Define if you have /dev/ptmx */ | 338 | /* Define if you have /dev/ptmx */ |
322 | #undef HAVE_DEV_PTMX | 339 | #undef HAVE_DEV_PTMX |
323 | 340 | ||
@@ -339,6 +356,9 @@ | |||
339 | /* Define to 1 if you have the <elf.h> header file. */ | 356 | /* Define to 1 if you have the <elf.h> header file. */ |
340 | #undef HAVE_ELF_H | 357 | #undef HAVE_ELF_H |
341 | 358 | ||
359 | /* Define to 1 if you have the `endgrent' function. */ | ||
360 | #undef HAVE_ENDGRENT | ||
361 | |||
342 | /* Define to 1 if you have the <endian.h> header file. */ | 362 | /* Define to 1 if you have the <endian.h> header file. */ |
343 | #undef HAVE_ENDIAN_H | 363 | #undef HAVE_ENDIAN_H |
344 | 364 | ||
@@ -372,6 +392,9 @@ | |||
372 | /* Define to 1 if you have the <fcntl.h> header file. */ | 392 | /* Define to 1 if you have the <fcntl.h> header file. */ |
373 | #undef HAVE_FCNTL_H | 393 | #undef HAVE_FCNTL_H |
374 | 394 | ||
395 | /* Define to 1 if the system has the type `fd_mask'. */ | ||
396 | #undef HAVE_FD_MASK | ||
397 | |||
375 | /* Define to 1 if you have the <features.h> header file. */ | 398 | /* Define to 1 if you have the <features.h> header file. */ |
376 | #undef HAVE_FEATURES_H | 399 | #undef HAVE_FEATURES_H |
377 | 400 | ||
@@ -576,6 +599,15 @@ | |||
576 | /* Define if you have isblank(3C). */ | 599 | /* Define if you have isblank(3C). */ |
577 | #undef HAVE_ISBLANK | 600 | #undef HAVE_ISBLANK |
578 | 601 | ||
602 | /* Define to 1 if you have the `krb5_cc_new_unique' function. */ | ||
603 | #undef HAVE_KRB5_CC_NEW_UNIQUE | ||
604 | |||
605 | /* Define to 1 if you have the `krb5_free_error_message' function. */ | ||
606 | #undef HAVE_KRB5_FREE_ERROR_MESSAGE | ||
607 | |||
608 | /* Define to 1 if you have the `krb5_get_error_message' function. */ | ||
609 | #undef HAVE_KRB5_GET_ERROR_MESSAGE | ||
610 | |||
579 | /* Define to 1 if you have the <lastlog.h> header file. */ | 611 | /* Define to 1 if you have the <lastlog.h> header file. */ |
580 | #undef HAVE_LASTLOG_H | 612 | #undef HAVE_LASTLOG_H |
581 | 613 | ||
@@ -636,6 +668,9 @@ | |||
636 | /* Define to 1 if you have the <linux/seccomp.h> header file. */ | 668 | /* Define to 1 if you have the <linux/seccomp.h> header file. */ |
637 | #undef HAVE_LINUX_SECCOMP_H | 669 | #undef HAVE_LINUX_SECCOMP_H |
638 | 670 | ||
671 | /* Define to 1 if you have the <locale.h> header file. */ | ||
672 | #undef HAVE_LOCALE_H | ||
673 | |||
639 | /* Define to 1 if you have the `login' function. */ | 674 | /* Define to 1 if you have the `login' function. */ |
640 | #undef HAVE_LOGIN | 675 | #undef HAVE_LOGIN |
641 | 676 | ||
@@ -663,6 +698,9 @@ | |||
663 | /* Define to 1 if you have the <maillock.h> header file. */ | 698 | /* Define to 1 if you have the <maillock.h> header file. */ |
664 | #undef HAVE_MAILLOCK_H | 699 | #undef HAVE_MAILLOCK_H |
665 | 700 | ||
701 | /* Define to 1 if you have the `mblen' function. */ | ||
702 | #undef HAVE_MBLEN | ||
703 | |||
666 | /* Define to 1 if you have the `md5_crypt' function. */ | 704 | /* Define to 1 if you have the `md5_crypt' function. */ |
667 | #undef HAVE_MD5_CRYPT | 705 | #undef HAVE_MD5_CRYPT |
668 | 706 | ||
@@ -769,15 +807,6 @@ | |||
769 | /* Define to 1 if you have the `pututxline' function. */ | 807 | /* Define to 1 if you have the `pututxline' function. */ |
770 | #undef HAVE_PUTUTXLINE | 808 | #undef HAVE_PUTUTXLINE |
771 | 809 | ||
772 | /* Define if your password has a pw_change field */ | ||
773 | #undef HAVE_PW_CHANGE_IN_PASSWD | ||
774 | |||
775 | /* Define if your password has a pw_class field */ | ||
776 | #undef HAVE_PW_CLASS_IN_PASSWD | ||
777 | |||
778 | /* Define if your password has a pw_expire field */ | ||
779 | #undef HAVE_PW_EXPIRE_IN_PASSWD | ||
780 | |||
781 | /* Define to 1 if you have the `readpassphrase' function. */ | 810 | /* Define to 1 if you have the `readpassphrase' function. */ |
782 | #undef HAVE_READPASSPHRASE | 811 | #undef HAVE_READPASSPHRASE |
783 | 812 | ||
@@ -814,6 +843,9 @@ | |||
814 | /* define if you have sa_family_t data type */ | 843 | /* define if you have sa_family_t data type */ |
815 | #undef HAVE_SA_FAMILY_T | 844 | #undef HAVE_SA_FAMILY_T |
816 | 845 | ||
846 | /* Define to 1 if you have the `scan_scaled' function. */ | ||
847 | #undef HAVE_SCAN_SCALED | ||
848 | |||
817 | /* Define if you have SecureWare-based protected password database */ | 849 | /* Define if you have SecureWare-based protected password database */ |
818 | #undef HAVE_SECUREWARE | 850 | #undef HAVE_SECUREWARE |
819 | 851 | ||
@@ -1003,6 +1035,18 @@ | |||
1003 | /* define if you have struct in6_addr data type */ | 1035 | /* define if you have struct in6_addr data type */ |
1004 | #undef HAVE_STRUCT_IN6_ADDR | 1036 | #undef HAVE_STRUCT_IN6_ADDR |
1005 | 1037 | ||
1038 | /* Define to 1 if `pw_change' is a member of `struct passwd'. */ | ||
1039 | #undef HAVE_STRUCT_PASSWD_PW_CHANGE | ||
1040 | |||
1041 | /* Define to 1 if `pw_class' is a member of `struct passwd'. */ | ||
1042 | #undef HAVE_STRUCT_PASSWD_PW_CLASS | ||
1043 | |||
1044 | /* Define to 1 if `pw_expire' is a member of `struct passwd'. */ | ||
1045 | #undef HAVE_STRUCT_PASSWD_PW_EXPIRE | ||
1046 | |||
1047 | /* Define to 1 if `pw_gecos' is a member of `struct passwd'. */ | ||
1048 | #undef HAVE_STRUCT_PASSWD_PW_GECOS | ||
1049 | |||
1006 | /* define if you have struct sockaddr_in6 data type */ | 1050 | /* define if you have struct sockaddr_in6 data type */ |
1007 | #undef HAVE_STRUCT_SOCKADDR_IN6 | 1051 | #undef HAVE_STRUCT_SOCKADDR_IN6 |
1008 | 1052 | ||
@@ -1323,15 +1367,6 @@ | |||
1323 | /* Set this to your mail directory if you do not have _PATH_MAILDIR */ | 1367 | /* Set this to your mail directory if you do not have _PATH_MAILDIR */ |
1324 | #undef MAIL_DIRECTORY | 1368 | #undef MAIL_DIRECTORY |
1325 | 1369 | ||
1326 | /* Define on *nto-qnx systems */ | ||
1327 | #undef MISSING_FD_MASK | ||
1328 | |||
1329 | /* Define on *nto-qnx systems */ | ||
1330 | #undef MISSING_HOWMANY | ||
1331 | |||
1332 | /* Define on *nto-qnx systems */ | ||
1333 | #undef MISSING_NFDBITS | ||
1334 | |||
1335 | /* Need setpgrp to acquire controlling tty */ | 1370 | /* Need setpgrp to acquire controlling tty */ |
1336 | #undef NEED_SETPGRP | 1371 | #undef NEED_SETPGRP |
1337 | 1372 | ||
diff --git a/config.sub b/config.sub index 2d8169626..eee8dccb0 100755 --- a/config.sub +++ b/config.sub | |||
@@ -2,9 +2,9 @@ | |||
2 | # Configuration validation subroutine script. | 2 | # Configuration validation subroutine script. |
3 | # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, | 3 | # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, |
4 | # 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, | 4 | # 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, |
5 | # 2011 Free Software Foundation, Inc. | 5 | # 2011, 2012, 2013 Free Software Foundation, Inc. |
6 | 6 | ||
7 | timestamp='2011-01-01' | 7 | timestamp='2012-12-23' |
8 | 8 | ||
9 | # This file is (in principle) common to ALL GNU software. | 9 | # This file is (in principle) common to ALL GNU software. |
10 | # The presence of a machine in this file suggests that SOME GNU software | 10 | # The presence of a machine in this file suggests that SOME GNU software |
@@ -21,9 +21,7 @@ timestamp='2011-01-01' | |||
21 | # GNU General Public License for more details. | 21 | # GNU General Public License for more details. |
22 | # | 22 | # |
23 | # You should have received a copy of the GNU General Public License | 23 | # You should have received a copy of the GNU General Public License |
24 | # along with this program; if not, write to the Free Software | 24 | # along with this program; if not, see <http://www.gnu.org/licenses/>. |
25 | # Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA | ||
26 | # 02110-1301, USA. | ||
27 | # | 25 | # |
28 | # As a special exception to the GNU General Public License, if you | 26 | # As a special exception to the GNU General Public License, if you |
29 | # distribute this file as part of a program that contains a | 27 | # distribute this file as part of a program that contains a |
@@ -76,8 +74,8 @@ version="\ | |||
76 | GNU config.sub ($timestamp) | 74 | GNU config.sub ($timestamp) |
77 | 75 | ||
78 | Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, | 76 | Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, |
79 | 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free | 77 | 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, |
80 | Software Foundation, Inc. | 78 | 2012, 2013 Free Software Foundation, Inc. |
81 | 79 | ||
82 | This is free software; see the source for copying conditions. There is NO | 80 | This is free software; see the source for copying conditions. There is NO |
83 | warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." | 81 | warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." |
@@ -125,13 +123,17 @@ esac | |||
125 | maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` | 123 | maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` |
126 | case $maybe_os in | 124 | case $maybe_os in |
127 | nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc | linux-newlib* | \ | 125 | nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc | linux-newlib* | \ |
128 | linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \ | 126 | linux-musl* | linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \ |
129 | knetbsd*-gnu* | netbsd*-gnu* | \ | 127 | knetbsd*-gnu* | netbsd*-gnu* | \ |
130 | kopensolaris*-gnu* | \ | 128 | kopensolaris*-gnu* | \ |
131 | storm-chaos* | os2-emx* | rtmk-nova*) | 129 | storm-chaos* | os2-emx* | rtmk-nova*) |
132 | os=-$maybe_os | 130 | os=-$maybe_os |
133 | basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'` | 131 | basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'` |
134 | ;; | 132 | ;; |
133 | android-linux) | ||
134 | os=-linux-android | ||
135 | basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`-unknown | ||
136 | ;; | ||
135 | *) | 137 | *) |
136 | basic_machine=`echo $1 | sed 's/-[^-]*$//'` | 138 | basic_machine=`echo $1 | sed 's/-[^-]*$//'` |
137 | if [ $basic_machine != $1 ] | 139 | if [ $basic_machine != $1 ] |
@@ -154,12 +156,12 @@ case $os in | |||
154 | -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\ | 156 | -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\ |
155 | -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \ | 157 | -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \ |
156 | -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \ | 158 | -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \ |
157 | -apple | -axis | -knuth | -cray | -microblaze) | 159 | -apple | -axis | -knuth | -cray | -microblaze*) |
158 | os= | 160 | os= |
159 | basic_machine=$1 | 161 | basic_machine=$1 |
160 | ;; | 162 | ;; |
161 | -bluegene*) | 163 | -bluegene*) |
162 | os=-cnk | 164 | os=-cnk |
163 | ;; | 165 | ;; |
164 | -sim | -cisco | -oki | -wec | -winbond) | 166 | -sim | -cisco | -oki | -wec | -winbond) |
165 | os= | 167 | os= |
@@ -175,10 +177,10 @@ case $os in | |||
175 | os=-chorusos | 177 | os=-chorusos |
176 | basic_machine=$1 | 178 | basic_machine=$1 |
177 | ;; | 179 | ;; |
178 | -chorusrdb) | 180 | -chorusrdb) |
179 | os=-chorusrdb | 181 | os=-chorusrdb |
180 | basic_machine=$1 | 182 | basic_machine=$1 |
181 | ;; | 183 | ;; |
182 | -hiux*) | 184 | -hiux*) |
183 | os=-hiuxwe2 | 185 | os=-hiuxwe2 |
184 | ;; | 186 | ;; |
@@ -223,6 +225,12 @@ case $os in | |||
223 | -isc*) | 225 | -isc*) |
224 | basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` | 226 | basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` |
225 | ;; | 227 | ;; |
228 | -lynx*178) | ||
229 | os=-lynxos178 | ||
230 | ;; | ||
231 | -lynx*5) | ||
232 | os=-lynxos5 | ||
233 | ;; | ||
226 | -lynx*) | 234 | -lynx*) |
227 | os=-lynxos | 235 | os=-lynxos |
228 | ;; | 236 | ;; |
@@ -247,20 +255,27 @@ case $basic_machine in | |||
247 | # Some are omitted here because they have special meanings below. | 255 | # Some are omitted here because they have special meanings below. |
248 | 1750a | 580 \ | 256 | 1750a | 580 \ |
249 | | a29k \ | 257 | | a29k \ |
258 | | aarch64 | aarch64_be \ | ||
250 | | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \ | 259 | | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \ |
251 | | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \ | 260 | | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \ |
252 | | am33_2.0 \ | 261 | | am33_2.0 \ |
253 | | arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr | avr32 \ | 262 | | arc \ |
263 | | arm | arm[bl]e | arme[lb] | armv[2-8] | armv[3-8][lb] | armv7[arm] \ | ||
264 | | avr | avr32 \ | ||
265 | | be32 | be64 \ | ||
254 | | bfin \ | 266 | | bfin \ |
255 | | c4x | clipper \ | 267 | | c4x | clipper \ |
256 | | d10v | d30v | dlx | dsp16xx \ | 268 | | d10v | d30v | dlx | dsp16xx \ |
269 | | epiphany \ | ||
257 | | fido | fr30 | frv \ | 270 | | fido | fr30 | frv \ |
258 | | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ | 271 | | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ |
272 | | hexagon \ | ||
259 | | i370 | i860 | i960 | ia64 \ | 273 | | i370 | i860 | i960 | ia64 \ |
260 | | ip2k | iq2000 \ | 274 | | ip2k | iq2000 \ |
275 | | le32 | le64 \ | ||
261 | | lm32 \ | 276 | | lm32 \ |
262 | | m32c | m32r | m32rle | m68000 | m68k | m88k \ | 277 | | m32c | m32r | m32rle | m68000 | m68k | m88k \ |
263 | | maxq | mb | microblaze | mcore | mep | metag \ | 278 | | maxq | mb | microblaze | microblazeel | mcore | mep | metag \ |
264 | | mips | mipsbe | mipseb | mipsel | mipsle \ | 279 | | mips | mipsbe | mipseb | mipsel | mipsle \ |
265 | | mips16 \ | 280 | | mips16 \ |
266 | | mips64 | mips64el \ | 281 | | mips64 | mips64el \ |
@@ -286,22 +301,23 @@ case $basic_machine in | |||
286 | | nds32 | nds32le | nds32be \ | 301 | | nds32 | nds32le | nds32be \ |
287 | | nios | nios2 \ | 302 | | nios | nios2 \ |
288 | | ns16k | ns32k \ | 303 | | ns16k | ns32k \ |
304 | | open8 \ | ||
289 | | or32 \ | 305 | | or32 \ |
290 | | pdp10 | pdp11 | pj | pjl \ | 306 | | pdp10 | pdp11 | pj | pjl \ |
291 | | powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \ | 307 | | powerpc | powerpc64 | powerpc64le | powerpcle \ |
292 | | pyramid \ | 308 | | pyramid \ |
293 | | rx \ | 309 | | rl78 | rx \ |
294 | | score \ | 310 | | score \ |
295 | | sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \ | 311 | | sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \ |
296 | | sh64 | sh64le \ | 312 | | sh64 | sh64le \ |
297 | | sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \ | 313 | | sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \ |
298 | | sparcv8 | sparcv9 | sparcv9b | sparcv9v \ | 314 | | sparcv8 | sparcv9 | sparcv9b | sparcv9v \ |
299 | | spu | strongarm \ | 315 | | spu \ |
300 | | tahoe | thumb | tic4x | tic54x | tic55x | tic6x | tic80 | tron \ | 316 | | tahoe | tic4x | tic54x | tic55x | tic6x | tic80 | tron \ |
301 | | ubicom32 \ | 317 | | ubicom32 \ |
302 | | v850 | v850e \ | 318 | | v850 | v850e | v850e1 | v850e2 | v850es | v850e2v3 \ |
303 | | we32k \ | 319 | | we32k \ |
304 | | x86 | xc16x | xscale | xscalee[bl] | xstormy16 | xtensa \ | 320 | | x86 | xc16x | xstormy16 | xtensa \ |
305 | | z8k | z80) | 321 | | z8k | z80) |
306 | basic_machine=$basic_machine-unknown | 322 | basic_machine=$basic_machine-unknown |
307 | ;; | 323 | ;; |
@@ -314,8 +330,7 @@ case $basic_machine in | |||
314 | c6x) | 330 | c6x) |
315 | basic_machine=tic6x-unknown | 331 | basic_machine=tic6x-unknown |
316 | ;; | 332 | ;; |
317 | m6811 | m68hc11 | m6812 | m68hc12 | picochip) | 333 | m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x | picochip) |
318 | # Motorola 68HC11/12. | ||
319 | basic_machine=$basic_machine-unknown | 334 | basic_machine=$basic_machine-unknown |
320 | os=-none | 335 | os=-none |
321 | ;; | 336 | ;; |
@@ -325,6 +340,21 @@ case $basic_machine in | |||
325 | basic_machine=mt-unknown | 340 | basic_machine=mt-unknown |
326 | ;; | 341 | ;; |
327 | 342 | ||
343 | strongarm | thumb | xscale) | ||
344 | basic_machine=arm-unknown | ||
345 | ;; | ||
346 | xgate) | ||
347 | basic_machine=$basic_machine-unknown | ||
348 | os=-none | ||
349 | ;; | ||
350 | xscaleeb) | ||
351 | basic_machine=armeb-unknown | ||
352 | ;; | ||
353 | |||
354 | xscaleel) | ||
355 | basic_machine=armel-unknown | ||
356 | ;; | ||
357 | |||
328 | # We use `pc' rather than `unknown' | 358 | # We use `pc' rather than `unknown' |
329 | # because (1) that's what they normally are, and | 359 | # because (1) that's what they normally are, and |
330 | # (2) the word "unknown" tends to confuse beginning users. | 360 | # (2) the word "unknown" tends to confuse beginning users. |
@@ -339,11 +369,13 @@ case $basic_machine in | |||
339 | # Recognize the basic CPU types with company name. | 369 | # Recognize the basic CPU types with company name. |
340 | 580-* \ | 370 | 580-* \ |
341 | | a29k-* \ | 371 | | a29k-* \ |
372 | | aarch64-* | aarch64_be-* \ | ||
342 | | alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \ | 373 | | alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \ |
343 | | alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \ | 374 | | alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \ |
344 | | alphapca5[67]-* | alpha64pca5[67]-* | arc-* \ | 375 | | alphapca5[67]-* | alpha64pca5[67]-* | arc-* \ |
345 | | arm-* | armbe-* | armle-* | armeb-* | armv*-* \ | 376 | | arm-* | armbe-* | armle-* | armeb-* | armv*-* \ |
346 | | avr-* | avr32-* \ | 377 | | avr-* | avr32-* \ |
378 | | be32-* | be64-* \ | ||
347 | | bfin-* | bs2000-* \ | 379 | | bfin-* | bs2000-* \ |
348 | | c[123]* | c30-* | [cjt]90-* | c4x-* \ | 380 | | c[123]* | c30-* | [cjt]90-* | c4x-* \ |
349 | | clipper-* | craynv-* | cydra-* \ | 381 | | clipper-* | craynv-* | cydra-* \ |
@@ -352,12 +384,15 @@ case $basic_machine in | |||
352 | | f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \ | 384 | | f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \ |
353 | | h8300-* | h8500-* \ | 385 | | h8300-* | h8500-* \ |
354 | | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \ | 386 | | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \ |
387 | | hexagon-* \ | ||
355 | | i*86-* | i860-* | i960-* | ia64-* \ | 388 | | i*86-* | i860-* | i960-* | ia64-* \ |
356 | | ip2k-* | iq2000-* \ | 389 | | ip2k-* | iq2000-* \ |
390 | | le32-* | le64-* \ | ||
357 | | lm32-* \ | 391 | | lm32-* \ |
358 | | m32c-* | m32r-* | m32rle-* \ | 392 | | m32c-* | m32r-* | m32rle-* \ |
359 | | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \ | 393 | | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \ |
360 | | m88110-* | m88k-* | maxq-* | mcore-* | metag-* | microblaze-* \ | 394 | | m88110-* | m88k-* | maxq-* | mcore-* | metag-* \ |
395 | | microblaze-* | microblazeel-* \ | ||
361 | | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \ | 396 | | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \ |
362 | | mips16-* \ | 397 | | mips16-* \ |
363 | | mips64-* | mips64el-* \ | 398 | | mips64-* | mips64el-* \ |
@@ -382,24 +417,26 @@ case $basic_machine in | |||
382 | | nds32-* | nds32le-* | nds32be-* \ | 417 | | nds32-* | nds32le-* | nds32be-* \ |
383 | | nios-* | nios2-* \ | 418 | | nios-* | nios2-* \ |
384 | | none-* | np1-* | ns16k-* | ns32k-* \ | 419 | | none-* | np1-* | ns16k-* | ns32k-* \ |
420 | | open8-* \ | ||
385 | | orion-* \ | 421 | | orion-* \ |
386 | | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \ | 422 | | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \ |
387 | | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \ | 423 | | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* \ |
388 | | pyramid-* \ | 424 | | pyramid-* \ |
389 | | romp-* | rs6000-* | rx-* \ | 425 | | rl78-* | romp-* | rs6000-* | rx-* \ |
390 | | sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \ | 426 | | sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \ |
391 | | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \ | 427 | | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \ |
392 | | sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \ | 428 | | sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \ |
393 | | sparclite-* \ | 429 | | sparclite-* \ |
394 | | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | strongarm-* | sv1-* | sx?-* \ | 430 | | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | sv1-* | sx?-* \ |
395 | | tahoe-* | thumb-* \ | 431 | | tahoe-* \ |
396 | | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \ | 432 | | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \ |
397 | | tile-* | tilegx-* \ | 433 | | tile*-* \ |
398 | | tron-* \ | 434 | | tron-* \ |
399 | | ubicom32-* \ | 435 | | ubicom32-* \ |
400 | | v850-* | v850e-* | vax-* \ | 436 | | v850-* | v850e-* | v850e1-* | v850es-* | v850e2-* | v850e2v3-* \ |
437 | | vax-* \ | ||
401 | | we32k-* \ | 438 | | we32k-* \ |
402 | | x86-* | x86_64-* | xc16x-* | xps100-* | xscale-* | xscalee[bl]-* \ | 439 | | x86-* | x86_64-* | xc16x-* | xps100-* \ |
403 | | xstormy16-* | xtensa*-* \ | 440 | | xstormy16-* | xtensa*-* \ |
404 | | ymp-* \ | 441 | | ymp-* \ |
405 | | z8k-* | z80-*) | 442 | | z8k-* | z80-*) |
@@ -424,7 +461,7 @@ case $basic_machine in | |||
424 | basic_machine=a29k-amd | 461 | basic_machine=a29k-amd |
425 | os=-udi | 462 | os=-udi |
426 | ;; | 463 | ;; |
427 | abacus) | 464 | abacus) |
428 | basic_machine=abacus-unknown | 465 | basic_machine=abacus-unknown |
429 | ;; | 466 | ;; |
430 | adobe68k) | 467 | adobe68k) |
@@ -507,7 +544,7 @@ case $basic_machine in | |||
507 | basic_machine=c90-cray | 544 | basic_machine=c90-cray |
508 | os=-unicos | 545 | os=-unicos |
509 | ;; | 546 | ;; |
510 | cegcc) | 547 | cegcc) |
511 | basic_machine=arm-unknown | 548 | basic_machine=arm-unknown |
512 | os=-cegcc | 549 | os=-cegcc |
513 | ;; | 550 | ;; |
@@ -697,7 +734,6 @@ case $basic_machine in | |||
697 | i370-ibm* | ibm*) | 734 | i370-ibm* | ibm*) |
698 | basic_machine=i370-ibm | 735 | basic_machine=i370-ibm |
699 | ;; | 736 | ;; |
700 | # I'm not sure what "Sysv32" means. Should this be sysv3.2? | ||
701 | i*86v32) | 737 | i*86v32) |
702 | basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` | 738 | basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` |
703 | os=-sysv32 | 739 | os=-sysv32 |
@@ -755,9 +791,13 @@ case $basic_machine in | |||
755 | basic_machine=ns32k-utek | 791 | basic_machine=ns32k-utek |
756 | os=-sysv | 792 | os=-sysv |
757 | ;; | 793 | ;; |
758 | microblaze) | 794 | microblaze*) |
759 | basic_machine=microblaze-xilinx | 795 | basic_machine=microblaze-xilinx |
760 | ;; | 796 | ;; |
797 | mingw64) | ||
798 | basic_machine=x86_64-pc | ||
799 | os=-mingw64 | ||
800 | ;; | ||
761 | mingw32) | 801 | mingw32) |
762 | basic_machine=i386-pc | 802 | basic_machine=i386-pc |
763 | os=-mingw32 | 803 | os=-mingw32 |
@@ -794,10 +834,18 @@ case $basic_machine in | |||
794 | ms1-*) | 834 | ms1-*) |
795 | basic_machine=`echo $basic_machine | sed -e 's/ms1-/mt-/'` | 835 | basic_machine=`echo $basic_machine | sed -e 's/ms1-/mt-/'` |
796 | ;; | 836 | ;; |
837 | msys) | ||
838 | basic_machine=i386-pc | ||
839 | os=-msys | ||
840 | ;; | ||
797 | mvs) | 841 | mvs) |
798 | basic_machine=i370-ibm | 842 | basic_machine=i370-ibm |
799 | os=-mvs | 843 | os=-mvs |
800 | ;; | 844 | ;; |
845 | nacl) | ||
846 | basic_machine=le32-unknown | ||
847 | os=-nacl | ||
848 | ;; | ||
801 | ncr3000) | 849 | ncr3000) |
802 | basic_machine=i486-ncr | 850 | basic_machine=i486-ncr |
803 | os=-sysv4 | 851 | os=-sysv4 |
@@ -862,10 +910,10 @@ case $basic_machine in | |||
862 | np1) | 910 | np1) |
863 | basic_machine=np1-gould | 911 | basic_machine=np1-gould |
864 | ;; | 912 | ;; |
865 | neo-tandem) | 913 | neo-tandem) |
866 | basic_machine=neo-tandem | 914 | basic_machine=neo-tandem |
867 | ;; | 915 | ;; |
868 | nse-tandem) | 916 | nse-tandem) |
869 | basic_machine=nse-tandem | 917 | basic_machine=nse-tandem |
870 | ;; | 918 | ;; |
871 | nsr-tandem) | 919 | nsr-tandem) |
@@ -950,9 +998,10 @@ case $basic_machine in | |||
950 | ;; | 998 | ;; |
951 | power) basic_machine=power-ibm | 999 | power) basic_machine=power-ibm |
952 | ;; | 1000 | ;; |
953 | ppc) basic_machine=powerpc-unknown | 1001 | ppc | ppcbe) basic_machine=powerpc-unknown |
954 | ;; | 1002 | ;; |
955 | ppc-*) basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'` | 1003 | ppc-* | ppcbe-*) |
1004 | basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'` | ||
956 | ;; | 1005 | ;; |
957 | ppcle | powerpclittle | ppc-le | powerpc-little) | 1006 | ppcle | powerpclittle | ppc-le | powerpc-little) |
958 | basic_machine=powerpcle-unknown | 1007 | basic_machine=powerpcle-unknown |
@@ -977,7 +1026,11 @@ case $basic_machine in | |||
977 | basic_machine=i586-unknown | 1026 | basic_machine=i586-unknown |
978 | os=-pw32 | 1027 | os=-pw32 |
979 | ;; | 1028 | ;; |
980 | rdos) | 1029 | rdos | rdos64) |
1030 | basic_machine=x86_64-pc | ||
1031 | os=-rdos | ||
1032 | ;; | ||
1033 | rdos32) | ||
981 | basic_machine=i386-pc | 1034 | basic_machine=i386-pc |
982 | os=-rdos | 1035 | os=-rdos |
983 | ;; | 1036 | ;; |
@@ -1046,6 +1099,9 @@ case $basic_machine in | |||
1046 | basic_machine=i860-stratus | 1099 | basic_machine=i860-stratus |
1047 | os=-sysv4 | 1100 | os=-sysv4 |
1048 | ;; | 1101 | ;; |
1102 | strongarm-* | thumb-*) | ||
1103 | basic_machine=arm-`echo $basic_machine | sed 's/^[^-]*-//'` | ||
1104 | ;; | ||
1049 | sun2) | 1105 | sun2) |
1050 | basic_machine=m68000-sun | 1106 | basic_machine=m68000-sun |
1051 | ;; | 1107 | ;; |
@@ -1102,13 +1158,8 @@ case $basic_machine in | |||
1102 | basic_machine=t90-cray | 1158 | basic_machine=t90-cray |
1103 | os=-unicos | 1159 | os=-unicos |
1104 | ;; | 1160 | ;; |
1105 | # This must be matched before tile*. | ||
1106 | tilegx*) | ||
1107 | basic_machine=tilegx-unknown | ||
1108 | os=-linux-gnu | ||
1109 | ;; | ||
1110 | tile*) | 1161 | tile*) |
1111 | basic_machine=tile-unknown | 1162 | basic_machine=$basic_machine-unknown |
1112 | os=-linux-gnu | 1163 | os=-linux-gnu |
1113 | ;; | 1164 | ;; |
1114 | tx39) | 1165 | tx39) |
@@ -1178,6 +1229,9 @@ case $basic_machine in | |||
1178 | xps | xps100) | 1229 | xps | xps100) |
1179 | basic_machine=xps100-honeywell | 1230 | basic_machine=xps100-honeywell |
1180 | ;; | 1231 | ;; |
1232 | xscale-* | xscalee[bl]-*) | ||
1233 | basic_machine=`echo $basic_machine | sed 's/^xscale/arm/'` | ||
1234 | ;; | ||
1181 | ymp) | 1235 | ymp) |
1182 | basic_machine=ymp-cray | 1236 | basic_machine=ymp-cray |
1183 | os=-unicos | 1237 | os=-unicos |
@@ -1275,11 +1329,11 @@ esac | |||
1275 | if [ x"$os" != x"" ] | 1329 | if [ x"$os" != x"" ] |
1276 | then | 1330 | then |
1277 | case $os in | 1331 | case $os in |
1278 | # First match some system type aliases | 1332 | # First match some system type aliases |
1279 | # that might get confused with valid system types. | 1333 | # that might get confused with valid system types. |
1280 | # -solaris* is a basic system type, with this one exception. | 1334 | # -solaris* is a basic system type, with this one exception. |
1281 | -auroraux) | 1335 | -auroraux) |
1282 | os=-auroraux | 1336 | os=-auroraux |
1283 | ;; | 1337 | ;; |
1284 | -solaris1 | -solaris1.*) | 1338 | -solaris1 | -solaris1.*) |
1285 | os=`echo $os | sed -e 's|solaris1|sunos4|'` | 1339 | os=`echo $os | sed -e 's|solaris1|sunos4|'` |
@@ -1309,15 +1363,15 @@ case $os in | |||
1309 | | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ | 1363 | | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ |
1310 | | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \ | 1364 | | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \ |
1311 | | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \ | 1365 | | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \ |
1312 | | -openbsd* | -solidbsd* \ | 1366 | | -bitrig* | -openbsd* | -solidbsd* \ |
1313 | | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \ | 1367 | | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \ |
1314 | | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \ | 1368 | | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \ |
1315 | | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \ | 1369 | | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \ |
1316 | | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \ | 1370 | | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \ |
1317 | | -chorusos* | -chorusrdb* | -cegcc* \ | 1371 | | -chorusos* | -chorusrdb* | -cegcc* \ |
1318 | | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ | 1372 | | -cygwin* | -msys* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ |
1319 | | -mingw32* | -linux-gnu* | -linux-android* \ | 1373 | | -mingw32* | -mingw64* | -linux-gnu* | -linux-android* \ |
1320 | | -linux-newlib* | -linux-uclibc* \ | 1374 | | -linux-newlib* | -linux-musl* | -linux-uclibc* \ |
1321 | | -uxpv* | -beos* | -mpeix* | -udk* \ | 1375 | | -uxpv* | -beos* | -mpeix* | -udk* \ |
1322 | | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \ | 1376 | | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \ |
1323 | | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \ | 1377 | | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \ |
@@ -1364,7 +1418,7 @@ case $os in | |||
1364 | -opened*) | 1418 | -opened*) |
1365 | os=-openedition | 1419 | os=-openedition |
1366 | ;; | 1420 | ;; |
1367 | -os400*) | 1421 | -os400*) |
1368 | os=-os400 | 1422 | os=-os400 |
1369 | ;; | 1423 | ;; |
1370 | -wince*) | 1424 | -wince*) |
@@ -1413,7 +1467,7 @@ case $os in | |||
1413 | -sinix*) | 1467 | -sinix*) |
1414 | os=-sysv4 | 1468 | os=-sysv4 |
1415 | ;; | 1469 | ;; |
1416 | -tpf*) | 1470 | -tpf*) |
1417 | os=-tpf | 1471 | os=-tpf |
1418 | ;; | 1472 | ;; |
1419 | -triton*) | 1473 | -triton*) |
@@ -1458,8 +1512,8 @@ case $os in | |||
1458 | -dicos*) | 1512 | -dicos*) |
1459 | os=-dicos | 1513 | os=-dicos |
1460 | ;; | 1514 | ;; |
1461 | -nacl*) | 1515 | -nacl*) |
1462 | ;; | 1516 | ;; |
1463 | -none) | 1517 | -none) |
1464 | ;; | 1518 | ;; |
1465 | *) | 1519 | *) |
@@ -1482,10 +1536,10 @@ else | |||
1482 | # system, and we'll never get to this point. | 1536 | # system, and we'll never get to this point. |
1483 | 1537 | ||
1484 | case $basic_machine in | 1538 | case $basic_machine in |
1485 | score-*) | 1539 | score-*) |
1486 | os=-elf | 1540 | os=-elf |
1487 | ;; | 1541 | ;; |
1488 | spu-*) | 1542 | spu-*) |
1489 | os=-elf | 1543 | os=-elf |
1490 | ;; | 1544 | ;; |
1491 | *-acorn) | 1545 | *-acorn) |
@@ -1497,8 +1551,11 @@ case $basic_machine in | |||
1497 | arm*-semi) | 1551 | arm*-semi) |
1498 | os=-aout | 1552 | os=-aout |
1499 | ;; | 1553 | ;; |
1500 | c4x-* | tic4x-*) | 1554 | c4x-* | tic4x-*) |
1501 | os=-coff | 1555 | os=-coff |
1556 | ;; | ||
1557 | hexagon-*) | ||
1558 | os=-elf | ||
1502 | ;; | 1559 | ;; |
1503 | tic54x-*) | 1560 | tic54x-*) |
1504 | os=-coff | 1561 | os=-coff |
@@ -1527,14 +1584,11 @@ case $basic_machine in | |||
1527 | ;; | 1584 | ;; |
1528 | m68000-sun) | 1585 | m68000-sun) |
1529 | os=-sunos3 | 1586 | os=-sunos3 |
1530 | # This also exists in the configure program, but was not the | ||
1531 | # default. | ||
1532 | # os=-sunos4 | ||
1533 | ;; | 1587 | ;; |
1534 | m68*-cisco) | 1588 | m68*-cisco) |
1535 | os=-aout | 1589 | os=-aout |
1536 | ;; | 1590 | ;; |
1537 | mep-*) | 1591 | mep-*) |
1538 | os=-elf | 1592 | os=-elf |
1539 | ;; | 1593 | ;; |
1540 | mips*-cisco) | 1594 | mips*-cisco) |
@@ -1561,7 +1615,7 @@ case $basic_machine in | |||
1561 | *-ibm) | 1615 | *-ibm) |
1562 | os=-aix | 1616 | os=-aix |
1563 | ;; | 1617 | ;; |
1564 | *-knuth) | 1618 | *-knuth) |
1565 | os=-mmixware | 1619 | os=-mmixware |
1566 | ;; | 1620 | ;; |
1567 | *-wec) | 1621 | *-wec) |
@@ -1,5 +1,5 @@ | |||
1 | #! /bin/sh | 1 | #! /bin/sh |
2 | # From configure.ac Revision: 1.518 . | 2 | # From configure.ac Revision: 1.536 . |
3 | # Guess values for system-dependent variables and create Makefiles. | 3 | # Guess values for system-dependent variables and create Makefiles. |
4 | # Generated by GNU Autoconf 2.68 for OpenSSH Portable. | 4 | # Generated by GNU Autoconf 2.68 for OpenSSH Portable. |
5 | # | 5 | # |
@@ -605,6 +605,7 @@ ac_includes_default="\ | |||
605 | 605 | ||
606 | ac_subst_vars='LTLIBOBJS | 606 | ac_subst_vars='LTLIBOBJS |
607 | LIBOBJS | 607 | LIBOBJS |
608 | UNSUPPORTED_ALGORITHMS | ||
608 | TEST_SSH_IPV6 | 609 | TEST_SSH_IPV6 |
609 | piddir | 610 | piddir |
610 | user_path | 611 | user_path |
@@ -5603,6 +5604,68 @@ fi | |||
5603 | 5604 | ||
5604 | if test "$GCC" = "yes" || test "$GCC" = "egcs"; then | 5605 | if test "$GCC" = "yes" || test "$GCC" = "egcs"; then |
5605 | { | 5606 | { |
5607 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Qunused-arguments -Werror" >&5 | ||
5608 | $as_echo_n "checking if $CC supports -Qunused-arguments -Werror... " >&6; } | ||
5609 | saved_CFLAGS="$CFLAGS" | ||
5610 | CFLAGS="$CFLAGS -Qunused-arguments -Werror" | ||
5611 | _define_flag="-Qunused-arguments" | ||
5612 | test "x$_define_flag" = "x" && _define_flag="-Qunused-arguments -Werror" | ||
5613 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
5614 | /* end confdefs.h. */ | ||
5615 | int main(void) { return 0; } | ||
5616 | _ACEOF | ||
5617 | if ac_fn_c_try_compile "$LINENO"; then : | ||
5618 | |||
5619 | if `grep -i "unrecognized option" conftest.err >/dev/null` | ||
5620 | then | ||
5621 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
5622 | $as_echo "no" >&6; } | ||
5623 | CFLAGS="$saved_CFLAGS" | ||
5624 | else | ||
5625 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
5626 | $as_echo "yes" >&6; } | ||
5627 | CFLAGS="$saved_CFLAGS $_define_flag" | ||
5628 | fi | ||
5629 | else | ||
5630 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
5631 | $as_echo "no" >&6; } | ||
5632 | CFLAGS="$saved_CFLAGS" | ||
5633 | |||
5634 | fi | ||
5635 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
5636 | } | ||
5637 | { | ||
5638 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Wunknown-warning-option -Werror" >&5 | ||
5639 | $as_echo_n "checking if $CC supports -Wunknown-warning-option -Werror... " >&6; } | ||
5640 | saved_CFLAGS="$CFLAGS" | ||
5641 | CFLAGS="$CFLAGS -Wunknown-warning-option -Werror" | ||
5642 | _define_flag="-Wno-unknown-warning-option" | ||
5643 | test "x$_define_flag" = "x" && _define_flag="-Wunknown-warning-option -Werror" | ||
5644 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
5645 | /* end confdefs.h. */ | ||
5646 | int main(void) { return 0; } | ||
5647 | _ACEOF | ||
5648 | if ac_fn_c_try_compile "$LINENO"; then : | ||
5649 | |||
5650 | if `grep -i "unrecognized option" conftest.err >/dev/null` | ||
5651 | then | ||
5652 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
5653 | $as_echo "no" >&6; } | ||
5654 | CFLAGS="$saved_CFLAGS" | ||
5655 | else | ||
5656 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
5657 | $as_echo "yes" >&6; } | ||
5658 | CFLAGS="$saved_CFLAGS $_define_flag" | ||
5659 | fi | ||
5660 | else | ||
5661 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
5662 | $as_echo "no" >&6; } | ||
5663 | CFLAGS="$saved_CFLAGS" | ||
5664 | |||
5665 | fi | ||
5666 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
5667 | } | ||
5668 | { | ||
5606 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Wall" >&5 | 5669 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Wall" >&5 |
5607 | $as_echo_n "checking if $CC supports -Wall... " >&6; } | 5670 | $as_echo_n "checking if $CC supports -Wall... " >&6; } |
5608 | saved_CFLAGS="$CFLAGS" | 5671 | saved_CFLAGS="$CFLAGS" |
@@ -5614,9 +5677,17 @@ $as_echo_n "checking if $CC supports -Wall... " >&6; } | |||
5614 | int main(void) { return 0; } | 5677 | int main(void) { return 0; } |
5615 | _ACEOF | 5678 | _ACEOF |
5616 | if ac_fn_c_try_compile "$LINENO"; then : | 5679 | if ac_fn_c_try_compile "$LINENO"; then : |
5617 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | 5680 | |
5681 | if `grep -i "unrecognized option" conftest.err >/dev/null` | ||
5682 | then | ||
5683 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
5684 | $as_echo "no" >&6; } | ||
5685 | CFLAGS="$saved_CFLAGS" | ||
5686 | else | ||
5687 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
5618 | $as_echo "yes" >&6; } | 5688 | $as_echo "yes" >&6; } |
5619 | CFLAGS="$saved_CFLAGS $_define_flag" | 5689 | CFLAGS="$saved_CFLAGS $_define_flag" |
5690 | fi | ||
5620 | else | 5691 | else |
5621 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | 5692 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 |
5622 | $as_echo "no" >&6; } | 5693 | $as_echo "no" >&6; } |
@@ -5637,9 +5708,17 @@ $as_echo_n "checking if $CC supports -Wpointer-arith... " >&6; } | |||
5637 | int main(void) { return 0; } | 5708 | int main(void) { return 0; } |
5638 | _ACEOF | 5709 | _ACEOF |
5639 | if ac_fn_c_try_compile "$LINENO"; then : | 5710 | if ac_fn_c_try_compile "$LINENO"; then : |
5640 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | 5711 | |
5712 | if `grep -i "unrecognized option" conftest.err >/dev/null` | ||
5713 | then | ||
5714 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
5715 | $as_echo "no" >&6; } | ||
5716 | CFLAGS="$saved_CFLAGS" | ||
5717 | else | ||
5718 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
5641 | $as_echo "yes" >&6; } | 5719 | $as_echo "yes" >&6; } |
5642 | CFLAGS="$saved_CFLAGS $_define_flag" | 5720 | CFLAGS="$saved_CFLAGS $_define_flag" |
5721 | fi | ||
5643 | else | 5722 | else |
5644 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | 5723 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 |
5645 | $as_echo "no" >&6; } | 5724 | $as_echo "no" >&6; } |
@@ -5660,9 +5739,17 @@ $as_echo_n "checking if $CC supports -Wuninitialized... " >&6; } | |||
5660 | int main(void) { return 0; } | 5739 | int main(void) { return 0; } |
5661 | _ACEOF | 5740 | _ACEOF |
5662 | if ac_fn_c_try_compile "$LINENO"; then : | 5741 | if ac_fn_c_try_compile "$LINENO"; then : |
5663 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | 5742 | |
5743 | if `grep -i "unrecognized option" conftest.err >/dev/null` | ||
5744 | then | ||
5745 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
5746 | $as_echo "no" >&6; } | ||
5747 | CFLAGS="$saved_CFLAGS" | ||
5748 | else | ||
5749 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
5664 | $as_echo "yes" >&6; } | 5750 | $as_echo "yes" >&6; } |
5665 | CFLAGS="$saved_CFLAGS $_define_flag" | 5751 | CFLAGS="$saved_CFLAGS $_define_flag" |
5752 | fi | ||
5666 | else | 5753 | else |
5667 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | 5754 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 |
5668 | $as_echo "no" >&6; } | 5755 | $as_echo "no" >&6; } |
@@ -5683,9 +5770,17 @@ $as_echo_n "checking if $CC supports -Wsign-compare... " >&6; } | |||
5683 | int main(void) { return 0; } | 5770 | int main(void) { return 0; } |
5684 | _ACEOF | 5771 | _ACEOF |
5685 | if ac_fn_c_try_compile "$LINENO"; then : | 5772 | if ac_fn_c_try_compile "$LINENO"; then : |
5686 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | 5773 | |
5774 | if `grep -i "unrecognized option" conftest.err >/dev/null` | ||
5775 | then | ||
5776 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
5777 | $as_echo "no" >&6; } | ||
5778 | CFLAGS="$saved_CFLAGS" | ||
5779 | else | ||
5780 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
5687 | $as_echo "yes" >&6; } | 5781 | $as_echo "yes" >&6; } |
5688 | CFLAGS="$saved_CFLAGS $_define_flag" | 5782 | CFLAGS="$saved_CFLAGS $_define_flag" |
5783 | fi | ||
5689 | else | 5784 | else |
5690 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | 5785 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 |
5691 | $as_echo "no" >&6; } | 5786 | $as_echo "no" >&6; } |
@@ -5706,9 +5801,48 @@ $as_echo_n "checking if $CC supports -Wformat-security... " >&6; } | |||
5706 | int main(void) { return 0; } | 5801 | int main(void) { return 0; } |
5707 | _ACEOF | 5802 | _ACEOF |
5708 | if ac_fn_c_try_compile "$LINENO"; then : | 5803 | if ac_fn_c_try_compile "$LINENO"; then : |
5709 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | 5804 | |
5805 | if `grep -i "unrecognized option" conftest.err >/dev/null` | ||
5806 | then | ||
5807 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
5808 | $as_echo "no" >&6; } | ||
5809 | CFLAGS="$saved_CFLAGS" | ||
5810 | else | ||
5811 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
5812 | $as_echo "yes" >&6; } | ||
5813 | CFLAGS="$saved_CFLAGS $_define_flag" | ||
5814 | fi | ||
5815 | else | ||
5816 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
5817 | $as_echo "no" >&6; } | ||
5818 | CFLAGS="$saved_CFLAGS" | ||
5819 | |||
5820 | fi | ||
5821 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
5822 | } | ||
5823 | { | ||
5824 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Wsizeof-pointer-memaccess" >&5 | ||
5825 | $as_echo_n "checking if $CC supports -Wsizeof-pointer-memaccess... " >&6; } | ||
5826 | saved_CFLAGS="$CFLAGS" | ||
5827 | CFLAGS="$CFLAGS -Wsizeof-pointer-memaccess" | ||
5828 | _define_flag="" | ||
5829 | test "x$_define_flag" = "x" && _define_flag="-Wsizeof-pointer-memaccess" | ||
5830 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
5831 | /* end confdefs.h. */ | ||
5832 | int main(void) { return 0; } | ||
5833 | _ACEOF | ||
5834 | if ac_fn_c_try_compile "$LINENO"; then : | ||
5835 | |||
5836 | if `grep -i "unrecognized option" conftest.err >/dev/null` | ||
5837 | then | ||
5838 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
5839 | $as_echo "no" >&6; } | ||
5840 | CFLAGS="$saved_CFLAGS" | ||
5841 | else | ||
5842 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
5710 | $as_echo "yes" >&6; } | 5843 | $as_echo "yes" >&6; } |
5711 | CFLAGS="$saved_CFLAGS $_define_flag" | 5844 | CFLAGS="$saved_CFLAGS $_define_flag" |
5845 | fi | ||
5712 | else | 5846 | else |
5713 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | 5847 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 |
5714 | $as_echo "no" >&6; } | 5848 | $as_echo "no" >&6; } |
@@ -5729,9 +5863,17 @@ $as_echo_n "checking if $CC supports -Wpointer-sign... " >&6; } | |||
5729 | int main(void) { return 0; } | 5863 | int main(void) { return 0; } |
5730 | _ACEOF | 5864 | _ACEOF |
5731 | if ac_fn_c_try_compile "$LINENO"; then : | 5865 | if ac_fn_c_try_compile "$LINENO"; then : |
5732 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | 5866 | |
5867 | if `grep -i "unrecognized option" conftest.err >/dev/null` | ||
5868 | then | ||
5869 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
5870 | $as_echo "no" >&6; } | ||
5871 | CFLAGS="$saved_CFLAGS" | ||
5872 | else | ||
5873 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
5733 | $as_echo "yes" >&6; } | 5874 | $as_echo "yes" >&6; } |
5734 | CFLAGS="$saved_CFLAGS $_define_flag" | 5875 | CFLAGS="$saved_CFLAGS $_define_flag" |
5876 | fi | ||
5735 | else | 5877 | else |
5736 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | 5878 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 |
5737 | $as_echo "no" >&6; } | 5879 | $as_echo "no" >&6; } |
@@ -5752,9 +5894,17 @@ $as_echo_n "checking if $CC supports -Wunused-result... " >&6; } | |||
5752 | int main(void) { return 0; } | 5894 | int main(void) { return 0; } |
5753 | _ACEOF | 5895 | _ACEOF |
5754 | if ac_fn_c_try_compile "$LINENO"; then : | 5896 | if ac_fn_c_try_compile "$LINENO"; then : |
5755 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | 5897 | |
5898 | if `grep -i "unrecognized option" conftest.err >/dev/null` | ||
5899 | then | ||
5900 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
5901 | $as_echo "no" >&6; } | ||
5902 | CFLAGS="$saved_CFLAGS" | ||
5903 | else | ||
5904 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
5756 | $as_echo "yes" >&6; } | 5905 | $as_echo "yes" >&6; } |
5757 | CFLAGS="$saved_CFLAGS $_define_flag" | 5906 | CFLAGS="$saved_CFLAGS $_define_flag" |
5907 | fi | ||
5758 | else | 5908 | else |
5759 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | 5909 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 |
5760 | $as_echo "no" >&6; } | 5910 | $as_echo "no" >&6; } |
@@ -5775,9 +5925,17 @@ $as_echo_n "checking if $CC supports -fno-strict-aliasing... " >&6; } | |||
5775 | int main(void) { return 0; } | 5925 | int main(void) { return 0; } |
5776 | _ACEOF | 5926 | _ACEOF |
5777 | if ac_fn_c_try_compile "$LINENO"; then : | 5927 | if ac_fn_c_try_compile "$LINENO"; then : |
5778 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | 5928 | |
5929 | if `grep -i "unrecognized option" conftest.err >/dev/null` | ||
5930 | then | ||
5931 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
5932 | $as_echo "no" >&6; } | ||
5933 | CFLAGS="$saved_CFLAGS" | ||
5934 | else | ||
5935 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
5779 | $as_echo "yes" >&6; } | 5936 | $as_echo "yes" >&6; } |
5780 | CFLAGS="$saved_CFLAGS $_define_flag" | 5937 | CFLAGS="$saved_CFLAGS $_define_flag" |
5938 | fi | ||
5781 | else | 5939 | else |
5782 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | 5940 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 |
5783 | $as_echo "no" >&6; } | 5941 | $as_echo "no" >&6; } |
@@ -5798,9 +5956,17 @@ $as_echo_n "checking if $CC supports -D_FORTIFY_SOURCE=2... " >&6; } | |||
5798 | int main(void) { return 0; } | 5956 | int main(void) { return 0; } |
5799 | _ACEOF | 5957 | _ACEOF |
5800 | if ac_fn_c_try_compile "$LINENO"; then : | 5958 | if ac_fn_c_try_compile "$LINENO"; then : |
5801 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | 5959 | |
5960 | if `grep -i "unrecognized option" conftest.err >/dev/null` | ||
5961 | then | ||
5962 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
5963 | $as_echo "no" >&6; } | ||
5964 | CFLAGS="$saved_CFLAGS" | ||
5965 | else | ||
5966 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
5802 | $as_echo "yes" >&6; } | 5967 | $as_echo "yes" >&6; } |
5803 | CFLAGS="$saved_CFLAGS $_define_flag" | 5968 | CFLAGS="$saved_CFLAGS $_define_flag" |
5969 | fi | ||
5804 | else | 5970 | else |
5805 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | 5971 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 |
5806 | $as_echo "no" >&6; } | 5972 | $as_echo "no" >&6; } |
@@ -6072,6 +6238,7 @@ for ac_header in \ | |||
6072 | ia.h \ | 6238 | ia.h \ |
6073 | iaf.h \ | 6239 | iaf.h \ |
6074 | limits.h \ | 6240 | limits.h \ |
6241 | locale.h \ | ||
6075 | login.h \ | 6242 | login.h \ |
6076 | maillock.h \ | 6243 | maillock.h \ |
6077 | ndir.h \ | 6244 | ndir.h \ |
@@ -6110,7 +6277,6 @@ for ac_header in \ | |||
6110 | sys/sysmacros.h \ | 6277 | sys/sysmacros.h \ |
6111 | sys/time.h \ | 6278 | sys/time.h \ |
6112 | sys/timers.h \ | 6279 | sys/timers.h \ |
6113 | sys/un.h \ | ||
6114 | time.h \ | 6280 | time.h \ |
6115 | tmpdir.h \ | 6281 | tmpdir.h \ |
6116 | ttyent.h \ | 6282 | ttyent.h \ |
@@ -6208,6 +6374,24 @@ fi | |||
6208 | done | 6374 | done |
6209 | 6375 | ||
6210 | 6376 | ||
6377 | # Android requires sys/socket.h to be included before sys/un.h | ||
6378 | for ac_header in sys/un.h | ||
6379 | do : | ||
6380 | ac_fn_c_check_header_compile "$LINENO" "sys/un.h" "ac_cv_header_sys_un_h" " | ||
6381 | #include <sys/types.h> | ||
6382 | #include <sys/socket.h> | ||
6383 | |||
6384 | " | ||
6385 | if test "x$ac_cv_header_sys_un_h" = xyes; then : | ||
6386 | cat >>confdefs.h <<_ACEOF | ||
6387 | #define HAVE_SYS_UN_H 1 | ||
6388 | _ACEOF | ||
6389 | |||
6390 | fi | ||
6391 | |||
6392 | done | ||
6393 | |||
6394 | |||
6211 | # Messages for features tested for in target-specific section | 6395 | # Messages for features tested for in target-specific section |
6212 | SIA_MSG="no" | 6396 | SIA_MSG="no" |
6213 | SPC_MSG="no" | 6397 | SPC_MSG="no" |
@@ -6494,6 +6678,14 @@ $as_echo "#define PTY_ZEROREAD 1" >>confdefs.h | |||
6494 | $as_echo "#define PLATFORM_SYS_DIR_UID 2" >>confdefs.h | 6678 | $as_echo "#define PLATFORM_SYS_DIR_UID 2" >>confdefs.h |
6495 | 6679 | ||
6496 | ;; | 6680 | ;; |
6681 | *-*-android*) | ||
6682 | |||
6683 | $as_echo "#define DISABLE_UTMP 1" >>confdefs.h | ||
6684 | |||
6685 | |||
6686 | $as_echo "#define DISABLE_WTMP 1" >>confdefs.h | ||
6687 | |||
6688 | ;; | ||
6497 | *-*-cygwin*) | 6689 | *-*-cygwin*) |
6498 | check_for_libcrypt_later=1 | 6690 | check_for_libcrypt_later=1 |
6499 | LIBS="$LIBS /usr/lib/textreadmode.o" | 6691 | LIBS="$LIBS /usr/lib/textreadmode.o" |
@@ -7255,6 +7447,7 @@ fi | |||
7255 | 7447 | ||
7256 | fi | 7448 | fi |
7257 | 7449 | ||
7450 | TEST_SHELL=$SHELL # let configure find us a capable shell | ||
7258 | ;; | 7451 | ;; |
7259 | *-*-sunos4*) | 7452 | *-*-sunos4*) |
7260 | CPPFLAGS="$CPPFLAGS -DSUNOS4" | 7453 | CPPFLAGS="$CPPFLAGS -DSUNOS4" |
@@ -7411,6 +7604,7 @@ $as_echo "#define PASSWD_NEEDS_USERNAME 1" >>confdefs.h | |||
7411 | 7604 | ||
7412 | $as_echo "#define LOCKED_PASSWD_STRING \"*LK*\"" >>confdefs.h | 7605 | $as_echo "#define LOCKED_PASSWD_STRING \"*LK*\"" >>confdefs.h |
7413 | 7606 | ||
7607 | TEST_SHELL=$SHELL # let configure find us a capable shell | ||
7414 | ;; | 7608 | ;; |
7415 | # UnixWare 7.x, OpenUNIX 8 | 7609 | # UnixWare 7.x, OpenUNIX 8 |
7416 | *-*-sysv5*) | 7610 | *-*-sysv5*) |
@@ -7430,10 +7624,10 @@ $as_echo "#define UNIXWARE_LONG_PASSWORDS 1" >>confdefs.h | |||
7430 | 7624 | ||
7431 | $as_echo "#define PASSWD_NEEDS_USERNAME 1" >>confdefs.h | 7625 | $as_echo "#define PASSWD_NEEDS_USERNAME 1" >>confdefs.h |
7432 | 7626 | ||
7627 | TEST_SHELL=$SHELL # let configure find us a capable shell | ||
7433 | case "$host" in | 7628 | case "$host" in |
7434 | *-*-sysv5SCO_SV*) # SCO OpenServer 6.x | 7629 | *-*-sysv5SCO_SV*) # SCO OpenServer 6.x |
7435 | maildir=/var/spool/mail | 7630 | maildir=/var/spool/mail |
7436 | TEST_SHELL=/u95/bin/sh | ||
7437 | 7631 | ||
7438 | $as_echo "#define BROKEN_LIBIAF 1" >>confdefs.h | 7632 | $as_echo "#define BROKEN_LIBIAF 1" >>confdefs.h |
7439 | 7633 | ||
@@ -7551,7 +7745,7 @@ fi | |||
7551 | done | 7745 | done |
7552 | 7746 | ||
7553 | MANTYPE=man | 7747 | MANTYPE=man |
7554 | TEST_SHELL=ksh | 7748 | TEST_SHELL=$SHELL # let configure find us a capable shell |
7555 | SKIP_DISABLE_LASTLOG_DEFINE=yes | 7749 | SKIP_DISABLE_LASTLOG_DEFINE=yes |
7556 | ;; | 7750 | ;; |
7557 | *-*-unicosmk*) | 7751 | *-*-unicosmk*) |
@@ -7662,15 +7856,6 @@ $as_echo "#define BROKEN_READV_COMPARISON 1" >>confdefs.h | |||
7662 | 7856 | ||
7663 | $as_echo "#define NO_X11_UNIX_SOCKETS 1" >>confdefs.h | 7857 | $as_echo "#define NO_X11_UNIX_SOCKETS 1" >>confdefs.h |
7664 | 7858 | ||
7665 | |||
7666 | $as_echo "#define MISSING_NFDBITS 1" >>confdefs.h | ||
7667 | |||
7668 | |||
7669 | $as_echo "#define MISSING_HOWMANY 1" >>confdefs.h | ||
7670 | |||
7671 | |||
7672 | $as_echo "#define MISSING_FD_MASK 1" >>confdefs.h | ||
7673 | |||
7674 | $as_echo "#define DISABLE_LASTLOG 1" >>confdefs.h | 7859 | $as_echo "#define DISABLE_LASTLOG 1" >>confdefs.h |
7675 | 7860 | ||
7676 | $as_echo "#define SSHD_ACQUIRES_CTTY 1" >>confdefs.h | 7861 | $as_echo "#define SSHD_ACQUIRES_CTTY 1" >>confdefs.h |
@@ -7703,8 +7888,6 @@ $as_echo "#define HAVE_SYS_SYSLOG_H 1" >>confdefs.h | |||
7703 | 7888 | ||
7704 | *-*-lynxos) | 7889 | *-*-lynxos) |
7705 | CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__" | 7890 | CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__" |
7706 | $as_echo "#define MISSING_HOWMANY 1" >>confdefs.h | ||
7707 | |||
7708 | 7891 | ||
7709 | $as_echo "#define BROKEN_SETVBUF 1" >>confdefs.h | 7892 | $as_echo "#define BROKEN_SETVBUF 1" >>confdefs.h |
7710 | 7893 | ||
@@ -8229,6 +8412,7 @@ else | |||
8229 | /* end confdefs.h. */ | 8412 | /* end confdefs.h. */ |
8230 | 8413 | ||
8231 | #include <stdio.h> | 8414 | #include <stdio.h> |
8415 | #include <stdlib.h> | ||
8232 | #include <zlib.h> | 8416 | #include <zlib.h> |
8233 | 8417 | ||
8234 | int | 8418 | int |
@@ -8453,6 +8637,62 @@ if test "$ac_res" != no; then : | |||
8453 | 8637 | ||
8454 | fi | 8638 | fi |
8455 | 8639 | ||
8640 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing scan_scaled" >&5 | ||
8641 | $as_echo_n "checking for library containing scan_scaled... " >&6; } | ||
8642 | if ${ac_cv_search_scan_scaled+:} false; then : | ||
8643 | $as_echo_n "(cached) " >&6 | ||
8644 | else | ||
8645 | ac_func_search_save_LIBS=$LIBS | ||
8646 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
8647 | /* end confdefs.h. */ | ||
8648 | |||
8649 | /* Override any GCC internal prototype to avoid an error. | ||
8650 | Use char because int might match the return type of a GCC | ||
8651 | builtin and then its argument prototype would still apply. */ | ||
8652 | #ifdef __cplusplus | ||
8653 | extern "C" | ||
8654 | #endif | ||
8655 | char scan_scaled (); | ||
8656 | int | ||
8657 | main () | ||
8658 | { | ||
8659 | return scan_scaled (); | ||
8660 | ; | ||
8661 | return 0; | ||
8662 | } | ||
8663 | _ACEOF | ||
8664 | for ac_lib in '' util bsd; do | ||
8665 | if test -z "$ac_lib"; then | ||
8666 | ac_res="none required" | ||
8667 | else | ||
8668 | ac_res=-l$ac_lib | ||
8669 | LIBS="-l$ac_lib $ac_func_search_save_LIBS" | ||
8670 | fi | ||
8671 | if ac_fn_c_try_link "$LINENO"; then : | ||
8672 | ac_cv_search_scan_scaled=$ac_res | ||
8673 | fi | ||
8674 | rm -f core conftest.err conftest.$ac_objext \ | ||
8675 | conftest$ac_exeext | ||
8676 | if ${ac_cv_search_scan_scaled+:} false; then : | ||
8677 | break | ||
8678 | fi | ||
8679 | done | ||
8680 | if ${ac_cv_search_scan_scaled+:} false; then : | ||
8681 | |||
8682 | else | ||
8683 | ac_cv_search_scan_scaled=no | ||
8684 | fi | ||
8685 | rm conftest.$ac_ext | ||
8686 | LIBS=$ac_func_search_save_LIBS | ||
8687 | fi | ||
8688 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_scan_scaled" >&5 | ||
8689 | $as_echo "$ac_cv_search_scan_scaled" >&6; } | ||
8690 | ac_res=$ac_cv_search_scan_scaled | ||
8691 | if test "$ac_res" != no; then : | ||
8692 | test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" | ||
8693 | |||
8694 | fi | ||
8695 | |||
8456 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing login" >&5 | 8696 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing login" >&5 |
8457 | $as_echo_n "checking for library containing login... " >&6; } | 8697 | $as_echo_n "checking for library containing login... " >&6; } |
8458 | if ${ac_cv_search_login+:} false; then : | 8698 | if ${ac_cv_search_login+:} false; then : |
@@ -8733,7 +8973,7 @@ if test "$ac_res" != no; then : | |||
8733 | 8973 | ||
8734 | fi | 8974 | fi |
8735 | 8975 | ||
8736 | for ac_func in fmt_scaled login logout openpty updwtmp logwtmp | 8976 | for ac_func in fmt_scaled scan_scaled login logout openpty updwtmp logwtmp |
8737 | do : | 8977 | do : |
8738 | as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` | 8978 | as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` |
8739 | ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" | 8979 | ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" |
@@ -9568,6 +9808,7 @@ for ac_func in \ | |||
9568 | clock \ | 9808 | clock \ |
9569 | closefrom \ | 9809 | closefrom \ |
9570 | dirfd \ | 9810 | dirfd \ |
9811 | endgrent \ | ||
9571 | fchmod \ | 9812 | fchmod \ |
9572 | fchown \ | 9813 | fchown \ |
9573 | freeaddrinfo \ | 9814 | freeaddrinfo \ |
@@ -9592,6 +9833,7 @@ for ac_func in \ | |||
9592 | inet_ntop \ | 9833 | inet_ntop \ |
9593 | innetgr \ | 9834 | innetgr \ |
9594 | login_getcapbool \ | 9835 | login_getcapbool \ |
9836 | mblen \ | ||
9595 | md5_crypt \ | 9837 | md5_crypt \ |
9596 | memmove \ | 9838 | memmove \ |
9597 | mkdtemp \ | 9839 | mkdtemp \ |
@@ -9850,6 +10092,65 @@ $as_echo "#define HAVE_NANOSLEEP 1" >>confdefs.h | |||
9850 | fi | 10092 | fi |
9851 | 10093 | ||
9852 | 10094 | ||
10095 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing clock_gettime" >&5 | ||
10096 | $as_echo_n "checking for library containing clock_gettime... " >&6; } | ||
10097 | if ${ac_cv_search_clock_gettime+:} false; then : | ||
10098 | $as_echo_n "(cached) " >&6 | ||
10099 | else | ||
10100 | ac_func_search_save_LIBS=$LIBS | ||
10101 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
10102 | /* end confdefs.h. */ | ||
10103 | |||
10104 | /* Override any GCC internal prototype to avoid an error. | ||
10105 | Use char because int might match the return type of a GCC | ||
10106 | builtin and then its argument prototype would still apply. */ | ||
10107 | #ifdef __cplusplus | ||
10108 | extern "C" | ||
10109 | #endif | ||
10110 | char clock_gettime (); | ||
10111 | int | ||
10112 | main () | ||
10113 | { | ||
10114 | return clock_gettime (); | ||
10115 | ; | ||
10116 | return 0; | ||
10117 | } | ||
10118 | _ACEOF | ||
10119 | for ac_lib in '' rt; do | ||
10120 | if test -z "$ac_lib"; then | ||
10121 | ac_res="none required" | ||
10122 | else | ||
10123 | ac_res=-l$ac_lib | ||
10124 | LIBS="-l$ac_lib $ac_func_search_save_LIBS" | ||
10125 | fi | ||
10126 | if ac_fn_c_try_link "$LINENO"; then : | ||
10127 | ac_cv_search_clock_gettime=$ac_res | ||
10128 | fi | ||
10129 | rm -f core conftest.err conftest.$ac_objext \ | ||
10130 | conftest$ac_exeext | ||
10131 | if ${ac_cv_search_clock_gettime+:} false; then : | ||
10132 | break | ||
10133 | fi | ||
10134 | done | ||
10135 | if ${ac_cv_search_clock_gettime+:} false; then : | ||
10136 | |||
10137 | else | ||
10138 | ac_cv_search_clock_gettime=no | ||
10139 | fi | ||
10140 | rm conftest.$ac_ext | ||
10141 | LIBS=$ac_func_search_save_LIBS | ||
10142 | fi | ||
10143 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_clock_gettime" >&5 | ||
10144 | $as_echo "$ac_cv_search_clock_gettime" >&6; } | ||
10145 | ac_res=$ac_cv_search_clock_gettime | ||
10146 | if test "$ac_res" != no; then : | ||
10147 | test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" | ||
10148 | |||
10149 | $as_echo "#define HAVE_CLOCK_GETTIME 1" >>confdefs.h | ||
10150 | |||
10151 | fi | ||
10152 | |||
10153 | |||
9853 | ac_fn_c_check_decl "$LINENO" "getrusage" "ac_cv_have_decl_getrusage" "$ac_includes_default" | 10154 | ac_fn_c_check_decl "$LINENO" "getrusage" "ac_cv_have_decl_getrusage" "$ac_includes_default" |
9854 | if test "x$ac_cv_have_decl_getrusage" = xyes; then : | 10155 | if test "x$ac_cv_have_decl_getrusage" = xyes; then : |
9855 | for ac_func in getrusage | 10156 | for ac_func in getrusage |
@@ -10004,6 +10305,84 @@ cat >>confdefs.h <<_ACEOF | |||
10004 | _ACEOF | 10305 | _ACEOF |
10005 | 10306 | ||
10006 | 10307 | ||
10308 | # extra bits for select(2) | ||
10309 | ac_fn_c_check_decl "$LINENO" "howmany" "ac_cv_have_decl_howmany" " | ||
10310 | #include <sys/param.h> | ||
10311 | #include <sys/types.h> | ||
10312 | #ifdef HAVE_SYS_SYSMACROS_H | ||
10313 | #include <sys/sysmacros.h> | ||
10314 | #endif | ||
10315 | #ifdef HAVE_SYS_SELECT_H | ||
10316 | #include <sys/select.h> | ||
10317 | #endif | ||
10318 | #ifdef HAVE_SYS_TIME_H | ||
10319 | #include <sys/time.h> | ||
10320 | #endif | ||
10321 | #ifdef HAVE_UNISTD_H | ||
10322 | #include <unistd.h> | ||
10323 | #endif | ||
10324 | |||
10325 | " | ||
10326 | if test "x$ac_cv_have_decl_howmany" = xyes; then : | ||
10327 | ac_have_decl=1 | ||
10328 | else | ||
10329 | ac_have_decl=0 | ||
10330 | fi | ||
10331 | |||
10332 | cat >>confdefs.h <<_ACEOF | ||
10333 | #define HAVE_DECL_HOWMANY $ac_have_decl | ||
10334 | _ACEOF | ||
10335 | ac_fn_c_check_decl "$LINENO" "NFDBITS" "ac_cv_have_decl_NFDBITS" " | ||
10336 | #include <sys/param.h> | ||
10337 | #include <sys/types.h> | ||
10338 | #ifdef HAVE_SYS_SYSMACROS_H | ||
10339 | #include <sys/sysmacros.h> | ||
10340 | #endif | ||
10341 | #ifdef HAVE_SYS_SELECT_H | ||
10342 | #include <sys/select.h> | ||
10343 | #endif | ||
10344 | #ifdef HAVE_SYS_TIME_H | ||
10345 | #include <sys/time.h> | ||
10346 | #endif | ||
10347 | #ifdef HAVE_UNISTD_H | ||
10348 | #include <unistd.h> | ||
10349 | #endif | ||
10350 | |||
10351 | " | ||
10352 | if test "x$ac_cv_have_decl_NFDBITS" = xyes; then : | ||
10353 | ac_have_decl=1 | ||
10354 | else | ||
10355 | ac_have_decl=0 | ||
10356 | fi | ||
10357 | |||
10358 | cat >>confdefs.h <<_ACEOF | ||
10359 | #define HAVE_DECL_NFDBITS $ac_have_decl | ||
10360 | _ACEOF | ||
10361 | |||
10362 | ac_fn_c_check_type "$LINENO" "fd_mask" "ac_cv_type_fd_mask" " | ||
10363 | #include <sys/param.h> | ||
10364 | #include <sys/types.h> | ||
10365 | #ifdef HAVE_SYS_SELECT_H | ||
10366 | #include <sys/select.h> | ||
10367 | #endif | ||
10368 | #ifdef HAVE_SYS_TIME_H | ||
10369 | #include <sys/time.h> | ||
10370 | #endif | ||
10371 | #ifdef HAVE_UNISTD_H | ||
10372 | #include <unistd.h> | ||
10373 | #endif | ||
10374 | |||
10375 | " | ||
10376 | if test "x$ac_cv_type_fd_mask" = xyes; then : | ||
10377 | |||
10378 | cat >>confdefs.h <<_ACEOF | ||
10379 | #define HAVE_FD_MASK 1 | ||
10380 | _ACEOF | ||
10381 | |||
10382 | |||
10383 | fi | ||
10384 | |||
10385 | |||
10007 | for ac_func in setresuid | 10386 | for ac_func in setresuid |
10008 | do : | 10387 | do : |
10009 | ac_fn_c_check_func "$LINENO" "setresuid" "ac_cv_func_setresuid" | 10388 | ac_fn_c_check_func "$LINENO" "setresuid" "ac_cv_func_setresuid" |
@@ -11334,6 +11713,8 @@ else | |||
11334 | 11713 | ||
11335 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | 11714 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 |
11336 | $as_echo "no" >&6; } | 11715 | $as_echo "no" >&6; } |
11716 | unsupported_algorithms="$unsupported_cipers \ | ||
11717 | aes128-gcm@openssh.com aes256-gcm@openssh.com" | ||
11337 | 11718 | ||
11338 | 11719 | ||
11339 | fi | 11720 | fi |
@@ -11530,6 +11911,18 @@ if test "x$ac_cv_lib_crypt_crypt" = xyes; then : | |||
11530 | fi | 11911 | fi |
11531 | 11912 | ||
11532 | fi | 11913 | fi |
11914 | for ac_func in crypt DES_crypt | ||
11915 | do : | ||
11916 | as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` | ||
11917 | ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" | ||
11918 | if eval test \"x\$"$as_ac_var"\" = x"yes"; then : | ||
11919 | cat >>confdefs.h <<_ACEOF | ||
11920 | #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 | ||
11921 | _ACEOF | ||
11922 | |||
11923 | fi | ||
11924 | done | ||
11925 | |||
11533 | 11926 | ||
11534 | # Search for SHA256 support in libc and/or OpenSSL | 11927 | # Search for SHA256 support in libc and/or OpenSSL |
11535 | for ac_func in SHA256_Update EVP_sha256 | 11928 | for ac_func in SHA256_Update EVP_sha256 |
@@ -11543,6 +11936,12 @@ _ACEOF | |||
11543 | TEST_SSH_SHA256=yes | 11936 | TEST_SSH_SHA256=yes |
11544 | else | 11937 | else |
11545 | TEST_SSH_SHA256=no | 11938 | TEST_SSH_SHA256=no |
11939 | unsupported_algorithms="$unsupported_algorithms \ | ||
11940 | hmac-sha2-256 hmac-sha2-512 \ | ||
11941 | diffie-hellman-group-exchange-sha256 \ | ||
11942 | hmac-sha2-256-etm@openssh.com hmac-sha2-512-etm@openssh.com" | ||
11943 | |||
11944 | |||
11546 | fi | 11945 | fi |
11547 | done | 11946 | done |
11548 | 11947 | ||
@@ -11591,6 +11990,12 @@ else | |||
11591 | $as_echo "no" >&6; } | 11990 | $as_echo "no" >&6; } |
11592 | TEST_SSH_ECC=no | 11991 | TEST_SSH_ECC=no |
11593 | COMMENT_OUT_ECC="#no ecc#" | 11992 | COMMENT_OUT_ECC="#no ecc#" |
11993 | unsupported_algorithms="$unsupported_algorithms \ | ||
11994 | ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521 \ | ||
11995 | ecdsa-sha2-nistp256-cert-v01@openssh.com \ | ||
11996 | ecdsa-sha2-nistp384-cert-v01@openssh.com \ | ||
11997 | ecdsa-sha2-nistp521-cert-v01@openssh.com \ | ||
11998 | ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521" | ||
11594 | 11999 | ||
11595 | 12000 | ||
11596 | fi | 12001 | fi |
@@ -14343,6 +14748,60 @@ _ACEOF | |||
14343 | 14748 | ||
14344 | fi | 14749 | fi |
14345 | 14750 | ||
14751 | ac_fn_c_check_member "$LINENO" "struct passwd" "pw_gecos" "ac_cv_member_struct_passwd_pw_gecos" " | ||
14752 | #include <sys/types.h> | ||
14753 | #include <pwd.h> | ||
14754 | |||
14755 | " | ||
14756 | if test "x$ac_cv_member_struct_passwd_pw_gecos" = xyes; then : | ||
14757 | |||
14758 | cat >>confdefs.h <<_ACEOF | ||
14759 | #define HAVE_STRUCT_PASSWD_PW_GECOS 1 | ||
14760 | _ACEOF | ||
14761 | |||
14762 | |||
14763 | fi | ||
14764 | ac_fn_c_check_member "$LINENO" "struct passwd" "pw_class" "ac_cv_member_struct_passwd_pw_class" " | ||
14765 | #include <sys/types.h> | ||
14766 | #include <pwd.h> | ||
14767 | |||
14768 | " | ||
14769 | if test "x$ac_cv_member_struct_passwd_pw_class" = xyes; then : | ||
14770 | |||
14771 | cat >>confdefs.h <<_ACEOF | ||
14772 | #define HAVE_STRUCT_PASSWD_PW_CLASS 1 | ||
14773 | _ACEOF | ||
14774 | |||
14775 | |||
14776 | fi | ||
14777 | ac_fn_c_check_member "$LINENO" "struct passwd" "pw_change" "ac_cv_member_struct_passwd_pw_change" " | ||
14778 | #include <sys/types.h> | ||
14779 | #include <pwd.h> | ||
14780 | |||
14781 | " | ||
14782 | if test "x$ac_cv_member_struct_passwd_pw_change" = xyes; then : | ||
14783 | |||
14784 | cat >>confdefs.h <<_ACEOF | ||
14785 | #define HAVE_STRUCT_PASSWD_PW_CHANGE 1 | ||
14786 | _ACEOF | ||
14787 | |||
14788 | |||
14789 | fi | ||
14790 | ac_fn_c_check_member "$LINENO" "struct passwd" "pw_expire" "ac_cv_member_struct_passwd_pw_expire" " | ||
14791 | #include <sys/types.h> | ||
14792 | #include <pwd.h> | ||
14793 | |||
14794 | " | ||
14795 | if test "x$ac_cv_member_struct_passwd_pw_expire" = xyes; then : | ||
14796 | |||
14797 | cat >>confdefs.h <<_ACEOF | ||
14798 | #define HAVE_STRUCT_PASSWD_PW_EXPIRE 1 | ||
14799 | _ACEOF | ||
14800 | |||
14801 | |||
14802 | fi | ||
14803 | |||
14804 | |||
14346 | ac_fn_c_check_member "$LINENO" "struct __res_state" "retrans" "ac_cv_member_struct___res_state_retrans" " | 14805 | ac_fn_c_check_member "$LINENO" "struct __res_state" "retrans" "ac_cv_member_struct___res_state_retrans" " |
14347 | #include <stdio.h> | 14806 | #include <stdio.h> |
14348 | #if HAVE_SYS_TYPES_H | 14807 | #if HAVE_SYS_TYPES_H |
@@ -14435,108 +14894,6 @@ $as_echo "#define HAVE___SS_FAMILY_IN_SS 1" >>confdefs.h | |||
14435 | 14894 | ||
14436 | fi | 14895 | fi |
14437 | 14896 | ||
14438 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for pw_class field in struct passwd" >&5 | ||
14439 | $as_echo_n "checking for pw_class field in struct passwd... " >&6; } | ||
14440 | if ${ac_cv_have_pw_class_in_struct_passwd+:} false; then : | ||
14441 | $as_echo_n "(cached) " >&6 | ||
14442 | else | ||
14443 | |||
14444 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
14445 | /* end confdefs.h. */ | ||
14446 | #include <pwd.h> | ||
14447 | int | ||
14448 | main () | ||
14449 | { | ||
14450 | struct passwd p; p.pw_class = 0; | ||
14451 | ; | ||
14452 | return 0; | ||
14453 | } | ||
14454 | _ACEOF | ||
14455 | if ac_fn_c_try_compile "$LINENO"; then : | ||
14456 | ac_cv_have_pw_class_in_struct_passwd="yes" | ||
14457 | else | ||
14458 | ac_cv_have_pw_class_in_struct_passwd="no" | ||
14459 | |||
14460 | fi | ||
14461 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
14462 | |||
14463 | fi | ||
14464 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_pw_class_in_struct_passwd" >&5 | ||
14465 | $as_echo "$ac_cv_have_pw_class_in_struct_passwd" >&6; } | ||
14466 | if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then | ||
14467 | |||
14468 | $as_echo "#define HAVE_PW_CLASS_IN_PASSWD 1" >>confdefs.h | ||
14469 | |||
14470 | fi | ||
14471 | |||
14472 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for pw_expire field in struct passwd" >&5 | ||
14473 | $as_echo_n "checking for pw_expire field in struct passwd... " >&6; } | ||
14474 | if ${ac_cv_have_pw_expire_in_struct_passwd+:} false; then : | ||
14475 | $as_echo_n "(cached) " >&6 | ||
14476 | else | ||
14477 | |||
14478 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
14479 | /* end confdefs.h. */ | ||
14480 | #include <pwd.h> | ||
14481 | int | ||
14482 | main () | ||
14483 | { | ||
14484 | struct passwd p; p.pw_expire = 0; | ||
14485 | ; | ||
14486 | return 0; | ||
14487 | } | ||
14488 | _ACEOF | ||
14489 | if ac_fn_c_try_compile "$LINENO"; then : | ||
14490 | ac_cv_have_pw_expire_in_struct_passwd="yes" | ||
14491 | else | ||
14492 | ac_cv_have_pw_expire_in_struct_passwd="no" | ||
14493 | |||
14494 | fi | ||
14495 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
14496 | |||
14497 | fi | ||
14498 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_pw_expire_in_struct_passwd" >&5 | ||
14499 | $as_echo "$ac_cv_have_pw_expire_in_struct_passwd" >&6; } | ||
14500 | if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then | ||
14501 | |||
14502 | $as_echo "#define HAVE_PW_EXPIRE_IN_PASSWD 1" >>confdefs.h | ||
14503 | |||
14504 | fi | ||
14505 | |||
14506 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for pw_change field in struct passwd" >&5 | ||
14507 | $as_echo_n "checking for pw_change field in struct passwd... " >&6; } | ||
14508 | if ${ac_cv_have_pw_change_in_struct_passwd+:} false; then : | ||
14509 | $as_echo_n "(cached) " >&6 | ||
14510 | else | ||
14511 | |||
14512 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
14513 | /* end confdefs.h. */ | ||
14514 | #include <pwd.h> | ||
14515 | int | ||
14516 | main () | ||
14517 | { | ||
14518 | struct passwd p; p.pw_change = 0; | ||
14519 | ; | ||
14520 | return 0; | ||
14521 | } | ||
14522 | _ACEOF | ||
14523 | if ac_fn_c_try_compile "$LINENO"; then : | ||
14524 | ac_cv_have_pw_change_in_struct_passwd="yes" | ||
14525 | else | ||
14526 | ac_cv_have_pw_change_in_struct_passwd="no" | ||
14527 | |||
14528 | fi | ||
14529 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
14530 | |||
14531 | fi | ||
14532 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_pw_change_in_struct_passwd" >&5 | ||
14533 | $as_echo "$ac_cv_have_pw_change_in_struct_passwd" >&6; } | ||
14534 | if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then | ||
14535 | |||
14536 | $as_echo "#define HAVE_PW_CHANGE_IN_PASSWD 1" >>confdefs.h | ||
14537 | |||
14538 | fi | ||
14539 | |||
14540 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for msg_accrights field in struct msghdr" >&5 | 14897 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for msg_accrights field in struct msghdr" >&5 |
14541 | $as_echo_n "checking for msg_accrights field in struct msghdr... " >&6; } | 14898 | $as_echo_n "checking for msg_accrights field in struct msghdr... " >&6; } |
14542 | if ${ac_cv_have_accrights_in_msghdr+:} false; then : | 14899 | if ${ac_cv_have_accrights_in_msghdr+:} false; then : |
@@ -15994,6 +16351,22 @@ cat >>confdefs.h <<_ACEOF | |||
15994 | #define HAVE_DECL_GSS_C_NT_HOSTBASED_SERVICE $ac_have_decl | 16351 | #define HAVE_DECL_GSS_C_NT_HOSTBASED_SERVICE $ac_have_decl |
15995 | _ACEOF | 16352 | _ACEOF |
15996 | 16353 | ||
16354 | saved_LIBS="$LIBS" | ||
16355 | LIBS="$LIBS $K5LIBS" | ||
16356 | for ac_func in krb5_cc_new_unique krb5_get_error_message krb5_free_error_message | ||
16357 | do : | ||
16358 | as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` | ||
16359 | ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" | ||
16360 | if eval test \"x\$"$as_ac_var"\" = x"yes"; then : | ||
16361 | cat >>confdefs.h <<_ACEOF | ||
16362 | #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 | ||
16363 | _ACEOF | ||
16364 | |||
16365 | fi | ||
16366 | done | ||
16367 | |||
16368 | LIBS="$saved_LIBS" | ||
16369 | |||
15997 | fi | 16370 | fi |
15998 | 16371 | ||
15999 | 16372 | ||
@@ -17176,6 +17549,8 @@ fi | |||
17176 | 17549 | ||
17177 | TEST_SSH_IPV6=$TEST_SSH_IPV6 | 17550 | TEST_SSH_IPV6=$TEST_SSH_IPV6 |
17178 | 17551 | ||
17552 | UNSUPPORTED_ALGORITHMS=$unsupported_algorithms | ||
17553 | |||
17179 | 17554 | ||
17180 | 17555 | ||
17181 | ac_config_files="$ac_config_files Makefile buildpkg.sh opensshd.init openssh.xml openbsd-compat/Makefile openbsd-compat/regress/Makefile survey.sh" | 17556 | ac_config_files="$ac_config_files Makefile buildpkg.sh opensshd.init openssh.xml openbsd-compat/Makefile openbsd-compat/regress/Makefile survey.sh" |
diff --git a/configure.ac b/configure.ac index 271a63a46..4c1a6589e 100644 --- a/configure.ac +++ b/configure.ac | |||
@@ -1,4 +1,4 @@ | |||
1 | # $Id: configure.ac,v 1.518 2013/03/20 01:55:15 djm Exp $ | 1 | # $Id: configure.ac,v 1.536 2013/08/04 11:48:41 dtucker Exp $ |
2 | # | 2 | # |
3 | # Copyright (c) 1999-2004 Damien Miller | 3 | # Copyright (c) 1999-2004 Damien Miller |
4 | # | 4 | # |
@@ -15,7 +15,7 @@ | |||
15 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | 15 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
16 | 16 | ||
17 | AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) | 17 | AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) |
18 | AC_REVISION($Revision: 1.518 $) | 18 | AC_REVISION($Revision: 1.536 $) |
19 | AC_CONFIG_SRCDIR([ssh.c]) | 19 | AC_CONFIG_SRCDIR([ssh.c]) |
20 | AC_LANG([C]) | 20 | AC_LANG([C]) |
21 | 21 | ||
@@ -129,11 +129,16 @@ AC_ARG_WITH([stackprotect], | |||
129 | 129 | ||
130 | 130 | ||
131 | if test "$GCC" = "yes" || test "$GCC" = "egcs"; then | 131 | if test "$GCC" = "yes" || test "$GCC" = "egcs"; then |
132 | OSSH_CHECK_CFLAG_COMPILE([-Qunused-arguments -Werror], | ||
133 | [-Qunused-arguments]) | ||
134 | OSSH_CHECK_CFLAG_COMPILE([-Wunknown-warning-option -Werror], | ||
135 | [-Wno-unknown-warning-option]) | ||
132 | OSSH_CHECK_CFLAG_COMPILE([-Wall]) | 136 | OSSH_CHECK_CFLAG_COMPILE([-Wall]) |
133 | OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith]) | 137 | OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith]) |
134 | OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized]) | 138 | OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized]) |
135 | OSSH_CHECK_CFLAG_COMPILE([-Wsign-compare]) | 139 | OSSH_CHECK_CFLAG_COMPILE([-Wsign-compare]) |
136 | OSSH_CHECK_CFLAG_COMPILE([-Wformat-security]) | 140 | OSSH_CHECK_CFLAG_COMPILE([-Wformat-security]) |
141 | OSSH_CHECK_CFLAG_COMPILE([-Wsizeof-pointer-memaccess]) | ||
137 | OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign]) | 142 | OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign]) |
138 | OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result]) | 143 | OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result]) |
139 | OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing]) | 144 | OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing]) |
@@ -305,6 +310,7 @@ AC_CHECK_HEADERS([ \ | |||
305 | ia.h \ | 310 | ia.h \ |
306 | iaf.h \ | 311 | iaf.h \ |
307 | limits.h \ | 312 | limits.h \ |
313 | locale.h \ | ||
308 | login.h \ | 314 | login.h \ |
309 | maillock.h \ | 315 | maillock.h \ |
310 | ndir.h \ | 316 | ndir.h \ |
@@ -343,7 +349,6 @@ AC_CHECK_HEADERS([ \ | |||
343 | sys/sysmacros.h \ | 349 | sys/sysmacros.h \ |
344 | sys/time.h \ | 350 | sys/time.h \ |
345 | sys/timers.h \ | 351 | sys/timers.h \ |
346 | sys/un.h \ | ||
347 | time.h \ | 352 | time.h \ |
348 | tmpdir.h \ | 353 | tmpdir.h \ |
349 | ttyent.h \ | 354 | ttyent.h \ |
@@ -381,6 +386,12 @@ AC_CHECK_HEADERS([sys/mount.h], [], [], [ | |||
381 | #include <sys/param.h> | 386 | #include <sys/param.h> |
382 | ]) | 387 | ]) |
383 | 388 | ||
389 | # Android requires sys/socket.h to be included before sys/un.h | ||
390 | AC_CHECK_HEADERS([sys/un.h], [], [], [ | ||
391 | #include <sys/types.h> | ||
392 | #include <sys/socket.h> | ||
393 | ]) | ||
394 | |||
384 | # Messages for features tested for in target-specific section | 395 | # Messages for features tested for in target-specific section |
385 | SIA_MSG="no" | 396 | SIA_MSG="no" |
386 | SPC_MSG="no" | 397 | SPC_MSG="no" |
@@ -482,6 +493,10 @@ case "$host" in | |||
482 | AC_DEFINE([PTY_ZEROREAD], [1], [read(1) can return 0 for a non-closed fd]) | 493 | AC_DEFINE([PTY_ZEROREAD], [1], [read(1) can return 0 for a non-closed fd]) |
483 | AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) | 494 | AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) |
484 | ;; | 495 | ;; |
496 | *-*-android*) | ||
497 | AC_DEFINE([DISABLE_UTMP], [1], [Define if you don't want to use utmp]) | ||
498 | AC_DEFINE([DISABLE_WTMP], [1], [Define if you don't want to use wtmp]) | ||
499 | ;; | ||
485 | *-*-cygwin*) | 500 | *-*-cygwin*) |
486 | check_for_libcrypt_later=1 | 501 | check_for_libcrypt_later=1 |
487 | LIBS="$LIBS /usr/lib/textreadmode.o" | 502 | LIBS="$LIBS /usr/lib/textreadmode.o" |
@@ -823,6 +838,7 @@ mips-sony-bsd|mips-sony-newsos4) | |||
823 | SP_MSG="yes" ], ) | 838 | SP_MSG="yes" ], ) |
824 | ], | 839 | ], |
825 | ) | 840 | ) |
841 | TEST_SHELL=$SHELL # let configure find us a capable shell | ||
826 | ;; | 842 | ;; |
827 | *-*-sunos4*) | 843 | *-*-sunos4*) |
828 | CPPFLAGS="$CPPFLAGS -DSUNOS4" | 844 | CPPFLAGS="$CPPFLAGS -DSUNOS4" |
@@ -866,6 +882,7 @@ mips-sony-bsd|mips-sony-newsos4) | |||
866 | AC_DEFINE([BROKEN_SETREGID]) | 882 | AC_DEFINE([BROKEN_SETREGID]) |
867 | AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd]) | 883 | AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd]) |
868 | AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) | 884 | AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) |
885 | TEST_SHELL=$SHELL # let configure find us a capable shell | ||
869 | ;; | 886 | ;; |
870 | # UnixWare 7.x, OpenUNIX 8 | 887 | # UnixWare 7.x, OpenUNIX 8 |
871 | *-*-sysv5*) | 888 | *-*-sysv5*) |
@@ -877,10 +894,10 @@ mips-sony-bsd|mips-sony-newsos4) | |||
877 | AC_DEFINE([BROKEN_SETREUID]) | 894 | AC_DEFINE([BROKEN_SETREUID]) |
878 | AC_DEFINE([BROKEN_SETREGID]) | 895 | AC_DEFINE([BROKEN_SETREGID]) |
879 | AC_DEFINE([PASSWD_NEEDS_USERNAME]) | 896 | AC_DEFINE([PASSWD_NEEDS_USERNAME]) |
897 | TEST_SHELL=$SHELL # let configure find us a capable shell | ||
880 | case "$host" in | 898 | case "$host" in |
881 | *-*-sysv5SCO_SV*) # SCO OpenServer 6.x | 899 | *-*-sysv5SCO_SV*) # SCO OpenServer 6.x |
882 | maildir=/var/spool/mail | 900 | maildir=/var/spool/mail |
883 | TEST_SHELL=/u95/bin/sh | ||
884 | AC_DEFINE([BROKEN_LIBIAF], [1], | 901 | AC_DEFINE([BROKEN_LIBIAF], [1], |
885 | [ia_uinfo routines not supported by OS yet]) | 902 | [ia_uinfo routines not supported by OS yet]) |
886 | AC_DEFINE([BROKEN_UPDWTMPX]) | 903 | AC_DEFINE([BROKEN_UPDWTMPX]) |
@@ -921,7 +938,7 @@ mips-sony-bsd|mips-sony-newsos4) | |||
921 | AC_DEFINE([PASSWD_NEEDS_USERNAME]) | 938 | AC_DEFINE([PASSWD_NEEDS_USERNAME]) |
922 | AC_CHECK_FUNCS([getluid setluid]) | 939 | AC_CHECK_FUNCS([getluid setluid]) |
923 | MANTYPE=man | 940 | MANTYPE=man |
924 | TEST_SHELL=ksh | 941 | TEST_SHELL=$SHELL # let configure find us a capable shell |
925 | SKIP_DISABLE_LASTLOG_DEFINE=yes | 942 | SKIP_DISABLE_LASTLOG_DEFINE=yes |
926 | ;; | 943 | ;; |
927 | *-*-unicosmk*) | 944 | *-*-unicosmk*) |
@@ -998,9 +1015,6 @@ mips-sony-bsd|mips-sony-newsos4) | |||
998 | *-*-nto-qnx*) | 1015 | *-*-nto-qnx*) |
999 | AC_DEFINE([USE_PIPES]) | 1016 | AC_DEFINE([USE_PIPES]) |
1000 | AC_DEFINE([NO_X11_UNIX_SOCKETS]) | 1017 | AC_DEFINE([NO_X11_UNIX_SOCKETS]) |
1001 | AC_DEFINE([MISSING_NFDBITS], [1], [Define on *nto-qnx systems]) | ||
1002 | AC_DEFINE([MISSING_HOWMANY], [1], [Define on *nto-qnx systems]) | ||
1003 | AC_DEFINE([MISSING_FD_MASK], [1], [Define on *nto-qnx systems]) | ||
1004 | AC_DEFINE([DISABLE_LASTLOG]) | 1018 | AC_DEFINE([DISABLE_LASTLOG]) |
1005 | AC_DEFINE([SSHD_ACQUIRES_CTTY]) | 1019 | AC_DEFINE([SSHD_ACQUIRES_CTTY]) |
1006 | AC_DEFINE([BROKEN_SHADOW_EXPIRE], [1], [QNX shadow support is broken]) | 1020 | AC_DEFINE([BROKEN_SHADOW_EXPIRE], [1], [QNX shadow support is broken]) |
@@ -1021,7 +1035,6 @@ mips-sony-bsd|mips-sony-newsos4) | |||
1021 | 1035 | ||
1022 | *-*-lynxos) | 1036 | *-*-lynxos) |
1023 | CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__" | 1037 | CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__" |
1024 | AC_DEFINE([MISSING_HOWMANY]) | ||
1025 | AC_DEFINE([BROKEN_SETVBUF], [1], [LynxOS has broken setvbuf() implementation]) | 1038 | AC_DEFINE([BROKEN_SETVBUF], [1], [LynxOS has broken setvbuf() implementation]) |
1026 | ;; | 1039 | ;; |
1027 | esac | 1040 | esac |
@@ -1144,6 +1157,7 @@ AC_ARG_WITH([zlib-version-check], | |||
1144 | AC_MSG_CHECKING([for possibly buggy zlib]) | 1157 | AC_MSG_CHECKING([for possibly buggy zlib]) |
1145 | AC_RUN_IFELSE([AC_LANG_PROGRAM([[ | 1158 | AC_RUN_IFELSE([AC_LANG_PROGRAM([[ |
1146 | #include <stdio.h> | 1159 | #include <stdio.h> |
1160 | #include <stdlib.h> | ||
1147 | #include <zlib.h> | 1161 | #include <zlib.h> |
1148 | ]], | 1162 | ]], |
1149 | [[ | 1163 | [[ |
@@ -1193,12 +1207,13 @@ AC_CHECK_FUNCS([utimes], | |||
1193 | dnl Checks for libutil functions | 1207 | dnl Checks for libutil functions |
1194 | AC_CHECK_HEADERS([bsd/libutil.h libutil.h]) | 1208 | AC_CHECK_HEADERS([bsd/libutil.h libutil.h]) |
1195 | AC_SEARCH_LIBS([fmt_scaled], [util bsd]) | 1209 | AC_SEARCH_LIBS([fmt_scaled], [util bsd]) |
1210 | AC_SEARCH_LIBS([scan_scaled], [util bsd]) | ||
1196 | AC_SEARCH_LIBS([login], [util bsd]) | 1211 | AC_SEARCH_LIBS([login], [util bsd]) |
1197 | AC_SEARCH_LIBS([logout], [util bsd]) | 1212 | AC_SEARCH_LIBS([logout], [util bsd]) |
1198 | AC_SEARCH_LIBS([logwtmp], [util bsd]) | 1213 | AC_SEARCH_LIBS([logwtmp], [util bsd]) |
1199 | AC_SEARCH_LIBS([openpty], [util bsd]) | 1214 | AC_SEARCH_LIBS([openpty], [util bsd]) |
1200 | AC_SEARCH_LIBS([updwtmp], [util bsd]) | 1215 | AC_SEARCH_LIBS([updwtmp], [util bsd]) |
1201 | AC_CHECK_FUNCS([fmt_scaled login logout openpty updwtmp logwtmp]) | 1216 | AC_CHECK_FUNCS([fmt_scaled scan_scaled login logout openpty updwtmp logwtmp]) |
1202 | 1217 | ||
1203 | AC_FUNC_STRFTIME | 1218 | AC_FUNC_STRFTIME |
1204 | 1219 | ||
@@ -1548,6 +1563,7 @@ AC_CHECK_FUNCS([ \ | |||
1548 | clock \ | 1563 | clock \ |
1549 | closefrom \ | 1564 | closefrom \ |
1550 | dirfd \ | 1565 | dirfd \ |
1566 | endgrent \ | ||
1551 | fchmod \ | 1567 | fchmod \ |
1552 | fchown \ | 1568 | fchown \ |
1553 | freeaddrinfo \ | 1569 | freeaddrinfo \ |
@@ -1572,6 +1588,7 @@ AC_CHECK_FUNCS([ \ | |||
1572 | inet_ntop \ | 1588 | inet_ntop \ |
1573 | innetgr \ | 1589 | innetgr \ |
1574 | login_getcapbool \ | 1590 | login_getcapbool \ |
1591 | mblen \ | ||
1575 | md5_crypt \ | 1592 | md5_crypt \ |
1576 | memmove \ | 1593 | memmove \ |
1577 | mkdtemp \ | 1594 | mkdtemp \ |
@@ -1668,6 +1685,9 @@ const char *gai_strerror(int); | |||
1668 | AC_SEARCH_LIBS([nanosleep], [rt posix4], [AC_DEFINE([HAVE_NANOSLEEP], [1], | 1685 | AC_SEARCH_LIBS([nanosleep], [rt posix4], [AC_DEFINE([HAVE_NANOSLEEP], [1], |
1669 | [Some systems put nanosleep outside of libc])]) | 1686 | [Some systems put nanosleep outside of libc])]) |
1670 | 1687 | ||
1688 | AC_SEARCH_LIBS([clock_gettime], [rt], | ||
1689 | [AC_DEFINE([HAVE_CLOCK_GETTIME], [1], [Have clock_gettime])]) | ||
1690 | |||
1671 | dnl Make sure prototypes are defined for these before using them. | 1691 | dnl Make sure prototypes are defined for these before using them. |
1672 | AC_CHECK_DECL([getrusage], [AC_CHECK_FUNCS([getrusage])]) | 1692 | AC_CHECK_DECL([getrusage], [AC_CHECK_FUNCS([getrusage])]) |
1673 | AC_CHECK_DECL([strsep], | 1693 | AC_CHECK_DECL([strsep], |
@@ -1719,6 +1739,37 @@ AC_CHECK_DECLS([offsetof], , , [ | |||
1719 | #include <stddef.h> | 1739 | #include <stddef.h> |
1720 | ]) | 1740 | ]) |
1721 | 1741 | ||
1742 | # extra bits for select(2) | ||
1743 | AC_CHECK_DECLS([howmany, NFDBITS], [], [], [[ | ||
1744 | #include <sys/param.h> | ||
1745 | #include <sys/types.h> | ||
1746 | #ifdef HAVE_SYS_SYSMACROS_H | ||
1747 | #include <sys/sysmacros.h> | ||
1748 | #endif | ||
1749 | #ifdef HAVE_SYS_SELECT_H | ||
1750 | #include <sys/select.h> | ||
1751 | #endif | ||
1752 | #ifdef HAVE_SYS_TIME_H | ||
1753 | #include <sys/time.h> | ||
1754 | #endif | ||
1755 | #ifdef HAVE_UNISTD_H | ||
1756 | #include <unistd.h> | ||
1757 | #endif | ||
1758 | ]]) | ||
1759 | AC_CHECK_TYPES([fd_mask], [], [], [[ | ||
1760 | #include <sys/param.h> | ||
1761 | #include <sys/types.h> | ||
1762 | #ifdef HAVE_SYS_SELECT_H | ||
1763 | #include <sys/select.h> | ||
1764 | #endif | ||
1765 | #ifdef HAVE_SYS_TIME_H | ||
1766 | #include <sys/time.h> | ||
1767 | #endif | ||
1768 | #ifdef HAVE_UNISTD_H | ||
1769 | #include <unistd.h> | ||
1770 | #endif | ||
1771 | ]]) | ||
1772 | |||
1722 | AC_CHECK_FUNCS([setresuid], [ | 1773 | AC_CHECK_FUNCS([setresuid], [ |
1723 | dnl Some platorms have setresuid that isn't implemented, test for this | 1774 | dnl Some platorms have setresuid that isn't implemented, test for this |
1724 | AC_MSG_CHECKING([if setresuid seems to work]) | 1775 | AC_MSG_CHECKING([if setresuid seems to work]) |
@@ -2367,6 +2418,8 @@ AC_LINK_IFELSE( | |||
2367 | ], | 2418 | ], |
2368 | [ | 2419 | [ |
2369 | AC_MSG_RESULT([no]) | 2420 | AC_MSG_RESULT([no]) |
2421 | unsupported_algorithms="$unsupported_cipers \ | ||
2422 | aes128-gcm@openssh.com aes256-gcm@openssh.com" | ||
2370 | ] | 2423 | ] |
2371 | ) | 2424 | ) |
2372 | 2425 | ||
@@ -2404,10 +2457,18 @@ fi | |||
2404 | if test "x$check_for_libcrypt_later" = "x1"; then | 2457 | if test "x$check_for_libcrypt_later" = "x1"; then |
2405 | AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"]) | 2458 | AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"]) |
2406 | fi | 2459 | fi |
2460 | AC_CHECK_FUNCS([crypt DES_crypt]) | ||
2407 | 2461 | ||
2408 | # Search for SHA256 support in libc and/or OpenSSL | 2462 | # Search for SHA256 support in libc and/or OpenSSL |
2409 | AC_CHECK_FUNCS([SHA256_Update EVP_sha256], [TEST_SSH_SHA256=yes], | 2463 | AC_CHECK_FUNCS([SHA256_Update EVP_sha256], |
2410 | [TEST_SSH_SHA256=no]) | 2464 | [TEST_SSH_SHA256=yes], |
2465 | [TEST_SSH_SHA256=no | ||
2466 | unsupported_algorithms="$unsupported_algorithms \ | ||
2467 | hmac-sha2-256 hmac-sha2-512 \ | ||
2468 | diffie-hellman-group-exchange-sha256 \ | ||
2469 | hmac-sha2-256-etm@openssh.com hmac-sha2-512-etm@openssh.com" | ||
2470 | ] | ||
2471 | ) | ||
2411 | AC_SUBST([TEST_SSH_SHA256]) | 2472 | AC_SUBST([TEST_SSH_SHA256]) |
2412 | 2473 | ||
2413 | # Check complete ECC support in OpenSSL | 2474 | # Check complete ECC support in OpenSSL |
@@ -2438,6 +2499,12 @@ AC_LINK_IFELSE( | |||
2438 | AC_MSG_RESULT([no]) | 2499 | AC_MSG_RESULT([no]) |
2439 | TEST_SSH_ECC=no | 2500 | TEST_SSH_ECC=no |
2440 | COMMENT_OUT_ECC="#no ecc#" | 2501 | COMMENT_OUT_ECC="#no ecc#" |
2502 | unsupported_algorithms="$unsupported_algorithms \ | ||
2503 | ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521 \ | ||
2504 | ecdsa-sha2-nistp256-cert-v01@openssh.com \ | ||
2505 | ecdsa-sha2-nistp384-cert-v01@openssh.com \ | ||
2506 | ecdsa-sha2-nistp521-cert-v01@openssh.com \ | ||
2507 | ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521" | ||
2441 | ] | 2508 | ] |
2442 | ) | 2509 | ) |
2443 | AC_SUBST([TEST_SSH_ECC]) | 2510 | AC_SUBST([TEST_SSH_ECC]) |
@@ -3325,9 +3392,16 @@ OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmpx.h], [HAVE_TIME_IN_UTMPX]) | |||
3325 | OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmpx.h], [HAVE_TV_IN_UTMPX]) | 3392 | OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmpx.h], [HAVE_TV_IN_UTMPX]) |
3326 | 3393 | ||
3327 | AC_CHECK_MEMBERS([struct stat.st_blksize]) | 3394 | AC_CHECK_MEMBERS([struct stat.st_blksize]) |
3395 | AC_CHECK_MEMBERS([struct passwd.pw_gecos, struct passwd.pw_class, | ||
3396 | struct passwd.pw_change, struct passwd.pw_expire], | ||
3397 | [], [], [[ | ||
3398 | #include <sys/types.h> | ||
3399 | #include <pwd.h> | ||
3400 | ]]) | ||
3401 | |||
3328 | AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE([__res_state], [state], | 3402 | AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE([__res_state], [state], |
3329 | [Define if we don't have struct __res_state in resolv.h])], | 3403 | [Define if we don't have struct __res_state in resolv.h])], |
3330 | [ | 3404 | [[ |
3331 | #include <stdio.h> | 3405 | #include <stdio.h> |
3332 | #if HAVE_SYS_TYPES_H | 3406 | #if HAVE_SYS_TYPES_H |
3333 | # include <sys/types.h> | 3407 | # include <sys/types.h> |
@@ -3335,7 +3409,7 @@ AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE([__res_state], [sta | |||
3335 | #include <netinet/in.h> | 3409 | #include <netinet/in.h> |
3336 | #include <arpa/nameser.h> | 3410 | #include <arpa/nameser.h> |
3337 | #include <resolv.h> | 3411 | #include <resolv.h> |
3338 | ]) | 3412 | ]]) |
3339 | 3413 | ||
3340 | AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage], | 3414 | AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage], |
3341 | ac_cv_have_ss_family_in_struct_ss, [ | 3415 | ac_cv_have_ss_family_in_struct_ss, [ |
@@ -3365,45 +3439,6 @@ if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then | |||
3365 | [Fields in struct sockaddr_storage]) | 3439 | [Fields in struct sockaddr_storage]) |
3366 | fi | 3440 | fi |
3367 | 3441 | ||
3368 | AC_CACHE_CHECK([for pw_class field in struct passwd], | ||
3369 | ac_cv_have_pw_class_in_struct_passwd, [ | ||
3370 | AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <pwd.h> ]], | ||
3371 | [[ struct passwd p; p.pw_class = 0; ]])], | ||
3372 | [ ac_cv_have_pw_class_in_struct_passwd="yes" ], | ||
3373 | [ ac_cv_have_pw_class_in_struct_passwd="no" | ||
3374 | ]) | ||
3375 | ]) | ||
3376 | if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then | ||
3377 | AC_DEFINE([HAVE_PW_CLASS_IN_PASSWD], [1], | ||
3378 | [Define if your password has a pw_class field]) | ||
3379 | fi | ||
3380 | |||
3381 | AC_CACHE_CHECK([for pw_expire field in struct passwd], | ||
3382 | ac_cv_have_pw_expire_in_struct_passwd, [ | ||
3383 | AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <pwd.h> ]], | ||
3384 | [[ struct passwd p; p.pw_expire = 0; ]])], | ||
3385 | [ ac_cv_have_pw_expire_in_struct_passwd="yes" ], | ||
3386 | [ ac_cv_have_pw_expire_in_struct_passwd="no" | ||
3387 | ]) | ||
3388 | ]) | ||
3389 | if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then | ||
3390 | AC_DEFINE([HAVE_PW_EXPIRE_IN_PASSWD], [1], | ||
3391 | [Define if your password has a pw_expire field]) | ||
3392 | fi | ||
3393 | |||
3394 | AC_CACHE_CHECK([for pw_change field in struct passwd], | ||
3395 | ac_cv_have_pw_change_in_struct_passwd, [ | ||
3396 | AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <pwd.h> ]], | ||
3397 | [[ struct passwd p; p.pw_change = 0; ]])], | ||
3398 | [ ac_cv_have_pw_change_in_struct_passwd="yes" ], | ||
3399 | [ ac_cv_have_pw_change_in_struct_passwd="no" | ||
3400 | ]) | ||
3401 | ]) | ||
3402 | if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then | ||
3403 | AC_DEFINE([HAVE_PW_CHANGE_IN_PASSWD], [1], | ||
3404 | [Define if your password has a pw_change field]) | ||
3405 | fi | ||
3406 | |||
3407 | dnl make sure we're using the real structure members and not defines | 3442 | dnl make sure we're using the real structure members and not defines |
3408 | AC_CACHE_CHECK([for msg_accrights field in struct msghdr], | 3443 | AC_CACHE_CHECK([for msg_accrights field in struct msghdr], |
3409 | ac_cv_have_accrights_in_msghdr, [ | 3444 | ac_cv_have_accrights_in_msghdr, [ |
@@ -3795,6 +3830,11 @@ AC_ARG_WITH([kerberos5], | |||
3795 | # include <gssapi/gssapi_generic.h> | 3830 | # include <gssapi/gssapi_generic.h> |
3796 | #endif | 3831 | #endif |
3797 | ]]) | 3832 | ]]) |
3833 | saved_LIBS="$LIBS" | ||
3834 | LIBS="$LIBS $K5LIBS" | ||
3835 | AC_CHECK_FUNCS([krb5_cc_new_unique krb5_get_error_message krb5_free_error_message]) | ||
3836 | LIBS="$saved_LIBS" | ||
3837 | |||
3798 | fi | 3838 | fi |
3799 | ] | 3839 | ] |
3800 | ) | 3840 | ) |
@@ -4545,6 +4585,7 @@ else | |||
4545 | fi | 4585 | fi |
4546 | AC_CHECK_DECL([BROKEN_GETADDRINFO], [TEST_SSH_IPV6=no]) | 4586 | AC_CHECK_DECL([BROKEN_GETADDRINFO], [TEST_SSH_IPV6=no]) |
4547 | AC_SUBST([TEST_SSH_IPV6], [$TEST_SSH_IPV6]) | 4587 | AC_SUBST([TEST_SSH_IPV6], [$TEST_SSH_IPV6]) |
4588 | AC_SUBST([UNSUPPORTED_ALGORITHMS], [$unsupported_algorithms]) | ||
4548 | 4589 | ||
4549 | AC_EXEEXT | 4590 | AC_EXEEXT |
4550 | AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \ | 4591 | AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \ |
diff --git a/contrib/caldera/openssh.spec b/contrib/caldera/openssh.spec index ca34bd23a..b460bfff0 100644 --- a/contrib/caldera/openssh.spec +++ b/contrib/caldera/openssh.spec | |||
@@ -16,7 +16,7 @@ | |||
16 | 16 | ||
17 | #old cvs stuff. please update before use. may be deprecated. | 17 | #old cvs stuff. please update before use. may be deprecated. |
18 | %define use_stable 1 | 18 | %define use_stable 1 |
19 | %define version 6.2p2 | 19 | %define version 6.3p1 |
20 | %if %{use_stable} | 20 | %if %{use_stable} |
21 | %define cvs %{nil} | 21 | %define cvs %{nil} |
22 | %define release 1 | 22 | %define release 1 |
@@ -363,4 +363,4 @@ fi | |||
363 | * Mon Jan 01 1998 ... | 363 | * Mon Jan 01 1998 ... |
364 | Template Version: 1.31 | 364 | Template Version: 1.31 |
365 | 365 | ||
366 | $Id: openssh.spec,v 1.79.2.1 2013/05/10 06:02:21 djm Exp $ | 366 | $Id: openssh.spec,v 1.80 2013/07/25 02:34:00 djm Exp $ |
diff --git a/contrib/cygwin/README b/contrib/cygwin/README index 5f911e924..2562b6186 100644 --- a/contrib/cygwin/README +++ b/contrib/cygwin/README | |||
@@ -4,115 +4,18 @@ The binary package is usually built for recent Cygwin versions and might | |||
4 | not run on older versions. Please check http://cygwin.com/ for information | 4 | not run on older versions. Please check http://cygwin.com/ for information |
5 | about current Cygwin releases. | 5 | about current Cygwin releases. |
6 | 6 | ||
7 | Build instructions are at the end of the file. | 7 | ================== |
8 | 8 | Host configuration | |
9 | =========================================================================== | 9 | ================== |
10 | Important change since 3.7.1p2-2: | ||
11 | |||
12 | The ssh-host-config file doesn't create the /etc/ssh_config and | ||
13 | /etc/sshd_config files from builtin here-scripts anymore, but it uses | ||
14 | skeleton files installed in /etc/defaults/etc. | ||
15 | |||
16 | Also it now tries hard to create appropriate permissions on files. | ||
17 | Same applies for ssh-user-config. | ||
18 | |||
19 | After creating the sshd service with ssh-host-config, it's advisable to | ||
20 | call ssh-user-config for all affected users, also already exising user | ||
21 | configurations. In the latter case, file and directory permissions are | ||
22 | checked and changed, if requireed to match the host configuration. | ||
23 | |||
24 | Important note for Windows 2003 Server users: | ||
25 | --------------------------------------------- | ||
26 | |||
27 | 2003 Server has a funny new feature. When starting services under SYSTEM | ||
28 | account, these services have nearly all user rights which SYSTEM holds... | ||
29 | except for the "Create a token object" right, which is needed to allow | ||
30 | public key authentication :-( | ||
31 | |||
32 | There's no way around this, except for creating a substitute account which | ||
33 | has the appropriate privileges. Basically, this account should be member | ||
34 | of the administrators group, plus it should have the following user rights: | ||
35 | |||
36 | Create a token object | ||
37 | Logon as a service | ||
38 | Replace a process level token | ||
39 | Increase Quota | ||
40 | |||
41 | The ssh-host-config script asks you, if it should create such an account, | ||
42 | called "sshd_server". If you say "no" here, you're on your own. Please | ||
43 | follow the instruction in ssh-host-config exactly if possible. Note that | ||
44 | ssh-user-config sets the permissions on 2003 Server machines dependent of | ||
45 | whether a sshd_server account exists or not. | ||
46 | =========================================================================== | ||
47 | |||
48 | =========================================================================== | ||
49 | Important change since 3.4p1-2: | ||
50 | |||
51 | This version adds privilege separation as default setting, see | ||
52 | /usr/doc/openssh/README.privsep. According to that document the | ||
53 | privsep feature requires a non-privileged account called 'sshd'. | ||
54 | |||
55 | The new ssh-host-config file which is part of this version asks | ||
56 | to create 'sshd' as local user if you want to use privilege | ||
57 | separation. If you confirm, it creates that NT user and adds | ||
58 | the necessary entry to /etc/passwd. | ||
59 | |||
60 | On 9x/Me systems the script just sets UsePrivilegeSeparation to "no" | ||
61 | since that feature doesn't make any sense on a system which doesn't | ||
62 | differ between privileged and unprivileged users. | ||
63 | |||
64 | The new ssh-host-config script also adds the /var/empty directory | ||
65 | needed by privilege separation. When creating the /var/empty directory | ||
66 | by yourself, please note that in contrast to the README.privsep document | ||
67 | the owner sshould not be "root" but the user which is running sshd. So, | ||
68 | in the standard configuration this is SYSTEM. The ssh-host-config script | ||
69 | chowns /var/empty accordingly. | ||
70 | =========================================================================== | ||
71 | |||
72 | =========================================================================== | ||
73 | Important change since 3.0.1p1-2: | ||
74 | |||
75 | This version introduces the ability to register sshd as service on | ||
76 | Windows 9x/Me systems. This is done only when the options -D and/or | ||
77 | -d are not given. | ||
78 | =========================================================================== | ||
79 | |||
80 | =========================================================================== | ||
81 | Important change since 2.9p2: | ||
82 | |||
83 | Since Cygwin is able to switch user context without password beginning | ||
84 | with version 1.3.2, OpenSSH now allows to do so when it's running under | ||
85 | a version >= 1.3.2. Keep in mind that `ntsec' has to be activated to | ||
86 | allow that feature. | ||
87 | =========================================================================== | ||
88 | |||
89 | =========================================================================== | ||
90 | Important change since 2.3.0p1: | ||
91 | |||
92 | When using `ntea' or `ntsec' you now have to care for the ownership | ||
93 | and permission bits of your host key files and your private key files. | ||
94 | The host key files have to be owned by the NT account which starts | ||
95 | sshd. The user key files have to be owned by the user. The permission | ||
96 | bits of the private key files (host and user) have to be at least | ||
97 | rw------- (0600)! | ||
98 | |||
99 | Note that this is forced under `ntsec' only if the files are on a NTFS | ||
100 | filesystem (which is recommended) due to the lack of any basic security | ||
101 | features of the FAT/FAT32 filesystems. | ||
102 | =========================================================================== | ||
103 | 10 | ||
104 | If you are installing OpenSSH the first time, you can generate global config | 11 | If you are installing OpenSSH the first time, you can generate global config |
105 | files and server keys by running | 12 | files and server keys, as well as installing sshd as a service, by running |
106 | 13 | ||
107 | /usr/bin/ssh-host-config | 14 | /usr/bin/ssh-host-config |
108 | 15 | ||
109 | Note that this binary archive doesn't contain default config files in /etc. | 16 | Note that this binary archive doesn't contain default config files in /etc. |
110 | That files are only created if ssh-host-config is started. | 17 | That files are only created if ssh-host-config is started. |
111 | 18 | ||
112 | If you are updating your installation you may run the above ssh-host-config | ||
113 | as well to move your configuration files to the new location and to | ||
114 | erase the files at the old location. | ||
115 | |||
116 | To support testing and unattended installation ssh-host-config got | 19 | To support testing and unattended installation ssh-host-config got |
117 | some options: | 20 | some options: |
118 | 21 | ||
@@ -123,16 +26,25 @@ Options: | |||
123 | --no -n Answer all questions with "no" automatically. | 26 | --no -n Answer all questions with "no" automatically. |
124 | --cygwin -c <options> Use "options" as value for CYGWIN environment var. | 27 | --cygwin -c <options> Use "options" as value for CYGWIN environment var. |
125 | --port -p <n> sshd listens on port n. | 28 | --port -p <n> sshd listens on port n. |
126 | --pwd -w <passwd> Use "pwd" as password for user 'sshd_server'. | 29 | --user -u <account> privileged user for service, default 'cyg_server'. |
30 | --pwd -w <passwd> Use "pwd" as password for privileged user. | ||
31 | --privileged On Windows XP, require privileged user | ||
32 | instead of LocalSystem for sshd service. | ||
127 | 33 | ||
128 | Additionally ssh-host-config now asks if it should install sshd as a | 34 | Installing sshd as daemon via ssh-host-config is recommended. |
129 | service when running under NT/W2K. This requires cygrunsrv installed. | ||
130 | 35 | ||
131 | You can create the private and public keys for a user now by running | 36 | Alternatively you can start sshd via inetd, if you have the inetutils |
37 | package installed. Just run ssh-host-config, but answer "no" when asked | ||
38 | to install sshd as service. The ssh-host-config script also adds the | ||
39 | required lines to /etc/inetd.conf and /etc/services. | ||
132 | 40 | ||
133 | /usr/bin/ssh-user-config | 41 | ================== |
42 | User configuration | ||
43 | ================== | ||
44 | |||
45 | Any user can simplify creating the own private and public keys by running | ||
134 | 46 | ||
135 | under the users account. | 47 | /usr/bin/ssh-user-config |
136 | 48 | ||
137 | To support testing and unattended installation ssh-user-config got | 49 | To support testing and unattended installation ssh-user-config got |
138 | some options as well: | 50 | some options as well: |
@@ -144,88 +56,30 @@ Options: | |||
144 | --no -n Answer all questions with "no" automatically. | 56 | --no -n Answer all questions with "no" automatically. |
145 | --passphrase -p word Use "word" as passphrase automatically. | 57 | --passphrase -p word Use "word" as passphrase automatically. |
146 | 58 | ||
147 | Install sshd as daemon via cygrunsrv.exe (recommended on NT/W2K), via inetd | ||
148 | (results in very slow deamon startup!) or from the command line (recommended | ||
149 | on 9X/ME). | ||
150 | |||
151 | If you start sshd as deamon via cygrunsrv.exe you MUST give the | ||
152 | "-D" option to sshd. Otherwise the service can't get started at all. | ||
153 | |||
154 | If starting via inetd, copy sshd to eg. /usr/sbin/in.sshd and add the | ||
155 | following line to your inetd.conf file: | ||
156 | |||
157 | ssh stream tcp nowait root /usr/sbin/in.sshd sshd -i | ||
158 | |||
159 | Moreover you'll have to add the following line to your | ||
160 | ${SYSTEMROOT}/system32/drivers/etc/services file: | ||
161 | |||
162 | ssh 22/tcp #SSH daemon | ||
163 | |||
164 | Please note that OpenSSH does never use the value of $HOME to | 59 | Please note that OpenSSH does never use the value of $HOME to |
165 | search for the users configuration files! It always uses the | 60 | search for the users configuration files! It always uses the |
166 | value of the pw_dir field in /etc/passwd as the home directory. | 61 | value of the pw_dir field in /etc/passwd as the home directory. |
167 | If no home diretory is set in /etc/passwd, the root directory | 62 | If no home diretory is set in /etc/passwd, the root directory |
168 | is used instead! | 63 | is used instead! |
169 | 64 | ||
170 | You may use all features of the CYGWIN=ntsec setting the same | 65 | ================ |
171 | way as they are used by Cygwin's login(1) port: | 66 | Building OpenSSH |
172 | 67 | ================ | |
173 | The pw_gecos field may contain an additional field, that begins | ||
174 | with (upper case!) "U-", followed by the domain and the username | ||
175 | separated by a backslash. | ||
176 | CAUTION: The SID _must_ remain the _last_ field in pw_gecos! | ||
177 | BTW: The field separator in pw_gecos is the comma. | ||
178 | The username in pw_name itself may be any nice name: | ||
179 | |||
180 | domuser::1104:513:John Doe,U-domain\user,S-1-5-21-... | ||
181 | |||
182 | Now you may use `domuser' as your login name with telnet! | ||
183 | This is possible additionally for local users, if you don't like | ||
184 | your NT login name ;-) You only have to leave out the domain: | ||
185 | |||
186 | locuser::1104:513:John Doe,U-user,S-1-5-21-... | ||
187 | |||
188 | Note that the CYGWIN=ntsec setting is required for public key authentication. | ||
189 | |||
190 | SSH2 server and user keys are generated by the `ssh-*-config' scripts | ||
191 | as well. | ||
192 | |||
193 | If you want to build from source, the following options to | ||
194 | configure are used for the Cygwin binary distribution: | ||
195 | |||
196 | --prefix=/usr \ | ||
197 | --sysconfdir=/etc \ | ||
198 | --libexecdir='${sbindir}' \ | ||
199 | --localstatedir=/var \ | ||
200 | --datadir='${prefix}/share' \ | ||
201 | --mandir='${datadir}/man' \ | ||
202 | --infodir='${datadir}/info' | ||
203 | --with-tcp-wrappers | ||
204 | --with-libedit | ||
205 | |||
206 | If you want to create a Cygwin package, equivalent to the one | ||
207 | in the Cygwin binary distribution, install like this: | ||
208 | |||
209 | mkdir /tmp/cygwin-ssh | ||
210 | cd ${builddir} | ||
211 | make install DESTDIR=/tmp/cygwin-ssh | ||
212 | cd ${srcdir}/contrib/cygwin | ||
213 | make cygwin-postinstall DESTDIR=/tmp/cygwin-ssh | ||
214 | cd /tmp/cygwin-ssh | ||
215 | find * \! -type d | tar cvjfT my-openssh.tar.bz2 - | ||
216 | |||
217 | You must have installed the following packages to be able to build OpenSSH: | ||
218 | |||
219 | - zlib | ||
220 | - openssl-devel | ||
221 | 68 | ||
222 | If you want to build with --with-tcp-wrappers, you also need the package | 69 | Building from source is easy. Just unpack the source archive, cd to that |
70 | directory, and call cygport: | ||
223 | 71 | ||
224 | - tcp_wrappers | 72 | cygport openssh.cygport almostall |
225 | 73 | ||
226 | If you want to build with --with-libedit, you also need the package | 74 | You must have installed the following packages to be able to build OpenSSH |
75 | with the aforementioned cygport script: | ||
227 | 76 | ||
228 | - libedit-devel | 77 | zlib |
78 | crypt | ||
79 | openssl-devel | ||
80 | libwrap-devel | ||
81 | libedit-devel | ||
82 | libkrb5-devel | ||
229 | 83 | ||
230 | Please send requests, error reports etc. to cygwin@cygwin.com. | 84 | Please send requests, error reports etc. to cygwin@cygwin.com. |
231 | 85 | ||
diff --git a/contrib/cygwin/ssh-host-config b/contrib/cygwin/ssh-host-config index 3c9046f5f..c542d5cb6 100644 --- a/contrib/cygwin/ssh-host-config +++ b/contrib/cygwin/ssh-host-config | |||
@@ -606,9 +606,9 @@ do | |||
606 | echo " --no -n Answer all questions with \"no\" automatically." | 606 | echo " --no -n Answer all questions with \"no\" automatically." |
607 | echo " --cygwin -c <options> Use \"options\" as value for CYGWIN environment var." | 607 | echo " --cygwin -c <options> Use \"options\" as value for CYGWIN environment var." |
608 | echo " --port -p <n> sshd listens on port n." | 608 | echo " --port -p <n> sshd listens on port n." |
609 | echo " --user -u <account> privileged user for service." | 609 | echo " --user -u <account> privileged user for service, default 'cyg_server'." |
610 | echo " --pwd -w <passwd> Use \"pwd\" as password for privileged user." | 610 | echo " --pwd -w <passwd> Use \"pwd\" as password for privileged user." |
611 | echo " --privileged On Windows NT/2k/XP, require privileged user" | 611 | echo " --privileged On Windows XP, require privileged user" |
612 | echo " instead of LocalSystem for sshd service." | 612 | echo " instead of LocalSystem for sshd service." |
613 | echo | 613 | echo |
614 | exit 1 | 614 | exit 1 |
diff --git a/contrib/cygwin/ssh-user-config b/contrib/cygwin/ssh-user-config index 027ae6032..8708b7a58 100644 --- a/contrib/cygwin/ssh-user-config +++ b/contrib/cygwin/ssh-user-config | |||
@@ -222,10 +222,6 @@ do | |||
222 | shift | 222 | shift |
223 | ;; | 223 | ;; |
224 | 224 | ||
225 | --privileged ) | ||
226 | csih_FORCE_PRIVILEGED_USER=yes | ||
227 | ;; | ||
228 | |||
229 | *) | 225 | *) |
230 | echo "usage: ${PROGNAME} [OPTION]..." | 226 | echo "usage: ${PROGNAME} [OPTION]..." |
231 | echo | 227 | echo |
@@ -236,8 +232,6 @@ do | |||
236 | echo " --yes -y Answer all questions with \"yes\" automatically." | 232 | echo " --yes -y Answer all questions with \"yes\" automatically." |
237 | echo " --no -n Answer all questions with \"no\" automatically." | 233 | echo " --no -n Answer all questions with \"no\" automatically." |
238 | echo " --passphrase -p word Use \"word\" as passphrase automatically." | 234 | echo " --passphrase -p word Use \"word\" as passphrase automatically." |
239 | echo " --privileged On Windows NT/2k/XP, assume privileged user" | ||
240 | echo " instead of LocalSystem for sshd service." | ||
241 | echo | 235 | echo |
242 | exit 1 | 236 | exit 1 |
243 | ;; | 237 | ;; |
diff --git a/contrib/redhat/openssh.spec b/contrib/redhat/openssh.spec index cd5378ed2..d1191f4e1 100644 --- a/contrib/redhat/openssh.spec +++ b/contrib/redhat/openssh.spec | |||
@@ -1,4 +1,4 @@ | |||
1 | %define ver 6.2p2 | 1 | %define ver 6.3p1 |
2 | %define rel 1 | 2 | %define rel 1 |
3 | 3 | ||
4 | # OpenSSH privilege separation requires a user & group ID | 4 | # OpenSSH privilege separation requires a user & group ID |
diff --git a/contrib/ssh-copy-id b/contrib/ssh-copy-id index 9f2817b6b..ae88e9958 100644 --- a/contrib/ssh-copy-id +++ b/contrib/ssh-copy-id | |||
@@ -165,7 +165,7 @@ done | |||
165 | 165 | ||
166 | eval set -- "$SAVEARGS" | 166 | eval set -- "$SAVEARGS" |
167 | 167 | ||
168 | if [ $# == 0 ] ; then | 168 | if [ $# = 0 ] ; then |
169 | usage | 169 | usage |
170 | fi | 170 | fi |
171 | if [ $# != 1 ] ; then | 171 | if [ $# != 1 ] ; then |
diff --git a/contrib/suse/openssh.spec b/contrib/suse/openssh.spec index bb9e50bd9..2866039d1 100644 --- a/contrib/suse/openssh.spec +++ b/contrib/suse/openssh.spec | |||
@@ -13,7 +13,7 @@ | |||
13 | 13 | ||
14 | Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation | 14 | Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation |
15 | Name: openssh | 15 | Name: openssh |
16 | Version: 6.2p2 | 16 | Version: 6.3p1 |
17 | URL: http://www.openssh.com/ | 17 | URL: http://www.openssh.com/ |
18 | Release: 1 | 18 | Release: 1 |
19 | Source0: openssh-%{version}.tar.gz | 19 | Source0: openssh-%{version}.tar.gz |
@@ -25,7 +25,7 @@ | |||
25 | #ifndef _DEFINES_H | 25 | #ifndef _DEFINES_H |
26 | #define _DEFINES_H | 26 | #define _DEFINES_H |
27 | 27 | ||
28 | /* $Id: defines.h,v 1.171 2013/03/07 09:06:13 dtucker Exp $ */ | 28 | /* $Id: defines.h,v 1.172 2013/06/01 21:18:48 dtucker Exp $ */ |
29 | 29 | ||
30 | 30 | ||
31 | /* Constants */ | 31 | /* Constants */ |
@@ -171,11 +171,6 @@ enum | |||
171 | # define MAP_FAILED ((void *)-1) | 171 | # define MAP_FAILED ((void *)-1) |
172 | #endif | 172 | #endif |
173 | 173 | ||
174 | /* *-*-nto-qnx doesn't define this constant in the system headers */ | ||
175 | #ifdef MISSING_NFDBITS | ||
176 | # define NFDBITS (8 * sizeof(unsigned long)) | ||
177 | #endif | ||
178 | |||
179 | /* | 174 | /* |
180 | SCO Open Server 3 has INADDR_LOOPBACK defined in rpc/rpc.h but | 175 | SCO Open Server 3 has INADDR_LOOPBACK defined in rpc/rpc.h but |
181 | including rpc/rpc.h breaks Solaris 6 | 176 | including rpc/rpc.h breaks Solaris 6 |
@@ -355,11 +350,19 @@ struct winsize { | |||
355 | }; | 350 | }; |
356 | #endif | 351 | #endif |
357 | 352 | ||
358 | /* *-*-nto-qnx does not define this type in the system headers */ | 353 | /* bits needed for select that may not be in the system headers */ |
359 | #ifdef MISSING_FD_MASK | 354 | #ifndef HAVE_FD_MASK |
360 | typedef unsigned long int fd_mask; | 355 | typedef unsigned long int fd_mask; |
361 | #endif | 356 | #endif |
362 | 357 | ||
358 | #if defined(HAVE_DECL_NFDBITS) && HAVE_DECL_NFDBITS == 0 | ||
359 | # define NFDBITS (8 * sizeof(unsigned long)) | ||
360 | #endif | ||
361 | |||
362 | #if defined(HAVE_DECL_HOWMANY) && HAVE_DECL_HOWMANY == 0 | ||
363 | # define howmany(x,y) (((x)+((y)-1))/(y)) | ||
364 | #endif | ||
365 | |||
363 | /* Paths */ | 366 | /* Paths */ |
364 | 367 | ||
365 | #ifndef _PATH_BSHELL | 368 | #ifndef _PATH_BSHELL |
@@ -484,11 +487,6 @@ struct winsize { | |||
484 | # define __nonnull__(x) | 487 | # define __nonnull__(x) |
485 | #endif | 488 | #endif |
486 | 489 | ||
487 | /* *-*-nto-qnx doesn't define this macro in the system headers */ | ||
488 | #ifdef MISSING_HOWMANY | ||
489 | # define howmany(x,y) (((x)+((y)-1))/(y)) | ||
490 | #endif | ||
491 | |||
492 | #ifndef OSSH_ALIGNBYTES | 490 | #ifndef OSSH_ALIGNBYTES |
493 | #define OSSH_ALIGNBYTES (sizeof(int) - 1) | 491 | #define OSSH_ALIGNBYTES (sizeof(int) - 1) |
494 | #endif | 492 | #endif |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: dh.c,v 1.49 2011/12/07 05:44:38 djm Exp $ */ | 1 | /* $OpenBSD: dh.c,v 1.51 2013/07/02 12:31:43 markus Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Niels Provos. All rights reserved. | 3 | * Copyright (c) 2000 Niels Provos. All rights reserved. |
4 | * | 4 | * |
@@ -48,6 +48,7 @@ parse_prime(int linenum, char *line, struct dhgroup *dhg) | |||
48 | const char *errstr = NULL; | 48 | const char *errstr = NULL; |
49 | long long n; | 49 | long long n; |
50 | 50 | ||
51 | dhg->p = dhg->g = NULL; | ||
51 | cp = line; | 52 | cp = line; |
52 | if ((arg = strdelim(&cp)) == NULL) | 53 | if ((arg = strdelim(&cp)) == NULL) |
53 | return 0; | 54 | return 0; |
@@ -59,66 +60,85 @@ parse_prime(int linenum, char *line, struct dhgroup *dhg) | |||
59 | 60 | ||
60 | /* time */ | 61 | /* time */ |
61 | if (cp == NULL || *arg == '\0') | 62 | if (cp == NULL || *arg == '\0') |
62 | goto fail; | 63 | goto truncated; |
63 | arg = strsep(&cp, " "); /* type */ | 64 | arg = strsep(&cp, " "); /* type */ |
64 | if (cp == NULL || *arg == '\0') | 65 | if (cp == NULL || *arg == '\0') |
65 | goto fail; | 66 | goto truncated; |
66 | /* Ensure this is a safe prime */ | 67 | /* Ensure this is a safe prime */ |
67 | n = strtonum(arg, 0, 5, &errstr); | 68 | n = strtonum(arg, 0, 5, &errstr); |
68 | if (errstr != NULL || n != MODULI_TYPE_SAFE) | 69 | if (errstr != NULL || n != MODULI_TYPE_SAFE) { |
70 | error("moduli:%d: type is not %d", linenum, MODULI_TYPE_SAFE); | ||
69 | goto fail; | 71 | goto fail; |
72 | } | ||
70 | arg = strsep(&cp, " "); /* tests */ | 73 | arg = strsep(&cp, " "); /* tests */ |
71 | if (cp == NULL || *arg == '\0') | 74 | if (cp == NULL || *arg == '\0') |
72 | goto fail; | 75 | goto truncated; |
73 | /* Ensure prime has been tested and is not composite */ | 76 | /* Ensure prime has been tested and is not composite */ |
74 | n = strtonum(arg, 0, 0x1f, &errstr); | 77 | n = strtonum(arg, 0, 0x1f, &errstr); |
75 | if (errstr != NULL || | 78 | if (errstr != NULL || |
76 | (n & MODULI_TESTS_COMPOSITE) || !(n & ~MODULI_TESTS_COMPOSITE)) | 79 | (n & MODULI_TESTS_COMPOSITE) || !(n & ~MODULI_TESTS_COMPOSITE)) { |
80 | error("moduli:%d: invalid moduli tests flag", linenum); | ||
77 | goto fail; | 81 | goto fail; |
82 | } | ||
78 | arg = strsep(&cp, " "); /* tries */ | 83 | arg = strsep(&cp, " "); /* tries */ |
79 | if (cp == NULL || *arg == '\0') | 84 | if (cp == NULL || *arg == '\0') |
80 | goto fail; | 85 | goto truncated; |
81 | n = strtonum(arg, 0, 1<<30, &errstr); | 86 | n = strtonum(arg, 0, 1<<30, &errstr); |
82 | if (errstr != NULL || n == 0) | 87 | if (errstr != NULL || n == 0) { |
88 | error("moduli:%d: invalid primality trial count", linenum); | ||
83 | goto fail; | 89 | goto fail; |
90 | } | ||
84 | strsize = strsep(&cp, " "); /* size */ | 91 | strsize = strsep(&cp, " "); /* size */ |
85 | if (cp == NULL || *strsize == '\0' || | 92 | if (cp == NULL || *strsize == '\0' || |
86 | (dhg->size = (int)strtonum(strsize, 0, 64*1024, &errstr)) == 0 || | 93 | (dhg->size = (int)strtonum(strsize, 0, 64*1024, &errstr)) == 0 || |
87 | errstr) | 94 | errstr) { |
95 | error("moduli:%d: invalid prime length", linenum); | ||
88 | goto fail; | 96 | goto fail; |
97 | } | ||
89 | /* The whole group is one bit larger */ | 98 | /* The whole group is one bit larger */ |
90 | dhg->size++; | 99 | dhg->size++; |
91 | gen = strsep(&cp, " "); /* gen */ | 100 | gen = strsep(&cp, " "); /* gen */ |
92 | if (cp == NULL || *gen == '\0') | 101 | if (cp == NULL || *gen == '\0') |
93 | goto fail; | 102 | goto truncated; |
94 | prime = strsep(&cp, " "); /* prime */ | 103 | prime = strsep(&cp, " "); /* prime */ |
95 | if (cp != NULL || *prime == '\0') | 104 | if (cp != NULL || *prime == '\0') { |
105 | truncated: | ||
106 | error("moduli:%d: truncated", linenum); | ||
96 | goto fail; | 107 | goto fail; |
108 | } | ||
97 | 109 | ||
98 | if ((dhg->g = BN_new()) == NULL) | 110 | if ((dhg->g = BN_new()) == NULL) |
99 | fatal("parse_prime: BN_new failed"); | 111 | fatal("parse_prime: BN_new failed"); |
100 | if ((dhg->p = BN_new()) == NULL) | 112 | if ((dhg->p = BN_new()) == NULL) |
101 | fatal("parse_prime: BN_new failed"); | 113 | fatal("parse_prime: BN_new failed"); |
102 | if (BN_hex2bn(&dhg->g, gen) == 0) | 114 | if (BN_hex2bn(&dhg->g, gen) == 0) { |
103 | goto failclean; | 115 | error("moduli:%d: could not parse generator value", linenum); |
104 | 116 | goto fail; | |
105 | if (BN_hex2bn(&dhg->p, prime) == 0) | 117 | } |
106 | goto failclean; | 118 | if (BN_hex2bn(&dhg->p, prime) == 0) { |
107 | 119 | error("moduli:%d: could not parse prime value", linenum); | |
108 | if (BN_num_bits(dhg->p) != dhg->size) | 120 | goto fail; |
109 | goto failclean; | 121 | } |
110 | 122 | if (BN_num_bits(dhg->p) != dhg->size) { | |
111 | if (BN_is_zero(dhg->g) || BN_is_one(dhg->g)) | 123 | error("moduli:%d: prime has wrong size: actual %d listed %d", |
112 | goto failclean; | 124 | linenum, BN_num_bits(dhg->p), dhg->size - 1); |
125 | goto fail; | ||
126 | } | ||
127 | if (BN_cmp(dhg->g, BN_value_one()) <= 0) { | ||
128 | error("moduli:%d: generator is invalid", linenum); | ||
129 | goto fail; | ||
130 | } | ||
113 | 131 | ||
114 | return (1); | 132 | return 1; |
115 | 133 | ||
116 | failclean: | ||
117 | BN_clear_free(dhg->g); | ||
118 | BN_clear_free(dhg->p); | ||
119 | fail: | 134 | fail: |
135 | if (dhg->g != NULL) | ||
136 | BN_clear_free(dhg->g); | ||
137 | if (dhg->p != NULL) | ||
138 | BN_clear_free(dhg->p); | ||
139 | dhg->g = dhg->p = NULL; | ||
120 | error("Bad prime description in line %d", linenum); | 140 | error("Bad prime description in line %d", linenum); |
121 | return (0); | 141 | return 0; |
122 | } | 142 | } |
123 | 143 | ||
124 | DH * | 144 | DH * |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: dns.c,v 1.28 2012/05/23 03:28:28 djm Exp $ */ | 1 | /* $OpenBSD: dns.c,v 1.29 2013/05/17 00:13:13 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2003 Wesley Griffin. All rights reserved. | 4 | * Copyright (c) 2003 Wesley Griffin. All rights reserved. |
@@ -261,7 +261,7 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address, | |||
261 | 261 | ||
262 | if (hostkey_digest_type != dnskey_digest_type) { | 262 | if (hostkey_digest_type != dnskey_digest_type) { |
263 | hostkey_digest_type = dnskey_digest_type; | 263 | hostkey_digest_type = dnskey_digest_type; |
264 | xfree(hostkey_digest); | 264 | free(hostkey_digest); |
265 | 265 | ||
266 | /* Initialize host key parameters */ | 266 | /* Initialize host key parameters */ |
267 | if (!dns_read_key(&hostkey_algorithm, | 267 | if (!dns_read_key(&hostkey_algorithm, |
@@ -281,10 +281,10 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address, | |||
281 | hostkey_digest_len) == 0) | 281 | hostkey_digest_len) == 0) |
282 | *flags |= DNS_VERIFY_MATCH; | 282 | *flags |= DNS_VERIFY_MATCH; |
283 | } | 283 | } |
284 | xfree(dnskey_digest); | 284 | free(dnskey_digest); |
285 | } | 285 | } |
286 | 286 | ||
287 | xfree(hostkey_digest); /* from key_fingerprint_raw() */ | 287 | free(hostkey_digest); /* from key_fingerprint_raw() */ |
288 | freerrset(fingerprints); | 288 | freerrset(fingerprints); |
289 | 289 | ||
290 | if (*flags & DNS_VERIFY_FOUND) | 290 | if (*flags & DNS_VERIFY_FOUND) |
@@ -327,7 +327,7 @@ export_dns_rr(const char *hostname, Key *key, FILE *f, int generic) | |||
327 | for (i = 0; i < rdata_digest_len; i++) | 327 | for (i = 0; i < rdata_digest_len; i++) |
328 | fprintf(f, "%02x", rdata_digest[i]); | 328 | fprintf(f, "%02x", rdata_digest[i]); |
329 | fprintf(f, "\n"); | 329 | fprintf(f, "\n"); |
330 | xfree(rdata_digest); /* from key_fingerprint_raw() */ | 330 | free(rdata_digest); /* from key_fingerprint_raw() */ |
331 | success = 1; | 331 | success = 1; |
332 | } | 332 | } |
333 | } | 333 | } |
diff --git a/fixalgorithms b/fixalgorithms new file mode 100755 index 000000000..115dce81c --- /dev/null +++ b/fixalgorithms | |||
@@ -0,0 +1,26 @@ | |||
1 | #!/bin/sh | ||
2 | # | ||
3 | # fixciphers - remove unsupported ciphers from man pages. | ||
4 | # Usage: fixpaths /path/to/sed cipher1 [cipher2] <infile >outfile | ||
5 | # | ||
6 | # Author: Darren Tucker (dtucker at zip com.au). Placed in the public domain. | ||
7 | |||
8 | die() { | ||
9 | echo $* | ||
10 | exit -1 | ||
11 | } | ||
12 | |||
13 | SED=$1 | ||
14 | shift | ||
15 | |||
16 | for c in $*; do | ||
17 | subs="$subs -e /.Dq.$c.*$/d" | ||
18 | subs="$subs -e s/$c,//g" | ||
19 | done | ||
20 | |||
21 | # now remove any entirely empty lines | ||
22 | subs="$subs -e /^$/d" | ||
23 | |||
24 | ${SED} $subs | ||
25 | |||
26 | exit 0 | ||
diff --git a/groupaccess.c b/groupaccess.c index 2381aeb15..1eab10b19 100644 --- a/groupaccess.c +++ b/groupaccess.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: groupaccess.c,v 1.13 2008/07/04 03:44:59 djm Exp $ */ | 1 | /* $OpenBSD: groupaccess.c,v 1.14 2013/05/17 00:13:13 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2001 Kevin Steves. All rights reserved. | 3 | * Copyright (c) 2001 Kevin Steves. All rights reserved. |
4 | * | 4 | * |
@@ -31,6 +31,7 @@ | |||
31 | #include <grp.h> | 31 | #include <grp.h> |
32 | #include <unistd.h> | 32 | #include <unistd.h> |
33 | #include <stdarg.h> | 33 | #include <stdarg.h> |
34 | #include <stdlib.h> | ||
34 | #include <string.h> | 35 | #include <string.h> |
35 | 36 | ||
36 | #include "xmalloc.h" | 37 | #include "xmalloc.h" |
@@ -68,7 +69,7 @@ ga_init(const char *user, gid_t base) | |||
68 | for (i = 0, j = 0; i < ngroups; i++) | 69 | for (i = 0, j = 0; i < ngroups; i++) |
69 | if ((gr = getgrgid(groups_bygid[i])) != NULL) | 70 | if ((gr = getgrgid(groups_bygid[i])) != NULL) |
70 | groups_byname[j++] = xstrdup(gr->gr_name); | 71 | groups_byname[j++] = xstrdup(gr->gr_name); |
71 | xfree(groups_bygid); | 72 | free(groups_bygid); |
72 | return (ngroups = j); | 73 | return (ngroups = j); |
73 | } | 74 | } |
74 | 75 | ||
@@ -122,8 +123,8 @@ ga_free(void) | |||
122 | 123 | ||
123 | if (ngroups > 0) { | 124 | if (ngroups > 0) { |
124 | for (i = 0; i < ngroups; i++) | 125 | for (i = 0; i < ngroups; i++) |
125 | xfree(groups_byname[i]); | 126 | free(groups_byname[i]); |
126 | ngroups = 0; | 127 | ngroups = 0; |
127 | xfree(groups_byname); | 128 | free(groups_byname); |
128 | } | 129 | } |
129 | } | 130 | } |
diff --git a/gss-genr.c b/gss-genr.c index f9b39cfd5..630c263da 100644 --- a/gss-genr.c +++ b/gss-genr.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: gss-genr.c,v 1.20 2009/06/22 05:39:28 dtucker Exp $ */ | 1 | /* $OpenBSD: gss-genr.c,v 1.21 2013/05/17 00:13:13 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved. | 4 | * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved. |
@@ -214,8 +214,8 @@ void | |||
214 | ssh_gssapi_set_oid_data(Gssctxt *ctx, void *data, size_t len) | 214 | ssh_gssapi_set_oid_data(Gssctxt *ctx, void *data, size_t len) |
215 | { | 215 | { |
216 | if (ctx->oid != GSS_C_NO_OID) { | 216 | if (ctx->oid != GSS_C_NO_OID) { |
217 | xfree(ctx->oid->elements); | 217 | free(ctx->oid->elements); |
218 | xfree(ctx->oid); | 218 | free(ctx->oid); |
219 | } | 219 | } |
220 | ctx->oid = xmalloc(sizeof(gss_OID_desc)); | 220 | ctx->oid = xmalloc(sizeof(gss_OID_desc)); |
221 | ctx->oid->length = len; | 221 | ctx->oid->length = len; |
@@ -238,7 +238,7 @@ ssh_gssapi_error(Gssctxt *ctxt) | |||
238 | 238 | ||
239 | s = ssh_gssapi_last_error(ctxt, NULL, NULL); | 239 | s = ssh_gssapi_last_error(ctxt, NULL, NULL); |
240 | debug("%s", s); | 240 | debug("%s", s); |
241 | xfree(s); | 241 | free(s); |
242 | } | 242 | } |
243 | 243 | ||
244 | char * | 244 | char * |
@@ -319,8 +319,8 @@ ssh_gssapi_delete_ctx(Gssctxt **ctx) | |||
319 | if ((*ctx)->name != GSS_C_NO_NAME) | 319 | if ((*ctx)->name != GSS_C_NO_NAME) |
320 | gss_release_name(&ms, &(*ctx)->name); | 320 | gss_release_name(&ms, &(*ctx)->name); |
321 | if ((*ctx)->oid != GSS_C_NO_OID) { | 321 | if ((*ctx)->oid != GSS_C_NO_OID) { |
322 | xfree((*ctx)->oid->elements); | 322 | free((*ctx)->oid->elements); |
323 | xfree((*ctx)->oid); | 323 | free((*ctx)->oid); |
324 | (*ctx)->oid = GSS_C_NO_OID; | 324 | (*ctx)->oid = GSS_C_NO_OID; |
325 | } | 325 | } |
326 | if ((*ctx)->creds != GSS_C_NO_CREDENTIAL) | 326 | if ((*ctx)->creds != GSS_C_NO_CREDENTIAL) |
@@ -330,7 +330,7 @@ ssh_gssapi_delete_ctx(Gssctxt **ctx) | |||
330 | if ((*ctx)->client_creds != GSS_C_NO_CREDENTIAL) | 330 | if ((*ctx)->client_creds != GSS_C_NO_CREDENTIAL) |
331 | gss_release_cred(&ms, &(*ctx)->client_creds); | 331 | gss_release_cred(&ms, &(*ctx)->client_creds); |
332 | 332 | ||
333 | xfree(*ctx); | 333 | free(*ctx); |
334 | *ctx = NULL; | 334 | *ctx = NULL; |
335 | } | 335 | } |
336 | 336 | ||
@@ -377,7 +377,7 @@ ssh_gssapi_import_name(Gssctxt *ctx, const char *host) | |||
377 | &gssbuf, GSS_C_NT_HOSTBASED_SERVICE, &ctx->name))) | 377 | &gssbuf, GSS_C_NT_HOSTBASED_SERVICE, &ctx->name))) |
378 | ssh_gssapi_error(ctx); | 378 | ssh_gssapi_error(ctx); |
379 | 379 | ||
380 | xfree(gssbuf.value); | 380 | free(gssbuf.value); |
381 | return (ctx->major); | 381 | return (ctx->major); |
382 | } | 382 | } |
383 | 383 | ||
diff --git a/gss-serv-krb5.c b/gss-serv-krb5.c index e7170ee41..c55446a0b 100644 --- a/gss-serv-krb5.c +++ b/gss-serv-krb5.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: gss-serv-krb5.c,v 1.7 2006/08/03 03:34:42 deraadt Exp $ */ | 1 | /* $OpenBSD: gss-serv-krb5.c,v 1.8 2013/07/20 01:55:13 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2001-2007 Simon Wilkinson. All rights reserved. | 4 | * Copyright (c) 2001-2007 Simon Wilkinson. All rights reserved. |
@@ -48,12 +48,11 @@ extern ServerOptions options; | |||
48 | 48 | ||
49 | #ifdef HEIMDAL | 49 | #ifdef HEIMDAL |
50 | # include <krb5.h> | 50 | # include <krb5.h> |
51 | #else | 51 | #endif |
52 | # ifdef HAVE_GSSAPI_KRB5_H | 52 | #ifdef HAVE_GSSAPI_KRB5_H |
53 | # include <gssapi_krb5.h> | 53 | # include <gssapi_krb5.h> |
54 | # elif HAVE_GSSAPI_GSSAPI_KRB5_H | 54 | #elif HAVE_GSSAPI_GSSAPI_KRB5_H |
55 | # include <gssapi/gssapi_krb5.h> | 55 | # include <gssapi/gssapi_krb5.h> |
56 | # endif | ||
57 | #endif | 56 | #endif |
58 | 57 | ||
59 | static krb5_context krb_context = NULL; | 58 | static krb5_context krb_context = NULL; |
@@ -87,14 +86,16 @@ ssh_gssapi_krb5_userok(ssh_gssapi_client *client, char *name) | |||
87 | { | 86 | { |
88 | krb5_principal princ; | 87 | krb5_principal princ; |
89 | int retval; | 88 | int retval; |
89 | const char *errmsg; | ||
90 | 90 | ||
91 | if (ssh_gssapi_krb5_init() == 0) | 91 | if (ssh_gssapi_krb5_init() == 0) |
92 | return 0; | 92 | return 0; |
93 | 93 | ||
94 | if ((retval = krb5_parse_name(krb_context, client->exportedname.value, | 94 | if ((retval = krb5_parse_name(krb_context, client->exportedname.value, |
95 | &princ))) { | 95 | &princ))) { |
96 | logit("krb5_parse_name(): %.100s", | 96 | errmsg = krb5_get_error_message(krb_context, retval); |
97 | krb5_get_err_text(krb_context, retval)); | 97 | logit("krb5_parse_name(): %.100s", errmsg); |
98 | krb5_free_error_message(krb_context, errmsg); | ||
98 | return 0; | 99 | return 0; |
99 | } | 100 | } |
100 | if (krb5_kuserok(krb_context, princ, name)) { | 101 | if (krb5_kuserok(krb_context, princ, name)) { |
@@ -120,6 +121,7 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client) | |||
120 | krb5_principal princ; | 121 | krb5_principal princ; |
121 | OM_uint32 maj_status, min_status; | 122 | OM_uint32 maj_status, min_status; |
122 | int len; | 123 | int len; |
124 | const char *errmsg; | ||
123 | const char *new_ccname; | 125 | const char *new_ccname; |
124 | 126 | ||
125 | if (client->creds == NULL) { | 127 | if (client->creds == NULL) { |
@@ -131,30 +133,34 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client) | |||
131 | return; | 133 | return; |
132 | 134 | ||
133 | #ifdef HEIMDAL | 135 | #ifdef HEIMDAL |
134 | if ((problem = krb5_cc_gen_new(krb_context, &krb5_fcc_ops, &ccache))) { | 136 | if ((problem = krb5_cc_new_unique(krb_context, krb5_fcc_ops.prefix, |
135 | logit("krb5_cc_gen_new(): %.100s", | 137 | NULL, &ccache)) != 0) { |
136 | krb5_get_err_text(krb_context, problem)); | 138 | errmsg = krb5_get_error_message(krb_context, problem); |
139 | logit("krb5_cc_new_unique(): %.100s", errmsg); | ||
140 | krb5_free_error_message(krb_context, errmsg); | ||
137 | return; | 141 | return; |
138 | } | 142 | } |
139 | #else | 143 | #else |
140 | if ((problem = ssh_krb5_cc_gen(krb_context, &ccache))) { | 144 | if ((problem = ssh_krb5_cc_gen(krb_context, &ccache))) { |
141 | logit("ssh_krb5_cc_gen(): %.100s", | 145 | errmsg = krb5_get_error_message(krb_context, problem); |
142 | krb5_get_err_text(krb_context, problem)); | 146 | logit("ssh_krb5_cc_gen(): %.100s", errmsg); |
147 | krb5_free_error_message(krb_context, errmsg); | ||
143 | return; | 148 | return; |
144 | } | 149 | } |
145 | #endif /* #ifdef HEIMDAL */ | 150 | #endif /* #ifdef HEIMDAL */ |
146 | 151 | ||
147 | if ((problem = krb5_parse_name(krb_context, | 152 | if ((problem = krb5_parse_name(krb_context, |
148 | client->exportedname.value, &princ))) { | 153 | client->exportedname.value, &princ))) { |
149 | logit("krb5_parse_name(): %.100s", | 154 | errmsg = krb5_get_error_message(krb_context, problem); |
150 | krb5_get_err_text(krb_context, problem)); | 155 | logit("krb5_parse_name(): %.100s", errmsg); |
151 | krb5_cc_destroy(krb_context, ccache); | 156 | krb5_free_error_message(krb_context, errmsg); |
152 | return; | 157 | return; |
153 | } | 158 | } |
154 | 159 | ||
155 | if ((problem = krb5_cc_initialize(krb_context, ccache, princ))) { | 160 | if ((problem = krb5_cc_initialize(krb_context, ccache, princ))) { |
156 | logit("krb5_cc_initialize(): %.100s", | 161 | errmsg = krb5_get_error_message(krb_context, problem); |
157 | krb5_get_err_text(krb_context, problem)); | 162 | logit("krb5_cc_initialize(): %.100s", errmsg); |
163 | krb5_free_error_message(krb_context, errmsg); | ||
158 | krb5_free_principal(krb_context, princ); | 164 | krb5_free_principal(krb_context, princ); |
159 | krb5_cc_destroy(krb_context, ccache); | 165 | krb5_cc_destroy(krb_context, ccache); |
160 | return; | 166 | return; |
diff --git a/gss-serv.c b/gss-serv.c index 380895ea5..97f366fdf 100644 --- a/gss-serv.c +++ b/gss-serv.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: gss-serv.c,v 1.23 2011/08/01 19:18:15 markus Exp $ */ | 1 | /* $OpenBSD: gss-serv.c,v 1.24 2013/07/20 01:55:13 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved. | 4 | * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved. |
@@ -55,7 +55,8 @@ extern ServerOptions options; | |||
55 | 55 | ||
56 | static ssh_gssapi_client gssapi_client = | 56 | static ssh_gssapi_client gssapi_client = |
57 | { GSS_C_EMPTY_BUFFER, GSS_C_EMPTY_BUFFER, | 57 | { GSS_C_EMPTY_BUFFER, GSS_C_EMPTY_BUFFER, |
58 | GSS_C_NO_CREDENTIAL, GSS_C_NO_NAME, NULL, {NULL, NULL, NULL}, 0, 0}; | 58 | GSS_C_NO_CREDENTIAL, GSS_C_NO_NAME, NULL, |
59 | {NULL, NULL, NULL, NULL, NULL}, 0, 0}; | ||
59 | 60 | ||
60 | ssh_gssapi_mech gssapi_null_mech = | 61 | ssh_gssapi_mech gssapi_null_mech = |
61 | { NULL, NULL, {0, NULL}, NULL, NULL, NULL, NULL, NULL}; | 62 | { NULL, NULL, {0, NULL}, NULL, NULL, NULL, NULL, NULL}; |
diff --git a/hostfile.c b/hostfile.c index b6f924b23..2ff4c48b4 100644 --- a/hostfile.c +++ b/hostfile.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: hostfile.c,v 1.50 2010/12/04 13:31:37 djm Exp $ */ | 1 | /* $OpenBSD: hostfile.c,v 1.52 2013/07/12 00:19:58 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -64,7 +64,7 @@ struct hostkeys { | |||
64 | }; | 64 | }; |
65 | 65 | ||
66 | static int | 66 | static int |
67 | extract_salt(const char *s, u_int l, char *salt, size_t salt_len) | 67 | extract_salt(const char *s, u_int l, u_char *salt, size_t salt_len) |
68 | { | 68 | { |
69 | char *p, *b64salt; | 69 | char *p, *b64salt; |
70 | u_int b64len; | 70 | u_int b64len; |
@@ -96,7 +96,7 @@ extract_salt(const char *s, u_int l, char *salt, size_t salt_len) | |||
96 | b64salt[b64len] = '\0'; | 96 | b64salt[b64len] = '\0'; |
97 | 97 | ||
98 | ret = __b64_pton(b64salt, salt, salt_len); | 98 | ret = __b64_pton(b64salt, salt, salt_len); |
99 | xfree(b64salt); | 99 | free(b64salt); |
100 | if (ret == -1) { | 100 | if (ret == -1) { |
101 | debug2("extract_salt: salt decode error"); | 101 | debug2("extract_salt: salt decode error"); |
102 | return (-1); | 102 | return (-1); |
@@ -115,7 +115,8 @@ host_hash(const char *host, const char *name_from_hostfile, u_int src_len) | |||
115 | { | 115 | { |
116 | const EVP_MD *md = EVP_sha1(); | 116 | const EVP_MD *md = EVP_sha1(); |
117 | HMAC_CTX mac_ctx; | 117 | HMAC_CTX mac_ctx; |
118 | char salt[256], result[256], uu_salt[512], uu_result[512]; | 118 | u_char salt[256], result[256]; |
119 | char uu_salt[512], uu_result[512]; | ||
119 | static char encoded[1024]; | 120 | static char encoded[1024]; |
120 | u_int i, len; | 121 | u_int i, len; |
121 | 122 | ||
@@ -133,7 +134,7 @@ host_hash(const char *host, const char *name_from_hostfile, u_int src_len) | |||
133 | } | 134 | } |
134 | 135 | ||
135 | HMAC_Init(&mac_ctx, salt, len, md); | 136 | HMAC_Init(&mac_ctx, salt, len, md); |
136 | HMAC_Update(&mac_ctx, host, strlen(host)); | 137 | HMAC_Update(&mac_ctx, (u_char *)host, strlen(host)); |
137 | HMAC_Final(&mac_ctx, result, NULL); | 138 | HMAC_Final(&mac_ctx, result, NULL); |
138 | HMAC_cleanup(&mac_ctx); | 139 | HMAC_cleanup(&mac_ctx); |
139 | 140 | ||
@@ -153,7 +154,7 @@ host_hash(const char *host, const char *name_from_hostfile, u_int src_len) | |||
153 | */ | 154 | */ |
154 | 155 | ||
155 | int | 156 | int |
156 | hostfile_read_key(char **cpp, u_int *bitsp, Key *ret) | 157 | hostfile_read_key(char **cpp, int *bitsp, Key *ret) |
157 | { | 158 | { |
158 | char *cp; | 159 | char *cp; |
159 | 160 | ||
@@ -170,8 +171,10 @@ hostfile_read_key(char **cpp, u_int *bitsp, Key *ret) | |||
170 | 171 | ||
171 | /* Return results. */ | 172 | /* Return results. */ |
172 | *cpp = cp; | 173 | *cpp = cp; |
173 | if (bitsp != NULL) | 174 | if (bitsp != NULL) { |
174 | *bitsp = key_size(ret); | 175 | if ((*bitsp = key_size(ret)) <= 0) |
176 | return 0; | ||
177 | } | ||
175 | return 1; | 178 | return 1; |
176 | } | 179 | } |
177 | 180 | ||
@@ -327,16 +330,14 @@ free_hostkeys(struct hostkeys *hostkeys) | |||
327 | u_int i; | 330 | u_int i; |
328 | 331 | ||
329 | for (i = 0; i < hostkeys->num_entries; i++) { | 332 | for (i = 0; i < hostkeys->num_entries; i++) { |
330 | xfree(hostkeys->entries[i].host); | 333 | free(hostkeys->entries[i].host); |
331 | xfree(hostkeys->entries[i].file); | 334 | free(hostkeys->entries[i].file); |
332 | key_free(hostkeys->entries[i].key); | 335 | key_free(hostkeys->entries[i].key); |
333 | bzero(hostkeys->entries + i, sizeof(*hostkeys->entries)); | 336 | bzero(hostkeys->entries + i, sizeof(*hostkeys->entries)); |
334 | } | 337 | } |
335 | if (hostkeys->entries != NULL) | 338 | free(hostkeys->entries); |
336 | xfree(hostkeys->entries); | 339 | bzero(hostkeys, sizeof(*hostkeys)); |
337 | hostkeys->entries = NULL; | 340 | free(hostkeys); |
338 | hostkeys->num_entries = 0; | ||
339 | xfree(hostkeys); | ||
340 | } | 341 | } |
341 | 342 | ||
342 | static int | 343 | static int |
diff --git a/hostfile.h b/hostfile.h index d84d422ff..679c034f3 100644 --- a/hostfile.h +++ b/hostfile.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: hostfile.h,v 1.19 2010/11/29 23:45:51 djm Exp $ */ | 1 | /* $OpenBSD: hostfile.h,v 1.20 2013/07/12 00:19:58 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
@@ -40,7 +40,7 @@ HostStatus check_key_in_hostkeys(struct hostkeys *, Key *, | |||
40 | int lookup_key_in_hostkeys_by_type(struct hostkeys *, int, | 40 | int lookup_key_in_hostkeys_by_type(struct hostkeys *, int, |
41 | const struct hostkey_entry **); | 41 | const struct hostkey_entry **); |
42 | 42 | ||
43 | int hostfile_read_key(char **, u_int *, Key *); | 43 | int hostfile_read_key(char **, int *, Key *); |
44 | int add_host_to_hostfile(const char *, const char *, const Key *, int); | 44 | int add_host_to_hostfile(const char *, const char *, const Key *, int); |
45 | 45 | ||
46 | #define HASH_MAGIC "|1|" | 46 | #define HASH_MAGIC "|1|" |
diff --git a/includes.h b/includes.h index 3e206c899..07bcd89f2 100644 --- a/includes.h +++ b/includes.h | |||
@@ -18,7 +18,9 @@ | |||
18 | 18 | ||
19 | #include "config.h" | 19 | #include "config.h" |
20 | 20 | ||
21 | #ifndef _GNU_SOURCE | ||
21 | #define _GNU_SOURCE /* activate extra prototypes for glibc */ | 22 | #define _GNU_SOURCE /* activate extra prototypes for glibc */ |
23 | #endif | ||
22 | 24 | ||
23 | #include <sys/types.h> | 25 | #include <sys/types.h> |
24 | #include <sys/socket.h> /* For CMSG_* */ | 26 | #include <sys/socket.h> /* For CMSG_* */ |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: jpake.c,v 1.7 2012/06/18 11:43:53 dtucker Exp $ */ | 1 | /* $OpenBSD: jpake.c,v 1.8 2013/05/17 00:13:13 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2008 Damien Miller. All rights reserved. | 3 | * Copyright (c) 2008 Damien Miller. All rights reserved. |
4 | * | 4 | * |
@@ -106,7 +106,7 @@ jpake_free(struct jpake_ctx *pctx) | |||
106 | do { \ | 106 | do { \ |
107 | if ((v) != NULL) { \ | 107 | if ((v) != NULL) { \ |
108 | bzero((v), (l)); \ | 108 | bzero((v), (l)); \ |
109 | xfree(v); \ | 109 | free(v); \ |
110 | (v) = NULL; \ | 110 | (v) = NULL; \ |
111 | (l) = 0; \ | 111 | (l) = 0; \ |
112 | } \ | 112 | } \ |
@@ -134,7 +134,7 @@ jpake_free(struct jpake_ctx *pctx) | |||
134 | #undef JPAKE_BUF_CLEAR_FREE | 134 | #undef JPAKE_BUF_CLEAR_FREE |
135 | 135 | ||
136 | bzero(pctx, sizeof(*pctx)); | 136 | bzero(pctx, sizeof(*pctx)); |
137 | xfree(pctx); | 137 | free(pctx); |
138 | } | 138 | } |
139 | 139 | ||
140 | /* dump entire jpake_ctx. NB. includes private values! */ | 140 | /* dump entire jpake_ctx. NB. includes private values! */ |
@@ -445,7 +445,7 @@ jpake_check_confirm(const BIGNUM *k, | |||
445 | expected_confirm_hash_len) == 0) | 445 | expected_confirm_hash_len) == 0) |
446 | success = 1; | 446 | success = 1; |
447 | bzero(expected_confirm_hash, expected_confirm_hash_len); | 447 | bzero(expected_confirm_hash, expected_confirm_hash_len); |
448 | xfree(expected_confirm_hash); | 448 | free(expected_confirm_hash); |
449 | debug3("%s: success = %d", __func__, success); | 449 | debug3("%s: success = %d", __func__, success); |
450 | return success; | 450 | return success; |
451 | } | 451 | } |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: kex.c,v 1.88 2013/01/08 18:49:04 markus Exp $ */ | 1 | /* $OpenBSD: kex.c,v 1.91 2013/05/17 00:13:13 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -66,6 +66,69 @@ extern const EVP_MD *evp_ssh_sha256(void); | |||
66 | static void kex_kexinit_finish(Kex *); | 66 | static void kex_kexinit_finish(Kex *); |
67 | static void kex_choose_conf(Kex *); | 67 | static void kex_choose_conf(Kex *); |
68 | 68 | ||
69 | struct kexalg { | ||
70 | char *name; | ||
71 | int type; | ||
72 | int ec_nid; | ||
73 | const EVP_MD *(*mdfunc)(void); | ||
74 | }; | ||
75 | static const struct kexalg kexalgs[] = { | ||
76 | { KEX_DH1, KEX_DH_GRP1_SHA1, 0, EVP_sha1 }, | ||
77 | { KEX_DH14, KEX_DH_GRP14_SHA1, 0, EVP_sha1 }, | ||
78 | { KEX_DHGEX_SHA1, KEX_DH_GEX_SHA1, 0, EVP_sha1 }, | ||
79 | #ifdef HAVE_EVP_SHA256 | ||
80 | { KEX_DHGEX_SHA256, KEX_DH_GEX_SHA256, 0, EVP_sha256 }, | ||
81 | #endif | ||
82 | #ifdef OPENSSL_HAS_ECC | ||
83 | { KEX_ECDH_SHA2_NISTP256, KEX_ECDH_SHA2, NID_X9_62_prime256v1, EVP_sha256 }, | ||
84 | { KEX_ECDH_SHA2_NISTP384, KEX_ECDH_SHA2, NID_secp384r1, EVP_sha384 }, | ||
85 | { KEX_ECDH_SHA2_NISTP521, KEX_ECDH_SHA2, NID_secp521r1, EVP_sha512 }, | ||
86 | #endif | ||
87 | { NULL, -1, -1, NULL}, | ||
88 | }; | ||
89 | static const struct kexalg kexalg_prefixes[] = { | ||
90 | #ifdef GSSAPI | ||
91 | { KEX_GSS_GEX_SHA1_ID, KEX_GSS_GEX_SHA1, 0, EVP_sha1 }, | ||
92 | { KEX_GSS_GRP1_SHA1_ID, KEX_GSS_GRP1_SHA1, 0, EVP_sha1 }, | ||
93 | { KEX_GSS_GRP14_SHA1_ID, KEX_GSS_GRP14_SHA1, 0, EVP_sha1 }, | ||
94 | #endif | ||
95 | { NULL, -1, -1, NULL }, | ||
96 | }; | ||
97 | |||
98 | char * | ||
99 | kex_alg_list(void) | ||
100 | { | ||
101 | char *ret = NULL; | ||
102 | size_t nlen, rlen = 0; | ||
103 | const struct kexalg *k; | ||
104 | |||
105 | for (k = kexalgs; k->name != NULL; k++) { | ||
106 | if (ret != NULL) | ||
107 | ret[rlen++] = '\n'; | ||
108 | nlen = strlen(k->name); | ||
109 | ret = xrealloc(ret, 1, rlen + nlen + 2); | ||
110 | memcpy(ret + rlen, k->name, nlen + 1); | ||
111 | rlen += nlen; | ||
112 | } | ||
113 | return ret; | ||
114 | } | ||
115 | |||
116 | static const struct kexalg * | ||
117 | kex_alg_by_name(const char *name) | ||
118 | { | ||
119 | const struct kexalg *k; | ||
120 | |||
121 | for (k = kexalgs; k->name != NULL; k++) { | ||
122 | if (strcmp(k->name, name) == 0) | ||
123 | return k; | ||
124 | } | ||
125 | for (k = kexalg_prefixes; k->name != NULL; k++) { | ||
126 | if (strncmp(k->name, name, strlen(k->name)) == 0) | ||
127 | return k; | ||
128 | } | ||
129 | return NULL; | ||
130 | } | ||
131 | |||
69 | /* Validate KEX method name list */ | 132 | /* Validate KEX method name list */ |
70 | int | 133 | int |
71 | kex_names_valid(const char *names) | 134 | kex_names_valid(const char *names) |
@@ -77,20 +140,14 @@ kex_names_valid(const char *names) | |||
77 | s = cp = xstrdup(names); | 140 | s = cp = xstrdup(names); |
78 | for ((p = strsep(&cp, ",")); p && *p != '\0'; | 141 | for ((p = strsep(&cp, ",")); p && *p != '\0'; |
79 | (p = strsep(&cp, ","))) { | 142 | (p = strsep(&cp, ","))) { |
80 | if (strcmp(p, KEX_DHGEX_SHA256) != 0 && | 143 | if (kex_alg_by_name(p) == NULL) { |
81 | strcmp(p, KEX_DHGEX_SHA1) != 0 && | ||
82 | strcmp(p, KEX_DH14) != 0 && | ||
83 | strcmp(p, KEX_DH1) != 0 && | ||
84 | (strncmp(p, KEX_ECDH_SHA2_STEM, | ||
85 | sizeof(KEX_ECDH_SHA2_STEM) - 1) != 0 || | ||
86 | kex_ecdh_name_to_nid(p) == -1)) { | ||
87 | error("Unsupported KEX algorithm \"%.100s\"", p); | 144 | error("Unsupported KEX algorithm \"%.100s\"", p); |
88 | xfree(s); | 145 | free(s); |
89 | return 0; | 146 | return 0; |
90 | } | 147 | } |
91 | } | 148 | } |
92 | debug3("kex names ok: [%s]", names); | 149 | debug3("kex names ok: [%s]", names); |
93 | xfree(s); | 150 | free(s); |
94 | return 1; | 151 | return 1; |
95 | } | 152 | } |
96 | 153 | ||
@@ -150,8 +207,8 @@ kex_prop_free(char **proposal) | |||
150 | u_int i; | 207 | u_int i; |
151 | 208 | ||
152 | for (i = 0; i < PROPOSAL_MAX; i++) | 209 | for (i = 0; i < PROPOSAL_MAX; i++) |
153 | xfree(proposal[i]); | 210 | free(proposal[i]); |
154 | xfree(proposal); | 211 | free(proposal); |
155 | } | 212 | } |
156 | 213 | ||
157 | /* ARGSUSED */ | 214 | /* ARGSUSED */ |
@@ -188,7 +245,7 @@ kex_finish(Kex *kex) | |||
188 | buffer_clear(&kex->peer); | 245 | buffer_clear(&kex->peer); |
189 | /* buffer_clear(&kex->my); */ | 246 | /* buffer_clear(&kex->my); */ |
190 | kex->flags &= ~KEX_INIT_SENT; | 247 | kex->flags &= ~KEX_INIT_SENT; |
191 | xfree(kex->name); | 248 | free(kex->name); |
192 | kex->name = NULL; | 249 | kex->name = NULL; |
193 | } | 250 | } |
194 | 251 | ||
@@ -245,7 +302,7 @@ kex_input_kexinit(int type, u_int32_t seq, void *ctxt) | |||
245 | for (i = 0; i < KEX_COOKIE_LEN; i++) | 302 | for (i = 0; i < KEX_COOKIE_LEN; i++) |
246 | packet_get_char(); | 303 | packet_get_char(); |
247 | for (i = 0; i < PROPOSAL_MAX; i++) | 304 | for (i = 0; i < PROPOSAL_MAX; i++) |
248 | xfree(packet_get_string(NULL)); | 305 | free(packet_get_string(NULL)); |
249 | /* | 306 | /* |
250 | * XXX RFC4253 sec 7: "each side MAY guess" - currently no supported | 307 | * XXX RFC4253 sec 7: "each side MAY guess" - currently no supported |
251 | * KEX method has the server move first, but a server might be using | 308 | * KEX method has the server move first, but a server might be using |
@@ -352,43 +409,16 @@ choose_comp(Comp *comp, char *client, char *server) | |||
352 | static void | 409 | static void |
353 | choose_kex(Kex *k, char *client, char *server) | 410 | choose_kex(Kex *k, char *client, char *server) |
354 | { | 411 | { |
412 | const struct kexalg *kexalg; | ||
413 | |||
355 | k->name = match_list(client, server, NULL); | 414 | k->name = match_list(client, server, NULL); |
356 | if (k->name == NULL) | 415 | if (k->name == NULL) |
357 | fatal("Unable to negotiate a key exchange method"); | 416 | fatal("Unable to negotiate a key exchange method"); |
358 | if (strcmp(k->name, KEX_DH1) == 0) { | 417 | if ((kexalg = kex_alg_by_name(k->name)) == NULL) |
359 | k->kex_type = KEX_DH_GRP1_SHA1; | 418 | fatal("unsupported kex alg %s", k->name); |
360 | k->evp_md = EVP_sha1(); | 419 | k->kex_type = kexalg->type; |
361 | } else if (strcmp(k->name, KEX_DH14) == 0) { | 420 | k->evp_md = kexalg->mdfunc(); |
362 | k->kex_type = KEX_DH_GRP14_SHA1; | 421 | k->ec_nid = kexalg->ec_nid; |
363 | k->evp_md = EVP_sha1(); | ||
364 | } else if (strcmp(k->name, KEX_DHGEX_SHA1) == 0) { | ||
365 | k->kex_type = KEX_DH_GEX_SHA1; | ||
366 | k->evp_md = EVP_sha1(); | ||
367 | #if OPENSSL_VERSION_NUMBER >= 0x00907000L | ||
368 | } else if (strcmp(k->name, KEX_DHGEX_SHA256) == 0) { | ||
369 | k->kex_type = KEX_DH_GEX_SHA256; | ||
370 | k->evp_md = evp_ssh_sha256(); | ||
371 | } else if (strncmp(k->name, KEX_ECDH_SHA2_STEM, | ||
372 | sizeof(KEX_ECDH_SHA2_STEM) - 1) == 0) { | ||
373 | k->kex_type = KEX_ECDH_SHA2; | ||
374 | k->evp_md = kex_ecdh_name_to_evpmd(k->name); | ||
375 | #endif | ||
376 | #ifdef GSSAPI | ||
377 | } else if (strncmp(k->name, KEX_GSS_GEX_SHA1_ID, | ||
378 | sizeof(KEX_GSS_GEX_SHA1_ID) - 1) == 0) { | ||
379 | k->kex_type = KEX_GSS_GEX_SHA1; | ||
380 | k->evp_md = EVP_sha1(); | ||
381 | } else if (strncmp(k->name, KEX_GSS_GRP1_SHA1_ID, | ||
382 | sizeof(KEX_GSS_GRP1_SHA1_ID) - 1) == 0) { | ||
383 | k->kex_type = KEX_GSS_GRP1_SHA1; | ||
384 | k->evp_md = EVP_sha1(); | ||
385 | } else if (strncmp(k->name, KEX_GSS_GRP14_SHA1_ID, | ||
386 | sizeof(KEX_GSS_GRP14_SHA1_ID) - 1) == 0) { | ||
387 | k->kex_type = KEX_GSS_GRP14_SHA1; | ||
388 | k->evp_md = EVP_sha1(); | ||
389 | #endif | ||
390 | } else | ||
391 | fatal("bad kex alg %s", k->name); | ||
392 | } | 422 | } |
393 | 423 | ||
394 | static void | 424 | static void |
@@ -400,7 +430,7 @@ choose_hostkeyalg(Kex *k, char *client, char *server) | |||
400 | k->hostkey_type = key_type_from_name(hostkeyalg); | 430 | k->hostkey_type = key_type_from_name(hostkeyalg); |
401 | if (k->hostkey_type == KEY_UNSPEC) | 431 | if (k->hostkey_type == KEY_UNSPEC) |
402 | fatal("bad hostkey alg '%s'", hostkeyalg); | 432 | fatal("bad hostkey alg '%s'", hostkeyalg); |
403 | xfree(hostkeyalg); | 433 | free(hostkeyalg); |
404 | } | 434 | } |
405 | 435 | ||
406 | static int | 436 | static int |
@@ -454,7 +484,7 @@ kex_choose_conf(Kex *kex) | |||
454 | roaming = match_list(KEX_RESUME, peer[PROPOSAL_KEX_ALGS], NULL); | 484 | roaming = match_list(KEX_RESUME, peer[PROPOSAL_KEX_ALGS], NULL); |
455 | if (roaming) { | 485 | if (roaming) { |
456 | kex->roaming = 1; | 486 | kex->roaming = 1; |
457 | xfree(roaming); | 487 | free(roaming); |
458 | } | 488 | } |
459 | } | 489 | } |
460 | 490 | ||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: kex.h,v 1.54 2013/01/08 18:49:04 markus Exp $ */ | 1 | /* $OpenBSD: kex.h,v 1.56 2013/07/19 07:37:48 markus Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. |
@@ -40,8 +40,9 @@ | |||
40 | #define KEX_DHGEX_SHA1 "diffie-hellman-group-exchange-sha1" | 40 | #define KEX_DHGEX_SHA1 "diffie-hellman-group-exchange-sha1" |
41 | #define KEX_DHGEX_SHA256 "diffie-hellman-group-exchange-sha256" | 41 | #define KEX_DHGEX_SHA256 "diffie-hellman-group-exchange-sha256" |
42 | #define KEX_RESUME "resume@appgate.com" | 42 | #define KEX_RESUME "resume@appgate.com" |
43 | /* The following represents the family of ECDH methods */ | 43 | #define KEX_ECDH_SHA2_NISTP256 "ecdh-sha2-nistp256" |
44 | #define KEX_ECDH_SHA2_STEM "ecdh-sha2-" | 44 | #define KEX_ECDH_SHA2_NISTP384 "ecdh-sha2-nistp384" |
45 | #define KEX_ECDH_SHA2_NISTP521 "ecdh-sha2-nistp521" | ||
45 | 46 | ||
46 | #define COMP_NONE 0 | 47 | #define COMP_NONE 0 |
47 | #define COMP_ZLIB 1 | 48 | #define COMP_ZLIB 1 |
@@ -89,7 +90,7 @@ typedef struct Newkeys Newkeys; | |||
89 | 90 | ||
90 | struct Enc { | 91 | struct Enc { |
91 | char *name; | 92 | char *name; |
92 | Cipher *cipher; | 93 | const Cipher *cipher; |
93 | int enabled; | 94 | int enabled; |
94 | u_int key_len; | 95 | u_int key_len; |
95 | u_int iv_len; | 96 | u_int iv_len; |
@@ -134,6 +135,7 @@ struct Kex { | |||
134 | sig_atomic_t done; | 135 | sig_atomic_t done; |
135 | int flags; | 136 | int flags; |
136 | const EVP_MD *evp_md; | 137 | const EVP_MD *evp_md; |
138 | int ec_nid; | ||
137 | #ifdef GSSAPI | 139 | #ifdef GSSAPI |
138 | int gss_deleg_creds; | 140 | int gss_deleg_creds; |
139 | int gss_trust_dns; | 141 | int gss_trust_dns; |
@@ -146,10 +148,12 @@ struct Kex { | |||
146 | Key *(*load_host_public_key)(int); | 148 | Key *(*load_host_public_key)(int); |
147 | Key *(*load_host_private_key)(int); | 149 | Key *(*load_host_private_key)(int); |
148 | int (*host_key_index)(Key *); | 150 | int (*host_key_index)(Key *); |
151 | void (*sign)(Key *, Key *, u_char **, u_int *, u_char *, u_int); | ||
149 | void (*kex[KEX_MAX])(Kex *); | 152 | void (*kex[KEX_MAX])(Kex *); |
150 | }; | 153 | }; |
151 | 154 | ||
152 | int kex_names_valid(const char *); | 155 | int kex_names_valid(const char *); |
156 | char *kex_alg_list(void); | ||
153 | 157 | ||
154 | Kex *kex_setup(char *[PROPOSAL_MAX]); | 158 | Kex *kex_setup(char *[PROPOSAL_MAX]); |
155 | void kex_finish(Kex *); | 159 | void kex_finish(Kex *); |
@@ -184,11 +188,6 @@ void | |||
184 | kex_ecdh_hash(const EVP_MD *, const EC_GROUP *, char *, char *, char *, int, | 188 | kex_ecdh_hash(const EVP_MD *, const EC_GROUP *, char *, char *, char *, int, |
185 | char *, int, u_char *, int, const EC_POINT *, const EC_POINT *, | 189 | char *, int, u_char *, int, const EC_POINT *, const EC_POINT *, |
186 | const BIGNUM *, u_char **, u_int *); | 190 | const BIGNUM *, u_char **, u_int *); |
187 | int kex_ecdh_name_to_nid(const char *); | ||
188 | const EVP_MD *kex_ecdh_name_to_evpmd(const char *); | ||
189 | #else | ||
190 | # define kex_ecdh_name_to_nid(x) (-1) | ||
191 | # define kex_ecdh_name_to_evpmd(x) (NULL) | ||
192 | #endif | 191 | #endif |
193 | 192 | ||
194 | void | 193 | void |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: kexdhc.c,v 1.12 2010/11/10 01:33:07 djm Exp $ */ | 1 | /* $OpenBSD: kexdhc.c,v 1.13 2013/05/17 00:13:13 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -125,7 +125,7 @@ kexdh_client(Kex *kex) | |||
125 | if (BN_bin2bn(kbuf, kout, shared_secret) == NULL) | 125 | if (BN_bin2bn(kbuf, kout, shared_secret) == NULL) |
126 | fatal("kexdh_client: BN_bin2bn failed"); | 126 | fatal("kexdh_client: BN_bin2bn failed"); |
127 | memset(kbuf, 0, klen); | 127 | memset(kbuf, 0, klen); |
128 | xfree(kbuf); | 128 | free(kbuf); |
129 | 129 | ||
130 | /* calc and verify H */ | 130 | /* calc and verify H */ |
131 | kex_dh_hash( | 131 | kex_dh_hash( |
@@ -139,14 +139,14 @@ kexdh_client(Kex *kex) | |||
139 | shared_secret, | 139 | shared_secret, |
140 | &hash, &hashlen | 140 | &hash, &hashlen |
141 | ); | 141 | ); |
142 | xfree(server_host_key_blob); | 142 | free(server_host_key_blob); |
143 | BN_clear_free(dh_server_pub); | 143 | BN_clear_free(dh_server_pub); |
144 | DH_free(dh); | 144 | DH_free(dh); |
145 | 145 | ||
146 | if (key_verify(server_host_key, signature, slen, hash, hashlen) != 1) | 146 | if (key_verify(server_host_key, signature, slen, hash, hashlen) != 1) |
147 | fatal("key_verify failed for server_host_key"); | 147 | fatal("key_verify failed for server_host_key"); |
148 | key_free(server_host_key); | 148 | key_free(server_host_key); |
149 | xfree(signature); | 149 | free(signature); |
150 | 150 | ||
151 | /* save session id */ | 151 | /* save session id */ |
152 | if (kex->session_id == NULL) { | 152 | if (kex->session_id == NULL) { |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: kexdhs.c,v 1.12 2010/11/10 01:33:07 djm Exp $ */ | 1 | /* $OpenBSD: kexdhs.c,v 1.14 2013/07/19 07:37:48 markus Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -80,9 +80,6 @@ kexdh_server(Kex *kex) | |||
80 | if (server_host_public == NULL) | 80 | if (server_host_public == NULL) |
81 | fatal("Unsupported hostkey type %d", kex->hostkey_type); | 81 | fatal("Unsupported hostkey type %d", kex->hostkey_type); |
82 | server_host_private = kex->load_host_private_key(kex->hostkey_type); | 82 | server_host_private = kex->load_host_private_key(kex->hostkey_type); |
83 | if (server_host_private == NULL) | ||
84 | fatal("Missing private key for hostkey type %d", | ||
85 | kex->hostkey_type); | ||
86 | 83 | ||
87 | /* key, cert */ | 84 | /* key, cert */ |
88 | if ((dh_client_pub = BN_new()) == NULL) | 85 | if ((dh_client_pub = BN_new()) == NULL) |
@@ -118,7 +115,7 @@ kexdh_server(Kex *kex) | |||
118 | if (BN_bin2bn(kbuf, kout, shared_secret) == NULL) | 115 | if (BN_bin2bn(kbuf, kout, shared_secret) == NULL) |
119 | fatal("kexdh_server: BN_bin2bn failed"); | 116 | fatal("kexdh_server: BN_bin2bn failed"); |
120 | memset(kbuf, 0, klen); | 117 | memset(kbuf, 0, klen); |
121 | xfree(kbuf); | 118 | free(kbuf); |
122 | 119 | ||
123 | key_to_blob(server_host_public, &server_host_key_blob, &sbloblen); | 120 | key_to_blob(server_host_public, &server_host_key_blob, &sbloblen); |
124 | 121 | ||
@@ -144,9 +141,8 @@ kexdh_server(Kex *kex) | |||
144 | } | 141 | } |
145 | 142 | ||
146 | /* sign H */ | 143 | /* sign H */ |
147 | if (PRIVSEP(key_sign(server_host_private, &signature, &slen, hash, | 144 | kex->sign(server_host_private, server_host_public, &signature, &slen, |
148 | hashlen)) < 0) | 145 | hash, hashlen); |
149 | fatal("kexdh_server: key_sign failed"); | ||
150 | 146 | ||
151 | /* destroy_sensitive_data(); */ | 147 | /* destroy_sensitive_data(); */ |
152 | 148 | ||
@@ -157,8 +153,8 @@ kexdh_server(Kex *kex) | |||
157 | packet_put_string(signature, slen); | 153 | packet_put_string(signature, slen); |
158 | packet_send(); | 154 | packet_send(); |
159 | 155 | ||
160 | xfree(signature); | 156 | free(signature); |
161 | xfree(server_host_key_blob); | 157 | free(server_host_key_blob); |
162 | /* have keys, free DH */ | 158 | /* have keys, free DH */ |
163 | DH_free(dh); | 159 | DH_free(dh); |
164 | 160 | ||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: kexecdh.c,v 1.3 2010/09/22 05:01:29 djm Exp $ */ | 1 | /* $OpenBSD: kexecdh.c,v 1.4 2013/04/19 01:06:50 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. |
4 | * Copyright (c) 2010 Damien Miller. All rights reserved. | 4 | * Copyright (c) 2010 Damien Miller. All rights reserved. |
@@ -45,24 +45,6 @@ | |||
45 | #include "kex.h" | 45 | #include "kex.h" |
46 | #include "log.h" | 46 | #include "log.h" |
47 | 47 | ||
48 | int | ||
49 | kex_ecdh_name_to_nid(const char *kexname) | ||
50 | { | ||
51 | if (strlen(kexname) < sizeof(KEX_ECDH_SHA2_STEM) - 1) | ||
52 | fatal("%s: kexname too short \"%s\"", __func__, kexname); | ||
53 | return key_curve_name_to_nid(kexname + sizeof(KEX_ECDH_SHA2_STEM) - 1); | ||
54 | } | ||
55 | |||
56 | const EVP_MD * | ||
57 | kex_ecdh_name_to_evpmd(const char *kexname) | ||
58 | { | ||
59 | int nid = kex_ecdh_name_to_nid(kexname); | ||
60 | |||
61 | if (nid == -1) | ||
62 | fatal("%s: unsupported ECDH curve \"%s\"", __func__, kexname); | ||
63 | return key_ec_nid_to_evpmd(nid); | ||
64 | } | ||
65 | |||
66 | void | 48 | void |
67 | kex_ecdh_hash( | 49 | kex_ecdh_hash( |
68 | const EVP_MD *evp_md, | 50 | const EVP_MD *evp_md, |
diff --git a/kexecdhc.c b/kexecdhc.c index 115d4bf83..6193836c7 100644 --- a/kexecdhc.c +++ b/kexecdhc.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: kexecdhc.c,v 1.2 2010/09/22 05:01:29 djm Exp $ */ | 1 | /* $OpenBSD: kexecdhc.c,v 1.4 2013/05/17 00:13:13 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. |
4 | * Copyright (c) 2010 Damien Miller. All rights reserved. | 4 | * Copyright (c) 2010 Damien Miller. All rights reserved. |
@@ -57,11 +57,8 @@ kexecdh_client(Kex *kex) | |||
57 | u_char *server_host_key_blob = NULL, *signature = NULL; | 57 | u_char *server_host_key_blob = NULL, *signature = NULL; |
58 | u_char *kbuf, *hash; | 58 | u_char *kbuf, *hash; |
59 | u_int klen, slen, sbloblen, hashlen; | 59 | u_int klen, slen, sbloblen, hashlen; |
60 | int curve_nid; | ||
61 | 60 | ||
62 | if ((curve_nid = kex_ecdh_name_to_nid(kex->name)) == -1) | 61 | if ((client_key = EC_KEY_new_by_curve_name(kex->ec_nid)) == NULL) |
63 | fatal("%s: unsupported ECDH curve \"%s\"", __func__, kex->name); | ||
64 | if ((client_key = EC_KEY_new_by_curve_name(curve_nid)) == NULL) | ||
65 | fatal("%s: EC_KEY_new_by_curve_name failed", __func__); | 62 | fatal("%s: EC_KEY_new_by_curve_name failed", __func__); |
66 | if (EC_KEY_generate_key(client_key) != 1) | 63 | if (EC_KEY_generate_key(client_key) != 1) |
67 | fatal("%s: EC_KEY_generate_key failed", __func__); | 64 | fatal("%s: EC_KEY_generate_key failed", __func__); |
@@ -123,7 +120,7 @@ kexecdh_client(Kex *kex) | |||
123 | if (BN_bin2bn(kbuf, klen, shared_secret) == NULL) | 120 | if (BN_bin2bn(kbuf, klen, shared_secret) == NULL) |
124 | fatal("%s: BN_bin2bn failed", __func__); | 121 | fatal("%s: BN_bin2bn failed", __func__); |
125 | memset(kbuf, 0, klen); | 122 | memset(kbuf, 0, klen); |
126 | xfree(kbuf); | 123 | free(kbuf); |
127 | 124 | ||
128 | /* calc and verify H */ | 125 | /* calc and verify H */ |
129 | kex_ecdh_hash( | 126 | kex_ecdh_hash( |
@@ -139,14 +136,14 @@ kexecdh_client(Kex *kex) | |||
139 | shared_secret, | 136 | shared_secret, |
140 | &hash, &hashlen | 137 | &hash, &hashlen |
141 | ); | 138 | ); |
142 | xfree(server_host_key_blob); | 139 | free(server_host_key_blob); |
143 | EC_POINT_clear_free(server_public); | 140 | EC_POINT_clear_free(server_public); |
144 | EC_KEY_free(client_key); | 141 | EC_KEY_free(client_key); |
145 | 142 | ||
146 | if (key_verify(server_host_key, signature, slen, hash, hashlen) != 1) | 143 | if (key_verify(server_host_key, signature, slen, hash, hashlen) != 1) |
147 | fatal("key_verify failed for server_host_key"); | 144 | fatal("key_verify failed for server_host_key"); |
148 | key_free(server_host_key); | 145 | key_free(server_host_key); |
149 | xfree(signature); | 146 | free(signature); |
150 | 147 | ||
151 | /* save session id */ | 148 | /* save session id */ |
152 | if (kex->session_id == NULL) { | 149 | if (kex->session_id == NULL) { |
diff --git a/kexecdhs.c b/kexecdhs.c index 8c515dfa6..3a580aacf 100644 --- a/kexecdhs.c +++ b/kexecdhs.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: kexecdhs.c,v 1.2 2010/09/22 05:01:29 djm Exp $ */ | 1 | /* $OpenBSD: kexecdhs.c,v 1.5 2013/07/19 07:37:48 markus Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. |
4 | * Copyright (c) 2010 Damien Miller. All rights reserved. | 4 | * Copyright (c) 2010 Damien Miller. All rights reserved. |
@@ -59,11 +59,8 @@ kexecdh_server(Kex *kex) | |||
59 | u_char *server_host_key_blob = NULL, *signature = NULL; | 59 | u_char *server_host_key_blob = NULL, *signature = NULL; |
60 | u_char *kbuf, *hash; | 60 | u_char *kbuf, *hash; |
61 | u_int klen, slen, sbloblen, hashlen; | 61 | u_int klen, slen, sbloblen, hashlen; |
62 | int curve_nid; | ||
63 | 62 | ||
64 | if ((curve_nid = kex_ecdh_name_to_nid(kex->name)) == -1) | 63 | if ((server_key = EC_KEY_new_by_curve_name(kex->ec_nid)) == NULL) |
65 | fatal("%s: unsupported ECDH curve \"%s\"", __func__, kex->name); | ||
66 | if ((server_key = EC_KEY_new_by_curve_name(curve_nid)) == NULL) | ||
67 | fatal("%s: EC_KEY_new_by_curve_name failed", __func__); | 64 | fatal("%s: EC_KEY_new_by_curve_name failed", __func__); |
68 | if (EC_KEY_generate_key(server_key) != 1) | 65 | if (EC_KEY_generate_key(server_key) != 1) |
69 | fatal("%s: EC_KEY_generate_key failed", __func__); | 66 | fatal("%s: EC_KEY_generate_key failed", __func__); |
@@ -81,9 +78,6 @@ kexecdh_server(Kex *kex) | |||
81 | if (server_host_public == NULL) | 78 | if (server_host_public == NULL) |
82 | fatal("Unsupported hostkey type %d", kex->hostkey_type); | 79 | fatal("Unsupported hostkey type %d", kex->hostkey_type); |
83 | server_host_private = kex->load_host_private_key(kex->hostkey_type); | 80 | server_host_private = kex->load_host_private_key(kex->hostkey_type); |
84 | if (server_host_private == NULL) | ||
85 | fatal("Missing private key for hostkey type %d", | ||
86 | kex->hostkey_type); | ||
87 | 81 | ||
88 | debug("expecting SSH2_MSG_KEX_ECDH_INIT"); | 82 | debug("expecting SSH2_MSG_KEX_ECDH_INIT"); |
89 | packet_read_expect(SSH2_MSG_KEX_ECDH_INIT); | 83 | packet_read_expect(SSH2_MSG_KEX_ECDH_INIT); |
@@ -115,7 +109,7 @@ kexecdh_server(Kex *kex) | |||
115 | if (BN_bin2bn(kbuf, klen, shared_secret) == NULL) | 109 | if (BN_bin2bn(kbuf, klen, shared_secret) == NULL) |
116 | fatal("%s: BN_bin2bn failed", __func__); | 110 | fatal("%s: BN_bin2bn failed", __func__); |
117 | memset(kbuf, 0, klen); | 111 | memset(kbuf, 0, klen); |
118 | xfree(kbuf); | 112 | free(kbuf); |
119 | 113 | ||
120 | /* calc H */ | 114 | /* calc H */ |
121 | key_to_blob(server_host_public, &server_host_key_blob, &sbloblen); | 115 | key_to_blob(server_host_public, &server_host_key_blob, &sbloblen); |
@@ -142,9 +136,8 @@ kexecdh_server(Kex *kex) | |||
142 | } | 136 | } |
143 | 137 | ||
144 | /* sign H */ | 138 | /* sign H */ |
145 | if (PRIVSEP(key_sign(server_host_private, &signature, &slen, | 139 | kex->sign(server_host_private, server_host_public, &signature, &slen, |
146 | hash, hashlen)) < 0) | 140 | hash, hashlen); |
147 | fatal("kexdh_server: key_sign failed"); | ||
148 | 141 | ||
149 | /* destroy_sensitive_data(); */ | 142 | /* destroy_sensitive_data(); */ |
150 | 143 | ||
@@ -155,8 +148,8 @@ kexecdh_server(Kex *kex) | |||
155 | packet_put_string(signature, slen); | 148 | packet_put_string(signature, slen); |
156 | packet_send(); | 149 | packet_send(); |
157 | 150 | ||
158 | xfree(signature); | 151 | free(signature); |
159 | xfree(server_host_key_blob); | 152 | free(server_host_key_blob); |
160 | /* have keys, free server key */ | 153 | /* have keys, free server key */ |
161 | EC_KEY_free(server_key); | 154 | EC_KEY_free(server_key); |
162 | 155 | ||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: kexgexc.c,v 1.12 2010/11/10 01:33:07 djm Exp $ */ | 1 | /* $OpenBSD: kexgexc.c,v 1.13 2013/05/17 00:13:13 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Niels Provos. All rights reserved. | 3 | * Copyright (c) 2000 Niels Provos. All rights reserved. |
4 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2001 Markus Friedl. All rights reserved. |
@@ -163,7 +163,7 @@ kexgex_client(Kex *kex) | |||
163 | if (BN_bin2bn(kbuf, kout, shared_secret) == NULL) | 163 | if (BN_bin2bn(kbuf, kout, shared_secret) == NULL) |
164 | fatal("kexgex_client: BN_bin2bn failed"); | 164 | fatal("kexgex_client: BN_bin2bn failed"); |
165 | memset(kbuf, 0, klen); | 165 | memset(kbuf, 0, klen); |
166 | xfree(kbuf); | 166 | free(kbuf); |
167 | 167 | ||
168 | if (datafellows & SSH_OLD_DHGEX) | 168 | if (datafellows & SSH_OLD_DHGEX) |
169 | min = max = -1; | 169 | min = max = -1; |
@@ -186,13 +186,13 @@ kexgex_client(Kex *kex) | |||
186 | 186 | ||
187 | /* have keys, free DH */ | 187 | /* have keys, free DH */ |
188 | DH_free(dh); | 188 | DH_free(dh); |
189 | xfree(server_host_key_blob); | 189 | free(server_host_key_blob); |
190 | BN_clear_free(dh_server_pub); | 190 | BN_clear_free(dh_server_pub); |
191 | 191 | ||
192 | if (key_verify(server_host_key, signature, slen, hash, hashlen) != 1) | 192 | if (key_verify(server_host_key, signature, slen, hash, hashlen) != 1) |
193 | fatal("key_verify failed for server_host_key"); | 193 | fatal("key_verify failed for server_host_key"); |
194 | key_free(server_host_key); | 194 | key_free(server_host_key); |
195 | xfree(signature); | 195 | free(signature); |
196 | 196 | ||
197 | /* save session id */ | 197 | /* save session id */ |
198 | if (kex->session_id == NULL) { | 198 | if (kex->session_id == NULL) { |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: kexgexs.c,v 1.14 2010/11/10 01:33:07 djm Exp $ */ | 1 | /* $OpenBSD: kexgexs.c,v 1.16 2013/07/19 07:37:48 markus Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Niels Provos. All rights reserved. | 3 | * Copyright (c) 2000 Niels Provos. All rights reserved. |
4 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2001 Markus Friedl. All rights reserved. |
@@ -68,10 +68,6 @@ kexgex_server(Kex *kex) | |||
68 | if (server_host_public == NULL) | 68 | if (server_host_public == NULL) |
69 | fatal("Unsupported hostkey type %d", kex->hostkey_type); | 69 | fatal("Unsupported hostkey type %d", kex->hostkey_type); |
70 | server_host_private = kex->load_host_private_key(kex->hostkey_type); | 70 | server_host_private = kex->load_host_private_key(kex->hostkey_type); |
71 | if (server_host_private == NULL) | ||
72 | fatal("Missing private key for hostkey type %d", | ||
73 | kex->hostkey_type); | ||
74 | |||
75 | 71 | ||
76 | type = packet_read(); | 72 | type = packet_read(); |
77 | switch (type) { | 73 | switch (type) { |
@@ -155,7 +151,7 @@ kexgex_server(Kex *kex) | |||
155 | if (BN_bin2bn(kbuf, kout, shared_secret) == NULL) | 151 | if (BN_bin2bn(kbuf, kout, shared_secret) == NULL) |
156 | fatal("kexgex_server: BN_bin2bn failed"); | 152 | fatal("kexgex_server: BN_bin2bn failed"); |
157 | memset(kbuf, 0, klen); | 153 | memset(kbuf, 0, klen); |
158 | xfree(kbuf); | 154 | free(kbuf); |
159 | 155 | ||
160 | key_to_blob(server_host_public, &server_host_key_blob, &sbloblen); | 156 | key_to_blob(server_host_public, &server_host_key_blob, &sbloblen); |
161 | 157 | ||
@@ -187,9 +183,8 @@ kexgex_server(Kex *kex) | |||
187 | } | 183 | } |
188 | 184 | ||
189 | /* sign H */ | 185 | /* sign H */ |
190 | if (PRIVSEP(key_sign(server_host_private, &signature, &slen, hash, | 186 | kex->sign(server_host_private, server_host_public, &signature, &slen, |
191 | hashlen)) < 0) | 187 | hash, hashlen); |
192 | fatal("kexgex_server: key_sign failed"); | ||
193 | 188 | ||
194 | /* destroy_sensitive_data(); */ | 189 | /* destroy_sensitive_data(); */ |
195 | 190 | ||
@@ -201,8 +196,8 @@ kexgex_server(Kex *kex) | |||
201 | packet_put_string(signature, slen); | 196 | packet_put_string(signature, slen); |
202 | packet_send(); | 197 | packet_send(); |
203 | 198 | ||
204 | xfree(signature); | 199 | free(signature); |
205 | xfree(server_host_key_blob); | 200 | free(server_host_key_blob); |
206 | /* have keys, free DH */ | 201 | /* have keys, free DH */ |
207 | DH_free(dh); | 202 | DH_free(dh); |
208 | 203 | ||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: key.c,v 1.100 2013/01/17 23:00:01 djm Exp $ */ | 1 | /* $OpenBSD: key.c,v 1.104 2013/05/19 02:42:42 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * read_bignum(): | 3 | * read_bignum(): |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -187,14 +187,13 @@ cert_free(struct KeyCert *cert) | |||
187 | buffer_free(&cert->certblob); | 187 | buffer_free(&cert->certblob); |
188 | buffer_free(&cert->critical); | 188 | buffer_free(&cert->critical); |
189 | buffer_free(&cert->extensions); | 189 | buffer_free(&cert->extensions); |
190 | if (cert->key_id != NULL) | 190 | free(cert->key_id); |
191 | xfree(cert->key_id); | ||
192 | for (i = 0; i < cert->nprincipals; i++) | 191 | for (i = 0; i < cert->nprincipals; i++) |
193 | xfree(cert->principals[i]); | 192 | free(cert->principals[i]); |
194 | if (cert->principals != NULL) | 193 | free(cert->principals); |
195 | xfree(cert->principals); | ||
196 | if (cert->signature_key != NULL) | 194 | if (cert->signature_key != NULL) |
197 | key_free(cert->signature_key); | 195 | key_free(cert->signature_key); |
196 | free(cert); | ||
198 | } | 197 | } |
199 | 198 | ||
200 | void | 199 | void |
@@ -238,7 +237,7 @@ key_free(Key *k) | |||
238 | k->cert = NULL; | 237 | k->cert = NULL; |
239 | } | 238 | } |
240 | 239 | ||
241 | xfree(k); | 240 | free(k); |
242 | } | 241 | } |
243 | 242 | ||
244 | static int | 243 | static int |
@@ -388,7 +387,7 @@ key_fingerprint_raw(const Key *k, enum fp_type dgst_type, | |||
388 | EVP_DigestUpdate(&ctx, blob, len); | 387 | EVP_DigestUpdate(&ctx, blob, len); |
389 | EVP_DigestFinal(&ctx, retval, dgst_raw_length); | 388 | EVP_DigestFinal(&ctx, retval, dgst_raw_length); |
390 | memset(blob, 0, len); | 389 | memset(blob, 0, len); |
391 | xfree(blob); | 390 | free(blob); |
392 | } else { | 391 | } else { |
393 | fatal("key_fingerprint_raw: blob is null"); | 392 | fatal("key_fingerprint_raw: blob is null"); |
394 | } | 393 | } |
@@ -570,7 +569,7 @@ key_fingerprint_randomart(u_char *dgst_raw, u_int dgst_raw_len, const Key *k) | |||
570 | } | 569 | } |
571 | 570 | ||
572 | char * | 571 | char * |
573 | key_fingerprint(Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep) | 572 | key_fingerprint(const Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep) |
574 | { | 573 | { |
575 | char *retval = NULL; | 574 | char *retval = NULL; |
576 | u_char *dgst_raw; | 575 | u_char *dgst_raw; |
@@ -595,7 +594,7 @@ key_fingerprint(Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep) | |||
595 | break; | 594 | break; |
596 | } | 595 | } |
597 | memset(dgst_raw, 0, dgst_raw_len); | 596 | memset(dgst_raw, 0, dgst_raw_len); |
598 | xfree(dgst_raw); | 597 | free(dgst_raw); |
599 | return retval; | 598 | return retval; |
600 | } | 599 | } |
601 | 600 | ||
@@ -740,11 +739,11 @@ key_read(Key *ret, char **cpp) | |||
740 | n = uudecode(cp, blob, len); | 739 | n = uudecode(cp, blob, len); |
741 | if (n < 0) { | 740 | if (n < 0) { |
742 | error("key_read: uudecode %s failed", cp); | 741 | error("key_read: uudecode %s failed", cp); |
743 | xfree(blob); | 742 | free(blob); |
744 | return -1; | 743 | return -1; |
745 | } | 744 | } |
746 | k = key_from_blob(blob, (u_int)n); | 745 | k = key_from_blob(blob, (u_int)n); |
747 | xfree(blob); | 746 | free(blob); |
748 | if (k == NULL) { | 747 | if (k == NULL) { |
749 | error("key_read: key_from_blob %s failed", cp); | 748 | error("key_read: key_from_blob %s failed", cp); |
750 | return -1; | 749 | return -1; |
@@ -885,43 +884,13 @@ key_write(const Key *key, FILE *f) | |||
885 | fprintf(f, "%s %s", key_ssh_name(key), uu); | 884 | fprintf(f, "%s %s", key_ssh_name(key), uu); |
886 | success = 1; | 885 | success = 1; |
887 | } | 886 | } |
888 | xfree(blob); | 887 | free(blob); |
889 | xfree(uu); | 888 | free(uu); |
890 | 889 | ||
891 | return success; | 890 | return success; |
892 | } | 891 | } |
893 | 892 | ||
894 | const char * | 893 | const char * |
895 | key_type(const Key *k) | ||
896 | { | ||
897 | switch (k->type) { | ||
898 | case KEY_RSA1: | ||
899 | return "RSA1"; | ||
900 | case KEY_RSA: | ||
901 | return "RSA"; | ||
902 | case KEY_DSA: | ||
903 | return "DSA"; | ||
904 | #ifdef OPENSSL_HAS_ECC | ||
905 | case KEY_ECDSA: | ||
906 | return "ECDSA"; | ||
907 | #endif | ||
908 | case KEY_RSA_CERT_V00: | ||
909 | return "RSA-CERT-V00"; | ||
910 | case KEY_DSA_CERT_V00: | ||
911 | return "DSA-CERT-V00"; | ||
912 | case KEY_RSA_CERT: | ||
913 | return "RSA-CERT"; | ||
914 | case KEY_DSA_CERT: | ||
915 | return "DSA-CERT"; | ||
916 | #ifdef OPENSSL_HAS_ECC | ||
917 | case KEY_ECDSA_CERT: | ||
918 | return "ECDSA-CERT"; | ||
919 | #endif | ||
920 | } | ||
921 | return "unknown"; | ||
922 | } | ||
923 | |||
924 | const char * | ||
925 | key_cert_type(const Key *k) | 894 | key_cert_type(const Key *k) |
926 | { | 895 | { |
927 | switch (k->cert->type) { | 896 | switch (k->cert->type) { |
@@ -934,50 +903,60 @@ key_cert_type(const Key *k) | |||
934 | } | 903 | } |
935 | } | 904 | } |
936 | 905 | ||
906 | struct keytype { | ||
907 | char *name; | ||
908 | char *shortname; | ||
909 | int type; | ||
910 | int nid; | ||
911 | int cert; | ||
912 | }; | ||
913 | static const struct keytype keytypes[] = { | ||
914 | { NULL, "RSA1", KEY_RSA1, 0, 0 }, | ||
915 | { "ssh-rsa", "RSA", KEY_RSA, 0, 0 }, | ||
916 | { "ssh-dss", "DSA", KEY_DSA, 0, 0 }, | ||
917 | #ifdef OPENSSL_HAS_ECC | ||
918 | { "ecdsa-sha2-nistp256", "ECDSA", KEY_ECDSA, NID_X9_62_prime256v1, 0 }, | ||
919 | { "ecdsa-sha2-nistp384", "ECDSA", KEY_ECDSA, NID_secp384r1, 0 }, | ||
920 | { "ecdsa-sha2-nistp521", "ECDSA", KEY_ECDSA, NID_secp521r1, 0 }, | ||
921 | #endif /* OPENSSL_HAS_ECC */ | ||
922 | { "ssh-rsa-cert-v01@openssh.com", "RSA-CERT", KEY_RSA_CERT, 0, 1 }, | ||
923 | { "ssh-dss-cert-v01@openssh.com", "DSA-CERT", KEY_DSA_CERT, 0, 1 }, | ||
924 | #ifdef OPENSSL_HAS_ECC | ||
925 | { "ecdsa-sha2-nistp256-cert-v01@openssh.com", "ECDSA-CERT", | ||
926 | KEY_ECDSA_CERT, NID_X9_62_prime256v1, 1 }, | ||
927 | { "ecdsa-sha2-nistp384-cert-v01@openssh.com", "ECDSA-CERT", | ||
928 | KEY_ECDSA_CERT, NID_secp384r1, 1 }, | ||
929 | { "ecdsa-sha2-nistp521-cert-v01@openssh.com", "ECDSA-CERT", | ||
930 | KEY_ECDSA_CERT, NID_secp521r1, 1 }, | ||
931 | #endif /* OPENSSL_HAS_ECC */ | ||
932 | { "ssh-rsa-cert-v00@openssh.com", "RSA-CERT-V00", | ||
933 | KEY_RSA_CERT_V00, 0, 1 }, | ||
934 | { "ssh-dss-cert-v00@openssh.com", "DSA-CERT-V00", | ||
935 | KEY_DSA_CERT_V00, 0, 1 }, | ||
936 | { "null", "null", KEY_NULL, 0, 0 }, | ||
937 | { NULL, NULL, -1, -1, 0 } | ||
938 | }; | ||
939 | |||
940 | const char * | ||
941 | key_type(const Key *k) | ||
942 | { | ||
943 | const struct keytype *kt; | ||
944 | |||
945 | for (kt = keytypes; kt->type != -1; kt++) { | ||
946 | if (kt->type == k->type) | ||
947 | return kt->shortname; | ||
948 | } | ||
949 | return "unknown"; | ||
950 | } | ||
951 | |||
937 | static const char * | 952 | static const char * |
938 | key_ssh_name_from_type_nid(int type, int nid) | 953 | key_ssh_name_from_type_nid(int type, int nid) |
939 | { | 954 | { |
940 | switch (type) { | 955 | const struct keytype *kt; |
941 | case KEY_RSA: | 956 | |
942 | return "ssh-rsa"; | 957 | for (kt = keytypes; kt->type != -1; kt++) { |
943 | case KEY_DSA: | 958 | if (kt->type == type && (kt->nid == 0 || kt->nid == nid)) |
944 | return "ssh-dss"; | 959 | return kt->name; |
945 | case KEY_RSA_CERT_V00: | ||
946 | return "ssh-rsa-cert-v00@openssh.com"; | ||
947 | case KEY_DSA_CERT_V00: | ||
948 | return "ssh-dss-cert-v00@openssh.com"; | ||
949 | case KEY_RSA_CERT: | ||
950 | return "ssh-rsa-cert-v01@openssh.com"; | ||
951 | case KEY_DSA_CERT: | ||
952 | return "ssh-dss-cert-v01@openssh.com"; | ||
953 | #ifdef OPENSSL_HAS_ECC | ||
954 | case KEY_ECDSA: | ||
955 | switch (nid) { | ||
956 | case NID_X9_62_prime256v1: | ||
957 | return "ecdsa-sha2-nistp256"; | ||
958 | case NID_secp384r1: | ||
959 | return "ecdsa-sha2-nistp384"; | ||
960 | case NID_secp521r1: | ||
961 | return "ecdsa-sha2-nistp521"; | ||
962 | default: | ||
963 | break; | ||
964 | } | ||
965 | break; | ||
966 | case KEY_ECDSA_CERT: | ||
967 | switch (nid) { | ||
968 | case NID_X9_62_prime256v1: | ||
969 | return "ecdsa-sha2-nistp256-cert-v01@openssh.com"; | ||
970 | case NID_secp384r1: | ||
971 | return "ecdsa-sha2-nistp384-cert-v01@openssh.com"; | ||
972 | case NID_secp521r1: | ||
973 | return "ecdsa-sha2-nistp521-cert-v01@openssh.com"; | ||
974 | default: | ||
975 | break; | ||
976 | } | ||
977 | break; | ||
978 | #endif /* OPENSSL_HAS_ECC */ | ||
979 | case KEY_NULL: | ||
980 | return "null"; | ||
981 | } | 960 | } |
982 | return "ssh-unknown"; | 961 | return "ssh-unknown"; |
983 | } | 962 | } |
@@ -995,6 +974,56 @@ key_ssh_name_plain(const Key *k) | |||
995 | k->ecdsa_nid); | 974 | k->ecdsa_nid); |
996 | } | 975 | } |
997 | 976 | ||
977 | int | ||
978 | key_type_from_name(char *name) | ||
979 | { | ||
980 | const struct keytype *kt; | ||
981 | |||
982 | for (kt = keytypes; kt->type != -1; kt++) { | ||
983 | /* Only allow shortname matches for plain key types */ | ||
984 | if ((kt->name != NULL && strcmp(name, kt->name) == 0) || | ||
985 | (!kt->cert && strcasecmp(kt->shortname, name) == 0)) | ||
986 | return kt->type; | ||
987 | } | ||
988 | debug2("key_type_from_name: unknown key type '%s'", name); | ||
989 | return KEY_UNSPEC; | ||
990 | } | ||
991 | |||
992 | int | ||
993 | key_ecdsa_nid_from_name(const char *name) | ||
994 | { | ||
995 | const struct keytype *kt; | ||
996 | |||
997 | for (kt = keytypes; kt->type != -1; kt++) { | ||
998 | if (kt->type != KEY_ECDSA && kt->type != KEY_ECDSA_CERT) | ||
999 | continue; | ||
1000 | if (kt->name != NULL && strcmp(name, kt->name) == 0) | ||
1001 | return kt->nid; | ||
1002 | } | ||
1003 | debug2("%s: unknown/non-ECDSA key type '%s'", __func__, name); | ||
1004 | return -1; | ||
1005 | } | ||
1006 | |||
1007 | char * | ||
1008 | key_alg_list(void) | ||
1009 | { | ||
1010 | char *ret = NULL; | ||
1011 | size_t nlen, rlen = 0; | ||
1012 | const struct keytype *kt; | ||
1013 | |||
1014 | for (kt = keytypes; kt->type != -1; kt++) { | ||
1015 | if (kt->name == NULL) | ||
1016 | continue; | ||
1017 | if (ret != NULL) | ||
1018 | ret[rlen++] = '\n'; | ||
1019 | nlen = strlen(kt->name); | ||
1020 | ret = xrealloc(ret, 1, rlen + nlen + 2); | ||
1021 | memcpy(ret + rlen, kt->name, nlen + 1); | ||
1022 | rlen += nlen; | ||
1023 | } | ||
1024 | return ret; | ||
1025 | } | ||
1026 | |||
998 | u_int | 1027 | u_int |
999 | key_size(const Key *k) | 1028 | key_size(const Key *k) |
1000 | { | 1029 | { |
@@ -1250,67 +1279,6 @@ key_from_private(const Key *k) | |||
1250 | } | 1279 | } |
1251 | 1280 | ||
1252 | int | 1281 | int |
1253 | key_type_from_name(char *name) | ||
1254 | { | ||
1255 | if (strcmp(name, "rsa1") == 0) { | ||
1256 | return KEY_RSA1; | ||
1257 | } else if (strcmp(name, "rsa") == 0) { | ||
1258 | return KEY_RSA; | ||
1259 | } else if (strcmp(name, "dsa") == 0) { | ||
1260 | return KEY_DSA; | ||
1261 | } else if (strcmp(name, "ssh-rsa") == 0) { | ||
1262 | return KEY_RSA; | ||
1263 | } else if (strcmp(name, "ssh-dss") == 0) { | ||
1264 | return KEY_DSA; | ||
1265 | #ifdef OPENSSL_HAS_ECC | ||
1266 | } else if (strcmp(name, "ecdsa") == 0 || | ||
1267 | strcmp(name, "ecdsa-sha2-nistp256") == 0 || | ||
1268 | strcmp(name, "ecdsa-sha2-nistp384") == 0 || | ||
1269 | strcmp(name, "ecdsa-sha2-nistp521") == 0) { | ||
1270 | return KEY_ECDSA; | ||
1271 | #endif | ||
1272 | } else if (strcmp(name, "ssh-rsa-cert-v00@openssh.com") == 0) { | ||
1273 | return KEY_RSA_CERT_V00; | ||
1274 | } else if (strcmp(name, "ssh-dss-cert-v00@openssh.com") == 0) { | ||
1275 | return KEY_DSA_CERT_V00; | ||
1276 | } else if (strcmp(name, "ssh-rsa-cert-v01@openssh.com") == 0) { | ||
1277 | return KEY_RSA_CERT; | ||
1278 | } else if (strcmp(name, "ssh-dss-cert-v01@openssh.com") == 0) { | ||
1279 | return KEY_DSA_CERT; | ||
1280 | #ifdef OPENSSL_HAS_ECC | ||
1281 | } else if (strcmp(name, "ecdsa-sha2-nistp256-cert-v01@openssh.com") == 0 || | ||
1282 | strcmp(name, "ecdsa-sha2-nistp384-cert-v01@openssh.com") == 0 || | ||
1283 | strcmp(name, "ecdsa-sha2-nistp521-cert-v01@openssh.com") == 0) { | ||
1284 | return KEY_ECDSA_CERT; | ||
1285 | #endif | ||
1286 | } else if (strcmp(name, "null") == 0) { | ||
1287 | return KEY_NULL; | ||
1288 | } | ||
1289 | |||
1290 | debug2("key_type_from_name: unknown key type '%s'", name); | ||
1291 | return KEY_UNSPEC; | ||
1292 | } | ||
1293 | |||
1294 | int | ||
1295 | key_ecdsa_nid_from_name(const char *name) | ||
1296 | { | ||
1297 | #ifdef OPENSSL_HAS_ECC | ||
1298 | if (strcmp(name, "ecdsa-sha2-nistp256") == 0 || | ||
1299 | strcmp(name, "ecdsa-sha2-nistp256-cert-v01@openssh.com") == 0) | ||
1300 | return NID_X9_62_prime256v1; | ||
1301 | if (strcmp(name, "ecdsa-sha2-nistp384") == 0 || | ||
1302 | strcmp(name, "ecdsa-sha2-nistp384-cert-v01@openssh.com") == 0) | ||
1303 | return NID_secp384r1; | ||
1304 | if (strcmp(name, "ecdsa-sha2-nistp521") == 0 || | ||
1305 | strcmp(name, "ecdsa-sha2-nistp521-cert-v01@openssh.com") == 0) | ||
1306 | return NID_secp521r1; | ||
1307 | #endif /* OPENSSL_HAS_ECC */ | ||
1308 | |||
1309 | debug2("%s: unknown/non-ECDSA key type '%s'", __func__, name); | ||
1310 | return -1; | ||
1311 | } | ||
1312 | |||
1313 | int | ||
1314 | key_names_valid2(const char *names) | 1282 | key_names_valid2(const char *names) |
1315 | { | 1283 | { |
1316 | char *s, *cp, *p; | 1284 | char *s, *cp, *p; |
@@ -1323,12 +1291,12 @@ key_names_valid2(const char *names) | |||
1323 | switch (key_type_from_name(p)) { | 1291 | switch (key_type_from_name(p)) { |
1324 | case KEY_RSA1: | 1292 | case KEY_RSA1: |
1325 | case KEY_UNSPEC: | 1293 | case KEY_UNSPEC: |
1326 | xfree(s); | 1294 | free(s); |
1327 | return 0; | 1295 | return 0; |
1328 | } | 1296 | } |
1329 | } | 1297 | } |
1330 | debug3("key names ok: [%s]", names); | 1298 | debug3("key names ok: [%s]", names); |
1331 | xfree(s); | 1299 | free(s); |
1332 | return 1; | 1300 | return 1; |
1333 | } | 1301 | } |
1334 | 1302 | ||
@@ -1450,16 +1418,11 @@ cert_parse(Buffer *b, Key *key, const u_char *blob, u_int blen) | |||
1450 | 1418 | ||
1451 | out: | 1419 | out: |
1452 | buffer_free(&tmp); | 1420 | buffer_free(&tmp); |
1453 | if (principals != NULL) | 1421 | free(principals); |
1454 | xfree(principals); | 1422 | free(critical); |
1455 | if (critical != NULL) | 1423 | free(exts); |
1456 | xfree(critical); | 1424 | free(sig_key); |
1457 | if (exts != NULL) | 1425 | free(sig); |
1458 | xfree(exts); | ||
1459 | if (sig_key != NULL) | ||
1460 | xfree(sig_key); | ||
1461 | if (sig != NULL) | ||
1462 | xfree(sig); | ||
1463 | return ret; | 1426 | return ret; |
1464 | } | 1427 | } |
1465 | 1428 | ||
@@ -1579,10 +1542,8 @@ key_from_blob(const u_char *blob, u_int blen) | |||
1579 | if (key != NULL && rlen != 0) | 1542 | if (key != NULL && rlen != 0) |
1580 | error("key_from_blob: remaining bytes in key blob %d", rlen); | 1543 | error("key_from_blob: remaining bytes in key blob %d", rlen); |
1581 | out: | 1544 | out: |
1582 | if (ktype != NULL) | 1545 | free(ktype); |
1583 | xfree(ktype); | 1546 | free(curve); |
1584 | if (curve != NULL) | ||
1585 | xfree(curve); | ||
1586 | #ifdef OPENSSL_HAS_ECC | 1547 | #ifdef OPENSSL_HAS_ECC |
1587 | if (q != NULL) | 1548 | if (q != NULL) |
1588 | EC_POINT_free(q); | 1549 | EC_POINT_free(q); |
@@ -1932,7 +1893,7 @@ key_certify(Key *k, Key *ca) | |||
1932 | default: | 1893 | default: |
1933 | error("%s: key has incorrect type %s", __func__, key_type(k)); | 1894 | error("%s: key has incorrect type %s", __func__, key_type(k)); |
1934 | buffer_clear(&k->cert->certblob); | 1895 | buffer_clear(&k->cert->certblob); |
1935 | xfree(ca_blob); | 1896 | free(ca_blob); |
1936 | return -1; | 1897 | return -1; |
1937 | } | 1898 | } |
1938 | 1899 | ||
@@ -1968,7 +1929,7 @@ key_certify(Key *k, Key *ca) | |||
1968 | 1929 | ||
1969 | buffer_put_string(&k->cert->certblob, NULL, 0); /* reserved */ | 1930 | buffer_put_string(&k->cert->certblob, NULL, 0); /* reserved */ |
1970 | buffer_put_string(&k->cert->certblob, ca_blob, ca_len); | 1931 | buffer_put_string(&k->cert->certblob, ca_blob, ca_len); |
1971 | xfree(ca_blob); | 1932 | free(ca_blob); |
1972 | 1933 | ||
1973 | /* Sign the whole mess */ | 1934 | /* Sign the whole mess */ |
1974 | if (key_sign(ca, &sig_blob, &sig_len, buffer_ptr(&k->cert->certblob), | 1935 | if (key_sign(ca, &sig_blob, &sig_len, buffer_ptr(&k->cert->certblob), |
@@ -1979,7 +1940,7 @@ key_certify(Key *k, Key *ca) | |||
1979 | } | 1940 | } |
1980 | /* Append signature and we are done */ | 1941 | /* Append signature and we are done */ |
1981 | buffer_put_string(&k->cert->certblob, sig_blob, sig_len); | 1942 | buffer_put_string(&k->cert->certblob, sig_blob, sig_len); |
1982 | xfree(sig_blob); | 1943 | free(sig_blob); |
1983 | 1944 | ||
1984 | return 0; | 1945 | return 0; |
1985 | } | 1946 | } |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: key.h,v 1.35 2013/01/17 23:00:01 djm Exp $ */ | 1 | /* $OpenBSD: key.h,v 1.37 2013/05/19 02:42:42 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. |
@@ -96,7 +96,7 @@ void key_free(Key *); | |||
96 | Key *key_demote(const Key *); | 96 | Key *key_demote(const Key *); |
97 | int key_equal_public(const Key *, const Key *); | 97 | int key_equal_public(const Key *, const Key *); |
98 | int key_equal(const Key *, const Key *); | 98 | int key_equal(const Key *, const Key *); |
99 | char *key_fingerprint(Key *, enum fp_type, enum fp_rep); | 99 | char *key_fingerprint(const Key *, enum fp_type, enum fp_rep); |
100 | u_char *key_fingerprint_raw(const Key *, enum fp_type, u_int *); | 100 | u_char *key_fingerprint_raw(const Key *, enum fp_type, u_int *); |
101 | const char *key_type(const Key *); | 101 | const char *key_type(const Key *); |
102 | const char *key_cert_type(const Key *); | 102 | const char *key_cert_type(const Key *); |
@@ -119,15 +119,16 @@ int key_cert_is_legacy(const Key *); | |||
119 | 119 | ||
120 | int key_ecdsa_nid_from_name(const char *); | 120 | int key_ecdsa_nid_from_name(const char *); |
121 | int key_curve_name_to_nid(const char *); | 121 | int key_curve_name_to_nid(const char *); |
122 | const char * key_curve_nid_to_name(int); | 122 | const char *key_curve_nid_to_name(int); |
123 | u_int key_curve_nid_to_bits(int); | 123 | u_int key_curve_nid_to_bits(int); |
124 | int key_ecdsa_bits_to_nid(int); | 124 | int key_ecdsa_bits_to_nid(int); |
125 | #ifdef OPENSSL_HAS_ECC | 125 | #ifdef OPENSSL_HAS_ECC |
126 | int key_ecdsa_key_to_nid(EC_KEY *); | 126 | int key_ecdsa_key_to_nid(EC_KEY *); |
127 | const EVP_MD * key_ec_nid_to_evpmd(int nid); | 127 | const EVP_MD *key_ec_nid_to_evpmd(int nid); |
128 | int key_ec_validate_public(const EC_GROUP *, const EC_POINT *); | 128 | int key_ec_validate_public(const EC_GROUP *, const EC_POINT *); |
129 | int key_ec_validate_private(const EC_KEY *); | 129 | int key_ec_validate_private(const EC_KEY *); |
130 | #endif | 130 | #endif |
131 | char *key_alg_list(void); | ||
131 | 132 | ||
132 | Key *key_from_blob(const u_char *, u_int); | 133 | Key *key_from_blob(const u_char *, u_int); |
133 | int key_to_blob(const Key *, u_char **, u_int *); | 134 | int key_to_blob(const Key *, u_char **, u_int *); |
@@ -14,7 +14,7 @@ | |||
14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | 14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
15 | */ | 15 | */ |
16 | 16 | ||
17 | /* $OpenBSD: krl.c,v 1.10 2013/02/19 02:12:47 dtucker Exp $ */ | 17 | /* $OpenBSD: krl.c,v 1.13 2013/07/20 22:20:42 djm Exp $ */ |
18 | 18 | ||
19 | #include "includes.h" | 19 | #include "includes.h" |
20 | 20 | ||
@@ -502,8 +502,11 @@ choose_next_state(int current_state, u_int64_t contig, int final, | |||
502 | } | 502 | } |
503 | debug3("%s: contig %llu last_gap %llu next_gap %llu final %d, costs:" | 503 | debug3("%s: contig %llu last_gap %llu next_gap %llu final %d, costs:" |
504 | "list %llu range %llu bitmap %llu new bitmap %llu, " | 504 | "list %llu range %llu bitmap %llu new bitmap %llu, " |
505 | "selected 0x%02x%s", __func__, contig, last_gap, next_gap, final, | 505 | "selected 0x%02x%s", __func__, (long long unsigned)contig, |
506 | cost_list, cost_range, cost_bitmap, cost_bitmap_restart, new_state, | 506 | (long long unsigned)last_gap, (long long unsigned)next_gap, final, |
507 | (long long unsigned)cost_list, (long long unsigned)cost_range, | ||
508 | (long long unsigned)cost_bitmap, | ||
509 | (long long unsigned)cost_bitmap_restart, new_state, | ||
507 | *force_new_section ? " restart" : ""); | 510 | *force_new_section ? " restart" : ""); |
508 | return new_state; | 511 | return new_state; |
509 | } | 512 | } |
@@ -539,7 +542,8 @@ revoked_certs_generate(struct revoked_certs *rc, Buffer *buf) | |||
539 | rs != NULL; | 542 | rs != NULL; |
540 | rs = RB_NEXT(revoked_serial_tree, &rc->revoked_serials, rs)) { | 543 | rs = RB_NEXT(revoked_serial_tree, &rc->revoked_serials, rs)) { |
541 | debug3("%s: serial %llu:%llu state 0x%02x", __func__, | 544 | debug3("%s: serial %llu:%llu state 0x%02x", __func__, |
542 | rs->lo, rs->hi, state); | 545 | (long long unsigned)rs->lo, (long long unsigned)rs->hi, |
546 | state); | ||
543 | 547 | ||
544 | /* Check contiguous length and gap to next section (if any) */ | 548 | /* Check contiguous length and gap to next section (if any) */ |
545 | nrs = RB_NEXT(revoked_serial_tree, &rc->revoked_serials, rs); | 549 | nrs = RB_NEXT(revoked_serial_tree, &rc->revoked_serials, rs); |
@@ -883,9 +887,10 @@ ssh_krl_from_blob(Buffer *buf, struct ssh_krl **krlp, | |||
883 | char timestamp[64]; | 887 | char timestamp[64]; |
884 | int ret = -1, r, sig_seen; | 888 | int ret = -1, r, sig_seen; |
885 | Key *key = NULL, **ca_used = NULL; | 889 | Key *key = NULL, **ca_used = NULL; |
886 | u_char type, *blob; | 890 | u_char type, *blob, *rdata = NULL; |
887 | u_int i, j, sig_off, sects_off, blen, format_version, nca_used = 0; | 891 | u_int i, j, sig_off, sects_off, rlen, blen, format_version, nca_used; |
888 | 892 | ||
893 | nca_used = 0; | ||
889 | *krlp = NULL; | 894 | *krlp = NULL; |
890 | if (buffer_len(buf) < sizeof(KRL_MAGIC) - 1 || | 895 | if (buffer_len(buf) < sizeof(KRL_MAGIC) - 1 || |
891 | memcmp(buffer_ptr(buf), KRL_MAGIC, sizeof(KRL_MAGIC) - 1) != 0) { | 896 | memcmp(buffer_ptr(buf), KRL_MAGIC, sizeof(KRL_MAGIC) - 1) != 0) { |
@@ -928,8 +933,9 @@ ssh_krl_from_blob(Buffer *buf, struct ssh_krl **krlp, | |||
928 | } | 933 | } |
929 | 934 | ||
930 | format_timestamp(krl->generated_date, timestamp, sizeof(timestamp)); | 935 | format_timestamp(krl->generated_date, timestamp, sizeof(timestamp)); |
931 | debug("KRL version %llu generated at %s%s%s", krl->krl_version, | 936 | debug("KRL version %llu generated at %s%s%s", |
932 | timestamp, *krl->comment ? ": " : "", krl->comment); | 937 | (long long unsigned)krl->krl_version, timestamp, |
938 | *krl->comment ? ": " : "", krl->comment); | ||
933 | 939 | ||
934 | /* | 940 | /* |
935 | * 1st pass: verify signatures, if any. This is done to avoid | 941 | * 1st pass: verify signatures, if any. This is done to avoid |
@@ -967,7 +973,7 @@ ssh_krl_from_blob(Buffer *buf, struct ssh_krl **krlp, | |||
967 | } | 973 | } |
968 | /* Check signature over entire KRL up to this point */ | 974 | /* Check signature over entire KRL up to this point */ |
969 | if (key_verify(key, blob, blen, | 975 | if (key_verify(key, blob, blen, |
970 | buffer_ptr(buf), buffer_len(buf) - sig_off) == -1) { | 976 | buffer_ptr(buf), buffer_len(buf) - sig_off) != 1) { |
971 | error("bad signaure on KRL"); | 977 | error("bad signaure on KRL"); |
972 | goto out; | 978 | goto out; |
973 | } | 979 | } |
@@ -1010,21 +1016,22 @@ ssh_krl_from_blob(Buffer *buf, struct ssh_krl **krlp, | |||
1010 | case KRL_SECTION_EXPLICIT_KEY: | 1016 | case KRL_SECTION_EXPLICIT_KEY: |
1011 | case KRL_SECTION_FINGERPRINT_SHA1: | 1017 | case KRL_SECTION_FINGERPRINT_SHA1: |
1012 | while (buffer_len(§) > 0) { | 1018 | while (buffer_len(§) > 0) { |
1013 | if ((blob = buffer_get_string_ret(§, | 1019 | if ((rdata = buffer_get_string_ret(§, |
1014 | &blen)) == NULL) { | 1020 | &rlen)) == NULL) { |
1015 | error("%s: buffer error", __func__); | 1021 | error("%s: buffer error", __func__); |
1016 | goto out; | 1022 | goto out; |
1017 | } | 1023 | } |
1018 | if (type == KRL_SECTION_FINGERPRINT_SHA1 && | 1024 | if (type == KRL_SECTION_FINGERPRINT_SHA1 && |
1019 | blen != 20) { | 1025 | rlen != 20) { |
1020 | error("%s: bad SHA1 length", __func__); | 1026 | error("%s: bad SHA1 length", __func__); |
1021 | goto out; | 1027 | goto out; |
1022 | } | 1028 | } |
1023 | if (revoke_blob( | 1029 | if (revoke_blob( |
1024 | type == KRL_SECTION_EXPLICIT_KEY ? | 1030 | type == KRL_SECTION_EXPLICIT_KEY ? |
1025 | &krl->revoked_keys : &krl->revoked_sha1s, | 1031 | &krl->revoked_keys : &krl->revoked_sha1s, |
1026 | blob, blen) != 0) | 1032 | rdata, rlen) != 0) |
1027 | goto out; /* revoke_blob frees blob */ | 1033 | goto out; |
1034 | rdata = NULL; /* revoke_blob frees blob */ | ||
1028 | } | 1035 | } |
1029 | break; | 1036 | break; |
1030 | case KRL_SECTION_SIGNATURE: | 1037 | case KRL_SECTION_SIGNATURE: |
@@ -1090,6 +1097,7 @@ ssh_krl_from_blob(Buffer *buf, struct ssh_krl **krlp, | |||
1090 | key_free(ca_used[i]); | 1097 | key_free(ca_used[i]); |
1091 | } | 1098 | } |
1092 | free(ca_used); | 1099 | free(ca_used); |
1100 | free(rdata); | ||
1093 | if (key != NULL) | 1101 | if (key != NULL) |
1094 | key_free(key); | 1102 | key_free(key); |
1095 | buffer_free(©); | 1103 | buffer_free(©); |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: log.c,v 1.43 2012/09/06 04:37:39 dtucker Exp $ */ | 1 | /* $OpenBSD: log.c,v 1.45 2013/05/16 09:08:41 dtucker Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -38,6 +38,7 @@ | |||
38 | 38 | ||
39 | #include <sys/types.h> | 39 | #include <sys/types.h> |
40 | 40 | ||
41 | #include <fcntl.h> | ||
41 | #include <stdarg.h> | 42 | #include <stdarg.h> |
42 | #include <stdio.h> | 43 | #include <stdio.h> |
43 | #include <stdlib.h> | 44 | #include <stdlib.h> |
@@ -54,6 +55,7 @@ | |||
54 | 55 | ||
55 | static LogLevel log_level = SYSLOG_LEVEL_INFO; | 56 | static LogLevel log_level = SYSLOG_LEVEL_INFO; |
56 | static int log_on_stderr = 1; | 57 | static int log_on_stderr = 1; |
58 | static int log_stderr_fd = STDERR_FILENO; | ||
57 | static int log_facility = LOG_AUTH; | 59 | static int log_facility = LOG_AUTH; |
58 | static char *argv0; | 60 | static char *argv0; |
59 | static log_handler_fn *log_handler; | 61 | static log_handler_fn *log_handler; |
@@ -344,6 +346,20 @@ log_is_on_stderr(void) | |||
344 | return log_on_stderr; | 346 | return log_on_stderr; |
345 | } | 347 | } |
346 | 348 | ||
349 | /* redirect what would usually get written to stderr to specified file */ | ||
350 | void | ||
351 | log_redirect_stderr_to(const char *logfile) | ||
352 | { | ||
353 | int fd; | ||
354 | |||
355 | if ((fd = open(logfile, O_WRONLY|O_CREAT|O_APPEND, 0600)) == -1) { | ||
356 | fprintf(stderr, "Couldn't open logfile %s: %s\n", logfile, | ||
357 | strerror(errno)); | ||
358 | exit(1); | ||
359 | } | ||
360 | log_stderr_fd = fd; | ||
361 | } | ||
362 | |||
347 | #define MSGBUFSIZ 1024 | 363 | #define MSGBUFSIZ 1024 |
348 | 364 | ||
349 | void | 365 | void |
@@ -429,7 +445,7 @@ do_log(LogLevel level, const char *fmt, va_list args) | |||
429 | log_handler = tmp_handler; | 445 | log_handler = tmp_handler; |
430 | } else if (log_on_stderr) { | 446 | } else if (log_on_stderr) { |
431 | snprintf(msgbuf, sizeof msgbuf, "%s\r\n", fmtbuf); | 447 | snprintf(msgbuf, sizeof msgbuf, "%s\r\n", fmtbuf); |
432 | write(STDERR_FILENO, msgbuf, strlen(msgbuf)); | 448 | (void)write(log_stderr_fd, msgbuf, strlen(msgbuf)); |
433 | } else { | 449 | } else { |
434 | #if defined(HAVE_OPENLOG_R) && defined(SYSLOG_DATA_INIT) | 450 | #if defined(HAVE_OPENLOG_R) && defined(SYSLOG_DATA_INIT) |
435 | openlog_r(argv0 ? argv0 : __progname, LOG_PID, log_facility, &sdata); | 451 | openlog_r(argv0 ? argv0 : __progname, LOG_PID, log_facility, &sdata); |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: log.h,v 1.19 2012/09/06 04:37:39 dtucker Exp $ */ | 1 | /* $OpenBSD: log.h,v 1.20 2013/04/07 02:10:33 dtucker Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
@@ -51,6 +51,7 @@ typedef void (log_handler_fn)(LogLevel, const char *, void *); | |||
51 | void log_init(char *, LogLevel, SyslogFacility, int); | 51 | void log_init(char *, LogLevel, SyslogFacility, int); |
52 | void log_change_level(LogLevel); | 52 | void log_change_level(LogLevel); |
53 | int log_is_on_stderr(void); | 53 | int log_is_on_stderr(void); |
54 | void log_redirect_stderr_to(const char *); | ||
54 | 55 | ||
55 | SyslogFacility log_facility_number(char *); | 56 | SyslogFacility log_facility_number(char *); |
56 | const char * log_facility_name(SyslogFacility); | 57 | const char * log_facility_name(SyslogFacility); |
diff --git a/loginrec.c b/loginrec.c index f9662fa5c..59e8a44ee 100644 --- a/loginrec.c +++ b/loginrec.c | |||
@@ -347,7 +347,7 @@ logininfo *login_alloc_entry(pid_t pid, const char *username, | |||
347 | void | 347 | void |
348 | login_free_entry(struct logininfo *li) | 348 | login_free_entry(struct logininfo *li) |
349 | { | 349 | { |
350 | xfree(li); | 350 | free(li); |
351 | } | 351 | } |
352 | 352 | ||
353 | 353 | ||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: mac.c,v 1.21 2012/12/11 22:51:45 sthen Exp $ */ | 1 | /* $OpenBSD: mac.c,v 1.24 2013/06/03 00:03:18 dtucker Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -50,7 +50,7 @@ | |||
50 | #define SSH_UMAC 2 /* UMAC (not integrated with OpenSSL) */ | 50 | #define SSH_UMAC 2 /* UMAC (not integrated with OpenSSL) */ |
51 | #define SSH_UMAC128 3 | 51 | #define SSH_UMAC128 3 |
52 | 52 | ||
53 | struct { | 53 | struct macalg { |
54 | char *name; | 54 | char *name; |
55 | int type; | 55 | int type; |
56 | const EVP_MD * (*mdfunc)(void); | 56 | const EVP_MD * (*mdfunc)(void); |
@@ -58,7 +58,9 @@ struct { | |||
58 | int key_len; /* just for UMAC */ | 58 | int key_len; /* just for UMAC */ |
59 | int len; /* just for UMAC */ | 59 | int len; /* just for UMAC */ |
60 | int etm; /* Encrypt-then-MAC */ | 60 | int etm; /* Encrypt-then-MAC */ |
61 | } macs[] = { | 61 | }; |
62 | |||
63 | static const struct macalg macs[] = { | ||
62 | /* Encrypt-and-MAC (encrypt-and-authenticate) variants */ | 64 | /* Encrypt-and-MAC (encrypt-and-authenticate) variants */ |
63 | { "hmac-sha1", SSH_EVP, EVP_sha1, 0, 0, 0, 0 }, | 65 | { "hmac-sha1", SSH_EVP, EVP_sha1, 0, 0, 0, 0 }, |
64 | { "hmac-sha1-96", SSH_EVP, EVP_sha1, 96, 0, 0, 0 }, | 66 | { "hmac-sha1-96", SSH_EVP, EVP_sha1, 96, 0, 0, 0 }, |
@@ -89,38 +91,58 @@ struct { | |||
89 | { NULL, 0, NULL, 0, 0, 0, 0 } | 91 | { NULL, 0, NULL, 0, 0, 0, 0 } |
90 | }; | 92 | }; |
91 | 93 | ||
94 | /* Returns a comma-separated list of supported MACs. */ | ||
95 | char * | ||
96 | mac_alg_list(void) | ||
97 | { | ||
98 | char *ret = NULL; | ||
99 | size_t nlen, rlen = 0; | ||
100 | const struct macalg *m; | ||
101 | |||
102 | for (m = macs; m->name != NULL; m++) { | ||
103 | if (ret != NULL) | ||
104 | ret[rlen++] = '\n'; | ||
105 | nlen = strlen(m->name); | ||
106 | ret = xrealloc(ret, 1, rlen + nlen + 2); | ||
107 | memcpy(ret + rlen, m->name, nlen + 1); | ||
108 | rlen += nlen; | ||
109 | } | ||
110 | return ret; | ||
111 | } | ||
112 | |||
92 | static void | 113 | static void |
93 | mac_setup_by_id(Mac *mac, int which) | 114 | mac_setup_by_alg(Mac *mac, const struct macalg *macalg) |
94 | { | 115 | { |
95 | int evp_len; | 116 | int evp_len; |
96 | mac->type = macs[which].type; | 117 | |
118 | mac->type = macalg->type; | ||
97 | if (mac->type == SSH_EVP) { | 119 | if (mac->type == SSH_EVP) { |
98 | mac->evp_md = (*macs[which].mdfunc)(); | 120 | mac->evp_md = macalg->mdfunc(); |
99 | if ((evp_len = EVP_MD_size(mac->evp_md)) <= 0) | 121 | if ((evp_len = EVP_MD_size(mac->evp_md)) <= 0) |
100 | fatal("mac %s len %d", mac->name, evp_len); | 122 | fatal("mac %s len %d", mac->name, evp_len); |
101 | mac->key_len = mac->mac_len = (u_int)evp_len; | 123 | mac->key_len = mac->mac_len = (u_int)evp_len; |
102 | } else { | 124 | } else { |
103 | mac->mac_len = macs[which].len / 8; | 125 | mac->mac_len = macalg->len / 8; |
104 | mac->key_len = macs[which].key_len / 8; | 126 | mac->key_len = macalg->key_len / 8; |
105 | mac->umac_ctx = NULL; | 127 | mac->umac_ctx = NULL; |
106 | } | 128 | } |
107 | if (macs[which].truncatebits != 0) | 129 | if (macalg->truncatebits != 0) |
108 | mac->mac_len = macs[which].truncatebits / 8; | 130 | mac->mac_len = macalg->truncatebits / 8; |
109 | mac->etm = macs[which].etm; | 131 | mac->etm = macalg->etm; |
110 | } | 132 | } |
111 | 133 | ||
112 | int | 134 | int |
113 | mac_setup(Mac *mac, char *name) | 135 | mac_setup(Mac *mac, char *name) |
114 | { | 136 | { |
115 | int i; | 137 | const struct macalg *m; |
116 | 138 | ||
117 | for (i = 0; macs[i].name; i++) { | 139 | for (m = macs; m->name != NULL; m++) { |
118 | if (strcmp(name, macs[i].name) == 0) { | 140 | if (strcmp(name, m->name) != 0) |
119 | if (mac != NULL) | 141 | continue; |
120 | mac_setup_by_id(mac, i); | 142 | if (mac != NULL) |
121 | debug2("mac_setup: found %s", name); | 143 | mac_setup_by_alg(mac, m); |
122 | return (0); | 144 | debug2("mac_setup: found %s", name); |
123 | } | 145 | return (0); |
124 | } | 146 | } |
125 | debug2("mac_setup: unknown %s", name); | 147 | debug2("mac_setup: unknown %s", name); |
126 | return (-1); | 148 | return (-1); |
@@ -152,12 +174,15 @@ mac_init(Mac *mac) | |||
152 | u_char * | 174 | u_char * |
153 | mac_compute(Mac *mac, u_int32_t seqno, u_char *data, int datalen) | 175 | mac_compute(Mac *mac, u_int32_t seqno, u_char *data, int datalen) |
154 | { | 176 | { |
155 | static u_char m[EVP_MAX_MD_SIZE]; | 177 | static union { |
178 | u_char m[EVP_MAX_MD_SIZE]; | ||
179 | u_int64_t for_align; | ||
180 | } u; | ||
156 | u_char b[4], nonce[8]; | 181 | u_char b[4], nonce[8]; |
157 | 182 | ||
158 | if (mac->mac_len > sizeof(m)) | 183 | if (mac->mac_len > sizeof(u)) |
159 | fatal("mac_compute: mac too long %u %lu", | 184 | fatal("mac_compute: mac too long %u %lu", |
160 | mac->mac_len, (u_long)sizeof(m)); | 185 | mac->mac_len, (u_long)sizeof(u)); |
161 | 186 | ||
162 | switch (mac->type) { | 187 | switch (mac->type) { |
163 | case SSH_EVP: | 188 | case SSH_EVP: |
@@ -166,22 +191,22 @@ mac_compute(Mac *mac, u_int32_t seqno, u_char *data, int datalen) | |||
166 | HMAC_Init(&mac->evp_ctx, NULL, 0, NULL); | 191 | HMAC_Init(&mac->evp_ctx, NULL, 0, NULL); |
167 | HMAC_Update(&mac->evp_ctx, b, sizeof(b)); | 192 | HMAC_Update(&mac->evp_ctx, b, sizeof(b)); |
168 | HMAC_Update(&mac->evp_ctx, data, datalen); | 193 | HMAC_Update(&mac->evp_ctx, data, datalen); |
169 | HMAC_Final(&mac->evp_ctx, m, NULL); | 194 | HMAC_Final(&mac->evp_ctx, u.m, NULL); |
170 | break; | 195 | break; |
171 | case SSH_UMAC: | 196 | case SSH_UMAC: |
172 | put_u64(nonce, seqno); | 197 | put_u64(nonce, seqno); |
173 | umac_update(mac->umac_ctx, data, datalen); | 198 | umac_update(mac->umac_ctx, data, datalen); |
174 | umac_final(mac->umac_ctx, m, nonce); | 199 | umac_final(mac->umac_ctx, u.m, nonce); |
175 | break; | 200 | break; |
176 | case SSH_UMAC128: | 201 | case SSH_UMAC128: |
177 | put_u64(nonce, seqno); | 202 | put_u64(nonce, seqno); |
178 | umac128_update(mac->umac_ctx, data, datalen); | 203 | umac128_update(mac->umac_ctx, data, datalen); |
179 | umac128_final(mac->umac_ctx, m, nonce); | 204 | umac128_final(mac->umac_ctx, u.m, nonce); |
180 | break; | 205 | break; |
181 | default: | 206 | default: |
182 | fatal("mac_compute: unknown MAC type"); | 207 | fatal("mac_compute: unknown MAC type"); |
183 | } | 208 | } |
184 | return (m); | 209 | return (u.m); |
185 | } | 210 | } |
186 | 211 | ||
187 | void | 212 | void |
@@ -213,13 +238,13 @@ mac_valid(const char *names) | |||
213 | (p = strsep(&cp, MAC_SEP))) { | 238 | (p = strsep(&cp, MAC_SEP))) { |
214 | if (mac_setup(NULL, p) < 0) { | 239 | if (mac_setup(NULL, p) < 0) { |
215 | debug("bad mac %s [%s]", p, names); | 240 | debug("bad mac %s [%s]", p, names); |
216 | xfree(maclist); | 241 | free(maclist); |
217 | return (0); | 242 | return (0); |
218 | } else { | 243 | } else { |
219 | debug3("mac ok: %s [%s]", p, names); | 244 | debug3("mac ok: %s [%s]", p, names); |
220 | } | 245 | } |
221 | } | 246 | } |
222 | debug3("macs ok: [%s]", names); | 247 | debug3("macs ok: [%s]", names); |
223 | xfree(maclist); | 248 | free(maclist); |
224 | return (1); | 249 | return (1); |
225 | } | 250 | } |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: mac.h,v 1.6 2007/06/07 19:37:34 pvalchev Exp $ */ | 1 | /* $OpenBSD: mac.h,v 1.7 2013/04/19 01:06:50 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -24,6 +24,7 @@ | |||
24 | */ | 24 | */ |
25 | 25 | ||
26 | int mac_valid(const char *); | 26 | int mac_valid(const char *); |
27 | char *mac_alg_list(void); | ||
27 | int mac_setup(Mac *, char *); | 28 | int mac_setup(Mac *, char *); |
28 | int mac_init(Mac *); | 29 | int mac_init(Mac *); |
29 | u_char *mac_compute(Mac *, u_int32_t, u_char *, int); | 30 | u_char *mac_compute(Mac *, u_int32_t, u_char *, int); |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: match.c,v 1.27 2008/06/10 23:06:19 djm Exp $ */ | 1 | /* $OpenBSD: match.c,v 1.28 2013/05/17 00:13:13 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -40,6 +40,7 @@ | |||
40 | #include <sys/types.h> | 40 | #include <sys/types.h> |
41 | 41 | ||
42 | #include <ctype.h> | 42 | #include <ctype.h> |
43 | #include <stdlib.h> | ||
43 | #include <string.h> | 44 | #include <string.h> |
44 | 45 | ||
45 | #include "xmalloc.h" | 46 | #include "xmalloc.h" |
@@ -226,14 +227,14 @@ match_user(const char *user, const char *host, const char *ipaddr, | |||
226 | 227 | ||
227 | if ((ret = match_pattern(user, pat)) == 1) | 228 | if ((ret = match_pattern(user, pat)) == 1) |
228 | ret = match_host_and_ip(host, ipaddr, p); | 229 | ret = match_host_and_ip(host, ipaddr, p); |
229 | xfree(pat); | 230 | free(pat); |
230 | 231 | ||
231 | return ret; | 232 | return ret; |
232 | } | 233 | } |
233 | 234 | ||
234 | /* | 235 | /* |
235 | * Returns first item from client-list that is also supported by server-list, | 236 | * Returns first item from client-list that is also supported by server-list, |
236 | * caller must xfree() returned string. | 237 | * caller must free the returned string. |
237 | */ | 238 | */ |
238 | #define MAX_PROP 40 | 239 | #define MAX_PROP 40 |
239 | #define SEP "," | 240 | #define SEP "," |
@@ -264,15 +265,15 @@ match_list(const char *client, const char *server, u_int *next) | |||
264 | if (next != NULL) | 265 | if (next != NULL) |
265 | *next = (cp == NULL) ? | 266 | *next = (cp == NULL) ? |
266 | strlen(c) : (u_int)(cp - c); | 267 | strlen(c) : (u_int)(cp - c); |
267 | xfree(c); | 268 | free(c); |
268 | xfree(s); | 269 | free(s); |
269 | return ret; | 270 | return ret; |
270 | } | 271 | } |
271 | } | 272 | } |
272 | } | 273 | } |
273 | if (next != NULL) | 274 | if (next != NULL) |
274 | *next = strlen(c); | 275 | *next = strlen(c); |
275 | xfree(c); | 276 | free(c); |
276 | xfree(s); | 277 | free(s); |
277 | return NULL; | 278 | return NULL; |
278 | } | 279 | } |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: misc.c,v 1.86 2011/09/05 05:59:08 djm Exp $ */ | 1 | /* $OpenBSD: misc.c,v 1.91 2013/07/12 00:43:50 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * Copyright (c) 2005,2006 Damien Miller. All rights reserved. | 4 | * Copyright (c) 2005,2006 Damien Miller. All rights reserved. |
@@ -127,7 +127,7 @@ unset_nonblock(int fd) | |||
127 | const char * | 127 | const char * |
128 | ssh_gai_strerror(int gaierr) | 128 | ssh_gai_strerror(int gaierr) |
129 | { | 129 | { |
130 | if (gaierr == EAI_SYSTEM) | 130 | if (gaierr == EAI_SYSTEM && errno != 0) |
131 | return strerror(errno); | 131 | return strerror(errno); |
132 | return gai_strerror(gaierr); | 132 | return gai_strerror(gaierr); |
133 | } | 133 | } |
@@ -206,16 +206,18 @@ pwcopy(struct passwd *pw) | |||
206 | 206 | ||
207 | copy->pw_name = xstrdup(pw->pw_name); | 207 | copy->pw_name = xstrdup(pw->pw_name); |
208 | copy->pw_passwd = xstrdup(pw->pw_passwd); | 208 | copy->pw_passwd = xstrdup(pw->pw_passwd); |
209 | #ifdef HAVE_STRUCT_PASSWD_PW_GECOS | ||
209 | copy->pw_gecos = xstrdup(pw->pw_gecos); | 210 | copy->pw_gecos = xstrdup(pw->pw_gecos); |
211 | #endif | ||
210 | copy->pw_uid = pw->pw_uid; | 212 | copy->pw_uid = pw->pw_uid; |
211 | copy->pw_gid = pw->pw_gid; | 213 | copy->pw_gid = pw->pw_gid; |
212 | #ifdef HAVE_PW_EXPIRE_IN_PASSWD | 214 | #ifdef HAVE_STRUCT_PASSWD_PW_EXPIRE |
213 | copy->pw_expire = pw->pw_expire; | 215 | copy->pw_expire = pw->pw_expire; |
214 | #endif | 216 | #endif |
215 | #ifdef HAVE_PW_CHANGE_IN_PASSWD | 217 | #ifdef HAVE_STRUCT_PASSWD_PW_CHANGE |
216 | copy->pw_change = pw->pw_change; | 218 | copy->pw_change = pw->pw_change; |
217 | #endif | 219 | #endif |
218 | #ifdef HAVE_PW_CLASS_IN_PASSWD | 220 | #ifdef HAVE_STRUCT_PASSWD_PW_CLASS |
219 | copy->pw_class = xstrdup(pw->pw_class); | 221 | copy->pw_class = xstrdup(pw->pw_class); |
220 | #endif | 222 | #endif |
221 | copy->pw_dir = xstrdup(pw->pw_dir); | 223 | copy->pw_dir = xstrdup(pw->pw_dir); |
@@ -251,13 +253,13 @@ a2tun(const char *s, int *remote) | |||
251 | *remote = SSH_TUNID_ANY; | 253 | *remote = SSH_TUNID_ANY; |
252 | sp = xstrdup(s); | 254 | sp = xstrdup(s); |
253 | if ((ep = strchr(sp, ':')) == NULL) { | 255 | if ((ep = strchr(sp, ':')) == NULL) { |
254 | xfree(sp); | 256 | free(sp); |
255 | return (a2tun(s, NULL)); | 257 | return (a2tun(s, NULL)); |
256 | } | 258 | } |
257 | ep[0] = '\0'; ep++; | 259 | ep[0] = '\0'; ep++; |
258 | *remote = a2tun(ep, NULL); | 260 | *remote = a2tun(ep, NULL); |
259 | tun = a2tun(sp, NULL); | 261 | tun = a2tun(sp, NULL); |
260 | xfree(sp); | 262 | free(sp); |
261 | return (*remote == SSH_TUNID_ERR ? *remote : tun); | 263 | return (*remote == SSH_TUNID_ERR ? *remote : tun); |
262 | } | 264 | } |
263 | 265 | ||
@@ -490,7 +492,7 @@ replacearg(arglist *args, u_int which, char *fmt, ...) | |||
490 | if (which >= args->num) | 492 | if (which >= args->num) |
491 | fatal("replacearg: tried to replace invalid arg %d >= %d", | 493 | fatal("replacearg: tried to replace invalid arg %d >= %d", |
492 | which, args->num); | 494 | which, args->num); |
493 | xfree(args->list[which]); | 495 | free(args->list[which]); |
494 | args->list[which] = cp; | 496 | args->list[which] = cp; |
495 | } | 497 | } |
496 | 498 | ||
@@ -501,8 +503,8 @@ freeargs(arglist *args) | |||
501 | 503 | ||
502 | if (args->list != NULL) { | 504 | if (args->list != NULL) { |
503 | for (i = 0; i < args->num; i++) | 505 | for (i = 0; i < args->num; i++) |
504 | xfree(args->list[i]); | 506 | free(args->list[i]); |
505 | xfree(args->list); | 507 | free(args->list); |
506 | args->nalloc = args->num = 0; | 508 | args->nalloc = args->num = 0; |
507 | args->list = NULL; | 509 | args->list = NULL; |
508 | } | 510 | } |
@@ -515,8 +517,8 @@ freeargs(arglist *args) | |||
515 | char * | 517 | char * |
516 | tilde_expand_filename(const char *filename, uid_t uid) | 518 | tilde_expand_filename(const char *filename, uid_t uid) |
517 | { | 519 | { |
518 | const char *path; | 520 | const char *path, *sep; |
519 | char user[128], ret[MAXPATHLEN]; | 521 | char user[128], *ret; |
520 | struct passwd *pw; | 522 | struct passwd *pw; |
521 | u_int len, slash; | 523 | u_int len, slash; |
522 | 524 | ||
@@ -536,22 +538,21 @@ tilde_expand_filename(const char *filename, uid_t uid) | |||
536 | } else if ((pw = getpwuid(uid)) == NULL) /* ~/path */ | 538 | } else if ((pw = getpwuid(uid)) == NULL) /* ~/path */ |
537 | fatal("tilde_expand_filename: No such uid %ld", (long)uid); | 539 | fatal("tilde_expand_filename: No such uid %ld", (long)uid); |
538 | 540 | ||
539 | if (strlcpy(ret, pw->pw_dir, sizeof(ret)) >= sizeof(ret)) | ||
540 | fatal("tilde_expand_filename: Path too long"); | ||
541 | |||
542 | /* Make sure directory has a trailing '/' */ | 541 | /* Make sure directory has a trailing '/' */ |
543 | len = strlen(pw->pw_dir); | 542 | len = strlen(pw->pw_dir); |
544 | if ((len == 0 || pw->pw_dir[len - 1] != '/') && | 543 | if (len == 0 || pw->pw_dir[len - 1] != '/') |
545 | strlcat(ret, "/", sizeof(ret)) >= sizeof(ret)) | 544 | sep = "/"; |
546 | fatal("tilde_expand_filename: Path too long"); | 545 | else |
546 | sep = ""; | ||
547 | 547 | ||
548 | /* Skip leading '/' from specified path */ | 548 | /* Skip leading '/' from specified path */ |
549 | if (path != NULL) | 549 | if (path != NULL) |
550 | filename = path + 1; | 550 | filename = path + 1; |
551 | if (strlcat(ret, filename, sizeof(ret)) >= sizeof(ret)) | 551 | |
552 | if (xasprintf(&ret, "%s%s%s", pw->pw_dir, sep, filename) >= MAXPATHLEN) | ||
552 | fatal("tilde_expand_filename: Path too long"); | 553 | fatal("tilde_expand_filename: Path too long"); |
553 | 554 | ||
554 | return (xstrdup(ret)); | 555 | return (ret); |
555 | } | 556 | } |
556 | 557 | ||
557 | /* | 558 | /* |
@@ -853,6 +854,24 @@ ms_to_timeval(struct timeval *tv, int ms) | |||
853 | tv->tv_usec = (ms % 1000) * 1000; | 854 | tv->tv_usec = (ms % 1000) * 1000; |
854 | } | 855 | } |
855 | 856 | ||
857 | time_t | ||
858 | monotime(void) | ||
859 | { | ||
860 | #if defined(HAVE_CLOCK_GETTIME) && defined(CLOCK_MONOTONIC) | ||
861 | struct timespec ts; | ||
862 | static int gettime_failed = 0; | ||
863 | |||
864 | if (!gettime_failed) { | ||
865 | if (clock_gettime(CLOCK_MONOTONIC, &ts) == 0) | ||
866 | return (ts.tv_sec); | ||
867 | debug3("clock_gettime: %s", strerror(errno)); | ||
868 | gettime_failed = 1; | ||
869 | } | ||
870 | #endif | ||
871 | |||
872 | return time(NULL); | ||
873 | } | ||
874 | |||
856 | void | 875 | void |
857 | bandwidth_limit_init(struct bwlimit *bw, u_int64_t kbps, size_t buflen) | 876 | bandwidth_limit_init(struct bwlimit *bw, u_int64_t kbps, size_t buflen) |
858 | { | 877 | { |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: misc.h,v 1.48 2011/03/29 18:54:17 stevesk Exp $ */ | 1 | /* $OpenBSD: misc.h,v 1.49 2013/06/01 13:15:52 dtucker Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
@@ -35,6 +35,7 @@ char *tohex(const void *, size_t); | |||
35 | void sanitise_stdfd(void); | 35 | void sanitise_stdfd(void); |
36 | void ms_subtract_diff(struct timeval *, int *); | 36 | void ms_subtract_diff(struct timeval *, int *); |
37 | void ms_to_timeval(struct timeval *, int); | 37 | void ms_to_timeval(struct timeval *, int); |
38 | time_t monotime(void); | ||
38 | void sock_set_v6only(int); | 39 | void sock_set_v6only(int); |
39 | 40 | ||
40 | struct passwd *pwcopy(struct passwd *); | 41 | struct passwd *pwcopy(struct passwd *); |
@@ -71,4 +71,4 @@ STANDARDS | |||
71 | the Secure Shell (SSH) Transport Layer Protocol, RFC 4419, March 2006, | 71 | the Secure Shell (SSH) Transport Layer Protocol, RFC 4419, March 2006, |
72 | 2006. | 72 | 2006. |
73 | 73 | ||
74 | OpenBSD 5.3 September 26, 2012 OpenBSD 5.3 | 74 | OpenBSD 5.4 September 26, 2012 OpenBSD 5.4 |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: moduli.c,v 1.26 2012/07/06 00:41:59 dtucker Exp $ */ | 1 | /* $OpenBSD: moduli.c,v 1.27 2013/05/17 00:13:13 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright 1994 Phil Karn <karn@qualcomm.com> | 3 | * Copyright 1994 Phil Karn <karn@qualcomm.com> |
4 | * Copyright 1996-1998, 2003 William Allen Simpson <wsimpson@greendragon.com> | 4 | * Copyright 1996-1998, 2003 William Allen Simpson <wsimpson@greendragon.com> |
@@ -433,9 +433,9 @@ gen_candidates(FILE *out, u_int32_t memory, u_int32_t power, BIGNUM *start) | |||
433 | 433 | ||
434 | time(&time_stop); | 434 | time(&time_stop); |
435 | 435 | ||
436 | xfree(LargeSieve); | 436 | free(LargeSieve); |
437 | xfree(SmallSieve); | 437 | free(SmallSieve); |
438 | xfree(TinySieve); | 438 | free(TinySieve); |
439 | 439 | ||
440 | logit("%.24s Found %u candidates", ctime(&time_stop), r); | 440 | logit("%.24s Found %u candidates", ctime(&time_stop), r); |
441 | 441 | ||
@@ -709,7 +709,7 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted, | |||
709 | } | 709 | } |
710 | 710 | ||
711 | time(&time_stop); | 711 | time(&time_stop); |
712 | xfree(lp); | 712 | free(lp); |
713 | BN_free(p); | 713 | BN_free(p); |
714 | BN_free(q); | 714 | BN_free(q); |
715 | BN_CTX_free(ctx); | 715 | BN_CTX_free(ctx); |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: monitor.c,v 1.120 2012/12/11 22:16:21 markus Exp $ */ | 1 | /* $OpenBSD: monitor.c,v 1.127 2013/07/19 07:37:48 markus Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> | 3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> |
4 | * Copyright 2002 Markus Friedl <markus@openbsd.org> | 4 | * Copyright 2002 Markus Friedl <markus@openbsd.org> |
@@ -97,6 +97,7 @@ | |||
97 | #include "ssh2.h" | 97 | #include "ssh2.h" |
98 | #include "jpake.h" | 98 | #include "jpake.h" |
99 | #include "roaming.h" | 99 | #include "roaming.h" |
100 | #include "authfd.h" | ||
100 | 101 | ||
101 | #ifdef GSSAPI | 102 | #ifdef GSSAPI |
102 | static Gssctxt *gsscontext = NULL; | 103 | static Gssctxt *gsscontext = NULL; |
@@ -405,7 +406,7 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor) | |||
405 | "with SSH protocol 1"); | 406 | "with SSH protocol 1"); |
406 | if (authenticated && | 407 | if (authenticated && |
407 | !auth2_update_methods_lists(authctxt, | 408 | !auth2_update_methods_lists(authctxt, |
408 | auth_method)) { | 409 | auth_method, auth_submethod)) { |
409 | debug3("%s: method %s: partial", __func__, | 410 | debug3("%s: method %s: partial", __func__, |
410 | auth_method); | 411 | auth_method); |
411 | authenticated = 0; | 412 | authenticated = 0; |
@@ -435,8 +436,7 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor) | |||
435 | } | 436 | } |
436 | if (ent->flags & (MON_AUTHDECIDE|MON_ALOG)) { | 437 | if (ent->flags & (MON_AUTHDECIDE|MON_ALOG)) { |
437 | auth_log(authctxt, authenticated, partial, | 438 | auth_log(authctxt, authenticated, partial, |
438 | auth_method, auth_submethod, | 439 | auth_method, auth_submethod); |
439 | compat20 ? " ssh2" : ""); | ||
440 | if (!authenticated) | 440 | if (!authenticated) |
441 | authctxt->failures++; | 441 | authctxt->failures++; |
442 | } | 442 | } |
@@ -568,7 +568,7 @@ monitor_read_log(struct monitor *pmonitor) | |||
568 | do_log2(level, "%s [preauth]", msg); | 568 | do_log2(level, "%s [preauth]", msg); |
569 | 569 | ||
570 | buffer_free(&logmsg); | 570 | buffer_free(&logmsg); |
571 | xfree(msg); | 571 | free(msg); |
572 | 572 | ||
573 | return 0; | 573 | return 0; |
574 | } | 574 | } |
@@ -659,12 +659,9 @@ static void | |||
659 | monitor_reset_key_state(void) | 659 | monitor_reset_key_state(void) |
660 | { | 660 | { |
661 | /* reset state */ | 661 | /* reset state */ |
662 | if (key_blob != NULL) | 662 | free(key_blob); |
663 | xfree(key_blob); | 663 | free(hostbased_cuser); |
664 | if (hostbased_cuser != NULL) | 664 | free(hostbased_chost); |
665 | xfree(hostbased_cuser); | ||
666 | if (hostbased_chost != NULL) | ||
667 | xfree(hostbased_chost); | ||
668 | key_blob = NULL; | 665 | key_blob = NULL; |
669 | key_bloblen = 0; | 666 | key_bloblen = 0; |
670 | key_blobtype = MM_NOKEY; | 667 | key_blobtype = MM_NOKEY; |
@@ -707,6 +704,8 @@ mm_answer_moduli(int sock, Buffer *m) | |||
707 | return (0); | 704 | return (0); |
708 | } | 705 | } |
709 | 706 | ||
707 | extern AuthenticationConnection *auth_conn; | ||
708 | |||
710 | int | 709 | int |
711 | mm_answer_sign(int sock, Buffer *m) | 710 | mm_answer_sign(int sock, Buffer *m) |
712 | { | 711 | { |
@@ -735,18 +734,24 @@ mm_answer_sign(int sock, Buffer *m) | |||
735 | memcpy(session_id2, p, session_id2_len); | 734 | memcpy(session_id2, p, session_id2_len); |
736 | } | 735 | } |
737 | 736 | ||
738 | if ((key = get_hostkey_by_index(keyid)) == NULL) | 737 | if ((key = get_hostkey_by_index(keyid)) != NULL) { |
738 | if (key_sign(key, &signature, &siglen, p, datlen) < 0) | ||
739 | fatal("%s: key_sign failed", __func__); | ||
740 | } else if ((key = get_hostkey_public_by_index(keyid)) != NULL && | ||
741 | auth_conn != NULL) { | ||
742 | if (ssh_agent_sign(auth_conn, key, &signature, &siglen, p, | ||
743 | datlen) < 0) | ||
744 | fatal("%s: ssh_agent_sign failed", __func__); | ||
745 | } else | ||
739 | fatal("%s: no hostkey from index %d", __func__, keyid); | 746 | fatal("%s: no hostkey from index %d", __func__, keyid); |
740 | if (key_sign(key, &signature, &siglen, p, datlen) < 0) | ||
741 | fatal("%s: key_sign failed", __func__); | ||
742 | 747 | ||
743 | debug3("%s: signature %p(%u)", __func__, signature, siglen); | 748 | debug3("%s: signature %p(%u)", __func__, signature, siglen); |
744 | 749 | ||
745 | buffer_clear(m); | 750 | buffer_clear(m); |
746 | buffer_put_string(m, signature, siglen); | 751 | buffer_put_string(m, signature, siglen); |
747 | 752 | ||
748 | xfree(p); | 753 | free(p); |
749 | xfree(signature); | 754 | free(signature); |
750 | 755 | ||
751 | mm_request_send(sock, MONITOR_ANS_SIGN, m); | 756 | mm_request_send(sock, MONITOR_ANS_SIGN, m); |
752 | 757 | ||
@@ -777,7 +782,7 @@ mm_answer_pwnamallow(int sock, Buffer *m) | |||
777 | 782 | ||
778 | authctxt->user = xstrdup(username); | 783 | authctxt->user = xstrdup(username); |
779 | setproctitle("%s [priv]", pwent ? username : "unknown"); | 784 | setproctitle("%s [priv]", pwent ? username : "unknown"); |
780 | xfree(username); | 785 | free(username); |
781 | 786 | ||
782 | buffer_clear(m); | 787 | buffer_clear(m); |
783 | 788 | ||
@@ -795,8 +800,10 @@ mm_answer_pwnamallow(int sock, Buffer *m) | |||
795 | buffer_put_string(m, pwent, sizeof(struct passwd)); | 800 | buffer_put_string(m, pwent, sizeof(struct passwd)); |
796 | buffer_put_cstring(m, pwent->pw_name); | 801 | buffer_put_cstring(m, pwent->pw_name); |
797 | buffer_put_cstring(m, "*"); | 802 | buffer_put_cstring(m, "*"); |
803 | #ifdef HAVE_STRUCT_PASSWD_PW_GECOS | ||
798 | buffer_put_cstring(m, pwent->pw_gecos); | 804 | buffer_put_cstring(m, pwent->pw_gecos); |
799 | #ifdef HAVE_PW_CLASS_IN_PASSWD | 805 | #endif |
806 | #ifdef HAVE_STRUCT_PASSWD_PW_CLASS | ||
800 | buffer_put_cstring(m, pwent->pw_class); | 807 | buffer_put_cstring(m, pwent->pw_class); |
801 | #endif | 808 | #endif |
802 | buffer_put_cstring(m, pwent->pw_dir); | 809 | buffer_put_cstring(m, pwent->pw_dir); |
@@ -855,9 +862,7 @@ int mm_answer_auth2_read_banner(int sock, Buffer *m) | |||
855 | banner = auth2_read_banner(); | 862 | banner = auth2_read_banner(); |
856 | buffer_put_cstring(m, banner != NULL ? banner : ""); | 863 | buffer_put_cstring(m, banner != NULL ? banner : ""); |
857 | mm_request_send(sock, MONITOR_ANS_AUTH2_READ_BANNER, m); | 864 | mm_request_send(sock, MONITOR_ANS_AUTH2_READ_BANNER, m); |
858 | 865 | free(banner); | |
859 | if (banner != NULL) | ||
860 | xfree(banner); | ||
861 | 866 | ||
862 | return (0); | 867 | return (0); |
863 | } | 868 | } |
@@ -873,7 +878,7 @@ mm_answer_authserv(int sock, Buffer *m) | |||
873 | __func__, authctxt->service, authctxt->style); | 878 | __func__, authctxt->service, authctxt->style); |
874 | 879 | ||
875 | if (strlen(authctxt->style) == 0) { | 880 | if (strlen(authctxt->style) == 0) { |
876 | xfree(authctxt->style); | 881 | free(authctxt->style); |
877 | authctxt->style = NULL; | 882 | authctxt->style = NULL; |
878 | } | 883 | } |
879 | 884 | ||
@@ -893,7 +898,7 @@ mm_answer_authpassword(int sock, Buffer *m) | |||
893 | authenticated = options.password_authentication && | 898 | authenticated = options.password_authentication && |
894 | auth_password(authctxt, passwd); | 899 | auth_password(authctxt, passwd); |
895 | memset(passwd, 0, strlen(passwd)); | 900 | memset(passwd, 0, strlen(passwd)); |
896 | xfree(passwd); | 901 | free(passwd); |
897 | 902 | ||
898 | buffer_clear(m); | 903 | buffer_clear(m); |
899 | buffer_put_int(m, authenticated); | 904 | buffer_put_int(m, authenticated); |
@@ -933,10 +938,10 @@ mm_answer_bsdauthquery(int sock, Buffer *m) | |||
933 | mm_request_send(sock, MONITOR_ANS_BSDAUTHQUERY, m); | 938 | mm_request_send(sock, MONITOR_ANS_BSDAUTHQUERY, m); |
934 | 939 | ||
935 | if (success) { | 940 | if (success) { |
936 | xfree(name); | 941 | free(name); |
937 | xfree(infotxt); | 942 | free(infotxt); |
938 | xfree(prompts); | 943 | free(prompts); |
939 | xfree(echo_on); | 944 | free(echo_on); |
940 | } | 945 | } |
941 | 946 | ||
942 | return (0); | 947 | return (0); |
@@ -956,7 +961,7 @@ mm_answer_bsdauthrespond(int sock, Buffer *m) | |||
956 | auth_userresponse(authctxt->as, response, 0); | 961 | auth_userresponse(authctxt->as, response, 0); |
957 | authctxt->as = NULL; | 962 | authctxt->as = NULL; |
958 | debug3("%s: <%s> = <%d>", __func__, response, authok); | 963 | debug3("%s: <%s> = <%d>", __func__, response, authok); |
959 | xfree(response); | 964 | free(response); |
960 | 965 | ||
961 | buffer_clear(m); | 966 | buffer_clear(m); |
962 | buffer_put_int(m, authok); | 967 | buffer_put_int(m, authok); |
@@ -964,9 +969,10 @@ mm_answer_bsdauthrespond(int sock, Buffer *m) | |||
964 | debug3("%s: sending authenticated: %d", __func__, authok); | 969 | debug3("%s: sending authenticated: %d", __func__, authok); |
965 | mm_request_send(sock, MONITOR_ANS_BSDAUTHRESPOND, m); | 970 | mm_request_send(sock, MONITOR_ANS_BSDAUTHRESPOND, m); |
966 | 971 | ||
967 | if (compat20) | 972 | if (compat20) { |
968 | auth_method = "keyboard-interactive"; /* XXX auth_submethod */ | 973 | auth_method = "keyboard-interactive"; |
969 | else | 974 | auth_submethod = "bsdauth"; |
975 | } else | ||
970 | auth_method = "bsdauth"; | 976 | auth_method = "bsdauth"; |
971 | 977 | ||
972 | return (authok != 0); | 978 | return (authok != 0); |
@@ -1008,7 +1014,7 @@ mm_answer_skeyrespond(int sock, Buffer *m) | |||
1008 | skey_haskey(authctxt->pw->pw_name) == 0 && | 1014 | skey_haskey(authctxt->pw->pw_name) == 0 && |
1009 | skey_passcheck(authctxt->pw->pw_name, response) != -1); | 1015 | skey_passcheck(authctxt->pw->pw_name, response) != -1); |
1010 | 1016 | ||
1011 | xfree(response); | 1017 | free(response); |
1012 | 1018 | ||
1013 | buffer_clear(m); | 1019 | buffer_clear(m); |
1014 | buffer_put_int(m, authok); | 1020 | buffer_put_int(m, authok); |
@@ -1093,19 +1099,17 @@ mm_answer_pam_query(int sock, Buffer *m) | |||
1093 | buffer_clear(m); | 1099 | buffer_clear(m); |
1094 | buffer_put_int(m, ret); | 1100 | buffer_put_int(m, ret); |
1095 | buffer_put_cstring(m, name); | 1101 | buffer_put_cstring(m, name); |
1096 | xfree(name); | 1102 | free(name); |
1097 | buffer_put_cstring(m, info); | 1103 | buffer_put_cstring(m, info); |
1098 | xfree(info); | 1104 | free(info); |
1099 | buffer_put_int(m, num); | 1105 | buffer_put_int(m, num); |
1100 | for (i = 0; i < num; ++i) { | 1106 | for (i = 0; i < num; ++i) { |
1101 | buffer_put_cstring(m, prompts[i]); | 1107 | buffer_put_cstring(m, prompts[i]); |
1102 | xfree(prompts[i]); | 1108 | free(prompts[i]); |
1103 | buffer_put_int(m, echo_on[i]); | 1109 | buffer_put_int(m, echo_on[i]); |
1104 | } | 1110 | } |
1105 | if (prompts != NULL) | 1111 | free(prompts); |
1106 | xfree(prompts); | 1112 | free(echo_on); |
1107 | if (echo_on != NULL) | ||
1108 | xfree(echo_on); | ||
1109 | auth_method = "keyboard-interactive"; | 1113 | auth_method = "keyboard-interactive"; |
1110 | auth_submethod = "pam"; | 1114 | auth_submethod = "pam"; |
1111 | mm_request_send(sock, MONITOR_ANS_PAM_QUERY, m); | 1115 | mm_request_send(sock, MONITOR_ANS_PAM_QUERY, m); |
@@ -1128,8 +1132,8 @@ mm_answer_pam_respond(int sock, Buffer *m) | |||
1128 | resp[i] = buffer_get_string(m, NULL); | 1132 | resp[i] = buffer_get_string(m, NULL); |
1129 | ret = (sshpam_device.respond)(sshpam_ctxt, num, resp); | 1133 | ret = (sshpam_device.respond)(sshpam_ctxt, num, resp); |
1130 | for (i = 0; i < num; ++i) | 1134 | for (i = 0; i < num; ++i) |
1131 | xfree(resp[i]); | 1135 | free(resp[i]); |
1132 | xfree(resp); | 1136 | free(resp); |
1133 | } else { | 1137 | } else { |
1134 | ret = (sshpam_device.respond)(sshpam_ctxt, num, NULL); | 1138 | ret = (sshpam_device.respond)(sshpam_ctxt, num, NULL); |
1135 | } | 1139 | } |
@@ -1187,6 +1191,7 @@ mm_answer_keyallowed(int sock, Buffer *m) | |||
1187 | case MM_USERKEY: | 1191 | case MM_USERKEY: |
1188 | allowed = options.pubkey_authentication && | 1192 | allowed = options.pubkey_authentication && |
1189 | user_key_allowed(authctxt->pw, key); | 1193 | user_key_allowed(authctxt->pw, key); |
1194 | pubkey_auth_info(authctxt, key, NULL); | ||
1190 | auth_method = "publickey"; | 1195 | auth_method = "publickey"; |
1191 | if (options.pubkey_authentication && allowed != 1) | 1196 | if (options.pubkey_authentication && allowed != 1) |
1192 | auth_clear_options(); | 1197 | auth_clear_options(); |
@@ -1195,6 +1200,9 @@ mm_answer_keyallowed(int sock, Buffer *m) | |||
1195 | allowed = options.hostbased_authentication && | 1200 | allowed = options.hostbased_authentication && |
1196 | hostbased_key_allowed(authctxt->pw, | 1201 | hostbased_key_allowed(authctxt->pw, |
1197 | cuser, chost, key); | 1202 | cuser, chost, key); |
1203 | pubkey_auth_info(authctxt, key, | ||
1204 | "client user \"%.100s\", client host \"%.100s\"", | ||
1205 | cuser, chost); | ||
1198 | auth_method = "hostbased"; | 1206 | auth_method = "hostbased"; |
1199 | break; | 1207 | break; |
1200 | case MM_RSAHOSTKEY: | 1208 | case MM_RSAHOSTKEY: |
@@ -1226,11 +1234,10 @@ mm_answer_keyallowed(int sock, Buffer *m) | |||
1226 | hostbased_chost = chost; | 1234 | hostbased_chost = chost; |
1227 | } else { | 1235 | } else { |
1228 | /* Log failed attempt */ | 1236 | /* Log failed attempt */ |
1229 | auth_log(authctxt, 0, 0, auth_method, NULL, | 1237 | auth_log(authctxt, 0, 0, auth_method, NULL); |
1230 | compat20 ? " ssh2" : ""); | 1238 | free(blob); |
1231 | xfree(blob); | 1239 | free(cuser); |
1232 | xfree(cuser); | 1240 | free(chost); |
1233 | xfree(chost); | ||
1234 | } | 1241 | } |
1235 | 1242 | ||
1236 | debug3("%s: key %p is %s", | 1243 | debug3("%s: key %p is %s", |
@@ -1252,7 +1259,7 @@ static int | |||
1252 | monitor_valid_userblob(u_char *data, u_int datalen) | 1259 | monitor_valid_userblob(u_char *data, u_int datalen) |
1253 | { | 1260 | { |
1254 | Buffer b; | 1261 | Buffer b; |
1255 | char *p; | 1262 | char *p, *userstyle; |
1256 | u_int len; | 1263 | u_int len; |
1257 | int fail = 0; | 1264 | int fail = 0; |
1258 | 1265 | ||
@@ -1273,26 +1280,30 @@ monitor_valid_userblob(u_char *data, u_int datalen) | |||
1273 | (len != session_id2_len) || | 1280 | (len != session_id2_len) || |
1274 | (timingsafe_bcmp(p, session_id2, session_id2_len) != 0)) | 1281 | (timingsafe_bcmp(p, session_id2, session_id2_len) != 0)) |
1275 | fail++; | 1282 | fail++; |
1276 | xfree(p); | 1283 | free(p); |
1277 | } | 1284 | } |
1278 | if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST) | 1285 | if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST) |
1279 | fail++; | 1286 | fail++; |
1280 | p = buffer_get_string(&b, NULL); | 1287 | p = buffer_get_cstring(&b, NULL); |
1281 | if (strcmp(authctxt->user, p) != 0) { | 1288 | xasprintf(&userstyle, "%s%s%s", authctxt->user, |
1289 | authctxt->style ? ":" : "", | ||
1290 | authctxt->style ? authctxt->style : ""); | ||
1291 | if (strcmp(userstyle, p) != 0) { | ||
1282 | logit("wrong user name passed to monitor: expected %s != %.100s", | 1292 | logit("wrong user name passed to monitor: expected %s != %.100s", |
1283 | authctxt->user, p); | 1293 | userstyle, p); |
1284 | fail++; | 1294 | fail++; |
1285 | } | 1295 | } |
1286 | xfree(p); | 1296 | free(userstyle); |
1297 | free(p); | ||
1287 | buffer_skip_string(&b); | 1298 | buffer_skip_string(&b); |
1288 | if (datafellows & SSH_BUG_PKAUTH) { | 1299 | if (datafellows & SSH_BUG_PKAUTH) { |
1289 | if (!buffer_get_char(&b)) | 1300 | if (!buffer_get_char(&b)) |
1290 | fail++; | 1301 | fail++; |
1291 | } else { | 1302 | } else { |
1292 | p = buffer_get_string(&b, NULL); | 1303 | p = buffer_get_cstring(&b, NULL); |
1293 | if (strcmp("publickey", p) != 0) | 1304 | if (strcmp("publickey", p) != 0) |
1294 | fail++; | 1305 | fail++; |
1295 | xfree(p); | 1306 | free(p); |
1296 | if (!buffer_get_char(&b)) | 1307 | if (!buffer_get_char(&b)) |
1297 | fail++; | 1308 | fail++; |
1298 | buffer_skip_string(&b); | 1309 | buffer_skip_string(&b); |
@@ -1309,7 +1320,7 @@ monitor_valid_hostbasedblob(u_char *data, u_int datalen, char *cuser, | |||
1309 | char *chost) | 1320 | char *chost) |
1310 | { | 1321 | { |
1311 | Buffer b; | 1322 | Buffer b; |
1312 | char *p; | 1323 | char *p, *userstyle; |
1313 | u_int len; | 1324 | u_int len; |
1314 | int fail = 0; | 1325 | int fail = 0; |
1315 | 1326 | ||
@@ -1321,22 +1332,26 @@ monitor_valid_hostbasedblob(u_char *data, u_int datalen, char *cuser, | |||
1321 | (len != session_id2_len) || | 1332 | (len != session_id2_len) || |
1322 | (timingsafe_bcmp(p, session_id2, session_id2_len) != 0)) | 1333 | (timingsafe_bcmp(p, session_id2, session_id2_len) != 0)) |
1323 | fail++; | 1334 | fail++; |
1324 | xfree(p); | 1335 | free(p); |
1325 | 1336 | ||
1326 | if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST) | 1337 | if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST) |
1327 | fail++; | 1338 | fail++; |
1328 | p = buffer_get_string(&b, NULL); | 1339 | p = buffer_get_cstring(&b, NULL); |
1329 | if (strcmp(authctxt->user, p) != 0) { | 1340 | xasprintf(&userstyle, "%s%s%s", authctxt->user, |
1341 | authctxt->style ? ":" : "", | ||
1342 | authctxt->style ? authctxt->style : ""); | ||
1343 | if (strcmp(userstyle, p) != 0) { | ||
1330 | logit("wrong user name passed to monitor: expected %s != %.100s", | 1344 | logit("wrong user name passed to monitor: expected %s != %.100s", |
1331 | authctxt->user, p); | 1345 | userstyle, p); |
1332 | fail++; | 1346 | fail++; |
1333 | } | 1347 | } |
1334 | xfree(p); | 1348 | free(userstyle); |
1349 | free(p); | ||
1335 | buffer_skip_string(&b); /* service */ | 1350 | buffer_skip_string(&b); /* service */ |
1336 | p = buffer_get_string(&b, NULL); | 1351 | p = buffer_get_cstring(&b, NULL); |
1337 | if (strcmp(p, "hostbased") != 0) | 1352 | if (strcmp(p, "hostbased") != 0) |
1338 | fail++; | 1353 | fail++; |
1339 | xfree(p); | 1354 | free(p); |
1340 | buffer_skip_string(&b); /* pkalg */ | 1355 | buffer_skip_string(&b); /* pkalg */ |
1341 | buffer_skip_string(&b); /* pkblob */ | 1356 | buffer_skip_string(&b); /* pkblob */ |
1342 | 1357 | ||
@@ -1346,13 +1361,13 @@ monitor_valid_hostbasedblob(u_char *data, u_int datalen, char *cuser, | |||
1346 | p[len - 1] = '\0'; | 1361 | p[len - 1] = '\0'; |
1347 | if (strcmp(p, chost) != 0) | 1362 | if (strcmp(p, chost) != 0) |
1348 | fail++; | 1363 | fail++; |
1349 | xfree(p); | 1364 | free(p); |
1350 | 1365 | ||
1351 | /* verify client user */ | 1366 | /* verify client user */ |
1352 | p = buffer_get_string(&b, NULL); | 1367 | p = buffer_get_string(&b, NULL); |
1353 | if (strcmp(p, cuser) != 0) | 1368 | if (strcmp(p, cuser) != 0) |
1354 | fail++; | 1369 | fail++; |
1355 | xfree(p); | 1370 | free(p); |
1356 | 1371 | ||
1357 | if (buffer_len(&b) != 0) | 1372 | if (buffer_len(&b) != 0) |
1358 | fail++; | 1373 | fail++; |
@@ -1401,9 +1416,9 @@ mm_answer_keyverify(int sock, Buffer *m) | |||
1401 | __func__, key, (verified == 1) ? "verified" : "unverified"); | 1416 | __func__, key, (verified == 1) ? "verified" : "unverified"); |
1402 | 1417 | ||
1403 | key_free(key); | 1418 | key_free(key); |
1404 | xfree(blob); | 1419 | free(blob); |
1405 | xfree(signature); | 1420 | free(signature); |
1406 | xfree(data); | 1421 | free(data); |
1407 | 1422 | ||
1408 | auth_method = key_blobtype == MM_USERKEY ? "publickey" : "hostbased"; | 1423 | auth_method = key_blobtype == MM_USERKEY ? "publickey" : "hostbased"; |
1409 | 1424 | ||
@@ -1531,7 +1546,7 @@ mm_answer_pty_cleanup(int sock, Buffer *m) | |||
1531 | if ((s = session_by_tty(tty)) != NULL) | 1546 | if ((s = session_by_tty(tty)) != NULL) |
1532 | mm_session_close(s); | 1547 | mm_session_close(s); |
1533 | buffer_clear(m); | 1548 | buffer_clear(m); |
1534 | xfree(tty); | 1549 | free(tty); |
1535 | return (0); | 1550 | return (0); |
1536 | } | 1551 | } |
1537 | 1552 | ||
@@ -1663,7 +1678,7 @@ mm_answer_rsa_challenge(int sock, Buffer *m) | |||
1663 | 1678 | ||
1664 | monitor_permit(mon_dispatch, MONITOR_REQ_RSARESPONSE, 1); | 1679 | monitor_permit(mon_dispatch, MONITOR_REQ_RSARESPONSE, 1); |
1665 | 1680 | ||
1666 | xfree(blob); | 1681 | free(blob); |
1667 | key_free(key); | 1682 | key_free(key); |
1668 | return (0); | 1683 | return (0); |
1669 | } | 1684 | } |
@@ -1695,9 +1710,9 @@ mm_answer_rsa_response(int sock, Buffer *m) | |||
1695 | fatal("%s: received bad response to challenge", __func__); | 1710 | fatal("%s: received bad response to challenge", __func__); |
1696 | success = auth_rsa_verify_response(key, ssh1_challenge, response); | 1711 | success = auth_rsa_verify_response(key, ssh1_challenge, response); |
1697 | 1712 | ||
1698 | xfree(blob); | 1713 | free(blob); |
1699 | key_free(key); | 1714 | key_free(key); |
1700 | xfree(response); | 1715 | free(response); |
1701 | 1716 | ||
1702 | auth_method = key_blobtype == MM_RSAUSERKEY ? "rsa" : "rhosts-rsa"; | 1717 | auth_method = key_blobtype == MM_RSAUSERKEY ? "rsa" : "rhosts-rsa"; |
1703 | 1718 | ||
@@ -1776,7 +1791,7 @@ mm_answer_audit_command(int socket, Buffer *m) | |||
1776 | cmd = buffer_get_string(m, &len); | 1791 | cmd = buffer_get_string(m, &len); |
1777 | /* sanity check command, if so how? */ | 1792 | /* sanity check command, if so how? */ |
1778 | audit_run_command(cmd); | 1793 | audit_run_command(cmd); |
1779 | xfree(cmd); | 1794 | free(cmd); |
1780 | return (0); | 1795 | return (0); |
1781 | } | 1796 | } |
1782 | #endif /* SSH_AUDIT_EVENTS */ | 1797 | #endif /* SSH_AUDIT_EVENTS */ |
@@ -1791,20 +1806,20 @@ monitor_apply_keystate(struct monitor *pmonitor) | |||
1791 | packet_set_protocol_flags(child_state.ssh1protoflags); | 1806 | packet_set_protocol_flags(child_state.ssh1protoflags); |
1792 | packet_set_encryption_key(child_state.ssh1key, | 1807 | packet_set_encryption_key(child_state.ssh1key, |
1793 | child_state.ssh1keylen, child_state.ssh1cipher); | 1808 | child_state.ssh1keylen, child_state.ssh1cipher); |
1794 | xfree(child_state.ssh1key); | 1809 | free(child_state.ssh1key); |
1795 | } | 1810 | } |
1796 | 1811 | ||
1797 | /* for rc4 and other stateful ciphers */ | 1812 | /* for rc4 and other stateful ciphers */ |
1798 | packet_set_keycontext(MODE_OUT, child_state.keyout); | 1813 | packet_set_keycontext(MODE_OUT, child_state.keyout); |
1799 | xfree(child_state.keyout); | 1814 | free(child_state.keyout); |
1800 | packet_set_keycontext(MODE_IN, child_state.keyin); | 1815 | packet_set_keycontext(MODE_IN, child_state.keyin); |
1801 | xfree(child_state.keyin); | 1816 | free(child_state.keyin); |
1802 | 1817 | ||
1803 | if (!compat20) { | 1818 | if (!compat20) { |
1804 | packet_set_iv(MODE_OUT, child_state.ivout); | 1819 | packet_set_iv(MODE_OUT, child_state.ivout); |
1805 | xfree(child_state.ivout); | 1820 | free(child_state.ivout); |
1806 | packet_set_iv(MODE_IN, child_state.ivin); | 1821 | packet_set_iv(MODE_IN, child_state.ivin); |
1807 | xfree(child_state.ivin); | 1822 | free(child_state.ivin); |
1808 | } | 1823 | } |
1809 | 1824 | ||
1810 | memcpy(&incoming_stream, &child_state.incoming, | 1825 | memcpy(&incoming_stream, &child_state.incoming, |
@@ -1816,18 +1831,22 @@ monitor_apply_keystate(struct monitor *pmonitor) | |||
1816 | if (options.compression) | 1831 | if (options.compression) |
1817 | mm_init_compression(pmonitor->m_zlib); | 1832 | mm_init_compression(pmonitor->m_zlib); |
1818 | 1833 | ||
1834 | if (options.rekey_limit || options.rekey_interval) | ||
1835 | packet_set_rekey_limits((u_int32_t)options.rekey_limit, | ||
1836 | (time_t)options.rekey_interval); | ||
1837 | |||
1819 | /* Network I/O buffers */ | 1838 | /* Network I/O buffers */ |
1820 | /* XXX inefficient for large buffers, need: buffer_init_from_string */ | 1839 | /* XXX inefficient for large buffers, need: buffer_init_from_string */ |
1821 | buffer_clear(packet_get_input()); | 1840 | buffer_clear(packet_get_input()); |
1822 | buffer_append(packet_get_input(), child_state.input, child_state.ilen); | 1841 | buffer_append(packet_get_input(), child_state.input, child_state.ilen); |
1823 | memset(child_state.input, 0, child_state.ilen); | 1842 | memset(child_state.input, 0, child_state.ilen); |
1824 | xfree(child_state.input); | 1843 | free(child_state.input); |
1825 | 1844 | ||
1826 | buffer_clear(packet_get_output()); | 1845 | buffer_clear(packet_get_output()); |
1827 | buffer_append(packet_get_output(), child_state.output, | 1846 | buffer_append(packet_get_output(), child_state.output, |
1828 | child_state.olen); | 1847 | child_state.olen); |
1829 | memset(child_state.output, 0, child_state.olen); | 1848 | memset(child_state.output, 0, child_state.olen); |
1830 | xfree(child_state.output); | 1849 | free(child_state.output); |
1831 | 1850 | ||
1832 | /* Roaming */ | 1851 | /* Roaming */ |
1833 | if (compat20) | 1852 | if (compat20) |
@@ -1866,11 +1885,11 @@ mm_get_kex(Buffer *m) | |||
1866 | blob = buffer_get_string(m, &bloblen); | 1885 | blob = buffer_get_string(m, &bloblen); |
1867 | buffer_init(&kex->my); | 1886 | buffer_init(&kex->my); |
1868 | buffer_append(&kex->my, blob, bloblen); | 1887 | buffer_append(&kex->my, blob, bloblen); |
1869 | xfree(blob); | 1888 | free(blob); |
1870 | blob = buffer_get_string(m, &bloblen); | 1889 | blob = buffer_get_string(m, &bloblen); |
1871 | buffer_init(&kex->peer); | 1890 | buffer_init(&kex->peer); |
1872 | buffer_append(&kex->peer, blob, bloblen); | 1891 | buffer_append(&kex->peer, blob, bloblen); |
1873 | xfree(blob); | 1892 | free(blob); |
1874 | kex->done = 1; | 1893 | kex->done = 1; |
1875 | kex->flags = buffer_get_int(m); | 1894 | kex->flags = buffer_get_int(m); |
1876 | kex->client_version_string = buffer_get_string(m, NULL); | 1895 | kex->client_version_string = buffer_get_string(m, NULL); |
@@ -1878,6 +1897,7 @@ mm_get_kex(Buffer *m) | |||
1878 | kex->load_host_public_key=&get_hostkey_public_by_type; | 1897 | kex->load_host_public_key=&get_hostkey_public_by_type; |
1879 | kex->load_host_private_key=&get_hostkey_private_by_type; | 1898 | kex->load_host_private_key=&get_hostkey_private_by_type; |
1880 | kex->host_key_index=&get_hostkey_index; | 1899 | kex->host_key_index=&get_hostkey_index; |
1900 | kex->sign = sshd_hostkey_sign; | ||
1881 | 1901 | ||
1882 | return (kex); | 1902 | return (kex); |
1883 | } | 1903 | } |
@@ -1913,12 +1933,12 @@ mm_get_keystate(struct monitor *pmonitor) | |||
1913 | 1933 | ||
1914 | blob = buffer_get_string(&m, &bloblen); | 1934 | blob = buffer_get_string(&m, &bloblen); |
1915 | current_keys[MODE_OUT] = mm_newkeys_from_blob(blob, bloblen); | 1935 | current_keys[MODE_OUT] = mm_newkeys_from_blob(blob, bloblen); |
1916 | xfree(blob); | 1936 | free(blob); |
1917 | 1937 | ||
1918 | debug3("%s: Waiting for second key", __func__); | 1938 | debug3("%s: Waiting for second key", __func__); |
1919 | blob = buffer_get_string(&m, &bloblen); | 1939 | blob = buffer_get_string(&m, &bloblen); |
1920 | current_keys[MODE_IN] = mm_newkeys_from_blob(blob, bloblen); | 1940 | current_keys[MODE_IN] = mm_newkeys_from_blob(blob, bloblen); |
1921 | xfree(blob); | 1941 | free(blob); |
1922 | 1942 | ||
1923 | /* Now get sequence numbers for the packets */ | 1943 | /* Now get sequence numbers for the packets */ |
1924 | seqnr = buffer_get_int(&m); | 1944 | seqnr = buffer_get_int(&m); |
@@ -1943,13 +1963,13 @@ mm_get_keystate(struct monitor *pmonitor) | |||
1943 | if (plen != sizeof(child_state.outgoing)) | 1963 | if (plen != sizeof(child_state.outgoing)) |
1944 | fatal("%s: bad request size", __func__); | 1964 | fatal("%s: bad request size", __func__); |
1945 | memcpy(&child_state.outgoing, p, sizeof(child_state.outgoing)); | 1965 | memcpy(&child_state.outgoing, p, sizeof(child_state.outgoing)); |
1946 | xfree(p); | 1966 | free(p); |
1947 | 1967 | ||
1948 | p = buffer_get_string(&m, &plen); | 1968 | p = buffer_get_string(&m, &plen); |
1949 | if (plen != sizeof(child_state.incoming)) | 1969 | if (plen != sizeof(child_state.incoming)) |
1950 | fatal("%s: bad request size", __func__); | 1970 | fatal("%s: bad request size", __func__); |
1951 | memcpy(&child_state.incoming, p, sizeof(child_state.incoming)); | 1971 | memcpy(&child_state.incoming, p, sizeof(child_state.incoming)); |
1952 | xfree(p); | 1972 | free(p); |
1953 | 1973 | ||
1954 | /* Network I/O buffers */ | 1974 | /* Network I/O buffers */ |
1955 | debug3("%s: Getting Network I/O buffers", __func__); | 1975 | debug3("%s: Getting Network I/O buffers", __func__); |
@@ -2074,7 +2094,7 @@ mm_answer_gss_setup_ctx(int sock, Buffer *m) | |||
2074 | 2094 | ||
2075 | major = ssh_gssapi_server_ctx(&gsscontext, &goid); | 2095 | major = ssh_gssapi_server_ctx(&gsscontext, &goid); |
2076 | 2096 | ||
2077 | xfree(goid.elements); | 2097 | free(goid.elements); |
2078 | 2098 | ||
2079 | buffer_clear(m); | 2099 | buffer_clear(m); |
2080 | buffer_put_int(m, major); | 2100 | buffer_put_int(m, major); |
@@ -2102,7 +2122,7 @@ mm_answer_gss_accept_ctx(int sock, Buffer *m) | |||
2102 | in.value = buffer_get_string(m, &len); | 2122 | in.value = buffer_get_string(m, &len); |
2103 | in.length = len; | 2123 | in.length = len; |
2104 | major = ssh_gssapi_accept_ctx(gsscontext, &in, &out, &flags); | 2124 | major = ssh_gssapi_accept_ctx(gsscontext, &in, &out, &flags); |
2105 | xfree(in.value); | 2125 | free(in.value); |
2106 | 2126 | ||
2107 | buffer_clear(m); | 2127 | buffer_clear(m); |
2108 | buffer_put_int(m, major); | 2128 | buffer_put_int(m, major); |
@@ -2138,8 +2158,8 @@ mm_answer_gss_checkmic(int sock, Buffer *m) | |||
2138 | 2158 | ||
2139 | ret = ssh_gssapi_checkmic(gsscontext, &gssbuf, &mic); | 2159 | ret = ssh_gssapi_checkmic(gsscontext, &gssbuf, &mic); |
2140 | 2160 | ||
2141 | xfree(gssbuf.value); | 2161 | free(gssbuf.value); |
2142 | xfree(mic.value); | 2162 | free(mic.value); |
2143 | 2163 | ||
2144 | buffer_clear(m); | 2164 | buffer_clear(m); |
2145 | buffer_put_int(m, ret); | 2165 | buffer_put_int(m, ret); |
@@ -2281,8 +2301,8 @@ mm_answer_jpake_step1(int sock, Buffer *m) | |||
2281 | 2301 | ||
2282 | bzero(x3_proof, x3_proof_len); | 2302 | bzero(x3_proof, x3_proof_len); |
2283 | bzero(x4_proof, x4_proof_len); | 2303 | bzero(x4_proof, x4_proof_len); |
2284 | xfree(x3_proof); | 2304 | free(x3_proof); |
2285 | xfree(x4_proof); | 2305 | free(x4_proof); |
2286 | 2306 | ||
2287 | monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_GET_PWDATA, 1); | 2307 | monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_GET_PWDATA, 1); |
2288 | monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_STEP1, 0); | 2308 | monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_STEP1, 0); |
@@ -2311,8 +2331,8 @@ mm_answer_jpake_get_pwdata(int sock, Buffer *m) | |||
2311 | 2331 | ||
2312 | bzero(hash_scheme, strlen(hash_scheme)); | 2332 | bzero(hash_scheme, strlen(hash_scheme)); |
2313 | bzero(salt, strlen(salt)); | 2333 | bzero(salt, strlen(salt)); |
2314 | xfree(hash_scheme); | 2334 | free(hash_scheme); |
2315 | xfree(salt); | 2335 | free(salt); |
2316 | 2336 | ||
2317 | monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_STEP2, 1); | 2337 | monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_STEP2, 1); |
2318 | 2338 | ||
@@ -2351,8 +2371,8 @@ mm_answer_jpake_step2(int sock, Buffer *m) | |||
2351 | 2371 | ||
2352 | bzero(x1_proof, x1_proof_len); | 2372 | bzero(x1_proof, x1_proof_len); |
2353 | bzero(x2_proof, x2_proof_len); | 2373 | bzero(x2_proof, x2_proof_len); |
2354 | xfree(x1_proof); | 2374 | free(x1_proof); |
2355 | xfree(x2_proof); | 2375 | free(x2_proof); |
2356 | 2376 | ||
2357 | buffer_clear(m); | 2377 | buffer_clear(m); |
2358 | 2378 | ||
@@ -2363,7 +2383,7 @@ mm_answer_jpake_step2(int sock, Buffer *m) | |||
2363 | mm_request_send(sock, MONITOR_ANS_JPAKE_STEP2, m); | 2383 | mm_request_send(sock, MONITOR_ANS_JPAKE_STEP2, m); |
2364 | 2384 | ||
2365 | bzero(x4_s_proof, x4_s_proof_len); | 2385 | bzero(x4_s_proof, x4_s_proof_len); |
2366 | xfree(x4_s_proof); | 2386 | free(x4_s_proof); |
2367 | 2387 | ||
2368 | monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_KEY_CONFIRM, 1); | 2388 | monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_KEY_CONFIRM, 1); |
2369 | 2389 | ||
@@ -2431,7 +2451,7 @@ mm_answer_jpake_check_confirm(int sock, Buffer *m) | |||
2431 | JPAKE_DEBUG_CTX((pctx, "check_confirm done in %s", __func__)); | 2451 | JPAKE_DEBUG_CTX((pctx, "check_confirm done in %s", __func__)); |
2432 | 2452 | ||
2433 | bzero(peer_confirm_hash, peer_confirm_hash_len); | 2453 | bzero(peer_confirm_hash, peer_confirm_hash_len); |
2434 | xfree(peer_confirm_hash); | 2454 | free(peer_confirm_hash); |
2435 | 2455 | ||
2436 | buffer_clear(m); | 2456 | buffer_clear(m); |
2437 | buffer_put_int(m, authenticated); | 2457 | buffer_put_int(m, authenticated); |
diff --git a/monitor_mm.c b/monitor_mm.c index faf9f3dcb..ee7bad4b4 100644 --- a/monitor_mm.c +++ b/monitor_mm.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: monitor_mm.c,v 1.16 2009/06/22 05:39:28 dtucker Exp $ */ | 1 | /* $OpenBSD: monitor_mm.c,v 1.17 2013/05/17 00:13:13 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> | 3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> |
4 | * All rights reserved. | 4 | * All rights reserved. |
@@ -35,6 +35,7 @@ | |||
35 | 35 | ||
36 | #include <errno.h> | 36 | #include <errno.h> |
37 | #include <stdarg.h> | 37 | #include <stdarg.h> |
38 | #include <stdlib.h> | ||
38 | #include <string.h> | 39 | #include <string.h> |
39 | 40 | ||
40 | #include "xmalloc.h" | 41 | #include "xmalloc.h" |
@@ -124,7 +125,7 @@ mm_freelist(struct mm_master *mmalloc, struct mmtree *head) | |||
124 | next = RB_NEXT(mmtree, head, mms); | 125 | next = RB_NEXT(mmtree, head, mms); |
125 | RB_REMOVE(mmtree, head, mms); | 126 | RB_REMOVE(mmtree, head, mms); |
126 | if (mmalloc == NULL) | 127 | if (mmalloc == NULL) |
127 | xfree(mms); | 128 | free(mms); |
128 | else | 129 | else |
129 | mm_free(mmalloc, mms); | 130 | mm_free(mmalloc, mms); |
130 | } | 131 | } |
@@ -147,7 +148,7 @@ mm_destroy(struct mm_master *mm) | |||
147 | __func__); | 148 | __func__); |
148 | #endif | 149 | #endif |
149 | if (mm->mmalloc == NULL) | 150 | if (mm->mmalloc == NULL) |
150 | xfree(mm); | 151 | free(mm); |
151 | else | 152 | else |
152 | mm_free(mm->mmalloc, mm); | 153 | mm_free(mm->mmalloc, mm); |
153 | } | 154 | } |
@@ -198,7 +199,7 @@ mm_malloc(struct mm_master *mm, size_t size) | |||
198 | if (mms->size == 0) { | 199 | if (mms->size == 0) { |
199 | RB_REMOVE(mmtree, &mm->rb_free, mms); | 200 | RB_REMOVE(mmtree, &mm->rb_free, mms); |
200 | if (mm->mmalloc == NULL) | 201 | if (mm->mmalloc == NULL) |
201 | xfree(mms); | 202 | free(mms); |
202 | else | 203 | else |
203 | mm_free(mm->mmalloc, mms); | 204 | mm_free(mm->mmalloc, mms); |
204 | } | 205 | } |
@@ -254,7 +255,7 @@ mm_free(struct mm_master *mm, void *address) | |||
254 | prev->size += mms->size; | 255 | prev->size += mms->size; |
255 | RB_REMOVE(mmtree, &mm->rb_free, mms); | 256 | RB_REMOVE(mmtree, &mm->rb_free, mms); |
256 | if (mm->mmalloc == NULL) | 257 | if (mm->mmalloc == NULL) |
257 | xfree(mms); | 258 | free(mms); |
258 | else | 259 | else |
259 | mm_free(mm->mmalloc, mms); | 260 | mm_free(mm->mmalloc, mms); |
260 | } else | 261 | } else |
@@ -278,7 +279,7 @@ mm_free(struct mm_master *mm, void *address) | |||
278 | RB_REMOVE(mmtree, &mm->rb_free, mms); | 279 | RB_REMOVE(mmtree, &mm->rb_free, mms); |
279 | 280 | ||
280 | if (mm->mmalloc == NULL) | 281 | if (mm->mmalloc == NULL) |
281 | xfree(mms); | 282 | free(mms); |
282 | else | 283 | else |
283 | mm_free(mm->mmalloc, mms); | 284 | mm_free(mm->mmalloc, mms); |
284 | } | 285 | } |
diff --git a/monitor_wrap.c b/monitor_wrap.c index ed8dbdadf..433b234d2 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: monitor_wrap.c,v 1.75 2013/01/08 18:49:04 markus Exp $ */ | 1 | /* $OpenBSD: monitor_wrap.c,v 1.76 2013/05/17 00:13:13 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> | 3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> |
4 | * Copyright 2002 Markus Friedl <markus@openbsd.org> | 4 | * Copyright 2002 Markus Friedl <markus@openbsd.org> |
@@ -259,8 +259,10 @@ mm_getpwnamallow(const char *username) | |||
259 | fatal("%s: struct passwd size mismatch", __func__); | 259 | fatal("%s: struct passwd size mismatch", __func__); |
260 | pw->pw_name = buffer_get_string(&m, NULL); | 260 | pw->pw_name = buffer_get_string(&m, NULL); |
261 | pw->pw_passwd = buffer_get_string(&m, NULL); | 261 | pw->pw_passwd = buffer_get_string(&m, NULL); |
262 | #ifdef HAVE_STRUCT_PASSWD_PW_GECOS | ||
262 | pw->pw_gecos = buffer_get_string(&m, NULL); | 263 | pw->pw_gecos = buffer_get_string(&m, NULL); |
263 | #ifdef HAVE_PW_CLASS_IN_PASSWD | 264 | #endif |
265 | #ifdef HAVE_STRUCT_PASSWD_PW_CLASS | ||
264 | pw->pw_class = buffer_get_string(&m, NULL); | 266 | pw->pw_class = buffer_get_string(&m, NULL); |
265 | #endif | 267 | #endif |
266 | pw->pw_dir = buffer_get_string(&m, NULL); | 268 | pw->pw_dir = buffer_get_string(&m, NULL); |
@@ -286,7 +288,7 @@ out: | |||
286 | #undef M_CP_STRARRAYOPT | 288 | #undef M_CP_STRARRAYOPT |
287 | 289 | ||
288 | copy_set_server_options(&options, newopts, 1); | 290 | copy_set_server_options(&options, newopts, 1); |
289 | xfree(newopts); | 291 | free(newopts); |
290 | 292 | ||
291 | buffer_free(&m); | 293 | buffer_free(&m); |
292 | 294 | ||
@@ -312,7 +314,7 @@ mm_auth2_read_banner(void) | |||
312 | 314 | ||
313 | /* treat empty banner as missing banner */ | 315 | /* treat empty banner as missing banner */ |
314 | if (strlen(banner) == 0) { | 316 | if (strlen(banner) == 0) { |
315 | xfree(banner); | 317 | free(banner); |
316 | banner = NULL; | 318 | banner = NULL; |
317 | } | 319 | } |
318 | return (banner); | 320 | return (banner); |
@@ -405,7 +407,7 @@ mm_key_allowed(enum mm_keytype type, char *user, char *host, Key *key) | |||
405 | buffer_put_cstring(&m, user ? user : ""); | 407 | buffer_put_cstring(&m, user ? user : ""); |
406 | buffer_put_cstring(&m, host ? host : ""); | 408 | buffer_put_cstring(&m, host ? host : ""); |
407 | buffer_put_string(&m, blob, len); | 409 | buffer_put_string(&m, blob, len); |
408 | xfree(blob); | 410 | free(blob); |
409 | 411 | ||
410 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYALLOWED, &m); | 412 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYALLOWED, &m); |
411 | 413 | ||
@@ -448,7 +450,7 @@ mm_key_verify(Key *key, u_char *sig, u_int siglen, u_char *data, u_int datalen) | |||
448 | buffer_put_string(&m, blob, len); | 450 | buffer_put_string(&m, blob, len); |
449 | buffer_put_string(&m, sig, siglen); | 451 | buffer_put_string(&m, sig, siglen); |
450 | buffer_put_string(&m, data, datalen); | 452 | buffer_put_string(&m, data, datalen); |
451 | xfree(blob); | 453 | free(blob); |
452 | 454 | ||
453 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYVERIFY, &m); | 455 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYVERIFY, &m); |
454 | 456 | ||
@@ -617,7 +619,7 @@ mm_send_keystate(struct monitor *monitor) | |||
617 | keylen = packet_get_encryption_key(key); | 619 | keylen = packet_get_encryption_key(key); |
618 | buffer_put_string(&m, key, keylen); | 620 | buffer_put_string(&m, key, keylen); |
619 | memset(key, 0, keylen); | 621 | memset(key, 0, keylen); |
620 | xfree(key); | 622 | free(key); |
621 | 623 | ||
622 | ivlen = packet_get_keyiv_len(MODE_OUT); | 624 | ivlen = packet_get_keyiv_len(MODE_OUT); |
623 | packet_get_keyiv(MODE_OUT, iv, ivlen); | 625 | packet_get_keyiv(MODE_OUT, iv, ivlen); |
@@ -640,13 +642,13 @@ mm_send_keystate(struct monitor *monitor) | |||
640 | fatal("%s: conversion of newkeys failed", __func__); | 642 | fatal("%s: conversion of newkeys failed", __func__); |
641 | 643 | ||
642 | buffer_put_string(&m, blob, bloblen); | 644 | buffer_put_string(&m, blob, bloblen); |
643 | xfree(blob); | 645 | free(blob); |
644 | 646 | ||
645 | if (!mm_newkeys_to_blob(MODE_IN, &blob, &bloblen)) | 647 | if (!mm_newkeys_to_blob(MODE_IN, &blob, &bloblen)) |
646 | fatal("%s: conversion of newkeys failed", __func__); | 648 | fatal("%s: conversion of newkeys failed", __func__); |
647 | 649 | ||
648 | buffer_put_string(&m, blob, bloblen); | 650 | buffer_put_string(&m, blob, bloblen); |
649 | xfree(blob); | 651 | free(blob); |
650 | 652 | ||
651 | packet_get_state(MODE_OUT, &seqnr, &blocks, &packets, &bytes); | 653 | packet_get_state(MODE_OUT, &seqnr, &blocks, &packets, &bytes); |
652 | buffer_put_int(&m, seqnr); | 654 | buffer_put_int(&m, seqnr); |
@@ -666,13 +668,13 @@ mm_send_keystate(struct monitor *monitor) | |||
666 | p = xmalloc(plen+1); | 668 | p = xmalloc(plen+1); |
667 | packet_get_keycontext(MODE_OUT, p); | 669 | packet_get_keycontext(MODE_OUT, p); |
668 | buffer_put_string(&m, p, plen); | 670 | buffer_put_string(&m, p, plen); |
669 | xfree(p); | 671 | free(p); |
670 | 672 | ||
671 | plen = packet_get_keycontext(MODE_IN, NULL); | 673 | plen = packet_get_keycontext(MODE_IN, NULL); |
672 | p = xmalloc(plen+1); | 674 | p = xmalloc(plen+1); |
673 | packet_get_keycontext(MODE_IN, p); | 675 | packet_get_keycontext(MODE_IN, p); |
674 | buffer_put_string(&m, p, plen); | 676 | buffer_put_string(&m, p, plen); |
675 | xfree(p); | 677 | free(p); |
676 | 678 | ||
677 | /* Compression state */ | 679 | /* Compression state */ |
678 | debug3("%s: Sending compression state", __func__); | 680 | debug3("%s: Sending compression state", __func__); |
@@ -734,10 +736,10 @@ mm_pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, size_t namebuflen) | |||
734 | buffer_free(&m); | 736 | buffer_free(&m); |
735 | 737 | ||
736 | strlcpy(namebuf, p, namebuflen); /* Possible truncation */ | 738 | strlcpy(namebuf, p, namebuflen); /* Possible truncation */ |
737 | xfree(p); | 739 | free(p); |
738 | 740 | ||
739 | buffer_append(&loginmsg, msg, strlen(msg)); | 741 | buffer_append(&loginmsg, msg, strlen(msg)); |
740 | xfree(msg); | 742 | free(msg); |
741 | 743 | ||
742 | if ((*ptyfd = mm_receive_fd(pmonitor->m_recvfd)) == -1 || | 744 | if ((*ptyfd = mm_receive_fd(pmonitor->m_recvfd)) == -1 || |
743 | (*ttyfd = mm_receive_fd(pmonitor->m_recvfd)) == -1) | 745 | (*ttyfd = mm_receive_fd(pmonitor->m_recvfd)) == -1) |
@@ -803,7 +805,7 @@ mm_do_pam_account(void) | |||
803 | ret = buffer_get_int(&m); | 805 | ret = buffer_get_int(&m); |
804 | msg = buffer_get_string(&m, NULL); | 806 | msg = buffer_get_string(&m, NULL); |
805 | buffer_append(&loginmsg, msg, strlen(msg)); | 807 | buffer_append(&loginmsg, msg, strlen(msg)); |
806 | xfree(msg); | 808 | free(msg); |
807 | 809 | ||
808 | buffer_free(&m); | 810 | buffer_free(&m); |
809 | 811 | ||
@@ -1033,7 +1035,7 @@ mm_skey_query(void *ctx, char **name, char **infotxt, | |||
1033 | mm_chall_setup(name, infotxt, numprompts, prompts, echo_on); | 1035 | mm_chall_setup(name, infotxt, numprompts, prompts, echo_on); |
1034 | 1036 | ||
1035 | xasprintf(*prompts, "%s%s", challenge, SKEY_PROMPT); | 1037 | xasprintf(*prompts, "%s%s", challenge, SKEY_PROMPT); |
1036 | xfree(challenge); | 1038 | free(challenge); |
1037 | 1039 | ||
1038 | return (0); | 1040 | return (0); |
1039 | } | 1041 | } |
@@ -1107,7 +1109,7 @@ mm_auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey) | |||
1107 | if ((key = key_from_blob(blob, blen)) == NULL) | 1109 | if ((key = key_from_blob(blob, blen)) == NULL) |
1108 | fatal("%s: key_from_blob failed", __func__); | 1110 | fatal("%s: key_from_blob failed", __func__); |
1109 | *rkey = key; | 1111 | *rkey = key; |
1110 | xfree(blob); | 1112 | free(blob); |
1111 | } | 1113 | } |
1112 | buffer_free(&m); | 1114 | buffer_free(&m); |
1113 | 1115 | ||
@@ -1134,7 +1136,7 @@ mm_auth_rsa_generate_challenge(Key *key) | |||
1134 | 1136 | ||
1135 | buffer_init(&m); | 1137 | buffer_init(&m); |
1136 | buffer_put_string(&m, blob, blen); | 1138 | buffer_put_string(&m, blob, blen); |
1137 | xfree(blob); | 1139 | free(blob); |
1138 | 1140 | ||
1139 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_RSACHALLENGE, &m); | 1141 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_RSACHALLENGE, &m); |
1140 | mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_RSACHALLENGE, &m); | 1142 | mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_RSACHALLENGE, &m); |
@@ -1163,7 +1165,7 @@ mm_auth_rsa_verify_response(Key *key, BIGNUM *p, u_char response[16]) | |||
1163 | buffer_init(&m); | 1165 | buffer_init(&m); |
1164 | buffer_put_string(&m, blob, blen); | 1166 | buffer_put_string(&m, blob, blen); |
1165 | buffer_put_string(&m, response, 16); | 1167 | buffer_put_string(&m, response, 16); |
1166 | xfree(blob); | 1168 | free(blob); |
1167 | 1169 | ||
1168 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_RSARESPONSE, &m); | 1170 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_RSARESPONSE, &m); |
1169 | mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_RSARESPONSE, &m); | 1171 | mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_RSARESPONSE, &m); |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: mux.c,v 1.38 2013/01/02 00:32:07 djm Exp $ */ | 1 | /* $OpenBSD: mux.c,v 1.44 2013/07/12 00:19:58 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2002-2008 Damien Miller <djm@openbsd.org> | 3 | * Copyright (c) 2002-2008 Damien Miller <djm@openbsd.org> |
4 | * | 4 | * |
@@ -184,7 +184,7 @@ static const struct { | |||
184 | 184 | ||
185 | /* Cleanup callback fired on closure of mux slave _session_ channel */ | 185 | /* Cleanup callback fired on closure of mux slave _session_ channel */ |
186 | /* ARGSUSED */ | 186 | /* ARGSUSED */ |
187 | void | 187 | static void |
188 | mux_master_session_cleanup_cb(int cid, void *unused) | 188 | mux_master_session_cleanup_cb(int cid, void *unused) |
189 | { | 189 | { |
190 | Channel *cc, *c = channel_by_id(cid); | 190 | Channel *cc, *c = channel_by_id(cid); |
@@ -219,7 +219,8 @@ mux_master_control_cleanup_cb(int cid, void *unused) | |||
219 | __func__, c->self, c->remote_id); | 219 | __func__, c->self, c->remote_id); |
220 | c->remote_id = -1; | 220 | c->remote_id = -1; |
221 | sc->ctl_chan = -1; | 221 | sc->ctl_chan = -1; |
222 | if (sc->type != SSH_CHANNEL_OPEN) { | 222 | if (sc->type != SSH_CHANNEL_OPEN && |
223 | sc->type != SSH_CHANNEL_OPENING) { | ||
223 | debug2("%s: channel %d: not open", __func__, sc->self); | 224 | debug2("%s: channel %d: not open", __func__, sc->self); |
224 | chan_mark_dead(sc); | 225 | chan_mark_dead(sc); |
225 | } else { | 226 | } else { |
@@ -286,13 +287,13 @@ process_mux_master_hello(u_int rid, Channel *c, Buffer *m, Buffer *r) | |||
286 | char *value = buffer_get_string_ret(m, NULL); | 287 | char *value = buffer_get_string_ret(m, NULL); |
287 | 288 | ||
288 | if (name == NULL || value == NULL) { | 289 | if (name == NULL || value == NULL) { |
289 | if (name != NULL) | 290 | free(name); |
290 | xfree(name); | 291 | free(value); |
291 | goto malf; | 292 | goto malf; |
292 | } | 293 | } |
293 | debug2("Unrecognised slave extension \"%s\"", name); | 294 | debug2("Unrecognised slave extension \"%s\"", name); |
294 | xfree(name); | 295 | free(name); |
295 | xfree(value); | 296 | free(value); |
296 | } | 297 | } |
297 | state->hello_rcvd = 1; | 298 | state->hello_rcvd = 1; |
298 | return 0; | 299 | return 0; |
@@ -323,21 +324,17 @@ process_mux_new_session(u_int rid, Channel *c, Buffer *m, Buffer *r) | |||
323 | (cctx->term = buffer_get_string_ret(m, &len)) == NULL || | 324 | (cctx->term = buffer_get_string_ret(m, &len)) == NULL || |
324 | (cmd = buffer_get_string_ret(m, &len)) == NULL) { | 325 | (cmd = buffer_get_string_ret(m, &len)) == NULL) { |
325 | malf: | 326 | malf: |
326 | if (cmd != NULL) | 327 | free(cmd); |
327 | xfree(cmd); | 328 | free(reserved); |
328 | if (reserved != NULL) | ||
329 | xfree(reserved); | ||
330 | for (j = 0; j < env_len; j++) | 329 | for (j = 0; j < env_len; j++) |
331 | xfree(cctx->env[j]); | 330 | free(cctx->env[j]); |
332 | if (env_len > 0) | 331 | free(cctx->env); |
333 | xfree(cctx->env); | 332 | free(cctx->term); |
334 | if (cctx->term != NULL) | 333 | free(cctx); |
335 | xfree(cctx->term); | ||
336 | xfree(cctx); | ||
337 | error("%s: malformed message", __func__); | 334 | error("%s: malformed message", __func__); |
338 | return -1; | 335 | return -1; |
339 | } | 336 | } |
340 | xfree(reserved); | 337 | free(reserved); |
341 | reserved = NULL; | 338 | reserved = NULL; |
342 | 339 | ||
343 | while (buffer_len(m) > 0) { | 340 | while (buffer_len(m) > 0) { |
@@ -345,7 +342,7 @@ process_mux_new_session(u_int rid, Channel *c, Buffer *m, Buffer *r) | |||
345 | if ((cp = buffer_get_string_ret(m, &len)) == NULL) | 342 | if ((cp = buffer_get_string_ret(m, &len)) == NULL) |
346 | goto malf; | 343 | goto malf; |
347 | if (!env_permitted(cp)) { | 344 | if (!env_permitted(cp)) { |
348 | xfree(cp); | 345 | free(cp); |
349 | continue; | 346 | continue; |
350 | } | 347 | } |
351 | cctx->env = xrealloc(cctx->env, env_len + 2, | 348 | cctx->env = xrealloc(cctx->env, env_len + 2, |
@@ -366,7 +363,7 @@ process_mux_new_session(u_int rid, Channel *c, Buffer *m, Buffer *r) | |||
366 | 363 | ||
367 | buffer_init(&cctx->cmd); | 364 | buffer_init(&cctx->cmd); |
368 | buffer_append(&cctx->cmd, cmd, strlen(cmd)); | 365 | buffer_append(&cctx->cmd, cmd, strlen(cmd)); |
369 | xfree(cmd); | 366 | free(cmd); |
370 | cmd = NULL; | 367 | cmd = NULL; |
371 | 368 | ||
372 | /* Gather fds from client */ | 369 | /* Gather fds from client */ |
@@ -377,12 +374,11 @@ process_mux_new_session(u_int rid, Channel *c, Buffer *m, Buffer *r) | |||
377 | for (j = 0; j < i; j++) | 374 | for (j = 0; j < i; j++) |
378 | close(new_fd[j]); | 375 | close(new_fd[j]); |
379 | for (j = 0; j < env_len; j++) | 376 | for (j = 0; j < env_len; j++) |
380 | xfree(cctx->env[j]); | 377 | free(cctx->env[j]); |
381 | if (env_len > 0) | 378 | free(cctx->env); |
382 | xfree(cctx->env); | 379 | free(cctx->term); |
383 | xfree(cctx->term); | ||
384 | buffer_free(&cctx->cmd); | 380 | buffer_free(&cctx->cmd); |
385 | xfree(cctx); | 381 | free(cctx); |
386 | 382 | ||
387 | /* prepare reply */ | 383 | /* prepare reply */ |
388 | buffer_put_int(r, MUX_S_FAILURE); | 384 | buffer_put_int(r, MUX_S_FAILURE); |
@@ -407,14 +403,14 @@ process_mux_new_session(u_int rid, Channel *c, Buffer *m, Buffer *r) | |||
407 | close(new_fd[0]); | 403 | close(new_fd[0]); |
408 | close(new_fd[1]); | 404 | close(new_fd[1]); |
409 | close(new_fd[2]); | 405 | close(new_fd[2]); |
410 | xfree(cctx->term); | 406 | free(cctx->term); |
411 | if (env_len != 0) { | 407 | if (env_len != 0) { |
412 | for (i = 0; i < env_len; i++) | 408 | for (i = 0; i < env_len; i++) |
413 | xfree(cctx->env[i]); | 409 | free(cctx->env[i]); |
414 | xfree(cctx->env); | 410 | free(cctx->env); |
415 | } | 411 | } |
416 | buffer_free(&cctx->cmd); | 412 | buffer_free(&cctx->cmd); |
417 | xfree(cctx); | 413 | free(cctx); |
418 | return 0; | 414 | return 0; |
419 | } | 415 | } |
420 | 416 | ||
@@ -619,7 +615,7 @@ mux_confirm_remote_forward(int type, u_int32_t seq, void *ctxt) | |||
619 | buffer_put_int(&out, MUX_S_FAILURE); | 615 | buffer_put_int(&out, MUX_S_FAILURE); |
620 | buffer_put_int(&out, fctx->rid); | 616 | buffer_put_int(&out, fctx->rid); |
621 | buffer_put_cstring(&out, failmsg); | 617 | buffer_put_cstring(&out, failmsg); |
622 | xfree(failmsg); | 618 | free(failmsg); |
623 | out: | 619 | out: |
624 | buffer_put_string(&c->output, buffer_ptr(&out), buffer_len(&out)); | 620 | buffer_put_string(&c->output, buffer_ptr(&out), buffer_len(&out)); |
625 | buffer_free(&out); | 621 | buffer_free(&out); |
@@ -634,25 +630,28 @@ process_mux_open_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r) | |||
634 | Forward fwd; | 630 | Forward fwd; |
635 | char *fwd_desc = NULL; | 631 | char *fwd_desc = NULL; |
636 | u_int ftype; | 632 | u_int ftype; |
633 | u_int lport, cport; | ||
637 | int i, ret = 0, freefwd = 1; | 634 | int i, ret = 0, freefwd = 1; |
638 | 635 | ||
639 | fwd.listen_host = fwd.connect_host = NULL; | 636 | fwd.listen_host = fwd.connect_host = NULL; |
640 | if (buffer_get_int_ret(&ftype, m) != 0 || | 637 | if (buffer_get_int_ret(&ftype, m) != 0 || |
641 | (fwd.listen_host = buffer_get_string_ret(m, NULL)) == NULL || | 638 | (fwd.listen_host = buffer_get_string_ret(m, NULL)) == NULL || |
642 | buffer_get_int_ret(&fwd.listen_port, m) != 0 || | 639 | buffer_get_int_ret(&lport, m) != 0 || |
643 | (fwd.connect_host = buffer_get_string_ret(m, NULL)) == NULL || | 640 | (fwd.connect_host = buffer_get_string_ret(m, NULL)) == NULL || |
644 | buffer_get_int_ret(&fwd.connect_port, m) != 0) { | 641 | buffer_get_int_ret(&cport, m) != 0 || |
642 | lport > 65535 || cport > 65535) { | ||
645 | error("%s: malformed message", __func__); | 643 | error("%s: malformed message", __func__); |
646 | ret = -1; | 644 | ret = -1; |
647 | goto out; | 645 | goto out; |
648 | } | 646 | } |
649 | 647 | fwd.listen_port = lport; | |
648 | fwd.connect_port = cport; | ||
650 | if (*fwd.listen_host == '\0') { | 649 | if (*fwd.listen_host == '\0') { |
651 | xfree(fwd.listen_host); | 650 | free(fwd.listen_host); |
652 | fwd.listen_host = NULL; | 651 | fwd.listen_host = NULL; |
653 | } | 652 | } |
654 | if (*fwd.connect_host == '\0') { | 653 | if (*fwd.connect_host == '\0') { |
655 | xfree(fwd.connect_host); | 654 | free(fwd.connect_host); |
656 | fwd.connect_host = NULL; | 655 | fwd.connect_host = NULL; |
657 | } | 656 | } |
658 | 657 | ||
@@ -663,10 +662,8 @@ process_mux_open_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r) | |||
663 | ftype != MUX_FWD_DYNAMIC) { | 662 | ftype != MUX_FWD_DYNAMIC) { |
664 | logit("%s: invalid forwarding type %u", __func__, ftype); | 663 | logit("%s: invalid forwarding type %u", __func__, ftype); |
665 | invalid: | 664 | invalid: |
666 | if (fwd.listen_host) | 665 | free(fwd.listen_host); |
667 | xfree(fwd.listen_host); | 666 | free(fwd.connect_host); |
668 | if (fwd.connect_host) | ||
669 | xfree(fwd.connect_host); | ||
670 | buffer_put_int(r, MUX_S_FAILURE); | 667 | buffer_put_int(r, MUX_S_FAILURE); |
671 | buffer_put_int(r, rid); | 668 | buffer_put_int(r, rid); |
672 | buffer_put_cstring(r, "Invalid forwarding request"); | 669 | buffer_put_cstring(r, "Invalid forwarding request"); |
@@ -768,13 +765,10 @@ process_mux_open_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r) | |||
768 | buffer_put_int(r, MUX_S_OK); | 765 | buffer_put_int(r, MUX_S_OK); |
769 | buffer_put_int(r, rid); | 766 | buffer_put_int(r, rid); |
770 | out: | 767 | out: |
771 | if (fwd_desc != NULL) | 768 | free(fwd_desc); |
772 | xfree(fwd_desc); | ||
773 | if (freefwd) { | 769 | if (freefwd) { |
774 | if (fwd.listen_host != NULL) | 770 | free(fwd.listen_host); |
775 | xfree(fwd.listen_host); | 771 | free(fwd.connect_host); |
776 | if (fwd.connect_host != NULL) | ||
777 | xfree(fwd.connect_host); | ||
778 | } | 772 | } |
779 | return ret; | 773 | return ret; |
780 | } | 774 | } |
@@ -787,24 +781,28 @@ process_mux_close_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r) | |||
787 | const char *error_reason = NULL; | 781 | const char *error_reason = NULL; |
788 | u_int ftype; | 782 | u_int ftype; |
789 | int i, listen_port, ret = 0; | 783 | int i, listen_port, ret = 0; |
784 | u_int lport, cport; | ||
790 | 785 | ||
791 | fwd.listen_host = fwd.connect_host = NULL; | 786 | fwd.listen_host = fwd.connect_host = NULL; |
792 | if (buffer_get_int_ret(&ftype, m) != 0 || | 787 | if (buffer_get_int_ret(&ftype, m) != 0 || |
793 | (fwd.listen_host = buffer_get_string_ret(m, NULL)) == NULL || | 788 | (fwd.listen_host = buffer_get_string_ret(m, NULL)) == NULL || |
794 | buffer_get_int_ret(&fwd.listen_port, m) != 0 || | 789 | buffer_get_int_ret(&lport, m) != 0 || |
795 | (fwd.connect_host = buffer_get_string_ret(m, NULL)) == NULL || | 790 | (fwd.connect_host = buffer_get_string_ret(m, NULL)) == NULL || |
796 | buffer_get_int_ret(&fwd.connect_port, m) != 0) { | 791 | buffer_get_int_ret(&cport, m) != 0 || |
792 | lport > 65535 || cport > 65535) { | ||
797 | error("%s: malformed message", __func__); | 793 | error("%s: malformed message", __func__); |
798 | ret = -1; | 794 | ret = -1; |
799 | goto out; | 795 | goto out; |
800 | } | 796 | } |
797 | fwd.listen_port = lport; | ||
798 | fwd.connect_port = cport; | ||
801 | 799 | ||
802 | if (*fwd.listen_host == '\0') { | 800 | if (*fwd.listen_host == '\0') { |
803 | xfree(fwd.listen_host); | 801 | free(fwd.listen_host); |
804 | fwd.listen_host = NULL; | 802 | fwd.listen_host = NULL; |
805 | } | 803 | } |
806 | if (*fwd.connect_host == '\0') { | 804 | if (*fwd.connect_host == '\0') { |
807 | xfree(fwd.connect_host); | 805 | free(fwd.connect_host); |
808 | fwd.connect_host = NULL; | 806 | fwd.connect_host = NULL; |
809 | } | 807 | } |
810 | 808 | ||
@@ -861,10 +859,8 @@ process_mux_close_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r) | |||
861 | buffer_put_int(r, MUX_S_OK); | 859 | buffer_put_int(r, MUX_S_OK); |
862 | buffer_put_int(r, rid); | 860 | buffer_put_int(r, rid); |
863 | 861 | ||
864 | if (found_fwd->listen_host != NULL) | 862 | free(found_fwd->listen_host); |
865 | xfree(found_fwd->listen_host); | 863 | free(found_fwd->connect_host); |
866 | if (found_fwd->connect_host != NULL) | ||
867 | xfree(found_fwd->connect_host); | ||
868 | found_fwd->listen_host = found_fwd->connect_host = NULL; | 864 | found_fwd->listen_host = found_fwd->connect_host = NULL; |
869 | found_fwd->listen_port = found_fwd->connect_port = 0; | 865 | found_fwd->listen_port = found_fwd->connect_port = 0; |
870 | } else { | 866 | } else { |
@@ -873,12 +869,9 @@ process_mux_close_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r) | |||
873 | buffer_put_cstring(r, error_reason); | 869 | buffer_put_cstring(r, error_reason); |
874 | } | 870 | } |
875 | out: | 871 | out: |
876 | if (fwd_desc != NULL) | 872 | free(fwd_desc); |
877 | xfree(fwd_desc); | 873 | free(fwd.listen_host); |
878 | if (fwd.listen_host != NULL) | 874 | free(fwd.connect_host); |
879 | xfree(fwd.listen_host); | ||
880 | if (fwd.connect_host != NULL) | ||
881 | xfree(fwd.connect_host); | ||
882 | 875 | ||
883 | return ret; | 876 | return ret; |
884 | } | 877 | } |
@@ -895,14 +888,12 @@ process_mux_stdio_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r) | |||
895 | if ((reserved = buffer_get_string_ret(m, NULL)) == NULL || | 888 | if ((reserved = buffer_get_string_ret(m, NULL)) == NULL || |
896 | (chost = buffer_get_string_ret(m, NULL)) == NULL || | 889 | (chost = buffer_get_string_ret(m, NULL)) == NULL || |
897 | buffer_get_int_ret(&cport, m) != 0) { | 890 | buffer_get_int_ret(&cport, m) != 0) { |
898 | if (reserved != NULL) | 891 | free(reserved); |
899 | xfree(reserved); | 892 | free(chost); |
900 | if (chost != NULL) | ||
901 | xfree(chost); | ||
902 | error("%s: malformed message", __func__); | 893 | error("%s: malformed message", __func__); |
903 | return -1; | 894 | return -1; |
904 | } | 895 | } |
905 | xfree(reserved); | 896 | free(reserved); |
906 | 897 | ||
907 | debug2("%s: channel %d: request stdio fwd to %s:%u", | 898 | debug2("%s: channel %d: request stdio fwd to %s:%u", |
908 | __func__, c->self, chost, cport); | 899 | __func__, c->self, chost, cport); |
@@ -914,7 +905,7 @@ process_mux_stdio_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r) | |||
914 | __func__, i); | 905 | __func__, i); |
915 | for (j = 0; j < i; j++) | 906 | for (j = 0; j < i; j++) |
916 | close(new_fd[j]); | 907 | close(new_fd[j]); |
917 | xfree(chost); | 908 | free(chost); |
918 | 909 | ||
919 | /* prepare reply */ | 910 | /* prepare reply */ |
920 | buffer_put_int(r, MUX_S_FAILURE); | 911 | buffer_put_int(r, MUX_S_FAILURE); |
@@ -938,7 +929,7 @@ process_mux_stdio_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r) | |||
938 | cleanup: | 929 | cleanup: |
939 | close(new_fd[0]); | 930 | close(new_fd[0]); |
940 | close(new_fd[1]); | 931 | close(new_fd[1]); |
941 | xfree(chost); | 932 | free(chost); |
942 | return 0; | 933 | return 0; |
943 | } | 934 | } |
944 | 935 | ||
@@ -1000,7 +991,7 @@ process_mux_stop_listening(u_int rid, Channel *c, Buffer *m, Buffer *r) | |||
1000 | if (mux_listener_channel != NULL) { | 991 | if (mux_listener_channel != NULL) { |
1001 | channel_free(mux_listener_channel); | 992 | channel_free(mux_listener_channel); |
1002 | client_stop_mux(); | 993 | client_stop_mux(); |
1003 | xfree(options.control_path); | 994 | free(options.control_path); |
1004 | options.control_path = NULL; | 995 | options.control_path = NULL; |
1005 | mux_listener_channel = NULL; | 996 | mux_listener_channel = NULL; |
1006 | muxserver_sock = -1; | 997 | muxserver_sock = -1; |
@@ -1100,7 +1091,7 @@ mux_exit_message(Channel *c, int exitval) | |||
1100 | Buffer m; | 1091 | Buffer m; |
1101 | Channel *mux_chan; | 1092 | Channel *mux_chan; |
1102 | 1093 | ||
1103 | debug3("%s: channel %d: exit message, evitval %d", __func__, c->self, | 1094 | debug3("%s: channel %d: exit message, exitval %d", __func__, c->self, |
1104 | exitval); | 1095 | exitval); |
1105 | 1096 | ||
1106 | if ((mux_chan = channel_by_id(c->ctl_chan)) == NULL) | 1097 | if ((mux_chan = channel_by_id(c->ctl_chan)) == NULL) |
@@ -1197,8 +1188,8 @@ muxserver_listen(void) | |||
1197 | close(muxserver_sock); | 1188 | close(muxserver_sock); |
1198 | muxserver_sock = -1; | 1189 | muxserver_sock = -1; |
1199 | } | 1190 | } |
1200 | xfree(orig_control_path); | 1191 | free(orig_control_path); |
1201 | xfree(options.control_path); | 1192 | free(options.control_path); |
1202 | options.control_path = NULL; | 1193 | options.control_path = NULL; |
1203 | options.control_master = SSHCTL_MASTER_NO; | 1194 | options.control_master = SSHCTL_MASTER_NO; |
1204 | return; | 1195 | return; |
@@ -1223,7 +1214,7 @@ muxserver_listen(void) | |||
1223 | goto disable_mux_master; | 1214 | goto disable_mux_master; |
1224 | } | 1215 | } |
1225 | unlink(options.control_path); | 1216 | unlink(options.control_path); |
1226 | xfree(options.control_path); | 1217 | free(options.control_path); |
1227 | options.control_path = orig_control_path; | 1218 | options.control_path = orig_control_path; |
1228 | 1219 | ||
1229 | set_nonblock(muxserver_sock); | 1220 | set_nonblock(muxserver_sock); |
@@ -1308,13 +1299,13 @@ mux_session_confirm(int id, int success, void *arg) | |||
1308 | cc->mux_pause = 0; /* start processing messages again */ | 1299 | cc->mux_pause = 0; /* start processing messages again */ |
1309 | c->open_confirm_ctx = NULL; | 1300 | c->open_confirm_ctx = NULL; |
1310 | buffer_free(&cctx->cmd); | 1301 | buffer_free(&cctx->cmd); |
1311 | xfree(cctx->term); | 1302 | free(cctx->term); |
1312 | if (cctx->env != NULL) { | 1303 | if (cctx->env != NULL) { |
1313 | for (i = 0; cctx->env[i] != NULL; i++) | 1304 | for (i = 0; cctx->env[i] != NULL; i++) |
1314 | xfree(cctx->env[i]); | 1305 | free(cctx->env[i]); |
1315 | xfree(cctx->env); | 1306 | free(cctx->env); |
1316 | } | 1307 | } |
1317 | xfree(cctx); | 1308 | free(cctx); |
1318 | } | 1309 | } |
1319 | 1310 | ||
1320 | /* ** Multiplexing client support */ | 1311 | /* ** Multiplexing client support */ |
@@ -1444,7 +1435,9 @@ mux_client_read_packet(int fd, Buffer *m) | |||
1444 | buffer_init(&queue); | 1435 | buffer_init(&queue); |
1445 | if (mux_client_read(fd, &queue, 4) != 0) { | 1436 | if (mux_client_read(fd, &queue, 4) != 0) { |
1446 | if ((oerrno = errno) == EPIPE) | 1437 | if ((oerrno = errno) == EPIPE) |
1447 | debug3("%s: read header failed: %s", __func__, strerror(errno)); | 1438 | debug3("%s: read header failed: %s", __func__, |
1439 | strerror(errno)); | ||
1440 | buffer_free(&queue); | ||
1448 | errno = oerrno; | 1441 | errno = oerrno; |
1449 | return -1; | 1442 | return -1; |
1450 | } | 1443 | } |
@@ -1452,6 +1445,7 @@ mux_client_read_packet(int fd, Buffer *m) | |||
1452 | if (mux_client_read(fd, &queue, need) != 0) { | 1445 | if (mux_client_read(fd, &queue, need) != 0) { |
1453 | oerrno = errno; | 1446 | oerrno = errno; |
1454 | debug3("%s: read body failed: %s", __func__, strerror(errno)); | 1447 | debug3("%s: read body failed: %s", __func__, strerror(errno)); |
1448 | buffer_free(&queue); | ||
1455 | errno = oerrno; | 1449 | errno = oerrno; |
1456 | return -1; | 1450 | return -1; |
1457 | } | 1451 | } |
@@ -1498,8 +1492,8 @@ mux_client_hello_exchange(int fd) | |||
1498 | char *value = buffer_get_string(&m, NULL); | 1492 | char *value = buffer_get_string(&m, NULL); |
1499 | 1493 | ||
1500 | debug2("Unrecognised master extension \"%s\"", name); | 1494 | debug2("Unrecognised master extension \"%s\"", name); |
1501 | xfree(name); | 1495 | free(name); |
1502 | xfree(value); | 1496 | free(value); |
1503 | } | 1497 | } |
1504 | buffer_free(&m); | 1498 | buffer_free(&m); |
1505 | return 0; | 1499 | return 0; |
@@ -1608,7 +1602,7 @@ mux_client_forward(int fd, int cancel_flag, u_int ftype, Forward *fwd) | |||
1608 | fwd_desc = format_forward(ftype, fwd); | 1602 | fwd_desc = format_forward(ftype, fwd); |
1609 | debug("Requesting %s %s", | 1603 | debug("Requesting %s %s", |
1610 | cancel_flag ? "cancellation of" : "forwarding of", fwd_desc); | 1604 | cancel_flag ? "cancellation of" : "forwarding of", fwd_desc); |
1611 | xfree(fwd_desc); | 1605 | free(fwd_desc); |
1612 | 1606 | ||
1613 | buffer_init(&m); | 1607 | buffer_init(&m); |
1614 | buffer_put_int(&m, cancel_flag ? MUX_C_CLOSE_FWD : MUX_C_OPEN_FWD); | 1608 | buffer_put_int(&m, cancel_flag ? MUX_C_CLOSE_FWD : MUX_C_OPEN_FWD); |
diff --git a/myproposal.h b/myproposal.h index 99d093461..4e913e3ce 100644 --- a/myproposal.h +++ b/myproposal.h | |||
@@ -26,6 +26,8 @@ | |||
26 | 26 | ||
27 | #include <openssl/opensslv.h> | 27 | #include <openssl/opensslv.h> |
28 | 28 | ||
29 | /* conditional algorithm support */ | ||
30 | |||
29 | #ifdef OPENSSL_HAS_ECC | 31 | #ifdef OPENSSL_HAS_ECC |
30 | # define KEX_ECDH_METHODS \ | 32 | # define KEX_ECDH_METHODS \ |
31 | "ecdh-sha2-nistp256," \ | 33 | "ecdh-sha2-nistp256," \ |
@@ -45,12 +47,22 @@ | |||
45 | # define HOSTKEY_ECDSA_METHODS | 47 | # define HOSTKEY_ECDSA_METHODS |
46 | #endif | 48 | #endif |
47 | 49 | ||
48 | /* Old OpenSSL doesn't support what we need for DHGEX-sha256 */ | 50 | #ifdef OPENSSL_HAVE_EVPGCM |
49 | #if OPENSSL_VERSION_NUMBER >= 0x00907000L | 51 | # define AESGCM_CIPHER_MODES \ |
52 | "aes128-gcm@openssh.com,aes256-gcm@openssh.com," | ||
53 | #else | ||
54 | # define AESGCM_CIPHER_MODES | ||
55 | #endif | ||
56 | |||
57 | #ifdef HAVE_EVP_SHA256 | ||
50 | # define KEX_SHA256_METHODS \ | 58 | # define KEX_SHA256_METHODS \ |
51 | "diffie-hellman-group-exchange-sha256," | 59 | "diffie-hellman-group-exchange-sha256," |
60 | #define SHA2_HMAC_MODES \ | ||
61 | "hmac-sha2-256," \ | ||
62 | "hmac-sha2-512," | ||
52 | #else | 63 | #else |
53 | # define KEX_SHA256_METHODS | 64 | # define KEX_SHA256_METHODS |
65 | # define SHA2_HMAC_MODES | ||
54 | #endif | 66 | #endif |
55 | 67 | ||
56 | # define KEX_DEFAULT_KEX \ | 68 | # define KEX_DEFAULT_KEX \ |
@@ -70,19 +82,15 @@ | |||
70 | "ssh-rsa," \ | 82 | "ssh-rsa," \ |
71 | "ssh-dss" | 83 | "ssh-dss" |
72 | 84 | ||
85 | /* the actual algorithms */ | ||
86 | |||
73 | #define KEX_DEFAULT_ENCRYPT \ | 87 | #define KEX_DEFAULT_ENCRYPT \ |
74 | "aes128-ctr,aes192-ctr,aes256-ctr," \ | 88 | "aes128-ctr,aes192-ctr,aes256-ctr," \ |
75 | "arcfour256,arcfour128," \ | 89 | "arcfour256,arcfour128," \ |
76 | "aes128-gcm@openssh.com,aes256-gcm@openssh.com," \ | 90 | AESGCM_CIPHER_MODES \ |
77 | "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \ | 91 | "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \ |
78 | "aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se" | 92 | "aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se" |
79 | #ifdef HAVE_EVP_SHA256 | 93 | |
80 | #define SHA2_HMAC_MODES \ | ||
81 | "hmac-sha2-256," \ | ||
82 | "hmac-sha2-512," | ||
83 | #else | ||
84 | # define SHA2_HMAC_MODES | ||
85 | #endif | ||
86 | #define KEX_DEFAULT_MAC \ | 94 | #define KEX_DEFAULT_MAC \ |
87 | "hmac-md5-etm@openssh.com," \ | 95 | "hmac-md5-etm@openssh.com," \ |
88 | "hmac-sha1-etm@openssh.com," \ | 96 | "hmac-sha1-etm@openssh.com," \ |
diff --git a/openbsd-compat/Makefile.in b/openbsd-compat/Makefile.in index e1c3651e8..365cf006d 100644 --- a/openbsd-compat/Makefile.in +++ b/openbsd-compat/Makefile.in | |||
@@ -1,4 +1,4 @@ | |||
1 | # $Id: Makefile.in,v 1.50 2013/02/15 01:13:02 dtucker Exp $ | 1 | # $Id: Makefile.in,v 1.51 2013/05/10 06:28:56 dtucker Exp $ |
2 | 2 | ||
3 | sysconfdir=@sysconfdir@ | 3 | sysconfdir=@sysconfdir@ |
4 | piddir=@piddir@ | 4 | piddir=@piddir@ |
@@ -16,7 +16,7 @@ RANLIB=@RANLIB@ | |||
16 | INSTALL=@INSTALL@ | 16 | INSTALL=@INSTALL@ |
17 | LDFLAGS=-L. @LDFLAGS@ | 17 | LDFLAGS=-L. @LDFLAGS@ |
18 | 18 | ||
19 | OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o fmt_scaled.o getcwd.o getgrouplist.o getopt.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o pwcache.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sha2.o sigact.o strlcat.o strlcpy.o strmode.o strnlen.o strptime.o strsep.o strtonum.o strtoll.o strtoul.o strtoull.o timingsafe_bcmp.o vis.o | 19 | OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o fmt_scaled.o getcwd.o getgrouplist.o getopt_long.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o pwcache.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sha2.o sigact.o strlcat.o strlcpy.o strmode.o strnlen.o strptime.o strsep.o strtonum.o strtoll.o strtoul.o strtoull.o timingsafe_bcmp.o vis.o |
20 | 20 | ||
21 | COMPAT=bsd-arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o getrrsetbyname-ldns.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-setres_id.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o | 21 | COMPAT=bsd-arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o getrrsetbyname-ldns.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-setres_id.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o |
22 | 22 | ||
diff --git a/openbsd-compat/bsd-cygwin_util.c b/openbsd-compat/bsd-cygwin_util.c index d3d2d913a..267e77a11 100644 --- a/openbsd-compat/bsd-cygwin_util.c +++ b/openbsd-compat/bsd-cygwin_util.c | |||
@@ -97,7 +97,7 @@ fetch_windows_environment(void) | |||
97 | void | 97 | void |
98 | free_windows_environment(char **p) | 98 | free_windows_environment(char **p) |
99 | { | 99 | { |
100 | xfree(p); | 100 | free(p); |
101 | } | 101 | } |
102 | 102 | ||
103 | #endif /* HAVE_CYGWIN */ | 103 | #endif /* HAVE_CYGWIN */ |
diff --git a/openbsd-compat/bsd-cygwin_util.h b/openbsd-compat/bsd-cygwin_util.h index 6061a6b01..372e41955 100644 --- a/openbsd-compat/bsd-cygwin_util.h +++ b/openbsd-compat/bsd-cygwin_util.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $Id: bsd-cygwin_util.h,v 1.15.4.1 2013/04/04 23:53:31 dtucker Exp $ */ | 1 | /* $Id: bsd-cygwin_util.h,v 1.16 2013/04/01 01:40:49 dtucker Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2000, 2001, 2011, 2013 Corinna Vinschen <vinschen@redhat.com> | 4 | * Copyright (c) 2000, 2001, 2011, 2013 Corinna Vinschen <vinschen@redhat.com> |
diff --git a/openbsd-compat/bsd-misc.h b/openbsd-compat/bsd-misc.h index 430066376..65c18ec2f 100644 --- a/openbsd-compat/bsd-misc.h +++ b/openbsd-compat/bsd-misc.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $Id: bsd-misc.h,v 1.23 2013/03/14 23:34:27 djm Exp $ */ | 1 | /* $Id: bsd-misc.h,v 1.25 2013/08/04 11:48:41 dtucker Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 1999-2004 Damien Miller <djm@mindrot.org> | 4 | * Copyright (c) 1999-2004 Damien Miller <djm@mindrot.org> |
@@ -110,4 +110,16 @@ int isblank(int); | |||
110 | pid_t getpgid(pid_t); | 110 | pid_t getpgid(pid_t); |
111 | #endif | 111 | #endif |
112 | 112 | ||
113 | #ifndef HAVE_ENDGRENT | ||
114 | # define endgrent() {} | ||
115 | #endif | ||
116 | |||
117 | #ifndef HAVE_KRB5_GET_ERROR_MESSAGE | ||
118 | # define krb5_get_error_message krb5_get_err_text | ||
119 | #endif | ||
120 | |||
121 | #ifndef HAVE_KRB5_FREE_ERROR_MESSAGE | ||
122 | # define krb5_free_error_message(a,b) while(0) | ||
123 | #endif | ||
124 | |||
113 | #endif /* _BSD_MISC_H */ | 125 | #endif /* _BSD_MISC_H */ |
diff --git a/openbsd-compat/getopt.c b/openbsd-compat/getopt.c deleted file mode 100644 index 5450e43d9..000000000 --- a/openbsd-compat/getopt.c +++ /dev/null | |||
@@ -1,123 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (c) 1987, 1993, 1994 | ||
3 | * The Regents of the University of California. All rights reserved. | ||
4 | * | ||
5 | * Redistribution and use in source and binary forms, with or without | ||
6 | * modification, are permitted provided that the following conditions | ||
7 | * are met: | ||
8 | * 1. Redistributions of source code must retain the above copyright | ||
9 | * notice, this list of conditions and the following disclaimer. | ||
10 | * 2. Redistributions in binary form must reproduce the above copyright | ||
11 | * notice, this list of conditions and the following disclaimer in the | ||
12 | * documentation and/or other materials provided with the distribution. | ||
13 | * 3. Neither the name of the University nor the names of its contributors | ||
14 | * may be used to endorse or promote products derived from this software | ||
15 | * without specific prior written permission. | ||
16 | * | ||
17 | * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND | ||
18 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
19 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
20 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE | ||
21 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
22 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
23 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
24 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
25 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
26 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
27 | * SUCH DAMAGE. | ||
28 | */ | ||
29 | |||
30 | /* OPENBSD ORIGINAL: lib/libc/stdlib/getopt.c */ | ||
31 | |||
32 | #include "includes.h" | ||
33 | #if !defined(HAVE_GETOPT) || !defined(HAVE_GETOPT_OPTRESET) | ||
34 | |||
35 | #if defined(LIBC_SCCS) && !defined(lint) | ||
36 | static char *rcsid = "$OpenBSD: getopt.c,v 1.5 2003/06/02 20:18:37 millert Exp $"; | ||
37 | #endif /* LIBC_SCCS and not lint */ | ||
38 | |||
39 | #include <stdio.h> | ||
40 | #include <stdlib.h> | ||
41 | #include <string.h> | ||
42 | |||
43 | int BSDopterr = 1, /* if error message should be printed */ | ||
44 | BSDoptind = 1, /* index into parent argv vector */ | ||
45 | BSDoptopt, /* character checked for validity */ | ||
46 | BSDoptreset; /* reset getopt */ | ||
47 | char *BSDoptarg; /* argument associated with option */ | ||
48 | |||
49 | #define BADCH (int)'?' | ||
50 | #define BADARG (int)':' | ||
51 | #define EMSG "" | ||
52 | |||
53 | /* | ||
54 | * getopt -- | ||
55 | * Parse argc/argv argument vector. | ||
56 | */ | ||
57 | int | ||
58 | BSDgetopt(nargc, nargv, ostr) | ||
59 | int nargc; | ||
60 | char * const *nargv; | ||
61 | const char *ostr; | ||
62 | { | ||
63 | extern char *__progname; | ||
64 | static char *place = EMSG; /* option letter processing */ | ||
65 | char *oli; /* option letter list index */ | ||
66 | |||
67 | if (ostr == NULL) | ||
68 | return (-1); | ||
69 | |||
70 | if (BSDoptreset || !*place) { /* update scanning pointer */ | ||
71 | BSDoptreset = 0; | ||
72 | if (BSDoptind >= nargc || *(place = nargv[BSDoptind]) != '-') { | ||
73 | place = EMSG; | ||
74 | return (-1); | ||
75 | } | ||
76 | if (place[1] && *++place == '-') { /* found "--" */ | ||
77 | ++BSDoptind; | ||
78 | place = EMSG; | ||
79 | return (-1); | ||
80 | } | ||
81 | } /* option letter okay? */ | ||
82 | if ((BSDoptopt = (int)*place++) == (int)':' || | ||
83 | !(oli = strchr(ostr, BSDoptopt))) { | ||
84 | /* | ||
85 | * if the user didn't specify '-' as an option, | ||
86 | * assume it means -1. | ||
87 | */ | ||
88 | if (BSDoptopt == (int)'-') | ||
89 | return (-1); | ||
90 | if (!*place) | ||
91 | ++BSDoptind; | ||
92 | if (BSDopterr && *ostr != ':') | ||
93 | (void)fprintf(stderr, | ||
94 | "%s: illegal option -- %c\n", __progname, BSDoptopt); | ||
95 | return (BADCH); | ||
96 | } | ||
97 | if (*++oli != ':') { /* don't need argument */ | ||
98 | BSDoptarg = NULL; | ||
99 | if (!*place) | ||
100 | ++BSDoptind; | ||
101 | } | ||
102 | else { /* need an argument */ | ||
103 | if (*place) /* no white space */ | ||
104 | BSDoptarg = place; | ||
105 | else if (nargc <= ++BSDoptind) { /* no arg */ | ||
106 | place = EMSG; | ||
107 | if (*ostr == ':') | ||
108 | return (BADARG); | ||
109 | if (BSDopterr) | ||
110 | (void)fprintf(stderr, | ||
111 | "%s: option requires an argument -- %c\n", | ||
112 | __progname, BSDoptopt); | ||
113 | return (BADCH); | ||
114 | } | ||
115 | else /* white space */ | ||
116 | BSDoptarg = nargv[BSDoptind]; | ||
117 | place = EMSG; | ||
118 | ++BSDoptind; | ||
119 | } | ||
120 | return (BSDoptopt); /* dump back option letter */ | ||
121 | } | ||
122 | |||
123 | #endif /* !defined(HAVE_GETOPT) || !defined(HAVE_OPTRESET) */ | ||
diff --git a/openbsd-compat/getopt.h b/openbsd-compat/getopt.h new file mode 100644 index 000000000..8eb12447e --- /dev/null +++ b/openbsd-compat/getopt.h | |||
@@ -0,0 +1,74 @@ | |||
1 | /* $OpenBSD: getopt.h,v 1.2 2008/06/26 05:42:04 ray Exp $ */ | ||
2 | /* $NetBSD: getopt.h,v 1.4 2000/07/07 10:43:54 ad Exp $ */ | ||
3 | |||
4 | /*- | ||
5 | * Copyright (c) 2000 The NetBSD Foundation, Inc. | ||
6 | * All rights reserved. | ||
7 | * | ||
8 | * This code is derived from software contributed to The NetBSD Foundation | ||
9 | * by Dieter Baron and Thomas Klausner. | ||
10 | * | ||
11 | * Redistribution and use in source and binary forms, with or without | ||
12 | * modification, are permitted provided that the following conditions | ||
13 | * are met: | ||
14 | * 1. Redistributions of source code must retain the above copyright | ||
15 | * notice, this list of conditions and the following disclaimer. | ||
16 | * 2. Redistributions in binary form must reproduce the above copyright | ||
17 | * notice, this list of conditions and the following disclaimer in the | ||
18 | * documentation and/or other materials provided with the distribution. | ||
19 | * | ||
20 | * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS | ||
21 | * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED | ||
22 | * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
23 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS | ||
24 | * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR | ||
25 | * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF | ||
26 | * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS | ||
27 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN | ||
28 | * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
29 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE | ||
30 | * POSSIBILITY OF SUCH DAMAGE. | ||
31 | */ | ||
32 | |||
33 | #ifndef _GETOPT_H_ | ||
34 | #define _GETOPT_H_ | ||
35 | |||
36 | /* | ||
37 | * GNU-like getopt_long() and 4.4BSD getsubopt()/optreset extensions | ||
38 | */ | ||
39 | #define no_argument 0 | ||
40 | #define required_argument 1 | ||
41 | #define optional_argument 2 | ||
42 | |||
43 | struct option { | ||
44 | /* name of long option */ | ||
45 | const char *name; | ||
46 | /* | ||
47 | * one of no_argument, required_argument, and optional_argument: | ||
48 | * whether option takes an argument | ||
49 | */ | ||
50 | int has_arg; | ||
51 | /* if not NULL, set *flag to val when option found */ | ||
52 | int *flag; | ||
53 | /* if flag not NULL, value to set *flag to; else return value */ | ||
54 | int val; | ||
55 | }; | ||
56 | |||
57 | int getopt_long(int, char * const *, const char *, | ||
58 | const struct option *, int *); | ||
59 | int getopt_long_only(int, char * const *, const char *, | ||
60 | const struct option *, int *); | ||
61 | #ifndef _GETOPT_DEFINED_ | ||
62 | #define _GETOPT_DEFINED_ | ||
63 | int getopt(int, char * const *, const char *); | ||
64 | int getsubopt(char **, char * const *, char **); | ||
65 | |||
66 | extern char *optarg; /* getopt(3) external variables */ | ||
67 | extern int opterr; | ||
68 | extern int optind; | ||
69 | extern int optopt; | ||
70 | extern int optreset; | ||
71 | extern char *suboptarg; /* getsubopt(3) external variable */ | ||
72 | #endif | ||
73 | |||
74 | #endif /* !_GETOPT_H_ */ | ||
diff --git a/openbsd-compat/getopt_long.c b/openbsd-compat/getopt_long.c new file mode 100644 index 000000000..e28947430 --- /dev/null +++ b/openbsd-compat/getopt_long.c | |||
@@ -0,0 +1,532 @@ | |||
1 | /* $OpenBSD: getopt_long.c,v 1.25 2011/03/05 22:10:11 guenther Exp $ */ | ||
2 | /* $NetBSD: getopt_long.c,v 1.15 2002/01/31 22:43:40 tv Exp $ */ | ||
3 | |||
4 | /* | ||
5 | * Copyright (c) 2002 Todd C. Miller <Todd.Miller@courtesan.com> | ||
6 | * | ||
7 | * Permission to use, copy, modify, and distribute this software for any | ||
8 | * purpose with or without fee is hereby granted, provided that the above | ||
9 | * copyright notice and this permission notice appear in all copies. | ||
10 | * | ||
11 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES | ||
12 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF | ||
13 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR | ||
14 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES | ||
15 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN | ||
16 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF | ||
17 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | ||
18 | * | ||
19 | * Sponsored in part by the Defense Advanced Research Projects | ||
20 | * Agency (DARPA) and Air Force Research Laboratory, Air Force | ||
21 | * Materiel Command, USAF, under agreement number F39502-99-1-0512. | ||
22 | */ | ||
23 | /*- | ||
24 | * Copyright (c) 2000 The NetBSD Foundation, Inc. | ||
25 | * All rights reserved. | ||
26 | * | ||
27 | * This code is derived from software contributed to The NetBSD Foundation | ||
28 | * by Dieter Baron and Thomas Klausner. | ||
29 | * | ||
30 | * Redistribution and use in source and binary forms, with or without | ||
31 | * modification, are permitted provided that the following conditions | ||
32 | * are met: | ||
33 | * 1. Redistributions of source code must retain the above copyright | ||
34 | * notice, this list of conditions and the following disclaimer. | ||
35 | * 2. Redistributions in binary form must reproduce the above copyright | ||
36 | * notice, this list of conditions and the following disclaimer in the | ||
37 | * documentation and/or other materials provided with the distribution. | ||
38 | * | ||
39 | * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS | ||
40 | * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED | ||
41 | * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
42 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS | ||
43 | * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR | ||
44 | * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF | ||
45 | * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS | ||
46 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN | ||
47 | * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
48 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE | ||
49 | * POSSIBILITY OF SUCH DAMAGE. | ||
50 | */ | ||
51 | |||
52 | /* OPENBSD ORIGINAL: lib/libc/stdlib/getopt_long.c */ | ||
53 | #include "includes.h" | ||
54 | |||
55 | #if !defined(HAVE_GETOPT) || !defined(HAVE_GETOPT_OPTRESET) | ||
56 | |||
57 | /* | ||
58 | * Some defines to make it easier to keep the code in sync with upstream. | ||
59 | * getopt opterr optind optopt optreset optarg are all in defines.h which is | ||
60 | * pulled in by includes.h. | ||
61 | */ | ||
62 | #define warnx logit | ||
63 | |||
64 | #if 0 | ||
65 | #include <err.h> | ||
66 | #include <getopt.h> | ||
67 | #endif | ||
68 | #include <errno.h> | ||
69 | #include <stdlib.h> | ||
70 | #include <string.h> | ||
71 | #include <stdarg.h> | ||
72 | |||
73 | #include "log.h" | ||
74 | |||
75 | int opterr = 1; /* if error message should be printed */ | ||
76 | int optind = 1; /* index into parent argv vector */ | ||
77 | int optopt = '?'; /* character checked for validity */ | ||
78 | int optreset; /* reset getopt */ | ||
79 | char *optarg; /* argument associated with option */ | ||
80 | |||
81 | #define PRINT_ERROR ((opterr) && (*options != ':')) | ||
82 | |||
83 | #define FLAG_PERMUTE 0x01 /* permute non-options to the end of argv */ | ||
84 | #define FLAG_ALLARGS 0x02 /* treat non-options as args to option "-1" */ | ||
85 | #define FLAG_LONGONLY 0x04 /* operate as getopt_long_only */ | ||
86 | |||
87 | /* return values */ | ||
88 | #define BADCH (int)'?' | ||
89 | #define BADARG ((*options == ':') ? (int)':' : (int)'?') | ||
90 | #define INORDER (int)1 | ||
91 | |||
92 | #define EMSG "" | ||
93 | |||
94 | static int getopt_internal(int, char * const *, const char *, | ||
95 | const struct option *, int *, int); | ||
96 | static int parse_long_options(char * const *, const char *, | ||
97 | const struct option *, int *, int); | ||
98 | static int gcd(int, int); | ||
99 | static void permute_args(int, int, int, char * const *); | ||
100 | |||
101 | static char *place = EMSG; /* option letter processing */ | ||
102 | |||
103 | /* XXX: set optreset to 1 rather than these two */ | ||
104 | static int nonopt_start = -1; /* first non option argument (for permute) */ | ||
105 | static int nonopt_end = -1; /* first option after non options (for permute) */ | ||
106 | |||
107 | /* Error messages */ | ||
108 | static const char recargchar[] = "option requires an argument -- %c"; | ||
109 | static const char recargstring[] = "option requires an argument -- %s"; | ||
110 | static const char ambig[] = "ambiguous option -- %.*s"; | ||
111 | static const char noarg[] = "option doesn't take an argument -- %.*s"; | ||
112 | static const char illoptchar[] = "unknown option -- %c"; | ||
113 | static const char illoptstring[] = "unknown option -- %s"; | ||
114 | |||
115 | /* | ||
116 | * Compute the greatest common divisor of a and b. | ||
117 | */ | ||
118 | static int | ||
119 | gcd(int a, int b) | ||
120 | { | ||
121 | int c; | ||
122 | |||
123 | c = a % b; | ||
124 | while (c != 0) { | ||
125 | a = b; | ||
126 | b = c; | ||
127 | c = a % b; | ||
128 | } | ||
129 | |||
130 | return (b); | ||
131 | } | ||
132 | |||
133 | /* | ||
134 | * Exchange the block from nonopt_start to nonopt_end with the block | ||
135 | * from nonopt_end to opt_end (keeping the same order of arguments | ||
136 | * in each block). | ||
137 | */ | ||
138 | static void | ||
139 | permute_args(int panonopt_start, int panonopt_end, int opt_end, | ||
140 | char * const *nargv) | ||
141 | { | ||
142 | int cstart, cyclelen, i, j, ncycle, nnonopts, nopts, pos; | ||
143 | char *swap; | ||
144 | |||
145 | /* | ||
146 | * compute lengths of blocks and number and size of cycles | ||
147 | */ | ||
148 | nnonopts = panonopt_end - panonopt_start; | ||
149 | nopts = opt_end - panonopt_end; | ||
150 | ncycle = gcd(nnonopts, nopts); | ||
151 | cyclelen = (opt_end - panonopt_start) / ncycle; | ||
152 | |||
153 | for (i = 0; i < ncycle; i++) { | ||
154 | cstart = panonopt_end+i; | ||
155 | pos = cstart; | ||
156 | for (j = 0; j < cyclelen; j++) { | ||
157 | if (pos >= panonopt_end) | ||
158 | pos -= nnonopts; | ||
159 | else | ||
160 | pos += nopts; | ||
161 | swap = nargv[pos]; | ||
162 | /* LINTED const cast */ | ||
163 | ((char **) nargv)[pos] = nargv[cstart]; | ||
164 | /* LINTED const cast */ | ||
165 | ((char **)nargv)[cstart] = swap; | ||
166 | } | ||
167 | } | ||
168 | } | ||
169 | |||
170 | /* | ||
171 | * parse_long_options -- | ||
172 | * Parse long options in argc/argv argument vector. | ||
173 | * Returns -1 if short_too is set and the option does not match long_options. | ||
174 | */ | ||
175 | static int | ||
176 | parse_long_options(char * const *nargv, const char *options, | ||
177 | const struct option *long_options, int *idx, int short_too) | ||
178 | { | ||
179 | char *current_argv, *has_equal; | ||
180 | size_t current_argv_len; | ||
181 | int i, match; | ||
182 | |||
183 | current_argv = place; | ||
184 | match = -1; | ||
185 | |||
186 | optind++; | ||
187 | |||
188 | if ((has_equal = strchr(current_argv, '=')) != NULL) { | ||
189 | /* argument found (--option=arg) */ | ||
190 | current_argv_len = has_equal - current_argv; | ||
191 | has_equal++; | ||
192 | } else | ||
193 | current_argv_len = strlen(current_argv); | ||
194 | |||
195 | for (i = 0; long_options[i].name; i++) { | ||
196 | /* find matching long option */ | ||
197 | if (strncmp(current_argv, long_options[i].name, | ||
198 | current_argv_len)) | ||
199 | continue; | ||
200 | |||
201 | if (strlen(long_options[i].name) == current_argv_len) { | ||
202 | /* exact match */ | ||
203 | match = i; | ||
204 | break; | ||
205 | } | ||
206 | /* | ||
207 | * If this is a known short option, don't allow | ||
208 | * a partial match of a single character. | ||
209 | */ | ||
210 | if (short_too && current_argv_len == 1) | ||
211 | continue; | ||
212 | |||
213 | if (match == -1) /* partial match */ | ||
214 | match = i; | ||
215 | else { | ||
216 | /* ambiguous abbreviation */ | ||
217 | if (PRINT_ERROR) | ||
218 | warnx(ambig, (int)current_argv_len, | ||
219 | current_argv); | ||
220 | optopt = 0; | ||
221 | return (BADCH); | ||
222 | } | ||
223 | } | ||
224 | if (match != -1) { /* option found */ | ||
225 | if (long_options[match].has_arg == no_argument | ||
226 | && has_equal) { | ||
227 | if (PRINT_ERROR) | ||
228 | warnx(noarg, (int)current_argv_len, | ||
229 | current_argv); | ||
230 | /* | ||
231 | * XXX: GNU sets optopt to val regardless of flag | ||
232 | */ | ||
233 | if (long_options[match].flag == NULL) | ||
234 | optopt = long_options[match].val; | ||
235 | else | ||
236 | optopt = 0; | ||
237 | return (BADARG); | ||
238 | } | ||
239 | if (long_options[match].has_arg == required_argument || | ||
240 | long_options[match].has_arg == optional_argument) { | ||
241 | if (has_equal) | ||
242 | optarg = has_equal; | ||
243 | else if (long_options[match].has_arg == | ||
244 | required_argument) { | ||
245 | /* | ||
246 | * optional argument doesn't use next nargv | ||
247 | */ | ||
248 | optarg = nargv[optind++]; | ||
249 | } | ||
250 | } | ||
251 | if ((long_options[match].has_arg == required_argument) | ||
252 | && (optarg == NULL)) { | ||
253 | /* | ||
254 | * Missing argument; leading ':' indicates no error | ||
255 | * should be generated. | ||
256 | */ | ||
257 | if (PRINT_ERROR) | ||
258 | warnx(recargstring, | ||
259 | current_argv); | ||
260 | /* | ||
261 | * XXX: GNU sets optopt to val regardless of flag | ||
262 | */ | ||
263 | if (long_options[match].flag == NULL) | ||
264 | optopt = long_options[match].val; | ||
265 | else | ||
266 | optopt = 0; | ||
267 | --optind; | ||
268 | return (BADARG); | ||
269 | } | ||
270 | } else { /* unknown option */ | ||
271 | if (short_too) { | ||
272 | --optind; | ||
273 | return (-1); | ||
274 | } | ||
275 | if (PRINT_ERROR) | ||
276 | warnx(illoptstring, current_argv); | ||
277 | optopt = 0; | ||
278 | return (BADCH); | ||
279 | } | ||
280 | if (idx) | ||
281 | *idx = match; | ||
282 | if (long_options[match].flag) { | ||
283 | *long_options[match].flag = long_options[match].val; | ||
284 | return (0); | ||
285 | } else | ||
286 | return (long_options[match].val); | ||
287 | } | ||
288 | |||
289 | /* | ||
290 | * getopt_internal -- | ||
291 | * Parse argc/argv argument vector. Called by user level routines. | ||
292 | */ | ||
293 | static int | ||
294 | getopt_internal(int nargc, char * const *nargv, const char *options, | ||
295 | const struct option *long_options, int *idx, int flags) | ||
296 | { | ||
297 | char *oli; /* option letter list index */ | ||
298 | int optchar, short_too; | ||
299 | static int posixly_correct = -1; | ||
300 | |||
301 | if (options == NULL) | ||
302 | return (-1); | ||
303 | |||
304 | /* | ||
305 | * XXX Some GNU programs (like cvs) set optind to 0 instead of | ||
306 | * XXX using optreset. Work around this braindamage. | ||
307 | */ | ||
308 | if (optind == 0) | ||
309 | optind = optreset = 1; | ||
310 | |||
311 | /* | ||
312 | * Disable GNU extensions if POSIXLY_CORRECT is set or options | ||
313 | * string begins with a '+'. | ||
314 | */ | ||
315 | if (posixly_correct == -1 || optreset) | ||
316 | posixly_correct = (getenv("POSIXLY_CORRECT") != NULL); | ||
317 | if (*options == '-') | ||
318 | flags |= FLAG_ALLARGS; | ||
319 | else if (posixly_correct || *options == '+') | ||
320 | flags &= ~FLAG_PERMUTE; | ||
321 | if (*options == '+' || *options == '-') | ||
322 | options++; | ||
323 | |||
324 | optarg = NULL; | ||
325 | if (optreset) | ||
326 | nonopt_start = nonopt_end = -1; | ||
327 | start: | ||
328 | if (optreset || !*place) { /* update scanning pointer */ | ||
329 | optreset = 0; | ||
330 | if (optind >= nargc) { /* end of argument vector */ | ||
331 | place = EMSG; | ||
332 | if (nonopt_end != -1) { | ||
333 | /* do permutation, if we have to */ | ||
334 | permute_args(nonopt_start, nonopt_end, | ||
335 | optind, nargv); | ||
336 | optind -= nonopt_end - nonopt_start; | ||
337 | } | ||
338 | else if (nonopt_start != -1) { | ||
339 | /* | ||
340 | * If we skipped non-options, set optind | ||
341 | * to the first of them. | ||
342 | */ | ||
343 | optind = nonopt_start; | ||
344 | } | ||
345 | nonopt_start = nonopt_end = -1; | ||
346 | return (-1); | ||
347 | } | ||
348 | if (*(place = nargv[optind]) != '-' || | ||
349 | (place[1] == '\0' && strchr(options, '-') == NULL)) { | ||
350 | place = EMSG; /* found non-option */ | ||
351 | if (flags & FLAG_ALLARGS) { | ||
352 | /* | ||
353 | * GNU extension: | ||
354 | * return non-option as argument to option 1 | ||
355 | */ | ||
356 | optarg = nargv[optind++]; | ||
357 | return (INORDER); | ||
358 | } | ||
359 | if (!(flags & FLAG_PERMUTE)) { | ||
360 | /* | ||
361 | * If no permutation wanted, stop parsing | ||
362 | * at first non-option. | ||
363 | */ | ||
364 | return (-1); | ||
365 | } | ||
366 | /* do permutation */ | ||
367 | if (nonopt_start == -1) | ||
368 | nonopt_start = optind; | ||
369 | else if (nonopt_end != -1) { | ||
370 | permute_args(nonopt_start, nonopt_end, | ||
371 | optind, nargv); | ||
372 | nonopt_start = optind - | ||
373 | (nonopt_end - nonopt_start); | ||
374 | nonopt_end = -1; | ||
375 | } | ||
376 | optind++; | ||
377 | /* process next argument */ | ||
378 | goto start; | ||
379 | } | ||
380 | if (nonopt_start != -1 && nonopt_end == -1) | ||
381 | nonopt_end = optind; | ||
382 | |||
383 | /* | ||
384 | * If we have "-" do nothing, if "--" we are done. | ||
385 | */ | ||
386 | if (place[1] != '\0' && *++place == '-' && place[1] == '\0') { | ||
387 | optind++; | ||
388 | place = EMSG; | ||
389 | /* | ||
390 | * We found an option (--), so if we skipped | ||
391 | * non-options, we have to permute. | ||
392 | */ | ||
393 | if (nonopt_end != -1) { | ||
394 | permute_args(nonopt_start, nonopt_end, | ||
395 | optind, nargv); | ||
396 | optind -= nonopt_end - nonopt_start; | ||
397 | } | ||
398 | nonopt_start = nonopt_end = -1; | ||
399 | return (-1); | ||
400 | } | ||
401 | } | ||
402 | |||
403 | /* | ||
404 | * Check long options if: | ||
405 | * 1) we were passed some | ||
406 | * 2) the arg is not just "-" | ||
407 | * 3) either the arg starts with -- we are getopt_long_only() | ||
408 | */ | ||
409 | if (long_options != NULL && place != nargv[optind] && | ||
410 | (*place == '-' || (flags & FLAG_LONGONLY))) { | ||
411 | short_too = 0; | ||
412 | if (*place == '-') | ||
413 | place++; /* --foo long option */ | ||
414 | else if (*place != ':' && strchr(options, *place) != NULL) | ||
415 | short_too = 1; /* could be short option too */ | ||
416 | |||
417 | optchar = parse_long_options(nargv, options, long_options, | ||
418 | idx, short_too); | ||
419 | if (optchar != -1) { | ||
420 | place = EMSG; | ||
421 | return (optchar); | ||
422 | } | ||
423 | } | ||
424 | |||
425 | if ((optchar = (int)*place++) == (int)':' || | ||
426 | (optchar == (int)'-' && *place != '\0') || | ||
427 | (oli = strchr(options, optchar)) == NULL) { | ||
428 | /* | ||
429 | * If the user specified "-" and '-' isn't listed in | ||
430 | * options, return -1 (non-option) as per POSIX. | ||
431 | * Otherwise, it is an unknown option character (or ':'). | ||
432 | */ | ||
433 | if (optchar == (int)'-' && *place == '\0') | ||
434 | return (-1); | ||
435 | if (!*place) | ||
436 | ++optind; | ||
437 | if (PRINT_ERROR) | ||
438 | warnx(illoptchar, optchar); | ||
439 | optopt = optchar; | ||
440 | return (BADCH); | ||
441 | } | ||
442 | if (long_options != NULL && optchar == 'W' && oli[1] == ';') { | ||
443 | /* -W long-option */ | ||
444 | if (*place) /* no space */ | ||
445 | /* NOTHING */; | ||
446 | else if (++optind >= nargc) { /* no arg */ | ||
447 | place = EMSG; | ||
448 | if (PRINT_ERROR) | ||
449 | warnx(recargchar, optchar); | ||
450 | optopt = optchar; | ||
451 | return (BADARG); | ||
452 | } else /* white space */ | ||
453 | place = nargv[optind]; | ||
454 | optchar = parse_long_options(nargv, options, long_options, | ||
455 | idx, 0); | ||
456 | place = EMSG; | ||
457 | return (optchar); | ||
458 | } | ||
459 | if (*++oli != ':') { /* doesn't take argument */ | ||
460 | if (!*place) | ||
461 | ++optind; | ||
462 | } else { /* takes (optional) argument */ | ||
463 | optarg = NULL; | ||
464 | if (*place) /* no white space */ | ||
465 | optarg = place; | ||
466 | else if (oli[1] != ':') { /* arg not optional */ | ||
467 | if (++optind >= nargc) { /* no arg */ | ||
468 | place = EMSG; | ||
469 | if (PRINT_ERROR) | ||
470 | warnx(recargchar, optchar); | ||
471 | optopt = optchar; | ||
472 | return (BADARG); | ||
473 | } else | ||
474 | optarg = nargv[optind]; | ||
475 | } | ||
476 | place = EMSG; | ||
477 | ++optind; | ||
478 | } | ||
479 | /* dump back option letter */ | ||
480 | return (optchar); | ||
481 | } | ||
482 | |||
483 | /* | ||
484 | * getopt -- | ||
485 | * Parse argc/argv argument vector. | ||
486 | * | ||
487 | * [eventually this will replace the BSD getopt] | ||
488 | */ | ||
489 | int | ||
490 | getopt(int nargc, char * const *nargv, const char *options) | ||
491 | { | ||
492 | |||
493 | /* | ||
494 | * We don't pass FLAG_PERMUTE to getopt_internal() since | ||
495 | * the BSD getopt(3) (unlike GNU) has never done this. | ||
496 | * | ||
497 | * Furthermore, since many privileged programs call getopt() | ||
498 | * before dropping privileges it makes sense to keep things | ||
499 | * as simple (and bug-free) as possible. | ||
500 | */ | ||
501 | return (getopt_internal(nargc, nargv, options, NULL, NULL, 0)); | ||
502 | } | ||
503 | |||
504 | #if 0 | ||
505 | /* | ||
506 | * getopt_long -- | ||
507 | * Parse argc/argv argument vector. | ||
508 | */ | ||
509 | int | ||
510 | getopt_long(int nargc, char * const *nargv, const char *options, | ||
511 | const struct option *long_options, int *idx) | ||
512 | { | ||
513 | |||
514 | return (getopt_internal(nargc, nargv, options, long_options, idx, | ||
515 | FLAG_PERMUTE)); | ||
516 | } | ||
517 | |||
518 | /* | ||
519 | * getopt_long_only -- | ||
520 | * Parse argc/argv argument vector. | ||
521 | */ | ||
522 | int | ||
523 | getopt_long_only(int nargc, char * const *nargv, const char *options, | ||
524 | const struct option *long_options, int *idx) | ||
525 | { | ||
526 | |||
527 | return (getopt_internal(nargc, nargv, options, long_options, idx, | ||
528 | FLAG_PERMUTE|FLAG_LONGONLY)); | ||
529 | } | ||
530 | #endif | ||
531 | |||
532 | #endif /* !defined(HAVE_GETOPT) || !defined(HAVE_OPTRESET) */ | ||
diff --git a/openbsd-compat/getrrsetbyname-ldns.c b/openbsd-compat/getrrsetbyname-ldns.c index 19666346b..343720f10 100644 --- a/openbsd-compat/getrrsetbyname-ldns.c +++ b/openbsd-compat/getrrsetbyname-ldns.c | |||
@@ -58,7 +58,6 @@ | |||
58 | 58 | ||
59 | #define malloc(x) (xmalloc(x)) | 59 | #define malloc(x) (xmalloc(x)) |
60 | #define calloc(x, y) (xcalloc((x),(y))) | 60 | #define calloc(x, y) (xcalloc((x),(y))) |
61 | #define free(x) (xfree(x)) | ||
62 | 61 | ||
63 | int | 62 | int |
64 | getrrsetbyname(const char *hostname, unsigned int rdclass, | 63 | getrrsetbyname(const char *hostname, unsigned int rdclass, |
diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h index a8c579f49..392fa38dc 100644 --- a/openbsd-compat/openbsd-compat.h +++ b/openbsd-compat/openbsd-compat.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $Id: openbsd-compat.h,v 1.55 2013/02/15 01:20:42 dtucker Exp $ */ | 1 | /* $Id: openbsd-compat.h,v 1.58 2013/06/05 22:30:21 dtucker Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 1999-2003 Damien Miller. All rights reserved. | 4 | * Copyright (c) 1999-2003 Damien Miller. All rights reserved. |
@@ -111,6 +111,10 @@ char *dirname(const char *path); | |||
111 | int fmt_scaled(long long number, char *result); | 111 | int fmt_scaled(long long number, char *result); |
112 | #endif | 112 | #endif |
113 | 113 | ||
114 | #ifndef HAVE_SCAN_SCALED | ||
115 | int scan_scaled(char *, long long *); | ||
116 | #endif | ||
117 | |||
114 | #if defined(BROKEN_INET_NTOA) || !defined(HAVE_INET_NTOA) | 118 | #if defined(BROKEN_INET_NTOA) || !defined(HAVE_INET_NTOA) |
115 | char *inet_ntoa(struct in_addr in); | 119 | char *inet_ntoa(struct in_addr in); |
116 | #endif | 120 | #endif |
@@ -139,6 +143,7 @@ int getgrouplist(const char *, gid_t, gid_t *, int *); | |||
139 | 143 | ||
140 | #if !defined(HAVE_GETOPT) || !defined(HAVE_GETOPT_OPTRESET) | 144 | #if !defined(HAVE_GETOPT) || !defined(HAVE_GETOPT_OPTRESET) |
141 | int BSDgetopt(int argc, char * const *argv, const char *opts); | 145 | int BSDgetopt(int argc, char * const *argv, const char *opts); |
146 | #include "openbsd-compat/getopt.h" | ||
142 | #endif | 147 | #endif |
143 | 148 | ||
144 | #if defined(HAVE_DECL_WRITEV) && HAVE_DECL_WRITEV == 0 | 149 | #if defined(HAVE_DECL_WRITEV) && HAVE_DECL_WRITEV == 0 |
@@ -202,6 +207,11 @@ unsigned long long strtoull(const char *, char **, int); | |||
202 | long long strtonum(const char *, long long, long long, const char **); | 207 | long long strtonum(const char *, long long, long long, const char **); |
203 | #endif | 208 | #endif |
204 | 209 | ||
210 | /* multibyte character support */ | ||
211 | #ifndef HAVE_MBLEN | ||
212 | # define mblen(x, y) 1 | ||
213 | #endif | ||
214 | |||
205 | #if !defined(HAVE_VASPRINTF) || !defined(HAVE_VSNPRINTF) | 215 | #if !defined(HAVE_VASPRINTF) || !defined(HAVE_VSNPRINTF) |
206 | # include <stdarg.h> | 216 | # include <stdarg.h> |
207 | #endif | 217 | #endif |
diff --git a/openbsd-compat/port-aix.c b/openbsd-compat/port-aix.c index 0bdefbf6d..8da367d48 100644 --- a/openbsd-compat/port-aix.c +++ b/openbsd-compat/port-aix.c | |||
@@ -86,7 +86,7 @@ aix_usrinfo(struct passwd *pw) | |||
86 | fatal("Couldn't set usrinfo: %s", strerror(errno)); | 86 | fatal("Couldn't set usrinfo: %s", strerror(errno)); |
87 | debug3("AIX/UsrInfo: set len %d", i); | 87 | debug3("AIX/UsrInfo: set len %d", i); |
88 | 88 | ||
89 | xfree(cp); | 89 | free(cp); |
90 | } | 90 | } |
91 | 91 | ||
92 | # ifdef WITH_AIXAUTHENTICATE | 92 | # ifdef WITH_AIXAUTHENTICATE |
@@ -215,16 +215,14 @@ sys_auth_passwd(Authctxt *ctxt, const char *password) | |||
215 | default: /* user can't change(2) or other error (-1) */ | 215 | default: /* user can't change(2) or other error (-1) */ |
216 | logit("Password can't be changed for user %s: %.100s", | 216 | logit("Password can't be changed for user %s: %.100s", |
217 | name, msg); | 217 | name, msg); |
218 | if (msg) | 218 | free(msg); |
219 | xfree(msg); | ||
220 | authsuccess = 0; | 219 | authsuccess = 0; |
221 | } | 220 | } |
222 | 221 | ||
223 | aix_restoreauthdb(); | 222 | aix_restoreauthdb(); |
224 | } | 223 | } |
225 | 224 | ||
226 | if (authmsg != NULL) | 225 | free(authmsg); |
227 | xfree(authmsg); | ||
228 | 226 | ||
229 | return authsuccess; | 227 | return authsuccess; |
230 | } | 228 | } |
@@ -269,7 +267,7 @@ sys_auth_allowed_user(struct passwd *pw, Buffer *loginmsg) | |||
269 | 267 | ||
270 | if (!permitted) | 268 | if (!permitted) |
271 | logit("Login restricted for %s: %.100s", pw->pw_name, msg); | 269 | logit("Login restricted for %s: %.100s", pw->pw_name, msg); |
272 | xfree(msg); | 270 | free(msg); |
273 | return permitted; | 271 | return permitted; |
274 | } | 272 | } |
275 | 273 | ||
diff --git a/openbsd-compat/port-linux.c b/openbsd-compat/port-linux.c index aba75387c..4637a7a3e 100644 --- a/openbsd-compat/port-linux.c +++ b/openbsd-compat/port-linux.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $Id: port-linux.c,v 1.17 2012/03/08 23:25:18 djm Exp $ */ | 1 | /* $Id: port-linux.c,v 1.18 2013/06/01 22:07:32 dtucker Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2005 Daniel Walsh <dwalsh@redhat.com> | 4 | * Copyright (c) 2005 Daniel Walsh <dwalsh@redhat.com> |
@@ -96,10 +96,8 @@ ssh_selinux_getctxbyname(char *pwname) | |||
96 | } | 96 | } |
97 | 97 | ||
98 | #ifdef HAVE_GETSEUSERBYNAME | 98 | #ifdef HAVE_GETSEUSERBYNAME |
99 | if (sename != NULL) | 99 | free(sename); |
100 | xfree(sename); | 100 | free(lvl); |
101 | if (lvl != NULL) | ||
102 | xfree(lvl); | ||
103 | #endif | 101 | #endif |
104 | 102 | ||
105 | return sc; | 103 | return sc; |
@@ -217,8 +215,8 @@ ssh_selinux_change_context(const char *newname) | |||
217 | if (setcon(newctx) < 0) | 215 | if (setcon(newctx) < 0) |
218 | switchlog("%s: setcon %s from %s failed with %s", __func__, | 216 | switchlog("%s: setcon %s from %s failed with %s", __func__, |
219 | newctx, oldctx, strerror(errno)); | 217 | newctx, oldctx, strerror(errno)); |
220 | xfree(oldctx); | 218 | free(oldctx); |
221 | xfree(newctx); | 219 | free(newctx); |
222 | } | 220 | } |
223 | 221 | ||
224 | void | 222 | void |
diff --git a/openbsd-compat/xcrypt.c b/openbsd-compat/xcrypt.c index 6291e2884..c8aea461d 100644 --- a/openbsd-compat/xcrypt.c +++ b/openbsd-compat/xcrypt.c | |||
@@ -55,7 +55,12 @@ | |||
55 | 55 | ||
56 | # if defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT) | 56 | # if defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT) |
57 | # include "md5crypt.h" | 57 | # include "md5crypt.h" |
58 | # endif | 58 | # endif |
59 | |||
60 | # if !defined(HAVE_CRYPT) && defined(HAVE_DES_CRYPT) | ||
61 | # include <openssl/des.h> | ||
62 | # define crypt DES_crypt | ||
63 | # endif | ||
59 | 64 | ||
60 | char * | 65 | char * |
61 | xcrypt(const char *password, const char *salt) | 66 | xcrypt(const char *password, const char *salt) |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: packet.c,v 1.182 2013/04/11 02:27:50 djm Exp $ */ | 1 | /* $OpenBSD: packet.c,v 1.188 2013/07/12 00:19:58 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -58,6 +58,7 @@ | |||
58 | #include <string.h> | 58 | #include <string.h> |
59 | #include <unistd.h> | 59 | #include <unistd.h> |
60 | #include <signal.h> | 60 | #include <signal.h> |
61 | #include <time.h> | ||
61 | 62 | ||
62 | #include "xmalloc.h" | 63 | #include "xmalloc.h" |
63 | #include "buffer.h" | 64 | #include "buffer.h" |
@@ -165,9 +166,14 @@ struct session_state { | |||
165 | Newkeys *newkeys[MODE_MAX]; | 166 | Newkeys *newkeys[MODE_MAX]; |
166 | struct packet_state p_read, p_send; | 167 | struct packet_state p_read, p_send; |
167 | 168 | ||
169 | /* Volume-based rekeying */ | ||
168 | u_int64_t max_blocks_in, max_blocks_out; | 170 | u_int64_t max_blocks_in, max_blocks_out; |
169 | u_int32_t rekey_limit; | 171 | u_int32_t rekey_limit; |
170 | 172 | ||
173 | /* Time-based rekeying */ | ||
174 | time_t rekey_interval; /* how often in seconds */ | ||
175 | time_t rekey_time; /* time of last rekeying */ | ||
176 | |||
171 | /* Session key for protocol v1 */ | 177 | /* Session key for protocol v1 */ |
172 | u_char ssh1_key[SSH_SESSION_KEY_LENGTH]; | 178 | u_char ssh1_key[SSH_SESSION_KEY_LENGTH]; |
173 | u_int ssh1_keylen; | 179 | u_int ssh1_keylen; |
@@ -215,7 +221,7 @@ alloc_session_state(void) | |||
215 | void | 221 | void |
216 | packet_set_connection(int fd_in, int fd_out) | 222 | packet_set_connection(int fd_in, int fd_out) |
217 | { | 223 | { |
218 | Cipher *none = cipher_by_name("none"); | 224 | const Cipher *none = cipher_by_name("none"); |
219 | 225 | ||
220 | if (none == NULL) | 226 | if (none == NULL) |
221 | fatal("packet_set_connection: cannot load cipher 'none'"); | 227 | fatal("packet_set_connection: cannot load cipher 'none'"); |
@@ -545,7 +551,7 @@ packet_start_compression(int level) | |||
545 | void | 551 | void |
546 | packet_set_encryption_key(const u_char *key, u_int keylen, int number) | 552 | packet_set_encryption_key(const u_char *key, u_int keylen, int number) |
547 | { | 553 | { |
548 | Cipher *cipher = cipher_by_number(number); | 554 | const Cipher *cipher = cipher_by_number(number); |
549 | 555 | ||
550 | if (cipher == NULL) | 556 | if (cipher == NULL) |
551 | fatal("packet_set_encryption_key: unknown cipher number %d", number); | 557 | fatal("packet_set_encryption_key: unknown cipher number %d", number); |
@@ -760,13 +766,13 @@ set_newkeys(int mode) | |||
760 | memset(enc->iv, 0, enc->iv_len); | 766 | memset(enc->iv, 0, enc->iv_len); |
761 | memset(enc->key, 0, enc->key_len); | 767 | memset(enc->key, 0, enc->key_len); |
762 | memset(mac->key, 0, mac->key_len); | 768 | memset(mac->key, 0, mac->key_len); |
763 | xfree(enc->name); | 769 | free(enc->name); |
764 | xfree(enc->iv); | 770 | free(enc->iv); |
765 | xfree(enc->key); | 771 | free(enc->key); |
766 | xfree(mac->name); | 772 | free(mac->name); |
767 | xfree(mac->key); | 773 | free(mac->key); |
768 | xfree(comp->name); | 774 | free(comp->name); |
769 | xfree(active_state->newkeys[mode]); | 775 | free(active_state->newkeys[mode]); |
770 | } | 776 | } |
771 | active_state->newkeys[mode] = kex_get_newkeys(mode); | 777 | active_state->newkeys[mode] = kex_get_newkeys(mode); |
772 | if (active_state->newkeys[mode] == NULL) | 778 | if (active_state->newkeys[mode] == NULL) |
@@ -1009,6 +1015,7 @@ packet_send2(void) | |||
1009 | /* after a NEWKEYS message we can send the complete queue */ | 1015 | /* after a NEWKEYS message we can send the complete queue */ |
1010 | if (type == SSH2_MSG_NEWKEYS) { | 1016 | if (type == SSH2_MSG_NEWKEYS) { |
1011 | active_state->rekeying = 0; | 1017 | active_state->rekeying = 0; |
1018 | active_state->rekey_time = monotime(); | ||
1012 | while ((p = TAILQ_FIRST(&active_state->outgoing))) { | 1019 | while ((p = TAILQ_FIRST(&active_state->outgoing))) { |
1013 | type = p->type; | 1020 | type = p->type; |
1014 | debug("dequeue packet: %u", type); | 1021 | debug("dequeue packet: %u", type); |
@@ -1016,7 +1023,7 @@ packet_send2(void) | |||
1016 | memcpy(&active_state->outgoing_packet, &p->payload, | 1023 | memcpy(&active_state->outgoing_packet, &p->payload, |
1017 | sizeof(Buffer)); | 1024 | sizeof(Buffer)); |
1018 | TAILQ_REMOVE(&active_state->outgoing, p, next); | 1025 | TAILQ_REMOVE(&active_state->outgoing, p, next); |
1019 | xfree(p); | 1026 | free(p); |
1020 | packet_send2_wrapped(); | 1027 | packet_send2_wrapped(); |
1021 | } | 1028 | } |
1022 | } | 1029 | } |
@@ -1041,7 +1048,7 @@ packet_send(void) | |||
1041 | int | 1048 | int |
1042 | packet_read_seqnr(u_int32_t *seqnr_p) | 1049 | packet_read_seqnr(u_int32_t *seqnr_p) |
1043 | { | 1050 | { |
1044 | int type, len, ret, ms_remain, cont; | 1051 | int type, len, ret, cont, ms_remain = 0; |
1045 | fd_set *setp; | 1052 | fd_set *setp; |
1046 | char buf[8192]; | 1053 | char buf[8192]; |
1047 | struct timeval timeout, start, *timeoutp = NULL; | 1054 | struct timeval timeout, start, *timeoutp = NULL; |
@@ -1066,7 +1073,7 @@ packet_read_seqnr(u_int32_t *seqnr_p) | |||
1066 | packet_check_eom(); | 1073 | packet_check_eom(); |
1067 | /* If we got a packet, return it. */ | 1074 | /* If we got a packet, return it. */ |
1068 | if (type != SSH_MSG_NONE) { | 1075 | if (type != SSH_MSG_NONE) { |
1069 | xfree(setp); | 1076 | free(setp); |
1070 | return type; | 1077 | return type; |
1071 | } | 1078 | } |
1072 | /* | 1079 | /* |
@@ -1453,9 +1460,9 @@ packet_read_poll_seqnr(u_int32_t *seqnr_p) | |||
1453 | packet_get_char(); | 1460 | packet_get_char(); |
1454 | msg = packet_get_string(NULL); | 1461 | msg = packet_get_string(NULL); |
1455 | debug("Remote: %.900s", msg); | 1462 | debug("Remote: %.900s", msg); |
1456 | xfree(msg); | 1463 | free(msg); |
1457 | msg = packet_get_string(NULL); | 1464 | msg = packet_get_string(NULL); |
1458 | xfree(msg); | 1465 | free(msg); |
1459 | break; | 1466 | break; |
1460 | case SSH2_MSG_DISCONNECT: | 1467 | case SSH2_MSG_DISCONNECT: |
1461 | reason = packet_get_int(); | 1468 | reason = packet_get_int(); |
@@ -1466,7 +1473,7 @@ packet_read_poll_seqnr(u_int32_t *seqnr_p) | |||
1466 | SYSLOG_LEVEL_INFO : SYSLOG_LEVEL_ERROR, | 1473 | SYSLOG_LEVEL_INFO : SYSLOG_LEVEL_ERROR, |
1467 | "Received disconnect from %s: %u: %.400s", | 1474 | "Received disconnect from %s: %u: %.400s", |
1468 | get_remote_ipaddr(), reason, msg); | 1475 | get_remote_ipaddr(), reason, msg); |
1469 | xfree(msg); | 1476 | free(msg); |
1470 | cleanup_exit(255); | 1477 | cleanup_exit(255); |
1471 | break; | 1478 | break; |
1472 | case SSH2_MSG_UNIMPLEMENTED: | 1479 | case SSH2_MSG_UNIMPLEMENTED: |
@@ -1480,12 +1487,14 @@ packet_read_poll_seqnr(u_int32_t *seqnr_p) | |||
1480 | } else { | 1487 | } else { |
1481 | type = packet_read_poll1(); | 1488 | type = packet_read_poll1(); |
1482 | switch (type) { | 1489 | switch (type) { |
1490 | case SSH_MSG_NONE: | ||
1491 | return SSH_MSG_NONE; | ||
1483 | case SSH_MSG_IGNORE: | 1492 | case SSH_MSG_IGNORE: |
1484 | break; | 1493 | break; |
1485 | case SSH_MSG_DEBUG: | 1494 | case SSH_MSG_DEBUG: |
1486 | msg = packet_get_string(NULL); | 1495 | msg = packet_get_string(NULL); |
1487 | debug("Remote: %.900s", msg); | 1496 | debug("Remote: %.900s", msg); |
1488 | xfree(msg); | 1497 | free(msg); |
1489 | break; | 1498 | break; |
1490 | case SSH_MSG_DISCONNECT: | 1499 | case SSH_MSG_DISCONNECT: |
1491 | msg = packet_get_string(NULL); | 1500 | msg = packet_get_string(NULL); |
@@ -1494,8 +1503,7 @@ packet_read_poll_seqnr(u_int32_t *seqnr_p) | |||
1494 | cleanup_exit(255); | 1503 | cleanup_exit(255); |
1495 | break; | 1504 | break; |
1496 | default: | 1505 | default: |
1497 | if (type) | 1506 | DBG(debug("received packet type %d", type)); |
1498 | DBG(debug("received packet type %d", type)); | ||
1499 | return type; | 1507 | return type; |
1500 | } | 1508 | } |
1501 | } | 1509 | } |
@@ -1732,7 +1740,7 @@ void | |||
1732 | packet_write_wait(void) | 1740 | packet_write_wait(void) |
1733 | { | 1741 | { |
1734 | fd_set *setp; | 1742 | fd_set *setp; |
1735 | int ret, ms_remain; | 1743 | int ret, ms_remain = 0; |
1736 | struct timeval start, timeout, *timeoutp = NULL; | 1744 | struct timeval start, timeout, *timeoutp = NULL; |
1737 | 1745 | ||
1738 | setp = (fd_set *)xcalloc(howmany(active_state->connection_out + 1, | 1746 | setp = (fd_set *)xcalloc(howmany(active_state->connection_out + 1, |
@@ -1773,7 +1781,7 @@ packet_write_wait(void) | |||
1773 | } | 1781 | } |
1774 | packet_write_poll(); | 1782 | packet_write_poll(); |
1775 | } | 1783 | } |
1776 | xfree(setp); | 1784 | free(setp); |
1777 | } | 1785 | } |
1778 | 1786 | ||
1779 | /* Returns true if there is buffered data to write to the connection. */ | 1787 | /* Returns true if there is buffered data to write to the connection. */ |
@@ -1933,13 +1941,33 @@ packet_need_rekeying(void) | |||
1933 | (active_state->max_blocks_out && | 1941 | (active_state->max_blocks_out && |
1934 | (active_state->p_send.blocks > active_state->max_blocks_out)) || | 1942 | (active_state->p_send.blocks > active_state->max_blocks_out)) || |
1935 | (active_state->max_blocks_in && | 1943 | (active_state->max_blocks_in && |
1936 | (active_state->p_read.blocks > active_state->max_blocks_in)); | 1944 | (active_state->p_read.blocks > active_state->max_blocks_in)) || |
1945 | (active_state->rekey_interval != 0 && active_state->rekey_time + | ||
1946 | active_state->rekey_interval <= monotime()); | ||
1937 | } | 1947 | } |
1938 | 1948 | ||
1939 | void | 1949 | void |
1940 | packet_set_rekey_limit(u_int32_t bytes) | 1950 | packet_set_rekey_limits(u_int32_t bytes, time_t seconds) |
1941 | { | 1951 | { |
1952 | debug3("rekey after %lld bytes, %d seconds", (long long)bytes, | ||
1953 | (int)seconds); | ||
1942 | active_state->rekey_limit = bytes; | 1954 | active_state->rekey_limit = bytes; |
1955 | active_state->rekey_interval = seconds; | ||
1956 | /* | ||
1957 | * We set the time here so that in post-auth privsep slave we count | ||
1958 | * from the completion of the authentication. | ||
1959 | */ | ||
1960 | active_state->rekey_time = monotime(); | ||
1961 | } | ||
1962 | |||
1963 | time_t | ||
1964 | packet_get_rekey_timeout(void) | ||
1965 | { | ||
1966 | time_t seconds; | ||
1967 | |||
1968 | seconds = active_state->rekey_time + active_state->rekey_interval - | ||
1969 | monotime(); | ||
1970 | return (seconds <= 0 ? 1 : seconds); | ||
1943 | } | 1971 | } |
1944 | 1972 | ||
1945 | void | 1973 | void |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: packet.h,v 1.57 2012/01/25 19:40:09 markus Exp $ */ | 1 | /* $OpenBSD: packet.h,v 1.59 2013/07/12 00:19:59 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
@@ -71,7 +71,7 @@ void *packet_get_raw(u_int *length_ptr); | |||
71 | void *packet_get_string(u_int *length_ptr); | 71 | void *packet_get_string(u_int *length_ptr); |
72 | char *packet_get_cstring(u_int *length_ptr); | 72 | char *packet_get_cstring(u_int *length_ptr); |
73 | void *packet_get_string_ptr(u_int *length_ptr); | 73 | void *packet_get_string_ptr(u_int *length_ptr); |
74 | void packet_disconnect(const char *fmt,...) __attribute__((format(printf, 1, 2))); | 74 | void packet_disconnect(const char *fmt,...) __attribute__((noreturn)) __attribute__((format(printf, 1, 2))); |
75 | void packet_send_debug(const char *fmt,...) __attribute__((format(printf, 1, 2))); | 75 | void packet_send_debug(const char *fmt,...) __attribute__((format(printf, 1, 2))); |
76 | 76 | ||
77 | void set_newkeys(int mode); | 77 | void set_newkeys(int mode); |
@@ -115,7 +115,8 @@ do { \ | |||
115 | } while (0) | 115 | } while (0) |
116 | 116 | ||
117 | int packet_need_rekeying(void); | 117 | int packet_need_rekeying(void); |
118 | void packet_set_rekey_limit(u_int32_t); | 118 | void packet_set_rekey_limits(u_int32_t, time_t); |
119 | time_t packet_get_rekey_timeout(void); | ||
119 | 120 | ||
120 | void packet_backup_state(void); | 121 | void packet_backup_state(void); |
121 | void packet_restore_state(void); | 122 | void packet_restore_state(void); |
diff --git a/pathnames.h b/pathnames.h index c3d9abff5..5027fbaed 100644 --- a/pathnames.h +++ b/pathnames.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: pathnames.h,v 1.22 2011/05/23 03:30:07 djm Exp $ */ | 1 | /* $OpenBSD: pathnames.h,v 1.23 2013/04/05 00:31:49 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
@@ -65,18 +65,18 @@ | |||
65 | * readable by anyone except the user him/herself, though this does not | 65 | * readable by anyone except the user him/herself, though this does not |
66 | * contain anything particularly secret. | 66 | * contain anything particularly secret. |
67 | */ | 67 | */ |
68 | #define _PATH_SSH_USER_HOSTFILE "~/.ssh/known_hosts" | 68 | #define _PATH_SSH_USER_HOSTFILE "~/" _PATH_SSH_USER_DIR "/known_hosts" |
69 | /* backward compat for protocol 2 */ | 69 | /* backward compat for protocol 2 */ |
70 | #define _PATH_SSH_USER_HOSTFILE2 "~/.ssh/known_hosts2" | 70 | #define _PATH_SSH_USER_HOSTFILE2 "~/" _PATH_SSH_USER_DIR "/known_hosts2" |
71 | 71 | ||
72 | /* | 72 | /* |
73 | * Name of the default file containing client-side authentication key. This | 73 | * Name of the default file containing client-side authentication key. This |
74 | * file should only be readable by the user him/herself. | 74 | * file should only be readable by the user him/herself. |
75 | */ | 75 | */ |
76 | #define _PATH_SSH_CLIENT_IDENTITY ".ssh/identity" | 76 | #define _PATH_SSH_CLIENT_IDENTITY _PATH_SSH_USER_DIR "/identity" |
77 | #define _PATH_SSH_CLIENT_ID_DSA ".ssh/id_dsa" | 77 | #define _PATH_SSH_CLIENT_ID_DSA _PATH_SSH_USER_DIR "/id_dsa" |
78 | #define _PATH_SSH_CLIENT_ID_ECDSA ".ssh/id_ecdsa" | 78 | #define _PATH_SSH_CLIENT_ID_ECDSA _PATH_SSH_USER_DIR "/id_ecdsa" |
79 | #define _PATH_SSH_CLIENT_ID_RSA ".ssh/id_rsa" | 79 | #define _PATH_SSH_CLIENT_ID_RSA _PATH_SSH_USER_DIR "/id_rsa" |
80 | 80 | ||
81 | /* | 81 | /* |
82 | * Configuration file in user's home directory. This file need not be | 82 | * Configuration file in user's home directory. This file need not be |
@@ -84,7 +84,7 @@ | |||
84 | * particularly secret. If the user's home directory resides on an NFS | 84 | * particularly secret. If the user's home directory resides on an NFS |
85 | * volume where root is mapped to nobody, this may need to be world-readable. | 85 | * volume where root is mapped to nobody, this may need to be world-readable. |
86 | */ | 86 | */ |
87 | #define _PATH_SSH_USER_CONFFILE ".ssh/config" | 87 | #define _PATH_SSH_USER_CONFFILE _PATH_SSH_USER_DIR "/config" |
88 | 88 | ||
89 | /* | 89 | /* |
90 | * File containing a list of those rsa keys that permit logging in as this | 90 | * File containing a list of those rsa keys that permit logging in as this |
@@ -94,10 +94,10 @@ | |||
94 | * may need to be world-readable. (This file is read by the daemon which is | 94 | * may need to be world-readable. (This file is read by the daemon which is |
95 | * running as root.) | 95 | * running as root.) |
96 | */ | 96 | */ |
97 | #define _PATH_SSH_USER_PERMITTED_KEYS ".ssh/authorized_keys" | 97 | #define _PATH_SSH_USER_PERMITTED_KEYS _PATH_SSH_USER_DIR "/authorized_keys" |
98 | 98 | ||
99 | /* backward compat for protocol v2 */ | 99 | /* backward compat for protocol v2 */ |
100 | #define _PATH_SSH_USER_PERMITTED_KEYS2 ".ssh/authorized_keys2" | 100 | #define _PATH_SSH_USER_PERMITTED_KEYS2 _PATH_SSH_USER_DIR "/authorized_keys2" |
101 | 101 | ||
102 | /* | 102 | /* |
103 | * Per-user and system-wide ssh "rc" files. These files are executed with | 103 | * Per-user and system-wide ssh "rc" files. These files are executed with |
@@ -105,7 +105,7 @@ | |||
105 | * passed "proto cookie" as arguments if X11 forwarding with spoofing is in | 105 | * passed "proto cookie" as arguments if X11 forwarding with spoofing is in |
106 | * use. xauth will be run if neither of these exists. | 106 | * use. xauth will be run if neither of these exists. |
107 | */ | 107 | */ |
108 | #define _PATH_SSH_USER_RC ".ssh/rc" | 108 | #define _PATH_SSH_USER_RC _PATH_SSH_USER_DIR "/rc" |
109 | #define _PATH_SSH_SYSTEM_RC SSHDIR "/sshrc" | 109 | #define _PATH_SSH_SYSTEM_RC SSHDIR "/sshrc" |
110 | 110 | ||
111 | /* | 111 | /* |
diff --git a/progressmeter.c b/progressmeter.c index 0f95222d2..332bd3c99 100644 --- a/progressmeter.c +++ b/progressmeter.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: progressmeter.c,v 1.37 2006/08/03 03:34:42 deraadt Exp $ */ | 1 | /* $OpenBSD: progressmeter.c,v 1.39 2013/06/02 13:33:05 dtucker Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2003 Nils Nordman. All rights reserved. | 3 | * Copyright (c) 2003 Nils Nordman. All rights reserved. |
4 | * | 4 | * |
@@ -131,7 +131,7 @@ refresh_progress_meter(void) | |||
131 | 131 | ||
132 | transferred = *counter - cur_pos; | 132 | transferred = *counter - cur_pos; |
133 | cur_pos = *counter; | 133 | cur_pos = *counter; |
134 | now = time(NULL); | 134 | now = monotime(); |
135 | bytes_left = end_pos - cur_pos; | 135 | bytes_left = end_pos - cur_pos; |
136 | 136 | ||
137 | if (bytes_left > 0) | 137 | if (bytes_left > 0) |
@@ -249,7 +249,7 @@ update_progress_meter(int ignore) | |||
249 | void | 249 | void |
250 | start_progress_meter(char *f, off_t filesize, off_t *ctr) | 250 | start_progress_meter(char *f, off_t filesize, off_t *ctr) |
251 | { | 251 | { |
252 | start = last_update = time(NULL); | 252 | start = last_update = monotime(); |
253 | file = f; | 253 | file = f; |
254 | end_pos = filesize; | 254 | end_pos = filesize; |
255 | cur_pos = 0; | 255 | cur_pos = 0; |
diff --git a/readconf.c b/readconf.c index 375ca32cc..2695fd6c0 100644 --- a/readconf.c +++ b/readconf.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: readconf.c,v 1.196 2013/02/22 04:45:08 dtucker Exp $ */ | 1 | /* $OpenBSD: readconf.c,v 1.204 2013/06/10 19:19:44 dtucker Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -30,6 +30,9 @@ | |||
30 | #include <stdio.h> | 30 | #include <stdio.h> |
31 | #include <string.h> | 31 | #include <string.h> |
32 | #include <unistd.h> | 32 | #include <unistd.h> |
33 | #ifdef HAVE_UTIL_H | ||
34 | #include <util.h> | ||
35 | #endif | ||
33 | 36 | ||
34 | #include "xmalloc.h" | 37 | #include "xmalloc.h" |
35 | #include "ssh.h" | 38 | #include "ssh.h" |
@@ -136,8 +139,8 @@ typedef enum { | |||
136 | oHashKnownHosts, | 139 | oHashKnownHosts, |
137 | oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, | 140 | oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, |
138 | oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication, | 141 | oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication, |
139 | oKexAlgorithms, oIPQoS, oRequestTTY, | 142 | oKexAlgorithms, oIPQoS, oRequestTTY, oIgnoreUnknown, |
140 | oDeprecated, oUnsupported | 143 | oIgnoredUnknownOption, oDeprecated, oUnsupported |
141 | } OpCodes; | 144 | } OpCodes; |
142 | 145 | ||
143 | /* Textual representations of the tokens. */ | 146 | /* Textual representations of the tokens. */ |
@@ -257,6 +260,7 @@ static struct { | |||
257 | { "kexalgorithms", oKexAlgorithms }, | 260 | { "kexalgorithms", oKexAlgorithms }, |
258 | { "ipqos", oIPQoS }, | 261 | { "ipqos", oIPQoS }, |
259 | { "requesttty", oRequestTTY }, | 262 | { "requesttty", oRequestTTY }, |
263 | { "ignoreunknown", oIgnoreUnknown }, | ||
260 | 264 | ||
261 | { NULL, oBadOption } | 265 | { NULL, oBadOption } |
262 | }; | 266 | }; |
@@ -315,22 +319,20 @@ clear_forwardings(Options *options) | |||
315 | int i; | 319 | int i; |
316 | 320 | ||
317 | for (i = 0; i < options->num_local_forwards; i++) { | 321 | for (i = 0; i < options->num_local_forwards; i++) { |
318 | if (options->local_forwards[i].listen_host != NULL) | 322 | free(options->local_forwards[i].listen_host); |
319 | xfree(options->local_forwards[i].listen_host); | 323 | free(options->local_forwards[i].connect_host); |
320 | xfree(options->local_forwards[i].connect_host); | ||
321 | } | 324 | } |
322 | if (options->num_local_forwards > 0) { | 325 | if (options->num_local_forwards > 0) { |
323 | xfree(options->local_forwards); | 326 | free(options->local_forwards); |
324 | options->local_forwards = NULL; | 327 | options->local_forwards = NULL; |
325 | } | 328 | } |
326 | options->num_local_forwards = 0; | 329 | options->num_local_forwards = 0; |
327 | for (i = 0; i < options->num_remote_forwards; i++) { | 330 | for (i = 0; i < options->num_remote_forwards; i++) { |
328 | if (options->remote_forwards[i].listen_host != NULL) | 331 | free(options->remote_forwards[i].listen_host); |
329 | xfree(options->remote_forwards[i].listen_host); | 332 | free(options->remote_forwards[i].connect_host); |
330 | xfree(options->remote_forwards[i].connect_host); | ||
331 | } | 333 | } |
332 | if (options->num_remote_forwards > 0) { | 334 | if (options->num_remote_forwards > 0) { |
333 | xfree(options->remote_forwards); | 335 | free(options->remote_forwards); |
334 | options->remote_forwards = NULL; | 336 | options->remote_forwards = NULL; |
335 | } | 337 | } |
336 | options->num_remote_forwards = 0; | 338 | options->num_remote_forwards = 0; |
@@ -362,14 +364,17 @@ add_identity_file(Options *options, const char *dir, const char *filename, | |||
362 | */ | 364 | */ |
363 | 365 | ||
364 | static OpCodes | 366 | static OpCodes |
365 | parse_token(const char *cp, const char *filename, int linenum) | 367 | parse_token(const char *cp, const char *filename, int linenum, |
368 | const char *ignored_unknown) | ||
366 | { | 369 | { |
367 | u_int i; | 370 | int i; |
368 | 371 | ||
369 | for (i = 0; keywords[i].name; i++) | 372 | for (i = 0; keywords[i].name; i++) |
370 | if (strcasecmp(cp, keywords[i].name) == 0) | 373 | if (strcmp(cp, keywords[i].name) == 0) |
371 | return keywords[i].opcode; | 374 | return keywords[i].opcode; |
372 | 375 | if (ignored_unknown != NULL && match_pattern_list(cp, ignored_unknown, | |
376 | strlen(ignored_unknown), 1) == 1) | ||
377 | return oIgnoredUnknownOption; | ||
373 | error("%s: line %d: Bad configuration option: %s", | 378 | error("%s: line %d: Bad configuration option: %s", |
374 | filename, linenum, cp); | 379 | filename, linenum, cp); |
375 | return oBadOption; | 380 | return oBadOption; |
@@ -388,10 +393,10 @@ process_config_line(Options *options, const char *host, | |||
388 | { | 393 | { |
389 | char *s, **charptr, *endofnumber, *keyword, *arg, *arg2; | 394 | char *s, **charptr, *endofnumber, *keyword, *arg, *arg2; |
390 | char **cpptr, fwdarg[256]; | 395 | char **cpptr, fwdarg[256]; |
391 | u_int *uintptr, max_entries = 0; | 396 | u_int i, *uintptr, max_entries = 0; |
392 | int negated, opcode, *intptr, value, value2, scale; | 397 | int negated, opcode, *intptr, value, value2; |
393 | LogLevel *log_level_ptr; | 398 | LogLevel *log_level_ptr; |
394 | long long orig, val64; | 399 | long long val64; |
395 | size_t len; | 400 | size_t len; |
396 | Forward fwd; | 401 | Forward fwd; |
397 | 402 | ||
@@ -411,14 +416,22 @@ process_config_line(Options *options, const char *host, | |||
411 | keyword = strdelim(&s); | 416 | keyword = strdelim(&s); |
412 | if (keyword == NULL || !*keyword || *keyword == '\n' || *keyword == '#') | 417 | if (keyword == NULL || !*keyword || *keyword == '\n' || *keyword == '#') |
413 | return 0; | 418 | return 0; |
419 | /* Match lowercase keyword */ | ||
420 | for (i = 0; i < strlen(keyword); i++) | ||
421 | keyword[i] = tolower(keyword[i]); | ||
414 | 422 | ||
415 | opcode = parse_token(keyword, filename, linenum); | 423 | opcode = parse_token(keyword, filename, linenum, |
424 | options->ignored_unknown); | ||
416 | 425 | ||
417 | switch (opcode) { | 426 | switch (opcode) { |
418 | case oBadOption: | 427 | case oBadOption: |
419 | /* don't panic, but count bad options */ | 428 | /* don't panic, but count bad options */ |
420 | return -1; | 429 | return -1; |
421 | /* NOTREACHED */ | 430 | /* NOTREACHED */ |
431 | case oIgnoredUnknownOption: | ||
432 | debug("%s line %d: Ignored unknown option \"%s\"", | ||
433 | filename, linenum, keyword); | ||
434 | return 0; | ||
422 | case oConnectTimeout: | 435 | case oConnectTimeout: |
423 | intptr = &options->connection_timeout; | 436 | intptr = &options->connection_timeout; |
424 | parse_time: | 437 | parse_time: |
@@ -593,39 +606,32 @@ parse_yesnoask: | |||
593 | case oRekeyLimit: | 606 | case oRekeyLimit: |
594 | arg = strdelim(&s); | 607 | arg = strdelim(&s); |
595 | if (!arg || *arg == '\0') | 608 | if (!arg || *arg == '\0') |
596 | fatal("%.200s line %d: Missing argument.", filename, linenum); | 609 | fatal("%.200s line %d: Missing argument.", filename, |
597 | if (arg[0] < '0' || arg[0] > '9') | 610 | linenum); |
598 | fatal("%.200s line %d: Bad number.", filename, linenum); | 611 | if (strcmp(arg, "default") == 0) { |
599 | orig = val64 = strtoll(arg, &endofnumber, 10); | 612 | val64 = 0; |
600 | if (arg == endofnumber) | 613 | } else { |
601 | fatal("%.200s line %d: Bad number.", filename, linenum); | 614 | if (scan_scaled(arg, &val64) == -1) |
602 | switch (toupper(*endofnumber)) { | 615 | fatal("%.200s line %d: Bad number '%s': %s", |
603 | case '\0': | 616 | filename, linenum, arg, strerror(errno)); |
604 | scale = 1; | 617 | /* check for too-large or too-small limits */ |
605 | break; | 618 | if (val64 > UINT_MAX) |
606 | case 'K': | 619 | fatal("%.200s line %d: RekeyLimit too large", |
607 | scale = 1<<10; | 620 | filename, linenum); |
608 | break; | 621 | if (val64 != 0 && val64 < 16) |
609 | case 'M': | 622 | fatal("%.200s line %d: RekeyLimit too small", |
610 | scale = 1<<20; | 623 | filename, linenum); |
611 | break; | ||
612 | case 'G': | ||
613 | scale = 1<<30; | ||
614 | break; | ||
615 | default: | ||
616 | fatal("%.200s line %d: Invalid RekeyLimit suffix", | ||
617 | filename, linenum); | ||
618 | } | 624 | } |
619 | val64 *= scale; | ||
620 | /* detect integer wrap and too-large limits */ | ||
621 | if ((val64 / scale) != orig || val64 > UINT_MAX) | ||
622 | fatal("%.200s line %d: RekeyLimit too large", | ||
623 | filename, linenum); | ||
624 | if (val64 < 16) | ||
625 | fatal("%.200s line %d: RekeyLimit too small", | ||
626 | filename, linenum); | ||
627 | if (*activep && options->rekey_limit == -1) | 625 | if (*activep && options->rekey_limit == -1) |
628 | options->rekey_limit = (u_int32_t)val64; | 626 | options->rekey_limit = (u_int32_t)val64; |
627 | if (s != NULL) { /* optional rekey interval present */ | ||
628 | if (strcmp(s, "none") == 0) { | ||
629 | (void)strdelim(&s); /* discard */ | ||
630 | break; | ||
631 | } | ||
632 | intptr = &options->rekey_interval; | ||
633 | goto parse_time; | ||
634 | } | ||
629 | break; | 635 | break; |
630 | 636 | ||
631 | case oIdentityFile: | 637 | case oIdentityFile: |
@@ -1093,6 +1099,10 @@ parse_int: | |||
1093 | *intptr = value; | 1099 | *intptr = value; |
1094 | break; | 1100 | break; |
1095 | 1101 | ||
1102 | case oIgnoreUnknown: | ||
1103 | charptr = &options->ignored_unknown; | ||
1104 | goto parse_string; | ||
1105 | |||
1096 | case oDeprecated: | 1106 | case oDeprecated: |
1097 | debug("%s line %d: Deprecated option \"%s\"", | 1107 | debug("%s line %d: Deprecated option \"%s\"", |
1098 | filename, linenum, keyword); | 1108 | filename, linenum, keyword); |
@@ -1238,6 +1248,7 @@ initialize_options(Options * options) | |||
1238 | options->no_host_authentication_for_localhost = - 1; | 1248 | options->no_host_authentication_for_localhost = - 1; |
1239 | options->identities_only = - 1; | 1249 | options->identities_only = - 1; |
1240 | options->rekey_limit = - 1; | 1250 | options->rekey_limit = - 1; |
1251 | options->rekey_interval = -1; | ||
1241 | options->verify_host_key_dns = -1; | 1252 | options->verify_host_key_dns = -1; |
1242 | options->server_alive_interval = -1; | 1253 | options->server_alive_interval = -1; |
1243 | options->server_alive_count_max = -1; | 1254 | options->server_alive_count_max = -1; |
@@ -1258,6 +1269,7 @@ initialize_options(Options * options) | |||
1258 | options->ip_qos_interactive = -1; | 1269 | options->ip_qos_interactive = -1; |
1259 | options->ip_qos_bulk = -1; | 1270 | options->ip_qos_bulk = -1; |
1260 | options->request_tty = -1; | 1271 | options->request_tty = -1; |
1272 | options->ignored_unknown = NULL; | ||
1261 | } | 1273 | } |
1262 | 1274 | ||
1263 | /* | 1275 | /* |
@@ -1268,8 +1280,6 @@ initialize_options(Options * options) | |||
1268 | void | 1280 | void |
1269 | fill_default_options(Options * options) | 1281 | fill_default_options(Options * options) |
1270 | { | 1282 | { |
1271 | int len; | ||
1272 | |||
1273 | if (options->forward_agent == -1) | 1283 | if (options->forward_agent == -1) |
1274 | options->forward_agent = 0; | 1284 | options->forward_agent = 0; |
1275 | if (options->forward_x11 == -1) | 1285 | if (options->forward_x11 == -1) |
@@ -1381,6 +1391,8 @@ fill_default_options(Options * options) | |||
1381 | options->enable_ssh_keysign = 0; | 1391 | options->enable_ssh_keysign = 0; |
1382 | if (options->rekey_limit == -1) | 1392 | if (options->rekey_limit == -1) |
1383 | options->rekey_limit = 0; | 1393 | options->rekey_limit = 0; |
1394 | if (options->rekey_interval == -1) | ||
1395 | options->rekey_interval = 0; | ||
1384 | if (options->verify_host_key_dns == -1) | 1396 | if (options->verify_host_key_dns == -1) |
1385 | options->verify_host_key_dns = 0; | 1397 | options->verify_host_key_dns = 0; |
1386 | if (options->server_alive_interval == -1) | 1398 | if (options->server_alive_interval == -1) |
@@ -1484,7 +1496,7 @@ parse_forward(Forward *fwd, const char *fwdspec, int dynamicfwd, int remotefwd) | |||
1484 | i = 0; /* failure */ | 1496 | i = 0; /* failure */ |
1485 | } | 1497 | } |
1486 | 1498 | ||
1487 | xfree(p); | 1499 | free(p); |
1488 | 1500 | ||
1489 | if (dynamicfwd) { | 1501 | if (dynamicfwd) { |
1490 | if (!(i == 1 || i == 2)) | 1502 | if (!(i == 1 || i == 2)) |
@@ -1510,13 +1522,9 @@ parse_forward(Forward *fwd, const char *fwdspec, int dynamicfwd, int remotefwd) | |||
1510 | return (i); | 1522 | return (i); |
1511 | 1523 | ||
1512 | fail_free: | 1524 | fail_free: |
1513 | if (fwd->connect_host != NULL) { | 1525 | free(fwd->connect_host); |
1514 | xfree(fwd->connect_host); | 1526 | fwd->connect_host = NULL; |
1515 | fwd->connect_host = NULL; | 1527 | free(fwd->listen_host); |
1516 | } | 1528 | fwd->listen_host = NULL; |
1517 | if (fwd->listen_host != NULL) { | ||
1518 | xfree(fwd->listen_host); | ||
1519 | fwd->listen_host = NULL; | ||
1520 | } | ||
1521 | return (0); | 1529 | return (0); |
1522 | } | 1530 | } |
diff --git a/readconf.h b/readconf.h index 0835cb671..675b35dfe 100644 --- a/readconf.h +++ b/readconf.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: readconf.h,v 1.93 2013/02/22 04:45:09 dtucker Exp $ */ | 1 | /* $OpenBSD: readconf.h,v 1.95 2013/05/16 04:27:50 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
@@ -115,6 +115,7 @@ typedef struct { | |||
115 | 115 | ||
116 | int enable_ssh_keysign; | 116 | int enable_ssh_keysign; |
117 | int64_t rekey_limit; | 117 | int64_t rekey_limit; |
118 | int rekey_interval; | ||
118 | int no_host_authentication_for_localhost; | 119 | int no_host_authentication_for_localhost; |
119 | int identities_only; | 120 | int identities_only; |
120 | int server_alive_interval; | 121 | int server_alive_interval; |
@@ -141,6 +142,8 @@ typedef struct { | |||
141 | int use_roaming; | 142 | int use_roaming; |
142 | 143 | ||
143 | int request_tty; | 144 | int request_tty; |
145 | |||
146 | char *ignored_unknown; /* Pattern list of unknown tokens to ignore */ | ||
144 | } Options; | 147 | } Options; |
145 | 148 | ||
146 | #define SSHCTL_MASTER_NO 0 | 149 | #define SSHCTL_MASTER_NO 0 |
diff --git a/readpass.c b/readpass.c index 599c8ef9a..e37d31158 100644 --- a/readpass.c +++ b/readpass.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: readpass.c,v 1.48 2010/12/15 00:49:27 djm Exp $ */ | 1 | /* $OpenBSD: readpass.c,v 1.49 2013/05/17 00:13:14 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -186,7 +186,7 @@ ask_permission(const char *fmt, ...) | |||
186 | if (*p == '\0' || *p == '\n' || | 186 | if (*p == '\0' || *p == '\n' || |
187 | strcasecmp(p, "yes") == 0) | 187 | strcasecmp(p, "yes") == 0) |
188 | allowed = 1; | 188 | allowed = 1; |
189 | xfree(p); | 189 | free(p); |
190 | } | 190 | } |
191 | 191 | ||
192 | return (allowed); | 192 | return (allowed); |
diff --git a/regress/Makefile b/regress/Makefile index 6ef5d9cce..ab2a6ae7b 100644 --- a/regress/Makefile +++ b/regress/Makefile | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: Makefile,v 1.62 2013/01/18 00:45:29 djm Exp $ | 1 | # $OpenBSD: Makefile,v 1.65 2013/04/18 02:46:12 djm Exp $ |
2 | 2 | ||
3 | REGRESS_TARGETS= t1 t2 t3 t4 t5 t6 t7 t8 t9 t-exec | 3 | REGRESS_TARGETS= t1 t2 t3 t4 t5 t6 t7 t8 t9 t-exec |
4 | tests: $(REGRESS_TARGETS) | 4 | tests: $(REGRESS_TARGETS) |
@@ -8,6 +8,7 @@ interop interop-tests: t-exec-interop | |||
8 | 8 | ||
9 | clean: | 9 | clean: |
10 | for F in $(CLEANFILES); do rm -f $(OBJ)$$F; done | 10 | for F in $(CLEANFILES); do rm -f $(OBJ)$$F; done |
11 | test -z "${SUDO}" || ${SUDO} rm -f ${SUDO_CLEAN} | ||
11 | rm -rf $(OBJ).putty | 12 | rm -rf $(OBJ).putty |
12 | 13 | ||
13 | distclean: clean | 14 | distclean: clean |
@@ -38,6 +39,7 @@ LTESTS= connect \ | |||
38 | key-options \ | 39 | key-options \ |
39 | scp \ | 40 | scp \ |
40 | sftp \ | 41 | sftp \ |
42 | sftp-chroot \ | ||
41 | sftp-cmds \ | 43 | sftp-cmds \ |
42 | sftp-badcmds \ | 44 | sftp-badcmds \ |
43 | sftp-batch \ | 45 | sftp-batch \ |
@@ -82,8 +84,11 @@ CLEANFILES= t2.out t3.out t6.out1 t6.out2 t7.out t7.out.pub copy.1 copy.2 \ | |||
82 | putty.rsa2 sshd_proxy_orig ssh_proxy_bak \ | 84 | putty.rsa2 sshd_proxy_orig ssh_proxy_bak \ |
83 | key.rsa-* key.dsa-* key.ecdsa-* \ | 85 | key.rsa-* key.dsa-* key.ecdsa-* \ |
84 | authorized_principals_${USER} expect actual ready \ | 86 | authorized_principals_${USER} expect actual ready \ |
85 | sshd_proxy.* authorized_keys_${USER}.* modpipe revoked-* krl-* | 87 | sshd_proxy.* authorized_keys_${USER}.* modpipe revoked-* krl-* \ |
88 | ssh.log failed-ssh.log sshd.log failed-sshd.log \ | ||
89 | regress.log failed-regress.log ssh-log-wrapper.sh | ||
86 | 90 | ||
91 | SUDO_CLEAN+= /var/run/testdata_${USER} /var/run/keycommand_${USER} | ||
87 | 92 | ||
88 | # Enable all malloc(3) randomisations and checks | 93 | # Enable all malloc(3) randomisations and checks |
89 | TEST_ENV= "MALLOC_OPTIONS=AFGJPRX" | 94 | TEST_ENV= "MALLOC_OPTIONS=AFGJPRX" |
@@ -150,14 +155,14 @@ t-exec: ${LTESTS:=.sh} | |||
150 | @if [ "x$?" = "x" ]; then exit 0; fi; \ | 155 | @if [ "x$?" = "x" ]; then exit 0; fi; \ |
151 | for TEST in ""$?; do \ | 156 | for TEST in ""$?; do \ |
152 | echo "run test $${TEST}" ... 1>&2; \ | 157 | echo "run test $${TEST}" ... 1>&2; \ |
153 | (env SUDO="${SUDO}" TEST_ENV=${TEST_ENV} sh ${.CURDIR}/test-exec.sh ${.OBJDIR} ${.CURDIR}/$${TEST}) || exit $$?; \ | 158 | (env SUDO="${SUDO}" TEST_ENV=${TEST_ENV} ${TEST_SHELL} ${.CURDIR}/test-exec.sh ${.OBJDIR} ${.CURDIR}/$${TEST}) || exit $$?; \ |
154 | done | 159 | done |
155 | 160 | ||
156 | t-exec-interop: ${INTEROP_TESTS:=.sh} | 161 | t-exec-interop: ${INTEROP_TESTS:=.sh} |
157 | @if [ "x$?" = "x" ]; then exit 0; fi; \ | 162 | @if [ "x$?" = "x" ]; then exit 0; fi; \ |
158 | for TEST in ""$?; do \ | 163 | for TEST in ""$?; do \ |
159 | echo "run test $${TEST}" ... 1>&2; \ | 164 | echo "run test $${TEST}" ... 1>&2; \ |
160 | (env SUDO="${SUDO}" TEST_ENV=${TEST_ENV} sh ${.CURDIR}/test-exec.sh ${.OBJDIR} ${.CURDIR}/$${TEST}) || exit $$?; \ | 165 | (env SUDO="${SUDO}" TEST_ENV=${TEST_ENV} ${TEST_SHELL} ${.CURDIR}/test-exec.sh ${.OBJDIR} ${.CURDIR}/$${TEST}) || exit $$?; \ |
161 | done | 166 | done |
162 | 167 | ||
163 | # Not run by default | 168 | # Not run by default |
diff --git a/regress/agent-getpeereid.sh b/regress/agent-getpeereid.sh index faf654c04..d5ae2d6e2 100644 --- a/regress/agent-getpeereid.sh +++ b/regress/agent-getpeereid.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: agent-getpeereid.sh,v 1.4 2007/11/25 15:35:09 jmc Exp $ | 1 | # $OpenBSD: agent-getpeereid.sh,v 1.5 2013/05/17 10:33:09 dtucker Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="disallow agent attach from other uid" | 4 | tid="disallow agent attach from other uid" |
@@ -18,7 +18,6 @@ if [ -z "$SUDO" ]; then | |||
18 | exit 0 | 18 | exit 0 |
19 | fi | 19 | fi |
20 | 20 | ||
21 | |||
22 | trace "start agent" | 21 | trace "start agent" |
23 | eval `${SSHAGENT} -s -a ${ASOCK}` > /dev/null | 22 | eval `${SSHAGENT} -s -a ${ASOCK}` > /dev/null |
24 | r=$? | 23 | r=$? |
diff --git a/regress/agent-timeout.sh b/regress/agent-timeout.sh index 3a40e7af8..68826594e 100644 --- a/regress/agent-timeout.sh +++ b/regress/agent-timeout.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: agent-timeout.sh,v 1.1 2002/06/06 00:38:40 markus Exp $ | 1 | # $OpenBSD: agent-timeout.sh,v 1.2 2013/05/17 01:16:09 dtucker Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="agent timeout test" | 4 | tid="agent timeout test" |
diff --git a/regress/agent.sh b/regress/agent.sh index 094cf694b..be7d91334 100644 --- a/regress/agent.sh +++ b/regress/agent.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: agent.sh,v 1.7 2007/11/25 15:35:09 jmc Exp $ | 1 | # $OpenBSD: agent.sh,v 1.8 2013/05/17 00:37:40 dtucker Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="simple agent test" | 4 | tid="simple agent test" |
@@ -19,7 +19,7 @@ else | |||
19 | fail "ssh-add -l did not fail with exit code 1" | 19 | fail "ssh-add -l did not fail with exit code 1" |
20 | fi | 20 | fi |
21 | trace "overwrite authorized keys" | 21 | trace "overwrite authorized keys" |
22 | echon > $OBJ/authorized_keys_$USER | 22 | printf '' > $OBJ/authorized_keys_$USER |
23 | for t in rsa rsa1; do | 23 | for t in rsa rsa1; do |
24 | # generate user key for agent | 24 | # generate user key for agent |
25 | rm -f $OBJ/$t-agent | 25 | rm -f $OBJ/$t-agent |
diff --git a/regress/bsd.regress.mk b/regress/bsd.regress.mk deleted file mode 100644 index 9b8011a01..000000000 --- a/regress/bsd.regress.mk +++ /dev/null | |||
@@ -1,79 +0,0 @@ | |||
1 | # $OpenBSD: bsd.regress.mk,v 1.9 2002/02/17 01:10:15 marc Exp $ | ||
2 | # No man pages for regression tests. | ||
3 | NOMAN= | ||
4 | |||
5 | # No installation. | ||
6 | install: | ||
7 | |||
8 | # If REGRESSTARGETS is defined and PROG is not defined, set NOPROG | ||
9 | .if defined(REGRESSTARGETS) && !defined(PROG) | ||
10 | NOPROG= | ||
11 | .endif | ||
12 | |||
13 | .include <bsd.prog.mk> | ||
14 | |||
15 | .MAIN: all | ||
16 | all: regress | ||
17 | |||
18 | # XXX - Need full path to REGRESSLOG, otherwise there will be much pain. | ||
19 | |||
20 | REGRESSLOG?=/dev/null | ||
21 | REGRESSNAME=${.CURDIR:S/${BSDSRCDIR}\/regress\///} | ||
22 | |||
23 | .if defined(PROG) && !empty(PROG) | ||
24 | run-regress-${PROG}: ${PROG} | ||
25 | ./${PROG} | ||
26 | .endif | ||
27 | |||
28 | .if !defined(REGRESSTARGETS) | ||
29 | REGRESSTARGETS=run-regress-${PROG} | ||
30 | . if defined(REGRESSSKIP) | ||
31 | REGRESSSKIPTARGETS=run-regress-${PROG} | ||
32 | . endif | ||
33 | .endif | ||
34 | |||
35 | REGRESSSKIPSLOW?=no | ||
36 | |||
37 | #.if (${REGRESSSKIPSLOW:L} == "yes") && defined(REGRESSSLOWTARGETS) | ||
38 | |||
39 | .if (${REGRESSSKIPSLOW} == "yes") && defined(REGRESSSLOWTARGETS) | ||
40 | REGRESSSKIPTARGETS+=${REGRESSSLOWTARGETS} | ||
41 | .endif | ||
42 | |||
43 | .if defined(REGRESSROOTTARGETS) | ||
44 | ROOTUSER!=id -g | ||
45 | SUDO?= | ||
46 | . if (${ROOTUSER} != 0) && empty(SUDO) | ||
47 | REGRESSSKIPTARGETS+=${REGRESSROOTTARGETS} | ||
48 | . endif | ||
49 | .endif | ||
50 | |||
51 | REGRESSSKIPTARGETS?= | ||
52 | |||
53 | regress: | ||
54 | .for RT in ${REGRESSTARGETS} | ||
55 | . if ${REGRESSSKIPTARGETS:M${RT}} | ||
56 | @echo -n "SKIP " >> ${REGRESSLOG} | ||
57 | . else | ||
58 | # XXX - we need a better method to see if a test fails due to timeout or just | ||
59 | # normal failure. | ||
60 | . if !defined(REGRESSMAXTIME) | ||
61 | @if cd ${.CURDIR} && ${MAKE} ${RT}; then \ | ||
62 | echo -n "SUCCESS " >> ${REGRESSLOG} ; \ | ||
63 | else \ | ||
64 | echo -n "FAIL " >> ${REGRESSLOG} ; \ | ||
65 | echo FAILED ; \ | ||
66 | fi | ||
67 | . else | ||
68 | @if cd ${.CURDIR} && (ulimit -t ${REGRESSMAXTIME} ; ${MAKE} ${RT}); then \ | ||
69 | echo -n "SUCCESS " >> ${REGRESSLOG} ; \ | ||
70 | else \ | ||
71 | echo -n "FAIL (possible timeout) " >> ${REGRESSLOG} ; \ | ||
72 | echo FAILED ; \ | ||
73 | fi | ||
74 | . endif | ||
75 | . endif | ||
76 | @echo ${REGRESSNAME}/${RT:S/^run-regress-//} >> ${REGRESSLOG} | ||
77 | .endfor | ||
78 | |||
79 | .PHONY: regress | ||
diff --git a/regress/cert-hostkey.sh b/regress/cert-hostkey.sh index 6216abd87..35cd39293 100644 --- a/regress/cert-hostkey.sh +++ b/regress/cert-hostkey.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: cert-hostkey.sh,v 1.6 2011/05/20 02:43:36 djm Exp $ | 1 | # $OpenBSD: cert-hostkey.sh,v 1.7 2013/05/17 00:37:40 dtucker Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="certified host keys" | 4 | tid="certified host keys" |
@@ -18,8 +18,8 @@ HOSTS='localhost-with-alias,127.0.0.1,::1' | |||
18 | ${SSHKEYGEN} -q -N '' -t rsa -f $OBJ/host_ca_key ||\ | 18 | ${SSHKEYGEN} -q -N '' -t rsa -f $OBJ/host_ca_key ||\ |
19 | fail "ssh-keygen of host_ca_key failed" | 19 | fail "ssh-keygen of host_ca_key failed" |
20 | ( | 20 | ( |
21 | echon '@cert-authority ' | 21 | printf '@cert-authority ' |
22 | echon "$HOSTS " | 22 | printf "$HOSTS " |
23 | cat $OBJ/host_ca_key.pub | 23 | cat $OBJ/host_ca_key.pub |
24 | ) > $OBJ/known_hosts-cert | 24 | ) > $OBJ/known_hosts-cert |
25 | 25 | ||
@@ -66,25 +66,25 @@ done | |||
66 | 66 | ||
67 | # Revoked certificates with key present | 67 | # Revoked certificates with key present |
68 | ( | 68 | ( |
69 | echon '@cert-authority ' | 69 | printf '@cert-authority ' |
70 | echon "$HOSTS " | 70 | printf "$HOSTS " |
71 | cat $OBJ/host_ca_key.pub | 71 | cat $OBJ/host_ca_key.pub |
72 | echon '@revoked ' | 72 | printf '@revoked ' |
73 | echon "* " | 73 | printf "* " |
74 | cat $OBJ/cert_host_key_rsa.pub | 74 | cat $OBJ/cert_host_key_rsa.pub |
75 | if test "x$TEST_SSH_ECC" = "xyes"; then | 75 | if test "x$TEST_SSH_ECC" = "xyes"; then |
76 | echon '@revoked ' | 76 | printf '@revoked ' |
77 | echon "* " | 77 | printf "* " |
78 | cat $OBJ/cert_host_key_ecdsa.pub | 78 | cat $OBJ/cert_host_key_ecdsa.pub |
79 | fi | 79 | fi |
80 | echon '@revoked ' | 80 | printf '@revoked ' |
81 | echon "* " | 81 | printf "* " |
82 | cat $OBJ/cert_host_key_dsa.pub | 82 | cat $OBJ/cert_host_key_dsa.pub |
83 | echon '@revoked ' | 83 | printf '@revoked ' |
84 | echon "* " | 84 | printf "* " |
85 | cat $OBJ/cert_host_key_rsa_v00.pub | 85 | cat $OBJ/cert_host_key_rsa_v00.pub |
86 | echon '@revoked ' | 86 | printf '@revoked ' |
87 | echon "* " | 87 | printf "* " |
88 | cat $OBJ/cert_host_key_dsa_v00.pub | 88 | cat $OBJ/cert_host_key_dsa_v00.pub |
89 | ) > $OBJ/known_hosts-cert | 89 | ) > $OBJ/known_hosts-cert |
90 | for privsep in yes no ; do | 90 | for privsep in yes no ; do |
@@ -108,11 +108,11 @@ done | |||
108 | 108 | ||
109 | # Revoked CA | 109 | # Revoked CA |
110 | ( | 110 | ( |
111 | echon '@cert-authority ' | 111 | printf '@cert-authority ' |
112 | echon "$HOSTS " | 112 | printf "$HOSTS " |
113 | cat $OBJ/host_ca_key.pub | 113 | cat $OBJ/host_ca_key.pub |
114 | echon '@revoked ' | 114 | printf '@revoked ' |
115 | echon "* " | 115 | printf "* " |
116 | cat $OBJ/host_ca_key.pub | 116 | cat $OBJ/host_ca_key.pub |
117 | ) > $OBJ/known_hosts-cert | 117 | ) > $OBJ/known_hosts-cert |
118 | for ktype in rsa dsa $ecdsa rsa_v00 dsa_v00 ; do | 118 | for ktype in rsa dsa $ecdsa rsa_v00 dsa_v00 ; do |
@@ -132,8 +132,8 @@ done | |||
132 | 132 | ||
133 | # Create a CA key and add it to known hosts | 133 | # Create a CA key and add it to known hosts |
134 | ( | 134 | ( |
135 | echon '@cert-authority ' | 135 | printf '@cert-authority ' |
136 | echon "$HOSTS " | 136 | printf "$HOSTS " |
137 | cat $OBJ/host_ca_key.pub | 137 | cat $OBJ/host_ca_key.pub |
138 | ) > $OBJ/known_hosts-cert | 138 | ) > $OBJ/known_hosts-cert |
139 | 139 | ||
@@ -200,7 +200,7 @@ for v in v01 v00 ; do | |||
200 | -n $HOSTS $OBJ/cert_host_key_${ktype} || | 200 | -n $HOSTS $OBJ/cert_host_key_${ktype} || |
201 | fail "couldn't sign cert_host_key_${ktype}" | 201 | fail "couldn't sign cert_host_key_${ktype}" |
202 | ( | 202 | ( |
203 | echon "$HOSTS " | 203 | printf "$HOSTS " |
204 | cat $OBJ/cert_host_key_${ktype}.pub | 204 | cat $OBJ/cert_host_key_${ktype}.pub |
205 | ) > $OBJ/known_hosts-cert | 205 | ) > $OBJ/known_hosts-cert |
206 | ( | 206 | ( |
@@ -220,8 +220,8 @@ done | |||
220 | 220 | ||
221 | # Wrong certificate | 221 | # Wrong certificate |
222 | ( | 222 | ( |
223 | echon '@cert-authority ' | 223 | printf '@cert-authority ' |
224 | echon "$HOSTS " | 224 | printf "$HOSTS " |
225 | cat $OBJ/host_ca_key.pub | 225 | cat $OBJ/host_ca_key.pub |
226 | ) > $OBJ/known_hosts-cert | 226 | ) > $OBJ/known_hosts-cert |
227 | for v in v01 v00 ; do | 227 | for v in v01 v00 ; do |
diff --git a/regress/cert-userkey.sh b/regress/cert-userkey.sh index 3bba9f8f2..6018b38f4 100644 --- a/regress/cert-userkey.sh +++ b/regress/cert-userkey.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: cert-userkey.sh,v 1.10 2013/01/18 00:45:29 djm Exp $ | 1 | # $OpenBSD: cert-userkey.sh,v 1.11 2013/05/17 00:37:40 dtucker Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="certified user keys" | 4 | tid="certified user keys" |
@@ -126,7 +126,7 @@ for ktype in rsa dsa $ecdsa rsa_v00 dsa_v00 ; do | |||
126 | # Wrong principals list | 126 | # Wrong principals list |
127 | verbose "$tid: ${_prefix} wrong principals key option" | 127 | verbose "$tid: ${_prefix} wrong principals key option" |
128 | ( | 128 | ( |
129 | echon 'cert-authority,principals="gregorsamsa" ' | 129 | printf 'cert-authority,principals="gregorsamsa" ' |
130 | cat $OBJ/user_ca_key.pub | 130 | cat $OBJ/user_ca_key.pub |
131 | ) > $OBJ/authorized_keys_$USER | 131 | ) > $OBJ/authorized_keys_$USER |
132 | ${SSH} -2i $OBJ/cert_user_key_${ktype} \ | 132 | ${SSH} -2i $OBJ/cert_user_key_${ktype} \ |
@@ -138,7 +138,7 @@ for ktype in rsa dsa $ecdsa rsa_v00 dsa_v00 ; do | |||
138 | # Correct principals list | 138 | # Correct principals list |
139 | verbose "$tid: ${_prefix} correct principals key option" | 139 | verbose "$tid: ${_prefix} correct principals key option" |
140 | ( | 140 | ( |
141 | echon 'cert-authority,principals="mekmitasdigoat" ' | 141 | printf 'cert-authority,principals="mekmitasdigoat" ' |
142 | cat $OBJ/user_ca_key.pub | 142 | cat $OBJ/user_ca_key.pub |
143 | ) > $OBJ/authorized_keys_$USER | 143 | ) > $OBJ/authorized_keys_$USER |
144 | ${SSH} -2i $OBJ/cert_user_key_${ktype} \ | 144 | ${SSH} -2i $OBJ/cert_user_key_${ktype} \ |
@@ -154,7 +154,7 @@ basic_tests() { | |||
154 | if test "x$auth" = "xauthorized_keys" ; then | 154 | if test "x$auth" = "xauthorized_keys" ; then |
155 | # Add CA to authorized_keys | 155 | # Add CA to authorized_keys |
156 | ( | 156 | ( |
157 | echon 'cert-authority ' | 157 | printf 'cert-authority ' |
158 | cat $OBJ/user_ca_key.pub | 158 | cat $OBJ/user_ca_key.pub |
159 | ) > $OBJ/authorized_keys_$USER | 159 | ) > $OBJ/authorized_keys_$USER |
160 | else | 160 | else |
@@ -264,7 +264,7 @@ test_one() { | |||
264 | if test "x$auth" = "xauthorized_keys" ; then | 264 | if test "x$auth" = "xauthorized_keys" ; then |
265 | # Add CA to authorized_keys | 265 | # Add CA to authorized_keys |
266 | ( | 266 | ( |
267 | echon "cert-authority${auth_opt} " | 267 | printf "cert-authority${auth_opt} " |
268 | cat $OBJ/user_ca_key.pub | 268 | cat $OBJ/user_ca_key.pub |
269 | ) > $OBJ/authorized_keys_$USER | 269 | ) > $OBJ/authorized_keys_$USER |
270 | else | 270 | else |
diff --git a/regress/cfgmatch.sh b/regress/cfgmatch.sh index 0603fab64..80cf22930 100644 --- a/regress/cfgmatch.sh +++ b/regress/cfgmatch.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: cfgmatch.sh,v 1.6 2011/06/03 05:35:10 dtucker Exp $ | 1 | # $OpenBSD: cfgmatch.sh,v 1.8 2013/05/17 00:37:40 dtucker Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="sshd_config match" | 4 | tid="sshd_config match" |
@@ -15,7 +15,7 @@ start_client() | |||
15 | rm -f $pidfile | 15 | rm -f $pidfile |
16 | ${SSH} -q -$p $fwd "$@" somehost \ | 16 | ${SSH} -q -$p $fwd "$@" somehost \ |
17 | exec sh -c \'"echo \$\$ > $pidfile; exec sleep 100"\' \ | 17 | exec sh -c \'"echo \$\$ > $pidfile; exec sleep 100"\' \ |
18 | >>$TEST_SSH_LOGFILE 2>&1 & | 18 | >>$TEST_REGRESS_LOGFILE 2>&1 & |
19 | client_pid=$! | 19 | client_pid=$! |
20 | # Wait for remote end | 20 | # Wait for remote end |
21 | n=0 | 21 | n=0 |
@@ -34,21 +34,20 @@ stop_client() | |||
34 | pid=`cat $pidfile` | 34 | pid=`cat $pidfile` |
35 | if [ ! -z "$pid" ]; then | 35 | if [ ! -z "$pid" ]; then |
36 | kill $pid | 36 | kill $pid |
37 | sleep 1 | ||
38 | fi | 37 | fi |
39 | wait | 38 | wait |
40 | } | 39 | } |
41 | 40 | ||
42 | cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak | 41 | cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak |
43 | grep -v AuthorizedKeysFile $OBJ/sshd_proxy_bak > $OBJ/sshd_proxy | ||
44 | echo "AuthorizedKeysFile /dev/null" >>$OBJ/sshd_proxy | ||
45 | echo "PermitOpen 127.0.0.1:1" >>$OBJ/sshd_config | 42 | echo "PermitOpen 127.0.0.1:1" >>$OBJ/sshd_config |
46 | echo "Match user $USER" >>$OBJ/sshd_proxy | ||
47 | echo "AuthorizedKeysFile /dev/null $OBJ/authorized_keys_%u" >>$OBJ/sshd_proxy | ||
48 | echo "Match Address 127.0.0.1" >>$OBJ/sshd_config | 43 | echo "Match Address 127.0.0.1" >>$OBJ/sshd_config |
49 | echo "PermitOpen 127.0.0.1:$PORT" >>$OBJ/sshd_config | 44 | echo "PermitOpen 127.0.0.1:$PORT" >>$OBJ/sshd_config |
50 | 45 | ||
46 | grep -v AuthorizedKeysFile $OBJ/sshd_proxy_bak > $OBJ/sshd_proxy | ||
47 | echo "AuthorizedKeysFile /dev/null" >>$OBJ/sshd_proxy | ||
51 | echo "PermitOpen 127.0.0.1:1" >>$OBJ/sshd_proxy | 48 | echo "PermitOpen 127.0.0.1:1" >>$OBJ/sshd_proxy |
49 | echo "Match user $USER" >>$OBJ/sshd_proxy | ||
50 | echo "AuthorizedKeysFile /dev/null $OBJ/authorized_keys_%u" >>$OBJ/sshd_proxy | ||
52 | echo "Match Address 127.0.0.1" >>$OBJ/sshd_proxy | 51 | echo "Match Address 127.0.0.1" >>$OBJ/sshd_proxy |
53 | echo "PermitOpen 127.0.0.1:$PORT" >>$OBJ/sshd_proxy | 52 | echo "PermitOpen 127.0.0.1:$PORT" >>$OBJ/sshd_proxy |
54 | 53 | ||
@@ -75,9 +74,9 @@ for p in 1 2; do | |||
75 | done | 74 | done |
76 | 75 | ||
77 | # Retry previous with key option, should also be denied. | 76 | # Retry previous with key option, should also be denied. |
78 | echon 'permitopen="127.0.0.1:'$PORT'" ' >$OBJ/authorized_keys_$USER | 77 | printf 'permitopen="127.0.0.1:'$PORT'" ' >$OBJ/authorized_keys_$USER |
79 | cat $OBJ/rsa.pub >> $OBJ/authorized_keys_$USER | 78 | cat $OBJ/rsa.pub >> $OBJ/authorized_keys_$USER |
80 | echon 'permitopen="127.0.0.1:'$PORT'" ' >>$OBJ/authorized_keys_$USER | 79 | printf 'permitopen="127.0.0.1:'$PORT'" ' >>$OBJ/authorized_keys_$USER |
81 | cat $OBJ/rsa1.pub >> $OBJ/authorized_keys_$USER | 80 | cat $OBJ/rsa1.pub >> $OBJ/authorized_keys_$USER |
82 | for p in 1 2; do | 81 | for p in 1 2; do |
83 | trace "match permitopen proxy w/key opts proto $p" | 82 | trace "match permitopen proxy w/key opts proto $p" |
diff --git a/regress/cipher-speed.sh b/regress/cipher-speed.sh index 65e5f35ec..489d9f5fa 100644 --- a/regress/cipher-speed.sh +++ b/regress/cipher-speed.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: cipher-speed.sh,v 1.7 2013/01/12 11:23:53 djm Exp $ | 1 | # $OpenBSD: cipher-speed.sh,v 1.9 2013/05/17 04:29:14 dtucker Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="cipher speed" | 4 | tid="cipher speed" |
diff --git a/regress/conch-ciphers.sh b/regress/conch-ciphers.sh index 5b65cd993..199d863a0 100644 --- a/regress/conch-ciphers.sh +++ b/regress/conch-ciphers.sh | |||
@@ -1,11 +1,8 @@ | |||
1 | # $OpenBSD: conch-ciphers.sh,v 1.2 2008/06/30 10:43:03 djm Exp $ | 1 | # $OpenBSD: conch-ciphers.sh,v 1.3 2013/05/17 04:29:14 dtucker Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="conch ciphers" | 4 | tid="conch ciphers" |
5 | 5 | ||
6 | DATA=/bin/ls | ||
7 | COPY=${OBJ}/copy | ||
8 | |||
9 | if test "x$REGRESS_INTEROP_CONCH" != "xyes" ; then | 6 | if test "x$REGRESS_INTEROP_CONCH" != "xyes" ; then |
10 | echo "conch interop tests not enabled" | 7 | echo "conch interop tests not enabled" |
11 | exit 0 | 8 | exit 0 |
diff --git a/regress/dynamic-forward.sh b/regress/dynamic-forward.sh index d1ab8059b..42fa8acdc 100644 --- a/regress/dynamic-forward.sh +++ b/regress/dynamic-forward.sh | |||
@@ -1,12 +1,10 @@ | |||
1 | # $OpenBSD: dynamic-forward.sh,v 1.9 2011/06/03 00:29:52 dtucker Exp $ | 1 | # $OpenBSD: dynamic-forward.sh,v 1.10 2013/05/17 04:29:14 dtucker Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="dynamic forwarding" | 4 | tid="dynamic forwarding" |
5 | 5 | ||
6 | FWDPORT=`expr $PORT + 1` | 6 | FWDPORT=`expr $PORT + 1` |
7 | 7 | ||
8 | DATA=/bin/ls${EXEEXT} | ||
9 | |||
10 | if have_prog nc && nc -h 2>&1 | grep "proxy address" >/dev/null; then | 8 | if have_prog nc && nc -h 2>&1 | grep "proxy address" >/dev/null; then |
11 | proxycmd="nc -x 127.0.0.1:$FWDPORT -X" | 9 | proxycmd="nc -x 127.0.0.1:$FWDPORT -X" |
12 | elif have_prog connect; then | 10 | elif have_prog connect; then |
diff --git a/regress/forcecommand.sh b/regress/forcecommand.sh index 99e51a60f..44d2b7ffd 100644 --- a/regress/forcecommand.sh +++ b/regress/forcecommand.sh | |||
@@ -1,13 +1,13 @@ | |||
1 | # $OpenBSD: forcecommand.sh,v 1.1 2006/07/19 13:09:28 dtucker Exp $ | 1 | # $OpenBSD: forcecommand.sh,v 1.2 2013/05/17 00:37:40 dtucker Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="forced command" | 4 | tid="forced command" |
5 | 5 | ||
6 | cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak | 6 | cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak |
7 | 7 | ||
8 | echon 'command="true" ' >$OBJ/authorized_keys_$USER | 8 | printf 'command="true" ' >$OBJ/authorized_keys_$USER |
9 | cat $OBJ/rsa.pub >> $OBJ/authorized_keys_$USER | 9 | cat $OBJ/rsa.pub >> $OBJ/authorized_keys_$USER |
10 | echon 'command="true" ' >>$OBJ/authorized_keys_$USER | 10 | printf 'command="true" ' >>$OBJ/authorized_keys_$USER |
11 | cat $OBJ/rsa1.pub >> $OBJ/authorized_keys_$USER | 11 | cat $OBJ/rsa1.pub >> $OBJ/authorized_keys_$USER |
12 | 12 | ||
13 | for p in 1 2; do | 13 | for p in 1 2; do |
@@ -16,9 +16,9 @@ for p in 1 2; do | |||
16 | fail "forced command in key proto $p" | 16 | fail "forced command in key proto $p" |
17 | done | 17 | done |
18 | 18 | ||
19 | echon 'command="false" ' >$OBJ/authorized_keys_$USER | 19 | printf 'command="false" ' >$OBJ/authorized_keys_$USER |
20 | cat $OBJ/rsa.pub >> $OBJ/authorized_keys_$USER | 20 | cat $OBJ/rsa.pub >> $OBJ/authorized_keys_$USER |
21 | echon 'command="false" ' >>$OBJ/authorized_keys_$USER | 21 | printf 'command="false" ' >>$OBJ/authorized_keys_$USER |
22 | cat $OBJ/rsa1.pub >> $OBJ/authorized_keys_$USER | 22 | cat $OBJ/rsa1.pub >> $OBJ/authorized_keys_$USER |
23 | 23 | ||
24 | cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy | 24 | cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy |
diff --git a/regress/forwarding.sh b/regress/forwarding.sh index f9c367beb..94873f22c 100644 --- a/regress/forwarding.sh +++ b/regress/forwarding.sh | |||
@@ -1,7 +1,8 @@ | |||
1 | # $OpenBSD: forwarding.sh,v 1.8 2012/06/01 00:47:35 djm Exp $ | 1 | # $OpenBSD: forwarding.sh,v 1.11 2013/06/10 21:56:43 dtucker Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="local and remote forwarding" | 4 | tid="local and remote forwarding" |
5 | |||
5 | DATA=/bin/ls${EXEEXT} | 6 | DATA=/bin/ls${EXEEXT} |
6 | 7 | ||
7 | start_sshd | 8 | start_sshd |
@@ -26,9 +27,9 @@ for p in 1 2; do | |||
26 | 27 | ||
27 | trace "transfer over forwarded channels and check result" | 28 | trace "transfer over forwarded channels and check result" |
28 | ${SSH} -$q -F $OBJ/ssh_config -p$last -o 'ConnectionAttempts=4' \ | 29 | ${SSH} -$q -F $OBJ/ssh_config -p$last -o 'ConnectionAttempts=4' \ |
29 | somehost cat $DATA > $OBJ/ls.copy | 30 | somehost cat ${DATA} > ${COPY} |
30 | test -f $OBJ/ls.copy || fail "failed copy $DATA" | 31 | test -f ${COPY} || fail "failed copy of ${DATA}" |
31 | cmp $DATA $OBJ/ls.copy || fail "corrupted copy of $DATA" | 32 | cmp ${DATA} ${COPY} || fail "corrupted copy of ${DATA}" |
32 | 33 | ||
33 | sleep 10 | 34 | sleep 10 |
34 | done | 35 | done |
@@ -75,7 +76,7 @@ for p in 1 2; do | |||
75 | else | 76 | else |
76 | # this one should fail | 77 | # this one should fail |
77 | ${SSH} -$p -F $OBJ/ssh_config -p ${base}01 true \ | 78 | ${SSH} -$p -F $OBJ/ssh_config -p ${base}01 true \ |
78 | 2>>$TEST_SSH_LOGFILE && \ | 79 | >>$TEST_REGRESS_LOGFILE 2>&1 && \ |
79 | fail "local forwarding not cleared" | 80 | fail "local forwarding not cleared" |
80 | fi | 81 | fi |
81 | sleep 10 | 82 | sleep 10 |
@@ -88,7 +89,7 @@ for p in 1 2; do | |||
88 | else | 89 | else |
89 | # this one should fail | 90 | # this one should fail |
90 | ${SSH} -$p -F $OBJ/ssh_config -p ${base}01 true \ | 91 | ${SSH} -$p -F $OBJ/ssh_config -p ${base}01 true \ |
91 | 2>>$TEST_SSH_LOGFILE && \ | 92 | >>$TEST_REGRESS_LOGFILE 2>&1 && \ |
92 | fail "remote forwarding not cleared" | 93 | fail "remote forwarding not cleared" |
93 | fi | 94 | fi |
94 | sleep 10 | 95 | sleep 10 |
@@ -103,3 +104,18 @@ for p in 2; do | |||
103 | fail "stdio forwarding proto $p" | 104 | fail "stdio forwarding proto $p" |
104 | fi | 105 | fi |
105 | done | 106 | done |
107 | |||
108 | echo "LocalForward ${base}01 127.0.0.1:$PORT" >> $OBJ/ssh_config | ||
109 | echo "RemoteForward ${base}02 127.0.0.1:${base}01" >> $OBJ/ssh_config | ||
110 | for p in 1 2; do | ||
111 | trace "config file: start forwarding, fork to background" | ||
112 | ${SSH} -$p -F $OBJ/ssh_config -f somehost sleep 10 | ||
113 | |||
114 | trace "config file: transfer over forwarded channels and check result" | ||
115 | ${SSH} -F $OBJ/ssh_config -p${base}02 -o 'ConnectionAttempts=4' \ | ||
116 | somehost cat ${DATA} > ${COPY} | ||
117 | test -f ${COPY} || fail "failed copy of ${DATA}" | ||
118 | cmp ${DATA} ${COPY} || fail "corrupted copy of ${DATA}" | ||
119 | |||
120 | wait | ||
121 | done | ||
diff --git a/regress/integrity.sh b/regress/integrity.sh index 4d46926d5..1d17fe10a 100644 --- a/regress/integrity.sh +++ b/regress/integrity.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: integrity.sh,v 1.7 2013/02/20 08:27:50 djm Exp $ | 1 | # $OpenBSD: integrity.sh,v 1.10 2013/05/17 01:32:11 dtucker Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="integrity" | 4 | tid="integrity" |
@@ -21,12 +21,13 @@ config_defined HAVE_EVP_SHA256 && | |||
21 | config_defined OPENSSL_HAVE_EVPGCM && \ | 21 | config_defined OPENSSL_HAVE_EVPGCM && \ |
22 | macs="$macs aes128-gcm@openssh.com aes256-gcm@openssh.com" | 22 | macs="$macs aes128-gcm@openssh.com aes256-gcm@openssh.com" |
23 | 23 | ||
24 | # sshd-command for proxy (see test-exec.sh) | 24 | # avoid DH group exchange as the extra traffic makes it harder to get the |
25 | cmd="$SUDO sh ${SRC}/sshd-log-wrapper.sh ${SSHD} ${TEST_SSH_LOGFILE} -i -f $OBJ/sshd_proxy" | 25 | # offset into the stream right. |
26 | echo "KexAlgorithms diffie-hellman-group14-sha1,diffie-hellman-group1-sha1" \ | ||
27 | >> $OBJ/ssh_proxy | ||
26 | 28 | ||
27 | jot() { | 29 | # sshd-command for proxy (see test-exec.sh) |
28 | awk "BEGIN { for (i = $2; i < $2 + $1; i++) { printf \"%d\n\", i } exit }" | 30 | cmd="$SUDO sh ${SRC}/sshd-log-wrapper.sh ${SSHD} ${TEST_SSHD_LOGFILE} -i -f $OBJ/sshd_proxy" |
29 | } | ||
30 | 31 | ||
31 | for m in $macs; do | 32 | for m in $macs; do |
32 | trace "test $tid: mac $m" | 33 | trace "test $tid: mac $m" |
@@ -47,14 +48,15 @@ for m in $macs; do | |||
47 | aes*gcm*) macopt="-c $m";; | 48 | aes*gcm*) macopt="-c $m";; |
48 | *) macopt="-m $m";; | 49 | *) macopt="-m $m";; |
49 | esac | 50 | esac |
50 | output=`${SSH} $macopt -2F $OBJ/ssh_proxy -o "$pxy" \ | 51 | verbose "test $tid: $m @$off" |
51 | 999.999.999.999 'printf "%4096s" " "' 2>&1` | 52 | ${SSH} $macopt -2F $OBJ/ssh_proxy -o "$pxy" \ |
53 | 999.999.999.999 'printf "%4096s" " "' >/dev/null | ||
52 | if [ $? -eq 0 ]; then | 54 | if [ $? -eq 0 ]; then |
53 | fail "ssh -m $m succeeds with bit-flip at $off" | 55 | fail "ssh -m $m succeeds with bit-flip at $off" |
54 | fi | 56 | fi |
55 | ecnt=`expr $ecnt + 1` | 57 | ecnt=`expr $ecnt + 1` |
56 | output=`echo $output | tr -s '\r\n' '.'` | 58 | output=$(tail -2 $TEST_SSH_LOGFILE | egrep -v "^debug" | \ |
57 | verbose "test $tid: $m @$off $output" | 59 | tr -s '\r\n' '.') |
58 | case "$output" in | 60 | case "$output" in |
59 | Bad?packet*) elen=`expr $elen + 1`; skip=3;; | 61 | Bad?packet*) elen=`expr $elen + 1`; skip=3;; |
60 | Corrupted?MAC* | Decryption?integrity?check?failed*) | 62 | Corrupted?MAC* | Decryption?integrity?check?failed*) |
diff --git a/regress/keytype.sh b/regress/keytype.sh index cb40c6864..59586bf0d 100644 --- a/regress/keytype.sh +++ b/regress/keytype.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: keytype.sh,v 1.1 2010/09/02 16:12:55 markus Exp $ | 1 | # $OpenBSD: keytype.sh,v 1.2 2013/05/17 00:37:40 dtucker Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="login with different key types" | 4 | tid="login with different key types" |
@@ -40,7 +40,7 @@ for ut in $ktypes; do | |||
40 | echo IdentityFile $OBJ/key.$ut | 40 | echo IdentityFile $OBJ/key.$ut |
41 | ) > $OBJ/ssh_proxy | 41 | ) > $OBJ/ssh_proxy |
42 | ( | 42 | ( |
43 | echon 'localhost-with-alias,127.0.0.1,::1 ' | 43 | printf 'localhost-with-alias,127.0.0.1,::1 ' |
44 | cat $OBJ/key.$ht.pub | 44 | cat $OBJ/key.$ht.pub |
45 | ) > $OBJ/known_hosts | 45 | ) > $OBJ/known_hosts |
46 | cat $OBJ/key.$ut.pub > $OBJ/authorized_keys_$USER | 46 | cat $OBJ/key.$ut.pub > $OBJ/authorized_keys_$USER |
diff --git a/regress/krl.sh b/regress/krl.sh index 62a239c38..de9cc8764 100644 --- a/regress/krl.sh +++ b/regress/krl.sh | |||
@@ -39,10 +39,6 @@ serial: 799 | |||
39 | serial: 599-701 | 39 | serial: 599-701 |
40 | EOF | 40 | EOF |
41 | 41 | ||
42 | jot() { | ||
43 | awk "BEGIN { for (i = $2; i < $2 + $1; i++) { printf \"%d\n\", i } exit }" | ||
44 | } | ||
45 | |||
46 | # A specification that revokes some certificated by key ID. | 42 | # A specification that revokes some certificated by key ID. |
47 | touch $OBJ/revoked-keyid | 43 | touch $OBJ/revoked-keyid |
48 | for n in 1 2 3 4 10 15 30 50 `jot 500 300` 999 1000 1001 1002; do | 44 | for n in 1 2 3 4 10 15 30 50 `jot 500 300` 999 1000 1001 1002; do |
diff --git a/regress/localcommand.sh b/regress/localcommand.sh index feade7a9d..8a9b56971 100644 --- a/regress/localcommand.sh +++ b/regress/localcommand.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: localcommand.sh,v 1.1 2007/10/29 06:57:13 dtucker Exp $ | 1 | # $OpenBSD: localcommand.sh,v 1.2 2013/05/17 10:24:48 dtucker Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="localcommand" | 4 | tid="localcommand" |
diff --git a/regress/login-timeout.sh b/regress/login-timeout.sh index 55fbb324d..d73923b9c 100644 --- a/regress/login-timeout.sh +++ b/regress/login-timeout.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: login-timeout.sh,v 1.4 2005/02/27 23:13:36 djm Exp $ | 1 | # $OpenBSD: login-timeout.sh,v 1.5 2013/05/17 10:23:52 dtucker Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="connect after login grace timeout" | 4 | tid="connect after login grace timeout" |
diff --git a/regress/modpipe.c b/regress/modpipe.c index 9629aa80b..85747cf7d 100755 --- a/regress/modpipe.c +++ b/regress/modpipe.c | |||
@@ -14,7 +14,7 @@ | |||
14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | 14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
15 | */ | 15 | */ |
16 | 16 | ||
17 | /* $OpenBSD: modpipe.c,v 1.4 2013/02/20 08:29:27 djm Exp $ */ | 17 | /* $OpenBSD: modpipe.c,v 1.5 2013/05/10 03:46:14 djm Exp $ */ |
18 | 18 | ||
19 | #include "includes.h" | 19 | #include "includes.h" |
20 | 20 | ||
@@ -25,7 +25,7 @@ | |||
25 | #include <stdarg.h> | 25 | #include <stdarg.h> |
26 | #include <stdlib.h> | 26 | #include <stdlib.h> |
27 | #include <errno.h> | 27 | #include <errno.h> |
28 | #include "openbsd-compat/getopt.c" | 28 | #include "openbsd-compat/getopt_long.c" |
29 | 29 | ||
30 | static void err(int, const char *, ...) __attribute__((format(printf, 2, 3))); | 30 | static void err(int, const char *, ...) __attribute__((format(printf, 2, 3))); |
31 | static void errx(int, const char *, ...) __attribute__((format(printf, 2, 3))); | 31 | static void errx(int, const char *, ...) __attribute__((format(printf, 2, 3))); |
diff --git a/regress/multiplex.sh b/regress/multiplex.sh index 1e6cc7606..3e697e691 100644 --- a/regress/multiplex.sh +++ b/regress/multiplex.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: multiplex.sh,v 1.17 2012/10/05 02:05:30 dtucker Exp $ | 1 | # $OpenBSD: multiplex.sh,v 1.21 2013/05/17 04:29:14 dtucker Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | CTL=/tmp/openssh.regress.ctl-sock.$$ | 4 | CTL=/tmp/openssh.regress.ctl-sock.$$ |
@@ -10,8 +10,7 @@ if config_defined DISABLE_FD_PASSING ; then | |||
10 | exit 0 | 10 | exit 0 |
11 | fi | 11 | fi |
12 | 12 | ||
13 | DATA=/bin/ls${EXEEXT} | 13 | P=3301 # test port |
14 | COPY=$OBJ/ls.copy | ||
15 | 14 | ||
16 | wait_for_mux_master_ready() | 15 | wait_for_mux_master_ready() |
17 | { | 16 | { |
@@ -25,10 +24,16 @@ wait_for_mux_master_ready() | |||
25 | 24 | ||
26 | start_sshd | 25 | start_sshd |
27 | 26 | ||
28 | trace "start master, fork to background" | 27 | start_mux_master() |
29 | ${SSH} -Nn2 -MS$CTL -F $OBJ/ssh_config -oSendEnv="_XXX_TEST" somehost & | 28 | { |
30 | MASTER_PID=$! | 29 | trace "start master, fork to background" |
31 | wait_for_mux_master_ready | 30 | ${SSH} -Nn2 -MS$CTL -F $OBJ/ssh_config -oSendEnv="_XXX_TEST" somehost \ |
31 | -E $TEST_REGRESS_LOGFILE 2>&1 & | ||
32 | MASTER_PID=$! | ||
33 | wait_for_mux_master_ready | ||
34 | } | ||
35 | |||
36 | start_mux_master | ||
32 | 37 | ||
33 | verbose "test $tid: envpass" | 38 | verbose "test $tid: envpass" |
34 | trace "env passing over multiplexed connection" | 39 | trace "env passing over multiplexed connection" |
@@ -55,13 +60,13 @@ cmp ${DATA} ${COPY} || fail "ssh -S ctl: corrupted copy of ${DATA}" | |||
55 | rm -f ${COPY} | 60 | rm -f ${COPY} |
56 | trace "sftp transfer over multiplexed connection and check result" | 61 | trace "sftp transfer over multiplexed connection and check result" |
57 | echo "get ${DATA} ${COPY}" | \ | 62 | echo "get ${DATA} ${COPY}" | \ |
58 | ${SFTP} -S ${SSH} -F $OBJ/ssh_config -oControlPath=$CTL otherhost >>$TEST_SSH_LOGFILE 2>&1 | 63 | ${SFTP} -S ${SSH} -F $OBJ/ssh_config -oControlPath=$CTL otherhost >>$TEST_REGRESS_LOGFILE 2>&1 |
59 | test -f ${COPY} || fail "sftp: failed copy ${DATA}" | 64 | test -f ${COPY} || fail "sftp: failed copy ${DATA}" |
60 | cmp ${DATA} ${COPY} || fail "sftp: corrupted copy of ${DATA}" | 65 | cmp ${DATA} ${COPY} || fail "sftp: corrupted copy of ${DATA}" |
61 | 66 | ||
62 | rm -f ${COPY} | 67 | rm -f ${COPY} |
63 | trace "scp transfer over multiplexed connection and check result" | 68 | trace "scp transfer over multiplexed connection and check result" |
64 | ${SCP} -S ${SSH} -F $OBJ/ssh_config -oControlPath=$CTL otherhost:${DATA} ${COPY} >>$TEST_SSH_LOGFILE 2>&1 | 69 | ${SCP} -S ${SSH} -F $OBJ/ssh_config -oControlPath=$CTL otherhost:${DATA} ${COPY} >>$TEST_REGRESS_LOGFILE 2>&1 |
65 | test -f ${COPY} || fail "scp: failed copy ${DATA}" | 70 | test -f ${COPY} || fail "scp: failed copy ${DATA}" |
66 | cmp ${DATA} ${COPY} || fail "scp: corrupted copy of ${DATA}" | 71 | cmp ${DATA} ${COPY} || fail "scp: corrupted copy of ${DATA}" |
67 | 72 | ||
@@ -87,11 +92,31 @@ for s in 0 1 4 5 44; do | |||
87 | done | 92 | done |
88 | 93 | ||
89 | verbose "test $tid: cmd check" | 94 | verbose "test $tid: cmd check" |
90 | ${SSH} -F $OBJ/ssh_config -S $CTL -Ocheck otherhost >>$TEST_SSH_LOGFILE 2>&1 \ | 95 | ${SSH} -F $OBJ/ssh_config -S $CTL -Ocheck otherhost >>$TEST_REGRESS_LOGFILE 2>&1 \ |
91 | || fail "check command failed" | 96 | || fail "check command failed" |
92 | 97 | ||
98 | verbose "test $tid: cmd forward local" | ||
99 | ${SSH} -F $OBJ/ssh_config -S $CTL -Oforward -L $P:localhost:$PORT otherhost \ | ||
100 | || fail "request local forward failed" | ||
101 | ${SSH} -F $OBJ/ssh_config -p$P otherhost true \ | ||
102 | || fail "connect to local forward port failed" | ||
103 | ${SSH} -F $OBJ/ssh_config -S $CTL -Ocancel -L $P:localhost:$PORT otherhost \ | ||
104 | || fail "cancel local forward failed" | ||
105 | ${SSH} -F $OBJ/ssh_config -p$P otherhost true \ | ||
106 | && fail "local forward port still listening" | ||
107 | |||
108 | verbose "test $tid: cmd forward remote" | ||
109 | ${SSH} -F $OBJ/ssh_config -S $CTL -Oforward -R $P:localhost:$PORT otherhost \ | ||
110 | || fail "request remote forward failed" | ||
111 | ${SSH} -F $OBJ/ssh_config -p$P otherhost true \ | ||
112 | || fail "connect to remote forwarded port failed" | ||
113 | ${SSH} -F $OBJ/ssh_config -S $CTL -Ocancel -R $P:localhost:$PORT otherhost \ | ||
114 | || fail "cancel remote forward failed" | ||
115 | ${SSH} -F $OBJ/ssh_config -p$P otherhost true \ | ||
116 | && fail "remote forward port still listening" | ||
117 | |||
93 | verbose "test $tid: cmd exit" | 118 | verbose "test $tid: cmd exit" |
94 | ${SSH} -F $OBJ/ssh_config -S $CTL -Oexit otherhost >>$TEST_SSH_LOGFILE 2>&1 \ | 119 | ${SSH} -F $OBJ/ssh_config -S $CTL -Oexit otherhost >>$TEST_REGRESS_LOGFILE 2>&1 \ |
95 | || fail "send exit command failed" | 120 | || fail "send exit command failed" |
96 | 121 | ||
97 | # Wait for master to exit | 122 | # Wait for master to exit |
@@ -101,15 +126,13 @@ kill -0 $MASTER_PID >/dev/null 2>&1 && fail "exit command failed" | |||
101 | # Restart master and test -O stop command with master using -N | 126 | # Restart master and test -O stop command with master using -N |
102 | verbose "test $tid: cmd stop" | 127 | verbose "test $tid: cmd stop" |
103 | trace "restart master, fork to background" | 128 | trace "restart master, fork to background" |
104 | ${SSH} -Nn2 -MS$CTL -F $OBJ/ssh_config -oSendEnv="_XXX_TEST" somehost & | 129 | start_mux_master |
105 | MASTER_PID=$! | ||
106 | wait_for_mux_master_ready | ||
107 | 130 | ||
108 | # start a long-running command then immediately request a stop | 131 | # start a long-running command then immediately request a stop |
109 | ${SSH} -F $OBJ/ssh_config -S $CTL otherhost "sleep 10; exit 0" \ | 132 | ${SSH} -F $OBJ/ssh_config -S $CTL otherhost "sleep 10; exit 0" \ |
110 | >>$TEST_SSH_LOGFILE 2>&1 & | 133 | >>$TEST_REGRESS_LOGFILE 2>&1 & |
111 | SLEEP_PID=$! | 134 | SLEEP_PID=$! |
112 | ${SSH} -F $OBJ/ssh_config -S $CTL -Ostop otherhost >>$TEST_SSH_LOGFILE 2>&1 \ | 135 | ${SSH} -F $OBJ/ssh_config -S $CTL -Ostop otherhost >>$TEST_REGRESS_LOGFILE 2>&1 \ |
113 | || fail "send stop command failed" | 136 | || fail "send stop command failed" |
114 | 137 | ||
115 | # wait until both long-running command and master have exited. | 138 | # wait until both long-running command and master have exited. |
diff --git a/regress/portnum.sh b/regress/portnum.sh index 1de0680fe..c56b869a3 100644 --- a/regress/portnum.sh +++ b/regress/portnum.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: portnum.sh,v 1.1 2009/08/13 00:57:17 djm Exp $ | 1 | # $OpenBSD: portnum.sh,v 1.2 2013/05/17 10:34:30 dtucker Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="port number parsing" | 4 | tid="port number parsing" |
diff --git a/regress/proto-version.sh b/regress/proto-version.sh index 1651a69e1..b876dd7ec 100644 --- a/regress/proto-version.sh +++ b/regress/proto-version.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: proto-version.sh,v 1.3 2002/03/15 13:08:56 markus Exp $ | 1 | # $OpenBSD: proto-version.sh,v 1.4 2013/05/17 00:37:40 dtucker Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="sshd version with different protocol combinations" | 4 | tid="sshd version with different protocol combinations" |
@@ -8,7 +8,7 @@ check_version () | |||
8 | { | 8 | { |
9 | version=$1 | 9 | version=$1 |
10 | expect=$2 | 10 | expect=$2 |
11 | banner=`echon | ${SSHD} -o "Protocol=${version}" -i -f ${OBJ}/sshd_proxy` | 11 | banner=`printf '' | ${SSHD} -o "Protocol=${version}" -i -f ${OBJ}/sshd_proxy` |
12 | case ${banner} in | 12 | case ${banner} in |
13 | SSH-1.99-*) | 13 | SSH-1.99-*) |
14 | proto=199 | 14 | proto=199 |
diff --git a/regress/proxy-connect.sh b/regress/proxy-connect.sh index 6a36b2513..76e602dd6 100644 --- a/regress/proxy-connect.sh +++ b/regress/proxy-connect.sh | |||
@@ -1,8 +1,9 @@ | |||
1 | # $OpenBSD: proxy-connect.sh,v 1.5 2002/12/09 15:28:46 markus Exp $ | 1 | # $OpenBSD: proxy-connect.sh,v 1.6 2013/03/07 00:20:34 djm Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="proxy connect" | 4 | tid="proxy connect" |
5 | 5 | ||
6 | verbose "plain username" | ||
6 | for p in 1 2; do | 7 | for p in 1 2; do |
7 | ${SSH} -$p -F $OBJ/ssh_proxy 999.999.999.999 true | 8 | ${SSH} -$p -F $OBJ/ssh_proxy 999.999.999.999 true |
8 | if [ $? -ne 0 ]; then | 9 | if [ $? -ne 0 ]; then |
@@ -16,3 +17,10 @@ for p in 1 2; do | |||
16 | fail "bad SSH_CONNECTION" | 17 | fail "bad SSH_CONNECTION" |
17 | fi | 18 | fi |
18 | done | 19 | done |
20 | |||
21 | verbose "username with style" | ||
22 | for p in 1 2; do | ||
23 | ${SSH} -$p -F $OBJ/ssh_proxy ${USER}:style@999.999.999.999 true || \ | ||
24 | fail "ssh proxyconnect protocol $p failed" | ||
25 | done | ||
26 | |||
diff --git a/regress/putty-ciphers.sh b/regress/putty-ciphers.sh index 928ea60d2..724a98cc1 100644 --- a/regress/putty-ciphers.sh +++ b/regress/putty-ciphers.sh | |||
@@ -1,11 +1,8 @@ | |||
1 | # $OpenBSD: putty-ciphers.sh,v 1.3 2008/11/10 02:06:35 djm Exp $ | 1 | # $OpenBSD: putty-ciphers.sh,v 1.4 2013/05/17 04:29:14 dtucker Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="putty ciphers" | 4 | tid="putty ciphers" |
5 | 5 | ||
6 | DATA=/bin/ls | ||
7 | COPY=${OBJ}/copy | ||
8 | |||
9 | if test "x$REGRESS_INTEROP_PUTTY" != "xyes" ; then | 6 | if test "x$REGRESS_INTEROP_PUTTY" != "xyes" ; then |
10 | echo "putty interop tests not enabled" | 7 | echo "putty interop tests not enabled" |
11 | exit 0 | 8 | exit 0 |
diff --git a/regress/putty-kex.sh b/regress/putty-kex.sh index 293885a8a..1844d6599 100644 --- a/regress/putty-kex.sh +++ b/regress/putty-kex.sh | |||
@@ -1,11 +1,8 @@ | |||
1 | # $OpenBSD: putty-kex.sh,v 1.2 2008/06/30 10:31:11 djm Exp $ | 1 | # $OpenBSD: putty-kex.sh,v 1.3 2013/05/17 04:29:14 dtucker Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="putty KEX" | 4 | tid="putty KEX" |
5 | 5 | ||
6 | DATA=/bin/ls | ||
7 | COPY=${OBJ}/copy | ||
8 | |||
9 | if test "x$REGRESS_INTEROP_PUTTY" != "xyes" ; then | 6 | if test "x$REGRESS_INTEROP_PUTTY" != "xyes" ; then |
10 | echo "putty interop tests not enabled" | 7 | echo "putty interop tests not enabled" |
11 | exit 0 | 8 | exit 0 |
diff --git a/regress/putty-transfer.sh b/regress/putty-transfer.sh index 9e1e1550a..aec0e04ee 100644 --- a/regress/putty-transfer.sh +++ b/regress/putty-transfer.sh | |||
@@ -1,11 +1,8 @@ | |||
1 | # $OpenBSD: putty-transfer.sh,v 1.2 2008/06/30 10:31:11 djm Exp $ | 1 | # $OpenBSD: putty-transfer.sh,v 1.3 2013/05/17 04:29:14 dtucker Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="putty transfer data" | 4 | tid="putty transfer data" |
5 | 5 | ||
6 | DATA=/bin/ls | ||
7 | COPY=${OBJ}/copy | ||
8 | |||
9 | if test "x$REGRESS_INTEROP_PUTTY" != "xyes" ; then | 6 | if test "x$REGRESS_INTEROP_PUTTY" != "xyes" ; then |
10 | echo "putty interop tests not enabled" | 7 | echo "putty interop tests not enabled" |
11 | exit 0 | 8 | exit 0 |
diff --git a/regress/reexec.sh b/regress/reexec.sh index 9464eb699..433573f06 100644 --- a/regress/reexec.sh +++ b/regress/reexec.sh | |||
@@ -1,12 +1,10 @@ | |||
1 | # $OpenBSD: reexec.sh,v 1.5 2004/10/08 02:01:50 djm Exp $ | 1 | # $OpenBSD: reexec.sh,v 1.7 2013/05/17 10:23:52 dtucker Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="reexec tests" | 4 | tid="reexec tests" |
5 | 5 | ||
6 | DATA=/bin/ls${EXEEXT} | 6 | SSHD_ORIG=$SSHD |
7 | COPY=${OBJ}/copy | 7 | SSHD_COPY=$OBJ/sshd |
8 | SSHD_ORIG=$SSHD${EXEEXT} | ||
9 | SSHD_COPY=$OBJ/sshd${EXEEXT} | ||
10 | 8 | ||
11 | # Start a sshd and then delete it | 9 | # Start a sshd and then delete it |
12 | start_sshd_copy () | 10 | start_sshd_copy () |
diff --git a/regress/rekey.sh b/regress/rekey.sh index 3c5f266fc..8eb7efaf9 100644 --- a/regress/rekey.sh +++ b/regress/rekey.sh | |||
@@ -1,23 +1,18 @@ | |||
1 | # $OpenBSD: rekey.sh,v 1.1 2003/03/28 13:58:28 markus Exp $ | 1 | # $OpenBSD: rekey.sh,v 1.8 2013/05/17 04:29:14 dtucker Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="rekey during transfer data" | 4 | tid="rekey" |
5 | 5 | ||
6 | DATA=${OBJ}/data | 6 | LOG=${TEST_SSH_LOGFILE} |
7 | COPY=${OBJ}/copy | ||
8 | LOG=${OBJ}/log | ||
9 | 7 | ||
10 | rm -f ${COPY} ${LOG} ${DATA} | 8 | rm -f ${LOG} |
11 | touch ${DATA} | ||
12 | dd if=/bin/ls${EXEEXT} of=${DATA} bs=1k seek=511 count=1 > /dev/null 2>&1 | ||
13 | 9 | ||
14 | for s in 16 1k 128k 256k; do | 10 | for s in 16 1k 128k 256k; do |
15 | trace "rekeylimit ${s}" | 11 | verbose "client rekeylimit ${s}" |
16 | rm -f ${COPY} | 12 | rm -f ${COPY} ${LOG} |
17 | cat $DATA | \ | 13 | cat $DATA | \ |
18 | ${SSH} -oCompression=no -oRekeyLimit=$s \ | 14 | ${SSH} -oCompression=no -oRekeyLimit=$s \ |
19 | -v -F $OBJ/ssh_proxy somehost "cat > ${COPY}" \ | 15 | -v -F $OBJ/ssh_proxy somehost "cat > ${COPY}" |
20 | 2> ${LOG} | ||
21 | if [ $? -ne 0 ]; then | 16 | if [ $? -ne 0 ]; then |
22 | fail "ssh failed" | 17 | fail "ssh failed" |
23 | fi | 18 | fi |
@@ -29,4 +24,86 @@ for s in 16 1k 128k 256k; do | |||
29 | fail "no rekeying occured" | 24 | fail "no rekeying occured" |
30 | fi | 25 | fi |
31 | done | 26 | done |
32 | rm -f ${COPY} ${LOG} ${DATA} | 27 | |
28 | for s in 5 10; do | ||
29 | verbose "client rekeylimit default ${s}" | ||
30 | rm -f ${COPY} ${LOG} | ||
31 | cat $DATA | \ | ||
32 | ${SSH} -oCompression=no -oRekeyLimit="default $s" -F \ | ||
33 | $OBJ/ssh_proxy somehost "cat >${COPY};sleep $s;sleep 3" | ||
34 | if [ $? -ne 0 ]; then | ||
35 | fail "ssh failed" | ||
36 | fi | ||
37 | cmp $DATA ${COPY} || fail "corrupted copy" | ||
38 | n=`grep 'NEWKEYS sent' ${LOG} | wc -l` | ||
39 | n=`expr $n - 1` | ||
40 | trace "$n rekeying(s)" | ||
41 | if [ $n -lt 1 ]; then | ||
42 | fail "no rekeying occured" | ||
43 | fi | ||
44 | done | ||
45 | |||
46 | for s in 5 10; do | ||
47 | verbose "client rekeylimit default ${s} no data" | ||
48 | rm -f ${COPY} ${LOG} | ||
49 | ${SSH} -oCompression=no -oRekeyLimit="default $s" -F \ | ||
50 | $OBJ/ssh_proxy somehost "sleep $s;sleep 3" | ||
51 | if [ $? -ne 0 ]; then | ||
52 | fail "ssh failed" | ||
53 | fi | ||
54 | n=`grep 'NEWKEYS sent' ${LOG} | wc -l` | ||
55 | n=`expr $n - 1` | ||
56 | trace "$n rekeying(s)" | ||
57 | if [ $n -lt 1 ]; then | ||
58 | fail "no rekeying occured" | ||
59 | fi | ||
60 | done | ||
61 | |||
62 | echo "rekeylimit default 5" >>$OBJ/sshd_proxy | ||
63 | for s in 5 10; do | ||
64 | verbose "server rekeylimit default ${s} no data" | ||
65 | rm -f ${COPY} ${LOG} | ||
66 | ${SSH} -oCompression=no -F $OBJ/ssh_proxy somehost "sleep $s;sleep 3" | ||
67 | if [ $? -ne 0 ]; then | ||
68 | fail "ssh failed" | ||
69 | fi | ||
70 | n=`grep 'NEWKEYS sent' ${LOG} | wc -l` | ||
71 | n=`expr $n - 1` | ||
72 | trace "$n rekeying(s)" | ||
73 | if [ $n -lt 1 ]; then | ||
74 | fail "no rekeying occured" | ||
75 | fi | ||
76 | done | ||
77 | |||
78 | verbose "rekeylimit parsing" | ||
79 | for size in 16 1k 1K 1m 1M 1g 1G; do | ||
80 | for time in 1 1m 1M 1h 1H 1d 1D 1w 1W; do | ||
81 | case $size in | ||
82 | 16) bytes=16 ;; | ||
83 | 1k|1K) bytes=1024 ;; | ||
84 | 1m|1M) bytes=1048576 ;; | ||
85 | 1g|1G) bytes=1073741824 ;; | ||
86 | esac | ||
87 | case $time in | ||
88 | 1) seconds=1 ;; | ||
89 | 1m|1M) seconds=60 ;; | ||
90 | 1h|1H) seconds=3600 ;; | ||
91 | 1d|1D) seconds=86400 ;; | ||
92 | 1w|1W) seconds=604800 ;; | ||
93 | esac | ||
94 | |||
95 | b=`$SUDO ${SSHD} -T -o "rekeylimit $size $time" -f $OBJ/sshd_proxy | \ | ||
96 | awk '/rekeylimit/{print $2}'` | ||
97 | s=`$SUDO ${SSHD} -T -o "rekeylimit $size $time" -f $OBJ/sshd_proxy | \ | ||
98 | awk '/rekeylimit/{print $3}'` | ||
99 | |||
100 | if [ "$bytes" != "$b" ]; then | ||
101 | fatal "rekeylimit size: expected $bytes got $b" | ||
102 | fi | ||
103 | if [ "$seconds" != "$s" ]; then | ||
104 | fatal "rekeylimit time: expected $time got $s" | ||
105 | fi | ||
106 | done | ||
107 | done | ||
108 | |||
109 | rm -f ${COPY} ${DATA} | ||
diff --git a/regress/runtests.sh b/regress/runtests.sh deleted file mode 100755 index 9808eb8a7..000000000 --- a/regress/runtests.sh +++ /dev/null | |||
@@ -1,13 +0,0 @@ | |||
1 | #!/bin/sh | ||
2 | |||
3 | TEST_SSH_SSH=../ssh | ||
4 | TEST_SSH_SSHD=../sshd | ||
5 | TEST_SSH_SSHAGENT=../ssh-agent | ||
6 | TEST_SSH_SSHADD=../ssh-add | ||
7 | TEST_SSH_SSHKEYGEN=../ssh-keygen | ||
8 | TEST_SSH_SSHKEYSCAN=../ssh-keyscan | ||
9 | TEST_SSH_SFTP=../sftp | ||
10 | TEST_SSH_SFTPSERVER=../sftp-server | ||
11 | |||
12 | pmake | ||
13 | |||
diff --git a/regress/scp.sh b/regress/scp.sh index c5d412dd9..29c5b35d4 100644 --- a/regress/scp.sh +++ b/regress/scp.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: scp.sh,v 1.7 2006/01/31 10:36:33 djm Exp $ | 1 | # $OpenBSD: scp.sh,v 1.9 2013/05/17 10:35:43 dtucker Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="scp" | 4 | tid="scp" |
@@ -12,8 +12,6 @@ else | |||
12 | DIFFOPT="-r" | 12 | DIFFOPT="-r" |
13 | fi | 13 | fi |
14 | 14 | ||
15 | DATA=/bin/ls${EXEEXT} | ||
16 | COPY=${OBJ}/copy | ||
17 | COPY2=${OBJ}/copy2 | 15 | COPY2=${OBJ}/copy2 |
18 | DIR=${COPY}.dd | 16 | DIR=${COPY}.dd |
19 | DIR2=${COPY}.dd2 | 17 | DIR2=${COPY}.dd2 |
diff --git a/regress/sftp-badcmds.sh b/regress/sftp-badcmds.sh index 08009f26b..7f85c4f22 100644 --- a/regress/sftp-badcmds.sh +++ b/regress/sftp-badcmds.sh | |||
@@ -1,12 +1,10 @@ | |||
1 | # $OpenBSD: sftp-badcmds.sh,v 1.4 2009/08/13 01:11:55 djm Exp $ | 1 | # $OpenBSD: sftp-badcmds.sh,v 1.6 2013/05/17 10:26:26 dtucker Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="sftp invalid commands" | 4 | tid="sftp invalid commands" |
5 | 5 | ||
6 | DATA=/bin/ls${EXEEXT} | ||
7 | DATA2=/bin/sh${EXEEXT} | 6 | DATA2=/bin/sh${EXEEXT} |
8 | NONEXIST=/NONEXIST.$$ | 7 | NONEXIST=/NONEXIST.$$ |
9 | COPY=${OBJ}/copy | ||
10 | GLOBFILES=`(cd /bin;echo l*)` | 8 | GLOBFILES=`(cd /bin;echo l*)` |
11 | 9 | ||
12 | rm -rf ${COPY} ${COPY}.1 ${COPY}.2 ${COPY}.dd | 10 | rm -rf ${COPY} ${COPY}.1 ${COPY}.2 ${COPY}.dd |
diff --git a/regress/sftp-batch.sh b/regress/sftp-batch.sh index a51ef0782..41011549b 100644 --- a/regress/sftp-batch.sh +++ b/regress/sftp-batch.sh | |||
@@ -1,10 +1,8 @@ | |||
1 | # $OpenBSD: sftp-batch.sh,v 1.4 2009/08/13 01:11:55 djm Exp $ | 1 | # $OpenBSD: sftp-batch.sh,v 1.5 2013/05/17 04:29:14 dtucker Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="sftp batchfile" | 4 | tid="sftp batchfile" |
5 | 5 | ||
6 | DATA=/bin/ls${EXEEXT} | ||
7 | COPY=${OBJ}/copy | ||
8 | BATCH=${OBJ}/sftp.bb | 6 | BATCH=${OBJ}/sftp.bb |
9 | 7 | ||
10 | rm -rf ${COPY} ${COPY}.1 ${COPY}.2 ${COPY}.dd ${BATCH}.* | 8 | rm -rf ${COPY} ${COPY}.1 ${COPY}.2 ${COPY}.dd ${BATCH}.* |
diff --git a/regress/sftp-chroot.sh b/regress/sftp-chroot.sh new file mode 100644 index 000000000..03b9bc6d7 --- /dev/null +++ b/regress/sftp-chroot.sh | |||
@@ -0,0 +1,25 @@ | |||
1 | # $OpenBSD: sftp-chroot.sh,v 1.2 2013/05/17 04:29:14 dtucker Exp $ | ||
2 | # Placed in the Public Domain. | ||
3 | |||
4 | tid="sftp in chroot" | ||
5 | |||
6 | CHROOT=/var/run | ||
7 | FILENAME=testdata_${USER} | ||
8 | PRIVDATA=${CHROOT}/${FILENAME} | ||
9 | |||
10 | if [ -z "$SUDO" ]; then | ||
11 | echo "skipped: need SUDO to create file in /var/run, test won't work without" | ||
12 | exit 0 | ||
13 | fi | ||
14 | |||
15 | $SUDO sh -c "echo mekmitastdigoat > $PRIVDATA" || \ | ||
16 | fatal "create $PRIVDATA failed" | ||
17 | |||
18 | start_sshd -oChrootDirectory=$CHROOT -oForceCommand="internal-sftp -d /" | ||
19 | |||
20 | verbose "test $tid: get" | ||
21 | ${SFTP} -qS "$SSH" -F $OBJ/ssh_config host:/${FILENAME} $COPY || \ | ||
22 | fatal "Fetch ${FILENAME} failed" | ||
23 | cmp $PRIVDATA $COPY || fail "$PRIVDATA $COPY differ" | ||
24 | |||
25 | $SUDO rm $PRIVDATA | ||
diff --git a/regress/sftp-cmds.sh b/regress/sftp-cmds.sh index 2e0300e16..aad7fcac2 100644 --- a/regress/sftp-cmds.sh +++ b/regress/sftp-cmds.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: sftp-cmds.sh,v 1.12 2012/06/01 00:52:52 djm Exp $ | 1 | # $OpenBSD: sftp-cmds.sh,v 1.14 2013/06/21 02:26:26 djm Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | # XXX - TODO: | 4 | # XXX - TODO: |
@@ -7,8 +7,6 @@ | |||
7 | 7 | ||
8 | tid="sftp commands" | 8 | tid="sftp commands" |
9 | 9 | ||
10 | DATA=/bin/ls${EXEEXT} | ||
11 | COPY=${OBJ}/copy | ||
12 | # test that these files are readable! | 10 | # test that these files are readable! |
13 | for i in `(cd /bin;echo l*)` | 11 | for i in `(cd /bin;echo l*)` |
14 | do | 12 | do |
@@ -108,7 +106,7 @@ rm -f ${COPY}.dd/* | |||
108 | verbose "$tid: get to directory" | 106 | verbose "$tid: get to directory" |
109 | echo "get $DATA ${COPY}.dd" | ${SFTP} -D ${SFTPSERVER} >/dev/null 2>&1 \ | 107 | echo "get $DATA ${COPY}.dd" | ${SFTP} -D ${SFTPSERVER} >/dev/null 2>&1 \ |
110 | || fail "get failed" | 108 | || fail "get failed" |
111 | cmp $DATA ${COPY}.dd/`basename $DATA` || fail "corrupted copy after get" | 109 | cmp $DATA ${COPY}.dd/$DATANAME || fail "corrupted copy after get" |
112 | 110 | ||
113 | rm -f ${COPY}.dd/* | 111 | rm -f ${COPY}.dd/* |
114 | verbose "$tid: glob get to directory" | 112 | verbose "$tid: glob get to directory" |
@@ -122,7 +120,7 @@ rm -f ${COPY}.dd/* | |||
122 | verbose "$tid: get to local dir" | 120 | verbose "$tid: get to local dir" |
123 | (echo "lcd ${COPY}.dd"; echo "get $DATA" ) | ${SFTP} -D ${SFTPSERVER} >/dev/null 2>&1 \ | 121 | (echo "lcd ${COPY}.dd"; echo "get $DATA" ) | ${SFTP} -D ${SFTPSERVER} >/dev/null 2>&1 \ |
124 | || fail "get failed" | 122 | || fail "get failed" |
125 | cmp $DATA ${COPY}.dd/`basename $DATA` || fail "corrupted copy after get" | 123 | cmp $DATA ${COPY}.dd/$DATANAME || fail "corrupted copy after get" |
126 | 124 | ||
127 | rm -f ${COPY}.dd/* | 125 | rm -f ${COPY}.dd/* |
128 | verbose "$tid: glob get to local dir" | 126 | verbose "$tid: glob get to local dir" |
@@ -156,7 +154,7 @@ rm -f ${COPY}.dd/* | |||
156 | verbose "$tid: put to directory" | 154 | verbose "$tid: put to directory" |
157 | echo "put $DATA ${COPY}.dd" | ${SFTP} -D ${SFTPSERVER} >/dev/null 2>&1 \ | 155 | echo "put $DATA ${COPY}.dd" | ${SFTP} -D ${SFTPSERVER} >/dev/null 2>&1 \ |
158 | || fail "put failed" | 156 | || fail "put failed" |
159 | cmp $DATA ${COPY}.dd/`basename $DATA` || fail "corrupted copy after put" | 157 | cmp $DATA ${COPY}.dd/$DATANAME || fail "corrupted copy after put" |
160 | 158 | ||
161 | rm -f ${COPY}.dd/* | 159 | rm -f ${COPY}.dd/* |
162 | verbose "$tid: glob put to directory" | 160 | verbose "$tid: glob put to directory" |
@@ -170,7 +168,7 @@ rm -f ${COPY}.dd/* | |||
170 | verbose "$tid: put to local dir" | 168 | verbose "$tid: put to local dir" |
171 | (echo "cd ${COPY}.dd"; echo "put $DATA") | ${SFTP} -D ${SFTPSERVER} >/dev/null 2>&1 \ | 169 | (echo "cd ${COPY}.dd"; echo "put $DATA") | ${SFTP} -D ${SFTPSERVER} >/dev/null 2>&1 \ |
172 | || fail "put failed" | 170 | || fail "put failed" |
173 | cmp $DATA ${COPY}.dd/`basename $DATA` || fail "corrupted copy after put" | 171 | cmp $DATA ${COPY}.dd/$DATANAME || fail "corrupted copy after put" |
174 | 172 | ||
175 | rm -f ${COPY}.dd/* | 173 | rm -f ${COPY}.dd/* |
176 | verbose "$tid: glob put to local dir" | 174 | verbose "$tid: glob put to local dir" |
diff --git a/regress/sftp.sh b/regress/sftp.sh index f84fa6f4e..b8e9f7527 100644 --- a/regress/sftp.sh +++ b/regress/sftp.sh | |||
@@ -1,11 +1,8 @@ | |||
1 | # $OpenBSD: sftp.sh,v 1.3 2009/08/13 01:11:55 djm Exp $ | 1 | # $OpenBSD: sftp.sh,v 1.5 2013/05/17 10:28:11 dtucker Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="basic sftp put/get" | 4 | tid="basic sftp put/get" |
5 | 5 | ||
6 | DATA=/bin/ls${EXEEXT} | ||
7 | COPY=${OBJ}/copy | ||
8 | |||
9 | SFTPCMDFILE=${OBJ}/batch | 6 | SFTPCMDFILE=${OBJ}/batch |
10 | cat >$SFTPCMDFILE <<EOF | 7 | cat >$SFTPCMDFILE <<EOF |
11 | version | 8 | version |
diff --git a/regress/ssh-com-client.sh b/regress/ssh-com-client.sh index 324a0a723..e4f80cf0a 100644 --- a/regress/ssh-com-client.sh +++ b/regress/ssh-com-client.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: ssh-com-client.sh,v 1.6 2004/02/24 17:06:52 markus Exp $ | 1 | # $OpenBSD: ssh-com-client.sh,v 1.7 2013/05/17 04:29:14 dtucker Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="connect with ssh.com client" | 4 | tid="connect with ssh.com client" |
@@ -67,10 +67,6 @@ EOF | |||
67 | # we need a real server (no ProxyConnect option) | 67 | # we need a real server (no ProxyConnect option) |
68 | start_sshd | 68 | start_sshd |
69 | 69 | ||
70 | DATA=/bin/ls${EXEEXT} | ||
71 | COPY=${OBJ}/copy | ||
72 | rm -f ${COPY} | ||
73 | |||
74 | # go for it | 70 | # go for it |
75 | for v in ${VERSIONS}; do | 71 | for v in ${VERSIONS}; do |
76 | ssh2=${TEST_COMBASE}/${v}/ssh2 | 72 | ssh2=${TEST_COMBASE}/${v}/ssh2 |
diff --git a/regress/ssh-com-sftp.sh b/regress/ssh-com-sftp.sh index be6f4e0dc..fabfa4983 100644 --- a/regress/ssh-com-sftp.sh +++ b/regress/ssh-com-sftp.sh | |||
@@ -1,10 +1,8 @@ | |||
1 | # $OpenBSD: ssh-com-sftp.sh,v 1.6 2009/08/20 18:43:07 djm Exp $ | 1 | # $OpenBSD: ssh-com-sftp.sh,v 1.7 2013/05/17 04:29:14 dtucker Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="basic sftp put/get with ssh.com server" | 4 | tid="basic sftp put/get with ssh.com server" |
5 | 5 | ||
6 | DATA=/bin/ls${EXEEXT} | ||
7 | COPY=${OBJ}/copy | ||
8 | SFTPCMDFILE=${OBJ}/batch | 6 | SFTPCMDFILE=${OBJ}/batch |
9 | 7 | ||
10 | cat >$SFTPCMDFILE <<EOF | 8 | cat >$SFTPCMDFILE <<EOF |
diff --git a/regress/ssh-com.sh b/regress/ssh-com.sh index 7bcd85b65..6c5cfe888 100644 --- a/regress/ssh-com.sh +++ b/regress/ssh-com.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: ssh-com.sh,v 1.7 2004/02/24 17:06:52 markus Exp $ | 1 | # $OpenBSD: ssh-com.sh,v 1.8 2013/05/17 00:37:40 dtucker Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="connect to ssh.com server" | 4 | tid="connect to ssh.com server" |
@@ -70,7 +70,7 @@ done | |||
70 | 70 | ||
71 | # convert and append DSA hostkey | 71 | # convert and append DSA hostkey |
72 | ( | 72 | ( |
73 | echon 'ssh2-localhost-with-alias,127.0.0.1,::1 ' | 73 | printf 'ssh2-localhost-with-alias,127.0.0.1,::1 ' |
74 | ${SSHKEYGEN} -if ${SRC}/dsa_ssh2.pub | 74 | ${SSHKEYGEN} -if ${SRC}/dsa_ssh2.pub |
75 | ) >> $OBJ/known_hosts | 75 | ) >> $OBJ/known_hosts |
76 | 76 | ||
diff --git a/regress/sshd-log-wrapper.sh b/regress/sshd-log-wrapper.sh index c7a5ef3a6..a9386be4d 100644 --- a/regress/sshd-log-wrapper.sh +++ b/regress/sshd-log-wrapper.sh | |||
@@ -1,5 +1,5 @@ | |||
1 | #!/bin/sh | 1 | #!/bin/sh |
2 | # $OpenBSD: sshd-log-wrapper.sh,v 1.2 2005/02/27 11:40:30 dtucker Exp $ | 2 | # $OpenBSD: sshd-log-wrapper.sh,v 1.3 2013/04/07 02:16:03 dtucker Exp $ |
3 | # Placed in the Public Domain. | 3 | # Placed in the Public Domain. |
4 | # | 4 | # |
5 | # simple wrapper for sshd proxy mode to catch stderr output | 5 | # simple wrapper for sshd proxy mode to catch stderr output |
@@ -10,4 +10,4 @@ log=$2 | |||
10 | shift | 10 | shift |
11 | shift | 11 | shift |
12 | 12 | ||
13 | exec $sshd $@ -e 2>>$log | 13 | exec $sshd -E$log $@ |
diff --git a/regress/stderr-after-eof.sh b/regress/stderr-after-eof.sh index 05a5ea56d..218ac6b68 100644 --- a/regress/stderr-after-eof.sh +++ b/regress/stderr-after-eof.sh | |||
@@ -1,29 +1,13 @@ | |||
1 | # $OpenBSD: stderr-after-eof.sh,v 1.1 2002/03/23 16:38:09 markus Exp $ | 1 | # $OpenBSD: stderr-after-eof.sh,v 1.2 2013/05/17 04:29:14 dtucker Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="stderr data after eof" | 4 | tid="stderr data after eof" |
5 | 5 | ||
6 | DATA=/etc/motd | ||
7 | DATA=${OBJ}/data | ||
8 | COPY=${OBJ}/copy | ||
9 | |||
10 | if have_prog md5sum; then | ||
11 | CHECKSUM=md5sum | ||
12 | elif have_prog openssl; then | ||
13 | CHECKSUM="openssl md5" | ||
14 | elif have_prog cksum; then | ||
15 | CHECKSUM=cksum | ||
16 | elif have_prog sum; then | ||
17 | CHECKSUM=sum | ||
18 | else | ||
19 | fatal "No checksum program available, aborting $tid test" | ||
20 | fi | ||
21 | |||
22 | # setup data | 6 | # setup data |
23 | rm -f ${DATA} ${COPY} | 7 | rm -f ${DATA} ${COPY} |
24 | cp /dev/null ${DATA} | 8 | cp /dev/null ${DATA} |
25 | for i in 1 2 3 4 5 6; do | 9 | for i in 1 2 3 4 5 6; do |
26 | (date;echo $i) | $CHECKSUM >> ${DATA} | 10 | (date;echo $i) | md5 >> ${DATA} |
27 | done | 11 | done |
28 | 12 | ||
29 | ${SSH} -2 -F $OBJ/ssh_proxy otherhost \ | 13 | ${SSH} -2 -F $OBJ/ssh_proxy otherhost \ |
diff --git a/regress/stderr-data.sh b/regress/stderr-data.sh index 1daf79bb5..b0bd2355c 100644 --- a/regress/stderr-data.sh +++ b/regress/stderr-data.sh | |||
@@ -1,12 +1,8 @@ | |||
1 | # $OpenBSD: stderr-data.sh,v 1.2 2002/03/27 22:39:52 markus Exp $ | 1 | # $OpenBSD: stderr-data.sh,v 1.3 2013/05/17 04:29:14 dtucker Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="stderr data transfer" | 4 | tid="stderr data transfer" |
5 | 5 | ||
6 | DATA=/bin/ls${EXEEXT} | ||
7 | COPY=${OBJ}/copy | ||
8 | rm -f ${COPY} | ||
9 | |||
10 | for n in '' -n; do | 6 | for n in '' -n; do |
11 | for p in 1 2; do | 7 | for p in 1 2; do |
12 | verbose "test $tid: proto $p ($n)" | 8 | verbose "test $tid: proto $p ($n)" |
diff --git a/regress/test-exec.sh b/regress/test-exec.sh index aa4e6e5c0..eee446264 100644 --- a/regress/test-exec.sh +++ b/regress/test-exec.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: test-exec.sh,v 1.37 2010/02/24 06:21:56 djm Exp $ | 1 | # $OpenBSD: test-exec.sh,v 1.46 2013/06/21 02:26:26 djm Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | #SUDO=sudo | 4 | #SUDO=sudo |
@@ -136,30 +136,49 @@ case "$SSHD" in | |||
136 | *) SSHD=`which sshd` ;; | 136 | *) SSHD=`which sshd` ;; |
137 | esac | 137 | esac |
138 | 138 | ||
139 | # Logfiles. | ||
140 | # SSH_LOGFILE should be the debug output of ssh(1) only | ||
141 | # SSHD_LOGFILE should be the debug output of sshd(8) only | ||
142 | # REGRESS_LOGFILE is the output of the test itself stdout and stderr | ||
139 | if [ "x$TEST_SSH_LOGFILE" = "x" ]; then | 143 | if [ "x$TEST_SSH_LOGFILE" = "x" ]; then |
140 | TEST_SSH_LOGFILE=/dev/null | 144 | TEST_SSH_LOGFILE=$OBJ/ssh.log |
145 | fi | ||
146 | if [ "x$TEST_SSHD_LOGFILE" = "x" ]; then | ||
147 | TEST_SSHD_LOGFILE=$OBJ/sshd.log | ||
148 | fi | ||
149 | if [ "x$TEST_REGRESS_LOGFILE" = "x" ]; then | ||
150 | TEST_REGRESS_LOGFILE=$OBJ/regress.log | ||
141 | fi | 151 | fi |
142 | 152 | ||
143 | # Some data for test copies | 153 | # truncate logfiles |
144 | DATA=$OBJ/testdata | 154 | >$TEST_SSH_LOGFILE |
145 | cat $SSHD${EXEEXT} $SSHD${EXEEXT} $SSHD${EXEEXT} $SSHD${EXEEXT} >$DATA | 155 | >$TEST_SSHD_LOGFILE |
156 | >$TEST_REGRESS_LOGFILE | ||
157 | |||
158 | # Create wrapper ssh with logging. We can't just specify "SSH=ssh -E..." | ||
159 | # because sftp and scp don't handle spaces in arguments. | ||
160 | SSHLOGWRAP=$OBJ/ssh-log-wrapper.sh | ||
161 | echo "#!/bin/sh" > $SSHLOGWRAP | ||
162 | echo "exec ${SSH} -E${TEST_SSH_LOGFILE} "'"$@"' >>$SSHLOGWRAP | ||
163 | |||
164 | chmod a+rx $OBJ/ssh-log-wrapper.sh | ||
165 | SSH="$SSHLOGWRAP" | ||
166 | |||
167 | # Some test data. We make a copy because some tests will overwrite it. | ||
168 | # The tests may assume that $DATA exists and is writable and $COPY does | ||
169 | # not exist. | ||
170 | DATANAME=data | ||
171 | DATA=$OBJ/${DATANAME} | ||
172 | cat $SSHD $SSHD $SSHD $SSHD >${DATA} | ||
173 | chmod u+w ${DATA} | ||
174 | COPY=$OBJ/copy | ||
175 | rm -f ${COPY} | ||
146 | 176 | ||
147 | # these should be used in tests | 177 | # these should be used in tests |
148 | export SSH SSHD SSHAGENT SSHADD SSHKEYGEN SSHKEYSCAN SFTP SFTPSERVER SCP | 178 | export SSH SSHD SSHAGENT SSHADD SSHKEYGEN SSHKEYSCAN SFTP SFTPSERVER SCP |
149 | #echo $SSH $SSHD $SSHAGENT $SSHADD $SSHKEYGEN $SSHKEYSCAN $SFTP $SFTPSERVER $SCP | 179 | #echo $SSH $SSHD $SSHAGENT $SSHADD $SSHKEYGEN $SSHKEYSCAN $SFTP $SFTPSERVER $SCP |
150 | 180 | ||
151 | # helper | 181 | # Portable specific functions |
152 | echon() | ||
153 | { | ||
154 | if [ "x`echo -n`" = "x" ]; then | ||
155 | echo -n "$@" | ||
156 | elif [ "x`echo '\c'`" = "x" ]; then | ||
157 | echo "$@\c" | ||
158 | else | ||
159 | fatal "Don't know how to echo without newline." | ||
160 | fi | ||
161 | } | ||
162 | |||
163 | have_prog() | 182 | have_prog() |
164 | { | 183 | { |
165 | saved_IFS="$IFS" | 184 | saved_IFS="$IFS" |
@@ -175,6 +194,37 @@ have_prog() | |||
175 | return 1 | 194 | return 1 |
176 | } | 195 | } |
177 | 196 | ||
197 | jot() { | ||
198 | awk "BEGIN { for (i = $2; i < $2 + $1; i++) { printf \"%d\n\", i } exit }" | ||
199 | } | ||
200 | |||
201 | # Check whether preprocessor symbols are defined in config.h. | ||
202 | config_defined () | ||
203 | { | ||
204 | str=$1 | ||
205 | while test "x$2" != "x" ; do | ||
206 | str="$str|$2" | ||
207 | shift | ||
208 | done | ||
209 | egrep "^#define.*($str)" ${BUILDDIR}/config.h >/dev/null 2>&1 | ||
210 | } | ||
211 | |||
212 | md5 () { | ||
213 | if have_prog md5sum; then | ||
214 | md5sum | ||
215 | elif have_prog openssl; then | ||
216 | openssl md5 | ||
217 | elif have_prog cksum; then | ||
218 | cksum | ||
219 | elif have_prog sum; then | ||
220 | sum | ||
221 | else | ||
222 | wc -c | ||
223 | fi | ||
224 | } | ||
225 | # End of portable specific functions | ||
226 | |||
227 | # helper | ||
178 | cleanup () | 228 | cleanup () |
179 | { | 229 | { |
180 | if [ -f $PIDFILE ]; then | 230 | if [ -f $PIDFILE ]; then |
@@ -199,9 +249,26 @@ cleanup () | |||
199 | fi | 249 | fi |
200 | } | 250 | } |
201 | 251 | ||
252 | start_debug_log () | ||
253 | { | ||
254 | echo "trace: $@" >$TEST_REGRESS_LOGFILE | ||
255 | echo "trace: $@" >$TEST_SSH_LOGFILE | ||
256 | echo "trace: $@" >$TEST_SSHD_LOGFILE | ||
257 | } | ||
258 | |||
259 | save_debug_log () | ||
260 | { | ||
261 | echo $@ >>$TEST_REGRESS_LOGFILE | ||
262 | echo $@ >>$TEST_SSH_LOGFILE | ||
263 | echo $@ >>$TEST_SSHD_LOGFILE | ||
264 | (cat $TEST_REGRESS_LOGFILE; echo) >>$OBJ/failed-regress.log | ||
265 | (cat $TEST_SSH_LOGFILE; echo) >>$OBJ/failed-ssh.log | ||
266 | (cat $TEST_SSHD_LOGFILE; echo) >>$OBJ/failed-sshd.log | ||
267 | } | ||
268 | |||
202 | trace () | 269 | trace () |
203 | { | 270 | { |
204 | echo "trace: $@" >>$TEST_SSH_LOGFILE | 271 | start_debug_log $@ |
205 | if [ "X$TEST_SSH_TRACE" = "Xyes" ]; then | 272 | if [ "X$TEST_SSH_TRACE" = "Xyes" ]; then |
206 | echo "$@" | 273 | echo "$@" |
207 | fi | 274 | fi |
@@ -209,7 +276,7 @@ trace () | |||
209 | 276 | ||
210 | verbose () | 277 | verbose () |
211 | { | 278 | { |
212 | echo "verbose: $@" >>$TEST_SSH_LOGFILE | 279 | start_debug_log $@ |
213 | if [ "X$TEST_SSH_QUIET" != "Xyes" ]; then | 280 | if [ "X$TEST_SSH_QUIET" != "Xyes" ]; then |
214 | echo "$@" | 281 | echo "$@" |
215 | fi | 282 | fi |
@@ -223,31 +290,21 @@ warn () | |||
223 | 290 | ||
224 | fail () | 291 | fail () |
225 | { | 292 | { |
226 | echo "FAIL: $@" >>$TEST_SSH_LOGFILE | 293 | save_debug_log "FAIL: $@" |
227 | RESULT=1 | 294 | RESULT=1 |
228 | echo "$@" | 295 | echo "$@" |
296 | |||
229 | } | 297 | } |
230 | 298 | ||
231 | fatal () | 299 | fatal () |
232 | { | 300 | { |
233 | echo "FATAL: $@" >>$TEST_SSH_LOGFILE | 301 | save_debug_log "FATAL: $@" |
234 | echon "FATAL: " | 302 | printf "FATAL: " |
235 | fail "$@" | 303 | fail "$@" |
236 | cleanup | 304 | cleanup |
237 | exit $RESULT | 305 | exit $RESULT |
238 | } | 306 | } |
239 | 307 | ||
240 | # Check whether preprocessor symbols are defined in config.h. | ||
241 | config_defined () | ||
242 | { | ||
243 | str=$1 | ||
244 | while test "x$2" != "x" ; do | ||
245 | str="$str|$2" | ||
246 | shift | ||
247 | done | ||
248 | egrep "^#define.*($str)" ${BUILDDIR}/config.h >/dev/null 2>&1 | ||
249 | } | ||
250 | |||
251 | RESULT=0 | 308 | RESULT=0 |
252 | PIDFILE=$OBJ/pidfile | 309 | PIDFILE=$OBJ/pidfile |
253 | 310 | ||
@@ -263,7 +320,7 @@ cat << EOF > $OBJ/sshd_config | |||
263 | #ListenAddress ::1 | 320 | #ListenAddress ::1 |
264 | PidFile $PIDFILE | 321 | PidFile $PIDFILE |
265 | AuthorizedKeysFile $OBJ/authorized_keys_%u | 322 | AuthorizedKeysFile $OBJ/authorized_keys_%u |
266 | LogLevel VERBOSE | 323 | LogLevel DEBUG3 |
267 | AcceptEnv _XXX_TEST_* | 324 | AcceptEnv _XXX_TEST_* |
268 | AcceptEnv _XXX_TEST | 325 | AcceptEnv _XXX_TEST |
269 | Subsystem sftp $SFTPSERVER | 326 | Subsystem sftp $SFTPSERVER |
@@ -295,8 +352,10 @@ Host * | |||
295 | ChallengeResponseAuthentication no | 352 | ChallengeResponseAuthentication no |
296 | HostbasedAuthentication no | 353 | HostbasedAuthentication no |
297 | PasswordAuthentication no | 354 | PasswordAuthentication no |
355 | RhostsRSAAuthentication no | ||
298 | BatchMode yes | 356 | BatchMode yes |
299 | StrictHostKeyChecking yes | 357 | StrictHostKeyChecking yes |
358 | LogLevel DEBUG3 | ||
300 | EOF | 359 | EOF |
301 | 360 | ||
302 | if [ ! -z "$TEST_SSH_SSH_CONFOPTS" ]; then | 361 | if [ ! -z "$TEST_SSH_SSH_CONFOPTS" ]; then |
@@ -309,13 +368,15 @@ rm -f $OBJ/known_hosts $OBJ/authorized_keys_$USER | |||
309 | trace "generate keys" | 368 | trace "generate keys" |
310 | for t in rsa rsa1; do | 369 | for t in rsa rsa1; do |
311 | # generate user key | 370 | # generate user key |
312 | rm -f $OBJ/$t | 371 | if [ ! -f $OBJ/$t ] || [ ${SSHKEYGEN} -nt $OBJ/$t ]; then |
313 | ${SSHKEYGEN} -b 1024 -q -N '' -t $t -f $OBJ/$t ||\ | 372 | rm -f $OBJ/$t |
314 | fail "ssh-keygen for $t failed" | 373 | ${SSHKEYGEN} -q -N '' -t $t -f $OBJ/$t ||\ |
374 | fail "ssh-keygen for $t failed" | ||
375 | fi | ||
315 | 376 | ||
316 | # known hosts file for client | 377 | # known hosts file for client |
317 | ( | 378 | ( |
318 | echon 'localhost-with-alias,127.0.0.1,::1 ' | 379 | printf 'localhost-with-alias,127.0.0.1,::1 ' |
319 | cat $OBJ/$t.pub | 380 | cat $OBJ/$t.pub |
320 | ) >> $OBJ/known_hosts | 381 | ) >> $OBJ/known_hosts |
321 | 382 | ||
@@ -370,7 +431,7 @@ if test "$REGRESS_INTEROP_PUTTY" = "yes" ; then | |||
370 | echo "Hostname=127.0.0.1" >> ${OBJ}/.putty/sessions/localhost_proxy | 431 | echo "Hostname=127.0.0.1" >> ${OBJ}/.putty/sessions/localhost_proxy |
371 | echo "PortNumber=$PORT" >> ${OBJ}/.putty/sessions/localhost_proxy | 432 | echo "PortNumber=$PORT" >> ${OBJ}/.putty/sessions/localhost_proxy |
372 | echo "ProxyMethod=5" >> ${OBJ}/.putty/sessions/localhost_proxy | 433 | echo "ProxyMethod=5" >> ${OBJ}/.putty/sessions/localhost_proxy |
373 | echo "ProxyTelnetCommand=sh ${SRC}/sshd-log-wrapper.sh ${SSHD} ${TEST_SSH_LOGFILE} -i -f $OBJ/sshd_proxy" >> ${OBJ}/.putty/sessions/localhost_proxy | 434 | echo "ProxyTelnetCommand=sh ${SRC}/sshd-log-wrapper.sh ${SSHD} ${TEST_SSHD_LOGFILE} -i -f $OBJ/sshd_proxy" >> ${OBJ}/.putty/sessions/localhost_proxy |
374 | 435 | ||
375 | REGRESS_INTEROP_PUTTY=yes | 436 | REGRESS_INTEROP_PUTTY=yes |
376 | fi | 437 | fi |
@@ -378,7 +439,7 @@ fi | |||
378 | # create a proxy version of the client config | 439 | # create a proxy version of the client config |
379 | ( | 440 | ( |
380 | cat $OBJ/ssh_config | 441 | cat $OBJ/ssh_config |
381 | echo proxycommand ${SUDO} sh ${SRC}/sshd-log-wrapper.sh ${SSHD} ${TEST_SSH_LOGFILE} -i -f $OBJ/sshd_proxy | 442 | echo proxycommand ${SUDO} sh ${SRC}/sshd-log-wrapper.sh ${SSHD} ${TEST_SSHD_LOGFILE} -i -f $OBJ/sshd_proxy |
382 | ) > $OBJ/ssh_proxy | 443 | ) > $OBJ/ssh_proxy |
383 | 444 | ||
384 | # check proxy config | 445 | # check proxy config |
@@ -388,7 +449,7 @@ start_sshd () | |||
388 | { | 449 | { |
389 | # start sshd | 450 | # start sshd |
390 | $SUDO ${SSHD} -f $OBJ/sshd_config "$@" -t || fatal "sshd_config broken" | 451 | $SUDO ${SSHD} -f $OBJ/sshd_config "$@" -t || fatal "sshd_config broken" |
391 | $SUDO ${SSHD} -f $OBJ/sshd_config -e "$@" >>$TEST_SSH_LOGFILE 2>&1 | 452 | $SUDO ${SSHD} -f $OBJ/sshd_config "$@" -E$TEST_SSHD_LOGFILE |
392 | 453 | ||
393 | trace "wait for sshd" | 454 | trace "wait for sshd" |
394 | i=0; | 455 | i=0; |
diff --git a/regress/transfer.sh b/regress/transfer.sh index 13ea367d5..1ae3ef5bf 100644 --- a/regress/transfer.sh +++ b/regress/transfer.sh | |||
@@ -1,11 +1,8 @@ | |||
1 | # $OpenBSD: transfer.sh,v 1.1 2002/03/27 00:03:37 markus Exp $ | 1 | # $OpenBSD: transfer.sh,v 1.2 2013/05/17 04:29:14 dtucker Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="transfer data" | 4 | tid="transfer data" |
5 | 5 | ||
6 | DATA=/bin/ls${EXEEXT} | ||
7 | COPY=${OBJ}/copy | ||
8 | |||
9 | for p in 1 2; do | 6 | for p in 1 2; do |
10 | verbose "$tid: proto $p" | 7 | verbose "$tid: proto $p" |
11 | rm -f ${COPY} | 8 | rm -f ${COPY} |
diff --git a/regress/try-ciphers.sh b/regress/try-ciphers.sh index 084a1457a..e17c9f5e9 100644 --- a/regress/try-ciphers.sh +++ b/regress/try-ciphers.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: try-ciphers.sh,v 1.19 2013/02/11 23:58:51 djm Exp $ | 1 | # $OpenBSD: try-ciphers.sh,v 1.20 2013/05/17 10:16:26 dtucker Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="try ciphers" | 4 | tid="try ciphers" |
diff --git a/roaming_client.c b/roaming_client.c index 48009d781..81c496827 100644 --- a/roaming_client.c +++ b/roaming_client.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: roaming_client.c,v 1.4 2011/12/07 05:44:38 djm Exp $ */ | 1 | /* $OpenBSD: roaming_client.c,v 1.5 2013/05/17 00:13:14 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2004-2009 AppGate Network Security AB | 3 | * Copyright (c) 2004-2009 AppGate Network Security AB |
4 | * | 4 | * |
@@ -187,10 +187,10 @@ roaming_resume(void) | |||
187 | debug("server doesn't allow resume"); | 187 | debug("server doesn't allow resume"); |
188 | goto fail; | 188 | goto fail; |
189 | } | 189 | } |
190 | xfree(str); | 190 | free(str); |
191 | for (i = 1; i < PROPOSAL_MAX; i++) { | 191 | for (i = 1; i < PROPOSAL_MAX; i++) { |
192 | /* kex algorithm taken care of so start with i=1 and not 0 */ | 192 | /* kex algorithm taken care of so start with i=1 and not 0 */ |
193 | xfree(packet_get_string(&len)); | 193 | free(packet_get_string(&len)); |
194 | } | 194 | } |
195 | i = packet_get_char(); /* first_kex_packet_follows */ | 195 | i = packet_get_char(); /* first_kex_packet_follows */ |
196 | if (i && (c = strchr(kexlist, ','))) | 196 | if (i && (c = strchr(kexlist, ','))) |
@@ -226,8 +226,7 @@ roaming_resume(void) | |||
226 | return 0; | 226 | return 0; |
227 | 227 | ||
228 | fail: | 228 | fail: |
229 | if (kexlist) | 229 | free(kexlist); |
230 | xfree(kexlist); | ||
231 | if (packet_get_connection_in() == packet_get_connection_out()) | 230 | if (packet_get_connection_in() == packet_get_connection_out()) |
232 | close(packet_get_connection_in()); | 231 | close(packet_get_connection_in()); |
233 | else { | 232 | else { |
diff --git a/roaming_common.c b/roaming_common.c index 8d0b6054a..50d6177d0 100644 --- a/roaming_common.c +++ b/roaming_common.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: roaming_common.c,v 1.9 2011/12/07 05:44:38 djm Exp $ */ | 1 | /* $OpenBSD: roaming_common.c,v 1.10 2013/07/12 00:19:59 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2004-2009 AppGate Network Security AB | 3 | * Copyright (c) 2004-2009 AppGate Network Security AB |
4 | * | 4 | * |
@@ -227,7 +227,7 @@ calculate_new_key(u_int64_t *key, u_int64_t cookie, u_int64_t challenge) | |||
227 | { | 227 | { |
228 | const EVP_MD *md = EVP_sha1(); | 228 | const EVP_MD *md = EVP_sha1(); |
229 | EVP_MD_CTX ctx; | 229 | EVP_MD_CTX ctx; |
230 | char hash[EVP_MAX_MD_SIZE]; | 230 | u_char hash[EVP_MAX_MD_SIZE]; |
231 | Buffer b; | 231 | Buffer b; |
232 | 232 | ||
233 | buffer_init(&b); | 233 | buffer_init(&b); |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: rsa.c,v 1.29 2006/11/06 21:25:28 markus Exp $ */ | 1 | /* $OpenBSD: rsa.c,v 1.30 2013/05/17 00:13:14 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -96,8 +96,8 @@ rsa_public_encrypt(BIGNUM *out, BIGNUM *in, RSA *key) | |||
96 | 96 | ||
97 | memset(outbuf, 0, olen); | 97 | memset(outbuf, 0, olen); |
98 | memset(inbuf, 0, ilen); | 98 | memset(inbuf, 0, ilen); |
99 | xfree(outbuf); | 99 | free(outbuf); |
100 | xfree(inbuf); | 100 | free(inbuf); |
101 | } | 101 | } |
102 | 102 | ||
103 | int | 103 | int |
@@ -122,8 +122,8 @@ rsa_private_decrypt(BIGNUM *out, BIGNUM *in, RSA *key) | |||
122 | } | 122 | } |
123 | memset(outbuf, 0, olen); | 123 | memset(outbuf, 0, olen); |
124 | memset(inbuf, 0, ilen); | 124 | memset(inbuf, 0, ilen); |
125 | xfree(outbuf); | 125 | free(outbuf); |
126 | xfree(inbuf); | 126 | free(inbuf); |
127 | return len; | 127 | return len; |
128 | } | 128 | } |
129 | 129 | ||
diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c index e12418399..cc1465305 100644 --- a/sandbox-seccomp-filter.c +++ b/sandbox-seccomp-filter.c | |||
@@ -91,6 +91,7 @@ static const struct sock_filter preauth_insns[] = { | |||
91 | SC_DENY(open, EACCES), | 91 | SC_DENY(open, EACCES), |
92 | SC_ALLOW(getpid), | 92 | SC_ALLOW(getpid), |
93 | SC_ALLOW(gettimeofday), | 93 | SC_ALLOW(gettimeofday), |
94 | SC_ALLOW(clock_gettime), | ||
94 | #ifdef __NR_time /* not defined on EABI ARM */ | 95 | #ifdef __NR_time /* not defined on EABI ARM */ |
95 | SC_ALLOW(time), | 96 | SC_ALLOW(time), |
96 | #endif | 97 | #endif |
diff --git a/sandbox-systrace.c b/sandbox-systrace.c index 2d16a627f..cc0db46c4 100644 --- a/sandbox-systrace.c +++ b/sandbox-systrace.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sandbox-systrace.c,v 1.6 2012/06/30 14:35:09 markus Exp $ */ | 1 | /* $OpenBSD: sandbox-systrace.c,v 1.7 2013/06/01 13:15:52 dtucker Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2011 Damien Miller <djm@mindrot.org> | 3 | * Copyright (c) 2011 Damien Miller <djm@mindrot.org> |
4 | * | 4 | * |
@@ -57,6 +57,7 @@ static const struct sandbox_policy preauth_policy[] = { | |||
57 | { SYS_exit, SYSTR_POLICY_PERMIT }, | 57 | { SYS_exit, SYSTR_POLICY_PERMIT }, |
58 | { SYS_getpid, SYSTR_POLICY_PERMIT }, | 58 | { SYS_getpid, SYSTR_POLICY_PERMIT }, |
59 | { SYS_gettimeofday, SYSTR_POLICY_PERMIT }, | 59 | { SYS_gettimeofday, SYSTR_POLICY_PERMIT }, |
60 | { SYS_clock_gettime, SYSTR_POLICY_PERMIT }, | ||
60 | { SYS_madvise, SYSTR_POLICY_PERMIT }, | 61 | { SYS_madvise, SYSTR_POLICY_PERMIT }, |
61 | { SYS_mmap, SYSTR_POLICY_PERMIT }, | 62 | { SYS_mmap, SYSTR_POLICY_PERMIT }, |
62 | { SYS_mprotect, SYSTR_POLICY_PERMIT }, | 63 | { SYS_mprotect, SYSTR_POLICY_PERMIT }, |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: schnorr.c,v 1.5 2010/12/03 23:49:26 djm Exp $ */ | 1 | /* $OpenBSD: schnorr.c,v 1.7 2013/05/17 00:13:14 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2008 Damien Miller. All rights reserved. | 3 | * Copyright (c) 2008 Damien Miller. All rights reserved. |
4 | * | 4 | * |
@@ -102,7 +102,7 @@ schnorr_hash(const BIGNUM *p, const BIGNUM *q, const BIGNUM *g, | |||
102 | out: | 102 | out: |
103 | buffer_free(&b); | 103 | buffer_free(&b); |
104 | bzero(digest, digest_len); | 104 | bzero(digest, digest_len); |
105 | xfree(digest); | 105 | free(digest); |
106 | digest_len = 0; | 106 | digest_len = 0; |
107 | if (success == 0) | 107 | if (success == 0) |
108 | return h; | 108 | return h; |
@@ -488,12 +488,13 @@ debug3_bn(const BIGNUM *n, const char *fmt, ...) | |||
488 | { | 488 | { |
489 | char *out, *h; | 489 | char *out, *h; |
490 | va_list args; | 490 | va_list args; |
491 | int ret; | ||
491 | 492 | ||
492 | out = NULL; | 493 | out = NULL; |
493 | va_start(args, fmt); | 494 | va_start(args, fmt); |
494 | vasprintf(&out, fmt, args); | 495 | ret = vasprintf(&out, fmt, args); |
495 | va_end(args); | 496 | va_end(args); |
496 | if (out == NULL) | 497 | if (ret == -1 || out == NULL) |
497 | fatal("%s: vasprintf failed", __func__); | 498 | fatal("%s: vasprintf failed", __func__); |
498 | 499 | ||
499 | if (n == NULL) | 500 | if (n == NULL) |
@@ -513,12 +514,13 @@ debug3_buf(const u_char *buf, u_int len, const char *fmt, ...) | |||
513 | char *out, h[65]; | 514 | char *out, h[65]; |
514 | u_int i, j; | 515 | u_int i, j; |
515 | va_list args; | 516 | va_list args; |
517 | int ret; | ||
516 | 518 | ||
517 | out = NULL; | 519 | out = NULL; |
518 | va_start(args, fmt); | 520 | va_start(args, fmt); |
519 | vasprintf(&out, fmt, args); | 521 | ret = vasprintf(&out, fmt, args); |
520 | va_end(args); | 522 | va_end(args); |
521 | if (out == NULL) | 523 | if (ret == -1 || out == NULL) |
522 | fatal("%s: vasprintf failed", __func__); | 524 | fatal("%s: vasprintf failed", __func__); |
523 | 525 | ||
524 | debug3("%s length %u%s", out, len, buf == NULL ? " (null)" : ""); | 526 | debug3("%s length %u%s", out, len, buf == NULL ? " (null)" : ""); |
@@ -571,7 +573,7 @@ modp_group_free(struct modp_group *grp) | |||
571 | if (grp->q != NULL) | 573 | if (grp->q != NULL) |
572 | BN_clear_free(grp->q); | 574 | BN_clear_free(grp->q); |
573 | bzero(grp, sizeof(*grp)); | 575 | bzero(grp, sizeof(*grp)); |
574 | xfree(grp); | 576 | free(grp); |
575 | } | 577 | } |
576 | 578 | ||
577 | /* main() function for self-test */ | 579 | /* main() function for self-test */ |
@@ -606,7 +608,7 @@ schnorr_selftest_one(const BIGNUM *grp_p, const BIGNUM *grp_q, | |||
606 | if (schnorr_verify_buf(grp_p, grp_q, grp_g, g_x, "junk", 4, | 608 | if (schnorr_verify_buf(grp_p, grp_q, grp_g, g_x, "junk", 4, |
607 | sig, siglen) != 0) | 609 | sig, siglen) != 0) |
608 | fatal("%s: verify should have failed (bit error)", __func__); | 610 | fatal("%s: verify should have failed (bit error)", __func__); |
609 | xfree(sig); | 611 | free(sig); |
610 | BN_free(g_x); | 612 | BN_free(g_x); |
611 | BN_CTX_free(bn_ctx); | 613 | BN_CTX_free(bn_ctx); |
612 | } | 614 | } |
@@ -155,4 +155,4 @@ AUTHORS | |||
155 | Timo Rinne <tri@iki.fi> | 155 | Timo Rinne <tri@iki.fi> |
156 | Tatu Ylonen <ylo@cs.hut.fi> | 156 | Tatu Ylonen <ylo@cs.hut.fi> |
157 | 157 | ||
158 | OpenBSD 5.3 September 5, 2011 OpenBSD 5.3 | 158 | OpenBSD 5.4 July 16, 2013 OpenBSD 5.4 |
@@ -8,9 +8,9 @@ | |||
8 | .\" | 8 | .\" |
9 | .\" Created: Sun May 7 00:14:37 1995 ylo | 9 | .\" Created: Sun May 7 00:14:37 1995 ylo |
10 | .\" | 10 | .\" |
11 | .\" $OpenBSD: scp.1,v 1.58 2011/09/05 07:01:44 jmc Exp $ | 11 | .\" $OpenBSD: scp.1,v 1.59 2013/07/16 00:07:52 schwarze Exp $ |
12 | .\" | 12 | .\" |
13 | .Dd $Mdocdate: September 5 2011 $ | 13 | .Dd $Mdocdate: July 16 2013 $ |
14 | .Dt SCP 1 | 14 | .Dt SCP 1 |
15 | .Os | 15 | .Os |
16 | .Sh NAME | 16 | .Sh NAME |
@@ -235,5 +235,5 @@ is based on the | |||
235 | program in BSD source code from the Regents of the University of | 235 | program in BSD source code from the Regents of the University of |
236 | California. | 236 | California. |
237 | .Sh AUTHORS | 237 | .Sh AUTHORS |
238 | .An Timo Rinne Aq tri@iki.fi | 238 | .An Timo Rinne Aq Mt tri@iki.fi |
239 | .An Tatu Ylonen Aq ylo@cs.hut.fi | 239 | .An Tatu Ylonen Aq Mt ylo@cs.hut.fi |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: scp.c,v 1.171 2011/09/09 22:37:01 djm Exp $ */ | 1 | /* $OpenBSD: scp.c,v 1.178 2013/06/22 06:31:57 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * scp - secure remote copy. This is basically patched BSD rcp which | 3 | * scp - secure remote copy. This is basically patched BSD rcp which |
4 | * uses ssh to do the data transfer (instead of using rcmd). | 4 | * uses ssh to do the data transfer (instead of using rcmd). |
@@ -550,6 +550,24 @@ scpio(void *_cnt, size_t s) | |||
550 | return 0; | 550 | return 0; |
551 | } | 551 | } |
552 | 552 | ||
553 | static int | ||
554 | do_times(int fd, int verb, const struct stat *sb) | ||
555 | { | ||
556 | /* strlen(2^64) == 20; strlen(10^6) == 7 */ | ||
557 | char buf[(20 + 7 + 2) * 2 + 2]; | ||
558 | |||
559 | (void)snprintf(buf, sizeof(buf), "T%llu 0 %llu 0\n", | ||
560 | (unsigned long long) (sb->st_mtime < 0 ? 0 : sb->st_mtime), | ||
561 | (unsigned long long) (sb->st_atime < 0 ? 0 : sb->st_atime)); | ||
562 | if (verb) { | ||
563 | fprintf(stderr, "File mtime %lld atime %lld\n", | ||
564 | (long long)sb->st_mtime, (long long)sb->st_atime); | ||
565 | fprintf(stderr, "Sending file timestamps: %s", buf); | ||
566 | } | ||
567 | (void) atomicio(vwrite, fd, buf, strlen(buf)); | ||
568 | return (response()); | ||
569 | } | ||
570 | |||
553 | void | 571 | void |
554 | toremote(char *targ, int argc, char **argv) | 572 | toremote(char *targ, int argc, char **argv) |
555 | { | 573 | { |
@@ -578,7 +596,7 @@ toremote(char *targ, int argc, char **argv) | |||
578 | } | 596 | } |
579 | 597 | ||
580 | if (tuser != NULL && !okname(tuser)) { | 598 | if (tuser != NULL && !okname(tuser)) { |
581 | xfree(arg); | 599 | free(arg); |
582 | return; | 600 | return; |
583 | } | 601 | } |
584 | 602 | ||
@@ -605,13 +623,13 @@ toremote(char *targ, int argc, char **argv) | |||
605 | *src == '-' ? "-- " : "", src); | 623 | *src == '-' ? "-- " : "", src); |
606 | if (do_cmd(host, suser, bp, &remin, &remout) < 0) | 624 | if (do_cmd(host, suser, bp, &remin, &remout) < 0) |
607 | exit(1); | 625 | exit(1); |
608 | (void) xfree(bp); | 626 | free(bp); |
609 | host = cleanhostname(thost); | 627 | host = cleanhostname(thost); |
610 | xasprintf(&bp, "%s -t %s%s", cmd, | 628 | xasprintf(&bp, "%s -t %s%s", cmd, |
611 | *targ == '-' ? "-- " : "", targ); | 629 | *targ == '-' ? "-- " : "", targ); |
612 | if (do_cmd2(host, tuser, bp, remin, remout) < 0) | 630 | if (do_cmd2(host, tuser, bp, remin, remout) < 0) |
613 | exit(1); | 631 | exit(1); |
614 | (void) xfree(bp); | 632 | free(bp); |
615 | (void) close(remin); | 633 | (void) close(remin); |
616 | (void) close(remout); | 634 | (void) close(remout); |
617 | remin = remout = -1; | 635 | remin = remout = -1; |
@@ -662,12 +680,12 @@ toremote(char *targ, int argc, char **argv) | |||
662 | exit(1); | 680 | exit(1); |
663 | if (response() < 0) | 681 | if (response() < 0) |
664 | exit(1); | 682 | exit(1); |
665 | (void) xfree(bp); | 683 | free(bp); |
666 | } | 684 | } |
667 | source(1, argv + i); | 685 | source(1, argv + i); |
668 | } | 686 | } |
669 | } | 687 | } |
670 | xfree(arg); | 688 | free(arg); |
671 | } | 689 | } |
672 | 690 | ||
673 | void | 691 | void |
@@ -711,11 +729,11 @@ tolocal(int argc, char **argv) | |||
711 | xasprintf(&bp, "%s -f %s%s", | 729 | xasprintf(&bp, "%s -f %s%s", |
712 | cmd, *src == '-' ? "-- " : "", src); | 730 | cmd, *src == '-' ? "-- " : "", src); |
713 | if (do_cmd(host, suser, bp, &remin, &remout) < 0) { | 731 | if (do_cmd(host, suser, bp, &remin, &remout) < 0) { |
714 | (void) xfree(bp); | 732 | free(bp); |
715 | ++errs; | 733 | ++errs; |
716 | continue; | 734 | continue; |
717 | } | 735 | } |
718 | xfree(bp); | 736 | free(bp); |
719 | sink(1, argv + argc - 1); | 737 | sink(1, argv + argc - 1); |
720 | (void) close(remin); | 738 | (void) close(remin); |
721 | remin = remout = -1; | 739 | remin = remout = -1; |
@@ -774,21 +792,7 @@ syserr: run_err("%s: %s", name, strerror(errno)); | |||
774 | ++last; | 792 | ++last; |
775 | curfile = last; | 793 | curfile = last; |
776 | if (pflag) { | 794 | if (pflag) { |
777 | /* | 795 | if (do_times(remout, verbose_mode, &stb) < 0) |
778 | * Make it compatible with possible future | ||
779 | * versions expecting microseconds. | ||
780 | */ | ||
781 | (void) snprintf(buf, sizeof buf, "T%lu 0 %lu 0\n", | ||
782 | (u_long) (stb.st_mtime < 0 ? 0 : stb.st_mtime), | ||
783 | (u_long) (stb.st_atime < 0 ? 0 : stb.st_atime)); | ||
784 | if (verbose_mode) { | ||
785 | fprintf(stderr, "File mtime %ld atime %ld\n", | ||
786 | (long)stb.st_mtime, (long)stb.st_atime); | ||
787 | fprintf(stderr, "Sending file timestamps: %s", | ||
788 | buf); | ||
789 | } | ||
790 | (void) atomicio(vwrite, remout, buf, strlen(buf)); | ||
791 | if (response() < 0) | ||
792 | goto next; | 796 | goto next; |
793 | } | 797 | } |
794 | #define FILEMODEMASK (S_ISUID|S_ISGID|S_IRWXU|S_IRWXG|S_IRWXO) | 798 | #define FILEMODEMASK (S_ISUID|S_ISGID|S_IRWXU|S_IRWXG|S_IRWXO) |
@@ -850,7 +854,7 @@ rsource(char *name, struct stat *statp) | |||
850 | { | 854 | { |
851 | DIR *dirp; | 855 | DIR *dirp; |
852 | struct dirent *dp; | 856 | struct dirent *dp; |
853 | char *last, *vect[1], path[1100]; | 857 | char *last, *vect[1], path[MAXPATHLEN]; |
854 | 858 | ||
855 | if (!(dirp = opendir(name))) { | 859 | if (!(dirp = opendir(name))) { |
856 | run_err("%s: %s", name, strerror(errno)); | 860 | run_err("%s: %s", name, strerror(errno)); |
@@ -862,11 +866,7 @@ rsource(char *name, struct stat *statp) | |||
862 | else | 866 | else |
863 | last++; | 867 | last++; |
864 | if (pflag) { | 868 | if (pflag) { |
865 | (void) snprintf(path, sizeof(path), "T%lu 0 %lu 0\n", | 869 | if (do_times(remout, verbose_mode, statp) < 0) { |
866 | (u_long) statp->st_mtime, | ||
867 | (u_long) statp->st_atime); | ||
868 | (void) atomicio(vwrite, remout, path, strlen(path)); | ||
869 | if (response() < 0) { | ||
870 | closedir(dirp); | 870 | closedir(dirp); |
871 | return; | 871 | return; |
872 | } | 872 | } |
@@ -912,6 +912,7 @@ sink(int argc, char **argv) | |||
912 | int amt, exists, first, ofd; | 912 | int amt, exists, first, ofd; |
913 | mode_t mode, omode, mask; | 913 | mode_t mode, omode, mask; |
914 | off_t size, statbytes; | 914 | off_t size, statbytes; |
915 | unsigned long long ull; | ||
915 | int setimes, targisdir, wrerrno = 0; | 916 | int setimes, targisdir, wrerrno = 0; |
916 | char ch, *cp, *np, *targ, *why, *vect[1], buf[2048]; | 917 | char ch, *cp, *np, *targ, *why, *vect[1], buf[2048]; |
917 | struct timeval tv[2]; | 918 | struct timeval tv[2]; |
@@ -970,17 +971,31 @@ sink(int argc, char **argv) | |||
970 | if (*cp == 'T') { | 971 | if (*cp == 'T') { |
971 | setimes++; | 972 | setimes++; |
972 | cp++; | 973 | cp++; |
973 | mtime.tv_sec = strtol(cp, &cp, 10); | 974 | if (!isdigit((unsigned char)*cp)) |
975 | SCREWUP("mtime.sec not present"); | ||
976 | ull = strtoull(cp, &cp, 10); | ||
974 | if (!cp || *cp++ != ' ') | 977 | if (!cp || *cp++ != ' ') |
975 | SCREWUP("mtime.sec not delimited"); | 978 | SCREWUP("mtime.sec not delimited"); |
979 | if ((time_t)ull < 0 || | ||
980 | (unsigned long long)(time_t)ull != ull) | ||
981 | setimes = 0; /* out of range */ | ||
982 | mtime.tv_sec = ull; | ||
976 | mtime.tv_usec = strtol(cp, &cp, 10); | 983 | mtime.tv_usec = strtol(cp, &cp, 10); |
977 | if (!cp || *cp++ != ' ') | 984 | if (!cp || *cp++ != ' ' || mtime.tv_usec < 0 || |
985 | mtime.tv_usec > 999999) | ||
978 | SCREWUP("mtime.usec not delimited"); | 986 | SCREWUP("mtime.usec not delimited"); |
979 | atime.tv_sec = strtol(cp, &cp, 10); | 987 | if (!isdigit((unsigned char)*cp)) |
988 | SCREWUP("atime.sec not present"); | ||
989 | ull = strtoull(cp, &cp, 10); | ||
980 | if (!cp || *cp++ != ' ') | 990 | if (!cp || *cp++ != ' ') |
981 | SCREWUP("atime.sec not delimited"); | 991 | SCREWUP("atime.sec not delimited"); |
992 | if ((time_t)ull < 0 || | ||
993 | (unsigned long long)(time_t)ull != ull) | ||
994 | setimes = 0; /* out of range */ | ||
995 | atime.tv_sec = ull; | ||
982 | atime.tv_usec = strtol(cp, &cp, 10); | 996 | atime.tv_usec = strtol(cp, &cp, 10); |
983 | if (!cp || *cp++ != '\0') | 997 | if (!cp || *cp++ != '\0' || atime.tv_usec < 0 || |
998 | atime.tv_usec > 999999) | ||
984 | SCREWUP("atime.usec not delimited"); | 999 | SCREWUP("atime.usec not delimited"); |
985 | (void) atomicio(vwrite, remout, "", 1); | 1000 | (void) atomicio(vwrite, remout, "", 1); |
986 | continue; | 1001 | continue; |
@@ -1023,8 +1038,7 @@ sink(int argc, char **argv) | |||
1023 | 1038 | ||
1024 | need = strlen(targ) + strlen(cp) + 250; | 1039 | need = strlen(targ) + strlen(cp) + 250; |
1025 | if (need > cursize) { | 1040 | if (need > cursize) { |
1026 | if (namebuf) | 1041 | free(namebuf); |
1027 | xfree(namebuf); | ||
1028 | namebuf = xmalloc(need); | 1042 | namebuf = xmalloc(need); |
1029 | cursize = need; | 1043 | cursize = need; |
1030 | } | 1044 | } |
@@ -1063,12 +1077,11 @@ sink(int argc, char **argv) | |||
1063 | } | 1077 | } |
1064 | if (mod_flag) | 1078 | if (mod_flag) |
1065 | (void) chmod(vect[0], mode); | 1079 | (void) chmod(vect[0], mode); |
1066 | if (vect[0]) | 1080 | free(vect[0]); |
1067 | xfree(vect[0]); | ||
1068 | continue; | 1081 | continue; |
1069 | } | 1082 | } |
1070 | omode = mode; | 1083 | omode = mode; |
1071 | mode |= S_IWRITE; | 1084 | mode |= S_IWUSR; |
1072 | if ((ofd = open(np, O_WRONLY|O_CREAT, mode)) < 0) { | 1085 | if ((ofd = open(np, O_WRONLY|O_CREAT, mode)) < 0) { |
1073 | bad: run_err("%s: %s", np, strerror(errno)); | 1086 | bad: run_err("%s: %s", np, strerror(errno)); |
1074 | continue; | 1087 | continue; |
@@ -1325,7 +1338,7 @@ void | |||
1325 | lostconn(int signo) | 1338 | lostconn(int signo) |
1326 | { | 1339 | { |
1327 | if (!iamremote) | 1340 | if (!iamremote) |
1328 | write(STDERR_FILENO, "lost connection\n", 16); | 1341 | (void)write(STDERR_FILENO, "lost connection\n", 16); |
1329 | if (signo) | 1342 | if (signo) |
1330 | _exit(1); | 1343 | _exit(1); |
1331 | else | 1344 | else |
diff --git a/servconf.c b/servconf.c index cdc029308..c938ae399 100644 --- a/servconf.c +++ b/servconf.c | |||
@@ -1,5 +1,5 @@ | |||
1 | 1 | ||
2 | /* $OpenBSD: servconf.c,v 1.234 2013/02/06 00:20:42 dtucker Exp $ */ | 2 | /* $OpenBSD: servconf.c,v 1.240 2013/07/19 07:37:48 markus Exp $ */ |
3 | /* | 3 | /* |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
5 | * All rights reserved | 5 | * All rights reserved |
@@ -20,6 +20,7 @@ | |||
20 | #include <netinet/in_systm.h> | 20 | #include <netinet/in_systm.h> |
21 | #include <netinet/ip.h> | 21 | #include <netinet/ip.h> |
22 | 22 | ||
23 | #include <ctype.h> | ||
23 | #include <netdb.h> | 24 | #include <netdb.h> |
24 | #include <pwd.h> | 25 | #include <pwd.h> |
25 | #include <stdio.h> | 26 | #include <stdio.h> |
@@ -29,6 +30,9 @@ | |||
29 | #include <unistd.h> | 30 | #include <unistd.h> |
30 | #include <stdarg.h> | 31 | #include <stdarg.h> |
31 | #include <errno.h> | 32 | #include <errno.h> |
33 | #ifdef HAVE_UTIL_H | ||
34 | #include <util.h> | ||
35 | #endif | ||
32 | 36 | ||
33 | #include "openbsd-compat/sys-queue.h" | 37 | #include "openbsd-compat/sys-queue.h" |
34 | #include "xmalloc.h" | 38 | #include "xmalloc.h" |
@@ -75,6 +79,7 @@ initialize_server_options(ServerOptions *options) | |||
75 | options->address_family = -1; | 79 | options->address_family = -1; |
76 | options->num_host_key_files = 0; | 80 | options->num_host_key_files = 0; |
77 | options->num_host_cert_files = 0; | 81 | options->num_host_cert_files = 0; |
82 | options->host_key_agent = NULL; | ||
78 | options->pid_file = NULL; | 83 | options->pid_file = NULL; |
79 | options->server_key_bits = -1; | 84 | options->server_key_bits = -1; |
80 | options->login_grace_time = -1; | 85 | options->login_grace_time = -1; |
@@ -113,6 +118,8 @@ initialize_server_options(ServerOptions *options) | |||
113 | options->permit_user_env = -1; | 118 | options->permit_user_env = -1; |
114 | options->use_login = -1; | 119 | options->use_login = -1; |
115 | options->compression = -1; | 120 | options->compression = -1; |
121 | options->rekey_limit = -1; | ||
122 | options->rekey_interval = -1; | ||
116 | options->allow_tcp_forwarding = -1; | 123 | options->allow_tcp_forwarding = -1; |
117 | options->allow_agent_forwarding = -1; | 124 | options->allow_agent_forwarding = -1; |
118 | options->num_allow_users = 0; | 125 | options->num_allow_users = 0; |
@@ -258,6 +265,10 @@ fill_default_server_options(ServerOptions *options) | |||
258 | options->use_login = 0; | 265 | options->use_login = 0; |
259 | if (options->compression == -1) | 266 | if (options->compression == -1) |
260 | options->compression = COMP_DELAYED; | 267 | options->compression = COMP_DELAYED; |
268 | if (options->rekey_limit == -1) | ||
269 | options->rekey_limit = 0; | ||
270 | if (options->rekey_interval == -1) | ||
271 | options->rekey_interval = 0; | ||
261 | if (options->allow_tcp_forwarding == -1) | 272 | if (options->allow_tcp_forwarding == -1) |
262 | options->allow_tcp_forwarding = FORWARD_ALLOW; | 273 | options->allow_tcp_forwarding = FORWARD_ALLOW; |
263 | if (options->allow_agent_forwarding == -1) | 274 | if (options->allow_agent_forwarding == -1) |
@@ -329,7 +340,7 @@ typedef enum { | |||
329 | sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, | 340 | sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, |
330 | sStrictModes, sEmptyPasswd, sTCPKeepAlive, | 341 | sStrictModes, sEmptyPasswd, sTCPKeepAlive, |
331 | sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression, | 342 | sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression, |
332 | sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, | 343 | sRekeyLimit, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, |
333 | sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile, | 344 | sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile, |
334 | sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, | 345 | sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, |
335 | sMaxStartups, sMaxAuthTries, sMaxSessions, | 346 | sMaxStartups, sMaxAuthTries, sMaxSessions, |
@@ -345,7 +356,7 @@ typedef enum { | |||
345 | sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, | 356 | sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, |
346 | sKexAlgorithms, sIPQoS, sVersionAddendum, | 357 | sKexAlgorithms, sIPQoS, sVersionAddendum, |
347 | sAuthorizedKeysCommand, sAuthorizedKeysCommandUser, | 358 | sAuthorizedKeysCommand, sAuthorizedKeysCommandUser, |
348 | sAuthenticationMethods, | 359 | sAuthenticationMethods, sHostKeyAgent, |
349 | sDeprecated, sUnsupported | 360 | sDeprecated, sUnsupported |
350 | } ServerOpCodes; | 361 | } ServerOpCodes; |
351 | 362 | ||
@@ -370,6 +381,7 @@ static struct { | |||
370 | { "port", sPort, SSHCFG_GLOBAL }, | 381 | { "port", sPort, SSHCFG_GLOBAL }, |
371 | { "hostkey", sHostKeyFile, SSHCFG_GLOBAL }, | 382 | { "hostkey", sHostKeyFile, SSHCFG_GLOBAL }, |
372 | { "hostdsakey", sHostKeyFile, SSHCFG_GLOBAL }, /* alias */ | 383 | { "hostdsakey", sHostKeyFile, SSHCFG_GLOBAL }, /* alias */ |
384 | { "hostkeyagent", sHostKeyAgent, SSHCFG_GLOBAL }, | ||
373 | { "pidfile", sPidFile, SSHCFG_GLOBAL }, | 385 | { "pidfile", sPidFile, SSHCFG_GLOBAL }, |
374 | { "serverkeybits", sServerKeyBits, SSHCFG_GLOBAL }, | 386 | { "serverkeybits", sServerKeyBits, SSHCFG_GLOBAL }, |
375 | { "logingracetime", sLoginGraceTime, SSHCFG_GLOBAL }, | 387 | { "logingracetime", sLoginGraceTime, SSHCFG_GLOBAL }, |
@@ -443,6 +455,7 @@ static struct { | |||
443 | { "permituserenvironment", sPermitUserEnvironment, SSHCFG_GLOBAL }, | 455 | { "permituserenvironment", sPermitUserEnvironment, SSHCFG_GLOBAL }, |
444 | { "uselogin", sUseLogin, SSHCFG_GLOBAL }, | 456 | { "uselogin", sUseLogin, SSHCFG_GLOBAL }, |
445 | { "compression", sCompression, SSHCFG_GLOBAL }, | 457 | { "compression", sCompression, SSHCFG_GLOBAL }, |
458 | { "rekeylimit", sRekeyLimit, SSHCFG_ALL }, | ||
446 | { "tcpkeepalive", sTCPKeepAlive, SSHCFG_GLOBAL }, | 459 | { "tcpkeepalive", sTCPKeepAlive, SSHCFG_GLOBAL }, |
447 | { "keepalive", sTCPKeepAlive, SSHCFG_GLOBAL }, /* obsolete alias */ | 460 | { "keepalive", sTCPKeepAlive, SSHCFG_GLOBAL }, /* obsolete alias */ |
448 | { "allowtcpforwarding", sAllowTcpForwarding, SSHCFG_ALL }, | 461 | { "allowtcpforwarding", sAllowTcpForwarding, SSHCFG_ALL }, |
@@ -530,7 +543,7 @@ derelativise_path(const char *path) | |||
530 | if (getcwd(cwd, sizeof(cwd)) == NULL) | 543 | if (getcwd(cwd, sizeof(cwd)) == NULL) |
531 | fatal("%s: getcwd: %s", __func__, strerror(errno)); | 544 | fatal("%s: getcwd: %s", __func__, strerror(errno)); |
532 | xasprintf(&ret, "%s/%s", cwd, expanded); | 545 | xasprintf(&ret, "%s/%s", cwd, expanded); |
533 | xfree(expanded); | 546 | free(expanded); |
534 | return ret; | 547 | return ret; |
535 | } | 548 | } |
536 | 549 | ||
@@ -822,13 +835,13 @@ process_server_config_line(ServerOptions *options, char *line, | |||
822 | struct connection_info *connectinfo) | 835 | struct connection_info *connectinfo) |
823 | { | 836 | { |
824 | char *cp, **charptr, *arg, *p; | 837 | char *cp, **charptr, *arg, *p; |
825 | int cmdline = 0, *intptr, value, value2, n; | 838 | int cmdline = 0, *intptr, value, value2, n, port; |
826 | SyslogFacility *log_facility_ptr; | 839 | SyslogFacility *log_facility_ptr; |
827 | LogLevel *log_level_ptr; | 840 | LogLevel *log_level_ptr; |
828 | ServerOpCodes opcode; | 841 | ServerOpCodes opcode; |
829 | int port; | ||
830 | u_int i, flags = 0; | 842 | u_int i, flags = 0; |
831 | size_t len; | 843 | size_t len; |
844 | long long val64; | ||
832 | const struct multistate *multistate_ptr; | 845 | const struct multistate *multistate_ptr; |
833 | 846 | ||
834 | cp = line; | 847 | cp = line; |
@@ -988,6 +1001,17 @@ process_server_config_line(ServerOptions *options, char *line, | |||
988 | } | 1001 | } |
989 | break; | 1002 | break; |
990 | 1003 | ||
1004 | case sHostKeyAgent: | ||
1005 | charptr = &options->host_key_agent; | ||
1006 | arg = strdelim(&cp); | ||
1007 | if (!arg || *arg == '\0') | ||
1008 | fatal("%s line %d: missing socket name.", | ||
1009 | filename, linenum); | ||
1010 | if (*activep && *charptr == NULL) | ||
1011 | *charptr = !strcmp(arg, SSH_AUTHSOCKET_ENV_NAME) ? | ||
1012 | xstrdup(arg) : derelativise_path(arg); | ||
1013 | break; | ||
1014 | |||
991 | case sHostCertificate: | 1015 | case sHostCertificate: |
992 | intptr = &options->num_host_cert_files; | 1016 | intptr = &options->num_host_cert_files; |
993 | if (*intptr >= MAX_HOSTKEYS) | 1017 | if (*intptr >= MAX_HOSTKEYS) |
@@ -1151,6 +1175,37 @@ process_server_config_line(ServerOptions *options, char *line, | |||
1151 | multistate_ptr = multistate_compression; | 1175 | multistate_ptr = multistate_compression; |
1152 | goto parse_multistate; | 1176 | goto parse_multistate; |
1153 | 1177 | ||
1178 | case sRekeyLimit: | ||
1179 | arg = strdelim(&cp); | ||
1180 | if (!arg || *arg == '\0') | ||
1181 | fatal("%.200s line %d: Missing argument.", filename, | ||
1182 | linenum); | ||
1183 | if (strcmp(arg, "default") == 0) { | ||
1184 | val64 = 0; | ||
1185 | } else { | ||
1186 | if (scan_scaled(arg, &val64) == -1) | ||
1187 | fatal("%.200s line %d: Bad number '%s': %s", | ||
1188 | filename, linenum, arg, strerror(errno)); | ||
1189 | /* check for too-large or too-small limits */ | ||
1190 | if (val64 > UINT_MAX) | ||
1191 | fatal("%.200s line %d: RekeyLimit too large", | ||
1192 | filename, linenum); | ||
1193 | if (val64 != 0 && val64 < 16) | ||
1194 | fatal("%.200s line %d: RekeyLimit too small", | ||
1195 | filename, linenum); | ||
1196 | } | ||
1197 | if (*activep && options->rekey_limit == -1) | ||
1198 | options->rekey_limit = (u_int32_t)val64; | ||
1199 | if (cp != NULL) { /* optional rekey interval present */ | ||
1200 | if (strcmp(cp, "none") == 0) { | ||
1201 | (void)strdelim(&cp); /* discard */ | ||
1202 | break; | ||
1203 | } | ||
1204 | intptr = &options->rekey_interval; | ||
1205 | goto parse_time; | ||
1206 | } | ||
1207 | break; | ||
1208 | |||
1154 | case sGatewayPorts: | 1209 | case sGatewayPorts: |
1155 | intptr = &options->gateway_ports; | 1210 | intptr = &options->gateway_ports; |
1156 | multistate_ptr = multistate_gatewayports; | 1211 | multistate_ptr = multistate_gatewayports; |
@@ -1704,8 +1759,7 @@ int server_match_spec_complete(struct connection_info *ci) | |||
1704 | } while (0) | 1759 | } while (0) |
1705 | #define M_CP_STROPT(n) do {\ | 1760 | #define M_CP_STROPT(n) do {\ |
1706 | if (src->n != NULL) { \ | 1761 | if (src->n != NULL) { \ |
1707 | if (dst->n != NULL) \ | 1762 | free(dst->n); \ |
1708 | xfree(dst->n); \ | ||
1709 | dst->n = src->n; \ | 1763 | dst->n = src->n; \ |
1710 | } \ | 1764 | } \ |
1711 | } while(0) | 1765 | } while(0) |
@@ -1751,6 +1805,8 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth) | |||
1751 | M_CP_INTOPT(max_authtries); | 1805 | M_CP_INTOPT(max_authtries); |
1752 | M_CP_INTOPT(ip_qos_interactive); | 1806 | M_CP_INTOPT(ip_qos_interactive); |
1753 | M_CP_INTOPT(ip_qos_bulk); | 1807 | M_CP_INTOPT(ip_qos_bulk); |
1808 | M_CP_INTOPT(rekey_limit); | ||
1809 | M_CP_INTOPT(rekey_interval); | ||
1754 | 1810 | ||
1755 | /* See comment in servconf.h */ | 1811 | /* See comment in servconf.h */ |
1756 | COPY_MATCH_STRING_OPTS(); | 1812 | COPY_MATCH_STRING_OPTS(); |
@@ -1787,7 +1843,7 @@ parse_server_config(ServerOptions *options, const char *filename, Buffer *conf, | |||
1787 | linenum++, &active, connectinfo) != 0) | 1843 | linenum++, &active, connectinfo) != 0) |
1788 | bad_options++; | 1844 | bad_options++; |
1789 | } | 1845 | } |
1790 | xfree(obuf); | 1846 | free(obuf); |
1791 | if (bad_options > 0) | 1847 | if (bad_options > 0) |
1792 | fatal("%s: terminating, %d bad configuration options", | 1848 | fatal("%s: terminating, %d bad configuration options", |
1793 | filename, bad_options); | 1849 | filename, bad_options); |
@@ -2004,6 +2060,7 @@ dump_config(ServerOptions *o) | |||
2004 | dump_cfg_string(sVersionAddendum, o->version_addendum); | 2060 | dump_cfg_string(sVersionAddendum, o->version_addendum); |
2005 | dump_cfg_string(sAuthorizedKeysCommand, o->authorized_keys_command); | 2061 | dump_cfg_string(sAuthorizedKeysCommand, o->authorized_keys_command); |
2006 | dump_cfg_string(sAuthorizedKeysCommandUser, o->authorized_keys_command_user); | 2062 | dump_cfg_string(sAuthorizedKeysCommandUser, o->authorized_keys_command_user); |
2063 | dump_cfg_string(sHostKeyAgent, o->host_key_agent); | ||
2007 | 2064 | ||
2008 | /* string arguments requiring a lookup */ | 2065 | /* string arguments requiring a lookup */ |
2009 | dump_cfg_string(sLogLevel, log_level_name(o->log_level)); | 2066 | dump_cfg_string(sLogLevel, log_level_name(o->log_level)); |
@@ -2042,5 +2099,7 @@ dump_config(ServerOptions *o) | |||
2042 | printf("ipqos %s ", iptos2str(o->ip_qos_interactive)); | 2099 | printf("ipqos %s ", iptos2str(o->ip_qos_interactive)); |
2043 | printf("%s\n", iptos2str(o->ip_qos_bulk)); | 2100 | printf("%s\n", iptos2str(o->ip_qos_bulk)); |
2044 | 2101 | ||
2102 | printf("rekeylimit %lld %d\n", o->rekey_limit, o->rekey_interval); | ||
2103 | |||
2045 | channel_print_adm_permitted_opens(); | 2104 | channel_print_adm_permitted_opens(); |
2046 | } | 2105 | } |
diff --git a/servconf.h b/servconf.h index 06e21a93d..ab6e34669 100644 --- a/servconf.h +++ b/servconf.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: servconf.h,v 1.107 2013/01/03 05:49:36 djm Exp $ */ | 1 | /* $OpenBSD: servconf.h,v 1.109 2013/07/19 07:37:48 markus Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
@@ -65,6 +65,7 @@ typedef struct { | |||
65 | int num_host_key_files; /* Number of files for host keys. */ | 65 | int num_host_key_files; /* Number of files for host keys. */ |
66 | char *host_cert_files[MAX_HOSTCERTS]; /* Files containing host certs. */ | 66 | char *host_cert_files[MAX_HOSTCERTS]; /* Files containing host certs. */ |
67 | int num_host_cert_files; /* Number of files for host certs. */ | 67 | int num_host_cert_files; /* Number of files for host certs. */ |
68 | char *host_key_agent; /* ssh-agent socket for host keys. */ | ||
68 | char *pid_file; /* Where to put our pid */ | 69 | char *pid_file; /* Where to put our pid */ |
69 | int server_key_bits;/* Size of the server key. */ | 70 | int server_key_bits;/* Size of the server key. */ |
70 | int login_grace_time; /* Disconnect if no auth in this time | 71 | int login_grace_time; /* Disconnect if no auth in this time |
@@ -179,6 +180,9 @@ typedef struct { | |||
179 | char *authorized_keys_command; | 180 | char *authorized_keys_command; |
180 | char *authorized_keys_command_user; | 181 | char *authorized_keys_command_user; |
181 | 182 | ||
183 | int64_t rekey_limit; | ||
184 | int rekey_interval; | ||
185 | |||
182 | char *version_addendum; /* Appended to SSH banner */ | 186 | char *version_addendum; /* Appended to SSH banner */ |
183 | 187 | ||
184 | u_int num_auth_methods; | 188 | u_int num_auth_methods; |
diff --git a/serverloop.c b/serverloop.c index e224bd08a..ccbad617d 100644 --- a/serverloop.c +++ b/serverloop.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: serverloop.c,v 1.164 2012/12/07 01:51:35 dtucker Exp $ */ | 1 | /* $OpenBSD: serverloop.c,v 1.168 2013/07/12 00:19:59 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -148,7 +148,7 @@ static void | |||
148 | notify_parent(void) | 148 | notify_parent(void) |
149 | { | 149 | { |
150 | if (notify_pipe[1] != -1) | 150 | if (notify_pipe[1] != -1) |
151 | write(notify_pipe[1], "", 1); | 151 | (void)write(notify_pipe[1], "", 1); |
152 | } | 152 | } |
153 | static void | 153 | static void |
154 | notify_prepare(fd_set *readset) | 154 | notify_prepare(fd_set *readset) |
@@ -277,7 +277,7 @@ client_alive_check(void) | |||
277 | */ | 277 | */ |
278 | static void | 278 | static void |
279 | wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp, int *maxfdp, | 279 | wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp, int *maxfdp, |
280 | u_int *nallocp, u_int max_time_milliseconds) | 280 | u_int *nallocp, u_int64_t max_time_milliseconds) |
281 | { | 281 | { |
282 | struct timeval tv, *tvp; | 282 | struct timeval tv, *tvp; |
283 | int ret; | 283 | int ret; |
@@ -563,7 +563,7 @@ server_loop(pid_t pid, int fdin_arg, int fdout_arg, int fderr_arg) | |||
563 | int wait_status; /* Status returned by wait(). */ | 563 | int wait_status; /* Status returned by wait(). */ |
564 | pid_t wait_pid; /* pid returned by wait(). */ | 564 | pid_t wait_pid; /* pid returned by wait(). */ |
565 | int waiting_termination = 0; /* Have displayed waiting close message. */ | 565 | int waiting_termination = 0; /* Have displayed waiting close message. */ |
566 | u_int max_time_milliseconds; | 566 | u_int64_t max_time_milliseconds; |
567 | u_int previous_stdout_buffer_bytes; | 567 | u_int previous_stdout_buffer_bytes; |
568 | u_int stdout_buffer_bytes; | 568 | u_int stdout_buffer_bytes; |
569 | int type; | 569 | int type; |
@@ -694,7 +694,7 @@ server_loop(pid_t pid, int fdin_arg, int fdout_arg, int fderr_arg) | |||
694 | /* Display list of open channels. */ | 694 | /* Display list of open channels. */ |
695 | cp = channel_open_message(); | 695 | cp = channel_open_message(); |
696 | buffer_append(&stderr_buffer, cp, strlen(cp)); | 696 | buffer_append(&stderr_buffer, cp, strlen(cp)); |
697 | xfree(cp); | 697 | free(cp); |
698 | } | 698 | } |
699 | } | 699 | } |
700 | max_fd = MAX(connection_in, connection_out); | 700 | max_fd = MAX(connection_in, connection_out); |
@@ -722,10 +722,8 @@ server_loop(pid_t pid, int fdin_arg, int fdout_arg, int fderr_arg) | |||
722 | /* Process output to the client and to program stdin. */ | 722 | /* Process output to the client and to program stdin. */ |
723 | process_output(writeset); | 723 | process_output(writeset); |
724 | } | 724 | } |
725 | if (readset) | 725 | free(readset); |
726 | xfree(readset); | 726 | free(writeset); |
727 | if (writeset) | ||
728 | xfree(writeset); | ||
729 | 727 | ||
730 | /* Cleanup and termination code. */ | 728 | /* Cleanup and termination code. */ |
731 | 729 | ||
@@ -825,7 +823,9 @@ void | |||
825 | server_loop2(Authctxt *authctxt) | 823 | server_loop2(Authctxt *authctxt) |
826 | { | 824 | { |
827 | fd_set *readset = NULL, *writeset = NULL; | 825 | fd_set *readset = NULL, *writeset = NULL; |
828 | int rekeying = 0, max_fd, nalloc = 0; | 826 | int rekeying = 0, max_fd; |
827 | u_int nalloc = 0; | ||
828 | u_int64_t rekey_timeout_ms = 0; | ||
829 | 829 | ||
830 | debug("Entering interactive session for SSH2."); | 830 | debug("Entering interactive session for SSH2."); |
831 | 831 | ||
@@ -854,8 +854,13 @@ server_loop2(Authctxt *authctxt) | |||
854 | 854 | ||
855 | if (!rekeying && packet_not_very_much_data_to_write()) | 855 | if (!rekeying && packet_not_very_much_data_to_write()) |
856 | channel_output_poll(); | 856 | channel_output_poll(); |
857 | if (options.rekey_interval > 0 && compat20 && !rekeying) | ||
858 | rekey_timeout_ms = packet_get_rekey_timeout() * 1000; | ||
859 | else | ||
860 | rekey_timeout_ms = 0; | ||
861 | |||
857 | wait_until_can_do_something(&readset, &writeset, &max_fd, | 862 | wait_until_can_do_something(&readset, &writeset, &max_fd, |
858 | &nalloc, 0); | 863 | &nalloc, rekey_timeout_ms); |
859 | 864 | ||
860 | if (received_sigterm) { | 865 | if (received_sigterm) { |
861 | logit("Exiting on signal %d", (int)received_sigterm); | 866 | logit("Exiting on signal %d", (int)received_sigterm); |
@@ -879,10 +884,8 @@ server_loop2(Authctxt *authctxt) | |||
879 | } | 884 | } |
880 | collect_children(); | 885 | collect_children(); |
881 | 886 | ||
882 | if (readset) | 887 | free(readset); |
883 | xfree(readset); | 888 | free(writeset); |
884 | if (writeset) | ||
885 | xfree(writeset); | ||
886 | 889 | ||
887 | /* free all channels, no more reads and writes */ | 890 | /* free all channels, no more reads and writes */ |
888 | channel_free_all(); | 891 | channel_free_all(); |
@@ -917,7 +920,7 @@ server_input_stdin_data(int type, u_int32_t seq, void *ctxt) | |||
917 | packet_check_eom(); | 920 | packet_check_eom(); |
918 | buffer_append(&stdin_buffer, data, data_len); | 921 | buffer_append(&stdin_buffer, data, data_len); |
919 | memset(data, 0, data_len); | 922 | memset(data, 0, data_len); |
920 | xfree(data); | 923 | free(data); |
921 | } | 924 | } |
922 | 925 | ||
923 | static void | 926 | static void |
@@ -974,8 +977,8 @@ server_request_direct_tcpip(void) | |||
974 | originator, originator_port, target, target_port); | 977 | originator, originator_port, target, target_port); |
975 | } | 978 | } |
976 | 979 | ||
977 | xfree(originator); | 980 | free(originator); |
978 | xfree(target); | 981 | free(target); |
979 | 982 | ||
980 | return c; | 983 | return c; |
981 | } | 984 | } |
@@ -1104,7 +1107,7 @@ server_input_channel_open(int type, u_int32_t seq, void *ctxt) | |||
1104 | } | 1107 | } |
1105 | packet_send(); | 1108 | packet_send(); |
1106 | } | 1109 | } |
1107 | xfree(ctype); | 1110 | free(ctype); |
1108 | } | 1111 | } |
1109 | 1112 | ||
1110 | static void | 1113 | static void |
@@ -1149,7 +1152,7 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt) | |||
1149 | listen_address, listen_port, | 1152 | listen_address, listen_port, |
1150 | &allocated_listen_port, options.gateway_ports); | 1153 | &allocated_listen_port, options.gateway_ports); |
1151 | } | 1154 | } |
1152 | xfree(listen_address); | 1155 | free(listen_address); |
1153 | } else if (strcmp(rtype, "cancel-tcpip-forward") == 0) { | 1156 | } else if (strcmp(rtype, "cancel-tcpip-forward") == 0) { |
1154 | char *cancel_address; | 1157 | char *cancel_address; |
1155 | u_short cancel_port; | 1158 | u_short cancel_port; |
@@ -1161,7 +1164,7 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt) | |||
1161 | 1164 | ||
1162 | success = channel_cancel_rport_listener(cancel_address, | 1165 | success = channel_cancel_rport_listener(cancel_address, |
1163 | cancel_port); | 1166 | cancel_port); |
1164 | xfree(cancel_address); | 1167 | free(cancel_address); |
1165 | } else if (strcmp(rtype, "no-more-sessions@openssh.com") == 0) { | 1168 | } else if (strcmp(rtype, "no-more-sessions@openssh.com") == 0) { |
1166 | no_more_sessions = 1; | 1169 | no_more_sessions = 1; |
1167 | success = 1; | 1170 | success = 1; |
@@ -1174,7 +1177,7 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt) | |||
1174 | packet_send(); | 1177 | packet_send(); |
1175 | packet_write_wait(); | 1178 | packet_write_wait(); |
1176 | } | 1179 | } |
1177 | xfree(rtype); | 1180 | free(rtype); |
1178 | } | 1181 | } |
1179 | 1182 | ||
1180 | static void | 1183 | static void |
@@ -1206,7 +1209,7 @@ server_input_channel_req(int type, u_int32_t seq, void *ctxt) | |||
1206 | packet_put_int(c->remote_id); | 1209 | packet_put_int(c->remote_id); |
1207 | packet_send(); | 1210 | packet_send(); |
1208 | } | 1211 | } |
1209 | xfree(rtype); | 1212 | free(rtype); |
1210 | } | 1213 | } |
1211 | 1214 | ||
1212 | static void | 1215 | static void |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: session.c,v 1.261 2012/12/02 20:46:11 djm Exp $ */ | 1 | /* $OpenBSD: session.c,v 1.266 2013/07/19 07:37:48 markus Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
4 | * All rights reserved | 4 | * All rights reserved |
@@ -80,6 +80,7 @@ | |||
80 | #include "hostfile.h" | 80 | #include "hostfile.h" |
81 | #include "auth.h" | 81 | #include "auth.h" |
82 | #include "auth-options.h" | 82 | #include "auth-options.h" |
83 | #include "authfd.h" | ||
83 | #include "pathnames.h" | 84 | #include "pathnames.h" |
84 | #include "log.h" | 85 | #include "log.h" |
85 | #include "servconf.h" | 86 | #include "servconf.h" |
@@ -199,7 +200,7 @@ auth_input_request_forwarding(struct passwd * pw) | |||
199 | packet_send_debug("Agent forwarding disabled: " | 200 | packet_send_debug("Agent forwarding disabled: " |
200 | "mkdtemp() failed: %.100s", strerror(errno)); | 201 | "mkdtemp() failed: %.100s", strerror(errno)); |
201 | restore_uid(); | 202 | restore_uid(); |
202 | xfree(auth_sock_dir); | 203 | free(auth_sock_dir); |
203 | auth_sock_dir = NULL; | 204 | auth_sock_dir = NULL; |
204 | goto authsock_err; | 205 | goto authsock_err; |
205 | } | 206 | } |
@@ -244,11 +245,10 @@ auth_input_request_forwarding(struct passwd * pw) | |||
244 | return 1; | 245 | return 1; |
245 | 246 | ||
246 | authsock_err: | 247 | authsock_err: |
247 | if (auth_sock_name != NULL) | 248 | free(auth_sock_name); |
248 | xfree(auth_sock_name); | ||
249 | if (auth_sock_dir != NULL) { | 249 | if (auth_sock_dir != NULL) { |
250 | rmdir(auth_sock_dir); | 250 | rmdir(auth_sock_dir); |
251 | xfree(auth_sock_dir); | 251 | free(auth_sock_dir); |
252 | } | 252 | } |
253 | if (sock != -1) | 253 | if (sock != -1) |
254 | close(sock); | 254 | close(sock); |
@@ -364,8 +364,8 @@ do_authenticated1(Authctxt *authctxt) | |||
364 | packet_check_eom(); | 364 | packet_check_eom(); |
365 | success = session_setup_x11fwd(s); | 365 | success = session_setup_x11fwd(s); |
366 | if (!success) { | 366 | if (!success) { |
367 | xfree(s->auth_proto); | 367 | free(s->auth_proto); |
368 | xfree(s->auth_data); | 368 | free(s->auth_data); |
369 | s->auth_proto = NULL; | 369 | s->auth_proto = NULL; |
370 | s->auth_data = NULL; | 370 | s->auth_data = NULL; |
371 | } | 371 | } |
@@ -412,7 +412,7 @@ do_authenticated1(Authctxt *authctxt) | |||
412 | if (do_exec(s, command) != 0) | 412 | if (do_exec(s, command) != 0) |
413 | packet_disconnect( | 413 | packet_disconnect( |
414 | "command execution failed"); | 414 | "command execution failed"); |
415 | xfree(command); | 415 | free(command); |
416 | } else { | 416 | } else { |
417 | if (do_exec(s, NULL) != 0) | 417 | if (do_exec(s, NULL) != 0) |
418 | packet_disconnect( | 418 | packet_disconnect( |
@@ -977,7 +977,7 @@ child_set_env(char ***envp, u_int *envsizep, const char *name, | |||
977 | break; | 977 | break; |
978 | if (env[i]) { | 978 | if (env[i]) { |
979 | /* Reuse the slot. */ | 979 | /* Reuse the slot. */ |
980 | xfree(env[i]); | 980 | free(env[i]); |
981 | } else { | 981 | } else { |
982 | /* New variable. Expand if necessary. */ | 982 | /* New variable. Expand if necessary. */ |
983 | envsize = *envsizep; | 983 | envsize = *envsizep; |
@@ -1093,8 +1093,8 @@ read_etc_default_login(char ***env, u_int *envsize, uid_t uid) | |||
1093 | umask((mode_t)mask); | 1093 | umask((mode_t)mask); |
1094 | 1094 | ||
1095 | for (i = 0; tmpenv[i] != NULL; i++) | 1095 | for (i = 0; tmpenv[i] != NULL; i++) |
1096 | xfree(tmpenv[i]); | 1096 | free(tmpenv[i]); |
1097 | xfree(tmpenv); | 1097 | free(tmpenv); |
1098 | } | 1098 | } |
1099 | #endif /* HAVE_ETC_DEFAULT_LOGIN */ | 1099 | #endif /* HAVE_ETC_DEFAULT_LOGIN */ |
1100 | 1100 | ||
@@ -1110,7 +1110,7 @@ copy_environment(char **source, char ***env, u_int *envsize) | |||
1110 | for(i = 0; source[i] != NULL; i++) { | 1110 | for(i = 0; source[i] != NULL; i++) { |
1111 | var_name = xstrdup(source[i]); | 1111 | var_name = xstrdup(source[i]); |
1112 | if ((var_val = strstr(var_name, "=")) == NULL) { | 1112 | if ((var_val = strstr(var_name, "=")) == NULL) { |
1113 | xfree(var_name); | 1113 | free(var_name); |
1114 | continue; | 1114 | continue; |
1115 | } | 1115 | } |
1116 | *var_val++ = '\0'; | 1116 | *var_val++ = '\0'; |
@@ -1118,7 +1118,7 @@ copy_environment(char **source, char ***env, u_int *envsize) | |||
1118 | debug3("Copy environment: %s=%s", var_name, var_val); | 1118 | debug3("Copy environment: %s=%s", var_name, var_val); |
1119 | child_set_env(env, envsize, var_name, var_val); | 1119 | child_set_env(env, envsize, var_name, var_val); |
1120 | 1120 | ||
1121 | xfree(var_name); | 1121 | free(var_name); |
1122 | } | 1122 | } |
1123 | } | 1123 | } |
1124 | 1124 | ||
@@ -1219,8 +1219,8 @@ do_setup_env(Session *s, const char *shell) | |||
1219 | child_set_env(&env, &envsize, str, str + i + 1); | 1219 | child_set_env(&env, &envsize, str, str + i + 1); |
1220 | } | 1220 | } |
1221 | custom_environment = ce->next; | 1221 | custom_environment = ce->next; |
1222 | xfree(ce->s); | 1222 | free(ce->s); |
1223 | xfree(ce); | 1223 | free(ce); |
1224 | } | 1224 | } |
1225 | } | 1225 | } |
1226 | 1226 | ||
@@ -1232,7 +1232,7 @@ do_setup_env(Session *s, const char *shell) | |||
1232 | laddr = get_local_ipaddr(packet_get_connection_in()); | 1232 | laddr = get_local_ipaddr(packet_get_connection_in()); |
1233 | snprintf(buf, sizeof buf, "%.50s %d %.50s %d", | 1233 | snprintf(buf, sizeof buf, "%.50s %d %.50s %d", |
1234 | get_remote_ipaddr(), get_remote_port(), laddr, get_local_port()); | 1234 | get_remote_ipaddr(), get_remote_port(), laddr, get_local_port()); |
1235 | xfree(laddr); | 1235 | free(laddr); |
1236 | child_set_env(&env, &envsize, "SSH_CONNECTION", buf); | 1236 | child_set_env(&env, &envsize, "SSH_CONNECTION", buf); |
1237 | 1237 | ||
1238 | if (s->ttyfd != -1) | 1238 | if (s->ttyfd != -1) |
@@ -1403,7 +1403,7 @@ do_nologin(struct passwd *pw) | |||
1403 | #endif | 1403 | #endif |
1404 | if (stat(nl, &sb) == -1) { | 1404 | if (stat(nl, &sb) == -1) { |
1405 | if (nl != def_nl) | 1405 | if (nl != def_nl) |
1406 | xfree(nl); | 1406 | free(nl); |
1407 | return; | 1407 | return; |
1408 | } | 1408 | } |
1409 | 1409 | ||
@@ -1513,6 +1513,9 @@ do_setusercontext(struct passwd *pw) | |||
1513 | safely_chroot(chroot_path, pw->pw_uid); | 1513 | safely_chroot(chroot_path, pw->pw_uid); |
1514 | free(tmp); | 1514 | free(tmp); |
1515 | free(chroot_path); | 1515 | free(chroot_path); |
1516 | /* Make sure we don't attempt to chroot again */ | ||
1517 | free(options.chroot_directory); | ||
1518 | options.chroot_directory = NULL; | ||
1516 | } | 1519 | } |
1517 | 1520 | ||
1518 | #ifdef HAVE_LOGIN_CAP | 1521 | #ifdef HAVE_LOGIN_CAP |
@@ -1529,6 +1532,9 @@ do_setusercontext(struct passwd *pw) | |||
1529 | /* Permanently switch to the desired uid. */ | 1532 | /* Permanently switch to the desired uid. */ |
1530 | permanently_set_uid(pw); | 1533 | permanently_set_uid(pw); |
1531 | #endif | 1534 | #endif |
1535 | } else if (options.chroot_directory != NULL && | ||
1536 | strcasecmp(options.chroot_directory, "none") != 0) { | ||
1537 | fatal("server lacks privileges to chroot to ChrootDirectory"); | ||
1532 | } | 1538 | } |
1533 | 1539 | ||
1534 | if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid) | 1540 | if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid) |
@@ -1584,6 +1590,13 @@ launch_login(struct passwd *pw, const char *hostname) | |||
1584 | static void | 1590 | static void |
1585 | child_close_fds(void) | 1591 | child_close_fds(void) |
1586 | { | 1592 | { |
1593 | extern AuthenticationConnection *auth_conn; | ||
1594 | |||
1595 | if (auth_conn) { | ||
1596 | ssh_close_authentication_connection(auth_conn); | ||
1597 | auth_conn = NULL; | ||
1598 | } | ||
1599 | |||
1587 | if (packet_get_connection_in() == packet_get_connection_out()) | 1600 | if (packet_get_connection_in() == packet_get_connection_out()) |
1588 | close(packet_get_connection_in()); | 1601 | close(packet_get_connection_in()); |
1589 | else { | 1602 | else { |
@@ -2048,7 +2061,7 @@ session_pty_req(Session *s) | |||
2048 | s->ypixel = packet_get_int(); | 2061 | s->ypixel = packet_get_int(); |
2049 | 2062 | ||
2050 | if (strcmp(s->term, "") == 0) { | 2063 | if (strcmp(s->term, "") == 0) { |
2051 | xfree(s->term); | 2064 | free(s->term); |
2052 | s->term = NULL; | 2065 | s->term = NULL; |
2053 | } | 2066 | } |
2054 | 2067 | ||
@@ -2056,8 +2069,7 @@ session_pty_req(Session *s) | |||
2056 | debug("Allocating pty."); | 2069 | debug("Allocating pty."); |
2057 | if (!PRIVSEP(pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, | 2070 | if (!PRIVSEP(pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, |
2058 | sizeof(s->tty)))) { | 2071 | sizeof(s->tty)))) { |
2059 | if (s->term) | 2072 | free(s->term); |
2060 | xfree(s->term); | ||
2061 | s->term = NULL; | 2073 | s->term = NULL; |
2062 | s->ptyfd = -1; | 2074 | s->ptyfd = -1; |
2063 | s->ttyfd = -1; | 2075 | s->ttyfd = -1; |
@@ -2118,7 +2130,7 @@ session_subsystem_req(Session *s) | |||
2118 | logit("subsystem request for %.100s failed, subsystem not found", | 2130 | logit("subsystem request for %.100s failed, subsystem not found", |
2119 | subsys); | 2131 | subsys); |
2120 | 2132 | ||
2121 | xfree(subsys); | 2133 | free(subsys); |
2122 | return success; | 2134 | return success; |
2123 | } | 2135 | } |
2124 | 2136 | ||
@@ -2140,8 +2152,8 @@ session_x11_req(Session *s) | |||
2140 | 2152 | ||
2141 | success = session_setup_x11fwd(s); | 2153 | success = session_setup_x11fwd(s); |
2142 | if (!success) { | 2154 | if (!success) { |
2143 | xfree(s->auth_proto); | 2155 | free(s->auth_proto); |
2144 | xfree(s->auth_data); | 2156 | free(s->auth_data); |
2145 | s->auth_proto = NULL; | 2157 | s->auth_proto = NULL; |
2146 | s->auth_data = NULL; | 2158 | s->auth_data = NULL; |
2147 | } | 2159 | } |
@@ -2163,7 +2175,7 @@ session_exec_req(Session *s) | |||
2163 | char *command = packet_get_string(&len); | 2175 | char *command = packet_get_string(&len); |
2164 | packet_check_eom(); | 2176 | packet_check_eom(); |
2165 | success = do_exec(s, command) == 0; | 2177 | success = do_exec(s, command) == 0; |
2166 | xfree(command); | 2178 | free(command); |
2167 | return success; | 2179 | return success; |
2168 | } | 2180 | } |
2169 | 2181 | ||
@@ -2209,8 +2221,8 @@ session_env_req(Session *s) | |||
2209 | debug2("Ignoring env request %s: disallowed name", name); | 2221 | debug2("Ignoring env request %s: disallowed name", name); |
2210 | 2222 | ||
2211 | fail: | 2223 | fail: |
2212 | xfree(name); | 2224 | free(name); |
2213 | xfree(val); | 2225 | free(val); |
2214 | return (0); | 2226 | return (0); |
2215 | } | 2227 | } |
2216 | 2228 | ||
@@ -2392,24 +2404,16 @@ session_close_single_x11(int id, void *arg) | |||
2392 | if (s->x11_chanids[i] != id) | 2404 | if (s->x11_chanids[i] != id) |
2393 | session_close_x11(s->x11_chanids[i]); | 2405 | session_close_x11(s->x11_chanids[i]); |
2394 | } | 2406 | } |
2395 | xfree(s->x11_chanids); | 2407 | free(s->x11_chanids); |
2396 | s->x11_chanids = NULL; | 2408 | s->x11_chanids = NULL; |
2397 | if (s->display) { | 2409 | free(s->display); |
2398 | xfree(s->display); | 2410 | s->display = NULL; |
2399 | s->display = NULL; | 2411 | free(s->auth_proto); |
2400 | } | 2412 | s->auth_proto = NULL; |
2401 | if (s->auth_proto) { | 2413 | free(s->auth_data); |
2402 | xfree(s->auth_proto); | 2414 | s->auth_data = NULL; |
2403 | s->auth_proto = NULL; | 2415 | free(s->auth_display); |
2404 | } | 2416 | s->auth_display = NULL; |
2405 | if (s->auth_data) { | ||
2406 | xfree(s->auth_data); | ||
2407 | s->auth_data = NULL; | ||
2408 | } | ||
2409 | if (s->auth_display) { | ||
2410 | xfree(s->auth_display); | ||
2411 | s->auth_display = NULL; | ||
2412 | } | ||
2413 | } | 2417 | } |
2414 | 2418 | ||
2415 | static void | 2419 | static void |
@@ -2471,24 +2475,18 @@ session_close(Session *s) | |||
2471 | debug("session_close: session %d pid %ld", s->self, (long)s->pid); | 2475 | debug("session_close: session %d pid %ld", s->self, (long)s->pid); |
2472 | if (s->ttyfd != -1) | 2476 | if (s->ttyfd != -1) |
2473 | session_pty_cleanup(s); | 2477 | session_pty_cleanup(s); |
2474 | if (s->term) | 2478 | free(s->term); |
2475 | xfree(s->term); | 2479 | free(s->display); |
2476 | if (s->display) | 2480 | free(s->x11_chanids); |
2477 | xfree(s->display); | 2481 | free(s->auth_display); |
2478 | if (s->x11_chanids) | 2482 | free(s->auth_data); |
2479 | xfree(s->x11_chanids); | 2483 | free(s->auth_proto); |
2480 | if (s->auth_display) | ||
2481 | xfree(s->auth_display); | ||
2482 | if (s->auth_data) | ||
2483 | xfree(s->auth_data); | ||
2484 | if (s->auth_proto) | ||
2485 | xfree(s->auth_proto); | ||
2486 | if (s->env != NULL) { | 2484 | if (s->env != NULL) { |
2487 | for (i = 0; i < s->num_env; i++) { | 2485 | for (i = 0; i < s->num_env; i++) { |
2488 | xfree(s->env[i].name); | 2486 | free(s->env[i].name); |
2489 | xfree(s->env[i].val); | 2487 | free(s->env[i].val); |
2490 | } | 2488 | } |
2491 | xfree(s->env); | 2489 | free(s->env); |
2492 | } | 2490 | } |
2493 | session_proctitle(s); | 2491 | session_proctitle(s); |
2494 | session_unused(s->self); | 2492 | session_unused(s->self); |
diff --git a/sftp-client.c b/sftp-client.c index 85f2bd444..f4f1970b6 100644 --- a/sftp-client.c +++ b/sftp-client.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sftp-client.c,v 1.97 2012/07/02 12:13:26 dtucker Exp $ */ | 1 | /* $OpenBSD: sftp-client.c,v 1.101 2013/07/25 00:56:51 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org> | 3 | * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org> |
4 | * | 4 | * |
@@ -112,7 +112,7 @@ send_msg(struct sftp_conn *conn, Buffer *m) | |||
112 | iov[1].iov_len = buffer_len(m); | 112 | iov[1].iov_len = buffer_len(m); |
113 | 113 | ||
114 | if (atomiciov6(writev, conn->fd_out, iov, 2, | 114 | if (atomiciov6(writev, conn->fd_out, iov, 2, |
115 | conn->limit_kbps > 0 ? sftpio : NULL, &conn->bwlimit_out) != | 115 | conn->limit_kbps > 0 ? sftpio : NULL, &conn->bwlimit_out) != |
116 | buffer_len(m) + sizeof(mlen)) | 116 | buffer_len(m) + sizeof(mlen)) |
117 | fatal("Couldn't send packet: %s", strerror(errno)); | 117 | fatal("Couldn't send packet: %s", strerror(errno)); |
118 | 118 | ||
@@ -394,8 +394,8 @@ do_init(int fd_in, int fd_out, u_int transfer_buflen, u_int num_requests, | |||
394 | } else { | 394 | } else { |
395 | debug2("Unrecognised server extension \"%s\"", name); | 395 | debug2("Unrecognised server extension \"%s\"", name); |
396 | } | 396 | } |
397 | xfree(name); | 397 | free(name); |
398 | xfree(value); | 398 | free(value); |
399 | } | 399 | } |
400 | 400 | ||
401 | buffer_free(&msg); | 401 | buffer_free(&msg); |
@@ -509,7 +509,7 @@ do_lsreaddir(struct sftp_conn *conn, char *path, int printflag, | |||
509 | error("Couldn't read directory: %s", | 509 | error("Couldn't read directory: %s", |
510 | fx2txt(status)); | 510 | fx2txt(status)); |
511 | do_close(conn, handle, handle_len); | 511 | do_close(conn, handle, handle_len); |
512 | xfree(handle); | 512 | free(handle); |
513 | buffer_free(&msg); | 513 | buffer_free(&msg); |
514 | return(status); | 514 | return(status); |
515 | } | 515 | } |
@@ -552,14 +552,14 @@ do_lsreaddir(struct sftp_conn *conn, char *path, int printflag, | |||
552 | (*dir)[++ents] = NULL; | 552 | (*dir)[++ents] = NULL; |
553 | } | 553 | } |
554 | next: | 554 | next: |
555 | xfree(filename); | 555 | free(filename); |
556 | xfree(longname); | 556 | free(longname); |
557 | } | 557 | } |
558 | } | 558 | } |
559 | 559 | ||
560 | buffer_free(&msg); | 560 | buffer_free(&msg); |
561 | do_close(conn, handle, handle_len); | 561 | do_close(conn, handle, handle_len); |
562 | xfree(handle); | 562 | free(handle); |
563 | 563 | ||
564 | /* Don't return partial matches on interrupt */ | 564 | /* Don't return partial matches on interrupt */ |
565 | if (interrupted && dir != NULL && *dir != NULL) { | 565 | if (interrupted && dir != NULL && *dir != NULL) { |
@@ -582,11 +582,11 @@ void free_sftp_dirents(SFTP_DIRENT **s) | |||
582 | int i; | 582 | int i; |
583 | 583 | ||
584 | for (i = 0; s[i]; i++) { | 584 | for (i = 0; s[i]; i++) { |
585 | xfree(s[i]->filename); | 585 | free(s[i]->filename); |
586 | xfree(s[i]->longname); | 586 | free(s[i]->longname); |
587 | xfree(s[i]); | 587 | free(s[i]); |
588 | } | 588 | } |
589 | xfree(s); | 589 | free(s); |
590 | } | 590 | } |
591 | 591 | ||
592 | int | 592 | int |
@@ -760,7 +760,7 @@ do_realpath(struct sftp_conn *conn, char *path) | |||
760 | debug3("SSH_FXP_REALPATH %s -> %s size %lu", path, filename, | 760 | debug3("SSH_FXP_REALPATH %s -> %s size %lu", path, filename, |
761 | (unsigned long)a->size); | 761 | (unsigned long)a->size); |
762 | 762 | ||
763 | xfree(longname); | 763 | free(longname); |
764 | 764 | ||
765 | buffer_free(&msg); | 765 | buffer_free(&msg); |
766 | 766 | ||
@@ -907,7 +907,7 @@ do_readlink(struct sftp_conn *conn, char *path) | |||
907 | 907 | ||
908 | debug3("SSH_FXP_READLINK %s -> %s", path, filename); | 908 | debug3("SSH_FXP_READLINK %s -> %s", path, filename); |
909 | 909 | ||
910 | xfree(longname); | 910 | free(longname); |
911 | 911 | ||
912 | buffer_free(&msg); | 912 | buffer_free(&msg); |
913 | 913 | ||
@@ -988,16 +988,17 @@ send_read_request(struct sftp_conn *conn, u_int id, u_int64_t offset, | |||
988 | 988 | ||
989 | int | 989 | int |
990 | do_download(struct sftp_conn *conn, char *remote_path, char *local_path, | 990 | do_download(struct sftp_conn *conn, char *remote_path, char *local_path, |
991 | Attrib *a, int pflag) | 991 | Attrib *a, int pflag, int resume) |
992 | { | 992 | { |
993 | Attrib junk; | 993 | Attrib junk; |
994 | Buffer msg; | 994 | Buffer msg; |
995 | char *handle; | 995 | char *handle; |
996 | int local_fd, status = 0, write_error; | 996 | int local_fd = -1, status = 0, write_error; |
997 | int read_error, write_errno; | 997 | int read_error, write_errno, reordered = 0; |
998 | u_int64_t offset, size; | 998 | u_int64_t offset = 0, size, highwater; |
999 | u_int handle_len, mode, type, id, buflen, num_req, max_req; | 999 | u_int handle_len, mode, type, id, buflen, num_req, max_req; |
1000 | off_t progress_counter; | 1000 | off_t progress_counter; |
1001 | struct stat st; | ||
1001 | struct request { | 1002 | struct request { |
1002 | u_int id; | 1003 | u_int id; |
1003 | u_int len; | 1004 | u_int len; |
@@ -1050,21 +1051,36 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path, | |||
1050 | return(-1); | 1051 | return(-1); |
1051 | } | 1052 | } |
1052 | 1053 | ||
1053 | local_fd = open(local_path, O_WRONLY | O_CREAT | O_TRUNC, | 1054 | local_fd = open(local_path, O_WRONLY | O_CREAT | (resume ? 0 : O_TRUNC), |
1054 | mode | S_IWRITE); | 1055 | mode | S_IWUSR); |
1055 | if (local_fd == -1) { | 1056 | if (local_fd == -1) { |
1056 | error("Couldn't open local file \"%s\" for writing: %s", | 1057 | error("Couldn't open local file \"%s\" for writing: %s", |
1057 | local_path, strerror(errno)); | 1058 | local_path, strerror(errno)); |
1058 | do_close(conn, handle, handle_len); | 1059 | goto fail; |
1059 | buffer_free(&msg); | 1060 | } |
1060 | xfree(handle); | 1061 | offset = highwater = 0; |
1061 | return(-1); | 1062 | if (resume) { |
1063 | if (fstat(local_fd, &st) == -1) { | ||
1064 | error("Unable to stat local file \"%s\": %s", | ||
1065 | local_path, strerror(errno)); | ||
1066 | goto fail; | ||
1067 | } | ||
1068 | if ((size_t)st.st_size > size) { | ||
1069 | error("Unable to resume download of \"%s\": " | ||
1070 | "local file is larger than remote", local_path); | ||
1071 | fail: | ||
1072 | do_close(conn, handle, handle_len); | ||
1073 | buffer_free(&msg); | ||
1074 | free(handle); | ||
1075 | return -1; | ||
1076 | } | ||
1077 | offset = highwater = st.st_size; | ||
1062 | } | 1078 | } |
1063 | 1079 | ||
1064 | /* Read from remote and write to local */ | 1080 | /* Read from remote and write to local */ |
1065 | write_error = read_error = write_errno = num_req = offset = 0; | 1081 | write_error = read_error = write_errno = num_req = 0; |
1066 | max_req = 1; | 1082 | max_req = 1; |
1067 | progress_counter = 0; | 1083 | progress_counter = offset; |
1068 | 1084 | ||
1069 | if (showprogress && size != 0) | 1085 | if (showprogress && size != 0) |
1070 | start_progress_meter(remote_path, size, &progress_counter); | 1086 | start_progress_meter(remote_path, size, &progress_counter); |
@@ -1121,7 +1137,7 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path, | |||
1121 | read_error = 1; | 1137 | read_error = 1; |
1122 | max_req = 0; | 1138 | max_req = 0; |
1123 | TAILQ_REMOVE(&requests, req, tq); | 1139 | TAILQ_REMOVE(&requests, req, tq); |
1124 | xfree(req); | 1140 | free(req); |
1125 | num_req--; | 1141 | num_req--; |
1126 | break; | 1142 | break; |
1127 | case SSH2_FXP_DATA: | 1143 | case SSH2_FXP_DATA: |
@@ -1139,12 +1155,16 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path, | |||
1139 | write_error = 1; | 1155 | write_error = 1; |
1140 | max_req = 0; | 1156 | max_req = 0; |
1141 | } | 1157 | } |
1158 | else if (!reordered && req->offset <= highwater) | ||
1159 | highwater = req->offset + len; | ||
1160 | else if (!reordered && req->offset > highwater) | ||
1161 | reordered = 1; | ||
1142 | progress_counter += len; | 1162 | progress_counter += len; |
1143 | xfree(data); | 1163 | free(data); |
1144 | 1164 | ||
1145 | if (len == req->len) { | 1165 | if (len == req->len) { |
1146 | TAILQ_REMOVE(&requests, req, tq); | 1166 | TAILQ_REMOVE(&requests, req, tq); |
1147 | xfree(req); | 1167 | free(req); |
1148 | num_req--; | 1168 | num_req--; |
1149 | } else { | 1169 | } else { |
1150 | /* Resend the request for the missing data */ | 1170 | /* Resend the request for the missing data */ |
@@ -1187,7 +1207,15 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path, | |||
1187 | /* Sanity check */ | 1207 | /* Sanity check */ |
1188 | if (TAILQ_FIRST(&requests) != NULL) | 1208 | if (TAILQ_FIRST(&requests) != NULL) |
1189 | fatal("Transfer complete, but requests still in queue"); | 1209 | fatal("Transfer complete, but requests still in queue"); |
1190 | 1210 | /* Truncate at highest contiguous point to avoid holes on interrupt */ | |
1211 | if (read_error || write_error || interrupted) { | ||
1212 | if (reordered && resume) { | ||
1213 | error("Unable to resume download of \"%s\": " | ||
1214 | "server reordered requests", local_path); | ||
1215 | } | ||
1216 | debug("truncating at %llu", (unsigned long long)highwater); | ||
1217 | ftruncate(local_fd, highwater); | ||
1218 | } | ||
1191 | if (read_error) { | 1219 | if (read_error) { |
1192 | error("Couldn't read from remote file \"%s\" : %s", | 1220 | error("Couldn't read from remote file \"%s\" : %s", |
1193 | remote_path, fx2txt(status)); | 1221 | remote_path, fx2txt(status)); |
@@ -1199,7 +1227,8 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path, | |||
1199 | do_close(conn, handle, handle_len); | 1227 | do_close(conn, handle, handle_len); |
1200 | } else { | 1228 | } else { |
1201 | status = do_close(conn, handle, handle_len); | 1229 | status = do_close(conn, handle, handle_len); |
1202 | 1230 | if (interrupted) | |
1231 | status = -1; | ||
1203 | /* Override umask and utimes if asked */ | 1232 | /* Override umask and utimes if asked */ |
1204 | #ifdef HAVE_FCHMOD | 1233 | #ifdef HAVE_FCHMOD |
1205 | if (pflag && fchmod(local_fd, mode) == -1) | 1234 | if (pflag && fchmod(local_fd, mode) == -1) |
@@ -1220,14 +1249,14 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path, | |||
1220 | } | 1249 | } |
1221 | close(local_fd); | 1250 | close(local_fd); |
1222 | buffer_free(&msg); | 1251 | buffer_free(&msg); |
1223 | xfree(handle); | 1252 | free(handle); |
1224 | 1253 | ||
1225 | return(status); | 1254 | return(status); |
1226 | } | 1255 | } |
1227 | 1256 | ||
1228 | static int | 1257 | static int |
1229 | download_dir_internal(struct sftp_conn *conn, char *src, char *dst, | 1258 | download_dir_internal(struct sftp_conn *conn, char *src, char *dst, |
1230 | Attrib *dirattrib, int pflag, int printflag, int depth) | 1259 | Attrib *dirattrib, int pflag, int printflag, int depth, int resume) |
1231 | { | 1260 | { |
1232 | int i, ret = 0; | 1261 | int i, ret = 0; |
1233 | SFTP_DIRENT **dir_entries; | 1262 | SFTP_DIRENT **dir_entries; |
@@ -1280,11 +1309,11 @@ download_dir_internal(struct sftp_conn *conn, char *src, char *dst, | |||
1280 | continue; | 1309 | continue; |
1281 | if (download_dir_internal(conn, new_src, new_dst, | 1310 | if (download_dir_internal(conn, new_src, new_dst, |
1282 | &(dir_entries[i]->a), pflag, printflag, | 1311 | &(dir_entries[i]->a), pflag, printflag, |
1283 | depth + 1) == -1) | 1312 | depth + 1, resume) == -1) |
1284 | ret = -1; | 1313 | ret = -1; |
1285 | } else if (S_ISREG(dir_entries[i]->a.perm) ) { | 1314 | } else if (S_ISREG(dir_entries[i]->a.perm) ) { |
1286 | if (do_download(conn, new_src, new_dst, | 1315 | if (do_download(conn, new_src, new_dst, |
1287 | &(dir_entries[i]->a), pflag) == -1) { | 1316 | &(dir_entries[i]->a), pflag, resume) == -1) { |
1288 | error("Download of file %s to %s failed", | 1317 | error("Download of file %s to %s failed", |
1289 | new_src, new_dst); | 1318 | new_src, new_dst); |
1290 | ret = -1; | 1319 | ret = -1; |
@@ -1292,8 +1321,8 @@ download_dir_internal(struct sftp_conn *conn, char *src, char *dst, | |||
1292 | } else | 1321 | } else |
1293 | logit("%s: not a regular file\n", new_src); | 1322 | logit("%s: not a regular file\n", new_src); |
1294 | 1323 | ||
1295 | xfree(new_dst); | 1324 | free(new_dst); |
1296 | xfree(new_src); | 1325 | free(new_src); |
1297 | } | 1326 | } |
1298 | 1327 | ||
1299 | if (pflag) { | 1328 | if (pflag) { |
@@ -1317,7 +1346,7 @@ download_dir_internal(struct sftp_conn *conn, char *src, char *dst, | |||
1317 | 1346 | ||
1318 | int | 1347 | int |
1319 | download_dir(struct sftp_conn *conn, char *src, char *dst, | 1348 | download_dir(struct sftp_conn *conn, char *src, char *dst, |
1320 | Attrib *dirattrib, int pflag, int printflag) | 1349 | Attrib *dirattrib, int pflag, int printflag, int resume) |
1321 | { | 1350 | { |
1322 | char *src_canon; | 1351 | char *src_canon; |
1323 | int ret; | 1352 | int ret; |
@@ -1328,8 +1357,8 @@ download_dir(struct sftp_conn *conn, char *src, char *dst, | |||
1328 | } | 1357 | } |
1329 | 1358 | ||
1330 | ret = download_dir_internal(conn, src_canon, dst, | 1359 | ret = download_dir_internal(conn, src_canon, dst, |
1331 | dirattrib, pflag, printflag, 0); | 1360 | dirattrib, pflag, printflag, 0, resume); |
1332 | xfree(src_canon); | 1361 | free(src_canon); |
1333 | return ret; | 1362 | return ret; |
1334 | } | 1363 | } |
1335 | 1364 | ||
@@ -1340,7 +1369,7 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path, | |||
1340 | int local_fd; | 1369 | int local_fd; |
1341 | int status = SSH2_FX_OK; | 1370 | int status = SSH2_FX_OK; |
1342 | u_int handle_len, id, type; | 1371 | u_int handle_len, id, type; |
1343 | off_t offset; | 1372 | off_t offset, progress_counter; |
1344 | char *handle, *data; | 1373 | char *handle, *data; |
1345 | Buffer msg; | 1374 | Buffer msg; |
1346 | struct stat sb; | 1375 | struct stat sb; |
@@ -1408,9 +1437,10 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path, | |||
1408 | data = xmalloc(conn->transfer_buflen); | 1437 | data = xmalloc(conn->transfer_buflen); |
1409 | 1438 | ||
1410 | /* Read from local and write to remote */ | 1439 | /* Read from local and write to remote */ |
1411 | offset = 0; | 1440 | offset = progress_counter = 0; |
1412 | if (showprogress) | 1441 | if (showprogress) |
1413 | start_progress_meter(local_path, sb.st_size, &offset); | 1442 | start_progress_meter(local_path, sb.st_size, |
1443 | &progress_counter); | ||
1414 | 1444 | ||
1415 | for (;;) { | 1445 | for (;;) { |
1416 | int len; | 1446 | int len; |
@@ -1481,7 +1511,8 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path, | |||
1481 | debug3("In write loop, ack for %u %u bytes at %lld", | 1511 | debug3("In write loop, ack for %u %u bytes at %lld", |
1482 | ack->id, ack->len, (long long)ack->offset); | 1512 | ack->id, ack->len, (long long)ack->offset); |
1483 | ++ackid; | 1513 | ++ackid; |
1484 | xfree(ack); | 1514 | progress_counter += ack->len; |
1515 | free(ack); | ||
1485 | } | 1516 | } |
1486 | offset += len; | 1517 | offset += len; |
1487 | if (offset < 0) | 1518 | if (offset < 0) |
@@ -1491,7 +1522,7 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path, | |||
1491 | 1522 | ||
1492 | if (showprogress) | 1523 | if (showprogress) |
1493 | stop_progress_meter(); | 1524 | stop_progress_meter(); |
1494 | xfree(data); | 1525 | free(data); |
1495 | 1526 | ||
1496 | if (status != SSH2_FX_OK) { | 1527 | if (status != SSH2_FX_OK) { |
1497 | error("Couldn't write to remote file \"%s\": %s", | 1528 | error("Couldn't write to remote file \"%s\": %s", |
@@ -1511,7 +1542,7 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path, | |||
1511 | 1542 | ||
1512 | if (do_close(conn, handle, handle_len) != SSH2_FX_OK) | 1543 | if (do_close(conn, handle, handle_len) != SSH2_FX_OK) |
1513 | status = -1; | 1544 | status = -1; |
1514 | xfree(handle); | 1545 | free(handle); |
1515 | 1546 | ||
1516 | return status; | 1547 | return status; |
1517 | } | 1548 | } |
@@ -1551,7 +1582,7 @@ upload_dir_internal(struct sftp_conn *conn, char *src, char *dst, | |||
1551 | a.perm &= 01777; | 1582 | a.perm &= 01777; |
1552 | if (!pflag) | 1583 | if (!pflag) |
1553 | a.flags &= ~SSH2_FILEXFER_ATTR_ACMODTIME; | 1584 | a.flags &= ~SSH2_FILEXFER_ATTR_ACMODTIME; |
1554 | 1585 | ||
1555 | status = do_mkdir(conn, dst, &a, 0); | 1586 | status = do_mkdir(conn, dst, &a, 0); |
1556 | /* | 1587 | /* |
1557 | * we lack a portable status for errno EEXIST, | 1588 | * we lack a portable status for errno EEXIST, |
@@ -1561,7 +1592,7 @@ upload_dir_internal(struct sftp_conn *conn, char *src, char *dst, | |||
1561 | if (status != SSH2_FX_OK) { | 1592 | if (status != SSH2_FX_OK) { |
1562 | if (status != SSH2_FX_FAILURE) | 1593 | if (status != SSH2_FX_FAILURE) |
1563 | return -1; | 1594 | return -1; |
1564 | if (do_stat(conn, dst, 0) == NULL) | 1595 | if (do_stat(conn, dst, 0) == NULL) |
1565 | return -1; | 1596 | return -1; |
1566 | } | 1597 | } |
1567 | 1598 | ||
@@ -1569,7 +1600,7 @@ upload_dir_internal(struct sftp_conn *conn, char *src, char *dst, | |||
1569 | error("Failed to open dir \"%s\": %s", src, strerror(errno)); | 1600 | error("Failed to open dir \"%s\": %s", src, strerror(errno)); |
1570 | return -1; | 1601 | return -1; |
1571 | } | 1602 | } |
1572 | 1603 | ||
1573 | while (((dp = readdir(dirp)) != NULL) && !interrupted) { | 1604 | while (((dp = readdir(dirp)) != NULL) && !interrupted) { |
1574 | if (dp->d_ino == 0) | 1605 | if (dp->d_ino == 0) |
1575 | continue; | 1606 | continue; |
@@ -1597,8 +1628,8 @@ upload_dir_internal(struct sftp_conn *conn, char *src, char *dst, | |||
1597 | } | 1628 | } |
1598 | } else | 1629 | } else |
1599 | logit("%s: not a regular file\n", filename); | 1630 | logit("%s: not a regular file\n", filename); |
1600 | xfree(new_dst); | 1631 | free(new_dst); |
1601 | xfree(new_src); | 1632 | free(new_src); |
1602 | } | 1633 | } |
1603 | 1634 | ||
1604 | do_setstat(conn, dst, &a); | 1635 | do_setstat(conn, dst, &a); |
@@ -1620,7 +1651,7 @@ upload_dir(struct sftp_conn *conn, char *src, char *dst, int printflag, | |||
1620 | } | 1651 | } |
1621 | 1652 | ||
1622 | ret = upload_dir_internal(conn, src, dst_canon, pflag, printflag, 0); | 1653 | ret = upload_dir_internal(conn, src, dst_canon, pflag, printflag, 0); |
1623 | xfree(dst_canon); | 1654 | free(dst_canon); |
1624 | return ret; | 1655 | return ret; |
1625 | } | 1656 | } |
1626 | 1657 | ||
diff --git a/sftp-client.h b/sftp-client.h index aef54ef49..111a998c8 100644 --- a/sftp-client.h +++ b/sftp-client.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sftp-client.h,v 1.20 2010/12/04 00:18:01 djm Exp $ */ | 1 | /* $OpenBSD: sftp-client.h,v 1.21 2013/07/25 00:56:51 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org> | 4 | * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org> |
@@ -106,13 +106,13 @@ int do_symlink(struct sftp_conn *, char *, char *); | |||
106 | * Download 'remote_path' to 'local_path'. Preserve permissions and times | 106 | * Download 'remote_path' to 'local_path'. Preserve permissions and times |
107 | * if 'pflag' is set | 107 | * if 'pflag' is set |
108 | */ | 108 | */ |
109 | int do_download(struct sftp_conn *, char *, char *, Attrib *, int); | 109 | int do_download(struct sftp_conn *, char *, char *, Attrib *, int, int); |
110 | 110 | ||
111 | /* | 111 | /* |
112 | * Recursively download 'remote_directory' to 'local_directory'. Preserve | 112 | * Recursively download 'remote_directory' to 'local_directory'. Preserve |
113 | * times if 'pflag' is set | 113 | * times if 'pflag' is set |
114 | */ | 114 | */ |
115 | int download_dir(struct sftp_conn *, char *, char *, Attrib *, int, int); | 115 | int download_dir(struct sftp_conn *, char *, char *, Attrib *, int, int, int); |
116 | 116 | ||
117 | /* | 117 | /* |
118 | * Upload 'local_path' to 'remote_path'. Preserve permissions and times | 118 | * Upload 'local_path' to 'remote_path'. Preserve permissions and times |
diff --git a/sftp-common.c b/sftp-common.c index a042875c6..413efc209 100644 --- a/sftp-common.c +++ b/sftp-common.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sftp-common.c,v 1.23 2010/01/15 09:24:23 markus Exp $ */ | 1 | /* $OpenBSD: sftp-common.c,v 1.24 2013/05/17 00:13:14 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. |
4 | * Copyright (c) 2001 Damien Miller. All rights reserved. | 4 | * Copyright (c) 2001 Damien Miller. All rights reserved. |
@@ -128,8 +128,8 @@ decode_attrib(Buffer *b) | |||
128 | type = buffer_get_string(b, NULL); | 128 | type = buffer_get_string(b, NULL); |
129 | data = buffer_get_string(b, NULL); | 129 | data = buffer_get_string(b, NULL); |
130 | debug3("Got file attribute \"%s\"", type); | 130 | debug3("Got file attribute \"%s\"", type); |
131 | xfree(type); | 131 | free(type); |
132 | xfree(data); | 132 | free(data); |
133 | } | 133 | } |
134 | } | 134 | } |
135 | return &a; | 135 | return &a; |
diff --git a/sftp-glob.c b/sftp-glob.c index 06bf157ca..79b7bdb2f 100644 --- a/sftp-glob.c +++ b/sftp-glob.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sftp-glob.c,v 1.23 2011/10/04 14:17:32 djm Exp $ */ | 1 | /* $OpenBSD: sftp-glob.c,v 1.24 2013/05/17 00:13:14 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org> | 3 | * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org> |
4 | * | 4 | * |
@@ -51,7 +51,7 @@ fudge_opendir(const char *path) | |||
51 | r = xmalloc(sizeof(*r)); | 51 | r = xmalloc(sizeof(*r)); |
52 | 52 | ||
53 | if (do_readdir(cur.conn, (char *)path, &r->dir)) { | 53 | if (do_readdir(cur.conn, (char *)path, &r->dir)) { |
54 | xfree(r); | 54 | free(r); |
55 | return(NULL); | 55 | return(NULL); |
56 | } | 56 | } |
57 | 57 | ||
@@ -103,7 +103,7 @@ static void | |||
103 | fudge_closedir(struct SFTP_OPENDIR *od) | 103 | fudge_closedir(struct SFTP_OPENDIR *od) |
104 | { | 104 | { |
105 | free_sftp_dirents(od->dir); | 105 | free_sftp_dirents(od->dir); |
106 | xfree(od); | 106 | free(od); |
107 | } | 107 | } |
108 | 108 | ||
109 | static int | 109 | static int |
diff --git a/sftp-server.0 b/sftp-server.0 index 6beddcc13..bca318b38 100644 --- a/sftp-server.0 +++ b/sftp-server.0 | |||
@@ -62,7 +62,7 @@ SEE ALSO | |||
62 | sftp(1), ssh(1), sshd_config(5), sshd(8) | 62 | sftp(1), ssh(1), sshd_config(5), sshd(8) |
63 | 63 | ||
64 | T. Ylonen and S. Lehtinen, SSH File Transfer Protocol, | 64 | T. Ylonen and S. Lehtinen, SSH File Transfer Protocol, |
65 | draft-ietf-secsh-filexfer-00.txt, January 2001, work in progress | 65 | draft-ietf-secsh-filexfer-02.txt, October 2001, work in progress |
66 | material. | 66 | material. |
67 | 67 | ||
68 | HISTORY | 68 | HISTORY |
@@ -71,4 +71,4 @@ HISTORY | |||
71 | AUTHORS | 71 | AUTHORS |
72 | Markus Friedl <markus@openbsd.org> | 72 | Markus Friedl <markus@openbsd.org> |
73 | 73 | ||
74 | OpenBSD 5.3 January 4, 2013 OpenBSD 5.3 | 74 | OpenBSD 5.4 July 16, 2013 OpenBSD 5.4 |
diff --git a/sftp-server.8 b/sftp-server.8 index 2fd3df20c..cc925b96e 100644 --- a/sftp-server.8 +++ b/sftp-server.8 | |||
@@ -1,4 +1,4 @@ | |||
1 | .\" $OpenBSD: sftp-server.8,v 1.21 2013/01/04 19:26:38 jmc Exp $ | 1 | .\" $OpenBSD: sftp-server.8,v 1.23 2013/07/16 00:07:52 schwarze Exp $ |
2 | .\" | 2 | .\" |
3 | .\" Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | .\" Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | .\" | 4 | .\" |
@@ -22,7 +22,7 @@ | |||
22 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 22 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
23 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 23 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
24 | .\" | 24 | .\" |
25 | .Dd $Mdocdate: January 4 2013 $ | 25 | .Dd $Mdocdate: July 16 2013 $ |
26 | .Dt SFTP-SERVER 8 | 26 | .Dt SFTP-SERVER 8 |
27 | .Os | 27 | .Os |
28 | .Sh NAME | 28 | .Sh NAME |
@@ -124,8 +124,8 @@ establish a logging socket inside the chroot directory. | |||
124 | .%A T. Ylonen | 124 | .%A T. Ylonen |
125 | .%A S. Lehtinen | 125 | .%A S. Lehtinen |
126 | .%T "SSH File Transfer Protocol" | 126 | .%T "SSH File Transfer Protocol" |
127 | .%N draft-ietf-secsh-filexfer-00.txt | 127 | .%N draft-ietf-secsh-filexfer-02.txt |
128 | .%D January 2001 | 128 | .%D October 2001 |
129 | .%O work in progress material | 129 | .%O work in progress material |
130 | .Re | 130 | .Re |
131 | .Sh HISTORY | 131 | .Sh HISTORY |
@@ -133,4 +133,4 @@ establish a logging socket inside the chroot directory. | |||
133 | first appeared in | 133 | first appeared in |
134 | .Ox 2.8 . | 134 | .Ox 2.8 . |
135 | .Sh AUTHORS | 135 | .Sh AUTHORS |
136 | .An Markus Friedl Aq markus@openbsd.org | 136 | .An Markus Friedl Aq Mt markus@openbsd.org |
diff --git a/sftp-server.c b/sftp-server.c index cce074a56..285f21aaf 100644 --- a/sftp-server.c +++ b/sftp-server.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sftp-server.c,v 1.96 2013/01/04 19:26:38 jmc Exp $ */ | 1 | /* $OpenBSD: sftp-server.c,v 1.97 2013/05/17 00:13:14 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000-2004 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000-2004 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -319,11 +319,11 @@ handle_close(int handle) | |||
319 | 319 | ||
320 | if (handle_is_ok(handle, HANDLE_FILE)) { | 320 | if (handle_is_ok(handle, HANDLE_FILE)) { |
321 | ret = close(handles[handle].fd); | 321 | ret = close(handles[handle].fd); |
322 | xfree(handles[handle].name); | 322 | free(handles[handle].name); |
323 | handle_unused(handle); | 323 | handle_unused(handle); |
324 | } else if (handle_is_ok(handle, HANDLE_DIR)) { | 324 | } else if (handle_is_ok(handle, HANDLE_DIR)) { |
325 | ret = closedir(handles[handle].dirp); | 325 | ret = closedir(handles[handle].dirp); |
326 | xfree(handles[handle].name); | 326 | free(handles[handle].name); |
327 | handle_unused(handle); | 327 | handle_unused(handle); |
328 | } else { | 328 | } else { |
329 | errno = ENOENT; | 329 | errno = ENOENT; |
@@ -367,7 +367,7 @@ get_handle(void) | |||
367 | handle = get_string(&hlen); | 367 | handle = get_string(&hlen); |
368 | if (hlen < 256) | 368 | if (hlen < 256) |
369 | val = handle_from_string(handle, hlen); | 369 | val = handle_from_string(handle, hlen); |
370 | xfree(handle); | 370 | free(handle); |
371 | return val; | 371 | return val; |
372 | } | 372 | } |
373 | 373 | ||
@@ -450,7 +450,7 @@ send_handle(u_int32_t id, int handle) | |||
450 | handle_to_string(handle, &string, &hlen); | 450 | handle_to_string(handle, &string, &hlen); |
451 | debug("request %u: sent handle handle %d", id, handle); | 451 | debug("request %u: sent handle handle %d", id, handle); |
452 | send_data_or_handle(SSH2_FXP_HANDLE, id, string, hlen); | 452 | send_data_or_handle(SSH2_FXP_HANDLE, id, string, hlen); |
453 | xfree(string); | 453 | free(string); |
454 | } | 454 | } |
455 | 455 | ||
456 | static void | 456 | static void |
@@ -578,7 +578,7 @@ process_open(void) | |||
578 | } | 578 | } |
579 | if (status != SSH2_FX_OK) | 579 | if (status != SSH2_FX_OK) |
580 | send_status(id, status); | 580 | send_status(id, status); |
581 | xfree(name); | 581 | free(name); |
582 | } | 582 | } |
583 | 583 | ||
584 | static void | 584 | static void |
@@ -679,7 +679,7 @@ process_write(void) | |||
679 | } | 679 | } |
680 | } | 680 | } |
681 | send_status(id, status); | 681 | send_status(id, status); |
682 | xfree(data); | 682 | free(data); |
683 | } | 683 | } |
684 | 684 | ||
685 | static void | 685 | static void |
@@ -705,7 +705,7 @@ process_do_stat(int do_lstat) | |||
705 | } | 705 | } |
706 | if (status != SSH2_FX_OK) | 706 | if (status != SSH2_FX_OK) |
707 | send_status(id, status); | 707 | send_status(id, status); |
708 | xfree(name); | 708 | free(name); |
709 | } | 709 | } |
710 | 710 | ||
711 | static void | 711 | static void |
@@ -807,7 +807,7 @@ process_setstat(void) | |||
807 | status = errno_to_portable(errno); | 807 | status = errno_to_portable(errno); |
808 | } | 808 | } |
809 | send_status(id, status); | 809 | send_status(id, status); |
810 | xfree(name); | 810 | free(name); |
811 | } | 811 | } |
812 | 812 | ||
813 | static void | 813 | static void |
@@ -904,7 +904,7 @@ process_opendir(void) | |||
904 | } | 904 | } |
905 | if (status != SSH2_FX_OK) | 905 | if (status != SSH2_FX_OK) |
906 | send_status(id, status); | 906 | send_status(id, status); |
907 | xfree(path); | 907 | free(path); |
908 | } | 908 | } |
909 | 909 | ||
910 | static void | 910 | static void |
@@ -953,13 +953,13 @@ process_readdir(void) | |||
953 | if (count > 0) { | 953 | if (count > 0) { |
954 | send_names(id, count, stats); | 954 | send_names(id, count, stats); |
955 | for (i = 0; i < count; i++) { | 955 | for (i = 0; i < count; i++) { |
956 | xfree(stats[i].name); | 956 | free(stats[i].name); |
957 | xfree(stats[i].long_name); | 957 | free(stats[i].long_name); |
958 | } | 958 | } |
959 | } else { | 959 | } else { |
960 | send_status(id, SSH2_FX_EOF); | 960 | send_status(id, SSH2_FX_EOF); |
961 | } | 961 | } |
962 | xfree(stats); | 962 | free(stats); |
963 | } | 963 | } |
964 | } | 964 | } |
965 | 965 | ||
@@ -982,7 +982,7 @@ process_remove(void) | |||
982 | status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; | 982 | status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; |
983 | } | 983 | } |
984 | send_status(id, status); | 984 | send_status(id, status); |
985 | xfree(name); | 985 | free(name); |
986 | } | 986 | } |
987 | 987 | ||
988 | static void | 988 | static void |
@@ -1007,7 +1007,7 @@ process_mkdir(void) | |||
1007 | status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; | 1007 | status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; |
1008 | } | 1008 | } |
1009 | send_status(id, status); | 1009 | send_status(id, status); |
1010 | xfree(name); | 1010 | free(name); |
1011 | } | 1011 | } |
1012 | 1012 | ||
1013 | static void | 1013 | static void |
@@ -1028,7 +1028,7 @@ process_rmdir(void) | |||
1028 | status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; | 1028 | status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; |
1029 | } | 1029 | } |
1030 | send_status(id, status); | 1030 | send_status(id, status); |
1031 | xfree(name); | 1031 | free(name); |
1032 | } | 1032 | } |
1033 | 1033 | ||
1034 | static void | 1034 | static void |
@@ -1041,7 +1041,7 @@ process_realpath(void) | |||
1041 | id = get_int(); | 1041 | id = get_int(); |
1042 | path = get_string(NULL); | 1042 | path = get_string(NULL); |
1043 | if (path[0] == '\0') { | 1043 | if (path[0] == '\0') { |
1044 | xfree(path); | 1044 | free(path); |
1045 | path = xstrdup("."); | 1045 | path = xstrdup("."); |
1046 | } | 1046 | } |
1047 | debug3("request %u: realpath", id); | 1047 | debug3("request %u: realpath", id); |
@@ -1054,7 +1054,7 @@ process_realpath(void) | |||
1054 | s.name = s.long_name = resolvedname; | 1054 | s.name = s.long_name = resolvedname; |
1055 | send_names(id, 1, &s); | 1055 | send_names(id, 1, &s); |
1056 | } | 1056 | } |
1057 | xfree(path); | 1057 | free(path); |
1058 | } | 1058 | } |
1059 | 1059 | ||
1060 | static void | 1060 | static void |
@@ -1115,8 +1115,8 @@ process_rename(void) | |||
1115 | status = SSH2_FX_OK; | 1115 | status = SSH2_FX_OK; |
1116 | } | 1116 | } |
1117 | send_status(id, status); | 1117 | send_status(id, status); |
1118 | xfree(oldpath); | 1118 | free(oldpath); |
1119 | xfree(newpath); | 1119 | free(newpath); |
1120 | } | 1120 | } |
1121 | 1121 | ||
1122 | static void | 1122 | static void |
@@ -1141,7 +1141,7 @@ process_readlink(void) | |||
1141 | s.name = s.long_name = buf; | 1141 | s.name = s.long_name = buf; |
1142 | send_names(id, 1, &s); | 1142 | send_names(id, 1, &s); |
1143 | } | 1143 | } |
1144 | xfree(path); | 1144 | free(path); |
1145 | } | 1145 | } |
1146 | 1146 | ||
1147 | static void | 1147 | static void |
@@ -1164,8 +1164,8 @@ process_symlink(void) | |||
1164 | status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; | 1164 | status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; |
1165 | } | 1165 | } |
1166 | send_status(id, status); | 1166 | send_status(id, status); |
1167 | xfree(oldpath); | 1167 | free(oldpath); |
1168 | xfree(newpath); | 1168 | free(newpath); |
1169 | } | 1169 | } |
1170 | 1170 | ||
1171 | static void | 1171 | static void |
@@ -1185,8 +1185,8 @@ process_extended_posix_rename(u_int32_t id) | |||
1185 | status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; | 1185 | status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; |
1186 | } | 1186 | } |
1187 | send_status(id, status); | 1187 | send_status(id, status); |
1188 | xfree(oldpath); | 1188 | free(oldpath); |
1189 | xfree(newpath); | 1189 | free(newpath); |
1190 | } | 1190 | } |
1191 | 1191 | ||
1192 | static void | 1192 | static void |
@@ -1203,7 +1203,7 @@ process_extended_statvfs(u_int32_t id) | |||
1203 | send_status(id, errno_to_portable(errno)); | 1203 | send_status(id, errno_to_portable(errno)); |
1204 | else | 1204 | else |
1205 | send_statvfs(id, &st); | 1205 | send_statvfs(id, &st); |
1206 | xfree(path); | 1206 | free(path); |
1207 | } | 1207 | } |
1208 | 1208 | ||
1209 | static void | 1209 | static void |
@@ -1242,8 +1242,8 @@ process_extended_hardlink(u_int32_t id) | |||
1242 | status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; | 1242 | status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; |
1243 | } | 1243 | } |
1244 | send_status(id, status); | 1244 | send_status(id, status); |
1245 | xfree(oldpath); | 1245 | free(oldpath); |
1246 | xfree(newpath); | 1246 | free(newpath); |
1247 | } | 1247 | } |
1248 | 1248 | ||
1249 | static void | 1249 | static void |
@@ -1264,7 +1264,7 @@ process_extended(void) | |||
1264 | process_extended_hardlink(id); | 1264 | process_extended_hardlink(id); |
1265 | else | 1265 | else |
1266 | send_status(id, SSH2_FX_OP_UNSUPPORTED); /* MUST */ | 1266 | send_status(id, SSH2_FX_OP_UNSUPPORTED); /* MUST */ |
1267 | xfree(request); | 1267 | free(request); |
1268 | } | 1268 | } |
1269 | 1269 | ||
1270 | /* stolen from ssh-agent */ | 1270 | /* stolen from ssh-agent */ |
@@ -55,10 +55,10 @@ DESCRIPTION | |||
55 | used in conjunction with non-interactive authentication. A | 55 | used in conjunction with non-interactive authentication. A |
56 | batchfile of `-' may be used to indicate standard input. sftp | 56 | batchfile of `-' may be used to indicate standard input. sftp |
57 | will abort if any of the following commands fail: get, put, | 57 | will abort if any of the following commands fail: get, put, |
58 | rename, ln, rm, mkdir, chdir, ls, lchdir, chmod, chown, chgrp, | 58 | reget, rename, ln, rm, mkdir, chdir, ls, lchdir, chmod, chown, |
59 | lpwd, df, symlink, and lmkdir. Termination on error can be | 59 | chgrp, lpwd, df, symlink, and lmkdir. Termination on error can |
60 | suppressed on a command by command basis by prefixing the command | 60 | be suppressed on a command by command basis by prefixing the |
61 | with a `-' character (for example, -rm /tmp/blah*). | 61 | command with a `-' character (for example, -rm /tmp/blah*). |
62 | 62 | ||
63 | -C Enables compression (via ssh's -C flag). | 63 | -C Enables compression (via ssh's -C flag). |
64 | 64 | ||
@@ -209,7 +209,7 @@ INTERACTIVE COMMANDS | |||
209 | 209 | ||
210 | exit Quit sftp. | 210 | exit Quit sftp. |
211 | 211 | ||
212 | get [-Ppr] remote-path [local-path] | 212 | get [-aPpr] remote-path [local-path] |
213 | Retrieve the remote-path and store it on the local machine. If | 213 | Retrieve the remote-path and store it on the local machine. If |
214 | the local path name is not specified, it is given the same name | 214 | the local path name is not specified, it is given the same name |
215 | it has on the remote machine. remote-path may contain glob(3) | 215 | it has on the remote machine. remote-path may contain glob(3) |
@@ -217,6 +217,12 @@ INTERACTIVE COMMANDS | |||
217 | local-path is specified, then local-path must specify a | 217 | local-path is specified, then local-path must specify a |
218 | directory. | 218 | directory. |
219 | 219 | ||
220 | If the -a flag is specified, then attempt to resume partial | ||
221 | transfers of existing files. Note that resumption assumes that | ||
222 | any partial copy of the local file matches the remote copy. If | ||
223 | the remote file differs from the partial local copy then the | ||
224 | resultant file is likely to be corrupt. | ||
225 | |||
220 | If either the -P or -p flag is specified, then full file | 226 | If either the -P or -p flag is specified, then full file |
221 | permissions and access times are copied too. | 227 | permissions and access times are copied too. |
222 | 228 | ||
@@ -306,6 +312,10 @@ INTERACTIVE COMMANDS | |||
306 | 312 | ||
307 | quit Quit sftp. | 313 | quit Quit sftp. |
308 | 314 | ||
315 | reget [-Ppr] remote-path [local-path] | ||
316 | Resume download of remote-path. Equivalent to get with the -a | ||
317 | flag set. | ||
318 | |||
309 | rename oldpath newpath | 319 | rename oldpath newpath |
310 | Rename remote file from oldpath to newpath. | 320 | Rename remote file from oldpath to newpath. |
311 | 321 | ||
@@ -336,4 +346,4 @@ SEE ALSO | |||
336 | draft-ietf-secsh-filexfer-00.txt, January 2001, work in progress | 346 | draft-ietf-secsh-filexfer-00.txt, January 2001, work in progress |
337 | material. | 347 | material. |
338 | 348 | ||
339 | OpenBSD 5.3 September 5, 2011 OpenBSD 5.3 | 349 | OpenBSD 5.4 July 25, 2013 OpenBSD 5.4 |
@@ -1,4 +1,4 @@ | |||
1 | .\" $OpenBSD: sftp.1,v 1.91 2011/09/05 05:56:13 djm Exp $ | 1 | .\" $OpenBSD: sftp.1,v 1.92 2013/07/25 00:56:51 djm Exp $ |
2 | .\" | 2 | .\" |
3 | .\" Copyright (c) 2001 Damien Miller. All rights reserved. | 3 | .\" Copyright (c) 2001 Damien Miller. All rights reserved. |
4 | .\" | 4 | .\" |
@@ -22,7 +22,7 @@ | |||
22 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 22 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
23 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 23 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
24 | .\" | 24 | .\" |
25 | .Dd $Mdocdate: September 5 2011 $ | 25 | .Dd $Mdocdate: July 25 2013 $ |
26 | .Dt SFTP 1 | 26 | .Dt SFTP 1 |
27 | .Os | 27 | .Os |
28 | .Sh NAME | 28 | .Sh NAME |
@@ -129,7 +129,7 @@ may be used to indicate standard input. | |||
129 | .Nm | 129 | .Nm |
130 | will abort if any of the following | 130 | will abort if any of the following |
131 | commands fail: | 131 | commands fail: |
132 | .Ic get , put , rename , ln , | 132 | .Ic get , put , reget , rename , ln , |
133 | .Ic rm , mkdir , chdir , ls , | 133 | .Ic rm , mkdir , chdir , ls , |
134 | .Ic lchdir , chmod , chown , | 134 | .Ic lchdir , chmod , chown , |
135 | .Ic chgrp , lpwd , df , symlink , | 135 | .Ic chgrp , lpwd , df , symlink , |
@@ -343,7 +343,7 @@ extension. | |||
343 | Quit | 343 | Quit |
344 | .Nm sftp . | 344 | .Nm sftp . |
345 | .It Xo Ic get | 345 | .It Xo Ic get |
346 | .Op Fl Ppr | 346 | .Op Fl aPpr |
347 | .Ar remote-path | 347 | .Ar remote-path |
348 | .Op Ar local-path | 348 | .Op Ar local-path |
349 | .Xc | 349 | .Xc |
@@ -363,6 +363,14 @@ is specified, then | |||
363 | .Ar local-path | 363 | .Ar local-path |
364 | must specify a directory. | 364 | must specify a directory. |
365 | .Pp | 365 | .Pp |
366 | If the | ||
367 | .Fl a | ||
368 | flag is specified, then attempt to resume partial transfers of existing files. | ||
369 | Note that resumption assumes that any partial copy of the local file matches | ||
370 | the remote copy. | ||
371 | If the remote file differs from the partial local copy then the resultant file | ||
372 | is likely to be corrupt. | ||
373 | .Pp | ||
366 | If either the | 374 | If either the |
367 | .Fl P | 375 | .Fl P |
368 | or | 376 | or |
@@ -503,6 +511,18 @@ Display remote working directory. | |||
503 | .It Ic quit | 511 | .It Ic quit |
504 | Quit | 512 | Quit |
505 | .Nm sftp . | 513 | .Nm sftp . |
514 | .It Xo Ic reget | ||
515 | .Op Fl Ppr | ||
516 | .Ar remote-path | ||
517 | .Op Ar local-path | ||
518 | .Xc | ||
519 | Resume download of | ||
520 | .Ar remote-path . | ||
521 | Equivalent to | ||
522 | .Ic get | ||
523 | with the | ||
524 | .Fl a | ||
525 | flag set. | ||
506 | .It Ic rename Ar oldpath Ar newpath | 526 | .It Ic rename Ar oldpath Ar newpath |
507 | Rename remote file from | 527 | Rename remote file from |
508 | .Ar oldpath | 528 | .Ar oldpath |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sftp.c,v 1.142 2013/02/08 00:41:12 djm Exp $ */ | 1 | /* $OpenBSD: sftp.c,v 1.148 2013/07/25 00:56:52 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org> | 3 | * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org> |
4 | * | 4 | * |
@@ -38,6 +38,9 @@ | |||
38 | #ifdef HAVE_LIBGEN_H | 38 | #ifdef HAVE_LIBGEN_H |
39 | #include <libgen.h> | 39 | #include <libgen.h> |
40 | #endif | 40 | #endif |
41 | #ifdef HAVE_LOCALE_H | ||
42 | # include <locale.h> | ||
43 | #endif | ||
41 | #ifdef USE_LIBEDIT | 44 | #ifdef USE_LIBEDIT |
42 | #include <histedit.h> | 45 | #include <histedit.h> |
43 | #else | 46 | #else |
@@ -76,12 +79,18 @@ int batchmode = 0; | |||
76 | /* PID of ssh transport process */ | 79 | /* PID of ssh transport process */ |
77 | static pid_t sshpid = -1; | 80 | static pid_t sshpid = -1; |
78 | 81 | ||
82 | /* Suppress diagnositic messages */ | ||
83 | int quiet = 0; | ||
84 | |||
79 | /* This is set to 0 if the progressmeter is not desired. */ | 85 | /* This is set to 0 if the progressmeter is not desired. */ |
80 | int showprogress = 1; | 86 | int showprogress = 1; |
81 | 87 | ||
82 | /* When this option is set, we always recursively download/upload directories */ | 88 | /* When this option is set, we always recursively download/upload directories */ |
83 | int global_rflag = 0; | 89 | int global_rflag = 0; |
84 | 90 | ||
91 | /* When this option is set, we resume download if possible */ | ||
92 | int global_aflag = 0; | ||
93 | |||
85 | /* When this option is set, the file transfers will always preserve times */ | 94 | /* When this option is set, the file transfers will always preserve times */ |
86 | int global_pflag = 0; | 95 | int global_pflag = 0; |
87 | 96 | ||
@@ -145,6 +154,7 @@ extern char *__progname; | |||
145 | #define I_SYMLINK 21 | 154 | #define I_SYMLINK 21 |
146 | #define I_VERSION 22 | 155 | #define I_VERSION 22 |
147 | #define I_PROGRESS 23 | 156 | #define I_PROGRESS 23 |
157 | #define I_REGET 26 | ||
148 | 158 | ||
149 | struct CMD { | 159 | struct CMD { |
150 | const char *c; | 160 | const char *c; |
@@ -184,6 +194,7 @@ static const struct CMD cmds[] = { | |||
184 | { "put", I_PUT, LOCAL }, | 194 | { "put", I_PUT, LOCAL }, |
185 | { "pwd", I_PWD, REMOTE }, | 195 | { "pwd", I_PWD, REMOTE }, |
186 | { "quit", I_QUIT, NOARGS }, | 196 | { "quit", I_QUIT, NOARGS }, |
197 | { "reget", I_REGET, REMOTE }, | ||
187 | { "rename", I_RENAME, REMOTE }, | 198 | { "rename", I_RENAME, REMOTE }, |
188 | { "rm", I_RM, REMOTE }, | 199 | { "rm", I_RM, REMOTE }, |
189 | { "rmdir", I_RMDIR, REMOTE }, | 200 | { "rmdir", I_RMDIR, REMOTE }, |
@@ -215,7 +226,7 @@ cmd_interrupt(int signo) | |||
215 | const char msg[] = "\rInterrupt \n"; | 226 | const char msg[] = "\rInterrupt \n"; |
216 | int olderrno = errno; | 227 | int olderrno = errno; |
217 | 228 | ||
218 | write(STDERR_FILENO, msg, sizeof(msg) - 1); | 229 | (void)write(STDERR_FILENO, msg, sizeof(msg) - 1); |
219 | interrupted = 1; | 230 | interrupted = 1; |
220 | errno = olderrno; | 231 | errno = olderrno; |
221 | } | 232 | } |
@@ -233,6 +244,7 @@ help(void) | |||
233 | " filesystem containing 'path'\n" | 244 | " filesystem containing 'path'\n" |
234 | "exit Quit sftp\n" | 245 | "exit Quit sftp\n" |
235 | "get [-Ppr] remote [local] Download file\n" | 246 | "get [-Ppr] remote [local] Download file\n" |
247 | "reget remote [local] Resume download file\n" | ||
236 | "help Display this help text\n" | 248 | "help Display this help text\n" |
237 | "lcd path Change local directory to 'path'\n" | 249 | "lcd path Change local directory to 'path'\n" |
238 | "lls [ls-options [path]] Display local directory listing\n" | 250 | "lls [ls-options [path]] Display local directory listing\n" |
@@ -306,7 +318,7 @@ local_do_ls(const char *args) | |||
306 | /* XXX: quoting - rip quoting code from ftp? */ | 318 | /* XXX: quoting - rip quoting code from ftp? */ |
307 | snprintf(buf, len, _PATH_LS " %s", args); | 319 | snprintf(buf, len, _PATH_LS " %s", args); |
308 | local_do_shell(buf); | 320 | local_do_shell(buf); |
309 | xfree(buf); | 321 | free(buf); |
310 | } | 322 | } |
311 | } | 323 | } |
312 | 324 | ||
@@ -337,15 +349,15 @@ make_absolute(char *p, char *pwd) | |||
337 | /* Derelativise */ | 349 | /* Derelativise */ |
338 | if (p && p[0] != '/') { | 350 | if (p && p[0] != '/') { |
339 | abs_str = path_append(pwd, p); | 351 | abs_str = path_append(pwd, p); |
340 | xfree(p); | 352 | free(p); |
341 | return(abs_str); | 353 | return(abs_str); |
342 | } else | 354 | } else |
343 | return(p); | 355 | return(p); |
344 | } | 356 | } |
345 | 357 | ||
346 | static int | 358 | static int |
347 | parse_getput_flags(const char *cmd, char **argv, int argc, int *pflag, | 359 | parse_getput_flags(const char *cmd, char **argv, int argc, |
348 | int *rflag) | 360 | int *aflag, int *pflag, int *rflag) |
349 | { | 361 | { |
350 | extern int opterr, optind, optopt, optreset; | 362 | extern int opterr, optind, optopt, optreset; |
351 | int ch; | 363 | int ch; |
@@ -353,9 +365,12 @@ parse_getput_flags(const char *cmd, char **argv, int argc, int *pflag, | |||
353 | optind = optreset = 1; | 365 | optind = optreset = 1; |
354 | opterr = 0; | 366 | opterr = 0; |
355 | 367 | ||
356 | *rflag = *pflag = 0; | 368 | *aflag = *rflag = *pflag = 0; |
357 | while ((ch = getopt(argc, argv, "PpRr")) != -1) { | 369 | while ((ch = getopt(argc, argv, "aPpRr")) != -1) { |
358 | switch (ch) { | 370 | switch (ch) { |
371 | case 'a': | ||
372 | *aflag = 1; | ||
373 | break; | ||
359 | case 'p': | 374 | case 'p': |
360 | case 'P': | 375 | case 'P': |
361 | *pflag = 1; | 376 | *pflag = 1; |
@@ -513,7 +528,7 @@ pathname_is_dir(char *pathname) | |||
513 | 528 | ||
514 | static int | 529 | static int |
515 | process_get(struct sftp_conn *conn, char *src, char *dst, char *pwd, | 530 | process_get(struct sftp_conn *conn, char *src, char *dst, char *pwd, |
516 | int pflag, int rflag) | 531 | int pflag, int rflag, int resume) |
517 | { | 532 | { |
518 | char *abs_src = NULL; | 533 | char *abs_src = NULL; |
519 | char *abs_dst = NULL; | 534 | char *abs_dst = NULL; |
@@ -547,7 +562,7 @@ process_get(struct sftp_conn *conn, char *src, char *dst, char *pwd, | |||
547 | tmp = xstrdup(g.gl_pathv[i]); | 562 | tmp = xstrdup(g.gl_pathv[i]); |
548 | if ((filename = basename(tmp)) == NULL) { | 563 | if ((filename = basename(tmp)) == NULL) { |
549 | error("basename %s: %s", tmp, strerror(errno)); | 564 | error("basename %s: %s", tmp, strerror(errno)); |
550 | xfree(tmp); | 565 | free(tmp); |
551 | err = -1; | 566 | err = -1; |
552 | goto out; | 567 | goto out; |
553 | } | 568 | } |
@@ -563,24 +578,28 @@ process_get(struct sftp_conn *conn, char *src, char *dst, char *pwd, | |||
563 | } else { | 578 | } else { |
564 | abs_dst = xstrdup(filename); | 579 | abs_dst = xstrdup(filename); |
565 | } | 580 | } |
566 | xfree(tmp); | 581 | free(tmp); |
567 | 582 | ||
568 | printf("Fetching %s to %s\n", g.gl_pathv[i], abs_dst); | 583 | resume |= global_aflag; |
584 | if (!quiet && resume) | ||
585 | printf("Resuming %s to %s\n", g.gl_pathv[i], abs_dst); | ||
586 | else if (!quiet && !resume) | ||
587 | printf("Fetching %s to %s\n", g.gl_pathv[i], abs_dst); | ||
569 | if (pathname_is_dir(g.gl_pathv[i]) && (rflag || global_rflag)) { | 588 | if (pathname_is_dir(g.gl_pathv[i]) && (rflag || global_rflag)) { |
570 | if (download_dir(conn, g.gl_pathv[i], abs_dst, NULL, | 589 | if (download_dir(conn, g.gl_pathv[i], abs_dst, NULL, |
571 | pflag || global_pflag, 1) == -1) | 590 | pflag || global_pflag, 1, resume) == -1) |
572 | err = -1; | 591 | err = -1; |
573 | } else { | 592 | } else { |
574 | if (do_download(conn, g.gl_pathv[i], abs_dst, NULL, | 593 | if (do_download(conn, g.gl_pathv[i], abs_dst, NULL, |
575 | pflag || global_pflag) == -1) | 594 | pflag || global_pflag, resume) == -1) |
576 | err = -1; | 595 | err = -1; |
577 | } | 596 | } |
578 | xfree(abs_dst); | 597 | free(abs_dst); |
579 | abs_dst = NULL; | 598 | abs_dst = NULL; |
580 | } | 599 | } |
581 | 600 | ||
582 | out: | 601 | out: |
583 | xfree(abs_src); | 602 | free(abs_src); |
584 | globfree(&g); | 603 | globfree(&g); |
585 | return(err); | 604 | return(err); |
586 | } | 605 | } |
@@ -632,7 +651,7 @@ process_put(struct sftp_conn *conn, char *src, char *dst, char *pwd, | |||
632 | tmp = xstrdup(g.gl_pathv[i]); | 651 | tmp = xstrdup(g.gl_pathv[i]); |
633 | if ((filename = basename(tmp)) == NULL) { | 652 | if ((filename = basename(tmp)) == NULL) { |
634 | error("basename %s: %s", tmp, strerror(errno)); | 653 | error("basename %s: %s", tmp, strerror(errno)); |
635 | xfree(tmp); | 654 | free(tmp); |
636 | err = -1; | 655 | err = -1; |
637 | goto out; | 656 | goto out; |
638 | } | 657 | } |
@@ -648,9 +667,10 @@ process_put(struct sftp_conn *conn, char *src, char *dst, char *pwd, | |||
648 | } else { | 667 | } else { |
649 | abs_dst = make_absolute(xstrdup(filename), pwd); | 668 | abs_dst = make_absolute(xstrdup(filename), pwd); |
650 | } | 669 | } |
651 | xfree(tmp); | 670 | free(tmp); |
652 | 671 | ||
653 | printf("Uploading %s to %s\n", g.gl_pathv[i], abs_dst); | 672 | if (!quiet) |
673 | printf("Uploading %s to %s\n", g.gl_pathv[i], abs_dst); | ||
654 | if (pathname_is_dir(g.gl_pathv[i]) && (rflag || global_rflag)) { | 674 | if (pathname_is_dir(g.gl_pathv[i]) && (rflag || global_rflag)) { |
655 | if (upload_dir(conn, g.gl_pathv[i], abs_dst, | 675 | if (upload_dir(conn, g.gl_pathv[i], abs_dst, |
656 | pflag || global_pflag, 1) == -1) | 676 | pflag || global_pflag, 1) == -1) |
@@ -663,10 +683,8 @@ process_put(struct sftp_conn *conn, char *src, char *dst, char *pwd, | |||
663 | } | 683 | } |
664 | 684 | ||
665 | out: | 685 | out: |
666 | if (abs_dst) | 686 | free(abs_dst); |
667 | xfree(abs_dst); | 687 | free(tmp_dst); |
668 | if (tmp_dst) | ||
669 | xfree(tmp_dst); | ||
670 | globfree(&g); | 688 | globfree(&g); |
671 | return(err); | 689 | return(err); |
672 | } | 690 | } |
@@ -714,7 +732,7 @@ do_ls_dir(struct sftp_conn *conn, char *path, char *strip_path, int lflag) | |||
714 | /* Add any subpath that also needs to be counted */ | 732 | /* Add any subpath that also needs to be counted */ |
715 | tmp = path_strip(path, strip_path); | 733 | tmp = path_strip(path, strip_path); |
716 | m += strlen(tmp); | 734 | m += strlen(tmp); |
717 | xfree(tmp); | 735 | free(tmp); |
718 | 736 | ||
719 | if (ioctl(fileno(stdin), TIOCGWINSZ, &ws) != -1) | 737 | if (ioctl(fileno(stdin), TIOCGWINSZ, &ws) != -1) |
720 | width = ws.ws_col; | 738 | width = ws.ws_col; |
@@ -740,7 +758,7 @@ do_ls_dir(struct sftp_conn *conn, char *path, char *strip_path, int lflag) | |||
740 | 758 | ||
741 | tmp = path_append(path, d[n]->filename); | 759 | tmp = path_append(path, d[n]->filename); |
742 | fname = path_strip(tmp, strip_path); | 760 | fname = path_strip(tmp, strip_path); |
743 | xfree(tmp); | 761 | free(tmp); |
744 | 762 | ||
745 | if (lflag & LS_LONG_VIEW) { | 763 | if (lflag & LS_LONG_VIEW) { |
746 | if (lflag & (LS_NUMERIC_VIEW|LS_SI_UNITS)) { | 764 | if (lflag & (LS_NUMERIC_VIEW|LS_SI_UNITS)) { |
@@ -752,7 +770,7 @@ do_ls_dir(struct sftp_conn *conn, char *path, char *strip_path, int lflag) | |||
752 | lname = ls_file(fname, &sb, 1, | 770 | lname = ls_file(fname, &sb, 1, |
753 | (lflag & LS_SI_UNITS)); | 771 | (lflag & LS_SI_UNITS)); |
754 | printf("%s\n", lname); | 772 | printf("%s\n", lname); |
755 | xfree(lname); | 773 | free(lname); |
756 | } else | 774 | } else |
757 | printf("%s\n", d[n]->longname); | 775 | printf("%s\n", d[n]->longname); |
758 | } else { | 776 | } else { |
@@ -764,7 +782,7 @@ do_ls_dir(struct sftp_conn *conn, char *path, char *strip_path, int lflag) | |||
764 | c++; | 782 | c++; |
765 | } | 783 | } |
766 | 784 | ||
767 | xfree(fname); | 785 | free(fname); |
768 | } | 786 | } |
769 | 787 | ||
770 | if (!(lflag & LS_LONG_VIEW) && (c != 1)) | 788 | if (!(lflag & LS_LONG_VIEW) && (c != 1)) |
@@ -834,7 +852,7 @@ do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path, | |||
834 | lname = ls_file(fname, g.gl_statv[i], 1, | 852 | lname = ls_file(fname, g.gl_statv[i], 1, |
835 | (lflag & LS_SI_UNITS)); | 853 | (lflag & LS_SI_UNITS)); |
836 | printf("%s\n", lname); | 854 | printf("%s\n", lname); |
837 | xfree(lname); | 855 | free(lname); |
838 | } else { | 856 | } else { |
839 | printf("%-*s", colspace, fname); | 857 | printf("%-*s", colspace, fname); |
840 | if (c >= columns) { | 858 | if (c >= columns) { |
@@ -843,7 +861,7 @@ do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path, | |||
843 | } else | 861 | } else |
844 | c++; | 862 | c++; |
845 | } | 863 | } |
846 | xfree(fname); | 864 | free(fname); |
847 | } | 865 | } |
848 | 866 | ||
849 | if (!(lflag & LS_LONG_VIEW) && (c != 1)) | 867 | if (!(lflag & LS_LONG_VIEW) && (c != 1)) |
@@ -1112,8 +1130,9 @@ makeargv(const char *arg, int *argcp, int sloppy, char *lastquote, | |||
1112 | } | 1130 | } |
1113 | 1131 | ||
1114 | static int | 1132 | static int |
1115 | parse_args(const char **cpp, int *pflag, int *rflag, int *lflag, int *iflag, | 1133 | parse_args(const char **cpp, int *aflag, int *hflag, int *iflag, int *lflag, |
1116 | int *hflag, int *sflag, unsigned long *n_arg, char **path1, char **path2) | 1134 | int *pflag, int *rflag, int *sflag, unsigned long *n_arg, |
1135 | char **path1, char **path2) | ||
1117 | { | 1136 | { |
1118 | const char *cmd, *cp = *cpp; | 1137 | const char *cmd, *cp = *cpp; |
1119 | char *cp2, **argv; | 1138 | char *cp2, **argv; |
@@ -1157,14 +1176,15 @@ parse_args(const char **cpp, int *pflag, int *rflag, int *lflag, int *iflag, | |||
1157 | } | 1176 | } |
1158 | 1177 | ||
1159 | /* Get arguments and parse flags */ | 1178 | /* Get arguments and parse flags */ |
1160 | *lflag = *pflag = *rflag = *hflag = *n_arg = 0; | 1179 | *aflag = *lflag = *pflag = *rflag = *hflag = *n_arg = 0; |
1161 | *path1 = *path2 = NULL; | 1180 | *path1 = *path2 = NULL; |
1162 | optidx = 1; | 1181 | optidx = 1; |
1163 | switch (cmdnum) { | 1182 | switch (cmdnum) { |
1164 | case I_GET: | 1183 | case I_GET: |
1184 | case I_REGET: | ||
1165 | case I_PUT: | 1185 | case I_PUT: |
1166 | if ((optidx = parse_getput_flags(cmd, argv, argc, | 1186 | if ((optidx = parse_getput_flags(cmd, argv, argc, |
1167 | pflag, rflag)) == -1) | 1187 | aflag, pflag, rflag)) == -1) |
1168 | return -1; | 1188 | return -1; |
1169 | /* Get first pathname (mandatory) */ | 1189 | /* Get first pathname (mandatory) */ |
1170 | if (argc - optidx < 1) { | 1190 | if (argc - optidx < 1) { |
@@ -1179,6 +1199,11 @@ parse_args(const char **cpp, int *pflag, int *rflag, int *lflag, int *iflag, | |||
1179 | /* Destination is not globbed */ | 1199 | /* Destination is not globbed */ |
1180 | undo_glob_escape(*path2); | 1200 | undo_glob_escape(*path2); |
1181 | } | 1201 | } |
1202 | if (*aflag && cmdnum == I_PUT) { | ||
1203 | /* XXX implement resume for uploads */ | ||
1204 | error("Resume is not supported for uploads"); | ||
1205 | return -1; | ||
1206 | } | ||
1182 | break; | 1207 | break; |
1183 | case I_LINK: | 1208 | case I_LINK: |
1184 | if ((optidx = parse_link_flags(cmd, argv, argc, sflag)) == -1) | 1209 | if ((optidx = parse_link_flags(cmd, argv, argc, sflag)) == -1) |
@@ -1287,7 +1312,8 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd, | |||
1287 | int err_abort) | 1312 | int err_abort) |
1288 | { | 1313 | { |
1289 | char *path1, *path2, *tmp; | 1314 | char *path1, *path2, *tmp; |
1290 | int pflag = 0, rflag = 0, lflag = 0, iflag = 0, hflag = 0, sflag = 0; | 1315 | int aflag = 0, hflag = 0, iflag = 0, lflag = 0, pflag = 0; |
1316 | int rflag = 0, sflag = 0; | ||
1291 | int cmdnum, i; | 1317 | int cmdnum, i; |
1292 | unsigned long n_arg = 0; | 1318 | unsigned long n_arg = 0; |
1293 | Attrib a, *aa; | 1319 | Attrib a, *aa; |
@@ -1296,9 +1322,8 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd, | |||
1296 | glob_t g; | 1322 | glob_t g; |
1297 | 1323 | ||
1298 | path1 = path2 = NULL; | 1324 | path1 = path2 = NULL; |
1299 | cmdnum = parse_args(&cmd, &pflag, &rflag, &lflag, &iflag, &hflag, | 1325 | cmdnum = parse_args(&cmd, &aflag, &hflag, &iflag, &lflag, &pflag, |
1300 | &sflag, &n_arg, &path1, &path2); | 1326 | &rflag, &sflag, &n_arg, &path1, &path2); |
1301 | |||
1302 | if (iflag != 0) | 1327 | if (iflag != 0) |
1303 | err_abort = 0; | 1328 | err_abort = 0; |
1304 | 1329 | ||
@@ -1313,8 +1338,12 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd, | |||
1313 | /* Unrecognized command */ | 1338 | /* Unrecognized command */ |
1314 | err = -1; | 1339 | err = -1; |
1315 | break; | 1340 | break; |
1341 | case I_REGET: | ||
1342 | aflag = 1; | ||
1343 | /* FALLTHROUGH */ | ||
1316 | case I_GET: | 1344 | case I_GET: |
1317 | err = process_get(conn, path1, path2, *pwd, pflag, rflag); | 1345 | err = process_get(conn, path1, path2, *pwd, pflag, |
1346 | rflag, aflag); | ||
1318 | break; | 1347 | break; |
1319 | case I_PUT: | 1348 | case I_PUT: |
1320 | err = process_put(conn, path1, path2, *pwd, pflag, rflag); | 1349 | err = process_put(conn, path1, path2, *pwd, pflag, rflag); |
@@ -1335,7 +1364,8 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd, | |||
1335 | path1 = make_absolute(path1, *pwd); | 1364 | path1 = make_absolute(path1, *pwd); |
1336 | remote_glob(conn, path1, GLOB_NOCHECK, NULL, &g); | 1365 | remote_glob(conn, path1, GLOB_NOCHECK, NULL, &g); |
1337 | for (i = 0; g.gl_pathv[i] && !interrupted; i++) { | 1366 | for (i = 0; g.gl_pathv[i] && !interrupted; i++) { |
1338 | printf("Removing %s\n", g.gl_pathv[i]); | 1367 | if (!quiet) |
1368 | printf("Removing %s\n", g.gl_pathv[i]); | ||
1339 | err = do_rm(conn, g.gl_pathv[i]); | 1369 | err = do_rm(conn, g.gl_pathv[i]); |
1340 | if (err != 0 && err_abort) | 1370 | if (err != 0 && err_abort) |
1341 | break; | 1371 | break; |
@@ -1359,24 +1389,24 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd, | |||
1359 | break; | 1389 | break; |
1360 | } | 1390 | } |
1361 | if ((aa = do_stat(conn, tmp, 0)) == NULL) { | 1391 | if ((aa = do_stat(conn, tmp, 0)) == NULL) { |
1362 | xfree(tmp); | 1392 | free(tmp); |
1363 | err = 1; | 1393 | err = 1; |
1364 | break; | 1394 | break; |
1365 | } | 1395 | } |
1366 | if (!(aa->flags & SSH2_FILEXFER_ATTR_PERMISSIONS)) { | 1396 | if (!(aa->flags & SSH2_FILEXFER_ATTR_PERMISSIONS)) { |
1367 | error("Can't change directory: Can't check target"); | 1397 | error("Can't change directory: Can't check target"); |
1368 | xfree(tmp); | 1398 | free(tmp); |
1369 | err = 1; | 1399 | err = 1; |
1370 | break; | 1400 | break; |
1371 | } | 1401 | } |
1372 | if (!S_ISDIR(aa->perm)) { | 1402 | if (!S_ISDIR(aa->perm)) { |
1373 | error("Can't change directory: \"%s\" is not " | 1403 | error("Can't change directory: \"%s\" is not " |
1374 | "a directory", tmp); | 1404 | "a directory", tmp); |
1375 | xfree(tmp); | 1405 | free(tmp); |
1376 | err = 1; | 1406 | err = 1; |
1377 | break; | 1407 | break; |
1378 | } | 1408 | } |
1379 | xfree(*pwd); | 1409 | free(*pwd); |
1380 | *pwd = tmp; | 1410 | *pwd = tmp; |
1381 | break; | 1411 | break; |
1382 | case I_LS: | 1412 | case I_LS: |
@@ -1431,7 +1461,8 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd, | |||
1431 | a.perm = n_arg; | 1461 | a.perm = n_arg; |
1432 | remote_glob(conn, path1, GLOB_NOCHECK, NULL, &g); | 1462 | remote_glob(conn, path1, GLOB_NOCHECK, NULL, &g); |
1433 | for (i = 0; g.gl_pathv[i] && !interrupted; i++) { | 1463 | for (i = 0; g.gl_pathv[i] && !interrupted; i++) { |
1434 | printf("Changing mode on %s\n", g.gl_pathv[i]); | 1464 | if (!quiet) |
1465 | printf("Changing mode on %s\n", g.gl_pathv[i]); | ||
1435 | err = do_setstat(conn, g.gl_pathv[i], &a); | 1466 | err = do_setstat(conn, g.gl_pathv[i], &a); |
1436 | if (err != 0 && err_abort) | 1467 | if (err != 0 && err_abort) |
1437 | break; | 1468 | break; |
@@ -1460,10 +1491,14 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd, | |||
1460 | } | 1491 | } |
1461 | aa->flags &= SSH2_FILEXFER_ATTR_UIDGID; | 1492 | aa->flags &= SSH2_FILEXFER_ATTR_UIDGID; |
1462 | if (cmdnum == I_CHOWN) { | 1493 | if (cmdnum == I_CHOWN) { |
1463 | printf("Changing owner on %s\n", g.gl_pathv[i]); | 1494 | if (!quiet) |
1495 | printf("Changing owner on %s\n", | ||
1496 | g.gl_pathv[i]); | ||
1464 | aa->uid = n_arg; | 1497 | aa->uid = n_arg; |
1465 | } else { | 1498 | } else { |
1466 | printf("Changing group on %s\n", g.gl_pathv[i]); | 1499 | if (!quiet) |
1500 | printf("Changing group on %s\n", | ||
1501 | g.gl_pathv[i]); | ||
1467 | aa->gid = n_arg; | 1502 | aa->gid = n_arg; |
1468 | } | 1503 | } |
1469 | err = do_setstat(conn, g.gl_pathv[i], aa); | 1504 | err = do_setstat(conn, g.gl_pathv[i], aa); |
@@ -1504,10 +1539,8 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd, | |||
1504 | 1539 | ||
1505 | if (g.gl_pathc) | 1540 | if (g.gl_pathc) |
1506 | globfree(&g); | 1541 | globfree(&g); |
1507 | if (path1) | 1542 | free(path1); |
1508 | xfree(path1); | 1543 | free(path2); |
1509 | if (path2) | ||
1510 | xfree(path2); | ||
1511 | 1544 | ||
1512 | /* If an unignored error occurs in batch mode we should abort. */ | 1545 | /* If an unignored error occurs in batch mode we should abort. */ |
1513 | if (err_abort && err != 0) | 1546 | if (err_abort && err != 0) |
@@ -1617,8 +1650,8 @@ complete_cmd_parse(EditLine *el, char *cmd, int lastarg, char quote, | |||
1617 | complete_display(list, 0); | 1650 | complete_display(list, 0); |
1618 | 1651 | ||
1619 | for (y = 0; list[y] != NULL; y++) | 1652 | for (y = 0; list[y] != NULL; y++) |
1620 | xfree(list[y]); | 1653 | free(list[y]); |
1621 | xfree(list); | 1654 | free(list); |
1622 | return count; | 1655 | return count; |
1623 | } | 1656 | } |
1624 | 1657 | ||
@@ -1631,7 +1664,7 @@ complete_cmd_parse(EditLine *el, char *cmd, int lastarg, char quote, | |||
1631 | list[count] = NULL; | 1664 | list[count] = NULL; |
1632 | 1665 | ||
1633 | if (count == 0) { | 1666 | if (count == 0) { |
1634 | xfree(list); | 1667 | free(list); |
1635 | return 0; | 1668 | return 0; |
1636 | } | 1669 | } |
1637 | 1670 | ||
@@ -1641,8 +1674,8 @@ complete_cmd_parse(EditLine *el, char *cmd, int lastarg, char quote, | |||
1641 | complete_display(list, 0); | 1674 | complete_display(list, 0); |
1642 | 1675 | ||
1643 | for (y = 0; list[y]; y++) | 1676 | for (y = 0; list[y]; y++) |
1644 | xfree(list[y]); | 1677 | free(list[y]); |
1645 | xfree(list); | 1678 | free(list); |
1646 | 1679 | ||
1647 | if (tmp != NULL) { | 1680 | if (tmp != NULL) { |
1648 | tmplen = strlen(tmp); | 1681 | tmplen = strlen(tmp); |
@@ -1663,7 +1696,7 @@ complete_cmd_parse(EditLine *el, char *cmd, int lastarg, char quote, | |||
1663 | if (y > 0 && el_insertstr(el, argterm) == -1) | 1696 | if (y > 0 && el_insertstr(el, argterm) == -1) |
1664 | fatal("el_insertstr failed."); | 1697 | fatal("el_insertstr failed."); |
1665 | } | 1698 | } |
1666 | xfree(tmp); | 1699 | free(tmp); |
1667 | } | 1700 | } |
1668 | 1701 | ||
1669 | return count; | 1702 | return count; |
@@ -1694,8 +1727,9 @@ complete_match(EditLine *el, struct sftp_conn *conn, char *remote_path, | |||
1694 | char *file, int remote, int lastarg, char quote, int terminated) | 1727 | char *file, int remote, int lastarg, char quote, int terminated) |
1695 | { | 1728 | { |
1696 | glob_t g; | 1729 | glob_t g; |
1697 | char *tmp, *tmp2, ins[3]; | 1730 | char *tmp, *tmp2, ins[8]; |
1698 | u_int i, hadglob, pwdlen, len, tmplen, filelen, cesc, isesc, isabs; | 1731 | u_int i, hadglob, pwdlen, len, tmplen, filelen, cesc, isesc, isabs; |
1732 | int clen; | ||
1699 | const LineInfo *lf; | 1733 | const LineInfo *lf; |
1700 | 1734 | ||
1701 | /* Glob from "file" location */ | 1735 | /* Glob from "file" location */ |
@@ -1727,7 +1761,7 @@ complete_match(EditLine *el, struct sftp_conn *conn, char *remote_path, | |||
1727 | if (tmp[tmplen] == '/') | 1761 | if (tmp[tmplen] == '/') |
1728 | pwdlen = tmplen + 1; /* track last seen '/' */ | 1762 | pwdlen = tmplen + 1; /* track last seen '/' */ |
1729 | } | 1763 | } |
1730 | xfree(tmp); | 1764 | free(tmp); |
1731 | 1765 | ||
1732 | if (g.gl_matchc == 0) | 1766 | if (g.gl_matchc == 0) |
1733 | goto out; | 1767 | goto out; |
@@ -1742,7 +1776,7 @@ complete_match(EditLine *el, struct sftp_conn *conn, char *remote_path, | |||
1742 | 1776 | ||
1743 | tmp2 = complete_ambiguous(file, g.gl_pathv, g.gl_matchc); | 1777 | tmp2 = complete_ambiguous(file, g.gl_pathv, g.gl_matchc); |
1744 | tmp = path_strip(tmp2, isabs ? NULL : remote_path); | 1778 | tmp = path_strip(tmp2, isabs ? NULL : remote_path); |
1745 | xfree(tmp2); | 1779 | free(tmp2); |
1746 | 1780 | ||
1747 | if (tmp == NULL) | 1781 | if (tmp == NULL) |
1748 | goto out; | 1782 | goto out; |
@@ -1764,10 +1798,13 @@ complete_match(EditLine *el, struct sftp_conn *conn, char *remote_path, | |||
1764 | tmp2 = tmp + filelen - cesc; | 1798 | tmp2 = tmp + filelen - cesc; |
1765 | len = strlen(tmp2); | 1799 | len = strlen(tmp2); |
1766 | /* quote argument on way out */ | 1800 | /* quote argument on way out */ |
1767 | for (i = 0; i < len; i++) { | 1801 | for (i = 0; i < len; i += clen) { |
1802 | if ((clen = mblen(tmp2 + i, len - i)) < 0 || | ||
1803 | (size_t)clen > sizeof(ins) - 2) | ||
1804 | fatal("invalid multibyte character"); | ||
1768 | ins[0] = '\\'; | 1805 | ins[0] = '\\'; |
1769 | ins[1] = tmp2[i]; | 1806 | memcpy(ins + 1, tmp2 + i, clen); |
1770 | ins[2] = '\0'; | 1807 | ins[clen + 1] = '\0'; |
1771 | switch (tmp2[i]) { | 1808 | switch (tmp2[i]) { |
1772 | case '\'': | 1809 | case '\'': |
1773 | case '"': | 1810 | case '"': |
@@ -1804,7 +1841,7 @@ complete_match(EditLine *el, struct sftp_conn *conn, char *remote_path, | |||
1804 | if (i > 0 && el_insertstr(el, ins) == -1) | 1841 | if (i > 0 && el_insertstr(el, ins) == -1) |
1805 | fatal("el_insertstr failed."); | 1842 | fatal("el_insertstr failed."); |
1806 | } | 1843 | } |
1807 | xfree(tmp); | 1844 | free(tmp); |
1808 | 1845 | ||
1809 | out: | 1846 | out: |
1810 | globfree(&g); | 1847 | globfree(&g); |
@@ -1816,7 +1853,8 @@ static unsigned char | |||
1816 | complete(EditLine *el, int ch) | 1853 | complete(EditLine *el, int ch) |
1817 | { | 1854 | { |
1818 | char **argv, *line, quote; | 1855 | char **argv, *line, quote; |
1819 | u_int argc, carg, cursor, len, terminated, ret = CC_ERROR; | 1856 | int argc, carg; |
1857 | u_int cursor, len, terminated, ret = CC_ERROR; | ||
1820 | const LineInfo *lf; | 1858 | const LineInfo *lf; |
1821 | struct complete_ctx *complete_ctx; | 1859 | struct complete_ctx *complete_ctx; |
1822 | 1860 | ||
@@ -1830,7 +1868,7 @@ complete(EditLine *el, int ch) | |||
1830 | memcpy(line, lf->buffer, cursor); | 1868 | memcpy(line, lf->buffer, cursor); |
1831 | line[cursor] = '\0'; | 1869 | line[cursor] = '\0'; |
1832 | argv = makeargv(line, &carg, 1, "e, &terminated); | 1870 | argv = makeargv(line, &carg, 1, "e, &terminated); |
1833 | xfree(line); | 1871 | free(line); |
1834 | 1872 | ||
1835 | /* Get all the arguments on the line */ | 1873 | /* Get all the arguments on the line */ |
1836 | len = lf->lastchar - lf->buffer; | 1874 | len = lf->lastchar - lf->buffer; |
@@ -1842,7 +1880,7 @@ complete(EditLine *el, int ch) | |||
1842 | /* Ensure cursor is at EOL or a argument boundary */ | 1880 | /* Ensure cursor is at EOL or a argument boundary */ |
1843 | if (line[cursor] != ' ' && line[cursor] != '\0' && | 1881 | if (line[cursor] != ' ' && line[cursor] != '\0' && |
1844 | line[cursor] != '\n') { | 1882 | line[cursor] != '\n') { |
1845 | xfree(line); | 1883 | free(line); |
1846 | return ret; | 1884 | return ret; |
1847 | } | 1885 | } |
1848 | 1886 | ||
@@ -1870,7 +1908,7 @@ complete(EditLine *el, int ch) | |||
1870 | ret = CC_REDISPLAY; | 1908 | ret = CC_REDISPLAY; |
1871 | } | 1909 | } |
1872 | 1910 | ||
1873 | xfree(line); | 1911 | free(line); |
1874 | return ret; | 1912 | return ret; |
1875 | } | 1913 | } |
1876 | #endif /* USE_LIBEDIT */ | 1914 | #endif /* USE_LIBEDIT */ |
@@ -1922,31 +1960,30 @@ interactive_loop(struct sftp_conn *conn, char *file1, char *file2) | |||
1922 | dir = make_absolute(dir, remote_path); | 1960 | dir = make_absolute(dir, remote_path); |
1923 | 1961 | ||
1924 | if (remote_is_dir(conn, dir) && file2 == NULL) { | 1962 | if (remote_is_dir(conn, dir) && file2 == NULL) { |
1925 | printf("Changing to: %s\n", dir); | 1963 | if (!quiet) |
1964 | printf("Changing to: %s\n", dir); | ||
1926 | snprintf(cmd, sizeof cmd, "cd \"%s\"", dir); | 1965 | snprintf(cmd, sizeof cmd, "cd \"%s\"", dir); |
1927 | if (parse_dispatch_command(conn, cmd, | 1966 | if (parse_dispatch_command(conn, cmd, |
1928 | &remote_path, 1) != 0) { | 1967 | &remote_path, 1) != 0) { |
1929 | xfree(dir); | 1968 | free(dir); |
1930 | xfree(remote_path); | 1969 | free(remote_path); |
1931 | xfree(conn); | 1970 | free(conn); |
1932 | return (-1); | 1971 | return (-1); |
1933 | } | 1972 | } |
1934 | } else { | 1973 | } else { |
1935 | /* XXX this is wrong wrt quoting */ | 1974 | /* XXX this is wrong wrt quoting */ |
1936 | if (file2 == NULL) | 1975 | snprintf(cmd, sizeof cmd, "get%s %s%s%s", |
1937 | snprintf(cmd, sizeof cmd, "get %s", dir); | 1976 | global_aflag ? " -a" : "", dir, |
1938 | else | 1977 | file2 == NULL ? "" : " ", |
1939 | snprintf(cmd, sizeof cmd, "get %s %s", dir, | 1978 | file2 == NULL ? "" : file2); |
1940 | file2); | ||
1941 | |||
1942 | err = parse_dispatch_command(conn, cmd, | 1979 | err = parse_dispatch_command(conn, cmd, |
1943 | &remote_path, 1); | 1980 | &remote_path, 1); |
1944 | xfree(dir); | 1981 | free(dir); |
1945 | xfree(remote_path); | 1982 | free(remote_path); |
1946 | xfree(conn); | 1983 | free(conn); |
1947 | return (err); | 1984 | return (err); |
1948 | } | 1985 | } |
1949 | xfree(dir); | 1986 | free(dir); |
1950 | } | 1987 | } |
1951 | 1988 | ||
1952 | setlinebuf(stdout); | 1989 | setlinebuf(stdout); |
@@ -2004,8 +2041,8 @@ interactive_loop(struct sftp_conn *conn, char *file1, char *file2) | |||
2004 | if (err != 0) | 2041 | if (err != 0) |
2005 | break; | 2042 | break; |
2006 | } | 2043 | } |
2007 | xfree(remote_path); | 2044 | free(remote_path); |
2008 | xfree(conn); | 2045 | free(conn); |
2009 | 2046 | ||
2010 | #ifdef USE_LIBEDIT | 2047 | #ifdef USE_LIBEDIT |
2011 | if (el != NULL) | 2048 | if (el != NULL) |
@@ -2112,6 +2149,7 @@ main(int argc, char **argv) | |||
2112 | 2149 | ||
2113 | /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ | 2150 | /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ |
2114 | sanitise_stdfd(); | 2151 | sanitise_stdfd(); |
2152 | setlocale(LC_CTYPE, ""); | ||
2115 | 2153 | ||
2116 | __progname = ssh_get_progname(argv[0]); | 2154 | __progname = ssh_get_progname(argv[0]); |
2117 | memset(&args, '\0', sizeof(args)); | 2155 | memset(&args, '\0', sizeof(args)); |
@@ -2126,7 +2164,7 @@ main(int argc, char **argv) | |||
2126 | infile = stdin; | 2164 | infile = stdin; |
2127 | 2165 | ||
2128 | while ((ch = getopt(argc, argv, | 2166 | while ((ch = getopt(argc, argv, |
2129 | "1246hpqrvCc:D:i:l:o:s:S:b:B:F:P:R:")) != -1) { | 2167 | "1246ahpqrvCc:D:i:l:o:s:S:b:B:F:P:R:")) != -1) { |
2130 | switch (ch) { | 2168 | switch (ch) { |
2131 | /* Passed through to ssh(1) */ | 2169 | /* Passed through to ssh(1) */ |
2132 | case '4': | 2170 | case '4': |
@@ -2143,6 +2181,8 @@ main(int argc, char **argv) | |||
2143 | addargs(&args, "%s", optarg); | 2181 | addargs(&args, "%s", optarg); |
2144 | break; | 2182 | break; |
2145 | case 'q': | 2183 | case 'q': |
2184 | ll = SYSLOG_LEVEL_ERROR; | ||
2185 | quiet = 1; | ||
2146 | showprogress = 0; | 2186 | showprogress = 0; |
2147 | addargs(&args, "-%c", ch); | 2187 | addargs(&args, "-%c", ch); |
2148 | break; | 2188 | break; |
@@ -2164,6 +2204,9 @@ main(int argc, char **argv) | |||
2164 | case '2': | 2204 | case '2': |
2165 | sshver = 2; | 2205 | sshver = 2; |
2166 | break; | 2206 | break; |
2207 | case 'a': | ||
2208 | global_aflag = 1; | ||
2209 | break; | ||
2167 | case 'B': | 2210 | case 'B': |
2168 | copy_buffer_len = strtol(optarg, &cp, 10); | 2211 | copy_buffer_len = strtol(optarg, &cp, 10); |
2169 | if (copy_buffer_len == 0 || *cp != '\0') | 2212 | if (copy_buffer_len == 0 || *cp != '\0') |
@@ -2178,7 +2221,7 @@ main(int argc, char **argv) | |||
2178 | (infile = fopen(optarg, "r")) == NULL) | 2221 | (infile = fopen(optarg, "r")) == NULL) |
2179 | fatal("%s (%s).", strerror(errno), optarg); | 2222 | fatal("%s (%s).", strerror(errno), optarg); |
2180 | showprogress = 0; | 2223 | showprogress = 0; |
2181 | batchmode = 1; | 2224 | quiet = batchmode = 1; |
2182 | addargs(&args, "-obatchmode yes"); | 2225 | addargs(&args, "-obatchmode yes"); |
2183 | break; | 2226 | break; |
2184 | case 'p': | 2227 | case 'p': |
@@ -2275,7 +2318,7 @@ main(int argc, char **argv) | |||
2275 | if (conn == NULL) | 2318 | if (conn == NULL) |
2276 | fatal("Couldn't initialise connection to server"); | 2319 | fatal("Couldn't initialise connection to server"); |
2277 | 2320 | ||
2278 | if (!batchmode) { | 2321 | if (!quiet) { |
2279 | if (sftp_direct == NULL) | 2322 | if (sftp_direct == NULL) |
2280 | fprintf(stderr, "Connected to %s.\n", host); | 2323 | fprintf(stderr, "Connected to %s.\n", host); |
2281 | else | 2324 | else |
@@ -116,4 +116,4 @@ AUTHORS | |||
116 | created OpenSSH. Markus Friedl contributed the support for SSH protocol | 116 | created OpenSSH. Markus Friedl contributed the support for SSH protocol |
117 | versions 1.5 and 2.0. | 117 | versions 1.5 and 2.0. |
118 | 118 | ||
119 | OpenBSD 5.3 December 3, 2012 OpenBSD 5.3 | 119 | OpenBSD 5.4 December 3, 2012 OpenBSD 5.4 |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-add.c,v 1.105 2012/12/05 15:42:52 markus Exp $ */ | 1 | /* $OpenBSD: ssh-add.c,v 1.106 2013/05/17 00:13:14 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -90,7 +90,7 @@ clear_pass(void) | |||
90 | { | 90 | { |
91 | if (pass) { | 91 | if (pass) { |
92 | memset(pass, 0, strlen(pass)); | 92 | memset(pass, 0, strlen(pass)); |
93 | xfree(pass); | 93 | free(pass); |
94 | pass = NULL; | 94 | pass = NULL; |
95 | } | 95 | } |
96 | } | 96 | } |
@@ -215,7 +215,7 @@ add_file(AuthenticationConnection *ac, const char *filename, int key_only) | |||
215 | pass = read_passphrase(msg, RP_ALLOW_STDIN); | 215 | pass = read_passphrase(msg, RP_ALLOW_STDIN); |
216 | if (strcmp(pass, "") == 0) { | 216 | if (strcmp(pass, "") == 0) { |
217 | clear_pass(); | 217 | clear_pass(); |
218 | xfree(comment); | 218 | free(comment); |
219 | buffer_free(&keyblob); | 219 | buffer_free(&keyblob); |
220 | return -1; | 220 | return -1; |
221 | } | 221 | } |
@@ -282,8 +282,8 @@ add_file(AuthenticationConnection *ac, const char *filename, int key_only) | |||
282 | fprintf(stderr, "The user must confirm each use of the key\n"); | 282 | fprintf(stderr, "The user must confirm each use of the key\n"); |
283 | out: | 283 | out: |
284 | if (certpath != NULL) | 284 | if (certpath != NULL) |
285 | xfree(certpath); | 285 | free(certpath); |
286 | xfree(comment); | 286 | free(comment); |
287 | key_free(private); | 287 | key_free(private); |
288 | 288 | ||
289 | return ret; | 289 | return ret; |
@@ -308,7 +308,7 @@ update_card(AuthenticationConnection *ac, int add, const char *id) | |||
308 | add ? "add" : "remove", id); | 308 | add ? "add" : "remove", id); |
309 | ret = -1; | 309 | ret = -1; |
310 | } | 310 | } |
311 | xfree(pin); | 311 | free(pin); |
312 | return ret; | 312 | return ret; |
313 | } | 313 | } |
314 | 314 | ||
@@ -330,14 +330,14 @@ list_identities(AuthenticationConnection *ac, int do_fp) | |||
330 | SSH_FP_HEX); | 330 | SSH_FP_HEX); |
331 | printf("%d %s %s (%s)\n", | 331 | printf("%d %s %s (%s)\n", |
332 | key_size(key), fp, comment, key_type(key)); | 332 | key_size(key), fp, comment, key_type(key)); |
333 | xfree(fp); | 333 | free(fp); |
334 | } else { | 334 | } else { |
335 | if (!key_write(key, stdout)) | 335 | if (!key_write(key, stdout)) |
336 | fprintf(stderr, "key_write failed"); | 336 | fprintf(stderr, "key_write failed"); |
337 | fprintf(stdout, " %s\n", comment); | 337 | fprintf(stdout, " %s\n", comment); |
338 | } | 338 | } |
339 | key_free(key); | 339 | key_free(key); |
340 | xfree(comment); | 340 | free(comment); |
341 | } | 341 | } |
342 | } | 342 | } |
343 | if (!had_identities) { | 343 | if (!had_identities) { |
@@ -363,7 +363,7 @@ lock_agent(AuthenticationConnection *ac, int lock) | |||
363 | passok = 0; | 363 | passok = 0; |
364 | } | 364 | } |
365 | memset(p2, 0, strlen(p2)); | 365 | memset(p2, 0, strlen(p2)); |
366 | xfree(p2); | 366 | free(p2); |
367 | } | 367 | } |
368 | if (passok && ssh_lock_agent(ac, lock, p1)) { | 368 | if (passok && ssh_lock_agent(ac, lock, p1)) { |
369 | fprintf(stderr, "Agent %slocked.\n", lock ? "" : "un"); | 369 | fprintf(stderr, "Agent %slocked.\n", lock ? "" : "un"); |
@@ -371,7 +371,7 @@ lock_agent(AuthenticationConnection *ac, int lock) | |||
371 | } else | 371 | } else |
372 | fprintf(stderr, "Failed to %slock agent.\n", lock ? "" : "un"); | 372 | fprintf(stderr, "Failed to %slock agent.\n", lock ? "" : "un"); |
373 | memset(p1, 0, strlen(p1)); | 373 | memset(p1, 0, strlen(p1)); |
374 | xfree(p1); | 374 | free(p1); |
375 | return (ret); | 375 | return (ret); |
376 | } | 376 | } |
377 | 377 | ||
diff --git a/ssh-agent.0 b/ssh-agent.0 index 578984815..e5f0f7342 100644 --- a/ssh-agent.0 +++ b/ssh-agent.0 | |||
@@ -120,4 +120,4 @@ AUTHORS | |||
120 | created OpenSSH. Markus Friedl contributed the support for SSH protocol | 120 | created OpenSSH. Markus Friedl contributed the support for SSH protocol |
121 | versions 1.5 and 2.0. | 121 | versions 1.5 and 2.0. |
122 | 122 | ||
123 | OpenBSD 5.3 November 21, 2010 OpenBSD 5.3 | 123 | OpenBSD 5.4 November 21, 2010 OpenBSD 5.4 |
diff --git a/ssh-agent.c b/ssh-agent.c index b9498e6ef..c3b11729c 100644 --- a/ssh-agent.c +++ b/ssh-agent.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-agent.c,v 1.172 2011/06/03 01:37:40 dtucker Exp $ */ | 1 | /* $OpenBSD: ssh-agent.c,v 1.177 2013/07/20 01:50:20 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -106,7 +106,7 @@ typedef struct identity { | |||
106 | Key *key; | 106 | Key *key; |
107 | char *comment; | 107 | char *comment; |
108 | char *provider; | 108 | char *provider; |
109 | u_int death; | 109 | time_t death; |
110 | u_int confirm; | 110 | u_int confirm; |
111 | } Identity; | 111 | } Identity; |
112 | 112 | ||
@@ -122,7 +122,7 @@ int max_fd = 0; | |||
122 | 122 | ||
123 | /* pid of shell == parent of agent */ | 123 | /* pid of shell == parent of agent */ |
124 | pid_t parent_pid = -1; | 124 | pid_t parent_pid = -1; |
125 | u_int parent_alive_interval = 0; | 125 | time_t parent_alive_interval = 0; |
126 | 126 | ||
127 | /* pathname and directory for AUTH_SOCKET */ | 127 | /* pathname and directory for AUTH_SOCKET */ |
128 | char socket_name[MAXPATHLEN]; | 128 | char socket_name[MAXPATHLEN]; |
@@ -134,8 +134,8 @@ char *lock_passwd = NULL; | |||
134 | 134 | ||
135 | extern char *__progname; | 135 | extern char *__progname; |
136 | 136 | ||
137 | /* Default lifetime (0 == forever) */ | 137 | /* Default lifetime in seconds (0 == forever) */ |
138 | static int lifetime = 0; | 138 | static long lifetime = 0; |
139 | 139 | ||
140 | static void | 140 | static void |
141 | close_socket(SocketEntry *e) | 141 | close_socket(SocketEntry *e) |
@@ -172,10 +172,9 @@ static void | |||
172 | free_identity(Identity *id) | 172 | free_identity(Identity *id) |
173 | { | 173 | { |
174 | key_free(id->key); | 174 | key_free(id->key); |
175 | if (id->provider != NULL) | 175 | free(id->provider); |
176 | xfree(id->provider); | 176 | free(id->comment); |
177 | xfree(id->comment); | 177 | free(id); |
178 | xfree(id); | ||
179 | } | 178 | } |
180 | 179 | ||
181 | /* return matching private key for given public key */ | 180 | /* return matching private key for given public key */ |
@@ -203,7 +202,7 @@ confirm_key(Identity *id) | |||
203 | if (ask_permission("Allow use of key %s?\nKey fingerprint %s.", | 202 | if (ask_permission("Allow use of key %s?\nKey fingerprint %s.", |
204 | id->comment, p)) | 203 | id->comment, p)) |
205 | ret = 0; | 204 | ret = 0; |
206 | xfree(p); | 205 | free(p); |
207 | 206 | ||
208 | return (ret); | 207 | return (ret); |
209 | } | 208 | } |
@@ -230,7 +229,7 @@ process_request_identities(SocketEntry *e, int version) | |||
230 | u_int blen; | 229 | u_int blen; |
231 | key_to_blob(id->key, &blob, &blen); | 230 | key_to_blob(id->key, &blob, &blen); |
232 | buffer_put_string(&msg, blob, blen); | 231 | buffer_put_string(&msg, blob, blen); |
233 | xfree(blob); | 232 | free(blob); |
234 | } | 233 | } |
235 | buffer_put_cstring(&msg, id->comment); | 234 | buffer_put_cstring(&msg, id->comment); |
236 | } | 235 | } |
@@ -348,10 +347,9 @@ process_sign_request2(SocketEntry *e) | |||
348 | buffer_append(&e->output, buffer_ptr(&msg), | 347 | buffer_append(&e->output, buffer_ptr(&msg), |
349 | buffer_len(&msg)); | 348 | buffer_len(&msg)); |
350 | buffer_free(&msg); | 349 | buffer_free(&msg); |
351 | xfree(data); | 350 | free(data); |
352 | xfree(blob); | 351 | free(blob); |
353 | if (signature != NULL) | 352 | free(signature); |
354 | xfree(signature); | ||
355 | datafellows = odatafellows; | 353 | datafellows = odatafellows; |
356 | } | 354 | } |
357 | 355 | ||
@@ -378,7 +376,7 @@ process_remove_identity(SocketEntry *e, int version) | |||
378 | case 2: | 376 | case 2: |
379 | blob = buffer_get_string(&e->request, &blen); | 377 | blob = buffer_get_string(&e->request, &blen); |
380 | key = key_from_blob(blob, blen); | 378 | key = key_from_blob(blob, blen); |
381 | xfree(blob); | 379 | free(blob); |
382 | break; | 380 | break; |
383 | } | 381 | } |
384 | if (key != NULL) { | 382 | if (key != NULL) { |
@@ -430,10 +428,10 @@ process_remove_all_identities(SocketEntry *e, int version) | |||
430 | } | 428 | } |
431 | 429 | ||
432 | /* removes expired keys and returns number of seconds until the next expiry */ | 430 | /* removes expired keys and returns number of seconds until the next expiry */ |
433 | static u_int | 431 | static time_t |
434 | reaper(void) | 432 | reaper(void) |
435 | { | 433 | { |
436 | u_int deadline = 0, now = time(NULL); | 434 | time_t deadline = 0, now = monotime(); |
437 | Identity *id, *nxt; | 435 | Identity *id, *nxt; |
438 | int version; | 436 | int version; |
439 | Idtab *tab; | 437 | Idtab *tab; |
@@ -465,8 +463,9 @@ process_add_identity(SocketEntry *e, int version) | |||
465 | { | 463 | { |
466 | Idtab *tab = idtab_lookup(version); | 464 | Idtab *tab = idtab_lookup(version); |
467 | Identity *id; | 465 | Identity *id; |
468 | int type, success = 0, death = 0, confirm = 0; | 466 | int type, success = 0, confirm = 0; |
469 | char *type_name, *comment; | 467 | char *type_name, *comment; |
468 | time_t death = 0; | ||
470 | Key *k = NULL; | 469 | Key *k = NULL; |
471 | #ifdef OPENSSL_HAS_ECC | 470 | #ifdef OPENSSL_HAS_ECC |
472 | BIGNUM *exponent; | 471 | BIGNUM *exponent; |
@@ -509,7 +508,7 @@ process_add_identity(SocketEntry *e, int version) | |||
509 | cert = buffer_get_string(&e->request, &len); | 508 | cert = buffer_get_string(&e->request, &len); |
510 | if ((k = key_from_blob(cert, len)) == NULL) | 509 | if ((k = key_from_blob(cert, len)) == NULL) |
511 | fatal("Certificate parse failed"); | 510 | fatal("Certificate parse failed"); |
512 | xfree(cert); | 511 | free(cert); |
513 | key_add_private(k); | 512 | key_add_private(k); |
514 | buffer_get_bignum2(&e->request, k->dsa->priv_key); | 513 | buffer_get_bignum2(&e->request, k->dsa->priv_key); |
515 | break; | 514 | break; |
@@ -520,7 +519,7 @@ process_add_identity(SocketEntry *e, int version) | |||
520 | curve = buffer_get_string(&e->request, NULL); | 519 | curve = buffer_get_string(&e->request, NULL); |
521 | if (k->ecdsa_nid != key_curve_name_to_nid(curve)) | 520 | if (k->ecdsa_nid != key_curve_name_to_nid(curve)) |
522 | fatal("%s: curve names mismatch", __func__); | 521 | fatal("%s: curve names mismatch", __func__); |
523 | xfree(curve); | 522 | free(curve); |
524 | k->ecdsa = EC_KEY_new_by_curve_name(k->ecdsa_nid); | 523 | k->ecdsa = EC_KEY_new_by_curve_name(k->ecdsa_nid); |
525 | if (k->ecdsa == NULL) | 524 | if (k->ecdsa == NULL) |
526 | fatal("%s: EC_KEY_new_by_curve_name failed", | 525 | fatal("%s: EC_KEY_new_by_curve_name failed", |
@@ -551,7 +550,7 @@ process_add_identity(SocketEntry *e, int version) | |||
551 | cert = buffer_get_string(&e->request, &len); | 550 | cert = buffer_get_string(&e->request, &len); |
552 | if ((k = key_from_blob(cert, len)) == NULL) | 551 | if ((k = key_from_blob(cert, len)) == NULL) |
553 | fatal("Certificate parse failed"); | 552 | fatal("Certificate parse failed"); |
554 | xfree(cert); | 553 | free(cert); |
555 | key_add_private(k); | 554 | key_add_private(k); |
556 | if ((exponent = BN_new()) == NULL) | 555 | if ((exponent = BN_new()) == NULL) |
557 | fatal("%s: BN_new failed", __func__); | 556 | fatal("%s: BN_new failed", __func__); |
@@ -583,7 +582,7 @@ process_add_identity(SocketEntry *e, int version) | |||
583 | cert = buffer_get_string(&e->request, &len); | 582 | cert = buffer_get_string(&e->request, &len); |
584 | if ((k = key_from_blob(cert, len)) == NULL) | 583 | if ((k = key_from_blob(cert, len)) == NULL) |
585 | fatal("Certificate parse failed"); | 584 | fatal("Certificate parse failed"); |
586 | xfree(cert); | 585 | free(cert); |
587 | key_add_private(k); | 586 | key_add_private(k); |
588 | buffer_get_bignum2(&e->request, k->rsa->d); | 587 | buffer_get_bignum2(&e->request, k->rsa->d); |
589 | buffer_get_bignum2(&e->request, k->rsa->iqmp); | 588 | buffer_get_bignum2(&e->request, k->rsa->iqmp); |
@@ -591,11 +590,11 @@ process_add_identity(SocketEntry *e, int version) | |||
591 | buffer_get_bignum2(&e->request, k->rsa->q); | 590 | buffer_get_bignum2(&e->request, k->rsa->q); |
592 | break; | 591 | break; |
593 | default: | 592 | default: |
594 | xfree(type_name); | 593 | free(type_name); |
595 | buffer_clear(&e->request); | 594 | buffer_clear(&e->request); |
596 | goto send; | 595 | goto send; |
597 | } | 596 | } |
598 | xfree(type_name); | 597 | free(type_name); |
599 | break; | 598 | break; |
600 | } | 599 | } |
601 | /* enable blinding */ | 600 | /* enable blinding */ |
@@ -613,13 +612,13 @@ process_add_identity(SocketEntry *e, int version) | |||
613 | } | 612 | } |
614 | comment = buffer_get_string(&e->request, NULL); | 613 | comment = buffer_get_string(&e->request, NULL); |
615 | if (k == NULL) { | 614 | if (k == NULL) { |
616 | xfree(comment); | 615 | free(comment); |
617 | goto send; | 616 | goto send; |
618 | } | 617 | } |
619 | while (buffer_len(&e->request)) { | 618 | while (buffer_len(&e->request)) { |
620 | switch ((type = buffer_get_char(&e->request))) { | 619 | switch ((type = buffer_get_char(&e->request))) { |
621 | case SSH_AGENT_CONSTRAIN_LIFETIME: | 620 | case SSH_AGENT_CONSTRAIN_LIFETIME: |
622 | death = time(NULL) + buffer_get_int(&e->request); | 621 | death = monotime() + buffer_get_int(&e->request); |
623 | break; | 622 | break; |
624 | case SSH_AGENT_CONSTRAIN_CONFIRM: | 623 | case SSH_AGENT_CONSTRAIN_CONFIRM: |
625 | confirm = 1; | 624 | confirm = 1; |
@@ -627,14 +626,14 @@ process_add_identity(SocketEntry *e, int version) | |||
627 | default: | 626 | default: |
628 | error("process_add_identity: " | 627 | error("process_add_identity: " |
629 | "Unknown constraint type %d", type); | 628 | "Unknown constraint type %d", type); |
630 | xfree(comment); | 629 | free(comment); |
631 | key_free(k); | 630 | key_free(k); |
632 | goto send; | 631 | goto send; |
633 | } | 632 | } |
634 | } | 633 | } |
635 | success = 1; | 634 | success = 1; |
636 | if (lifetime && !death) | 635 | if (lifetime && !death) |
637 | death = time(NULL) + lifetime; | 636 | death = monotime() + lifetime; |
638 | if ((id = lookup_identity(k, version)) == NULL) { | 637 | if ((id = lookup_identity(k, version)) == NULL) { |
639 | id = xcalloc(1, sizeof(Identity)); | 638 | id = xcalloc(1, sizeof(Identity)); |
640 | id->key = k; | 639 | id->key = k; |
@@ -643,7 +642,7 @@ process_add_identity(SocketEntry *e, int version) | |||
643 | tab->nentries++; | 642 | tab->nentries++; |
644 | } else { | 643 | } else { |
645 | key_free(k); | 644 | key_free(k); |
646 | xfree(id->comment); | 645 | free(id->comment); |
647 | } | 646 | } |
648 | id->comment = comment; | 647 | id->comment = comment; |
649 | id->death = death; | 648 | id->death = death; |
@@ -665,7 +664,7 @@ process_lock_agent(SocketEntry *e, int lock) | |||
665 | if (locked && !lock && strcmp(passwd, lock_passwd) == 0) { | 664 | if (locked && !lock && strcmp(passwd, lock_passwd) == 0) { |
666 | locked = 0; | 665 | locked = 0; |
667 | memset(lock_passwd, 0, strlen(lock_passwd)); | 666 | memset(lock_passwd, 0, strlen(lock_passwd)); |
668 | xfree(lock_passwd); | 667 | free(lock_passwd); |
669 | lock_passwd = NULL; | 668 | lock_passwd = NULL; |
670 | success = 1; | 669 | success = 1; |
671 | } else if (!locked && lock) { | 670 | } else if (!locked && lock) { |
@@ -674,7 +673,7 @@ process_lock_agent(SocketEntry *e, int lock) | |||
674 | success = 1; | 673 | success = 1; |
675 | } | 674 | } |
676 | memset(passwd, 0, strlen(passwd)); | 675 | memset(passwd, 0, strlen(passwd)); |
677 | xfree(passwd); | 676 | free(passwd); |
678 | 677 | ||
679 | buffer_put_int(&e->output, 1); | 678 | buffer_put_int(&e->output, 1); |
680 | buffer_put_char(&e->output, | 679 | buffer_put_char(&e->output, |
@@ -701,7 +700,8 @@ static void | |||
701 | process_add_smartcard_key(SocketEntry *e) | 700 | process_add_smartcard_key(SocketEntry *e) |
702 | { | 701 | { |
703 | char *provider = NULL, *pin; | 702 | char *provider = NULL, *pin; |
704 | int i, type, version, count = 0, success = 0, death = 0, confirm = 0; | 703 | int i, type, version, count = 0, success = 0, confirm = 0; |
704 | time_t death = 0; | ||
705 | Key **keys = NULL, *k; | 705 | Key **keys = NULL, *k; |
706 | Identity *id; | 706 | Identity *id; |
707 | Idtab *tab; | 707 | Idtab *tab; |
@@ -712,7 +712,7 @@ process_add_smartcard_key(SocketEntry *e) | |||
712 | while (buffer_len(&e->request)) { | 712 | while (buffer_len(&e->request)) { |
713 | switch ((type = buffer_get_char(&e->request))) { | 713 | switch ((type = buffer_get_char(&e->request))) { |
714 | case SSH_AGENT_CONSTRAIN_LIFETIME: | 714 | case SSH_AGENT_CONSTRAIN_LIFETIME: |
715 | death = time(NULL) + buffer_get_int(&e->request); | 715 | death = monotime() + buffer_get_int(&e->request); |
716 | break; | 716 | break; |
717 | case SSH_AGENT_CONSTRAIN_CONFIRM: | 717 | case SSH_AGENT_CONSTRAIN_CONFIRM: |
718 | confirm = 1; | 718 | confirm = 1; |
@@ -724,7 +724,7 @@ process_add_smartcard_key(SocketEntry *e) | |||
724 | } | 724 | } |
725 | } | 725 | } |
726 | if (lifetime && !death) | 726 | if (lifetime && !death) |
727 | death = time(NULL) + lifetime; | 727 | death = monotime() + lifetime; |
728 | 728 | ||
729 | count = pkcs11_add_provider(provider, pin, &keys); | 729 | count = pkcs11_add_provider(provider, pin, &keys); |
730 | for (i = 0; i < count; i++) { | 730 | for (i = 0; i < count; i++) { |
@@ -747,12 +747,9 @@ process_add_smartcard_key(SocketEntry *e) | |||
747 | keys[i] = NULL; | 747 | keys[i] = NULL; |
748 | } | 748 | } |
749 | send: | 749 | send: |
750 | if (pin) | 750 | free(pin); |
751 | xfree(pin); | 751 | free(provider); |
752 | if (provider) | 752 | free(keys); |
753 | xfree(provider); | ||
754 | if (keys) | ||
755 | xfree(keys); | ||
756 | buffer_put_int(&e->output, 1); | 753 | buffer_put_int(&e->output, 1); |
757 | buffer_put_char(&e->output, | 754 | buffer_put_char(&e->output, |
758 | success ? SSH_AGENT_SUCCESS : SSH_AGENT_FAILURE); | 755 | success ? SSH_AGENT_SUCCESS : SSH_AGENT_FAILURE); |
@@ -768,7 +765,7 @@ process_remove_smartcard_key(SocketEntry *e) | |||
768 | 765 | ||
769 | provider = buffer_get_string(&e->request, NULL); | 766 | provider = buffer_get_string(&e->request, NULL); |
770 | pin = buffer_get_string(&e->request, NULL); | 767 | pin = buffer_get_string(&e->request, NULL); |
771 | xfree(pin); | 768 | free(pin); |
772 | 769 | ||
773 | for (version = 1; version < 3; version++) { | 770 | for (version = 1; version < 3; version++) { |
774 | tab = idtab_lookup(version); | 771 | tab = idtab_lookup(version); |
@@ -786,7 +783,7 @@ process_remove_smartcard_key(SocketEntry *e) | |||
786 | else | 783 | else |
787 | error("process_remove_smartcard_key:" | 784 | error("process_remove_smartcard_key:" |
788 | " pkcs11_del_provider failed"); | 785 | " pkcs11_del_provider failed"); |
789 | xfree(provider); | 786 | free(provider); |
790 | buffer_put_int(&e->output, 1); | 787 | buffer_put_int(&e->output, 1); |
791 | buffer_put_char(&e->output, | 788 | buffer_put_char(&e->output, |
792 | success ? SSH_AGENT_SUCCESS : SSH_AGENT_FAILURE); | 789 | success ? SSH_AGENT_SUCCESS : SSH_AGENT_FAILURE); |
@@ -931,9 +928,10 @@ static int | |||
931 | prepare_select(fd_set **fdrp, fd_set **fdwp, int *fdl, u_int *nallocp, | 928 | prepare_select(fd_set **fdrp, fd_set **fdwp, int *fdl, u_int *nallocp, |
932 | struct timeval **tvpp) | 929 | struct timeval **tvpp) |
933 | { | 930 | { |
934 | u_int i, sz, deadline; | 931 | u_int i, sz; |
935 | int n = 0; | 932 | int n = 0; |
936 | static struct timeval tv; | 933 | static struct timeval tv; |
934 | time_t deadline; | ||
937 | 935 | ||
938 | for (i = 0; i < sockets_alloc; i++) { | 936 | for (i = 0; i < sockets_alloc; i++) { |
939 | switch (sockets[i].type) { | 937 | switch (sockets[i].type) { |
@@ -951,10 +949,8 @@ prepare_select(fd_set **fdrp, fd_set **fdwp, int *fdl, u_int *nallocp, | |||
951 | 949 | ||
952 | sz = howmany(n+1, NFDBITS) * sizeof(fd_mask); | 950 | sz = howmany(n+1, NFDBITS) * sizeof(fd_mask); |
953 | if (*fdrp == NULL || sz > *nallocp) { | 951 | if (*fdrp == NULL || sz > *nallocp) { |
954 | if (*fdrp) | 952 | free(*fdrp); |
955 | xfree(*fdrp); | 953 | free(*fdwp); |
956 | if (*fdwp) | ||
957 | xfree(*fdwp); | ||
958 | *fdrp = xmalloc(sz); | 954 | *fdrp = xmalloc(sz); |
959 | *fdwp = xmalloc(sz); | 955 | *fdwp = xmalloc(sz); |
960 | *nallocp = sz; | 956 | *nallocp = sz; |
@@ -1348,9 +1344,8 @@ skip: | |||
1348 | if (ac > 0) | 1344 | if (ac > 0) |
1349 | parent_alive_interval = 10; | 1345 | parent_alive_interval = 10; |
1350 | idtab_init(); | 1346 | idtab_init(); |
1351 | if (!d_flag) | ||
1352 | signal(SIGINT, SIG_IGN); | ||
1353 | signal(SIGPIPE, SIG_IGN); | 1347 | signal(SIGPIPE, SIG_IGN); |
1348 | signal(SIGINT, d_flag ? cleanup_handler : SIG_IGN); | ||
1354 | signal(SIGHUP, cleanup_handler); | 1349 | signal(SIGHUP, cleanup_handler); |
1355 | signal(SIGTERM, cleanup_handler); | 1350 | signal(SIGTERM, cleanup_handler); |
1356 | nalloc = 0; | 1351 | nalloc = 0; |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-dss.c,v 1.27 2010/08/31 09:58:37 djm Exp $ */ | 1 | /* $OpenBSD: ssh-dss.c,v 1.28 2013/05/17 00:13:14 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -137,17 +137,17 @@ ssh_dss_verify(const Key *key, const u_char *signature, u_int signaturelen, | |||
137 | if (strcmp("ssh-dss", ktype) != 0) { | 137 | if (strcmp("ssh-dss", ktype) != 0) { |
138 | error("ssh_dss_verify: cannot handle type %s", ktype); | 138 | error("ssh_dss_verify: cannot handle type %s", ktype); |
139 | buffer_free(&b); | 139 | buffer_free(&b); |
140 | xfree(ktype); | 140 | free(ktype); |
141 | return -1; | 141 | return -1; |
142 | } | 142 | } |
143 | xfree(ktype); | 143 | free(ktype); |
144 | sigblob = buffer_get_string(&b, &len); | 144 | sigblob = buffer_get_string(&b, &len); |
145 | rlen = buffer_len(&b); | 145 | rlen = buffer_len(&b); |
146 | buffer_free(&b); | 146 | buffer_free(&b); |
147 | if (rlen != 0) { | 147 | if (rlen != 0) { |
148 | error("ssh_dss_verify: " | 148 | error("ssh_dss_verify: " |
149 | "remaining bytes in signature %d", rlen); | 149 | "remaining bytes in signature %d", rlen); |
150 | xfree(sigblob); | 150 | free(sigblob); |
151 | return -1; | 151 | return -1; |
152 | } | 152 | } |
153 | } | 153 | } |
@@ -169,7 +169,7 @@ ssh_dss_verify(const Key *key, const u_char *signature, u_int signaturelen, | |||
169 | 169 | ||
170 | /* clean up */ | 170 | /* clean up */ |
171 | memset(sigblob, 0, len); | 171 | memset(sigblob, 0, len); |
172 | xfree(sigblob); | 172 | free(sigblob); |
173 | 173 | ||
174 | /* sha1 the data */ | 174 | /* sha1 the data */ |
175 | EVP_DigestInit(&md, evp_md); | 175 | EVP_DigestInit(&md, evp_md); |
diff --git a/ssh-ecdsa.c b/ssh-ecdsa.c index 085468ee7..766338941 100644 --- a/ssh-ecdsa.c +++ b/ssh-ecdsa.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-ecdsa.c,v 1.5 2012/01/08 13:17:11 miod Exp $ */ | 1 | /* $OpenBSD: ssh-ecdsa.c,v 1.6 2013/05/17 00:13:14 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * Copyright (c) 2010 Damien Miller. All rights reserved. | 4 | * Copyright (c) 2010 Damien Miller. All rights reserved. |
@@ -119,16 +119,16 @@ ssh_ecdsa_verify(const Key *key, const u_char *signature, u_int signaturelen, | |||
119 | if (strcmp(key_ssh_name_plain(key), ktype) != 0) { | 119 | if (strcmp(key_ssh_name_plain(key), ktype) != 0) { |
120 | error("%s: cannot handle type %s", __func__, ktype); | 120 | error("%s: cannot handle type %s", __func__, ktype); |
121 | buffer_free(&b); | 121 | buffer_free(&b); |
122 | xfree(ktype); | 122 | free(ktype); |
123 | return -1; | 123 | return -1; |
124 | } | 124 | } |
125 | xfree(ktype); | 125 | free(ktype); |
126 | sigblob = buffer_get_string(&b, &len); | 126 | sigblob = buffer_get_string(&b, &len); |
127 | rlen = buffer_len(&b); | 127 | rlen = buffer_len(&b); |
128 | buffer_free(&b); | 128 | buffer_free(&b); |
129 | if (rlen != 0) { | 129 | if (rlen != 0) { |
130 | error("%s: remaining bytes in signature %d", __func__, rlen); | 130 | error("%s: remaining bytes in signature %d", __func__, rlen); |
131 | xfree(sigblob); | 131 | free(sigblob); |
132 | return -1; | 132 | return -1; |
133 | } | 133 | } |
134 | 134 | ||
@@ -149,7 +149,7 @@ ssh_ecdsa_verify(const Key *key, const u_char *signature, u_int signaturelen, | |||
149 | 149 | ||
150 | /* clean up */ | 150 | /* clean up */ |
151 | memset(sigblob, 0, len); | 151 | memset(sigblob, 0, len); |
152 | xfree(sigblob); | 152 | free(sigblob); |
153 | 153 | ||
154 | /* hash the data */ | 154 | /* hash the data */ |
155 | EVP_DigestInit(&md, evp_md); | 155 | EVP_DigestInit(&md, evp_md); |
diff --git a/ssh-keygen.0 b/ssh-keygen.0 index 3c7a64753..2b0e9a692 100644 --- a/ssh-keygen.0 +++ b/ssh-keygen.0 | |||
@@ -543,4 +543,4 @@ AUTHORS | |||
543 | created OpenSSH. Markus Friedl contributed the support for SSH protocol | 543 | created OpenSSH. Markus Friedl contributed the support for SSH protocol |
544 | versions 1.5 and 2.0. | 544 | versions 1.5 and 2.0. |
545 | 545 | ||
546 | OpenBSD 5.3 January 19, 2013 OpenBSD 5.3 | 546 | OpenBSD 5.4 June 27, 2013 OpenBSD 5.4 |
diff --git a/ssh-keygen.1 b/ssh-keygen.1 index 7da73e07c..0d55854e9 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1 | |||
@@ -1,4 +1,4 @@ | |||
1 | .\" $OpenBSD: ssh-keygen.1,v 1.115 2013/01/19 07:13:25 jmc Exp $ | 1 | .\" $OpenBSD: ssh-keygen.1,v 1.116 2013/06/27 14:05:37 jmc Exp $ |
2 | .\" | 2 | .\" |
3 | .\" Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | .\" Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -35,7 +35,7 @@ | |||
35 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 35 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
36 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 36 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
37 | .\" | 37 | .\" |
38 | .Dd $Mdocdate: January 19 2013 $ | 38 | .Dd $Mdocdate: June 27 2013 $ |
39 | .Dt SSH-KEYGEN 1 | 39 | .Dt SSH-KEYGEN 1 |
40 | .Os | 40 | .Os |
41 | .Sh NAME | 41 | .Sh NAME |
@@ -516,8 +516,7 @@ of two times separated by a colon to indicate an explicit time interval. | |||
516 | The start time may be specified as a date in YYYYMMDD format, a time | 516 | The start time may be specified as a date in YYYYMMDD format, a time |
517 | in YYYYMMDDHHMMSS format or a relative time (to the current time) consisting | 517 | in YYYYMMDDHHMMSS format or a relative time (to the current time) consisting |
518 | of a minus sign followed by a relative time in the format described in the | 518 | of a minus sign followed by a relative time in the format described in the |
519 | .Sx TIME FORMATS | 519 | TIME FORMATS section of |
520 | section of | ||
521 | .Xr sshd_config 5 . | 520 | .Xr sshd_config 5 . |
522 | The end time may be specified as a YYYYMMDD date, a YYYYMMDDHHMMSS time or | 521 | The end time may be specified as a YYYYMMDD date, a YYYYMMDDHHMMSS time or |
523 | a relative time starting with a plus character. | 522 | a relative time starting with a plus character. |
diff --git a/ssh-keygen.c b/ssh-keygen.c index d1a205e18..03c444d42 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-keygen.c,v 1.225 2013/02/10 23:32:10 djm Exp $ */ | 1 | /* $OpenBSD: ssh-keygen.c,v 1.230 2013/07/20 01:44:37 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -252,7 +252,7 @@ load_identity(char *filename) | |||
252 | RP_ALLOW_STDIN); | 252 | RP_ALLOW_STDIN); |
253 | prv = key_load_private(filename, pass, NULL); | 253 | prv = key_load_private(filename, pass, NULL); |
254 | memset(pass, 0, strlen(pass)); | 254 | memset(pass, 0, strlen(pass)); |
255 | xfree(pass); | 255 | free(pass); |
256 | } | 256 | } |
257 | return prv; | 257 | return prv; |
258 | } | 258 | } |
@@ -288,7 +288,7 @@ do_convert_to_ssh2(struct passwd *pw, Key *k) | |||
288 | dump_base64(stdout, blob, len); | 288 | dump_base64(stdout, blob, len); |
289 | fprintf(stdout, "%s\n", SSH_COM_PUBLIC_END); | 289 | fprintf(stdout, "%s\n", SSH_COM_PUBLIC_END); |
290 | key_free(k); | 290 | key_free(k); |
291 | xfree(blob); | 291 | free(blob); |
292 | exit(0); | 292 | exit(0); |
293 | } | 293 | } |
294 | 294 | ||
@@ -415,12 +415,12 @@ do_convert_private_ssh2_from_blob(u_char *blob, u_int blen) | |||
415 | debug("ignore (%d %d %d %d)", i1, i2, i3, i4); | 415 | debug("ignore (%d %d %d %d)", i1, i2, i3, i4); |
416 | if (strcmp(cipher, "none") != 0) { | 416 | if (strcmp(cipher, "none") != 0) { |
417 | error("unsupported cipher %s", cipher); | 417 | error("unsupported cipher %s", cipher); |
418 | xfree(cipher); | 418 | free(cipher); |
419 | buffer_free(&b); | 419 | buffer_free(&b); |
420 | xfree(type); | 420 | free(type); |
421 | return NULL; | 421 | return NULL; |
422 | } | 422 | } |
423 | xfree(cipher); | 423 | free(cipher); |
424 | 424 | ||
425 | if (strstr(type, "dsa")) { | 425 | if (strstr(type, "dsa")) { |
426 | ktype = KEY_DSA; | 426 | ktype = KEY_DSA; |
@@ -428,11 +428,11 @@ do_convert_private_ssh2_from_blob(u_char *blob, u_int blen) | |||
428 | ktype = KEY_RSA; | 428 | ktype = KEY_RSA; |
429 | } else { | 429 | } else { |
430 | buffer_free(&b); | 430 | buffer_free(&b); |
431 | xfree(type); | 431 | free(type); |
432 | return NULL; | 432 | return NULL; |
433 | } | 433 | } |
434 | key = key_new_private(ktype); | 434 | key = key_new_private(ktype); |
435 | xfree(type); | 435 | free(type); |
436 | 436 | ||
437 | switch (key->type) { | 437 | switch (key->type) { |
438 | case KEY_DSA: | 438 | case KEY_DSA: |
@@ -475,7 +475,7 @@ do_convert_private_ssh2_from_blob(u_char *blob, u_int blen) | |||
475 | /* try the key */ | 475 | /* try the key */ |
476 | key_sign(key, &sig, &slen, data, sizeof(data)); | 476 | key_sign(key, &sig, &slen, data, sizeof(data)); |
477 | key_verify(key, sig, slen, data, sizeof(data)); | 477 | key_verify(key, sig, slen, data, sizeof(data)); |
478 | xfree(sig); | 478 | free(sig); |
479 | return key; | 479 | return key; |
480 | } | 480 | } |
481 | 481 | ||
@@ -524,7 +524,7 @@ do_convert_from_ssh2(struct passwd *pw, Key **k, int *private) | |||
524 | fatal("%s: %s: %s", __progname, identity_file, strerror(errno)); | 524 | fatal("%s: %s: %s", __progname, identity_file, strerror(errno)); |
525 | encoded[0] = '\0'; | 525 | encoded[0] = '\0'; |
526 | while ((blen = get_line(fp, line, sizeof(line))) != -1) { | 526 | while ((blen = get_line(fp, line, sizeof(line))) != -1) { |
527 | if (line[blen - 1] == '\\') | 527 | if (blen > 0 && line[blen - 1] == '\\') |
528 | escaped++; | 528 | escaped++; |
529 | if (strncmp(line, "----", 4) == 0 || | 529 | if (strncmp(line, "----", 4) == 0 || |
530 | strstr(line, ": ") != NULL) { | 530 | strstr(line, ": ") != NULL) { |
@@ -746,15 +746,15 @@ do_download(struct passwd *pw) | |||
746 | fp, key_type(keys[i])); | 746 | fp, key_type(keys[i])); |
747 | if (log_level >= SYSLOG_LEVEL_VERBOSE) | 747 | if (log_level >= SYSLOG_LEVEL_VERBOSE) |
748 | printf("%s\n", ra); | 748 | printf("%s\n", ra); |
749 | xfree(ra); | 749 | free(ra); |
750 | xfree(fp); | 750 | free(fp); |
751 | } else { | 751 | } else { |
752 | key_write(keys[i], stdout); | 752 | key_write(keys[i], stdout); |
753 | fprintf(stdout, "\n"); | 753 | fprintf(stdout, "\n"); |
754 | } | 754 | } |
755 | key_free(keys[i]); | 755 | key_free(keys[i]); |
756 | } | 756 | } |
757 | xfree(keys); | 757 | free(keys); |
758 | pkcs11_terminate(); | 758 | pkcs11_terminate(); |
759 | exit(0); | 759 | exit(0); |
760 | #else | 760 | #else |
@@ -791,13 +791,13 @@ do_fingerprint(struct passwd *pw) | |||
791 | if (log_level >= SYSLOG_LEVEL_VERBOSE) | 791 | if (log_level >= SYSLOG_LEVEL_VERBOSE) |
792 | printf("%s\n", ra); | 792 | printf("%s\n", ra); |
793 | key_free(public); | 793 | key_free(public); |
794 | xfree(comment); | 794 | free(comment); |
795 | xfree(ra); | 795 | free(ra); |
796 | xfree(fp); | 796 | free(fp); |
797 | exit(0); | 797 | exit(0); |
798 | } | 798 | } |
799 | if (comment) { | 799 | if (comment) { |
800 | xfree(comment); | 800 | free(comment); |
801 | comment = NULL; | 801 | comment = NULL; |
802 | } | 802 | } |
803 | 803 | ||
@@ -856,8 +856,8 @@ do_fingerprint(struct passwd *pw) | |||
856 | comment ? comment : "no comment", key_type(public)); | 856 | comment ? comment : "no comment", key_type(public)); |
857 | if (log_level >= SYSLOG_LEVEL_VERBOSE) | 857 | if (log_level >= SYSLOG_LEVEL_VERBOSE) |
858 | printf("%s\n", ra); | 858 | printf("%s\n", ra); |
859 | xfree(ra); | 859 | free(ra); |
860 | xfree(fp); | 860 | free(fp); |
861 | key_free(public); | 861 | key_free(public); |
862 | invalid = 0; | 862 | invalid = 0; |
863 | } | 863 | } |
@@ -980,8 +980,8 @@ printhost(FILE *f, const char *name, Key *public, int ca, int hash) | |||
980 | key_type(public)); | 980 | key_type(public)); |
981 | if (log_level >= SYSLOG_LEVEL_VERBOSE) | 981 | if (log_level >= SYSLOG_LEVEL_VERBOSE) |
982 | printf("%s\n", ra); | 982 | printf("%s\n", ra); |
983 | xfree(ra); | 983 | free(ra); |
984 | xfree(fp); | 984 | free(fp); |
985 | } else { | 985 | } else { |
986 | if (hash && (name = host_hash(name, NULL, 0)) == NULL) | 986 | if (hash && (name = host_hash(name, NULL, 0)) == NULL) |
987 | fatal("hash_host failed"); | 987 | fatal("hash_host failed"); |
@@ -1007,7 +1007,7 @@ do_known_hosts(struct passwd *pw, const char *name) | |||
1007 | if (strlcpy(identity_file, cp, sizeof(identity_file)) >= | 1007 | if (strlcpy(identity_file, cp, sizeof(identity_file)) >= |
1008 | sizeof(identity_file)) | 1008 | sizeof(identity_file)) |
1009 | fatal("Specified known hosts path too long"); | 1009 | fatal("Specified known hosts path too long"); |
1010 | xfree(cp); | 1010 | free(cp); |
1011 | have_identity = 1; | 1011 | have_identity = 1; |
1012 | } | 1012 | } |
1013 | if ((in = fopen(identity_file, "r")) == NULL) | 1013 | if ((in = fopen(identity_file, "r")) == NULL) |
@@ -1238,7 +1238,7 @@ do_change_passphrase(struct passwd *pw) | |||
1238 | private = key_load_private(identity_file, old_passphrase, | 1238 | private = key_load_private(identity_file, old_passphrase, |
1239 | &comment); | 1239 | &comment); |
1240 | memset(old_passphrase, 0, strlen(old_passphrase)); | 1240 | memset(old_passphrase, 0, strlen(old_passphrase)); |
1241 | xfree(old_passphrase); | 1241 | free(old_passphrase); |
1242 | if (private == NULL) { | 1242 | if (private == NULL) { |
1243 | printf("Bad passphrase.\n"); | 1243 | printf("Bad passphrase.\n"); |
1244 | exit(1); | 1244 | exit(1); |
@@ -1261,30 +1261,30 @@ do_change_passphrase(struct passwd *pw) | |||
1261 | if (strcmp(passphrase1, passphrase2) != 0) { | 1261 | if (strcmp(passphrase1, passphrase2) != 0) { |
1262 | memset(passphrase1, 0, strlen(passphrase1)); | 1262 | memset(passphrase1, 0, strlen(passphrase1)); |
1263 | memset(passphrase2, 0, strlen(passphrase2)); | 1263 | memset(passphrase2, 0, strlen(passphrase2)); |
1264 | xfree(passphrase1); | 1264 | free(passphrase1); |
1265 | xfree(passphrase2); | 1265 | free(passphrase2); |
1266 | printf("Pass phrases do not match. Try again.\n"); | 1266 | printf("Pass phrases do not match. Try again.\n"); |
1267 | exit(1); | 1267 | exit(1); |
1268 | } | 1268 | } |
1269 | /* Destroy the other copy. */ | 1269 | /* Destroy the other copy. */ |
1270 | memset(passphrase2, 0, strlen(passphrase2)); | 1270 | memset(passphrase2, 0, strlen(passphrase2)); |
1271 | xfree(passphrase2); | 1271 | free(passphrase2); |
1272 | } | 1272 | } |
1273 | 1273 | ||
1274 | /* Save the file using the new passphrase. */ | 1274 | /* Save the file using the new passphrase. */ |
1275 | if (!key_save_private(private, identity_file, passphrase1, comment)) { | 1275 | if (!key_save_private(private, identity_file, passphrase1, comment)) { |
1276 | printf("Saving the key failed: %s.\n", identity_file); | 1276 | printf("Saving the key failed: %s.\n", identity_file); |
1277 | memset(passphrase1, 0, strlen(passphrase1)); | 1277 | memset(passphrase1, 0, strlen(passphrase1)); |
1278 | xfree(passphrase1); | 1278 | free(passphrase1); |
1279 | key_free(private); | 1279 | key_free(private); |
1280 | xfree(comment); | 1280 | free(comment); |
1281 | exit(1); | 1281 | exit(1); |
1282 | } | 1282 | } |
1283 | /* Destroy the passphrase and the copy of the key in memory. */ | 1283 | /* Destroy the passphrase and the copy of the key in memory. */ |
1284 | memset(passphrase1, 0, strlen(passphrase1)); | 1284 | memset(passphrase1, 0, strlen(passphrase1)); |
1285 | xfree(passphrase1); | 1285 | free(passphrase1); |
1286 | key_free(private); /* Destroys contents */ | 1286 | key_free(private); /* Destroys contents */ |
1287 | xfree(comment); | 1287 | free(comment); |
1288 | 1288 | ||
1289 | printf("Your identification has been saved with the new passphrase.\n"); | 1289 | printf("Your identification has been saved with the new passphrase.\n"); |
1290 | exit(0); | 1290 | exit(0); |
@@ -1301,7 +1301,7 @@ do_print_resource_record(struct passwd *pw, char *fname, char *hname) | |||
1301 | struct stat st; | 1301 | struct stat st; |
1302 | 1302 | ||
1303 | if (fname == NULL) | 1303 | if (fname == NULL) |
1304 | ask_filename(pw, "Enter file in which the key is"); | 1304 | fatal("%s: no filename", __func__); |
1305 | if (stat(fname, &st) < 0) { | 1305 | if (stat(fname, &st) < 0) { |
1306 | if (errno == ENOENT) | 1306 | if (errno == ENOENT) |
1307 | return 0; | 1307 | return 0; |
@@ -1312,11 +1312,11 @@ do_print_resource_record(struct passwd *pw, char *fname, char *hname) | |||
1312 | if (public != NULL) { | 1312 | if (public != NULL) { |
1313 | export_dns_rr(hname, public, stdout, print_generic); | 1313 | export_dns_rr(hname, public, stdout, print_generic); |
1314 | key_free(public); | 1314 | key_free(public); |
1315 | xfree(comment); | 1315 | free(comment); |
1316 | return 1; | 1316 | return 1; |
1317 | } | 1317 | } |
1318 | if (comment) | 1318 | if (comment) |
1319 | xfree(comment); | 1319 | free(comment); |
1320 | 1320 | ||
1321 | printf("failed to read v2 public key from %s.\n", fname); | 1321 | printf("failed to read v2 public key from %s.\n", fname); |
1322 | exit(1); | 1322 | exit(1); |
@@ -1354,7 +1354,7 @@ do_change_comment(struct passwd *pw) | |||
1354 | private = key_load_private(identity_file, passphrase, &comment); | 1354 | private = key_load_private(identity_file, passphrase, &comment); |
1355 | if (private == NULL) { | 1355 | if (private == NULL) { |
1356 | memset(passphrase, 0, strlen(passphrase)); | 1356 | memset(passphrase, 0, strlen(passphrase)); |
1357 | xfree(passphrase); | 1357 | free(passphrase); |
1358 | printf("Bad passphrase.\n"); | 1358 | printf("Bad passphrase.\n"); |
1359 | exit(1); | 1359 | exit(1); |
1360 | } | 1360 | } |
@@ -1385,13 +1385,13 @@ do_change_comment(struct passwd *pw) | |||
1385 | if (!key_save_private(private, identity_file, passphrase, new_comment)) { | 1385 | if (!key_save_private(private, identity_file, passphrase, new_comment)) { |
1386 | printf("Saving the key failed: %s.\n", identity_file); | 1386 | printf("Saving the key failed: %s.\n", identity_file); |
1387 | memset(passphrase, 0, strlen(passphrase)); | 1387 | memset(passphrase, 0, strlen(passphrase)); |
1388 | xfree(passphrase); | 1388 | free(passphrase); |
1389 | key_free(private); | 1389 | key_free(private); |
1390 | xfree(comment); | 1390 | free(comment); |
1391 | exit(1); | 1391 | exit(1); |
1392 | } | 1392 | } |
1393 | memset(passphrase, 0, strlen(passphrase)); | 1393 | memset(passphrase, 0, strlen(passphrase)); |
1394 | xfree(passphrase); | 1394 | free(passphrase); |
1395 | public = key_from_private(private); | 1395 | public = key_from_private(private); |
1396 | key_free(private); | 1396 | key_free(private); |
1397 | 1397 | ||
@@ -1412,7 +1412,7 @@ do_change_comment(struct passwd *pw) | |||
1412 | fprintf(f, " %s\n", new_comment); | 1412 | fprintf(f, " %s\n", new_comment); |
1413 | fclose(f); | 1413 | fclose(f); |
1414 | 1414 | ||
1415 | xfree(comment); | 1415 | free(comment); |
1416 | 1416 | ||
1417 | printf("The comment in your key file has been changed.\n"); | 1417 | printf("The comment in your key file has been changed.\n"); |
1418 | exit(0); | 1418 | exit(0); |
@@ -1529,7 +1529,7 @@ load_pkcs11_key(char *path) | |||
1529 | } | 1529 | } |
1530 | key_free(keys[i]); | 1530 | key_free(keys[i]); |
1531 | } | 1531 | } |
1532 | xfree(keys); | 1532 | free(keys); |
1533 | key_free(public); | 1533 | key_free(public); |
1534 | return private; | 1534 | return private; |
1535 | #else | 1535 | #else |
@@ -1573,7 +1573,7 @@ do_ca_sign(struct passwd *pw, int argc, char **argv) | |||
1573 | fatal("No PKCS#11 key matching %s found", ca_key_path); | 1573 | fatal("No PKCS#11 key matching %s found", ca_key_path); |
1574 | } else if ((ca = load_identity(tmp)) == NULL) | 1574 | } else if ((ca = load_identity(tmp)) == NULL) |
1575 | fatal("Couldn't load CA key \"%s\"", tmp); | 1575 | fatal("Couldn't load CA key \"%s\"", tmp); |
1576 | xfree(tmp); | 1576 | free(tmp); |
1577 | 1577 | ||
1578 | for (i = 0; i < argc; i++) { | 1578 | for (i = 0; i < argc; i++) { |
1579 | /* Split list of principals */ | 1579 | /* Split list of principals */ |
@@ -1586,7 +1586,7 @@ do_ca_sign(struct passwd *pw, int argc, char **argv) | |||
1586 | if (*(plist[n] = xstrdup(cp)) == '\0') | 1586 | if (*(plist[n] = xstrdup(cp)) == '\0') |
1587 | fatal("Empty principal name"); | 1587 | fatal("Empty principal name"); |
1588 | } | 1588 | } |
1589 | xfree(otmp); | 1589 | free(otmp); |
1590 | } | 1590 | } |
1591 | 1591 | ||
1592 | tmp = tilde_expand_filename(argv[i], pw->pw_uid); | 1592 | tmp = tilde_expand_filename(argv[i], pw->pw_uid); |
@@ -1624,7 +1624,7 @@ do_ca_sign(struct passwd *pw, int argc, char **argv) | |||
1624 | if ((cp = strrchr(tmp, '.')) != NULL && strcmp(cp, ".pub") == 0) | 1624 | if ((cp = strrchr(tmp, '.')) != NULL && strcmp(cp, ".pub") == 0) |
1625 | *cp = '\0'; | 1625 | *cp = '\0'; |
1626 | xasprintf(&out, "%s-cert.pub", tmp); | 1626 | xasprintf(&out, "%s-cert.pub", tmp); |
1627 | xfree(tmp); | 1627 | free(tmp); |
1628 | 1628 | ||
1629 | if ((fd = open(out, O_WRONLY|O_CREAT|O_TRUNC, 0644)) == -1) | 1629 | if ((fd = open(out, O_WRONLY|O_CREAT|O_TRUNC, 0644)) == -1) |
1630 | fatal("Could not open \"%s\" for writing: %s", out, | 1630 | fatal("Could not open \"%s\" for writing: %s", out, |
@@ -1647,7 +1647,7 @@ do_ca_sign(struct passwd *pw, int argc, char **argv) | |||
1647 | } | 1647 | } |
1648 | 1648 | ||
1649 | key_free(public); | 1649 | key_free(public); |
1650 | xfree(out); | 1650 | free(out); |
1651 | } | 1651 | } |
1652 | pkcs11_terminate(); | 1652 | pkcs11_terminate(); |
1653 | exit(0); | 1653 | exit(0); |
@@ -1744,7 +1744,7 @@ parse_cert_times(char *timespec) | |||
1744 | 1744 | ||
1745 | if (cert_valid_to <= cert_valid_from) | 1745 | if (cert_valid_to <= cert_valid_from) |
1746 | fatal("Empty certificate validity interval"); | 1746 | fatal("Empty certificate validity interval"); |
1747 | xfree(from); | 1747 | free(from); |
1748 | } | 1748 | } |
1749 | 1749 | ||
1750 | static void | 1750 | static void |
@@ -1797,7 +1797,8 @@ add_cert_option(char *opt) | |||
1797 | static void | 1797 | static void |
1798 | show_options(const Buffer *optbuf, int v00, int in_critical) | 1798 | show_options(const Buffer *optbuf, int v00, int in_critical) |
1799 | { | 1799 | { |
1800 | u_char *name, *data; | 1800 | char *name; |
1801 | u_char *data; | ||
1801 | u_int dlen; | 1802 | u_int dlen; |
1802 | Buffer options, option; | 1803 | Buffer options, option; |
1803 | 1804 | ||
@@ -1822,13 +1823,13 @@ show_options(const Buffer *optbuf, int v00, int in_critical) | |||
1822 | strcmp(name, "source-address") == 0)) { | 1823 | strcmp(name, "source-address") == 0)) { |
1823 | data = buffer_get_string(&option, NULL); | 1824 | data = buffer_get_string(&option, NULL); |
1824 | printf(" %s\n", data); | 1825 | printf(" %s\n", data); |
1825 | xfree(data); | 1826 | free(data); |
1826 | } else { | 1827 | } else { |
1827 | printf(" UNKNOWN OPTION (len %u)\n", | 1828 | printf(" UNKNOWN OPTION (len %u)\n", |
1828 | buffer_len(&option)); | 1829 | buffer_len(&option)); |
1829 | buffer_clear(&option); | 1830 | buffer_clear(&option); |
1830 | } | 1831 | } |
1831 | xfree(name); | 1832 | free(name); |
1832 | if (buffer_len(&option) != 0) | 1833 | if (buffer_len(&option) != 0) |
1833 | fatal("Option corrupt: extra data at end"); | 1834 | fatal("Option corrupt: extra data at end"); |
1834 | } | 1835 | } |
@@ -2038,6 +2039,7 @@ update_krl_from_file(struct passwd *pw, const char *file, const Key *ca, | |||
2038 | } | 2039 | } |
2039 | if (strcmp(path, "-") != 0) | 2040 | if (strcmp(path, "-") != 0) |
2040 | fclose(krl_spec); | 2041 | fclose(krl_spec); |
2042 | free(path); | ||
2041 | } | 2043 | } |
2042 | 2044 | ||
2043 | static void | 2045 | static void |
@@ -2063,7 +2065,7 @@ do_gen_krl(struct passwd *pw, int updating, int argc, char **argv) | |||
2063 | tmp = tilde_expand_filename(ca_key_path, pw->pw_uid); | 2065 | tmp = tilde_expand_filename(ca_key_path, pw->pw_uid); |
2064 | if ((ca = key_load_public(tmp, NULL)) == NULL) | 2066 | if ((ca = key_load_public(tmp, NULL)) == NULL) |
2065 | fatal("Cannot load CA public key %s", tmp); | 2067 | fatal("Cannot load CA public key %s", tmp); |
2066 | xfree(tmp); | 2068 | free(tmp); |
2067 | } | 2069 | } |
2068 | 2070 | ||
2069 | if (updating) | 2071 | if (updating) |
@@ -2090,6 +2092,8 @@ do_gen_krl(struct passwd *pw, int updating, int argc, char **argv) | |||
2090 | close(fd); | 2092 | close(fd); |
2091 | buffer_free(&kbuf); | 2093 | buffer_free(&kbuf); |
2092 | ssh_krl_free(krl); | 2094 | ssh_krl_free(krl); |
2095 | if (ca != NULL) | ||
2096 | key_free(ca); | ||
2093 | } | 2097 | } |
2094 | 2098 | ||
2095 | static void | 2099 | static void |
@@ -2210,7 +2214,7 @@ main(int argc, char **argv) | |||
2210 | /* we need this for the home * directory. */ | 2214 | /* we need this for the home * directory. */ |
2211 | pw = getpwuid(getuid()); | 2215 | pw = getpwuid(getuid()); |
2212 | if (!pw) { | 2216 | if (!pw) { |
2213 | printf("You don't exist, go away!\n"); | 2217 | printf("No user exists for uid %lu\n", (u_long)getuid()); |
2214 | exit(1); | 2218 | exit(1); |
2215 | } | 2219 | } |
2216 | if (gethostname(hostname, sizeof(hostname)) < 0) { | 2220 | if (gethostname(hostname, sizeof(hostname)) < 0) { |
@@ -2599,14 +2603,14 @@ passphrase_again: | |||
2599 | */ | 2603 | */ |
2600 | memset(passphrase1, 0, strlen(passphrase1)); | 2604 | memset(passphrase1, 0, strlen(passphrase1)); |
2601 | memset(passphrase2, 0, strlen(passphrase2)); | 2605 | memset(passphrase2, 0, strlen(passphrase2)); |
2602 | xfree(passphrase1); | 2606 | free(passphrase1); |
2603 | xfree(passphrase2); | 2607 | free(passphrase2); |
2604 | printf("Passphrases do not match. Try again.\n"); | 2608 | printf("Passphrases do not match. Try again.\n"); |
2605 | goto passphrase_again; | 2609 | goto passphrase_again; |
2606 | } | 2610 | } |
2607 | /* Clear the other copy of the passphrase. */ | 2611 | /* Clear the other copy of the passphrase. */ |
2608 | memset(passphrase2, 0, strlen(passphrase2)); | 2612 | memset(passphrase2, 0, strlen(passphrase2)); |
2609 | xfree(passphrase2); | 2613 | free(passphrase2); |
2610 | } | 2614 | } |
2611 | 2615 | ||
2612 | if (identity_comment) { | 2616 | if (identity_comment) { |
@@ -2620,12 +2624,12 @@ passphrase_again: | |||
2620 | if (!key_save_private(private, identity_file, passphrase1, comment)) { | 2624 | if (!key_save_private(private, identity_file, passphrase1, comment)) { |
2621 | printf("Saving the key failed: %s.\n", identity_file); | 2625 | printf("Saving the key failed: %s.\n", identity_file); |
2622 | memset(passphrase1, 0, strlen(passphrase1)); | 2626 | memset(passphrase1, 0, strlen(passphrase1)); |
2623 | xfree(passphrase1); | 2627 | free(passphrase1); |
2624 | exit(1); | 2628 | exit(1); |
2625 | } | 2629 | } |
2626 | /* Clear the passphrase. */ | 2630 | /* Clear the passphrase. */ |
2627 | memset(passphrase1, 0, strlen(passphrase1)); | 2631 | memset(passphrase1, 0, strlen(passphrase1)); |
2628 | xfree(passphrase1); | 2632 | free(passphrase1); |
2629 | 2633 | ||
2630 | /* Clear the private key and the random number generator. */ | 2634 | /* Clear the private key and the random number generator. */ |
2631 | key_free(private); | 2635 | key_free(private); |
@@ -2660,8 +2664,8 @@ passphrase_again: | |||
2660 | printf("%s %s\n", fp, comment); | 2664 | printf("%s %s\n", fp, comment); |
2661 | printf("The key's randomart image is:\n"); | 2665 | printf("The key's randomart image is:\n"); |
2662 | printf("%s\n", ra); | 2666 | printf("%s\n", ra); |
2663 | xfree(ra); | 2667 | free(ra); |
2664 | xfree(fp); | 2668 | free(fp); |
2665 | } | 2669 | } |
2666 | 2670 | ||
2667 | key_free(public); | 2671 | key_free(public); |
diff --git a/ssh-keyscan.0 b/ssh-keyscan.0 index 559c5a1f4..3ea99c320 100644 --- a/ssh-keyscan.0 +++ b/ssh-keyscan.0 | |||
@@ -106,4 +106,4 @@ BUGS | |||
106 | This is because it opens a connection to the ssh port, reads the public | 106 | This is because it opens a connection to the ssh port, reads the public |
107 | key, and drops the connection as soon as it gets the key. | 107 | key, and drops the connection as soon as it gets the key. |
108 | 108 | ||
109 | OpenBSD 5.3 April 11, 2012 OpenBSD 5.3 | 109 | OpenBSD 5.4 July 16, 2013 OpenBSD 5.4 |
diff --git a/ssh-keyscan.1 b/ssh-keyscan.1 index f2b0fc8fa..c35ea05e0 100644 --- a/ssh-keyscan.1 +++ b/ssh-keyscan.1 | |||
@@ -1,4 +1,4 @@ | |||
1 | .\" $OpenBSD: ssh-keyscan.1,v 1.30 2012/04/11 13:34:17 djm Exp $ | 1 | .\" $OpenBSD: ssh-keyscan.1,v 1.31 2013/07/16 00:07:52 schwarze Exp $ |
2 | .\" | 2 | .\" |
3 | .\" Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. | 3 | .\" Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. |
4 | .\" | 4 | .\" |
@@ -6,7 +6,7 @@ | |||
6 | .\" permitted provided that due credit is given to the author and the | 6 | .\" permitted provided that due credit is given to the author and the |
7 | .\" OpenBSD project by leaving this copyright notice intact. | 7 | .\" OpenBSD project by leaving this copyright notice intact. |
8 | .\" | 8 | .\" |
9 | .Dd $Mdocdate: April 11 2012 $ | 9 | .Dd $Mdocdate: July 16 2013 $ |
10 | .Dt SSH-KEYSCAN 1 | 10 | .Dt SSH-KEYSCAN 1 |
11 | .Os | 11 | .Os |
12 | .Sh NAME | 12 | .Sh NAME |
@@ -164,9 +164,9 @@ $ ssh-keyscan -t rsa,dsa,ecdsa -f ssh_hosts | \e | |||
164 | .Xr sshd 8 | 164 | .Xr sshd 8 |
165 | .Sh AUTHORS | 165 | .Sh AUTHORS |
166 | .An -nosplit | 166 | .An -nosplit |
167 | .An David Mazieres Aq dm@lcs.mit.edu | 167 | .An David Mazieres Aq Mt dm@lcs.mit.edu |
168 | wrote the initial version, and | 168 | wrote the initial version, and |
169 | .An Wayne Davison Aq wayned@users.sourceforge.net | 169 | .An Wayne Davison Aq Mt wayned@users.sourceforge.net |
170 | added support for protocol version 2. | 170 | added support for protocol version 2. |
171 | .Sh BUGS | 171 | .Sh BUGS |
172 | It generates "Connection closed by remote host" messages on the consoles | 172 | It generates "Connection closed by remote host" messages on the consoles |
diff --git a/ssh-keyscan.c b/ssh-keyscan.c index c9de130f4..8b807c10a 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-keyscan.c,v 1.86 2012/04/11 13:34:17 djm Exp $ */ | 1 | /* $OpenBSD: ssh-keyscan.c,v 1.87 2013/05/17 00:13:14 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. | 3 | * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. |
4 | * | 4 | * |
@@ -263,7 +263,7 @@ keygrab_ssh2(con *c) | |||
263 | exit(1); | 263 | exit(1); |
264 | } | 264 | } |
265 | nonfatal_fatal = 0; | 265 | nonfatal_fatal = 0; |
266 | xfree(c->c_kex); | 266 | free(c->c_kex); |
267 | c->c_kex = NULL; | 267 | c->c_kex = NULL; |
268 | packet_close(); | 268 | packet_close(); |
269 | 269 | ||
@@ -329,7 +329,7 @@ conalloc(char *iname, char *oname, int keytype) | |||
329 | do { | 329 | do { |
330 | name = xstrsep(&namelist, ","); | 330 | name = xstrsep(&namelist, ","); |
331 | if (!name) { | 331 | if (!name) { |
332 | xfree(namebase); | 332 | free(namebase); |
333 | return (-1); | 333 | return (-1); |
334 | } | 334 | } |
335 | } while ((s = tcpconnect(name)) < 0); | 335 | } while ((s = tcpconnect(name)) < 0); |
@@ -363,10 +363,10 @@ confree(int s) | |||
363 | if (s >= maxfd || fdcon[s].c_status == CS_UNUSED) | 363 | if (s >= maxfd || fdcon[s].c_status == CS_UNUSED) |
364 | fatal("confree: attempt to free bad fdno %d", s); | 364 | fatal("confree: attempt to free bad fdno %d", s); |
365 | close(s); | 365 | close(s); |
366 | xfree(fdcon[s].c_namebase); | 366 | free(fdcon[s].c_namebase); |
367 | xfree(fdcon[s].c_output_name); | 367 | free(fdcon[s].c_output_name); |
368 | if (fdcon[s].c_status == CS_KEYS) | 368 | if (fdcon[s].c_status == CS_KEYS) |
369 | xfree(fdcon[s].c_data); | 369 | free(fdcon[s].c_data); |
370 | fdcon[s].c_status = CS_UNUSED; | 370 | fdcon[s].c_status = CS_UNUSED; |
371 | fdcon[s].c_keytype = 0; | 371 | fdcon[s].c_keytype = 0; |
372 | TAILQ_REMOVE(&tq, &fdcon[s], c_link); | 372 | TAILQ_REMOVE(&tq, &fdcon[s], c_link); |
@@ -553,8 +553,8 @@ conloop(void) | |||
553 | } else if (FD_ISSET(i, r)) | 553 | } else if (FD_ISSET(i, r)) |
554 | conread(i); | 554 | conread(i); |
555 | } | 555 | } |
556 | xfree(r); | 556 | free(r); |
557 | xfree(e); | 557 | free(e); |
558 | 558 | ||
559 | c = TAILQ_FIRST(&tq); | 559 | c = TAILQ_FIRST(&tq); |
560 | while (c && (c->c_tv.tv_sec < now.tv_sec || | 560 | while (c && (c->c_tv.tv_sec < now.tv_sec || |
diff --git a/ssh-keysign.0 b/ssh-keysign.0 index a2e9eec2b..808828a07 100644 --- a/ssh-keysign.0 +++ b/ssh-keysign.0 | |||
@@ -48,4 +48,4 @@ HISTORY | |||
48 | AUTHORS | 48 | AUTHORS |
49 | Markus Friedl <markus@openbsd.org> | 49 | Markus Friedl <markus@openbsd.org> |
50 | 50 | ||
51 | OpenBSD 5.3 August 31, 2010 OpenBSD 5.3 | 51 | OpenBSD 5.4 July 16, 2013 OpenBSD 5.4 |
diff --git a/ssh-keysign.8 b/ssh-keysign.8 index 5e09e0271..5e0b2d232 100644 --- a/ssh-keysign.8 +++ b/ssh-keysign.8 | |||
@@ -1,4 +1,4 @@ | |||
1 | .\" $OpenBSD: ssh-keysign.8,v 1.12 2010/08/31 11:54:45 djm Exp $ | 1 | .\" $OpenBSD: ssh-keysign.8,v 1.13 2013/07/16 00:07:52 schwarze Exp $ |
2 | .\" | 2 | .\" |
3 | .\" Copyright (c) 2002 Markus Friedl. All rights reserved. | 3 | .\" Copyright (c) 2002 Markus Friedl. All rights reserved. |
4 | .\" | 4 | .\" |
@@ -22,7 +22,7 @@ | |||
22 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 22 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
23 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 23 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
24 | .\" | 24 | .\" |
25 | .Dd $Mdocdate: August 31 2010 $ | 25 | .Dd $Mdocdate: July 16 2013 $ |
26 | .Dt SSH-KEYSIGN 8 | 26 | .Dt SSH-KEYSIGN 8 |
27 | .Os | 27 | .Os |
28 | .Sh NAME | 28 | .Sh NAME |
@@ -88,4 +88,4 @@ information corresponding with the private keys above. | |||
88 | first appeared in | 88 | first appeared in |
89 | .Ox 3.2 . | 89 | .Ox 3.2 . |
90 | .Sh AUTHORS | 90 | .Sh AUTHORS |
91 | .An Markus Friedl Aq markus@openbsd.org | 91 | .An Markus Friedl Aq Mt markus@openbsd.org |
diff --git a/ssh-keysign.c b/ssh-keysign.c index 1deb7e141..9a6653c7c 100644 --- a/ssh-keysign.c +++ b/ssh-keysign.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-keysign.c,v 1.36 2011/02/16 00:31:14 djm Exp $ */ | 1 | /* $OpenBSD: ssh-keysign.c,v 1.37 2013/05/17 00:13:14 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2002 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2002 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -78,7 +78,7 @@ valid_request(struct passwd *pw, char *host, Key **ret, u_char *data, | |||
78 | p = buffer_get_string(&b, &len); | 78 | p = buffer_get_string(&b, &len); |
79 | if (len != 20 && len != 32) | 79 | if (len != 20 && len != 32) |
80 | fail++; | 80 | fail++; |
81 | xfree(p); | 81 | free(p); |
82 | 82 | ||
83 | if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST) | 83 | if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST) |
84 | fail++; | 84 | fail++; |
@@ -90,13 +90,13 @@ valid_request(struct passwd *pw, char *host, Key **ret, u_char *data, | |||
90 | p = buffer_get_string(&b, NULL); | 90 | p = buffer_get_string(&b, NULL); |
91 | if (strcmp("ssh-connection", p) != 0) | 91 | if (strcmp("ssh-connection", p) != 0) |
92 | fail++; | 92 | fail++; |
93 | xfree(p); | 93 | free(p); |
94 | 94 | ||
95 | /* method */ | 95 | /* method */ |
96 | p = buffer_get_string(&b, NULL); | 96 | p = buffer_get_string(&b, NULL); |
97 | if (strcmp("hostbased", p) != 0) | 97 | if (strcmp("hostbased", p) != 0) |
98 | fail++; | 98 | fail++; |
99 | xfree(p); | 99 | free(p); |
100 | 100 | ||
101 | /* pubkey */ | 101 | /* pubkey */ |
102 | pkalg = buffer_get_string(&b, NULL); | 102 | pkalg = buffer_get_string(&b, NULL); |
@@ -109,8 +109,8 @@ valid_request(struct passwd *pw, char *host, Key **ret, u_char *data, | |||
109 | fail++; | 109 | fail++; |
110 | else if (key->type != pktype) | 110 | else if (key->type != pktype) |
111 | fail++; | 111 | fail++; |
112 | xfree(pkalg); | 112 | free(pkalg); |
113 | xfree(pkblob); | 113 | free(pkblob); |
114 | 114 | ||
115 | /* client host name, handle trailing dot */ | 115 | /* client host name, handle trailing dot */ |
116 | p = buffer_get_string(&b, &len); | 116 | p = buffer_get_string(&b, &len); |
@@ -121,14 +121,14 @@ valid_request(struct passwd *pw, char *host, Key **ret, u_char *data, | |||
121 | fail++; | 121 | fail++; |
122 | else if (strncasecmp(host, p, len - 1) != 0) | 122 | else if (strncasecmp(host, p, len - 1) != 0) |
123 | fail++; | 123 | fail++; |
124 | xfree(p); | 124 | free(p); |
125 | 125 | ||
126 | /* local user */ | 126 | /* local user */ |
127 | p = buffer_get_string(&b, NULL); | 127 | p = buffer_get_string(&b, NULL); |
128 | 128 | ||
129 | if (strcmp(pw->pw_name, p) != 0) | 129 | if (strcmp(pw->pw_name, p) != 0) |
130 | fail++; | 130 | fail++; |
131 | xfree(p); | 131 | free(p); |
132 | 132 | ||
133 | /* end of message */ | 133 | /* end of message */ |
134 | if (buffer_len(&b) != 0) | 134 | if (buffer_len(&b) != 0) |
@@ -233,7 +233,7 @@ main(int argc, char **argv) | |||
233 | data = buffer_get_string(&b, &dlen); | 233 | data = buffer_get_string(&b, &dlen); |
234 | if (valid_request(pw, host, &key, data, dlen) < 0) | 234 | if (valid_request(pw, host, &key, data, dlen) < 0) |
235 | fatal("not a valid request"); | 235 | fatal("not a valid request"); |
236 | xfree(host); | 236 | free(host); |
237 | 237 | ||
238 | found = 0; | 238 | found = 0; |
239 | for (i = 0; i < NUM_KEYTYPES; i++) { | 239 | for (i = 0; i < NUM_KEYTYPES; i++) { |
@@ -248,7 +248,7 @@ main(int argc, char **argv) | |||
248 | 248 | ||
249 | if (key_sign(keys[i], &signature, &slen, data, dlen) != 0) | 249 | if (key_sign(keys[i], &signature, &slen, data, dlen) != 0) |
250 | fatal("key_sign failed"); | 250 | fatal("key_sign failed"); |
251 | xfree(data); | 251 | free(data); |
252 | 252 | ||
253 | /* send reply */ | 253 | /* send reply */ |
254 | buffer_clear(&b); | 254 | buffer_clear(&b); |
diff --git a/ssh-pkcs11-client.c b/ssh-pkcs11-client.c index 82b11daf5..6c9f9d2c1 100644 --- a/ssh-pkcs11-client.c +++ b/ssh-pkcs11-client.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-pkcs11-client.c,v 1.3 2012/01/16 20:34:09 miod Exp $ */ | 1 | /* $OpenBSD: ssh-pkcs11-client.c,v 1.4 2013/05/17 00:13:14 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2010 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2010 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -121,7 +121,7 @@ pkcs11_rsa_private_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa, | |||
121 | buffer_put_string(&msg, blob, blen); | 121 | buffer_put_string(&msg, blob, blen); |
122 | buffer_put_string(&msg, from, flen); | 122 | buffer_put_string(&msg, from, flen); |
123 | buffer_put_int(&msg, 0); | 123 | buffer_put_int(&msg, 0); |
124 | xfree(blob); | 124 | free(blob); |
125 | send_msg(&msg); | 125 | send_msg(&msg); |
126 | buffer_clear(&msg); | 126 | buffer_clear(&msg); |
127 | 127 | ||
@@ -131,7 +131,7 @@ pkcs11_rsa_private_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa, | |||
131 | memcpy(to, signature, slen); | 131 | memcpy(to, signature, slen); |
132 | ret = slen; | 132 | ret = slen; |
133 | } | 133 | } |
134 | xfree(signature); | 134 | free(signature); |
135 | } | 135 | } |
136 | buffer_free(&msg); | 136 | buffer_free(&msg); |
137 | return (ret); | 137 | return (ret); |
@@ -205,11 +205,11 @@ pkcs11_add_provider(char *name, char *pin, Key ***keysp) | |||
205 | *keysp = xcalloc(nkeys, sizeof(Key *)); | 205 | *keysp = xcalloc(nkeys, sizeof(Key *)); |
206 | for (i = 0; i < nkeys; i++) { | 206 | for (i = 0; i < nkeys; i++) { |
207 | blob = buffer_get_string(&msg, &blen); | 207 | blob = buffer_get_string(&msg, &blen); |
208 | xfree(buffer_get_string(&msg, NULL)); | 208 | free(buffer_get_string(&msg, NULL)); |
209 | k = key_from_blob(blob, blen); | 209 | k = key_from_blob(blob, blen); |
210 | wrap_key(k->rsa); | 210 | wrap_key(k->rsa); |
211 | (*keysp)[i] = k; | 211 | (*keysp)[i] = k; |
212 | xfree(blob); | 212 | free(blob); |
213 | } | 213 | } |
214 | } else { | 214 | } else { |
215 | nkeys = -1; | 215 | nkeys = -1; |
diff --git a/ssh-pkcs11-helper.0 b/ssh-pkcs11-helper.0 index dcfaa222a..d9ea34248 100644 --- a/ssh-pkcs11-helper.0 +++ b/ssh-pkcs11-helper.0 | |||
@@ -22,4 +22,4 @@ HISTORY | |||
22 | AUTHORS | 22 | AUTHORS |
23 | Markus Friedl <markus@openbsd.org> | 23 | Markus Friedl <markus@openbsd.org> |
24 | 24 | ||
25 | OpenBSD 5.3 February 10, 2010 OpenBSD 5.3 | 25 | OpenBSD 5.4 July 16, 2013 OpenBSD 5.4 |
diff --git a/ssh-pkcs11-helper.8 b/ssh-pkcs11-helper.8 index 9bdaadc01..3728c4e4e 100644 --- a/ssh-pkcs11-helper.8 +++ b/ssh-pkcs11-helper.8 | |||
@@ -1,4 +1,4 @@ | |||
1 | .\" $OpenBSD: ssh-pkcs11-helper.8,v 1.3 2010/02/10 23:20:38 markus Exp $ | 1 | .\" $OpenBSD: ssh-pkcs11-helper.8,v 1.4 2013/07/16 00:07:52 schwarze Exp $ |
2 | .\" | 2 | .\" |
3 | .\" Copyright (c) 2010 Markus Friedl. All rights reserved. | 3 | .\" Copyright (c) 2010 Markus Friedl. All rights reserved. |
4 | .\" | 4 | .\" |
@@ -14,7 +14,7 @@ | |||
14 | .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF | 14 | .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF |
15 | .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | 15 | .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
16 | .\" | 16 | .\" |
17 | .Dd $Mdocdate: February 10 2010 $ | 17 | .Dd $Mdocdate: July 16 2013 $ |
18 | .Dt SSH-PKCS11-HELPER 8 | 18 | .Dt SSH-PKCS11-HELPER 8 |
19 | .Os | 19 | .Os |
20 | .Sh NAME | 20 | .Sh NAME |
@@ -40,4 +40,4 @@ is not intended to be invoked by the user, but from | |||
40 | first appeared in | 40 | first appeared in |
41 | .Ox 4.7 . | 41 | .Ox 4.7 . |
42 | .Sh AUTHORS | 42 | .Sh AUTHORS |
43 | .An Markus Friedl Aq markus@openbsd.org | 43 | .An Markus Friedl Aq Mt markus@openbsd.org |
diff --git a/ssh-pkcs11-helper.c b/ssh-pkcs11-helper.c index fcb5defc0..39b2e7c56 100644 --- a/ssh-pkcs11-helper.c +++ b/ssh-pkcs11-helper.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-pkcs11-helper.c,v 1.4 2012/07/02 12:13:26 dtucker Exp $ */ | 1 | /* $OpenBSD: ssh-pkcs11-helper.c,v 1.6 2013/05/17 00:13:14 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2010 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2010 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -79,7 +79,7 @@ del_keys_by_name(char *name) | |||
79 | nxt = TAILQ_NEXT(ki, next); | 79 | nxt = TAILQ_NEXT(ki, next); |
80 | if (!strcmp(ki->providername, name)) { | 80 | if (!strcmp(ki->providername, name)) { |
81 | TAILQ_REMOVE(&pkcs11_keylist, ki, next); | 81 | TAILQ_REMOVE(&pkcs11_keylist, ki, next); |
82 | xfree(ki->providername); | 82 | free(ki->providername); |
83 | key_free(ki->key); | 83 | key_free(ki->key); |
84 | free(ki); | 84 | free(ki); |
85 | } | 85 | } |
@@ -130,15 +130,15 @@ process_add(void) | |||
130 | key_to_blob(keys[i], &blob, &blen); | 130 | key_to_blob(keys[i], &blob, &blen); |
131 | buffer_put_string(&msg, blob, blen); | 131 | buffer_put_string(&msg, blob, blen); |
132 | buffer_put_cstring(&msg, name); | 132 | buffer_put_cstring(&msg, name); |
133 | xfree(blob); | 133 | free(blob); |
134 | add_key(keys[i], name); | 134 | add_key(keys[i], name); |
135 | } | 135 | } |
136 | xfree(keys); | 136 | free(keys); |
137 | } else { | 137 | } else { |
138 | buffer_put_char(&msg, SSH_AGENT_FAILURE); | 138 | buffer_put_char(&msg, SSH_AGENT_FAILURE); |
139 | } | 139 | } |
140 | xfree(pin); | 140 | free(pin); |
141 | xfree(name); | 141 | free(name); |
142 | send_msg(&msg); | 142 | send_msg(&msg); |
143 | buffer_free(&msg); | 143 | buffer_free(&msg); |
144 | } | 144 | } |
@@ -157,8 +157,8 @@ process_del(void) | |||
157 | buffer_put_char(&msg, SSH_AGENT_SUCCESS); | 157 | buffer_put_char(&msg, SSH_AGENT_SUCCESS); |
158 | else | 158 | else |
159 | buffer_put_char(&msg, SSH_AGENT_FAILURE); | 159 | buffer_put_char(&msg, SSH_AGENT_FAILURE); |
160 | xfree(pin); | 160 | free(pin); |
161 | xfree(name); | 161 | free(name); |
162 | send_msg(&msg); | 162 | send_msg(&msg); |
163 | buffer_free(&msg); | 163 | buffer_free(&msg); |
164 | } | 164 | } |
@@ -195,10 +195,9 @@ process_sign(void) | |||
195 | } else { | 195 | } else { |
196 | buffer_put_char(&msg, SSH_AGENT_FAILURE); | 196 | buffer_put_char(&msg, SSH_AGENT_FAILURE); |
197 | } | 197 | } |
198 | xfree(data); | 198 | free(data); |
199 | xfree(blob); | 199 | free(blob); |
200 | if (signature != NULL) | 200 | free(signature); |
201 | xfree(signature); | ||
202 | send_msg(&msg); | 201 | send_msg(&msg); |
203 | buffer_free(&msg); | 202 | buffer_free(&msg); |
204 | } | 203 | } |
@@ -274,7 +273,6 @@ main(int argc, char **argv) | |||
274 | LogLevel log_level = SYSLOG_LEVEL_ERROR; | 273 | LogLevel log_level = SYSLOG_LEVEL_ERROR; |
275 | char buf[4*4096]; | 274 | char buf[4*4096]; |
276 | 275 | ||
277 | extern char *optarg; | ||
278 | extern char *__progname; | 276 | extern char *__progname; |
279 | 277 | ||
280 | TAILQ_INIT(&pkcs11_keylist); | 278 | TAILQ_INIT(&pkcs11_keylist); |
diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c index 1f4c1c8e4..618c07526 100644 --- a/ssh-pkcs11.c +++ b/ssh-pkcs11.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-pkcs11.c,v 1.6 2010/06/08 21:32:19 markus Exp $ */ | 1 | /* $OpenBSD: ssh-pkcs11.c,v 1.8 2013/07/12 00:20:00 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2010 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2010 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -120,9 +120,9 @@ pkcs11_provider_unref(struct pkcs11_provider *p) | |||
120 | if (--p->refcount <= 0) { | 120 | if (--p->refcount <= 0) { |
121 | if (p->valid) | 121 | if (p->valid) |
122 | error("pkcs11_provider_unref: %p still valid", p); | 122 | error("pkcs11_provider_unref: %p still valid", p); |
123 | xfree(p->slotlist); | 123 | free(p->slotlist); |
124 | xfree(p->slotinfo); | 124 | free(p->slotinfo); |
125 | xfree(p); | 125 | free(p); |
126 | } | 126 | } |
127 | } | 127 | } |
128 | 128 | ||
@@ -180,9 +180,8 @@ pkcs11_rsa_finish(RSA *rsa) | |||
180 | rv = k11->orig_finish(rsa); | 180 | rv = k11->orig_finish(rsa); |
181 | if (k11->provider) | 181 | if (k11->provider) |
182 | pkcs11_provider_unref(k11->provider); | 182 | pkcs11_provider_unref(k11->provider); |
183 | if (k11->keyid) | 183 | free(k11->keyid); |
184 | xfree(k11->keyid); | 184 | free(k11); |
185 | xfree(k11); | ||
186 | } | 185 | } |
187 | return (rv); | 186 | return (rv); |
188 | } | 187 | } |
@@ -264,13 +263,13 @@ pkcs11_rsa_private_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa, | |||
264 | pin = read_passphrase(prompt, RP_ALLOW_EOF); | 263 | pin = read_passphrase(prompt, RP_ALLOW_EOF); |
265 | if (pin == NULL) | 264 | if (pin == NULL) |
266 | return (-1); /* bail out */ | 265 | return (-1); /* bail out */ |
267 | if ((rv = f->C_Login(si->session, CKU_USER, pin, strlen(pin))) | 266 | if ((rv = f->C_Login(si->session, CKU_USER, |
268 | != CKR_OK) { | 267 | (u_char *)pin, strlen(pin))) != CKR_OK) { |
269 | xfree(pin); | 268 | free(pin); |
270 | error("C_Login failed: %lu", rv); | 269 | error("C_Login failed: %lu", rv); |
271 | return (-1); | 270 | return (-1); |
272 | } | 271 | } |
273 | xfree(pin); | 272 | free(pin); |
274 | si->logged_in = 1; | 273 | si->logged_in = 1; |
275 | } | 274 | } |
276 | key_filter[1].pValue = k11->keyid; | 275 | key_filter[1].pValue = k11->keyid; |
@@ -329,7 +328,7 @@ pkcs11_rsa_wrap(struct pkcs11_provider *provider, CK_ULONG slotidx, | |||
329 | 328 | ||
330 | /* remove trailing spaces */ | 329 | /* remove trailing spaces */ |
331 | static void | 330 | static void |
332 | rmspace(char *buf, size_t len) | 331 | rmspace(u_char *buf, size_t len) |
333 | { | 332 | { |
334 | size_t i; | 333 | size_t i; |
335 | 334 | ||
@@ -367,8 +366,8 @@ pkcs11_open_session(struct pkcs11_provider *p, CK_ULONG slotidx, char *pin) | |||
367 | return (-1); | 366 | return (-1); |
368 | } | 367 | } |
369 | if (login_required && pin) { | 368 | if (login_required && pin) { |
370 | if ((rv = f->C_Login(session, CKU_USER, pin, strlen(pin))) | 369 | if ((rv = f->C_Login(session, CKU_USER, |
371 | != CKR_OK) { | 370 | (u_char *)pin, strlen(pin))) != CKR_OK) { |
372 | error("C_Login failed: %lu", rv); | 371 | error("C_Login failed: %lu", rv); |
373 | if ((rv = f->C_CloseSession(session)) != CKR_OK) | 372 | if ((rv = f->C_CloseSession(session)) != CKR_OK) |
374 | error("C_CloseSession failed: %lu", rv); | 373 | error("C_CloseSession failed: %lu", rv); |
@@ -470,7 +469,7 @@ pkcs11_fetch_keys(struct pkcs11_provider *p, CK_ULONG slotidx, Key ***keysp, | |||
470 | } | 469 | } |
471 | } | 470 | } |
472 | for (i = 0; i < 3; i++) | 471 | for (i = 0; i < 3; i++) |
473 | xfree(attribs[i].pValue); | 472 | free(attribs[i].pValue); |
474 | } | 473 | } |
475 | if ((rv = f->C_FindObjectsFinal(session)) != CKR_OK) | 474 | if ((rv = f->C_FindObjectsFinal(session)) != CKR_OK) |
476 | error("C_FindObjectsFinal failed: %lu", rv); | 475 | error("C_FindObjectsFinal failed: %lu", rv); |
@@ -579,11 +578,9 @@ fail: | |||
579 | if (need_finalize && (rv = f->C_Finalize(NULL)) != CKR_OK) | 578 | if (need_finalize && (rv = f->C_Finalize(NULL)) != CKR_OK) |
580 | error("C_Finalize failed: %lu", rv); | 579 | error("C_Finalize failed: %lu", rv); |
581 | if (p) { | 580 | if (p) { |
582 | if (p->slotlist) | 581 | free(p->slotlist); |
583 | xfree(p->slotlist); | 582 | free(p->slotinfo); |
584 | if (p->slotinfo) | 583 | free(p); |
585 | xfree(p->slotinfo); | ||
586 | xfree(p); | ||
587 | } | 584 | } |
588 | if (handle) | 585 | if (handle) |
589 | dlclose(handle); | 586 | dlclose(handle); |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-rsa.c,v 1.45 2010/08/31 09:58:37 djm Exp $ */ | 1 | /* $OpenBSD: ssh-rsa.c,v 1.46 2013/05/17 00:13:14 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000, 2003 Markus Friedl <markus@openbsd.org> | 3 | * Copyright (c) 2000, 2003 Markus Friedl <markus@openbsd.org> |
4 | * | 4 | * |
@@ -72,7 +72,7 @@ ssh_rsa_sign(const Key *key, u_char **sigp, u_int *lenp, | |||
72 | 72 | ||
73 | error("ssh_rsa_sign: RSA_sign failed: %s", | 73 | error("ssh_rsa_sign: RSA_sign failed: %s", |
74 | ERR_error_string(ecode, NULL)); | 74 | ERR_error_string(ecode, NULL)); |
75 | xfree(sig); | 75 | free(sig); |
76 | return -1; | 76 | return -1; |
77 | } | 77 | } |
78 | if (len < slen) { | 78 | if (len < slen) { |
@@ -82,7 +82,7 @@ ssh_rsa_sign(const Key *key, u_char **sigp, u_int *lenp, | |||
82 | memset(sig, 0, diff); | 82 | memset(sig, 0, diff); |
83 | } else if (len > slen) { | 83 | } else if (len > slen) { |
84 | error("ssh_rsa_sign: slen %u slen2 %u", slen, len); | 84 | error("ssh_rsa_sign: slen %u slen2 %u", slen, len); |
85 | xfree(sig); | 85 | free(sig); |
86 | return -1; | 86 | return -1; |
87 | } | 87 | } |
88 | /* encode signature */ | 88 | /* encode signature */ |
@@ -98,7 +98,7 @@ ssh_rsa_sign(const Key *key, u_char **sigp, u_int *lenp, | |||
98 | } | 98 | } |
99 | buffer_free(&b); | 99 | buffer_free(&b); |
100 | memset(sig, 's', slen); | 100 | memset(sig, 's', slen); |
101 | xfree(sig); | 101 | free(sig); |
102 | 102 | ||
103 | return 0; | 103 | return 0; |
104 | } | 104 | } |
@@ -131,23 +131,23 @@ ssh_rsa_verify(const Key *key, const u_char *signature, u_int signaturelen, | |||
131 | if (strcmp("ssh-rsa", ktype) != 0) { | 131 | if (strcmp("ssh-rsa", ktype) != 0) { |
132 | error("ssh_rsa_verify: cannot handle type %s", ktype); | 132 | error("ssh_rsa_verify: cannot handle type %s", ktype); |
133 | buffer_free(&b); | 133 | buffer_free(&b); |
134 | xfree(ktype); | 134 | free(ktype); |
135 | return -1; | 135 | return -1; |
136 | } | 136 | } |
137 | xfree(ktype); | 137 | free(ktype); |
138 | sigblob = buffer_get_string(&b, &len); | 138 | sigblob = buffer_get_string(&b, &len); |
139 | rlen = buffer_len(&b); | 139 | rlen = buffer_len(&b); |
140 | buffer_free(&b); | 140 | buffer_free(&b); |
141 | if (rlen != 0) { | 141 | if (rlen != 0) { |
142 | error("ssh_rsa_verify: remaining bytes in signature %d", rlen); | 142 | error("ssh_rsa_verify: remaining bytes in signature %d", rlen); |
143 | xfree(sigblob); | 143 | free(sigblob); |
144 | return -1; | 144 | return -1; |
145 | } | 145 | } |
146 | /* RSA_verify expects a signature of RSA_size */ | 146 | /* RSA_verify expects a signature of RSA_size */ |
147 | modlen = RSA_size(key->rsa); | 147 | modlen = RSA_size(key->rsa); |
148 | if (len > modlen) { | 148 | if (len > modlen) { |
149 | error("ssh_rsa_verify: len %u > modlen %u", len, modlen); | 149 | error("ssh_rsa_verify: len %u > modlen %u", len, modlen); |
150 | xfree(sigblob); | 150 | free(sigblob); |
151 | return -1; | 151 | return -1; |
152 | } else if (len < modlen) { | 152 | } else if (len < modlen) { |
153 | u_int diff = modlen - len; | 153 | u_int diff = modlen - len; |
@@ -161,7 +161,7 @@ ssh_rsa_verify(const Key *key, const u_char *signature, u_int signaturelen, | |||
161 | nid = (datafellows & SSH_BUG_RSASIGMD5) ? NID_md5 : NID_sha1; | 161 | nid = (datafellows & SSH_BUG_RSASIGMD5) ? NID_md5 : NID_sha1; |
162 | if ((evp_md = EVP_get_digestbynid(nid)) == NULL) { | 162 | if ((evp_md = EVP_get_digestbynid(nid)) == NULL) { |
163 | error("ssh_rsa_verify: EVP_get_digestbynid %d failed", nid); | 163 | error("ssh_rsa_verify: EVP_get_digestbynid %d failed", nid); |
164 | xfree(sigblob); | 164 | free(sigblob); |
165 | return -1; | 165 | return -1; |
166 | } | 166 | } |
167 | EVP_DigestInit(&md, evp_md); | 167 | EVP_DigestInit(&md, evp_md); |
@@ -171,7 +171,7 @@ ssh_rsa_verify(const Key *key, const u_char *signature, u_int signaturelen, | |||
171 | ret = openssh_RSA_verify(nid, digest, dlen, sigblob, len, key->rsa); | 171 | ret = openssh_RSA_verify(nid, digest, dlen, sigblob, len, key->rsa); |
172 | memset(digest, 'd', sizeof(digest)); | 172 | memset(digest, 'd', sizeof(digest)); |
173 | memset(sigblob, 's', len); | 173 | memset(sigblob, 's', len); |
174 | xfree(sigblob); | 174 | free(sigblob); |
175 | debug("ssh_rsa_verify: signature %scorrect", (ret==0) ? "in" : ""); | 175 | debug("ssh_rsa_verify: signature %scorrect", (ret==0) ? "in" : ""); |
176 | return ret; | 176 | return ret; |
177 | } | 177 | } |
@@ -262,7 +262,6 @@ openssh_RSA_verify(int type, u_char *hash, u_int hashlen, | |||
262 | } | 262 | } |
263 | ret = 1; | 263 | ret = 1; |
264 | done: | 264 | done: |
265 | if (decrypted) | 265 | free(decrypted); |
266 | xfree(decrypted); | ||
267 | return ret; | 266 | return ret; |
268 | } | 267 | } |
@@ -5,11 +5,13 @@ NAME | |||
5 | 5 | ||
6 | SYNOPSIS | 6 | SYNOPSIS |
7 | ssh [-1246AaCfgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec] | 7 | ssh [-1246AaCfgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec] |
8 | [-D [bind_address:]port] [-e escape_char] [-F configfile] [-I pkcs11] | 8 | [-D [bind_address:]port] [-E log_file] [-e escape_char] |
9 | [-i identity_file] [-L [bind_address:]port:host:hostport] | 9 | [-F configfile] [-I pkcs11] [-i identity_file] |
10 | [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port] | 10 | [-L [bind_address:]port:host:hostport] [-l login_name] [-m mac_spec] |
11 | [-O ctl_cmd] [-o option] [-p port] | ||
11 | [-R [bind_address:]port:host:hostport] [-S ctl_path] [-W host:port] | 12 | [-R [bind_address:]port:host:hostport] [-S ctl_path] [-W host:port] |
12 | [-w local_tun[:remote_tun]] [user@]hostname [command] | 13 | [-w local_tun[:remote_tun]] [user@]hostname [command] |
14 | ssh -Q protocol_feature | ||
13 | 15 | ||
14 | DESCRIPTION | 16 | DESCRIPTION |
15 | ssh (SSH client) is a program for logging into a remote machine and for | 17 | ssh (SSH client) is a program for logging into a remote machine and for |
@@ -102,6 +104,9 @@ DESCRIPTION | |||
102 | be bound for local use only, while an empty address or `*' | 104 | be bound for local use only, while an empty address or `*' |
103 | indicates that the port should be available from all interfaces. | 105 | indicates that the port should be available from all interfaces. |
104 | 106 | ||
107 | -E log_file | ||
108 | Append debug logs to log_file instead of standard error. | ||
109 | |||
105 | -e escape_char | 110 | -e escape_char |
106 | Sets the escape character for sessions with a pty (default: `~'). | 111 | Sets the escape character for sessions with a pty (default: `~'). |
107 | The escape character is only recognized at the beginning of a | 112 | The escape character is only recognized at the beginning of a |
@@ -289,6 +294,14 @@ DESCRIPTION | |||
289 | Port to connect to on the remote host. This can be specified on | 294 | Port to connect to on the remote host. This can be specified on |
290 | a per-host basis in the configuration file. | 295 | a per-host basis in the configuration file. |
291 | 296 | ||
297 | -Q protocol_feature | ||
298 | Queries ssh for the algorithms supported for the specified | ||
299 | version 2 protocol_feature. The queriable features are: | ||
300 | ``cipher'' (supported symmetric ciphers), ``MAC'' (supported | ||
301 | message integrity codes), ``KEX'' (key exchange algorithms), | ||
302 | ``key'' (key types). Protocol features are treated case- | ||
303 | insensitively. | ||
304 | |||
292 | -q Quiet mode. Causes most warning and diagnostic messages to be | 305 | -q Quiet mode. Causes most warning and diagnostic messages to be |
293 | suppressed. | 306 | suppressed. |
294 | 307 | ||
@@ -788,7 +801,7 @@ FILES | |||
788 | This is the per-user configuration file. The file format and | 801 | This is the per-user configuration file. The file format and |
789 | configuration options are described in ssh_config(5). Because of | 802 | configuration options are described in ssh_config(5). Because of |
790 | the potential for abuse, this file must have strict permissions: | 803 | the potential for abuse, this file must have strict permissions: |
791 | read/write for the user, and not accessible by others. | 804 | read/write for the user, and not writable by others. |
792 | 805 | ||
793 | ~/.ssh/environment | 806 | ~/.ssh/environment |
794 | Contains additional definitions for environment variables; see | 807 | Contains additional definitions for environment variables; see |
@@ -919,4 +932,4 @@ AUTHORS | |||
919 | created OpenSSH. Markus Friedl contributed the support for SSH protocol | 932 | created OpenSSH. Markus Friedl contributed the support for SSH protocol |
920 | versions 1.5 and 2.0. | 933 | versions 1.5 and 2.0. |
921 | 934 | ||
922 | OpenBSD 5.3 October 4, 2012 OpenBSD 5.3 | 935 | OpenBSD 5.4 July 18, 2013 OpenBSD 5.4 |
@@ -33,8 +33,8 @@ | |||
33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
35 | .\" | 35 | .\" |
36 | .\" $OpenBSD: ssh.1,v 1.330 2012/10/04 13:21:50 markus Exp $ | 36 | .\" $OpenBSD: ssh.1,v 1.334 2013/07/18 01:12:26 djm Exp $ |
37 | .Dd $Mdocdate: October 4 2012 $ | 37 | .Dd $Mdocdate: July 18 2013 $ |
38 | .Dt SSH 1 | 38 | .Dt SSH 1 |
39 | .Os | 39 | .Os |
40 | .Sh NAME | 40 | .Sh NAME |
@@ -47,6 +47,7 @@ | |||
47 | .Op Fl b Ar bind_address | 47 | .Op Fl b Ar bind_address |
48 | .Op Fl c Ar cipher_spec | 48 | .Op Fl c Ar cipher_spec |
49 | .Op Fl D Oo Ar bind_address : Oc Ns Ar port | 49 | .Op Fl D Oo Ar bind_address : Oc Ns Ar port |
50 | .Op Fl E Ar log_file | ||
50 | .Op Fl e Ar escape_char | 51 | .Op Fl e Ar escape_char |
51 | .Op Fl F Ar configfile | 52 | .Op Fl F Ar configfile |
52 | .Op Fl I Ar pkcs11 | 53 | .Op Fl I Ar pkcs11 |
@@ -64,6 +65,8 @@ | |||
64 | .Oo Ar user Ns @ Oc Ns Ar hostname | 65 | .Oo Ar user Ns @ Oc Ns Ar hostname |
65 | .Op Ar command | 66 | .Op Ar command |
66 | .Ek | 67 | .Ek |
68 | .Nm | ||
69 | .Fl Q Ar protocol_feature | ||
67 | .Sh DESCRIPTION | 70 | .Sh DESCRIPTION |
68 | .Nm | 71 | .Nm |
69 | (SSH client) is a program for logging into a remote machine and for | 72 | (SSH client) is a program for logging into a remote machine and for |
@@ -217,6 +220,10 @@ indicates that the listening port be bound for local use only, while an | |||
217 | empty address or | 220 | empty address or |
218 | .Sq * | 221 | .Sq * |
219 | indicates that the port should be available from all interfaces. | 222 | indicates that the port should be available from all interfaces. |
223 | .It Fl E Ar log_file | ||
224 | Append debug logs to | ||
225 | .Ar log_file | ||
226 | instead of standard error. | ||
220 | .It Fl e Ar escape_char | 227 | .It Fl e Ar escape_char |
221 | Sets the escape character for sessions with a pty (default: | 228 | Sets the escape character for sessions with a pty (default: |
222 | .Ql ~ ) . | 229 | .Ql ~ ) . |
@@ -482,6 +489,21 @@ For full details of the options listed below, and their possible values, see | |||
482 | Port to connect to on the remote host. | 489 | Port to connect to on the remote host. |
483 | This can be specified on a | 490 | This can be specified on a |
484 | per-host basis in the configuration file. | 491 | per-host basis in the configuration file. |
492 | .It Fl Q Ar protocol_feature | ||
493 | Queries | ||
494 | .Nm | ||
495 | for the algorithms supported for the specified version 2 | ||
496 | .Ar protocol_feature . | ||
497 | The queriable features are: | ||
498 | .Dq cipher | ||
499 | (supported symmetric ciphers), | ||
500 | .Dq MAC | ||
501 | (supported message integrity codes), | ||
502 | .Dq KEX | ||
503 | (key exchange algorithms), | ||
504 | .Dq key | ||
505 | (key types). | ||
506 | Protocol features are treated case-insensitively. | ||
485 | .It Fl q | 507 | .It Fl q |
486 | Quiet mode. | 508 | Quiet mode. |
487 | Causes most warning and diagnostic messages to be suppressed. | 509 | Causes most warning and diagnostic messages to be suppressed. |
@@ -732,9 +754,7 @@ implements public key authentication protocol automatically, | |||
732 | using one of the DSA, ECDSA or RSA algorithms. | 754 | using one of the DSA, ECDSA or RSA algorithms. |
733 | Protocol 1 is restricted to using only RSA keys, | 755 | Protocol 1 is restricted to using only RSA keys, |
734 | but protocol 2 may use any. | 756 | but protocol 2 may use any. |
735 | The | 757 | The HISTORY section of |
736 | .Sx HISTORY | ||
737 | section of | ||
738 | .Xr ssl 8 | 758 | .Xr ssl 8 |
739 | contains a brief discussion of the DSA and RSA algorithms. | 759 | contains a brief discussion of the DSA and RSA algorithms. |
740 | .Pp | 760 | .Pp |
@@ -790,9 +810,7 @@ instead of a set of public/private keys, | |||
790 | signed certificates are used. | 810 | signed certificates are used. |
791 | This has the advantage that a single trusted certification authority | 811 | This has the advantage that a single trusted certification authority |
792 | can be used in place of many public/private keys. | 812 | can be used in place of many public/private keys. |
793 | See the | 813 | See the CERTIFICATES section of |
794 | .Sx CERTIFICATES | ||
795 | section of | ||
796 | .Xr ssh-keygen 1 | 814 | .Xr ssh-keygen 1 |
797 | for more information. | 815 | for more information. |
798 | .Pp | 816 | .Pp |
@@ -1319,7 +1337,7 @@ This is the per-user configuration file. | |||
1319 | The file format and configuration options are described in | 1337 | The file format and configuration options are described in |
1320 | .Xr ssh_config 5 . | 1338 | .Xr ssh_config 5 . |
1321 | Because of the potential for abuse, this file must have strict permissions: | 1339 | Because of the potential for abuse, this file must have strict permissions: |
1322 | read/write for the user, and not accessible by others. | 1340 | read/write for the user, and not writable by others. |
1323 | .Pp | 1341 | .Pp |
1324 | .It Pa ~/.ssh/environment | 1342 | .It Pa ~/.ssh/environment |
1325 | Contains additional definitions for environment variables; see | 1343 | Contains additional definitions for environment variables; see |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh.c,v 1.373 2013/02/22 22:09:01 djm Exp $ */ | 1 | /* $OpenBSD: ssh.c,v 1.381 2013/07/25 00:29:10 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -197,9 +197,9 @@ usage(void) | |||
197 | { | 197 | { |
198 | fprintf(stderr, | 198 | fprintf(stderr, |
199 | "usage: ssh [-1246AaCfgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]\n" | 199 | "usage: ssh [-1246AaCfgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]\n" |
200 | " [-D [bind_address:]port] [-e escape_char] [-F configfile]\n" | 200 | " [-D [bind_address:]port] [-E log_file] [-e escape_char]\n" |
201 | " [-I pkcs11] [-i identity_file]\n" | 201 | " [-F configfile] [-I pkcs11] [-i identity_file]\n" |
202 | " [-L [bind_address:]port:host:hostport]\n" | 202 | " [-L [bind_address:]port:host:hostport] [-Q protocol_feature]\n" |
203 | " [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]\n" | 203 | " [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]\n" |
204 | " [-R [bind_address:]port:host:hostport] [-S ctl_path]\n" | 204 | " [-R [bind_address:]port:host:hostport] [-S ctl_path]\n" |
205 | " [-W host:port] [-w local_tun[:remote_tun]]\n" | 205 | " [-W host:port] [-w local_tun[:remote_tun]]\n" |
@@ -226,7 +226,7 @@ tilde_expand_paths(char **paths, u_int num_paths) | |||
226 | 226 | ||
227 | for (i = 0; i < num_paths; i++) { | 227 | for (i = 0; i < num_paths; i++) { |
228 | cp = tilde_expand_filename(paths[i], original_real_uid); | 228 | cp = tilde_expand_filename(paths[i], original_real_uid); |
229 | xfree(paths[i]); | 229 | free(paths[i]); |
230 | paths[i] = cp; | 230 | paths[i] = cp; |
231 | } | 231 | } |
232 | } | 232 | } |
@@ -238,7 +238,7 @@ int | |||
238 | main(int ac, char **av) | 238 | main(int ac, char **av) |
239 | { | 239 | { |
240 | int i, r, opt, exit_status, use_syslog; | 240 | int i, r, opt, exit_status, use_syslog; |
241 | char *p, *cp, *line, *argv0, buf[MAXPATHLEN], *host_arg; | 241 | char *p, *cp, *line, *argv0, buf[MAXPATHLEN], *host_arg, *logfile; |
242 | char thishost[NI_MAXHOST], shorthost[NI_MAXHOST], portstr[NI_MAXSERV]; | 242 | char thishost[NI_MAXHOST], shorthost[NI_MAXHOST], portstr[NI_MAXSERV]; |
243 | struct stat st; | 243 | struct stat st; |
244 | struct passwd *pw; | 244 | struct passwd *pw; |
@@ -299,7 +299,7 @@ main(int ac, char **av) | |||
299 | /* Get user data. */ | 299 | /* Get user data. */ |
300 | pw = getpwuid(original_real_uid); | 300 | pw = getpwuid(original_real_uid); |
301 | if (!pw) { | 301 | if (!pw) { |
302 | logit("You don't exist, go away!"); | 302 | logit("No user exists for uid %lu", (u_long)original_real_uid); |
303 | exit(255); | 303 | exit(255); |
304 | } | 304 | } |
305 | /* Take a copy of the returned structure. */ | 305 | /* Take a copy of the returned structure. */ |
@@ -322,11 +322,12 @@ main(int ac, char **av) | |||
322 | /* Parse command-line arguments. */ | 322 | /* Parse command-line arguments. */ |
323 | host = NULL; | 323 | host = NULL; |
324 | use_syslog = 0; | 324 | use_syslog = 0; |
325 | logfile = NULL; | ||
325 | argv0 = av[0]; | 326 | argv0 = av[0]; |
326 | 327 | ||
327 | again: | 328 | again: |
328 | while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx" | 329 | while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx" |
329 | "ACD:F:I:KL:MNO:PR:S:TVw:W:XYy")) != -1) { | 330 | "ACD:E:F:I:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) { |
330 | switch (opt) { | 331 | switch (opt) { |
331 | case '1': | 332 | case '1': |
332 | options.protocol = SSH_PROTO_1; | 333 | options.protocol = SSH_PROTO_1; |
@@ -356,6 +357,9 @@ main(int ac, char **av) | |||
356 | case 'y': | 357 | case 'y': |
357 | use_syslog = 1; | 358 | use_syslog = 1; |
358 | break; | 359 | break; |
360 | case 'E': | ||
361 | logfile = xstrdup(optarg); | ||
362 | break; | ||
359 | case 'Y': | 363 | case 'Y': |
360 | options.forward_x11 = 1; | 364 | options.forward_x11 = 1; |
361 | options.forward_x11_trusted = 1; | 365 | options.forward_x11_trusted = 1; |
@@ -385,6 +389,22 @@ main(int ac, char **av) | |||
385 | case 'P': /* deprecated */ | 389 | case 'P': /* deprecated */ |
386 | options.use_privileged_port = 0; | 390 | options.use_privileged_port = 0; |
387 | break; | 391 | break; |
392 | case 'Q': /* deprecated */ | ||
393 | cp = NULL; | ||
394 | if (strcasecmp(optarg, "cipher") == 0) | ||
395 | cp = cipher_alg_list(); | ||
396 | else if (strcasecmp(optarg, "mac") == 0) | ||
397 | cp = mac_alg_list(); | ||
398 | else if (strcasecmp(optarg, "kex") == 0) | ||
399 | cp = kex_alg_list(); | ||
400 | else if (strcasecmp(optarg, "key") == 0) | ||
401 | cp = key_alg_list(); | ||
402 | if (cp == NULL) | ||
403 | fatal("Unsupported query \"%s\"", optarg); | ||
404 | printf("%s\n", cp); | ||
405 | free(cp); | ||
406 | exit(0); | ||
407 | break; | ||
388 | case 'a': | 408 | case 'a': |
389 | options.forward_agent = 0; | 409 | options.forward_agent = 0; |
390 | break; | 410 | break; |
@@ -427,9 +447,8 @@ main(int ac, char **av) | |||
427 | } else { | 447 | } else { |
428 | if (options.log_level < SYSLOG_LEVEL_DEBUG3) | 448 | if (options.log_level < SYSLOG_LEVEL_DEBUG3) |
429 | options.log_level++; | 449 | options.log_level++; |
430 | break; | ||
431 | } | 450 | } |
432 | /* FALLTHROUGH */ | 451 | break; |
433 | case 'V': | 452 | case 'V': |
434 | fprintf(stderr, "%s, %s\n", | 453 | fprintf(stderr, "%s, %s\n", |
435 | SSH_RELEASE, SSLeay_version(SSLEAY_VERSION)); | 454 | SSH_RELEASE, SSLeay_version(SSLEAY_VERSION)); |
@@ -454,7 +473,7 @@ main(int ac, char **av) | |||
454 | if (parse_forward(&fwd, optarg, 1, 0)) { | 473 | if (parse_forward(&fwd, optarg, 1, 0)) { |
455 | stdio_forward_host = fwd.listen_host; | 474 | stdio_forward_host = fwd.listen_host; |
456 | stdio_forward_port = fwd.listen_port; | 475 | stdio_forward_port = fwd.listen_port; |
457 | xfree(fwd.connect_host); | 476 | free(fwd.connect_host); |
458 | } else { | 477 | } else { |
459 | fprintf(stderr, | 478 | fprintf(stderr, |
460 | "Bad stdio forwarding specification '%s'\n", | 479 | "Bad stdio forwarding specification '%s'\n", |
@@ -582,7 +601,7 @@ main(int ac, char **av) | |||
582 | line, "command-line", 0, &dummy, SSHCONF_USERCONF) | 601 | line, "command-line", 0, &dummy, SSHCONF_USERCONF) |
583 | != 0) | 602 | != 0) |
584 | exit(255); | 603 | exit(255); |
585 | xfree(line); | 604 | free(line); |
586 | break; | 605 | break; |
587 | case 's': | 606 | case 's': |
588 | subsystem_flag = 1; | 607 | subsystem_flag = 1; |
@@ -663,18 +682,28 @@ main(int ac, char **av) | |||
663 | 682 | ||
664 | /* | 683 | /* |
665 | * Initialize "log" output. Since we are the client all output | 684 | * Initialize "log" output. Since we are the client all output |
666 | * actually goes to stderr. | 685 | * goes to stderr unless otherwise specified by -y or -E. |
667 | */ | 686 | */ |
687 | if (use_syslog && logfile != NULL) | ||
688 | fatal("Can't specify both -y and -E"); | ||
689 | if (logfile != NULL) { | ||
690 | log_redirect_stderr_to(logfile); | ||
691 | free(logfile); | ||
692 | } | ||
668 | log_init(argv0, | 693 | log_init(argv0, |
669 | options.log_level == -1 ? SYSLOG_LEVEL_INFO : options.log_level, | 694 | options.log_level == -1 ? SYSLOG_LEVEL_INFO : options.log_level, |
670 | SYSLOG_FACILITY_USER, !use_syslog); | 695 | SYSLOG_FACILITY_USER, !use_syslog); |
671 | 696 | ||
697 | if (debug_flag) | ||
698 | logit("%s, %s", SSH_VERSION, SSLeay_version(SSLEAY_VERSION)); | ||
699 | |||
672 | /* | 700 | /* |
673 | * Read per-user configuration file. Ignore the system wide config | 701 | * Read per-user configuration file. Ignore the system wide config |
674 | * file if the user specifies a config file on the command line. | 702 | * file if the user specifies a config file on the command line. |
675 | */ | 703 | */ |
676 | if (config != NULL) { | 704 | if (config != NULL) { |
677 | if (!read_config_file(config, host, &options, SSHCONF_USERCONF)) | 705 | if (strcasecmp(config, "none") != 0 && |
706 | !read_config_file(config, host, &options, SSHCONF_USERCONF)) | ||
678 | fatal("Can't open user config file %.100s: " | 707 | fatal("Can't open user config file %.100s: " |
679 | "%.100s", config, strerror(errno)); | 708 | "%.100s", config, strerror(errno)); |
680 | } else { | 709 | } else { |
@@ -749,7 +778,7 @@ main(int ac, char **av) | |||
749 | "p", portstr, "u", pw->pw_name, "L", shorthost, | 778 | "p", portstr, "u", pw->pw_name, "L", shorthost, |
750 | (char *)NULL); | 779 | (char *)NULL); |
751 | debug3("expanded LocalCommand: %s", options.local_command); | 780 | debug3("expanded LocalCommand: %s", options.local_command); |
752 | xfree(cp); | 781 | free(cp); |
753 | } | 782 | } |
754 | 783 | ||
755 | /* force lowercase for hostkey matching */ | 784 | /* force lowercase for hostkey matching */ |
@@ -761,24 +790,24 @@ main(int ac, char **av) | |||
761 | 790 | ||
762 | if (options.proxy_command != NULL && | 791 | if (options.proxy_command != NULL && |
763 | strcmp(options.proxy_command, "none") == 0) { | 792 | strcmp(options.proxy_command, "none") == 0) { |
764 | xfree(options.proxy_command); | 793 | free(options.proxy_command); |
765 | options.proxy_command = NULL; | 794 | options.proxy_command = NULL; |
766 | } | 795 | } |
767 | if (options.control_path != NULL && | 796 | if (options.control_path != NULL && |
768 | strcmp(options.control_path, "none") == 0) { | 797 | strcmp(options.control_path, "none") == 0) { |
769 | xfree(options.control_path); | 798 | free(options.control_path); |
770 | options.control_path = NULL; | 799 | options.control_path = NULL; |
771 | } | 800 | } |
772 | 801 | ||
773 | if (options.control_path != NULL) { | 802 | if (options.control_path != NULL) { |
774 | cp = tilde_expand_filename(options.control_path, | 803 | cp = tilde_expand_filename(options.control_path, |
775 | original_real_uid); | 804 | original_real_uid); |
776 | xfree(options.control_path); | 805 | free(options.control_path); |
777 | options.control_path = percent_expand(cp, "h", host, | 806 | options.control_path = percent_expand(cp, "h", host, |
778 | "l", thishost, "n", host_arg, "r", options.user, | 807 | "l", thishost, "n", host_arg, "r", options.user, |
779 | "p", portstr, "u", pw->pw_name, "L", shorthost, | 808 | "p", portstr, "u", pw->pw_name, "L", shorthost, |
780 | (char *)NULL); | 809 | (char *)NULL); |
781 | xfree(cp); | 810 | free(cp); |
782 | } | 811 | } |
783 | if (muxclient_command != 0 && options.control_path == NULL) | 812 | if (muxclient_command != 0 && options.control_path == NULL) |
784 | fatal("No ControlPath specified for \"-O\" command"); | 813 | fatal("No ControlPath specified for \"-O\" command"); |
@@ -929,13 +958,11 @@ main(int ac, char **av) | |||
929 | sensitive_data.keys[i] = NULL; | 958 | sensitive_data.keys[i] = NULL; |
930 | } | 959 | } |
931 | } | 960 | } |
932 | xfree(sensitive_data.keys); | 961 | free(sensitive_data.keys); |
933 | } | 962 | } |
934 | for (i = 0; i < options.num_identity_files; i++) { | 963 | for (i = 0; i < options.num_identity_files; i++) { |
935 | if (options.identity_files[i]) { | 964 | free(options.identity_files[i]); |
936 | xfree(options.identity_files[i]); | 965 | options.identity_files[i] = NULL; |
937 | options.identity_files[i] = NULL; | ||
938 | } | ||
939 | if (options.identity_keys[i]) { | 966 | if (options.identity_keys[i]) { |
940 | key_free(options.identity_keys[i]); | 967 | key_free(options.identity_keys[i]); |
941 | options.identity_keys[i] = NULL; | 968 | options.identity_keys[i] = NULL; |
@@ -995,6 +1022,7 @@ control_persist_detach(void) | |||
995 | if (devnull > STDERR_FILENO) | 1022 | if (devnull > STDERR_FILENO) |
996 | close(devnull); | 1023 | close(devnull); |
997 | } | 1024 | } |
1025 | daemon(1, 1); | ||
998 | setproctitle("%s [mux]", options.control_path); | 1026 | setproctitle("%s [mux]", options.control_path); |
999 | } | 1027 | } |
1000 | 1028 | ||
@@ -1453,6 +1481,11 @@ ssh_session2(void) | |||
1453 | 1481 | ||
1454 | if (!no_shell_flag || (datafellows & SSH_BUG_DUMMYCHAN)) | 1482 | if (!no_shell_flag || (datafellows & SSH_BUG_DUMMYCHAN)) |
1455 | id = ssh_session2_open(); | 1483 | id = ssh_session2_open(); |
1484 | else { | ||
1485 | packet_set_interactive( | ||
1486 | options.control_master == SSHCTL_MASTER_NO, | ||
1487 | options.ip_qos_interactive, options.ip_qos_bulk); | ||
1488 | } | ||
1456 | 1489 | ||
1457 | /* If we don't expect to open a new session, then disallow it */ | 1490 | /* If we don't expect to open a new session, then disallow it */ |
1458 | if (options.control_master == SSHCTL_MASTER_NO && | 1491 | if (options.control_master == SSHCTL_MASTER_NO && |
@@ -1525,7 +1558,7 @@ load_public_identity_files(void) | |||
1525 | xstrdup(options.pkcs11_provider); /* XXX */ | 1558 | xstrdup(options.pkcs11_provider); /* XXX */ |
1526 | n_ids++; | 1559 | n_ids++; |
1527 | } | 1560 | } |
1528 | xfree(keys); | 1561 | free(keys); |
1529 | } | 1562 | } |
1530 | #endif /* ENABLE_PKCS11 */ | 1563 | #endif /* ENABLE_PKCS11 */ |
1531 | if ((pw = getpwuid(original_real_uid)) == NULL) | 1564 | if ((pw = getpwuid(original_real_uid)) == NULL) |
@@ -1538,7 +1571,7 @@ load_public_identity_files(void) | |||
1538 | for (i = 0; i < options.num_identity_files; i++) { | 1571 | for (i = 0; i < options.num_identity_files; i++) { |
1539 | if (n_ids >= SSH_MAX_IDENTITY_FILES || | 1572 | if (n_ids >= SSH_MAX_IDENTITY_FILES || |
1540 | strcasecmp(options.identity_files[i], "none") == 0) { | 1573 | strcasecmp(options.identity_files[i], "none") == 0) { |
1541 | xfree(options.identity_files[i]); | 1574 | free(options.identity_files[i]); |
1542 | continue; | 1575 | continue; |
1543 | } | 1576 | } |
1544 | cp = tilde_expand_filename(options.identity_files[i], | 1577 | cp = tilde_expand_filename(options.identity_files[i], |
@@ -1546,11 +1579,11 @@ load_public_identity_files(void) | |||
1546 | filename = percent_expand(cp, "d", pwdir, | 1579 | filename = percent_expand(cp, "d", pwdir, |
1547 | "u", pwname, "l", thishost, "h", host, | 1580 | "u", pwname, "l", thishost, "h", host, |
1548 | "r", options.user, (char *)NULL); | 1581 | "r", options.user, (char *)NULL); |
1549 | xfree(cp); | 1582 | free(cp); |
1550 | public = key_load_public(filename, NULL); | 1583 | public = key_load_public(filename, NULL); |
1551 | debug("identity file %s type %d", filename, | 1584 | debug("identity file %s type %d", filename, |
1552 | public ? public->type : -1); | 1585 | public ? public->type : -1); |
1553 | xfree(options.identity_files[i]); | 1586 | free(options.identity_files[i]); |
1554 | identity_files[n_ids] = filename; | 1587 | identity_files[n_ids] = filename; |
1555 | identity_keys[n_ids] = public; | 1588 | identity_keys[n_ids] = public; |
1556 | 1589 | ||
@@ -1563,14 +1596,14 @@ load_public_identity_files(void) | |||
1563 | debug("identity file %s type %d", cp, | 1596 | debug("identity file %s type %d", cp, |
1564 | public ? public->type : -1); | 1597 | public ? public->type : -1); |
1565 | if (public == NULL) { | 1598 | if (public == NULL) { |
1566 | xfree(cp); | 1599 | free(cp); |
1567 | continue; | 1600 | continue; |
1568 | } | 1601 | } |
1569 | if (!key_is_cert(public)) { | 1602 | if (!key_is_cert(public)) { |
1570 | debug("%s: key %s type %s is not a certificate", | 1603 | debug("%s: key %s type %s is not a certificate", |
1571 | __func__, cp, key_type(public)); | 1604 | __func__, cp, key_type(public)); |
1572 | key_free(public); | 1605 | key_free(public); |
1573 | xfree(cp); | 1606 | free(cp); |
1574 | continue; | 1607 | continue; |
1575 | } | 1608 | } |
1576 | identity_keys[n_ids] = public; | 1609 | identity_keys[n_ids] = public; |
@@ -1583,9 +1616,9 @@ load_public_identity_files(void) | |||
1583 | memcpy(options.identity_keys, identity_keys, sizeof(identity_keys)); | 1616 | memcpy(options.identity_keys, identity_keys, sizeof(identity_keys)); |
1584 | 1617 | ||
1585 | bzero(pwname, strlen(pwname)); | 1618 | bzero(pwname, strlen(pwname)); |
1586 | xfree(pwname); | 1619 | free(pwname); |
1587 | bzero(pwdir, strlen(pwdir)); | 1620 | bzero(pwdir, strlen(pwdir)); |
1588 | xfree(pwdir); | 1621 | free(pwdir); |
1589 | } | 1622 | } |
1590 | 1623 | ||
1591 | static void | 1624 | static void |
diff --git a/ssh_config b/ssh_config index 2c06ba707..32343213f 100644 --- a/ssh_config +++ b/ssh_config | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: ssh_config,v 1.26 2010/01/11 01:39:46 dtucker Exp $ | 1 | # $OpenBSD: ssh_config,v 1.27 2013/05/16 02:00:34 dtucker Exp $ |
2 | 2 | ||
3 | # This is the ssh client system-wide configuration file. See | 3 | # This is the ssh client system-wide configuration file. See |
4 | # ssh_config(5) for more information. This file provides defaults for | 4 | # ssh_config(5) for more information. This file provides defaults for |
@@ -47,3 +47,4 @@ | |||
47 | # PermitLocalCommand no | 47 | # PermitLocalCommand no |
48 | # VisualHostKey no | 48 | # VisualHostKey no |
49 | # ProxyCommand ssh -q -W %h:%p gateway.example.com | 49 | # ProxyCommand ssh -q -W %h:%p gateway.example.com |
50 | # RekeyLimit 1G 1h | ||
diff --git a/ssh_config.0 b/ssh_config.0 index 164d11817..bd9e1ad51 100644 --- a/ssh_config.0 +++ b/ssh_config.0 | |||
@@ -369,9 +369,9 @@ DESCRIPTION | |||
369 | for protocol version 1, and ~/.ssh/id_dsa, ~/.ssh/id_ecdsa and | 369 | for protocol version 1, and ~/.ssh/id_dsa, ~/.ssh/id_ecdsa and |
370 | ~/.ssh/id_rsa for protocol version 2. Additionally, any | 370 | ~/.ssh/id_rsa for protocol version 2. Additionally, any |
371 | identities represented by the authentication agent will be used | 371 | identities represented by the authentication agent will be used |
372 | for authentication. ssh(1) will try to load certificate | 372 | for authentication unless IdentitiesOnly is set. ssh(1) will try |
373 | information from the filename obtained by appending -cert.pub to | 373 | to load certificate information from the filename obtained by |
374 | the path of a specified IdentityFile. | 374 | appending -cert.pub to the path of a specified IdentityFile. |
375 | 375 | ||
376 | The file name may use the tilde syntax to refer to a user's home | 376 | The file name may use the tilde syntax to refer to a user's home |
377 | directory or one of the following escape characters: `%d' (local | 377 | directory or one of the following escape characters: `%d' (local |
@@ -384,6 +384,18 @@ DESCRIPTION | |||
384 | of identities tried (this behaviour differs from that of other | 384 | of identities tried (this behaviour differs from that of other |
385 | configuration directives). | 385 | configuration directives). |
386 | 386 | ||
387 | IdentityFile may be used in conjunction with IdentitiesOnly to | ||
388 | select which identities in an agent are offered during | ||
389 | authentication. | ||
390 | |||
391 | IgnoreUnknown | ||
392 | Specifies a pattern-list of unknown options to be ignored if they | ||
393 | are encountered in configuration parsing. This may be used to | ||
394 | suppress errors if ssh_config contains options that are | ||
395 | unrecognised by ssh(1). It is recommended that IgnoreUnknown be | ||
396 | listed early in the configuration file as it will not be applied | ||
397 | to unknown options that appear before it. | ||
398 | |||
387 | IPQoS Specifies the IPv4 type-of-service or DSCP class for connections. | 399 | IPQoS Specifies the IPv4 type-of-service or DSCP class for connections. |
388 | Accepted values are ``af11'', ``af12'', ``af13'', ``af21'', | 400 | Accepted values are ``af11'', ``af12'', ``af13'', ``af21'', |
389 | ``af22'', ``af23'', ``af31'', ``af32'', ``af33'', ``af41'', | 401 | ``af22'', ``af23'', ``af31'', ``af32'', ``af33'', ``af41'', |
@@ -552,11 +564,18 @@ DESCRIPTION | |||
552 | 564 | ||
553 | RekeyLimit | 565 | RekeyLimit |
554 | Specifies the maximum amount of data that may be transmitted | 566 | Specifies the maximum amount of data that may be transmitted |
555 | before the session key is renegotiated. The argument is the | 567 | before the session key is renegotiated, optionally followed a |
556 | number of bytes, with an optional suffix of `K', `M', or `G' to | 568 | maximum amount of time that may pass before the session key is |
557 | indicate Kilobytes, Megabytes, or Gigabytes, respectively. The | 569 | renegotiated. The first argument is specified in bytes and may |
558 | default is between `1G' and `4G', depending on the cipher. This | 570 | have a suffix of `K', `M', or `G' to indicate Kilobytes, |
559 | option applies to protocol version 2 only. | 571 | Megabytes, or Gigabytes, respectively. The default is between |
572 | `1G' and `4G', depending on the cipher. The optional second | ||
573 | value is specified in seconds and may use any of the units | ||
574 | documented in the TIME FORMATS section of sshd_config(5). The | ||
575 | default value for RekeyLimit is ``default none'', which means | ||
576 | that rekeying is performed after the cipher's default amount of | ||
577 | data has been sent or received and no time based rekeying is | ||
578 | done. This option applies to protocol version 2 only. | ||
560 | 579 | ||
561 | RemoteForward | 580 | RemoteForward |
562 | Specifies that a TCP port on the remote machine be forwarded over | 581 | Specifies that a TCP port on the remote machine be forwarded over |
@@ -773,4 +792,4 @@ AUTHORS | |||
773 | created OpenSSH. Markus Friedl contributed the support for SSH protocol | 792 | created OpenSSH. Markus Friedl contributed the support for SSH protocol |
774 | versions 1.5 and 2.0. | 793 | versions 1.5 and 2.0. |
775 | 794 | ||
776 | OpenBSD 5.3 January 8, 2013 OpenBSD 5.3 | 795 | OpenBSD 5.4 June 27, 2013 OpenBSD 5.4 |
diff --git a/ssh_config.5 b/ssh_config.5 index bd3a7127a..e72919a89 100644 --- a/ssh_config.5 +++ b/ssh_config.5 | |||
@@ -33,8 +33,8 @@ | |||
33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
35 | .\" | 35 | .\" |
36 | .\" $OpenBSD: ssh_config.5,v 1.161 2013/01/08 18:49:04 markus Exp $ | 36 | .\" $OpenBSD: ssh_config.5,v 1.166 2013/06/27 14:05:37 jmc Exp $ |
37 | .Dd $Mdocdate: January 8 2013 $ | 37 | .Dd $Mdocdate: June 27 2013 $ |
38 | .Dt SSH_CONFIG 5 | 38 | .Dt SSH_CONFIG 5 |
39 | .Os | 39 | .Os |
40 | .Sh NAME | 40 | .Sh NAME |
@@ -474,8 +474,7 @@ option is also enabled. | |||
474 | .It Cm ForwardX11Timeout | 474 | .It Cm ForwardX11Timeout |
475 | Specify a timeout for untrusted X11 forwarding | 475 | Specify a timeout for untrusted X11 forwarding |
476 | using the format described in the | 476 | using the format described in the |
477 | .Sx TIME FORMATS | 477 | TIME FORMATS section of |
478 | section of | ||
479 | .Xr sshd_config 5 . | 478 | .Xr sshd_config 5 . |
480 | X11 connections received by | 479 | X11 connections received by |
481 | .Xr ssh 1 | 480 | .Xr ssh 1 |
@@ -660,7 +659,9 @@ and | |||
660 | .Pa ~/.ssh/id_rsa | 659 | .Pa ~/.ssh/id_rsa |
661 | for protocol version 2. | 660 | for protocol version 2. |
662 | Additionally, any identities represented by the authentication agent | 661 | Additionally, any identities represented by the authentication agent |
663 | will be used for authentication. | 662 | will be used for authentication unless |
663 | .Cm IdentitiesOnly | ||
664 | is set. | ||
664 | .Xr ssh 1 | 665 | .Xr ssh 1 |
665 | will try to load certificate information from the filename obtained by | 666 | will try to load certificate information from the filename obtained by |
666 | appending | 667 | appending |
@@ -689,6 +690,22 @@ Multiple | |||
689 | .Cm IdentityFile | 690 | .Cm IdentityFile |
690 | directives will add to the list of identities tried (this behaviour | 691 | directives will add to the list of identities tried (this behaviour |
691 | differs from that of other configuration directives). | 692 | differs from that of other configuration directives). |
693 | .Pp | ||
694 | .Cm IdentityFile | ||
695 | may be used in conjunction with | ||
696 | .Cm IdentitiesOnly | ||
697 | to select which identities in an agent are offered during authentication. | ||
698 | .It Cm IgnoreUnknown | ||
699 | Specifies a pattern-list of unknown options to be ignored if they are | ||
700 | encountered in configuration parsing. | ||
701 | This may be used to suppress errors if | ||
702 | .Nm | ||
703 | contains options that are unrecognised by | ||
704 | .Xr ssh 1 . | ||
705 | It is recommended that | ||
706 | .Cm IgnoreUnknown | ||
707 | be listed early in the configuration file as it will not be applied | ||
708 | to unknown options that appear before it. | ||
692 | .It Cm IPQoS | 709 | .It Cm IPQoS |
693 | Specifies the IPv4 type-of-service or DSCP class for connections. | 710 | Specifies the IPv4 type-of-service or DSCP class for connections. |
694 | Accepted values are | 711 | Accepted values are |
@@ -963,8 +980,9 @@ The default is | |||
963 | This option applies to protocol version 2 only. | 980 | This option applies to protocol version 2 only. |
964 | .It Cm RekeyLimit | 981 | .It Cm RekeyLimit |
965 | Specifies the maximum amount of data that may be transmitted before the | 982 | Specifies the maximum amount of data that may be transmitted before the |
966 | session key is renegotiated. | 983 | session key is renegotiated, optionally followed a maximum amount of |
967 | The argument is the number of bytes, with an optional suffix of | 984 | time that may pass before the session key is renegotiated. |
985 | The first argument is specified in bytes and may have a suffix of | ||
968 | .Sq K , | 986 | .Sq K , |
969 | .Sq M , | 987 | .Sq M , |
970 | or | 988 | or |
@@ -975,6 +993,16 @@ The default is between | |||
975 | and | 993 | and |
976 | .Sq 4G , | 994 | .Sq 4G , |
977 | depending on the cipher. | 995 | depending on the cipher. |
996 | The optional second value is specified in seconds and may use any of the | ||
997 | units documented in the | ||
998 | TIME FORMATS section of | ||
999 | .Xr sshd_config 5 . | ||
1000 | The default value for | ||
1001 | .Cm RekeyLimit | ||
1002 | is | ||
1003 | .Dq default none , | ||
1004 | which means that rekeying is performed after the cipher's default amount | ||
1005 | of data has been sent or received and no time based rekeying is done. | ||
978 | This option applies to protocol version 2 only. | 1006 | This option applies to protocol version 2 only. |
979 | .It Cm RemoteForward | 1007 | .It Cm RemoteForward |
980 | Specifies that a TCP port on the remote machine be forwarded over | 1008 | Specifies that a TCP port on the remote machine be forwarded over |
@@ -1253,9 +1281,7 @@ The default is | |||
1253 | .Dq no . | 1281 | .Dq no . |
1254 | Note that this option applies to protocol version 2 only. | 1282 | Note that this option applies to protocol version 2 only. |
1255 | .Pp | 1283 | .Pp |
1256 | See also | 1284 | See also VERIFYING HOST KEYS in |
1257 | .Sx VERIFYING HOST KEYS | ||
1258 | in | ||
1259 | .Xr ssh 1 . | 1285 | .Xr ssh 1 . |
1260 | .It Cm VisualHostKey | 1286 | .It Cm VisualHostKey |
1261 | If this flag is set to | 1287 | If this flag is set to |
diff --git a/sshconnect.c b/sshconnect.c index cf0711285..483eb85ac 100644 --- a/sshconnect.c +++ b/sshconnect.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshconnect.c,v 1.237 2013/02/22 19:13:56 markus Exp $ */ | 1 | /* $OpenBSD: sshconnect.c,v 1.238 2013/05/17 00:13:14 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -112,7 +112,7 @@ ssh_proxy_connect(const char *host, u_short port, const char *proxy_command) | |||
112 | xasprintf(&tmp, "exec %s", proxy_command); | 112 | xasprintf(&tmp, "exec %s", proxy_command); |
113 | command_string = percent_expand(tmp, "h", host, "p", strport, | 113 | command_string = percent_expand(tmp, "h", host, "p", strport, |
114 | "r", options.user, (char *)NULL); | 114 | "r", options.user, (char *)NULL); |
115 | xfree(tmp); | 115 | free(tmp); |
116 | 116 | ||
117 | /* Create pipes for communicating with the proxy. */ | 117 | /* Create pipes for communicating with the proxy. */ |
118 | if (pipe(pin) < 0 || pipe(pout) < 0) | 118 | if (pipe(pin) < 0 || pipe(pout) < 0) |
@@ -166,7 +166,7 @@ ssh_proxy_connect(const char *host, u_short port, const char *proxy_command) | |||
166 | close(pout[1]); | 166 | close(pout[1]); |
167 | 167 | ||
168 | /* Free the command name. */ | 168 | /* Free the command name. */ |
169 | xfree(command_string); | 169 | free(command_string); |
170 | 170 | ||
171 | /* Set the connection file descriptors. */ | 171 | /* Set the connection file descriptors. */ |
172 | packet_set_connection(pout[0], pin[1]); | 172 | packet_set_connection(pout[0], pin[1]); |
@@ -315,7 +315,7 @@ timeout_connect(int sockfd, const struct sockaddr *serv_addr, | |||
315 | fatal("Bogus return (%d) from select()", rc); | 315 | fatal("Bogus return (%d) from select()", rc); |
316 | } | 316 | } |
317 | 317 | ||
318 | xfree(fdset); | 318 | free(fdset); |
319 | 319 | ||
320 | done: | 320 | done: |
321 | if (result == 0 && *timeoutp > 0) { | 321 | if (result == 0 && *timeoutp > 0) { |
@@ -534,7 +534,7 @@ ssh_exchange_identification(int timeout_ms) | |||
534 | debug("ssh_exchange_identification: %s", buf); | 534 | debug("ssh_exchange_identification: %s", buf); |
535 | } | 535 | } |
536 | server_version_string = xstrdup(buf); | 536 | server_version_string = xstrdup(buf); |
537 | xfree(fdset); | 537 | free(fdset); |
538 | 538 | ||
539 | /* | 539 | /* |
540 | * Check that the versions match. In future this might accept | 540 | * Check that the versions match. In future this might accept |
@@ -610,8 +610,7 @@ confirm(const char *prompt) | |||
610 | ret = 0; | 610 | ret = 0; |
611 | if (p && strncasecmp(p, "yes", 3) == 0) | 611 | if (p && strncasecmp(p, "yes", 3) == 0) |
612 | ret = 1; | 612 | ret = 1; |
613 | if (p) | 613 | free(p); |
614 | xfree(p); | ||
615 | if (ret != -1) | 614 | if (ret != -1) |
616 | return ret; | 615 | return ret; |
617 | } | 616 | } |
@@ -835,8 +834,8 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, | |||
835 | ra = key_fingerprint(host_key, SSH_FP_MD5, | 834 | ra = key_fingerprint(host_key, SSH_FP_MD5, |
836 | SSH_FP_RANDOMART); | 835 | SSH_FP_RANDOMART); |
837 | logit("Host key fingerprint is %s\n%s\n", fp, ra); | 836 | logit("Host key fingerprint is %s\n%s\n", fp, ra); |
838 | xfree(ra); | 837 | free(ra); |
839 | xfree(fp); | 838 | free(fp); |
840 | } | 839 | } |
841 | break; | 840 | break; |
842 | case HOST_NEW: | 841 | case HOST_NEW: |
@@ -896,8 +895,8 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, | |||
896 | options.visual_host_key ? "\n" : "", | 895 | options.visual_host_key ? "\n" : "", |
897 | options.visual_host_key ? ra : "", | 896 | options.visual_host_key ? ra : "", |
898 | msg2); | 897 | msg2); |
899 | xfree(ra); | 898 | free(ra); |
900 | xfree(fp); | 899 | free(fp); |
901 | if (!confirm(msg)) | 900 | if (!confirm(msg)) |
902 | goto fail; | 901 | goto fail; |
903 | } | 902 | } |
@@ -1098,8 +1097,8 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, | |||
1098 | } | 1097 | } |
1099 | } | 1098 | } |
1100 | 1099 | ||
1101 | xfree(ip); | 1100 | free(ip); |
1102 | xfree(host); | 1101 | free(host); |
1103 | if (host_hostkeys != NULL) | 1102 | if (host_hostkeys != NULL) |
1104 | free_hostkeys(host_hostkeys); | 1103 | free_hostkeys(host_hostkeys); |
1105 | if (ip_hostkeys != NULL) | 1104 | if (ip_hostkeys != NULL) |
@@ -1121,8 +1120,8 @@ fail: | |||
1121 | } | 1120 | } |
1122 | if (raw_key != NULL) | 1121 | if (raw_key != NULL) |
1123 | key_free(raw_key); | 1122 | key_free(raw_key); |
1124 | xfree(ip); | 1123 | free(ip); |
1125 | xfree(host); | 1124 | free(host); |
1126 | if (host_hostkeys != NULL) | 1125 | if (host_hostkeys != NULL) |
1127 | free_hostkeys(host_hostkeys); | 1126 | free_hostkeys(host_hostkeys); |
1128 | if (ip_hostkeys != NULL) | 1127 | if (ip_hostkeys != NULL) |
@@ -1139,7 +1138,7 @@ verify_host_key(char *host, struct sockaddr *hostaddr, Key *host_key) | |||
1139 | 1138 | ||
1140 | fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX); | 1139 | fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX); |
1141 | debug("Server host key: %s %s", key_type(host_key), fp); | 1140 | debug("Server host key: %s %s", key_type(host_key), fp); |
1142 | xfree(fp); | 1141 | free(fp); |
1143 | 1142 | ||
1144 | /* XXX certs are not yet supported for DNS */ | 1143 | /* XXX certs are not yet supported for DNS */ |
1145 | if (!key_is_cert(host_key) && options.verify_host_key_dns && | 1144 | if (!key_is_cert(host_key) && options.verify_host_key_dns && |
@@ -1204,7 +1203,7 @@ ssh_login(Sensitive *sensitive, const char *orighost, | |||
1204 | ssh_kex(host, hostaddr); | 1203 | ssh_kex(host, hostaddr); |
1205 | ssh_userauth1(local_user, server_user, host, sensitive); | 1204 | ssh_userauth1(local_user, server_user, host, sensitive); |
1206 | } | 1205 | } |
1207 | xfree(local_user); | 1206 | free(local_user); |
1208 | } | 1207 | } |
1209 | 1208 | ||
1210 | void | 1209 | void |
@@ -1222,7 +1221,7 @@ ssh_put_password(char *password) | |||
1222 | strlcpy(padded, password, size); | 1221 | strlcpy(padded, password, size); |
1223 | packet_put_string(padded, size); | 1222 | packet_put_string(padded, size); |
1224 | memset(padded, 0, size); | 1223 | memset(padded, 0, size); |
1225 | xfree(padded); | 1224 | free(padded); |
1226 | } | 1225 | } |
1227 | 1226 | ||
1228 | /* print all known host keys for a given host, but skip keys of given type */ | 1227 | /* print all known host keys for a given host, but skip keys of given type */ |
@@ -1249,8 +1248,8 @@ show_other_keys(struct hostkeys *hostkeys, Key *key) | |||
1249 | key_type(found->key), fp); | 1248 | key_type(found->key), fp); |
1250 | if (options.visual_host_key) | 1249 | if (options.visual_host_key) |
1251 | logit("%s", ra); | 1250 | logit("%s", ra); |
1252 | xfree(ra); | 1251 | free(ra); |
1253 | xfree(fp); | 1252 | free(fp); |
1254 | ret = 1; | 1253 | ret = 1; |
1255 | } | 1254 | } |
1256 | return ret; | 1255 | return ret; |
@@ -1273,7 +1272,7 @@ warn_changed_key(Key *host_key) | |||
1273 | key_type(host_key), fp); | 1272 | key_type(host_key), fp); |
1274 | error("Please contact your system administrator."); | 1273 | error("Please contact your system administrator."); |
1275 | 1274 | ||
1276 | xfree(fp); | 1275 | free(fp); |
1277 | } | 1276 | } |
1278 | 1277 | ||
1279 | /* | 1278 | /* |
diff --git a/sshconnect1.c b/sshconnect1.c index fd07bbf74..d285e23c0 100644 --- a/sshconnect1.c +++ b/sshconnect1.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshconnect1.c,v 1.70 2006/11/06 21:25:28 markus Exp $ */ | 1 | /* $OpenBSD: sshconnect1.c,v 1.71 2013/05/17 00:13:14 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -84,7 +84,7 @@ try_agent_authentication(void) | |||
84 | 84 | ||
85 | /* Try this identity. */ | 85 | /* Try this identity. */ |
86 | debug("Trying RSA authentication via agent with '%.100s'", comment); | 86 | debug("Trying RSA authentication via agent with '%.100s'", comment); |
87 | xfree(comment); | 87 | free(comment); |
88 | 88 | ||
89 | /* Tell the server that we are willing to authenticate using this key. */ | 89 | /* Tell the server that we are willing to authenticate using this key. */ |
90 | packet_start(SSH_CMSG_AUTH_RSA); | 90 | packet_start(SSH_CMSG_AUTH_RSA); |
@@ -231,7 +231,7 @@ try_rsa_authentication(int idx) | |||
231 | */ | 231 | */ |
232 | if (type == SSH_SMSG_FAILURE) { | 232 | if (type == SSH_SMSG_FAILURE) { |
233 | debug("Server refused our key."); | 233 | debug("Server refused our key."); |
234 | xfree(comment); | 234 | free(comment); |
235 | return 0; | 235 | return 0; |
236 | } | 236 | } |
237 | /* Otherwise, the server should respond with a challenge. */ | 237 | /* Otherwise, the server should respond with a challenge. */ |
@@ -270,14 +270,14 @@ try_rsa_authentication(int idx) | |||
270 | quit = 1; | 270 | quit = 1; |
271 | } | 271 | } |
272 | memset(passphrase, 0, strlen(passphrase)); | 272 | memset(passphrase, 0, strlen(passphrase)); |
273 | xfree(passphrase); | 273 | free(passphrase); |
274 | if (private != NULL || quit) | 274 | if (private != NULL || quit) |
275 | break; | 275 | break; |
276 | debug2("bad passphrase given, try again..."); | 276 | debug2("bad passphrase given, try again..."); |
277 | } | 277 | } |
278 | } | 278 | } |
279 | /* We no longer need the comment. */ | 279 | /* We no longer need the comment. */ |
280 | xfree(comment); | 280 | free(comment); |
281 | 281 | ||
282 | if (private == NULL) { | 282 | if (private == NULL) { |
283 | if (!options.batch_mode && perm_ok) | 283 | if (!options.batch_mode && perm_ok) |
@@ -412,7 +412,7 @@ try_challenge_response_authentication(void) | |||
412 | packet_check_eom(); | 412 | packet_check_eom(); |
413 | snprintf(prompt, sizeof prompt, "%s%s", challenge, | 413 | snprintf(prompt, sizeof prompt, "%s%s", challenge, |
414 | strchr(challenge, '\n') ? "" : "\nResponse: "); | 414 | strchr(challenge, '\n') ? "" : "\nResponse: "); |
415 | xfree(challenge); | 415 | free(challenge); |
416 | if (i != 0) | 416 | if (i != 0) |
417 | error("Permission denied, please try again."); | 417 | error("Permission denied, please try again."); |
418 | if (options.cipher == SSH_CIPHER_NONE) | 418 | if (options.cipher == SSH_CIPHER_NONE) |
@@ -420,13 +420,13 @@ try_challenge_response_authentication(void) | |||
420 | "Response will be transmitted in clear text."); | 420 | "Response will be transmitted in clear text."); |
421 | response = read_passphrase(prompt, 0); | 421 | response = read_passphrase(prompt, 0); |
422 | if (strcmp(response, "") == 0) { | 422 | if (strcmp(response, "") == 0) { |
423 | xfree(response); | 423 | free(response); |
424 | break; | 424 | break; |
425 | } | 425 | } |
426 | packet_start(SSH_CMSG_AUTH_TIS_RESPONSE); | 426 | packet_start(SSH_CMSG_AUTH_TIS_RESPONSE); |
427 | ssh_put_password(response); | 427 | ssh_put_password(response); |
428 | memset(response, 0, strlen(response)); | 428 | memset(response, 0, strlen(response)); |
429 | xfree(response); | 429 | free(response); |
430 | packet_send(); | 430 | packet_send(); |
431 | packet_write_wait(); | 431 | packet_write_wait(); |
432 | type = packet_read(); | 432 | type = packet_read(); |
@@ -459,7 +459,7 @@ try_password_authentication(char *prompt) | |||
459 | packet_start(SSH_CMSG_AUTH_PASSWORD); | 459 | packet_start(SSH_CMSG_AUTH_PASSWORD); |
460 | ssh_put_password(password); | 460 | ssh_put_password(password); |
461 | memset(password, 0, strlen(password)); | 461 | memset(password, 0, strlen(password)); |
462 | xfree(password); | 462 | free(password); |
463 | packet_send(); | 463 | packet_send(); |
464 | packet_write_wait(); | 464 | packet_write_wait(); |
465 | 465 | ||
diff --git a/sshconnect2.c b/sshconnect2.c index 1aa8523e1..8c20eed93 100644 --- a/sshconnect2.c +++ b/sshconnect2.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshconnect2.c,v 1.192 2013/02/17 23:16:57 dtucker Exp $ */ | 1 | /* $OpenBSD: sshconnect2.c,v 1.198 2013/06/05 12:52:38 dtucker Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * Copyright (c) 2008 Damien Miller. All rights reserved. | 4 | * Copyright (c) 2008 Damien Miller. All rights reserved. |
@@ -146,10 +146,10 @@ order_hostkeyalgs(char *host, struct sockaddr *hostaddr, u_short port) | |||
146 | if (*first != '\0') | 146 | if (*first != '\0') |
147 | debug3("%s: prefer hostkeyalgs: %s", __func__, first); | 147 | debug3("%s: prefer hostkeyalgs: %s", __func__, first); |
148 | 148 | ||
149 | xfree(first); | 149 | free(first); |
150 | xfree(last); | 150 | free(last); |
151 | xfree(hostname); | 151 | free(hostname); |
152 | xfree(oavail); | 152 | free(oavail); |
153 | free_hostkeys(hostkeys); | 153 | free_hostkeys(hostkeys); |
154 | 154 | ||
155 | return ret; | 155 | return ret; |
@@ -233,8 +233,9 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port) | |||
233 | } | 233 | } |
234 | #endif | 234 | #endif |
235 | 235 | ||
236 | if (options.rekey_limit) | 236 | if (options.rekey_limit || options.rekey_interval) |
237 | packet_set_rekey_limit((u_int32_t)options.rekey_limit); | 237 | packet_set_rekey_limits((u_int32_t)options.rekey_limit, |
238 | (time_t)options.rekey_interval); | ||
238 | 239 | ||
239 | /* start key exchange */ | 240 | /* start key exchange */ |
240 | kex = kex_setup(myproposal); | 241 | kex = kex_setup(myproposal); |
@@ -445,7 +446,7 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host, | |||
445 | if (packet_remaining() > 0) { | 446 | if (packet_remaining() > 0) { |
446 | char *reply = packet_get_string(NULL); | 447 | char *reply = packet_get_string(NULL); |
447 | debug2("service_accept: %s", reply); | 448 | debug2("service_accept: %s", reply); |
448 | xfree(reply); | 449 | free(reply); |
449 | } else { | 450 | } else { |
450 | debug2("buggy server: service_accept w/o service"); | 451 | debug2("buggy server: service_accept w/o service"); |
451 | } | 452 | } |
@@ -492,15 +493,12 @@ userauth(Authctxt *authctxt, char *authlist) | |||
492 | if (authctxt->method != NULL && authctxt->method->cleanup != NULL) | 493 | if (authctxt->method != NULL && authctxt->method->cleanup != NULL) |
493 | authctxt->method->cleanup(authctxt); | 494 | authctxt->method->cleanup(authctxt); |
494 | 495 | ||
495 | if (authctxt->methoddata) { | 496 | free(authctxt->methoddata); |
496 | xfree(authctxt->methoddata); | 497 | authctxt->methoddata = NULL; |
497 | authctxt->methoddata = NULL; | ||
498 | } | ||
499 | if (authlist == NULL) { | 498 | if (authlist == NULL) { |
500 | authlist = authctxt->authlist; | 499 | authlist = authctxt->authlist; |
501 | } else { | 500 | } else { |
502 | if (authctxt->authlist) | 501 | free(authctxt->authlist); |
503 | xfree(authctxt->authlist); | ||
504 | authctxt->authlist = authlist; | 502 | authctxt->authlist = authlist; |
505 | } | 503 | } |
506 | for (;;) { | 504 | for (;;) { |
@@ -548,10 +546,10 @@ input_userauth_banner(int type, u_int32_t seq, void *ctxt) | |||
548 | msg = xmalloc(len * 4 + 1); /* max expansion from strnvis() */ | 546 | msg = xmalloc(len * 4 + 1); /* max expansion from strnvis() */ |
549 | strnvis(msg, raw, len * 4 + 1, VIS_SAFE|VIS_OCTAL|VIS_NOSLASH); | 547 | strnvis(msg, raw, len * 4 + 1, VIS_SAFE|VIS_OCTAL|VIS_NOSLASH); |
550 | fprintf(stderr, "%s", msg); | 548 | fprintf(stderr, "%s", msg); |
551 | xfree(msg); | 549 | free(msg); |
552 | } | 550 | } |
553 | xfree(raw); | 551 | free(raw); |
554 | xfree(lang); | 552 | free(lang); |
555 | } | 553 | } |
556 | 554 | ||
557 | /* ARGSUSED */ | 555 | /* ARGSUSED */ |
@@ -562,16 +560,12 @@ input_userauth_success(int type, u_int32_t seq, void *ctxt) | |||
562 | 560 | ||
563 | if (authctxt == NULL) | 561 | if (authctxt == NULL) |
564 | fatal("input_userauth_success: no authentication context"); | 562 | fatal("input_userauth_success: no authentication context"); |
565 | if (authctxt->authlist) { | 563 | free(authctxt->authlist); |
566 | xfree(authctxt->authlist); | 564 | authctxt->authlist = NULL; |
567 | authctxt->authlist = NULL; | ||
568 | } | ||
569 | if (authctxt->method != NULL && authctxt->method->cleanup != NULL) | 565 | if (authctxt->method != NULL && authctxt->method->cleanup != NULL) |
570 | authctxt->method->cleanup(authctxt); | 566 | authctxt->method->cleanup(authctxt); |
571 | if (authctxt->methoddata) { | 567 | free(authctxt->methoddata); |
572 | xfree(authctxt->methoddata); | 568 | authctxt->methoddata = NULL; |
573 | authctxt->methoddata = NULL; | ||
574 | } | ||
575 | authctxt->success = 1; /* break out */ | 569 | authctxt->success = 1; /* break out */ |
576 | } | 570 | } |
577 | 571 | ||
@@ -602,8 +596,12 @@ input_userauth_failure(int type, u_int32_t seq, void *ctxt) | |||
602 | partial = packet_get_char(); | 596 | partial = packet_get_char(); |
603 | packet_check_eom(); | 597 | packet_check_eom(); |
604 | 598 | ||
605 | if (partial != 0) | 599 | if (partial != 0) { |
606 | logit("Authenticated with partial success."); | 600 | logit("Authenticated with partial success."); |
601 | /* reset state */ | ||
602 | pubkey_cleanup(authctxt); | ||
603 | pubkey_prepare(authctxt); | ||
604 | } | ||
607 | debug("Authentications that can continue: %s", authlist); | 605 | debug("Authentications that can continue: %s", authlist); |
608 | 606 | ||
609 | userauth(authctxt, authlist); | 607 | userauth(authctxt, authlist); |
@@ -656,7 +654,7 @@ input_userauth_pk_ok(int type, u_int32_t seq, void *ctxt) | |||
656 | } | 654 | } |
657 | fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); | 655 | fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); |
658 | debug2("input_userauth_pk_ok: fp %s", fp); | 656 | debug2("input_userauth_pk_ok: fp %s", fp); |
659 | xfree(fp); | 657 | free(fp); |
660 | 658 | ||
661 | /* | 659 | /* |
662 | * search keys in the reverse order, because last candidate has been | 660 | * search keys in the reverse order, because last candidate has been |
@@ -672,8 +670,8 @@ input_userauth_pk_ok(int type, u_int32_t seq, void *ctxt) | |||
672 | done: | 670 | done: |
673 | if (key != NULL) | 671 | if (key != NULL) |
674 | key_free(key); | 672 | key_free(key); |
675 | xfree(pkalg); | 673 | free(pkalg); |
676 | xfree(pkblob); | 674 | free(pkblob); |
677 | 675 | ||
678 | /* try another method if we did not send a packet */ | 676 | /* try another method if we did not send a packet */ |
679 | if (sent == 0) | 677 | if (sent == 0) |
@@ -823,7 +821,7 @@ input_gssapi_response(int type, u_int32_t plen, void *ctxt) | |||
823 | if (oidlen <= 2 || | 821 | if (oidlen <= 2 || |
824 | oidv[0] != SSH_GSS_OIDTYPE || | 822 | oidv[0] != SSH_GSS_OIDTYPE || |
825 | oidv[1] != oidlen - 2) { | 823 | oidv[1] != oidlen - 2) { |
826 | xfree(oidv); | 824 | free(oidv); |
827 | debug("Badly encoded mechanism OID received"); | 825 | debug("Badly encoded mechanism OID received"); |
828 | userauth(authctxt, NULL); | 826 | userauth(authctxt, NULL); |
829 | return; | 827 | return; |
@@ -834,7 +832,7 @@ input_gssapi_response(int type, u_int32_t plen, void *ctxt) | |||
834 | 832 | ||
835 | packet_check_eom(); | 833 | packet_check_eom(); |
836 | 834 | ||
837 | xfree(oidv); | 835 | free(oidv); |
838 | 836 | ||
839 | if (GSS_ERROR(process_gssapi_token(ctxt, GSS_C_NO_BUFFER))) { | 837 | if (GSS_ERROR(process_gssapi_token(ctxt, GSS_C_NO_BUFFER))) { |
840 | /* Start again with next method on list */ | 838 | /* Start again with next method on list */ |
@@ -863,7 +861,7 @@ input_gssapi_token(int type, u_int32_t plen, void *ctxt) | |||
863 | 861 | ||
864 | status = process_gssapi_token(ctxt, &recv_tok); | 862 | status = process_gssapi_token(ctxt, &recv_tok); |
865 | 863 | ||
866 | xfree(recv_tok.value); | 864 | free(recv_tok.value); |
867 | 865 | ||
868 | if (GSS_ERROR(status)) { | 866 | if (GSS_ERROR(status)) { |
869 | /* Start again with the next method in the list */ | 867 | /* Start again with the next method in the list */ |
@@ -880,7 +878,7 @@ input_gssapi_errtok(int type, u_int32_t plen, void *ctxt) | |||
880 | Gssctxt *gssctxt; | 878 | Gssctxt *gssctxt; |
881 | gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER; | 879 | gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER; |
882 | gss_buffer_desc recv_tok; | 880 | gss_buffer_desc recv_tok; |
883 | OM_uint32 status, ms; | 881 | OM_uint32 ms; |
884 | u_int len; | 882 | u_int len; |
885 | 883 | ||
886 | if (authctxt == NULL) | 884 | if (authctxt == NULL) |
@@ -893,10 +891,10 @@ input_gssapi_errtok(int type, u_int32_t plen, void *ctxt) | |||
893 | packet_check_eom(); | 891 | packet_check_eom(); |
894 | 892 | ||
895 | /* Stick it into GSSAPI and see what it says */ | 893 | /* Stick it into GSSAPI and see what it says */ |
896 | status = ssh_gssapi_init_ctx(gssctxt, options.gss_deleg_creds, | 894 | (void)ssh_gssapi_init_ctx(gssctxt, options.gss_deleg_creds, |
897 | &recv_tok, &send_tok, NULL); | 895 | &recv_tok, &send_tok, NULL); |
898 | 896 | ||
899 | xfree(recv_tok.value); | 897 | free(recv_tok.value); |
900 | gss_release_buffer(&ms, &send_tok); | 898 | gss_release_buffer(&ms, &send_tok); |
901 | 899 | ||
902 | /* Server will be returning a failed packet after this one */ | 900 | /* Server will be returning a failed packet after this one */ |
@@ -906,20 +904,19 @@ input_gssapi_errtok(int type, u_int32_t plen, void *ctxt) | |||
906 | void | 904 | void |
907 | input_gssapi_error(int type, u_int32_t plen, void *ctxt) | 905 | input_gssapi_error(int type, u_int32_t plen, void *ctxt) |
908 | { | 906 | { |
909 | OM_uint32 maj, min; | ||
910 | char *msg; | 907 | char *msg; |
911 | char *lang; | 908 | char *lang; |
912 | 909 | ||
913 | maj=packet_get_int(); | 910 | /* maj */(void)packet_get_int(); |
914 | min=packet_get_int(); | 911 | /* min */(void)packet_get_int(); |
915 | msg=packet_get_string(NULL); | 912 | msg=packet_get_string(NULL); |
916 | lang=packet_get_string(NULL); | 913 | lang=packet_get_string(NULL); |
917 | 914 | ||
918 | packet_check_eom(); | 915 | packet_check_eom(); |
919 | 916 | ||
920 | debug("Server GSSAPI Error:\n%s", msg); | 917 | debug("Server GSSAPI Error:\n%s", msg); |
921 | xfree(msg); | 918 | free(msg); |
922 | xfree(lang); | 919 | free(lang); |
923 | } | 920 | } |
924 | 921 | ||
925 | int | 922 | int |
@@ -1002,7 +999,7 @@ userauth_passwd(Authctxt *authctxt) | |||
1002 | packet_put_char(0); | 999 | packet_put_char(0); |
1003 | packet_put_cstring(password); | 1000 | packet_put_cstring(password); |
1004 | memset(password, 0, strlen(password)); | 1001 | memset(password, 0, strlen(password)); |
1005 | xfree(password); | 1002 | free(password); |
1006 | packet_add_padding(64); | 1003 | packet_add_padding(64); |
1007 | packet_send(); | 1004 | packet_send(); |
1008 | 1005 | ||
@@ -1035,8 +1032,8 @@ input_userauth_passwd_changereq(int type, u_int32_t seqnr, void *ctxt) | |||
1035 | lang = packet_get_string(NULL); | 1032 | lang = packet_get_string(NULL); |
1036 | if (strlen(info) > 0) | 1033 | if (strlen(info) > 0) |
1037 | logit("%s", info); | 1034 | logit("%s", info); |
1038 | xfree(info); | 1035 | free(info); |
1039 | xfree(lang); | 1036 | free(lang); |
1040 | packet_start(SSH2_MSG_USERAUTH_REQUEST); | 1037 | packet_start(SSH2_MSG_USERAUTH_REQUEST); |
1041 | packet_put_cstring(authctxt->server_user); | 1038 | packet_put_cstring(authctxt->server_user); |
1042 | packet_put_cstring(authctxt->service); | 1039 | packet_put_cstring(authctxt->service); |
@@ -1048,7 +1045,7 @@ input_userauth_passwd_changereq(int type, u_int32_t seqnr, void *ctxt) | |||
1048 | password = read_passphrase(prompt, 0); | 1045 | password = read_passphrase(prompt, 0); |
1049 | packet_put_cstring(password); | 1046 | packet_put_cstring(password); |
1050 | memset(password, 0, strlen(password)); | 1047 | memset(password, 0, strlen(password)); |
1051 | xfree(password); | 1048 | free(password); |
1052 | password = NULL; | 1049 | password = NULL; |
1053 | while (password == NULL) { | 1050 | while (password == NULL) { |
1054 | snprintf(prompt, sizeof(prompt), | 1051 | snprintf(prompt, sizeof(prompt), |
@@ -1065,16 +1062,16 @@ input_userauth_passwd_changereq(int type, u_int32_t seqnr, void *ctxt) | |||
1065 | retype = read_passphrase(prompt, 0); | 1062 | retype = read_passphrase(prompt, 0); |
1066 | if (strcmp(password, retype) != 0) { | 1063 | if (strcmp(password, retype) != 0) { |
1067 | memset(password, 0, strlen(password)); | 1064 | memset(password, 0, strlen(password)); |
1068 | xfree(password); | 1065 | free(password); |
1069 | logit("Mismatch; try again, EOF to quit."); | 1066 | logit("Mismatch; try again, EOF to quit."); |
1070 | password = NULL; | 1067 | password = NULL; |
1071 | } | 1068 | } |
1072 | memset(retype, 0, strlen(retype)); | 1069 | memset(retype, 0, strlen(retype)); |
1073 | xfree(retype); | 1070 | free(retype); |
1074 | } | 1071 | } |
1075 | packet_put_cstring(password); | 1072 | packet_put_cstring(password); |
1076 | memset(password, 0, strlen(password)); | 1073 | memset(password, 0, strlen(password)); |
1077 | xfree(password); | 1074 | free(password); |
1078 | packet_add_padding(64); | 1075 | packet_add_padding(64); |
1079 | packet_send(); | 1076 | packet_send(); |
1080 | 1077 | ||
@@ -1129,13 +1126,13 @@ jpake_password_to_secret(Authctxt *authctxt, const char *crypt_scheme, | |||
1129 | 1126 | ||
1130 | bzero(password, strlen(password)); | 1127 | bzero(password, strlen(password)); |
1131 | bzero(crypted, strlen(crypted)); | 1128 | bzero(crypted, strlen(crypted)); |
1132 | xfree(password); | 1129 | free(password); |
1133 | xfree(crypted); | 1130 | free(crypted); |
1134 | 1131 | ||
1135 | if ((ret = BN_bin2bn(secret, secret_len, NULL)) == NULL) | 1132 | if ((ret = BN_bin2bn(secret, secret_len, NULL)) == NULL) |
1136 | fatal("%s: BN_bin2bn (secret)", __func__); | 1133 | fatal("%s: BN_bin2bn (secret)", __func__); |
1137 | bzero(secret, secret_len); | 1134 | bzero(secret, secret_len); |
1138 | xfree(secret); | 1135 | free(secret); |
1139 | 1136 | ||
1140 | return ret; | 1137 | return ret; |
1141 | } | 1138 | } |
@@ -1173,8 +1170,8 @@ input_userauth_jpake_server_step1(int type, u_int32_t seq, void *ctxt) | |||
1173 | pctx->s = jpake_password_to_secret(authctxt, crypt_scheme, salt); | 1170 | pctx->s = jpake_password_to_secret(authctxt, crypt_scheme, salt); |
1174 | bzero(crypt_scheme, strlen(crypt_scheme)); | 1171 | bzero(crypt_scheme, strlen(crypt_scheme)); |
1175 | bzero(salt, strlen(salt)); | 1172 | bzero(salt, strlen(salt)); |
1176 | xfree(crypt_scheme); | 1173 | free(crypt_scheme); |
1177 | xfree(salt); | 1174 | free(salt); |
1178 | JPAKE_DEBUG_BN((pctx->s, "%s: s = ", __func__)); | 1175 | JPAKE_DEBUG_BN((pctx->s, "%s: s = ", __func__)); |
1179 | 1176 | ||
1180 | /* Calculate step 2 values */ | 1177 | /* Calculate step 2 values */ |
@@ -1189,8 +1186,8 @@ input_userauth_jpake_server_step1(int type, u_int32_t seq, void *ctxt) | |||
1189 | 1186 | ||
1190 | bzero(x3_proof, x3_proof_len); | 1187 | bzero(x3_proof, x3_proof_len); |
1191 | bzero(x4_proof, x4_proof_len); | 1188 | bzero(x4_proof, x4_proof_len); |
1192 | xfree(x3_proof); | 1189 | free(x3_proof); |
1193 | xfree(x4_proof); | 1190 | free(x4_proof); |
1194 | 1191 | ||
1195 | JPAKE_DEBUG_CTX((pctx, "step 2 sending in %s", __func__)); | 1192 | JPAKE_DEBUG_CTX((pctx, "step 2 sending in %s", __func__)); |
1196 | 1193 | ||
@@ -1201,7 +1198,7 @@ input_userauth_jpake_server_step1(int type, u_int32_t seq, void *ctxt) | |||
1201 | packet_send(); | 1198 | packet_send(); |
1202 | 1199 | ||
1203 | bzero(x2_s_proof, x2_s_proof_len); | 1200 | bzero(x2_s_proof, x2_s_proof_len); |
1204 | xfree(x2_s_proof); | 1201 | free(x2_s_proof); |
1205 | 1202 | ||
1206 | /* Expect step 2 packet from peer */ | 1203 | /* Expect step 2 packet from peer */ |
1207 | dispatch_set(SSH2_MSG_USERAUTH_JPAKE_SERVER_STEP2, | 1204 | dispatch_set(SSH2_MSG_USERAUTH_JPAKE_SERVER_STEP2, |
@@ -1241,7 +1238,7 @@ input_userauth_jpake_server_step2(int type, u_int32_t seq, void *ctxt) | |||
1241 | &pctx->h_k_cid_sessid, &pctx->h_k_cid_sessid_len); | 1238 | &pctx->h_k_cid_sessid, &pctx->h_k_cid_sessid_len); |
1242 | 1239 | ||
1243 | bzero(x4_s_proof, x4_s_proof_len); | 1240 | bzero(x4_s_proof, x4_s_proof_len); |
1244 | xfree(x4_s_proof); | 1241 | free(x4_s_proof); |
1245 | 1242 | ||
1246 | JPAKE_DEBUG_CTX((pctx, "confirm sending in %s", __func__)); | 1243 | JPAKE_DEBUG_CTX((pctx, "confirm sending in %s", __func__)); |
1247 | 1244 | ||
@@ -1323,7 +1320,7 @@ sign_and_send_pubkey(Authctxt *authctxt, Identity *id) | |||
1323 | 1320 | ||
1324 | fp = key_fingerprint(id->key, SSH_FP_MD5, SSH_FP_HEX); | 1321 | fp = key_fingerprint(id->key, SSH_FP_MD5, SSH_FP_HEX); |
1325 | debug3("sign_and_send_pubkey: %s %s", key_type(id->key), fp); | 1322 | debug3("sign_and_send_pubkey: %s %s", key_type(id->key), fp); |
1326 | xfree(fp); | 1323 | free(fp); |
1327 | 1324 | ||
1328 | if (key_to_blob(id->key, &blob, &bloblen) == 0) { | 1325 | if (key_to_blob(id->key, &blob, &bloblen) == 0) { |
1329 | /* we cannot handle this key */ | 1326 | /* we cannot handle this key */ |
@@ -1358,7 +1355,7 @@ sign_and_send_pubkey(Authctxt *authctxt, Identity *id) | |||
1358 | ret = identity_sign(id, &signature, &slen, | 1355 | ret = identity_sign(id, &signature, &slen, |
1359 | buffer_ptr(&b), buffer_len(&b)); | 1356 | buffer_ptr(&b), buffer_len(&b)); |
1360 | if (ret == -1) { | 1357 | if (ret == -1) { |
1361 | xfree(blob); | 1358 | free(blob); |
1362 | buffer_free(&b); | 1359 | buffer_free(&b); |
1363 | return 0; | 1360 | return 0; |
1364 | } | 1361 | } |
@@ -1378,11 +1375,11 @@ sign_and_send_pubkey(Authctxt *authctxt, Identity *id) | |||
1378 | buffer_put_cstring(&b, key_ssh_name(id->key)); | 1375 | buffer_put_cstring(&b, key_ssh_name(id->key)); |
1379 | buffer_put_string(&b, blob, bloblen); | 1376 | buffer_put_string(&b, blob, bloblen); |
1380 | } | 1377 | } |
1381 | xfree(blob); | 1378 | free(blob); |
1382 | 1379 | ||
1383 | /* append signature */ | 1380 | /* append signature */ |
1384 | buffer_put_string(&b, signature, slen); | 1381 | buffer_put_string(&b, signature, slen); |
1385 | xfree(signature); | 1382 | free(signature); |
1386 | 1383 | ||
1387 | /* skip session id and packet type */ | 1384 | /* skip session id and packet type */ |
1388 | if (buffer_len(&b) < skip + 1) | 1385 | if (buffer_len(&b) < skip + 1) |
@@ -1422,7 +1419,7 @@ send_pubkey_test(Authctxt *authctxt, Identity *id) | |||
1422 | if (!(datafellows & SSH_BUG_PKAUTH)) | 1419 | if (!(datafellows & SSH_BUG_PKAUTH)) |
1423 | packet_put_cstring(key_ssh_name(id->key)); | 1420 | packet_put_cstring(key_ssh_name(id->key)); |
1424 | packet_put_string(blob, bloblen); | 1421 | packet_put_string(blob, bloblen); |
1425 | xfree(blob); | 1422 | free(blob); |
1426 | packet_send(); | 1423 | packet_send(); |
1427 | return 1; | 1424 | return 1; |
1428 | } | 1425 | } |
@@ -1441,8 +1438,11 @@ load_identity_file(char *filename, int userprovided) | |||
1441 | return NULL; | 1438 | return NULL; |
1442 | } | 1439 | } |
1443 | private = key_load_private_type(KEY_UNSPEC, filename, "", NULL, &perm_ok); | 1440 | private = key_load_private_type(KEY_UNSPEC, filename, "", NULL, &perm_ok); |
1444 | if (!perm_ok) | 1441 | if (!perm_ok) { |
1442 | if (private != NULL) | ||
1443 | key_free(private); | ||
1445 | return NULL; | 1444 | return NULL; |
1445 | } | ||
1446 | if (private == NULL) { | 1446 | if (private == NULL) { |
1447 | if (options.batch_mode) | 1447 | if (options.batch_mode) |
1448 | return NULL; | 1448 | return NULL; |
@@ -1459,7 +1459,7 @@ load_identity_file(char *filename, int userprovided) | |||
1459 | quit = 1; | 1459 | quit = 1; |
1460 | } | 1460 | } |
1461 | memset(passphrase, 0, strlen(passphrase)); | 1461 | memset(passphrase, 0, strlen(passphrase)); |
1462 | xfree(passphrase); | 1462 | free(passphrase); |
1463 | if (private != NULL || quit) | 1463 | if (private != NULL || quit) |
1464 | break; | 1464 | break; |
1465 | debug2("bad passphrase given, try again..."); | 1465 | debug2("bad passphrase given, try again..."); |
@@ -1522,7 +1522,7 @@ pubkey_prepare(Authctxt *authctxt) | |||
1522 | /* If IdentitiesOnly set and key not found then don't use it */ | 1522 | /* If IdentitiesOnly set and key not found then don't use it */ |
1523 | if (!found && options.identities_only) { | 1523 | if (!found && options.identities_only) { |
1524 | TAILQ_REMOVE(&files, id, next); | 1524 | TAILQ_REMOVE(&files, id, next); |
1525 | bzero(id, sizeof(id)); | 1525 | bzero(id, sizeof(*id)); |
1526 | free(id); | 1526 | free(id); |
1527 | } | 1527 | } |
1528 | } | 1528 | } |
@@ -1536,7 +1536,7 @@ pubkey_prepare(Authctxt *authctxt) | |||
1536 | /* agent keys from the config file are preferred */ | 1536 | /* agent keys from the config file are preferred */ |
1537 | if (key_equal(key, id->key)) { | 1537 | if (key_equal(key, id->key)) { |
1538 | key_free(key); | 1538 | key_free(key); |
1539 | xfree(comment); | 1539 | free(comment); |
1540 | TAILQ_REMOVE(&files, id, next); | 1540 | TAILQ_REMOVE(&files, id, next); |
1541 | TAILQ_INSERT_TAIL(preferred, id, next); | 1541 | TAILQ_INSERT_TAIL(preferred, id, next); |
1542 | id->ac = ac; | 1542 | id->ac = ac; |
@@ -1582,9 +1582,8 @@ pubkey_cleanup(Authctxt *authctxt) | |||
1582 | TAILQ_REMOVE(&authctxt->keys, id, next); | 1582 | TAILQ_REMOVE(&authctxt->keys, id, next); |
1583 | if (id->key) | 1583 | if (id->key) |
1584 | key_free(id->key); | 1584 | key_free(id->key); |
1585 | if (id->filename) | 1585 | free(id->filename); |
1586 | xfree(id->filename); | 1586 | free(id); |
1587 | xfree(id); | ||
1588 | } | 1587 | } |
1589 | } | 1588 | } |
1590 | 1589 | ||
@@ -1682,9 +1681,9 @@ input_userauth_info_req(int type, u_int32_t seq, void *ctxt) | |||
1682 | logit("%s", name); | 1681 | logit("%s", name); |
1683 | if (strlen(inst) > 0) | 1682 | if (strlen(inst) > 0) |
1684 | logit("%s", inst); | 1683 | logit("%s", inst); |
1685 | xfree(name); | 1684 | free(name); |
1686 | xfree(inst); | 1685 | free(inst); |
1687 | xfree(lang); | 1686 | free(lang); |
1688 | 1687 | ||
1689 | num_prompts = packet_get_int(); | 1688 | num_prompts = packet_get_int(); |
1690 | /* | 1689 | /* |
@@ -1705,8 +1704,8 @@ input_userauth_info_req(int type, u_int32_t seq, void *ctxt) | |||
1705 | 1704 | ||
1706 | packet_put_cstring(response); | 1705 | packet_put_cstring(response); |
1707 | memset(response, 0, strlen(response)); | 1706 | memset(response, 0, strlen(response)); |
1708 | xfree(response); | 1707 | free(response); |
1709 | xfree(prompt); | 1708 | free(prompt); |
1710 | } | 1709 | } |
1711 | packet_check_eom(); /* done with parsing incoming message. */ | 1710 | packet_check_eom(); /* done with parsing incoming message. */ |
1712 | 1711 | ||
@@ -1826,12 +1825,12 @@ userauth_hostbased(Authctxt *authctxt) | |||
1826 | if (p == NULL) { | 1825 | if (p == NULL) { |
1827 | error("userauth_hostbased: cannot get local ipaddr/name"); | 1826 | error("userauth_hostbased: cannot get local ipaddr/name"); |
1828 | key_free(private); | 1827 | key_free(private); |
1829 | xfree(blob); | 1828 | free(blob); |
1830 | return 0; | 1829 | return 0; |
1831 | } | 1830 | } |
1832 | xasprintf(&chost, "%s.", p); | 1831 | xasprintf(&chost, "%s.", p); |
1833 | debug2("userauth_hostbased: chost %s", chost); | 1832 | debug2("userauth_hostbased: chost %s", chost); |
1834 | xfree(p); | 1833 | free(p); |
1835 | 1834 | ||
1836 | service = datafellows & SSH_BUG_HBSERVICE ? "ssh-userauth" : | 1835 | service = datafellows & SSH_BUG_HBSERVICE ? "ssh-userauth" : |
1837 | authctxt->service; | 1836 | authctxt->service; |
@@ -1860,9 +1859,9 @@ userauth_hostbased(Authctxt *authctxt) | |||
1860 | buffer_free(&b); | 1859 | buffer_free(&b); |
1861 | if (ok != 0) { | 1860 | if (ok != 0) { |
1862 | error("key_sign failed"); | 1861 | error("key_sign failed"); |
1863 | xfree(chost); | 1862 | free(chost); |
1864 | xfree(pkalg); | 1863 | free(pkalg); |
1865 | xfree(blob); | 1864 | free(blob); |
1866 | return 0; | 1865 | return 0; |
1867 | } | 1866 | } |
1868 | packet_start(SSH2_MSG_USERAUTH_REQUEST); | 1867 | packet_start(SSH2_MSG_USERAUTH_REQUEST); |
@@ -1875,10 +1874,10 @@ userauth_hostbased(Authctxt *authctxt) | |||
1875 | packet_put_cstring(authctxt->local_user); | 1874 | packet_put_cstring(authctxt->local_user); |
1876 | packet_put_string(signature, slen); | 1875 | packet_put_string(signature, slen); |
1877 | memset(signature, 's', slen); | 1876 | memset(signature, 's', slen); |
1878 | xfree(signature); | 1877 | free(signature); |
1879 | xfree(chost); | 1878 | free(chost); |
1880 | xfree(pkalg); | 1879 | free(pkalg); |
1881 | xfree(blob); | 1880 | free(blob); |
1882 | 1881 | ||
1883 | packet_send(); | 1882 | packet_send(); |
1884 | return 1; | 1883 | return 1; |
@@ -1933,8 +1932,8 @@ userauth_jpake(Authctxt *authctxt) | |||
1933 | 1932 | ||
1934 | bzero(x1_proof, x1_proof_len); | 1933 | bzero(x1_proof, x1_proof_len); |
1935 | bzero(x2_proof, x2_proof_len); | 1934 | bzero(x2_proof, x2_proof_len); |
1936 | xfree(x1_proof); | 1935 | free(x1_proof); |
1937 | xfree(x2_proof); | 1936 | free(x2_proof); |
1938 | 1937 | ||
1939 | /* Expect step 1 packet from peer */ | 1938 | /* Expect step 1 packet from peer */ |
1940 | dispatch_set(SSH2_MSG_USERAUTH_JPAKE_SERVER_STEP1, | 1939 | dispatch_set(SSH2_MSG_USERAUTH_JPAKE_SERVER_STEP1, |
@@ -2011,8 +2010,7 @@ authmethod_get(char *authlist) | |||
2011 | 2010 | ||
2012 | if (supported == NULL || strcmp(authlist, supported) != 0) { | 2011 | if (supported == NULL || strcmp(authlist, supported) != 0) { |
2013 | debug3("start over, passed a different list %s", authlist); | 2012 | debug3("start over, passed a different list %s", authlist); |
2014 | if (supported != NULL) | 2013 | free(supported); |
2015 | xfree(supported); | ||
2016 | supported = xstrdup(authlist); | 2014 | supported = xstrdup(authlist); |
2017 | preferred = options.preferred_authentications; | 2015 | preferred = options.preferred_authentications; |
2018 | debug3("preferred %s", preferred); | 2016 | debug3("preferred %s", preferred); |
@@ -2033,9 +2031,10 @@ authmethod_get(char *authlist) | |||
2033 | authmethod_is_enabled(current)) { | 2031 | authmethod_is_enabled(current)) { |
2034 | debug3("authmethod_is_enabled %s", name); | 2032 | debug3("authmethod_is_enabled %s", name); |
2035 | debug("Next authentication method: %s", name); | 2033 | debug("Next authentication method: %s", name); |
2036 | xfree(name); | 2034 | free(name); |
2037 | return current; | 2035 | return current; |
2038 | } | 2036 | } |
2037 | free(name); | ||
2039 | } | 2038 | } |
2040 | } | 2039 | } |
2041 | 2040 | ||
@@ -5,8 +5,9 @@ NAME | |||
5 | 5 | ||
6 | SYNOPSIS | 6 | SYNOPSIS |
7 | sshd [-46DdeiqTt] [-b bits] [-C connection_spec] | 7 | sshd [-46DdeiqTt] [-b bits] [-C connection_spec] |
8 | [-c host_certificate_file] [-f config_file] [-g login_grace_time] | 8 | [-c host_certificate_file] [-E log_file] [-f config_file] |
9 | [-h host_key_file] [-k key_gen_time] [-o option] [-p port] [-u len] | 9 | [-g login_grace_time] [-h host_key_file] [-k key_gen_time] |
10 | [-o option] [-p port] [-u len] | ||
10 | 11 | ||
11 | DESCRIPTION | 12 | DESCRIPTION |
12 | sshd (OpenSSH Daemon) is the daemon program for ssh(1). Together these | 13 | sshd (OpenSSH Daemon) is the daemon program for ssh(1). Together these |
@@ -60,8 +61,10 @@ DESCRIPTION | |||
60 | option is only intended for debugging for the server. Multiple | 61 | option is only intended for debugging for the server. Multiple |
61 | -d options increase the debugging level. Maximum is 3. | 62 | -d options increase the debugging level. Maximum is 3. |
62 | 63 | ||
63 | -e When this option is specified, sshd will send the output to the | 64 | -E log_file |
64 | standard error instead of the system log. | 65 | Append debug logs to log_file instead of the system log. |
66 | |||
67 | -e Write debug logs to standard error instead of the system log. | ||
65 | 68 | ||
66 | -f config_file | 69 | -f config_file |
67 | Specifies the name of the configuration file. The default is | 70 | Specifies the name of the configuration file. The default is |
@@ -634,4 +637,4 @@ CAVEATS | |||
634 | System security is not improved unless rshd, rlogind, and rexecd are | 637 | System security is not improved unless rshd, rlogind, and rexecd are |
635 | disabled (thus completely disabling rlogin and rsh into the machine). | 638 | disabled (thus completely disabling rlogin and rsh into the machine). |
636 | 639 | ||
637 | OpenBSD 5.3 October 4, 2012 OpenBSD 5.3 | 640 | OpenBSD 5.4 June 27, 2013 OpenBSD 5.4 |
@@ -33,8 +33,8 @@ | |||
33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
35 | .\" | 35 | .\" |
36 | .\" $OpenBSD: sshd.8,v 1.267 2012/10/04 13:21:50 markus Exp $ | 36 | .\" $OpenBSD: sshd.8,v 1.270 2013/06/27 14:05:37 jmc Exp $ |
37 | .Dd $Mdocdate: October 4 2012 $ | 37 | .Dd $Mdocdate: June 27 2013 $ |
38 | .Dt SSHD 8 | 38 | .Dt SSHD 8 |
39 | .Os | 39 | .Os |
40 | .Sh NAME | 40 | .Sh NAME |
@@ -47,6 +47,7 @@ | |||
47 | .Op Fl b Ar bits | 47 | .Op Fl b Ar bits |
48 | .Op Fl C Ar connection_spec | 48 | .Op Fl C Ar connection_spec |
49 | .Op Fl c Ar host_certificate_file | 49 | .Op Fl c Ar host_certificate_file |
50 | .Op Fl E Ar log_file | ||
50 | .Op Fl f Ar config_file | 51 | .Op Fl f Ar config_file |
51 | .Op Fl g Ar login_grace_time | 52 | .Op Fl g Ar login_grace_time |
52 | .Op Fl h Ar host_key_file | 53 | .Op Fl h Ar host_key_file |
@@ -146,10 +147,12 @@ Multiple | |||
146 | .Fl d | 147 | .Fl d |
147 | options increase the debugging level. | 148 | options increase the debugging level. |
148 | Maximum is 3. | 149 | Maximum is 3. |
150 | .It Fl E Ar log_file | ||
151 | Append debug logs to | ||
152 | .Ar log_file | ||
153 | instead of the system log. | ||
149 | .It Fl e | 154 | .It Fl e |
150 | When this option is specified, | 155 | Write debug logs to standard error instead of the system log. |
151 | .Nm | ||
152 | will send the output to the standard error instead of the system log. | ||
153 | .It Fl f Ar config_file | 156 | .It Fl f Ar config_file |
154 | Specifies the name of the configuration file. | 157 | Specifies the name of the configuration file. |
155 | The default is | 158 | The default is |
@@ -564,9 +567,7 @@ is enabled. | |||
564 | Specifies that in addition to public key authentication, either the canonical | 567 | Specifies that in addition to public key authentication, either the canonical |
565 | name of the remote host or its IP address must be present in the | 568 | name of the remote host or its IP address must be present in the |
566 | comma-separated list of patterns. | 569 | comma-separated list of patterns. |
567 | See | 570 | See PATTERNS in |
568 | .Sx PATTERNS | ||
569 | in | ||
570 | .Xr ssh_config 5 | 571 | .Xr ssh_config 5 |
571 | for more information on patterns. | 572 | for more information on patterns. |
572 | .Pp | 573 | .Pp |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshd.c,v 1.397 2013/02/11 21:21:58 dtucker Exp $ */ | 1 | /* $OpenBSD: sshd.c,v 1.404 2013/07/19 07:37:48 markus Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -106,6 +106,7 @@ | |||
106 | #include "canohost.h" | 106 | #include "canohost.h" |
107 | #include "hostfile.h" | 107 | #include "hostfile.h" |
108 | #include "auth.h" | 108 | #include "auth.h" |
109 | #include "authfd.h" | ||
109 | #include "misc.h" | 110 | #include "misc.h" |
110 | #include "msg.h" | 111 | #include "msg.h" |
111 | #include "dispatch.h" | 112 | #include "dispatch.h" |
@@ -198,6 +199,10 @@ char *server_version_string = NULL; | |||
198 | /* for rekeying XXX fixme */ | 199 | /* for rekeying XXX fixme */ |
199 | Kex *xxx_kex; | 200 | Kex *xxx_kex; |
200 | 201 | ||
202 | /* Daemon's agent connection */ | ||
203 | AuthenticationConnection *auth_conn = NULL; | ||
204 | int have_agent = 0; | ||
205 | |||
201 | /* | 206 | /* |
202 | * Any really sensitive data in the application is contained in this | 207 | * Any really sensitive data in the application is contained in this |
203 | * structure. The idea is that this structure could be locked into memory so | 208 | * structure. The idea is that this structure could be locked into memory so |
@@ -210,6 +215,7 @@ struct { | |||
210 | Key *server_key; /* ephemeral server key */ | 215 | Key *server_key; /* ephemeral server key */ |
211 | Key *ssh1_host_key; /* ssh1 host key */ | 216 | Key *ssh1_host_key; /* ssh1 host key */ |
212 | Key **host_keys; /* all private host keys */ | 217 | Key **host_keys; /* all private host keys */ |
218 | Key **host_pubkeys; /* all public host keys */ | ||
213 | Key **host_certificates; /* all public host certificates */ | 219 | Key **host_certificates; /* all public host certificates */ |
214 | int have_ssh1_key; | 220 | int have_ssh1_key; |
215 | int have_ssh2_key; | 221 | int have_ssh2_key; |
@@ -657,6 +663,8 @@ privsep_preauth(Authctxt *authctxt) | |||
657 | debug2("Network child is on pid %ld", (long)pid); | 663 | debug2("Network child is on pid %ld", (long)pid); |
658 | 664 | ||
659 | pmonitor->m_pid = pid; | 665 | pmonitor->m_pid = pid; |
666 | if (have_agent) | ||
667 | auth_conn = ssh_get_authentication_connection(); | ||
660 | if (box != NULL) | 668 | if (box != NULL) |
661 | ssh_sandbox_parent_preauth(box, pid); | 669 | ssh_sandbox_parent_preauth(box, pid); |
662 | monitor_child_preauth(authctxt, pmonitor); | 670 | monitor_child_preauth(authctxt, pmonitor); |
@@ -771,6 +779,8 @@ list_hostkey_types(void) | |||
771 | for (i = 0; i < options.num_host_key_files; i++) { | 779 | for (i = 0; i < options.num_host_key_files; i++) { |
772 | key = sensitive_data.host_keys[i]; | 780 | key = sensitive_data.host_keys[i]; |
773 | if (key == NULL) | 781 | if (key == NULL) |
782 | key = sensitive_data.host_pubkeys[i]; | ||
783 | if (key == NULL) | ||
774 | continue; | 784 | continue; |
775 | switch (key->type) { | 785 | switch (key->type) { |
776 | case KEY_RSA: | 786 | case KEY_RSA: |
@@ -823,6 +833,8 @@ get_hostkey_by_type(int type, int need_private) | |||
823 | break; | 833 | break; |
824 | default: | 834 | default: |
825 | key = sensitive_data.host_keys[i]; | 835 | key = sensitive_data.host_keys[i]; |
836 | if (key == NULL && !need_private) | ||
837 | key = sensitive_data.host_pubkeys[i]; | ||
826 | break; | 838 | break; |
827 | } | 839 | } |
828 | if (key != NULL && key->type == type) | 840 | if (key != NULL && key->type == type) |
@@ -852,6 +864,14 @@ get_hostkey_by_index(int ind) | |||
852 | return (sensitive_data.host_keys[ind]); | 864 | return (sensitive_data.host_keys[ind]); |
853 | } | 865 | } |
854 | 866 | ||
867 | Key * | ||
868 | get_hostkey_public_by_index(int ind) | ||
869 | { | ||
870 | if (ind < 0 || ind >= options.num_host_key_files) | ||
871 | return (NULL); | ||
872 | return (sensitive_data.host_pubkeys[ind]); | ||
873 | } | ||
874 | |||
855 | int | 875 | int |
856 | get_hostkey_index(Key *key) | 876 | get_hostkey_index(Key *key) |
857 | { | 877 | { |
@@ -864,6 +884,8 @@ get_hostkey_index(Key *key) | |||
864 | } else { | 884 | } else { |
865 | if (key == sensitive_data.host_keys[i]) | 885 | if (key == sensitive_data.host_keys[i]) |
866 | return (i); | 886 | return (i); |
887 | if (key == sensitive_data.host_pubkeys[i]) | ||
888 | return (i); | ||
867 | } | 889 | } |
868 | } | 890 | } |
869 | return (-1); | 891 | return (-1); |
@@ -904,8 +926,9 @@ usage(void) | |||
904 | SSH_RELEASE, SSLeay_version(SSLEAY_VERSION)); | 926 | SSH_RELEASE, SSLeay_version(SSLEAY_VERSION)); |
905 | fprintf(stderr, | 927 | fprintf(stderr, |
906 | "usage: sshd [-46DdeiqTt] [-b bits] [-C connection_spec] [-c host_cert_file]\n" | 928 | "usage: sshd [-46DdeiqTt] [-b bits] [-C connection_spec] [-c host_cert_file]\n" |
907 | " [-f config_file] [-g login_grace_time] [-h host_key_file]\n" | 929 | " [-E log_file] [-f config_file] [-g login_grace_time]\n" |
908 | " [-k key_gen_time] [-o option] [-p port] [-u len]\n" | 930 | " [-h host_key_file] [-k key_gen_time] [-o option] [-p port]\n" |
931 | " [-u len]\n" | ||
909 | ); | 932 | ); |
910 | exit(1); | 933 | exit(1); |
911 | } | 934 | } |
@@ -976,7 +999,7 @@ recv_rexec_state(int fd, Buffer *conf) | |||
976 | cp = buffer_get_string(&m, &len); | 999 | cp = buffer_get_string(&m, &len); |
977 | if (conf != NULL) | 1000 | if (conf != NULL) |
978 | buffer_append(conf, cp, len + 1); | 1001 | buffer_append(conf, cp, len + 1); |
979 | xfree(cp); | 1002 | free(cp); |
980 | 1003 | ||
981 | if (buffer_get_int(&m)) { | 1004 | if (buffer_get_int(&m)) { |
982 | if (sensitive_data.server_key != NULL) | 1005 | if (sensitive_data.server_key != NULL) |
@@ -1027,7 +1050,9 @@ server_accept_inetd(int *sock_in, int *sock_out) | |||
1027 | if ((fd = open(_PATH_DEVNULL, O_RDWR, 0)) != -1) { | 1050 | if ((fd = open(_PATH_DEVNULL, O_RDWR, 0)) != -1) { |
1028 | dup2(fd, STDIN_FILENO); | 1051 | dup2(fd, STDIN_FILENO); |
1029 | dup2(fd, STDOUT_FILENO); | 1052 | dup2(fd, STDOUT_FILENO); |
1030 | if (fd > STDOUT_FILENO) | 1053 | if (!log_stderr) |
1054 | dup2(fd, STDERR_FILENO); | ||
1055 | if (fd > (log_stderr ? STDERR_FILENO : STDOUT_FILENO)) | ||
1031 | close(fd); | 1056 | close(fd); |
1032 | } | 1057 | } |
1033 | debug("inetd sockets after dupping: %d, %d", *sock_in, *sock_out); | 1058 | debug("inetd sockets after dupping: %d, %d", *sock_in, *sock_out); |
@@ -1138,7 +1163,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s) | |||
1138 | if (received_sighup) | 1163 | if (received_sighup) |
1139 | sighup_restart(); | 1164 | sighup_restart(); |
1140 | if (fdset != NULL) | 1165 | if (fdset != NULL) |
1141 | xfree(fdset); | 1166 | free(fdset); |
1142 | fdset = (fd_set *)xcalloc(howmany(maxfd + 1, NFDBITS), | 1167 | fdset = (fd_set *)xcalloc(howmany(maxfd + 1, NFDBITS), |
1143 | sizeof(fd_mask)); | 1168 | sizeof(fd_mask)); |
1144 | 1169 | ||
@@ -1187,8 +1212,8 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s) | |||
1187 | *newsock = accept(listen_socks[i], | 1212 | *newsock = accept(listen_socks[i], |
1188 | (struct sockaddr *)&from, &fromlen); | 1213 | (struct sockaddr *)&from, &fromlen); |
1189 | if (*newsock < 0) { | 1214 | if (*newsock < 0) { |
1190 | if (errno != EINTR && errno != EAGAIN && | 1215 | if (errno != EINTR && errno != EWOULDBLOCK && |
1191 | errno != EWOULDBLOCK) | 1216 | errno != ECONNABORTED && errno != EAGAIN) |
1192 | error("accept: %.100s", | 1217 | error("accept: %.100s", |
1193 | strerror(errno)); | 1218 | strerror(errno)); |
1194 | if (errno == EMFILE || errno == ENFILE) | 1219 | if (errno == EMFILE || errno == ENFILE) |
@@ -1339,12 +1364,14 @@ main(int ac, char **av) | |||
1339 | int sock_in = -1, sock_out = -1, newsock = -1; | 1364 | int sock_in = -1, sock_out = -1, newsock = -1; |
1340 | const char *remote_ip; | 1365 | const char *remote_ip; |
1341 | int remote_port; | 1366 | int remote_port; |
1342 | char *line; | 1367 | char *line, *logfile = NULL; |
1343 | int config_s[2] = { -1 , -1 }; | 1368 | int config_s[2] = { -1 , -1 }; |
1344 | u_int n; | 1369 | u_int n; |
1345 | u_int64_t ibytes, obytes; | 1370 | u_int64_t ibytes, obytes; |
1346 | mode_t new_umask; | 1371 | mode_t new_umask; |
1347 | Key *key; | 1372 | Key *key; |
1373 | Key *pubkey; | ||
1374 | int keytype; | ||
1348 | Authctxt *authctxt; | 1375 | Authctxt *authctxt; |
1349 | struct connection_info *connection_info = get_connection_info(0, 0); | 1376 | struct connection_info *connection_info = get_connection_info(0, 0); |
1350 | 1377 | ||
@@ -1377,7 +1404,7 @@ main(int ac, char **av) | |||
1377 | initialize_server_options(&options); | 1404 | initialize_server_options(&options); |
1378 | 1405 | ||
1379 | /* Parse command-line arguments. */ | 1406 | /* Parse command-line arguments. */ |
1380 | while ((opt = getopt(ac, av, "f:p:b:k:h:g:u:o:C:dDeiqrtQRT46")) != -1) { | 1407 | while ((opt = getopt(ac, av, "f:p:b:k:h:g:u:o:C:dDeE:iqrtQRT46")) != -1) { |
1381 | switch (opt) { | 1408 | switch (opt) { |
1382 | case '4': | 1409 | case '4': |
1383 | options.address_family = AF_INET; | 1410 | options.address_family = AF_INET; |
@@ -1406,6 +1433,9 @@ main(int ac, char **av) | |||
1406 | case 'D': | 1433 | case 'D': |
1407 | no_daemon_flag = 1; | 1434 | no_daemon_flag = 1; |
1408 | break; | 1435 | break; |
1436 | case 'E': | ||
1437 | logfile = xstrdup(optarg); | ||
1438 | /* FALLTHROUGH */ | ||
1409 | case 'e': | 1439 | case 'e': |
1410 | log_stderr = 1; | 1440 | log_stderr = 1; |
1411 | break; | 1441 | break; |
@@ -1484,7 +1514,7 @@ main(int ac, char **av) | |||
1484 | if (process_server_config_line(&options, line, | 1514 | if (process_server_config_line(&options, line, |
1485 | "command-line", 0, NULL, NULL) != 0) | 1515 | "command-line", 0, NULL, NULL) != 0) |
1486 | exit(1); | 1516 | exit(1); |
1487 | xfree(line); | 1517 | free(line); |
1488 | break; | 1518 | break; |
1489 | case '?': | 1519 | case '?': |
1490 | default: | 1520 | default: |
@@ -1503,6 +1533,11 @@ main(int ac, char **av) | |||
1503 | 1533 | ||
1504 | OpenSSL_add_all_algorithms(); | 1534 | OpenSSL_add_all_algorithms(); |
1505 | 1535 | ||
1536 | /* If requested, redirect the logs to the specified logfile. */ | ||
1537 | if (logfile != NULL) { | ||
1538 | log_redirect_stderr_to(logfile); | ||
1539 | free(logfile); | ||
1540 | } | ||
1506 | /* | 1541 | /* |
1507 | * Force logging to stderr until we have loaded the private host | 1542 | * Force logging to stderr until we have loaded the private host |
1508 | * key (unless started from inetd) | 1543 | * key (unless started from inetd) |
@@ -1611,27 +1646,50 @@ main(int ac, char **av) | |||
1611 | } else { | 1646 | } else { |
1612 | memset(privsep_pw->pw_passwd, 0, strlen(privsep_pw->pw_passwd)); | 1647 | memset(privsep_pw->pw_passwd, 0, strlen(privsep_pw->pw_passwd)); |
1613 | privsep_pw = pwcopy(privsep_pw); | 1648 | privsep_pw = pwcopy(privsep_pw); |
1614 | xfree(privsep_pw->pw_passwd); | 1649 | free(privsep_pw->pw_passwd); |
1615 | privsep_pw->pw_passwd = xstrdup("*"); | 1650 | privsep_pw->pw_passwd = xstrdup("*"); |
1616 | } | 1651 | } |
1617 | endpwent(); | 1652 | endpwent(); |
1618 | 1653 | ||
1619 | /* load private host keys */ | 1654 | /* load host keys */ |
1620 | sensitive_data.host_keys = xcalloc(options.num_host_key_files, | 1655 | sensitive_data.host_keys = xcalloc(options.num_host_key_files, |
1621 | sizeof(Key *)); | 1656 | sizeof(Key *)); |
1622 | for (i = 0; i < options.num_host_key_files; i++) | 1657 | sensitive_data.host_pubkeys = xcalloc(options.num_host_key_files, |
1658 | sizeof(Key *)); | ||
1659 | for (i = 0; i < options.num_host_key_files; i++) { | ||
1623 | sensitive_data.host_keys[i] = NULL; | 1660 | sensitive_data.host_keys[i] = NULL; |
1661 | sensitive_data.host_pubkeys[i] = NULL; | ||
1662 | } | ||
1663 | |||
1664 | if (options.host_key_agent) { | ||
1665 | if (strcmp(options.host_key_agent, SSH_AUTHSOCKET_ENV_NAME)) | ||
1666 | setenv(SSH_AUTHSOCKET_ENV_NAME, | ||
1667 | options.host_key_agent, 1); | ||
1668 | have_agent = ssh_agent_present(); | ||
1669 | } | ||
1624 | 1670 | ||
1625 | for (i = 0; i < options.num_host_key_files; i++) { | 1671 | for (i = 0; i < options.num_host_key_files; i++) { |
1626 | key = key_load_private(options.host_key_files[i], "", NULL); | 1672 | key = key_load_private(options.host_key_files[i], "", NULL); |
1673 | pubkey = key_load_public(options.host_key_files[i], NULL); | ||
1627 | sensitive_data.host_keys[i] = key; | 1674 | sensitive_data.host_keys[i] = key; |
1628 | if (key == NULL) { | 1675 | sensitive_data.host_pubkeys[i] = pubkey; |
1676 | |||
1677 | if (key == NULL && pubkey != NULL && pubkey->type != KEY_RSA1 && | ||
1678 | have_agent) { | ||
1679 | debug("will rely on agent for hostkey %s", | ||
1680 | options.host_key_files[i]); | ||
1681 | keytype = pubkey->type; | ||
1682 | } else if (key != NULL) { | ||
1683 | keytype = key->type; | ||
1684 | } else { | ||
1629 | error("Could not load host key: %s", | 1685 | error("Could not load host key: %s", |
1630 | options.host_key_files[i]); | 1686 | options.host_key_files[i]); |
1631 | sensitive_data.host_keys[i] = NULL; | 1687 | sensitive_data.host_keys[i] = NULL; |
1688 | sensitive_data.host_pubkeys[i] = NULL; | ||
1632 | continue; | 1689 | continue; |
1633 | } | 1690 | } |
1634 | switch (key->type) { | 1691 | |
1692 | switch (keytype) { | ||
1635 | case KEY_RSA1: | 1693 | case KEY_RSA1: |
1636 | sensitive_data.ssh1_host_key = key; | 1694 | sensitive_data.ssh1_host_key = key; |
1637 | sensitive_data.have_ssh1_key = 1; | 1695 | sensitive_data.have_ssh1_key = 1; |
@@ -1642,8 +1700,8 @@ main(int ac, char **av) | |||
1642 | sensitive_data.have_ssh2_key = 1; | 1700 | sensitive_data.have_ssh2_key = 1; |
1643 | break; | 1701 | break; |
1644 | } | 1702 | } |
1645 | debug("private host key: #%d type %d %s", i, key->type, | 1703 | debug("private host key: #%d type %d %s", i, keytype, |
1646 | key_type(key)); | 1704 | key_type(key ? key : pubkey)); |
1647 | } | 1705 | } |
1648 | if ((options.protocol & SSH_PROTO_1) && !sensitive_data.have_ssh1_key) { | 1706 | if ((options.protocol & SSH_PROTO_1) && !sensitive_data.have_ssh1_key) { |
1649 | logit("Disabling protocol version 1. Could not load host key"); | 1707 | logit("Disabling protocol version 1. Could not load host key"); |
@@ -1813,7 +1871,8 @@ main(int ac, char **av) | |||
1813 | 1871 | ||
1814 | /* Chdir to the root directory so that the current disk can be | 1872 | /* Chdir to the root directory so that the current disk can be |
1815 | unmounted if desired. */ | 1873 | unmounted if desired. */ |
1816 | chdir("/"); | 1874 | if (chdir("/") == -1) |
1875 | error("chdir(\"/\"): %s", strerror(errno)); | ||
1817 | 1876 | ||
1818 | /* ignore SIGPIPE */ | 1877 | /* ignore SIGPIPE */ |
1819 | signal(SIGPIPE, SIG_IGN); | 1878 | signal(SIGPIPE, SIG_IGN); |
@@ -2069,9 +2128,11 @@ main(int ac, char **av) | |||
2069 | buffer_init(&loginmsg); | 2128 | buffer_init(&loginmsg); |
2070 | auth_debug_reset(); | 2129 | auth_debug_reset(); |
2071 | 2130 | ||
2072 | if (use_privsep) | 2131 | if (use_privsep) { |
2073 | if (privsep_preauth(authctxt) == 1) | 2132 | if (privsep_preauth(authctxt) == 1) |
2074 | goto authenticated; | 2133 | goto authenticated; |
2134 | } else if (compat20 && have_agent) | ||
2135 | auth_conn = ssh_get_authentication_connection(); | ||
2075 | 2136 | ||
2076 | /* perform the key exchange */ | 2137 | /* perform the key exchange */ |
2077 | /* authenticate user and start session */ | 2138 | /* authenticate user and start session */ |
@@ -2358,7 +2419,7 @@ do_ssh1_kex(void) | |||
2358 | MD5_Update(&md, sensitive_data.ssh1_cookie, SSH_SESSION_KEY_LENGTH); | 2419 | MD5_Update(&md, sensitive_data.ssh1_cookie, SSH_SESSION_KEY_LENGTH); |
2359 | MD5_Final(session_key + 16, &md); | 2420 | MD5_Final(session_key + 16, &md); |
2360 | memset(buf, 0, bytes); | 2421 | memset(buf, 0, bytes); |
2361 | xfree(buf); | 2422 | free(buf); |
2362 | for (i = 0; i < 16; i++) | 2423 | for (i = 0; i < 16; i++) |
2363 | session_id[i] = session_key[i] ^ session_key[i + 16]; | 2424 | session_id[i] = session_key[i] ^ session_key[i + 16]; |
2364 | } | 2425 | } |
@@ -2385,6 +2446,23 @@ do_ssh1_kex(void) | |||
2385 | packet_write_wait(); | 2446 | packet_write_wait(); |
2386 | } | 2447 | } |
2387 | 2448 | ||
2449 | void | ||
2450 | sshd_hostkey_sign(Key *privkey, Key *pubkey, u_char **signature, u_int *slen, | ||
2451 | u_char *data, u_int dlen) | ||
2452 | { | ||
2453 | if (privkey) { | ||
2454 | if (PRIVSEP(key_sign(privkey, signature, slen, data, dlen) < 0)) | ||
2455 | fatal("%s: key_sign failed", __func__); | ||
2456 | } else if (use_privsep) { | ||
2457 | if (mm_key_sign(pubkey, signature, slen, data, dlen) < 0) | ||
2458 | fatal("%s: pubkey_sign failed", __func__); | ||
2459 | } else { | ||
2460 | if (ssh_agent_sign(auth_conn, pubkey, signature, slen, data, | ||
2461 | dlen)) | ||
2462 | fatal("%s: ssh_agent_sign failed", __func__); | ||
2463 | } | ||
2464 | } | ||
2465 | |||
2388 | /* | 2466 | /* |
2389 | * SSH2 key exchange: diffie-hellman-group1-sha1 | 2467 | * SSH2 key exchange: diffie-hellman-group1-sha1 |
2390 | */ | 2468 | */ |
@@ -2416,6 +2494,10 @@ do_ssh2_kex(void) | |||
2416 | if (options.kex_algorithms != NULL) | 2494 | if (options.kex_algorithms != NULL) |
2417 | myproposal[PROPOSAL_KEX_ALGS] = options.kex_algorithms; | 2495 | myproposal[PROPOSAL_KEX_ALGS] = options.kex_algorithms; |
2418 | 2496 | ||
2497 | if (options.rekey_limit || options.rekey_interval) | ||
2498 | packet_set_rekey_limits((u_int32_t)options.rekey_limit, | ||
2499 | (time_t)options.rekey_interval); | ||
2500 | |||
2419 | myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types(); | 2501 | myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types(); |
2420 | 2502 | ||
2421 | #ifdef GSSAPI | 2503 | #ifdef GSSAPI |
@@ -2480,6 +2562,7 @@ do_ssh2_kex(void) | |||
2480 | kex->load_host_public_key=&get_hostkey_public_by_type; | 2562 | kex->load_host_public_key=&get_hostkey_public_by_type; |
2481 | kex->load_host_private_key=&get_hostkey_private_by_type; | 2563 | kex->load_host_private_key=&get_hostkey_private_by_type; |
2482 | kex->host_key_index=&get_hostkey_index; | 2564 | kex->host_key_index=&get_hostkey_index; |
2565 | kex->sign = sshd_hostkey_sign; | ||
2483 | 2566 | ||
2484 | xxx_kex = kex; | 2567 | xxx_kex = kex; |
2485 | 2568 | ||
diff --git a/sshd_config b/sshd_config index 1af2afd7a..945014124 100644 --- a/sshd_config +++ b/sshd_config | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: sshd_config,v 1.89 2013/02/06 00:20:42 dtucker Exp $ | 1 | # $OpenBSD: sshd_config,v 1.90 2013/05/16 04:09:14 dtucker Exp $ |
2 | 2 | ||
3 | # This is the sshd server system-wide configuration file. See | 3 | # This is the sshd server system-wide configuration file. See |
4 | # sshd_config(5) for more information. | 4 | # sshd_config(5) for more information. |
@@ -29,6 +29,9 @@ | |||
29 | #KeyRegenerationInterval 1h | 29 | #KeyRegenerationInterval 1h |
30 | #ServerKeyBits 1024 | 30 | #ServerKeyBits 1024 |
31 | 31 | ||
32 | # Ciphers and keying | ||
33 | #RekeyLimit default none | ||
34 | |||
32 | # Logging | 35 | # Logging |
33 | # obsoletes QuietMode and FascistLogging | 36 | # obsoletes QuietMode and FascistLogging |
34 | #SyslogFacility AUTH | 37 | #SyslogFacility AUTH |
diff --git a/sshd_config.0 b/sshd_config.0 index 2648db3d4..5f1df7b58 100644 --- a/sshd_config.0 +++ b/sshd_config.0 | |||
@@ -90,6 +90,13 @@ DESCRIPTION | |||
90 | example, it would not be possible to attempt password or | 90 | example, it would not be possible to attempt password or |
91 | keyboard-interactive authentication before public key. | 91 | keyboard-interactive authentication before public key. |
92 | 92 | ||
93 | For keyboard interactive authentication it is also possible to | ||
94 | restrict authentication to a specific device by appending a colon | ||
95 | followed by the device identifier ``bsdauth'', ``pam'', or | ||
96 | ``skey'', depending on the server configuration. For example, | ||
97 | ``keyboard-interactive:bsdauth'' would restrict keyboard | ||
98 | interactive authentication to the ``bsdauth'' device. | ||
99 | |||
93 | This option is only available for SSH protocol 2 and will yield a | 100 | This option is only available for SSH protocol 2 and will yield a |
94 | fatal error if enabled if protocol 1 is also enabled. Note that | 101 | fatal error if enabled if protocol 1 is also enabled. Note that |
95 | each authentication method listed should also be explicitly | 102 | each authentication method listed should also be explicitly |
@@ -99,7 +106,8 @@ DESCRIPTION | |||
99 | 106 | ||
100 | AuthorizedKeysCommand | 107 | AuthorizedKeysCommand |
101 | Specifies a program to be used to look up the user's public keys. | 108 | Specifies a program to be used to look up the user's public keys. |
102 | The program will be invoked with a single argument of the | 109 | The program must be owned by root and not writable by group or |
110 | others. It will be invoked with a single argument of the | ||
103 | username being authenticated, and should produce on standard | 111 | username being authenticated, and should produce on standard |
104 | output zero or more lines of authorized_keys output (see | 112 | output zero or more lines of authorized_keys output (see |
105 | AUTHORIZED_KEYS in sshd(8)). If a key supplied by | 113 | AUTHORIZED_KEYS in sshd(8)). If a key supplied by |
@@ -322,7 +330,16 @@ DESCRIPTION | |||
322 | sshd(8) will refuse to use a file if it is group/world- | 330 | sshd(8) will refuse to use a file if it is group/world- |
323 | accessible. It is possible to have multiple host key files. | 331 | accessible. It is possible to have multiple host key files. |
324 | ``rsa1'' keys are used for version 1 and ``dsa'', ``ecdsa'' or | 332 | ``rsa1'' keys are used for version 1 and ``dsa'', ``ecdsa'' or |
325 | ``rsa'' are used for version 2 of the SSH protocol. | 333 | ``rsa'' are used for version 2 of the SSH protocol. It is also |
334 | possible to specify public host key files instead. In this case | ||
335 | operations on the private key will be delegated to an | ||
336 | ssh-agent(1). | ||
337 | |||
338 | HostKeyAgent | ||
339 | Identifies the UNIX-domain socket used to communicate with an | ||
340 | agent that has access to the private host keys. If | ||
341 | ``SSH_AUTH_SOCK'' is specified, the location of the socket will | ||
342 | be read from the SSH_AUTH_SOCK environment variable. | ||
326 | 343 | ||
327 | IgnoreRhosts | 344 | IgnoreRhosts |
328 | Specifies that .rhosts and .shosts files will not be used in | 345 | Specifies that .rhosts and .shosts files will not be used in |
@@ -461,8 +478,9 @@ DESCRIPTION | |||
461 | KbdInteractiveAuthentication, KerberosAuthentication, | 478 | KbdInteractiveAuthentication, KerberosAuthentication, |
462 | MaxAuthTries, MaxSessions, PasswordAuthentication, | 479 | MaxAuthTries, MaxSessions, PasswordAuthentication, |
463 | PermitEmptyPasswords, PermitOpen, PermitRootLogin, PermitTunnel, | 480 | PermitEmptyPasswords, PermitOpen, PermitRootLogin, PermitTunnel, |
464 | PubkeyAuthentication, RhostsRSAAuthentication, RSAAuthentication, | 481 | PubkeyAuthentication, RekeyLimit, RhostsRSAAuthentication, |
465 | X11DisplayOffset, X11Forwarding and X11UseLocalHost. | 482 | RSAAuthentication, X11DisplayOffset, X11Forwarding and |
483 | X11UseLocalHost. | ||
466 | 484 | ||
467 | MaxAuthTries | 485 | MaxAuthTries |
468 | Specifies the maximum number of authentication attempts permitted | 486 | Specifies the maximum number of authentication attempts permitted |
@@ -571,6 +589,21 @@ DESCRIPTION | |||
571 | default is ``yes''. Note that this option applies to protocol | 589 | default is ``yes''. Note that this option applies to protocol |
572 | version 2 only. | 590 | version 2 only. |
573 | 591 | ||
592 | RekeyLimit | ||
593 | Specifies the maximum amount of data that may be transmitted | ||
594 | before the session key is renegotiated, optionally followed a | ||
595 | maximum amount of time that may pass before the session key is | ||
596 | renegotiated. The first argument is specified in bytes and may | ||
597 | have a suffix of `K', `M', or `G' to indicate Kilobytes, | ||
598 | Megabytes, or Gigabytes, respectively. The default is between | ||
599 | `1G' and `4G', depending on the cipher. The optional second | ||
600 | value is specified in seconds and may use any of the units | ||
601 | documented in the TIME FORMATS section. The default value for | ||
602 | RekeyLimit is ``default none'', which means that rekeying is | ||
603 | performed after the cipher's default amount of data has been sent | ||
604 | or received and no time based rekeying is done. This option | ||
605 | applies to protocol version 2 only. | ||
606 | |||
574 | RevokedKeys | 607 | RevokedKeys |
575 | Specifies revoked public keys. Keys listed in this file will be | 608 | Specifies revoked public keys. Keys listed in this file will be |
576 | refused for public key authentication. Note that if this file is | 609 | refused for public key authentication. Note that if this file is |
@@ -777,4 +810,4 @@ AUTHORS | |||
777 | versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support | 810 | versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support |
778 | for privilege separation. | 811 | for privilege separation. |
779 | 812 | ||
780 | OpenBSD 5.3 February 6, 2013 OpenBSD 5.3 | 813 | OpenBSD 5.4 July 19, 2013 OpenBSD 5.4 |
diff --git a/sshd_config.5 b/sshd_config.5 index 935bb62fa..525d9c858 100644 --- a/sshd_config.5 +++ b/sshd_config.5 | |||
@@ -33,8 +33,8 @@ | |||
33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
35 | .\" | 35 | .\" |
36 | .\" $OpenBSD: sshd_config.5,v 1.156 2013/02/06 00:20:42 dtucker Exp $ | 36 | .\" $OpenBSD: sshd_config.5,v 1.162 2013/07/19 07:37:48 markus Exp $ |
37 | .Dd $Mdocdate: February 6 2013 $ | 37 | .Dd $Mdocdate: July 19 2013 $ |
38 | .Dt SSHD_CONFIG 5 | 38 | .Dt SSHD_CONFIG 5 |
39 | .Os | 39 | .Os |
40 | .Sh NAME | 40 | .Sh NAME |
@@ -117,9 +117,7 @@ The allow/deny directives are processed in the following order: | |||
117 | and finally | 117 | and finally |
118 | .Cm AllowGroups . | 118 | .Cm AllowGroups . |
119 | .Pp | 119 | .Pp |
120 | See | 120 | See PATTERNS in |
121 | .Sx PATTERNS | ||
122 | in | ||
123 | .Xr ssh_config 5 | 121 | .Xr ssh_config 5 |
124 | for more information on patterns. | 122 | for more information on patterns. |
125 | .It Cm AllowTcpForwarding | 123 | .It Cm AllowTcpForwarding |
@@ -159,9 +157,7 @@ The allow/deny directives are processed in the following order: | |||
159 | and finally | 157 | and finally |
160 | .Cm AllowGroups . | 158 | .Cm AllowGroups . |
161 | .Pp | 159 | .Pp |
162 | See | 160 | See PATTERNS in |
163 | .Sx PATTERNS | ||
164 | in | ||
165 | .Xr ssh_config 5 | 161 | .Xr ssh_config 5 |
166 | for more information on patterns. | 162 | for more information on patterns. |
167 | .It Cm AuthenticationMethods | 163 | .It Cm AuthenticationMethods |
@@ -180,6 +176,20 @@ Only methods that are next in one or more lists are offered at each stage, | |||
180 | so for this example, it would not be possible to attempt password or | 176 | so for this example, it would not be possible to attempt password or |
181 | keyboard-interactive authentication before public key. | 177 | keyboard-interactive authentication before public key. |
182 | .Pp | 178 | .Pp |
179 | For keyboard interactive authentication it is also possible to | ||
180 | restrict authentication to a specific device by appending a | ||
181 | colon followed by the device identifier | ||
182 | .Dq bsdauth , | ||
183 | .Dq pam , | ||
184 | or | ||
185 | .Dq skey , | ||
186 | depending on the server configuration. | ||
187 | For example, | ||
188 | .Dq keyboard-interactive:bsdauth | ||
189 | would restrict keyboard interactive authentication to the | ||
190 | .Dq bsdauth | ||
191 | device. | ||
192 | .Pp | ||
183 | This option is only available for SSH protocol 2 and will yield a fatal | 193 | This option is only available for SSH protocol 2 and will yield a fatal |
184 | error if enabled if protocol 1 is also enabled. | 194 | error if enabled if protocol 1 is also enabled. |
185 | Note that each authentication method listed should also be explicitly enabled | 195 | Note that each authentication method listed should also be explicitly enabled |
@@ -188,11 +198,10 @@ The default is not to require multiple authentication; successful completion | |||
188 | of a single authentication method is sufficient. | 198 | of a single authentication method is sufficient. |
189 | .It Cm AuthorizedKeysCommand | 199 | .It Cm AuthorizedKeysCommand |
190 | Specifies a program to be used to look up the user's public keys. | 200 | Specifies a program to be used to look up the user's public keys. |
191 | The program will be invoked with a single argument of the username | 201 | The program must be owned by root and not writable by group or others. |
202 | It will be invoked with a single argument of the username | ||
192 | being authenticated, and should produce on standard output zero or | 203 | being authenticated, and should produce on standard output zero or |
193 | more lines of authorized_keys output (see | 204 | more lines of authorized_keys output (see AUTHORIZED_KEYS in |
194 | .Sx AUTHORIZED_KEYS | ||
195 | in | ||
196 | .Xr sshd 8 ) . | 205 | .Xr sshd 8 ) . |
197 | If a key supplied by AuthorizedKeysCommand does not successfully authenticate | 206 | If a key supplied by AuthorizedKeysCommand does not successfully authenticate |
198 | and authorize the user then public key authentication continues using the usual | 207 | and authorize the user then public key authentication continues using the usual |
@@ -207,7 +216,7 @@ than running authorized keys commands. | |||
207 | Specifies the file that contains the public keys that can be used | 216 | Specifies the file that contains the public keys that can be used |
208 | for user authentication. | 217 | for user authentication. |
209 | The format is described in the | 218 | The format is described in the |
210 | .Sx AUTHORIZED_KEYS FILE FORMAT | 219 | AUTHORIZED_KEYS FILE FORMAT |
211 | section of | 220 | section of |
212 | .Xr sshd 8 . | 221 | .Xr sshd 8 . |
213 | .Cm AuthorizedKeysFile | 222 | .Cm AuthorizedKeysFile |
@@ -231,9 +240,7 @@ When using certificates signed by a key listed in | |||
231 | this file lists names, one of which must appear in the certificate for it | 240 | this file lists names, one of which must appear in the certificate for it |
232 | to be accepted for authentication. | 241 | to be accepted for authentication. |
233 | Names are listed one per line preceded by key options (as described | 242 | Names are listed one per line preceded by key options (as described |
234 | in | 243 | in AUTHORIZED_KEYS FILE FORMAT in |
235 | .Sx AUTHORIZED_KEYS FILE FORMAT | ||
236 | in | ||
237 | .Xr sshd 8 ) . | 244 | .Xr sshd 8 ) . |
238 | Empty lines and comments starting with | 245 | Empty lines and comments starting with |
239 | .Ql # | 246 | .Ql # |
@@ -411,9 +418,7 @@ The allow/deny directives are processed in the following order: | |||
411 | and finally | 418 | and finally |
412 | .Cm AllowGroups . | 419 | .Cm AllowGroups . |
413 | .Pp | 420 | .Pp |
414 | See | 421 | See PATTERNS in |
415 | .Sx PATTERNS | ||
416 | in | ||
417 | .Xr ssh_config 5 | 422 | .Xr ssh_config 5 |
418 | for more information on patterns. | 423 | for more information on patterns. |
419 | .It Cm DenyUsers | 424 | .It Cm DenyUsers |
@@ -432,9 +437,7 @@ The allow/deny directives are processed in the following order: | |||
432 | and finally | 437 | and finally |
433 | .Cm AllowGroups . | 438 | .Cm AllowGroups . |
434 | .Pp | 439 | .Pp |
435 | See | 440 | See PATTERNS in |
436 | .Sx PATTERNS | ||
437 | in | ||
438 | .Xr ssh_config 5 | 441 | .Xr ssh_config 5 |
439 | for more information on patterns. | 442 | for more information on patterns. |
440 | .It Cm ForceCommand | 443 | .It Cm ForceCommand |
@@ -571,6 +574,18 @@ keys are used for version 1 and | |||
571 | or | 574 | or |
572 | .Dq rsa | 575 | .Dq rsa |
573 | are used for version 2 of the SSH protocol. | 576 | are used for version 2 of the SSH protocol. |
577 | It is also possible to specify public host key files instead. | ||
578 | In this case operations on the private key will be delegated | ||
579 | to an | ||
580 | .Xr ssh-agent 1 . | ||
581 | .It Cm HostKeyAgent | ||
582 | Identifies the UNIX-domain socket used to communicate | ||
583 | with an agent that has access to the private host keys. | ||
584 | If | ||
585 | .Dq SSH_AUTH_SOCK | ||
586 | is specified, the location of the socket will be read from the | ||
587 | .Ev SSH_AUTH_SOCK | ||
588 | environment variable. | ||
574 | .It Cm IgnoreRhosts | 589 | .It Cm IgnoreRhosts |
575 | Specifies that | 590 | Specifies that |
576 | .Pa .rhosts | 591 | .Pa .rhosts |
@@ -774,8 +789,7 @@ and | |||
774 | .Cm Address . | 789 | .Cm Address . |
775 | The match patterns may consist of single entries or comma-separated | 790 | The match patterns may consist of single entries or comma-separated |
776 | lists and may use the wildcard and negation operators described in the | 791 | lists and may use the wildcard and negation operators described in the |
777 | .Sx PATTERNS | 792 | PATTERNS section of |
778 | section of | ||
779 | .Xr ssh_config 5 . | 793 | .Xr ssh_config 5 . |
780 | .Pp | 794 | .Pp |
781 | The patterns in an | 795 | The patterns in an |
@@ -827,6 +841,7 @@ Available keywords are | |||
827 | .Cm PermitRootLogin , | 841 | .Cm PermitRootLogin , |
828 | .Cm PermitTunnel , | 842 | .Cm PermitTunnel , |
829 | .Cm PubkeyAuthentication , | 843 | .Cm PubkeyAuthentication , |
844 | .Cm RekeyLimit , | ||
830 | .Cm RhostsRSAAuthentication , | 845 | .Cm RhostsRSAAuthentication , |
831 | .Cm RSAAuthentication , | 846 | .Cm RSAAuthentication , |
832 | .Cm X11DisplayOffset , | 847 | .Cm X11DisplayOffset , |
@@ -1021,6 +1036,32 @@ Specifies whether public key authentication is allowed. | |||
1021 | The default is | 1036 | The default is |
1022 | .Dq yes . | 1037 | .Dq yes . |
1023 | Note that this option applies to protocol version 2 only. | 1038 | Note that this option applies to protocol version 2 only. |
1039 | .It Cm RekeyLimit | ||
1040 | Specifies the maximum amount of data that may be transmitted before the | ||
1041 | session key is renegotiated, optionally followed a maximum amount of | ||
1042 | time that may pass before the session key is renegotiated. | ||
1043 | The first argument is specified in bytes and may have a suffix of | ||
1044 | .Sq K , | ||
1045 | .Sq M , | ||
1046 | or | ||
1047 | .Sq G | ||
1048 | to indicate Kilobytes, Megabytes, or Gigabytes, respectively. | ||
1049 | The default is between | ||
1050 | .Sq 1G | ||
1051 | and | ||
1052 | .Sq 4G , | ||
1053 | depending on the cipher. | ||
1054 | The optional second value is specified in seconds and may use any of the | ||
1055 | units documented in the | ||
1056 | .Sx TIME FORMATS | ||
1057 | section. | ||
1058 | The default value for | ||
1059 | .Cm RekeyLimit | ||
1060 | is | ||
1061 | .Dq default none , | ||
1062 | which means that rekeying is performed after the cipher's default amount | ||
1063 | of data has been sent or received and no time based rekeying is done. | ||
1064 | This option applies to protocol version 2 only. | ||
1024 | .It Cm RevokedKeys | 1065 | .It Cm RevokedKeys |
1025 | Specifies revoked public keys. | 1066 | Specifies revoked public keys. |
1026 | Keys listed in this file will be refused for public key authentication. | 1067 | Keys listed in this file will be refused for public key authentication. |
@@ -1029,9 +1070,7 @@ be refused for all users. | |||
1029 | Keys may be specified as a text file, listing one public key per line, or as | 1070 | Keys may be specified as a text file, listing one public key per line, or as |
1030 | an OpenSSH Key Revocation List (KRL) as generated by | 1071 | an OpenSSH Key Revocation List (KRL) as generated by |
1031 | .Xr ssh-keygen 1 . | 1072 | .Xr ssh-keygen 1 . |
1032 | For more information on KRLs, see the | 1073 | For more information on KRLs, see the KEY REVOCATION LISTS section in |
1033 | .Sx KEY REVOCATION LISTS | ||
1034 | section in | ||
1035 | .Xr ssh-keygen 1 . | 1074 | .Xr ssh-keygen 1 . |
1036 | .It Cm RhostsRSAAuthentication | 1075 | .It Cm RhostsRSAAuthentication |
1037 | Specifies whether rhosts or /etc/hosts.equiv authentication together | 1076 | Specifies whether rhosts or /etc/hosts.equiv authentication together |
@@ -1120,9 +1159,7 @@ listed in the certificate's principals list. | |||
1120 | Note that certificates that lack a list of principals will not be permitted | 1159 | Note that certificates that lack a list of principals will not be permitted |
1121 | for authentication using | 1160 | for authentication using |
1122 | .Cm TrustedUserCAKeys . | 1161 | .Cm TrustedUserCAKeys . |
1123 | For more details on certificates, see the | 1162 | For more details on certificates, see the CERTIFICATES section in |
1124 | .Sx CERTIFICATES | ||
1125 | section in | ||
1126 | .Xr ssh-keygen 1 . | 1163 | .Xr ssh-keygen 1 . |
1127 | .It Cm UseDNS | 1164 | .It Cm UseDNS |
1128 | Specifies whether | 1165 | Specifies whether |
diff --git a/sshlogin.c b/sshlogin.c index 54629f747..2688d8d7b 100644 --- a/sshlogin.c +++ b/sshlogin.c | |||
@@ -97,7 +97,7 @@ store_lastlog_message(const char *user, uid_t uid) | |||
97 | time_string = sys_auth_get_lastlogin_msg(user, uid); | 97 | time_string = sys_auth_get_lastlogin_msg(user, uid); |
98 | if (time_string != NULL) { | 98 | if (time_string != NULL) { |
99 | buffer_append(&loginmsg, time_string, strlen(time_string)); | 99 | buffer_append(&loginmsg, time_string, strlen(time_string)); |
100 | xfree(time_string); | 100 | free(time_string); |
101 | } | 101 | } |
102 | # else | 102 | # else |
103 | last_login_time = get_last_login_time(uid, user, hostname, | 103 | last_login_time = get_last_login_time(uid, user, hostname, |
diff --git a/sshlogin.h b/sshlogin.h index 500d3fefd..52119a979 100644 --- a/sshlogin.h +++ b/sshlogin.h | |||
@@ -15,7 +15,7 @@ | |||
15 | void record_login(pid_t, const char *, const char *, uid_t, | 15 | void record_login(pid_t, const char *, const char *, uid_t, |
16 | const char *, struct sockaddr *, socklen_t); | 16 | const char *, struct sockaddr *, socklen_t); |
17 | void record_logout(pid_t, const char *, const char *); | 17 | void record_logout(pid_t, const char *, const char *); |
18 | time_t get_last_login_time(uid_t, const char *, char *, u_int); | 18 | time_t get_last_login_time(uid_t, const char *, char *, size_t); |
19 | 19 | ||
20 | #ifdef LOGIN_NEEDS_UTMPX | 20 | #ifdef LOGIN_NEEDS_UTMPX |
21 | void record_utmp_only(pid_t, const char *, const char *, const char *, | 21 | void record_utmp_only(pid_t, const char *, const char *, const char *, |
@@ -90,8 +90,7 @@ temporarily_use_uid(struct passwd *pw) | |||
90 | if (getgroups(saved_egroupslen, saved_egroups) < 0) | 90 | if (getgroups(saved_egroupslen, saved_egroups) < 0) |
91 | fatal("getgroups: %.100s", strerror(errno)); | 91 | fatal("getgroups: %.100s", strerror(errno)); |
92 | } else { /* saved_egroupslen == 0 */ | 92 | } else { /* saved_egroupslen == 0 */ |
93 | if (saved_egroups != NULL) | 93 | free(saved_egroups); |
94 | xfree(saved_egroups); | ||
95 | } | 94 | } |
96 | 95 | ||
97 | /* set and save the user's groups */ | 96 | /* set and save the user's groups */ |
@@ -109,8 +108,7 @@ temporarily_use_uid(struct passwd *pw) | |||
109 | if (getgroups(user_groupslen, user_groups) < 0) | 108 | if (getgroups(user_groupslen, user_groups) < 0) |
110 | fatal("getgroups: %.100s", strerror(errno)); | 109 | fatal("getgroups: %.100s", strerror(errno)); |
111 | } else { /* user_groupslen == 0 */ | 110 | } else { /* user_groupslen == 0 */ |
112 | if (user_groups) | 111 | free(user_groups); |
113 | xfree(user_groups); | ||
114 | } | 112 | } |
115 | } | 113 | } |
116 | /* Set the effective uid to the given (unprivileged) uid. */ | 114 | /* Set the effective uid to the given (unprivileged) uid. */ |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: umac.c,v 1.4 2011/10/19 10:39:48 djm Exp $ */ | 1 | /* $OpenBSD: umac.c,v 1.7 2013/07/22 05:00:17 djm Exp $ */ |
2 | /* ----------------------------------------------------------------------- | 2 | /* ----------------------------------------------------------------------- |
3 | * | 3 | * |
4 | * umac.c -- C Implementation UMAC Message Authentication | 4 | * umac.c -- C Implementation UMAC Message Authentication |
@@ -132,13 +132,13 @@ typedef unsigned int UWORD; /* Register */ | |||
132 | /* ---------------------------------------------------------------------- */ | 132 | /* ---------------------------------------------------------------------- */ |
133 | 133 | ||
134 | #if HAVE_SWAP32 | 134 | #if HAVE_SWAP32 |
135 | #define LOAD_UINT32_REVERSED(p) (swap32(*(UINT32 *)(p))) | 135 | #define LOAD_UINT32_REVERSED(p) (swap32(*(const UINT32 *)(p))) |
136 | #define STORE_UINT32_REVERSED(p,v) (*(UINT32 *)(p) = swap32(v)) | 136 | #define STORE_UINT32_REVERSED(p,v) (*(UINT32 *)(p) = swap32(v)) |
137 | #else /* HAVE_SWAP32 */ | 137 | #else /* HAVE_SWAP32 */ |
138 | 138 | ||
139 | static UINT32 LOAD_UINT32_REVERSED(void *ptr) | 139 | static UINT32 LOAD_UINT32_REVERSED(const void *ptr) |
140 | { | 140 | { |
141 | UINT32 temp = *(UINT32 *)ptr; | 141 | UINT32 temp = *(const UINT32 *)ptr; |
142 | temp = (temp >> 24) | ((temp & 0x00FF0000) >> 8 ) | 142 | temp = (temp >> 24) | ((temp & 0x00FF0000) >> 8 ) |
143 | | ((temp & 0x0000FF00) << 8 ) | (temp << 24); | 143 | | ((temp & 0x0000FF00) << 8 ) | (temp << 24); |
144 | return (UINT32)temp; | 144 | return (UINT32)temp; |
@@ -159,7 +159,7 @@ static void STORE_UINT32_REVERSED(void *ptr, UINT32 x) | |||
159 | */ | 159 | */ |
160 | 160 | ||
161 | #if (__LITTLE_ENDIAN__) | 161 | #if (__LITTLE_ENDIAN__) |
162 | #define LOAD_UINT32_LITTLE(ptr) (*(UINT32 *)(ptr)) | 162 | #define LOAD_UINT32_LITTLE(ptr) (*(const UINT32 *)(ptr)) |
163 | #define STORE_UINT32_BIG(ptr,x) STORE_UINT32_REVERSED(ptr,x) | 163 | #define STORE_UINT32_BIG(ptr,x) STORE_UINT32_REVERSED(ptr,x) |
164 | #else | 164 | #else |
165 | #define LOAD_UINT32_LITTLE(ptr) LOAD_UINT32_REVERSED(ptr) | 165 | #define LOAD_UINT32_LITTLE(ptr) LOAD_UINT32_REVERSED(ptr) |
@@ -184,7 +184,7 @@ typedef AES_KEY aes_int_key[1]; | |||
184 | #define aes_encryption(in,out,int_key) \ | 184 | #define aes_encryption(in,out,int_key) \ |
185 | AES_encrypt((u_char *)(in),(u_char *)(out),(AES_KEY *)int_key) | 185 | AES_encrypt((u_char *)(in),(u_char *)(out),(AES_KEY *)int_key) |
186 | #define aes_key_setup(key,int_key) \ | 186 | #define aes_key_setup(key,int_key) \ |
187 | AES_set_encrypt_key((u_char *)(key),UMAC_KEY_LEN*8,int_key) | 187 | AES_set_encrypt_key((const u_char *)(key),UMAC_KEY_LEN*8,int_key) |
188 | 188 | ||
189 | /* The user-supplied UMAC key is stretched using AES in a counter | 189 | /* The user-supplied UMAC key is stretched using AES in a counter |
190 | * mode to supply all random bits needed by UMAC. The kdf function takes | 190 | * mode to supply all random bits needed by UMAC. The kdf function takes |
@@ -240,7 +240,7 @@ static void pdf_init(pdf_ctx *pc, aes_int_key prf_key) | |||
240 | aes_encryption(pc->nonce, pc->cache, pc->prf_key); | 240 | aes_encryption(pc->nonce, pc->cache, pc->prf_key); |
241 | } | 241 | } |
242 | 242 | ||
243 | static void pdf_gen_xor(pdf_ctx *pc, UINT8 nonce[8], UINT8 buf[8]) | 243 | static void pdf_gen_xor(pdf_ctx *pc, const UINT8 nonce[8], UINT8 buf[8]) |
244 | { | 244 | { |
245 | /* 'ndx' indicates that we'll be using the 0th or 1st eight bytes | 245 | /* 'ndx' indicates that we'll be using the 0th or 1st eight bytes |
246 | * of the AES output. If last time around we returned the ndx-1st | 246 | * of the AES output. If last time around we returned the ndx-1st |
@@ -254,19 +254,21 @@ static void pdf_gen_xor(pdf_ctx *pc, UINT8 nonce[8], UINT8 buf[8]) | |||
254 | #elif (UMAC_OUTPUT_LEN > 8) | 254 | #elif (UMAC_OUTPUT_LEN > 8) |
255 | #define LOW_BIT_MASK 0 | 255 | #define LOW_BIT_MASK 0 |
256 | #endif | 256 | #endif |
257 | 257 | union { | |
258 | UINT8 tmp_nonce_lo[4]; | 258 | UINT8 tmp_nonce_lo[4]; |
259 | UINT32 align; | ||
260 | } t; | ||
259 | #if LOW_BIT_MASK != 0 | 261 | #if LOW_BIT_MASK != 0 |
260 | int ndx = nonce[7] & LOW_BIT_MASK; | 262 | int ndx = nonce[7] & LOW_BIT_MASK; |
261 | #endif | 263 | #endif |
262 | *(UINT32 *)tmp_nonce_lo = ((UINT32 *)nonce)[1]; | 264 | *(UINT32 *)t.tmp_nonce_lo = ((const UINT32 *)nonce)[1]; |
263 | tmp_nonce_lo[3] &= ~LOW_BIT_MASK; /* zero last bit */ | 265 | t.tmp_nonce_lo[3] &= ~LOW_BIT_MASK; /* zero last bit */ |
264 | 266 | ||
265 | if ( (((UINT32 *)tmp_nonce_lo)[0] != ((UINT32 *)pc->nonce)[1]) || | 267 | if ( (((UINT32 *)t.tmp_nonce_lo)[0] != ((UINT32 *)pc->nonce)[1]) || |
266 | (((UINT32 *)nonce)[0] != ((UINT32 *)pc->nonce)[0]) ) | 268 | (((const UINT32 *)nonce)[0] != ((UINT32 *)pc->nonce)[0]) ) |
267 | { | 269 | { |
268 | ((UINT32 *)pc->nonce)[0] = ((UINT32 *)nonce)[0]; | 270 | ((UINT32 *)pc->nonce)[0] = ((const UINT32 *)nonce)[0]; |
269 | ((UINT32 *)pc->nonce)[1] = ((UINT32 *)tmp_nonce_lo)[0]; | 271 | ((UINT32 *)pc->nonce)[1] = ((UINT32 *)t.tmp_nonce_lo)[0]; |
270 | aes_encryption(pc->nonce, pc->cache, pc->prf_key); | 272 | aes_encryption(pc->nonce, pc->cache, pc->prf_key); |
271 | } | 273 | } |
272 | 274 | ||
@@ -333,7 +335,7 @@ typedef struct { | |||
333 | 335 | ||
334 | #if (UMAC_OUTPUT_LEN == 4) | 336 | #if (UMAC_OUTPUT_LEN == 4) |
335 | 337 | ||
336 | static void nh_aux(void *kp, void *dp, void *hp, UINT32 dlen) | 338 | static void nh_aux(void *kp, const void *dp, void *hp, UINT32 dlen) |
337 | /* NH hashing primitive. Previous (partial) hash result is loaded and | 339 | /* NH hashing primitive. Previous (partial) hash result is loaded and |
338 | * then stored via hp pointer. The length of the data pointed at by "dp", | 340 | * then stored via hp pointer. The length of the data pointed at by "dp", |
339 | * "dlen", is guaranteed to be divisible by L1_PAD_BOUNDARY (32). Key | 341 | * "dlen", is guaranteed to be divisible by L1_PAD_BOUNDARY (32). Key |
@@ -343,7 +345,7 @@ static void nh_aux(void *kp, void *dp, void *hp, UINT32 dlen) | |||
343 | UINT64 h; | 345 | UINT64 h; |
344 | UWORD c = dlen / 32; | 346 | UWORD c = dlen / 32; |
345 | UINT32 *k = (UINT32 *)kp; | 347 | UINT32 *k = (UINT32 *)kp; |
346 | UINT32 *d = (UINT32 *)dp; | 348 | const UINT32 *d = (const UINT32 *)dp; |
347 | UINT32 d0,d1,d2,d3,d4,d5,d6,d7; | 349 | UINT32 d0,d1,d2,d3,d4,d5,d6,d7; |
348 | UINT32 k0,k1,k2,k3,k4,k5,k6,k7; | 350 | UINT32 k0,k1,k2,k3,k4,k5,k6,k7; |
349 | 351 | ||
@@ -368,7 +370,7 @@ static void nh_aux(void *kp, void *dp, void *hp, UINT32 dlen) | |||
368 | 370 | ||
369 | #elif (UMAC_OUTPUT_LEN == 8) | 371 | #elif (UMAC_OUTPUT_LEN == 8) |
370 | 372 | ||
371 | static void nh_aux(void *kp, void *dp, void *hp, UINT32 dlen) | 373 | static void nh_aux(void *kp, const void *dp, void *hp, UINT32 dlen) |
372 | /* Same as previous nh_aux, but two streams are handled in one pass, | 374 | /* Same as previous nh_aux, but two streams are handled in one pass, |
373 | * reading and writing 16 bytes of hash-state per call. | 375 | * reading and writing 16 bytes of hash-state per call. |
374 | */ | 376 | */ |
@@ -376,7 +378,7 @@ static void nh_aux(void *kp, void *dp, void *hp, UINT32 dlen) | |||
376 | UINT64 h1,h2; | 378 | UINT64 h1,h2; |
377 | UWORD c = dlen / 32; | 379 | UWORD c = dlen / 32; |
378 | UINT32 *k = (UINT32 *)kp; | 380 | UINT32 *k = (UINT32 *)kp; |
379 | UINT32 *d = (UINT32 *)dp; | 381 | const UINT32 *d = (const UINT32 *)dp; |
380 | UINT32 d0,d1,d2,d3,d4,d5,d6,d7; | 382 | UINT32 d0,d1,d2,d3,d4,d5,d6,d7; |
381 | UINT32 k0,k1,k2,k3,k4,k5,k6,k7, | 383 | UINT32 k0,k1,k2,k3,k4,k5,k6,k7, |
382 | k8,k9,k10,k11; | 384 | k8,k9,k10,k11; |
@@ -415,7 +417,7 @@ static void nh_aux(void *kp, void *dp, void *hp, UINT32 dlen) | |||
415 | 417 | ||
416 | #elif (UMAC_OUTPUT_LEN == 12) | 418 | #elif (UMAC_OUTPUT_LEN == 12) |
417 | 419 | ||
418 | static void nh_aux(void *kp, void *dp, void *hp, UINT32 dlen) | 420 | static void nh_aux(void *kp, const void *dp, void *hp, UINT32 dlen) |
419 | /* Same as previous nh_aux, but two streams are handled in one pass, | 421 | /* Same as previous nh_aux, but two streams are handled in one pass, |
420 | * reading and writing 24 bytes of hash-state per call. | 422 | * reading and writing 24 bytes of hash-state per call. |
421 | */ | 423 | */ |
@@ -423,7 +425,7 @@ static void nh_aux(void *kp, void *dp, void *hp, UINT32 dlen) | |||
423 | UINT64 h1,h2,h3; | 425 | UINT64 h1,h2,h3; |
424 | UWORD c = dlen / 32; | 426 | UWORD c = dlen / 32; |
425 | UINT32 *k = (UINT32 *)kp; | 427 | UINT32 *k = (UINT32 *)kp; |
426 | UINT32 *d = (UINT32 *)dp; | 428 | const UINT32 *d = (const UINT32 *)dp; |
427 | UINT32 d0,d1,d2,d3,d4,d5,d6,d7; | 429 | UINT32 d0,d1,d2,d3,d4,d5,d6,d7; |
428 | UINT32 k0,k1,k2,k3,k4,k5,k6,k7, | 430 | UINT32 k0,k1,k2,k3,k4,k5,k6,k7, |
429 | k8,k9,k10,k11,k12,k13,k14,k15; | 431 | k8,k9,k10,k11,k12,k13,k14,k15; |
@@ -470,7 +472,7 @@ static void nh_aux(void *kp, void *dp, void *hp, UINT32 dlen) | |||
470 | 472 | ||
471 | #elif (UMAC_OUTPUT_LEN == 16) | 473 | #elif (UMAC_OUTPUT_LEN == 16) |
472 | 474 | ||
473 | static void nh_aux(void *kp, void *dp, void *hp, UINT32 dlen) | 475 | static void nh_aux(void *kp, const void *dp, void *hp, UINT32 dlen) |
474 | /* Same as previous nh_aux, but two streams are handled in one pass, | 476 | /* Same as previous nh_aux, but two streams are handled in one pass, |
475 | * reading and writing 24 bytes of hash-state per call. | 477 | * reading and writing 24 bytes of hash-state per call. |
476 | */ | 478 | */ |
@@ -478,7 +480,7 @@ static void nh_aux(void *kp, void *dp, void *hp, UINT32 dlen) | |||
478 | UINT64 h1,h2,h3,h4; | 480 | UINT64 h1,h2,h3,h4; |
479 | UWORD c = dlen / 32; | 481 | UWORD c = dlen / 32; |
480 | UINT32 *k = (UINT32 *)kp; | 482 | UINT32 *k = (UINT32 *)kp; |
481 | UINT32 *d = (UINT32 *)dp; | 483 | const UINT32 *d = (const UINT32 *)dp; |
482 | UINT32 d0,d1,d2,d3,d4,d5,d6,d7; | 484 | UINT32 d0,d1,d2,d3,d4,d5,d6,d7; |
483 | UINT32 k0,k1,k2,k3,k4,k5,k6,k7, | 485 | UINT32 k0,k1,k2,k3,k4,k5,k6,k7, |
484 | k8,k9,k10,k11,k12,k13,k14,k15, | 486 | k8,k9,k10,k11,k12,k13,k14,k15, |
@@ -539,7 +541,7 @@ static void nh_aux(void *kp, void *dp, void *hp, UINT32 dlen) | |||
539 | 541 | ||
540 | /* ---------------------------------------------------------------------- */ | 542 | /* ---------------------------------------------------------------------- */ |
541 | 543 | ||
542 | static void nh_transform(nh_ctx *hc, UINT8 *buf, UINT32 nbytes) | 544 | static void nh_transform(nh_ctx *hc, const UINT8 *buf, UINT32 nbytes) |
543 | /* This function is a wrapper for the primitive NH hash functions. It takes | 545 | /* This function is a wrapper for the primitive NH hash functions. It takes |
544 | * as argument "hc" the current hash context and a buffer which must be a | 546 | * as argument "hc" the current hash context and a buffer which must be a |
545 | * multiple of L1_PAD_BOUNDARY. The key passed to nh_aux is offset | 547 | * multiple of L1_PAD_BOUNDARY. The key passed to nh_aux is offset |
@@ -614,7 +616,7 @@ static void nh_init(nh_ctx *hc, aes_int_key prf_key) | |||
614 | 616 | ||
615 | /* ---------------------------------------------------------------------- */ | 617 | /* ---------------------------------------------------------------------- */ |
616 | 618 | ||
617 | static void nh_update(nh_ctx *hc, UINT8 *buf, UINT32 nbytes) | 619 | static void nh_update(nh_ctx *hc, const UINT8 *buf, UINT32 nbytes) |
618 | /* Incorporate nbytes of data into a nh_ctx, buffer whatever is not an */ | 620 | /* Incorporate nbytes of data into a nh_ctx, buffer whatever is not an */ |
619 | /* even multiple of HASH_BUF_BYTES. */ | 621 | /* even multiple of HASH_BUF_BYTES. */ |
620 | { | 622 | { |
@@ -709,7 +711,7 @@ static void nh_final(nh_ctx *hc, UINT8 *result) | |||
709 | 711 | ||
710 | /* ---------------------------------------------------------------------- */ | 712 | /* ---------------------------------------------------------------------- */ |
711 | 713 | ||
712 | static void nh(nh_ctx *hc, UINT8 *buf, UINT32 padded_len, | 714 | static void nh(nh_ctx *hc, const UINT8 *buf, UINT32 padded_len, |
713 | UINT32 unpadded_len, UINT8 *result) | 715 | UINT32 unpadded_len, UINT8 *result) |
714 | /* All-in-one nh_update() and nh_final() equivalent. | 716 | /* All-in-one nh_update() and nh_final() equivalent. |
715 | * Assumes that padded_len is divisible by L1_PAD_BOUNDARY and result is | 717 | * Assumes that padded_len is divisible by L1_PAD_BOUNDARY and result is |
@@ -1047,7 +1049,7 @@ static int uhash_free(uhash_ctx_t ctx) | |||
1047 | #endif | 1049 | #endif |
1048 | /* ---------------------------------------------------------------------- */ | 1050 | /* ---------------------------------------------------------------------- */ |
1049 | 1051 | ||
1050 | static int uhash_update(uhash_ctx_t ctx, u_char *input, long len) | 1052 | static int uhash_update(uhash_ctx_t ctx, const u_char *input, long len) |
1051 | /* Given len bytes of data, we parse it into L1_KEY_LEN chunks and | 1053 | /* Given len bytes of data, we parse it into L1_KEY_LEN chunks and |
1052 | * hash each one with NH, calling the polyhash on each NH output. | 1054 | * hash each one with NH, calling the polyhash on each NH output. |
1053 | */ | 1055 | */ |
@@ -1057,7 +1059,7 @@ static int uhash_update(uhash_ctx_t ctx, u_char *input, long len) | |||
1057 | UINT8 *nh_result = (UINT8 *)&result_buf; | 1059 | UINT8 *nh_result = (UINT8 *)&result_buf; |
1058 | 1060 | ||
1059 | if (ctx->msg_len + len <= L1_KEY_LEN) { | 1061 | if (ctx->msg_len + len <= L1_KEY_LEN) { |
1060 | nh_update(&ctx->hash, (UINT8 *)input, len); | 1062 | nh_update(&ctx->hash, (const UINT8 *)input, len); |
1061 | ctx->msg_len += len; | 1063 | ctx->msg_len += len; |
1062 | } else { | 1064 | } else { |
1063 | 1065 | ||
@@ -1072,7 +1074,7 @@ static int uhash_update(uhash_ctx_t ctx, u_char *input, long len) | |||
1072 | /* bytes to complete the current nh_block. */ | 1074 | /* bytes to complete the current nh_block. */ |
1073 | if (bytes_hashed) { | 1075 | if (bytes_hashed) { |
1074 | bytes_remaining = (L1_KEY_LEN - bytes_hashed); | 1076 | bytes_remaining = (L1_KEY_LEN - bytes_hashed); |
1075 | nh_update(&ctx->hash, (UINT8 *)input, bytes_remaining); | 1077 | nh_update(&ctx->hash, (const UINT8 *)input, bytes_remaining); |
1076 | nh_final(&ctx->hash, nh_result); | 1078 | nh_final(&ctx->hash, nh_result); |
1077 | ctx->msg_len += bytes_remaining; | 1079 | ctx->msg_len += bytes_remaining; |
1078 | poly_hash(ctx,(UINT32 *)nh_result); | 1080 | poly_hash(ctx,(UINT32 *)nh_result); |
@@ -1082,7 +1084,7 @@ static int uhash_update(uhash_ctx_t ctx, u_char *input, long len) | |||
1082 | 1084 | ||
1083 | /* Hash directly from input stream if enough bytes */ | 1085 | /* Hash directly from input stream if enough bytes */ |
1084 | while (len >= L1_KEY_LEN) { | 1086 | while (len >= L1_KEY_LEN) { |
1085 | nh(&ctx->hash, (UINT8 *)input, L1_KEY_LEN, | 1087 | nh(&ctx->hash, (const UINT8 *)input, L1_KEY_LEN, |
1086 | L1_KEY_LEN, nh_result); | 1088 | L1_KEY_LEN, nh_result); |
1087 | ctx->msg_len += L1_KEY_LEN; | 1089 | ctx->msg_len += L1_KEY_LEN; |
1088 | len -= L1_KEY_LEN; | 1090 | len -= L1_KEY_LEN; |
@@ -1093,7 +1095,7 @@ static int uhash_update(uhash_ctx_t ctx, u_char *input, long len) | |||
1093 | 1095 | ||
1094 | /* pass remaining < L1_KEY_LEN bytes of input data to NH */ | 1096 | /* pass remaining < L1_KEY_LEN bytes of input data to NH */ |
1095 | if (len) { | 1097 | if (len) { |
1096 | nh_update(&ctx->hash, (UINT8 *)input, len); | 1098 | nh_update(&ctx->hash, (const UINT8 *)input, len); |
1097 | ctx->msg_len += len; | 1099 | ctx->msg_len += len; |
1098 | } | 1100 | } |
1099 | } | 1101 | } |
@@ -1209,14 +1211,14 @@ int umac_delete(struct umac_ctx *ctx) | |||
1209 | if (ctx) { | 1211 | if (ctx) { |
1210 | if (ALLOC_BOUNDARY) | 1212 | if (ALLOC_BOUNDARY) |
1211 | ctx = (struct umac_ctx *)ctx->free_ptr; | 1213 | ctx = (struct umac_ctx *)ctx->free_ptr; |
1212 | xfree(ctx); | 1214 | free(ctx); |
1213 | } | 1215 | } |
1214 | return (1); | 1216 | return (1); |
1215 | } | 1217 | } |
1216 | 1218 | ||
1217 | /* ---------------------------------------------------------------------- */ | 1219 | /* ---------------------------------------------------------------------- */ |
1218 | 1220 | ||
1219 | struct umac_ctx *umac_new(u_char key[]) | 1221 | struct umac_ctx *umac_new(const u_char key[]) |
1220 | /* Dynamically allocate a umac_ctx struct, initialize variables, | 1222 | /* Dynamically allocate a umac_ctx struct, initialize variables, |
1221 | * generate subkeys from key. Align to 16-byte boundary. | 1223 | * generate subkeys from key. Align to 16-byte boundary. |
1222 | */ | 1224 | */ |
@@ -1233,7 +1235,7 @@ struct umac_ctx *umac_new(u_char key[]) | |||
1233 | ctx = (struct umac_ctx *)((u_char *)ctx + bytes_to_add); | 1235 | ctx = (struct umac_ctx *)((u_char *)ctx + bytes_to_add); |
1234 | } | 1236 | } |
1235 | ctx->free_ptr = octx; | 1237 | ctx->free_ptr = octx; |
1236 | aes_key_setup(key,prf_key); | 1238 | aes_key_setup(key, prf_key); |
1237 | pdf_init(&ctx->pdf, prf_key); | 1239 | pdf_init(&ctx->pdf, prf_key); |
1238 | uhash_init(&ctx->hash, prf_key); | 1240 | uhash_init(&ctx->hash, prf_key); |
1239 | } | 1241 | } |
@@ -1243,18 +1245,18 @@ struct umac_ctx *umac_new(u_char key[]) | |||
1243 | 1245 | ||
1244 | /* ---------------------------------------------------------------------- */ | 1246 | /* ---------------------------------------------------------------------- */ |
1245 | 1247 | ||
1246 | int umac_final(struct umac_ctx *ctx, u_char tag[], u_char nonce[8]) | 1248 | int umac_final(struct umac_ctx *ctx, u_char tag[], const u_char nonce[8]) |
1247 | /* Incorporate any pending data, pad, and generate tag */ | 1249 | /* Incorporate any pending data, pad, and generate tag */ |
1248 | { | 1250 | { |
1249 | uhash_final(&ctx->hash, (u_char *)tag); | 1251 | uhash_final(&ctx->hash, (u_char *)tag); |
1250 | pdf_gen_xor(&ctx->pdf, (UINT8 *)nonce, (UINT8 *)tag); | 1252 | pdf_gen_xor(&ctx->pdf, (const UINT8 *)nonce, (UINT8 *)tag); |
1251 | 1253 | ||
1252 | return (1); | 1254 | return (1); |
1253 | } | 1255 | } |
1254 | 1256 | ||
1255 | /* ---------------------------------------------------------------------- */ | 1257 | /* ---------------------------------------------------------------------- */ |
1256 | 1258 | ||
1257 | int umac_update(struct umac_ctx *ctx, u_char *input, long len) | 1259 | int umac_update(struct umac_ctx *ctx, const u_char *input, long len) |
1258 | /* Given len bytes of data, we parse it into L1_KEY_LEN chunks and */ | 1260 | /* Given len bytes of data, we parse it into L1_KEY_LEN chunks and */ |
1259 | /* hash each one, calling the PDF on the hashed output whenever the hash- */ | 1261 | /* hash each one, calling the PDF on the hashed output whenever the hash- */ |
1260 | /* output buffer is full. */ | 1262 | /* output buffer is full. */ |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: umac.h,v 1.2 2012/10/04 13:21:50 markus Exp $ */ | 1 | /* $OpenBSD: umac.h,v 1.3 2013/07/22 12:20:02 djm Exp $ */ |
2 | /* ----------------------------------------------------------------------- | 2 | /* ----------------------------------------------------------------------- |
3 | * | 3 | * |
4 | * umac.h -- C Implementation UMAC Message Authentication | 4 | * umac.h -- C Implementation UMAC Message Authentication |
@@ -52,7 +52,7 @@ | |||
52 | extern "C" { | 52 | extern "C" { |
53 | #endif | 53 | #endif |
54 | 54 | ||
55 | struct umac_ctx *umac_new(u_char key[]); | 55 | struct umac_ctx *umac_new(const u_char key[]); |
56 | /* Dynamically allocate a umac_ctx struct, initialize variables, | 56 | /* Dynamically allocate a umac_ctx struct, initialize variables, |
57 | * generate subkeys from key. | 57 | * generate subkeys from key. |
58 | */ | 58 | */ |
@@ -62,10 +62,10 @@ int umac_reset(struct umac_ctx *ctx); | |||
62 | /* Reset a umac_ctx to begin authenicating a new message */ | 62 | /* Reset a umac_ctx to begin authenicating a new message */ |
63 | #endif | 63 | #endif |
64 | 64 | ||
65 | int umac_update(struct umac_ctx *ctx, u_char *input, long len); | 65 | int umac_update(struct umac_ctx *ctx, const u_char *input, long len); |
66 | /* Incorporate len bytes pointed to by input into context ctx */ | 66 | /* Incorporate len bytes pointed to by input into context ctx */ |
67 | 67 | ||
68 | int umac_final(struct umac_ctx *ctx, u_char tag[], u_char nonce[8]); | 68 | int umac_final(struct umac_ctx *ctx, u_char tag[], const u_char nonce[8]); |
69 | /* Incorporate any pending data and the ctr value, and return tag. | 69 | /* Incorporate any pending data and the ctr value, and return tag. |
70 | * This function returns error code if ctr < 0. | 70 | * This function returns error code if ctr < 0. |
71 | */ | 71 | */ |
@@ -117,9 +117,9 @@ int uhash(uhash_ctx_t ctx, | |||
117 | #endif | 117 | #endif |
118 | 118 | ||
119 | /* matching umac-128 API, we reuse umac_ctx, since it's opaque */ | 119 | /* matching umac-128 API, we reuse umac_ctx, since it's opaque */ |
120 | struct umac_ctx *umac128_new(u_char key[]); | 120 | struct umac_ctx *umac128_new(const u_char key[]); |
121 | int umac128_update(struct umac_ctx *ctx, u_char *input, long len); | 121 | int umac128_update(struct umac_ctx *ctx, const u_char *input, long len); |
122 | int umac128_final(struct umac_ctx *ctx, u_char tag[], u_char nonce[8]); | 122 | int umac128_final(struct umac_ctx *ctx, u_char tag[], const u_char nonce[8]); |
123 | int umac128_delete(struct umac_ctx *ctx); | 123 | int umac128_delete(struct umac_ctx *ctx); |
124 | 124 | ||
125 | #ifdef __cplusplus | 125 | #ifdef __cplusplus |
diff --git a/uuencode.c b/uuencode.c index 09d80d2fc..294c74304 100644 --- a/uuencode.c +++ b/uuencode.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: uuencode.c,v 1.26 2010/08/31 11:54:45 djm Exp $ */ | 1 | /* $OpenBSD: uuencode.c,v 1.27 2013/05/17 00:13:14 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -29,6 +29,7 @@ | |||
29 | #include <netinet/in.h> | 29 | #include <netinet/in.h> |
30 | #include <resolv.h> | 30 | #include <resolv.h> |
31 | #include <stdio.h> | 31 | #include <stdio.h> |
32 | #include <stdlib.h> | ||
32 | 33 | ||
33 | #include "xmalloc.h" | 34 | #include "xmalloc.h" |
34 | #include "uuencode.h" | 35 | #include "uuencode.h" |
@@ -67,7 +68,7 @@ uudecode(const char *src, u_char *target, size_t targsize) | |||
67 | /* and remove trailing whitespace because __b64_pton needs this */ | 68 | /* and remove trailing whitespace because __b64_pton needs this */ |
68 | *p = '\0'; | 69 | *p = '\0'; |
69 | len = __b64_pton(encoded, target, targsize); | 70 | len = __b64_pton(encoded, target, targsize); |
70 | xfree(encoded); | 71 | free(encoded); |
71 | return len; | 72 | return len; |
72 | } | 73 | } |
73 | 74 | ||
@@ -90,5 +91,5 @@ dump_base64(FILE *fp, const u_char *data, u_int len) | |||
90 | } | 91 | } |
91 | if (i % 70 != 69) | 92 | if (i % 70 != 69) |
92 | fprintf(fp, "\n"); | 93 | fprintf(fp, "\n"); |
93 | xfree(buf); | 94 | free(buf); |
94 | } | 95 | } |
@@ -1,6 +1,6 @@ | |||
1 | /* $OpenBSD: version.h,v 1.66 2013/02/10 21:19:34 markus Exp $ */ | 1 | /* $OpenBSD: version.h,v 1.67 2013/07/25 00:57:37 djm Exp $ */ |
2 | 2 | ||
3 | #define SSH_VERSION "OpenSSH_6.2" | 3 | #define SSH_VERSION "OpenSSH_6.3" |
4 | 4 | ||
5 | #define SSH_PORTABLE "p2" | 5 | #define SSH_PORTABLE "p1" |
6 | #define SSH_RELEASE SSH_VERSION SSH_PORTABLE | 6 | #define SSH_RELEASE SSH_VERSION SSH_PORTABLE |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: xmalloc.c,v 1.27 2006/08/03 03:34:42 deraadt Exp $ */ | 1 | /* $OpenBSD: xmalloc.c,v 1.28 2013/05/17 00:13:14 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -73,14 +73,6 @@ xrealloc(void *ptr, size_t nmemb, size_t size) | |||
73 | return new_ptr; | 73 | return new_ptr; |
74 | } | 74 | } |
75 | 75 | ||
76 | void | ||
77 | xfree(void *ptr) | ||
78 | { | ||
79 | if (ptr == NULL) | ||
80 | fatal("xfree: NULL pointer given as argument"); | ||
81 | free(ptr); | ||
82 | } | ||
83 | |||
84 | char * | 76 | char * |
85 | xstrdup(const char *str) | 77 | xstrdup(const char *str) |
86 | { | 78 | { |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: xmalloc.h,v 1.13 2006/08/03 03:34:42 deraadt Exp $ */ | 1 | /* $OpenBSD: xmalloc.h,v 1.14 2013/05/17 00:13:14 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
@@ -19,7 +19,6 @@ | |||
19 | void *xmalloc(size_t); | 19 | void *xmalloc(size_t); |
20 | void *xcalloc(size_t, size_t); | 20 | void *xcalloc(size_t, size_t); |
21 | void *xrealloc(void *, size_t, size_t); | 21 | void *xrealloc(void *, size_t, size_t); |
22 | void xfree(void *); | ||
23 | char *xstrdup(const char *); | 22 | char *xstrdup(const char *); |
24 | int xasprintf(char **, const char *, ...) | 23 | int xasprintf(char **, const char *, ...) |
25 | __attribute__((__format__ (printf, 2, 3))) | 24 | __attribute__((__format__ (printf, 2, 3))) |