diff options
248 files changed, 5857 insertions, 3588 deletions
@@ -1,17 +1,628 @@ | |||
1 | 20130913 | ||
2 | - (djm) [channels.c] Fix unaligned access on sparc machines in SOCKS5 code; | ||
3 | ok dtucker@ | ||
4 | - (djm) [channels.c] sigh, typo s/buffet_/buffer_/ | ||
5 | - (djm) Release 6.3p1 | ||
6 | |||
7 | 20130808 | ||
8 | - (dtucker) [regress/Makefile regress/test-exec.sh] Don't try to use test -nt | ||
9 | since some platforms (eg really old FreeBSD) don't have it. Instead, | ||
10 | run "make clean" before a complete regress run. ok djm. | ||
11 | - (dtucker) [misc.c] Fall back to time(2) at runtime if clock_gettime( | ||
12 | CLOCK_MONOTONIC...) fails. Some older versions of RHEL have the | ||
13 | CLOCK_MONOTONIC define but don't actually support it. Found and tested | ||
14 | by Kevin Brott, ok djm. | ||
15 | - (dtucker) [misc.c] Remove define added for fallback testing that was | ||
16 | mistakenly included in the previous commit. | ||
17 | - (dtucker) [regress/Makefile regress/test-exec.sh] Roll back the -nt | ||
18 | removal. The "make clean" removes modpipe which is built by the top-level | ||
19 | directory before running the tests. Spotted by tim@ | ||
20 | |||
21 | 20130804 | ||
22 | - (dtucker) [auth-krb5.c configure.ac openbsd-compat/bsd-misc.h] Add support | ||
23 | for building with older Heimdal versions. ok djm. | ||
24 | |||
25 | 20130801 | ||
26 | - (djm) [channels.c channels.h] bz#2135: On Solaris, isatty() on a non- | ||
27 | blocking connecting socket will clear any stored errno that might | ||
28 | otherwise have been retrievable via getsockopt(). A hack to limit writes | ||
29 | to TTYs on AIX was triggering this. Since only AIX needs the hack, wrap | ||
30 | it in an #ifdef. Diagnosis and patch from Ivo Raisr. | ||
31 | - (djm) [sshlogin.h] Fix prototype merge botch from 2006; bz#2134 | ||
32 | |||
33 | 20130725 | ||
34 | - (djm) OpenBSD CVS Sync | ||
35 | - djm@cvs.openbsd.org 2013/07/20 22:20:42 | ||
36 | [krl.c] | ||
37 | fix verification error in (as-yet usused) KRL signature checking path | ||
38 | - djm@cvs.openbsd.org 2013/07/22 05:00:17 | ||
39 | [umac.c] | ||
40 | make MAC key, data to be hashed and nonce for final hash const; | ||
41 | checked with -Wcast-qual | ||
42 | - djm@cvs.openbsd.org 2013/07/22 12:20:02 | ||
43 | [umac.h] | ||
44 | oops, forgot to commit corresponding header change; | ||
45 | spotted by jsg and jasper | ||
46 | - djm@cvs.openbsd.org 2013/07/25 00:29:10 | ||
47 | [ssh.c] | ||
48 | daemonise backgrounded (ControlPersist'ed) multiplexing master to ensure | ||
49 | it is fully detached from its controlling terminal. based on debugging | ||
50 | - djm@cvs.openbsd.org 2013/07/25 00:56:52 | ||
51 | [sftp-client.c sftp-client.h sftp.1 sftp.c] | ||
52 | sftp support for resuming partial downloads; patch mostly by Loganaden | ||
53 | Velvindron/AfriNIC with some tweaks by me; feedback and ok dtucker@ | ||
54 | "Just be careful" deraadt@ | ||
55 | - djm@cvs.openbsd.org 2013/07/25 00:57:37 | ||
56 | [version.h] | ||
57 | openssh-6.3 for release | ||
58 | - dtucker@cvs.openbsd.org 2013/05/30 20:12:32 | ||
59 | [regress/test-exec.sh] | ||
60 | use ssh and sshd as testdata since it needs to be >256k for the rekey test | ||
61 | - dtucker@cvs.openbsd.org 2013/06/10 21:56:43 | ||
62 | [regress/forwarding.sh] | ||
63 | Add test for forward config parsing | ||
64 | - djm@cvs.openbsd.org 2013/06/21 02:26:26 | ||
65 | [regress/sftp-cmds.sh regress/test-exec.sh] | ||
66 | unbreak sftp-cmds for renamed test data (s/ls/data/) | ||
67 | - (tim) [sftp-client.c] Use of a gcc extension trips up native compilers on | ||
68 | Solaris and UnixWare. Feedback and OK djm@ | ||
69 | - (tim) [regress/forwarding.sh] Fix for building outside source tree. | ||
70 | |||
71 | 20130720 | ||
72 | - (djm) OpenBSD CVS Sync | ||
73 | - markus@cvs.openbsd.org 2013/07/19 07:37:48 | ||
74 | [auth.h kex.h kexdhs.c kexecdhs.c kexgexs.c monitor.c servconf.c] | ||
75 | [servconf.h session.c sshd.c sshd_config.5] | ||
76 | add ssh-agent(1) support to sshd(8); allows encrypted hostkeys, | ||
77 | or hostkeys on smartcards; most of the work by Zev Weiss; bz #1974 | ||
78 | ok djm@ | ||
79 | - djm@cvs.openbsd.org 2013/07/20 01:43:46 | ||
80 | [umac.c] | ||
81 | use a union to ensure correct alignment; ok deraadt | ||
82 | - djm@cvs.openbsd.org 2013/07/20 01:44:37 | ||
83 | [ssh-keygen.c ssh.c] | ||
84 | More useful error message on missing current user in /etc/passwd | ||
85 | - djm@cvs.openbsd.org 2013/07/20 01:50:20 | ||
86 | [ssh-agent.c] | ||
87 | call cleanup_handler on SIGINT when in debug mode to ensure sockets | ||
88 | are cleaned up on manual exit; bz#2120 | ||
89 | - djm@cvs.openbsd.org 2013/07/20 01:55:13 | ||
90 | [auth-krb5.c gss-serv-krb5.c gss-serv.c] | ||
91 | fix kerberos/GSSAPI deprecation warnings and linking; "looks okay" millert@ | ||
92 | |||
93 | 20130718 | ||
94 | - (djm) OpenBSD CVS Sync | ||
95 | - dtucker@cvs.openbsd.org 2013/06/10 19:19:44 | ||
96 | [readconf.c] | ||
97 | revert 1.203 while we investigate crashes reported by okan@ | ||
98 | - guenther@cvs.openbsd.org 2013/06/17 04:48:42 | ||
99 | [scp.c] | ||
100 | Handle time_t values as long long's when formatting them and when | ||
101 | parsing them from remote servers. | ||
102 | Improve error checking in parsing of 'T' lines. | ||
103 | ok dtucker@ deraadt@ | ||
104 | - markus@cvs.openbsd.org 2013/06/20 19:15:06 | ||
105 | [krl.c] | ||
106 | don't leak the rdata blob on errors; ok djm@ | ||
107 | - djm@cvs.openbsd.org 2013/06/21 00:34:49 | ||
108 | [auth-rsa.c auth.h auth2-hostbased.c auth2-pubkey.c monitor.c] | ||
109 | for hostbased authentication, print the client host and user on | ||
110 | the auth success/failure line; bz#2064, ok dtucker@ | ||
111 | - djm@cvs.openbsd.org 2013/06/21 00:37:49 | ||
112 | [ssh_config.5] | ||
113 | explicitly mention that IdentitiesOnly can be used with IdentityFile | ||
114 | to control which keys are offered from an agent. | ||
115 | - djm@cvs.openbsd.org 2013/06/21 05:42:32 | ||
116 | [dh.c] | ||
117 | sprinkle in some error() to explain moduli(5) parse failures | ||
118 | - djm@cvs.openbsd.org 2013/06/21 05:43:10 | ||
119 | [scp.c] | ||
120 | make this -Wsign-compare clean after time_t conversion | ||
121 | - djm@cvs.openbsd.org 2013/06/22 06:31:57 | ||
122 | [scp.c] | ||
123 | improved time_t overflow check suggested by guenther@ | ||
124 | - jmc@cvs.openbsd.org 2013/06/27 14:05:37 | ||
125 | [ssh-keygen.1 ssh.1 ssh_config.5 sshd.8 sshd_config.5] | ||
126 | do not use Sx for sections outwith the man page - ingo informs me that | ||
127 | stuff like html will render with broken links; | ||
128 | issue reported by Eric S. Raymond, via djm | ||
129 | - markus@cvs.openbsd.org 2013/07/02 12:31:43 | ||
130 | [dh.c] | ||
131 | remove extra whitespace | ||
132 | - djm@cvs.openbsd.org 2013/07/12 00:19:59 | ||
133 | [auth-options.c auth-rsa.c bufaux.c buffer.h channels.c hostfile.c] | ||
134 | [hostfile.h mux.c packet.c packet.h roaming_common.c serverloop.c] | ||
135 | fix pointer-signedness warnings from clang/llvm-3.3; "seems nice" deraadt@ | ||
136 | - djm@cvs.openbsd.org 2013/07/12 00:20:00 | ||
137 | [sftp.c ssh-keygen.c ssh-pkcs11.c] | ||
138 | fix pointer-signedness warnings from clang/llvm-3.3; "seems nice" deraadt@ | ||
139 | - djm@cvs.openbsd.org 2013/07/12 00:43:50 | ||
140 | [misc.c] | ||
141 | in ssh_gai_strerror() don't fallback to strerror for EAI_SYSTEM when | ||
142 | errno == 0. Avoids confusing error message in some broken resolver | ||
143 | cases. bz#2122 patch from plautrba AT redhat.com; ok dtucker | ||
144 | - djm@cvs.openbsd.org 2013/07/12 05:42:03 | ||
145 | [ssh-keygen.c] | ||
146 | do_print_resource_record() can never be called with a NULL filename, so | ||
147 | don't attempt (and bungle) asking for one if it has not been specified | ||
148 | bz#2127 ok dtucker@ | ||
149 | - djm@cvs.openbsd.org 2013/07/12 05:48:55 | ||
150 | [ssh.c] | ||
151 | set TCP nodelay for connections started with -N; bz#2124 ok dtucker@ | ||
152 | - schwarze@cvs.openbsd.org 2013/07/16 00:07:52 | ||
153 | [scp.1 sftp-server.8 ssh-keyscan.1 ssh-keysign.8 ssh-pkcs11-helper.8] | ||
154 | use .Mt for email addresses; from Jan Stary <hans at stare dot cz>; ok jmc@ | ||
155 | - djm@cvs.openbsd.org 2013/07/18 01:12:26 | ||
156 | [ssh.1] | ||
157 | be more exact wrt perms for ~/.ssh/config; bz#2078 | ||
158 | |||
159 | 20130702 | ||
160 | - (dtucker) [contrib/cygwin/README contrib/cygwin/ssh-host-config | ||
161 | contrib/cygwin/ssh-user-config] Modernizes and improve readability of | ||
162 | the Cygwin README file (which hasn't been updated for ages), drop | ||
163 | unsupported OSes from the ssh-host-config help text, and drop an | ||
164 | unneeded option from ssh-user-config. Patch from vinschen at redhat com. | ||
165 | |||
166 | 20130610 | ||
167 | - (djm) OpenBSD CVS Sync | ||
168 | - dtucker@cvs.openbsd.org 2013/06/07 15:37:52 | ||
169 | [channels.c channels.h clientloop.c] | ||
170 | Add an "ABANDONED" channel state and use for mux sessions that are | ||
171 | disconnected via the ~. escape sequence. Channels in this state will | ||
172 | be able to close if the server responds, but do not count as active channels. | ||
173 | This means that if you ~. all of the mux clients when using ControlPersist | ||
174 | on a broken network, the backgrounded mux master will exit when the | ||
175 | Control Persist time expires rather than hanging around indefinitely. | ||
176 | bz#1917, also reported and tested by tedu@. ok djm@ markus@. | ||
177 | - (dtucker) [Makefile.in configure.ac fixalgorithms] Remove unsupported | ||
178 | algorithms (Ciphers, MACs and HostKeyAlgorithms) from man pages. | ||
179 | - (dtucker) [myproposal.h] Do not advertise AES GSM ciphers if we don't have | ||
180 | the required OpenSSL support. Patch from naddy at freebsd. | ||
181 | - (dtucker) [myproposal.h] Make the conditional algorithm support consistent | ||
182 | and add some comments so it's clear what goes where. | ||
183 | |||
184 | 20130605 | ||
185 | - (dtucker) [myproposal.h] Enable sha256 kex methods based on the presence of | ||
186 | the necessary functions, not from the openssl version. | ||
187 | - (dtucker) [contrib/ssh-copy-id] bz#2117: Use portable operator in test. | ||
188 | Patch from cjwatson at debian. | ||
189 | - (dtucker) [regress/forwarding.sh] For (as yet unknown) reason, the | ||
190 | forwarding test is extremely slow copying data on some machines so switch | ||
191 | back to copying the much smaller ls binary until we can figure out why | ||
192 | this is. | ||
193 | - (dtucker) [Makefile.in] append $CFLAGS to compiler options when building | ||
194 | modpipe in case there's anything in there we need. | ||
195 | - (dtucker) OpenBSD CVS Sync | ||
196 | - dtucker@cvs.openbsd.org 2013/06/02 21:01:51 | ||
197 | [channels.h] | ||
198 | typo in comment | ||
199 | - dtucker@cvs.openbsd.org 2013/06/02 23:36:29 | ||
200 | [clientloop.h clientloop.c mux.c] | ||
201 | No need for the mux cleanup callback to be visible so restore it to static | ||
202 | and call it through the detach_user function pointer. ok djm@ | ||
203 | - dtucker@cvs.openbsd.org 2013/06/03 00:03:18 | ||
204 | [mac.c] | ||
205 | force the MAC output to be 64-bit aligned so umac won't see unaligned | ||
206 | accesses on strict-alignment architectures. bz#2101, patch from | ||
207 | tomas.kuthan at oracle.com, ok djm@ | ||
208 | - dtucker@cvs.openbsd.org 2013/06/04 19:12:23 | ||
209 | [scp.c] | ||
210 | use MAXPATHLEN for buffer size instead of fixed value. ok markus | ||
211 | - dtucker@cvs.openbsd.org 2013/06/04 20:42:36 | ||
212 | [sftp.c] | ||
213 | Make sftp's libedit interface marginally multibyte aware by building up | ||
214 | the quoted string by character instead of by byte. Prevents failures | ||
215 | when linked against a libedit built with wide character support (bz#1990). | ||
216 | "looks ok" djm | ||
217 | - dtucker@cvs.openbsd.org 2013/06/05 02:07:29 | ||
218 | [mux.c] | ||
219 | fix leaks in mux error paths, from Zhenbo Xu, found by Melton. bz#1967, | ||
220 | ok djm | ||
221 | - dtucker@cvs.openbsd.org 2013/06/05 02:27:50 | ||
222 | [sshd.c] | ||
223 | When running sshd -D, close stderr unless we have explicitly requesting | ||
224 | logging to stderr. From james.hunt at ubuntu.com via bz#1976, djm's patch | ||
225 | so, err, ok dtucker. | ||
226 | - dtucker@cvs.openbsd.org 2013/06/05 12:52:38 | ||
227 | [sshconnect2.c] | ||
228 | Fix memory leaks found by Zhenbo Xu and the Melton tool. bz#1967, ok djm | ||
229 | - dtucker@cvs.openbsd.org 2013/06/05 22:00:28 | ||
230 | [readconf.c] | ||
231 | plug another memleak. bz#1967, from Zhenbo Xu, detected by Melton, ok djm | ||
232 | - (dtucker) [configure.ac sftp.c openbsd-compat/openbsd-compat.h] Cater for | ||
233 | platforms that don't have multibyte character support (specifically, | ||
234 | mblen). | ||
235 | |||
236 | 20130602 | ||
237 | - (tim) [Makefile.in] Make Solaris, UnixWare, & OpenServer linkers happy | ||
238 | linking regress/modpipe. | ||
239 | - (dtucker) OpenBSD CVS Sync | ||
240 | - dtucker@cvs.openbsd.org 2013/06/02 13:33:05 | ||
241 | [progressmeter.c] | ||
242 | Add misc.h for monotime prototype. (ID sync only). | ||
243 | - dtucker@cvs.openbsd.org 2013/06/02 13:35:58 | ||
244 | [ssh-agent.c] | ||
245 | Make parent_alive_interval time_t to avoid signed/unsigned comparison | ||
246 | - (dtucker) [configure.ac] sys/un.h needs sys/socket.h on some platforms | ||
247 | to prevent noise from configure. Patch from Nathan Osman. (bz#2114). | ||
248 | - (dtucker) [configure.ac] bz#2111: don't try to use lastlog on Android. | ||
249 | Patch from Nathan Osman. | ||
250 | - (tim) [configure.ac regress/Makefile] With rev 1.47 of test-exec.sh we | ||
251 | need a shell that can handle "[ file1 -nt file2 ]". Rather than keep | ||
252 | dealing with shell portability issues in regression tests, we let | ||
253 | configure find us a capable shell on those platforms with an old /bin/sh. | ||
254 | - (tim) [aclocal.m4] Enhance OSSH_CHECK_CFLAG_COMPILE to check stderr. | ||
255 | feedback and ok dtucker | ||
256 | - (tim) [regress/sftp-chroot.sh] skip if no sudo. ok dtucker | ||
257 | - (dtucker) [configure.ac] Some platforms need sys/types.h before sys/un.h. | ||
258 | - (dtucker) [configure.ac] Some other platforms need sys/types.h before | ||
259 | sys/socket.h. | ||
260 | |||
261 | 20130601 | ||
262 | - (dtucker) [configure.ac openbsd-compat/xcrypt.c] bz#2112: fall back to | ||
263 | using openssl's DES_crypt function on platorms that don't have a native | ||
264 | one, eg Android. Based on a patch from Nathan Osman. | ||
265 | - (dtucker) [configure.ac defines.h] Test for fd_mask, howmany and NFDBITS | ||
266 | rather than trying to enumerate the plaforms that don't have them. | ||
267 | Based on a patch from Nathan Osman, with help from tim@. | ||
268 | - (dtucker) OpenBSD CVS Sync | ||
269 | - djm@cvs.openbsd.org 2013/05/17 00:13:13 | ||
270 | [xmalloc.h cipher.c sftp-glob.c ssh-keyscan.c ssh.c sftp-common.c | ||
271 | ssh-ecdsa.c auth2-chall.c compat.c readconf.c kexgexs.c monitor.c | ||
272 | gss-genr.c cipher-3des1.c kex.c monitor_wrap.c ssh-pkcs11-client.c | ||
273 | auth-options.c rsa.c auth2-pubkey.c sftp.c hostfile.c auth2.c | ||
274 | servconf.c auth.c authfile.c xmalloc.c uuencode.c sftp-client.c | ||
275 | auth2-gss.c sftp-server.c bufaux.c mac.c session.c jpake.c kexgexc.c | ||
276 | sshconnect.c auth-chall.c auth2-passwd.c sshconnect1.c buffer.c | ||
277 | kexecdhs.c kexdhs.c ssh-rsa.c auth1.c ssh-pkcs11.c auth2-kbdint.c | ||
278 | kexdhc.c sshd.c umac.c ssh-dss.c auth2-jpake.c bufbn.c clientloop.c | ||
279 | monitor_mm.c scp.c roaming_client.c serverloop.c key.c auth-rsa.c | ||
280 | ssh-pkcs11-helper.c ssh-keysign.c ssh-keygen.c match.c channels.c | ||
281 | sshconnect2.c addrmatch.c mux.c canohost.c kexecdhc.c schnorr.c | ||
282 | ssh-add.c misc.c auth2-hostbased.c ssh-agent.c bufec.c groupaccess.c | ||
283 | dns.c packet.c readpass.c authfd.c moduli.c] | ||
284 | bye, bye xfree(); ok markus@ | ||
285 | - djm@cvs.openbsd.org 2013/05/19 02:38:28 | ||
286 | [auth2-pubkey.c] | ||
287 | fix failure to recognise cert-authority keys if a key of a different type | ||
288 | appeared in authorized_keys before it; ok markus@ | ||
289 | - djm@cvs.openbsd.org 2013/05/19 02:42:42 | ||
290 | [auth.h auth.c key.c monitor.c auth-rsa.c auth2.c auth1.c key.h] | ||
291 | Standardise logging of supplemental information during userauth. Keys | ||
292 | and ruser is now logged in the auth success/failure message alongside | ||
293 | the local username, remote host/port and protocol in use. Certificates | ||
294 | contents and CA are logged too. | ||
295 | Pushing all logging onto a single line simplifies log analysis as it is | ||
296 | no longer necessary to relate information scattered across multiple log | ||
297 | entries. "I like it" markus@ | ||
298 | - dtucker@cvs.openbsd.org 2013/05/31 12:28:10 | ||
299 | [ssh-agent.c] | ||
300 | Use time_t where appropriate. ok djm | ||
301 | - dtucker@cvs.openbsd.org 2013/06/01 13:15:52 | ||
302 | [ssh-agent.c clientloop.c misc.h packet.c progressmeter.c misc.c | ||
303 | channels.c sandbox-systrace.c] | ||
304 | Use clock_gettime(CLOCK_MONOTONIC ...) for ssh timers so that things like | ||
305 | keepalives and rekeying will work properly over clock steps. Suggested by | ||
306 | markus@, "looks good" djm@. | ||
307 | - dtucker@cvs.openbsd.org 2013/06/01 20:59:25 | ||
308 | [scp.c sftp-client.c] | ||
309 | Replace S_IWRITE, which isn't standardized, with S_IWUSR, which is. Patch | ||
310 | from Nathan Osman via bz#2085. ok deraadt. | ||
311 | - dtucker@cvs.openbsd.org 2013/06/01 22:34:50 | ||
312 | [sftp-client.c] | ||
313 | Update progressmeter when data is acked, not when it's sent. bz#2108, from | ||
314 | Debian via Colin Watson, ok djm@ | ||
315 | - (dtucker) [M auth-chall.c auth-krb5.c auth-pam.c cipher-aes.c cipher-ctr.c | ||
316 | groupaccess.c loginrec.c monitor.c monitor_wrap.c session.c sshd.c | ||
317 | sshlogin.c uidswap.c openbsd-compat/bsd-cygwin_util.c | ||
318 | openbsd-compat/getrrsetbyname-ldns.c openbsd-compat/port-aix.c | ||
319 | openbsd-compat/port-linux.c] Replace portable-specific instances of xfree | ||
320 | with the equivalent calls to free. | ||
321 | - (dtucker) [configure.ac misc.c] Look for clock_gettime in librt and fall | ||
322 | back to time(NULL) if we can't find it anywhere. | ||
323 | - (dtucker) [sandbox-seccomp-filter.c] Allow clock_gettimeofday. | ||
324 | |||
325 | 20130529 | ||
326 | - (dtucker) [configure.ac openbsd-compat/bsd-misc.h] bz#2087: Add a null | ||
327 | implementation of endgrent for platforms that don't have it (eg Android). | ||
328 | Loosely based on a patch from Nathan Osman, ok djm | ||
329 | |||
330 | 20130517 | ||
331 | - (dtucker) OpenBSD CVS Sync | ||
332 | - djm@cvs.openbsd.org 2013/03/07 00:20:34 | ||
333 | [regress/proxy-connect.sh] | ||
334 | repeat test with a style appended to the username | ||
335 | - dtucker@cvs.openbsd.org 2013/03/23 11:09:43 | ||
336 | [regress/test-exec.sh] | ||
337 | Only regenerate host keys if they don't exist or if ssh-keygen has changed | ||
338 | since they were. Reduces test runtime by 5-30% depending on machine | ||
339 | speed. | ||
340 | - dtucker@cvs.openbsd.org 2013/04/06 06:00:22 | ||
341 | [regress/rekey.sh regress/test-exec.sh regress/integrity.sh | ||
342 | regress/multiplex.sh Makefile regress/cfgmatch.sh] | ||
343 | Split the regress log into 3 parts: the debug output from ssh, the debug | ||
344 | log from sshd and the output from the client command (ssh, scp or sftp). | ||
345 | Somewhat functional now, will become more useful when ssh/sshd -E is added. | ||
346 | - dtucker@cvs.openbsd.org 2013/04/07 02:16:03 | ||
347 | [regress/Makefile regress/rekey.sh regress/integrity.sh | ||
348 | regress/sshd-log-wrapper.sh regress/forwarding.sh regress/test-exec.sh] | ||
349 | use -E option for ssh and sshd to write debuging logs to ssh{,d}.log and | ||
350 | save the output from any failing tests. If a test fails the debug output | ||
351 | from ssh and sshd for the failing tests (and only the failing tests) should | ||
352 | be available in failed-ssh{,d}.log. | ||
353 | - djm@cvs.openbsd.org 2013/04/18 02:46:12 | ||
354 | [regress/Makefile regress/sftp-chroot.sh] | ||
355 | test sshd ChrootDirectory+internal-sftp; feedback & ok dtucker@ | ||
356 | - dtucker@cvs.openbsd.org 2013/04/22 07:23:08 | ||
357 | [regress/multiplex.sh] | ||
358 | Write mux master logs to regress.log instead of ssh.log to keep separate | ||
359 | - djm@cvs.openbsd.org 2013/05/10 03:46:14 | ||
360 | [regress/modpipe.c] | ||
361 | sync some portability changes from portable OpenSSH (id sync only) | ||
362 | - dtucker@cvs.openbsd.org 2013/05/16 02:10:35 | ||
363 | [regress/rekey.sh] | ||
364 | Add test for time-based rekeying | ||
365 | - dtucker@cvs.openbsd.org 2013/05/16 03:33:30 | ||
366 | [regress/rekey.sh] | ||
367 | test rekeying when there's no data being transferred | ||
368 | - dtucker@cvs.openbsd.org 2013/05/16 04:26:10 | ||
369 | [regress/rekey.sh] | ||
370 | add server-side rekey test | ||
371 | - dtucker@cvs.openbsd.org 2013/05/16 05:48:31 | ||
372 | [regress/rekey.sh] | ||
373 | add tests for RekeyLimit parsing | ||
374 | - dtucker@cvs.openbsd.org 2013/05/17 00:37:40 | ||
375 | [regress/agent.sh regress/keytype.sh regress/cfgmatch.sh | ||
376 | regress/forcecommand.sh regress/proto-version.sh regress/test-exec.sh | ||
377 | regress/cipher-speed.sh regress/cert-hostkey.sh regress/cert-userkey.sh | ||
378 | regress/ssh-com.sh] | ||
379 | replace 'echo -n' with 'printf' since it's more portable | ||
380 | also remove "echon" hack. | ||
381 | - dtucker@cvs.openbsd.org 2013/05/17 01:16:09 | ||
382 | [regress/agent-timeout.sh] | ||
383 | Pull back some portability changes from -portable: | ||
384 | - TIMEOUT is a read-only variable in some shells | ||
385 | - not all greps have -q so redirect to /dev/null instead. | ||
386 | (ID sync only) | ||
387 | - dtucker@cvs.openbsd.org 2013/05/17 01:32:11 | ||
388 | [regress/integrity.sh] | ||
389 | don't print output from ssh before getting it (it's available in ssh.log) | ||
390 | - dtucker@cvs.openbsd.org 2013/05/17 04:29:14 | ||
391 | [regress/sftp.sh regress/putty-ciphers.sh regress/cipher-speed.sh | ||
392 | regress/test-exec.sh regress/sftp-batch.sh regress/dynamic-forward.sh | ||
393 | regress/putty-transfer.sh regress/conch-ciphers.sh regress/sftp-cmds.sh | ||
394 | regress/scp.sh regress/ssh-com-sftp.sh regress/rekey.sh | ||
395 | regress/putty-kex.sh regress/stderr-data.sh regress/stderr-after-eof.sh | ||
396 | regress/sftp-badcmds.sh regress/reexec.sh regress/ssh-com-client.sh | ||
397 | regress/sftp-chroot.sh regress/forwarding.sh regress/transfer.sh | ||
398 | regress/multiplex.sh] | ||
399 | Move the setting of DATA and COPY into test-exec.sh | ||
400 | - dtucker@cvs.openbsd.org 2013/05/17 10:16:26 | ||
401 | [regress/try-ciphers.sh] | ||
402 | use expr for math to keep diffs vs portable down | ||
403 | (id sync only) | ||
404 | - dtucker@cvs.openbsd.org 2013/05/17 10:23:52 | ||
405 | [regress/login-timeout.sh regress/reexec.sh regress/test-exec.sh] | ||
406 | Use SUDO when cat'ing pid files and running the sshd log wrapper so that | ||
407 | it works with a restrictive umask and the pid files are not world readable. | ||
408 | Changes from -portable. (id sync only) | ||
409 | - dtucker@cvs.openbsd.org 2013/05/17 10:24:48 | ||
410 | [regress/localcommand.sh] | ||
411 | use backticks for portability. (id sync only) | ||
412 | - dtucker@cvs.openbsd.org 2013/05/17 10:26:26 | ||
413 | [regress/sftp-badcmds.sh] | ||
414 | remove unused BATCH variable. (id sync only) | ||
415 | - dtucker@cvs.openbsd.org 2013/05/17 10:28:11 | ||
416 | [regress/sftp.sh] | ||
417 | only compare copied data if sftp succeeds. from portable (id sync only) | ||
418 | - dtucker@cvs.openbsd.org 2013/05/17 10:30:07 | ||
419 | [regress/test-exec.sh] | ||
420 | wait a bit longer for startup and use case for absolute path. | ||
421 | from portable (id sync only) | ||
422 | - dtucker@cvs.openbsd.org 2013/05/17 10:33:09 | ||
423 | [regress/agent-getpeereid.sh] | ||
424 | don't redirect stdout from sudo. from portable (id sync only) | ||
425 | - dtucker@cvs.openbsd.org 2013/05/17 10:34:30 | ||
426 | [regress/portnum.sh] | ||
427 | use a more portable negated if structure. from portable (id sync only) | ||
428 | - dtucker@cvs.openbsd.org 2013/05/17 10:35:43 | ||
429 | [regress/scp.sh] | ||
430 | use a file extention that's not special on some platforms. from portable | ||
431 | (id sync only) | ||
432 | - (dtucker) [regress/bsd.regress.mk] Remove unused file. We've never used it | ||
433 | in portable and it's long gone in openbsd. | ||
434 | - (dtucker) [regress/integrity.sh]. Force fixed Diffie-Hellman key exchange | ||
435 | methods. When the openssl version doesn't support ECDH then next one on | ||
436 | the list is DH group exchange, but that causes a bit more traffic which can | ||
437 | mean that the tests flip bits in the initial exchange rather than the MACed | ||
438 | traffic and we get different errors to what the tests look for. | ||
439 | - (dtucker) [openbsd-compat/getopt.h] Remove unneeded bits. | ||
440 | - (dtucker) [regress/cfgmatch.sh] Resync config file setup with openbsd. | ||
441 | - (dtucker) [regress/agent-getpeereid.sh] Resync spaces with openbsd. | ||
442 | - (dtucker) [regress/integrity.sh regress/krl.sh regress/test-exec.sh] | ||
443 | Move the jot helper function to portable-specific part of test-exec.sh. | ||
444 | - (dtucker) [regress/test-exec.sh] Move the portable-specific functions | ||
445 | together and add a couple of missing lines from openbsd. | ||
446 | - (dtucker) [regress/stderr-after-eof.sh regress/test-exec.sh] Move the md5 | ||
447 | helper function to the portable part of test-exec.sh. | ||
448 | - (dtucker) [regress/runtests.sh] Remove obsolete test driver script. | ||
449 | - (dtucker) [regress/cfgmatch.sh] Remove unneeded sleep renderd obsolete by | ||
450 | rev 1.6 which calls wait. | ||
451 | |||
1 | 20130516 | 452 | 20130516 |
2 | - (djm) [contrib/ssh-copy-id] Fix bug that could cause "rm *" to be | 453 | - (djm) [contrib/ssh-copy-id] Fix bug that could cause "rm *" to be |
3 | executed if mktemp failed; bz#2105 ok dtucker@ | 454 | executed if mktemp failed; bz#2105 ok dtucker@ |
4 | - (djm) Release 6.2p2 | 455 | - (dtucker) OpenBSD CVS Sync |
456 | - tedu@cvs.openbsd.org 2013/04/23 17:49:45 | ||
457 | [misc.c] | ||
458 | use xasprintf instead of a series of strlcats and strdup. ok djm | ||
459 | - tedu@cvs.openbsd.org 2013/04/24 16:01:46 | ||
460 | [misc.c] | ||
461 | remove extra parens noticed by nicm | ||
462 | - dtucker@cvs.openbsd.org 2013/05/06 07:35:12 | ||
463 | [sftp-server.8] | ||
464 | Reference the version of the sftp draft we actually implement. ok djm@ | ||
465 | - djm@cvs.openbsd.org 2013/05/10 03:40:07 | ||
466 | [sshconnect2.c] | ||
467 | fix bzero(ptr_to_struct, sizeof(ptr_to_struct)); bz#2100 from | ||
468 | Colin Watson | ||
469 | - djm@cvs.openbsd.org 2013/05/10 04:08:01 | ||
470 | [key.c] | ||
471 | memleak in cert_free(), wasn't actually freeing the struct; | ||
472 | bz#2096 from shm AT digitalsun.pl | ||
473 | - dtucker@cvs.openbsd.org 2013/05/10 10:13:50 | ||
474 | [ssh-pkcs11-helper.c] | ||
475 | remove unused extern optarg. ok markus@ | ||
476 | - dtucker@cvs.openbsd.org 2013/05/16 02:00:34 | ||
477 | [ssh_config sshconnect2.c packet.c readconf.h readconf.c clientloop.c | ||
478 | ssh_config.5 packet.h] | ||
479 | Add an optional second argument to RekeyLimit in the client to allow | ||
480 | rekeying based on elapsed time in addition to amount of traffic. | ||
481 | with djm@ jmc@, ok djm | ||
482 | - dtucker@cvs.openbsd.org 2013/05/16 04:09:14 | ||
483 | [sshd_config.5 servconf.c servconf.h packet.c serverloop.c monitor.c sshd_config | ||
484 | sshd.c] Add RekeyLimit to sshd with the same syntax as the client allowing | ||
485 | rekeying based on traffic volume or time. ok djm@, help & ok jmc@ for the man | ||
486 | page. | ||
487 | - djm@cvs.openbsd.org 2013/05/16 04:27:50 | ||
488 | [ssh_config.5 readconf.h readconf.c] | ||
489 | add the ability to ignore specific unrecognised ssh_config options; | ||
490 | bz#866; ok markus@ | ||
491 | - jmc@cvs.openbsd.org 2013/05/16 06:28:45 | ||
492 | [ssh_config.5] | ||
493 | put IgnoreUnknown in the right place; | ||
494 | - jmc@cvs.openbsd.org 2013/05/16 06:30:06 | ||
495 | [sshd_config.5] | ||
496 | oops! avoid Xr to self; | ||
497 | - dtucker@cvs.openbsd.org 2013/05/16 09:08:41 | ||
498 | [log.c scp.c sshd.c serverloop.c schnorr.c sftp.c] | ||
499 | Fix some "unused result" warnings found via clang and -portable. | ||
500 | ok markus@ | ||
501 | - dtucker@cvs.openbsd.org 2013/05/16 09:12:31 | ||
502 | [readconf.c servconf.c] | ||
503 | switch RekeyLimit traffic volume parsing to scan_scaled. ok djm@ | ||
504 | - dtucker@cvs.openbsd.org 2013/05/16 10:43:34 | ||
505 | [servconf.c readconf.c] | ||
506 | remove now-unused variables | ||
507 | - dtucker@cvs.openbsd.org 2013/05/16 10:44:06 | ||
508 | [servconf.c] | ||
509 | remove another now-unused variable | ||
510 | - (dtucker) [configure.ac readconf.c servconf.c | ||
511 | openbsd-compat/openbsd-compat.h] Add compat bits for scan_scaled. | ||
5 | 512 | ||
6 | 20130510 | 513 | 20130510 |
7 | - (djm) OpenBSD CVS Cherrypick | 514 | - (dtucker) [configure.ac] Enable -Wsizeof-pointer-memaccess if the compiler |
515 | supports it. Mentioned by Colin Watson in bz#2100, ok djm. | ||
516 | - (dtucker) [openbsd-compat/getopt.c] Factor out portibility changes to | ||
517 | getopt.c. Preprocessed source is identical other than line numbers. | ||
518 | - (dtucker) [openbsd-compat/getopt_long.c] Import from OpenBSD. No | ||
519 | portability changes yet. | ||
520 | - (dtucker) [openbsd-compat/Makefile.in openbsd-compat/getopt.c | ||
521 | openbsd-compat/getopt_long.c regress/modpipe.c] Remove getopt.c, add | ||
522 | portability code to getopt_long.c and switch over Makefile and the ugly | ||
523 | hack in modpipe.c. Fixes bz#1448. | ||
524 | - (dtucker) [openbsd-compat/getopt.h openbsd-compat/getopt_long.c | ||
525 | openbsd-compat/openbsd-compat.h] pull in getopt.h from openbsd and plumb | ||
526 | in to use it when we're using our own getopt. | ||
527 | - (dtucker) [kex.c] Only include sha256 and ECC key exchange methods when the | ||
528 | underlying libraries support them. | ||
529 | - (dtucker) [configure.ac] Add -Werror to the -Qunused-arguments test so | ||
530 | we don't get a warning on compilers that *don't* support it. Add | ||
531 | -Wno-unknown-warning-option. Move both to the start of the list for | ||
532 | maximum noise suppression. Tested with gcc 4.6.3, gcc 2.95.4 and clang 2.9. | ||
533 | |||
534 | 20130423 | ||
535 | - (djm) [auth.c configure.ac misc.c monitor.c monitor_wrap.c] Support | ||
536 | platforms, such as Android, that lack struct passwd.pw_gecos. Report | ||
537 | and initial patch from Nathan Osman bz#2086; feedback tim@ ok dtucker@ | ||
538 | - (djm) OpenBSD CVS Sync | ||
539 | - markus@cvs.openbsd.org 2013/03/05 20:16:09 | ||
540 | [sshconnect2.c] | ||
541 | reset pubkey order on partial success; ok djm@ | ||
542 | - djm@cvs.openbsd.org 2013/03/06 23:35:23 | ||
543 | [session.c] | ||
544 | fatal() when ChrootDirectory specified by running without root privileges; | ||
545 | ok markus@ | ||
546 | - djm@cvs.openbsd.org 2013/03/06 23:36:53 | ||
547 | [readconf.c] | ||
548 | g/c unused variable (-Wunused) | ||
549 | - djm@cvs.openbsd.org 2013/03/07 00:19:59 | ||
550 | [auth2-pubkey.c monitor.c] | ||
551 | reconstruct the original username that was sent by the client, which may | ||
552 | have included a style (e.g. "root:skey") when checking public key | ||
553 | signatures. Fixes public key and hostbased auth when the client specified | ||
554 | a style; ok markus@ | ||
555 | - markus@cvs.openbsd.org 2013/03/07 19:27:25 | ||
556 | [auth.h auth2-chall.c auth2.c monitor.c sshd_config.5] | ||
557 | add submethod support to AuthenticationMethods; ok and freedback djm@ | ||
558 | - djm@cvs.openbsd.org 2013/03/08 06:32:58 | ||
559 | [ssh.c] | ||
560 | allow "ssh -f none ..." ok markus@ | ||
561 | - djm@cvs.openbsd.org 2013/04/05 00:14:00 | ||
562 | [auth2-gss.c krl.c sshconnect2.c] | ||
563 | hush some {unused, printf type} warnings | ||
564 | - djm@cvs.openbsd.org 2013/04/05 00:31:49 | ||
565 | [pathnames.h] | ||
566 | use the existing _PATH_SSH_USER_RC define to construct the other | ||
567 | pathnames; bz#2077, ok dtucker@ (no binary change) | ||
568 | - djm@cvs.openbsd.org 2013/04/05 00:58:51 | ||
569 | [mux.c] | ||
570 | cleanup mux-created channels that are in SSH_CHANNEL_OPENING state too | ||
571 | (in addition to ones already in OPEN); bz#2079, ok dtucker@ | ||
572 | - markus@cvs.openbsd.org 2013/04/06 16:07:00 | ||
573 | [channels.c sshd.c] | ||
574 | handle ECONNABORTED for accept(); ok deraadt some time ago... | ||
575 | - dtucker@cvs.openbsd.org 2013/04/07 02:10:33 | ||
576 | [log.c log.h ssh.1 ssh.c sshd.8 sshd.c] | ||
577 | Add -E option to ssh and sshd to append debugging logs to a specified file | ||
578 | instead of stderr or syslog. ok markus@, man page help jmc@ | ||
579 | - dtucker@cvs.openbsd.org 2013/04/07 09:40:27 | ||
580 | [sshd.8] | ||
581 | clarify -e text. suggested by & ok jmc@ | ||
8 | - djm@cvs.openbsd.org 2013/04/11 02:27:50 | 582 | - djm@cvs.openbsd.org 2013/04/11 02:27:50 |
9 | [packet.c] | 583 | [packet.c] |
10 | quiet disconnect notifications on the server from error() back to logit() | 584 | quiet disconnect notifications on the server from error() back to logit() |
11 | if it is a normal client closure; bz#2057 ok+feedback dtucker@ | 585 | if it is a normal client closure; bz#2057 ok+feedback dtucker@ |
12 | - (djm) [version.h contrib/caldera/openssh.spec contrib/redhat/openssh.spec] | 586 | - dtucker@cvs.openbsd.org 2013/04/17 09:04:09 |
13 | [contrib/suse/openssh.spec] Crank version numbers for release. | 587 | [session.c] |
14 | - (djm) [README] Update release notes URL | 588 | revert rev 1.262; it fails because uid is already set here. ok djm@ |
589 | - djm@cvs.openbsd.org 2013/04/18 02:16:07 | ||
590 | [sftp.c] | ||
591 | make "sftp -q" do what it says on the sticker: hush everything but errors; | ||
592 | ok dtucker@ | ||
593 | - djm@cvs.openbsd.org 2013/04/19 01:00:10 | ||
594 | [sshd_config.5] | ||
595 | document the requirment that the AuthorizedKeysCommand be owned by root; | ||
596 | ok dtucker@ markus@ | ||
597 | - djm@cvs.openbsd.org 2013/04/19 01:01:00 | ||
598 | [ssh-keygen.c] | ||
599 | fix some memory leaks; bz#2088 ok dtucker@ | ||
600 | - djm@cvs.openbsd.org 2013/04/19 01:03:01 | ||
601 | [session.c] | ||
602 | reintroduce 1.262 without the connection-killing bug: | ||
603 | fatal() when ChrootDirectory specified by running without root privileges; | ||
604 | ok markus@ | ||
605 | - djm@cvs.openbsd.org 2013/04/19 01:06:50 | ||
606 | [authfile.c cipher.c cipher.h kex.c kex.h kexecdh.c kexecdhc.c kexecdhs.c] | ||
607 | [key.c key.h mac.c mac.h packet.c ssh.1 ssh.c] | ||
608 | add the ability to query supported ciphers, MACs, key type and KEX | ||
609 | algorithms to ssh. Includes some refactoring of KEX and key type handling | ||
610 | to be table-driven; ok markus@ | ||
611 | - djm@cvs.openbsd.org 2013/04/19 11:10:18 | ||
612 | [ssh.c] | ||
613 | add -Q to usage; reminded by jmc@ | ||
614 | - djm@cvs.openbsd.org 2013/04/19 12:07:08 | ||
615 | [kex.c] | ||
616 | remove duplicated list entry pointed out by naddy@ | ||
617 | - dtucker@cvs.openbsd.org 2013/04/22 01:17:18 | ||
618 | [mux.c] | ||
619 | typo in debug output: evitval->exitval | ||
620 | |||
621 | 20130418 | ||
622 | - (djm) [config.guess config.sub] Update to last versions before they switch | ||
623 | to GPL3. ok dtucker@ | ||
624 | - (dtucker) [configure.ac] Use -Qunused-arguments to suppress warnings from | ||
625 | unused argument warnings (in particular, -fno-builtin-memset) from clang. | ||
15 | 626 | ||
16 | 20130404 | 627 | 20130404 |
17 | - (dtucker) OpenBSD CVS Sync | 628 | - (dtucker) OpenBSD CVS Sync |
@@ -40,10 +651,16 @@ | |||
40 | to avoid conflicting definitions of __int64, adding the required bits. | 651 | to avoid conflicting definitions of __int64, adding the required bits. |
41 | Patch from Corinna Vinschen. | 652 | Patch from Corinna Vinschen. |
42 | 653 | ||
654 | 20120323 | ||
655 | - (tim) [Makefile.in] remove some duplication introduced in 20130220 commit. | ||
656 | |||
43 | 20120322 | 657 | 20120322 |
44 | - (djm) [contrib/ssh-copy-id contrib/ssh-copy-id.1] Updated to Phil | 658 | - (djm) [contrib/ssh-copy-id contrib/ssh-copy-id.1] Updated to Phil |
45 | Hands' greatly revised version. | 659 | Hands' greatly revised version. |
46 | - (djm) Release 6.2p1 | 660 | - (djm) Release 6.2p1 |
661 | - (dtucker) [configure.ac] Add stdlib.h to zlib check for exit() prototype. | ||
662 | - (dtucker) [includes.h] Check if _GNU_SOURCE is already defined before | ||
663 | defining it again. Prevents warnings if someone, eg, sets it in CFLAGS. | ||
47 | 664 | ||
48 | 20120318 | 665 | 20120318 |
49 | - (djm) [configure.ac log.c scp.c sshconnect2.c openbsd-compat/vis.c] | 666 | - (djm) [configure.ac log.c scp.c sshconnect2.c openbsd-compat/vis.c] |
diff --git a/Makefile.in b/Makefile.in index 5b2431d4a..839abbd48 100644 --- a/Makefile.in +++ b/Makefile.in | |||
@@ -1,4 +1,4 @@ | |||
1 | # $Id: Makefile.in,v 1.336 2013/03/07 15:37:13 tim Exp $ | 1 | # $Id: Makefile.in,v 1.340 2013/06/11 01:26:10 dtucker Exp $ |
2 | 2 | ||
3 | # uncomment if you run a non bourne compatable shell. Ie. csh | 3 | # uncomment if you run a non bourne compatable shell. Ie. csh |
4 | #SHELL = @SH@ | 4 | #SHELL = @SH@ |
@@ -125,6 +125,8 @@ PATHSUBS = \ | |||
125 | -e 's|/usr/bin:/bin:/usr/sbin:/sbin|@user_path@|g' | 125 | -e 's|/usr/bin:/bin:/usr/sbin:/sbin|@user_path@|g' |
126 | 126 | ||
127 | FIXPATHSCMD = $(SED) $(PATHSUBS) | 127 | FIXPATHSCMD = $(SED) $(PATHSUBS) |
128 | FIXALGORITHMSCMD= $(SHELL) $(srcdir)/fixalgorithms $(SED) \ | ||
129 | @UNSUPPORTED_ALGORITHMS@ | ||
128 | 130 | ||
129 | all: $(CONFIGFILES) $(MANPAGES) $(TARGETS) | 131 | all: $(CONFIGFILES) $(MANPAGES) $(TARGETS) |
130 | 132 | ||
@@ -191,9 +193,10 @@ $(MANPAGES): $(MANPAGES_IN) | |||
191 | manpage=$(srcdir)/`echo $@ | sed 's/\.out$$//'`; \ | 193 | manpage=$(srcdir)/`echo $@ | sed 's/\.out$$//'`; \ |
192 | fi; \ | 194 | fi; \ |
193 | if test "$(MANTYPE)" = "man"; then \ | 195 | if test "$(MANTYPE)" = "man"; then \ |
194 | $(FIXPATHSCMD) $${manpage} | $(AWK) -f $(srcdir)/mdoc2man.awk > $@; \ | 196 | $(FIXPATHSCMD) $${manpage} | $(FIXALGORITHMSCMD) | \ |
197 | $(AWK) -f $(srcdir)/mdoc2man.awk > $@; \ | ||
195 | else \ | 198 | else \ |
196 | $(FIXPATHSCMD) $${manpage} > $@; \ | 199 | $(FIXPATHSCMD) $${manpage} | $(FIXALGORITHMSCMD) > $@; \ |
197 | fi | 200 | fi |
198 | 201 | ||
199 | $(CONFIGFILES): $(CONFIGFILES_IN) | 202 | $(CONFIGFILES): $(CONFIGFILES_IN) |
@@ -394,15 +397,14 @@ uninstall: | |||
394 | -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1 | 397 | -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1 |
395 | 398 | ||
396 | regress/modpipe$(EXEEXT): $(srcdir)/regress/modpipe.c | 399 | regress/modpipe$(EXEEXT): $(srcdir)/regress/modpipe.c |
397 | [ -d `pwd`/regress ] || mkdir -p `pwd`/regress; \ | 400 | [ -d `pwd`/regress ] || mkdir -p `pwd`/regress |
398 | $(CC) $(CPPFLAGS) -o $@ $? \ | 401 | [ -f `pwd`/regress/Makefile ] || \ |
399 | $(LDFLAGS) -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS) | 402 | ln -s `cd $(srcdir) && pwd`/regress/Makefile `pwd`/regress/Makefile |
403 | $(CC) $(CFLAGS) $(CPPFLAGS) -o $@ $? \ | ||
404 | $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS) | ||
400 | 405 | ||
401 | tests interop-tests: $(TARGETS) regress/modpipe$(EXEEXT) | 406 | tests interop-tests: $(TARGETS) regress/modpipe$(EXEEXT) |
402 | BUILDDIR=`pwd`; \ | 407 | BUILDDIR=`pwd`; \ |
403 | [ -d `pwd`/regress ] || mkdir -p `pwd`/regress; \ | ||
404 | [ -f `pwd`/regress/Makefile ] || \ | ||
405 | ln -s `cd $(srcdir) && pwd`/regress/Makefile `pwd`/regress/Makefile ; \ | ||
406 | TEST_SHELL="@TEST_SHELL@"; \ | 408 | TEST_SHELL="@TEST_SHELL@"; \ |
407 | TEST_SSH_SSH="$${BUILDDIR}/ssh"; \ | 409 | TEST_SSH_SSH="$${BUILDDIR}/ssh"; \ |
408 | TEST_SSH_SSHD="$${BUILDDIR}/sshd"; \ | 410 | TEST_SSH_SSHD="$${BUILDDIR}/sshd"; \ |
@@ -1,4 +1,4 @@ | |||
1 | See http://www.openssh.com/txt/release-6.2p2 for the release notes. | 1 | See http://www.openssh.com/txt/release-6.3 for the release notes. |
2 | 2 | ||
3 | - A Japanese translation of this document and of the OpenSSH FAQ is | 3 | - A Japanese translation of this document and of the OpenSSH FAQ is |
4 | - available at http://www.unixuser.org/~haruyama/security/openssh/index.html | 4 | - available at http://www.unixuser.org/~haruyama/security/openssh/index.html |
@@ -62,4 +62,4 @@ References - | |||
62 | [6] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9 | 62 | [6] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9 |
63 | [7] http://www.openssh.com/faq.html | 63 | [7] http://www.openssh.com/faq.html |
64 | 64 | ||
65 | $Id: README,v 1.82.2.1 2013/05/10 06:12:54 djm Exp $ | 65 | $Id: README,v 1.83 2013/07/25 02:34:00 djm Exp $ |
diff --git a/aclocal.m4 b/aclocal.m4 index 9bdea5ec2..1b3bed790 100644 --- a/aclocal.m4 +++ b/aclocal.m4 | |||
@@ -1,4 +1,4 @@ | |||
1 | dnl $Id: aclocal.m4,v 1.8 2011/05/20 01:45:25 djm Exp $ | 1 | dnl $Id: aclocal.m4,v 1.9 2013/06/02 21:31:27 tim Exp $ |
2 | dnl | 2 | dnl |
3 | dnl OpenSSH-specific autoconf macros | 3 | dnl OpenSSH-specific autoconf macros |
4 | dnl | 4 | dnl |
@@ -14,8 +14,15 @@ AC_DEFUN([OSSH_CHECK_CFLAG_COMPILE], [{ | |||
14 | _define_flag="$2" | 14 | _define_flag="$2" |
15 | test "x$_define_flag" = "x" && _define_flag="$1" | 15 | test "x$_define_flag" = "x" && _define_flag="$1" |
16 | AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int main(void) { return 0; }]])], | 16 | AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int main(void) { return 0; }]])], |
17 | [ AC_MSG_RESULT([yes]) | 17 | [ |
18 | CFLAGS="$saved_CFLAGS $_define_flag"], | 18 | if `grep -i "unrecognized option" conftest.err >/dev/null` |
19 | then | ||
20 | AC_MSG_RESULT([no]) | ||
21 | CFLAGS="$saved_CFLAGS" | ||
22 | else | ||
23 | AC_MSG_RESULT([yes]) | ||
24 | CFLAGS="$saved_CFLAGS $_define_flag" | ||
25 | fi], | ||
19 | [ AC_MSG_RESULT([no]) | 26 | [ AC_MSG_RESULT([no]) |
20 | CFLAGS="$saved_CFLAGS" ] | 27 | CFLAGS="$saved_CFLAGS" ] |
21 | ) | 28 | ) |
diff --git a/addrmatch.c b/addrmatch.c index 388603cae..fb6de92e7 100644 --- a/addrmatch.c +++ b/addrmatch.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: addrmatch.c,v 1.6 2012/06/21 00:16:07 dtucker Exp $ */ | 1 | /* $OpenBSD: addrmatch.c,v 1.7 2013/05/17 00:13:13 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2004-2008 Damien Miller <djm@mindrot.org> | 4 | * Copyright (c) 2004-2008 Damien Miller <djm@mindrot.org> |
@@ -420,7 +420,7 @@ addr_match_list(const char *addr, const char *_list) | |||
420 | goto foundit; | 420 | goto foundit; |
421 | } | 421 | } |
422 | } | 422 | } |
423 | xfree(o); | 423 | free(o); |
424 | 424 | ||
425 | return ret; | 425 | return ret; |
426 | } | 426 | } |
@@ -494,7 +494,7 @@ addr_match_cidr_list(const char *addr, const char *_list) | |||
494 | continue; | 494 | continue; |
495 | } | 495 | } |
496 | } | 496 | } |
497 | xfree(o); | 497 | free(o); |
498 | 498 | ||
499 | return ret; | 499 | return ret; |
500 | } | 500 | } |
diff --git a/auth-chall.c b/auth-chall.c index 919b1eaa4..0005aa88b 100644 --- a/auth-chall.c +++ b/auth-chall.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth-chall.c,v 1.12 2006/08/03 03:34:41 deraadt Exp $ */ | 1 | /* $OpenBSD: auth-chall.c,v 1.13 2013/05/17 00:13:13 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -69,11 +69,11 @@ get_challenge(Authctxt *authctxt) | |||
69 | fatal("get_challenge: numprompts < 1"); | 69 | fatal("get_challenge: numprompts < 1"); |
70 | challenge = xstrdup(prompts[0]); | 70 | challenge = xstrdup(prompts[0]); |
71 | for (i = 0; i < numprompts; i++) | 71 | for (i = 0; i < numprompts; i++) |
72 | xfree(prompts[i]); | 72 | free(prompts[i]); |
73 | xfree(prompts); | 73 | free(prompts); |
74 | xfree(name); | 74 | free(name); |
75 | xfree(echo_on); | 75 | free(echo_on); |
76 | xfree(info); | 76 | free(info); |
77 | 77 | ||
78 | return (challenge); | 78 | return (challenge); |
79 | } | 79 | } |
@@ -102,11 +102,11 @@ verify_response(Authctxt *authctxt, const char *response) | |||
102 | authenticated = 1; | 102 | authenticated = 1; |
103 | 103 | ||
104 | for (i = 0; i < numprompts; i++) | 104 | for (i = 0; i < numprompts; i++) |
105 | xfree(prompts[i]); | 105 | free(prompts[i]); |
106 | xfree(prompts); | 106 | free(prompts); |
107 | xfree(name); | 107 | free(name); |
108 | xfree(echo_on); | 108 | free(echo_on); |
109 | xfree(info); | 109 | free(info); |
110 | break; | 110 | break; |
111 | } | 111 | } |
112 | device->free_ctx(authctxt->kbdintctxt); | 112 | device->free_ctx(authctxt->kbdintctxt); |
diff --git a/auth-krb5.c b/auth-krb5.c index 4c2375462..5613b5772 100644 --- a/auth-krb5.c +++ b/auth-krb5.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth-krb5.c,v 1.19 2006/08/03 03:34:41 deraadt Exp $ */ | 1 | /* $OpenBSD: auth-krb5.c,v 1.20 2013/07/20 01:55:13 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Kerberos v5 authentication and ticket-passing routines. | 3 | * Kerberos v5 authentication and ticket-passing routines. |
4 | * | 4 | * |
@@ -79,6 +79,7 @@ auth_krb5_password(Authctxt *authctxt, const char *password) | |||
79 | krb5_ccache ccache = NULL; | 79 | krb5_ccache ccache = NULL; |
80 | int len; | 80 | int len; |
81 | char *client, *platform_client; | 81 | char *client, *platform_client; |
82 | const char *errmsg; | ||
82 | 83 | ||
83 | /* get platform-specific kerberos client principal name (if it exists) */ | 84 | /* get platform-specific kerberos client principal name (if it exists) */ |
84 | platform_client = platform_krb5_get_principal_name(authctxt->pw->pw_name); | 85 | platform_client = platform_krb5_get_principal_name(authctxt->pw->pw_name); |
@@ -96,7 +97,12 @@ auth_krb5_password(Authctxt *authctxt, const char *password) | |||
96 | goto out; | 97 | goto out; |
97 | 98 | ||
98 | #ifdef HEIMDAL | 99 | #ifdef HEIMDAL |
100 | # ifdef HAVE_KRB5_CC_NEW_UNIQUE | ||
101 | problem = krb5_cc_new_unique(authctxt->krb5_ctx, | ||
102 | krb5_mcc_ops.prefix, NULL, &ccache); | ||
103 | # else | ||
99 | problem = krb5_cc_gen_new(authctxt->krb5_ctx, &krb5_mcc_ops, &ccache); | 104 | problem = krb5_cc_gen_new(authctxt->krb5_ctx, &krb5_mcc_ops, &ccache); |
105 | # endif | ||
100 | if (problem) | 106 | if (problem) |
101 | goto out; | 107 | goto out; |
102 | 108 | ||
@@ -115,8 +121,13 @@ auth_krb5_password(Authctxt *authctxt, const char *password) | |||
115 | if (problem) | 121 | if (problem) |
116 | goto out; | 122 | goto out; |
117 | 123 | ||
124 | # ifdef HAVE_KRB5_CC_NEW_UNIQUE | ||
125 | problem = krb5_cc_new_unique(authctxt->krb5_ctx, | ||
126 | krb5_fcc_ops.prefix, NULL, &authctxt->krb5_fwd_ccache); | ||
127 | # else | ||
118 | problem = krb5_cc_gen_new(authctxt->krb5_ctx, &krb5_fcc_ops, | 128 | problem = krb5_cc_gen_new(authctxt->krb5_ctx, &krb5_fcc_ops, |
119 | &authctxt->krb5_fwd_ccache); | 129 | &authctxt->krb5_fwd_ccache); |
130 | # endif | ||
120 | if (problem) | 131 | if (problem) |
121 | goto out; | 132 | goto out; |
122 | 133 | ||
@@ -186,17 +197,19 @@ auth_krb5_password(Authctxt *authctxt, const char *password) | |||
186 | out: | 197 | out: |
187 | restore_uid(); | 198 | restore_uid(); |
188 | 199 | ||
189 | if (platform_client != NULL) | 200 | free(platform_client); |
190 | xfree(platform_client); | ||
191 | 201 | ||
192 | if (problem) { | 202 | if (problem) { |
193 | if (ccache) | 203 | if (ccache) |
194 | krb5_cc_destroy(authctxt->krb5_ctx, ccache); | 204 | krb5_cc_destroy(authctxt->krb5_ctx, ccache); |
195 | 205 | ||
196 | if (authctxt->krb5_ctx != NULL && problem!=-1) | 206 | if (authctxt->krb5_ctx != NULL && problem!=-1) { |
197 | debug("Kerberos password authentication failed: %s", | 207 | errmsg = krb5_get_error_message(authctxt->krb5_ctx, |
198 | krb5_get_err_text(authctxt->krb5_ctx, problem)); | 208 | problem); |
199 | else | 209 | debug("Kerberos password authentication failed: %s", |
210 | errmsg); | ||
211 | krb5_free_error_message(authctxt->krb5_ctx, errmsg); | ||
212 | } else | ||
200 | debug("Kerberos password authentication failed: %d", | 213 | debug("Kerberos password authentication failed: %d", |
201 | problem); | 214 | problem); |
202 | 215 | ||
diff --git a/auth-options.c b/auth-options.c index 78e8f3955..73e330bf5 100644 --- a/auth-options.c +++ b/auth-options.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth-options.c,v 1.57 2012/12/02 20:46:11 djm Exp $ */ | 1 | /* $OpenBSD: auth-options.c,v 1.59 2013/07/12 00:19:58 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -83,15 +83,15 @@ auth_clear_options(void) | |||
83 | while (custom_environment) { | 83 | while (custom_environment) { |
84 | struct envstring *ce = custom_environment; | 84 | struct envstring *ce = custom_environment; |
85 | custom_environment = ce->next; | 85 | custom_environment = ce->next; |
86 | xfree(ce->s); | 86 | free(ce->s); |
87 | xfree(ce); | 87 | free(ce); |
88 | } | 88 | } |
89 | if (forced_command) { | 89 | if (forced_command) { |
90 | xfree(forced_command); | 90 | free(forced_command); |
91 | forced_command = NULL; | 91 | forced_command = NULL; |
92 | } | 92 | } |
93 | if (authorized_principals) { | 93 | if (authorized_principals) { |
94 | xfree(authorized_principals); | 94 | free(authorized_principals); |
95 | authorized_principals = NULL; | 95 | authorized_principals = NULL; |
96 | } | 96 | } |
97 | forced_tun_device = -1; | 97 | forced_tun_device = -1; |
@@ -160,7 +160,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) | |||
160 | if (strncasecmp(opts, cp, strlen(cp)) == 0) { | 160 | if (strncasecmp(opts, cp, strlen(cp)) == 0) { |
161 | opts += strlen(cp); | 161 | opts += strlen(cp); |
162 | if (forced_command != NULL) | 162 | if (forced_command != NULL) |
163 | xfree(forced_command); | 163 | free(forced_command); |
164 | forced_command = xmalloc(strlen(opts) + 1); | 164 | forced_command = xmalloc(strlen(opts) + 1); |
165 | i = 0; | 165 | i = 0; |
166 | while (*opts) { | 166 | while (*opts) { |
@@ -178,7 +178,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) | |||
178 | file, linenum); | 178 | file, linenum); |
179 | auth_debug_add("%.100s, line %lu: missing end quote", | 179 | auth_debug_add("%.100s, line %lu: missing end quote", |
180 | file, linenum); | 180 | file, linenum); |
181 | xfree(forced_command); | 181 | free(forced_command); |
182 | forced_command = NULL; | 182 | forced_command = NULL; |
183 | goto bad_option; | 183 | goto bad_option; |
184 | } | 184 | } |
@@ -191,7 +191,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) | |||
191 | if (strncasecmp(opts, cp, strlen(cp)) == 0) { | 191 | if (strncasecmp(opts, cp, strlen(cp)) == 0) { |
192 | opts += strlen(cp); | 192 | opts += strlen(cp); |
193 | if (authorized_principals != NULL) | 193 | if (authorized_principals != NULL) |
194 | xfree(authorized_principals); | 194 | free(authorized_principals); |
195 | authorized_principals = xmalloc(strlen(opts) + 1); | 195 | authorized_principals = xmalloc(strlen(opts) + 1); |
196 | i = 0; | 196 | i = 0; |
197 | while (*opts) { | 197 | while (*opts) { |
@@ -209,7 +209,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) | |||
209 | file, linenum); | 209 | file, linenum); |
210 | auth_debug_add("%.100s, line %lu: missing end quote", | 210 | auth_debug_add("%.100s, line %lu: missing end quote", |
211 | file, linenum); | 211 | file, linenum); |
212 | xfree(authorized_principals); | 212 | free(authorized_principals); |
213 | authorized_principals = NULL; | 213 | authorized_principals = NULL; |
214 | goto bad_option; | 214 | goto bad_option; |
215 | } | 215 | } |
@@ -243,7 +243,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) | |||
243 | file, linenum); | 243 | file, linenum); |
244 | auth_debug_add("%.100s, line %lu: missing end quote", | 244 | auth_debug_add("%.100s, line %lu: missing end quote", |
245 | file, linenum); | 245 | file, linenum); |
246 | xfree(s); | 246 | free(s); |
247 | goto bad_option; | 247 | goto bad_option; |
248 | } | 248 | } |
249 | s[i] = '\0'; | 249 | s[i] = '\0'; |
@@ -280,7 +280,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) | |||
280 | file, linenum); | 280 | file, linenum); |
281 | auth_debug_add("%.100s, line %lu: missing end quote", | 281 | auth_debug_add("%.100s, line %lu: missing end quote", |
282 | file, linenum); | 282 | file, linenum); |
283 | xfree(patterns); | 283 | free(patterns); |
284 | goto bad_option; | 284 | goto bad_option; |
285 | } | 285 | } |
286 | patterns[i] = '\0'; | 286 | patterns[i] = '\0'; |
@@ -288,7 +288,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) | |||
288 | switch (match_host_and_ip(remote_host, remote_ip, | 288 | switch (match_host_and_ip(remote_host, remote_ip, |
289 | patterns)) { | 289 | patterns)) { |
290 | case 1: | 290 | case 1: |
291 | xfree(patterns); | 291 | free(patterns); |
292 | /* Host name matches. */ | 292 | /* Host name matches. */ |
293 | goto next_option; | 293 | goto next_option; |
294 | case -1: | 294 | case -1: |
@@ -298,7 +298,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) | |||
298 | "invalid criteria", file, linenum); | 298 | "invalid criteria", file, linenum); |
299 | /* FALLTHROUGH */ | 299 | /* FALLTHROUGH */ |
300 | case 0: | 300 | case 0: |
301 | xfree(patterns); | 301 | free(patterns); |
302 | if (!logged_from_hostip) { | 302 | if (!logged_from_hostip) { |
303 | logit("Authentication tried for %.100s with " | 303 | logit("Authentication tried for %.100s with " |
304 | "correct key but not from a permitted " | 304 | "correct key but not from a permitted " |
@@ -337,7 +337,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) | |||
337 | file, linenum); | 337 | file, linenum); |
338 | auth_debug_add("%.100s, line %lu: missing " | 338 | auth_debug_add("%.100s, line %lu: missing " |
339 | "end quote", file, linenum); | 339 | "end quote", file, linenum); |
340 | xfree(patterns); | 340 | free(patterns); |
341 | goto bad_option; | 341 | goto bad_option; |
342 | } | 342 | } |
343 | patterns[i] = '\0'; | 343 | patterns[i] = '\0'; |
@@ -351,7 +351,7 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) | |||
351 | auth_debug_add("%.100s, line %lu: " | 351 | auth_debug_add("%.100s, line %lu: " |
352 | "Bad permitopen specification", file, | 352 | "Bad permitopen specification", file, |
353 | linenum); | 353 | linenum); |
354 | xfree(patterns); | 354 | free(patterns); |
355 | goto bad_option; | 355 | goto bad_option; |
356 | } | 356 | } |
357 | host = cleanhostname(host); | 357 | host = cleanhostname(host); |
@@ -360,12 +360,12 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) | |||
360 | "<%.100s>", file, linenum, p ? p : ""); | 360 | "<%.100s>", file, linenum, p ? p : ""); |
361 | auth_debug_add("%.100s, line %lu: " | 361 | auth_debug_add("%.100s, line %lu: " |
362 | "Bad permitopen port", file, linenum); | 362 | "Bad permitopen port", file, linenum); |
363 | xfree(patterns); | 363 | free(patterns); |
364 | goto bad_option; | 364 | goto bad_option; |
365 | } | 365 | } |
366 | if ((options.allow_tcp_forwarding & FORWARD_LOCAL) != 0) | 366 | if ((options.allow_tcp_forwarding & FORWARD_LOCAL) != 0) |
367 | channel_add_permitted_opens(host, port); | 367 | channel_add_permitted_opens(host, port); |
368 | xfree(patterns); | 368 | free(patterns); |
369 | goto next_option; | 369 | goto next_option; |
370 | } | 370 | } |
371 | cp = "tunnel=\""; | 371 | cp = "tunnel=\""; |
@@ -384,13 +384,13 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) | |||
384 | file, linenum); | 384 | file, linenum); |
385 | auth_debug_add("%.100s, line %lu: missing end quote", | 385 | auth_debug_add("%.100s, line %lu: missing end quote", |
386 | file, linenum); | 386 | file, linenum); |
387 | xfree(tun); | 387 | free(tun); |
388 | forced_tun_device = -1; | 388 | forced_tun_device = -1; |
389 | goto bad_option; | 389 | goto bad_option; |
390 | } | 390 | } |
391 | tun[i] = '\0'; | 391 | tun[i] = '\0'; |
392 | forced_tun_device = a2tun(tun, NULL); | 392 | forced_tun_device = a2tun(tun, NULL); |
393 | xfree(tun); | 393 | free(tun); |
394 | if (forced_tun_device == SSH_TUNID_ERR) { | 394 | if (forced_tun_device == SSH_TUNID_ERR) { |
395 | debug("%.100s, line %lu: invalid tun device", | 395 | debug("%.100s, line %lu: invalid tun device", |
396 | file, linenum); | 396 | file, linenum); |
@@ -446,7 +446,8 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw, | |||
446 | { | 446 | { |
447 | char *command, *allowed; | 447 | char *command, *allowed; |
448 | const char *remote_ip; | 448 | const char *remote_ip; |
449 | u_char *name = NULL, *data_blob = NULL; | 449 | char *name = NULL; |
450 | u_char *data_blob = NULL; | ||
450 | u_int nlen, dlen, clen; | 451 | u_int nlen, dlen, clen; |
451 | Buffer c, data; | 452 | Buffer c, data; |
452 | int ret = -1, found; | 453 | int ret = -1, found; |
@@ -498,7 +499,7 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw, | |||
498 | if (*cert_forced_command != NULL) { | 499 | if (*cert_forced_command != NULL) { |
499 | error("Certificate has multiple " | 500 | error("Certificate has multiple " |
500 | "force-command options"); | 501 | "force-command options"); |
501 | xfree(command); | 502 | free(command); |
502 | goto out; | 503 | goto out; |
503 | } | 504 | } |
504 | *cert_forced_command = command; | 505 | *cert_forced_command = command; |
@@ -514,7 +515,7 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw, | |||
514 | if ((*cert_source_address_done)++) { | 515 | if ((*cert_source_address_done)++) { |
515 | error("Certificate has multiple " | 516 | error("Certificate has multiple " |
516 | "source-address options"); | 517 | "source-address options"); |
517 | xfree(allowed); | 518 | free(allowed); |
518 | goto out; | 519 | goto out; |
519 | } | 520 | } |
520 | remote_ip = get_remote_ipaddr(); | 521 | remote_ip = get_remote_ipaddr(); |
@@ -522,7 +523,7 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw, | |||
522 | allowed)) { | 523 | allowed)) { |
523 | case 1: | 524 | case 1: |
524 | /* accepted */ | 525 | /* accepted */ |
525 | xfree(allowed); | 526 | free(allowed); |
526 | break; | 527 | break; |
527 | case 0: | 528 | case 0: |
528 | /* no match */ | 529 | /* no match */ |
@@ -538,12 +539,12 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw, | |||
538 | "is not permitted to use this " | 539 | "is not permitted to use this " |
539 | "certificate for login.", | 540 | "certificate for login.", |
540 | remote_ip); | 541 | remote_ip); |
541 | xfree(allowed); | 542 | free(allowed); |
542 | goto out; | 543 | goto out; |
543 | case -1: | 544 | case -1: |
544 | error("Certificate source-address " | 545 | error("Certificate source-address " |
545 | "contents invalid"); | 546 | "contents invalid"); |
546 | xfree(allowed); | 547 | free(allowed); |
547 | goto out; | 548 | goto out; |
548 | } | 549 | } |
549 | found = 1; | 550 | found = 1; |
@@ -565,9 +566,10 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw, | |||
565 | goto out; | 566 | goto out; |
566 | } | 567 | } |
567 | buffer_clear(&data); | 568 | buffer_clear(&data); |
568 | xfree(name); | 569 | free(name); |
569 | xfree(data_blob); | 570 | free(data_blob); |
570 | name = data_blob = NULL; | 571 | name = NULL; |
572 | data_blob = NULL; | ||
571 | } | 573 | } |
572 | /* successfully parsed all options */ | 574 | /* successfully parsed all options */ |
573 | ret = 0; | 575 | ret = 0; |
@@ -576,13 +578,13 @@ parse_option_list(u_char *optblob, size_t optblob_len, struct passwd *pw, | |||
576 | if (ret != 0 && | 578 | if (ret != 0 && |
577 | cert_forced_command != NULL && | 579 | cert_forced_command != NULL && |
578 | *cert_forced_command != NULL) { | 580 | *cert_forced_command != NULL) { |
579 | xfree(*cert_forced_command); | 581 | free(*cert_forced_command); |
580 | *cert_forced_command = NULL; | 582 | *cert_forced_command = NULL; |
581 | } | 583 | } |
582 | if (name != NULL) | 584 | if (name != NULL) |
583 | xfree(name); | 585 | free(name); |
584 | if (data_blob != NULL) | 586 | if (data_blob != NULL) |
585 | xfree(data_blob); | 587 | free(data_blob); |
586 | buffer_free(&data); | 588 | buffer_free(&data); |
587 | buffer_free(&c); | 589 | buffer_free(&c); |
588 | return ret; | 590 | return ret; |
@@ -644,7 +646,7 @@ auth_cert_options(Key *k, struct passwd *pw) | |||
644 | /* CA-specified forced command supersedes key option */ | 646 | /* CA-specified forced command supersedes key option */ |
645 | if (cert_forced_command != NULL) { | 647 | if (cert_forced_command != NULL) { |
646 | if (forced_command != NULL) | 648 | if (forced_command != NULL) |
647 | xfree(forced_command); | 649 | free(forced_command); |
648 | forced_command = cert_forced_command; | 650 | forced_command = cert_forced_command; |
649 | } | 651 | } |
650 | return 0; | 652 | return 0; |
diff --git a/auth-pam.c b/auth-pam.c index 675006e6f..d51318b3a 100644 --- a/auth-pam.c +++ b/auth-pam.c | |||
@@ -412,10 +412,9 @@ sshpam_thread_conv(int n, sshpam_const struct pam_message **msg, | |||
412 | 412 | ||
413 | fail: | 413 | fail: |
414 | for(i = 0; i < n; i++) { | 414 | for(i = 0; i < n; i++) { |
415 | if (reply[i].resp != NULL) | 415 | free(reply[i].resp); |
416 | xfree(reply[i].resp); | ||
417 | } | 416 | } |
418 | xfree(reply); | 417 | free(reply); |
419 | buffer_free(&buffer); | 418 | buffer_free(&buffer); |
420 | return (PAM_CONV_ERR); | 419 | return (PAM_CONV_ERR); |
421 | } | 420 | } |
@@ -586,10 +585,9 @@ sshpam_store_conv(int n, sshpam_const struct pam_message **msg, | |||
586 | 585 | ||
587 | fail: | 586 | fail: |
588 | for(i = 0; i < n; i++) { | 587 | for(i = 0; i < n; i++) { |
589 | if (reply[i].resp != NULL) | 588 | free(reply[i].resp); |
590 | xfree(reply[i].resp); | ||
591 | } | 589 | } |
592 | xfree(reply); | 590 | free(reply); |
593 | return (PAM_CONV_ERR); | 591 | return (PAM_CONV_ERR); |
594 | } | 592 | } |
595 | 593 | ||
@@ -693,7 +691,7 @@ sshpam_init_ctx(Authctxt *authctxt) | |||
693 | /* Start the authentication thread */ | 691 | /* Start the authentication thread */ |
694 | if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, socks) == -1) { | 692 | if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, socks) == -1) { |
695 | error("PAM: failed create sockets: %s", strerror(errno)); | 693 | error("PAM: failed create sockets: %s", strerror(errno)); |
696 | xfree(ctxt); | 694 | free(ctxt); |
697 | return (NULL); | 695 | return (NULL); |
698 | } | 696 | } |
699 | ctxt->pam_psock = socks[0]; | 697 | ctxt->pam_psock = socks[0]; |
@@ -703,7 +701,7 @@ sshpam_init_ctx(Authctxt *authctxt) | |||
703 | strerror(errno)); | 701 | strerror(errno)); |
704 | close(socks[0]); | 702 | close(socks[0]); |
705 | close(socks[1]); | 703 | close(socks[1]); |
706 | xfree(ctxt); | 704 | free(ctxt); |
707 | return (NULL); | 705 | return (NULL); |
708 | } | 706 | } |
709 | cleanup_ctxt = ctxt; | 707 | cleanup_ctxt = ctxt; |
@@ -742,7 +740,7 @@ sshpam_query(void *ctx, char **name, char **info, | |||
742 | strlcpy(**prompts + plen, msg, len - plen); | 740 | strlcpy(**prompts + plen, msg, len - plen); |
743 | plen += mlen; | 741 | plen += mlen; |
744 | **echo_on = (type == PAM_PROMPT_ECHO_ON); | 742 | **echo_on = (type == PAM_PROMPT_ECHO_ON); |
745 | xfree(msg); | 743 | free(msg); |
746 | return (0); | 744 | return (0); |
747 | case PAM_ERROR_MSG: | 745 | case PAM_ERROR_MSG: |
748 | case PAM_TEXT_INFO: | 746 | case PAM_TEXT_INFO: |
@@ -753,7 +751,7 @@ sshpam_query(void *ctx, char **name, char **info, | |||
753 | plen += mlen; | 751 | plen += mlen; |
754 | strlcat(**prompts + plen, "\n", len - plen); | 752 | strlcat(**prompts + plen, "\n", len - plen); |
755 | plen++; | 753 | plen++; |
756 | xfree(msg); | 754 | free(msg); |
757 | break; | 755 | break; |
758 | case PAM_ACCT_EXPIRED: | 756 | case PAM_ACCT_EXPIRED: |
759 | sshpam_account_status = 0; | 757 | sshpam_account_status = 0; |
@@ -766,7 +764,7 @@ sshpam_query(void *ctx, char **name, char **info, | |||
766 | *num = 0; | 764 | *num = 0; |
767 | **echo_on = 0; | 765 | **echo_on = 0; |
768 | ctxt->pam_done = -1; | 766 | ctxt->pam_done = -1; |
769 | xfree(msg); | 767 | free(msg); |
770 | return 0; | 768 | return 0; |
771 | } | 769 | } |
772 | /* FALLTHROUGH */ | 770 | /* FALLTHROUGH */ |
@@ -776,7 +774,7 @@ sshpam_query(void *ctx, char **name, char **info, | |||
776 | debug("PAM: %s", **prompts); | 774 | debug("PAM: %s", **prompts); |
777 | buffer_append(&loginmsg, **prompts, | 775 | buffer_append(&loginmsg, **prompts, |
778 | strlen(**prompts)); | 776 | strlen(**prompts)); |
779 | xfree(**prompts); | 777 | free(**prompts); |
780 | **prompts = NULL; | 778 | **prompts = NULL; |
781 | } | 779 | } |
782 | if (type == PAM_SUCCESS) { | 780 | if (type == PAM_SUCCESS) { |
@@ -790,7 +788,7 @@ sshpam_query(void *ctx, char **name, char **info, | |||
790 | *num = 0; | 788 | *num = 0; |
791 | **echo_on = 0; | 789 | **echo_on = 0; |
792 | ctxt->pam_done = 1; | 790 | ctxt->pam_done = 1; |
793 | xfree(msg); | 791 | free(msg); |
794 | return (0); | 792 | return (0); |
795 | } | 793 | } |
796 | error("PAM: %s for %s%.100s from %.100s", msg, | 794 | error("PAM: %s for %s%.100s from %.100s", msg, |
@@ -801,7 +799,7 @@ sshpam_query(void *ctx, char **name, char **info, | |||
801 | default: | 799 | default: |
802 | *num = 0; | 800 | *num = 0; |
803 | **echo_on = 0; | 801 | **echo_on = 0; |
804 | xfree(msg); | 802 | free(msg); |
805 | ctxt->pam_done = -1; | 803 | ctxt->pam_done = -1; |
806 | return (-1); | 804 | return (-1); |
807 | } | 805 | } |
@@ -852,7 +850,7 @@ sshpam_free_ctx(void *ctxtp) | |||
852 | 850 | ||
853 | debug3("PAM: %s entering", __func__); | 851 | debug3("PAM: %s entering", __func__); |
854 | sshpam_thread_cleanup(); | 852 | sshpam_thread_cleanup(); |
855 | xfree(ctxt); | 853 | free(ctxt); |
856 | /* | 854 | /* |
857 | * We don't call sshpam_cleanup() here because we may need the PAM | 855 | * We don't call sshpam_cleanup() here because we may need the PAM |
858 | * handle at a later stage, e.g. when setting up a session. It's | 856 | * handle at a later stage, e.g. when setting up a session. It's |
@@ -1006,10 +1004,9 @@ sshpam_tty_conv(int n, sshpam_const struct pam_message **msg, | |||
1006 | 1004 | ||
1007 | fail: | 1005 | fail: |
1008 | for(i = 0; i < n; i++) { | 1006 | for(i = 0; i < n; i++) { |
1009 | if (reply[i].resp != NULL) | 1007 | free(reply[i].resp); |
1010 | xfree(reply[i].resp); | ||
1011 | } | 1008 | } |
1012 | xfree(reply); | 1009 | free(reply); |
1013 | return (PAM_CONV_ERR); | 1010 | return (PAM_CONV_ERR); |
1014 | } | 1011 | } |
1015 | 1012 | ||
@@ -1081,7 +1078,7 @@ do_pam_putenv(char *name, char *value) | |||
1081 | 1078 | ||
1082 | snprintf(compound, len, "%s=%s", name, value); | 1079 | snprintf(compound, len, "%s=%s", name, value); |
1083 | ret = pam_putenv(sshpam_handle, compound); | 1080 | ret = pam_putenv(sshpam_handle, compound); |
1084 | xfree(compound); | 1081 | free(compound); |
1085 | #endif | 1082 | #endif |
1086 | 1083 | ||
1087 | return (ret); | 1084 | return (ret); |
@@ -1108,8 +1105,8 @@ free_pam_environment(char **env) | |||
1108 | return; | 1105 | return; |
1109 | 1106 | ||
1110 | for (envp = env; *envp; envp++) | 1107 | for (envp = env; *envp; envp++) |
1111 | xfree(*envp); | 1108 | free(*envp); |
1112 | xfree(env); | 1109 | free(env); |
1113 | } | 1110 | } |
1114 | 1111 | ||
1115 | /* | 1112 | /* |
@@ -1165,10 +1162,9 @@ sshpam_passwd_conv(int n, sshpam_const struct pam_message **msg, | |||
1165 | 1162 | ||
1166 | fail: | 1163 | fail: |
1167 | for(i = 0; i < n; i++) { | 1164 | for(i = 0; i < n; i++) { |
1168 | if (reply[i].resp != NULL) | 1165 | free(reply[i].resp); |
1169 | xfree(reply[i].resp); | ||
1170 | } | 1166 | } |
1171 | xfree(reply); | 1167 | free(reply); |
1172 | return (PAM_CONV_ERR); | 1168 | return (PAM_CONV_ERR); |
1173 | } | 1169 | } |
1174 | 1170 | ||
diff --git a/auth-rsa.c b/auth-rsa.c index 33cdb5dae..9b139c928 100644 --- a/auth-rsa.c +++ b/auth-rsa.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth-rsa.c,v 1.81 2012/10/30 21:29:54 djm Exp $ */ | 1 | /* $OpenBSD: auth-rsa.c,v 1.85 2013/07/12 00:19:58 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -164,9 +164,8 @@ static int | |||
164 | rsa_key_allowed_in_file(struct passwd *pw, char *file, | 164 | rsa_key_allowed_in_file(struct passwd *pw, char *file, |
165 | const BIGNUM *client_n, Key **rkey) | 165 | const BIGNUM *client_n, Key **rkey) |
166 | { | 166 | { |
167 | char line[SSH_MAX_PUBKEY_BYTES]; | 167 | char *fp, line[SSH_MAX_PUBKEY_BYTES]; |
168 | int allowed = 0; | 168 | int allowed = 0, bits; |
169 | u_int bits; | ||
170 | FILE *f; | 169 | FILE *f; |
171 | u_long linenum = 0; | 170 | u_long linenum = 0; |
172 | Key *key; | 171 | Key *key; |
@@ -229,11 +228,16 @@ rsa_key_allowed_in_file(struct passwd *pw, char *file, | |||
229 | 228 | ||
230 | /* check the real bits */ | 229 | /* check the real bits */ |
231 | keybits = BN_num_bits(key->rsa->n); | 230 | keybits = BN_num_bits(key->rsa->n); |
232 | if (keybits < 0 || bits != (u_int)keybits) | 231 | if (keybits < 0 || bits != keybits) |
233 | logit("Warning: %s, line %lu: keysize mismatch: " | 232 | logit("Warning: %s, line %lu: keysize mismatch: " |
234 | "actual %d vs. announced %d.", | 233 | "actual %d vs. announced %d.", |
235 | file, linenum, BN_num_bits(key->rsa->n), bits); | 234 | file, linenum, BN_num_bits(key->rsa->n), bits); |
236 | 235 | ||
236 | fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); | ||
237 | debug("matching key found: file %s, line %lu %s %s", | ||
238 | file, linenum, key_type(key), fp); | ||
239 | free(fp); | ||
240 | |||
237 | /* Never accept a revoked key */ | 241 | /* Never accept a revoked key */ |
238 | if (auth_key_is_revoked(key, 0)) | 242 | if (auth_key_is_revoked(key, 0)) |
239 | break; | 243 | break; |
@@ -283,7 +287,7 @@ auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey) | |||
283 | file = expand_authorized_keys( | 287 | file = expand_authorized_keys( |
284 | options.authorized_keys_files[i], pw); | 288 | options.authorized_keys_files[i], pw); |
285 | allowed = rsa_key_allowed_in_file(pw, file, client_n, rkey); | 289 | allowed = rsa_key_allowed_in_file(pw, file, client_n, rkey); |
286 | xfree(file); | 290 | free(file); |
287 | } | 291 | } |
288 | 292 | ||
289 | restore_uid(); | 293 | restore_uid(); |
@@ -300,7 +304,6 @@ int | |||
300 | auth_rsa(Authctxt *authctxt, BIGNUM *client_n) | 304 | auth_rsa(Authctxt *authctxt, BIGNUM *client_n) |
301 | { | 305 | { |
302 | Key *key; | 306 | Key *key; |
303 | char *fp; | ||
304 | struct passwd *pw = authctxt->pw; | 307 | struct passwd *pw = authctxt->pw; |
305 | 308 | ||
306 | /* no user given */ | 309 | /* no user given */ |
@@ -330,11 +333,7 @@ auth_rsa(Authctxt *authctxt, BIGNUM *client_n) | |||
330 | * options; this will be reset if the options cause the | 333 | * options; this will be reset if the options cause the |
331 | * authentication to be rejected. | 334 | * authentication to be rejected. |
332 | */ | 335 | */ |
333 | fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); | 336 | pubkey_auth_info(authctxt, key, NULL); |
334 | verbose("Found matching %s key: %s", | ||
335 | key_type(key), fp); | ||
336 | xfree(fp); | ||
337 | key_free(key); | ||
338 | 337 | ||
339 | packet_send_debug("RSA authentication accepted."); | 338 | packet_send_debug("RSA authentication accepted."); |
340 | return (1); | 339 | return (1); |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth.c,v 1.101 2013/02/06 00:22:21 dtucker Exp $ */ | 1 | /* $OpenBSD: auth.c,v 1.103 2013/05/19 02:42:42 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -73,6 +73,7 @@ | |||
73 | #include "authfile.h" | 73 | #include "authfile.h" |
74 | #include "monitor_wrap.h" | 74 | #include "monitor_wrap.h" |
75 | #include "krl.h" | 75 | #include "krl.h" |
76 | #include "compat.h" | ||
76 | 77 | ||
77 | /* import */ | 78 | /* import */ |
78 | extern ServerOptions options; | 79 | extern ServerOptions options; |
@@ -166,17 +167,17 @@ allowed_user(struct passwd * pw) | |||
166 | if (stat(shell, &st) != 0) { | 167 | if (stat(shell, &st) != 0) { |
167 | logit("User %.100s not allowed because shell %.100s " | 168 | logit("User %.100s not allowed because shell %.100s " |
168 | "does not exist", pw->pw_name, shell); | 169 | "does not exist", pw->pw_name, shell); |
169 | xfree(shell); | 170 | free(shell); |
170 | return 0; | 171 | return 0; |
171 | } | 172 | } |
172 | if (S_ISREG(st.st_mode) == 0 || | 173 | if (S_ISREG(st.st_mode) == 0 || |
173 | (st.st_mode & (S_IXOTH|S_IXUSR|S_IXGRP)) == 0) { | 174 | (st.st_mode & (S_IXOTH|S_IXUSR|S_IXGRP)) == 0) { |
174 | logit("User %.100s not allowed because shell %.100s " | 175 | logit("User %.100s not allowed because shell %.100s " |
175 | "is not executable", pw->pw_name, shell); | 176 | "is not executable", pw->pw_name, shell); |
176 | xfree(shell); | 177 | free(shell); |
177 | return 0; | 178 | return 0; |
178 | } | 179 | } |
179 | xfree(shell); | 180 | free(shell); |
180 | } | 181 | } |
181 | 182 | ||
182 | if (options.num_deny_users > 0 || options.num_allow_users > 0 || | 183 | if (options.num_deny_users > 0 || options.num_allow_users > 0 || |
@@ -253,8 +254,25 @@ allowed_user(struct passwd * pw) | |||
253 | } | 254 | } |
254 | 255 | ||
255 | void | 256 | void |
257 | auth_info(Authctxt *authctxt, const char *fmt, ...) | ||
258 | { | ||
259 | va_list ap; | ||
260 | int i; | ||
261 | |||
262 | free(authctxt->info); | ||
263 | authctxt->info = NULL; | ||
264 | |||
265 | va_start(ap, fmt); | ||
266 | i = vasprintf(&authctxt->info, fmt, ap); | ||
267 | va_end(ap); | ||
268 | |||
269 | if (i < 0 || authctxt->info == NULL) | ||
270 | fatal("vasprintf failed"); | ||
271 | } | ||
272 | |||
273 | void | ||
256 | auth_log(Authctxt *authctxt, int authenticated, int partial, | 274 | auth_log(Authctxt *authctxt, int authenticated, int partial, |
257 | const char *method, const char *submethod, const char *info) | 275 | const char *method, const char *submethod) |
258 | { | 276 | { |
259 | void (*authlog) (const char *fmt,...) = verbose; | 277 | void (*authlog) (const char *fmt,...) = verbose; |
260 | char *authmsg; | 278 | char *authmsg; |
@@ -276,7 +294,7 @@ auth_log(Authctxt *authctxt, int authenticated, int partial, | |||
276 | else | 294 | else |
277 | authmsg = authenticated ? "Accepted" : "Failed"; | 295 | authmsg = authenticated ? "Accepted" : "Failed"; |
278 | 296 | ||
279 | authlog("%s %s%s%s for %s%.100s from %.200s port %d%s", | 297 | authlog("%s %s%s%s for %s%.100s from %.200s port %d %s%s%s", |
280 | authmsg, | 298 | authmsg, |
281 | method, | 299 | method, |
282 | submethod != NULL ? "/" : "", submethod == NULL ? "" : submethod, | 300 | submethod != NULL ? "/" : "", submethod == NULL ? "" : submethod, |
@@ -284,7 +302,11 @@ auth_log(Authctxt *authctxt, int authenticated, int partial, | |||
284 | authctxt->user, | 302 | authctxt->user, |
285 | get_remote_ipaddr(), | 303 | get_remote_ipaddr(), |
286 | get_remote_port(), | 304 | get_remote_port(), |
287 | info); | 305 | compat20 ? "ssh2" : "ssh1", |
306 | authctxt->info != NULL ? ": " : "", | ||
307 | authctxt->info != NULL ? authctxt->info : ""); | ||
308 | free(authctxt->info); | ||
309 | authctxt->info = NULL; | ||
288 | 310 | ||
289 | #ifdef CUSTOM_FAILED_LOGIN | 311 | #ifdef CUSTOM_FAILED_LOGIN |
290 | if (authenticated == 0 && !authctxt->postponed && | 312 | if (authenticated == 0 && !authctxt->postponed && |
@@ -356,7 +378,7 @@ expand_authorized_keys(const char *filename, struct passwd *pw) | |||
356 | i = snprintf(ret, sizeof(ret), "%s/%s", pw->pw_dir, file); | 378 | i = snprintf(ret, sizeof(ret), "%s/%s", pw->pw_dir, file); |
357 | if (i < 0 || (size_t)i >= sizeof(ret)) | 379 | if (i < 0 || (size_t)i >= sizeof(ret)) |
358 | fatal("expand_authorized_keys: path too long"); | 380 | fatal("expand_authorized_keys: path too long"); |
359 | xfree(file); | 381 | free(file); |
360 | return (xstrdup(ret)); | 382 | return (xstrdup(ret)); |
361 | } | 383 | } |
362 | 384 | ||
@@ -397,7 +419,7 @@ check_key_in_hostfiles(struct passwd *pw, Key *key, const char *host, | |||
397 | load_hostkeys(hostkeys, host, user_hostfile); | 419 | load_hostkeys(hostkeys, host, user_hostfile); |
398 | restore_uid(); | 420 | restore_uid(); |
399 | } | 421 | } |
400 | xfree(user_hostfile); | 422 | free(user_hostfile); |
401 | } | 423 | } |
402 | host_status = check_key_in_hostkeys(hostkeys, key, &found); | 424 | host_status = check_key_in_hostkeys(hostkeys, key, &found); |
403 | if (host_status == HOST_REVOKED) | 425 | if (host_status == HOST_REVOKED) |
@@ -647,7 +669,7 @@ auth_key_is_revoked(Key *key, int hostkey) | |||
647 | logit("Public key %s from %s blacklisted (see " | 669 | logit("Public key %s from %s blacklisted (see " |
648 | "ssh-vulnkey(1)); continuing anyway", | 670 | "ssh-vulnkey(1)); continuing anyway", |
649 | key_fp, get_remote_ipaddr()); | 671 | key_fp, get_remote_ipaddr()); |
650 | xfree(key_fp); | 672 | free(key_fp); |
651 | } else { | 673 | } else { |
652 | if (hostkey) | 674 | if (hostkey) |
653 | error("Host key %s blacklisted (see " | 675 | error("Host key %s blacklisted (see " |
@@ -656,7 +678,7 @@ auth_key_is_revoked(Key *key, int hostkey) | |||
656 | logit("Public key %s from %s blacklisted (see " | 678 | logit("Public key %s from %s blacklisted (see " |
657 | "ssh-vulnkey(1))", | 679 | "ssh-vulnkey(1))", |
658 | key_fp, get_remote_ipaddr()); | 680 | key_fp, get_remote_ipaddr()); |
659 | xfree(key_fp); | 681 | free(key_fp); |
660 | return 1; | 682 | return 1; |
661 | } | 683 | } |
662 | } | 684 | } |
@@ -688,7 +710,7 @@ auth_key_is_revoked(Key *key, int hostkey) | |||
688 | key_fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); | 710 | key_fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); |
689 | error("WARNING: authentication attempt with a revoked " | 711 | error("WARNING: authentication attempt with a revoked " |
690 | "%s key %s ", key_type(key), key_fp); | 712 | "%s key %s ", key_type(key), key_fp); |
691 | xfree(key_fp); | 713 | free(key_fp); |
692 | return 1; | 714 | return 1; |
693 | } | 715 | } |
694 | fatal("key_in_file returned junk"); | 716 | fatal("key_in_file returned junk"); |
@@ -719,7 +741,7 @@ auth_debug_send(void) | |||
719 | while (buffer_len(&auth_debug)) { | 741 | while (buffer_len(&auth_debug)) { |
720 | msg = buffer_get_string(&auth_debug, NULL); | 742 | msg = buffer_get_string(&auth_debug, NULL); |
721 | packet_send_debug("%s", msg); | 743 | packet_send_debug("%s", msg); |
722 | xfree(msg); | 744 | free(msg); |
723 | } | 745 | } |
724 | } | 746 | } |
725 | 747 | ||
@@ -743,10 +765,12 @@ fakepw(void) | |||
743 | fake.pw_name = "NOUSER"; | 765 | fake.pw_name = "NOUSER"; |
744 | fake.pw_passwd = | 766 | fake.pw_passwd = |
745 | "$2a$06$r3.juUaHZDlIbQaO2dS9FuYxL1W9M81R1Tc92PoSNmzvpEqLkLGrK"; | 767 | "$2a$06$r3.juUaHZDlIbQaO2dS9FuYxL1W9M81R1Tc92PoSNmzvpEqLkLGrK"; |
768 | #ifdef HAVE_STRUCT_PASSWD_PW_GECOS | ||
746 | fake.pw_gecos = "NOUSER"; | 769 | fake.pw_gecos = "NOUSER"; |
770 | #endif | ||
747 | fake.pw_uid = privsep_pw == NULL ? (uid_t)-1 : privsep_pw->pw_uid; | 771 | fake.pw_uid = privsep_pw == NULL ? (uid_t)-1 : privsep_pw->pw_uid; |
748 | fake.pw_gid = privsep_pw == NULL ? (gid_t)-1 : privsep_pw->pw_gid; | 772 | fake.pw_gid = privsep_pw == NULL ? (gid_t)-1 : privsep_pw->pw_gid; |
749 | #ifdef HAVE_PW_CLASS_IN_PASSWD | 773 | #ifdef HAVE_STRUCT_PASSWD_PW_CLASS |
750 | fake.pw_class = ""; | 774 | fake.pw_class = ""; |
751 | #endif | 775 | #endif |
752 | fake.pw_dir = "/nonexist"; | 776 | fake.pw_dir = "/nonexist"; |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth.h,v 1.72 2012/12/02 20:34:09 djm Exp $ */ | 1 | /* $OpenBSD: auth.h,v 1.76 2013/07/19 07:37:48 markus Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
@@ -61,6 +61,7 @@ struct Authctxt { | |||
61 | char *style; | 61 | char *style; |
62 | char *role; | 62 | char *role; |
63 | void *kbdintctxt; | 63 | void *kbdintctxt; |
64 | char *info; /* Extra info for next auth_log */ | ||
64 | void *jpake_ctx; | 65 | void *jpake_ctx; |
65 | #ifdef BSD_AUTH | 66 | #ifdef BSD_AUTH |
66 | auth_session_t *as; | 67 | auth_session_t *as; |
@@ -122,6 +123,8 @@ int auth_rsa_key_allowed(struct passwd *, BIGNUM *, Key **); | |||
122 | int auth_rhosts_rsa_key_allowed(struct passwd *, char *, char *, Key *); | 123 | int auth_rhosts_rsa_key_allowed(struct passwd *, char *, char *, Key *); |
123 | int hostbased_key_allowed(struct passwd *, const char *, char *, Key *); | 124 | int hostbased_key_allowed(struct passwd *, const char *, char *, Key *); |
124 | int user_key_allowed(struct passwd *, Key *); | 125 | int user_key_allowed(struct passwd *, Key *); |
126 | void pubkey_auth_info(Authctxt *, const Key *, const char *, ...) | ||
127 | __attribute__((__format__ (printf, 3, 4))); | ||
125 | 128 | ||
126 | struct stat; | 129 | struct stat; |
127 | int auth_secure_path(const char *, struct stat *, const char *, uid_t, | 130 | int auth_secure_path(const char *, struct stat *, const char *, uid_t, |
@@ -149,8 +152,10 @@ void disable_forwarding(void); | |||
149 | void do_authentication(Authctxt *); | 152 | void do_authentication(Authctxt *); |
150 | void do_authentication2(Authctxt *); | 153 | void do_authentication2(Authctxt *); |
151 | 154 | ||
152 | void auth_log(Authctxt *, int, int, const char *, const char *, | 155 | void auth_info(Authctxt *authctxt, const char *, ...) |
153 | const char *); | 156 | __attribute__((__format__ (printf, 2, 3))) |
157 | __attribute__((__nonnull__ (2))); | ||
158 | void auth_log(Authctxt *, int, int, const char *, const char *); | ||
154 | void userauth_finish(Authctxt *, int, const char *, const char *); | 159 | void userauth_finish(Authctxt *, int, const char *, const char *); |
155 | int auth_root_allowed(const char *); | 160 | int auth_root_allowed(const char *); |
156 | 161 | ||
@@ -158,8 +163,9 @@ void userauth_send_banner(const char *); | |||
158 | 163 | ||
159 | char *auth2_read_banner(void); | 164 | char *auth2_read_banner(void); |
160 | int auth2_methods_valid(const char *, int); | 165 | int auth2_methods_valid(const char *, int); |
161 | int auth2_update_methods_lists(Authctxt *, const char *); | 166 | int auth2_update_methods_lists(Authctxt *, const char *, const char *); |
162 | int auth2_setup_methods_lists(Authctxt *); | 167 | int auth2_setup_methods_lists(Authctxt *); |
168 | int auth2_method_allowed(Authctxt *, const char *, const char *); | ||
163 | 169 | ||
164 | void privsep_challenge_enable(void); | 170 | void privsep_challenge_enable(void); |
165 | 171 | ||
@@ -193,10 +199,12 @@ check_key_in_hostfiles(struct passwd *, Key *, const char *, | |||
193 | 199 | ||
194 | /* hostkey handling */ | 200 | /* hostkey handling */ |
195 | Key *get_hostkey_by_index(int); | 201 | Key *get_hostkey_by_index(int); |
202 | Key *get_hostkey_public_by_index(int); | ||
196 | Key *get_hostkey_public_by_type(int); | 203 | Key *get_hostkey_public_by_type(int); |
197 | Key *get_hostkey_private_by_type(int); | 204 | Key *get_hostkey_private_by_type(int); |
198 | int get_hostkey_index(Key *); | 205 | int get_hostkey_index(Key *); |
199 | int ssh1_session_key(BIGNUM *); | 206 | int ssh1_session_key(BIGNUM *); |
207 | void sshd_hostkey_sign(Key *, Key *, u_char **, u_int *, u_char *, u_int); | ||
200 | 208 | ||
201 | /* debug messages during authentication */ | 209 | /* debug messages during authentication */ |
202 | void auth_debug_add(const char *fmt,...) __attribute__((format(printf, 1, 2))); | 210 | void auth_debug_add(const char *fmt,...) __attribute__((format(printf, 1, 2))); |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth1.c,v 1.77 2012/12/02 20:34:09 djm Exp $ */ | 1 | /* $OpenBSD: auth1.c,v 1.79 2013/05/19 02:42:42 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
4 | * All rights reserved | 4 | * All rights reserved |
@@ -45,11 +45,11 @@ | |||
45 | extern ServerOptions options; | 45 | extern ServerOptions options; |
46 | extern Buffer loginmsg; | 46 | extern Buffer loginmsg; |
47 | 47 | ||
48 | static int auth1_process_password(Authctxt *, char *, size_t); | 48 | static int auth1_process_password(Authctxt *); |
49 | static int auth1_process_rsa(Authctxt *, char *, size_t); | 49 | static int auth1_process_rsa(Authctxt *); |
50 | static int auth1_process_rhosts_rsa(Authctxt *, char *, size_t); | 50 | static int auth1_process_rhosts_rsa(Authctxt *); |
51 | static int auth1_process_tis_challenge(Authctxt *, char *, size_t); | 51 | static int auth1_process_tis_challenge(Authctxt *); |
52 | static int auth1_process_tis_response(Authctxt *, char *, size_t); | 52 | static int auth1_process_tis_response(Authctxt *); |
53 | 53 | ||
54 | static char *client_user = NULL; /* Used to fill in remote user for PAM */ | 54 | static char *client_user = NULL; /* Used to fill in remote user for PAM */ |
55 | 55 | ||
@@ -57,7 +57,7 @@ struct AuthMethod1 { | |||
57 | int type; | 57 | int type; |
58 | char *name; | 58 | char *name; |
59 | int *enabled; | 59 | int *enabled; |
60 | int (*method)(Authctxt *, char *, size_t); | 60 | int (*method)(Authctxt *); |
61 | }; | 61 | }; |
62 | 62 | ||
63 | const struct AuthMethod1 auth1_methods[] = { | 63 | const struct AuthMethod1 auth1_methods[] = { |
@@ -112,7 +112,7 @@ get_authname(int type) | |||
112 | 112 | ||
113 | /*ARGSUSED*/ | 113 | /*ARGSUSED*/ |
114 | static int | 114 | static int |
115 | auth1_process_password(Authctxt *authctxt, char *info, size_t infolen) | 115 | auth1_process_password(Authctxt *authctxt) |
116 | { | 116 | { |
117 | int authenticated = 0; | 117 | int authenticated = 0; |
118 | char *password; | 118 | char *password; |
@@ -130,14 +130,14 @@ auth1_process_password(Authctxt *authctxt, char *info, size_t infolen) | |||
130 | authenticated = PRIVSEP(auth_password(authctxt, password)); | 130 | authenticated = PRIVSEP(auth_password(authctxt, password)); |
131 | 131 | ||
132 | memset(password, 0, dlen); | 132 | memset(password, 0, dlen); |
133 | xfree(password); | 133 | free(password); |
134 | 134 | ||
135 | return (authenticated); | 135 | return (authenticated); |
136 | } | 136 | } |
137 | 137 | ||
138 | /*ARGSUSED*/ | 138 | /*ARGSUSED*/ |
139 | static int | 139 | static int |
140 | auth1_process_rsa(Authctxt *authctxt, char *info, size_t infolen) | 140 | auth1_process_rsa(Authctxt *authctxt) |
141 | { | 141 | { |
142 | int authenticated = 0; | 142 | int authenticated = 0; |
143 | BIGNUM *n; | 143 | BIGNUM *n; |
@@ -155,7 +155,7 @@ auth1_process_rsa(Authctxt *authctxt, char *info, size_t infolen) | |||
155 | 155 | ||
156 | /*ARGSUSED*/ | 156 | /*ARGSUSED*/ |
157 | static int | 157 | static int |
158 | auth1_process_rhosts_rsa(Authctxt *authctxt, char *info, size_t infolen) | 158 | auth1_process_rhosts_rsa(Authctxt *authctxt) |
159 | { | 159 | { |
160 | int keybits, authenticated = 0; | 160 | int keybits, authenticated = 0; |
161 | u_int bits; | 161 | u_int bits; |
@@ -187,14 +187,14 @@ auth1_process_rhosts_rsa(Authctxt *authctxt, char *info, size_t infolen) | |||
187 | client_host_key); | 187 | client_host_key); |
188 | key_free(client_host_key); | 188 | key_free(client_host_key); |
189 | 189 | ||
190 | snprintf(info, infolen, " ruser %.100s", client_user); | 190 | auth_info(authctxt, "ruser %.100s", client_user); |
191 | 191 | ||
192 | return (authenticated); | 192 | return (authenticated); |
193 | } | 193 | } |
194 | 194 | ||
195 | /*ARGSUSED*/ | 195 | /*ARGSUSED*/ |
196 | static int | 196 | static int |
197 | auth1_process_tis_challenge(Authctxt *authctxt, char *info, size_t infolen) | 197 | auth1_process_tis_challenge(Authctxt *authctxt) |
198 | { | 198 | { |
199 | char *challenge; | 199 | char *challenge; |
200 | 200 | ||
@@ -204,7 +204,7 @@ auth1_process_tis_challenge(Authctxt *authctxt, char *info, size_t infolen) | |||
204 | debug("sending challenge '%s'", challenge); | 204 | debug("sending challenge '%s'", challenge); |
205 | packet_start(SSH_SMSG_AUTH_TIS_CHALLENGE); | 205 | packet_start(SSH_SMSG_AUTH_TIS_CHALLENGE); |
206 | packet_put_cstring(challenge); | 206 | packet_put_cstring(challenge); |
207 | xfree(challenge); | 207 | free(challenge); |
208 | packet_send(); | 208 | packet_send(); |
209 | packet_write_wait(); | 209 | packet_write_wait(); |
210 | 210 | ||
@@ -213,7 +213,7 @@ auth1_process_tis_challenge(Authctxt *authctxt, char *info, size_t infolen) | |||
213 | 213 | ||
214 | /*ARGSUSED*/ | 214 | /*ARGSUSED*/ |
215 | static int | 215 | static int |
216 | auth1_process_tis_response(Authctxt *authctxt, char *info, size_t infolen) | 216 | auth1_process_tis_response(Authctxt *authctxt) |
217 | { | 217 | { |
218 | int authenticated = 0; | 218 | int authenticated = 0; |
219 | char *response; | 219 | char *response; |
@@ -223,7 +223,7 @@ auth1_process_tis_response(Authctxt *authctxt, char *info, size_t infolen) | |||
223 | packet_check_eom(); | 223 | packet_check_eom(); |
224 | authenticated = verify_response(authctxt, response); | 224 | authenticated = verify_response(authctxt, response); |
225 | memset(response, 'r', dlen); | 225 | memset(response, 'r', dlen); |
226 | xfree(response); | 226 | free(response); |
227 | 227 | ||
228 | return (authenticated); | 228 | return (authenticated); |
229 | } | 229 | } |
@@ -236,7 +236,6 @@ static void | |||
236 | do_authloop(Authctxt *authctxt) | 236 | do_authloop(Authctxt *authctxt) |
237 | { | 237 | { |
238 | int authenticated = 0; | 238 | int authenticated = 0; |
239 | char info[1024]; | ||
240 | int prev = 0, type = 0; | 239 | int prev = 0, type = 0; |
241 | const struct AuthMethod1 *meth; | 240 | const struct AuthMethod1 *meth; |
242 | 241 | ||
@@ -254,7 +253,7 @@ do_authloop(Authctxt *authctxt) | |||
254 | #endif | 253 | #endif |
255 | { | 254 | { |
256 | auth_log(authctxt, 1, 0, "without authentication", | 255 | auth_log(authctxt, 1, 0, "without authentication", |
257 | NULL, ""); | 256 | NULL); |
258 | return; | 257 | return; |
259 | } | 258 | } |
260 | } | 259 | } |
@@ -268,7 +267,6 @@ do_authloop(Authctxt *authctxt) | |||
268 | /* default to fail */ | 267 | /* default to fail */ |
269 | authenticated = 0; | 268 | authenticated = 0; |
270 | 269 | ||
271 | info[0] = '\0'; | ||
272 | 270 | ||
273 | /* Get a packet from the client. */ | 271 | /* Get a packet from the client. */ |
274 | prev = type; | 272 | prev = type; |
@@ -298,7 +296,7 @@ do_authloop(Authctxt *authctxt) | |||
298 | goto skip; | 296 | goto skip; |
299 | } | 297 | } |
300 | 298 | ||
301 | authenticated = meth->method(authctxt, info, sizeof(info)); | 299 | authenticated = meth->method(authctxt); |
302 | if (authenticated == -1) | 300 | if (authenticated == -1) |
303 | continue; /* "postponed" */ | 301 | continue; /* "postponed" */ |
304 | 302 | ||
@@ -353,13 +351,10 @@ do_authloop(Authctxt *authctxt) | |||
353 | 351 | ||
354 | skip: | 352 | skip: |
355 | /* Log before sending the reply */ | 353 | /* Log before sending the reply */ |
356 | auth_log(authctxt, authenticated, 0, get_authname(type), | 354 | auth_log(authctxt, authenticated, 0, get_authname(type), NULL); |
357 | NULL, info); | ||
358 | 355 | ||
359 | if (client_user != NULL) { | 356 | free(client_user); |
360 | xfree(client_user); | 357 | client_user = NULL; |
361 | client_user = NULL; | ||
362 | } | ||
363 | 358 | ||
364 | if (authenticated) | 359 | if (authenticated) |
365 | return; | 360 | return; |
diff --git a/auth2-chall.c b/auth2-chall.c index 6505d4009..98f3093ce 100644 --- a/auth2-chall.c +++ b/auth2-chall.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth2-chall.c,v 1.36 2012/12/03 00:14:06 djm Exp $ */ | 1 | /* $OpenBSD: auth2-chall.c,v 1.38 2013/05/17 00:13:13 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. |
4 | * Copyright (c) 2001 Per Allansson. All rights reserved. | 4 | * Copyright (c) 2001 Per Allansson. All rights reserved. |
@@ -147,15 +147,13 @@ kbdint_free(KbdintAuthctxt *kbdintctxt) | |||
147 | { | 147 | { |
148 | if (kbdintctxt->device) | 148 | if (kbdintctxt->device) |
149 | kbdint_reset_device(kbdintctxt); | 149 | kbdint_reset_device(kbdintctxt); |
150 | if (kbdintctxt->devices) { | 150 | free(kbdintctxt->devices); |
151 | xfree(kbdintctxt->devices); | 151 | bzero(kbdintctxt, sizeof(*kbdintctxt)); |
152 | kbdintctxt->devices = NULL; | 152 | free(kbdintctxt); |
153 | } | ||
154 | xfree(kbdintctxt); | ||
155 | } | 153 | } |
156 | /* get next device */ | 154 | /* get next device */ |
157 | static int | 155 | static int |
158 | kbdint_next_device(KbdintAuthctxt *kbdintctxt) | 156 | kbdint_next_device(Authctxt *authctxt, KbdintAuthctxt *kbdintctxt) |
159 | { | 157 | { |
160 | size_t len; | 158 | size_t len; |
161 | char *t; | 159 | char *t; |
@@ -169,12 +167,16 @@ kbdint_next_device(KbdintAuthctxt *kbdintctxt) | |||
169 | 167 | ||
170 | if (len == 0) | 168 | if (len == 0) |
171 | break; | 169 | break; |
172 | for (i = 0; devices[i]; i++) | 170 | for (i = 0; devices[i]; i++) { |
171 | if (!auth2_method_allowed(authctxt, | ||
172 | "keyboard-interactive", devices[i]->name)) | ||
173 | continue; | ||
173 | if (strncmp(kbdintctxt->devices, devices[i]->name, len) == 0) | 174 | if (strncmp(kbdintctxt->devices, devices[i]->name, len) == 0) |
174 | kbdintctxt->device = devices[i]; | 175 | kbdintctxt->device = devices[i]; |
176 | } | ||
175 | t = kbdintctxt->devices; | 177 | t = kbdintctxt->devices; |
176 | kbdintctxt->devices = t[len] ? xstrdup(t+len+1) : NULL; | 178 | kbdintctxt->devices = t[len] ? xstrdup(t+len+1) : NULL; |
177 | xfree(t); | 179 | free(t); |
178 | debug2("kbdint_next_device: devices %s", kbdintctxt->devices ? | 180 | debug2("kbdint_next_device: devices %s", kbdintctxt->devices ? |
179 | kbdintctxt->devices : "<empty>"); | 181 | kbdintctxt->devices : "<empty>"); |
180 | } while (kbdintctxt->devices && !kbdintctxt->device); | 182 | } while (kbdintctxt->devices && !kbdintctxt->device); |
@@ -221,7 +223,7 @@ auth2_challenge_start(Authctxt *authctxt) | |||
221 | debug2("auth2_challenge_start: devices %s", | 223 | debug2("auth2_challenge_start: devices %s", |
222 | kbdintctxt->devices ? kbdintctxt->devices : "<empty>"); | 224 | kbdintctxt->devices ? kbdintctxt->devices : "<empty>"); |
223 | 225 | ||
224 | if (kbdint_next_device(kbdintctxt) == 0) { | 226 | if (kbdint_next_device(authctxt, kbdintctxt) == 0) { |
225 | auth2_challenge_stop(authctxt); | 227 | auth2_challenge_stop(authctxt); |
226 | return 0; | 228 | return 0; |
227 | } | 229 | } |
@@ -268,11 +270,11 @@ send_userauth_info_request(Authctxt *authctxt) | |||
268 | packet_write_wait(); | 270 | packet_write_wait(); |
269 | 271 | ||
270 | for (i = 0; i < kbdintctxt->nreq; i++) | 272 | for (i = 0; i < kbdintctxt->nreq; i++) |
271 | xfree(prompts[i]); | 273 | free(prompts[i]); |
272 | xfree(prompts); | 274 | free(prompts); |
273 | xfree(echo_on); | 275 | free(echo_on); |
274 | xfree(name); | 276 | free(name); |
275 | xfree(instr); | 277 | free(instr); |
276 | return 1; | 278 | return 1; |
277 | } | 279 | } |
278 | 280 | ||
@@ -311,10 +313,9 @@ input_userauth_info_response(int type, u_int32_t seq, void *ctxt) | |||
311 | 313 | ||
312 | for (i = 0; i < nresp; i++) { | 314 | for (i = 0; i < nresp; i++) { |
313 | memset(response[i], 'r', strlen(response[i])); | 315 | memset(response[i], 'r', strlen(response[i])); |
314 | xfree(response[i]); | 316 | free(response[i]); |
315 | } | 317 | } |
316 | if (response) | 318 | free(response); |
317 | xfree(response); | ||
318 | 319 | ||
319 | switch (res) { | 320 | switch (res) { |
320 | case 0: | 321 | case 0: |
diff --git a/auth2-gss.c b/auth2-gss.c index 17d4a3a84..b8db8204f 100644 --- a/auth2-gss.c +++ b/auth2-gss.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth2-gss.c,v 1.18 2012/12/02 20:34:09 djm Exp $ */ | 1 | /* $OpenBSD: auth2-gss.c,v 1.20 2013/05/17 00:13:13 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2001-2007 Simon Wilkinson. All rights reserved. | 4 | * Copyright (c) 2001-2007 Simon Wilkinson. All rights reserved. |
@@ -81,7 +81,7 @@ userauth_gsskeyex(Authctxt *authctxt) | |||
81 | authctxt->pw)); | 81 | authctxt->pw)); |
82 | 82 | ||
83 | buffer_free(&b); | 83 | buffer_free(&b); |
84 | xfree(mic.value); | 84 | free(mic.value); |
85 | 85 | ||
86 | return (authenticated); | 86 | return (authenticated); |
87 | } | 87 | } |
@@ -115,8 +115,7 @@ userauth_gssapi(Authctxt *authctxt) | |||
115 | do { | 115 | do { |
116 | mechs--; | 116 | mechs--; |
117 | 117 | ||
118 | if (doid) | 118 | free(doid); |
119 | xfree(doid); | ||
120 | 119 | ||
121 | present = 0; | 120 | present = 0; |
122 | doid = packet_get_string(&len); | 121 | doid = packet_get_string(&len); |
@@ -135,7 +134,7 @@ userauth_gssapi(Authctxt *authctxt) | |||
135 | gss_release_oid_set(&ms, &supported); | 134 | gss_release_oid_set(&ms, &supported); |
136 | 135 | ||
137 | if (!present) { | 136 | if (!present) { |
138 | xfree(doid); | 137 | free(doid); |
139 | authctxt->server_caused_failure = 1; | 138 | authctxt->server_caused_failure = 1; |
140 | return (0); | 139 | return (0); |
141 | } | 140 | } |
@@ -143,7 +142,7 @@ userauth_gssapi(Authctxt *authctxt) | |||
143 | if (GSS_ERROR(PRIVSEP(ssh_gssapi_server_ctx(&ctxt, &goid)))) { | 142 | if (GSS_ERROR(PRIVSEP(ssh_gssapi_server_ctx(&ctxt, &goid)))) { |
144 | if (ctxt != NULL) | 143 | if (ctxt != NULL) |
145 | ssh_gssapi_delete_ctx(&ctxt); | 144 | ssh_gssapi_delete_ctx(&ctxt); |
146 | xfree(doid); | 145 | free(doid); |
147 | authctxt->server_caused_failure = 1; | 146 | authctxt->server_caused_failure = 1; |
148 | return (0); | 147 | return (0); |
149 | } | 148 | } |
@@ -156,7 +155,7 @@ userauth_gssapi(Authctxt *authctxt) | |||
156 | packet_put_string(doid, len); | 155 | packet_put_string(doid, len); |
157 | 156 | ||
158 | packet_send(); | 157 | packet_send(); |
159 | xfree(doid); | 158 | free(doid); |
160 | 159 | ||
161 | dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, &input_gssapi_token); | 160 | dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, &input_gssapi_token); |
162 | dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, &input_gssapi_errtok); | 161 | dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, &input_gssapi_errtok); |
@@ -187,7 +186,7 @@ input_gssapi_token(int type, u_int32_t plen, void *ctxt) | |||
187 | maj_status = PRIVSEP(ssh_gssapi_accept_ctx(gssctxt, &recv_tok, | 186 | maj_status = PRIVSEP(ssh_gssapi_accept_ctx(gssctxt, &recv_tok, |
188 | &send_tok, &flags)); | 187 | &send_tok, &flags)); |
189 | 188 | ||
190 | xfree(recv_tok.value); | 189 | free(recv_tok.value); |
191 | 190 | ||
192 | if (GSS_ERROR(maj_status)) { | 191 | if (GSS_ERROR(maj_status)) { |
193 | if (send_tok.length != 0) { | 192 | if (send_tok.length != 0) { |
@@ -242,7 +241,7 @@ input_gssapi_errtok(int type, u_int32_t plen, void *ctxt) | |||
242 | maj_status = PRIVSEP(ssh_gssapi_accept_ctx(gssctxt, &recv_tok, | 241 | maj_status = PRIVSEP(ssh_gssapi_accept_ctx(gssctxt, &recv_tok, |
243 | &send_tok, NULL)); | 242 | &send_tok, NULL)); |
244 | 243 | ||
245 | xfree(recv_tok.value); | 244 | free(recv_tok.value); |
246 | 245 | ||
247 | /* We can't return anything to the client, even if we wanted to */ | 246 | /* We can't return anything to the client, even if we wanted to */ |
248 | dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL); | 247 | dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL); |
@@ -263,14 +262,11 @@ static void | |||
263 | input_gssapi_exchange_complete(int type, u_int32_t plen, void *ctxt) | 262 | input_gssapi_exchange_complete(int type, u_int32_t plen, void *ctxt) |
264 | { | 263 | { |
265 | Authctxt *authctxt = ctxt; | 264 | Authctxt *authctxt = ctxt; |
266 | Gssctxt *gssctxt; | ||
267 | int authenticated; | 265 | int authenticated; |
268 | 266 | ||
269 | if (authctxt == NULL || (authctxt->methoddata == NULL && !use_privsep)) | 267 | if (authctxt == NULL || (authctxt->methoddata == NULL && !use_privsep)) |
270 | fatal("No authentication or GSSAPI context"); | 268 | fatal("No authentication or GSSAPI context"); |
271 | 269 | ||
272 | gssctxt = authctxt->methoddata; | ||
273 | |||
274 | /* | 270 | /* |
275 | * We don't need to check the status, because we're only enabled in | 271 | * We don't need to check the status, because we're only enabled in |
276 | * the dispatcher once the exchange is complete | 272 | * the dispatcher once the exchange is complete |
@@ -320,7 +316,7 @@ input_gssapi_mic(int type, u_int32_t plen, void *ctxt) | |||
320 | logit("GSSAPI MIC check failed"); | 316 | logit("GSSAPI MIC check failed"); |
321 | 317 | ||
322 | buffer_free(&b); | 318 | buffer_free(&b); |
323 | xfree(mic.value); | 319 | free(mic.value); |
324 | 320 | ||
325 | authctxt->postponed = 0; | 321 | authctxt->postponed = 0; |
326 | dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL); | 322 | dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL); |
diff --git a/auth2-hostbased.c b/auth2-hostbased.c index 700631558..3a17f1bf2 100644 --- a/auth2-hostbased.c +++ b/auth2-hostbased.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth2-hostbased.c,v 1.14 2010/08/04 05:42:47 djm Exp $ */ | 1 | /* $OpenBSD: auth2-hostbased.c,v 1.16 2013/06/21 00:34:49 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -116,6 +116,10 @@ userauth_hostbased(Authctxt *authctxt) | |||
116 | #ifdef DEBUG_PK | 116 | #ifdef DEBUG_PK |
117 | buffer_dump(&b); | 117 | buffer_dump(&b); |
118 | #endif | 118 | #endif |
119 | |||
120 | pubkey_auth_info(authctxt, key, | ||
121 | "client user \"%.100s\", client host \"%.100s\"", cuser, chost); | ||
122 | |||
119 | /* test for allowed key and correct signature */ | 123 | /* test for allowed key and correct signature */ |
120 | authenticated = 0; | 124 | authenticated = 0; |
121 | if (PRIVSEP(hostbased_key_allowed(authctxt->pw, cuser, chost, key)) && | 125 | if (PRIVSEP(hostbased_key_allowed(authctxt->pw, cuser, chost, key)) && |
@@ -128,11 +132,11 @@ done: | |||
128 | debug2("userauth_hostbased: authenticated %d", authenticated); | 132 | debug2("userauth_hostbased: authenticated %d", authenticated); |
129 | if (key != NULL) | 133 | if (key != NULL) |
130 | key_free(key); | 134 | key_free(key); |
131 | xfree(pkalg); | 135 | free(pkalg); |
132 | xfree(pkblob); | 136 | free(pkblob); |
133 | xfree(cuser); | 137 | free(cuser); |
134 | xfree(chost); | 138 | free(chost); |
135 | xfree(sig); | 139 | free(sig); |
136 | return authenticated; | 140 | return authenticated; |
137 | } | 141 | } |
138 | 142 | ||
@@ -207,7 +211,7 @@ hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost, | |||
207 | verbose("Accepted %s public key %s from %s@%s", | 211 | verbose("Accepted %s public key %s from %s@%s", |
208 | key_type(key), fp, cuser, lookup); | 212 | key_type(key), fp, cuser, lookup); |
209 | } | 213 | } |
210 | xfree(fp); | 214 | free(fp); |
211 | } | 215 | } |
212 | 216 | ||
213 | return (host_status == HOST_OK); | 217 | return (host_status == HOST_OK); |
diff --git a/auth2-jpake.c b/auth2-jpake.c index ed0eba47b..78a6b8817 100644 --- a/auth2-jpake.c +++ b/auth2-jpake.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth2-jpake.c,v 1.5 2012/12/02 20:34:09 djm Exp $ */ | 1 | /* $OpenBSD: auth2-jpake.c,v 1.6 2013/05/17 00:13:13 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2008 Damien Miller. All rights reserved. | 3 | * Copyright (c) 2008 Damien Miller. All rights reserved. |
4 | * | 4 | * |
@@ -179,7 +179,7 @@ derive_rawsalt(const char *username, u_char *rawsalt, u_int len) | |||
179 | __func__, len, digest_len); | 179 | __func__, len, digest_len); |
180 | memcpy(rawsalt, digest, len); | 180 | memcpy(rawsalt, digest, len); |
181 | bzero(digest, digest_len); | 181 | bzero(digest, digest_len); |
182 | xfree(digest); | 182 | free(digest); |
183 | } | 183 | } |
184 | 184 | ||
185 | /* ASCII an integer [0, 64) for inclusion in a password/salt */ | 185 | /* ASCII an integer [0, 64) for inclusion in a password/salt */ |
@@ -258,7 +258,7 @@ fake_salt_and_scheme(Authctxt *authctxt, char **salt, char **scheme) | |||
258 | makesalt(22, authctxt->user)); | 258 | makesalt(22, authctxt->user)); |
259 | *scheme = xstrdup("bcrypt"); | 259 | *scheme = xstrdup("bcrypt"); |
260 | } | 260 | } |
261 | xfree(style); | 261 | free(style); |
262 | debug3("%s: fake %s salt for user %s: %s", | 262 | debug3("%s: fake %s salt for user %s: %s", |
263 | __func__, *scheme, authctxt->user, *salt); | 263 | __func__, *scheme, authctxt->user, *salt); |
264 | } | 264 | } |
@@ -361,7 +361,7 @@ auth2_jpake_get_pwdata(Authctxt *authctxt, BIGNUM **s, | |||
361 | JPAKE_DEBUG_BN((*s, "%s: s = ", __func__)); | 361 | JPAKE_DEBUG_BN((*s, "%s: s = ", __func__)); |
362 | #endif | 362 | #endif |
363 | bzero(secret, secret_len); | 363 | bzero(secret, secret_len); |
364 | xfree(secret); | 364 | free(secret); |
365 | } | 365 | } |
366 | 366 | ||
367 | /* | 367 | /* |
@@ -403,12 +403,12 @@ auth2_jpake_start(Authctxt *authctxt) | |||
403 | 403 | ||
404 | bzero(hash_scheme, strlen(hash_scheme)); | 404 | bzero(hash_scheme, strlen(hash_scheme)); |
405 | bzero(salt, strlen(salt)); | 405 | bzero(salt, strlen(salt)); |
406 | xfree(hash_scheme); | 406 | free(hash_scheme); |
407 | xfree(salt); | 407 | free(salt); |
408 | bzero(x3_proof, x3_proof_len); | 408 | bzero(x3_proof, x3_proof_len); |
409 | bzero(x4_proof, x4_proof_len); | 409 | bzero(x4_proof, x4_proof_len); |
410 | xfree(x3_proof); | 410 | free(x3_proof); |
411 | xfree(x4_proof); | 411 | free(x4_proof); |
412 | 412 | ||
413 | /* Expect step 1 packet from peer */ | 413 | /* Expect step 1 packet from peer */ |
414 | dispatch_set(SSH2_MSG_USERAUTH_JPAKE_CLIENT_STEP1, | 414 | dispatch_set(SSH2_MSG_USERAUTH_JPAKE_CLIENT_STEP1, |
@@ -455,8 +455,8 @@ input_userauth_jpake_client_step1(int type, u_int32_t seq, void *ctxt) | |||
455 | 455 | ||
456 | bzero(x1_proof, x1_proof_len); | 456 | bzero(x1_proof, x1_proof_len); |
457 | bzero(x2_proof, x2_proof_len); | 457 | bzero(x2_proof, x2_proof_len); |
458 | xfree(x1_proof); | 458 | free(x1_proof); |
459 | xfree(x2_proof); | 459 | free(x2_proof); |
460 | 460 | ||
461 | if (!use_privsep) | 461 | if (!use_privsep) |
462 | JPAKE_DEBUG_CTX((pctx, "step 2 sending in %s", __func__)); | 462 | JPAKE_DEBUG_CTX((pctx, "step 2 sending in %s", __func__)); |
@@ -469,7 +469,7 @@ input_userauth_jpake_client_step1(int type, u_int32_t seq, void *ctxt) | |||
469 | packet_write_wait(); | 469 | packet_write_wait(); |
470 | 470 | ||
471 | bzero(x4_s_proof, x4_s_proof_len); | 471 | bzero(x4_s_proof, x4_s_proof_len); |
472 | xfree(x4_s_proof); | 472 | free(x4_s_proof); |
473 | 473 | ||
474 | /* Expect step 2 packet from peer */ | 474 | /* Expect step 2 packet from peer */ |
475 | dispatch_set(SSH2_MSG_USERAUTH_JPAKE_CLIENT_STEP2, | 475 | dispatch_set(SSH2_MSG_USERAUTH_JPAKE_CLIENT_STEP2, |
@@ -510,7 +510,7 @@ input_userauth_jpake_client_step2(int type, u_int32_t seq, void *ctxt) | |||
510 | &pctx->h_k_sid_sessid, &pctx->h_k_sid_sessid_len)); | 510 | &pctx->h_k_sid_sessid, &pctx->h_k_sid_sessid_len)); |
511 | 511 | ||
512 | bzero(x2_s_proof, x2_s_proof_len); | 512 | bzero(x2_s_proof, x2_s_proof_len); |
513 | xfree(x2_s_proof); | 513 | free(x2_s_proof); |
514 | 514 | ||
515 | if (!use_privsep) | 515 | if (!use_privsep) |
516 | JPAKE_DEBUG_CTX((pctx, "confirm sending in %s", __func__)); | 516 | JPAKE_DEBUG_CTX((pctx, "confirm sending in %s", __func__)); |
diff --git a/auth2-kbdint.c b/auth2-kbdint.c index fae67da6e..c39bdc62d 100644 --- a/auth2-kbdint.c +++ b/auth2-kbdint.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth2-kbdint.c,v 1.5 2006/08/03 03:34:41 deraadt Exp $ */ | 1 | /* $OpenBSD: auth2-kbdint.c,v 1.6 2013/05/17 00:13:13 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -56,8 +56,8 @@ userauth_kbdint(Authctxt *authctxt) | |||
56 | if (options.challenge_response_authentication) | 56 | if (options.challenge_response_authentication) |
57 | authenticated = auth2_challenge(authctxt, devs); | 57 | authenticated = auth2_challenge(authctxt, devs); |
58 | 58 | ||
59 | xfree(devs); | 59 | free(devs); |
60 | xfree(lang); | 60 | free(lang); |
61 | return authenticated; | 61 | return authenticated; |
62 | } | 62 | } |
63 | 63 | ||
diff --git a/auth2-passwd.c b/auth2-passwd.c index 5f1f3635f..21bc5047d 100644 --- a/auth2-passwd.c +++ b/auth2-passwd.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth2-passwd.c,v 1.9 2006/08/03 03:34:41 deraadt Exp $ */ | 1 | /* $OpenBSD: auth2-passwd.c,v 1.10 2013/05/17 00:13:13 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -60,7 +60,7 @@ userauth_passwd(Authctxt *authctxt) | |||
60 | /* discard new password from packet */ | 60 | /* discard new password from packet */ |
61 | newpass = packet_get_string(&newlen); | 61 | newpass = packet_get_string(&newlen); |
62 | memset(newpass, 0, newlen); | 62 | memset(newpass, 0, newlen); |
63 | xfree(newpass); | 63 | free(newpass); |
64 | } | 64 | } |
65 | packet_check_eom(); | 65 | packet_check_eom(); |
66 | 66 | ||
@@ -69,7 +69,7 @@ userauth_passwd(Authctxt *authctxt) | |||
69 | else if (PRIVSEP(auth_password(authctxt, password)) == 1) | 69 | else if (PRIVSEP(auth_password(authctxt, password)) == 1) |
70 | authenticated = 1; | 70 | authenticated = 1; |
71 | memset(password, 0, len); | 71 | memset(password, 0, len); |
72 | xfree(password); | 72 | free(password); |
73 | return authenticated; | 73 | return authenticated; |
74 | } | 74 | } |
75 | 75 | ||
diff --git a/auth2-pubkey.c b/auth2-pubkey.c index f980b0dad..7c0ceee55 100644 --- a/auth2-pubkey.c +++ b/auth2-pubkey.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth2-pubkey.c,v 1.34 2013/02/14 21:35:59 djm Exp $ */ | 1 | /* $OpenBSD: auth2-pubkey.c,v 1.38 2013/06/21 00:34:49 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -75,7 +75,7 @@ userauth_pubkey(Authctxt *authctxt) | |||
75 | { | 75 | { |
76 | Buffer b; | 76 | Buffer b; |
77 | Key *key = NULL; | 77 | Key *key = NULL; |
78 | char *pkalg; | 78 | char *pkalg, *userstyle; |
79 | u_char *pkblob, *sig; | 79 | u_char *pkblob, *sig; |
80 | u_int alen, blen, slen; | 80 | u_int alen, blen, slen; |
81 | int have_sig, pktype; | 81 | int have_sig, pktype; |
@@ -127,7 +127,11 @@ userauth_pubkey(Authctxt *authctxt) | |||
127 | } | 127 | } |
128 | /* reconstruct packet */ | 128 | /* reconstruct packet */ |
129 | buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST); | 129 | buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST); |
130 | buffer_put_cstring(&b, authctxt->user); | 130 | xasprintf(&userstyle, "%s%s%s", authctxt->user, |
131 | authctxt->style ? ":" : "", | ||
132 | authctxt->style ? authctxt->style : ""); | ||
133 | buffer_put_cstring(&b, userstyle); | ||
134 | free(userstyle); | ||
131 | buffer_put_cstring(&b, | 135 | buffer_put_cstring(&b, |
132 | datafellows & SSH_BUG_PKSERVICE ? | 136 | datafellows & SSH_BUG_PKSERVICE ? |
133 | "ssh-userauth" : | 137 | "ssh-userauth" : |
@@ -143,6 +147,8 @@ userauth_pubkey(Authctxt *authctxt) | |||
143 | #ifdef DEBUG_PK | 147 | #ifdef DEBUG_PK |
144 | buffer_dump(&b); | 148 | buffer_dump(&b); |
145 | #endif | 149 | #endif |
150 | pubkey_auth_info(authctxt, key, NULL); | ||
151 | |||
146 | /* test for correct signature */ | 152 | /* test for correct signature */ |
147 | authenticated = 0; | 153 | authenticated = 0; |
148 | if (PRIVSEP(user_key_allowed(authctxt->pw, key)) && | 154 | if (PRIVSEP(user_key_allowed(authctxt->pw, key)) && |
@@ -150,7 +156,7 @@ userauth_pubkey(Authctxt *authctxt) | |||
150 | buffer_len(&b))) == 1) | 156 | buffer_len(&b))) == 1) |
151 | authenticated = 1; | 157 | authenticated = 1; |
152 | buffer_free(&b); | 158 | buffer_free(&b); |
153 | xfree(sig); | 159 | free(sig); |
154 | } else { | 160 | } else { |
155 | debug("test whether pkalg/pkblob are acceptable"); | 161 | debug("test whether pkalg/pkblob are acceptable"); |
156 | packet_check_eom(); | 162 | packet_check_eom(); |
@@ -178,11 +184,45 @@ done: | |||
178 | debug2("userauth_pubkey: authenticated %d pkalg %s", authenticated, pkalg); | 184 | debug2("userauth_pubkey: authenticated %d pkalg %s", authenticated, pkalg); |
179 | if (key != NULL) | 185 | if (key != NULL) |
180 | key_free(key); | 186 | key_free(key); |
181 | xfree(pkalg); | 187 | free(pkalg); |
182 | xfree(pkblob); | 188 | free(pkblob); |
183 | return authenticated; | 189 | return authenticated; |
184 | } | 190 | } |
185 | 191 | ||
192 | void | ||
193 | pubkey_auth_info(Authctxt *authctxt, const Key *key, const char *fmt, ...) | ||
194 | { | ||
195 | char *fp, *extra; | ||
196 | va_list ap; | ||
197 | int i; | ||
198 | |||
199 | extra = NULL; | ||
200 | if (fmt != NULL) { | ||
201 | va_start(ap, fmt); | ||
202 | i = vasprintf(&extra, fmt, ap); | ||
203 | va_end(ap); | ||
204 | if (i < 0 || extra == NULL) | ||
205 | fatal("%s: vasprintf failed", __func__); | ||
206 | } | ||
207 | |||
208 | if (key_is_cert(key)) { | ||
209 | fp = key_fingerprint(key->cert->signature_key, | ||
210 | SSH_FP_MD5, SSH_FP_HEX); | ||
211 | auth_info(authctxt, "%s ID %s (serial %llu) CA %s %s%s%s", | ||
212 | key_type(key), key->cert->key_id, | ||
213 | (unsigned long long)key->cert->serial, | ||
214 | key_type(key->cert->signature_key), fp, | ||
215 | extra == NULL ? "" : ", ", extra == NULL ? "" : extra); | ||
216 | free(fp); | ||
217 | } else { | ||
218 | fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); | ||
219 | auth_info(authctxt, "%s %s%s%s", key_type(key), fp, | ||
220 | extra == NULL ? "" : ", ", extra == NULL ? "" : extra); | ||
221 | free(fp); | ||
222 | } | ||
223 | free(extra); | ||
224 | } | ||
225 | |||
186 | static int | 226 | static int |
187 | match_principals_option(const char *principal_list, struct KeyCert *cert) | 227 | match_principals_option(const char *principal_list, struct KeyCert *cert) |
188 | { | 228 | { |
@@ -196,7 +236,7 @@ match_principals_option(const char *principal_list, struct KeyCert *cert) | |||
196 | principal_list, NULL)) != NULL) { | 236 | principal_list, NULL)) != NULL) { |
197 | debug3("matched principal from key options \"%.100s\"", | 237 | debug3("matched principal from key options \"%.100s\"", |
198 | result); | 238 | result); |
199 | xfree(result); | 239 | free(result); |
200 | return 1; | 240 | return 1; |
201 | } | 241 | } |
202 | } | 242 | } |
@@ -277,13 +317,14 @@ check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw) | |||
277 | char *fp; | 317 | char *fp; |
278 | 318 | ||
279 | found_key = 0; | 319 | found_key = 0; |
280 | found = key_new(key_is_cert(key) ? KEY_UNSPEC : key->type); | ||
281 | 320 | ||
321 | found = NULL; | ||
282 | auth_start_parse_options(); | 322 | auth_start_parse_options(); |
283 | |||
284 | while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) { | 323 | while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) { |
285 | char *cp, *key_options = NULL; | 324 | char *cp, *key_options = NULL; |
286 | 325 | if (found != NULL) | |
326 | key_free(found); | ||
327 | found = key_new(key_is_cert(key) ? KEY_UNSPEC : key->type); | ||
287 | auth_clear_options(); | 328 | auth_clear_options(); |
288 | 329 | ||
289 | /* Skip leading whitespace, empty and comment lines. */ | 330 | /* Skip leading whitespace, empty and comment lines. */ |
@@ -335,7 +376,7 @@ check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw) | |||
335 | reason = "Certificate does not contain an " | 376 | reason = "Certificate does not contain an " |
336 | "authorized principal"; | 377 | "authorized principal"; |
337 | fail_reason: | 378 | fail_reason: |
338 | xfree(fp); | 379 | free(fp); |
339 | error("%s", reason); | 380 | error("%s", reason); |
340 | auth_debug_add("%s", reason); | 381 | auth_debug_add("%s", reason); |
341 | continue; | 382 | continue; |
@@ -345,13 +386,13 @@ check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw) | |||
345 | &reason) != 0) | 386 | &reason) != 0) |
346 | goto fail_reason; | 387 | goto fail_reason; |
347 | if (auth_cert_options(key, pw) != 0) { | 388 | if (auth_cert_options(key, pw) != 0) { |
348 | xfree(fp); | 389 | free(fp); |
349 | continue; | 390 | continue; |
350 | } | 391 | } |
351 | verbose("Accepted certificate ID \"%s\" " | 392 | verbose("Accepted certificate ID \"%s\" " |
352 | "signed by %s CA %s via %s", key->cert->key_id, | 393 | "signed by %s CA %s via %s", key->cert->key_id, |
353 | key_type(found), fp, file); | 394 | key_type(found), fp, file); |
354 | xfree(fp); | 395 | free(fp); |
355 | found_key = 1; | 396 | found_key = 1; |
356 | break; | 397 | break; |
357 | } else if (key_equal(found, key)) { | 398 | } else if (key_equal(found, key)) { |
@@ -361,16 +402,15 @@ check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw) | |||
361 | if (key_is_cert_authority) | 402 | if (key_is_cert_authority) |
362 | continue; | 403 | continue; |
363 | found_key = 1; | 404 | found_key = 1; |
364 | debug("matching key found: file %s, line %lu", | ||
365 | file, linenum); | ||
366 | fp = key_fingerprint(found, SSH_FP_MD5, SSH_FP_HEX); | 405 | fp = key_fingerprint(found, SSH_FP_MD5, SSH_FP_HEX); |
367 | verbose("Found matching %s key: %s", | 406 | debug("matching key found: file %s, line %lu %s %s", |
368 | key_type(found), fp); | 407 | file, linenum, key_type(found), fp); |
369 | xfree(fp); | 408 | free(fp); |
370 | break; | 409 | break; |
371 | } | 410 | } |
372 | } | 411 | } |
373 | key_free(found); | 412 | if (found != NULL) |
413 | key_free(found); | ||
374 | if (!found_key) | 414 | if (!found_key) |
375 | debug2("key not found"); | 415 | debug2("key not found"); |
376 | return found_key; | 416 | return found_key; |
@@ -425,10 +465,8 @@ user_cert_trusted_ca(struct passwd *pw, Key *key) | |||
425 | ret = 1; | 465 | ret = 1; |
426 | 466 | ||
427 | out: | 467 | out: |
428 | if (principals_file != NULL) | 468 | free(principals_file); |
429 | xfree(principals_file); | 469 | free(ca_fp); |
430 | if (ca_fp != NULL) | ||
431 | xfree(ca_fp); | ||
432 | return ret; | 470 | return ret; |
433 | } | 471 | } |
434 | 472 | ||
@@ -634,7 +672,7 @@ user_key_allowed(struct passwd *pw, Key *key) | |||
634 | options.authorized_keys_files[i], pw); | 672 | options.authorized_keys_files[i], pw); |
635 | 673 | ||
636 | success = user_key_allowed2(pw, key, file); | 674 | success = user_key_allowed2(pw, key, file); |
637 | xfree(file); | 675 | free(file); |
638 | } | 676 | } |
639 | 677 | ||
640 | return success; | 678 | return success; |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth2.c,v 1.126 2012/12/02 20:34:09 djm Exp $ */ | 1 | /* $OpenBSD: auth2.c,v 1.129 2013/05/19 02:42:42 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -100,8 +100,12 @@ static void input_userauth_request(int, u_int32_t, void *); | |||
100 | /* helper */ | 100 | /* helper */ |
101 | static Authmethod *authmethod_lookup(Authctxt *, const char *); | 101 | static Authmethod *authmethod_lookup(Authctxt *, const char *); |
102 | static char *authmethods_get(Authctxt *authctxt); | 102 | static char *authmethods_get(Authctxt *authctxt); |
103 | static int method_allowed(Authctxt *, const char *); | 103 | |
104 | static int list_starts_with(const char *, const char *); | 104 | #define MATCH_NONE 0 /* method or submethod mismatch */ |
105 | #define MATCH_METHOD 1 /* method matches (no submethod specified) */ | ||
106 | #define MATCH_BOTH 2 /* method and submethod match */ | ||
107 | #define MATCH_PARTIAL 3 /* method matches, submethod can't be checked */ | ||
108 | static int list_starts_with(const char *, const char *, const char *); | ||
105 | 109 | ||
106 | char * | 110 | char * |
107 | auth2_read_banner(void) | 111 | auth2_read_banner(void) |
@@ -128,7 +132,7 @@ auth2_read_banner(void) | |||
128 | close(fd); | 132 | close(fd); |
129 | 133 | ||
130 | if (n != len) { | 134 | if (n != len) { |
131 | xfree(banner); | 135 | free(banner); |
132 | return (NULL); | 136 | return (NULL); |
133 | } | 137 | } |
134 | banner[n] = '\0'; | 138 | banner[n] = '\0'; |
@@ -164,8 +168,7 @@ userauth_banner(void) | |||
164 | userauth_send_banner(banner); | 168 | userauth_send_banner(banner); |
165 | 169 | ||
166 | done: | 170 | done: |
167 | if (banner) | 171 | free(banner); |
168 | xfree(banner); | ||
169 | } | 172 | } |
170 | 173 | ||
171 | /* | 174 | /* |
@@ -210,7 +213,7 @@ input_service_request(int type, u_int32_t seq, void *ctxt) | |||
210 | debug("bad service request %s", service); | 213 | debug("bad service request %s", service); |
211 | packet_disconnect("bad service request %s", service); | 214 | packet_disconnect("bad service request %s", service); |
212 | } | 215 | } |
213 | xfree(service); | 216 | free(service); |
214 | } | 217 | } |
215 | 218 | ||
216 | /*ARGSUSED*/ | 219 | /*ARGSUSED*/ |
@@ -296,9 +299,9 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt) | |||
296 | } | 299 | } |
297 | userauth_finish(authctxt, authenticated, method, NULL); | 300 | userauth_finish(authctxt, authenticated, method, NULL); |
298 | 301 | ||
299 | xfree(service); | 302 | free(service); |
300 | xfree(user); | 303 | free(user); |
301 | xfree(method); | 304 | free(method); |
302 | } | 305 | } |
303 | 306 | ||
304 | void | 307 | void |
@@ -324,14 +327,14 @@ userauth_finish(Authctxt *authctxt, int authenticated, const char *method, | |||
324 | } | 327 | } |
325 | 328 | ||
326 | if (authenticated && options.num_auth_methods != 0) { | 329 | if (authenticated && options.num_auth_methods != 0) { |
327 | if (!auth2_update_methods_lists(authctxt, method)) { | 330 | if (!auth2_update_methods_lists(authctxt, method, submethod)) { |
328 | authenticated = 0; | 331 | authenticated = 0; |
329 | partial = 1; | 332 | partial = 1; |
330 | } | 333 | } |
331 | } | 334 | } |
332 | 335 | ||
333 | /* Log before sending the reply */ | 336 | /* Log before sending the reply */ |
334 | auth_log(authctxt, authenticated, partial, method, submethod, " ssh2"); | 337 | auth_log(authctxt, authenticated, partial, method, submethod); |
335 | 338 | ||
336 | if (authctxt->postponed) | 339 | if (authctxt->postponed) |
337 | return; | 340 | return; |
@@ -386,7 +389,7 @@ userauth_finish(Authctxt *authctxt, int authenticated, const char *method, | |||
386 | packet_put_char(partial); | 389 | packet_put_char(partial); |
387 | packet_send(); | 390 | packet_send(); |
388 | packet_write_wait(); | 391 | packet_write_wait(); |
389 | xfree(methods); | 392 | free(methods); |
390 | } | 393 | } |
391 | } | 394 | } |
392 | 395 | ||
@@ -395,8 +398,9 @@ userauth_finish(Authctxt *authctxt, int authenticated, const char *method, | |||
395 | * methods list. Returns 1 if allowed, or no methods lists configured. | 398 | * methods list. Returns 1 if allowed, or no methods lists configured. |
396 | * 0 otherwise. | 399 | * 0 otherwise. |
397 | */ | 400 | */ |
398 | static int | 401 | int |
399 | method_allowed(Authctxt *authctxt, const char *method) | 402 | auth2_method_allowed(Authctxt *authctxt, const char *method, |
403 | const char *submethod) | ||
400 | { | 404 | { |
401 | u_int i; | 405 | u_int i; |
402 | 406 | ||
@@ -407,7 +411,8 @@ method_allowed(Authctxt *authctxt, const char *method) | |||
407 | if (options.num_auth_methods == 0) | 411 | if (options.num_auth_methods == 0) |
408 | return 1; | 412 | return 1; |
409 | for (i = 0; i < authctxt->num_auth_methods; i++) { | 413 | for (i = 0; i < authctxt->num_auth_methods; i++) { |
410 | if (list_starts_with(authctxt->auth_methods[i], method)) | 414 | if (list_starts_with(authctxt->auth_methods[i], method, |
415 | submethod) != MATCH_NONE) | ||
411 | return 1; | 416 | return 1; |
412 | } | 417 | } |
413 | return 0; | 418 | return 0; |
@@ -427,7 +432,8 @@ authmethods_get(Authctxt *authctxt) | |||
427 | if (authmethods[i]->enabled == NULL || | 432 | if (authmethods[i]->enabled == NULL || |
428 | *(authmethods[i]->enabled) == 0) | 433 | *(authmethods[i]->enabled) == 0) |
429 | continue; | 434 | continue; |
430 | if (!method_allowed(authctxt, authmethods[i]->name)) | 435 | if (!auth2_method_allowed(authctxt, authmethods[i]->name, |
436 | NULL)) | ||
431 | continue; | 437 | continue; |
432 | if (buffer_len(&b) > 0) | 438 | if (buffer_len(&b) > 0) |
433 | buffer_append(&b, ",", 1); | 439 | buffer_append(&b, ",", 1); |
@@ -450,7 +456,8 @@ authmethod_lookup(Authctxt *authctxt, const char *name) | |||
450 | if (authmethods[i]->enabled != NULL && | 456 | if (authmethods[i]->enabled != NULL && |
451 | *(authmethods[i]->enabled) != 0 && | 457 | *(authmethods[i]->enabled) != 0 && |
452 | strcmp(name, authmethods[i]->name) == 0 && | 458 | strcmp(name, authmethods[i]->name) == 0 && |
453 | method_allowed(authctxt, authmethods[i]->name)) | 459 | auth2_method_allowed(authctxt, |
460 | authmethods[i]->name, NULL)) | ||
454 | return authmethods[i]; | 461 | return authmethods[i]; |
455 | debug2("Unrecognized authentication method name: %s", | 462 | debug2("Unrecognized authentication method name: %s", |
456 | name ? name : "NULL"); | 463 | name ? name : "NULL"); |
@@ -465,7 +472,7 @@ authmethod_lookup(Authctxt *authctxt, const char *name) | |||
465 | int | 472 | int |
466 | auth2_methods_valid(const char *_methods, int need_enable) | 473 | auth2_methods_valid(const char *_methods, int need_enable) |
467 | { | 474 | { |
468 | char *methods, *omethods, *method; | 475 | char *methods, *omethods, *method, *p; |
469 | u_int i, found; | 476 | u_int i, found; |
470 | int ret = -1; | 477 | int ret = -1; |
471 | 478 | ||
@@ -476,6 +483,8 @@ auth2_methods_valid(const char *_methods, int need_enable) | |||
476 | omethods = methods = xstrdup(_methods); | 483 | omethods = methods = xstrdup(_methods); |
477 | while ((method = strsep(&methods, ",")) != NULL) { | 484 | while ((method = strsep(&methods, ",")) != NULL) { |
478 | for (found = i = 0; !found && authmethods[i] != NULL; i++) { | 485 | for (found = i = 0; !found && authmethods[i] != NULL; i++) { |
486 | if ((p = strchr(method, ':')) != NULL) | ||
487 | *p = '\0'; | ||
479 | if (strcmp(method, authmethods[i]->name) != 0) | 488 | if (strcmp(method, authmethods[i]->name) != 0) |
480 | continue; | 489 | continue; |
481 | if (need_enable) { | 490 | if (need_enable) { |
@@ -541,15 +550,30 @@ auth2_setup_methods_lists(Authctxt *authctxt) | |||
541 | } | 550 | } |
542 | 551 | ||
543 | static int | 552 | static int |
544 | list_starts_with(const char *methods, const char *method) | 553 | list_starts_with(const char *methods, const char *method, |
554 | const char *submethod) | ||
545 | { | 555 | { |
546 | size_t l = strlen(method); | 556 | size_t l = strlen(method); |
557 | int match; | ||
558 | const char *p; | ||
547 | 559 | ||
548 | if (strncmp(methods, method, l) != 0) | 560 | if (strncmp(methods, method, l) != 0) |
549 | return 0; | 561 | return MATCH_NONE; |
550 | if (methods[l] != ',' && methods[l] != '\0') | 562 | p = methods + l; |
551 | return 0; | 563 | match = MATCH_METHOD; |
552 | return 1; | 564 | if (*p == ':') { |
565 | if (!submethod) | ||
566 | return MATCH_PARTIAL; | ||
567 | l = strlen(submethod); | ||
568 | p += 1; | ||
569 | if (strncmp(submethod, p, l)) | ||
570 | return MATCH_NONE; | ||
571 | p += l; | ||
572 | match = MATCH_BOTH; | ||
573 | } | ||
574 | if (*p != ',' && *p != '\0') | ||
575 | return MATCH_NONE; | ||
576 | return match; | ||
553 | } | 577 | } |
554 | 578 | ||
555 | /* | 579 | /* |
@@ -558,14 +582,21 @@ list_starts_with(const char *methods, const char *method) | |||
558 | * if it did. | 582 | * if it did. |
559 | */ | 583 | */ |
560 | static int | 584 | static int |
561 | remove_method(char **methods, const char *method) | 585 | remove_method(char **methods, const char *method, const char *submethod) |
562 | { | 586 | { |
563 | char *omethods = *methods; | 587 | char *omethods = *methods, *p; |
564 | size_t l = strlen(method); | 588 | size_t l = strlen(method); |
589 | int match; | ||
565 | 590 | ||
566 | if (!list_starts_with(omethods, method)) | 591 | match = list_starts_with(omethods, method, submethod); |
592 | if (match != MATCH_METHOD && match != MATCH_BOTH) | ||
567 | return 0; | 593 | return 0; |
568 | *methods = xstrdup(omethods + l + (omethods[l] == ',' ? 1 : 0)); | 594 | p = omethods + l; |
595 | if (submethod && match == MATCH_BOTH) | ||
596 | p += 1 + strlen(submethod); /* include colon */ | ||
597 | if (*p == ',') | ||
598 | p++; | ||
599 | *methods = xstrdup(p); | ||
569 | free(omethods); | 600 | free(omethods); |
570 | return 1; | 601 | return 1; |
571 | } | 602 | } |
@@ -577,13 +608,15 @@ remove_method(char **methods, const char *method) | |||
577 | * Returns 1 if the method completed any authentication list or 0 otherwise. | 608 | * Returns 1 if the method completed any authentication list or 0 otherwise. |
578 | */ | 609 | */ |
579 | int | 610 | int |
580 | auth2_update_methods_lists(Authctxt *authctxt, const char *method) | 611 | auth2_update_methods_lists(Authctxt *authctxt, const char *method, |
612 | const char *submethod) | ||
581 | { | 613 | { |
582 | u_int i, found = 0; | 614 | u_int i, found = 0; |
583 | 615 | ||
584 | debug3("%s: updating methods list after \"%s\"", __func__, method); | 616 | debug3("%s: updating methods list after \"%s\"", __func__, method); |
585 | for (i = 0; i < authctxt->num_auth_methods; i++) { | 617 | for (i = 0; i < authctxt->num_auth_methods; i++) { |
586 | if (!remove_method(&(authctxt->auth_methods[i]), method)) | 618 | if (!remove_method(&(authctxt->auth_methods[i]), method, |
619 | submethod)) | ||
587 | continue; | 620 | continue; |
588 | found = 1; | 621 | found = 1; |
589 | if (*authctxt->auth_methods[i] == '\0') { | 622 | if (*authctxt->auth_methods[i] == '\0') { |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: authfd.c,v 1.86 2011/07/06 18:09:21 tedu Exp $ */ | 1 | /* $OpenBSD: authfd.c,v 1.87 2013/05/17 00:13:13 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -224,7 +224,7 @@ ssh_close_authentication_connection(AuthenticationConnection *auth) | |||
224 | { | 224 | { |
225 | buffer_free(&auth->identities); | 225 | buffer_free(&auth->identities); |
226 | close(auth->fd); | 226 | close(auth->fd); |
227 | xfree(auth); | 227 | free(auth); |
228 | } | 228 | } |
229 | 229 | ||
230 | /* Lock/unlock agent */ | 230 | /* Lock/unlock agent */ |
@@ -343,7 +343,7 @@ ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int versio | |||
343 | blob = buffer_get_string(&auth->identities, &blen); | 343 | blob = buffer_get_string(&auth->identities, &blen); |
344 | *comment = buffer_get_string(&auth->identities, NULL); | 344 | *comment = buffer_get_string(&auth->identities, NULL); |
345 | key = key_from_blob(blob, blen); | 345 | key = key_from_blob(blob, blen); |
346 | xfree(blob); | 346 | free(blob); |
347 | break; | 347 | break; |
348 | default: | 348 | default: |
349 | return NULL; | 349 | return NULL; |
@@ -436,7 +436,7 @@ ssh_agent_sign(AuthenticationConnection *auth, | |||
436 | buffer_put_string(&msg, blob, blen); | 436 | buffer_put_string(&msg, blob, blen); |
437 | buffer_put_string(&msg, data, datalen); | 437 | buffer_put_string(&msg, data, datalen); |
438 | buffer_put_int(&msg, flags); | 438 | buffer_put_int(&msg, flags); |
439 | xfree(blob); | 439 | free(blob); |
440 | 440 | ||
441 | if (ssh_request_reply(auth, &msg, &msg) == 0) { | 441 | if (ssh_request_reply(auth, &msg, &msg) == 0) { |
442 | buffer_free(&msg); | 442 | buffer_free(&msg); |
@@ -612,7 +612,7 @@ ssh_remove_identity(AuthenticationConnection *auth, Key *key) | |||
612 | key_to_blob(key, &blob, &blen); | 612 | key_to_blob(key, &blob, &blen); |
613 | buffer_put_char(&msg, SSH2_AGENTC_REMOVE_IDENTITY); | 613 | buffer_put_char(&msg, SSH2_AGENTC_REMOVE_IDENTITY); |
614 | buffer_put_string(&msg, blob, blen); | 614 | buffer_put_string(&msg, blob, blen); |
615 | xfree(blob); | 615 | free(blob); |
616 | } else { | 616 | } else { |
617 | buffer_free(&msg); | 617 | buffer_free(&msg); |
618 | return 0; | 618 | return 0; |
diff --git a/authfile.c b/authfile.c index 1ecbda8b1..cb95cfcb8 100644 --- a/authfile.c +++ b/authfile.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: authfile.c,v 1.95 2013/01/08 18:49:04 markus Exp $ */ | 1 | /* $OpenBSD: authfile.c,v 1.97 2013/05/17 00:13:13 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -90,7 +90,7 @@ key_private_rsa1_to_blob(Key *key, Buffer *blob, const char *passphrase, | |||
90 | u_char buf[100], *cp; | 90 | u_char buf[100], *cp; |
91 | int i, cipher_num; | 91 | int i, cipher_num; |
92 | CipherContext ciphercontext; | 92 | CipherContext ciphercontext; |
93 | Cipher *cipher; | 93 | const Cipher *cipher; |
94 | u_int32_t rnd; | 94 | u_int32_t rnd; |
95 | 95 | ||
96 | /* | 96 | /* |
@@ -422,7 +422,7 @@ key_parse_private_rsa1(Buffer *blob, const char *passphrase, char **commentp) | |||
422 | Buffer decrypted; | 422 | Buffer decrypted; |
423 | u_char *cp; | 423 | u_char *cp; |
424 | CipherContext ciphercontext; | 424 | CipherContext ciphercontext; |
425 | Cipher *cipher; | 425 | const Cipher *cipher; |
426 | Key *prv = NULL; | 426 | Key *prv = NULL; |
427 | Buffer copy; | 427 | Buffer copy; |
428 | 428 | ||
@@ -510,8 +510,8 @@ key_parse_private_rsa1(Buffer *blob, const char *passphrase, char **commentp) | |||
510 | return prv; | 510 | return prv; |
511 | 511 | ||
512 | fail: | 512 | fail: |
513 | if (commentp) | 513 | if (commentp != NULL) |
514 | xfree(*commentp); | 514 | free(*commentp); |
515 | key_free(prv); | 515 | key_free(prv); |
516 | return NULL; | 516 | return NULL; |
517 | } | 517 | } |
@@ -833,10 +833,10 @@ key_load_cert(const char *filename) | |||
833 | pub = key_new(KEY_UNSPEC); | 833 | pub = key_new(KEY_UNSPEC); |
834 | xasprintf(&file, "%s-cert.pub", filename); | 834 | xasprintf(&file, "%s-cert.pub", filename); |
835 | if (key_try_load_public(pub, file, NULL) == 1) { | 835 | if (key_try_load_public(pub, file, NULL) == 1) { |
836 | xfree(file); | 836 | free(file); |
837 | return pub; | 837 | return pub; |
838 | } | 838 | } |
839 | xfree(file); | 839 | free(file); |
840 | key_free(pub); | 840 | key_free(pub); |
841 | return NULL; | 841 | return NULL; |
842 | } | 842 | } |
@@ -1034,10 +1034,9 @@ blacklisted_key_in_file(Key *key, const char *blacklist_file, char **fp) | |||
1034 | } | 1034 | } |
1035 | 1035 | ||
1036 | out: | 1036 | out: |
1037 | if (dgst_packed) | 1037 | free(dgst_packed); |
1038 | xfree(dgst_packed); | ||
1039 | if (ret != 1 && dgst_hex) { | 1038 | if (ret != 1 && dgst_hex) { |
1040 | xfree(dgst_hex); | 1039 | free(dgst_hex); |
1041 | dgst_hex = NULL; | 1040 | dgst_hex = NULL; |
1042 | } | 1041 | } |
1043 | if (fp) | 1042 | if (fp) |
@@ -1065,7 +1064,7 @@ blacklisted_key(Key *key, char **fp) | |||
1065 | xasprintf(&blacklist_file, "%s.%s-%u", | 1064 | xasprintf(&blacklist_file, "%s.%s-%u", |
1066 | _PATH_BLACKLIST, key_type(public), key_size(public)); | 1065 | _PATH_BLACKLIST, key_type(public), key_size(public)); |
1067 | ret = blacklisted_key_in_file(public, blacklist_file, fp); | 1066 | ret = blacklisted_key_in_file(public, blacklist_file, fp); |
1068 | xfree(blacklist_file); | 1067 | free(blacklist_file); |
1069 | if (ret > 0) { | 1068 | if (ret > 0) { |
1070 | key_free(public); | 1069 | key_free(public); |
1071 | return ret; | 1070 | return ret; |
@@ -1074,7 +1073,7 @@ blacklisted_key(Key *key, char **fp) | |||
1074 | xasprintf(&blacklist_file, "%s.%s-%u", | 1073 | xasprintf(&blacklist_file, "%s.%s-%u", |
1075 | _PATH_BLACKLIST_CONFIG, key_type(public), key_size(public)); | 1074 | _PATH_BLACKLIST_CONFIG, key_type(public), key_size(public)); |
1076 | ret2 = blacklisted_key_in_file(public, blacklist_file, fp); | 1075 | ret2 = blacklisted_key_in_file(public, blacklist_file, fp); |
1077 | xfree(blacklist_file); | 1076 | free(blacklist_file); |
1078 | if (ret2 > ret) | 1077 | if (ret2 > ret) |
1079 | ret = ret2; | 1078 | ret = ret2; |
1080 | 1079 | ||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: bufaux.c,v 1.50 2010/08/31 09:58:37 djm Exp $ */ | 1 | /* $OpenBSD: bufaux.c,v 1.52 2013/07/12 00:19:58 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -181,7 +181,7 @@ buffer_get_string_ret(Buffer *buffer, u_int *length_ptr) | |||
181 | /* Get the string. */ | 181 | /* Get the string. */ |
182 | if (buffer_get_ret(buffer, value, len) == -1) { | 182 | if (buffer_get_ret(buffer, value, len) == -1) { |
183 | error("buffer_get_string_ret: buffer_get failed"); | 183 | error("buffer_get_string_ret: buffer_get failed"); |
184 | xfree(value); | 184 | free(value); |
185 | return (NULL); | 185 | return (NULL); |
186 | } | 186 | } |
187 | /* Append a null character to make processing easier. */ | 187 | /* Append a null character to make processing easier. */ |
@@ -216,7 +216,7 @@ buffer_get_cstring_ret(Buffer *buffer, u_int *length_ptr) | |||
216 | error("buffer_get_cstring_ret: string contains \\0"); | 216 | error("buffer_get_cstring_ret: string contains \\0"); |
217 | else { | 217 | else { |
218 | bzero(ret, length); | 218 | bzero(ret, length); |
219 | xfree(ret); | 219 | free(ret); |
220 | return NULL; | 220 | return NULL; |
221 | } | 221 | } |
222 | } | 222 | } |
@@ -285,7 +285,7 @@ buffer_put_cstring(Buffer *buffer, const char *s) | |||
285 | * Returns a character from the buffer (0 - 255). | 285 | * Returns a character from the buffer (0 - 255). |
286 | */ | 286 | */ |
287 | int | 287 | int |
288 | buffer_get_char_ret(char *ret, Buffer *buffer) | 288 | buffer_get_char_ret(u_char *ret, Buffer *buffer) |
289 | { | 289 | { |
290 | if (buffer_get_ret(buffer, ret, 1) == -1) { | 290 | if (buffer_get_ret(buffer, ret, 1) == -1) { |
291 | error("buffer_get_char_ret: buffer_get_ret failed"); | 291 | error("buffer_get_char_ret: buffer_get_ret failed"); |
@@ -297,11 +297,11 @@ buffer_get_char_ret(char *ret, Buffer *buffer) | |||
297 | int | 297 | int |
298 | buffer_get_char(Buffer *buffer) | 298 | buffer_get_char(Buffer *buffer) |
299 | { | 299 | { |
300 | char ch; | 300 | u_char ch; |
301 | 301 | ||
302 | if (buffer_get_char_ret(&ch, buffer) == -1) | 302 | if (buffer_get_char_ret(&ch, buffer) == -1) |
303 | fatal("buffer_get_char: buffer error"); | 303 | fatal("buffer_get_char: buffer error"); |
304 | return (u_char) ch; | 304 | return ch; |
305 | } | 305 | } |
306 | 306 | ||
307 | /* | 307 | /* |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: bufbn.c,v 1.6 2007/06/02 09:04:58 djm Exp $*/ | 1 | /* $OpenBSD: bufbn.c,v 1.7 2013/05/17 00:13:13 djm Exp $*/ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -69,7 +69,7 @@ buffer_put_bignum_ret(Buffer *buffer, const BIGNUM *value) | |||
69 | if (oi != bin_size) { | 69 | if (oi != bin_size) { |
70 | error("buffer_put_bignum_ret: BN_bn2bin() failed: oi %d != bin_size %d", | 70 | error("buffer_put_bignum_ret: BN_bn2bin() failed: oi %d != bin_size %d", |
71 | oi, bin_size); | 71 | oi, bin_size); |
72 | xfree(buf); | 72 | free(buf); |
73 | return (-1); | 73 | return (-1); |
74 | } | 74 | } |
75 | 75 | ||
@@ -80,7 +80,7 @@ buffer_put_bignum_ret(Buffer *buffer, const BIGNUM *value) | |||
80 | buffer_append(buffer, buf, oi); | 80 | buffer_append(buffer, buf, oi); |
81 | 81 | ||
82 | memset(buf, 0, bin_size); | 82 | memset(buf, 0, bin_size); |
83 | xfree(buf); | 83 | free(buf); |
84 | 84 | ||
85 | return (0); | 85 | return (0); |
86 | } | 86 | } |
@@ -167,13 +167,13 @@ buffer_put_bignum2_ret(Buffer *buffer, const BIGNUM *value) | |||
167 | if (oi < 0 || (u_int)oi != bytes - 1) { | 167 | if (oi < 0 || (u_int)oi != bytes - 1) { |
168 | error("buffer_put_bignum2_ret: BN_bn2bin() failed: " | 168 | error("buffer_put_bignum2_ret: BN_bn2bin() failed: " |
169 | "oi %d != bin_size %d", oi, bytes); | 169 | "oi %d != bin_size %d", oi, bytes); |
170 | xfree(buf); | 170 | free(buf); |
171 | return (-1); | 171 | return (-1); |
172 | } | 172 | } |
173 | hasnohigh = (buf[1] & 0x80) ? 0 : 1; | 173 | hasnohigh = (buf[1] & 0x80) ? 0 : 1; |
174 | buffer_put_string(buffer, buf+hasnohigh, bytes-hasnohigh); | 174 | buffer_put_string(buffer, buf+hasnohigh, bytes-hasnohigh); |
175 | memset(buf, 0, bytes); | 175 | memset(buf, 0, bytes); |
176 | xfree(buf); | 176 | free(buf); |
177 | return (0); | 177 | return (0); |
178 | } | 178 | } |
179 | 179 | ||
@@ -197,21 +197,21 @@ buffer_get_bignum2_ret(Buffer *buffer, BIGNUM *value) | |||
197 | 197 | ||
198 | if (len > 0 && (bin[0] & 0x80)) { | 198 | if (len > 0 && (bin[0] & 0x80)) { |
199 | error("buffer_get_bignum2_ret: negative numbers not supported"); | 199 | error("buffer_get_bignum2_ret: negative numbers not supported"); |
200 | xfree(bin); | 200 | free(bin); |
201 | return (-1); | 201 | return (-1); |
202 | } | 202 | } |
203 | if (len > 8 * 1024) { | 203 | if (len > 8 * 1024) { |
204 | error("buffer_get_bignum2_ret: cannot handle BN of size %d", | 204 | error("buffer_get_bignum2_ret: cannot handle BN of size %d", |
205 | len); | 205 | len); |
206 | xfree(bin); | 206 | free(bin); |
207 | return (-1); | 207 | return (-1); |
208 | } | 208 | } |
209 | if (BN_bin2bn(bin, len, value) == NULL) { | 209 | if (BN_bin2bn(bin, len, value) == NULL) { |
210 | error("buffer_get_bignum2_ret: BN_bin2bn failed"); | 210 | error("buffer_get_bignum2_ret: BN_bin2bn failed"); |
211 | xfree(bin); | 211 | free(bin); |
212 | return (-1); | 212 | return (-1); |
213 | } | 213 | } |
214 | xfree(bin); | 214 | free(bin); |
215 | return (0); | 215 | return (0); |
216 | } | 216 | } |
217 | 217 | ||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: bufec.c,v 1.1 2010/08/31 11:54:45 djm Exp $ */ | 1 | /* $OpenBSD: bufec.c,v 1.2 2013/05/17 00:13:13 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2010 Damien Miller <djm@mindrot.org> | 3 | * Copyright (c) 2010 Damien Miller <djm@mindrot.org> |
4 | * | 4 | * |
@@ -78,7 +78,7 @@ buffer_put_ecpoint_ret(Buffer *buffer, const EC_GROUP *curve, | |||
78 | out: | 78 | out: |
79 | if (buf != NULL) { | 79 | if (buf != NULL) { |
80 | bzero(buf, len); | 80 | bzero(buf, len); |
81 | xfree(buf); | 81 | free(buf); |
82 | } | 82 | } |
83 | BN_CTX_free(bnctx); | 83 | BN_CTX_free(bnctx); |
84 | return ret; | 84 | return ret; |
@@ -131,7 +131,7 @@ buffer_get_ecpoint_ret(Buffer *buffer, const EC_GROUP *curve, | |||
131 | out: | 131 | out: |
132 | BN_CTX_free(bnctx); | 132 | BN_CTX_free(bnctx); |
133 | bzero(buf, len); | 133 | bzero(buf, len); |
134 | xfree(buf); | 134 | free(buf); |
135 | return ret; | 135 | return ret; |
136 | } | 136 | } |
137 | 137 | ||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: buffer.c,v 1.32 2010/02/09 03:56:28 djm Exp $ */ | 1 | /* $OpenBSD: buffer.c,v 1.33 2013/05/17 00:13:13 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -50,7 +50,7 @@ buffer_free(Buffer *buffer) | |||
50 | if (buffer->alloc > 0) { | 50 | if (buffer->alloc > 0) { |
51 | memset(buffer->buf, 0, buffer->alloc); | 51 | memset(buffer->buf, 0, buffer->alloc); |
52 | buffer->alloc = 0; | 52 | buffer->alloc = 0; |
53 | xfree(buffer->buf); | 53 | free(buffer->buf); |
54 | } | 54 | } |
55 | } | 55 | } |
56 | 56 | ||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: buffer.h,v 1.21 2010/08/31 11:54:45 djm Exp $ */ | 1 | /* $OpenBSD: buffer.h,v 1.22 2013/07/12 00:19:58 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
@@ -84,7 +84,7 @@ int buffer_get_int64_ret(u_int64_t *, Buffer *); | |||
84 | void *buffer_get_string_ret(Buffer *, u_int *); | 84 | void *buffer_get_string_ret(Buffer *, u_int *); |
85 | char *buffer_get_cstring_ret(Buffer *, u_int *); | 85 | char *buffer_get_cstring_ret(Buffer *, u_int *); |
86 | void *buffer_get_string_ptr_ret(Buffer *, u_int *); | 86 | void *buffer_get_string_ptr_ret(Buffer *, u_int *); |
87 | int buffer_get_char_ret(char *, Buffer *); | 87 | int buffer_get_char_ret(u_char *, Buffer *); |
88 | 88 | ||
89 | #ifdef OPENSSL_HAS_ECC | 89 | #ifdef OPENSSL_HAS_ECC |
90 | #include <openssl/ec.h> | 90 | #include <openssl/ec.h> |
diff --git a/canohost.c b/canohost.c index dabd8a31a..69e8e6f6d 100644 --- a/canohost.c +++ b/canohost.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: canohost.c,v 1.66 2010/01/13 01:20:20 dtucker Exp $ */ | 1 | /* $OpenBSD: canohost.c,v 1.67 2013/05/17 00:13:13 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -41,7 +41,7 @@ static int cached_port = -1; | |||
41 | 41 | ||
42 | /* | 42 | /* |
43 | * Return the canonical name of the host at the other end of the socket. The | 43 | * Return the canonical name of the host at the other end of the socket. The |
44 | * caller should free the returned string with xfree. | 44 | * caller should free the returned string. |
45 | */ | 45 | */ |
46 | 46 | ||
47 | static char * | 47 | static char * |
@@ -323,10 +323,8 @@ get_local_name(int fd) | |||
323 | void | 323 | void |
324 | clear_cached_addr(void) | 324 | clear_cached_addr(void) |
325 | { | 325 | { |
326 | if (canonical_host_ip != NULL) { | 326 | free(canonical_host_ip); |
327 | xfree(canonical_host_ip); | 327 | canonical_host_ip = NULL; |
328 | canonical_host_ip = NULL; | ||
329 | } | ||
330 | cached_port = -1; | 328 | cached_port = -1; |
331 | } | 329 | } |
332 | 330 | ||
diff --git a/channels.c b/channels.c index 9cf85a38d..ac675c742 100644 --- a/channels.c +++ b/channels.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: channels.c,v 1.319 2012/12/02 20:46:11 djm Exp $ */ | 1 | /* $OpenBSD: channels.c,v 1.324 2013/07/12 00:19:58 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -213,6 +213,7 @@ channel_lookup(int id) | |||
213 | case SSH_CHANNEL_OPEN: | 213 | case SSH_CHANNEL_OPEN: |
214 | case SSH_CHANNEL_INPUT_DRAINING: | 214 | case SSH_CHANNEL_INPUT_DRAINING: |
215 | case SSH_CHANNEL_OUTPUT_DRAINING: | 215 | case SSH_CHANNEL_OUTPUT_DRAINING: |
216 | case SSH_CHANNEL_ABANDONED: | ||
216 | return (c); | 217 | return (c); |
217 | } | 218 | } |
218 | logit("Non-public channel %d, type %d.", id, c->type); | 219 | logit("Non-public channel %d, type %d.", id, c->type); |
@@ -247,7 +248,10 @@ channel_register_fds(Channel *c, int rfd, int wfd, int efd, | |||
247 | 248 | ||
248 | if ((c->isatty = is_tty) != 0) | 249 | if ((c->isatty = is_tty) != 0) |
249 | debug2("channel %d: rfd %d isatty", c->self, c->rfd); | 250 | debug2("channel %d: rfd %d isatty", c->self, c->rfd); |
251 | #ifdef _AIX | ||
252 | /* XXX: Later AIX versions can't push as much data to tty */ | ||
250 | c->wfd_isatty = is_tty || isatty(c->wfd); | 253 | c->wfd_isatty = is_tty || isatty(c->wfd); |
254 | #endif | ||
251 | 255 | ||
252 | /* enable nonblocking mode */ | 256 | /* enable nonblocking mode */ |
253 | if (nonblock) { | 257 | if (nonblock) { |
@@ -401,7 +405,7 @@ channel_free(Channel *c) | |||
401 | 405 | ||
402 | s = channel_open_message(); | 406 | s = channel_open_message(); |
403 | debug3("channel %d: status: %s", c->self, s); | 407 | debug3("channel %d: status: %s", c->self, s); |
404 | xfree(s); | 408 | free(s); |
405 | 409 | ||
406 | if (c->sock != -1) | 410 | if (c->sock != -1) |
407 | shutdown(c->sock, SHUT_RDWR); | 411 | shutdown(c->sock, SHUT_RDWR); |
@@ -409,29 +413,23 @@ channel_free(Channel *c) | |||
409 | buffer_free(&c->input); | 413 | buffer_free(&c->input); |
410 | buffer_free(&c->output); | 414 | buffer_free(&c->output); |
411 | buffer_free(&c->extended); | 415 | buffer_free(&c->extended); |
412 | if (c->remote_name) { | 416 | free(c->remote_name); |
413 | xfree(c->remote_name); | 417 | c->remote_name = NULL; |
414 | c->remote_name = NULL; | 418 | free(c->path); |
415 | } | 419 | c->path = NULL; |
416 | if (c->path) { | 420 | free(c->listening_addr); |
417 | xfree(c->path); | 421 | c->listening_addr = NULL; |
418 | c->path = NULL; | ||
419 | } | ||
420 | if (c->listening_addr) { | ||
421 | xfree(c->listening_addr); | ||
422 | c->listening_addr = NULL; | ||
423 | } | ||
424 | while ((cc = TAILQ_FIRST(&c->status_confirms)) != NULL) { | 422 | while ((cc = TAILQ_FIRST(&c->status_confirms)) != NULL) { |
425 | if (cc->abandon_cb != NULL) | 423 | if (cc->abandon_cb != NULL) |
426 | cc->abandon_cb(c, cc->ctx); | 424 | cc->abandon_cb(c, cc->ctx); |
427 | TAILQ_REMOVE(&c->status_confirms, cc, entry); | 425 | TAILQ_REMOVE(&c->status_confirms, cc, entry); |
428 | bzero(cc, sizeof(*cc)); | 426 | bzero(cc, sizeof(*cc)); |
429 | xfree(cc); | 427 | free(cc); |
430 | } | 428 | } |
431 | if (c->filter_cleanup != NULL && c->filter_ctx != NULL) | 429 | if (c->filter_cleanup != NULL && c->filter_ctx != NULL) |
432 | c->filter_cleanup(c->self, c->filter_ctx); | 430 | c->filter_cleanup(c->self, c->filter_ctx); |
433 | channels[c->self] = NULL; | 431 | channels[c->self] = NULL; |
434 | xfree(c); | 432 | free(c); |
435 | } | 433 | } |
436 | 434 | ||
437 | void | 435 | void |
@@ -536,6 +534,7 @@ channel_still_open(void) | |||
536 | case SSH_CHANNEL_DYNAMIC: | 534 | case SSH_CHANNEL_DYNAMIC: |
537 | case SSH_CHANNEL_CONNECTING: | 535 | case SSH_CHANNEL_CONNECTING: |
538 | case SSH_CHANNEL_ZOMBIE: | 536 | case SSH_CHANNEL_ZOMBIE: |
537 | case SSH_CHANNEL_ABANDONED: | ||
539 | continue; | 538 | continue; |
540 | case SSH_CHANNEL_LARVAL: | 539 | case SSH_CHANNEL_LARVAL: |
541 | if (!compat20) | 540 | if (!compat20) |
@@ -581,6 +580,7 @@ channel_find_open(void) | |||
581 | case SSH_CHANNEL_OPENING: | 580 | case SSH_CHANNEL_OPENING: |
582 | case SSH_CHANNEL_CONNECTING: | 581 | case SSH_CHANNEL_CONNECTING: |
583 | case SSH_CHANNEL_ZOMBIE: | 582 | case SSH_CHANNEL_ZOMBIE: |
583 | case SSH_CHANNEL_ABANDONED: | ||
584 | continue; | 584 | continue; |
585 | case SSH_CHANNEL_LARVAL: | 585 | case SSH_CHANNEL_LARVAL: |
586 | case SSH_CHANNEL_AUTH_SOCKET: | 586 | case SSH_CHANNEL_AUTH_SOCKET: |
@@ -628,6 +628,7 @@ channel_open_message(void) | |||
628 | case SSH_CHANNEL_CLOSED: | 628 | case SSH_CHANNEL_CLOSED: |
629 | case SSH_CHANNEL_AUTH_SOCKET: | 629 | case SSH_CHANNEL_AUTH_SOCKET: |
630 | case SSH_CHANNEL_ZOMBIE: | 630 | case SSH_CHANNEL_ZOMBIE: |
631 | case SSH_CHANNEL_ABANDONED: | ||
631 | case SSH_CHANNEL_MUX_CLIENT: | 632 | case SSH_CHANNEL_MUX_CLIENT: |
632 | case SSH_CHANNEL_MUX_LISTENER: | 633 | case SSH_CHANNEL_MUX_LISTENER: |
633 | continue; | 634 | continue; |
@@ -1080,10 +1081,8 @@ channel_decode_socks4(Channel *c, fd_set *readset, fd_set *writeset) | |||
1080 | strlcpy(username, p, sizeof(username)); | 1081 | strlcpy(username, p, sizeof(username)); |
1081 | buffer_consume(&c->input, len); | 1082 | buffer_consume(&c->input, len); |
1082 | 1083 | ||
1083 | if (c->path != NULL) { | 1084 | free(c->path); |
1084 | xfree(c->path); | 1085 | c->path = NULL; |
1085 | c->path = NULL; | ||
1086 | } | ||
1087 | if (need == 1) { /* SOCKS4: one string */ | 1086 | if (need == 1) { /* SOCKS4: one string */ |
1088 | host = inet_ntoa(s4_req.dest_addr); | 1087 | host = inet_ntoa(s4_req.dest_addr); |
1089 | c->path = xstrdup(host); | 1088 | c->path = xstrdup(host); |
@@ -1143,7 +1142,8 @@ channel_decode_socks5(Channel *c, fd_set *readset, fd_set *writeset) | |||
1143 | u_int8_t atyp; | 1142 | u_int8_t atyp; |
1144 | } s5_req, s5_rsp; | 1143 | } s5_req, s5_rsp; |
1145 | u_int16_t dest_port; | 1144 | u_int16_t dest_port; |
1146 | u_char *p, dest_addr[255+1], ntop[INET6_ADDRSTRLEN]; | 1145 | char dest_addr[255+1], ntop[INET6_ADDRSTRLEN]; |
1146 | u_char *p; | ||
1147 | u_int have, need, i, found, nmethods, addrlen, af; | 1147 | u_int have, need, i, found, nmethods, addrlen, af; |
1148 | 1148 | ||
1149 | debug2("channel %d: decode socks5", c->self); | 1149 | debug2("channel %d: decode socks5", c->self); |
@@ -1213,13 +1213,11 @@ channel_decode_socks5(Channel *c, fd_set *readset, fd_set *writeset) | |||
1213 | buffer_consume(&c->input, sizeof(s5_req)); | 1213 | buffer_consume(&c->input, sizeof(s5_req)); |
1214 | if (s5_req.atyp == SSH_SOCKS5_DOMAIN) | 1214 | if (s5_req.atyp == SSH_SOCKS5_DOMAIN) |
1215 | buffer_consume(&c->input, 1); /* host string length */ | 1215 | buffer_consume(&c->input, 1); /* host string length */ |
1216 | buffer_get(&c->input, (char *)&dest_addr, addrlen); | 1216 | buffer_get(&c->input, &dest_addr, addrlen); |
1217 | buffer_get(&c->input, (char *)&dest_port, 2); | 1217 | buffer_get(&c->input, (char *)&dest_port, 2); |
1218 | dest_addr[addrlen] = '\0'; | 1218 | dest_addr[addrlen] = '\0'; |
1219 | if (c->path != NULL) { | 1219 | free(c->path); |
1220 | xfree(c->path); | 1220 | c->path = NULL; |
1221 | c->path = NULL; | ||
1222 | } | ||
1223 | if (s5_req.atyp == SSH_SOCKS5_DOMAIN) { | 1221 | if (s5_req.atyp == SSH_SOCKS5_DOMAIN) { |
1224 | if (addrlen >= NI_MAXHOST) { | 1222 | if (addrlen >= NI_MAXHOST) { |
1225 | error("channel %d: dynamic request: socks5 hostname " | 1223 | error("channel %d: dynamic request: socks5 hostname " |
@@ -1241,11 +1239,10 @@ channel_decode_socks5(Channel *c, fd_set *readset, fd_set *writeset) | |||
1241 | s5_rsp.command = SSH_SOCKS5_SUCCESS; | 1239 | s5_rsp.command = SSH_SOCKS5_SUCCESS; |
1242 | s5_rsp.reserved = 0; /* ignored */ | 1240 | s5_rsp.reserved = 0; /* ignored */ |
1243 | s5_rsp.atyp = SSH_SOCKS5_IPV4; | 1241 | s5_rsp.atyp = SSH_SOCKS5_IPV4; |
1244 | ((struct in_addr *)&dest_addr)->s_addr = INADDR_ANY; | ||
1245 | dest_port = 0; /* ignored */ | 1242 | dest_port = 0; /* ignored */ |
1246 | 1243 | ||
1247 | buffer_append(&c->output, &s5_rsp, sizeof(s5_rsp)); | 1244 | buffer_append(&c->output, &s5_rsp, sizeof(s5_rsp)); |
1248 | buffer_append(&c->output, &dest_addr, sizeof(struct in_addr)); | 1245 | buffer_put_int(&c->output, ntohl(INADDR_ANY)); /* bind address */ |
1249 | buffer_append(&c->output, &dest_port, sizeof(dest_port)); | 1246 | buffer_append(&c->output, &dest_port, sizeof(dest_port)); |
1250 | return 1; | 1247 | return 1; |
1251 | } | 1248 | } |
@@ -1324,7 +1321,7 @@ channel_post_x11_listener(Channel *c, fd_set *readset, fd_set *writeset) | |||
1324 | { | 1321 | { |
1325 | Channel *nc; | 1322 | Channel *nc; |
1326 | struct sockaddr_storage addr; | 1323 | struct sockaddr_storage addr; |
1327 | int newsock; | 1324 | int newsock, oerrno; |
1328 | socklen_t addrlen; | 1325 | socklen_t addrlen; |
1329 | char buf[16384], *remote_ipaddr; | 1326 | char buf[16384], *remote_ipaddr; |
1330 | int remote_port; | 1327 | int remote_port; |
@@ -1334,14 +1331,18 @@ channel_post_x11_listener(Channel *c, fd_set *readset, fd_set *writeset) | |||
1334 | addrlen = sizeof(addr); | 1331 | addrlen = sizeof(addr); |
1335 | newsock = accept(c->sock, (struct sockaddr *)&addr, &addrlen); | 1332 | newsock = accept(c->sock, (struct sockaddr *)&addr, &addrlen); |
1336 | if (c->single_connection) { | 1333 | if (c->single_connection) { |
1334 | oerrno = errno; | ||
1337 | debug2("single_connection: closing X11 listener."); | 1335 | debug2("single_connection: closing X11 listener."); |
1338 | channel_close_fd(&c->sock); | 1336 | channel_close_fd(&c->sock); |
1339 | chan_mark_dead(c); | 1337 | chan_mark_dead(c); |
1338 | errno = oerrno; | ||
1340 | } | 1339 | } |
1341 | if (newsock < 0) { | 1340 | if (newsock < 0) { |
1342 | error("accept: %.100s", strerror(errno)); | 1341 | if (errno != EINTR && errno != EWOULDBLOCK && |
1342 | errno != ECONNABORTED) | ||
1343 | error("accept: %.100s", strerror(errno)); | ||
1343 | if (errno == EMFILE || errno == ENFILE) | 1344 | if (errno == EMFILE || errno == ENFILE) |
1344 | c->notbefore = time(NULL) + 1; | 1345 | c->notbefore = monotime() + 1; |
1345 | return; | 1346 | return; |
1346 | } | 1347 | } |
1347 | set_nodelay(newsock); | 1348 | set_nodelay(newsock); |
@@ -1375,7 +1376,7 @@ channel_post_x11_listener(Channel *c, fd_set *readset, fd_set *writeset) | |||
1375 | packet_put_cstring(buf); | 1376 | packet_put_cstring(buf); |
1376 | packet_send(); | 1377 | packet_send(); |
1377 | } | 1378 | } |
1378 | xfree(remote_ipaddr); | 1379 | free(remote_ipaddr); |
1379 | } | 1380 | } |
1380 | } | 1381 | } |
1381 | 1382 | ||
@@ -1389,7 +1390,7 @@ port_open_helper(Channel *c, char *rtype) | |||
1389 | 1390 | ||
1390 | if (remote_port == -1) { | 1391 | if (remote_port == -1) { |
1391 | /* Fake addr/port to appease peers that validate it (Tectia) */ | 1392 | /* Fake addr/port to appease peers that validate it (Tectia) */ |
1392 | xfree(remote_ipaddr); | 1393 | free(remote_ipaddr); |
1393 | remote_ipaddr = xstrdup("127.0.0.1"); | 1394 | remote_ipaddr = xstrdup("127.0.0.1"); |
1394 | remote_port = 65535; | 1395 | remote_port = 65535; |
1395 | } | 1396 | } |
@@ -1402,7 +1403,7 @@ port_open_helper(Channel *c, char *rtype) | |||
1402 | rtype, c->listening_port, c->path, c->host_port, | 1403 | rtype, c->listening_port, c->path, c->host_port, |
1403 | remote_ipaddr, remote_port); | 1404 | remote_ipaddr, remote_port); |
1404 | 1405 | ||
1405 | xfree(c->remote_name); | 1406 | free(c->remote_name); |
1406 | c->remote_name = xstrdup(buf); | 1407 | c->remote_name = xstrdup(buf); |
1407 | 1408 | ||
1408 | if (compat20) { | 1409 | if (compat20) { |
@@ -1434,7 +1435,7 @@ port_open_helper(Channel *c, char *rtype) | |||
1434 | packet_put_cstring(c->remote_name); | 1435 | packet_put_cstring(c->remote_name); |
1435 | packet_send(); | 1436 | packet_send(); |
1436 | } | 1437 | } |
1437 | xfree(remote_ipaddr); | 1438 | free(remote_ipaddr); |
1438 | } | 1439 | } |
1439 | 1440 | ||
1440 | static void | 1441 | static void |
@@ -1484,9 +1485,11 @@ channel_post_port_listener(Channel *c, fd_set *readset, fd_set *writeset) | |||
1484 | addrlen = sizeof(addr); | 1485 | addrlen = sizeof(addr); |
1485 | newsock = accept(c->sock, (struct sockaddr *)&addr, &addrlen); | 1486 | newsock = accept(c->sock, (struct sockaddr *)&addr, &addrlen); |
1486 | if (newsock < 0) { | 1487 | if (newsock < 0) { |
1487 | error("accept: %.100s", strerror(errno)); | 1488 | if (errno != EINTR && errno != EWOULDBLOCK && |
1489 | errno != ECONNABORTED) | ||
1490 | error("accept: %.100s", strerror(errno)); | ||
1488 | if (errno == EMFILE || errno == ENFILE) | 1491 | if (errno == EMFILE || errno == ENFILE) |
1489 | c->notbefore = time(NULL) + 1; | 1492 | c->notbefore = monotime() + 1; |
1490 | return; | 1493 | return; |
1491 | } | 1494 | } |
1492 | set_nodelay(newsock); | 1495 | set_nodelay(newsock); |
@@ -1522,7 +1525,7 @@ channel_post_auth_listener(Channel *c, fd_set *readset, fd_set *writeset) | |||
1522 | error("accept from auth socket: %.100s", | 1525 | error("accept from auth socket: %.100s", |
1523 | strerror(errno)); | 1526 | strerror(errno)); |
1524 | if (errno == EMFILE || errno == ENFILE) | 1527 | if (errno == EMFILE || errno == ENFILE) |
1525 | c->notbefore = time(NULL) + 1; | 1528 | c->notbefore = monotime() + 1; |
1526 | return; | 1529 | return; |
1527 | } | 1530 | } |
1528 | nc = channel_new("accepted auth socket", | 1531 | nc = channel_new("accepted auth socket", |
@@ -1685,7 +1688,7 @@ channel_handle_wfd(Channel *c, fd_set *readset, fd_set *writeset) | |||
1685 | if (c->datagram) { | 1688 | if (c->datagram) { |
1686 | /* ignore truncated writes, datagrams might get lost */ | 1689 | /* ignore truncated writes, datagrams might get lost */ |
1687 | len = write(c->wfd, buf, dlen); | 1690 | len = write(c->wfd, buf, dlen); |
1688 | xfree(data); | 1691 | free(data); |
1689 | if (len < 0 && (errno == EINTR || errno == EAGAIN || | 1692 | if (len < 0 && (errno == EINTR || errno == EAGAIN || |
1690 | errno == EWOULDBLOCK)) | 1693 | errno == EWOULDBLOCK)) |
1691 | return 1; | 1694 | return 1; |
@@ -1926,7 +1929,7 @@ channel_post_mux_listener(Channel *c, fd_set *readset, fd_set *writeset) | |||
1926 | &addrlen)) == -1) { | 1929 | &addrlen)) == -1) { |
1927 | error("%s accept: %s", __func__, strerror(errno)); | 1930 | error("%s accept: %s", __func__, strerror(errno)); |
1928 | if (errno == EMFILE || errno == ENFILE) | 1931 | if (errno == EMFILE || errno == ENFILE) |
1929 | c->notbefore = time(NULL) + 1; | 1932 | c->notbefore = monotime() + 1; |
1930 | return; | 1933 | return; |
1931 | } | 1934 | } |
1932 | 1935 | ||
@@ -2089,7 +2092,7 @@ channel_handler(chan_fn *ftab[], fd_set *readset, fd_set *writeset, | |||
2089 | channel_handler_init(); | 2092 | channel_handler_init(); |
2090 | did_init = 1; | 2093 | did_init = 1; |
2091 | } | 2094 | } |
2092 | now = time(NULL); | 2095 | now = monotime(); |
2093 | if (unpause_secs != NULL) | 2096 | if (unpause_secs != NULL) |
2094 | *unpause_secs = 0; | 2097 | *unpause_secs = 0; |
2095 | for (i = 0, oalloc = channels_alloc; i < oalloc; i++) { | 2098 | for (i = 0, oalloc = channels_alloc; i < oalloc; i++) { |
@@ -2219,7 +2222,7 @@ channel_output_poll(void) | |||
2219 | debug("channel %d: datagram " | 2222 | debug("channel %d: datagram " |
2220 | "too big for channel", | 2223 | "too big for channel", |
2221 | c->self); | 2224 | c->self); |
2222 | xfree(data); | 2225 | free(data); |
2223 | continue; | 2226 | continue; |
2224 | } | 2227 | } |
2225 | packet_start(SSH2_MSG_CHANNEL_DATA); | 2228 | packet_start(SSH2_MSG_CHANNEL_DATA); |
@@ -2227,7 +2230,7 @@ channel_output_poll(void) | |||
2227 | packet_put_string(data, dlen); | 2230 | packet_put_string(data, dlen); |
2228 | packet_send(); | 2231 | packet_send(); |
2229 | c->remote_window -= dlen + 4; | 2232 | c->remote_window -= dlen + 4; |
2230 | xfree(data); | 2233 | free(data); |
2231 | } | 2234 | } |
2232 | continue; | 2235 | continue; |
2233 | } | 2236 | } |
@@ -2399,13 +2402,13 @@ channel_input_extended_data(int type, u_int32_t seq, void *ctxt) | |||
2399 | if (data_len > c->local_window) { | 2402 | if (data_len > c->local_window) { |
2400 | logit("channel %d: rcvd too much extended_data %d, win %d", | 2403 | logit("channel %d: rcvd too much extended_data %d, win %d", |
2401 | c->self, data_len, c->local_window); | 2404 | c->self, data_len, c->local_window); |
2402 | xfree(data); | 2405 | free(data); |
2403 | return; | 2406 | return; |
2404 | } | 2407 | } |
2405 | debug2("channel %d: rcvd ext data %d", c->self, data_len); | 2408 | debug2("channel %d: rcvd ext data %d", c->self, data_len); |
2406 | c->local_window -= data_len; | 2409 | c->local_window -= data_len; |
2407 | buffer_append(&c->extended, data, data_len); | 2410 | buffer_append(&c->extended, data, data_len); |
2408 | xfree(data); | 2411 | free(data); |
2409 | } | 2412 | } |
2410 | 2413 | ||
2411 | /* ARGSUSED */ | 2414 | /* ARGSUSED */ |
@@ -2495,7 +2498,7 @@ channel_input_close_confirmation(int type, u_int32_t seq, void *ctxt) | |||
2495 | if (c == NULL) | 2498 | if (c == NULL) |
2496 | packet_disconnect("Received close confirmation for " | 2499 | packet_disconnect("Received close confirmation for " |
2497 | "out-of-range channel %d.", id); | 2500 | "out-of-range channel %d.", id); |
2498 | if (c->type != SSH_CHANNEL_CLOSED) | 2501 | if (c->type != SSH_CHANNEL_CLOSED && c->type != SSH_CHANNEL_ABANDONED) |
2499 | packet_disconnect("Received close confirmation for " | 2502 | packet_disconnect("Received close confirmation for " |
2500 | "non-closed channel %d (type %d).", id, c->type); | 2503 | "non-closed channel %d (type %d).", id, c->type); |
2501 | channel_free(c); | 2504 | channel_free(c); |
@@ -2571,10 +2574,8 @@ channel_input_open_failure(int type, u_int32_t seq, void *ctxt) | |||
2571 | } | 2574 | } |
2572 | logit("channel %d: open failed: %s%s%s", id, | 2575 | logit("channel %d: open failed: %s%s%s", id, |
2573 | reason2txt(reason), msg ? ": ": "", msg ? msg : ""); | 2576 | reason2txt(reason), msg ? ": ": "", msg ? msg : ""); |
2574 | if (msg != NULL) | 2577 | free(msg); |
2575 | xfree(msg); | 2578 | free(lang); |
2576 | if (lang != NULL) | ||
2577 | xfree(lang); | ||
2578 | if (c->open_confirm) { | 2579 | if (c->open_confirm) { |
2579 | debug2("callback start"); | 2580 | debug2("callback start"); |
2580 | c->open_confirm(c->self, 0, c->open_confirm_ctx); | 2581 | c->open_confirm(c->self, 0, c->open_confirm_ctx); |
@@ -2632,8 +2633,8 @@ channel_input_port_open(int type, u_int32_t seq, void *ctxt) | |||
2632 | packet_check_eom(); | 2633 | packet_check_eom(); |
2633 | c = channel_connect_to(host, host_port, | 2634 | c = channel_connect_to(host, host_port, |
2634 | "connected socket", originator_string); | 2635 | "connected socket", originator_string); |
2635 | xfree(originator_string); | 2636 | free(originator_string); |
2636 | xfree(host); | 2637 | free(host); |
2637 | if (c == NULL) { | 2638 | if (c == NULL) { |
2638 | packet_start(SSH_MSG_CHANNEL_OPEN_FAILURE); | 2639 | packet_start(SSH_MSG_CHANNEL_OPEN_FAILURE); |
2639 | packet_put_int(remote_id); | 2640 | packet_put_int(remote_id); |
@@ -2668,7 +2669,7 @@ channel_input_status_confirm(int type, u_int32_t seq, void *ctxt) | |||
2668 | cc->cb(type, c, cc->ctx); | 2669 | cc->cb(type, c, cc->ctx); |
2669 | TAILQ_REMOVE(&c->status_confirms, cc, entry); | 2670 | TAILQ_REMOVE(&c->status_confirms, cc, entry); |
2670 | bzero(cc, sizeof(*cc)); | 2671 | bzero(cc, sizeof(*cc)); |
2671 | xfree(cc); | 2672 | free(cc); |
2672 | } | 2673 | } |
2673 | 2674 | ||
2674 | /* -- tcp forwarding */ | 2675 | /* -- tcp forwarding */ |
@@ -3048,7 +3049,7 @@ channel_request_rforward_cancel(const char *host, u_short port) | |||
3048 | 3049 | ||
3049 | permitted_opens[i].listen_port = 0; | 3050 | permitted_opens[i].listen_port = 0; |
3050 | permitted_opens[i].port_to_connect = 0; | 3051 | permitted_opens[i].port_to_connect = 0; |
3051 | xfree(permitted_opens[i].host_to_connect); | 3052 | free(permitted_opens[i].host_to_connect); |
3052 | permitted_opens[i].host_to_connect = NULL; | 3053 | permitted_opens[i].host_to_connect = NULL; |
3053 | 3054 | ||
3054 | return 0; | 3055 | return 0; |
@@ -3089,7 +3090,7 @@ channel_input_port_forward_request(int is_root, int gateway_ports) | |||
3089 | host_port, gateway_ports); | 3090 | host_port, gateway_ports); |
3090 | 3091 | ||
3091 | /* Free the argument string. */ | 3092 | /* Free the argument string. */ |
3092 | xfree(hostname); | 3093 | free(hostname); |
3093 | 3094 | ||
3094 | return (success ? 0 : -1); | 3095 | return (success ? 0 : -1); |
3095 | } | 3096 | } |
@@ -3144,7 +3145,7 @@ channel_update_permitted_opens(int idx, int newport) | |||
3144 | } else { | 3145 | } else { |
3145 | permitted_opens[idx].listen_port = 0; | 3146 | permitted_opens[idx].listen_port = 0; |
3146 | permitted_opens[idx].port_to_connect = 0; | 3147 | permitted_opens[idx].port_to_connect = 0; |
3147 | xfree(permitted_opens[idx].host_to_connect); | 3148 | free(permitted_opens[idx].host_to_connect); |
3148 | permitted_opens[idx].host_to_connect = NULL; | 3149 | permitted_opens[idx].host_to_connect = NULL; |
3149 | } | 3150 | } |
3150 | } | 3151 | } |
@@ -3177,12 +3178,9 @@ channel_clear_permitted_opens(void) | |||
3177 | int i; | 3178 | int i; |
3178 | 3179 | ||
3179 | for (i = 0; i < num_permitted_opens; i++) | 3180 | for (i = 0; i < num_permitted_opens; i++) |
3180 | if (permitted_opens[i].host_to_connect != NULL) | 3181 | free(permitted_opens[i].host_to_connect); |
3181 | xfree(permitted_opens[i].host_to_connect); | 3182 | free(permitted_opens); |
3182 | if (num_permitted_opens > 0) { | 3183 | permitted_opens = NULL; |
3183 | xfree(permitted_opens); | ||
3184 | permitted_opens = NULL; | ||
3185 | } | ||
3186 | num_permitted_opens = 0; | 3184 | num_permitted_opens = 0; |
3187 | } | 3185 | } |
3188 | 3186 | ||
@@ -3192,12 +3190,9 @@ channel_clear_adm_permitted_opens(void) | |||
3192 | int i; | 3190 | int i; |
3193 | 3191 | ||
3194 | for (i = 0; i < num_adm_permitted_opens; i++) | 3192 | for (i = 0; i < num_adm_permitted_opens; i++) |
3195 | if (permitted_adm_opens[i].host_to_connect != NULL) | 3193 | free(permitted_adm_opens[i].host_to_connect); |
3196 | xfree(permitted_adm_opens[i].host_to_connect); | 3194 | free(permitted_adm_opens); |
3197 | if (num_adm_permitted_opens > 0) { | 3195 | permitted_adm_opens = NULL; |
3198 | xfree(permitted_adm_opens); | ||
3199 | permitted_adm_opens = NULL; | ||
3200 | } | ||
3201 | num_adm_permitted_opens = 0; | 3196 | num_adm_permitted_opens = 0; |
3202 | } | 3197 | } |
3203 | 3198 | ||
@@ -3291,7 +3286,7 @@ connect_next(struct channel_connect *cctx) | |||
3291 | static void | 3286 | static void |
3292 | channel_connect_ctx_free(struct channel_connect *cctx) | 3287 | channel_connect_ctx_free(struct channel_connect *cctx) |
3293 | { | 3288 | { |
3294 | xfree(cctx->host); | 3289 | free(cctx->host); |
3295 | if (cctx->aitop) | 3290 | if (cctx->aitop) |
3296 | freeaddrinfo(cctx->aitop); | 3291 | freeaddrinfo(cctx->aitop); |
3297 | bzero(cctx, sizeof(*cctx)); | 3292 | bzero(cctx, sizeof(*cctx)); |
@@ -3686,7 +3681,7 @@ x11_input_open(int type, u_int32_t seq, void *ctxt) | |||
3686 | c->remote_id = remote_id; | 3681 | c->remote_id = remote_id; |
3687 | c->force_drain = 1; | 3682 | c->force_drain = 1; |
3688 | } | 3683 | } |
3689 | xfree(remote_host); | 3684 | free(remote_host); |
3690 | if (c == NULL) { | 3685 | if (c == NULL) { |
3691 | /* Send refusal to the remote host. */ | 3686 | /* Send refusal to the remote host. */ |
3692 | packet_start(SSH_MSG_CHANNEL_OPEN_FAILURE); | 3687 | packet_start(SSH_MSG_CHANNEL_OPEN_FAILURE); |
@@ -3794,7 +3789,7 @@ x11_request_forwarding_with_spoofing(int client_session_id, const char *disp, | |||
3794 | packet_put_int(screen_number); | 3789 | packet_put_int(screen_number); |
3795 | packet_send(); | 3790 | packet_send(); |
3796 | packet_write_wait(); | 3791 | packet_write_wait(); |
3797 | xfree(new_data); | 3792 | free(new_data); |
3798 | } | 3793 | } |
3799 | 3794 | ||
3800 | 3795 | ||
diff --git a/channels.h b/channels.h index d75b800f7..4fab9d7c4 100644 --- a/channels.h +++ b/channels.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: channels.h,v 1.111 2012/04/11 13:16:19 djm Exp $ */ | 1 | /* $OpenBSD: channels.h,v 1.113 2013/06/07 15:37:52 dtucker Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
@@ -55,7 +55,8 @@ | |||
55 | #define SSH_CHANNEL_ZOMBIE 14 /* Almost dead. */ | 55 | #define SSH_CHANNEL_ZOMBIE 14 /* Almost dead. */ |
56 | #define SSH_CHANNEL_MUX_LISTENER 15 /* Listener for mux conn. */ | 56 | #define SSH_CHANNEL_MUX_LISTENER 15 /* Listener for mux conn. */ |
57 | #define SSH_CHANNEL_MUX_CLIENT 16 /* Conn. to mux slave */ | 57 | #define SSH_CHANNEL_MUX_CLIENT 16 /* Conn. to mux slave */ |
58 | #define SSH_CHANNEL_MAX_TYPE 17 | 58 | #define SSH_CHANNEL_ABANDONED 17 /* Abandoned session, eg mux */ |
59 | #define SSH_CHANNEL_MAX_TYPE 18 | ||
59 | 60 | ||
60 | #define CHANNEL_CANCEL_PORT_STATIC -1 | 61 | #define CHANNEL_CANCEL_PORT_STATIC -1 |
61 | 62 | ||
@@ -102,7 +103,9 @@ struct Channel { | |||
102 | int sock; /* sock fd */ | 103 | int sock; /* sock fd */ |
103 | int ctl_chan; /* control channel (multiplexed connections) */ | 104 | int ctl_chan; /* control channel (multiplexed connections) */ |
104 | int isatty; /* rfd is a tty */ | 105 | int isatty; /* rfd is a tty */ |
106 | #ifdef _AIX | ||
105 | int wfd_isatty; /* wfd is a tty */ | 107 | int wfd_isatty; /* wfd is a tty */ |
108 | #endif | ||
106 | int client_tty; /* (client) TTY has been requested */ | 109 | int client_tty; /* (client) TTY has been requested */ |
107 | int force_drain; /* force close on iEOF */ | 110 | int force_drain; /* force close on iEOF */ |
108 | time_t notbefore; /* Pause IO until deadline (time_t) */ | 111 | time_t notbefore; /* Pause IO until deadline (time_t) */ |
@@ -110,7 +113,7 @@ struct Channel { | |||
110 | * channels are delayed until the first call | 113 | * channels are delayed until the first call |
111 | * to a matching pre-select handler. | 114 | * to a matching pre-select handler. |
112 | * this way post-select handlers are not | 115 | * this way post-select handlers are not |
113 | * accidenly called if a FD gets reused */ | 116 | * accidentally called if a FD gets reused */ |
114 | Buffer input; /* data read from socket, to be sent over | 117 | Buffer input; /* data read from socket, to be sent over |
115 | * encrypted connection */ | 118 | * encrypted connection */ |
116 | Buffer output; /* data received over encrypted connection for | 119 | Buffer output; /* data received over encrypted connection for |
diff --git a/cipher-3des1.c b/cipher-3des1.c index b7aa588cd..c8a70244b 100644 --- a/cipher-3des1.c +++ b/cipher-3des1.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: cipher-3des1.c,v 1.7 2010/10/01 23:05:32 djm Exp $ */ | 1 | /* $OpenBSD: cipher-3des1.c,v 1.8 2013/05/17 00:13:13 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2003 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2003 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -94,7 +94,7 @@ ssh1_3des_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv, | |||
94 | EVP_CipherInit(&c->k2, EVP_des_cbc(), k2, NULL, !enc) == 0 || | 94 | EVP_CipherInit(&c->k2, EVP_des_cbc(), k2, NULL, !enc) == 0 || |
95 | EVP_CipherInit(&c->k3, EVP_des_cbc(), k3, NULL, enc) == 0) { | 95 | EVP_CipherInit(&c->k3, EVP_des_cbc(), k3, NULL, enc) == 0) { |
96 | memset(c, 0, sizeof(*c)); | 96 | memset(c, 0, sizeof(*c)); |
97 | xfree(c); | 97 | free(c); |
98 | EVP_CIPHER_CTX_set_app_data(ctx, NULL); | 98 | EVP_CIPHER_CTX_set_app_data(ctx, NULL); |
99 | return (0); | 99 | return (0); |
100 | } | 100 | } |
@@ -135,7 +135,7 @@ ssh1_3des_cleanup(EVP_CIPHER_CTX *ctx) | |||
135 | EVP_CIPHER_CTX_cleanup(&c->k2); | 135 | EVP_CIPHER_CTX_cleanup(&c->k2); |
136 | EVP_CIPHER_CTX_cleanup(&c->k3); | 136 | EVP_CIPHER_CTX_cleanup(&c->k3); |
137 | memset(c, 0, sizeof(*c)); | 137 | memset(c, 0, sizeof(*c)); |
138 | xfree(c); | 138 | free(c); |
139 | EVP_CIPHER_CTX_set_app_data(ctx, NULL); | 139 | EVP_CIPHER_CTX_set_app_data(ctx, NULL); |
140 | } | 140 | } |
141 | return (1); | 141 | return (1); |
diff --git a/cipher-aes.c b/cipher-aes.c index 07ec7aa5d..8b1017272 100644 --- a/cipher-aes.c +++ b/cipher-aes.c | |||
@@ -120,7 +120,7 @@ ssh_rijndael_cleanup(EVP_CIPHER_CTX *ctx) | |||
120 | 120 | ||
121 | if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) != NULL) { | 121 | if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) != NULL) { |
122 | memset(c, 0, sizeof(*c)); | 122 | memset(c, 0, sizeof(*c)); |
123 | xfree(c); | 123 | free(c); |
124 | EVP_CIPHER_CTX_set_app_data(ctx, NULL); | 124 | EVP_CIPHER_CTX_set_app_data(ctx, NULL); |
125 | } | 125 | } |
126 | return (1); | 126 | return (1); |
diff --git a/cipher-ctr.c b/cipher-ctr.c index d1fe69f57..ea0f9b3b7 100644 --- a/cipher-ctr.c +++ b/cipher-ctr.c | |||
@@ -104,7 +104,7 @@ ssh_aes_ctr_cleanup(EVP_CIPHER_CTX *ctx) | |||
104 | 104 | ||
105 | if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) != NULL) { | 105 | if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) != NULL) { |
106 | memset(c, 0, sizeof(*c)); | 106 | memset(c, 0, sizeof(*c)); |
107 | xfree(c); | 107 | free(c); |
108 | EVP_CIPHER_CTX_set_app_data(ctx, NULL); | 108 | EVP_CIPHER_CTX_set_app_data(ctx, NULL); |
109 | } | 109 | } |
110 | return (1); | 110 | return (1); |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: cipher.c,v 1.87 2013/01/26 06:11:05 djm Exp $ */ | 1 | /* $OpenBSD: cipher.c,v 1.89 2013/05/17 00:13:13 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -65,7 +65,9 @@ struct Cipher { | |||
65 | u_int discard_len; | 65 | u_int discard_len; |
66 | u_int cbc_mode; | 66 | u_int cbc_mode; |
67 | const EVP_CIPHER *(*evptype)(void); | 67 | const EVP_CIPHER *(*evptype)(void); |
68 | } ciphers[] = { | 68 | }; |
69 | |||
70 | static const struct Cipher ciphers[] = { | ||
69 | { "none", SSH_CIPHER_NONE, 8, 0, 0, 0, 0, 0, EVP_enc_null }, | 71 | { "none", SSH_CIPHER_NONE, 8, 0, 0, 0, 0, 0, EVP_enc_null }, |
70 | { "des", SSH_CIPHER_DES, 8, 8, 0, 0, 0, 1, EVP_des_cbc }, | 72 | { "des", SSH_CIPHER_DES, 8, 8, 0, 0, 0, 1, EVP_des_cbc }, |
71 | { "3des", SSH_CIPHER_3DES, 8, 16, 0, 0, 0, 1, evp_ssh1_3des }, | 73 | { "3des", SSH_CIPHER_3DES, 8, 16, 0, 0, 0, 1, evp_ssh1_3des }, |
@@ -98,6 +100,27 @@ struct Cipher { | |||
98 | 100 | ||
99 | /*--*/ | 101 | /*--*/ |
100 | 102 | ||
103 | /* Returns a comma-separated list of supported ciphers. */ | ||
104 | char * | ||
105 | cipher_alg_list(void) | ||
106 | { | ||
107 | char *ret = NULL; | ||
108 | size_t nlen, rlen = 0; | ||
109 | const Cipher *c; | ||
110 | |||
111 | for (c = ciphers; c->name != NULL; c++) { | ||
112 | if (c->number != SSH_CIPHER_SSH2) | ||
113 | continue; | ||
114 | if (ret != NULL) | ||
115 | ret[rlen++] = '\n'; | ||
116 | nlen = strlen(c->name); | ||
117 | ret = xrealloc(ret, 1, rlen + nlen + 2); | ||
118 | memcpy(ret + rlen, c->name, nlen + 1); | ||
119 | rlen += nlen; | ||
120 | } | ||
121 | return ret; | ||
122 | } | ||
123 | |||
101 | u_int | 124 | u_int |
102 | cipher_blocksize(const Cipher *c) | 125 | cipher_blocksize(const Cipher *c) |
103 | { | 126 | { |
@@ -146,20 +169,20 @@ cipher_mask_ssh1(int client) | |||
146 | return mask; | 169 | return mask; |
147 | } | 170 | } |
148 | 171 | ||
149 | Cipher * | 172 | const Cipher * |
150 | cipher_by_name(const char *name) | 173 | cipher_by_name(const char *name) |
151 | { | 174 | { |
152 | Cipher *c; | 175 | const Cipher *c; |
153 | for (c = ciphers; c->name != NULL; c++) | 176 | for (c = ciphers; c->name != NULL; c++) |
154 | if (strcmp(c->name, name) == 0) | 177 | if (strcmp(c->name, name) == 0) |
155 | return c; | 178 | return c; |
156 | return NULL; | 179 | return NULL; |
157 | } | 180 | } |
158 | 181 | ||
159 | Cipher * | 182 | const Cipher * |
160 | cipher_by_number(int id) | 183 | cipher_by_number(int id) |
161 | { | 184 | { |
162 | Cipher *c; | 185 | const Cipher *c; |
163 | for (c = ciphers; c->name != NULL; c++) | 186 | for (c = ciphers; c->name != NULL; c++) |
164 | if (c->number == id) | 187 | if (c->number == id) |
165 | return c; | 188 | return c; |
@@ -170,7 +193,7 @@ cipher_by_number(int id) | |||
170 | int | 193 | int |
171 | ciphers_valid(const char *names) | 194 | ciphers_valid(const char *names) |
172 | { | 195 | { |
173 | Cipher *c; | 196 | const Cipher *c; |
174 | char *cipher_list, *cp; | 197 | char *cipher_list, *cp; |
175 | char *p; | 198 | char *p; |
176 | 199 | ||
@@ -182,14 +205,14 @@ ciphers_valid(const char *names) | |||
182 | c = cipher_by_name(p); | 205 | c = cipher_by_name(p); |
183 | if (c == NULL || c->number != SSH_CIPHER_SSH2) { | 206 | if (c == NULL || c->number != SSH_CIPHER_SSH2) { |
184 | debug("bad cipher %s [%s]", p, names); | 207 | debug("bad cipher %s [%s]", p, names); |
185 | xfree(cipher_list); | 208 | free(cipher_list); |
186 | return 0; | 209 | return 0; |
187 | } else { | 210 | } else { |
188 | debug3("cipher ok: %s [%s]", p, names); | 211 | debug3("cipher ok: %s [%s]", p, names); |
189 | } | 212 | } |
190 | } | 213 | } |
191 | debug3("ciphers ok: [%s]", names); | 214 | debug3("ciphers ok: [%s]", names); |
192 | xfree(cipher_list); | 215 | free(cipher_list); |
193 | return 1; | 216 | return 1; |
194 | } | 217 | } |
195 | 218 | ||
@@ -201,7 +224,7 @@ ciphers_valid(const char *names) | |||
201 | int | 224 | int |
202 | cipher_number(const char *name) | 225 | cipher_number(const char *name) |
203 | { | 226 | { |
204 | Cipher *c; | 227 | const Cipher *c; |
205 | if (name == NULL) | 228 | if (name == NULL) |
206 | return -1; | 229 | return -1; |
207 | for (c = ciphers; c->name != NULL; c++) | 230 | for (c = ciphers; c->name != NULL; c++) |
@@ -213,12 +236,12 @@ cipher_number(const char *name) | |||
213 | char * | 236 | char * |
214 | cipher_name(int id) | 237 | cipher_name(int id) |
215 | { | 238 | { |
216 | Cipher *c = cipher_by_number(id); | 239 | const Cipher *c = cipher_by_number(id); |
217 | return (c==NULL) ? "<unknown>" : c->name; | 240 | return (c==NULL) ? "<unknown>" : c->name; |
218 | } | 241 | } |
219 | 242 | ||
220 | void | 243 | void |
221 | cipher_init(CipherContext *cc, Cipher *cipher, | 244 | cipher_init(CipherContext *cc, const Cipher *cipher, |
222 | const u_char *key, u_int keylen, const u_char *iv, u_int ivlen, | 245 | const u_char *key, u_int keylen, const u_char *iv, u_int ivlen, |
223 | int do_encrypt) | 246 | int do_encrypt) |
224 | { | 247 | { |
@@ -291,8 +314,8 @@ cipher_init(CipherContext *cc, Cipher *cipher, | |||
291 | cipher->discard_len) == 0) | 314 | cipher->discard_len) == 0) |
292 | fatal("evp_crypt: EVP_Cipher failed during discard"); | 315 | fatal("evp_crypt: EVP_Cipher failed during discard"); |
293 | memset(discard, 0, cipher->discard_len); | 316 | memset(discard, 0, cipher->discard_len); |
294 | xfree(junk); | 317 | free(junk); |
295 | xfree(discard); | 318 | free(discard); |
296 | } | 319 | } |
297 | } | 320 | } |
298 | 321 | ||
@@ -364,7 +387,7 @@ cipher_cleanup(CipherContext *cc) | |||
364 | */ | 387 | */ |
365 | 388 | ||
366 | void | 389 | void |
367 | cipher_set_key_string(CipherContext *cc, Cipher *cipher, | 390 | cipher_set_key_string(CipherContext *cc, const Cipher *cipher, |
368 | const char *passphrase, int do_encrypt) | 391 | const char *passphrase, int do_encrypt) |
369 | { | 392 | { |
370 | MD5_CTX md; | 393 | MD5_CTX md; |
@@ -389,7 +412,7 @@ cipher_set_key_string(CipherContext *cc, Cipher *cipher, | |||
389 | int | 412 | int |
390 | cipher_get_keyiv_len(const CipherContext *cc) | 413 | cipher_get_keyiv_len(const CipherContext *cc) |
391 | { | 414 | { |
392 | Cipher *c = cc->cipher; | 415 | const Cipher *c = cc->cipher; |
393 | int ivlen; | 416 | int ivlen; |
394 | 417 | ||
395 | if (c->number == SSH_CIPHER_3DES) | 418 | if (c->number == SSH_CIPHER_3DES) |
@@ -402,7 +425,7 @@ cipher_get_keyiv_len(const CipherContext *cc) | |||
402 | void | 425 | void |
403 | cipher_get_keyiv(CipherContext *cc, u_char *iv, u_int len) | 426 | cipher_get_keyiv(CipherContext *cc, u_char *iv, u_int len) |
404 | { | 427 | { |
405 | Cipher *c = cc->cipher; | 428 | const Cipher *c = cc->cipher; |
406 | int evplen; | 429 | int evplen; |
407 | 430 | ||
408 | switch (c->number) { | 431 | switch (c->number) { |
@@ -438,7 +461,7 @@ cipher_get_keyiv(CipherContext *cc, u_char *iv, u_int len) | |||
438 | void | 461 | void |
439 | cipher_set_keyiv(CipherContext *cc, u_char *iv) | 462 | cipher_set_keyiv(CipherContext *cc, u_char *iv) |
440 | { | 463 | { |
441 | Cipher *c = cc->cipher; | 464 | const Cipher *c = cc->cipher; |
442 | int evplen = 0; | 465 | int evplen = 0; |
443 | 466 | ||
444 | switch (c->number) { | 467 | switch (c->number) { |
@@ -471,7 +494,7 @@ cipher_set_keyiv(CipherContext *cc, u_char *iv) | |||
471 | int | 494 | int |
472 | cipher_get_keycontext(const CipherContext *cc, u_char *dat) | 495 | cipher_get_keycontext(const CipherContext *cc, u_char *dat) |
473 | { | 496 | { |
474 | Cipher *c = cc->cipher; | 497 | const Cipher *c = cc->cipher; |
475 | int plen = 0; | 498 | int plen = 0; |
476 | 499 | ||
477 | if (c->evptype == EVP_rc4) { | 500 | if (c->evptype == EVP_rc4) { |
@@ -486,7 +509,7 @@ cipher_get_keycontext(const CipherContext *cc, u_char *dat) | |||
486 | void | 509 | void |
487 | cipher_set_keycontext(CipherContext *cc, u_char *dat) | 510 | cipher_set_keycontext(CipherContext *cc, u_char *dat) |
488 | { | 511 | { |
489 | Cipher *c = cc->cipher; | 512 | const Cipher *c = cc->cipher; |
490 | int plen; | 513 | int plen; |
491 | 514 | ||
492 | if (c->evptype == EVP_rc4) { | 515 | if (c->evptype == EVP_rc4) { |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: cipher.h,v 1.39 2013/01/08 18:49:04 markus Exp $ */ | 1 | /* $OpenBSD: cipher.h,v 1.40 2013/04/19 01:06:50 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
@@ -66,21 +66,22 @@ struct CipherContext { | |||
66 | int plaintext; | 66 | int plaintext; |
67 | int encrypt; | 67 | int encrypt; |
68 | EVP_CIPHER_CTX evp; | 68 | EVP_CIPHER_CTX evp; |
69 | Cipher *cipher; | 69 | const Cipher *cipher; |
70 | }; | 70 | }; |
71 | 71 | ||
72 | u_int cipher_mask_ssh1(int); | 72 | u_int cipher_mask_ssh1(int); |
73 | Cipher *cipher_by_name(const char *); | 73 | const Cipher *cipher_by_name(const char *); |
74 | Cipher *cipher_by_number(int); | 74 | const Cipher *cipher_by_number(int); |
75 | int cipher_number(const char *); | 75 | int cipher_number(const char *); |
76 | char *cipher_name(int); | 76 | char *cipher_name(int); |
77 | int ciphers_valid(const char *); | 77 | int ciphers_valid(const char *); |
78 | void cipher_init(CipherContext *, Cipher *, const u_char *, u_int, | 78 | char *cipher_alg_list(void); |
79 | void cipher_init(CipherContext *, const Cipher *, const u_char *, u_int, | ||
79 | const u_char *, u_int, int); | 80 | const u_char *, u_int, int); |
80 | void cipher_crypt(CipherContext *, u_char *, const u_char *, | 81 | void cipher_crypt(CipherContext *, u_char *, const u_char *, |
81 | u_int, u_int, u_int); | 82 | u_int, u_int, u_int); |
82 | void cipher_cleanup(CipherContext *); | 83 | void cipher_cleanup(CipherContext *); |
83 | void cipher_set_key_string(CipherContext *, Cipher *, const char *, int); | 84 | void cipher_set_key_string(CipherContext *, const Cipher *, const char *, int); |
84 | u_int cipher_blocksize(const Cipher *); | 85 | u_int cipher_blocksize(const Cipher *); |
85 | u_int cipher_keylen(const Cipher *); | 86 | u_int cipher_keylen(const Cipher *); |
86 | u_int cipher_authlen(const Cipher *); | 87 | u_int cipher_authlen(const Cipher *); |
diff --git a/clientloop.c b/clientloop.c index 1a16b2525..35550eb4d 100644 --- a/clientloop.c +++ b/clientloop.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: clientloop.c,v 1.248 2013/01/02 00:32:07 djm Exp $ */ | 1 | /* $OpenBSD: clientloop.c,v 1.253 2013/06/07 15:37:52 dtucker Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -277,7 +277,7 @@ set_control_persist_exit_time(void) | |||
277 | control_persist_exit_time = 0; | 277 | control_persist_exit_time = 0; |
278 | } else if (control_persist_exit_time <= 0) { | 278 | } else if (control_persist_exit_time <= 0) { |
279 | /* a client connection has recently closed */ | 279 | /* a client connection has recently closed */ |
280 | control_persist_exit_time = time(NULL) + | 280 | control_persist_exit_time = monotime() + |
281 | (time_t)options.control_persist_timeout; | 281 | (time_t)options.control_persist_timeout; |
282 | debug2("%s: schedule exit in %d seconds", __func__, | 282 | debug2("%s: schedule exit in %d seconds", __func__, |
283 | options.control_persist_timeout); | 283 | options.control_persist_timeout); |
@@ -360,7 +360,7 @@ client_x11_get_proto(const char *display, const char *xauth_path, | |||
360 | if (system(cmd) == 0) | 360 | if (system(cmd) == 0) |
361 | generated = 1; | 361 | generated = 1; |
362 | if (x11_refuse_time == 0) { | 362 | if (x11_refuse_time == 0) { |
363 | now = time(NULL) + 1; | 363 | now = monotime() + 1; |
364 | if (UINT_MAX - timeout < now) | 364 | if (UINT_MAX - timeout < now) |
365 | x11_refuse_time = UINT_MAX; | 365 | x11_refuse_time = UINT_MAX; |
366 | else | 366 | else |
@@ -397,10 +397,8 @@ client_x11_get_proto(const char *display, const char *xauth_path, | |||
397 | unlink(xauthfile); | 397 | unlink(xauthfile); |
398 | rmdir(xauthdir); | 398 | rmdir(xauthdir); |
399 | } | 399 | } |
400 | if (xauthdir) | 400 | free(xauthdir); |
401 | xfree(xauthdir); | 401 | free(xauthfile); |
402 | if (xauthfile) | ||
403 | xfree(xauthfile); | ||
404 | 402 | ||
405 | /* | 403 | /* |
406 | * If we didn't get authentication data, just make up some | 404 | * If we didn't get authentication data, just make up some |
@@ -556,7 +554,7 @@ client_global_request_reply(int type, u_int32_t seq, void *ctxt) | |||
556 | if (--gc->ref_count <= 0) { | 554 | if (--gc->ref_count <= 0) { |
557 | TAILQ_REMOVE(&global_confirms, gc, entry); | 555 | TAILQ_REMOVE(&global_confirms, gc, entry); |
558 | bzero(gc, sizeof(*gc)); | 556 | bzero(gc, sizeof(*gc)); |
559 | xfree(gc); | 557 | free(gc); |
560 | } | 558 | } |
561 | 559 | ||
562 | packet_set_alive_timeouts(0); | 560 | packet_set_alive_timeouts(0); |
@@ -592,7 +590,7 @@ client_wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp, | |||
592 | { | 590 | { |
593 | struct timeval tv, *tvp; | 591 | struct timeval tv, *tvp; |
594 | int timeout_secs; | 592 | int timeout_secs; |
595 | time_t minwait_secs = 0; | 593 | time_t minwait_secs = 0, server_alive_time = 0, now = monotime(); |
596 | int ret; | 594 | int ret; |
597 | 595 | ||
598 | /* Add any selections by the channel mechanism. */ | 596 | /* Add any selections by the channel mechanism. */ |
@@ -641,12 +639,16 @@ client_wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp, | |||
641 | */ | 639 | */ |
642 | 640 | ||
643 | timeout_secs = INT_MAX; /* we use INT_MAX to mean no timeout */ | 641 | timeout_secs = INT_MAX; /* we use INT_MAX to mean no timeout */ |
644 | if (options.server_alive_interval > 0) | 642 | if (options.server_alive_interval > 0) { |
645 | timeout_secs = options.server_alive_interval; | 643 | timeout_secs = options.server_alive_interval; |
644 | server_alive_time = now + options.server_alive_interval; | ||
645 | } | ||
646 | if (options.rekey_interval > 0 && compat20 && !rekeying) | ||
647 | timeout_secs = MIN(timeout_secs, packet_get_rekey_timeout()); | ||
646 | set_control_persist_exit_time(); | 648 | set_control_persist_exit_time(); |
647 | if (control_persist_exit_time > 0) { | 649 | if (control_persist_exit_time > 0) { |
648 | timeout_secs = MIN(timeout_secs, | 650 | timeout_secs = MIN(timeout_secs, |
649 | control_persist_exit_time - time(NULL)); | 651 | control_persist_exit_time - now); |
650 | if (timeout_secs < 0) | 652 | if (timeout_secs < 0) |
651 | timeout_secs = 0; | 653 | timeout_secs = 0; |
652 | } | 654 | } |
@@ -678,8 +680,15 @@ client_wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp, | |||
678 | snprintf(buf, sizeof buf, "select: %s\r\n", strerror(errno)); | 680 | snprintf(buf, sizeof buf, "select: %s\r\n", strerror(errno)); |
679 | buffer_append(&stderr_buffer, buf, strlen(buf)); | 681 | buffer_append(&stderr_buffer, buf, strlen(buf)); |
680 | quit_pending = 1; | 682 | quit_pending = 1; |
681 | } else if (ret == 0) | 683 | } else if (ret == 0) { |
682 | server_alive_check(); | 684 | /* |
685 | * Timeout. Could have been either keepalive or rekeying. | ||
686 | * Keepalive we check here, rekeying is checked in clientloop. | ||
687 | */ | ||
688 | if (server_alive_time != 0 && server_alive_time <= monotime()) | ||
689 | server_alive_check(); | ||
690 | } | ||
691 | |||
683 | } | 692 | } |
684 | 693 | ||
685 | static void | 694 | static void |
@@ -824,13 +833,13 @@ client_status_confirm(int type, Channel *c, void *ctx) | |||
824 | chan_write_failed(c); | 833 | chan_write_failed(c); |
825 | } | 834 | } |
826 | } | 835 | } |
827 | xfree(cr); | 836 | free(cr); |
828 | } | 837 | } |
829 | 838 | ||
830 | static void | 839 | static void |
831 | client_abandon_status_confirm(Channel *c, void *ctx) | 840 | client_abandon_status_confirm(Channel *c, void *ctx) |
832 | { | 841 | { |
833 | xfree(ctx); | 842 | free(ctx); |
834 | } | 843 | } |
835 | 844 | ||
836 | void | 845 | void |
@@ -997,12 +1006,9 @@ process_cmdline(void) | |||
997 | out: | 1006 | out: |
998 | signal(SIGINT, handler); | 1007 | signal(SIGINT, handler); |
999 | enter_raw_mode(options.request_tty == REQUEST_TTY_FORCE); | 1008 | enter_raw_mode(options.request_tty == REQUEST_TTY_FORCE); |
1000 | if (cmd) | 1009 | free(cmd); |
1001 | xfree(cmd); | 1010 | free(fwd.listen_host); |
1002 | if (fwd.listen_host != NULL) | 1011 | free(fwd.connect_host); |
1003 | xfree(fwd.listen_host); | ||
1004 | if (fwd.connect_host != NULL) | ||
1005 | xfree(fwd.connect_host); | ||
1006 | } | 1012 | } |
1007 | 1013 | ||
1008 | /* reasons to suppress output of an escape command in help output */ | 1014 | /* reasons to suppress output of an escape command in help output */ |
@@ -1112,8 +1118,11 @@ process_escapes(Channel *c, Buffer *bin, Buffer *bout, Buffer *berr, | |||
1112 | if (c && c->ctl_chan != -1) { | 1118 | if (c && c->ctl_chan != -1) { |
1113 | chan_read_failed(c); | 1119 | chan_read_failed(c); |
1114 | chan_write_failed(c); | 1120 | chan_write_failed(c); |
1115 | mux_master_session_cleanup_cb(c->self, | 1121 | if (c->detach_user) |
1116 | NULL); | 1122 | c->detach_user(c->self, NULL); |
1123 | c->type = SSH_CHANNEL_ABANDONED; | ||
1124 | buffer_clear(&c->input); | ||
1125 | chan_ibuf_empty(c); | ||
1117 | return 0; | 1126 | return 0; |
1118 | } else | 1127 | } else |
1119 | quit_pending = 1; | 1128 | quit_pending = 1; |
@@ -1259,7 +1268,7 @@ process_escapes(Channel *c, Buffer *bin, Buffer *bout, Buffer *berr, | |||
1259 | buffer_append(berr, string, strlen(string)); | 1268 | buffer_append(berr, string, strlen(string)); |
1260 | s = channel_open_message(); | 1269 | s = channel_open_message(); |
1261 | buffer_append(berr, s, strlen(s)); | 1270 | buffer_append(berr, s, strlen(s)); |
1262 | xfree(s); | 1271 | free(s); |
1263 | continue; | 1272 | continue; |
1264 | 1273 | ||
1265 | case 'C': | 1274 | case 'C': |
@@ -1448,7 +1457,7 @@ client_new_escape_filter_ctx(int escape_char) | |||
1448 | void | 1457 | void |
1449 | client_filter_cleanup(int cid, void *ctx) | 1458 | client_filter_cleanup(int cid, void *ctx) |
1450 | { | 1459 | { |
1451 | xfree(ctx); | 1460 | free(ctx); |
1452 | } | 1461 | } |
1453 | 1462 | ||
1454 | int | 1463 | int |
@@ -1662,16 +1671,14 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id) | |||
1662 | * connections, then quit. | 1671 | * connections, then quit. |
1663 | */ | 1672 | */ |
1664 | if (control_persist_exit_time > 0) { | 1673 | if (control_persist_exit_time > 0) { |
1665 | if (time(NULL) >= control_persist_exit_time) { | 1674 | if (monotime() >= control_persist_exit_time) { |
1666 | debug("ControlPersist timeout expired"); | 1675 | debug("ControlPersist timeout expired"); |
1667 | break; | 1676 | break; |
1668 | } | 1677 | } |
1669 | } | 1678 | } |
1670 | } | 1679 | } |
1671 | if (readset) | 1680 | free(readset); |
1672 | xfree(readset); | 1681 | free(writeset); |
1673 | if (writeset) | ||
1674 | xfree(writeset); | ||
1675 | 1682 | ||
1676 | /* Terminate the session. */ | 1683 | /* Terminate the session. */ |
1677 | 1684 | ||
@@ -1775,7 +1782,7 @@ client_input_stdout_data(int type, u_int32_t seq, void *ctxt) | |||
1775 | packet_check_eom(); | 1782 | packet_check_eom(); |
1776 | buffer_append(&stdout_buffer, data, data_len); | 1783 | buffer_append(&stdout_buffer, data, data_len); |
1777 | memset(data, 0, data_len); | 1784 | memset(data, 0, data_len); |
1778 | xfree(data); | 1785 | free(data); |
1779 | } | 1786 | } |
1780 | static void | 1787 | static void |
1781 | client_input_stderr_data(int type, u_int32_t seq, void *ctxt) | 1788 | client_input_stderr_data(int type, u_int32_t seq, void *ctxt) |
@@ -1785,7 +1792,7 @@ client_input_stderr_data(int type, u_int32_t seq, void *ctxt) | |||
1785 | packet_check_eom(); | 1792 | packet_check_eom(); |
1786 | buffer_append(&stderr_buffer, data, data_len); | 1793 | buffer_append(&stderr_buffer, data, data_len); |
1787 | memset(data, 0, data_len); | 1794 | memset(data, 0, data_len); |
1788 | xfree(data); | 1795 | free(data); |
1789 | } | 1796 | } |
1790 | static void | 1797 | static void |
1791 | client_input_exit_status(int type, u_int32_t seq, void *ctxt) | 1798 | client_input_exit_status(int type, u_int32_t seq, void *ctxt) |
@@ -1865,8 +1872,8 @@ client_request_forwarded_tcpip(const char *request_type, int rchan) | |||
1865 | c = channel_connect_by_listen_address(listen_port, | 1872 | c = channel_connect_by_listen_address(listen_port, |
1866 | "forwarded-tcpip", originator_address); | 1873 | "forwarded-tcpip", originator_address); |
1867 | 1874 | ||
1868 | xfree(originator_address); | 1875 | free(originator_address); |
1869 | xfree(listen_address); | 1876 | free(listen_address); |
1870 | return c; | 1877 | return c; |
1871 | } | 1878 | } |
1872 | 1879 | ||
@@ -1884,7 +1891,7 @@ client_request_x11(const char *request_type, int rchan) | |||
1884 | "malicious server."); | 1891 | "malicious server."); |
1885 | return NULL; | 1892 | return NULL; |
1886 | } | 1893 | } |
1887 | if (x11_refuse_time != 0 && time(NULL) >= x11_refuse_time) { | 1894 | if (x11_refuse_time != 0 && monotime() >= x11_refuse_time) { |
1888 | verbose("Rejected X11 connection after ForwardX11Timeout " | 1895 | verbose("Rejected X11 connection after ForwardX11Timeout " |
1889 | "expired"); | 1896 | "expired"); |
1890 | return NULL; | 1897 | return NULL; |
@@ -1900,7 +1907,7 @@ client_request_x11(const char *request_type, int rchan) | |||
1900 | /* XXX check permission */ | 1907 | /* XXX check permission */ |
1901 | debug("client_request_x11: request from %s %d", originator, | 1908 | debug("client_request_x11: request from %s %d", originator, |
1902 | originator_port); | 1909 | originator_port); |
1903 | xfree(originator); | 1910 | free(originator); |
1904 | sock = x11_connect_display(); | 1911 | sock = x11_connect_display(); |
1905 | if (sock < 0) | 1912 | if (sock < 0) |
1906 | return NULL; | 1913 | return NULL; |
@@ -2027,7 +2034,7 @@ client_input_channel_open(int type, u_int32_t seq, void *ctxt) | |||
2027 | } | 2034 | } |
2028 | packet_send(); | 2035 | packet_send(); |
2029 | } | 2036 | } |
2030 | xfree(ctype); | 2037 | free(ctype); |
2031 | } | 2038 | } |
2032 | static void | 2039 | static void |
2033 | client_input_channel_req(int type, u_int32_t seq, void *ctxt) | 2040 | client_input_channel_req(int type, u_int32_t seq, void *ctxt) |
@@ -2073,7 +2080,7 @@ client_input_channel_req(int type, u_int32_t seq, void *ctxt) | |||
2073 | packet_put_int(c->remote_id); | 2080 | packet_put_int(c->remote_id); |
2074 | packet_send(); | 2081 | packet_send(); |
2075 | } | 2082 | } |
2076 | xfree(rtype); | 2083 | free(rtype); |
2077 | } | 2084 | } |
2078 | static void | 2085 | static void |
2079 | client_input_global_request(int type, u_int32_t seq, void *ctxt) | 2086 | client_input_global_request(int type, u_int32_t seq, void *ctxt) |
@@ -2092,7 +2099,7 @@ client_input_global_request(int type, u_int32_t seq, void *ctxt) | |||
2092 | packet_send(); | 2099 | packet_send(); |
2093 | packet_write_wait(); | 2100 | packet_write_wait(); |
2094 | } | 2101 | } |
2095 | xfree(rtype); | 2102 | free(rtype); |
2096 | } | 2103 | } |
2097 | 2104 | ||
2098 | void | 2105 | void |
@@ -2142,7 +2149,7 @@ client_session2_setup(int id, int want_tty, int want_subsystem, | |||
2142 | /* Split */ | 2149 | /* Split */ |
2143 | name = xstrdup(env[i]); | 2150 | name = xstrdup(env[i]); |
2144 | if ((val = strchr(name, '=')) == NULL) { | 2151 | if ((val = strchr(name, '=')) == NULL) { |
2145 | xfree(name); | 2152 | free(name); |
2146 | continue; | 2153 | continue; |
2147 | } | 2154 | } |
2148 | *val++ = '\0'; | 2155 | *val++ = '\0'; |
@@ -2156,7 +2163,7 @@ client_session2_setup(int id, int want_tty, int want_subsystem, | |||
2156 | } | 2163 | } |
2157 | if (!matched) { | 2164 | if (!matched) { |
2158 | debug3("Ignored env %s", name); | 2165 | debug3("Ignored env %s", name); |
2159 | xfree(name); | 2166 | free(name); |
2160 | continue; | 2167 | continue; |
2161 | } | 2168 | } |
2162 | 2169 | ||
@@ -2165,7 +2172,7 @@ client_session2_setup(int id, int want_tty, int want_subsystem, | |||
2165 | packet_put_cstring(name); | 2172 | packet_put_cstring(name); |
2166 | packet_put_cstring(val); | 2173 | packet_put_cstring(val); |
2167 | packet_send(); | 2174 | packet_send(); |
2168 | xfree(name); | 2175 | free(name); |
2169 | } | 2176 | } |
2170 | } | 2177 | } |
2171 | 2178 | ||
diff --git a/clientloop.h b/clientloop.h index d2baa0324..338d45186 100644 --- a/clientloop.h +++ b/clientloop.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: clientloop.h,v 1.30 2012/08/17 00:45:45 dtucker Exp $ */ | 1 | /* $OpenBSD: clientloop.h,v 1.31 2013/06/02 23:36:29 dtucker Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
@@ -76,5 +76,4 @@ void muxserver_listen(void); | |||
76 | void muxclient(const char *); | 76 | void muxclient(const char *); |
77 | void mux_exit_message(Channel *, int); | 77 | void mux_exit_message(Channel *, int); |
78 | void mux_tty_alloc_failed(Channel *); | 78 | void mux_tty_alloc_failed(Channel *); |
79 | void mux_master_session_cleanup_cb(int, void *); | ||
80 | 79 | ||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: compat.c,v 1.80 2012/08/17 01:30:00 djm Exp $ */ | 1 | /* $OpenBSD: compat.c,v 1.81 2013/05/17 00:13:13 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -204,7 +204,7 @@ proto_spec(const char *spec) | |||
204 | break; | 204 | break; |
205 | } | 205 | } |
206 | } | 206 | } |
207 | xfree(s); | 207 | free(s); |
208 | return ret; | 208 | return ret; |
209 | } | 209 | } |
210 | 210 | ||
@@ -230,7 +230,7 @@ compat_cipher_proposal(char *cipher_prop) | |||
230 | buffer_append(&b, "\0", 1); | 230 | buffer_append(&b, "\0", 1); |
231 | fix_ciphers = xstrdup(buffer_ptr(&b)); | 231 | fix_ciphers = xstrdup(buffer_ptr(&b)); |
232 | buffer_free(&b); | 232 | buffer_free(&b); |
233 | xfree(orig_prop); | 233 | free(orig_prop); |
234 | debug2("Original cipher proposal: %s", cipher_prop); | 234 | debug2("Original cipher proposal: %s", cipher_prop); |
235 | debug2("Compat cipher proposal: %s", fix_ciphers); | 235 | debug2("Compat cipher proposal: %s", fix_ciphers); |
236 | if (!*fix_ciphers) | 236 | if (!*fix_ciphers) |
diff --git a/config.guess b/config.guess index 78553c4ea..b94cde8ef 100755 --- a/config.guess +++ b/config.guess | |||
@@ -2,9 +2,9 @@ | |||
2 | # Attempt to guess a canonical system name. | 2 | # Attempt to guess a canonical system name. |
3 | # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, | 3 | # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, |
4 | # 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, | 4 | # 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, |
5 | # 2011 Free Software Foundation, Inc. | 5 | # 2011, 2012, 2013 Free Software Foundation, Inc. |
6 | 6 | ||
7 | timestamp='2011-01-23' | 7 | timestamp='2012-12-23' |
8 | 8 | ||
9 | # This file is free software; you can redistribute it and/or modify it | 9 | # This file is free software; you can redistribute it and/or modify it |
10 | # under the terms of the GNU General Public License as published by | 10 | # under the terms of the GNU General Public License as published by |
@@ -17,9 +17,7 @@ timestamp='2011-01-23' | |||
17 | # General Public License for more details. | 17 | # General Public License for more details. |
18 | # | 18 | # |
19 | # You should have received a copy of the GNU General Public License | 19 | # You should have received a copy of the GNU General Public License |
20 | # along with this program; if not, write to the Free Software | 20 | # along with this program; if not, see <http://www.gnu.org/licenses/>. |
21 | # Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA | ||
22 | # 02110-1301, USA. | ||
23 | # | 21 | # |
24 | # As a special exception to the GNU General Public License, if you | 22 | # As a special exception to the GNU General Public License, if you |
25 | # distribute this file as part of a program that contains a | 23 | # distribute this file as part of a program that contains a |
@@ -57,8 +55,8 @@ GNU config.guess ($timestamp) | |||
57 | 55 | ||
58 | Originally written by Per Bothner. | 56 | Originally written by Per Bothner. |
59 | Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, | 57 | Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, |
60 | 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free | 58 | 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, |
61 | Software Foundation, Inc. | 59 | 2012, 2013 Free Software Foundation, Inc. |
62 | 60 | ||
63 | This is free software; see the source for copying conditions. There is NO | 61 | This is free software; see the source for copying conditions. There is NO |
64 | warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." | 62 | warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." |
@@ -145,7 +143,7 @@ UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown | |||
145 | case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in | 143 | case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in |
146 | *:NetBSD:*:*) | 144 | *:NetBSD:*:*) |
147 | # NetBSD (nbsd) targets should (where applicable) match one or | 145 | # NetBSD (nbsd) targets should (where applicable) match one or |
148 | # more of the tupples: *-*-netbsdelf*, *-*-netbsdaout*, | 146 | # more of the tuples: *-*-netbsdelf*, *-*-netbsdaout*, |
149 | # *-*-netbsdecoff* and *-*-netbsd*. For targets that recently | 147 | # *-*-netbsdecoff* and *-*-netbsd*. For targets that recently |
150 | # switched to ELF, *-*-netbsd* would select the old | 148 | # switched to ELF, *-*-netbsd* would select the old |
151 | # object file format. This provides both forward | 149 | # object file format. This provides both forward |
@@ -181,7 +179,7 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in | |||
181 | fi | 179 | fi |
182 | ;; | 180 | ;; |
183 | *) | 181 | *) |
184 | os=netbsd | 182 | os=netbsd |
185 | ;; | 183 | ;; |
186 | esac | 184 | esac |
187 | # The OS release | 185 | # The OS release |
@@ -202,6 +200,10 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in | |||
202 | # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used. | 200 | # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used. |
203 | echo "${machine}-${os}${release}" | 201 | echo "${machine}-${os}${release}" |
204 | exit ;; | 202 | exit ;; |
203 | *:Bitrig:*:*) | ||
204 | UNAME_MACHINE_ARCH=`arch | sed 's/Bitrig.//'` | ||
205 | echo ${UNAME_MACHINE_ARCH}-unknown-bitrig${UNAME_RELEASE} | ||
206 | exit ;; | ||
205 | *:OpenBSD:*:*) | 207 | *:OpenBSD:*:*) |
206 | UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'` | 208 | UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'` |
207 | echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE} | 209 | echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE} |
@@ -224,7 +226,7 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in | |||
224 | UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'` | 226 | UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'` |
225 | ;; | 227 | ;; |
226 | *5.*) | 228 | *5.*) |
227 | UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'` | 229 | UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'` |
228 | ;; | 230 | ;; |
229 | esac | 231 | esac |
230 | # According to Compaq, /usr/sbin/psrinfo has been available on | 232 | # According to Compaq, /usr/sbin/psrinfo has been available on |
@@ -299,12 +301,12 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in | |||
299 | echo s390-ibm-zvmoe | 301 | echo s390-ibm-zvmoe |
300 | exit ;; | 302 | exit ;; |
301 | *:OS400:*:*) | 303 | *:OS400:*:*) |
302 | echo powerpc-ibm-os400 | 304 | echo powerpc-ibm-os400 |
303 | exit ;; | 305 | exit ;; |
304 | arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*) | 306 | arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*) |
305 | echo arm-acorn-riscix${UNAME_RELEASE} | 307 | echo arm-acorn-riscix${UNAME_RELEASE} |
306 | exit ;; | 308 | exit ;; |
307 | arm:riscos:*:*|arm:RISCOS:*:*) | 309 | arm*:riscos:*:*|arm*:RISCOS:*:*) |
308 | echo arm-unknown-riscos | 310 | echo arm-unknown-riscos |
309 | exit ;; | 311 | exit ;; |
310 | SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*) | 312 | SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*) |
@@ -398,23 +400,23 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in | |||
398 | # MiNT. But MiNT is downward compatible to TOS, so this should | 400 | # MiNT. But MiNT is downward compatible to TOS, so this should |
399 | # be no problem. | 401 | # be no problem. |
400 | atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*) | 402 | atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*) |
401 | echo m68k-atari-mint${UNAME_RELEASE} | 403 | echo m68k-atari-mint${UNAME_RELEASE} |
402 | exit ;; | 404 | exit ;; |
403 | atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*) | 405 | atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*) |
404 | echo m68k-atari-mint${UNAME_RELEASE} | 406 | echo m68k-atari-mint${UNAME_RELEASE} |
405 | exit ;; | 407 | exit ;; |
406 | *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*) | 408 | *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*) |
407 | echo m68k-atari-mint${UNAME_RELEASE} | 409 | echo m68k-atari-mint${UNAME_RELEASE} |
408 | exit ;; | 410 | exit ;; |
409 | milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*) | 411 | milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*) |
410 | echo m68k-milan-mint${UNAME_RELEASE} | 412 | echo m68k-milan-mint${UNAME_RELEASE} |
411 | exit ;; | 413 | exit ;; |
412 | hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*) | 414 | hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*) |
413 | echo m68k-hades-mint${UNAME_RELEASE} | 415 | echo m68k-hades-mint${UNAME_RELEASE} |
414 | exit ;; | 416 | exit ;; |
415 | *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*) | 417 | *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*) |
416 | echo m68k-unknown-mint${UNAME_RELEASE} | 418 | echo m68k-unknown-mint${UNAME_RELEASE} |
417 | exit ;; | 419 | exit ;; |
418 | m68k:machten:*:*) | 420 | m68k:machten:*:*) |
419 | echo m68k-apple-machten${UNAME_RELEASE} | 421 | echo m68k-apple-machten${UNAME_RELEASE} |
420 | exit ;; | 422 | exit ;; |
@@ -484,8 +486,8 @@ EOF | |||
484 | echo m88k-motorola-sysv3 | 486 | echo m88k-motorola-sysv3 |
485 | exit ;; | 487 | exit ;; |
486 | AViiON:dgux:*:*) | 488 | AViiON:dgux:*:*) |
487 | # DG/UX returns AViiON for all architectures | 489 | # DG/UX returns AViiON for all architectures |
488 | UNAME_PROCESSOR=`/usr/bin/uname -p` | 490 | UNAME_PROCESSOR=`/usr/bin/uname -p` |
489 | if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ] | 491 | if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ] |
490 | then | 492 | then |
491 | if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \ | 493 | if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \ |
@@ -498,7 +500,7 @@ EOF | |||
498 | else | 500 | else |
499 | echo i586-dg-dgux${UNAME_RELEASE} | 501 | echo i586-dg-dgux${UNAME_RELEASE} |
500 | fi | 502 | fi |
501 | exit ;; | 503 | exit ;; |
502 | M88*:DolphinOS:*:*) # DolphinOS (SVR3) | 504 | M88*:DolphinOS:*:*) # DolphinOS (SVR3) |
503 | echo m88k-dolphin-sysv3 | 505 | echo m88k-dolphin-sysv3 |
504 | exit ;; | 506 | exit ;; |
@@ -598,52 +600,52 @@ EOF | |||
598 | 9000/[678][0-9][0-9]) | 600 | 9000/[678][0-9][0-9]) |
599 | if [ -x /usr/bin/getconf ]; then | 601 | if [ -x /usr/bin/getconf ]; then |
600 | sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null` | 602 | sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null` |
601 | sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null` | 603 | sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null` |
602 | case "${sc_cpu_version}" in | 604 | case "${sc_cpu_version}" in |
603 | 523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0 | 605 | 523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0 |
604 | 528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1 | 606 | 528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1 |
605 | 532) # CPU_PA_RISC2_0 | 607 | 532) # CPU_PA_RISC2_0 |
606 | case "${sc_kernel_bits}" in | 608 | case "${sc_kernel_bits}" in |
607 | 32) HP_ARCH="hppa2.0n" ;; | 609 | 32) HP_ARCH="hppa2.0n" ;; |
608 | 64) HP_ARCH="hppa2.0w" ;; | 610 | 64) HP_ARCH="hppa2.0w" ;; |
609 | '') HP_ARCH="hppa2.0" ;; # HP-UX 10.20 | 611 | '') HP_ARCH="hppa2.0" ;; # HP-UX 10.20 |
610 | esac ;; | 612 | esac ;; |
611 | esac | 613 | esac |
612 | fi | 614 | fi |
613 | if [ "${HP_ARCH}" = "" ]; then | 615 | if [ "${HP_ARCH}" = "" ]; then |
614 | eval $set_cc_for_build | 616 | eval $set_cc_for_build |
615 | sed 's/^ //' << EOF >$dummy.c | 617 | sed 's/^ //' << EOF >$dummy.c |
616 | 618 | ||
617 | #define _HPUX_SOURCE | 619 | #define _HPUX_SOURCE |
618 | #include <stdlib.h> | 620 | #include <stdlib.h> |
619 | #include <unistd.h> | 621 | #include <unistd.h> |
620 | 622 | ||
621 | int main () | 623 | int main () |
622 | { | 624 | { |
623 | #if defined(_SC_KERNEL_BITS) | 625 | #if defined(_SC_KERNEL_BITS) |
624 | long bits = sysconf(_SC_KERNEL_BITS); | 626 | long bits = sysconf(_SC_KERNEL_BITS); |
625 | #endif | 627 | #endif |
626 | long cpu = sysconf (_SC_CPU_VERSION); | 628 | long cpu = sysconf (_SC_CPU_VERSION); |
627 | 629 | ||
628 | switch (cpu) | 630 | switch (cpu) |
629 | { | 631 | { |
630 | case CPU_PA_RISC1_0: puts ("hppa1.0"); break; | 632 | case CPU_PA_RISC1_0: puts ("hppa1.0"); break; |
631 | case CPU_PA_RISC1_1: puts ("hppa1.1"); break; | 633 | case CPU_PA_RISC1_1: puts ("hppa1.1"); break; |
632 | case CPU_PA_RISC2_0: | 634 | case CPU_PA_RISC2_0: |
633 | #if defined(_SC_KERNEL_BITS) | 635 | #if defined(_SC_KERNEL_BITS) |
634 | switch (bits) | 636 | switch (bits) |
635 | { | 637 | { |
636 | case 64: puts ("hppa2.0w"); break; | 638 | case 64: puts ("hppa2.0w"); break; |
637 | case 32: puts ("hppa2.0n"); break; | 639 | case 32: puts ("hppa2.0n"); break; |
638 | default: puts ("hppa2.0"); break; | 640 | default: puts ("hppa2.0"); break; |
639 | } break; | 641 | } break; |
640 | #else /* !defined(_SC_KERNEL_BITS) */ | 642 | #else /* !defined(_SC_KERNEL_BITS) */ |
641 | puts ("hppa2.0"); break; | 643 | puts ("hppa2.0"); break; |
642 | #endif | 644 | #endif |
643 | default: puts ("hppa1.0"); break; | 645 | default: puts ("hppa1.0"); break; |
644 | } | 646 | } |
645 | exit (0); | 647 | exit (0); |
646 | } | 648 | } |
647 | EOF | 649 | EOF |
648 | (CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy` | 650 | (CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy` |
649 | test -z "$HP_ARCH" && HP_ARCH=hppa | 651 | test -z "$HP_ARCH" && HP_ARCH=hppa |
@@ -734,22 +736,22 @@ EOF | |||
734 | exit ;; | 736 | exit ;; |
735 | C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*) | 737 | C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*) |
736 | echo c1-convex-bsd | 738 | echo c1-convex-bsd |
737 | exit ;; | 739 | exit ;; |
738 | C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*) | 740 | C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*) |
739 | if getsysinfo -f scalar_acc | 741 | if getsysinfo -f scalar_acc |
740 | then echo c32-convex-bsd | 742 | then echo c32-convex-bsd |
741 | else echo c2-convex-bsd | 743 | else echo c2-convex-bsd |
742 | fi | 744 | fi |
743 | exit ;; | 745 | exit ;; |
744 | C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*) | 746 | C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*) |
745 | echo c34-convex-bsd | 747 | echo c34-convex-bsd |
746 | exit ;; | 748 | exit ;; |
747 | C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*) | 749 | C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*) |
748 | echo c38-convex-bsd | 750 | echo c38-convex-bsd |
749 | exit ;; | 751 | exit ;; |
750 | C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*) | 752 | C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*) |
751 | echo c4-convex-bsd | 753 | echo c4-convex-bsd |
752 | exit ;; | 754 | exit ;; |
753 | CRAY*Y-MP:*:*:*) | 755 | CRAY*Y-MP:*:*:*) |
754 | echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' | 756 | echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' |
755 | exit ;; | 757 | exit ;; |
@@ -773,14 +775,14 @@ EOF | |||
773 | exit ;; | 775 | exit ;; |
774 | F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*) | 776 | F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*) |
775 | FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` | 777 | FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` |
776 | FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` | 778 | FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` |
777 | FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'` | 779 | FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'` |
778 | echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" | 780 | echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" |
779 | exit ;; | 781 | exit ;; |
780 | 5000:UNIX_System_V:4.*:*) | 782 | 5000:UNIX_System_V:4.*:*) |
781 | FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` | 783 | FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` |
782 | FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'` | 784 | FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'` |
783 | echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" | 785 | echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" |
784 | exit ;; | 786 | exit ;; |
785 | i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*) | 787 | i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*) |
786 | echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE} | 788 | echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE} |
@@ -792,30 +794,35 @@ EOF | |||
792 | echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE} | 794 | echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE} |
793 | exit ;; | 795 | exit ;; |
794 | *:FreeBSD:*:*) | 796 | *:FreeBSD:*:*) |
795 | case ${UNAME_MACHINE} in | 797 | UNAME_PROCESSOR=`/usr/bin/uname -p` |
796 | pc98) | 798 | case ${UNAME_PROCESSOR} in |
797 | echo i386-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; | ||
798 | amd64) | 799 | amd64) |
799 | echo x86_64-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; | 800 | echo x86_64-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; |
800 | *) | 801 | *) |
801 | echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; | 802 | echo ${UNAME_PROCESSOR}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; |
802 | esac | 803 | esac |
803 | exit ;; | 804 | exit ;; |
804 | i*:CYGWIN*:*) | 805 | i*:CYGWIN*:*) |
805 | echo ${UNAME_MACHINE}-pc-cygwin | 806 | echo ${UNAME_MACHINE}-pc-cygwin |
806 | exit ;; | 807 | exit ;; |
808 | *:MINGW64*:*) | ||
809 | echo ${UNAME_MACHINE}-pc-mingw64 | ||
810 | exit ;; | ||
807 | *:MINGW*:*) | 811 | *:MINGW*:*) |
808 | echo ${UNAME_MACHINE}-pc-mingw32 | 812 | echo ${UNAME_MACHINE}-pc-mingw32 |
809 | exit ;; | 813 | exit ;; |
814 | i*:MSYS*:*) | ||
815 | echo ${UNAME_MACHINE}-pc-msys | ||
816 | exit ;; | ||
810 | i*:windows32*:*) | 817 | i*:windows32*:*) |
811 | # uname -m includes "-pc" on this system. | 818 | # uname -m includes "-pc" on this system. |
812 | echo ${UNAME_MACHINE}-mingw32 | 819 | echo ${UNAME_MACHINE}-mingw32 |
813 | exit ;; | 820 | exit ;; |
814 | i*:PW*:*) | 821 | i*:PW*:*) |
815 | echo ${UNAME_MACHINE}-pc-pw32 | 822 | echo ${UNAME_MACHINE}-pc-pw32 |
816 | exit ;; | 823 | exit ;; |
817 | *:Interix*:*) | 824 | *:Interix*:*) |
818 | case ${UNAME_MACHINE} in | 825 | case ${UNAME_MACHINE} in |
819 | x86) | 826 | x86) |
820 | echo i586-pc-interix${UNAME_RELEASE} | 827 | echo i586-pc-interix${UNAME_RELEASE} |
821 | exit ;; | 828 | exit ;; |
@@ -861,6 +868,13 @@ EOF | |||
861 | i*86:Minix:*:*) | 868 | i*86:Minix:*:*) |
862 | echo ${UNAME_MACHINE}-pc-minix | 869 | echo ${UNAME_MACHINE}-pc-minix |
863 | exit ;; | 870 | exit ;; |
871 | aarch64:Linux:*:*) | ||
872 | echo ${UNAME_MACHINE}-unknown-linux-gnu | ||
873 | exit ;; | ||
874 | aarch64_be:Linux:*:*) | ||
875 | UNAME_MACHINE=aarch64_be | ||
876 | echo ${UNAME_MACHINE}-unknown-linux-gnu | ||
877 | exit ;; | ||
864 | alpha:Linux:*:*) | 878 | alpha:Linux:*:*) |
865 | case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in | 879 | case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in |
866 | EV5) UNAME_MACHINE=alphaev5 ;; | 880 | EV5) UNAME_MACHINE=alphaev5 ;; |
@@ -870,7 +884,7 @@ EOF | |||
870 | EV6) UNAME_MACHINE=alphaev6 ;; | 884 | EV6) UNAME_MACHINE=alphaev6 ;; |
871 | EV67) UNAME_MACHINE=alphaev67 ;; | 885 | EV67) UNAME_MACHINE=alphaev67 ;; |
872 | EV68*) UNAME_MACHINE=alphaev68 ;; | 886 | EV68*) UNAME_MACHINE=alphaev68 ;; |
873 | esac | 887 | esac |
874 | objdump --private-headers /bin/sh | grep -q ld.so.1 | 888 | objdump --private-headers /bin/sh | grep -q ld.so.1 |
875 | if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi | 889 | if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi |
876 | echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC} | 890 | echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC} |
@@ -882,20 +896,29 @@ EOF | |||
882 | then | 896 | then |
883 | echo ${UNAME_MACHINE}-unknown-linux-gnu | 897 | echo ${UNAME_MACHINE}-unknown-linux-gnu |
884 | else | 898 | else |
885 | echo ${UNAME_MACHINE}-unknown-linux-gnueabi | 899 | if echo __ARM_PCS_VFP | $CC_FOR_BUILD -E - 2>/dev/null \ |
900 | | grep -q __ARM_PCS_VFP | ||
901 | then | ||
902 | echo ${UNAME_MACHINE}-unknown-linux-gnueabi | ||
903 | else | ||
904 | echo ${UNAME_MACHINE}-unknown-linux-gnueabihf | ||
905 | fi | ||
886 | fi | 906 | fi |
887 | exit ;; | 907 | exit ;; |
888 | avr32*:Linux:*:*) | 908 | avr32*:Linux:*:*) |
889 | echo ${UNAME_MACHINE}-unknown-linux-gnu | 909 | echo ${UNAME_MACHINE}-unknown-linux-gnu |
890 | exit ;; | 910 | exit ;; |
891 | cris:Linux:*:*) | 911 | cris:Linux:*:*) |
892 | echo cris-axis-linux-gnu | 912 | echo ${UNAME_MACHINE}-axis-linux-gnu |
893 | exit ;; | 913 | exit ;; |
894 | crisv32:Linux:*:*) | 914 | crisv32:Linux:*:*) |
895 | echo crisv32-axis-linux-gnu | 915 | echo ${UNAME_MACHINE}-axis-linux-gnu |
896 | exit ;; | 916 | exit ;; |
897 | frv:Linux:*:*) | 917 | frv:Linux:*:*) |
898 | echo frv-unknown-linux-gnu | 918 | echo ${UNAME_MACHINE}-unknown-linux-gnu |
919 | exit ;; | ||
920 | hexagon:Linux:*:*) | ||
921 | echo ${UNAME_MACHINE}-unknown-linux-gnu | ||
899 | exit ;; | 922 | exit ;; |
900 | i*86:Linux:*:*) | 923 | i*86:Linux:*:*) |
901 | LIBC=gnu | 924 | LIBC=gnu |
@@ -937,7 +960,7 @@ EOF | |||
937 | test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; } | 960 | test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; } |
938 | ;; | 961 | ;; |
939 | or32:Linux:*:*) | 962 | or32:Linux:*:*) |
940 | echo or32-unknown-linux-gnu | 963 | echo ${UNAME_MACHINE}-unknown-linux-gnu |
941 | exit ;; | 964 | exit ;; |
942 | padre:Linux:*:*) | 965 | padre:Linux:*:*) |
943 | echo sparc-unknown-linux-gnu | 966 | echo sparc-unknown-linux-gnu |
@@ -963,7 +986,7 @@ EOF | |||
963 | echo ${UNAME_MACHINE}-ibm-linux | 986 | echo ${UNAME_MACHINE}-ibm-linux |
964 | exit ;; | 987 | exit ;; |
965 | sh64*:Linux:*:*) | 988 | sh64*:Linux:*:*) |
966 | echo ${UNAME_MACHINE}-unknown-linux-gnu | 989 | echo ${UNAME_MACHINE}-unknown-linux-gnu |
967 | exit ;; | 990 | exit ;; |
968 | sh*:Linux:*:*) | 991 | sh*:Linux:*:*) |
969 | echo ${UNAME_MACHINE}-unknown-linux-gnu | 992 | echo ${UNAME_MACHINE}-unknown-linux-gnu |
@@ -972,16 +995,16 @@ EOF | |||
972 | echo ${UNAME_MACHINE}-unknown-linux-gnu | 995 | echo ${UNAME_MACHINE}-unknown-linux-gnu |
973 | exit ;; | 996 | exit ;; |
974 | tile*:Linux:*:*) | 997 | tile*:Linux:*:*) |
975 | echo ${UNAME_MACHINE}-tilera-linux-gnu | 998 | echo ${UNAME_MACHINE}-unknown-linux-gnu |
976 | exit ;; | 999 | exit ;; |
977 | vax:Linux:*:*) | 1000 | vax:Linux:*:*) |
978 | echo ${UNAME_MACHINE}-dec-linux-gnu | 1001 | echo ${UNAME_MACHINE}-dec-linux-gnu |
979 | exit ;; | 1002 | exit ;; |
980 | x86_64:Linux:*:*) | 1003 | x86_64:Linux:*:*) |
981 | echo x86_64-unknown-linux-gnu | 1004 | echo ${UNAME_MACHINE}-unknown-linux-gnu |
982 | exit ;; | 1005 | exit ;; |
983 | xtensa*:Linux:*:*) | 1006 | xtensa*:Linux:*:*) |
984 | echo ${UNAME_MACHINE}-unknown-linux-gnu | 1007 | echo ${UNAME_MACHINE}-unknown-linux-gnu |
985 | exit ;; | 1008 | exit ;; |
986 | i*86:DYNIX/ptx:4*:*) | 1009 | i*86:DYNIX/ptx:4*:*) |
987 | # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. | 1010 | # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. |
@@ -990,11 +1013,11 @@ EOF | |||
990 | echo i386-sequent-sysv4 | 1013 | echo i386-sequent-sysv4 |
991 | exit ;; | 1014 | exit ;; |
992 | i*86:UNIX_SV:4.2MP:2.*) | 1015 | i*86:UNIX_SV:4.2MP:2.*) |
993 | # Unixware is an offshoot of SVR4, but it has its own version | 1016 | # Unixware is an offshoot of SVR4, but it has its own version |
994 | # number series starting with 2... | 1017 | # number series starting with 2... |
995 | # I am not positive that other SVR4 systems won't match this, | 1018 | # I am not positive that other SVR4 systems won't match this, |
996 | # I just have to hope. -- rms. | 1019 | # I just have to hope. -- rms. |
997 | # Use sysv4.2uw... so that sysv4* matches it. | 1020 | # Use sysv4.2uw... so that sysv4* matches it. |
998 | echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION} | 1021 | echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION} |
999 | exit ;; | 1022 | exit ;; |
1000 | i*86:OS/2:*:*) | 1023 | i*86:OS/2:*:*) |
@@ -1026,7 +1049,7 @@ EOF | |||
1026 | fi | 1049 | fi |
1027 | exit ;; | 1050 | exit ;; |
1028 | i*86:*:5:[678]*) | 1051 | i*86:*:5:[678]*) |
1029 | # UnixWare 7.x, OpenUNIX and OpenServer 6. | 1052 | # UnixWare 7.x, OpenUNIX and OpenServer 6. |
1030 | case `/bin/uname -X | grep "^Machine"` in | 1053 | case `/bin/uname -X | grep "^Machine"` in |
1031 | *486*) UNAME_MACHINE=i486 ;; | 1054 | *486*) UNAME_MACHINE=i486 ;; |
1032 | *Pentium) UNAME_MACHINE=i586 ;; | 1055 | *Pentium) UNAME_MACHINE=i586 ;; |
@@ -1054,13 +1077,13 @@ EOF | |||
1054 | exit ;; | 1077 | exit ;; |
1055 | pc:*:*:*) | 1078 | pc:*:*:*) |
1056 | # Left here for compatibility: | 1079 | # Left here for compatibility: |
1057 | # uname -m prints for DJGPP always 'pc', but it prints nothing about | 1080 | # uname -m prints for DJGPP always 'pc', but it prints nothing about |
1058 | # the processor, so we play safe by assuming i586. | 1081 | # the processor, so we play safe by assuming i586. |
1059 | # Note: whatever this is, it MUST be the same as what config.sub | 1082 | # Note: whatever this is, it MUST be the same as what config.sub |
1060 | # prints for the "djgpp" host, or else GDB configury will decide that | 1083 | # prints for the "djgpp" host, or else GDB configury will decide that |
1061 | # this is a cross-build. | 1084 | # this is a cross-build. |
1062 | echo i586-pc-msdosdjgpp | 1085 | echo i586-pc-msdosdjgpp |
1063 | exit ;; | 1086 | exit ;; |
1064 | Intel:Mach:3*:*) | 1087 | Intel:Mach:3*:*) |
1065 | echo i386-pc-mach3 | 1088 | echo i386-pc-mach3 |
1066 | exit ;; | 1089 | exit ;; |
@@ -1095,8 +1118,8 @@ EOF | |||
1095 | /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ | 1118 | /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ |
1096 | && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;; | 1119 | && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;; |
1097 | 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*) | 1120 | 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*) |
1098 | /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ | 1121 | /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ |
1099 | && { echo i486-ncr-sysv4; exit; } ;; | 1122 | && { echo i486-ncr-sysv4; exit; } ;; |
1100 | NCR*:*:4.2:* | MPRAS*:*:4.2:*) | 1123 | NCR*:*:4.2:* | MPRAS*:*:4.2:*) |
1101 | OS_REL='.3' | 1124 | OS_REL='.3' |
1102 | test -r /etc/.relid \ | 1125 | test -r /etc/.relid \ |
@@ -1139,10 +1162,10 @@ EOF | |||
1139 | echo ns32k-sni-sysv | 1162 | echo ns32k-sni-sysv |
1140 | fi | 1163 | fi |
1141 | exit ;; | 1164 | exit ;; |
1142 | PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort | 1165 | PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort |
1143 | # says <Richard.M.Bartel@ccMail.Census.GOV> | 1166 | # says <Richard.M.Bartel@ccMail.Census.GOV> |
1144 | echo i586-unisys-sysv4 | 1167 | echo i586-unisys-sysv4 |
1145 | exit ;; | 1168 | exit ;; |
1146 | *:UNIX_System_V:4*:FTX*) | 1169 | *:UNIX_System_V:4*:FTX*) |
1147 | # From Gerald Hewes <hewes@openmarket.com>. | 1170 | # From Gerald Hewes <hewes@openmarket.com>. |
1148 | # How about differentiating between stratus architectures? -djm | 1171 | # How about differentiating between stratus architectures? -djm |
@@ -1168,11 +1191,11 @@ EOF | |||
1168 | exit ;; | 1191 | exit ;; |
1169 | R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*) | 1192 | R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*) |
1170 | if [ -d /usr/nec ]; then | 1193 | if [ -d /usr/nec ]; then |
1171 | echo mips-nec-sysv${UNAME_RELEASE} | 1194 | echo mips-nec-sysv${UNAME_RELEASE} |
1172 | else | 1195 | else |
1173 | echo mips-unknown-sysv${UNAME_RELEASE} | 1196 | echo mips-unknown-sysv${UNAME_RELEASE} |
1174 | fi | 1197 | fi |
1175 | exit ;; | 1198 | exit ;; |
1176 | BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only. | 1199 | BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only. |
1177 | echo powerpc-be-beos | 1200 | echo powerpc-be-beos |
1178 | exit ;; | 1201 | exit ;; |
@@ -1185,6 +1208,9 @@ EOF | |||
1185 | BePC:Haiku:*:*) # Haiku running on Intel PC compatible. | 1208 | BePC:Haiku:*:*) # Haiku running on Intel PC compatible. |
1186 | echo i586-pc-haiku | 1209 | echo i586-pc-haiku |
1187 | exit ;; | 1210 | exit ;; |
1211 | x86_64:Haiku:*:*) | ||
1212 | echo x86_64-unknown-haiku | ||
1213 | exit ;; | ||
1188 | SX-4:SUPER-UX:*:*) | 1214 | SX-4:SUPER-UX:*:*) |
1189 | echo sx4-nec-superux${UNAME_RELEASE} | 1215 | echo sx4-nec-superux${UNAME_RELEASE} |
1190 | exit ;; | 1216 | exit ;; |
@@ -1240,7 +1266,7 @@ EOF | |||
1240 | NEO-?:NONSTOP_KERNEL:*:*) | 1266 | NEO-?:NONSTOP_KERNEL:*:*) |
1241 | echo neo-tandem-nsk${UNAME_RELEASE} | 1267 | echo neo-tandem-nsk${UNAME_RELEASE} |
1242 | exit ;; | 1268 | exit ;; |
1243 | NSE-?:NONSTOP_KERNEL:*:*) | 1269 | NSE-*:NONSTOP_KERNEL:*:*) |
1244 | echo nse-tandem-nsk${UNAME_RELEASE} | 1270 | echo nse-tandem-nsk${UNAME_RELEASE} |
1245 | exit ;; | 1271 | exit ;; |
1246 | NSR-?:NONSTOP_KERNEL:*:*) | 1272 | NSR-?:NONSTOP_KERNEL:*:*) |
@@ -1285,13 +1311,13 @@ EOF | |||
1285 | echo pdp10-unknown-its | 1311 | echo pdp10-unknown-its |
1286 | exit ;; | 1312 | exit ;; |
1287 | SEI:*:*:SEIUX) | 1313 | SEI:*:*:SEIUX) |
1288 | echo mips-sei-seiux${UNAME_RELEASE} | 1314 | echo mips-sei-seiux${UNAME_RELEASE} |
1289 | exit ;; | 1315 | exit ;; |
1290 | *:DragonFly:*:*) | 1316 | *:DragonFly:*:*) |
1291 | echo ${UNAME_MACHINE}-unknown-dragonfly`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` | 1317 | echo ${UNAME_MACHINE}-unknown-dragonfly`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` |
1292 | exit ;; | 1318 | exit ;; |
1293 | *:*VMS:*:*) | 1319 | *:*VMS:*:*) |
1294 | UNAME_MACHINE=`(uname -p) 2>/dev/null` | 1320 | UNAME_MACHINE=`(uname -p) 2>/dev/null` |
1295 | case "${UNAME_MACHINE}" in | 1321 | case "${UNAME_MACHINE}" in |
1296 | A*) echo alpha-dec-vms ; exit ;; | 1322 | A*) echo alpha-dec-vms ; exit ;; |
1297 | I*) echo ia64-dec-vms ; exit ;; | 1323 | I*) echo ia64-dec-vms ; exit ;; |
@@ -1309,11 +1335,11 @@ EOF | |||
1309 | i*86:AROS:*:*) | 1335 | i*86:AROS:*:*) |
1310 | echo ${UNAME_MACHINE}-pc-aros | 1336 | echo ${UNAME_MACHINE}-pc-aros |
1311 | exit ;; | 1337 | exit ;; |
1338 | x86_64:VMkernel:*:*) | ||
1339 | echo ${UNAME_MACHINE}-unknown-esx | ||
1340 | exit ;; | ||
1312 | esac | 1341 | esac |
1313 | 1342 | ||
1314 | #echo '(No uname command or uname output not recognized.)' 1>&2 | ||
1315 | #echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2 | ||
1316 | |||
1317 | eval $set_cc_for_build | 1343 | eval $set_cc_for_build |
1318 | cat >$dummy.c <<EOF | 1344 | cat >$dummy.c <<EOF |
1319 | #ifdef _SEQUENT_ | 1345 | #ifdef _SEQUENT_ |
@@ -1331,11 +1357,11 @@ main () | |||
1331 | #include <sys/param.h> | 1357 | #include <sys/param.h> |
1332 | printf ("m68k-sony-newsos%s\n", | 1358 | printf ("m68k-sony-newsos%s\n", |
1333 | #ifdef NEWSOS4 | 1359 | #ifdef NEWSOS4 |
1334 | "4" | 1360 | "4" |
1335 | #else | 1361 | #else |
1336 | "" | 1362 | "" |
1337 | #endif | 1363 | #endif |
1338 | ); exit (0); | 1364 | ); exit (0); |
1339 | #endif | 1365 | #endif |
1340 | #endif | 1366 | #endif |
1341 | 1367 | ||
diff --git a/config.h.in b/config.h.in index 67858ef6d..34f1c9c53 100644 --- a/config.h.in +++ b/config.h.in | |||
@@ -230,6 +230,9 @@ | |||
230 | /* Define to 1 if you have the `clock' function. */ | 230 | /* Define to 1 if you have the `clock' function. */ |
231 | #undef HAVE_CLOCK | 231 | #undef HAVE_CLOCK |
232 | 232 | ||
233 | /* Have clock_gettime */ | ||
234 | #undef HAVE_CLOCK_GETTIME | ||
235 | |||
233 | /* define if you have clock_t data type */ | 236 | /* define if you have clock_t data type */ |
234 | #undef HAVE_CLOCK_T | 237 | #undef HAVE_CLOCK_T |
235 | 238 | ||
@@ -242,6 +245,9 @@ | |||
242 | /* Define if your system uses ancillary data style file descriptor passing */ | 245 | /* Define if your system uses ancillary data style file descriptor passing */ |
243 | #undef HAVE_CONTROL_IN_MSGHDR | 246 | #undef HAVE_CONTROL_IN_MSGHDR |
244 | 247 | ||
248 | /* Define to 1 if you have the `crypt' function. */ | ||
249 | #undef HAVE_CRYPT | ||
250 | |||
245 | /* Define to 1 if you have the <crypto/sha2.h> header file. */ | 251 | /* Define to 1 if you have the <crypto/sha2.h> header file. */ |
246 | #undef HAVE_CRYPTO_SHA2_H | 252 | #undef HAVE_CRYPTO_SHA2_H |
247 | 253 | ||
@@ -266,6 +272,10 @@ | |||
266 | and to 0 if you don't. */ | 272 | and to 0 if you don't. */ |
267 | #undef HAVE_DECL_GSS_C_NT_HOSTBASED_SERVICE | 273 | #undef HAVE_DECL_GSS_C_NT_HOSTBASED_SERVICE |
268 | 274 | ||
275 | /* Define to 1 if you have the declaration of `howmany', and to 0 if you | ||
276 | don't. */ | ||
277 | #undef HAVE_DECL_HOWMANY | ||
278 | |||
269 | /* Define to 1 if you have the declaration of `h_errno', and to 0 if you | 279 | /* Define to 1 if you have the declaration of `h_errno', and to 0 if you |
270 | don't. */ | 280 | don't. */ |
271 | #undef HAVE_DECL_H_ERRNO | 281 | #undef HAVE_DECL_H_ERRNO |
@@ -286,6 +296,10 @@ | |||
286 | don't. */ | 296 | don't. */ |
287 | #undef HAVE_DECL_MAXSYMLINKS | 297 | #undef HAVE_DECL_MAXSYMLINKS |
288 | 298 | ||
299 | /* Define to 1 if you have the declaration of `NFDBITS', and to 0 if you | ||
300 | don't. */ | ||
301 | #undef HAVE_DECL_NFDBITS | ||
302 | |||
289 | /* Define to 1 if you have the declaration of `offsetof', and to 0 if you | 303 | /* Define to 1 if you have the declaration of `offsetof', and to 0 if you |
290 | don't. */ | 304 | don't. */ |
291 | #undef HAVE_DECL_OFFSETOF | 305 | #undef HAVE_DECL_OFFSETOF |
@@ -318,6 +332,9 @@ | |||
318 | don't. */ | 332 | don't. */ |
319 | #undef HAVE_DECL__GETSHORT | 333 | #undef HAVE_DECL__GETSHORT |
320 | 334 | ||
335 | /* Define to 1 if you have the `DES_crypt' function. */ | ||
336 | #undef HAVE_DES_CRYPT | ||
337 | |||
321 | /* Define if you have /dev/ptmx */ | 338 | /* Define if you have /dev/ptmx */ |
322 | #undef HAVE_DEV_PTMX | 339 | #undef HAVE_DEV_PTMX |
323 | 340 | ||
@@ -339,6 +356,9 @@ | |||
339 | /* Define to 1 if you have the <elf.h> header file. */ | 356 | /* Define to 1 if you have the <elf.h> header file. */ |
340 | #undef HAVE_ELF_H | 357 | #undef HAVE_ELF_H |
341 | 358 | ||
359 | /* Define to 1 if you have the `endgrent' function. */ | ||
360 | #undef HAVE_ENDGRENT | ||
361 | |||
342 | /* Define to 1 if you have the <endian.h> header file. */ | 362 | /* Define to 1 if you have the <endian.h> header file. */ |
343 | #undef HAVE_ENDIAN_H | 363 | #undef HAVE_ENDIAN_H |
344 | 364 | ||
@@ -372,6 +392,9 @@ | |||
372 | /* Define to 1 if you have the <fcntl.h> header file. */ | 392 | /* Define to 1 if you have the <fcntl.h> header file. */ |
373 | #undef HAVE_FCNTL_H | 393 | #undef HAVE_FCNTL_H |
374 | 394 | ||
395 | /* Define to 1 if the system has the type `fd_mask'. */ | ||
396 | #undef HAVE_FD_MASK | ||
397 | |||
375 | /* Define to 1 if you have the <features.h> header file. */ | 398 | /* Define to 1 if you have the <features.h> header file. */ |
376 | #undef HAVE_FEATURES_H | 399 | #undef HAVE_FEATURES_H |
377 | 400 | ||
@@ -576,6 +599,15 @@ | |||
576 | /* Define if you have isblank(3C). */ | 599 | /* Define if you have isblank(3C). */ |
577 | #undef HAVE_ISBLANK | 600 | #undef HAVE_ISBLANK |
578 | 601 | ||
602 | /* Define to 1 if you have the `krb5_cc_new_unique' function. */ | ||
603 | #undef HAVE_KRB5_CC_NEW_UNIQUE | ||
604 | |||
605 | /* Define to 1 if you have the `krb5_free_error_message' function. */ | ||
606 | #undef HAVE_KRB5_FREE_ERROR_MESSAGE | ||
607 | |||
608 | /* Define to 1 if you have the `krb5_get_error_message' function. */ | ||
609 | #undef HAVE_KRB5_GET_ERROR_MESSAGE | ||
610 | |||
579 | /* Define to 1 if you have the <lastlog.h> header file. */ | 611 | /* Define to 1 if you have the <lastlog.h> header file. */ |
580 | #undef HAVE_LASTLOG_H | 612 | #undef HAVE_LASTLOG_H |
581 | 613 | ||
@@ -636,6 +668,9 @@ | |||
636 | /* Define to 1 if you have the <linux/seccomp.h> header file. */ | 668 | /* Define to 1 if you have the <linux/seccomp.h> header file. */ |
637 | #undef HAVE_LINUX_SECCOMP_H | 669 | #undef HAVE_LINUX_SECCOMP_H |
638 | 670 | ||
671 | /* Define to 1 if you have the <locale.h> header file. */ | ||
672 | #undef HAVE_LOCALE_H | ||
673 | |||
639 | /* Define to 1 if you have the `login' function. */ | 674 | /* Define to 1 if you have the `login' function. */ |
640 | #undef HAVE_LOGIN | 675 | #undef HAVE_LOGIN |
641 | 676 | ||
@@ -663,6 +698,9 @@ | |||
663 | /* Define to 1 if you have the <maillock.h> header file. */ | 698 | /* Define to 1 if you have the <maillock.h> header file. */ |
664 | #undef HAVE_MAILLOCK_H | 699 | #undef HAVE_MAILLOCK_H |
665 | 700 | ||
701 | /* Define to 1 if you have the `mblen' function. */ | ||
702 | #undef HAVE_MBLEN | ||
703 | |||
666 | /* Define to 1 if you have the `md5_crypt' function. */ | 704 | /* Define to 1 if you have the `md5_crypt' function. */ |
667 | #undef HAVE_MD5_CRYPT | 705 | #undef HAVE_MD5_CRYPT |
668 | 706 | ||
@@ -769,15 +807,6 @@ | |||
769 | /* Define to 1 if you have the `pututxline' function. */ | 807 | /* Define to 1 if you have the `pututxline' function. */ |
770 | #undef HAVE_PUTUTXLINE | 808 | #undef HAVE_PUTUTXLINE |
771 | 809 | ||
772 | /* Define if your password has a pw_change field */ | ||
773 | #undef HAVE_PW_CHANGE_IN_PASSWD | ||
774 | |||
775 | /* Define if your password has a pw_class field */ | ||
776 | #undef HAVE_PW_CLASS_IN_PASSWD | ||
777 | |||
778 | /* Define if your password has a pw_expire field */ | ||
779 | #undef HAVE_PW_EXPIRE_IN_PASSWD | ||
780 | |||
781 | /* Define to 1 if you have the `readpassphrase' function. */ | 810 | /* Define to 1 if you have the `readpassphrase' function. */ |
782 | #undef HAVE_READPASSPHRASE | 811 | #undef HAVE_READPASSPHRASE |
783 | 812 | ||
@@ -814,6 +843,9 @@ | |||
814 | /* define if you have sa_family_t data type */ | 843 | /* define if you have sa_family_t data type */ |
815 | #undef HAVE_SA_FAMILY_T | 844 | #undef HAVE_SA_FAMILY_T |
816 | 845 | ||
846 | /* Define to 1 if you have the `scan_scaled' function. */ | ||
847 | #undef HAVE_SCAN_SCALED | ||
848 | |||
817 | /* Define if you have SecureWare-based protected password database */ | 849 | /* Define if you have SecureWare-based protected password database */ |
818 | #undef HAVE_SECUREWARE | 850 | #undef HAVE_SECUREWARE |
819 | 851 | ||
@@ -1003,6 +1035,18 @@ | |||
1003 | /* define if you have struct in6_addr data type */ | 1035 | /* define if you have struct in6_addr data type */ |
1004 | #undef HAVE_STRUCT_IN6_ADDR | 1036 | #undef HAVE_STRUCT_IN6_ADDR |
1005 | 1037 | ||
1038 | /* Define to 1 if `pw_change' is a member of `struct passwd'. */ | ||
1039 | #undef HAVE_STRUCT_PASSWD_PW_CHANGE | ||
1040 | |||
1041 | /* Define to 1 if `pw_class' is a member of `struct passwd'. */ | ||
1042 | #undef HAVE_STRUCT_PASSWD_PW_CLASS | ||
1043 | |||
1044 | /* Define to 1 if `pw_expire' is a member of `struct passwd'. */ | ||
1045 | #undef HAVE_STRUCT_PASSWD_PW_EXPIRE | ||
1046 | |||
1047 | /* Define to 1 if `pw_gecos' is a member of `struct passwd'. */ | ||
1048 | #undef HAVE_STRUCT_PASSWD_PW_GECOS | ||
1049 | |||
1006 | /* define if you have struct sockaddr_in6 data type */ | 1050 | /* define if you have struct sockaddr_in6 data type */ |
1007 | #undef HAVE_STRUCT_SOCKADDR_IN6 | 1051 | #undef HAVE_STRUCT_SOCKADDR_IN6 |
1008 | 1052 | ||
@@ -1323,15 +1367,6 @@ | |||
1323 | /* Set this to your mail directory if you do not have _PATH_MAILDIR */ | 1367 | /* Set this to your mail directory if you do not have _PATH_MAILDIR */ |
1324 | #undef MAIL_DIRECTORY | 1368 | #undef MAIL_DIRECTORY |
1325 | 1369 | ||
1326 | /* Define on *nto-qnx systems */ | ||
1327 | #undef MISSING_FD_MASK | ||
1328 | |||
1329 | /* Define on *nto-qnx systems */ | ||
1330 | #undef MISSING_HOWMANY | ||
1331 | |||
1332 | /* Define on *nto-qnx systems */ | ||
1333 | #undef MISSING_NFDBITS | ||
1334 | |||
1335 | /* Need setpgrp to acquire controlling tty */ | 1370 | /* Need setpgrp to acquire controlling tty */ |
1336 | #undef NEED_SETPGRP | 1371 | #undef NEED_SETPGRP |
1337 | 1372 | ||
diff --git a/config.sub b/config.sub index 2d8169626..eee8dccb0 100755 --- a/config.sub +++ b/config.sub | |||
@@ -2,9 +2,9 @@ | |||
2 | # Configuration validation subroutine script. | 2 | # Configuration validation subroutine script. |
3 | # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, | 3 | # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, |
4 | # 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, | 4 | # 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, |
5 | # 2011 Free Software Foundation, Inc. | 5 | # 2011, 2012, 2013 Free Software Foundation, Inc. |
6 | 6 | ||
7 | timestamp='2011-01-01' | 7 | timestamp='2012-12-23' |
8 | 8 | ||
9 | # This file is (in principle) common to ALL GNU software. | 9 | # This file is (in principle) common to ALL GNU software. |
10 | # The presence of a machine in this file suggests that SOME GNU software | 10 | # The presence of a machine in this file suggests that SOME GNU software |
@@ -21,9 +21,7 @@ timestamp='2011-01-01' | |||
21 | # GNU General Public License for more details. | 21 | # GNU General Public License for more details. |
22 | # | 22 | # |
23 | # You should have received a copy of the GNU General Public License | 23 | # You should have received a copy of the GNU General Public License |
24 | # along with this program; if not, write to the Free Software | 24 | # along with this program; if not, see <http://www.gnu.org/licenses/>. |
25 | # Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA | ||
26 | # 02110-1301, USA. | ||
27 | # | 25 | # |
28 | # As a special exception to the GNU General Public License, if you | 26 | # As a special exception to the GNU General Public License, if you |
29 | # distribute this file as part of a program that contains a | 27 | # distribute this file as part of a program that contains a |
@@ -76,8 +74,8 @@ version="\ | |||
76 | GNU config.sub ($timestamp) | 74 | GNU config.sub ($timestamp) |
77 | 75 | ||
78 | Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, | 76 | Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, |
79 | 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free | 77 | 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, |
80 | Software Foundation, Inc. | 78 | 2012, 2013 Free Software Foundation, Inc. |
81 | 79 | ||
82 | This is free software; see the source for copying conditions. There is NO | 80 | This is free software; see the source for copying conditions. There is NO |
83 | warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." | 81 | warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." |
@@ -125,13 +123,17 @@ esac | |||
125 | maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` | 123 | maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` |
126 | case $maybe_os in | 124 | case $maybe_os in |
127 | nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc | linux-newlib* | \ | 125 | nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc | linux-newlib* | \ |
128 | linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \ | 126 | linux-musl* | linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \ |
129 | knetbsd*-gnu* | netbsd*-gnu* | \ | 127 | knetbsd*-gnu* | netbsd*-gnu* | \ |
130 | kopensolaris*-gnu* | \ | 128 | kopensolaris*-gnu* | \ |
131 | storm-chaos* | os2-emx* | rtmk-nova*) | 129 | storm-chaos* | os2-emx* | rtmk-nova*) |
132 | os=-$maybe_os | 130 | os=-$maybe_os |
133 | basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'` | 131 | basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'` |
134 | ;; | 132 | ;; |
133 | android-linux) | ||
134 | os=-linux-android | ||
135 | basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`-unknown | ||
136 | ;; | ||
135 | *) | 137 | *) |
136 | basic_machine=`echo $1 | sed 's/-[^-]*$//'` | 138 | basic_machine=`echo $1 | sed 's/-[^-]*$//'` |
137 | if [ $basic_machine != $1 ] | 139 | if [ $basic_machine != $1 ] |
@@ -154,12 +156,12 @@ case $os in | |||
154 | -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\ | 156 | -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\ |
155 | -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \ | 157 | -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \ |
156 | -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \ | 158 | -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \ |
157 | -apple | -axis | -knuth | -cray | -microblaze) | 159 | -apple | -axis | -knuth | -cray | -microblaze*) |
158 | os= | 160 | os= |
159 | basic_machine=$1 | 161 | basic_machine=$1 |
160 | ;; | 162 | ;; |
161 | -bluegene*) | 163 | -bluegene*) |
162 | os=-cnk | 164 | os=-cnk |
163 | ;; | 165 | ;; |
164 | -sim | -cisco | -oki | -wec | -winbond) | 166 | -sim | -cisco | -oki | -wec | -winbond) |
165 | os= | 167 | os= |
@@ -175,10 +177,10 @@ case $os in | |||
175 | os=-chorusos | 177 | os=-chorusos |
176 | basic_machine=$1 | 178 | basic_machine=$1 |
177 | ;; | 179 | ;; |
178 | -chorusrdb) | 180 | -chorusrdb) |
179 | os=-chorusrdb | 181 | os=-chorusrdb |
180 | basic_machine=$1 | 182 | basic_machine=$1 |
181 | ;; | 183 | ;; |
182 | -hiux*) | 184 | -hiux*) |
183 | os=-hiuxwe2 | 185 | os=-hiuxwe2 |
184 | ;; | 186 | ;; |
@@ -223,6 +225,12 @@ case $os in | |||
223 | -isc*) | 225 | -isc*) |
224 | basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` | 226 | basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` |
225 | ;; | 227 | ;; |
228 | -lynx*178) | ||
229 | os=-lynxos178 | ||
230 | ;; | ||
231 | -lynx*5) | ||
232 | os=-lynxos5 | ||
233 | ;; | ||
226 | -lynx*) | 234 | -lynx*) |
227 | os=-lynxos | 235 | os=-lynxos |
228 | ;; | 236 | ;; |
@@ -247,20 +255,27 @@ case $basic_machine in | |||
247 | # Some are omitted here because they have special meanings below. | 255 | # Some are omitted here because they have special meanings below. |
248 | 1750a | 580 \ | 256 | 1750a | 580 \ |
249 | | a29k \ | 257 | | a29k \ |
258 | | aarch64 | aarch64_be \ | ||
250 | | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \ | 259 | | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \ |
251 | | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \ | 260 | | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \ |
252 | | am33_2.0 \ | 261 | | am33_2.0 \ |
253 | | arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr | avr32 \ | 262 | | arc \ |
263 | | arm | arm[bl]e | arme[lb] | armv[2-8] | armv[3-8][lb] | armv7[arm] \ | ||
264 | | avr | avr32 \ | ||
265 | | be32 | be64 \ | ||
254 | | bfin \ | 266 | | bfin \ |
255 | | c4x | clipper \ | 267 | | c4x | clipper \ |
256 | | d10v | d30v | dlx | dsp16xx \ | 268 | | d10v | d30v | dlx | dsp16xx \ |
269 | | epiphany \ | ||
257 | | fido | fr30 | frv \ | 270 | | fido | fr30 | frv \ |
258 | | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ | 271 | | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ |
272 | | hexagon \ | ||
259 | | i370 | i860 | i960 | ia64 \ | 273 | | i370 | i860 | i960 | ia64 \ |
260 | | ip2k | iq2000 \ | 274 | | ip2k | iq2000 \ |
275 | | le32 | le64 \ | ||
261 | | lm32 \ | 276 | | lm32 \ |
262 | | m32c | m32r | m32rle | m68000 | m68k | m88k \ | 277 | | m32c | m32r | m32rle | m68000 | m68k | m88k \ |
263 | | maxq | mb | microblaze | mcore | mep | metag \ | 278 | | maxq | mb | microblaze | microblazeel | mcore | mep | metag \ |
264 | | mips | mipsbe | mipseb | mipsel | mipsle \ | 279 | | mips | mipsbe | mipseb | mipsel | mipsle \ |
265 | | mips16 \ | 280 | | mips16 \ |
266 | | mips64 | mips64el \ | 281 | | mips64 | mips64el \ |
@@ -286,22 +301,23 @@ case $basic_machine in | |||
286 | | nds32 | nds32le | nds32be \ | 301 | | nds32 | nds32le | nds32be \ |
287 | | nios | nios2 \ | 302 | | nios | nios2 \ |
288 | | ns16k | ns32k \ | 303 | | ns16k | ns32k \ |
304 | | open8 \ | ||
289 | | or32 \ | 305 | | or32 \ |
290 | | pdp10 | pdp11 | pj | pjl \ | 306 | | pdp10 | pdp11 | pj | pjl \ |
291 | | powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \ | 307 | | powerpc | powerpc64 | powerpc64le | powerpcle \ |
292 | | pyramid \ | 308 | | pyramid \ |
293 | | rx \ | 309 | | rl78 | rx \ |
294 | | score \ | 310 | | score \ |
295 | | sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \ | 311 | | sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \ |
296 | | sh64 | sh64le \ | 312 | | sh64 | sh64le \ |
297 | | sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \ | 313 | | sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \ |
298 | | sparcv8 | sparcv9 | sparcv9b | sparcv9v \ | 314 | | sparcv8 | sparcv9 | sparcv9b | sparcv9v \ |
299 | | spu | strongarm \ | 315 | | spu \ |
300 | | tahoe | thumb | tic4x | tic54x | tic55x | tic6x | tic80 | tron \ | 316 | | tahoe | tic4x | tic54x | tic55x | tic6x | tic80 | tron \ |
301 | | ubicom32 \ | 317 | | ubicom32 \ |
302 | | v850 | v850e \ | 318 | | v850 | v850e | v850e1 | v850e2 | v850es | v850e2v3 \ |
303 | | we32k \ | 319 | | we32k \ |
304 | | x86 | xc16x | xscale | xscalee[bl] | xstormy16 | xtensa \ | 320 | | x86 | xc16x | xstormy16 | xtensa \ |
305 | | z8k | z80) | 321 | | z8k | z80) |
306 | basic_machine=$basic_machine-unknown | 322 | basic_machine=$basic_machine-unknown |
307 | ;; | 323 | ;; |
@@ -314,8 +330,7 @@ case $basic_machine in | |||
314 | c6x) | 330 | c6x) |
315 | basic_machine=tic6x-unknown | 331 | basic_machine=tic6x-unknown |
316 | ;; | 332 | ;; |
317 | m6811 | m68hc11 | m6812 | m68hc12 | picochip) | 333 | m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x | picochip) |
318 | # Motorola 68HC11/12. | ||
319 | basic_machine=$basic_machine-unknown | 334 | basic_machine=$basic_machine-unknown |
320 | os=-none | 335 | os=-none |
321 | ;; | 336 | ;; |
@@ -325,6 +340,21 @@ case $basic_machine in | |||
325 | basic_machine=mt-unknown | 340 | basic_machine=mt-unknown |
326 | ;; | 341 | ;; |
327 | 342 | ||
343 | strongarm | thumb | xscale) | ||
344 | basic_machine=arm-unknown | ||
345 | ;; | ||
346 | xgate) | ||
347 | basic_machine=$basic_machine-unknown | ||
348 | os=-none | ||
349 | ;; | ||
350 | xscaleeb) | ||
351 | basic_machine=armeb-unknown | ||
352 | ;; | ||
353 | |||
354 | xscaleel) | ||
355 | basic_machine=armel-unknown | ||
356 | ;; | ||
357 | |||
328 | # We use `pc' rather than `unknown' | 358 | # We use `pc' rather than `unknown' |
329 | # because (1) that's what they normally are, and | 359 | # because (1) that's what they normally are, and |
330 | # (2) the word "unknown" tends to confuse beginning users. | 360 | # (2) the word "unknown" tends to confuse beginning users. |
@@ -339,11 +369,13 @@ case $basic_machine in | |||
339 | # Recognize the basic CPU types with company name. | 369 | # Recognize the basic CPU types with company name. |
340 | 580-* \ | 370 | 580-* \ |
341 | | a29k-* \ | 371 | | a29k-* \ |
372 | | aarch64-* | aarch64_be-* \ | ||
342 | | alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \ | 373 | | alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \ |
343 | | alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \ | 374 | | alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \ |
344 | | alphapca5[67]-* | alpha64pca5[67]-* | arc-* \ | 375 | | alphapca5[67]-* | alpha64pca5[67]-* | arc-* \ |
345 | | arm-* | armbe-* | armle-* | armeb-* | armv*-* \ | 376 | | arm-* | armbe-* | armle-* | armeb-* | armv*-* \ |
346 | | avr-* | avr32-* \ | 377 | | avr-* | avr32-* \ |
378 | | be32-* | be64-* \ | ||
347 | | bfin-* | bs2000-* \ | 379 | | bfin-* | bs2000-* \ |
348 | | c[123]* | c30-* | [cjt]90-* | c4x-* \ | 380 | | c[123]* | c30-* | [cjt]90-* | c4x-* \ |
349 | | clipper-* | craynv-* | cydra-* \ | 381 | | clipper-* | craynv-* | cydra-* \ |
@@ -352,12 +384,15 @@ case $basic_machine in | |||
352 | | f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \ | 384 | | f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \ |
353 | | h8300-* | h8500-* \ | 385 | | h8300-* | h8500-* \ |
354 | | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \ | 386 | | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \ |
387 | | hexagon-* \ | ||
355 | | i*86-* | i860-* | i960-* | ia64-* \ | 388 | | i*86-* | i860-* | i960-* | ia64-* \ |
356 | | ip2k-* | iq2000-* \ | 389 | | ip2k-* | iq2000-* \ |
390 | | le32-* | le64-* \ | ||
357 | | lm32-* \ | 391 | | lm32-* \ |
358 | | m32c-* | m32r-* | m32rle-* \ | 392 | | m32c-* | m32r-* | m32rle-* \ |
359 | | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \ | 393 | | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \ |
360 | | m88110-* | m88k-* | maxq-* | mcore-* | metag-* | microblaze-* \ | 394 | | m88110-* | m88k-* | maxq-* | mcore-* | metag-* \ |
395 | | microblaze-* | microblazeel-* \ | ||
361 | | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \ | 396 | | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \ |
362 | | mips16-* \ | 397 | | mips16-* \ |
363 | | mips64-* | mips64el-* \ | 398 | | mips64-* | mips64el-* \ |
@@ -382,24 +417,26 @@ case $basic_machine in | |||
382 | | nds32-* | nds32le-* | nds32be-* \ | 417 | | nds32-* | nds32le-* | nds32be-* \ |
383 | | nios-* | nios2-* \ | 418 | | nios-* | nios2-* \ |
384 | | none-* | np1-* | ns16k-* | ns32k-* \ | 419 | | none-* | np1-* | ns16k-* | ns32k-* \ |
420 | | open8-* \ | ||
385 | | orion-* \ | 421 | | orion-* \ |
386 | | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \ | 422 | | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \ |
387 | | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \ | 423 | | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* \ |
388 | | pyramid-* \ | 424 | | pyramid-* \ |
389 | | romp-* | rs6000-* | rx-* \ | 425 | | rl78-* | romp-* | rs6000-* | rx-* \ |
390 | | sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \ | 426 | | sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \ |
391 | | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \ | 427 | | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \ |
392 | | sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \ | 428 | | sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \ |
393 | | sparclite-* \ | 429 | | sparclite-* \ |
394 | | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | strongarm-* | sv1-* | sx?-* \ | 430 | | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | sv1-* | sx?-* \ |
395 | | tahoe-* | thumb-* \ | 431 | | tahoe-* \ |
396 | | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \ | 432 | | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \ |
397 | | tile-* | tilegx-* \ | 433 | | tile*-* \ |
398 | | tron-* \ | 434 | | tron-* \ |
399 | | ubicom32-* \ | 435 | | ubicom32-* \ |
400 | | v850-* | v850e-* | vax-* \ | 436 | | v850-* | v850e-* | v850e1-* | v850es-* | v850e2-* | v850e2v3-* \ |
437 | | vax-* \ | ||
401 | | we32k-* \ | 438 | | we32k-* \ |
402 | | x86-* | x86_64-* | xc16x-* | xps100-* | xscale-* | xscalee[bl]-* \ | 439 | | x86-* | x86_64-* | xc16x-* | xps100-* \ |
403 | | xstormy16-* | xtensa*-* \ | 440 | | xstormy16-* | xtensa*-* \ |
404 | | ymp-* \ | 441 | | ymp-* \ |
405 | | z8k-* | z80-*) | 442 | | z8k-* | z80-*) |
@@ -424,7 +461,7 @@ case $basic_machine in | |||
424 | basic_machine=a29k-amd | 461 | basic_machine=a29k-amd |
425 | os=-udi | 462 | os=-udi |
426 | ;; | 463 | ;; |
427 | abacus) | 464 | abacus) |
428 | basic_machine=abacus-unknown | 465 | basic_machine=abacus-unknown |
429 | ;; | 466 | ;; |
430 | adobe68k) | 467 | adobe68k) |
@@ -507,7 +544,7 @@ case $basic_machine in | |||
507 | basic_machine=c90-cray | 544 | basic_machine=c90-cray |
508 | os=-unicos | 545 | os=-unicos |
509 | ;; | 546 | ;; |
510 | cegcc) | 547 | cegcc) |
511 | basic_machine=arm-unknown | 548 | basic_machine=arm-unknown |
512 | os=-cegcc | 549 | os=-cegcc |
513 | ;; | 550 | ;; |
@@ -697,7 +734,6 @@ case $basic_machine in | |||
697 | i370-ibm* | ibm*) | 734 | i370-ibm* | ibm*) |
698 | basic_machine=i370-ibm | 735 | basic_machine=i370-ibm |
699 | ;; | 736 | ;; |
700 | # I'm not sure what "Sysv32" means. Should this be sysv3.2? | ||
701 | i*86v32) | 737 | i*86v32) |
702 | basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` | 738 | basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` |
703 | os=-sysv32 | 739 | os=-sysv32 |
@@ -755,9 +791,13 @@ case $basic_machine in | |||
755 | basic_machine=ns32k-utek | 791 | basic_machine=ns32k-utek |
756 | os=-sysv | 792 | os=-sysv |
757 | ;; | 793 | ;; |
758 | microblaze) | 794 | microblaze*) |
759 | basic_machine=microblaze-xilinx | 795 | basic_machine=microblaze-xilinx |
760 | ;; | 796 | ;; |
797 | mingw64) | ||
798 | basic_machine=x86_64-pc | ||
799 | os=-mingw64 | ||
800 | ;; | ||
761 | mingw32) | 801 | mingw32) |
762 | basic_machine=i386-pc | 802 | basic_machine=i386-pc |
763 | os=-mingw32 | 803 | os=-mingw32 |
@@ -794,10 +834,18 @@ case $basic_machine in | |||
794 | ms1-*) | 834 | ms1-*) |
795 | basic_machine=`echo $basic_machine | sed -e 's/ms1-/mt-/'` | 835 | basic_machine=`echo $basic_machine | sed -e 's/ms1-/mt-/'` |
796 | ;; | 836 | ;; |
837 | msys) | ||
838 | basic_machine=i386-pc | ||
839 | os=-msys | ||
840 | ;; | ||
797 | mvs) | 841 | mvs) |
798 | basic_machine=i370-ibm | 842 | basic_machine=i370-ibm |
799 | os=-mvs | 843 | os=-mvs |
800 | ;; | 844 | ;; |
845 | nacl) | ||
846 | basic_machine=le32-unknown | ||
847 | os=-nacl | ||
848 | ;; | ||
801 | ncr3000) | 849 | ncr3000) |
802 | basic_machine=i486-ncr | 850 | basic_machine=i486-ncr |
803 | os=-sysv4 | 851 | os=-sysv4 |
@@ -862,10 +910,10 @@ case $basic_machine in | |||
862 | np1) | 910 | np1) |
863 | basic_machine=np1-gould | 911 | basic_machine=np1-gould |
864 | ;; | 912 | ;; |
865 | neo-tandem) | 913 | neo-tandem) |
866 | basic_machine=neo-tandem | 914 | basic_machine=neo-tandem |
867 | ;; | 915 | ;; |
868 | nse-tandem) | 916 | nse-tandem) |
869 | basic_machine=nse-tandem | 917 | basic_machine=nse-tandem |
870 | ;; | 918 | ;; |
871 | nsr-tandem) | 919 | nsr-tandem) |
@@ -950,9 +998,10 @@ case $basic_machine in | |||
950 | ;; | 998 | ;; |
951 | power) basic_machine=power-ibm | 999 | power) basic_machine=power-ibm |
952 | ;; | 1000 | ;; |
953 | ppc) basic_machine=powerpc-unknown | 1001 | ppc | ppcbe) basic_machine=powerpc-unknown |
954 | ;; | 1002 | ;; |
955 | ppc-*) basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'` | 1003 | ppc-* | ppcbe-*) |
1004 | basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'` | ||
956 | ;; | 1005 | ;; |
957 | ppcle | powerpclittle | ppc-le | powerpc-little) | 1006 | ppcle | powerpclittle | ppc-le | powerpc-little) |
958 | basic_machine=powerpcle-unknown | 1007 | basic_machine=powerpcle-unknown |
@@ -977,7 +1026,11 @@ case $basic_machine in | |||
977 | basic_machine=i586-unknown | 1026 | basic_machine=i586-unknown |
978 | os=-pw32 | 1027 | os=-pw32 |
979 | ;; | 1028 | ;; |
980 | rdos) | 1029 | rdos | rdos64) |
1030 | basic_machine=x86_64-pc | ||
1031 | os=-rdos | ||
1032 | ;; | ||
1033 | rdos32) | ||
981 | basic_machine=i386-pc | 1034 | basic_machine=i386-pc |
982 | os=-rdos | 1035 | os=-rdos |
983 | ;; | 1036 | ;; |
@@ -1046,6 +1099,9 @@ case $basic_machine in | |||
1046 | basic_machine=i860-stratus | 1099 | basic_machine=i860-stratus |
1047 | os=-sysv4 | 1100 | os=-sysv4 |
1048 | ;; | 1101 | ;; |
1102 | strongarm-* | thumb-*) | ||
1103 | basic_machine=arm-`echo $basic_machine | sed 's/^[^-]*-//'` | ||
1104 | ;; | ||
1049 | sun2) | 1105 | sun2) |
1050 | basic_machine=m68000-sun | 1106 | basic_machine=m68000-sun |
1051 | ;; | 1107 | ;; |
@@ -1102,13 +1158,8 @@ case $basic_machine in | |||
1102 | basic_machine=t90-cray | 1158 | basic_machine=t90-cray |
1103 | os=-unicos | 1159 | os=-unicos |
1104 | ;; | 1160 | ;; |
1105 | # This must be matched before tile*. | ||
1106 | tilegx*) | ||
1107 | basic_machine=tilegx-unknown | ||
1108 | os=-linux-gnu | ||
1109 | ;; | ||
1110 | tile*) | 1161 | tile*) |
1111 | basic_machine=tile-unknown | 1162 | basic_machine=$basic_machine-unknown |
1112 | os=-linux-gnu | 1163 | os=-linux-gnu |
1113 | ;; | 1164 | ;; |
1114 | tx39) | 1165 | tx39) |
@@ -1178,6 +1229,9 @@ case $basic_machine in | |||
1178 | xps | xps100) | 1229 | xps | xps100) |
1179 | basic_machine=xps100-honeywell | 1230 | basic_machine=xps100-honeywell |
1180 | ;; | 1231 | ;; |
1232 | xscale-* | xscalee[bl]-*) | ||
1233 | basic_machine=`echo $basic_machine | sed 's/^xscale/arm/'` | ||
1234 | ;; | ||
1181 | ymp) | 1235 | ymp) |
1182 | basic_machine=ymp-cray | 1236 | basic_machine=ymp-cray |
1183 | os=-unicos | 1237 | os=-unicos |
@@ -1275,11 +1329,11 @@ esac | |||
1275 | if [ x"$os" != x"" ] | 1329 | if [ x"$os" != x"" ] |
1276 | then | 1330 | then |
1277 | case $os in | 1331 | case $os in |
1278 | # First match some system type aliases | 1332 | # First match some system type aliases |
1279 | # that might get confused with valid system types. | 1333 | # that might get confused with valid system types. |
1280 | # -solaris* is a basic system type, with this one exception. | 1334 | # -solaris* is a basic system type, with this one exception. |
1281 | -auroraux) | 1335 | -auroraux) |
1282 | os=-auroraux | 1336 | os=-auroraux |
1283 | ;; | 1337 | ;; |
1284 | -solaris1 | -solaris1.*) | 1338 | -solaris1 | -solaris1.*) |
1285 | os=`echo $os | sed -e 's|solaris1|sunos4|'` | 1339 | os=`echo $os | sed -e 's|solaris1|sunos4|'` |
@@ -1309,15 +1363,15 @@ case $os in | |||
1309 | | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ | 1363 | | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ |
1310 | | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \ | 1364 | | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \ |
1311 | | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \ | 1365 | | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \ |
1312 | | -openbsd* | -solidbsd* \ | 1366 | | -bitrig* | -openbsd* | -solidbsd* \ |
1313 | | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \ | 1367 | | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \ |
1314 | | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \ | 1368 | | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \ |
1315 | | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \ | 1369 | | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \ |
1316 | | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \ | 1370 | | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \ |
1317 | | -chorusos* | -chorusrdb* | -cegcc* \ | 1371 | | -chorusos* | -chorusrdb* | -cegcc* \ |
1318 | | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ | 1372 | | -cygwin* | -msys* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ |
1319 | | -mingw32* | -linux-gnu* | -linux-android* \ | 1373 | | -mingw32* | -mingw64* | -linux-gnu* | -linux-android* \ |
1320 | | -linux-newlib* | -linux-uclibc* \ | 1374 | | -linux-newlib* | -linux-musl* | -linux-uclibc* \ |
1321 | | -uxpv* | -beos* | -mpeix* | -udk* \ | 1375 | | -uxpv* | -beos* | -mpeix* | -udk* \ |
1322 | | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \ | 1376 | | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \ |
1323 | | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \ | 1377 | | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \ |
@@ -1364,7 +1418,7 @@ case $os in | |||
1364 | -opened*) | 1418 | -opened*) |
1365 | os=-openedition | 1419 | os=-openedition |
1366 | ;; | 1420 | ;; |
1367 | -os400*) | 1421 | -os400*) |
1368 | os=-os400 | 1422 | os=-os400 |
1369 | ;; | 1423 | ;; |
1370 | -wince*) | 1424 | -wince*) |
@@ -1413,7 +1467,7 @@ case $os in | |||
1413 | -sinix*) | 1467 | -sinix*) |
1414 | os=-sysv4 | 1468 | os=-sysv4 |
1415 | ;; | 1469 | ;; |
1416 | -tpf*) | 1470 | -tpf*) |
1417 | os=-tpf | 1471 | os=-tpf |
1418 | ;; | 1472 | ;; |
1419 | -triton*) | 1473 | -triton*) |
@@ -1458,8 +1512,8 @@ case $os in | |||
1458 | -dicos*) | 1512 | -dicos*) |
1459 | os=-dicos | 1513 | os=-dicos |
1460 | ;; | 1514 | ;; |
1461 | -nacl*) | 1515 | -nacl*) |
1462 | ;; | 1516 | ;; |
1463 | -none) | 1517 | -none) |
1464 | ;; | 1518 | ;; |
1465 | *) | 1519 | *) |
@@ -1482,10 +1536,10 @@ else | |||
1482 | # system, and we'll never get to this point. | 1536 | # system, and we'll never get to this point. |
1483 | 1537 | ||
1484 | case $basic_machine in | 1538 | case $basic_machine in |
1485 | score-*) | 1539 | score-*) |
1486 | os=-elf | 1540 | os=-elf |
1487 | ;; | 1541 | ;; |
1488 | spu-*) | 1542 | spu-*) |
1489 | os=-elf | 1543 | os=-elf |
1490 | ;; | 1544 | ;; |
1491 | *-acorn) | 1545 | *-acorn) |
@@ -1497,8 +1551,11 @@ case $basic_machine in | |||
1497 | arm*-semi) | 1551 | arm*-semi) |
1498 | os=-aout | 1552 | os=-aout |
1499 | ;; | 1553 | ;; |
1500 | c4x-* | tic4x-*) | 1554 | c4x-* | tic4x-*) |
1501 | os=-coff | 1555 | os=-coff |
1556 | ;; | ||
1557 | hexagon-*) | ||
1558 | os=-elf | ||
1502 | ;; | 1559 | ;; |
1503 | tic54x-*) | 1560 | tic54x-*) |
1504 | os=-coff | 1561 | os=-coff |
@@ -1527,14 +1584,11 @@ case $basic_machine in | |||
1527 | ;; | 1584 | ;; |
1528 | m68000-sun) | 1585 | m68000-sun) |
1529 | os=-sunos3 | 1586 | os=-sunos3 |
1530 | # This also exists in the configure program, but was not the | ||
1531 | # default. | ||
1532 | # os=-sunos4 | ||
1533 | ;; | 1587 | ;; |
1534 | m68*-cisco) | 1588 | m68*-cisco) |
1535 | os=-aout | 1589 | os=-aout |
1536 | ;; | 1590 | ;; |
1537 | mep-*) | 1591 | mep-*) |
1538 | os=-elf | 1592 | os=-elf |
1539 | ;; | 1593 | ;; |
1540 | mips*-cisco) | 1594 | mips*-cisco) |
@@ -1561,7 +1615,7 @@ case $basic_machine in | |||
1561 | *-ibm) | 1615 | *-ibm) |
1562 | os=-aix | 1616 | os=-aix |
1563 | ;; | 1617 | ;; |
1564 | *-knuth) | 1618 | *-knuth) |
1565 | os=-mmixware | 1619 | os=-mmixware |
1566 | ;; | 1620 | ;; |
1567 | *-wec) | 1621 | *-wec) |
@@ -1,5 +1,5 @@ | |||
1 | #! /bin/sh | 1 | #! /bin/sh |
2 | # From configure.ac Revision: 1.518 . | 2 | # From configure.ac Revision: 1.536 . |
3 | # Guess values for system-dependent variables and create Makefiles. | 3 | # Guess values for system-dependent variables and create Makefiles. |
4 | # Generated by GNU Autoconf 2.68 for OpenSSH Portable. | 4 | # Generated by GNU Autoconf 2.68 for OpenSSH Portable. |
5 | # | 5 | # |
@@ -605,6 +605,7 @@ ac_includes_default="\ | |||
605 | 605 | ||
606 | ac_subst_vars='LTLIBOBJS | 606 | ac_subst_vars='LTLIBOBJS |
607 | LIBOBJS | 607 | LIBOBJS |
608 | UNSUPPORTED_ALGORITHMS | ||
608 | TEST_SSH_IPV6 | 609 | TEST_SSH_IPV6 |
609 | piddir | 610 | piddir |
610 | user_path | 611 | user_path |
@@ -5605,6 +5606,68 @@ fi | |||
5605 | 5606 | ||
5606 | if test "$GCC" = "yes" || test "$GCC" = "egcs"; then | 5607 | if test "$GCC" = "yes" || test "$GCC" = "egcs"; then |
5607 | { | 5608 | { |
5609 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Qunused-arguments -Werror" >&5 | ||
5610 | $as_echo_n "checking if $CC supports -Qunused-arguments -Werror... " >&6; } | ||
5611 | saved_CFLAGS="$CFLAGS" | ||
5612 | CFLAGS="$CFLAGS -Qunused-arguments -Werror" | ||
5613 | _define_flag="-Qunused-arguments" | ||
5614 | test "x$_define_flag" = "x" && _define_flag="-Qunused-arguments -Werror" | ||
5615 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
5616 | /* end confdefs.h. */ | ||
5617 | int main(void) { return 0; } | ||
5618 | _ACEOF | ||
5619 | if ac_fn_c_try_compile "$LINENO"; then : | ||
5620 | |||
5621 | if `grep -i "unrecognized option" conftest.err >/dev/null` | ||
5622 | then | ||
5623 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
5624 | $as_echo "no" >&6; } | ||
5625 | CFLAGS="$saved_CFLAGS" | ||
5626 | else | ||
5627 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
5628 | $as_echo "yes" >&6; } | ||
5629 | CFLAGS="$saved_CFLAGS $_define_flag" | ||
5630 | fi | ||
5631 | else | ||
5632 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
5633 | $as_echo "no" >&6; } | ||
5634 | CFLAGS="$saved_CFLAGS" | ||
5635 | |||
5636 | fi | ||
5637 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
5638 | } | ||
5639 | { | ||
5640 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Wunknown-warning-option -Werror" >&5 | ||
5641 | $as_echo_n "checking if $CC supports -Wunknown-warning-option -Werror... " >&6; } | ||
5642 | saved_CFLAGS="$CFLAGS" | ||
5643 | CFLAGS="$CFLAGS -Wunknown-warning-option -Werror" | ||
5644 | _define_flag="-Wno-unknown-warning-option" | ||
5645 | test "x$_define_flag" = "x" && _define_flag="-Wunknown-warning-option -Werror" | ||
5646 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
5647 | /* end confdefs.h. */ | ||
5648 | int main(void) { return 0; } | ||
5649 | _ACEOF | ||
5650 | if ac_fn_c_try_compile "$LINENO"; then : | ||
5651 | |||
5652 | if `grep -i "unrecognized option" conftest.err >/dev/null` | ||
5653 | then | ||
5654 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
5655 | $as_echo "no" >&6; } | ||
5656 | CFLAGS="$saved_CFLAGS" | ||
5657 | else | ||
5658 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
5659 | $as_echo "yes" >&6; } | ||
5660 | CFLAGS="$saved_CFLAGS $_define_flag" | ||
5661 | fi | ||
5662 | else | ||
5663 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
5664 | $as_echo "no" >&6; } | ||
5665 | CFLAGS="$saved_CFLAGS" | ||
5666 | |||
5667 | fi | ||
5668 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
5669 | } | ||
5670 | { | ||
5608 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Wall" >&5 | 5671 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Wall" >&5 |
5609 | $as_echo_n "checking if $CC supports -Wall... " >&6; } | 5672 | $as_echo_n "checking if $CC supports -Wall... " >&6; } |
5610 | saved_CFLAGS="$CFLAGS" | 5673 | saved_CFLAGS="$CFLAGS" |
@@ -5616,9 +5679,17 @@ $as_echo_n "checking if $CC supports -Wall... " >&6; } | |||
5616 | int main(void) { return 0; } | 5679 | int main(void) { return 0; } |
5617 | _ACEOF | 5680 | _ACEOF |
5618 | if ac_fn_c_try_compile "$LINENO"; then : | 5681 | if ac_fn_c_try_compile "$LINENO"; then : |
5619 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | 5682 | |
5683 | if `grep -i "unrecognized option" conftest.err >/dev/null` | ||
5684 | then | ||
5685 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
5686 | $as_echo "no" >&6; } | ||
5687 | CFLAGS="$saved_CFLAGS" | ||
5688 | else | ||
5689 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
5620 | $as_echo "yes" >&6; } | 5690 | $as_echo "yes" >&6; } |
5621 | CFLAGS="$saved_CFLAGS $_define_flag" | 5691 | CFLAGS="$saved_CFLAGS $_define_flag" |
5692 | fi | ||
5622 | else | 5693 | else |
5623 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | 5694 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 |
5624 | $as_echo "no" >&6; } | 5695 | $as_echo "no" >&6; } |
@@ -5639,9 +5710,17 @@ $as_echo_n "checking if $CC supports -Wpointer-arith... " >&6; } | |||
5639 | int main(void) { return 0; } | 5710 | int main(void) { return 0; } |
5640 | _ACEOF | 5711 | _ACEOF |
5641 | if ac_fn_c_try_compile "$LINENO"; then : | 5712 | if ac_fn_c_try_compile "$LINENO"; then : |
5642 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | 5713 | |
5714 | if `grep -i "unrecognized option" conftest.err >/dev/null` | ||
5715 | then | ||
5716 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
5717 | $as_echo "no" >&6; } | ||
5718 | CFLAGS="$saved_CFLAGS" | ||
5719 | else | ||
5720 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
5643 | $as_echo "yes" >&6; } | 5721 | $as_echo "yes" >&6; } |
5644 | CFLAGS="$saved_CFLAGS $_define_flag" | 5722 | CFLAGS="$saved_CFLAGS $_define_flag" |
5723 | fi | ||
5645 | else | 5724 | else |
5646 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | 5725 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 |
5647 | $as_echo "no" >&6; } | 5726 | $as_echo "no" >&6; } |
@@ -5662,9 +5741,17 @@ $as_echo_n "checking if $CC supports -Wuninitialized... " >&6; } | |||
5662 | int main(void) { return 0; } | 5741 | int main(void) { return 0; } |
5663 | _ACEOF | 5742 | _ACEOF |
5664 | if ac_fn_c_try_compile "$LINENO"; then : | 5743 | if ac_fn_c_try_compile "$LINENO"; then : |
5665 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | 5744 | |
5745 | if `grep -i "unrecognized option" conftest.err >/dev/null` | ||
5746 | then | ||
5747 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
5748 | $as_echo "no" >&6; } | ||
5749 | CFLAGS="$saved_CFLAGS" | ||
5750 | else | ||
5751 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
5666 | $as_echo "yes" >&6; } | 5752 | $as_echo "yes" >&6; } |
5667 | CFLAGS="$saved_CFLAGS $_define_flag" | 5753 | CFLAGS="$saved_CFLAGS $_define_flag" |
5754 | fi | ||
5668 | else | 5755 | else |
5669 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | 5756 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 |
5670 | $as_echo "no" >&6; } | 5757 | $as_echo "no" >&6; } |
@@ -5685,9 +5772,17 @@ $as_echo_n "checking if $CC supports -Wsign-compare... " >&6; } | |||
5685 | int main(void) { return 0; } | 5772 | int main(void) { return 0; } |
5686 | _ACEOF | 5773 | _ACEOF |
5687 | if ac_fn_c_try_compile "$LINENO"; then : | 5774 | if ac_fn_c_try_compile "$LINENO"; then : |
5688 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | 5775 | |
5776 | if `grep -i "unrecognized option" conftest.err >/dev/null` | ||
5777 | then | ||
5778 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
5779 | $as_echo "no" >&6; } | ||
5780 | CFLAGS="$saved_CFLAGS" | ||
5781 | else | ||
5782 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
5689 | $as_echo "yes" >&6; } | 5783 | $as_echo "yes" >&6; } |
5690 | CFLAGS="$saved_CFLAGS $_define_flag" | 5784 | CFLAGS="$saved_CFLAGS $_define_flag" |
5785 | fi | ||
5691 | else | 5786 | else |
5692 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | 5787 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 |
5693 | $as_echo "no" >&6; } | 5788 | $as_echo "no" >&6; } |
@@ -5708,9 +5803,48 @@ $as_echo_n "checking if $CC supports -Wformat-security... " >&6; } | |||
5708 | int main(void) { return 0; } | 5803 | int main(void) { return 0; } |
5709 | _ACEOF | 5804 | _ACEOF |
5710 | if ac_fn_c_try_compile "$LINENO"; then : | 5805 | if ac_fn_c_try_compile "$LINENO"; then : |
5711 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | 5806 | |
5807 | if `grep -i "unrecognized option" conftest.err >/dev/null` | ||
5808 | then | ||
5809 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
5810 | $as_echo "no" >&6; } | ||
5811 | CFLAGS="$saved_CFLAGS" | ||
5812 | else | ||
5813 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
5814 | $as_echo "yes" >&6; } | ||
5815 | CFLAGS="$saved_CFLAGS $_define_flag" | ||
5816 | fi | ||
5817 | else | ||
5818 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
5819 | $as_echo "no" >&6; } | ||
5820 | CFLAGS="$saved_CFLAGS" | ||
5821 | |||
5822 | fi | ||
5823 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
5824 | } | ||
5825 | { | ||
5826 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Wsizeof-pointer-memaccess" >&5 | ||
5827 | $as_echo_n "checking if $CC supports -Wsizeof-pointer-memaccess... " >&6; } | ||
5828 | saved_CFLAGS="$CFLAGS" | ||
5829 | CFLAGS="$CFLAGS -Wsizeof-pointer-memaccess" | ||
5830 | _define_flag="" | ||
5831 | test "x$_define_flag" = "x" && _define_flag="-Wsizeof-pointer-memaccess" | ||
5832 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
5833 | /* end confdefs.h. */ | ||
5834 | int main(void) { return 0; } | ||
5835 | _ACEOF | ||
5836 | if ac_fn_c_try_compile "$LINENO"; then : | ||
5837 | |||
5838 | if `grep -i "unrecognized option" conftest.err >/dev/null` | ||
5839 | then | ||
5840 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
5841 | $as_echo "no" >&6; } | ||
5842 | CFLAGS="$saved_CFLAGS" | ||
5843 | else | ||
5844 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
5712 | $as_echo "yes" >&6; } | 5845 | $as_echo "yes" >&6; } |
5713 | CFLAGS="$saved_CFLAGS $_define_flag" | 5846 | CFLAGS="$saved_CFLAGS $_define_flag" |
5847 | fi | ||
5714 | else | 5848 | else |
5715 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | 5849 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 |
5716 | $as_echo "no" >&6; } | 5850 | $as_echo "no" >&6; } |
@@ -5731,9 +5865,17 @@ $as_echo_n "checking if $CC supports -Wpointer-sign... " >&6; } | |||
5731 | int main(void) { return 0; } | 5865 | int main(void) { return 0; } |
5732 | _ACEOF | 5866 | _ACEOF |
5733 | if ac_fn_c_try_compile "$LINENO"; then : | 5867 | if ac_fn_c_try_compile "$LINENO"; then : |
5734 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | 5868 | |
5869 | if `grep -i "unrecognized option" conftest.err >/dev/null` | ||
5870 | then | ||
5871 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
5872 | $as_echo "no" >&6; } | ||
5873 | CFLAGS="$saved_CFLAGS" | ||
5874 | else | ||
5875 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
5735 | $as_echo "yes" >&6; } | 5876 | $as_echo "yes" >&6; } |
5736 | CFLAGS="$saved_CFLAGS $_define_flag" | 5877 | CFLAGS="$saved_CFLAGS $_define_flag" |
5878 | fi | ||
5737 | else | 5879 | else |
5738 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | 5880 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 |
5739 | $as_echo "no" >&6; } | 5881 | $as_echo "no" >&6; } |
@@ -5754,9 +5896,17 @@ $as_echo_n "checking if $CC supports -Wunused-result... " >&6; } | |||
5754 | int main(void) { return 0; } | 5896 | int main(void) { return 0; } |
5755 | _ACEOF | 5897 | _ACEOF |
5756 | if ac_fn_c_try_compile "$LINENO"; then : | 5898 | if ac_fn_c_try_compile "$LINENO"; then : |
5757 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | 5899 | |
5900 | if `grep -i "unrecognized option" conftest.err >/dev/null` | ||
5901 | then | ||
5902 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
5903 | $as_echo "no" >&6; } | ||
5904 | CFLAGS="$saved_CFLAGS" | ||
5905 | else | ||
5906 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
5758 | $as_echo "yes" >&6; } | 5907 | $as_echo "yes" >&6; } |
5759 | CFLAGS="$saved_CFLAGS $_define_flag" | 5908 | CFLAGS="$saved_CFLAGS $_define_flag" |
5909 | fi | ||
5760 | else | 5910 | else |
5761 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | 5911 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 |
5762 | $as_echo "no" >&6; } | 5912 | $as_echo "no" >&6; } |
@@ -5777,9 +5927,17 @@ $as_echo_n "checking if $CC supports -fno-strict-aliasing... " >&6; } | |||
5777 | int main(void) { return 0; } | 5927 | int main(void) { return 0; } |
5778 | _ACEOF | 5928 | _ACEOF |
5779 | if ac_fn_c_try_compile "$LINENO"; then : | 5929 | if ac_fn_c_try_compile "$LINENO"; then : |
5780 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | 5930 | |
5931 | if `grep -i "unrecognized option" conftest.err >/dev/null` | ||
5932 | then | ||
5933 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
5934 | $as_echo "no" >&6; } | ||
5935 | CFLAGS="$saved_CFLAGS" | ||
5936 | else | ||
5937 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
5781 | $as_echo "yes" >&6; } | 5938 | $as_echo "yes" >&6; } |
5782 | CFLAGS="$saved_CFLAGS $_define_flag" | 5939 | CFLAGS="$saved_CFLAGS $_define_flag" |
5940 | fi | ||
5783 | else | 5941 | else |
5784 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | 5942 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 |
5785 | $as_echo "no" >&6; } | 5943 | $as_echo "no" >&6; } |
@@ -5800,9 +5958,17 @@ $as_echo_n "checking if $CC supports -D_FORTIFY_SOURCE=2... " >&6; } | |||
5800 | int main(void) { return 0; } | 5958 | int main(void) { return 0; } |
5801 | _ACEOF | 5959 | _ACEOF |
5802 | if ac_fn_c_try_compile "$LINENO"; then : | 5960 | if ac_fn_c_try_compile "$LINENO"; then : |
5803 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | 5961 | |
5962 | if `grep -i "unrecognized option" conftest.err >/dev/null` | ||
5963 | then | ||
5964 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | ||
5965 | $as_echo "no" >&6; } | ||
5966 | CFLAGS="$saved_CFLAGS" | ||
5967 | else | ||
5968 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | ||
5804 | $as_echo "yes" >&6; } | 5969 | $as_echo "yes" >&6; } |
5805 | CFLAGS="$saved_CFLAGS $_define_flag" | 5970 | CFLAGS="$saved_CFLAGS $_define_flag" |
5971 | fi | ||
5806 | else | 5972 | else |
5807 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | 5973 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 |
5808 | $as_echo "no" >&6; } | 5974 | $as_echo "no" >&6; } |
@@ -6074,6 +6240,7 @@ for ac_header in \ | |||
6074 | ia.h \ | 6240 | ia.h \ |
6075 | iaf.h \ | 6241 | iaf.h \ |
6076 | limits.h \ | 6242 | limits.h \ |
6243 | locale.h \ | ||
6077 | login.h \ | 6244 | login.h \ |
6078 | maillock.h \ | 6245 | maillock.h \ |
6079 | ndir.h \ | 6246 | ndir.h \ |
@@ -6112,7 +6279,6 @@ for ac_header in \ | |||
6112 | sys/sysmacros.h \ | 6279 | sys/sysmacros.h \ |
6113 | sys/time.h \ | 6280 | sys/time.h \ |
6114 | sys/timers.h \ | 6281 | sys/timers.h \ |
6115 | sys/un.h \ | ||
6116 | time.h \ | 6282 | time.h \ |
6117 | tmpdir.h \ | 6283 | tmpdir.h \ |
6118 | ttyent.h \ | 6284 | ttyent.h \ |
@@ -6210,6 +6376,24 @@ fi | |||
6210 | done | 6376 | done |
6211 | 6377 | ||
6212 | 6378 | ||
6379 | # Android requires sys/socket.h to be included before sys/un.h | ||
6380 | for ac_header in sys/un.h | ||
6381 | do : | ||
6382 | ac_fn_c_check_header_compile "$LINENO" "sys/un.h" "ac_cv_header_sys_un_h" " | ||
6383 | #include <sys/types.h> | ||
6384 | #include <sys/socket.h> | ||
6385 | |||
6386 | " | ||
6387 | if test "x$ac_cv_header_sys_un_h" = xyes; then : | ||
6388 | cat >>confdefs.h <<_ACEOF | ||
6389 | #define HAVE_SYS_UN_H 1 | ||
6390 | _ACEOF | ||
6391 | |||
6392 | fi | ||
6393 | |||
6394 | done | ||
6395 | |||
6396 | |||
6213 | # Messages for features tested for in target-specific section | 6397 | # Messages for features tested for in target-specific section |
6214 | SIA_MSG="no" | 6398 | SIA_MSG="no" |
6215 | SPC_MSG="no" | 6399 | SPC_MSG="no" |
@@ -6496,6 +6680,14 @@ $as_echo "#define PTY_ZEROREAD 1" >>confdefs.h | |||
6496 | $as_echo "#define PLATFORM_SYS_DIR_UID 2" >>confdefs.h | 6680 | $as_echo "#define PLATFORM_SYS_DIR_UID 2" >>confdefs.h |
6497 | 6681 | ||
6498 | ;; | 6682 | ;; |
6683 | *-*-android*) | ||
6684 | |||
6685 | $as_echo "#define DISABLE_UTMP 1" >>confdefs.h | ||
6686 | |||
6687 | |||
6688 | $as_echo "#define DISABLE_WTMP 1" >>confdefs.h | ||
6689 | |||
6690 | ;; | ||
6499 | *-*-cygwin*) | 6691 | *-*-cygwin*) |
6500 | check_for_libcrypt_later=1 | 6692 | check_for_libcrypt_later=1 |
6501 | LIBS="$LIBS /usr/lib/textreadmode.o" | 6693 | LIBS="$LIBS /usr/lib/textreadmode.o" |
@@ -7257,6 +7449,7 @@ fi | |||
7257 | 7449 | ||
7258 | fi | 7450 | fi |
7259 | 7451 | ||
7452 | TEST_SHELL=$SHELL # let configure find us a capable shell | ||
7260 | ;; | 7453 | ;; |
7261 | *-*-sunos4*) | 7454 | *-*-sunos4*) |
7262 | CPPFLAGS="$CPPFLAGS -DSUNOS4" | 7455 | CPPFLAGS="$CPPFLAGS -DSUNOS4" |
@@ -7413,6 +7606,7 @@ $as_echo "#define PASSWD_NEEDS_USERNAME 1" >>confdefs.h | |||
7413 | 7606 | ||
7414 | $as_echo "#define LOCKED_PASSWD_STRING \"*LK*\"" >>confdefs.h | 7607 | $as_echo "#define LOCKED_PASSWD_STRING \"*LK*\"" >>confdefs.h |
7415 | 7608 | ||
7609 | TEST_SHELL=$SHELL # let configure find us a capable shell | ||
7416 | ;; | 7610 | ;; |
7417 | # UnixWare 7.x, OpenUNIX 8 | 7611 | # UnixWare 7.x, OpenUNIX 8 |
7418 | *-*-sysv5*) | 7612 | *-*-sysv5*) |
@@ -7432,10 +7626,10 @@ $as_echo "#define UNIXWARE_LONG_PASSWORDS 1" >>confdefs.h | |||
7432 | 7626 | ||
7433 | $as_echo "#define PASSWD_NEEDS_USERNAME 1" >>confdefs.h | 7627 | $as_echo "#define PASSWD_NEEDS_USERNAME 1" >>confdefs.h |
7434 | 7628 | ||
7629 | TEST_SHELL=$SHELL # let configure find us a capable shell | ||
7435 | case "$host" in | 7630 | case "$host" in |
7436 | *-*-sysv5SCO_SV*) # SCO OpenServer 6.x | 7631 | *-*-sysv5SCO_SV*) # SCO OpenServer 6.x |
7437 | maildir=/var/spool/mail | 7632 | maildir=/var/spool/mail |
7438 | TEST_SHELL=/u95/bin/sh | ||
7439 | 7633 | ||
7440 | $as_echo "#define BROKEN_LIBIAF 1" >>confdefs.h | 7634 | $as_echo "#define BROKEN_LIBIAF 1" >>confdefs.h |
7441 | 7635 | ||
@@ -7553,7 +7747,7 @@ fi | |||
7553 | done | 7747 | done |
7554 | 7748 | ||
7555 | MANTYPE=man | 7749 | MANTYPE=man |
7556 | TEST_SHELL=ksh | 7750 | TEST_SHELL=$SHELL # let configure find us a capable shell |
7557 | SKIP_DISABLE_LASTLOG_DEFINE=yes | 7751 | SKIP_DISABLE_LASTLOG_DEFINE=yes |
7558 | ;; | 7752 | ;; |
7559 | *-*-unicosmk*) | 7753 | *-*-unicosmk*) |
@@ -7664,15 +7858,6 @@ $as_echo "#define BROKEN_READV_COMPARISON 1" >>confdefs.h | |||
7664 | 7858 | ||
7665 | $as_echo "#define NO_X11_UNIX_SOCKETS 1" >>confdefs.h | 7859 | $as_echo "#define NO_X11_UNIX_SOCKETS 1" >>confdefs.h |
7666 | 7860 | ||
7667 | |||
7668 | $as_echo "#define MISSING_NFDBITS 1" >>confdefs.h | ||
7669 | |||
7670 | |||
7671 | $as_echo "#define MISSING_HOWMANY 1" >>confdefs.h | ||
7672 | |||
7673 | |||
7674 | $as_echo "#define MISSING_FD_MASK 1" >>confdefs.h | ||
7675 | |||
7676 | $as_echo "#define DISABLE_LASTLOG 1" >>confdefs.h | 7861 | $as_echo "#define DISABLE_LASTLOG 1" >>confdefs.h |
7677 | 7862 | ||
7678 | $as_echo "#define SSHD_ACQUIRES_CTTY 1" >>confdefs.h | 7863 | $as_echo "#define SSHD_ACQUIRES_CTTY 1" >>confdefs.h |
@@ -7705,8 +7890,6 @@ $as_echo "#define HAVE_SYS_SYSLOG_H 1" >>confdefs.h | |||
7705 | 7890 | ||
7706 | *-*-lynxos) | 7891 | *-*-lynxos) |
7707 | CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__" | 7892 | CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__" |
7708 | $as_echo "#define MISSING_HOWMANY 1" >>confdefs.h | ||
7709 | |||
7710 | 7893 | ||
7711 | $as_echo "#define BROKEN_SETVBUF 1" >>confdefs.h | 7894 | $as_echo "#define BROKEN_SETVBUF 1" >>confdefs.h |
7712 | 7895 | ||
@@ -8231,6 +8414,7 @@ else | |||
8231 | /* end confdefs.h. */ | 8414 | /* end confdefs.h. */ |
8232 | 8415 | ||
8233 | #include <stdio.h> | 8416 | #include <stdio.h> |
8417 | #include <stdlib.h> | ||
8234 | #include <zlib.h> | 8418 | #include <zlib.h> |
8235 | 8419 | ||
8236 | int | 8420 | int |
@@ -8455,6 +8639,62 @@ if test "$ac_res" != no; then : | |||
8455 | 8639 | ||
8456 | fi | 8640 | fi |
8457 | 8641 | ||
8642 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing scan_scaled" >&5 | ||
8643 | $as_echo_n "checking for library containing scan_scaled... " >&6; } | ||
8644 | if ${ac_cv_search_scan_scaled+:} false; then : | ||
8645 | $as_echo_n "(cached) " >&6 | ||
8646 | else | ||
8647 | ac_func_search_save_LIBS=$LIBS | ||
8648 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
8649 | /* end confdefs.h. */ | ||
8650 | |||
8651 | /* Override any GCC internal prototype to avoid an error. | ||
8652 | Use char because int might match the return type of a GCC | ||
8653 | builtin and then its argument prototype would still apply. */ | ||
8654 | #ifdef __cplusplus | ||
8655 | extern "C" | ||
8656 | #endif | ||
8657 | char scan_scaled (); | ||
8658 | int | ||
8659 | main () | ||
8660 | { | ||
8661 | return scan_scaled (); | ||
8662 | ; | ||
8663 | return 0; | ||
8664 | } | ||
8665 | _ACEOF | ||
8666 | for ac_lib in '' util bsd; do | ||
8667 | if test -z "$ac_lib"; then | ||
8668 | ac_res="none required" | ||
8669 | else | ||
8670 | ac_res=-l$ac_lib | ||
8671 | LIBS="-l$ac_lib $ac_func_search_save_LIBS" | ||
8672 | fi | ||
8673 | if ac_fn_c_try_link "$LINENO"; then : | ||
8674 | ac_cv_search_scan_scaled=$ac_res | ||
8675 | fi | ||
8676 | rm -f core conftest.err conftest.$ac_objext \ | ||
8677 | conftest$ac_exeext | ||
8678 | if ${ac_cv_search_scan_scaled+:} false; then : | ||
8679 | break | ||
8680 | fi | ||
8681 | done | ||
8682 | if ${ac_cv_search_scan_scaled+:} false; then : | ||
8683 | |||
8684 | else | ||
8685 | ac_cv_search_scan_scaled=no | ||
8686 | fi | ||
8687 | rm conftest.$ac_ext | ||
8688 | LIBS=$ac_func_search_save_LIBS | ||
8689 | fi | ||
8690 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_scan_scaled" >&5 | ||
8691 | $as_echo "$ac_cv_search_scan_scaled" >&6; } | ||
8692 | ac_res=$ac_cv_search_scan_scaled | ||
8693 | if test "$ac_res" != no; then : | ||
8694 | test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" | ||
8695 | |||
8696 | fi | ||
8697 | |||
8458 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing login" >&5 | 8698 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing login" >&5 |
8459 | $as_echo_n "checking for library containing login... " >&6; } | 8699 | $as_echo_n "checking for library containing login... " >&6; } |
8460 | if ${ac_cv_search_login+:} false; then : | 8700 | if ${ac_cv_search_login+:} false; then : |
@@ -8735,7 +8975,7 @@ if test "$ac_res" != no; then : | |||
8735 | 8975 | ||
8736 | fi | 8976 | fi |
8737 | 8977 | ||
8738 | for ac_func in fmt_scaled login logout openpty updwtmp logwtmp | 8978 | for ac_func in fmt_scaled scan_scaled login logout openpty updwtmp logwtmp |
8739 | do : | 8979 | do : |
8740 | as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` | 8980 | as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` |
8741 | ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" | 8981 | ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" |
@@ -9570,6 +9810,7 @@ for ac_func in \ | |||
9570 | clock \ | 9810 | clock \ |
9571 | closefrom \ | 9811 | closefrom \ |
9572 | dirfd \ | 9812 | dirfd \ |
9813 | endgrent \ | ||
9573 | fchmod \ | 9814 | fchmod \ |
9574 | fchown \ | 9815 | fchown \ |
9575 | freeaddrinfo \ | 9816 | freeaddrinfo \ |
@@ -9594,6 +9835,7 @@ for ac_func in \ | |||
9594 | inet_ntop \ | 9835 | inet_ntop \ |
9595 | innetgr \ | 9836 | innetgr \ |
9596 | login_getcapbool \ | 9837 | login_getcapbool \ |
9838 | mblen \ | ||
9597 | md5_crypt \ | 9839 | md5_crypt \ |
9598 | memmove \ | 9840 | memmove \ |
9599 | mkdtemp \ | 9841 | mkdtemp \ |
@@ -9852,6 +10094,65 @@ $as_echo "#define HAVE_NANOSLEEP 1" >>confdefs.h | |||
9852 | fi | 10094 | fi |
9853 | 10095 | ||
9854 | 10096 | ||
10097 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing clock_gettime" >&5 | ||
10098 | $as_echo_n "checking for library containing clock_gettime... " >&6; } | ||
10099 | if ${ac_cv_search_clock_gettime+:} false; then : | ||
10100 | $as_echo_n "(cached) " >&6 | ||
10101 | else | ||
10102 | ac_func_search_save_LIBS=$LIBS | ||
10103 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
10104 | /* end confdefs.h. */ | ||
10105 | |||
10106 | /* Override any GCC internal prototype to avoid an error. | ||
10107 | Use char because int might match the return type of a GCC | ||
10108 | builtin and then its argument prototype would still apply. */ | ||
10109 | #ifdef __cplusplus | ||
10110 | extern "C" | ||
10111 | #endif | ||
10112 | char clock_gettime (); | ||
10113 | int | ||
10114 | main () | ||
10115 | { | ||
10116 | return clock_gettime (); | ||
10117 | ; | ||
10118 | return 0; | ||
10119 | } | ||
10120 | _ACEOF | ||
10121 | for ac_lib in '' rt; do | ||
10122 | if test -z "$ac_lib"; then | ||
10123 | ac_res="none required" | ||
10124 | else | ||
10125 | ac_res=-l$ac_lib | ||
10126 | LIBS="-l$ac_lib $ac_func_search_save_LIBS" | ||
10127 | fi | ||
10128 | if ac_fn_c_try_link "$LINENO"; then : | ||
10129 | ac_cv_search_clock_gettime=$ac_res | ||
10130 | fi | ||
10131 | rm -f core conftest.err conftest.$ac_objext \ | ||
10132 | conftest$ac_exeext | ||
10133 | if ${ac_cv_search_clock_gettime+:} false; then : | ||
10134 | break | ||
10135 | fi | ||
10136 | done | ||
10137 | if ${ac_cv_search_clock_gettime+:} false; then : | ||
10138 | |||
10139 | else | ||
10140 | ac_cv_search_clock_gettime=no | ||
10141 | fi | ||
10142 | rm conftest.$ac_ext | ||
10143 | LIBS=$ac_func_search_save_LIBS | ||
10144 | fi | ||
10145 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_clock_gettime" >&5 | ||
10146 | $as_echo "$ac_cv_search_clock_gettime" >&6; } | ||
10147 | ac_res=$ac_cv_search_clock_gettime | ||
10148 | if test "$ac_res" != no; then : | ||
10149 | test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" | ||
10150 | |||
10151 | $as_echo "#define HAVE_CLOCK_GETTIME 1" >>confdefs.h | ||
10152 | |||
10153 | fi | ||
10154 | |||
10155 | |||
9855 | ac_fn_c_check_decl "$LINENO" "getrusage" "ac_cv_have_decl_getrusage" "$ac_includes_default" | 10156 | ac_fn_c_check_decl "$LINENO" "getrusage" "ac_cv_have_decl_getrusage" "$ac_includes_default" |
9856 | if test "x$ac_cv_have_decl_getrusage" = xyes; then : | 10157 | if test "x$ac_cv_have_decl_getrusage" = xyes; then : |
9857 | for ac_func in getrusage | 10158 | for ac_func in getrusage |
@@ -10006,6 +10307,84 @@ cat >>confdefs.h <<_ACEOF | |||
10006 | _ACEOF | 10307 | _ACEOF |
10007 | 10308 | ||
10008 | 10309 | ||
10310 | # extra bits for select(2) | ||
10311 | ac_fn_c_check_decl "$LINENO" "howmany" "ac_cv_have_decl_howmany" " | ||
10312 | #include <sys/param.h> | ||
10313 | #include <sys/types.h> | ||
10314 | #ifdef HAVE_SYS_SYSMACROS_H | ||
10315 | #include <sys/sysmacros.h> | ||
10316 | #endif | ||
10317 | #ifdef HAVE_SYS_SELECT_H | ||
10318 | #include <sys/select.h> | ||
10319 | #endif | ||
10320 | #ifdef HAVE_SYS_TIME_H | ||
10321 | #include <sys/time.h> | ||
10322 | #endif | ||
10323 | #ifdef HAVE_UNISTD_H | ||
10324 | #include <unistd.h> | ||
10325 | #endif | ||
10326 | |||
10327 | " | ||
10328 | if test "x$ac_cv_have_decl_howmany" = xyes; then : | ||
10329 | ac_have_decl=1 | ||
10330 | else | ||
10331 | ac_have_decl=0 | ||
10332 | fi | ||
10333 | |||
10334 | cat >>confdefs.h <<_ACEOF | ||
10335 | #define HAVE_DECL_HOWMANY $ac_have_decl | ||
10336 | _ACEOF | ||
10337 | ac_fn_c_check_decl "$LINENO" "NFDBITS" "ac_cv_have_decl_NFDBITS" " | ||
10338 | #include <sys/param.h> | ||
10339 | #include <sys/types.h> | ||
10340 | #ifdef HAVE_SYS_SYSMACROS_H | ||
10341 | #include <sys/sysmacros.h> | ||
10342 | #endif | ||
10343 | #ifdef HAVE_SYS_SELECT_H | ||
10344 | #include <sys/select.h> | ||
10345 | #endif | ||
10346 | #ifdef HAVE_SYS_TIME_H | ||
10347 | #include <sys/time.h> | ||
10348 | #endif | ||
10349 | #ifdef HAVE_UNISTD_H | ||
10350 | #include <unistd.h> | ||
10351 | #endif | ||
10352 | |||
10353 | " | ||
10354 | if test "x$ac_cv_have_decl_NFDBITS" = xyes; then : | ||
10355 | ac_have_decl=1 | ||
10356 | else | ||
10357 | ac_have_decl=0 | ||
10358 | fi | ||
10359 | |||
10360 | cat >>confdefs.h <<_ACEOF | ||
10361 | #define HAVE_DECL_NFDBITS $ac_have_decl | ||
10362 | _ACEOF | ||
10363 | |||
10364 | ac_fn_c_check_type "$LINENO" "fd_mask" "ac_cv_type_fd_mask" " | ||
10365 | #include <sys/param.h> | ||
10366 | #include <sys/types.h> | ||
10367 | #ifdef HAVE_SYS_SELECT_H | ||
10368 | #include <sys/select.h> | ||
10369 | #endif | ||
10370 | #ifdef HAVE_SYS_TIME_H | ||
10371 | #include <sys/time.h> | ||
10372 | #endif | ||
10373 | #ifdef HAVE_UNISTD_H | ||
10374 | #include <unistd.h> | ||
10375 | #endif | ||
10376 | |||
10377 | " | ||
10378 | if test "x$ac_cv_type_fd_mask" = xyes; then : | ||
10379 | |||
10380 | cat >>confdefs.h <<_ACEOF | ||
10381 | #define HAVE_FD_MASK 1 | ||
10382 | _ACEOF | ||
10383 | |||
10384 | |||
10385 | fi | ||
10386 | |||
10387 | |||
10009 | for ac_func in setresuid | 10388 | for ac_func in setresuid |
10010 | do : | 10389 | do : |
10011 | ac_fn_c_check_func "$LINENO" "setresuid" "ac_cv_func_setresuid" | 10390 | ac_fn_c_check_func "$LINENO" "setresuid" "ac_cv_func_setresuid" |
@@ -11336,6 +11715,8 @@ else | |||
11336 | 11715 | ||
11337 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 | 11716 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 |
11338 | $as_echo "no" >&6; } | 11717 | $as_echo "no" >&6; } |
11718 | unsupported_algorithms="$unsupported_cipers \ | ||
11719 | aes128-gcm@openssh.com aes256-gcm@openssh.com" | ||
11339 | 11720 | ||
11340 | 11721 | ||
11341 | fi | 11722 | fi |
@@ -11532,6 +11913,18 @@ if test "x$ac_cv_lib_crypt_crypt" = xyes; then : | |||
11532 | fi | 11913 | fi |
11533 | 11914 | ||
11534 | fi | 11915 | fi |
11916 | for ac_func in crypt DES_crypt | ||
11917 | do : | ||
11918 | as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` | ||
11919 | ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" | ||
11920 | if eval test \"x\$"$as_ac_var"\" = x"yes"; then : | ||
11921 | cat >>confdefs.h <<_ACEOF | ||
11922 | #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 | ||
11923 | _ACEOF | ||
11924 | |||
11925 | fi | ||
11926 | done | ||
11927 | |||
11535 | 11928 | ||
11536 | # Search for SHA256 support in libc and/or OpenSSL | 11929 | # Search for SHA256 support in libc and/or OpenSSL |
11537 | for ac_func in SHA256_Update EVP_sha256 | 11930 | for ac_func in SHA256_Update EVP_sha256 |
@@ -11545,6 +11938,12 @@ _ACEOF | |||
11545 | TEST_SSH_SHA256=yes | 11938 | TEST_SSH_SHA256=yes |
11546 | else | 11939 | else |
11547 | TEST_SSH_SHA256=no | 11940 | TEST_SSH_SHA256=no |
11941 | unsupported_algorithms="$unsupported_algorithms \ | ||
11942 | hmac-sha2-256 hmac-sha2-512 \ | ||
11943 | diffie-hellman-group-exchange-sha256 \ | ||
11944 | hmac-sha2-256-etm@openssh.com hmac-sha2-512-etm@openssh.com" | ||
11945 | |||
11946 | |||
11548 | fi | 11947 | fi |
11549 | done | 11948 | done |
11550 | 11949 | ||
@@ -11593,6 +11992,12 @@ else | |||
11593 | $as_echo "no" >&6; } | 11992 | $as_echo "no" >&6; } |
11594 | TEST_SSH_ECC=no | 11993 | TEST_SSH_ECC=no |
11595 | COMMENT_OUT_ECC="#no ecc#" | 11994 | COMMENT_OUT_ECC="#no ecc#" |
11995 | unsupported_algorithms="$unsupported_algorithms \ | ||
11996 | ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521 \ | ||
11997 | ecdsa-sha2-nistp256-cert-v01@openssh.com \ | ||
11998 | ecdsa-sha2-nistp384-cert-v01@openssh.com \ | ||
11999 | ecdsa-sha2-nistp521-cert-v01@openssh.com \ | ||
12000 | ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521" | ||
11596 | 12001 | ||
11597 | 12002 | ||
11598 | fi | 12003 | fi |
@@ -14345,6 +14750,60 @@ _ACEOF | |||
14345 | 14750 | ||
14346 | fi | 14751 | fi |
14347 | 14752 | ||
14753 | ac_fn_c_check_member "$LINENO" "struct passwd" "pw_gecos" "ac_cv_member_struct_passwd_pw_gecos" " | ||
14754 | #include <sys/types.h> | ||
14755 | #include <pwd.h> | ||
14756 | |||
14757 | " | ||
14758 | if test "x$ac_cv_member_struct_passwd_pw_gecos" = xyes; then : | ||
14759 | |||
14760 | cat >>confdefs.h <<_ACEOF | ||
14761 | #define HAVE_STRUCT_PASSWD_PW_GECOS 1 | ||
14762 | _ACEOF | ||
14763 | |||
14764 | |||
14765 | fi | ||
14766 | ac_fn_c_check_member "$LINENO" "struct passwd" "pw_class" "ac_cv_member_struct_passwd_pw_class" " | ||
14767 | #include <sys/types.h> | ||
14768 | #include <pwd.h> | ||
14769 | |||
14770 | " | ||
14771 | if test "x$ac_cv_member_struct_passwd_pw_class" = xyes; then : | ||
14772 | |||
14773 | cat >>confdefs.h <<_ACEOF | ||
14774 | #define HAVE_STRUCT_PASSWD_PW_CLASS 1 | ||
14775 | _ACEOF | ||
14776 | |||
14777 | |||
14778 | fi | ||
14779 | ac_fn_c_check_member "$LINENO" "struct passwd" "pw_change" "ac_cv_member_struct_passwd_pw_change" " | ||
14780 | #include <sys/types.h> | ||
14781 | #include <pwd.h> | ||
14782 | |||
14783 | " | ||
14784 | if test "x$ac_cv_member_struct_passwd_pw_change" = xyes; then : | ||
14785 | |||
14786 | cat >>confdefs.h <<_ACEOF | ||
14787 | #define HAVE_STRUCT_PASSWD_PW_CHANGE 1 | ||
14788 | _ACEOF | ||
14789 | |||
14790 | |||
14791 | fi | ||
14792 | ac_fn_c_check_member "$LINENO" "struct passwd" "pw_expire" "ac_cv_member_struct_passwd_pw_expire" " | ||
14793 | #include <sys/types.h> | ||
14794 | #include <pwd.h> | ||
14795 | |||
14796 | " | ||
14797 | if test "x$ac_cv_member_struct_passwd_pw_expire" = xyes; then : | ||
14798 | |||
14799 | cat >>confdefs.h <<_ACEOF | ||
14800 | #define HAVE_STRUCT_PASSWD_PW_EXPIRE 1 | ||
14801 | _ACEOF | ||
14802 | |||
14803 | |||
14804 | fi | ||
14805 | |||
14806 | |||
14348 | ac_fn_c_check_member "$LINENO" "struct __res_state" "retrans" "ac_cv_member_struct___res_state_retrans" " | 14807 | ac_fn_c_check_member "$LINENO" "struct __res_state" "retrans" "ac_cv_member_struct___res_state_retrans" " |
14349 | #include <stdio.h> | 14808 | #include <stdio.h> |
14350 | #if HAVE_SYS_TYPES_H | 14809 | #if HAVE_SYS_TYPES_H |
@@ -14437,108 +14896,6 @@ $as_echo "#define HAVE___SS_FAMILY_IN_SS 1" >>confdefs.h | |||
14437 | 14896 | ||
14438 | fi | 14897 | fi |
14439 | 14898 | ||
14440 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for pw_class field in struct passwd" >&5 | ||
14441 | $as_echo_n "checking for pw_class field in struct passwd... " >&6; } | ||
14442 | if ${ac_cv_have_pw_class_in_struct_passwd+:} false; then : | ||
14443 | $as_echo_n "(cached) " >&6 | ||
14444 | else | ||
14445 | |||
14446 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
14447 | /* end confdefs.h. */ | ||
14448 | #include <pwd.h> | ||
14449 | int | ||
14450 | main () | ||
14451 | { | ||
14452 | struct passwd p; p.pw_class = 0; | ||
14453 | ; | ||
14454 | return 0; | ||
14455 | } | ||
14456 | _ACEOF | ||
14457 | if ac_fn_c_try_compile "$LINENO"; then : | ||
14458 | ac_cv_have_pw_class_in_struct_passwd="yes" | ||
14459 | else | ||
14460 | ac_cv_have_pw_class_in_struct_passwd="no" | ||
14461 | |||
14462 | fi | ||
14463 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
14464 | |||
14465 | fi | ||
14466 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_pw_class_in_struct_passwd" >&5 | ||
14467 | $as_echo "$ac_cv_have_pw_class_in_struct_passwd" >&6; } | ||
14468 | if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then | ||
14469 | |||
14470 | $as_echo "#define HAVE_PW_CLASS_IN_PASSWD 1" >>confdefs.h | ||
14471 | |||
14472 | fi | ||
14473 | |||
14474 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for pw_expire field in struct passwd" >&5 | ||
14475 | $as_echo_n "checking for pw_expire field in struct passwd... " >&6; } | ||
14476 | if ${ac_cv_have_pw_expire_in_struct_passwd+:} false; then : | ||
14477 | $as_echo_n "(cached) " >&6 | ||
14478 | else | ||
14479 | |||
14480 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
14481 | /* end confdefs.h. */ | ||
14482 | #include <pwd.h> | ||
14483 | int | ||
14484 | main () | ||
14485 | { | ||
14486 | struct passwd p; p.pw_expire = 0; | ||
14487 | ; | ||
14488 | return 0; | ||
14489 | } | ||
14490 | _ACEOF | ||
14491 | if ac_fn_c_try_compile "$LINENO"; then : | ||
14492 | ac_cv_have_pw_expire_in_struct_passwd="yes" | ||
14493 | else | ||
14494 | ac_cv_have_pw_expire_in_struct_passwd="no" | ||
14495 | |||
14496 | fi | ||
14497 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
14498 | |||
14499 | fi | ||
14500 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_pw_expire_in_struct_passwd" >&5 | ||
14501 | $as_echo "$ac_cv_have_pw_expire_in_struct_passwd" >&6; } | ||
14502 | if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then | ||
14503 | |||
14504 | $as_echo "#define HAVE_PW_EXPIRE_IN_PASSWD 1" >>confdefs.h | ||
14505 | |||
14506 | fi | ||
14507 | |||
14508 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for pw_change field in struct passwd" >&5 | ||
14509 | $as_echo_n "checking for pw_change field in struct passwd... " >&6; } | ||
14510 | if ${ac_cv_have_pw_change_in_struct_passwd+:} false; then : | ||
14511 | $as_echo_n "(cached) " >&6 | ||
14512 | else | ||
14513 | |||
14514 | cat confdefs.h - <<_ACEOF >conftest.$ac_ext | ||
14515 | /* end confdefs.h. */ | ||
14516 | #include <pwd.h> | ||
14517 | int | ||
14518 | main () | ||
14519 | { | ||
14520 | struct passwd p; p.pw_change = 0; | ||
14521 | ; | ||
14522 | return 0; | ||
14523 | } | ||
14524 | _ACEOF | ||
14525 | if ac_fn_c_try_compile "$LINENO"; then : | ||
14526 | ac_cv_have_pw_change_in_struct_passwd="yes" | ||
14527 | else | ||
14528 | ac_cv_have_pw_change_in_struct_passwd="no" | ||
14529 | |||
14530 | fi | ||
14531 | rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext | ||
14532 | |||
14533 | fi | ||
14534 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_have_pw_change_in_struct_passwd" >&5 | ||
14535 | $as_echo "$ac_cv_have_pw_change_in_struct_passwd" >&6; } | ||
14536 | if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then | ||
14537 | |||
14538 | $as_echo "#define HAVE_PW_CHANGE_IN_PASSWD 1" >>confdefs.h | ||
14539 | |||
14540 | fi | ||
14541 | |||
14542 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for msg_accrights field in struct msghdr" >&5 | 14899 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for msg_accrights field in struct msghdr" >&5 |
14543 | $as_echo_n "checking for msg_accrights field in struct msghdr... " >&6; } | 14900 | $as_echo_n "checking for msg_accrights field in struct msghdr... " >&6; } |
14544 | if ${ac_cv_have_accrights_in_msghdr+:} false; then : | 14901 | if ${ac_cv_have_accrights_in_msghdr+:} false; then : |
@@ -15996,6 +16353,22 @@ cat >>confdefs.h <<_ACEOF | |||
15996 | #define HAVE_DECL_GSS_C_NT_HOSTBASED_SERVICE $ac_have_decl | 16353 | #define HAVE_DECL_GSS_C_NT_HOSTBASED_SERVICE $ac_have_decl |
15997 | _ACEOF | 16354 | _ACEOF |
15998 | 16355 | ||
16356 | saved_LIBS="$LIBS" | ||
16357 | LIBS="$LIBS $K5LIBS" | ||
16358 | for ac_func in krb5_cc_new_unique krb5_get_error_message krb5_free_error_message | ||
16359 | do : | ||
16360 | as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` | ||
16361 | ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" | ||
16362 | if eval test \"x\$"$as_ac_var"\" = x"yes"; then : | ||
16363 | cat >>confdefs.h <<_ACEOF | ||
16364 | #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 | ||
16365 | _ACEOF | ||
16366 | |||
16367 | fi | ||
16368 | done | ||
16369 | |||
16370 | LIBS="$saved_LIBS" | ||
16371 | |||
15999 | fi | 16372 | fi |
16000 | 16373 | ||
16001 | 16374 | ||
@@ -17307,6 +17680,8 @@ fi | |||
17307 | 17680 | ||
17308 | TEST_SSH_IPV6=$TEST_SSH_IPV6 | 17681 | TEST_SSH_IPV6=$TEST_SSH_IPV6 |
17309 | 17682 | ||
17683 | UNSUPPORTED_ALGORITHMS=$unsupported_algorithms | ||
17684 | |||
17310 | 17685 | ||
17311 | 17686 | ||
17312 | ac_config_files="$ac_config_files Makefile buildpkg.sh opensshd.init openssh.xml openbsd-compat/Makefile openbsd-compat/regress/Makefile survey.sh" | 17687 | ac_config_files="$ac_config_files Makefile buildpkg.sh opensshd.init openssh.xml openbsd-compat/Makefile openbsd-compat/regress/Makefile survey.sh" |
diff --git a/configure.ac b/configure.ac index 198a2056e..d7d500a33 100644 --- a/configure.ac +++ b/configure.ac | |||
@@ -1,4 +1,4 @@ | |||
1 | # $Id: configure.ac,v 1.518 2013/03/20 01:55:15 djm Exp $ | 1 | # $Id: configure.ac,v 1.536 2013/08/04 11:48:41 dtucker Exp $ |
2 | # | 2 | # |
3 | # Copyright (c) 1999-2004 Damien Miller | 3 | # Copyright (c) 1999-2004 Damien Miller |
4 | # | 4 | # |
@@ -15,7 +15,7 @@ | |||
15 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | 15 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
16 | 16 | ||
17 | AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) | 17 | AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) |
18 | AC_REVISION($Revision: 1.518 $) | 18 | AC_REVISION($Revision: 1.536 $) |
19 | AC_CONFIG_SRCDIR([ssh.c]) | 19 | AC_CONFIG_SRCDIR([ssh.c]) |
20 | AC_LANG([C]) | 20 | AC_LANG([C]) |
21 | 21 | ||
@@ -129,11 +129,16 @@ AC_ARG_WITH([stackprotect], | |||
129 | 129 | ||
130 | 130 | ||
131 | if test "$GCC" = "yes" || test "$GCC" = "egcs"; then | 131 | if test "$GCC" = "yes" || test "$GCC" = "egcs"; then |
132 | OSSH_CHECK_CFLAG_COMPILE([-Qunused-arguments -Werror], | ||
133 | [-Qunused-arguments]) | ||
134 | OSSH_CHECK_CFLAG_COMPILE([-Wunknown-warning-option -Werror], | ||
135 | [-Wno-unknown-warning-option]) | ||
132 | OSSH_CHECK_CFLAG_COMPILE([-Wall]) | 136 | OSSH_CHECK_CFLAG_COMPILE([-Wall]) |
133 | OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith]) | 137 | OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith]) |
134 | OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized]) | 138 | OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized]) |
135 | OSSH_CHECK_CFLAG_COMPILE([-Wsign-compare]) | 139 | OSSH_CHECK_CFLAG_COMPILE([-Wsign-compare]) |
136 | OSSH_CHECK_CFLAG_COMPILE([-Wformat-security]) | 140 | OSSH_CHECK_CFLAG_COMPILE([-Wformat-security]) |
141 | OSSH_CHECK_CFLAG_COMPILE([-Wsizeof-pointer-memaccess]) | ||
137 | OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign]) | 142 | OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign]) |
138 | OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result]) | 143 | OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result]) |
139 | OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing]) | 144 | OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing]) |
@@ -305,6 +310,7 @@ AC_CHECK_HEADERS([ \ | |||
305 | ia.h \ | 310 | ia.h \ |
306 | iaf.h \ | 311 | iaf.h \ |
307 | limits.h \ | 312 | limits.h \ |
313 | locale.h \ | ||
308 | login.h \ | 314 | login.h \ |
309 | maillock.h \ | 315 | maillock.h \ |
310 | ndir.h \ | 316 | ndir.h \ |
@@ -343,7 +349,6 @@ AC_CHECK_HEADERS([ \ | |||
343 | sys/sysmacros.h \ | 349 | sys/sysmacros.h \ |
344 | sys/time.h \ | 350 | sys/time.h \ |
345 | sys/timers.h \ | 351 | sys/timers.h \ |
346 | sys/un.h \ | ||
347 | time.h \ | 352 | time.h \ |
348 | tmpdir.h \ | 353 | tmpdir.h \ |
349 | ttyent.h \ | 354 | ttyent.h \ |
@@ -381,6 +386,12 @@ AC_CHECK_HEADERS([sys/mount.h], [], [], [ | |||
381 | #include <sys/param.h> | 386 | #include <sys/param.h> |
382 | ]) | 387 | ]) |
383 | 388 | ||
389 | # Android requires sys/socket.h to be included before sys/un.h | ||
390 | AC_CHECK_HEADERS([sys/un.h], [], [], [ | ||
391 | #include <sys/types.h> | ||
392 | #include <sys/socket.h> | ||
393 | ]) | ||
394 | |||
384 | # Messages for features tested for in target-specific section | 395 | # Messages for features tested for in target-specific section |
385 | SIA_MSG="no" | 396 | SIA_MSG="no" |
386 | SPC_MSG="no" | 397 | SPC_MSG="no" |
@@ -482,6 +493,10 @@ case "$host" in | |||
482 | AC_DEFINE([PTY_ZEROREAD], [1], [read(1) can return 0 for a non-closed fd]) | 493 | AC_DEFINE([PTY_ZEROREAD], [1], [read(1) can return 0 for a non-closed fd]) |
483 | AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) | 494 | AC_DEFINE([PLATFORM_SYS_DIR_UID], 2, [System dirs owned by bin (uid 2)]) |
484 | ;; | 495 | ;; |
496 | *-*-android*) | ||
497 | AC_DEFINE([DISABLE_UTMP], [1], [Define if you don't want to use utmp]) | ||
498 | AC_DEFINE([DISABLE_WTMP], [1], [Define if you don't want to use wtmp]) | ||
499 | ;; | ||
485 | *-*-cygwin*) | 500 | *-*-cygwin*) |
486 | check_for_libcrypt_later=1 | 501 | check_for_libcrypt_later=1 |
487 | LIBS="$LIBS /usr/lib/textreadmode.o" | 502 | LIBS="$LIBS /usr/lib/textreadmode.o" |
@@ -823,6 +838,7 @@ mips-sony-bsd|mips-sony-newsos4) | |||
823 | SP_MSG="yes" ], ) | 838 | SP_MSG="yes" ], ) |
824 | ], | 839 | ], |
825 | ) | 840 | ) |
841 | TEST_SHELL=$SHELL # let configure find us a capable shell | ||
826 | ;; | 842 | ;; |
827 | *-*-sunos4*) | 843 | *-*-sunos4*) |
828 | CPPFLAGS="$CPPFLAGS -DSUNOS4" | 844 | CPPFLAGS="$CPPFLAGS -DSUNOS4" |
@@ -866,6 +882,7 @@ mips-sony-bsd|mips-sony-newsos4) | |||
866 | AC_DEFINE([BROKEN_SETREGID]) | 882 | AC_DEFINE([BROKEN_SETREGID]) |
867 | AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd]) | 883 | AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd]) |
868 | AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) | 884 | AC_DEFINE([LOCKED_PASSWD_STRING], ["*LK*"]) |
885 | TEST_SHELL=$SHELL # let configure find us a capable shell | ||
869 | ;; | 886 | ;; |
870 | # UnixWare 7.x, OpenUNIX 8 | 887 | # UnixWare 7.x, OpenUNIX 8 |
871 | *-*-sysv5*) | 888 | *-*-sysv5*) |
@@ -877,10 +894,10 @@ mips-sony-bsd|mips-sony-newsos4) | |||
877 | AC_DEFINE([BROKEN_SETREUID]) | 894 | AC_DEFINE([BROKEN_SETREUID]) |
878 | AC_DEFINE([BROKEN_SETREGID]) | 895 | AC_DEFINE([BROKEN_SETREGID]) |
879 | AC_DEFINE([PASSWD_NEEDS_USERNAME]) | 896 | AC_DEFINE([PASSWD_NEEDS_USERNAME]) |
897 | TEST_SHELL=$SHELL # let configure find us a capable shell | ||
880 | case "$host" in | 898 | case "$host" in |
881 | *-*-sysv5SCO_SV*) # SCO OpenServer 6.x | 899 | *-*-sysv5SCO_SV*) # SCO OpenServer 6.x |
882 | maildir=/var/spool/mail | 900 | maildir=/var/spool/mail |
883 | TEST_SHELL=/u95/bin/sh | ||
884 | AC_DEFINE([BROKEN_LIBIAF], [1], | 901 | AC_DEFINE([BROKEN_LIBIAF], [1], |
885 | [ia_uinfo routines not supported by OS yet]) | 902 | [ia_uinfo routines not supported by OS yet]) |
886 | AC_DEFINE([BROKEN_UPDWTMPX]) | 903 | AC_DEFINE([BROKEN_UPDWTMPX]) |
@@ -921,7 +938,7 @@ mips-sony-bsd|mips-sony-newsos4) | |||
921 | AC_DEFINE([PASSWD_NEEDS_USERNAME]) | 938 | AC_DEFINE([PASSWD_NEEDS_USERNAME]) |
922 | AC_CHECK_FUNCS([getluid setluid]) | 939 | AC_CHECK_FUNCS([getluid setluid]) |
923 | MANTYPE=man | 940 | MANTYPE=man |
924 | TEST_SHELL=ksh | 941 | TEST_SHELL=$SHELL # let configure find us a capable shell |
925 | SKIP_DISABLE_LASTLOG_DEFINE=yes | 942 | SKIP_DISABLE_LASTLOG_DEFINE=yes |
926 | ;; | 943 | ;; |
927 | *-*-unicosmk*) | 944 | *-*-unicosmk*) |
@@ -998,9 +1015,6 @@ mips-sony-bsd|mips-sony-newsos4) | |||
998 | *-*-nto-qnx*) | 1015 | *-*-nto-qnx*) |
999 | AC_DEFINE([USE_PIPES]) | 1016 | AC_DEFINE([USE_PIPES]) |
1000 | AC_DEFINE([NO_X11_UNIX_SOCKETS]) | 1017 | AC_DEFINE([NO_X11_UNIX_SOCKETS]) |
1001 | AC_DEFINE([MISSING_NFDBITS], [1], [Define on *nto-qnx systems]) | ||
1002 | AC_DEFINE([MISSING_HOWMANY], [1], [Define on *nto-qnx systems]) | ||
1003 | AC_DEFINE([MISSING_FD_MASK], [1], [Define on *nto-qnx systems]) | ||
1004 | AC_DEFINE([DISABLE_LASTLOG]) | 1018 | AC_DEFINE([DISABLE_LASTLOG]) |
1005 | AC_DEFINE([SSHD_ACQUIRES_CTTY]) | 1019 | AC_DEFINE([SSHD_ACQUIRES_CTTY]) |
1006 | AC_DEFINE([BROKEN_SHADOW_EXPIRE], [1], [QNX shadow support is broken]) | 1020 | AC_DEFINE([BROKEN_SHADOW_EXPIRE], [1], [QNX shadow support is broken]) |
@@ -1021,7 +1035,6 @@ mips-sony-bsd|mips-sony-newsos4) | |||
1021 | 1035 | ||
1022 | *-*-lynxos) | 1036 | *-*-lynxos) |
1023 | CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__" | 1037 | CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__" |
1024 | AC_DEFINE([MISSING_HOWMANY]) | ||
1025 | AC_DEFINE([BROKEN_SETVBUF], [1], [LynxOS has broken setvbuf() implementation]) | 1038 | AC_DEFINE([BROKEN_SETVBUF], [1], [LynxOS has broken setvbuf() implementation]) |
1026 | ;; | 1039 | ;; |
1027 | esac | 1040 | esac |
@@ -1144,6 +1157,7 @@ AC_ARG_WITH([zlib-version-check], | |||
1144 | AC_MSG_CHECKING([for possibly buggy zlib]) | 1157 | AC_MSG_CHECKING([for possibly buggy zlib]) |
1145 | AC_RUN_IFELSE([AC_LANG_PROGRAM([[ | 1158 | AC_RUN_IFELSE([AC_LANG_PROGRAM([[ |
1146 | #include <stdio.h> | 1159 | #include <stdio.h> |
1160 | #include <stdlib.h> | ||
1147 | #include <zlib.h> | 1161 | #include <zlib.h> |
1148 | ]], | 1162 | ]], |
1149 | [[ | 1163 | [[ |
@@ -1193,12 +1207,13 @@ AC_CHECK_FUNCS([utimes], | |||
1193 | dnl Checks for libutil functions | 1207 | dnl Checks for libutil functions |
1194 | AC_CHECK_HEADERS([bsd/libutil.h libutil.h]) | 1208 | AC_CHECK_HEADERS([bsd/libutil.h libutil.h]) |
1195 | AC_SEARCH_LIBS([fmt_scaled], [util bsd]) | 1209 | AC_SEARCH_LIBS([fmt_scaled], [util bsd]) |
1210 | AC_SEARCH_LIBS([scan_scaled], [util bsd]) | ||
1196 | AC_SEARCH_LIBS([login], [util bsd]) | 1211 | AC_SEARCH_LIBS([login], [util bsd]) |
1197 | AC_SEARCH_LIBS([logout], [util bsd]) | 1212 | AC_SEARCH_LIBS([logout], [util bsd]) |
1198 | AC_SEARCH_LIBS([logwtmp], [util bsd]) | 1213 | AC_SEARCH_LIBS([logwtmp], [util bsd]) |
1199 | AC_SEARCH_LIBS([openpty], [util bsd]) | 1214 | AC_SEARCH_LIBS([openpty], [util bsd]) |
1200 | AC_SEARCH_LIBS([updwtmp], [util bsd]) | 1215 | AC_SEARCH_LIBS([updwtmp], [util bsd]) |
1201 | AC_CHECK_FUNCS([fmt_scaled login logout openpty updwtmp logwtmp]) | 1216 | AC_CHECK_FUNCS([fmt_scaled scan_scaled login logout openpty updwtmp logwtmp]) |
1202 | 1217 | ||
1203 | AC_FUNC_STRFTIME | 1218 | AC_FUNC_STRFTIME |
1204 | 1219 | ||
@@ -1548,6 +1563,7 @@ AC_CHECK_FUNCS([ \ | |||
1548 | clock \ | 1563 | clock \ |
1549 | closefrom \ | 1564 | closefrom \ |
1550 | dirfd \ | 1565 | dirfd \ |
1566 | endgrent \ | ||
1551 | fchmod \ | 1567 | fchmod \ |
1552 | fchown \ | 1568 | fchown \ |
1553 | freeaddrinfo \ | 1569 | freeaddrinfo \ |
@@ -1572,6 +1588,7 @@ AC_CHECK_FUNCS([ \ | |||
1572 | inet_ntop \ | 1588 | inet_ntop \ |
1573 | innetgr \ | 1589 | innetgr \ |
1574 | login_getcapbool \ | 1590 | login_getcapbool \ |
1591 | mblen \ | ||
1575 | md5_crypt \ | 1592 | md5_crypt \ |
1576 | memmove \ | 1593 | memmove \ |
1577 | mkdtemp \ | 1594 | mkdtemp \ |
@@ -1668,6 +1685,9 @@ const char *gai_strerror(int); | |||
1668 | AC_SEARCH_LIBS([nanosleep], [rt posix4], [AC_DEFINE([HAVE_NANOSLEEP], [1], | 1685 | AC_SEARCH_LIBS([nanosleep], [rt posix4], [AC_DEFINE([HAVE_NANOSLEEP], [1], |
1669 | [Some systems put nanosleep outside of libc])]) | 1686 | [Some systems put nanosleep outside of libc])]) |
1670 | 1687 | ||
1688 | AC_SEARCH_LIBS([clock_gettime], [rt], | ||
1689 | [AC_DEFINE([HAVE_CLOCK_GETTIME], [1], [Have clock_gettime])]) | ||
1690 | |||
1671 | dnl Make sure prototypes are defined for these before using them. | 1691 | dnl Make sure prototypes are defined for these before using them. |
1672 | AC_CHECK_DECL([getrusage], [AC_CHECK_FUNCS([getrusage])]) | 1692 | AC_CHECK_DECL([getrusage], [AC_CHECK_FUNCS([getrusage])]) |
1673 | AC_CHECK_DECL([strsep], | 1693 | AC_CHECK_DECL([strsep], |
@@ -1719,6 +1739,37 @@ AC_CHECK_DECLS([offsetof], , , [ | |||
1719 | #include <stddef.h> | 1739 | #include <stddef.h> |
1720 | ]) | 1740 | ]) |
1721 | 1741 | ||
1742 | # extra bits for select(2) | ||
1743 | AC_CHECK_DECLS([howmany, NFDBITS], [], [], [[ | ||
1744 | #include <sys/param.h> | ||
1745 | #include <sys/types.h> | ||
1746 | #ifdef HAVE_SYS_SYSMACROS_H | ||
1747 | #include <sys/sysmacros.h> | ||
1748 | #endif | ||
1749 | #ifdef HAVE_SYS_SELECT_H | ||
1750 | #include <sys/select.h> | ||
1751 | #endif | ||
1752 | #ifdef HAVE_SYS_TIME_H | ||
1753 | #include <sys/time.h> | ||
1754 | #endif | ||
1755 | #ifdef HAVE_UNISTD_H | ||
1756 | #include <unistd.h> | ||
1757 | #endif | ||
1758 | ]]) | ||
1759 | AC_CHECK_TYPES([fd_mask], [], [], [[ | ||
1760 | #include <sys/param.h> | ||
1761 | #include <sys/types.h> | ||
1762 | #ifdef HAVE_SYS_SELECT_H | ||
1763 | #include <sys/select.h> | ||
1764 | #endif | ||
1765 | #ifdef HAVE_SYS_TIME_H | ||
1766 | #include <sys/time.h> | ||
1767 | #endif | ||
1768 | #ifdef HAVE_UNISTD_H | ||
1769 | #include <unistd.h> | ||
1770 | #endif | ||
1771 | ]]) | ||
1772 | |||
1722 | AC_CHECK_FUNCS([setresuid], [ | 1773 | AC_CHECK_FUNCS([setresuid], [ |
1723 | dnl Some platorms have setresuid that isn't implemented, test for this | 1774 | dnl Some platorms have setresuid that isn't implemented, test for this |
1724 | AC_MSG_CHECKING([if setresuid seems to work]) | 1775 | AC_MSG_CHECKING([if setresuid seems to work]) |
@@ -2367,6 +2418,8 @@ AC_LINK_IFELSE( | |||
2367 | ], | 2418 | ], |
2368 | [ | 2419 | [ |
2369 | AC_MSG_RESULT([no]) | 2420 | AC_MSG_RESULT([no]) |
2421 | unsupported_algorithms="$unsupported_cipers \ | ||
2422 | aes128-gcm@openssh.com aes256-gcm@openssh.com" | ||
2370 | ] | 2423 | ] |
2371 | ) | 2424 | ) |
2372 | 2425 | ||
@@ -2404,10 +2457,18 @@ fi | |||
2404 | if test "x$check_for_libcrypt_later" = "x1"; then | 2457 | if test "x$check_for_libcrypt_later" = "x1"; then |
2405 | AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"]) | 2458 | AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"]) |
2406 | fi | 2459 | fi |
2460 | AC_CHECK_FUNCS([crypt DES_crypt]) | ||
2407 | 2461 | ||
2408 | # Search for SHA256 support in libc and/or OpenSSL | 2462 | # Search for SHA256 support in libc and/or OpenSSL |
2409 | AC_CHECK_FUNCS([SHA256_Update EVP_sha256], [TEST_SSH_SHA256=yes], | 2463 | AC_CHECK_FUNCS([SHA256_Update EVP_sha256], |
2410 | [TEST_SSH_SHA256=no]) | 2464 | [TEST_SSH_SHA256=yes], |
2465 | [TEST_SSH_SHA256=no | ||
2466 | unsupported_algorithms="$unsupported_algorithms \ | ||
2467 | hmac-sha2-256 hmac-sha2-512 \ | ||
2468 | diffie-hellman-group-exchange-sha256 \ | ||
2469 | hmac-sha2-256-etm@openssh.com hmac-sha2-512-etm@openssh.com" | ||
2470 | ] | ||
2471 | ) | ||
2411 | AC_SUBST([TEST_SSH_SHA256]) | 2472 | AC_SUBST([TEST_SSH_SHA256]) |
2412 | 2473 | ||
2413 | # Check complete ECC support in OpenSSL | 2474 | # Check complete ECC support in OpenSSL |
@@ -2438,6 +2499,12 @@ AC_LINK_IFELSE( | |||
2438 | AC_MSG_RESULT([no]) | 2499 | AC_MSG_RESULT([no]) |
2439 | TEST_SSH_ECC=no | 2500 | TEST_SSH_ECC=no |
2440 | COMMENT_OUT_ECC="#no ecc#" | 2501 | COMMENT_OUT_ECC="#no ecc#" |
2502 | unsupported_algorithms="$unsupported_algorithms \ | ||
2503 | ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521 \ | ||
2504 | ecdsa-sha2-nistp256-cert-v01@openssh.com \ | ||
2505 | ecdsa-sha2-nistp384-cert-v01@openssh.com \ | ||
2506 | ecdsa-sha2-nistp521-cert-v01@openssh.com \ | ||
2507 | ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521" | ||
2441 | ] | 2508 | ] |
2442 | ) | 2509 | ) |
2443 | AC_SUBST([TEST_SSH_ECC]) | 2510 | AC_SUBST([TEST_SSH_ECC]) |
@@ -3325,9 +3392,16 @@ OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmpx.h], [HAVE_TIME_IN_UTMPX]) | |||
3325 | OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmpx.h], [HAVE_TV_IN_UTMPX]) | 3392 | OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmpx.h], [HAVE_TV_IN_UTMPX]) |
3326 | 3393 | ||
3327 | AC_CHECK_MEMBERS([struct stat.st_blksize]) | 3394 | AC_CHECK_MEMBERS([struct stat.st_blksize]) |
3395 | AC_CHECK_MEMBERS([struct passwd.pw_gecos, struct passwd.pw_class, | ||
3396 | struct passwd.pw_change, struct passwd.pw_expire], | ||
3397 | [], [], [[ | ||
3398 | #include <sys/types.h> | ||
3399 | #include <pwd.h> | ||
3400 | ]]) | ||
3401 | |||
3328 | AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE([__res_state], [state], | 3402 | AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE([__res_state], [state], |
3329 | [Define if we don't have struct __res_state in resolv.h])], | 3403 | [Define if we don't have struct __res_state in resolv.h])], |
3330 | [ | 3404 | [[ |
3331 | #include <stdio.h> | 3405 | #include <stdio.h> |
3332 | #if HAVE_SYS_TYPES_H | 3406 | #if HAVE_SYS_TYPES_H |
3333 | # include <sys/types.h> | 3407 | # include <sys/types.h> |
@@ -3335,7 +3409,7 @@ AC_CHECK_MEMBER([struct __res_state.retrans], [], [AC_DEFINE([__res_state], [sta | |||
3335 | #include <netinet/in.h> | 3409 | #include <netinet/in.h> |
3336 | #include <arpa/nameser.h> | 3410 | #include <arpa/nameser.h> |
3337 | #include <resolv.h> | 3411 | #include <resolv.h> |
3338 | ]) | 3412 | ]]) |
3339 | 3413 | ||
3340 | AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage], | 3414 | AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage], |
3341 | ac_cv_have_ss_family_in_struct_ss, [ | 3415 | ac_cv_have_ss_family_in_struct_ss, [ |
@@ -3365,45 +3439,6 @@ if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then | |||
3365 | [Fields in struct sockaddr_storage]) | 3439 | [Fields in struct sockaddr_storage]) |
3366 | fi | 3440 | fi |
3367 | 3441 | ||
3368 | AC_CACHE_CHECK([for pw_class field in struct passwd], | ||
3369 | ac_cv_have_pw_class_in_struct_passwd, [ | ||
3370 | AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <pwd.h> ]], | ||
3371 | [[ struct passwd p; p.pw_class = 0; ]])], | ||
3372 | [ ac_cv_have_pw_class_in_struct_passwd="yes" ], | ||
3373 | [ ac_cv_have_pw_class_in_struct_passwd="no" | ||
3374 | ]) | ||
3375 | ]) | ||
3376 | if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then | ||
3377 | AC_DEFINE([HAVE_PW_CLASS_IN_PASSWD], [1], | ||
3378 | [Define if your password has a pw_class field]) | ||
3379 | fi | ||
3380 | |||
3381 | AC_CACHE_CHECK([for pw_expire field in struct passwd], | ||
3382 | ac_cv_have_pw_expire_in_struct_passwd, [ | ||
3383 | AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <pwd.h> ]], | ||
3384 | [[ struct passwd p; p.pw_expire = 0; ]])], | ||
3385 | [ ac_cv_have_pw_expire_in_struct_passwd="yes" ], | ||
3386 | [ ac_cv_have_pw_expire_in_struct_passwd="no" | ||
3387 | ]) | ||
3388 | ]) | ||
3389 | if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then | ||
3390 | AC_DEFINE([HAVE_PW_EXPIRE_IN_PASSWD], [1], | ||
3391 | [Define if your password has a pw_expire field]) | ||
3392 | fi | ||
3393 | |||
3394 | AC_CACHE_CHECK([for pw_change field in struct passwd], | ||
3395 | ac_cv_have_pw_change_in_struct_passwd, [ | ||
3396 | AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <pwd.h> ]], | ||
3397 | [[ struct passwd p; p.pw_change = 0; ]])], | ||
3398 | [ ac_cv_have_pw_change_in_struct_passwd="yes" ], | ||
3399 | [ ac_cv_have_pw_change_in_struct_passwd="no" | ||
3400 | ]) | ||
3401 | ]) | ||
3402 | if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then | ||
3403 | AC_DEFINE([HAVE_PW_CHANGE_IN_PASSWD], [1], | ||
3404 | [Define if your password has a pw_change field]) | ||
3405 | fi | ||
3406 | |||
3407 | dnl make sure we're using the real structure members and not defines | 3442 | dnl make sure we're using the real structure members and not defines |
3408 | AC_CACHE_CHECK([for msg_accrights field in struct msghdr], | 3443 | AC_CACHE_CHECK([for msg_accrights field in struct msghdr], |
3409 | ac_cv_have_accrights_in_msghdr, [ | 3444 | ac_cv_have_accrights_in_msghdr, [ |
@@ -3795,6 +3830,11 @@ AC_ARG_WITH([kerberos5], | |||
3795 | # include <gssapi/gssapi_generic.h> | 3830 | # include <gssapi/gssapi_generic.h> |
3796 | #endif | 3831 | #endif |
3797 | ]]) | 3832 | ]]) |
3833 | saved_LIBS="$LIBS" | ||
3834 | LIBS="$LIBS $K5LIBS" | ||
3835 | AC_CHECK_FUNCS([krb5_cc_new_unique krb5_get_error_message krb5_free_error_message]) | ||
3836 | LIBS="$saved_LIBS" | ||
3837 | |||
3798 | fi | 3838 | fi |
3799 | ] | 3839 | ] |
3800 | ) | 3840 | ) |
@@ -4569,6 +4609,7 @@ else | |||
4569 | fi | 4609 | fi |
4570 | AC_CHECK_DECL([BROKEN_GETADDRINFO], [TEST_SSH_IPV6=no]) | 4610 | AC_CHECK_DECL([BROKEN_GETADDRINFO], [TEST_SSH_IPV6=no]) |
4571 | AC_SUBST([TEST_SSH_IPV6], [$TEST_SSH_IPV6]) | 4611 | AC_SUBST([TEST_SSH_IPV6], [$TEST_SSH_IPV6]) |
4612 | AC_SUBST([UNSUPPORTED_ALGORITHMS], [$unsupported_algorithms]) | ||
4572 | 4613 | ||
4573 | AC_EXEEXT | 4614 | AC_EXEEXT |
4574 | AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \ | 4615 | AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \ |
diff --git a/contrib/caldera/openssh.spec b/contrib/caldera/openssh.spec index ca34bd23a..b460bfff0 100644 --- a/contrib/caldera/openssh.spec +++ b/contrib/caldera/openssh.spec | |||
@@ -16,7 +16,7 @@ | |||
16 | 16 | ||
17 | #old cvs stuff. please update before use. may be deprecated. | 17 | #old cvs stuff. please update before use. may be deprecated. |
18 | %define use_stable 1 | 18 | %define use_stable 1 |
19 | %define version 6.2p2 | 19 | %define version 6.3p1 |
20 | %if %{use_stable} | 20 | %if %{use_stable} |
21 | %define cvs %{nil} | 21 | %define cvs %{nil} |
22 | %define release 1 | 22 | %define release 1 |
@@ -363,4 +363,4 @@ fi | |||
363 | * Mon Jan 01 1998 ... | 363 | * Mon Jan 01 1998 ... |
364 | Template Version: 1.31 | 364 | Template Version: 1.31 |
365 | 365 | ||
366 | $Id: openssh.spec,v 1.79.2.1 2013/05/10 06:02:21 djm Exp $ | 366 | $Id: openssh.spec,v 1.80 2013/07/25 02:34:00 djm Exp $ |
diff --git a/contrib/cygwin/README b/contrib/cygwin/README index 5f911e924..2562b6186 100644 --- a/contrib/cygwin/README +++ b/contrib/cygwin/README | |||
@@ -4,115 +4,18 @@ The binary package is usually built for recent Cygwin versions and might | |||
4 | not run on older versions. Please check http://cygwin.com/ for information | 4 | not run on older versions. Please check http://cygwin.com/ for information |
5 | about current Cygwin releases. | 5 | about current Cygwin releases. |
6 | 6 | ||
7 | Build instructions are at the end of the file. | 7 | ================== |
8 | 8 | Host configuration | |
9 | =========================================================================== | 9 | ================== |
10 | Important change since 3.7.1p2-2: | ||
11 | |||
12 | The ssh-host-config file doesn't create the /etc/ssh_config and | ||
13 | /etc/sshd_config files from builtin here-scripts anymore, but it uses | ||
14 | skeleton files installed in /etc/defaults/etc. | ||
15 | |||
16 | Also it now tries hard to create appropriate permissions on files. | ||
17 | Same applies for ssh-user-config. | ||
18 | |||
19 | After creating the sshd service with ssh-host-config, it's advisable to | ||
20 | call ssh-user-config for all affected users, also already exising user | ||
21 | configurations. In the latter case, file and directory permissions are | ||
22 | checked and changed, if requireed to match the host configuration. | ||
23 | |||
24 | Important note for Windows 2003 Server users: | ||
25 | --------------------------------------------- | ||
26 | |||
27 | 2003 Server has a funny new feature. When starting services under SYSTEM | ||
28 | account, these services have nearly all user rights which SYSTEM holds... | ||
29 | except for the "Create a token object" right, which is needed to allow | ||
30 | public key authentication :-( | ||
31 | |||
32 | There's no way around this, except for creating a substitute account which | ||
33 | has the appropriate privileges. Basically, this account should be member | ||
34 | of the administrators group, plus it should have the following user rights: | ||
35 | |||
36 | Create a token object | ||
37 | Logon as a service | ||
38 | Replace a process level token | ||
39 | Increase Quota | ||
40 | |||
41 | The ssh-host-config script asks you, if it should create such an account, | ||
42 | called "sshd_server". If you say "no" here, you're on your own. Please | ||
43 | follow the instruction in ssh-host-config exactly if possible. Note that | ||
44 | ssh-user-config sets the permissions on 2003 Server machines dependent of | ||
45 | whether a sshd_server account exists or not. | ||
46 | =========================================================================== | ||
47 | |||
48 | =========================================================================== | ||
49 | Important change since 3.4p1-2: | ||
50 | |||
51 | This version adds privilege separation as default setting, see | ||
52 | /usr/doc/openssh/README.privsep. According to that document the | ||
53 | privsep feature requires a non-privileged account called 'sshd'. | ||
54 | |||
55 | The new ssh-host-config file which is part of this version asks | ||
56 | to create 'sshd' as local user if you want to use privilege | ||
57 | separation. If you confirm, it creates that NT user and adds | ||
58 | the necessary entry to /etc/passwd. | ||
59 | |||
60 | On 9x/Me systems the script just sets UsePrivilegeSeparation to "no" | ||
61 | since that feature doesn't make any sense on a system which doesn't | ||
62 | differ between privileged and unprivileged users. | ||
63 | |||
64 | The new ssh-host-config script also adds the /var/empty directory | ||
65 | needed by privilege separation. When creating the /var/empty directory | ||
66 | by yourself, please note that in contrast to the README.privsep document | ||
67 | the owner sshould not be "root" but the user which is running sshd. So, | ||
68 | in the standard configuration this is SYSTEM. The ssh-host-config script | ||
69 | chowns /var/empty accordingly. | ||
70 | =========================================================================== | ||
71 | |||
72 | =========================================================================== | ||
73 | Important change since 3.0.1p1-2: | ||
74 | |||
75 | This version introduces the ability to register sshd as service on | ||
76 | Windows 9x/Me systems. This is done only when the options -D and/or | ||
77 | -d are not given. | ||
78 | =========================================================================== | ||
79 | |||
80 | =========================================================================== | ||
81 | Important change since 2.9p2: | ||
82 | |||
83 | Since Cygwin is able to switch user context without password beginning | ||
84 | with version 1.3.2, OpenSSH now allows to do so when it's running under | ||
85 | a version >= 1.3.2. Keep in mind that `ntsec' has to be activated to | ||
86 | allow that feature. | ||
87 | =========================================================================== | ||
88 | |||
89 | =========================================================================== | ||
90 | Important change since 2.3.0p1: | ||
91 | |||
92 | When using `ntea' or `ntsec' you now have to care for the ownership | ||
93 | and permission bits of your host key files and your private key files. | ||
94 | The host key files have to be owned by the NT account which starts | ||
95 | sshd. The user key files have to be owned by the user. The permission | ||
96 | bits of the private key files (host and user) have to be at least | ||
97 | rw------- (0600)! | ||
98 | |||
99 | Note that this is forced under `ntsec' only if the files are on a NTFS | ||
100 | filesystem (which is recommended) due to the lack of any basic security | ||
101 | features of the FAT/FAT32 filesystems. | ||
102 | =========================================================================== | ||
103 | 10 | ||
104 | If you are installing OpenSSH the first time, you can generate global config | 11 | If you are installing OpenSSH the first time, you can generate global config |
105 | files and server keys by running | 12 | files and server keys, as well as installing sshd as a service, by running |
106 | 13 | ||
107 | /usr/bin/ssh-host-config | 14 | /usr/bin/ssh-host-config |
108 | 15 | ||
109 | Note that this binary archive doesn't contain default config files in /etc. | 16 | Note that this binary archive doesn't contain default config files in /etc. |
110 | That files are only created if ssh-host-config is started. | 17 | That files are only created if ssh-host-config is started. |
111 | 18 | ||
112 | If you are updating your installation you may run the above ssh-host-config | ||
113 | as well to move your configuration files to the new location and to | ||
114 | erase the files at the old location. | ||
115 | |||
116 | To support testing and unattended installation ssh-host-config got | 19 | To support testing and unattended installation ssh-host-config got |
117 | some options: | 20 | some options: |
118 | 21 | ||
@@ -123,16 +26,25 @@ Options: | |||
123 | --no -n Answer all questions with "no" automatically. | 26 | --no -n Answer all questions with "no" automatically. |
124 | --cygwin -c <options> Use "options" as value for CYGWIN environment var. | 27 | --cygwin -c <options> Use "options" as value for CYGWIN environment var. |
125 | --port -p <n> sshd listens on port n. | 28 | --port -p <n> sshd listens on port n. |
126 | --pwd -w <passwd> Use "pwd" as password for user 'sshd_server'. | 29 | --user -u <account> privileged user for service, default 'cyg_server'. |
30 | --pwd -w <passwd> Use "pwd" as password for privileged user. | ||
31 | --privileged On Windows XP, require privileged user | ||
32 | instead of LocalSystem for sshd service. | ||
127 | 33 | ||
128 | Additionally ssh-host-config now asks if it should install sshd as a | 34 | Installing sshd as daemon via ssh-host-config is recommended. |
129 | service when running under NT/W2K. This requires cygrunsrv installed. | ||
130 | 35 | ||
131 | You can create the private and public keys for a user now by running | 36 | Alternatively you can start sshd via inetd, if you have the inetutils |
37 | package installed. Just run ssh-host-config, but answer "no" when asked | ||
38 | to install sshd as service. The ssh-host-config script also adds the | ||
39 | required lines to /etc/inetd.conf and /etc/services. | ||
132 | 40 | ||
133 | /usr/bin/ssh-user-config | 41 | ================== |
42 | User configuration | ||
43 | ================== | ||
44 | |||
45 | Any user can simplify creating the own private and public keys by running | ||
134 | 46 | ||
135 | under the users account. | 47 | /usr/bin/ssh-user-config |
136 | 48 | ||
137 | To support testing and unattended installation ssh-user-config got | 49 | To support testing and unattended installation ssh-user-config got |
138 | some options as well: | 50 | some options as well: |
@@ -144,88 +56,30 @@ Options: | |||
144 | --no -n Answer all questions with "no" automatically. | 56 | --no -n Answer all questions with "no" automatically. |
145 | --passphrase -p word Use "word" as passphrase automatically. | 57 | --passphrase -p word Use "word" as passphrase automatically. |
146 | 58 | ||
147 | Install sshd as daemon via cygrunsrv.exe (recommended on NT/W2K), via inetd | ||
148 | (results in very slow deamon startup!) or from the command line (recommended | ||
149 | on 9X/ME). | ||
150 | |||
151 | If you start sshd as deamon via cygrunsrv.exe you MUST give the | ||
152 | "-D" option to sshd. Otherwise the service can't get started at all. | ||
153 | |||
154 | If starting via inetd, copy sshd to eg. /usr/sbin/in.sshd and add the | ||
155 | following line to your inetd.conf file: | ||
156 | |||
157 | ssh stream tcp nowait root /usr/sbin/in.sshd sshd -i | ||
158 | |||
159 | Moreover you'll have to add the following line to your | ||
160 | ${SYSTEMROOT}/system32/drivers/etc/services file: | ||
161 | |||
162 | ssh 22/tcp #SSH daemon | ||
163 | |||
164 | Please note that OpenSSH does never use the value of $HOME to | 59 | Please note that OpenSSH does never use the value of $HOME to |
165 | search for the users configuration files! It always uses the | 60 | search for the users configuration files! It always uses the |
166 | value of the pw_dir field in /etc/passwd as the home directory. | 61 | value of the pw_dir field in /etc/passwd as the home directory. |
167 | If no home diretory is set in /etc/passwd, the root directory | 62 | If no home diretory is set in /etc/passwd, the root directory |
168 | is used instead! | 63 | is used instead! |
169 | 64 | ||
170 | You may use all features of the CYGWIN=ntsec setting the same | 65 | ================ |
171 | way as they are used by Cygwin's login(1) port: | 66 | Building OpenSSH |
172 | 67 | ================ | |
173 | The pw_gecos field may contain an additional field, that begins | ||
174 | with (upper case!) "U-", followed by the domain and the username | ||
175 | separated by a backslash. | ||
176 | CAUTION: The SID _must_ remain the _last_ field in pw_gecos! | ||
177 | BTW: The field separator in pw_gecos is the comma. | ||
178 | The username in pw_name itself may be any nice name: | ||
179 | |||
180 | domuser::1104:513:John Doe,U-domain\user,S-1-5-21-... | ||
181 | |||
182 | Now you may use `domuser' as your login name with telnet! | ||
183 | This is possible additionally for local users, if you don't like | ||
184 | your NT login name ;-) You only have to leave out the domain: | ||
185 | |||
186 | locuser::1104:513:John Doe,U-user,S-1-5-21-... | ||
187 | |||
188 | Note that the CYGWIN=ntsec setting is required for public key authentication. | ||
189 | |||
190 | SSH2 server and user keys are generated by the `ssh-*-config' scripts | ||
191 | as well. | ||
192 | |||
193 | If you want to build from source, the following options to | ||
194 | configure are used for the Cygwin binary distribution: | ||
195 | |||
196 | --prefix=/usr \ | ||
197 | --sysconfdir=/etc \ | ||
198 | --libexecdir='${sbindir}' \ | ||
199 | --localstatedir=/var \ | ||
200 | --datadir='${prefix}/share' \ | ||
201 | --mandir='${datadir}/man' \ | ||
202 | --infodir='${datadir}/info' | ||
203 | --with-tcp-wrappers | ||
204 | --with-libedit | ||
205 | |||
206 | If you want to create a Cygwin package, equivalent to the one | ||
207 | in the Cygwin binary distribution, install like this: | ||
208 | |||
209 | mkdir /tmp/cygwin-ssh | ||
210 | cd ${builddir} | ||
211 | make install DESTDIR=/tmp/cygwin-ssh | ||
212 | cd ${srcdir}/contrib/cygwin | ||
213 | make cygwin-postinstall DESTDIR=/tmp/cygwin-ssh | ||
214 | cd /tmp/cygwin-ssh | ||
215 | find * \! -type d | tar cvjfT my-openssh.tar.bz2 - | ||
216 | |||
217 | You must have installed the following packages to be able to build OpenSSH: | ||
218 | |||
219 | - zlib | ||
220 | - openssl-devel | ||
221 | 68 | ||
222 | If you want to build with --with-tcp-wrappers, you also need the package | 69 | Building from source is easy. Just unpack the source archive, cd to that |
70 | directory, and call cygport: | ||
223 | 71 | ||
224 | - tcp_wrappers | 72 | cygport openssh.cygport almostall |
225 | 73 | ||
226 | If you want to build with --with-libedit, you also need the package | 74 | You must have installed the following packages to be able to build OpenSSH |
75 | with the aforementioned cygport script: | ||
227 | 76 | ||
228 | - libedit-devel | 77 | zlib |
78 | crypt | ||
79 | openssl-devel | ||
80 | libwrap-devel | ||
81 | libedit-devel | ||
82 | libkrb5-devel | ||
229 | 83 | ||
230 | Please send requests, error reports etc. to cygwin@cygwin.com. | 84 | Please send requests, error reports etc. to cygwin@cygwin.com. |
231 | 85 | ||
diff --git a/contrib/cygwin/ssh-host-config b/contrib/cygwin/ssh-host-config index 3c9046f5f..c542d5cb6 100644 --- a/contrib/cygwin/ssh-host-config +++ b/contrib/cygwin/ssh-host-config | |||
@@ -606,9 +606,9 @@ do | |||
606 | echo " --no -n Answer all questions with \"no\" automatically." | 606 | echo " --no -n Answer all questions with \"no\" automatically." |
607 | echo " --cygwin -c <options> Use \"options\" as value for CYGWIN environment var." | 607 | echo " --cygwin -c <options> Use \"options\" as value for CYGWIN environment var." |
608 | echo " --port -p <n> sshd listens on port n." | 608 | echo " --port -p <n> sshd listens on port n." |
609 | echo " --user -u <account> privileged user for service." | 609 | echo " --user -u <account> privileged user for service, default 'cyg_server'." |
610 | echo " --pwd -w <passwd> Use \"pwd\" as password for privileged user." | 610 | echo " --pwd -w <passwd> Use \"pwd\" as password for privileged user." |
611 | echo " --privileged On Windows NT/2k/XP, require privileged user" | 611 | echo " --privileged On Windows XP, require privileged user" |
612 | echo " instead of LocalSystem for sshd service." | 612 | echo " instead of LocalSystem for sshd service." |
613 | echo | 613 | echo |
614 | exit 1 | 614 | exit 1 |
diff --git a/contrib/cygwin/ssh-user-config b/contrib/cygwin/ssh-user-config index 027ae6032..8708b7a58 100644 --- a/contrib/cygwin/ssh-user-config +++ b/contrib/cygwin/ssh-user-config | |||
@@ -222,10 +222,6 @@ do | |||
222 | shift | 222 | shift |
223 | ;; | 223 | ;; |
224 | 224 | ||
225 | --privileged ) | ||
226 | csih_FORCE_PRIVILEGED_USER=yes | ||
227 | ;; | ||
228 | |||
229 | *) | 225 | *) |
230 | echo "usage: ${PROGNAME} [OPTION]..." | 226 | echo "usage: ${PROGNAME} [OPTION]..." |
231 | echo | 227 | echo |
@@ -236,8 +232,6 @@ do | |||
236 | echo " --yes -y Answer all questions with \"yes\" automatically." | 232 | echo " --yes -y Answer all questions with \"yes\" automatically." |
237 | echo " --no -n Answer all questions with \"no\" automatically." | 233 | echo " --no -n Answer all questions with \"no\" automatically." |
238 | echo " --passphrase -p word Use \"word\" as passphrase automatically." | 234 | echo " --passphrase -p word Use \"word\" as passphrase automatically." |
239 | echo " --privileged On Windows NT/2k/XP, assume privileged user" | ||
240 | echo " instead of LocalSystem for sshd service." | ||
241 | echo | 235 | echo |
242 | exit 1 | 236 | exit 1 |
243 | ;; | 237 | ;; |
diff --git a/contrib/redhat/openssh.spec b/contrib/redhat/openssh.spec index cd5378ed2..d1191f4e1 100644 --- a/contrib/redhat/openssh.spec +++ b/contrib/redhat/openssh.spec | |||
@@ -1,4 +1,4 @@ | |||
1 | %define ver 6.2p2 | 1 | %define ver 6.3p1 |
2 | %define rel 1 | 2 | %define rel 1 |
3 | 3 | ||
4 | # OpenSSH privilege separation requires a user & group ID | 4 | # OpenSSH privilege separation requires a user & group ID |
diff --git a/contrib/suse/openssh.spec b/contrib/suse/openssh.spec index bb9e50bd9..2866039d1 100644 --- a/contrib/suse/openssh.spec +++ b/contrib/suse/openssh.spec | |||
@@ -13,7 +13,7 @@ | |||
13 | 13 | ||
14 | Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation | 14 | Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation |
15 | Name: openssh | 15 | Name: openssh |
16 | Version: 6.2p2 | 16 | Version: 6.3p1 |
17 | URL: http://www.openssh.com/ | 17 | URL: http://www.openssh.com/ |
18 | Release: 1 | 18 | Release: 1 |
19 | Source0: openssh-%{version}.tar.gz | 19 | Source0: openssh-%{version}.tar.gz |
diff --git a/debian/changelog b/debian/changelog index 9ed26d33d..a7359c9c5 100644 --- a/debian/changelog +++ b/debian/changelog | |||
@@ -1,5 +1,16 @@ | |||
1 | openssh (1:6.2p2-7) UNRELEASED; urgency=low | 1 | openssh (1:6.3p1-1) UNRELEASED; urgency=low |
2 | 2 | ||
3 | * New upstream release (http://www.openssh.com/txt/release-6.3). | ||
4 | - sftp(1): add support for resuming partial downloads using the "reget" | ||
5 | command and on the sftp commandline or on the "get" commandline using | ||
6 | the "-a" (append) option (closes: #158590). | ||
7 | - ssh(1): add an "IgnoreUnknown" configuration option to selectively | ||
8 | suppress errors arising from unknown configuration directives (closes: | ||
9 | #436052). | ||
10 | - sftp(1): update progressmeter when data is acknowledged, not when it's | ||
11 | sent (partially addresses #708372). | ||
12 | - ssh(1): do not fatally exit when attempting to cleanup multiplexing- | ||
13 | created channels that are incompletely opened (closes: #651357). | ||
3 | * When running under Upstart, only consider the daemon started once it is | 14 | * When running under Upstart, only consider the daemon started once it is |
4 | ready to accept connections (by raising SIGSTOP at that point and using | 15 | ready to accept connections (by raising SIGSTOP at that point and using |
5 | "expect stop"). | 16 | "expect stop"). |
diff --git a/debian/patches/auth-log-verbosity.patch b/debian/patches/auth-log-verbosity.patch index 206967bc9..a6a842ecd 100644 --- a/debian/patches/auth-log-verbosity.patch +++ b/debian/patches/auth-log-verbosity.patch | |||
@@ -2,7 +2,7 @@ Description: Quieten logs when multiple from= restrictions are used | |||
2 | Author: Colin Watson <cjwatson@debian.org> | 2 | Author: Colin Watson <cjwatson@debian.org> |
3 | Bug-Debian: http://bugs.debian.org/630606 | 3 | Bug-Debian: http://bugs.debian.org/630606 |
4 | Forwarded: no | 4 | Forwarded: no |
5 | Last-Update: 2013-05-07 | 5 | Last-Update: 2013-09-14 |
6 | 6 | ||
7 | Index: b/auth-options.c | 7 | Index: b/auth-options.c |
8 | =================================================================== | 8 | =================================================================== |
@@ -32,7 +32,7 @@ Index: b/auth-options.c | |||
32 | @@ -288,10 +299,13 @@ | 32 | @@ -288,10 +299,13 @@ |
33 | /* FALLTHROUGH */ | 33 | /* FALLTHROUGH */ |
34 | case 0: | 34 | case 0: |
35 | xfree(patterns); | 35 | free(patterns); |
36 | - logit("Authentication tried for %.100s with " | 36 | - logit("Authentication tried for %.100s with " |
37 | - "correct key but not from a permitted " | 37 | - "correct key but not from a permitted " |
38 | - "host (host=%.200s, ip=%.200s).", | 38 | - "host (host=%.200s, ip=%.200s).", |
@@ -47,7 +47,7 @@ Index: b/auth-options.c | |||
47 | auth_debug_add("Your host '%.200s' is not " | 47 | auth_debug_add("Your host '%.200s' is not " |
48 | "permitted to use this key for login.", | 48 | "permitted to use this key for login.", |
49 | remote_host); | 49 | remote_host); |
50 | @@ -512,11 +526,14 @@ | 50 | @@ -513,11 +527,14 @@ |
51 | break; | 51 | break; |
52 | case 0: | 52 | case 0: |
53 | /* no match */ | 53 | /* no match */ |
@@ -83,7 +83,7 @@ Index: b/auth-rsa.c | |||
83 | =================================================================== | 83 | =================================================================== |
84 | --- a/auth-rsa.c | 84 | --- a/auth-rsa.c |
85 | +++ b/auth-rsa.c | 85 | +++ b/auth-rsa.c |
86 | @@ -175,6 +175,8 @@ | 86 | @@ -174,6 +174,8 @@ |
87 | if ((f = auth_openkeyfile(file, pw, options.strict_modes)) == NULL) | 87 | if ((f = auth_openkeyfile(file, pw, options.strict_modes)) == NULL) |
88 | return 0; | 88 | return 0; |
89 | 89 | ||
@@ -96,7 +96,7 @@ Index: b/auth2-pubkey.c | |||
96 | =================================================================== | 96 | =================================================================== |
97 | --- a/auth2-pubkey.c | 97 | --- a/auth2-pubkey.c |
98 | +++ b/auth2-pubkey.c | 98 | +++ b/auth2-pubkey.c |
99 | @@ -217,6 +217,7 @@ | 99 | @@ -257,6 +257,7 @@ |
100 | restore_uid(); | 100 | restore_uid(); |
101 | return 0; | 101 | return 0; |
102 | } | 102 | } |
@@ -104,16 +104,15 @@ Index: b/auth2-pubkey.c | |||
104 | while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) { | 104 | while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) { |
105 | /* Skip leading whitespace. */ | 105 | /* Skip leading whitespace. */ |
106 | for (cp = line; *cp == ' ' || *cp == '\t'; cp++) | 106 | for (cp = line; *cp == ' ' || *cp == '\t'; cp++) |
107 | @@ -278,6 +279,8 @@ | 107 | @@ -318,6 +319,7 @@ |
108 | found_key = 0; | 108 | found_key = 0; |
109 | found = key_new(key_is_cert(key) ? KEY_UNSPEC : key->type); | ||
110 | 109 | ||
110 | found = NULL; | ||
111 | + auth_start_parse_options(); | 111 | + auth_start_parse_options(); |
112 | + | ||
113 | while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) { | 112 | while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) { |
114 | char *cp, *key_options = NULL; | 113 | char *cp, *key_options = NULL; |
115 | 114 | if (found != NULL) | |
116 | @@ -412,6 +415,7 @@ | 115 | @@ -453,6 +455,7 @@ |
117 | if (key_cert_check_authority(key, 0, 1, | 116 | if (key_cert_check_authority(key, 0, 1, |
118 | principals_file == NULL ? pw->pw_name : NULL, &reason) != 0) | 117 | principals_file == NULL ? pw->pw_name : NULL, &reason) != 0) |
119 | goto fail_reason; | 118 | goto fail_reason; |
diff --git a/debian/patches/authorized-keys-man-symlink.patch b/debian/patches/authorized-keys-man-symlink.patch index c6a4b64c6..e48a3cb3e 100644 --- a/debian/patches/authorized-keys-man-symlink.patch +++ b/debian/patches/authorized-keys-man-symlink.patch | |||
@@ -2,13 +2,13 @@ Description: Install authorized_keys(5) as a symlink to sshd(8) | |||
2 | Author: Tomas Pospisek <tpo_deb@sourcepole.ch> | 2 | Author: Tomas Pospisek <tpo_deb@sourcepole.ch> |
3 | Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1720 | 3 | Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1720 |
4 | Bug-Debian: http://bugs.debian.org/441817 | 4 | Bug-Debian: http://bugs.debian.org/441817 |
5 | Last-Update: 2013-05-07 | 5 | Last-Update: 2013-09-14 |
6 | 6 | ||
7 | Index: b/Makefile.in | 7 | Index: b/Makefile.in |
8 | =================================================================== | 8 | =================================================================== |
9 | --- a/Makefile.in | 9 | --- a/Makefile.in |
10 | +++ b/Makefile.in | 10 | +++ b/Makefile.in |
11 | @@ -286,6 +286,7 @@ | 11 | @@ -289,6 +289,7 @@ |
12 | $(INSTALL) -m 644 sshd_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/sshd_config.5 | 12 | $(INSTALL) -m 644 sshd_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/sshd_config.5 |
13 | $(INSTALL) -m 644 ssh_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/ssh_config.5 | 13 | $(INSTALL) -m 644 ssh_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/ssh_config.5 |
14 | $(INSTALL) -m 644 sshd.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sshd.8 | 14 | $(INSTALL) -m 644 sshd.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sshd.8 |
diff --git a/debian/patches/consolekit.patch b/debian/patches/consolekit.patch index 36b3805b9..fd064a848 100644 --- a/debian/patches/consolekit.patch +++ b/debian/patches/consolekit.patch | |||
@@ -1,7 +1,7 @@ | |||
1 | Description: Add support for registering ConsoleKit sessions on login | 1 | Description: Add support for registering ConsoleKit sessions on login |
2 | Author: Colin Watson <cjwatson@ubuntu.com> | 2 | Author: Colin Watson <cjwatson@ubuntu.com> |
3 | Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1450 | 3 | Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1450 |
4 | Last-Updated: 2013-05-13 | 4 | Last-Updated: 2013-09-14 |
5 | 5 | ||
6 | Index: b/Makefile.in | 6 | Index: b/Makefile.in |
7 | =================================================================== | 7 | =================================================================== |
@@ -21,7 +21,7 @@ Index: b/configure.ac | |||
21 | =================================================================== | 21 | =================================================================== |
22 | --- a/configure.ac | 22 | --- a/configure.ac |
23 | +++ b/configure.ac | 23 | +++ b/configure.ac |
24 | @@ -3801,6 +3801,30 @@ | 24 | @@ -3841,6 +3841,30 @@ |
25 | AC_SUBST([GSSLIBS]) | 25 | AC_SUBST([GSSLIBS]) |
26 | AC_SUBST([K5LIBS]) | 26 | AC_SUBST([K5LIBS]) |
27 | 27 | ||
@@ -52,7 +52,7 @@ Index: b/configure.ac | |||
52 | # Looking for programs, paths and files | 52 | # Looking for programs, paths and files |
53 | 53 | ||
54 | PRIVSEP_PATH=/var/empty | 54 | PRIVSEP_PATH=/var/empty |
55 | @@ -4600,6 +4624,7 @@ | 55 | @@ -4641,6 +4665,7 @@ |
56 | echo " libedit support: $LIBEDIT_MSG" | 56 | echo " libedit support: $LIBEDIT_MSG" |
57 | echo " Solaris process contract support: $SPC_MSG" | 57 | echo " Solaris process contract support: $SPC_MSG" |
58 | echo " Solaris project support: $SP_MSG" | 58 | echo " Solaris project support: $SP_MSG" |
@@ -64,7 +64,7 @@ Index: b/configure | |||
64 | =================================================================== | 64 | =================================================================== |
65 | --- a/configure | 65 | --- a/configure |
66 | +++ b/configure | 66 | +++ b/configure |
67 | @@ -737,6 +737,7 @@ | 67 | @@ -738,6 +738,7 @@ |
68 | with_sandbox | 68 | with_sandbox |
69 | with_selinux | 69 | with_selinux |
70 | with_kerberos5 | 70 | with_kerberos5 |
@@ -72,7 +72,7 @@ Index: b/configure | |||
72 | with_privsep_path | 72 | with_privsep_path |
73 | with_xauth | 73 | with_xauth |
74 | enable_strip | 74 | enable_strip |
75 | @@ -1427,6 +1428,7 @@ | 75 | @@ -1428,6 +1429,7 @@ |
76 | --with-sandbox=style Specify privilege separation sandbox (no, darwin, rlimit, systrace, seccomp_filter) | 76 | --with-sandbox=style Specify privilege separation sandbox (no, darwin, rlimit, systrace, seccomp_filter) |
77 | --with-selinux Enable SELinux support | 77 | --with-selinux Enable SELinux support |
78 | --with-kerberos5=PATH Enable Kerberos 5 support | 78 | --with-kerberos5=PATH Enable Kerberos 5 support |
@@ -80,7 +80,7 @@ Index: b/configure | |||
80 | --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty) | 80 | --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty) |
81 | --with-xauth=PATH Specify path to xauth program | 81 | --with-xauth=PATH Specify path to xauth program |
82 | --with-maildir=/path/to/mail Specify your system mail directory | 82 | --with-maildir=/path/to/mail Specify your system mail directory |
83 | @@ -16002,6 +16004,135 @@ | 83 | @@ -16375,6 +16377,135 @@ |
84 | 84 | ||
85 | 85 | ||
86 | 86 | ||
@@ -216,7 +216,7 @@ Index: b/configure | |||
216 | # Looking for programs, paths and files | 216 | # Looking for programs, paths and files |
217 | 217 | ||
218 | PRIVSEP_PATH=/var/empty | 218 | PRIVSEP_PATH=/var/empty |
219 | @@ -18527,6 +18658,7 @@ | 219 | @@ -18902,6 +19033,7 @@ |
220 | echo " libedit support: $LIBEDIT_MSG" | 220 | echo " libedit support: $LIBEDIT_MSG" |
221 | echo " Solaris process contract support: $SPC_MSG" | 221 | echo " Solaris process contract support: $SPC_MSG" |
222 | echo " Solaris project support: $SP_MSG" | 222 | echo " Solaris project support: $SP_MSG" |
@@ -502,17 +502,17 @@ Index: b/monitor.c | |||
502 | =================================================================== | 502 | =================================================================== |
503 | --- a/monitor.c | 503 | --- a/monitor.c |
504 | +++ b/monitor.c | 504 | +++ b/monitor.c |
505 | @@ -97,6 +97,9 @@ | 505 | @@ -98,6 +98,9 @@ |
506 | #include "ssh2.h" | ||
507 | #include "jpake.h" | 506 | #include "jpake.h" |
508 | #include "roaming.h" | 507 | #include "roaming.h" |
508 | #include "authfd.h" | ||
509 | +#ifdef USE_CONSOLEKIT | 509 | +#ifdef USE_CONSOLEKIT |
510 | +#include "consolekit.h" | 510 | +#include "consolekit.h" |
511 | +#endif | 511 | +#endif |
512 | 512 | ||
513 | #ifdef GSSAPI | 513 | #ifdef GSSAPI |
514 | static Gssctxt *gsscontext = NULL; | 514 | static Gssctxt *gsscontext = NULL; |
515 | @@ -192,6 +195,10 @@ | 515 | @@ -193,6 +196,10 @@ |
516 | 516 | ||
517 | static int monitor_read_log(struct monitor *); | 517 | static int monitor_read_log(struct monitor *); |
518 | 518 | ||
@@ -523,7 +523,7 @@ Index: b/monitor.c | |||
523 | static Authctxt *authctxt; | 523 | static Authctxt *authctxt; |
524 | static BIGNUM *ssh1_challenge = NULL; /* used for ssh1 rsa auth */ | 524 | static BIGNUM *ssh1_challenge = NULL; /* used for ssh1 rsa auth */ |
525 | 525 | ||
526 | @@ -284,6 +291,9 @@ | 526 | @@ -285,6 +292,9 @@ |
527 | {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, | 527 | {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, |
528 | {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT, mm_answer_audit_command}, | 528 | {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT, mm_answer_audit_command}, |
529 | #endif | 529 | #endif |
@@ -533,7 +533,7 @@ Index: b/monitor.c | |||
533 | {0, 0, NULL} | 533 | {0, 0, NULL} |
534 | }; | 534 | }; |
535 | 535 | ||
536 | @@ -326,6 +336,9 @@ | 536 | @@ -327,6 +337,9 @@ |
537 | {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, | 537 | {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, |
538 | {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT|MON_ONCE, mm_answer_audit_command}, | 538 | {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT|MON_ONCE, mm_answer_audit_command}, |
539 | #endif | 539 | #endif |
@@ -553,7 +553,7 @@ Index: b/monitor.c | |||
553 | 553 | ||
554 | for (;;) | 554 | for (;;) |
555 | monitor_read(pmonitor, mon_dispatch, NULL); | 555 | monitor_read(pmonitor, mon_dispatch, NULL); |
556 | @@ -2472,3 +2488,31 @@ | 556 | @@ -2492,3 +2508,30 @@ |
557 | } | 557 | } |
558 | 558 | ||
559 | #endif /* JPAKE */ | 559 | #endif /* JPAKE */ |
@@ -577,10 +577,9 @@ Index: b/monitor.c | |||
577 | + buffer_put_cstring(m, cookie != NULL ? cookie : ""); | 577 | + buffer_put_cstring(m, cookie != NULL ? cookie : ""); |
578 | + mm_request_send(sock, MONITOR_ANS_CONSOLEKIT_REGISTER, m); | 578 | + mm_request_send(sock, MONITOR_ANS_CONSOLEKIT_REGISTER, m); |
579 | + | 579 | + |
580 | + if (cookie != NULL) | 580 | + free(cookie); |
581 | + xfree(cookie); | 581 | + free(display); |
582 | + xfree(display); | 582 | + free(tty); |
583 | + xfree(tty); | ||
584 | + | 583 | + |
585 | + return (0); | 584 | + return (0); |
586 | +} | 585 | +} |
@@ -602,7 +601,7 @@ Index: b/monitor_wrap.c | |||
602 | =================================================================== | 601 | =================================================================== |
603 | --- a/monitor_wrap.c | 602 | --- a/monitor_wrap.c |
604 | +++ b/monitor_wrap.c | 603 | +++ b/monitor_wrap.c |
605 | @@ -1514,3 +1514,34 @@ | 604 | @@ -1516,3 +1516,34 @@ |
606 | return success; | 605 | return success; |
607 | } | 606 | } |
608 | #endif /* JPAKE */ | 607 | #endif /* JPAKE */ |
@@ -631,7 +630,7 @@ Index: b/monitor_wrap.c | |||
631 | + | 630 | + |
632 | + /* treat empty cookie as missing cookie */ | 631 | + /* treat empty cookie as missing cookie */ |
633 | + if (strlen(cookie) == 0) { | 632 | + if (strlen(cookie) == 0) { |
634 | + xfree(cookie); | 633 | + free(cookie); |
635 | + cookie = NULL; | 634 | + cookie = NULL; |
636 | + } | 635 | + } |
637 | + return (cookie); | 636 | + return (cookie); |
@@ -654,7 +653,7 @@ Index: b/session.c | |||
654 | =================================================================== | 653 | =================================================================== |
655 | --- a/session.c | 654 | --- a/session.c |
656 | +++ b/session.c | 655 | +++ b/session.c |
657 | @@ -91,6 +91,7 @@ | 656 | @@ -92,6 +92,7 @@ |
658 | #include "kex.h" | 657 | #include "kex.h" |
659 | #include "monitor_wrap.h" | 658 | #include "monitor_wrap.h" |
660 | #include "sftp.h" | 659 | #include "sftp.h" |
@@ -684,7 +683,7 @@ Index: b/session.c | |||
684 | #ifdef USE_PAM | 683 | #ifdef USE_PAM |
685 | /* | 684 | /* |
686 | * Pull in any environment variables that may have | 685 | * Pull in any environment variables that may have |
687 | @@ -2308,6 +2317,10 @@ | 686 | @@ -2320,6 +2329,10 @@ |
688 | 687 | ||
689 | debug("session_pty_cleanup: session %d release %s", s->self, s->tty); | 688 | debug("session_pty_cleanup: session %d release %s", s->self, s->tty); |
690 | 689 | ||
diff --git a/debian/patches/debian-banner.patch b/debian/patches/debian-banner.patch index d96f2cc59..981cdd697 100644 --- a/debian/patches/debian-banner.patch +++ b/debian/patches/debian-banner.patch | |||
@@ -4,13 +4,13 @@ Description: Add DebianBanner server configuration option | |||
4 | Author: Kees Cook <kees@debian.org> | 4 | Author: Kees Cook <kees@debian.org> |
5 | Bug-Debian: http://bugs.debian.org/562048 | 5 | Bug-Debian: http://bugs.debian.org/562048 |
6 | Forwarded: not-needed | 6 | Forwarded: not-needed |
7 | Last-Update: 2013-05-07 | 7 | Last-Update: 2013-09-14 |
8 | 8 | ||
9 | Index: b/servconf.c | 9 | Index: b/servconf.c |
10 | =================================================================== | 10 | =================================================================== |
11 | --- a/servconf.c | 11 | --- a/servconf.c |
12 | +++ b/servconf.c | 12 | +++ b/servconf.c |
13 | @@ -150,6 +150,7 @@ | 13 | @@ -157,6 +157,7 @@ |
14 | options->ip_qos_interactive = -1; | 14 | options->ip_qos_interactive = -1; |
15 | options->ip_qos_bulk = -1; | 15 | options->ip_qos_bulk = -1; |
16 | options->version_addendum = NULL; | 16 | options->version_addendum = NULL; |
@@ -18,7 +18,7 @@ Index: b/servconf.c | |||
18 | } | 18 | } |
19 | 19 | ||
20 | void | 20 | void |
21 | @@ -299,6 +300,8 @@ | 21 | @@ -310,6 +311,8 @@ |
22 | options->ip_qos_bulk = IPTOS_THROUGHPUT; | 22 | options->ip_qos_bulk = IPTOS_THROUGHPUT; |
23 | if (options->version_addendum == NULL) | 23 | if (options->version_addendum == NULL) |
24 | options->version_addendum = xstrdup(""); | 24 | options->version_addendum = xstrdup(""); |
@@ -27,15 +27,15 @@ Index: b/servconf.c | |||
27 | /* Turn privilege separation on by default */ | 27 | /* Turn privilege separation on by default */ |
28 | if (use_privsep == -1) | 28 | if (use_privsep == -1) |
29 | use_privsep = PRIVSEP_NOSANDBOX; | 29 | use_privsep = PRIVSEP_NOSANDBOX; |
30 | @@ -349,6 +352,7 @@ | 30 | @@ -360,6 +363,7 @@ |
31 | sKexAlgorithms, sIPQoS, sVersionAddendum, | 31 | sKexAlgorithms, sIPQoS, sVersionAddendum, |
32 | sAuthorizedKeysCommand, sAuthorizedKeysCommandUser, | 32 | sAuthorizedKeysCommand, sAuthorizedKeysCommandUser, |
33 | sAuthenticationMethods, | 33 | sAuthenticationMethods, sHostKeyAgent, |
34 | + sDebianBanner, | 34 | + sDebianBanner, |
35 | sDeprecated, sUnsupported | 35 | sDeprecated, sUnsupported |
36 | } ServerOpCodes; | 36 | } ServerOpCodes; |
37 | 37 | ||
38 | @@ -488,6 +492,7 @@ | 38 | @@ -501,6 +505,7 @@ |
39 | { "authorizedkeyscommanduser", sAuthorizedKeysCommandUser, SSHCFG_ALL }, | 39 | { "authorizedkeyscommanduser", sAuthorizedKeysCommandUser, SSHCFG_ALL }, |
40 | { "versionaddendum", sVersionAddendum, SSHCFG_GLOBAL }, | 40 | { "versionaddendum", sVersionAddendum, SSHCFG_GLOBAL }, |
41 | { "authenticationmethods", sAuthenticationMethods, SSHCFG_ALL }, | 41 | { "authenticationmethods", sAuthenticationMethods, SSHCFG_ALL }, |
@@ -43,7 +43,7 @@ Index: b/servconf.c | |||
43 | { NULL, sBadOption, 0 } | 43 | { NULL, sBadOption, 0 } |
44 | }; | 44 | }; |
45 | 45 | ||
46 | @@ -1593,6 +1598,10 @@ | 46 | @@ -1648,6 +1653,10 @@ |
47 | } | 47 | } |
48 | return 0; | 48 | return 0; |
49 | 49 | ||
@@ -58,7 +58,7 @@ Index: b/servconf.h | |||
58 | =================================================================== | 58 | =================================================================== |
59 | --- a/servconf.h | 59 | --- a/servconf.h |
60 | +++ b/servconf.h | 60 | +++ b/servconf.h |
61 | @@ -184,6 +184,8 @@ | 61 | @@ -188,6 +188,8 @@ |
62 | 62 | ||
63 | u_int num_auth_methods; | 63 | u_int num_auth_methods; |
64 | char *auth_methods[MAX_AUTH_METHODS]; | 64 | char *auth_methods[MAX_AUTH_METHODS]; |
@@ -71,7 +71,7 @@ Index: b/sshd.c | |||
71 | =================================================================== | 71 | =================================================================== |
72 | --- a/sshd.c | 72 | --- a/sshd.c |
73 | +++ b/sshd.c | 73 | +++ b/sshd.c |
74 | @@ -434,7 +434,8 @@ | 74 | @@ -440,7 +440,8 @@ |
75 | } | 75 | } |
76 | 76 | ||
77 | xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s", | 77 | xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s", |
@@ -85,7 +85,7 @@ Index: b/sshd_config.5 | |||
85 | =================================================================== | 85 | =================================================================== |
86 | --- a/sshd_config.5 | 86 | --- a/sshd_config.5 |
87 | +++ b/sshd_config.5 | 87 | +++ b/sshd_config.5 |
88 | @@ -397,6 +397,11 @@ | 88 | @@ -404,6 +404,11 @@ |
89 | .Dq no . | 89 | .Dq no . |
90 | The default is | 90 | The default is |
91 | .Dq delayed . | 91 | .Dq delayed . |
diff --git a/debian/patches/debian-config.patch b/debian/patches/debian-config.patch index 45a8364ca..d005bdc2e 100644 --- a/debian/patches/debian-config.patch +++ b/debian/patches/debian-config.patch | |||
@@ -18,13 +18,13 @@ Description: Various Debian-specific configuration changes | |||
18 | Author: Colin Watson <cjwatson@debian.org> | 18 | Author: Colin Watson <cjwatson@debian.org> |
19 | Author: Russ Allbery <rra@debian.org> | 19 | Author: Russ Allbery <rra@debian.org> |
20 | Forwarded: not-needed | 20 | Forwarded: not-needed |
21 | Last-Update: 2013-05-16 | 21 | Last-Update: 2013-09-14 |
22 | 22 | ||
23 | Index: b/readconf.c | 23 | Index: b/readconf.c |
24 | =================================================================== | 24 | =================================================================== |
25 | --- a/readconf.c | 25 | --- a/readconf.c |
26 | +++ b/readconf.c | 26 | +++ b/readconf.c |
27 | @@ -1288,7 +1288,7 @@ | 27 | @@ -1298,7 +1298,7 @@ |
28 | if (options->forward_x11 == -1) | 28 | if (options->forward_x11 == -1) |
29 | options->forward_x11 = 0; | 29 | options->forward_x11 = 0; |
30 | if (options->forward_x11_trusted == -1) | 30 | if (options->forward_x11_trusted == -1) |
@@ -49,10 +49,10 @@ Index: b/ssh_config | |||
49 | # RhostsRSAAuthentication no | 49 | # RhostsRSAAuthentication no |
50 | # RSAAuthentication yes | 50 | # RSAAuthentication yes |
51 | # PasswordAuthentication yes | 51 | # PasswordAuthentication yes |
52 | @@ -47,3 +48,7 @@ | 52 | @@ -48,3 +49,7 @@ |
53 | # PermitLocalCommand no | ||
54 | # VisualHostKey no | 53 | # VisualHostKey no |
55 | # ProxyCommand ssh -q -W %h:%p gateway.example.com | 54 | # ProxyCommand ssh -q -W %h:%p gateway.example.com |
55 | # RekeyLimit 1G 1h | ||
56 | + SendEnv LANG LC_* | 56 | + SendEnv LANG LC_* |
57 | + HashKnownHosts yes | 57 | + HashKnownHosts yes |
58 | + GSSAPIAuthentication yes | 58 | + GSSAPIAuthentication yes |
@@ -84,7 +84,7 @@ Index: b/ssh_config.5 | |||
84 | The configuration file has the following format: | 84 | The configuration file has the following format: |
85 | .Pp | 85 | .Pp |
86 | Empty lines and lines starting with | 86 | Empty lines and lines starting with |
87 | @@ -502,7 +518,8 @@ | 87 | @@ -501,7 +517,8 @@ |
88 | Remote clients will be refused access after this time. | 88 | Remote clients will be refused access after this time. |
89 | .Pp | 89 | .Pp |
90 | The default is | 90 | The default is |
@@ -98,7 +98,7 @@ Index: b/sshd_config | |||
98 | =================================================================== | 98 | =================================================================== |
99 | --- a/sshd_config | 99 | --- a/sshd_config |
100 | +++ b/sshd_config | 100 | +++ b/sshd_config |
101 | @@ -37,6 +37,7 @@ | 101 | @@ -40,6 +40,7 @@ |
102 | # Authentication: | 102 | # Authentication: |
103 | 103 | ||
104 | #LoginGraceTime 2m | 104 | #LoginGraceTime 2m |
diff --git a/debian/patches/doc-hash-tab-completion.patch b/debian/patches/doc-hash-tab-completion.patch index 25201a7d4..4c197323c 100644 --- a/debian/patches/doc-hash-tab-completion.patch +++ b/debian/patches/doc-hash-tab-completion.patch | |||
@@ -2,13 +2,13 @@ Description: Document that HashKnownHosts may break tab-completion | |||
2 | Author: Colin Watson <cjwatson@debian.org> | 2 | Author: Colin Watson <cjwatson@debian.org> |
3 | Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1727 | 3 | Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1727 |
4 | Bug-Debian: http://bugs.debian.org/430154 | 4 | Bug-Debian: http://bugs.debian.org/430154 |
5 | Last-Update: 2013-05-07 | 5 | Last-Update: 2013-09-14 |
6 | 6 | ||
7 | Index: b/ssh_config.5 | 7 | Index: b/ssh_config.5 |
8 | =================================================================== | 8 | =================================================================== |
9 | --- a/ssh_config.5 | 9 | --- a/ssh_config.5 |
10 | +++ b/ssh_config.5 | 10 | +++ b/ssh_config.5 |
11 | @@ -588,6 +588,9 @@ | 11 | @@ -587,6 +587,9 @@ |
12 | will not be converted automatically, | 12 | will not be converted automatically, |
13 | but may be manually hashed using | 13 | but may be manually hashed using |
14 | .Xr ssh-keygen 1 . | 14 | .Xr ssh-keygen 1 . |
diff --git a/debian/patches/doc-upstart.patch b/debian/patches/doc-upstart.patch index 5f35ac0c8..a471f9c4c 100644 --- a/debian/patches/doc-upstart.patch +++ b/debian/patches/doc-upstart.patch | |||
@@ -1,13 +1,13 @@ | |||
1 | Description: Refer to ssh's Upstart job as well as its init script | 1 | Description: Refer to ssh's Upstart job as well as its init script |
2 | Author: Colin Watson <cjwatson@ubuntu.com> | 2 | Author: Colin Watson <cjwatson@ubuntu.com> |
3 | Forwarded: not-needed | 3 | Forwarded: not-needed |
4 | Last-Update: 2012-11-26 | 4 | Last-Update: 2013-09-14 |
5 | 5 | ||
6 | Index: b/sshd.8 | 6 | Index: b/sshd.8 |
7 | =================================================================== | 7 | =================================================================== |
8 | --- a/sshd.8 | 8 | --- a/sshd.8 |
9 | +++ b/sshd.8 | 9 | +++ b/sshd.8 |
10 | @@ -69,7 +69,10 @@ | 10 | @@ -70,7 +70,10 @@ |
11 | .Nm | 11 | .Nm |
12 | listens for connections from clients. | 12 | listens for connections from clients. |
13 | It is normally started at boot from | 13 | It is normally started at boot from |
diff --git a/debian/patches/gssapi.patch b/debian/patches/gssapi.patch index 416e2f16c..85c6722f0 100644 --- a/debian/patches/gssapi.patch +++ b/debian/patches/gssapi.patch | |||
@@ -13,7 +13,7 @@ Description: GSSAPI key exchange support | |||
13 | security history. | 13 | security history. |
14 | Author: Simon Wilkinson <simon@sxw.org.uk> | 14 | Author: Simon Wilkinson <simon@sxw.org.uk> |
15 | Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1242 | 15 | Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1242 |
16 | Last-Updated: 2013-05-16 | 16 | Last-Updated: 2013-09-14 |
17 | 17 | ||
18 | Index: b/ChangeLog.gssapi | 18 | Index: b/ChangeLog.gssapi |
19 | =================================================================== | 19 | =================================================================== |
@@ -158,7 +158,7 @@ Index: b/auth-krb5.c | |||
158 | =================================================================== | 158 | =================================================================== |
159 | --- a/auth-krb5.c | 159 | --- a/auth-krb5.c |
160 | +++ b/auth-krb5.c | 160 | +++ b/auth-krb5.c |
161 | @@ -170,8 +170,13 @@ | 161 | @@ -181,8 +181,13 @@ |
162 | 162 | ||
163 | len = strlen(authctxt->krb5_ticket_file) + 6; | 163 | len = strlen(authctxt->krb5_ticket_file) + 6; |
164 | authctxt->krb5_ccname = xmalloc(len); | 164 | authctxt->krb5_ccname = xmalloc(len); |
@@ -172,7 +172,7 @@ Index: b/auth-krb5.c | |||
172 | 172 | ||
173 | #ifdef USE_PAM | 173 | #ifdef USE_PAM |
174 | if (options.use_pam) | 174 | if (options.use_pam) |
175 | @@ -226,15 +231,22 @@ | 175 | @@ -239,15 +244,22 @@ |
176 | #ifndef HEIMDAL | 176 | #ifndef HEIMDAL |
177 | krb5_error_code | 177 | krb5_error_code |
178 | ssh_krb5_cc_gen(krb5_context ctx, krb5_ccache *ccache) { | 178 | ssh_krb5_cc_gen(krb5_context ctx, krb5_ccache *ccache) { |
@@ -197,7 +197,7 @@ Index: b/auth-krb5.c | |||
197 | old_umask = umask(0177); | 197 | old_umask = umask(0177); |
198 | tmpfd = mkstemp(ccname + strlen("FILE:")); | 198 | tmpfd = mkstemp(ccname + strlen("FILE:")); |
199 | oerrno = errno; | 199 | oerrno = errno; |
200 | @@ -251,6 +263,7 @@ | 200 | @@ -264,6 +276,7 @@ |
201 | return oerrno; | 201 | return oerrno; |
202 | } | 202 | } |
203 | close(tmpfd); | 203 | close(tmpfd); |
@@ -210,7 +210,7 @@ Index: b/auth2-gss.c | |||
210 | --- a/auth2-gss.c | 210 | --- a/auth2-gss.c |
211 | +++ b/auth2-gss.c | 211 | +++ b/auth2-gss.c |
212 | @@ -1,7 +1,7 @@ | 212 | @@ -1,7 +1,7 @@ |
213 | /* $OpenBSD: auth2-gss.c,v 1.18 2012/12/02 20:34:09 djm Exp $ */ | 213 | /* $OpenBSD: auth2-gss.c,v 1.20 2013/05/17 00:13:13 djm Exp $ */ |
214 | 214 | ||
215 | /* | 215 | /* |
216 | - * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. | 216 | - * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. |
@@ -251,7 +251,7 @@ Index: b/auth2-gss.c | |||
251 | + authctxt->pw)); | 251 | + authctxt->pw)); |
252 | + | 252 | + |
253 | + buffer_free(&b); | 253 | + buffer_free(&b); |
254 | + xfree(mic.value); | 254 | + free(mic.value); |
255 | + | 255 | + |
256 | + return (authenticated); | 256 | + return (authenticated); |
257 | +} | 257 | +} |
@@ -259,7 +259,7 @@ Index: b/auth2-gss.c | |||
259 | /* | 259 | /* |
260 | * We only support those mechanisms that we know about (ie ones that we know | 260 | * We only support those mechanisms that we know about (ie ones that we know |
261 | * how to check local user kuserok and the like) | 261 | * how to check local user kuserok and the like) |
262 | @@ -244,7 +278,8 @@ | 262 | @@ -240,7 +274,8 @@ |
263 | 263 | ||
264 | packet_check_eom(); | 264 | packet_check_eom(); |
265 | 265 | ||
@@ -269,7 +269,7 @@ Index: b/auth2-gss.c | |||
269 | 269 | ||
270 | authctxt->postponed = 0; | 270 | authctxt->postponed = 0; |
271 | dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL); | 271 | dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL); |
272 | @@ -279,7 +314,8 @@ | 272 | @@ -275,7 +310,8 @@ |
273 | gssbuf.length = buffer_len(&b); | 273 | gssbuf.length = buffer_len(&b); |
274 | 274 | ||
275 | if (!GSS_ERROR(PRIVSEP(ssh_gssapi_checkmic(gssctxt, &gssbuf, &mic)))) | 275 | if (!GSS_ERROR(PRIVSEP(ssh_gssapi_checkmic(gssctxt, &gssbuf, &mic)))) |
@@ -279,7 +279,7 @@ Index: b/auth2-gss.c | |||
279 | else | 279 | else |
280 | logit("GSSAPI MIC check failed"); | 280 | logit("GSSAPI MIC check failed"); |
281 | 281 | ||
282 | @@ -294,6 +330,12 @@ | 282 | @@ -290,6 +326,12 @@ |
283 | userauth_finish(authctxt, authenticated, "gssapi-with-mic", NULL); | 283 | userauth_finish(authctxt, authenticated, "gssapi-with-mic", NULL); |
284 | } | 284 | } |
285 | 285 | ||
@@ -327,7 +327,7 @@ Index: b/clientloop.c | |||
327 | /* import options */ | 327 | /* import options */ |
328 | extern Options options; | 328 | extern Options options; |
329 | 329 | ||
330 | @@ -1599,6 +1603,15 @@ | 330 | @@ -1608,6 +1612,15 @@ |
331 | /* Do channel operations unless rekeying in progress. */ | 331 | /* Do channel operations unless rekeying in progress. */ |
332 | if (!rekeying) { | 332 | if (!rekeying) { |
333 | channel_after_select(readset, writeset); | 333 | channel_after_select(readset, writeset); |
@@ -347,7 +347,7 @@ Index: b/config.h.in | |||
347 | =================================================================== | 347 | =================================================================== |
348 | --- a/config.h.in | 348 | --- a/config.h.in |
349 | +++ b/config.h.in | 349 | +++ b/config.h.in |
350 | @@ -1511,6 +1511,9 @@ | 350 | @@ -1546,6 +1546,9 @@ |
351 | /* Use btmp to log bad logins */ | 351 | /* Use btmp to log bad logins */ |
352 | #undef USE_BTMP | 352 | #undef USE_BTMP |
353 | 353 | ||
@@ -357,7 +357,7 @@ Index: b/config.h.in | |||
357 | /* Use libedit for sftp */ | 357 | /* Use libedit for sftp */ |
358 | #undef USE_LIBEDIT | 358 | #undef USE_LIBEDIT |
359 | 359 | ||
360 | @@ -1526,6 +1529,9 @@ | 360 | @@ -1561,6 +1564,9 @@ |
361 | /* Use PIPES instead of a socketpair() */ | 361 | /* Use PIPES instead of a socketpair() */ |
362 | #undef USE_PIPES | 362 | #undef USE_PIPES |
363 | 363 | ||
@@ -371,7 +371,7 @@ Index: b/configure | |||
371 | =================================================================== | 371 | =================================================================== |
372 | --- a/configure | 372 | --- a/configure |
373 | +++ b/configure | 373 | +++ b/configure |
374 | @@ -6588,6 +6588,63 @@ | 374 | @@ -6780,6 +6780,63 @@ |
375 | 375 | ||
376 | $as_echo "#define SSH_TUN_PREPEND_AF 1" >>confdefs.h | 376 | $as_echo "#define SSH_TUN_PREPEND_AF 1" >>confdefs.h |
377 | 377 | ||
@@ -439,7 +439,7 @@ Index: b/configure.ac | |||
439 | =================================================================== | 439 | =================================================================== |
440 | --- a/configure.ac | 440 | --- a/configure.ac |
441 | +++ b/configure.ac | 441 | +++ b/configure.ac |
442 | @@ -533,6 +533,30 @@ | 442 | @@ -548,6 +548,30 @@ |
443 | [Use tunnel device compatibility to OpenBSD]) | 443 | [Use tunnel device compatibility to OpenBSD]) |
444 | AC_DEFINE([SSH_TUN_PREPEND_AF], [1], | 444 | AC_DEFINE([SSH_TUN_PREPEND_AF], [1], |
445 | [Prepend the address family to IP tunnel traffic]) | 445 | [Prepend the address family to IP tunnel traffic]) |
@@ -475,7 +475,7 @@ Index: b/gss-genr.c | |||
475 | --- a/gss-genr.c | 475 | --- a/gss-genr.c |
476 | +++ b/gss-genr.c | 476 | +++ b/gss-genr.c |
477 | @@ -1,7 +1,7 @@ | 477 | @@ -1,7 +1,7 @@ |
478 | /* $OpenBSD: gss-genr.c,v 1.20 2009/06/22 05:39:28 dtucker Exp $ */ | 478 | /* $OpenBSD: gss-genr.c,v 1.21 2013/05/17 00:13:13 djm Exp $ */ |
479 | 479 | ||
480 | /* | 480 | /* |
481 | - * Copyright (c) 2001-2007 Simon Wilkinson. All rights reserved. | 481 | - * Copyright (c) 2001-2007 Simon Wilkinson. All rights reserved. |
@@ -549,8 +549,8 @@ Index: b/gss-genr.c | |||
549 | + | 549 | + |
550 | + if (gss_enc2oid != NULL) { | 550 | + if (gss_enc2oid != NULL) { |
551 | + for (i = 0; gss_enc2oid[i].encoded != NULL; i++) | 551 | + for (i = 0; gss_enc2oid[i].encoded != NULL; i++) |
552 | + xfree(gss_enc2oid[i].encoded); | 552 | + free(gss_enc2oid[i].encoded); |
553 | + xfree(gss_enc2oid); | 553 | + free(gss_enc2oid); |
554 | + } | 554 | + } |
555 | + | 555 | + |
556 | + gss_enc2oid = xmalloc(sizeof(ssh_gss_kex_mapping) * | 556 | + gss_enc2oid = xmalloc(sizeof(ssh_gss_kex_mapping) * |
@@ -607,7 +607,7 @@ Index: b/gss-genr.c | |||
607 | + buffer_free(&buf); | 607 | + buffer_free(&buf); |
608 | + | 608 | + |
609 | + if (strlen(mechs) == 0) { | 609 | + if (strlen(mechs) == 0) { |
610 | + xfree(mechs); | 610 | + free(mechs); |
611 | + mechs = NULL; | 611 | + mechs = NULL; |
612 | + } | 612 | + } |
613 | + | 613 | + |
@@ -826,7 +826,7 @@ Index: b/gss-serv-krb5.c | |||
826 | --- a/gss-serv-krb5.c | 826 | --- a/gss-serv-krb5.c |
827 | +++ b/gss-serv-krb5.c | 827 | +++ b/gss-serv-krb5.c |
828 | @@ -1,7 +1,7 @@ | 828 | @@ -1,7 +1,7 @@ |
829 | /* $OpenBSD: gss-serv-krb5.c,v 1.7 2006/08/03 03:34:42 deraadt Exp $ */ | 829 | /* $OpenBSD: gss-serv-krb5.c,v 1.8 2013/07/20 01:55:13 djm Exp $ */ |
830 | 830 | ||
831 | /* | 831 | /* |
832 | - * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. | 832 | - * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. |
@@ -834,15 +834,15 @@ Index: b/gss-serv-krb5.c | |||
834 | * | 834 | * |
835 | * Redistribution and use in source and binary forms, with or without | 835 | * Redistribution and use in source and binary forms, with or without |
836 | * modification, are permitted provided that the following conditions | 836 | * modification, are permitted provided that the following conditions |
837 | @@ -120,6 +120,7 @@ | 837 | @@ -122,6 +122,7 @@ |
838 | krb5_principal princ; | ||
839 | OM_uint32 maj_status, min_status; | 838 | OM_uint32 maj_status, min_status; |
840 | int len; | 839 | int len; |
840 | const char *errmsg; | ||
841 | + const char *new_ccname; | 841 | + const char *new_ccname; |
842 | 842 | ||
843 | if (client->creds == NULL) { | 843 | if (client->creds == NULL) { |
844 | debug("No credentials stored"); | 844 | debug("No credentials stored"); |
845 | @@ -168,11 +169,16 @@ | 845 | @@ -174,11 +175,16 @@ |
846 | return; | 846 | return; |
847 | } | 847 | } |
848 | 848 | ||
@@ -863,7 +863,7 @@ Index: b/gss-serv-krb5.c | |||
863 | 863 | ||
864 | #ifdef USE_PAM | 864 | #ifdef USE_PAM |
865 | if (options.use_pam) | 865 | if (options.use_pam) |
866 | @@ -184,6 +190,71 @@ | 866 | @@ -190,6 +196,71 @@ |
867 | return; | 867 | return; |
868 | } | 868 | } |
869 | 869 | ||
@@ -935,7 +935,7 @@ Index: b/gss-serv-krb5.c | |||
935 | ssh_gssapi_mech gssapi_kerberos_mech = { | 935 | ssh_gssapi_mech gssapi_kerberos_mech = { |
936 | "toWM5Slw5Ew8Mqkay+al2g==", | 936 | "toWM5Slw5Ew8Mqkay+al2g==", |
937 | "Kerberos", | 937 | "Kerberos", |
938 | @@ -191,7 +262,8 @@ | 938 | @@ -197,7 +268,8 @@ |
939 | NULL, | 939 | NULL, |
940 | &ssh_gssapi_krb5_userok, | 940 | &ssh_gssapi_krb5_userok, |
941 | NULL, | 941 | NULL, |
@@ -950,7 +950,7 @@ Index: b/gss-serv.c | |||
950 | --- a/gss-serv.c | 950 | --- a/gss-serv.c |
951 | +++ b/gss-serv.c | 951 | +++ b/gss-serv.c |
952 | @@ -1,7 +1,7 @@ | 952 | @@ -1,7 +1,7 @@ |
953 | /* $OpenBSD: gss-serv.c,v 1.23 2011/08/01 19:18:15 markus Exp $ */ | 953 | /* $OpenBSD: gss-serv.c,v 1.24 2013/07/20 01:55:13 djm Exp $ */ |
954 | 954 | ||
955 | /* | 955 | /* |
956 | - * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. | 956 | - * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. |
@@ -958,7 +958,7 @@ Index: b/gss-serv.c | |||
958 | * | 958 | * |
959 | * Redistribution and use in source and binary forms, with or without | 959 | * Redistribution and use in source and binary forms, with or without |
960 | * modification, are permitted provided that the following conditions | 960 | * modification, are permitted provided that the following conditions |
961 | @@ -45,15 +45,20 @@ | 961 | @@ -45,15 +45,21 @@ |
962 | #include "channels.h" | 962 | #include "channels.h" |
963 | #include "session.h" | 963 | #include "session.h" |
964 | #include "misc.h" | 964 | #include "misc.h" |
@@ -972,8 +972,9 @@ Index: b/gss-serv.c | |||
972 | 972 | ||
973 | static ssh_gssapi_client gssapi_client = | 973 | static ssh_gssapi_client gssapi_client = |
974 | { GSS_C_EMPTY_BUFFER, GSS_C_EMPTY_BUFFER, | 974 | { GSS_C_EMPTY_BUFFER, GSS_C_EMPTY_BUFFER, |
975 | - GSS_C_NO_CREDENTIAL, NULL, {NULL, NULL, NULL}}; | 975 | - GSS_C_NO_CREDENTIAL, NULL, {NULL, NULL, NULL, NULL}}; |
976 | + GSS_C_NO_CREDENTIAL, GSS_C_NO_NAME, NULL, {NULL, NULL, NULL}, 0, 0}; | 976 | + GSS_C_NO_CREDENTIAL, GSS_C_NO_NAME, NULL, |
977 | + {NULL, NULL, NULL, NULL, NULL}, 0, 0}; | ||
977 | 978 | ||
978 | ssh_gssapi_mech gssapi_null_mech = | 979 | ssh_gssapi_mech gssapi_null_mech = |
979 | - { NULL, NULL, {0, NULL}, NULL, NULL, NULL, NULL}; | 980 | - { NULL, NULL, {0, NULL}, NULL, NULL, NULL, NULL}; |
@@ -981,7 +982,7 @@ Index: b/gss-serv.c | |||
981 | 982 | ||
982 | #ifdef KRB5 | 983 | #ifdef KRB5 |
983 | extern ssh_gssapi_mech gssapi_kerberos_mech; | 984 | extern ssh_gssapi_mech gssapi_kerberos_mech; |
984 | @@ -81,25 +86,32 @@ | 985 | @@ -81,25 +87,32 @@ |
985 | char lname[MAXHOSTNAMELEN]; | 986 | char lname[MAXHOSTNAMELEN]; |
986 | gss_OID_set oidset; | 987 | gss_OID_set oidset; |
987 | 988 | ||
@@ -1028,7 +1029,7 @@ Index: b/gss-serv.c | |||
1028 | } | 1029 | } |
1029 | 1030 | ||
1030 | /* Privileged */ | 1031 | /* Privileged */ |
1031 | @@ -114,6 +126,29 @@ | 1032 | @@ -114,6 +127,29 @@ |
1032 | } | 1033 | } |
1033 | 1034 | ||
1034 | /* Unprivileged */ | 1035 | /* Unprivileged */ |
@@ -1058,7 +1059,7 @@ Index: b/gss-serv.c | |||
1058 | void | 1059 | void |
1059 | ssh_gssapi_supported_oids(gss_OID_set *oidset) | 1060 | ssh_gssapi_supported_oids(gss_OID_set *oidset) |
1060 | { | 1061 | { |
1061 | @@ -123,7 +158,9 @@ | 1062 | @@ -123,7 +159,9 @@ |
1062 | gss_OID_set supported; | 1063 | gss_OID_set supported; |
1063 | 1064 | ||
1064 | gss_create_empty_oid_set(&min_status, oidset); | 1065 | gss_create_empty_oid_set(&min_status, oidset); |
@@ -1069,7 +1070,7 @@ Index: b/gss-serv.c | |||
1069 | 1070 | ||
1070 | while (supported_mechs[i]->name != NULL) { | 1071 | while (supported_mechs[i]->name != NULL) { |
1071 | if (GSS_ERROR(gss_test_oid_set_member(&min_status, | 1072 | if (GSS_ERROR(gss_test_oid_set_member(&min_status, |
1072 | @@ -249,8 +286,48 @@ | 1073 | @@ -249,8 +287,48 @@ |
1073 | ssh_gssapi_getclient(Gssctxt *ctx, ssh_gssapi_client *client) | 1074 | ssh_gssapi_getclient(Gssctxt *ctx, ssh_gssapi_client *client) |
1074 | { | 1075 | { |
1075 | int i = 0; | 1076 | int i = 0; |
@@ -1119,7 +1120,7 @@ Index: b/gss-serv.c | |||
1119 | 1120 | ||
1120 | client->mech = NULL; | 1121 | client->mech = NULL; |
1121 | 1122 | ||
1122 | @@ -265,6 +342,13 @@ | 1123 | @@ -265,6 +343,13 @@ |
1123 | if (client->mech == NULL) | 1124 | if (client->mech == NULL) |
1124 | return GSS_S_FAILURE; | 1125 | return GSS_S_FAILURE; |
1125 | 1126 | ||
@@ -1133,7 +1134,7 @@ Index: b/gss-serv.c | |||
1133 | if ((ctx->major = gss_display_name(&ctx->minor, ctx->client, | 1134 | if ((ctx->major = gss_display_name(&ctx->minor, ctx->client, |
1134 | &client->displayname, NULL))) { | 1135 | &client->displayname, NULL))) { |
1135 | ssh_gssapi_error(ctx); | 1136 | ssh_gssapi_error(ctx); |
1136 | @@ -282,6 +366,8 @@ | 1137 | @@ -282,6 +367,8 @@ |
1137 | return (ctx->major); | 1138 | return (ctx->major); |
1138 | } | 1139 | } |
1139 | 1140 | ||
@@ -1142,7 +1143,7 @@ Index: b/gss-serv.c | |||
1142 | /* We can't copy this structure, so we just move the pointer to it */ | 1143 | /* We can't copy this structure, so we just move the pointer to it */ |
1143 | client->creds = ctx->client_creds; | 1144 | client->creds = ctx->client_creds; |
1144 | ctx->client_creds = GSS_C_NO_CREDENTIAL; | 1145 | ctx->client_creds = GSS_C_NO_CREDENTIAL; |
1145 | @@ -329,7 +415,7 @@ | 1146 | @@ -329,7 +416,7 @@ |
1146 | 1147 | ||
1147 | /* Privileged */ | 1148 | /* Privileged */ |
1148 | int | 1149 | int |
@@ -1151,7 +1152,7 @@ Index: b/gss-serv.c | |||
1151 | { | 1152 | { |
1152 | OM_uint32 lmin; | 1153 | OM_uint32 lmin; |
1153 | 1154 | ||
1154 | @@ -339,9 +425,11 @@ | 1155 | @@ -339,9 +426,11 @@ |
1155 | return 0; | 1156 | return 0; |
1156 | } | 1157 | } |
1157 | if (gssapi_client.mech && gssapi_client.mech->userok) | 1158 | if (gssapi_client.mech && gssapi_client.mech->userok) |
@@ -1165,7 +1166,7 @@ Index: b/gss-serv.c | |||
1165 | /* Destroy delegated credentials if userok fails */ | 1166 | /* Destroy delegated credentials if userok fails */ |
1166 | gss_release_buffer(&lmin, &gssapi_client.displayname); | 1167 | gss_release_buffer(&lmin, &gssapi_client.displayname); |
1167 | gss_release_buffer(&lmin, &gssapi_client.exportedname); | 1168 | gss_release_buffer(&lmin, &gssapi_client.exportedname); |
1168 | @@ -354,14 +442,90 @@ | 1169 | @@ -354,14 +443,90 @@ |
1169 | return (0); | 1170 | return (0); |
1170 | } | 1171 | } |
1171 | 1172 | ||
@@ -1277,32 +1278,37 @@ Index: b/kex.c | |||
1277 | #if OPENSSL_VERSION_NUMBER >= 0x00907000L | 1278 | #if OPENSSL_VERSION_NUMBER >= 0x00907000L |
1278 | # if defined(HAVE_EVP_SHA256) | 1279 | # if defined(HAVE_EVP_SHA256) |
1279 | # define evp_ssh_sha256 EVP_sha256 | 1280 | # define evp_ssh_sha256 EVP_sha256 |
1280 | @@ -369,6 +373,20 @@ | 1281 | @@ -82,6 +86,14 @@ |
1281 | k->kex_type = KEX_ECDH_SHA2; | ||
1282 | k->evp_md = kex_ecdh_name_to_evpmd(k->name); | ||
1283 | #endif | 1282 | #endif |
1283 | { NULL, -1, -1, NULL}, | ||
1284 | }; | ||
1285 | +static const struct kexalg kexalg_prefixes[] = { | ||
1284 | +#ifdef GSSAPI | 1286 | +#ifdef GSSAPI |
1285 | + } else if (strncmp(k->name, KEX_GSS_GEX_SHA1_ID, | 1287 | + { KEX_GSS_GEX_SHA1_ID, KEX_GSS_GEX_SHA1, 0, EVP_sha1 }, |
1286 | + sizeof(KEX_GSS_GEX_SHA1_ID) - 1) == 0) { | 1288 | + { KEX_GSS_GRP1_SHA1_ID, KEX_GSS_GRP1_SHA1, 0, EVP_sha1 }, |
1287 | + k->kex_type = KEX_GSS_GEX_SHA1; | 1289 | + { KEX_GSS_GRP14_SHA1_ID, KEX_GSS_GRP14_SHA1, 0, EVP_sha1 }, |
1288 | + k->evp_md = EVP_sha1(); | ||
1289 | + } else if (strncmp(k->name, KEX_GSS_GRP1_SHA1_ID, | ||
1290 | + sizeof(KEX_GSS_GRP1_SHA1_ID) - 1) == 0) { | ||
1291 | + k->kex_type = KEX_GSS_GRP1_SHA1; | ||
1292 | + k->evp_md = EVP_sha1(); | ||
1293 | + } else if (strncmp(k->name, KEX_GSS_GRP14_SHA1_ID, | ||
1294 | + sizeof(KEX_GSS_GRP14_SHA1_ID) - 1) == 0) { | ||
1295 | + k->kex_type = KEX_GSS_GRP14_SHA1; | ||
1296 | + k->evp_md = EVP_sha1(); | ||
1297 | +#endif | 1290 | +#endif |
1298 | } else | 1291 | + { NULL, -1, -1, NULL }, |
1299 | fatal("bad kex alg %s", k->name); | 1292 | +}; |
1293 | |||
1294 | char * | ||
1295 | kex_alg_list(void) | ||
1296 | @@ -110,6 +122,10 @@ | ||
1297 | if (strcmp(k->name, name) == 0) | ||
1298 | return k; | ||
1299 | } | ||
1300 | + for (k = kexalg_prefixes; k->name != NULL; k++) { | ||
1301 | + if (strncmp(k->name, name, strlen(k->name)) == 0) | ||
1302 | + return k; | ||
1303 | + } | ||
1304 | return NULL; | ||
1300 | } | 1305 | } |
1306 | |||
1301 | Index: b/kex.h | 1307 | Index: b/kex.h |
1302 | =================================================================== | 1308 | =================================================================== |
1303 | --- a/kex.h | 1309 | --- a/kex.h |
1304 | +++ b/kex.h | 1310 | +++ b/kex.h |
1305 | @@ -73,6 +73,9 @@ | 1311 | @@ -74,6 +74,9 @@ |
1306 | KEX_DH_GEX_SHA1, | 1312 | KEX_DH_GEX_SHA1, |
1307 | KEX_DH_GEX_SHA256, | 1313 | KEX_DH_GEX_SHA256, |
1308 | KEX_ECDH_SHA2, | 1314 | KEX_ECDH_SHA2, |
@@ -1312,10 +1318,10 @@ Index: b/kex.h | |||
1312 | KEX_MAX | 1318 | KEX_MAX |
1313 | }; | 1319 | }; |
1314 | 1320 | ||
1315 | @@ -131,6 +134,12 @@ | 1321 | @@ -133,6 +136,12 @@ |
1316 | sig_atomic_t done; | ||
1317 | int flags; | 1322 | int flags; |
1318 | const EVP_MD *evp_md; | 1323 | const EVP_MD *evp_md; |
1324 | int ec_nid; | ||
1319 | +#ifdef GSSAPI | 1325 | +#ifdef GSSAPI |
1320 | + int gss_deleg_creds; | 1326 | + int gss_deleg_creds; |
1321 | + int gss_trust_dns; | 1327 | + int gss_trust_dns; |
@@ -1325,7 +1331,7 @@ Index: b/kex.h | |||
1325 | char *client_version_string; | 1331 | char *client_version_string; |
1326 | char *server_version_string; | 1332 | char *server_version_string; |
1327 | int (*verify_host_key)(Key *); | 1333 | int (*verify_host_key)(Key *); |
1328 | @@ -158,6 +167,11 @@ | 1334 | @@ -162,6 +171,11 @@ |
1329 | void kexecdh_client(Kex *); | 1335 | void kexecdh_client(Kex *); |
1330 | void kexecdh_server(Kex *); | 1336 | void kexecdh_server(Kex *); |
1331 | 1337 | ||
@@ -1341,7 +1347,7 @@ Index: b/kexgssc.c | |||
1341 | =================================================================== | 1347 | =================================================================== |
1342 | --- /dev/null | 1348 | --- /dev/null |
1343 | +++ b/kexgssc.c | 1349 | +++ b/kexgssc.c |
1344 | @@ -0,0 +1,334 @@ | 1350 | @@ -0,0 +1,333 @@ |
1345 | +/* | 1351 | +/* |
1346 | + * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved. | 1352 | + * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved. |
1347 | + * | 1353 | + * |
@@ -1488,7 +1494,7 @@ Index: b/kexgssc.c | |||
1488 | + | 1494 | + |
1489 | + /* If we've got an old receive buffer get rid of it */ | 1495 | + /* If we've got an old receive buffer get rid of it */ |
1490 | + if (token_ptr != GSS_C_NO_BUFFER) | 1496 | + if (token_ptr != GSS_C_NO_BUFFER) |
1491 | + xfree(recv_tok.value); | 1497 | + free(recv_tok.value); |
1492 | + | 1498 | + |
1493 | + if (maj_status == GSS_S_COMPLETE) { | 1499 | + if (maj_status == GSS_S_COMPLETE) { |
1494 | + /* If mutual state flag is not true, kex fails */ | 1500 | + /* If mutual state flag is not true, kex fails */ |
@@ -1605,7 +1611,7 @@ Index: b/kexgssc.c | |||
1605 | + fatal("kexdh_client: BN_bin2bn failed"); | 1611 | + fatal("kexdh_client: BN_bin2bn failed"); |
1606 | + | 1612 | + |
1607 | + memset(kbuf, 0, klen); | 1613 | + memset(kbuf, 0, klen); |
1608 | + xfree(kbuf); | 1614 | + free(kbuf); |
1609 | + | 1615 | + |
1610 | + switch (kex->kex_type) { | 1616 | + switch (kex->kex_type) { |
1611 | + case KEX_GSS_GRP1_SHA1: | 1617 | + case KEX_GSS_GRP1_SHA1: |
@@ -1648,11 +1654,10 @@ Index: b/kexgssc.c | |||
1648 | + if (GSS_ERROR(ssh_gssapi_checkmic(ctxt, &gssbuf, &msg_tok))) | 1654 | + if (GSS_ERROR(ssh_gssapi_checkmic(ctxt, &gssbuf, &msg_tok))) |
1649 | + packet_disconnect("Hash's MIC didn't verify"); | 1655 | + packet_disconnect("Hash's MIC didn't verify"); |
1650 | + | 1656 | + |
1651 | + xfree(msg_tok.value); | 1657 | + free(msg_tok.value); |
1652 | + | 1658 | + |
1653 | + DH_free(dh); | 1659 | + DH_free(dh); |
1654 | + if (serverhostkey) | 1660 | + free(serverhostkey); |
1655 | + xfree(serverhostkey); | ||
1656 | + BN_clear_free(dh_server_pub); | 1661 | + BN_clear_free(dh_server_pub); |
1657 | + | 1662 | + |
1658 | + /* save session id */ | 1663 | + /* save session id */ |
@@ -1680,7 +1685,7 @@ Index: b/kexgsss.c | |||
1680 | =================================================================== | 1685 | =================================================================== |
1681 | --- /dev/null | 1686 | --- /dev/null |
1682 | +++ b/kexgsss.c | 1687 | +++ b/kexgsss.c |
1683 | @@ -0,0 +1,288 @@ | 1688 | @@ -0,0 +1,289 @@ |
1684 | +/* | 1689 | +/* |
1685 | + * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved. | 1690 | + * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved. |
1686 | + * | 1691 | + * |
@@ -1761,9 +1766,10 @@ Index: b/kexgsss.c | |||
1761 | + * in the GSSAPI code are no longer available. This kludges them back | 1766 | + * in the GSSAPI code are no longer available. This kludges them back |
1762 | + * into life | 1767 | + * into life |
1763 | + */ | 1768 | + */ |
1764 | + if (!ssh_gssapi_oid_table_ok()) | 1769 | + if (!ssh_gssapi_oid_table_ok()) { |
1765 | + if ((mechs = ssh_gssapi_server_mechanisms())) | 1770 | + mechs = ssh_gssapi_server_mechanisms(); |
1766 | + xfree(mechs); | 1771 | + free(mechs); |
1772 | + } | ||
1767 | + | 1773 | + |
1768 | + debug2("%s: Identifying %s", __func__, kex->name); | 1774 | + debug2("%s: Identifying %s", __func__, kex->name); |
1769 | + oid = ssh_gssapi_id_kex(NULL, kex->name, kex->kex_type); | 1775 | + oid = ssh_gssapi_id_kex(NULL, kex->name, kex->kex_type); |
@@ -1841,7 +1847,7 @@ Index: b/kexgsss.c | |||
1841 | + maj_status = PRIVSEP(ssh_gssapi_accept_ctx(ctxt, &recv_tok, | 1847 | + maj_status = PRIVSEP(ssh_gssapi_accept_ctx(ctxt, &recv_tok, |
1842 | + &send_tok, &ret_flags)); | 1848 | + &send_tok, &ret_flags)); |
1843 | + | 1849 | + |
1844 | + xfree(recv_tok.value); | 1850 | + free(recv_tok.value); |
1845 | + | 1851 | + |
1846 | + if (maj_status != GSS_S_COMPLETE && send_tok.length == 0) | 1852 | + if (maj_status != GSS_S_COMPLETE && send_tok.length == 0) |
1847 | + fatal("Zero length token output when incomplete"); | 1853 | + fatal("Zero length token output when incomplete"); |
@@ -1890,7 +1896,7 @@ Index: b/kexgsss.c | |||
1890 | + fatal("kexgss_server: BN_bin2bn failed"); | 1896 | + fatal("kexgss_server: BN_bin2bn failed"); |
1891 | + | 1897 | + |
1892 | + memset(kbuf, 0, klen); | 1898 | + memset(kbuf, 0, klen); |
1893 | + xfree(kbuf); | 1899 | + free(kbuf); |
1894 | + | 1900 | + |
1895 | + switch (kex->kex_type) { | 1901 | + switch (kex->kex_type) { |
1896 | + case KEX_GSS_GRP1_SHA1: | 1902 | + case KEX_GSS_GRP1_SHA1: |
@@ -1973,24 +1979,14 @@ Index: b/key.c | |||
1973 | =================================================================== | 1979 | =================================================================== |
1974 | --- a/key.c | 1980 | --- a/key.c |
1975 | +++ b/key.c | 1981 | +++ b/key.c |
1976 | @@ -976,6 +976,8 @@ | 1982 | @@ -933,6 +933,7 @@ |
1977 | } | 1983 | KEY_RSA_CERT_V00, 0, 1 }, |
1978 | break; | 1984 | { "ssh-dss-cert-v00@openssh.com", "DSA-CERT-V00", |
1979 | #endif /* OPENSSL_HAS_ECC */ | 1985 | KEY_DSA_CERT_V00, 0, 1 }, |
1980 | + case KEY_NULL: | 1986 | + { "null", "null", KEY_NULL, 0, 0 }, |
1981 | + return "null"; | 1987 | { NULL, NULL, -1, -1, 0 } |
1982 | } | 1988 | }; |
1983 | return "ssh-unknown"; | ||
1984 | } | ||
1985 | @@ -1281,6 +1283,8 @@ | ||
1986 | strcmp(name, "ecdsa-sha2-nistp521-cert-v01@openssh.com") == 0) { | ||
1987 | return KEY_ECDSA_CERT; | ||
1988 | #endif | ||
1989 | + } else if (strcmp(name, "null") == 0) { | ||
1990 | + return KEY_NULL; | ||
1991 | } | ||
1992 | 1989 | ||
1993 | debug2("key_type_from_name: unknown key type '%s'", name); | ||
1994 | Index: b/key.h | 1990 | Index: b/key.h |
1995 | =================================================================== | 1991 | =================================================================== |
1996 | --- a/key.h | 1992 | --- a/key.h |
@@ -2007,7 +2003,7 @@ Index: b/monitor.c | |||
2007 | =================================================================== | 2003 | =================================================================== |
2008 | --- a/monitor.c | 2004 | --- a/monitor.c |
2009 | +++ b/monitor.c | 2005 | +++ b/monitor.c |
2010 | @@ -180,6 +180,8 @@ | 2006 | @@ -181,6 +181,8 @@ |
2011 | int mm_answer_gss_accept_ctx(int, Buffer *); | 2007 | int mm_answer_gss_accept_ctx(int, Buffer *); |
2012 | int mm_answer_gss_userok(int, Buffer *); | 2008 | int mm_answer_gss_userok(int, Buffer *); |
2013 | int mm_answer_gss_checkmic(int, Buffer *); | 2009 | int mm_answer_gss_checkmic(int, Buffer *); |
@@ -2016,7 +2012,7 @@ Index: b/monitor.c | |||
2016 | #endif | 2012 | #endif |
2017 | 2013 | ||
2018 | #ifdef SSH_AUDIT_EVENTS | 2014 | #ifdef SSH_AUDIT_EVENTS |
2019 | @@ -252,6 +254,7 @@ | 2015 | @@ -253,6 +255,7 @@ |
2020 | {MONITOR_REQ_GSSSTEP, MON_ISAUTH, mm_answer_gss_accept_ctx}, | 2016 | {MONITOR_REQ_GSSSTEP, MON_ISAUTH, mm_answer_gss_accept_ctx}, |
2021 | {MONITOR_REQ_GSSUSEROK, MON_AUTH, mm_answer_gss_userok}, | 2017 | {MONITOR_REQ_GSSUSEROK, MON_AUTH, mm_answer_gss_userok}, |
2022 | {MONITOR_REQ_GSSCHECKMIC, MON_ISAUTH, mm_answer_gss_checkmic}, | 2018 | {MONITOR_REQ_GSSCHECKMIC, MON_ISAUTH, mm_answer_gss_checkmic}, |
@@ -2024,7 +2020,7 @@ Index: b/monitor.c | |||
2024 | #endif | 2020 | #endif |
2025 | #ifdef JPAKE | 2021 | #ifdef JPAKE |
2026 | {MONITOR_REQ_JPAKE_GET_PWDATA, MON_ONCE, mm_answer_jpake_get_pwdata}, | 2022 | {MONITOR_REQ_JPAKE_GET_PWDATA, MON_ONCE, mm_answer_jpake_get_pwdata}, |
2027 | @@ -264,6 +267,12 @@ | 2023 | @@ -265,6 +268,12 @@ |
2028 | }; | 2024 | }; |
2029 | 2025 | ||
2030 | struct mon_table mon_dispatch_postauth20[] = { | 2026 | struct mon_table mon_dispatch_postauth20[] = { |
@@ -2037,7 +2033,7 @@ Index: b/monitor.c | |||
2037 | {MONITOR_REQ_MODULI, 0, mm_answer_moduli}, | 2033 | {MONITOR_REQ_MODULI, 0, mm_answer_moduli}, |
2038 | {MONITOR_REQ_SIGN, 0, mm_answer_sign}, | 2034 | {MONITOR_REQ_SIGN, 0, mm_answer_sign}, |
2039 | {MONITOR_REQ_PTY, 0, mm_answer_pty}, | 2035 | {MONITOR_REQ_PTY, 0, mm_answer_pty}, |
2040 | @@ -372,6 +381,10 @@ | 2036 | @@ -373,6 +382,10 @@ |
2041 | /* Permit requests for moduli and signatures */ | 2037 | /* Permit requests for moduli and signatures */ |
2042 | monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1); | 2038 | monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1); |
2043 | monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1); | 2039 | monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1); |
@@ -2059,7 +2055,7 @@ Index: b/monitor.c | |||
2059 | } else { | 2055 | } else { |
2060 | mon_dispatch = mon_dispatch_postauth15; | 2056 | mon_dispatch = mon_dispatch_postauth15; |
2061 | monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1); | 2057 | monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1); |
2062 | @@ -1836,6 +1853,13 @@ | 2058 | @@ -1855,6 +1872,13 @@ |
2063 | kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; | 2059 | kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; |
2064 | kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; | 2060 | kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; |
2065 | kex->kex[KEX_ECDH_SHA2] = kexecdh_server; | 2061 | kex->kex[KEX_ECDH_SHA2] = kexecdh_server; |
@@ -2073,7 +2069,7 @@ Index: b/monitor.c | |||
2073 | kex->server = 1; | 2069 | kex->server = 1; |
2074 | kex->hostkey_type = buffer_get_int(m); | 2070 | kex->hostkey_type = buffer_get_int(m); |
2075 | kex->kex_type = buffer_get_int(m); | 2071 | kex->kex_type = buffer_get_int(m); |
2076 | @@ -2042,6 +2066,9 @@ | 2072 | @@ -2062,6 +2086,9 @@ |
2077 | OM_uint32 major; | 2073 | OM_uint32 major; |
2078 | u_int len; | 2074 | u_int len; |
2079 | 2075 | ||
@@ -2083,7 +2079,7 @@ Index: b/monitor.c | |||
2083 | goid.elements = buffer_get_string(m, &len); | 2079 | goid.elements = buffer_get_string(m, &len); |
2084 | goid.length = len; | 2080 | goid.length = len; |
2085 | 2081 | ||
2086 | @@ -2069,6 +2096,9 @@ | 2082 | @@ -2089,6 +2116,9 @@ |
2087 | OM_uint32 flags = 0; /* GSI needs this */ | 2083 | OM_uint32 flags = 0; /* GSI needs this */ |
2088 | u_int len; | 2084 | u_int len; |
2089 | 2085 | ||
@@ -2093,7 +2089,7 @@ Index: b/monitor.c | |||
2093 | in.value = buffer_get_string(m, &len); | 2089 | in.value = buffer_get_string(m, &len); |
2094 | in.length = len; | 2090 | in.length = len; |
2095 | major = ssh_gssapi_accept_ctx(gsscontext, &in, &out, &flags); | 2091 | major = ssh_gssapi_accept_ctx(gsscontext, &in, &out, &flags); |
2096 | @@ -2086,6 +2116,7 @@ | 2092 | @@ -2106,6 +2136,7 @@ |
2097 | monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 0); | 2093 | monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 0); |
2098 | monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1); | 2094 | monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1); |
2099 | monitor_permit(mon_dispatch, MONITOR_REQ_GSSCHECKMIC, 1); | 2095 | monitor_permit(mon_dispatch, MONITOR_REQ_GSSCHECKMIC, 1); |
@@ -2101,7 +2097,7 @@ Index: b/monitor.c | |||
2101 | } | 2097 | } |
2102 | return (0); | 2098 | return (0); |
2103 | } | 2099 | } |
2104 | @@ -2097,6 +2128,9 @@ | 2100 | @@ -2117,6 +2148,9 @@ |
2105 | OM_uint32 ret; | 2101 | OM_uint32 ret; |
2106 | u_int len; | 2102 | u_int len; |
2107 | 2103 | ||
@@ -2111,7 +2107,7 @@ Index: b/monitor.c | |||
2111 | gssbuf.value = buffer_get_string(m, &len); | 2107 | gssbuf.value = buffer_get_string(m, &len); |
2112 | gssbuf.length = len; | 2108 | gssbuf.length = len; |
2113 | mic.value = buffer_get_string(m, &len); | 2109 | mic.value = buffer_get_string(m, &len); |
2114 | @@ -2123,7 +2157,11 @@ | 2110 | @@ -2143,7 +2177,11 @@ |
2115 | { | 2111 | { |
2116 | int authenticated; | 2112 | int authenticated; |
2117 | 2113 | ||
@@ -2124,7 +2120,7 @@ Index: b/monitor.c | |||
2124 | 2120 | ||
2125 | buffer_clear(m); | 2121 | buffer_clear(m); |
2126 | buffer_put_int(m, authenticated); | 2122 | buffer_put_int(m, authenticated); |
2127 | @@ -2136,6 +2174,74 @@ | 2123 | @@ -2156,6 +2194,74 @@ |
2128 | /* Monitor loop will terminate if authenticated */ | 2124 | /* Monitor loop will terminate if authenticated */ |
2129 | return (authenticated); | 2125 | return (authenticated); |
2130 | } | 2126 | } |
@@ -2154,7 +2150,7 @@ Index: b/monitor.c | |||
2154 | + } | 2150 | + } |
2155 | + major = ssh_gssapi_sign(gsscontext, &data, &hash); | 2151 | + major = ssh_gssapi_sign(gsscontext, &data, &hash); |
2156 | + | 2152 | + |
2157 | + xfree(data.value); | 2153 | + free(data.value); |
2158 | + | 2154 | + |
2159 | + buffer_clear(m); | 2155 | + buffer_clear(m); |
2160 | + buffer_put_int(m, major); | 2156 | + buffer_put_int(m, major); |
@@ -2184,9 +2180,9 @@ Index: b/monitor.c | |||
2184 | + | 2180 | + |
2185 | + ok = ssh_gssapi_update_creds(&store); | 2181 | + ok = ssh_gssapi_update_creds(&store); |
2186 | + | 2182 | + |
2187 | + xfree(store.filename); | 2183 | + free(store.filename); |
2188 | + xfree(store.envvar); | 2184 | + free(store.envvar); |
2189 | + xfree(store.envval); | 2185 | + free(store.envval); |
2190 | + | 2186 | + |
2191 | + buffer_clear(m); | 2187 | + buffer_clear(m); |
2192 | + buffer_put_int(m, ok); | 2188 | + buffer_put_int(m, ok); |
@@ -2217,7 +2213,7 @@ Index: b/monitor_wrap.c | |||
2217 | =================================================================== | 2213 | =================================================================== |
2218 | --- a/monitor_wrap.c | 2214 | --- a/monitor_wrap.c |
2219 | +++ b/monitor_wrap.c | 2215 | +++ b/monitor_wrap.c |
2220 | @@ -1271,7 +1271,7 @@ | 2216 | @@ -1273,7 +1273,7 @@ |
2221 | } | 2217 | } |
2222 | 2218 | ||
2223 | int | 2219 | int |
@@ -2226,7 +2222,7 @@ Index: b/monitor_wrap.c | |||
2226 | { | 2222 | { |
2227 | Buffer m; | 2223 | Buffer m; |
2228 | int authenticated = 0; | 2224 | int authenticated = 0; |
2229 | @@ -1288,6 +1288,51 @@ | 2225 | @@ -1290,6 +1290,51 @@ |
2230 | debug3("%s: user %sauthenticated",__func__, authenticated ? "" : "not "); | 2226 | debug3("%s: user %sauthenticated",__func__, authenticated ? "" : "not "); |
2231 | return (authenticated); | 2227 | return (authenticated); |
2232 | } | 2228 | } |
@@ -2298,7 +2294,7 @@ Index: b/readconf.c | |||
2298 | =================================================================== | 2294 | =================================================================== |
2299 | --- a/readconf.c | 2295 | --- a/readconf.c |
2300 | +++ b/readconf.c | 2296 | +++ b/readconf.c |
2301 | @@ -129,6 +129,8 @@ | 2297 | @@ -132,6 +132,8 @@ |
2302 | oClearAllForwardings, oNoHostAuthenticationForLocalhost, | 2298 | oClearAllForwardings, oNoHostAuthenticationForLocalhost, |
2303 | oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, | 2299 | oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, |
2304 | oAddressFamily, oGssAuthentication, oGssDelegateCreds, | 2300 | oAddressFamily, oGssAuthentication, oGssDelegateCreds, |
@@ -2307,7 +2303,7 @@ Index: b/readconf.c | |||
2307 | oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, | 2303 | oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, |
2308 | oSendEnv, oControlPath, oControlMaster, oControlPersist, | 2304 | oSendEnv, oControlPath, oControlMaster, oControlPersist, |
2309 | oHashKnownHosts, | 2305 | oHashKnownHosts, |
2310 | @@ -169,10 +171,19 @@ | 2306 | @@ -172,10 +174,19 @@ |
2311 | { "afstokenpassing", oUnsupported }, | 2307 | { "afstokenpassing", oUnsupported }, |
2312 | #if defined(GSSAPI) | 2308 | #if defined(GSSAPI) |
2313 | { "gssapiauthentication", oGssAuthentication }, | 2309 | { "gssapiauthentication", oGssAuthentication }, |
@@ -2327,7 +2323,7 @@ Index: b/readconf.c | |||
2327 | #endif | 2323 | #endif |
2328 | { "fallbacktorsh", oDeprecated }, | 2324 | { "fallbacktorsh", oDeprecated }, |
2329 | { "usersh", oDeprecated }, | 2325 | { "usersh", oDeprecated }, |
2330 | @@ -503,10 +514,30 @@ | 2326 | @@ -516,10 +527,30 @@ |
2331 | intptr = &options->gss_authentication; | 2327 | intptr = &options->gss_authentication; |
2332 | goto parse_flag; | 2328 | goto parse_flag; |
2333 | 2329 | ||
@@ -2358,7 +2354,7 @@ Index: b/readconf.c | |||
2358 | case oBatchMode: | 2354 | case oBatchMode: |
2359 | intptr = &options->batch_mode; | 2355 | intptr = &options->batch_mode; |
2360 | goto parse_flag; | 2356 | goto parse_flag; |
2361 | @@ -1158,7 +1189,12 @@ | 2357 | @@ -1168,7 +1199,12 @@ |
2362 | options->pubkey_authentication = -1; | 2358 | options->pubkey_authentication = -1; |
2363 | options->challenge_response_authentication = -1; | 2359 | options->challenge_response_authentication = -1; |
2364 | options->gss_authentication = -1; | 2360 | options->gss_authentication = -1; |
@@ -2371,7 +2367,7 @@ Index: b/readconf.c | |||
2371 | options->password_authentication = -1; | 2367 | options->password_authentication = -1; |
2372 | options->kbd_interactive_authentication = -1; | 2368 | options->kbd_interactive_authentication = -1; |
2373 | options->kbd_interactive_devices = NULL; | 2369 | options->kbd_interactive_devices = NULL; |
2374 | @@ -1258,8 +1294,14 @@ | 2370 | @@ -1268,8 +1304,14 @@ |
2375 | options->challenge_response_authentication = 1; | 2371 | options->challenge_response_authentication = 1; |
2376 | if (options->gss_authentication == -1) | 2372 | if (options->gss_authentication == -1) |
2377 | options->gss_authentication = 0; | 2373 | options->gss_authentication = 0; |
@@ -2407,7 +2403,7 @@ Index: b/servconf.c | |||
2407 | =================================================================== | 2403 | =================================================================== |
2408 | --- a/servconf.c | 2404 | --- a/servconf.c |
2409 | +++ b/servconf.c | 2405 | +++ b/servconf.c |
2410 | @@ -102,7 +102,10 @@ | 2406 | @@ -107,7 +107,10 @@ |
2411 | options->kerberos_ticket_cleanup = -1; | 2407 | options->kerberos_ticket_cleanup = -1; |
2412 | options->kerberos_get_afs_token = -1; | 2408 | options->kerberos_get_afs_token = -1; |
2413 | options->gss_authentication=-1; | 2409 | options->gss_authentication=-1; |
@@ -2418,7 +2414,7 @@ Index: b/servconf.c | |||
2418 | options->password_authentication = -1; | 2414 | options->password_authentication = -1; |
2419 | options->kbd_interactive_authentication = -1; | 2415 | options->kbd_interactive_authentication = -1; |
2420 | options->challenge_response_authentication = -1; | 2416 | options->challenge_response_authentication = -1; |
2421 | @@ -233,8 +236,14 @@ | 2417 | @@ -240,8 +243,14 @@ |
2422 | options->kerberos_get_afs_token = 0; | 2418 | options->kerberos_get_afs_token = 0; |
2423 | if (options->gss_authentication == -1) | 2419 | if (options->gss_authentication == -1) |
2424 | options->gss_authentication = 0; | 2420 | options->gss_authentication = 0; |
@@ -2433,7 +2429,7 @@ Index: b/servconf.c | |||
2433 | if (options->password_authentication == -1) | 2429 | if (options->password_authentication == -1) |
2434 | options->password_authentication = 1; | 2430 | options->password_authentication = 1; |
2435 | if (options->kbd_interactive_authentication == -1) | 2431 | if (options->kbd_interactive_authentication == -1) |
2436 | @@ -327,7 +336,9 @@ | 2432 | @@ -338,7 +347,9 @@ |
2437 | sBanner, sUseDNS, sHostbasedAuthentication, | 2433 | sBanner, sUseDNS, sHostbasedAuthentication, |
2438 | sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, | 2434 | sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, |
2439 | sClientAliveCountMax, sAuthorizedKeysFile, | 2435 | sClientAliveCountMax, sAuthorizedKeysFile, |
@@ -2444,7 +2440,7 @@ Index: b/servconf.c | |||
2444 | sMatch, sPermitOpen, sForceCommand, sChrootDirectory, | 2440 | sMatch, sPermitOpen, sForceCommand, sChrootDirectory, |
2445 | sUsePrivilegeSeparation, sAllowAgentForwarding, | 2441 | sUsePrivilegeSeparation, sAllowAgentForwarding, |
2446 | sZeroKnowledgePasswordAuthentication, sHostCertificate, | 2442 | sZeroKnowledgePasswordAuthentication, sHostCertificate, |
2447 | @@ -393,10 +404,20 @@ | 2443 | @@ -405,10 +416,20 @@ |
2448 | #ifdef GSSAPI | 2444 | #ifdef GSSAPI |
2449 | { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, | 2445 | { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, |
2450 | { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, | 2446 | { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, |
@@ -2465,7 +2461,7 @@ Index: b/servconf.c | |||
2465 | { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, | 2461 | { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, |
2466 | { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, | 2462 | { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, |
2467 | { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, | 2463 | { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, |
2468 | @@ -1049,10 +1070,22 @@ | 2464 | @@ -1073,10 +1094,22 @@ |
2469 | intptr = &options->gss_authentication; | 2465 | intptr = &options->gss_authentication; |
2470 | goto parse_flag; | 2466 | goto parse_flag; |
2471 | 2467 | ||
@@ -2488,7 +2484,7 @@ Index: b/servconf.c | |||
2488 | case sPasswordAuthentication: | 2484 | case sPasswordAuthentication: |
2489 | intptr = &options->password_authentication; | 2485 | intptr = &options->password_authentication; |
2490 | goto parse_flag; | 2486 | goto parse_flag; |
2491 | @@ -1927,7 +1960,10 @@ | 2487 | @@ -1983,7 +2016,10 @@ |
2492 | #endif | 2488 | #endif |
2493 | #ifdef GSSAPI | 2489 | #ifdef GSSAPI |
2494 | dump_cfg_fmtint(sGssAuthentication, o->gss_authentication); | 2490 | dump_cfg_fmtint(sGssAuthentication, o->gss_authentication); |
@@ -2503,7 +2499,7 @@ Index: b/servconf.h | |||
2503 | =================================================================== | 2499 | =================================================================== |
2504 | --- a/servconf.h | 2500 | --- a/servconf.h |
2505 | +++ b/servconf.h | 2501 | +++ b/servconf.h |
2506 | @@ -110,7 +110,10 @@ | 2502 | @@ -111,7 +111,10 @@ |
2507 | int kerberos_get_afs_token; /* If true, try to get AFS token if | 2503 | int kerberos_get_afs_token; /* If true, try to get AFS token if |
2508 | * authenticated with Kerberos. */ | 2504 | * authenticated with Kerberos. */ |
2509 | int gss_authentication; /* If true, permit GSSAPI authentication */ | 2505 | int gss_authentication; /* If true, permit GSSAPI authentication */ |
@@ -2632,7 +2628,7 @@ Index: b/ssh_config.5 | |||
2632 | =================================================================== | 2628 | =================================================================== |
2633 | --- a/ssh_config.5 | 2629 | --- a/ssh_config.5 |
2634 | +++ b/ssh_config.5 | 2630 | +++ b/ssh_config.5 |
2635 | @@ -530,11 +530,43 @@ | 2631 | @@ -529,11 +529,43 @@ |
2636 | The default is | 2632 | The default is |
2637 | .Dq no . | 2633 | .Dq no . |
2638 | Note that this option applies to protocol version 2 only. | 2634 | Note that this option applies to protocol version 2 only. |
@@ -2727,14 +2723,14 @@ Index: b/sshconnect2.c | |||
2727 | + orig = myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS]; | 2723 | + orig = myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS]; |
2728 | + xasprintf(&myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS], | 2724 | + xasprintf(&myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS], |
2729 | + "%s,null", orig); | 2725 | + "%s,null", orig); |
2730 | + xfree(gss); | 2726 | + free(gss); |
2731 | + } | 2727 | + } |
2732 | +#endif | 2728 | +#endif |
2733 | + | 2729 | + |
2734 | if (options.rekey_limit) | 2730 | if (options.rekey_limit || options.rekey_interval) |
2735 | packet_set_rekey_limit((u_int32_t)options.rekey_limit); | 2731 | packet_set_rekey_limits((u_int32_t)options.rekey_limit, |
2736 | 2732 | (time_t)options.rekey_interval); | |
2737 | @@ -207,10 +243,30 @@ | 2733 | @@ -208,10 +244,30 @@ |
2738 | kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; | 2734 | kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; |
2739 | kex->kex[KEX_DH_GEX_SHA256] = kexgex_client; | 2735 | kex->kex[KEX_DH_GEX_SHA256] = kexgex_client; |
2740 | kex->kex[KEX_ECDH_SHA2] = kexecdh_client; | 2736 | kex->kex[KEX_ECDH_SHA2] = kexecdh_client; |
@@ -2765,7 +2761,7 @@ Index: b/sshconnect2.c | |||
2765 | xxx_kex = kex; | 2761 | xxx_kex = kex; |
2766 | 2762 | ||
2767 | dispatch_run(DISPATCH_BLOCK, &kex->done, kex); | 2763 | dispatch_run(DISPATCH_BLOCK, &kex->done, kex); |
2768 | @@ -306,6 +362,7 @@ | 2764 | @@ -307,6 +363,7 @@ |
2769 | void input_gssapi_hash(int type, u_int32_t, void *); | 2765 | void input_gssapi_hash(int type, u_int32_t, void *); |
2770 | void input_gssapi_error(int, u_int32_t, void *); | 2766 | void input_gssapi_error(int, u_int32_t, void *); |
2771 | void input_gssapi_errtok(int, u_int32_t, void *); | 2767 | void input_gssapi_errtok(int, u_int32_t, void *); |
@@ -2773,7 +2769,7 @@ Index: b/sshconnect2.c | |||
2773 | #endif | 2769 | #endif |
2774 | 2770 | ||
2775 | void userauth(Authctxt *, char *); | 2771 | void userauth(Authctxt *, char *); |
2776 | @@ -321,6 +378,11 @@ | 2772 | @@ -322,6 +379,11 @@ |
2777 | 2773 | ||
2778 | Authmethod authmethods[] = { | 2774 | Authmethod authmethods[] = { |
2779 | #ifdef GSSAPI | 2775 | #ifdef GSSAPI |
@@ -2785,7 +2781,7 @@ Index: b/sshconnect2.c | |||
2785 | {"gssapi-with-mic", | 2781 | {"gssapi-with-mic", |
2786 | userauth_gssapi, | 2782 | userauth_gssapi, |
2787 | NULL, | 2783 | NULL, |
2788 | @@ -627,19 +689,31 @@ | 2784 | @@ -625,19 +687,31 @@ |
2789 | static u_int mech = 0; | 2785 | static u_int mech = 0; |
2790 | OM_uint32 min; | 2786 | OM_uint32 min; |
2791 | int ok = 0; | 2787 | int ok = 0; |
@@ -2819,7 +2815,7 @@ Index: b/sshconnect2.c | |||
2819 | ok = 1; /* Mechanism works */ | 2815 | ok = 1; /* Mechanism works */ |
2820 | } else { | 2816 | } else { |
2821 | mech++; | 2817 | mech++; |
2822 | @@ -736,8 +810,8 @@ | 2818 | @@ -734,8 +808,8 @@ |
2823 | { | 2819 | { |
2824 | Authctxt *authctxt = ctxt; | 2820 | Authctxt *authctxt = ctxt; |
2825 | Gssctxt *gssctxt; | 2821 | Gssctxt *gssctxt; |
@@ -2830,9 +2826,9 @@ Index: b/sshconnect2.c | |||
2830 | 2826 | ||
2831 | if (authctxt == NULL) | 2827 | if (authctxt == NULL) |
2832 | fatal("input_gssapi_response: no authentication context"); | 2828 | fatal("input_gssapi_response: no authentication context"); |
2833 | @@ -847,6 +921,48 @@ | 2829 | @@ -844,6 +918,48 @@ |
2834 | xfree(msg); | 2830 | free(msg); |
2835 | xfree(lang); | 2831 | free(lang); |
2836 | } | 2832 | } |
2837 | + | 2833 | + |
2838 | +int | 2834 | +int |
@@ -2883,7 +2879,7 @@ Index: b/sshd.c | |||
2883 | =================================================================== | 2879 | =================================================================== |
2884 | --- a/sshd.c | 2880 | --- a/sshd.c |
2885 | +++ b/sshd.c | 2881 | +++ b/sshd.c |
2886 | @@ -121,6 +121,10 @@ | 2882 | @@ -122,6 +122,10 @@ |
2887 | #include "ssh-sandbox.h" | 2883 | #include "ssh-sandbox.h" |
2888 | #include "version.h" | 2884 | #include "version.h" |
2889 | 2885 | ||
@@ -2894,7 +2890,7 @@ Index: b/sshd.c | |||
2894 | #ifdef LIBWRAP | 2890 | #ifdef LIBWRAP |
2895 | #include <tcpd.h> | 2891 | #include <tcpd.h> |
2896 | #include <syslog.h> | 2892 | #include <syslog.h> |
2897 | @@ -1645,10 +1649,13 @@ | 2893 | @@ -1703,10 +1707,13 @@ |
2898 | logit("Disabling protocol version 1. Could not load host key"); | 2894 | logit("Disabling protocol version 1. Could not load host key"); |
2899 | options.protocol &= ~SSH_PROTO_1; | 2895 | options.protocol &= ~SSH_PROTO_1; |
2900 | } | 2896 | } |
@@ -2908,7 +2904,7 @@ Index: b/sshd.c | |||
2908 | if (!(options.protocol & (SSH_PROTO_1|SSH_PROTO_2))) { | 2904 | if (!(options.protocol & (SSH_PROTO_1|SSH_PROTO_2))) { |
2909 | logit("sshd: no hostkeys available -- exiting."); | 2905 | logit("sshd: no hostkeys available -- exiting."); |
2910 | exit(1); | 2906 | exit(1); |
2911 | @@ -1976,6 +1983,60 @@ | 2907 | @@ -2035,6 +2042,60 @@ |
2912 | /* Log the connection. */ | 2908 | /* Log the connection. */ |
2913 | verbose("Connection from %.500s port %d", remote_ip, remote_port); | 2909 | verbose("Connection from %.500s port %d", remote_ip, remote_port); |
2914 | 2910 | ||
@@ -2969,7 +2965,7 @@ Index: b/sshd.c | |||
2969 | /* | 2965 | /* |
2970 | * We don't want to listen forever unless the other side | 2966 | * We don't want to listen forever unless the other side |
2971 | * successfully authenticates itself. So we set up an alarm which is | 2967 | * successfully authenticates itself. So we set up an alarm which is |
2972 | @@ -2357,6 +2418,48 @@ | 2968 | @@ -2439,6 +2500,48 @@ |
2973 | 2969 | ||
2974 | myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types(); | 2970 | myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types(); |
2975 | 2971 | ||
@@ -3018,7 +3014,7 @@ Index: b/sshd.c | |||
3018 | /* start key exchange */ | 3014 | /* start key exchange */ |
3019 | kex = kex_setup(myproposal); | 3015 | kex = kex_setup(myproposal); |
3020 | kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; | 3016 | kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; |
3021 | @@ -2364,6 +2467,13 @@ | 3017 | @@ -2446,6 +2549,13 @@ |
3022 | kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; | 3018 | kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; |
3023 | kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; | 3019 | kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; |
3024 | kex->kex[KEX_ECDH_SHA2] = kexecdh_server; | 3020 | kex->kex[KEX_ECDH_SHA2] = kexecdh_server; |
@@ -3036,7 +3032,7 @@ Index: b/sshd_config | |||
3036 | =================================================================== | 3032 | =================================================================== |
3037 | --- a/sshd_config | 3033 | --- a/sshd_config |
3038 | +++ b/sshd_config | 3034 | +++ b/sshd_config |
3039 | @@ -80,6 +80,8 @@ | 3035 | @@ -83,6 +83,8 @@ |
3040 | # GSSAPI options | 3036 | # GSSAPI options |
3041 | #GSSAPIAuthentication no | 3037 | #GSSAPIAuthentication no |
3042 | #GSSAPICleanupCredentials yes | 3038 | #GSSAPICleanupCredentials yes |
@@ -3049,7 +3045,7 @@ Index: b/sshd_config.5 | |||
3049 | =================================================================== | 3045 | =================================================================== |
3050 | --- a/sshd_config.5 | 3046 | --- a/sshd_config.5 |
3051 | +++ b/sshd_config.5 | 3047 | +++ b/sshd_config.5 |
3052 | @@ -481,12 +481,40 @@ | 3048 | @@ -484,12 +484,40 @@ |
3053 | The default is | 3049 | The default is |
3054 | .Dq no . | 3050 | .Dq no . |
3055 | Note that this option applies to protocol version 2 only. | 3051 | Note that this option applies to protocol version 2 only. |
diff --git a/debian/patches/keepalive-extensions.patch b/debian/patches/keepalive-extensions.patch index 98e9f8bdd..a851a91bf 100644 --- a/debian/patches/keepalive-extensions.patch +++ b/debian/patches/keepalive-extensions.patch | |||
@@ -12,30 +12,30 @@ Author: Richard Kettlewell <rjk@greenend.org.uk> | |||
12 | Author: Ian Jackson <ian@chiark.greenend.org.uk> | 12 | Author: Ian Jackson <ian@chiark.greenend.org.uk> |
13 | Author: Matthew Vernon <matthew@debian.org> | 13 | Author: Matthew Vernon <matthew@debian.org> |
14 | Author: Colin Watson <cjwatson@debian.org> | 14 | Author: Colin Watson <cjwatson@debian.org> |
15 | Last-Update: 2013-05-16 | 15 | Last-Update: 2013-09-14 |
16 | 16 | ||
17 | Index: b/readconf.c | 17 | Index: b/readconf.c |
18 | =================================================================== | 18 | =================================================================== |
19 | --- a/readconf.c | 19 | --- a/readconf.c |
20 | +++ b/readconf.c | 20 | +++ b/readconf.c |
21 | @@ -138,6 +138,7 @@ | 21 | @@ -141,6 +141,7 @@ |
22 | oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, | 22 | oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, |
23 | oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication, | 23 | oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication, |
24 | oKexAlgorithms, oIPQoS, oRequestTTY, | 24 | oKexAlgorithms, oIPQoS, oRequestTTY, oIgnoreUnknown, |
25 | + oProtocolKeepAlives, oSetupTimeOut, | 25 | + oProtocolKeepAlives, oSetupTimeOut, |
26 | oDeprecated, oUnsupported | 26 | oIgnoredUnknownOption, oDeprecated, oUnsupported |
27 | } OpCodes; | 27 | } OpCodes; |
28 | 28 | ||
29 | @@ -259,6 +260,8 @@ | 29 | @@ -263,6 +264,8 @@ |
30 | { "kexalgorithms", oKexAlgorithms }, | ||
31 | { "ipqos", oIPQoS }, | 30 | { "ipqos", oIPQoS }, |
32 | { "requesttty", oRequestTTY }, | 31 | { "requesttty", oRequestTTY }, |
32 | { "ignoreunknown", oIgnoreUnknown }, | ||
33 | + { "protocolkeepalives", oProtocolKeepAlives }, | 33 | + { "protocolkeepalives", oProtocolKeepAlives }, |
34 | + { "setuptimeout", oSetupTimeOut }, | 34 | + { "setuptimeout", oSetupTimeOut }, |
35 | 35 | ||
36 | { NULL, oBadOption } | 36 | { NULL, oBadOption } |
37 | }; | 37 | }; |
38 | @@ -933,6 +936,8 @@ | 38 | @@ -939,6 +942,8 @@ |
39 | goto parse_flag; | 39 | goto parse_flag; |
40 | 40 | ||
41 | case oServerAliveInterval: | 41 | case oServerAliveInterval: |
@@ -44,8 +44,8 @@ Index: b/readconf.c | |||
44 | intptr = &options->server_alive_interval; | 44 | intptr = &options->server_alive_interval; |
45 | goto parse_time; | 45 | goto parse_time; |
46 | 46 | ||
47 | @@ -1392,8 +1397,13 @@ | 47 | @@ -1404,8 +1409,13 @@ |
48 | options->rekey_limit = 0; | 48 | options->rekey_interval = 0; |
49 | if (options->verify_host_key_dns == -1) | 49 | if (options->verify_host_key_dns == -1) |
50 | options->verify_host_key_dns = 0; | 50 | options->verify_host_key_dns = 0; |
51 | - if (options->server_alive_interval == -1) | 51 | - if (options->server_alive_interval == -1) |
@@ -78,7 +78,7 @@ Index: b/ssh_config.5 | |||
78 | The argument must be | 78 | The argument must be |
79 | .Dq yes | 79 | .Dq yes |
80 | or | 80 | or |
81 | @@ -1113,8 +1117,15 @@ | 81 | @@ -1141,8 +1145,15 @@ |
82 | will send a message through the encrypted | 82 | will send a message through the encrypted |
83 | channel to request a response from the server. | 83 | channel to request a response from the server. |
84 | The default | 84 | The default |
@@ -95,7 +95,7 @@ Index: b/ssh_config.5 | |||
95 | .It Cm StrictHostKeyChecking | 95 | .It Cm StrictHostKeyChecking |
96 | If this flag is set to | 96 | If this flag is set to |
97 | .Dq yes , | 97 | .Dq yes , |
98 | @@ -1153,6 +1164,12 @@ | 98 | @@ -1181,6 +1192,12 @@ |
99 | other side. | 99 | other side. |
100 | If they are sent, death of the connection or crash of one | 100 | If they are sent, death of the connection or crash of one |
101 | of the machines will be properly noticed. | 101 | of the machines will be properly noticed. |
@@ -112,7 +112,7 @@ Index: b/sshd_config.5 | |||
112 | =================================================================== | 112 | =================================================================== |
113 | --- a/sshd_config.5 | 113 | --- a/sshd_config.5 |
114 | +++ b/sshd_config.5 | 114 | +++ b/sshd_config.5 |
115 | @@ -1122,6 +1122,9 @@ | 115 | @@ -1161,6 +1161,9 @@ |
116 | .Pp | 116 | .Pp |
117 | To disable TCP keepalive messages, the value should be set to | 117 | To disable TCP keepalive messages, the value should be set to |
118 | .Dq no . | 118 | .Dq no . |
diff --git a/debian/patches/lintian-symlink-pickiness.patch b/debian/patches/lintian-symlink-pickiness.patch index 8afabfaba..19ae33b22 100644 --- a/debian/patches/lintian-symlink-pickiness.patch +++ b/debian/patches/lintian-symlink-pickiness.patch | |||
@@ -3,13 +3,13 @@ Description: Fix picky lintian errors about slogin symlinks | |||
3 | either way and opted to keep the status quo. We need this patch anyway. | 3 | either way and opted to keep the status quo. We need this patch anyway. |
4 | Author: Colin Watson <cjwatson@debian.org> | 4 | Author: Colin Watson <cjwatson@debian.org> |
5 | Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1728 | 5 | Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1728 |
6 | Last-Update: 2013-05-07 | 6 | Last-Update: 2013-09-14 |
7 | 7 | ||
8 | Index: b/Makefile.in | 8 | Index: b/Makefile.in |
9 | =================================================================== | 9 | =================================================================== |
10 | --- a/Makefile.in | 10 | --- a/Makefile.in |
11 | +++ b/Makefile.in | 11 | +++ b/Makefile.in |
12 | @@ -293,9 +293,9 @@ | 12 | @@ -296,9 +296,9 @@ |
13 | $(INSTALL) -m 644 ssh-pkcs11-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8 | 13 | $(INSTALL) -m 644 ssh-pkcs11-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8 |
14 | $(INSTALL) -m 644 ssh-vulnkey.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-vulnkey.1 | 14 | $(INSTALL) -m 644 ssh-vulnkey.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-vulnkey.1 |
15 | -rm -f $(DESTDIR)$(bindir)/slogin | 15 | -rm -f $(DESTDIR)$(bindir)/slogin |
diff --git a/debian/patches/mention-ssh-keygen-on-keychange.patch b/debian/patches/mention-ssh-keygen-on-keychange.patch index fd1b6f9f5..55c277031 100644 --- a/debian/patches/mention-ssh-keygen-on-keychange.patch +++ b/debian/patches/mention-ssh-keygen-on-keychange.patch | |||
@@ -2,13 +2,13 @@ Description: Mention ssh-keygen in ssh fingerprint changed warning | |||
2 | Author: Scott Moser <smoser@ubuntu.com> | 2 | Author: Scott Moser <smoser@ubuntu.com> |
3 | Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1843 | 3 | Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1843 |
4 | Bug-Ubuntu: https://bugs.launchpad.net/bugs/686607 | 4 | Bug-Ubuntu: https://bugs.launchpad.net/bugs/686607 |
5 | Last-Update: 2013-05-16 | 5 | Last-Update: 2013-09-14 |
6 | 6 | ||
7 | Index: b/sshconnect.c | 7 | Index: b/sshconnect.c |
8 | =================================================================== | 8 | =================================================================== |
9 | --- a/sshconnect.c | 9 | --- a/sshconnect.c |
10 | +++ b/sshconnect.c | 10 | +++ b/sshconnect.c |
11 | @@ -982,9 +982,12 @@ | 11 | @@ -981,9 +981,12 @@ |
12 | error("%s. This could either mean that", key_msg); | 12 | error("%s. This could either mean that", key_msg); |
13 | error("DNS SPOOFING is happening or the IP address for the host"); | 13 | error("DNS SPOOFING is happening or the IP address for the host"); |
14 | error("and its host key have changed at the same time."); | 14 | error("and its host key have changed at the same time."); |
@@ -22,7 +22,7 @@ Index: b/sshconnect.c | |||
22 | } | 22 | } |
23 | /* The host key has changed. */ | 23 | /* The host key has changed. */ |
24 | warn_changed_key(host_key); | 24 | warn_changed_key(host_key); |
25 | @@ -992,6 +995,8 @@ | 25 | @@ -991,6 +994,8 @@ |
26 | user_hostfiles[0]); | 26 | user_hostfiles[0]); |
27 | error("Offending %s key in %s:%lu", key_type(host_found->key), | 27 | error("Offending %s key in %s:%lu", key_type(host_found->key), |
28 | host_found->file, host_found->line); | 28 | host_found->file, host_found->line); |
diff --git a/debian/patches/openbsd-docs.patch b/debian/patches/openbsd-docs.patch index 48c3ff598..d4eeee6e8 100644 --- a/debian/patches/openbsd-docs.patch +++ b/debian/patches/openbsd-docs.patch | |||
@@ -6,7 +6,7 @@ Description: Adjust various OpenBSD-specific references in manual pages | |||
6 | https://bugs.launchpad.net/bugs/456660 (ssl(8)) | 6 | https://bugs.launchpad.net/bugs/456660 (ssl(8)) |
7 | Author: Colin Watson <cjwatson@debian.org> | 7 | Author: Colin Watson <cjwatson@debian.org> |
8 | Forwarded: not-needed | 8 | Forwarded: not-needed |
9 | Last-Update: 2013-05-07 | 9 | Last-Update: 2013-09-14 |
10 | 10 | ||
11 | Index: b/moduli.5 | 11 | Index: b/moduli.5 |
12 | =================================================================== | 12 | =================================================================== |
@@ -56,7 +56,7 @@ Index: b/ssh-keygen.1 | |||
56 | .It Fl a Ar trials | 56 | .It Fl a Ar trials |
57 | Specifies the number of primality tests to perform when screening DH-GEX | 57 | Specifies the number of primality tests to perform when screening DH-GEX |
58 | candidates using the | 58 | candidates using the |
59 | @@ -606,7 +602,7 @@ | 59 | @@ -605,7 +601,7 @@ |
60 | Valid generator values are 2, 3, and 5. | 60 | Valid generator values are 2, 3, and 5. |
61 | .Pp | 61 | .Pp |
62 | Screened DH groups may be installed in | 62 | Screened DH groups may be installed in |
@@ -65,7 +65,7 @@ Index: b/ssh-keygen.1 | |||
65 | It is important that this file contains moduli of a range of bit lengths and | 65 | It is important that this file contains moduli of a range of bit lengths and |
66 | that both ends of a connection share common moduli. | 66 | that both ends of a connection share common moduli. |
67 | .Sh CERTIFICATES | 67 | .Sh CERTIFICATES |
68 | @@ -801,7 +797,7 @@ | 68 | @@ -800,7 +796,7 @@ |
69 | where the user wishes to log in using public key authentication. | 69 | where the user wishes to log in using public key authentication. |
70 | There is no need to keep the contents of this file secret. | 70 | There is no need to keep the contents of this file secret. |
71 | .Pp | 71 | .Pp |
@@ -78,9 +78,9 @@ Index: b/ssh.1 | |||
78 | =================================================================== | 78 | =================================================================== |
79 | --- a/ssh.1 | 79 | --- a/ssh.1 |
80 | +++ b/ssh.1 | 80 | +++ b/ssh.1 |
81 | @@ -736,6 +736,10 @@ | 81 | @@ -756,6 +756,10 @@ |
82 | .Sx HISTORY | 82 | but protocol 2 may use any. |
83 | section of | 83 | The HISTORY section of |
84 | .Xr ssl 8 | 84 | .Xr ssl 8 |
85 | +(on non-OpenBSD systems, see | 85 | +(on non-OpenBSD systems, see |
86 | +.nh | 86 | +.nh |
@@ -93,7 +93,7 @@ Index: b/sshd.8 | |||
93 | =================================================================== | 93 | =================================================================== |
94 | --- a/sshd.8 | 94 | --- a/sshd.8 |
95 | +++ b/sshd.8 | 95 | +++ b/sshd.8 |
96 | @@ -69,7 +69,7 @@ | 96 | @@ -70,7 +70,7 @@ |
97 | .Nm | 97 | .Nm |
98 | listens for connections from clients. | 98 | listens for connections from clients. |
99 | It is normally started at boot from | 99 | It is normally started at boot from |
@@ -102,7 +102,7 @@ Index: b/sshd.8 | |||
102 | It forks a new | 102 | It forks a new |
103 | daemon for each incoming connection. | 103 | daemon for each incoming connection. |
104 | The forked daemons handle | 104 | The forked daemons handle |
105 | @@ -858,7 +858,7 @@ | 105 | @@ -859,7 +859,7 @@ |
106 | .Xr ssh 1 ) . | 106 | .Xr ssh 1 ) . |
107 | It should only be writable by root. | 107 | It should only be writable by root. |
108 | .Pp | 108 | .Pp |
@@ -111,7 +111,7 @@ Index: b/sshd.8 | |||
111 | Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange". | 111 | Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange". |
112 | The file format is described in | 112 | The file format is described in |
113 | .Xr moduli 5 . | 113 | .Xr moduli 5 . |
114 | @@ -956,7 +956,6 @@ | 114 | @@ -957,7 +957,6 @@ |
115 | .Xr ssh-vulnkey 1 , | 115 | .Xr ssh-vulnkey 1 , |
116 | .Xr chroot 2 , | 116 | .Xr chroot 2 , |
117 | .Xr hosts_access 5 , | 117 | .Xr hosts_access 5 , |
@@ -123,7 +123,7 @@ Index: b/sshd_config.5 | |||
123 | =================================================================== | 123 | =================================================================== |
124 | --- a/sshd_config.5 | 124 | --- a/sshd_config.5 |
125 | +++ b/sshd_config.5 | 125 | +++ b/sshd_config.5 |
126 | @@ -276,8 +276,7 @@ | 126 | @@ -283,8 +283,7 @@ |
127 | By default, no banner is displayed. | 127 | By default, no banner is displayed. |
128 | .It Cm ChallengeResponseAuthentication | 128 | .It Cm ChallengeResponseAuthentication |
129 | Specifies whether challenge-response authentication is allowed (e.g. via | 129 | Specifies whether challenge-response authentication is allowed (e.g. via |
diff --git a/debian/patches/package-versioning.patch b/debian/patches/package-versioning.patch index b922a185b..2be45ebf8 100644 --- a/debian/patches/package-versioning.patch +++ b/debian/patches/package-versioning.patch | |||
@@ -5,7 +5,7 @@ Description: Include the Debian version in our identification | |||
5 | vulnerable-looking version strings. (However, see debian-banner.patch.) | 5 | vulnerable-looking version strings. (However, see debian-banner.patch.) |
6 | Author: Matthew Vernon <matthew@debian.org> | 6 | Author: Matthew Vernon <matthew@debian.org> |
7 | Forwarded: not-needed | 7 | Forwarded: not-needed |
8 | Last-Update: 2013-05-16 | 8 | Last-Update: 2013-09-14 |
9 | 9 | ||
10 | Index: b/sshconnect.c | 10 | Index: b/sshconnect.c |
11 | =================================================================== | 11 | =================================================================== |
@@ -28,7 +28,7 @@ Index: b/sshd.c | |||
28 | =================================================================== | 28 | =================================================================== |
29 | --- a/sshd.c | 29 | --- a/sshd.c |
30 | +++ b/sshd.c | 30 | +++ b/sshd.c |
31 | @@ -434,7 +434,7 @@ | 31 | @@ -440,7 +440,7 @@ |
32 | } | 32 | } |
33 | 33 | ||
34 | xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s", | 34 | xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s", |
@@ -42,9 +42,9 @@ Index: b/version.h | |||
42 | --- a/version.h | 42 | --- a/version.h |
43 | +++ b/version.h | 43 | +++ b/version.h |
44 | @@ -3,4 +3,9 @@ | 44 | @@ -3,4 +3,9 @@ |
45 | #define SSH_VERSION "OpenSSH_6.2" | 45 | #define SSH_VERSION "OpenSSH_6.3" |
46 | 46 | ||
47 | #define SSH_PORTABLE "p2" | 47 | #define SSH_PORTABLE "p1" |
48 | -#define SSH_RELEASE SSH_VERSION SSH_PORTABLE | 48 | -#define SSH_RELEASE SSH_VERSION SSH_PORTABLE |
49 | +#define SSH_RELEASE_MINIMUM SSH_VERSION SSH_PORTABLE | 49 | +#define SSH_RELEASE_MINIMUM SSH_VERSION SSH_PORTABLE |
50 | +#ifdef SSH_EXTRAVERSION | 50 | +#ifdef SSH_EXTRAVERSION |
diff --git a/debian/patches/quieter-signals.patch b/debian/patches/quieter-signals.patch index f25ff89d0..32f4cfc67 100644 --- a/debian/patches/quieter-signals.patch +++ b/debian/patches/quieter-signals.patch | |||
@@ -10,13 +10,13 @@ Author: Peter Samuelson <peter@p12n.org> | |||
10 | Author: Colin Watson <cjwatson@debian.org> | 10 | Author: Colin Watson <cjwatson@debian.org> |
11 | Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1118 | 11 | Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1118 |
12 | Bug-Debian: http://bugs.debian.org/313371 | 12 | Bug-Debian: http://bugs.debian.org/313371 |
13 | Last-Update: 2013-05-07 | 13 | Last-Update: 2013-09-14 |
14 | 14 | ||
15 | Index: b/clientloop.c | 15 | Index: b/clientloop.c |
16 | =================================================================== | 16 | =================================================================== |
17 | --- a/clientloop.c | 17 | --- a/clientloop.c |
18 | +++ b/clientloop.c | 18 | +++ b/clientloop.c |
19 | @@ -1710,8 +1710,10 @@ | 19 | @@ -1717,8 +1717,10 @@ |
20 | exit_status = 0; | 20 | exit_status = 0; |
21 | } | 21 | } |
22 | 22 | ||
diff --git a/debian/patches/selinux-role.patch b/debian/patches/selinux-role.patch index c41c78b3b..f3376c20a 100644 --- a/debian/patches/selinux-role.patch +++ b/debian/patches/selinux-role.patch | |||
@@ -5,7 +5,7 @@ Description: Handle SELinux authorisation roles | |||
5 | Author: Manoj Srivastava <srivasta@debian.org> | 5 | Author: Manoj Srivastava <srivasta@debian.org> |
6 | Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1641 | 6 | Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1641 |
7 | Bug-Debian: http://bugs.debian.org/394795 | 7 | Bug-Debian: http://bugs.debian.org/394795 |
8 | Last-Update: 2013-05-13 | 8 | Last-Update: 2013-09-14 |
9 | 9 | ||
10 | Index: b/auth.h | 10 | Index: b/auth.h |
11 | =================================================================== | 11 | =================================================================== |
@@ -17,13 +17,13 @@ Index: b/auth.h | |||
17 | char *style; | 17 | char *style; |
18 | + char *role; | 18 | + char *role; |
19 | void *kbdintctxt; | 19 | void *kbdintctxt; |
20 | char *info; /* Extra info for next auth_log */ | ||
20 | void *jpake_ctx; | 21 | void *jpake_ctx; |
21 | #ifdef BSD_AUTH | ||
22 | Index: b/auth1.c | 22 | Index: b/auth1.c |
23 | =================================================================== | 23 | =================================================================== |
24 | --- a/auth1.c | 24 | --- a/auth1.c |
25 | +++ b/auth1.c | 25 | +++ b/auth1.c |
26 | @@ -385,7 +385,7 @@ | 26 | @@ -380,7 +380,7 @@ |
27 | do_authentication(Authctxt *authctxt) | 27 | do_authentication(Authctxt *authctxt) |
28 | { | 28 | { |
29 | u_int ulen; | 29 | u_int ulen; |
@@ -32,7 +32,7 @@ Index: b/auth1.c | |||
32 | 32 | ||
33 | /* Get the name of the user that we wish to log in as. */ | 33 | /* Get the name of the user that we wish to log in as. */ |
34 | packet_read_expect(SSH_CMSG_USER); | 34 | packet_read_expect(SSH_CMSG_USER); |
35 | @@ -394,11 +394,17 @@ | 35 | @@ -389,11 +389,17 @@ |
36 | user = packet_get_cstring(&ulen); | 36 | user = packet_get_cstring(&ulen); |
37 | packet_check_eom(); | 37 | packet_check_eom(); |
38 | 38 | ||
@@ -54,7 +54,7 @@ Index: b/auth2.c | |||
54 | =================================================================== | 54 | =================================================================== |
55 | --- a/auth2.c | 55 | --- a/auth2.c |
56 | +++ b/auth2.c | 56 | +++ b/auth2.c |
57 | @@ -219,7 +219,7 @@ | 57 | @@ -222,7 +222,7 @@ |
58 | { | 58 | { |
59 | Authctxt *authctxt = ctxt; | 59 | Authctxt *authctxt = ctxt; |
60 | Authmethod *m = NULL; | 60 | Authmethod *m = NULL; |
@@ -63,7 +63,7 @@ Index: b/auth2.c | |||
63 | int authenticated = 0; | 63 | int authenticated = 0; |
64 | 64 | ||
65 | if (authctxt == NULL) | 65 | if (authctxt == NULL) |
66 | @@ -231,8 +231,13 @@ | 66 | @@ -234,8 +234,13 @@ |
67 | debug("userauth-request for user %s service %s method %s", user, service, method); | 67 | debug("userauth-request for user %s service %s method %s", user, service, method); |
68 | debug("attempt %d failures %d", authctxt->attempt, authctxt->failures); | 68 | debug("attempt %d failures %d", authctxt->attempt, authctxt->failures); |
69 | 69 | ||
@@ -77,7 +77,7 @@ Index: b/auth2.c | |||
77 | 77 | ||
78 | if (authctxt->attempt++ == 0) { | 78 | if (authctxt->attempt++ == 0) { |
79 | /* setup auth context */ | 79 | /* setup auth context */ |
80 | @@ -256,8 +261,9 @@ | 80 | @@ -259,8 +264,9 @@ |
81 | use_privsep ? " [net]" : ""); | 81 | use_privsep ? " [net]" : ""); |
82 | authctxt->service = xstrdup(service); | 82 | authctxt->service = xstrdup(service); |
83 | authctxt->style = style ? xstrdup(style) : NULL; | 83 | authctxt->style = style ? xstrdup(style) : NULL; |
@@ -92,7 +92,7 @@ Index: b/monitor.c | |||
92 | =================================================================== | 92 | =================================================================== |
93 | --- a/monitor.c | 93 | --- a/monitor.c |
94 | +++ b/monitor.c | 94 | +++ b/monitor.c |
95 | @@ -145,6 +145,7 @@ | 95 | @@ -146,6 +146,7 @@ |
96 | int mm_answer_pwnamallow(int, Buffer *); | 96 | int mm_answer_pwnamallow(int, Buffer *); |
97 | int mm_answer_auth2_read_banner(int, Buffer *); | 97 | int mm_answer_auth2_read_banner(int, Buffer *); |
98 | int mm_answer_authserv(int, Buffer *); | 98 | int mm_answer_authserv(int, Buffer *); |
@@ -100,7 +100,7 @@ Index: b/monitor.c | |||
100 | int mm_answer_authpassword(int, Buffer *); | 100 | int mm_answer_authpassword(int, Buffer *); |
101 | int mm_answer_bsdauthquery(int, Buffer *); | 101 | int mm_answer_bsdauthquery(int, Buffer *); |
102 | int mm_answer_bsdauthrespond(int, Buffer *); | 102 | int mm_answer_bsdauthrespond(int, Buffer *); |
103 | @@ -226,6 +227,7 @@ | 103 | @@ -227,6 +228,7 @@ |
104 | {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign}, | 104 | {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign}, |
105 | {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow}, | 105 | {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow}, |
106 | {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv}, | 106 | {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv}, |
@@ -108,7 +108,7 @@ Index: b/monitor.c | |||
108 | {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner}, | 108 | {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner}, |
109 | {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword}, | 109 | {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword}, |
110 | #ifdef USE_PAM | 110 | #ifdef USE_PAM |
111 | @@ -837,6 +839,7 @@ | 111 | @@ -844,6 +846,7 @@ |
112 | else { | 112 | else { |
113 | /* Allow service/style information on the auth context */ | 113 | /* Allow service/style information on the auth context */ |
114 | monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1); | 114 | monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1); |
@@ -116,7 +116,7 @@ Index: b/monitor.c | |||
116 | monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1); | 116 | monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1); |
117 | } | 117 | } |
118 | #ifdef USE_PAM | 118 | #ifdef USE_PAM |
119 | @@ -869,14 +872,37 @@ | 119 | @@ -874,14 +877,37 @@ |
120 | 120 | ||
121 | authctxt->service = buffer_get_string(m, NULL); | 121 | authctxt->service = buffer_get_string(m, NULL); |
122 | authctxt->style = buffer_get_string(m, NULL); | 122 | authctxt->style = buffer_get_string(m, NULL); |
@@ -127,12 +127,12 @@ Index: b/monitor.c | |||
127 | + __func__, authctxt->service, authctxt->style, authctxt->role); | 127 | + __func__, authctxt->service, authctxt->style, authctxt->role); |
128 | 128 | ||
129 | if (strlen(authctxt->style) == 0) { | 129 | if (strlen(authctxt->style) == 0) { |
130 | xfree(authctxt->style); | 130 | free(authctxt->style); |
131 | authctxt->style = NULL; | 131 | authctxt->style = NULL; |
132 | } | 132 | } |
133 | 133 | ||
134 | + if (strlen(authctxt->role) == 0) { | 134 | + if (strlen(authctxt->role) == 0) { |
135 | + xfree(authctxt->role); | 135 | + free(authctxt->role); |
136 | + authctxt->role = NULL; | 136 | + authctxt->role = NULL; |
137 | + } | 137 | + } |
138 | + | 138 | + |
@@ -149,14 +149,14 @@ Index: b/monitor.c | |||
149 | + __func__, authctxt->role); | 149 | + __func__, authctxt->role); |
150 | + | 150 | + |
151 | + if (strlen(authctxt->role) == 0) { | 151 | + if (strlen(authctxt->role) == 0) { |
152 | + xfree(authctxt->role); | 152 | + free(authctxt->role); |
153 | + authctxt->role = NULL; | 153 | + authctxt->role = NULL; |
154 | + } | 154 | + } |
155 | + | 155 | + |
156 | return (0); | 156 | return (0); |
157 | } | 157 | } |
158 | 158 | ||
159 | @@ -1471,7 +1497,7 @@ | 159 | @@ -1486,7 +1512,7 @@ |
160 | res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty)); | 160 | res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty)); |
161 | if (res == 0) | 161 | if (res == 0) |
162 | goto error; | 162 | goto error; |
@@ -182,7 +182,7 @@ Index: b/monitor_wrap.c | |||
182 | =================================================================== | 182 | =================================================================== |
183 | --- a/monitor_wrap.c | 183 | --- a/monitor_wrap.c |
184 | +++ b/monitor_wrap.c | 184 | +++ b/monitor_wrap.c |
185 | @@ -318,10 +318,10 @@ | 185 | @@ -320,10 +320,10 @@ |
186 | return (banner); | 186 | return (banner); |
187 | } | 187 | } |
188 | 188 | ||
@@ -195,7 +195,7 @@ Index: b/monitor_wrap.c | |||
195 | { | 195 | { |
196 | Buffer m; | 196 | Buffer m; |
197 | 197 | ||
198 | @@ -330,11 +330,29 @@ | 198 | @@ -332,11 +332,29 @@ |
199 | buffer_init(&m); | 199 | buffer_init(&m); |
200 | buffer_put_cstring(&m, service); | 200 | buffer_put_cstring(&m, service); |
201 | buffer_put_cstring(&m, style ? style : ""); | 201 | buffer_put_cstring(&m, style ? style : ""); |
@@ -284,7 +284,7 @@ Index: b/openbsd-compat/port-linux.c | |||
284 | #endif | 284 | #endif |
285 | 285 | ||
286 | if (r != 0) { | 286 | if (r != 0) { |
287 | @@ -107,7 +120,7 @@ | 287 | @@ -105,7 +118,7 @@ |
288 | 288 | ||
289 | /* Set the execution context to the default for the specified user */ | 289 | /* Set the execution context to the default for the specified user */ |
290 | void | 290 | void |
@@ -293,7 +293,7 @@ Index: b/openbsd-compat/port-linux.c | |||
293 | { | 293 | { |
294 | security_context_t user_ctx = NULL; | 294 | security_context_t user_ctx = NULL; |
295 | 295 | ||
296 | @@ -116,7 +129,7 @@ | 296 | @@ -114,7 +127,7 @@ |
297 | 297 | ||
298 | debug3("%s: setting execution context", __func__); | 298 | debug3("%s: setting execution context", __func__); |
299 | 299 | ||
@@ -302,7 +302,7 @@ Index: b/openbsd-compat/port-linux.c | |||
302 | if (setexeccon(user_ctx) != 0) { | 302 | if (setexeccon(user_ctx) != 0) { |
303 | switch (security_getenforce()) { | 303 | switch (security_getenforce()) { |
304 | case -1: | 304 | case -1: |
305 | @@ -138,7 +151,7 @@ | 305 | @@ -136,7 +149,7 @@ |
306 | 306 | ||
307 | /* Set the TTY context for the specified user */ | 307 | /* Set the TTY context for the specified user */ |
308 | void | 308 | void |
@@ -311,7 +311,7 @@ Index: b/openbsd-compat/port-linux.c | |||
311 | { | 311 | { |
312 | security_context_t new_tty_ctx = NULL; | 312 | security_context_t new_tty_ctx = NULL; |
313 | security_context_t user_ctx = NULL; | 313 | security_context_t user_ctx = NULL; |
314 | @@ -149,7 +162,7 @@ | 314 | @@ -147,7 +160,7 @@ |
315 | 315 | ||
316 | debug3("%s: setting TTY context on %s", __func__, tty); | 316 | debug3("%s: setting TTY context on %s", __func__, tty); |
317 | 317 | ||
@@ -392,7 +392,7 @@ Index: b/session.c | |||
392 | 392 | ||
393 | if (options.chroot_directory != NULL && | 393 | if (options.chroot_directory != NULL && |
394 | strcasecmp(options.chroot_directory, "none") != 0) { | 394 | strcasecmp(options.chroot_directory, "none") != 0) { |
395 | @@ -1633,7 +1633,7 @@ | 395 | @@ -1646,7 +1646,7 @@ |
396 | 396 | ||
397 | /* Force a password change */ | 397 | /* Force a password change */ |
398 | if (s->authctxt->force_pwchange) { | 398 | if (s->authctxt->force_pwchange) { |
@@ -401,7 +401,7 @@ Index: b/session.c | |||
401 | child_close_fds(); | 401 | child_close_fds(); |
402 | do_pwchange(s); | 402 | do_pwchange(s); |
403 | exit(1); | 403 | exit(1); |
404 | @@ -1660,7 +1660,7 @@ | 404 | @@ -1673,7 +1673,7 @@ |
405 | /* When PAM is enabled we rely on it to do the nologin check */ | 405 | /* When PAM is enabled we rely on it to do the nologin check */ |
406 | if (!options.use_pam) | 406 | if (!options.use_pam) |
407 | do_nologin(pw); | 407 | do_nologin(pw); |
@@ -410,7 +410,7 @@ Index: b/session.c | |||
410 | /* | 410 | /* |
411 | * PAM session modules in do_setusercontext may have | 411 | * PAM session modules in do_setusercontext may have |
412 | * generated messages, so if this in an interactive | 412 | * generated messages, so if this in an interactive |
413 | @@ -2072,7 +2072,7 @@ | 413 | @@ -2084,7 +2084,7 @@ |
414 | tty_parse_modes(s->ttyfd, &n_bytes); | 414 | tty_parse_modes(s->ttyfd, &n_bytes); |
415 | 415 | ||
416 | if (!use_privsep) | 416 | if (!use_privsep) |
@@ -436,7 +436,7 @@ Index: b/sshd.c | |||
436 | =================================================================== | 436 | =================================================================== |
437 | --- a/sshd.c | 437 | --- a/sshd.c |
438 | +++ b/sshd.c | 438 | +++ b/sshd.c |
439 | @@ -745,7 +745,7 @@ | 439 | @@ -753,7 +753,7 @@ |
440 | RAND_seed(rnd, sizeof(rnd)); | 440 | RAND_seed(rnd, sizeof(rnd)); |
441 | 441 | ||
442 | /* Drop privileges */ | 442 | /* Drop privileges */ |
diff --git a/debian/patches/series b/debian/patches/series index 0e43d9fe9..f5c2ebb52 100644 --- a/debian/patches/series +++ b/debian/patches/series | |||
@@ -26,7 +26,6 @@ shell-path.patch | |||
26 | dnssec-sshfp.patch | 26 | dnssec-sshfp.patch |
27 | auth-log-verbosity.patch | 27 | auth-log-verbosity.patch |
28 | mention-ssh-keygen-on-keychange.patch | 28 | mention-ssh-keygen-on-keychange.patch |
29 | ssh-copy-id-portable.patch | ||
30 | 29 | ||
31 | # Versioning | 30 | # Versioning |
32 | package-versioning.patch | 31 | package-versioning.patch |
diff --git a/debian/patches/shell-path.patch b/debian/patches/shell-path.patch index d4cbc3e5f..a1c6efc8d 100644 --- a/debian/patches/shell-path.patch +++ b/debian/patches/shell-path.patch | |||
@@ -4,7 +4,7 @@ Description: Look for $SHELL on the path for ProxyCommand/LocalCommand | |||
4 | Author: Colin Watson <cjwatson@debian.org> | 4 | Author: Colin Watson <cjwatson@debian.org> |
5 | Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1494 | 5 | Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1494 |
6 | Bug-Debian: http://bugs.debian.org/492728 | 6 | Bug-Debian: http://bugs.debian.org/492728 |
7 | Last-Update: 2013-05-16 | 7 | Last-Update: 2013-09-14 |
8 | 8 | ||
9 | Index: b/sshconnect.c | 9 | Index: b/sshconnect.c |
10 | =================================================================== | 10 | =================================================================== |
@@ -19,7 +19,7 @@ Index: b/sshconnect.c | |||
19 | perror(argv[0]); | 19 | perror(argv[0]); |
20 | exit(1); | 20 | exit(1); |
21 | } | 21 | } |
22 | @@ -1299,7 +1299,7 @@ | 22 | @@ -1298,7 +1298,7 @@ |
23 | if (pid == 0) { | 23 | if (pid == 0) { |
24 | signal(SIGPIPE, SIG_DFL); | 24 | signal(SIGPIPE, SIG_DFL); |
25 | debug3("Executing %s -c \"%s\"", shell, args); | 25 | debug3("Executing %s -c \"%s\"", shell, args); |
diff --git a/debian/patches/sigstop.patch b/debian/patches/sigstop.patch index 42bee0739..3311a797c 100644 --- a/debian/patches/sigstop.patch +++ b/debian/patches/sigstop.patch | |||
@@ -1,13 +1,13 @@ | |||
1 | Description: Support synchronisation with service supervisor using SIGSTOP | 1 | Description: Support synchronisation with service supervisor using SIGSTOP |
2 | Author: Colin Watson <cjwatson@debian.org> | 2 | Author: Colin Watson <cjwatson@debian.org> |
3 | Forwarded: no | 3 | Forwarded: no |
4 | Last-Update: 2013-08-12 | 4 | Last-Update: 2013-09-14 |
5 | 5 | ||
6 | Index: b/sshd.c | 6 | Index: b/sshd.c |
7 | =================================================================== | 7 | =================================================================== |
8 | --- a/sshd.c | 8 | --- a/sshd.c |
9 | +++ b/sshd.c | 9 | +++ b/sshd.c |
10 | @@ -1855,6 +1855,10 @@ | 10 | @@ -1914,6 +1914,10 @@ |
11 | } | 11 | } |
12 | } | 12 | } |
13 | 13 | ||
diff --git a/debian/patches/ssh-argv0.patch b/debian/patches/ssh-argv0.patch index 6f4a3cd9a..28d144221 100644 --- a/debian/patches/ssh-argv0.patch +++ b/debian/patches/ssh-argv0.patch | |||
@@ -5,13 +5,13 @@ Description: ssh(1): Refer to ssh-argv0(1) | |||
5 | manual page from ssh(1). | 5 | manual page from ssh(1). |
6 | Bug-Debian: http://bugs.debian.org/111341 | 6 | Bug-Debian: http://bugs.debian.org/111341 |
7 | Forwarded: not-needed | 7 | Forwarded: not-needed |
8 | Last-Update: 2013-05-07 | 8 | Last-Update: 2013-09-14 |
9 | 9 | ||
10 | Index: b/ssh.1 | 10 | Index: b/ssh.1 |
11 | =================================================================== | 11 | =================================================================== |
12 | --- a/ssh.1 | 12 | --- a/ssh.1 |
13 | +++ b/ssh.1 | 13 | +++ b/ssh.1 |
14 | @@ -1433,6 +1433,7 @@ | 14 | @@ -1451,6 +1451,7 @@ |
15 | .Xr sftp 1 , | 15 | .Xr sftp 1 , |
16 | .Xr ssh-add 1 , | 16 | .Xr ssh-add 1 , |
17 | .Xr ssh-agent 1 , | 17 | .Xr ssh-agent 1 , |
diff --git a/debian/patches/ssh-copy-id-portable.patch b/debian/patches/ssh-copy-id-portable.patch deleted file mode 100644 index 9583eab4b..000000000 --- a/debian/patches/ssh-copy-id-portable.patch +++ /dev/null | |||
@@ -1,20 +0,0 @@ | |||
1 | Description: Fix non-portable shell in ssh-copy-id | ||
2 | Author: Colin Watson <cjwatson@debian.org> | ||
3 | Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=2117 | ||
4 | Bug-Debian: http://bugs.debian.org/711162 | ||
5 | Forwarded: https://bugzilla.mindrot.org/show_bug.cgi?id=2117 | ||
6 | Last-Update: 2013-06-05 | ||
7 | |||
8 | Index: b/contrib/ssh-copy-id | ||
9 | =================================================================== | ||
10 | --- a/contrib/ssh-copy-id | ||
11 | +++ b/contrib/ssh-copy-id | ||
12 | @@ -165,7 +165,7 @@ | ||
13 | |||
14 | eval set -- "$SAVEARGS" | ||
15 | |||
16 | -if [ $# == 0 ] ; then | ||
17 | +if [ $# = 0 ] ; then | ||
18 | usage | ||
19 | fi | ||
20 | if [ $# != 1 ] ; then | ||
diff --git a/debian/patches/ssh-vulnkey.patch b/debian/patches/ssh-vulnkey.patch index 03d6f15d9..a56911290 100644 --- a/debian/patches/ssh-vulnkey.patch +++ b/debian/patches/ssh-vulnkey.patch | |||
@@ -8,7 +8,7 @@ Description: Reject vulnerable keys to mitigate Debian OpenSSL flaw | |||
8 | See CVE-2008-0166. | 8 | See CVE-2008-0166. |
9 | Author: Colin Watson <cjwatson@ubuntu.com> | 9 | Author: Colin Watson <cjwatson@ubuntu.com> |
10 | Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1469 | 10 | Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1469 |
11 | Last-Update: 2013-05-16 | 11 | Last-Update: 2013-09-14 |
12 | 12 | ||
13 | Index: b/Makefile.in | 13 | Index: b/Makefile.in |
14 | =================================================================== | 14 | =================================================================== |
@@ -52,7 +52,7 @@ Index: b/Makefile.in | |||
52 | MANTYPE = @MANTYPE@ | 52 | MANTYPE = @MANTYPE@ |
53 | 53 | ||
54 | CONFIGFILES=sshd_config.out ssh_config.out moduli.out | 54 | CONFIGFILES=sshd_config.out ssh_config.out moduli.out |
55 | @@ -174,6 +176,9 @@ | 55 | @@ -176,6 +178,9 @@ |
56 | sftp$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-client.o sftp-common.o sftp-glob.o progressmeter.o | 56 | sftp$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-client.o sftp-common.o sftp-glob.o progressmeter.o |
57 | $(LD) -o $@ progressmeter.o sftp.o sftp-client.o sftp-common.o sftp-glob.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) $(LIBEDIT) | 57 | $(LD) -o $@ progressmeter.o sftp.o sftp-client.o sftp-common.o sftp-glob.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) $(LIBEDIT) |
58 | 58 | ||
@@ -62,7 +62,7 @@ Index: b/Makefile.in | |||
62 | # test driver for the loginrec code - not built by default | 62 | # test driver for the loginrec code - not built by default |
63 | logintest: logintest.o $(LIBCOMPAT) libssh.a loginrec.o | 63 | logintest: logintest.o $(LIBCOMPAT) libssh.a loginrec.o |
64 | $(LD) -o $@ logintest.o $(LDFLAGS) loginrec.o -lopenbsd-compat -lssh $(LIBS) | 64 | $(LD) -o $@ logintest.o $(LDFLAGS) loginrec.o -lopenbsd-compat -lssh $(LIBS) |
65 | @@ -269,6 +274,7 @@ | 65 | @@ -272,6 +277,7 @@ |
66 | $(INSTALL) -m 0755 $(STRIP_OPT) ssh-pkcs11-helper$(EXEEXT) $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT) | 66 | $(INSTALL) -m 0755 $(STRIP_OPT) ssh-pkcs11-helper$(EXEEXT) $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT) |
67 | $(INSTALL) -m 0755 $(STRIP_OPT) sftp$(EXEEXT) $(DESTDIR)$(bindir)/sftp$(EXEEXT) | 67 | $(INSTALL) -m 0755 $(STRIP_OPT) sftp$(EXEEXT) $(DESTDIR)$(bindir)/sftp$(EXEEXT) |
68 | $(INSTALL) -m 0755 $(STRIP_OPT) sftp-server$(EXEEXT) $(DESTDIR)$(SFTP_SERVER)$(EXEEXT) | 68 | $(INSTALL) -m 0755 $(STRIP_OPT) sftp-server$(EXEEXT) $(DESTDIR)$(SFTP_SERVER)$(EXEEXT) |
@@ -70,7 +70,7 @@ Index: b/Makefile.in | |||
70 | $(INSTALL) -m 644 ssh.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1 | 70 | $(INSTALL) -m 644 ssh.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1 |
71 | $(INSTALL) -m 644 scp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1 | 71 | $(INSTALL) -m 644 scp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1 |
72 | $(INSTALL) -m 644 ssh-add.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-add.1 | 72 | $(INSTALL) -m 644 ssh-add.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-add.1 |
73 | @@ -283,6 +289,7 @@ | 73 | @@ -286,6 +292,7 @@ |
74 | $(INSTALL) -m 644 sftp-server.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8 | 74 | $(INSTALL) -m 644 sftp-server.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8 |
75 | $(INSTALL) -m 644 ssh-keysign.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8 | 75 | $(INSTALL) -m 644 ssh-keysign.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8 |
76 | $(INSTALL) -m 644 ssh-pkcs11-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8 | 76 | $(INSTALL) -m 644 ssh-pkcs11-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8 |
@@ -78,7 +78,7 @@ Index: b/Makefile.in | |||
78 | -rm -f $(DESTDIR)$(bindir)/slogin | 78 | -rm -f $(DESTDIR)$(bindir)/slogin |
79 | ln -s ./ssh$(EXEEXT) $(DESTDIR)$(bindir)/slogin | 79 | ln -s ./ssh$(EXEEXT) $(DESTDIR)$(bindir)/slogin |
80 | -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1 | 80 | -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1 |
81 | @@ -364,6 +371,7 @@ | 81 | @@ -367,6 +374,7 @@ |
82 | -rm -f $(DESTDIR)$(bindir)/ssh-agent$(EXEEXT) | 82 | -rm -f $(DESTDIR)$(bindir)/ssh-agent$(EXEEXT) |
83 | -rm -f $(DESTDIR)$(bindir)/ssh-keygen$(EXEEXT) | 83 | -rm -f $(DESTDIR)$(bindir)/ssh-keygen$(EXEEXT) |
84 | -rm -f $(DESTDIR)$(bindir)/ssh-keyscan$(EXEEXT) | 84 | -rm -f $(DESTDIR)$(bindir)/ssh-keyscan$(EXEEXT) |
@@ -86,7 +86,7 @@ Index: b/Makefile.in | |||
86 | -rm -f $(DESTDIR)$(bindir)/sftp$(EXEEXT) | 86 | -rm -f $(DESTDIR)$(bindir)/sftp$(EXEEXT) |
87 | -rm -f $(DESTDIR)$(sbindir)/sshd$(EXEEXT) | 87 | -rm -f $(DESTDIR)$(sbindir)/sshd$(EXEEXT) |
88 | -rm -r $(DESTDIR)$(SFTP_SERVER)$(EXEEXT) | 88 | -rm -r $(DESTDIR)$(SFTP_SERVER)$(EXEEXT) |
89 | @@ -376,6 +384,7 @@ | 89 | @@ -379,6 +387,7 @@ |
90 | -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keygen.1 | 90 | -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keygen.1 |
91 | -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/sftp.1 | 91 | -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/sftp.1 |
92 | -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keyscan.1 | 92 | -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keyscan.1 |
@@ -111,8 +111,8 @@ Index: b/auth-rsa.c | |||
111 | =================================================================== | 111 | =================================================================== |
112 | --- a/auth-rsa.c | 112 | --- a/auth-rsa.c |
113 | +++ b/auth-rsa.c | 113 | +++ b/auth-rsa.c |
114 | @@ -233,7 +233,7 @@ | 114 | @@ -237,7 +237,7 @@ |
115 | file, linenum, BN_num_bits(key->rsa->n), bits); | 115 | free(fp); |
116 | 116 | ||
117 | /* Never accept a revoked key */ | 117 | /* Never accept a revoked key */ |
118 | - if (auth_key_is_revoked(key)) | 118 | - if (auth_key_is_revoked(key)) |
@@ -132,7 +132,7 @@ Index: b/auth.c | |||
132 | #include "auth.h" | 132 | #include "auth.h" |
133 | #include "auth-options.h" | 133 | #include "auth-options.h" |
134 | #include "canohost.h" | 134 | #include "canohost.h" |
135 | @@ -635,10 +636,34 @@ | 135 | @@ -657,10 +658,34 @@ |
136 | 136 | ||
137 | /* Returns 1 if key is revoked by revoked_keys_file, 0 otherwise */ | 137 | /* Returns 1 if key is revoked by revoked_keys_file, 0 otherwise */ |
138 | int | 138 | int |
@@ -151,7 +151,7 @@ Index: b/auth.c | |||
151 | + logit("Public key %s from %s blacklisted (see " | 151 | + logit("Public key %s from %s blacklisted (see " |
152 | + "ssh-vulnkey(1)); continuing anyway", | 152 | + "ssh-vulnkey(1)); continuing anyway", |
153 | + key_fp, get_remote_ipaddr()); | 153 | + key_fp, get_remote_ipaddr()); |
154 | + xfree(key_fp); | 154 | + free(key_fp); |
155 | + } else { | 155 | + } else { |
156 | + if (hostkey) | 156 | + if (hostkey) |
157 | + error("Host key %s blacklisted (see " | 157 | + error("Host key %s blacklisted (see " |
@@ -160,7 +160,7 @@ Index: b/auth.c | |||
160 | + logit("Public key %s from %s blacklisted (see " | 160 | + logit("Public key %s from %s blacklisted (see " |
161 | + "ssh-vulnkey(1))", | 161 | + "ssh-vulnkey(1))", |
162 | + key_fp, get_remote_ipaddr()); | 162 | + key_fp, get_remote_ipaddr()); |
163 | + xfree(key_fp); | 163 | + free(key_fp); |
164 | + return 1; | 164 | + return 1; |
165 | + } | 165 | + } |
166 | + } | 166 | + } |
@@ -172,7 +172,7 @@ Index: b/auth.h | |||
172 | =================================================================== | 172 | =================================================================== |
173 | --- a/auth.h | 173 | --- a/auth.h |
174 | +++ b/auth.h | 174 | +++ b/auth.h |
175 | @@ -185,7 +185,7 @@ | 175 | @@ -191,7 +191,7 @@ |
176 | 176 | ||
177 | FILE *auth_openkeyfile(const char *, struct passwd *, int); | 177 | FILE *auth_openkeyfile(const char *, struct passwd *, int); |
178 | FILE *auth_openprincipals(const char *, struct passwd *, int); | 178 | FILE *auth_openprincipals(const char *, struct passwd *, int); |
@@ -185,7 +185,7 @@ Index: b/auth2-hostbased.c | |||
185 | =================================================================== | 185 | =================================================================== |
186 | --- a/auth2-hostbased.c | 186 | --- a/auth2-hostbased.c |
187 | +++ b/auth2-hostbased.c | 187 | +++ b/auth2-hostbased.c |
188 | @@ -146,7 +146,7 @@ | 188 | @@ -150,7 +150,7 @@ |
189 | int len; | 189 | int len; |
190 | char *fp; | 190 | char *fp; |
191 | 191 | ||
@@ -198,7 +198,7 @@ Index: b/auth2-pubkey.c | |||
198 | =================================================================== | 198 | =================================================================== |
199 | --- a/auth2-pubkey.c | 199 | --- a/auth2-pubkey.c |
200 | +++ b/auth2-pubkey.c | 200 | +++ b/auth2-pubkey.c |
201 | @@ -608,9 +608,10 @@ | 201 | @@ -647,9 +647,10 @@ |
202 | u_int success, i; | 202 | u_int success, i; |
203 | char *file; | 203 | char *file; |
204 | 204 | ||
@@ -223,7 +223,7 @@ Index: b/authfile.c | |||
223 | 223 | ||
224 | #define MAX_KEY_FILE_SIZE (1024 * 1024) | 224 | #define MAX_KEY_FILE_SIZE (1024 * 1024) |
225 | 225 | ||
226 | @@ -944,3 +945,140 @@ | 226 | @@ -944,3 +945,139 @@ |
227 | return ret; | 227 | return ret; |
228 | } | 228 | } |
229 | 229 | ||
@@ -316,10 +316,9 @@ Index: b/authfile.c | |||
316 | + } | 316 | + } |
317 | + | 317 | + |
318 | +out: | 318 | +out: |
319 | + if (dgst_packed) | 319 | + free(dgst_packed); |
320 | + xfree(dgst_packed); | ||
321 | + if (ret != 1 && dgst_hex) { | 320 | + if (ret != 1 && dgst_hex) { |
322 | + xfree(dgst_hex); | 321 | + free(dgst_hex); |
323 | + dgst_hex = NULL; | 322 | + dgst_hex = NULL; |
324 | + } | 323 | + } |
325 | + if (fp) | 324 | + if (fp) |
@@ -347,7 +346,7 @@ Index: b/authfile.c | |||
347 | + xasprintf(&blacklist_file, "%s.%s-%u", | 346 | + xasprintf(&blacklist_file, "%s.%s-%u", |
348 | + _PATH_BLACKLIST, key_type(public), key_size(public)); | 347 | + _PATH_BLACKLIST, key_type(public), key_size(public)); |
349 | + ret = blacklisted_key_in_file(public, blacklist_file, fp); | 348 | + ret = blacklisted_key_in_file(public, blacklist_file, fp); |
350 | + xfree(blacklist_file); | 349 | + free(blacklist_file); |
351 | + if (ret > 0) { | 350 | + if (ret > 0) { |
352 | + key_free(public); | 351 | + key_free(public); |
353 | + return ret; | 352 | + return ret; |
@@ -356,7 +355,7 @@ Index: b/authfile.c | |||
356 | + xasprintf(&blacklist_file, "%s.%s-%u", | 355 | + xasprintf(&blacklist_file, "%s.%s-%u", |
357 | + _PATH_BLACKLIST_CONFIG, key_type(public), key_size(public)); | 356 | + _PATH_BLACKLIST_CONFIG, key_type(public), key_size(public)); |
358 | + ret2 = blacklisted_key_in_file(public, blacklist_file, fp); | 357 | + ret2 = blacklisted_key_in_file(public, blacklist_file, fp); |
359 | + xfree(blacklist_file); | 358 | + free(blacklist_file); |
360 | + if (ret2 > ret) | 359 | + if (ret2 > ret) |
361 | + ret = ret2; | 360 | + ret = ret2; |
362 | + | 361 | + |
@@ -404,7 +403,7 @@ Index: b/readconf.c | |||
404 | =================================================================== | 403 | =================================================================== |
405 | --- a/readconf.c | 404 | --- a/readconf.c |
406 | +++ b/readconf.c | 405 | +++ b/readconf.c |
407 | @@ -125,6 +125,7 @@ | 406 | @@ -128,6 +128,7 @@ |
408 | oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication, | 407 | oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication, |
409 | oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias, | 408 | oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias, |
410 | oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication, | 409 | oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication, |
@@ -412,7 +411,7 @@ Index: b/readconf.c | |||
412 | oHostKeyAlgorithms, oBindAddress, oPKCS11Provider, | 411 | oHostKeyAlgorithms, oBindAddress, oPKCS11Provider, |
413 | oClearAllForwardings, oNoHostAuthenticationForLocalhost, | 412 | oClearAllForwardings, oNoHostAuthenticationForLocalhost, |
414 | oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, | 413 | oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, |
415 | @@ -158,6 +159,7 @@ | 414 | @@ -161,6 +162,7 @@ |
416 | { "passwordauthentication", oPasswordAuthentication }, | 415 | { "passwordauthentication", oPasswordAuthentication }, |
417 | { "kbdinteractiveauthentication", oKbdInteractiveAuthentication }, | 416 | { "kbdinteractiveauthentication", oKbdInteractiveAuthentication }, |
418 | { "kbdinteractivedevices", oKbdInteractiveDevices }, | 417 | { "kbdinteractivedevices", oKbdInteractiveDevices }, |
@@ -420,7 +419,7 @@ Index: b/readconf.c | |||
420 | { "rsaauthentication", oRSAAuthentication }, | 419 | { "rsaauthentication", oRSAAuthentication }, |
421 | { "pubkeyauthentication", oPubkeyAuthentication }, | 420 | { "pubkeyauthentication", oPubkeyAuthentication }, |
422 | { "dsaauthentication", oPubkeyAuthentication }, /* alias */ | 421 | { "dsaauthentication", oPubkeyAuthentication }, /* alias */ |
423 | @@ -510,6 +512,10 @@ | 422 | @@ -523,6 +525,10 @@ |
424 | intptr = &options->challenge_response_authentication; | 423 | intptr = &options->challenge_response_authentication; |
425 | goto parse_flag; | 424 | goto parse_flag; |
426 | 425 | ||
@@ -431,7 +430,7 @@ Index: b/readconf.c | |||
431 | case oGssAuthentication: | 430 | case oGssAuthentication: |
432 | intptr = &options->gss_authentication; | 431 | intptr = &options->gss_authentication; |
433 | goto parse_flag; | 432 | goto parse_flag; |
434 | @@ -1200,6 +1206,7 @@ | 433 | @@ -1210,6 +1216,7 @@ |
435 | options->kbd_interactive_devices = NULL; | 434 | options->kbd_interactive_devices = NULL; |
436 | options->rhosts_rsa_authentication = -1; | 435 | options->rhosts_rsa_authentication = -1; |
437 | options->hostbased_authentication = -1; | 436 | options->hostbased_authentication = -1; |
@@ -439,7 +438,7 @@ Index: b/readconf.c | |||
439 | options->batch_mode = -1; | 438 | options->batch_mode = -1; |
440 | options->check_host_ip = -1; | 439 | options->check_host_ip = -1; |
441 | options->strict_host_key_checking = -1; | 440 | options->strict_host_key_checking = -1; |
442 | @@ -1310,6 +1317,8 @@ | 441 | @@ -1320,6 +1327,8 @@ |
443 | options->rhosts_rsa_authentication = 0; | 442 | options->rhosts_rsa_authentication = 0; |
444 | if (options->hostbased_authentication == -1) | 443 | if (options->hostbased_authentication == -1) |
445 | options->hostbased_authentication = 0; | 444 | options->hostbased_authentication = 0; |
@@ -464,7 +463,7 @@ Index: b/servconf.c | |||
464 | =================================================================== | 463 | =================================================================== |
465 | --- a/servconf.c | 464 | --- a/servconf.c |
466 | +++ b/servconf.c | 465 | +++ b/servconf.c |
467 | @@ -109,6 +109,7 @@ | 466 | @@ -114,6 +114,7 @@ |
468 | options->password_authentication = -1; | 467 | options->password_authentication = -1; |
469 | options->kbd_interactive_authentication = -1; | 468 | options->kbd_interactive_authentication = -1; |
470 | options->challenge_response_authentication = -1; | 469 | options->challenge_response_authentication = -1; |
@@ -472,7 +471,7 @@ Index: b/servconf.c | |||
472 | options->permit_empty_passwd = -1; | 471 | options->permit_empty_passwd = -1; |
473 | options->permit_user_env = -1; | 472 | options->permit_user_env = -1; |
474 | options->use_login = -1; | 473 | options->use_login = -1; |
475 | @@ -250,6 +251,8 @@ | 474 | @@ -257,6 +258,8 @@ |
476 | options->kbd_interactive_authentication = 0; | 475 | options->kbd_interactive_authentication = 0; |
477 | if (options->challenge_response_authentication == -1) | 476 | if (options->challenge_response_authentication == -1) |
478 | options->challenge_response_authentication = 1; | 477 | options->challenge_response_authentication = 1; |
@@ -481,16 +480,16 @@ Index: b/servconf.c | |||
481 | if (options->permit_empty_passwd == -1) | 480 | if (options->permit_empty_passwd == -1) |
482 | options->permit_empty_passwd = 0; | 481 | options->permit_empty_passwd = 0; |
483 | if (options->permit_user_env == -1) | 482 | if (options->permit_user_env == -1) |
484 | @@ -327,7 +330,7 @@ | 483 | @@ -338,7 +341,7 @@ |
485 | sListenAddress, sAddressFamily, | 484 | sListenAddress, sAddressFamily, |
486 | sPrintMotd, sPrintLastLog, sIgnoreRhosts, | 485 | sPrintMotd, sPrintLastLog, sIgnoreRhosts, |
487 | sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, | 486 | sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, |
488 | - sStrictModes, sEmptyPasswd, sTCPKeepAlive, | 487 | - sStrictModes, sEmptyPasswd, sTCPKeepAlive, |
489 | + sStrictModes, sPermitBlacklistedKeys, sEmptyPasswd, sTCPKeepAlive, | 488 | + sStrictModes, sPermitBlacklistedKeys, sEmptyPasswd, sTCPKeepAlive, |
490 | sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression, | 489 | sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression, |
491 | sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, | 490 | sRekeyLimit, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, |
492 | sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile, | 491 | sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile, |
493 | @@ -439,6 +442,7 @@ | 492 | @@ -451,6 +454,7 @@ |
494 | { "x11uselocalhost", sX11UseLocalhost, SSHCFG_ALL }, | 493 | { "x11uselocalhost", sX11UseLocalhost, SSHCFG_ALL }, |
495 | { "xauthlocation", sXAuthLocation, SSHCFG_GLOBAL }, | 494 | { "xauthlocation", sXAuthLocation, SSHCFG_GLOBAL }, |
496 | { "strictmodes", sStrictModes, SSHCFG_GLOBAL }, | 495 | { "strictmodes", sStrictModes, SSHCFG_GLOBAL }, |
@@ -498,7 +497,7 @@ Index: b/servconf.c | |||
498 | { "permitemptypasswords", sEmptyPasswd, SSHCFG_ALL }, | 497 | { "permitemptypasswords", sEmptyPasswd, SSHCFG_ALL }, |
499 | { "permituserenvironment", sPermitUserEnvironment, SSHCFG_GLOBAL }, | 498 | { "permituserenvironment", sPermitUserEnvironment, SSHCFG_GLOBAL }, |
500 | { "uselogin", sUseLogin, SSHCFG_GLOBAL }, | 499 | { "uselogin", sUseLogin, SSHCFG_GLOBAL }, |
501 | @@ -1134,6 +1138,10 @@ | 500 | @@ -1158,6 +1162,10 @@ |
502 | intptr = &options->tcp_keep_alive; | 501 | intptr = &options->tcp_keep_alive; |
503 | goto parse_flag; | 502 | goto parse_flag; |
504 | 503 | ||
@@ -509,7 +508,7 @@ Index: b/servconf.c | |||
509 | case sEmptyPasswd: | 508 | case sEmptyPasswd: |
510 | intptr = &options->permit_empty_passwd; | 509 | intptr = &options->permit_empty_passwd; |
511 | goto parse_flag; | 510 | goto parse_flag; |
512 | @@ -1980,6 +1988,7 @@ | 511 | @@ -2036,6 +2044,7 @@ |
513 | dump_cfg_fmtint(sX11UseLocalhost, o->x11_use_localhost); | 512 | dump_cfg_fmtint(sX11UseLocalhost, o->x11_use_localhost); |
514 | dump_cfg_fmtint(sStrictModes, o->strict_modes); | 513 | dump_cfg_fmtint(sStrictModes, o->strict_modes); |
515 | dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive); | 514 | dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive); |
@@ -521,7 +520,7 @@ Index: b/servconf.h | |||
521 | =================================================================== | 520 | =================================================================== |
522 | --- a/servconf.h | 521 | --- a/servconf.h |
523 | +++ b/servconf.h | 522 | +++ b/servconf.h |
524 | @@ -120,6 +120,7 @@ | 523 | @@ -121,6 +121,7 @@ |
525 | int challenge_response_authentication; | 524 | int challenge_response_authentication; |
526 | int zero_knowledge_password_authentication; | 525 | int zero_knowledge_password_authentication; |
527 | /* If true, permit jpake auth */ | 526 | /* If true, permit jpake auth */ |
@@ -572,9 +571,9 @@ Index: b/ssh-add.c | |||
572 | + if (blacklisted_key(private, &fp) == 1) { | 571 | + if (blacklisted_key(private, &fp) == 1) { |
573 | + fprintf(stderr, "Public key %s blacklisted (see " | 572 | + fprintf(stderr, "Public key %s blacklisted (see " |
574 | + "ssh-vulnkey(1)); refusing to add it\n", fp); | 573 | + "ssh-vulnkey(1)); refusing to add it\n", fp); |
575 | + xfree(fp); | 574 | + free(fp); |
576 | + key_free(private); | 575 | + key_free(private); |
577 | + xfree(comment); | 576 | + free(comment); |
578 | + return -1; | 577 | + return -1; |
579 | + } | 578 | + } |
580 | 579 | ||
@@ -584,7 +583,7 @@ Index: b/ssh-keygen.1 | |||
584 | =================================================================== | 583 | =================================================================== |
585 | --- a/ssh-keygen.1 | 584 | --- a/ssh-keygen.1 |
586 | +++ b/ssh-keygen.1 | 585 | +++ b/ssh-keygen.1 |
587 | @@ -810,6 +810,7 @@ | 586 | @@ -809,6 +809,7 @@ |
588 | .Xr ssh 1 , | 587 | .Xr ssh 1 , |
589 | .Xr ssh-add 1 , | 588 | .Xr ssh-add 1 , |
590 | .Xr ssh-agent 1 , | 589 | .Xr ssh-agent 1 , |
@@ -843,7 +842,7 @@ Index: b/ssh-vulnkey.c | |||
843 | =================================================================== | 842 | =================================================================== |
844 | --- /dev/null | 843 | --- /dev/null |
845 | +++ b/ssh-vulnkey.c | 844 | +++ b/ssh-vulnkey.c |
846 | @@ -0,0 +1,387 @@ | 845 | @@ -0,0 +1,386 @@ |
847 | +/* | 846 | +/* |
848 | + * Copyright (c) 2008 Canonical Ltd. All rights reserved. | 847 | + * Copyright (c) 2008 Canonical Ltd. All rights reserved. |
849 | + * | 848 | + * |
@@ -940,7 +939,7 @@ Index: b/ssh-vulnkey.c | |||
940 | + printf(":%lu: %s: %s %u %s %s\n", linenum, msg, | 939 | + printf(":%lu: %s: %s %u %s %s\n", linenum, msg, |
941 | + key_type(key), key_size(key), fp, comment); | 940 | + key_type(key), key_size(key), fp, comment); |
942 | + } | 941 | + } |
943 | + xfree(fp); | 942 | + free(fp); |
944 | +} | 943 | +} |
945 | + | 944 | + |
946 | +static int | 945 | +static int |
@@ -1093,8 +1092,7 @@ Index: b/ssh-vulnkey.c | |||
1093 | + ret = 0; | 1092 | + ret = 0; |
1094 | + found = 1; | 1093 | + found = 1; |
1095 | + } | 1094 | + } |
1096 | + if (comment) | 1095 | + free(comment); |
1097 | + xfree(comment); | ||
1098 | + } | 1096 | + } |
1099 | + | 1097 | + |
1100 | + return ret; | 1098 | + return ret; |
@@ -1128,12 +1126,12 @@ Index: b/ssh-vulnkey.c | |||
1128 | + for (i = 0; default_files[i]; i++) { | 1126 | + for (i = 0; default_files[i]; i++) { |
1129 | + xasprintf(&file, "%s/%s", dir, default_files[i]); | 1127 | + xasprintf(&file, "%s/%s", dir, default_files[i]); |
1130 | + if (stat(file, &st) < 0 && errno == ENOENT) { | 1128 | + if (stat(file, &st) < 0 && errno == ENOENT) { |
1131 | + xfree(file); | 1129 | + free(file); |
1132 | + continue; | 1130 | + continue; |
1133 | + } | 1131 | + } |
1134 | + if (!do_filename(file, 0)) | 1132 | + if (!do_filename(file, 0)) |
1135 | + ret = 0; | 1133 | + ret = 0; |
1136 | + xfree(file); | 1134 | + free(file); |
1137 | + } | 1135 | + } |
1138 | + | 1136 | + |
1139 | + return ret; | 1137 | + return ret; |
@@ -1235,7 +1233,7 @@ Index: b/ssh.1 | |||
1235 | =================================================================== | 1233 | =================================================================== |
1236 | --- a/ssh.1 | 1234 | --- a/ssh.1 |
1237 | +++ b/ssh.1 | 1235 | +++ b/ssh.1 |
1238 | @@ -1429,6 +1429,7 @@ | 1236 | @@ -1447,6 +1447,7 @@ |
1239 | .Xr ssh-agent 1 , | 1237 | .Xr ssh-agent 1 , |
1240 | .Xr ssh-keygen 1 , | 1238 | .Xr ssh-keygen 1 , |
1241 | .Xr ssh-keyscan 1 , | 1239 | .Xr ssh-keyscan 1 , |
@@ -1247,7 +1245,7 @@ Index: b/ssh.c | |||
1247 | =================================================================== | 1245 | =================================================================== |
1248 | --- a/ssh.c | 1246 | --- a/ssh.c |
1249 | +++ b/ssh.c | 1247 | +++ b/ssh.c |
1250 | @@ -1492,7 +1492,7 @@ | 1248 | @@ -1525,7 +1525,7 @@ |
1251 | static void | 1249 | static void |
1252 | load_public_identity_files(void) | 1250 | load_public_identity_files(void) |
1253 | { | 1251 | { |
@@ -1256,7 +1254,7 @@ Index: b/ssh.c | |||
1256 | char *pwdir = NULL, *pwname = NULL; | 1254 | char *pwdir = NULL, *pwname = NULL; |
1257 | int i = 0; | 1255 | int i = 0; |
1258 | Key *public; | 1256 | Key *public; |
1259 | @@ -1550,6 +1550,22 @@ | 1257 | @@ -1583,6 +1583,22 @@ |
1260 | public = key_load_public(filename, NULL); | 1258 | public = key_load_public(filename, NULL); |
1261 | debug("identity file %s type %d", filename, | 1259 | debug("identity file %s type %d", filename, |
1262 | public ? public->type : -1); | 1260 | public ? public->type : -1); |
@@ -1268,22 +1266,22 @@ Index: b/ssh.c | |||
1268 | + logit("Public key %s blacklisted (see " | 1266 | + logit("Public key %s blacklisted (see " |
1269 | + "ssh-vulnkey(1)); refusing to send it", | 1267 | + "ssh-vulnkey(1)); refusing to send it", |
1270 | + fp); | 1268 | + fp); |
1271 | + xfree(fp); | 1269 | + free(fp); |
1272 | + if (!options.use_blacklisted_keys) { | 1270 | + if (!options.use_blacklisted_keys) { |
1273 | + key_free(public); | 1271 | + key_free(public); |
1274 | + xfree(filename); | 1272 | + free(filename); |
1275 | + filename = NULL; | 1273 | + filename = NULL; |
1276 | + public = NULL; | 1274 | + public = NULL; |
1277 | + } | 1275 | + } |
1278 | + } | 1276 | + } |
1279 | xfree(options.identity_files[i]); | 1277 | free(options.identity_files[i]); |
1280 | identity_files[n_ids] = filename; | 1278 | identity_files[n_ids] = filename; |
1281 | identity_keys[n_ids] = public; | 1279 | identity_keys[n_ids] = public; |
1282 | Index: b/ssh_config.5 | 1280 | Index: b/ssh_config.5 |
1283 | =================================================================== | 1281 | =================================================================== |
1284 | --- a/ssh_config.5 | 1282 | --- a/ssh_config.5 |
1285 | +++ b/ssh_config.5 | 1283 | +++ b/ssh_config.5 |
1286 | @@ -1201,6 +1201,23 @@ | 1284 | @@ -1229,6 +1229,23 @@ |
1287 | .Dq any . | 1285 | .Dq any . |
1288 | The default is | 1286 | The default is |
1289 | .Dq any:any . | 1287 | .Dq any:any . |
@@ -1320,7 +1318,7 @@ Index: b/sshconnect2.c | |||
1320 | key = options.identity_keys[i]; | 1318 | key = options.identity_keys[i]; |
1321 | if (key && key->type == KEY_RSA1) | 1319 | if (key && key->type == KEY_RSA1) |
1322 | continue; | 1320 | continue; |
1323 | @@ -1609,7 +1611,7 @@ | 1321 | @@ -1608,7 +1610,7 @@ |
1324 | debug("Offering %s public key: %s", key_type(id->key), | 1322 | debug("Offering %s public key: %s", key_type(id->key), |
1325 | id->filename); | 1323 | id->filename); |
1326 | sent = send_pubkey_test(authctxt, id); | 1324 | sent = send_pubkey_test(authctxt, id); |
@@ -1333,7 +1331,7 @@ Index: b/sshd.8 | |||
1333 | =================================================================== | 1331 | =================================================================== |
1334 | --- a/sshd.8 | 1332 | --- a/sshd.8 |
1335 | +++ b/sshd.8 | 1333 | +++ b/sshd.8 |
1336 | @@ -953,6 +953,7 @@ | 1334 | @@ -954,6 +954,7 @@ |
1337 | .Xr ssh-agent 1 , | 1335 | .Xr ssh-agent 1 , |
1338 | .Xr ssh-keygen 1 , | 1336 | .Xr ssh-keygen 1 , |
1339 | .Xr ssh-keyscan 1 , | 1337 | .Xr ssh-keyscan 1 , |
@@ -1345,23 +1343,23 @@ Index: b/sshd.c | |||
1345 | =================================================================== | 1343 | =================================================================== |
1346 | --- a/sshd.c | 1344 | --- a/sshd.c |
1347 | +++ b/sshd.c | 1345 | +++ b/sshd.c |
1348 | @@ -1631,6 +1631,11 @@ | 1346 | @@ -1688,6 +1688,11 @@ |
1349 | sensitive_data.host_keys[i] = NULL; | 1347 | sensitive_data.host_pubkeys[i] = NULL; |
1350 | continue; | 1348 | continue; |
1351 | } | 1349 | } |
1352 | + if (auth_key_is_revoked(key, 1)) { | 1350 | + if (auth_key_is_revoked(key != NULL ? key : pubkey, 1)) { |
1353 | + key_free(key); | ||
1354 | + sensitive_data.host_keys[i] = NULL; | 1351 | + sensitive_data.host_keys[i] = NULL; |
1352 | + sensitive_data.host_pubkeys[i] = NULL; | ||
1355 | + continue; | 1353 | + continue; |
1356 | + } | 1354 | + } |
1357 | switch (key->type) { | 1355 | |
1356 | switch (keytype) { | ||
1358 | case KEY_RSA1: | 1357 | case KEY_RSA1: |
1359 | sensitive_data.ssh1_host_key = key; | ||
1360 | Index: b/sshd_config.5 | 1358 | Index: b/sshd_config.5 |
1361 | =================================================================== | 1359 | =================================================================== |
1362 | --- a/sshd_config.5 | 1360 | --- a/sshd_config.5 |
1363 | +++ b/sshd_config.5 | 1361 | +++ b/sshd_config.5 |
1364 | @@ -870,6 +870,20 @@ | 1362 | @@ -885,6 +885,20 @@ |
1365 | Specifies whether password authentication is allowed. | 1363 | Specifies whether password authentication is allowed. |
1366 | The default is | 1364 | The default is |
1367 | .Dq yes . | 1365 | .Dq yes . |
diff --git a/debian/patches/ssh1-keepalive.patch b/debian/patches/ssh1-keepalive.patch index 87211e8a3..de61e1dd9 100644 --- a/debian/patches/ssh1-keepalive.patch +++ b/debian/patches/ssh1-keepalive.patch | |||
@@ -1,13 +1,13 @@ | |||
1 | Description: Partial server keep-alive implementation for SSH1 | 1 | Description: Partial server keep-alive implementation for SSH1 |
2 | Author: Colin Watson <cjwatson@debian.org> | 2 | Author: Colin Watson <cjwatson@debian.org> |
3 | Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1712 | 3 | Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1712 |
4 | Last-Update: 2013-05-07 | 4 | Last-Update: 2013-09-14 |
5 | 5 | ||
6 | Index: b/clientloop.c | 6 | Index: b/clientloop.c |
7 | =================================================================== | 7 | =================================================================== |
8 | --- a/clientloop.c | 8 | --- a/clientloop.c |
9 | +++ b/clientloop.c | 9 | +++ b/clientloop.c |
10 | @@ -565,16 +565,21 @@ | 10 | @@ -563,16 +563,21 @@ |
11 | static void | 11 | static void |
12 | server_alive_check(void) | 12 | server_alive_check(void) |
13 | { | 13 | { |
@@ -38,20 +38,20 @@ Index: b/clientloop.c | |||
38 | } | 38 | } |
39 | 39 | ||
40 | /* | 40 | /* |
41 | @@ -636,7 +641,7 @@ | 41 | @@ -634,7 +639,7 @@ |
42 | */ | 42 | */ |
43 | 43 | ||
44 | timeout_secs = INT_MAX; /* we use INT_MAX to mean no timeout */ | 44 | timeout_secs = INT_MAX; /* we use INT_MAX to mean no timeout */ |
45 | - if (options.server_alive_interval > 0 && compat20) | 45 | - if (options.server_alive_interval > 0 && compat20) { |
46 | + if (options.server_alive_interval > 0) | 46 | + if (options.server_alive_interval > 0) { |
47 | timeout_secs = options.server_alive_interval; | 47 | timeout_secs = options.server_alive_interval; |
48 | set_control_persist_exit_time(); | 48 | server_alive_time = now + options.server_alive_interval; |
49 | if (control_persist_exit_time > 0) { | 49 | } |
50 | Index: b/ssh_config.5 | 50 | Index: b/ssh_config.5 |
51 | =================================================================== | 51 | =================================================================== |
52 | --- a/ssh_config.5 | 52 | --- a/ssh_config.5 |
53 | +++ b/ssh_config.5 | 53 | +++ b/ssh_config.5 |
54 | @@ -1102,7 +1102,10 @@ | 54 | @@ -1130,7 +1130,10 @@ |
55 | .Cm ServerAliveCountMax | 55 | .Cm ServerAliveCountMax |
56 | is left at the default, if the server becomes unresponsive, | 56 | is left at the default, if the server becomes unresponsive, |
57 | ssh will disconnect after approximately 45 seconds. | 57 | ssh will disconnect after approximately 45 seconds. |
diff --git a/debian/patches/syslog-level-silent.patch b/debian/patches/syslog-level-silent.patch index 2bac7c8cb..f8be76c89 100644 --- a/debian/patches/syslog-level-silent.patch +++ b/debian/patches/syslog-level-silent.patch | |||
@@ -8,13 +8,13 @@ Description: "LogLevel SILENT" compatibility | |||
8 | Author: Jonathan David Amery <jdamery@ysolde.ucam.org> | 8 | Author: Jonathan David Amery <jdamery@ysolde.ucam.org> |
9 | Author: Matthew Vernon <matthew@debian.org> | 9 | Author: Matthew Vernon <matthew@debian.org> |
10 | Author: Colin Watson <cjwatson@debian.org> | 10 | Author: Colin Watson <cjwatson@debian.org> |
11 | Last-Update: 2013-05-16 | 11 | Last-Update: 2013-09-14 |
12 | 12 | ||
13 | Index: b/log.c | 13 | Index: b/log.c |
14 | =================================================================== | 14 | =================================================================== |
15 | --- a/log.c | 15 | --- a/log.c |
16 | +++ b/log.c | 16 | +++ b/log.c |
17 | @@ -92,6 +92,7 @@ | 17 | @@ -94,6 +94,7 @@ |
18 | LogLevel val; | 18 | LogLevel val; |
19 | } log_levels[] = | 19 | } log_levels[] = |
20 | { | 20 | { |
@@ -26,7 +26,7 @@ Index: b/ssh.c | |||
26 | =================================================================== | 26 | =================================================================== |
27 | --- a/ssh.c | 27 | --- a/ssh.c |
28 | +++ b/ssh.c | 28 | +++ b/ssh.c |
29 | @@ -711,7 +711,7 @@ | 29 | @@ -740,7 +740,7 @@ |
30 | /* Do not allocate a tty if stdin is not a tty. */ | 30 | /* Do not allocate a tty if stdin is not a tty. */ |
31 | if ((!isatty(fileno(stdin)) || stdin_null_flag) && | 31 | if ((!isatty(fileno(stdin)) || stdin_null_flag) && |
32 | options.request_tty != REQUEST_TTY_FORCE) { | 32 | options.request_tty != REQUEST_TTY_FORCE) { |
diff --git a/debian/patches/user-group-modes.patch b/debian/patches/user-group-modes.patch index d0de9c006..ac00edac6 100644 --- a/debian/patches/user-group-modes.patch +++ b/debian/patches/user-group-modes.patch | |||
@@ -9,7 +9,7 @@ Description: Allow harmless group-writability | |||
9 | Author: Colin Watson <cjwatson@debian.org> | 9 | Author: Colin Watson <cjwatson@debian.org> |
10 | Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1060 | 10 | Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1060 |
11 | Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=314347 | 11 | Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=314347 |
12 | Last-Update: 2013-05-16 | 12 | Last-Update: 2013-09-14 |
13 | 13 | ||
14 | Index: b/readconf.c | 14 | Index: b/readconf.c |
15 | =================================================================== | 15 | =================================================================== |
@@ -21,10 +21,10 @@ Index: b/readconf.c | |||
21 | #include <unistd.h> | 21 | #include <unistd.h> |
22 | +#include <pwd.h> | 22 | +#include <pwd.h> |
23 | +#include <grp.h> | 23 | +#include <grp.h> |
24 | 24 | #ifdef HAVE_UTIL_H | |
25 | #include "xmalloc.h" | 25 | #include <util.h> |
26 | #include "ssh.h" | 26 | #endif |
27 | @@ -1150,8 +1152,7 @@ | 27 | @@ -1160,8 +1162,7 @@ |
28 | 28 | ||
29 | if (fstat(fileno(f), &sb) == -1) | 29 | if (fstat(fileno(f), &sb) == -1) |
30 | fatal("fstat %s: %s", filename, strerror(errno)); | 30 | fatal("fstat %s: %s", filename, strerror(errno)); |
@@ -38,10 +38,10 @@ Index: b/ssh.1 | |||
38 | =================================================================== | 38 | =================================================================== |
39 | --- a/ssh.1 | 39 | --- a/ssh.1 |
40 | +++ b/ssh.1 | 40 | +++ b/ssh.1 |
41 | @@ -1320,6 +1320,8 @@ | 41 | @@ -1338,6 +1338,8 @@ |
42 | .Xr ssh_config 5 . | 42 | .Xr ssh_config 5 . |
43 | Because of the potential for abuse, this file must have strict permissions: | 43 | Because of the potential for abuse, this file must have strict permissions: |
44 | read/write for the user, and not accessible by others. | 44 | read/write for the user, and not writable by others. |
45 | +It may be group-writable provided that the group in question contains only | 45 | +It may be group-writable provided that the group in question contains only |
46 | +the user. | 46 | +the user. |
47 | .Pp | 47 | .Pp |
@@ -51,7 +51,7 @@ Index: b/ssh_config.5 | |||
51 | =================================================================== | 51 | =================================================================== |
52 | --- a/ssh_config.5 | 52 | --- a/ssh_config.5 |
53 | +++ b/ssh_config.5 | 53 | +++ b/ssh_config.5 |
54 | @@ -1356,6 +1356,8 @@ | 54 | @@ -1382,6 +1382,8 @@ |
55 | This file is used by the SSH client. | 55 | This file is used by the SSH client. |
56 | Because of the potential for abuse, this file must have strict permissions: | 56 | Because of the potential for abuse, this file must have strict permissions: |
57 | read/write for the user, and not accessible by others. | 57 | read/write for the user, and not accessible by others. |
@@ -64,7 +64,7 @@ Index: b/auth.c | |||
64 | =================================================================== | 64 | =================================================================== |
65 | --- a/auth.c | 65 | --- a/auth.c |
66 | +++ b/auth.c | 66 | +++ b/auth.c |
67 | @@ -386,8 +386,7 @@ | 67 | @@ -408,8 +408,7 @@ |
68 | user_hostfile = tilde_expand_filename(userfile, pw->pw_uid); | 68 | user_hostfile = tilde_expand_filename(userfile, pw->pw_uid); |
69 | if (options.strict_modes && | 69 | if (options.strict_modes && |
70 | (stat(user_hostfile, &st) == 0) && | 70 | (stat(user_hostfile, &st) == 0) && |
@@ -74,7 +74,7 @@ Index: b/auth.c | |||
74 | logit("Authentication refused for %.100s: " | 74 | logit("Authentication refused for %.100s: " |
75 | "bad owner or modes for %.200s", | 75 | "bad owner or modes for %.200s", |
76 | pw->pw_name, user_hostfile); | 76 | pw->pw_name, user_hostfile); |
77 | @@ -449,8 +448,7 @@ | 77 | @@ -471,8 +470,7 @@ |
78 | snprintf(err, errlen, "%s is not a regular file", buf); | 78 | snprintf(err, errlen, "%s is not a regular file", buf); |
79 | return -1; | 79 | return -1; |
80 | } | 80 | } |
@@ -84,7 +84,7 @@ Index: b/auth.c | |||
84 | snprintf(err, errlen, "bad ownership or modes for file %s", | 84 | snprintf(err, errlen, "bad ownership or modes for file %s", |
85 | buf); | 85 | buf); |
86 | return -1; | 86 | return -1; |
87 | @@ -465,8 +463,7 @@ | 87 | @@ -487,8 +485,7 @@ |
88 | strlcpy(buf, cp, sizeof(buf)); | 88 | strlcpy(buf, cp, sizeof(buf)); |
89 | 89 | ||
90 | if (stat(buf, &st) < 0 || | 90 | if (stat(buf, &st) < 0 || |
@@ -117,7 +117,7 @@ Index: b/misc.c | |||
117 | 117 | ||
118 | /* remove newline at end of string */ | 118 | /* remove newline at end of string */ |
119 | char * | 119 | char * |
120 | @@ -641,6 +643,71 @@ | 120 | @@ -642,6 +644,71 @@ |
121 | return -1; | 121 | return -1; |
122 | } | 122 | } |
123 | 123 | ||
@@ -193,7 +193,7 @@ Index: b/misc.h | |||
193 | =================================================================== | 193 | =================================================================== |
194 | --- a/misc.h | 194 | --- a/misc.h |
195 | +++ b/misc.h | 195 | +++ b/misc.h |
196 | @@ -103,4 +103,6 @@ | 196 | @@ -104,4 +104,6 @@ |
197 | int ask_permission(const char *, ...) __attribute__((format(printf, 1, 2))); | 197 | int ask_permission(const char *, ...) __attribute__((format(printf, 1, 2))); |
198 | int read_keyfile_line(FILE *, const char *, char *, size_t, u_long *); | 198 | int read_keyfile_line(FILE *, const char *, char *, size_t, u_long *); |
199 | 199 | ||
@@ -25,7 +25,7 @@ | |||
25 | #ifndef _DEFINES_H | 25 | #ifndef _DEFINES_H |
26 | #define _DEFINES_H | 26 | #define _DEFINES_H |
27 | 27 | ||
28 | /* $Id: defines.h,v 1.171 2013/03/07 09:06:13 dtucker Exp $ */ | 28 | /* $Id: defines.h,v 1.172 2013/06/01 21:18:48 dtucker Exp $ */ |
29 | 29 | ||
30 | 30 | ||
31 | /* Constants */ | 31 | /* Constants */ |
@@ -171,11 +171,6 @@ enum | |||
171 | # define MAP_FAILED ((void *)-1) | 171 | # define MAP_FAILED ((void *)-1) |
172 | #endif | 172 | #endif |
173 | 173 | ||
174 | /* *-*-nto-qnx doesn't define this constant in the system headers */ | ||
175 | #ifdef MISSING_NFDBITS | ||
176 | # define NFDBITS (8 * sizeof(unsigned long)) | ||
177 | #endif | ||
178 | |||
179 | /* | 174 | /* |
180 | SCO Open Server 3 has INADDR_LOOPBACK defined in rpc/rpc.h but | 175 | SCO Open Server 3 has INADDR_LOOPBACK defined in rpc/rpc.h but |
181 | including rpc/rpc.h breaks Solaris 6 | 176 | including rpc/rpc.h breaks Solaris 6 |
@@ -355,11 +350,19 @@ struct winsize { | |||
355 | }; | 350 | }; |
356 | #endif | 351 | #endif |
357 | 352 | ||
358 | /* *-*-nto-qnx does not define this type in the system headers */ | 353 | /* bits needed for select that may not be in the system headers */ |
359 | #ifdef MISSING_FD_MASK | 354 | #ifndef HAVE_FD_MASK |
360 | typedef unsigned long int fd_mask; | 355 | typedef unsigned long int fd_mask; |
361 | #endif | 356 | #endif |
362 | 357 | ||
358 | #if defined(HAVE_DECL_NFDBITS) && HAVE_DECL_NFDBITS == 0 | ||
359 | # define NFDBITS (8 * sizeof(unsigned long)) | ||
360 | #endif | ||
361 | |||
362 | #if defined(HAVE_DECL_HOWMANY) && HAVE_DECL_HOWMANY == 0 | ||
363 | # define howmany(x,y) (((x)+((y)-1))/(y)) | ||
364 | #endif | ||
365 | |||
363 | /* Paths */ | 366 | /* Paths */ |
364 | 367 | ||
365 | #ifndef _PATH_BSHELL | 368 | #ifndef _PATH_BSHELL |
@@ -484,11 +487,6 @@ struct winsize { | |||
484 | # define __nonnull__(x) | 487 | # define __nonnull__(x) |
485 | #endif | 488 | #endif |
486 | 489 | ||
487 | /* *-*-nto-qnx doesn't define this macro in the system headers */ | ||
488 | #ifdef MISSING_HOWMANY | ||
489 | # define howmany(x,y) (((x)+((y)-1))/(y)) | ||
490 | #endif | ||
491 | |||
492 | #ifndef OSSH_ALIGNBYTES | 490 | #ifndef OSSH_ALIGNBYTES |
493 | #define OSSH_ALIGNBYTES (sizeof(int) - 1) | 491 | #define OSSH_ALIGNBYTES (sizeof(int) - 1) |
494 | #endif | 492 | #endif |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: dh.c,v 1.49 2011/12/07 05:44:38 djm Exp $ */ | 1 | /* $OpenBSD: dh.c,v 1.51 2013/07/02 12:31:43 markus Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Niels Provos. All rights reserved. | 3 | * Copyright (c) 2000 Niels Provos. All rights reserved. |
4 | * | 4 | * |
@@ -48,6 +48,7 @@ parse_prime(int linenum, char *line, struct dhgroup *dhg) | |||
48 | const char *errstr = NULL; | 48 | const char *errstr = NULL; |
49 | long long n; | 49 | long long n; |
50 | 50 | ||
51 | dhg->p = dhg->g = NULL; | ||
51 | cp = line; | 52 | cp = line; |
52 | if ((arg = strdelim(&cp)) == NULL) | 53 | if ((arg = strdelim(&cp)) == NULL) |
53 | return 0; | 54 | return 0; |
@@ -59,66 +60,85 @@ parse_prime(int linenum, char *line, struct dhgroup *dhg) | |||
59 | 60 | ||
60 | /* time */ | 61 | /* time */ |
61 | if (cp == NULL || *arg == '\0') | 62 | if (cp == NULL || *arg == '\0') |
62 | goto fail; | 63 | goto truncated; |
63 | arg = strsep(&cp, " "); /* type */ | 64 | arg = strsep(&cp, " "); /* type */ |
64 | if (cp == NULL || *arg == '\0') | 65 | if (cp == NULL || *arg == '\0') |
65 | goto fail; | 66 | goto truncated; |
66 | /* Ensure this is a safe prime */ | 67 | /* Ensure this is a safe prime */ |
67 | n = strtonum(arg, 0, 5, &errstr); | 68 | n = strtonum(arg, 0, 5, &errstr); |
68 | if (errstr != NULL || n != MODULI_TYPE_SAFE) | 69 | if (errstr != NULL || n != MODULI_TYPE_SAFE) { |
70 | error("moduli:%d: type is not %d", linenum, MODULI_TYPE_SAFE); | ||
69 | goto fail; | 71 | goto fail; |
72 | } | ||
70 | arg = strsep(&cp, " "); /* tests */ | 73 | arg = strsep(&cp, " "); /* tests */ |
71 | if (cp == NULL || *arg == '\0') | 74 | if (cp == NULL || *arg == '\0') |
72 | goto fail; | 75 | goto truncated; |
73 | /* Ensure prime has been tested and is not composite */ | 76 | /* Ensure prime has been tested and is not composite */ |
74 | n = strtonum(arg, 0, 0x1f, &errstr); | 77 | n = strtonum(arg, 0, 0x1f, &errstr); |
75 | if (errstr != NULL || | 78 | if (errstr != NULL || |
76 | (n & MODULI_TESTS_COMPOSITE) || !(n & ~MODULI_TESTS_COMPOSITE)) | 79 | (n & MODULI_TESTS_COMPOSITE) || !(n & ~MODULI_TESTS_COMPOSITE)) { |
80 | error("moduli:%d: invalid moduli tests flag", linenum); | ||
77 | goto fail; | 81 | goto fail; |
82 | } | ||
78 | arg = strsep(&cp, " "); /* tries */ | 83 | arg = strsep(&cp, " "); /* tries */ |
79 | if (cp == NULL || *arg == '\0') | 84 | if (cp == NULL || *arg == '\0') |
80 | goto fail; | 85 | goto truncated; |
81 | n = strtonum(arg, 0, 1<<30, &errstr); | 86 | n = strtonum(arg, 0, 1<<30, &errstr); |
82 | if (errstr != NULL || n == 0) | 87 | if (errstr != NULL || n == 0) { |
88 | error("moduli:%d: invalid primality trial count", linenum); | ||
83 | goto fail; | 89 | goto fail; |
90 | } | ||
84 | strsize = strsep(&cp, " "); /* size */ | 91 | strsize = strsep(&cp, " "); /* size */ |
85 | if (cp == NULL || *strsize == '\0' || | 92 | if (cp == NULL || *strsize == '\0' || |
86 | (dhg->size = (int)strtonum(strsize, 0, 64*1024, &errstr)) == 0 || | 93 | (dhg->size = (int)strtonum(strsize, 0, 64*1024, &errstr)) == 0 || |
87 | errstr) | 94 | errstr) { |
95 | error("moduli:%d: invalid prime length", linenum); | ||
88 | goto fail; | 96 | goto fail; |
97 | } | ||
89 | /* The whole group is one bit larger */ | 98 | /* The whole group is one bit larger */ |
90 | dhg->size++; | 99 | dhg->size++; |
91 | gen = strsep(&cp, " "); /* gen */ | 100 | gen = strsep(&cp, " "); /* gen */ |
92 | if (cp == NULL || *gen == '\0') | 101 | if (cp == NULL || *gen == '\0') |
93 | goto fail; | 102 | goto truncated; |
94 | prime = strsep(&cp, " "); /* prime */ | 103 | prime = strsep(&cp, " "); /* prime */ |
95 | if (cp != NULL || *prime == '\0') | 104 | if (cp != NULL || *prime == '\0') { |
105 | truncated: | ||
106 | error("moduli:%d: truncated", linenum); | ||
96 | goto fail; | 107 | goto fail; |
108 | } | ||
97 | 109 | ||
98 | if ((dhg->g = BN_new()) == NULL) | 110 | if ((dhg->g = BN_new()) == NULL) |
99 | fatal("parse_prime: BN_new failed"); | 111 | fatal("parse_prime: BN_new failed"); |
100 | if ((dhg->p = BN_new()) == NULL) | 112 | if ((dhg->p = BN_new()) == NULL) |
101 | fatal("parse_prime: BN_new failed"); | 113 | fatal("parse_prime: BN_new failed"); |
102 | if (BN_hex2bn(&dhg->g, gen) == 0) | 114 | if (BN_hex2bn(&dhg->g, gen) == 0) { |
103 | goto failclean; | 115 | error("moduli:%d: could not parse generator value", linenum); |
104 | 116 | goto fail; | |
105 | if (BN_hex2bn(&dhg->p, prime) == 0) | 117 | } |
106 | goto failclean; | 118 | if (BN_hex2bn(&dhg->p, prime) == 0) { |
107 | 119 | error("moduli:%d: could not parse prime value", linenum); | |
108 | if (BN_num_bits(dhg->p) != dhg->size) | 120 | goto fail; |
109 | goto failclean; | 121 | } |
110 | 122 | if (BN_num_bits(dhg->p) != dhg->size) { | |
111 | if (BN_is_zero(dhg->g) || BN_is_one(dhg->g)) | 123 | error("moduli:%d: prime has wrong size: actual %d listed %d", |
112 | goto failclean; | 124 | linenum, BN_num_bits(dhg->p), dhg->size - 1); |
125 | goto fail; | ||
126 | } | ||
127 | if (BN_cmp(dhg->g, BN_value_one()) <= 0) { | ||
128 | error("moduli:%d: generator is invalid", linenum); | ||
129 | goto fail; | ||
130 | } | ||
113 | 131 | ||
114 | return (1); | 132 | return 1; |
115 | 133 | ||
116 | failclean: | ||
117 | BN_clear_free(dhg->g); | ||
118 | BN_clear_free(dhg->p); | ||
119 | fail: | 134 | fail: |
135 | if (dhg->g != NULL) | ||
136 | BN_clear_free(dhg->g); | ||
137 | if (dhg->p != NULL) | ||
138 | BN_clear_free(dhg->p); | ||
139 | dhg->g = dhg->p = NULL; | ||
120 | error("Bad prime description in line %d", linenum); | 140 | error("Bad prime description in line %d", linenum); |
121 | return (0); | 141 | return 0; |
122 | } | 142 | } |
123 | 143 | ||
124 | DH * | 144 | DH * |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: dns.c,v 1.28 2012/05/23 03:28:28 djm Exp $ */ | 1 | /* $OpenBSD: dns.c,v 1.29 2013/05/17 00:13:13 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2003 Wesley Griffin. All rights reserved. | 4 | * Copyright (c) 2003 Wesley Griffin. All rights reserved. |
@@ -273,7 +273,7 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address, | |||
273 | 273 | ||
274 | if (hostkey_digest_type != dnskey_digest_type) { | 274 | if (hostkey_digest_type != dnskey_digest_type) { |
275 | hostkey_digest_type = dnskey_digest_type; | 275 | hostkey_digest_type = dnskey_digest_type; |
276 | xfree(hostkey_digest); | 276 | free(hostkey_digest); |
277 | 277 | ||
278 | /* Initialize host key parameters */ | 278 | /* Initialize host key parameters */ |
279 | if (!dns_read_key(&hostkey_algorithm, | 279 | if (!dns_read_key(&hostkey_algorithm, |
@@ -293,10 +293,10 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address, | |||
293 | hostkey_digest_len) == 0) | 293 | hostkey_digest_len) == 0) |
294 | *flags |= DNS_VERIFY_MATCH; | 294 | *flags |= DNS_VERIFY_MATCH; |
295 | } | 295 | } |
296 | xfree(dnskey_digest); | 296 | free(dnskey_digest); |
297 | } | 297 | } |
298 | 298 | ||
299 | xfree(hostkey_digest); /* from key_fingerprint_raw() */ | 299 | free(hostkey_digest); /* from key_fingerprint_raw() */ |
300 | freerrset(fingerprints); | 300 | freerrset(fingerprints); |
301 | 301 | ||
302 | if (*flags & DNS_VERIFY_FOUND) | 302 | if (*flags & DNS_VERIFY_FOUND) |
@@ -339,7 +339,7 @@ export_dns_rr(const char *hostname, Key *key, FILE *f, int generic) | |||
339 | for (i = 0; i < rdata_digest_len; i++) | 339 | for (i = 0; i < rdata_digest_len; i++) |
340 | fprintf(f, "%02x", rdata_digest[i]); | 340 | fprintf(f, "%02x", rdata_digest[i]); |
341 | fprintf(f, "\n"); | 341 | fprintf(f, "\n"); |
342 | xfree(rdata_digest); /* from key_fingerprint_raw() */ | 342 | free(rdata_digest); /* from key_fingerprint_raw() */ |
343 | success = 1; | 343 | success = 1; |
344 | } | 344 | } |
345 | } | 345 | } |
diff --git a/fixalgorithms b/fixalgorithms new file mode 100755 index 000000000..115dce81c --- /dev/null +++ b/fixalgorithms | |||
@@ -0,0 +1,26 @@ | |||
1 | #!/bin/sh | ||
2 | # | ||
3 | # fixciphers - remove unsupported ciphers from man pages. | ||
4 | # Usage: fixpaths /path/to/sed cipher1 [cipher2] <infile >outfile | ||
5 | # | ||
6 | # Author: Darren Tucker (dtucker at zip com.au). Placed in the public domain. | ||
7 | |||
8 | die() { | ||
9 | echo $* | ||
10 | exit -1 | ||
11 | } | ||
12 | |||
13 | SED=$1 | ||
14 | shift | ||
15 | |||
16 | for c in $*; do | ||
17 | subs="$subs -e /.Dq.$c.*$/d" | ||
18 | subs="$subs -e s/$c,//g" | ||
19 | done | ||
20 | |||
21 | # now remove any entirely empty lines | ||
22 | subs="$subs -e /^$/d" | ||
23 | |||
24 | ${SED} $subs | ||
25 | |||
26 | exit 0 | ||
diff --git a/groupaccess.c b/groupaccess.c index 2381aeb15..1eab10b19 100644 --- a/groupaccess.c +++ b/groupaccess.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: groupaccess.c,v 1.13 2008/07/04 03:44:59 djm Exp $ */ | 1 | /* $OpenBSD: groupaccess.c,v 1.14 2013/05/17 00:13:13 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2001 Kevin Steves. All rights reserved. | 3 | * Copyright (c) 2001 Kevin Steves. All rights reserved. |
4 | * | 4 | * |
@@ -31,6 +31,7 @@ | |||
31 | #include <grp.h> | 31 | #include <grp.h> |
32 | #include <unistd.h> | 32 | #include <unistd.h> |
33 | #include <stdarg.h> | 33 | #include <stdarg.h> |
34 | #include <stdlib.h> | ||
34 | #include <string.h> | 35 | #include <string.h> |
35 | 36 | ||
36 | #include "xmalloc.h" | 37 | #include "xmalloc.h" |
@@ -68,7 +69,7 @@ ga_init(const char *user, gid_t base) | |||
68 | for (i = 0, j = 0; i < ngroups; i++) | 69 | for (i = 0, j = 0; i < ngroups; i++) |
69 | if ((gr = getgrgid(groups_bygid[i])) != NULL) | 70 | if ((gr = getgrgid(groups_bygid[i])) != NULL) |
70 | groups_byname[j++] = xstrdup(gr->gr_name); | 71 | groups_byname[j++] = xstrdup(gr->gr_name); |
71 | xfree(groups_bygid); | 72 | free(groups_bygid); |
72 | return (ngroups = j); | 73 | return (ngroups = j); |
73 | } | 74 | } |
74 | 75 | ||
@@ -122,8 +123,8 @@ ga_free(void) | |||
122 | 123 | ||
123 | if (ngroups > 0) { | 124 | if (ngroups > 0) { |
124 | for (i = 0; i < ngroups; i++) | 125 | for (i = 0; i < ngroups; i++) |
125 | xfree(groups_byname[i]); | 126 | free(groups_byname[i]); |
126 | ngroups = 0; | 127 | ngroups = 0; |
127 | xfree(groups_byname); | 128 | free(groups_byname); |
128 | } | 129 | } |
129 | } | 130 | } |
diff --git a/gss-genr.c b/gss-genr.c index f9b39cfd5..3069347c2 100644 --- a/gss-genr.c +++ b/gss-genr.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: gss-genr.c,v 1.20 2009/06/22 05:39:28 dtucker Exp $ */ | 1 | /* $OpenBSD: gss-genr.c,v 1.21 2013/05/17 00:13:13 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved. | 4 | * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved. |
@@ -101,8 +101,8 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_supported, ssh_gssapi_check_fn *check, | |||
101 | 101 | ||
102 | if (gss_enc2oid != NULL) { | 102 | if (gss_enc2oid != NULL) { |
103 | for (i = 0; gss_enc2oid[i].encoded != NULL; i++) | 103 | for (i = 0; gss_enc2oid[i].encoded != NULL; i++) |
104 | xfree(gss_enc2oid[i].encoded); | 104 | free(gss_enc2oid[i].encoded); |
105 | xfree(gss_enc2oid); | 105 | free(gss_enc2oid); |
106 | } | 106 | } |
107 | 107 | ||
108 | gss_enc2oid = xmalloc(sizeof(ssh_gss_kex_mapping) * | 108 | gss_enc2oid = xmalloc(sizeof(ssh_gss_kex_mapping) * |
@@ -159,7 +159,7 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_supported, ssh_gssapi_check_fn *check, | |||
159 | buffer_free(&buf); | 159 | buffer_free(&buf); |
160 | 160 | ||
161 | if (strlen(mechs) == 0) { | 161 | if (strlen(mechs) == 0) { |
162 | xfree(mechs); | 162 | free(mechs); |
163 | mechs = NULL; | 163 | mechs = NULL; |
164 | } | 164 | } |
165 | 165 | ||
@@ -214,8 +214,8 @@ void | |||
214 | ssh_gssapi_set_oid_data(Gssctxt *ctx, void *data, size_t len) | 214 | ssh_gssapi_set_oid_data(Gssctxt *ctx, void *data, size_t len) |
215 | { | 215 | { |
216 | if (ctx->oid != GSS_C_NO_OID) { | 216 | if (ctx->oid != GSS_C_NO_OID) { |
217 | xfree(ctx->oid->elements); | 217 | free(ctx->oid->elements); |
218 | xfree(ctx->oid); | 218 | free(ctx->oid); |
219 | } | 219 | } |
220 | ctx->oid = xmalloc(sizeof(gss_OID_desc)); | 220 | ctx->oid = xmalloc(sizeof(gss_OID_desc)); |
221 | ctx->oid->length = len; | 221 | ctx->oid->length = len; |
@@ -238,7 +238,7 @@ ssh_gssapi_error(Gssctxt *ctxt) | |||
238 | 238 | ||
239 | s = ssh_gssapi_last_error(ctxt, NULL, NULL); | 239 | s = ssh_gssapi_last_error(ctxt, NULL, NULL); |
240 | debug("%s", s); | 240 | debug("%s", s); |
241 | xfree(s); | 241 | free(s); |
242 | } | 242 | } |
243 | 243 | ||
244 | char * | 244 | char * |
@@ -319,8 +319,8 @@ ssh_gssapi_delete_ctx(Gssctxt **ctx) | |||
319 | if ((*ctx)->name != GSS_C_NO_NAME) | 319 | if ((*ctx)->name != GSS_C_NO_NAME) |
320 | gss_release_name(&ms, &(*ctx)->name); | 320 | gss_release_name(&ms, &(*ctx)->name); |
321 | if ((*ctx)->oid != GSS_C_NO_OID) { | 321 | if ((*ctx)->oid != GSS_C_NO_OID) { |
322 | xfree((*ctx)->oid->elements); | 322 | free((*ctx)->oid->elements); |
323 | xfree((*ctx)->oid); | 323 | free((*ctx)->oid); |
324 | (*ctx)->oid = GSS_C_NO_OID; | 324 | (*ctx)->oid = GSS_C_NO_OID; |
325 | } | 325 | } |
326 | if ((*ctx)->creds != GSS_C_NO_CREDENTIAL) | 326 | if ((*ctx)->creds != GSS_C_NO_CREDENTIAL) |
@@ -330,7 +330,7 @@ ssh_gssapi_delete_ctx(Gssctxt **ctx) | |||
330 | if ((*ctx)->client_creds != GSS_C_NO_CREDENTIAL) | 330 | if ((*ctx)->client_creds != GSS_C_NO_CREDENTIAL) |
331 | gss_release_cred(&ms, &(*ctx)->client_creds); | 331 | gss_release_cred(&ms, &(*ctx)->client_creds); |
332 | 332 | ||
333 | xfree(*ctx); | 333 | free(*ctx); |
334 | *ctx = NULL; | 334 | *ctx = NULL; |
335 | } | 335 | } |
336 | 336 | ||
@@ -377,7 +377,7 @@ ssh_gssapi_import_name(Gssctxt *ctx, const char *host) | |||
377 | &gssbuf, GSS_C_NT_HOSTBASED_SERVICE, &ctx->name))) | 377 | &gssbuf, GSS_C_NT_HOSTBASED_SERVICE, &ctx->name))) |
378 | ssh_gssapi_error(ctx); | 378 | ssh_gssapi_error(ctx); |
379 | 379 | ||
380 | xfree(gssbuf.value); | 380 | free(gssbuf.value); |
381 | return (ctx->major); | 381 | return (ctx->major); |
382 | } | 382 | } |
383 | 383 | ||
diff --git a/gss-serv-krb5.c b/gss-serv-krb5.c index e7170ee41..c55446a0b 100644 --- a/gss-serv-krb5.c +++ b/gss-serv-krb5.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: gss-serv-krb5.c,v 1.7 2006/08/03 03:34:42 deraadt Exp $ */ | 1 | /* $OpenBSD: gss-serv-krb5.c,v 1.8 2013/07/20 01:55:13 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2001-2007 Simon Wilkinson. All rights reserved. | 4 | * Copyright (c) 2001-2007 Simon Wilkinson. All rights reserved. |
@@ -48,12 +48,11 @@ extern ServerOptions options; | |||
48 | 48 | ||
49 | #ifdef HEIMDAL | 49 | #ifdef HEIMDAL |
50 | # include <krb5.h> | 50 | # include <krb5.h> |
51 | #else | 51 | #endif |
52 | # ifdef HAVE_GSSAPI_KRB5_H | 52 | #ifdef HAVE_GSSAPI_KRB5_H |
53 | # include <gssapi_krb5.h> | 53 | # include <gssapi_krb5.h> |
54 | # elif HAVE_GSSAPI_GSSAPI_KRB5_H | 54 | #elif HAVE_GSSAPI_GSSAPI_KRB5_H |
55 | # include <gssapi/gssapi_krb5.h> | 55 | # include <gssapi/gssapi_krb5.h> |
56 | # endif | ||
57 | #endif | 56 | #endif |
58 | 57 | ||
59 | static krb5_context krb_context = NULL; | 58 | static krb5_context krb_context = NULL; |
@@ -87,14 +86,16 @@ ssh_gssapi_krb5_userok(ssh_gssapi_client *client, char *name) | |||
87 | { | 86 | { |
88 | krb5_principal princ; | 87 | krb5_principal princ; |
89 | int retval; | 88 | int retval; |
89 | const char *errmsg; | ||
90 | 90 | ||
91 | if (ssh_gssapi_krb5_init() == 0) | 91 | if (ssh_gssapi_krb5_init() == 0) |
92 | return 0; | 92 | return 0; |
93 | 93 | ||
94 | if ((retval = krb5_parse_name(krb_context, client->exportedname.value, | 94 | if ((retval = krb5_parse_name(krb_context, client->exportedname.value, |
95 | &princ))) { | 95 | &princ))) { |
96 | logit("krb5_parse_name(): %.100s", | 96 | errmsg = krb5_get_error_message(krb_context, retval); |
97 | krb5_get_err_text(krb_context, retval)); | 97 | logit("krb5_parse_name(): %.100s", errmsg); |
98 | krb5_free_error_message(krb_context, errmsg); | ||
98 | return 0; | 99 | return 0; |
99 | } | 100 | } |
100 | if (krb5_kuserok(krb_context, princ, name)) { | 101 | if (krb5_kuserok(krb_context, princ, name)) { |
@@ -120,6 +121,7 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client) | |||
120 | krb5_principal princ; | 121 | krb5_principal princ; |
121 | OM_uint32 maj_status, min_status; | 122 | OM_uint32 maj_status, min_status; |
122 | int len; | 123 | int len; |
124 | const char *errmsg; | ||
123 | const char *new_ccname; | 125 | const char *new_ccname; |
124 | 126 | ||
125 | if (client->creds == NULL) { | 127 | if (client->creds == NULL) { |
@@ -131,30 +133,34 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client) | |||
131 | return; | 133 | return; |
132 | 134 | ||
133 | #ifdef HEIMDAL | 135 | #ifdef HEIMDAL |
134 | if ((problem = krb5_cc_gen_new(krb_context, &krb5_fcc_ops, &ccache))) { | 136 | if ((problem = krb5_cc_new_unique(krb_context, krb5_fcc_ops.prefix, |
135 | logit("krb5_cc_gen_new(): %.100s", | 137 | NULL, &ccache)) != 0) { |
136 | krb5_get_err_text(krb_context, problem)); | 138 | errmsg = krb5_get_error_message(krb_context, problem); |
139 | logit("krb5_cc_new_unique(): %.100s", errmsg); | ||
140 | krb5_free_error_message(krb_context, errmsg); | ||
137 | return; | 141 | return; |
138 | } | 142 | } |
139 | #else | 143 | #else |
140 | if ((problem = ssh_krb5_cc_gen(krb_context, &ccache))) { | 144 | if ((problem = ssh_krb5_cc_gen(krb_context, &ccache))) { |
141 | logit("ssh_krb5_cc_gen(): %.100s", | 145 | errmsg = krb5_get_error_message(krb_context, problem); |
142 | krb5_get_err_text(krb_context, problem)); | 146 | logit("ssh_krb5_cc_gen(): %.100s", errmsg); |
147 | krb5_free_error_message(krb_context, errmsg); | ||
143 | return; | 148 | return; |
144 | } | 149 | } |
145 | #endif /* #ifdef HEIMDAL */ | 150 | #endif /* #ifdef HEIMDAL */ |
146 | 151 | ||
147 | if ((problem = krb5_parse_name(krb_context, | 152 | if ((problem = krb5_parse_name(krb_context, |
148 | client->exportedname.value, &princ))) { | 153 | client->exportedname.value, &princ))) { |
149 | logit("krb5_parse_name(): %.100s", | 154 | errmsg = krb5_get_error_message(krb_context, problem); |
150 | krb5_get_err_text(krb_context, problem)); | 155 | logit("krb5_parse_name(): %.100s", errmsg); |
151 | krb5_cc_destroy(krb_context, ccache); | 156 | krb5_free_error_message(krb_context, errmsg); |
152 | return; | 157 | return; |
153 | } | 158 | } |
154 | 159 | ||
155 | if ((problem = krb5_cc_initialize(krb_context, ccache, princ))) { | 160 | if ((problem = krb5_cc_initialize(krb_context, ccache, princ))) { |
156 | logit("krb5_cc_initialize(): %.100s", | 161 | errmsg = krb5_get_error_message(krb_context, problem); |
157 | krb5_get_err_text(krb_context, problem)); | 162 | logit("krb5_cc_initialize(): %.100s", errmsg); |
163 | krb5_free_error_message(krb_context, errmsg); | ||
158 | krb5_free_principal(krb_context, princ); | 164 | krb5_free_principal(krb_context, princ); |
159 | krb5_cc_destroy(krb_context, ccache); | 165 | krb5_cc_destroy(krb_context, ccache); |
160 | return; | 166 | return; |
diff --git a/gss-serv.c b/gss-serv.c index 380895ea5..97f366fdf 100644 --- a/gss-serv.c +++ b/gss-serv.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: gss-serv.c,v 1.23 2011/08/01 19:18:15 markus Exp $ */ | 1 | /* $OpenBSD: gss-serv.c,v 1.24 2013/07/20 01:55:13 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved. | 4 | * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved. |
@@ -55,7 +55,8 @@ extern ServerOptions options; | |||
55 | 55 | ||
56 | static ssh_gssapi_client gssapi_client = | 56 | static ssh_gssapi_client gssapi_client = |
57 | { GSS_C_EMPTY_BUFFER, GSS_C_EMPTY_BUFFER, | 57 | { GSS_C_EMPTY_BUFFER, GSS_C_EMPTY_BUFFER, |
58 | GSS_C_NO_CREDENTIAL, GSS_C_NO_NAME, NULL, {NULL, NULL, NULL}, 0, 0}; | 58 | GSS_C_NO_CREDENTIAL, GSS_C_NO_NAME, NULL, |
59 | {NULL, NULL, NULL, NULL, NULL}, 0, 0}; | ||
59 | 60 | ||
60 | ssh_gssapi_mech gssapi_null_mech = | 61 | ssh_gssapi_mech gssapi_null_mech = |
61 | { NULL, NULL, {0, NULL}, NULL, NULL, NULL, NULL, NULL}; | 62 | { NULL, NULL, {0, NULL}, NULL, NULL, NULL, NULL, NULL}; |
diff --git a/hostfile.c b/hostfile.c index b6f924b23..2ff4c48b4 100644 --- a/hostfile.c +++ b/hostfile.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: hostfile.c,v 1.50 2010/12/04 13:31:37 djm Exp $ */ | 1 | /* $OpenBSD: hostfile.c,v 1.52 2013/07/12 00:19:58 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -64,7 +64,7 @@ struct hostkeys { | |||
64 | }; | 64 | }; |
65 | 65 | ||
66 | static int | 66 | static int |
67 | extract_salt(const char *s, u_int l, char *salt, size_t salt_len) | 67 | extract_salt(const char *s, u_int l, u_char *salt, size_t salt_len) |
68 | { | 68 | { |
69 | char *p, *b64salt; | 69 | char *p, *b64salt; |
70 | u_int b64len; | 70 | u_int b64len; |
@@ -96,7 +96,7 @@ extract_salt(const char *s, u_int l, char *salt, size_t salt_len) | |||
96 | b64salt[b64len] = '\0'; | 96 | b64salt[b64len] = '\0'; |
97 | 97 | ||
98 | ret = __b64_pton(b64salt, salt, salt_len); | 98 | ret = __b64_pton(b64salt, salt, salt_len); |
99 | xfree(b64salt); | 99 | free(b64salt); |
100 | if (ret == -1) { | 100 | if (ret == -1) { |
101 | debug2("extract_salt: salt decode error"); | 101 | debug2("extract_salt: salt decode error"); |
102 | return (-1); | 102 | return (-1); |
@@ -115,7 +115,8 @@ host_hash(const char *host, const char *name_from_hostfile, u_int src_len) | |||
115 | { | 115 | { |
116 | const EVP_MD *md = EVP_sha1(); | 116 | const EVP_MD *md = EVP_sha1(); |
117 | HMAC_CTX mac_ctx; | 117 | HMAC_CTX mac_ctx; |
118 | char salt[256], result[256], uu_salt[512], uu_result[512]; | 118 | u_char salt[256], result[256]; |
119 | char uu_salt[512], uu_result[512]; | ||
119 | static char encoded[1024]; | 120 | static char encoded[1024]; |
120 | u_int i, len; | 121 | u_int i, len; |
121 | 122 | ||
@@ -133,7 +134,7 @@ host_hash(const char *host, const char *name_from_hostfile, u_int src_len) | |||
133 | } | 134 | } |
134 | 135 | ||
135 | HMAC_Init(&mac_ctx, salt, len, md); | 136 | HMAC_Init(&mac_ctx, salt, len, md); |
136 | HMAC_Update(&mac_ctx, host, strlen(host)); | 137 | HMAC_Update(&mac_ctx, (u_char *)host, strlen(host)); |
137 | HMAC_Final(&mac_ctx, result, NULL); | 138 | HMAC_Final(&mac_ctx, result, NULL); |
138 | HMAC_cleanup(&mac_ctx); | 139 | HMAC_cleanup(&mac_ctx); |
139 | 140 | ||
@@ -153,7 +154,7 @@ host_hash(const char *host, const char *name_from_hostfile, u_int src_len) | |||
153 | */ | 154 | */ |
154 | 155 | ||
155 | int | 156 | int |
156 | hostfile_read_key(char **cpp, u_int *bitsp, Key *ret) | 157 | hostfile_read_key(char **cpp, int *bitsp, Key *ret) |
157 | { | 158 | { |
158 | char *cp; | 159 | char *cp; |
159 | 160 | ||
@@ -170,8 +171,10 @@ hostfile_read_key(char **cpp, u_int *bitsp, Key *ret) | |||
170 | 171 | ||
171 | /* Return results. */ | 172 | /* Return results. */ |
172 | *cpp = cp; | 173 | *cpp = cp; |
173 | if (bitsp != NULL) | 174 | if (bitsp != NULL) { |
174 | *bitsp = key_size(ret); | 175 | if ((*bitsp = key_size(ret)) <= 0) |
176 | return 0; | ||
177 | } | ||
175 | return 1; | 178 | return 1; |
176 | } | 179 | } |
177 | 180 | ||
@@ -327,16 +330,14 @@ free_hostkeys(struct hostkeys *hostkeys) | |||
327 | u_int i; | 330 | u_int i; |
328 | 331 | ||
329 | for (i = 0; i < hostkeys->num_entries; i++) { | 332 | for (i = 0; i < hostkeys->num_entries; i++) { |
330 | xfree(hostkeys->entries[i].host); | 333 | free(hostkeys->entries[i].host); |
331 | xfree(hostkeys->entries[i].file); | 334 | free(hostkeys->entries[i].file); |
332 | key_free(hostkeys->entries[i].key); | 335 | key_free(hostkeys->entries[i].key); |
333 | bzero(hostkeys->entries + i, sizeof(*hostkeys->entries)); | 336 | bzero(hostkeys->entries + i, sizeof(*hostkeys->entries)); |
334 | } | 337 | } |
335 | if (hostkeys->entries != NULL) | 338 | free(hostkeys->entries); |
336 | xfree(hostkeys->entries); | 339 | bzero(hostkeys, sizeof(*hostkeys)); |
337 | hostkeys->entries = NULL; | 340 | free(hostkeys); |
338 | hostkeys->num_entries = 0; | ||
339 | xfree(hostkeys); | ||
340 | } | 341 | } |
341 | 342 | ||
342 | static int | 343 | static int |
diff --git a/hostfile.h b/hostfile.h index d84d422ff..679c034f3 100644 --- a/hostfile.h +++ b/hostfile.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: hostfile.h,v 1.19 2010/11/29 23:45:51 djm Exp $ */ | 1 | /* $OpenBSD: hostfile.h,v 1.20 2013/07/12 00:19:58 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
@@ -40,7 +40,7 @@ HostStatus check_key_in_hostkeys(struct hostkeys *, Key *, | |||
40 | int lookup_key_in_hostkeys_by_type(struct hostkeys *, int, | 40 | int lookup_key_in_hostkeys_by_type(struct hostkeys *, int, |
41 | const struct hostkey_entry **); | 41 | const struct hostkey_entry **); |
42 | 42 | ||
43 | int hostfile_read_key(char **, u_int *, Key *); | 43 | int hostfile_read_key(char **, int *, Key *); |
44 | int add_host_to_hostfile(const char *, const char *, const Key *, int); | 44 | int add_host_to_hostfile(const char *, const char *, const Key *, int); |
45 | 45 | ||
46 | #define HASH_MAGIC "|1|" | 46 | #define HASH_MAGIC "|1|" |
diff --git a/includes.h b/includes.h index 3e206c899..07bcd89f2 100644 --- a/includes.h +++ b/includes.h | |||
@@ -18,7 +18,9 @@ | |||
18 | 18 | ||
19 | #include "config.h" | 19 | #include "config.h" |
20 | 20 | ||
21 | #ifndef _GNU_SOURCE | ||
21 | #define _GNU_SOURCE /* activate extra prototypes for glibc */ | 22 | #define _GNU_SOURCE /* activate extra prototypes for glibc */ |
23 | #endif | ||
22 | 24 | ||
23 | #include <sys/types.h> | 25 | #include <sys/types.h> |
24 | #include <sys/socket.h> /* For CMSG_* */ | 26 | #include <sys/socket.h> /* For CMSG_* */ |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: jpake.c,v 1.7 2012/06/18 11:43:53 dtucker Exp $ */ | 1 | /* $OpenBSD: jpake.c,v 1.8 2013/05/17 00:13:13 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2008 Damien Miller. All rights reserved. | 3 | * Copyright (c) 2008 Damien Miller. All rights reserved. |
4 | * | 4 | * |
@@ -106,7 +106,7 @@ jpake_free(struct jpake_ctx *pctx) | |||
106 | do { \ | 106 | do { \ |
107 | if ((v) != NULL) { \ | 107 | if ((v) != NULL) { \ |
108 | bzero((v), (l)); \ | 108 | bzero((v), (l)); \ |
109 | xfree(v); \ | 109 | free(v); \ |
110 | (v) = NULL; \ | 110 | (v) = NULL; \ |
111 | (l) = 0; \ | 111 | (l) = 0; \ |
112 | } \ | 112 | } \ |
@@ -134,7 +134,7 @@ jpake_free(struct jpake_ctx *pctx) | |||
134 | #undef JPAKE_BUF_CLEAR_FREE | 134 | #undef JPAKE_BUF_CLEAR_FREE |
135 | 135 | ||
136 | bzero(pctx, sizeof(*pctx)); | 136 | bzero(pctx, sizeof(*pctx)); |
137 | xfree(pctx); | 137 | free(pctx); |
138 | } | 138 | } |
139 | 139 | ||
140 | /* dump entire jpake_ctx. NB. includes private values! */ | 140 | /* dump entire jpake_ctx. NB. includes private values! */ |
@@ -445,7 +445,7 @@ jpake_check_confirm(const BIGNUM *k, | |||
445 | expected_confirm_hash_len) == 0) | 445 | expected_confirm_hash_len) == 0) |
446 | success = 1; | 446 | success = 1; |
447 | bzero(expected_confirm_hash, expected_confirm_hash_len); | 447 | bzero(expected_confirm_hash, expected_confirm_hash_len); |
448 | xfree(expected_confirm_hash); | 448 | free(expected_confirm_hash); |
449 | debug3("%s: success = %d", __func__, success); | 449 | debug3("%s: success = %d", __func__, success); |
450 | return success; | 450 | return success; |
451 | } | 451 | } |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: kex.c,v 1.88 2013/01/08 18:49:04 markus Exp $ */ | 1 | /* $OpenBSD: kex.c,v 1.91 2013/05/17 00:13:13 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -66,6 +66,69 @@ extern const EVP_MD *evp_ssh_sha256(void); | |||
66 | static void kex_kexinit_finish(Kex *); | 66 | static void kex_kexinit_finish(Kex *); |
67 | static void kex_choose_conf(Kex *); | 67 | static void kex_choose_conf(Kex *); |
68 | 68 | ||
69 | struct kexalg { | ||
70 | char *name; | ||
71 | int type; | ||
72 | int ec_nid; | ||
73 | const EVP_MD *(*mdfunc)(void); | ||
74 | }; | ||
75 | static const struct kexalg kexalgs[] = { | ||
76 | { KEX_DH1, KEX_DH_GRP1_SHA1, 0, EVP_sha1 }, | ||
77 | { KEX_DH14, KEX_DH_GRP14_SHA1, 0, EVP_sha1 }, | ||
78 | { KEX_DHGEX_SHA1, KEX_DH_GEX_SHA1, 0, EVP_sha1 }, | ||
79 | #ifdef HAVE_EVP_SHA256 | ||
80 | { KEX_DHGEX_SHA256, KEX_DH_GEX_SHA256, 0, EVP_sha256 }, | ||
81 | #endif | ||
82 | #ifdef OPENSSL_HAS_ECC | ||
83 | { KEX_ECDH_SHA2_NISTP256, KEX_ECDH_SHA2, NID_X9_62_prime256v1, EVP_sha256 }, | ||
84 | { KEX_ECDH_SHA2_NISTP384, KEX_ECDH_SHA2, NID_secp384r1, EVP_sha384 }, | ||
85 | { KEX_ECDH_SHA2_NISTP521, KEX_ECDH_SHA2, NID_secp521r1, EVP_sha512 }, | ||
86 | #endif | ||
87 | { NULL, -1, -1, NULL}, | ||
88 | }; | ||
89 | static const struct kexalg kexalg_prefixes[] = { | ||
90 | #ifdef GSSAPI | ||
91 | { KEX_GSS_GEX_SHA1_ID, KEX_GSS_GEX_SHA1, 0, EVP_sha1 }, | ||
92 | { KEX_GSS_GRP1_SHA1_ID, KEX_GSS_GRP1_SHA1, 0, EVP_sha1 }, | ||
93 | { KEX_GSS_GRP14_SHA1_ID, KEX_GSS_GRP14_SHA1, 0, EVP_sha1 }, | ||
94 | #endif | ||
95 | { NULL, -1, -1, NULL }, | ||
96 | }; | ||
97 | |||
98 | char * | ||
99 | kex_alg_list(void) | ||
100 | { | ||
101 | char *ret = NULL; | ||
102 | size_t nlen, rlen = 0; | ||
103 | const struct kexalg *k; | ||
104 | |||
105 | for (k = kexalgs; k->name != NULL; k++) { | ||
106 | if (ret != NULL) | ||
107 | ret[rlen++] = '\n'; | ||
108 | nlen = strlen(k->name); | ||
109 | ret = xrealloc(ret, 1, rlen + nlen + 2); | ||
110 | memcpy(ret + rlen, k->name, nlen + 1); | ||
111 | rlen += nlen; | ||
112 | } | ||
113 | return ret; | ||
114 | } | ||
115 | |||
116 | static const struct kexalg * | ||
117 | kex_alg_by_name(const char *name) | ||
118 | { | ||
119 | const struct kexalg *k; | ||
120 | |||
121 | for (k = kexalgs; k->name != NULL; k++) { | ||
122 | if (strcmp(k->name, name) == 0) | ||
123 | return k; | ||
124 | } | ||
125 | for (k = kexalg_prefixes; k->name != NULL; k++) { | ||
126 | if (strncmp(k->name, name, strlen(k->name)) == 0) | ||
127 | return k; | ||
128 | } | ||
129 | return NULL; | ||
130 | } | ||
131 | |||
69 | /* Validate KEX method name list */ | 132 | /* Validate KEX method name list */ |
70 | int | 133 | int |
71 | kex_names_valid(const char *names) | 134 | kex_names_valid(const char *names) |
@@ -77,20 +140,14 @@ kex_names_valid(const char *names) | |||
77 | s = cp = xstrdup(names); | 140 | s = cp = xstrdup(names); |
78 | for ((p = strsep(&cp, ",")); p && *p != '\0'; | 141 | for ((p = strsep(&cp, ",")); p && *p != '\0'; |
79 | (p = strsep(&cp, ","))) { | 142 | (p = strsep(&cp, ","))) { |
80 | if (strcmp(p, KEX_DHGEX_SHA256) != 0 && | 143 | if (kex_alg_by_name(p) == NULL) { |
81 | strcmp(p, KEX_DHGEX_SHA1) != 0 && | ||
82 | strcmp(p, KEX_DH14) != 0 && | ||
83 | strcmp(p, KEX_DH1) != 0 && | ||
84 | (strncmp(p, KEX_ECDH_SHA2_STEM, | ||
85 | sizeof(KEX_ECDH_SHA2_STEM) - 1) != 0 || | ||
86 | kex_ecdh_name_to_nid(p) == -1)) { | ||
87 | error("Unsupported KEX algorithm \"%.100s\"", p); | 144 | error("Unsupported KEX algorithm \"%.100s\"", p); |
88 | xfree(s); | 145 | free(s); |
89 | return 0; | 146 | return 0; |
90 | } | 147 | } |
91 | } | 148 | } |
92 | debug3("kex names ok: [%s]", names); | 149 | debug3("kex names ok: [%s]", names); |
93 | xfree(s); | 150 | free(s); |
94 | return 1; | 151 | return 1; |
95 | } | 152 | } |
96 | 153 | ||
@@ -150,8 +207,8 @@ kex_prop_free(char **proposal) | |||
150 | u_int i; | 207 | u_int i; |
151 | 208 | ||
152 | for (i = 0; i < PROPOSAL_MAX; i++) | 209 | for (i = 0; i < PROPOSAL_MAX; i++) |
153 | xfree(proposal[i]); | 210 | free(proposal[i]); |
154 | xfree(proposal); | 211 | free(proposal); |
155 | } | 212 | } |
156 | 213 | ||
157 | /* ARGSUSED */ | 214 | /* ARGSUSED */ |
@@ -188,7 +245,7 @@ kex_finish(Kex *kex) | |||
188 | buffer_clear(&kex->peer); | 245 | buffer_clear(&kex->peer); |
189 | /* buffer_clear(&kex->my); */ | 246 | /* buffer_clear(&kex->my); */ |
190 | kex->flags &= ~KEX_INIT_SENT; | 247 | kex->flags &= ~KEX_INIT_SENT; |
191 | xfree(kex->name); | 248 | free(kex->name); |
192 | kex->name = NULL; | 249 | kex->name = NULL; |
193 | } | 250 | } |
194 | 251 | ||
@@ -245,7 +302,7 @@ kex_input_kexinit(int type, u_int32_t seq, void *ctxt) | |||
245 | for (i = 0; i < KEX_COOKIE_LEN; i++) | 302 | for (i = 0; i < KEX_COOKIE_LEN; i++) |
246 | packet_get_char(); | 303 | packet_get_char(); |
247 | for (i = 0; i < PROPOSAL_MAX; i++) | 304 | for (i = 0; i < PROPOSAL_MAX; i++) |
248 | xfree(packet_get_string(NULL)); | 305 | free(packet_get_string(NULL)); |
249 | /* | 306 | /* |
250 | * XXX RFC4253 sec 7: "each side MAY guess" - currently no supported | 307 | * XXX RFC4253 sec 7: "each side MAY guess" - currently no supported |
251 | * KEX method has the server move first, but a server might be using | 308 | * KEX method has the server move first, but a server might be using |
@@ -352,43 +409,16 @@ choose_comp(Comp *comp, char *client, char *server) | |||
352 | static void | 409 | static void |
353 | choose_kex(Kex *k, char *client, char *server) | 410 | choose_kex(Kex *k, char *client, char *server) |
354 | { | 411 | { |
412 | const struct kexalg *kexalg; | ||
413 | |||
355 | k->name = match_list(client, server, NULL); | 414 | k->name = match_list(client, server, NULL); |
356 | if (k->name == NULL) | 415 | if (k->name == NULL) |
357 | fatal("Unable to negotiate a key exchange method"); | 416 | fatal("Unable to negotiate a key exchange method"); |
358 | if (strcmp(k->name, KEX_DH1) == 0) { | 417 | if ((kexalg = kex_alg_by_name(k->name)) == NULL) |
359 | k->kex_type = KEX_DH_GRP1_SHA1; | 418 | fatal("unsupported kex alg %s", k->name); |
360 | k->evp_md = EVP_sha1(); | 419 | k->kex_type = kexalg->type; |
361 | } else if (strcmp(k->name, KEX_DH14) == 0) { | 420 | k->evp_md = kexalg->mdfunc(); |
362 | k->kex_type = KEX_DH_GRP14_SHA1; | 421 | k->ec_nid = kexalg->ec_nid; |
363 | k->evp_md = EVP_sha1(); | ||
364 | } else if (strcmp(k->name, KEX_DHGEX_SHA1) == 0) { | ||
365 | k->kex_type = KEX_DH_GEX_SHA1; | ||
366 | k->evp_md = EVP_sha1(); | ||
367 | #if OPENSSL_VERSION_NUMBER >= 0x00907000L | ||
368 | } else if (strcmp(k->name, KEX_DHGEX_SHA256) == 0) { | ||
369 | k->kex_type = KEX_DH_GEX_SHA256; | ||
370 | k->evp_md = evp_ssh_sha256(); | ||
371 | } else if (strncmp(k->name, KEX_ECDH_SHA2_STEM, | ||
372 | sizeof(KEX_ECDH_SHA2_STEM) - 1) == 0) { | ||
373 | k->kex_type = KEX_ECDH_SHA2; | ||
374 | k->evp_md = kex_ecdh_name_to_evpmd(k->name); | ||
375 | #endif | ||
376 | #ifdef GSSAPI | ||
377 | } else if (strncmp(k->name, KEX_GSS_GEX_SHA1_ID, | ||
378 | sizeof(KEX_GSS_GEX_SHA1_ID) - 1) == 0) { | ||
379 | k->kex_type = KEX_GSS_GEX_SHA1; | ||
380 | k->evp_md = EVP_sha1(); | ||
381 | } else if (strncmp(k->name, KEX_GSS_GRP1_SHA1_ID, | ||
382 | sizeof(KEX_GSS_GRP1_SHA1_ID) - 1) == 0) { | ||
383 | k->kex_type = KEX_GSS_GRP1_SHA1; | ||
384 | k->evp_md = EVP_sha1(); | ||
385 | } else if (strncmp(k->name, KEX_GSS_GRP14_SHA1_ID, | ||
386 | sizeof(KEX_GSS_GRP14_SHA1_ID) - 1) == 0) { | ||
387 | k->kex_type = KEX_GSS_GRP14_SHA1; | ||
388 | k->evp_md = EVP_sha1(); | ||
389 | #endif | ||
390 | } else | ||
391 | fatal("bad kex alg %s", k->name); | ||
392 | } | 422 | } |
393 | 423 | ||
394 | static void | 424 | static void |
@@ -400,7 +430,7 @@ choose_hostkeyalg(Kex *k, char *client, char *server) | |||
400 | k->hostkey_type = key_type_from_name(hostkeyalg); | 430 | k->hostkey_type = key_type_from_name(hostkeyalg); |
401 | if (k->hostkey_type == KEY_UNSPEC) | 431 | if (k->hostkey_type == KEY_UNSPEC) |
402 | fatal("bad hostkey alg '%s'", hostkeyalg); | 432 | fatal("bad hostkey alg '%s'", hostkeyalg); |
403 | xfree(hostkeyalg); | 433 | free(hostkeyalg); |
404 | } | 434 | } |
405 | 435 | ||
406 | static int | 436 | static int |
@@ -454,7 +484,7 @@ kex_choose_conf(Kex *kex) | |||
454 | roaming = match_list(KEX_RESUME, peer[PROPOSAL_KEX_ALGS], NULL); | 484 | roaming = match_list(KEX_RESUME, peer[PROPOSAL_KEX_ALGS], NULL); |
455 | if (roaming) { | 485 | if (roaming) { |
456 | kex->roaming = 1; | 486 | kex->roaming = 1; |
457 | xfree(roaming); | 487 | free(roaming); |
458 | } | 488 | } |
459 | } | 489 | } |
460 | 490 | ||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: kex.h,v 1.54 2013/01/08 18:49:04 markus Exp $ */ | 1 | /* $OpenBSD: kex.h,v 1.56 2013/07/19 07:37:48 markus Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. |
@@ -40,8 +40,9 @@ | |||
40 | #define KEX_DHGEX_SHA1 "diffie-hellman-group-exchange-sha1" | 40 | #define KEX_DHGEX_SHA1 "diffie-hellman-group-exchange-sha1" |
41 | #define KEX_DHGEX_SHA256 "diffie-hellman-group-exchange-sha256" | 41 | #define KEX_DHGEX_SHA256 "diffie-hellman-group-exchange-sha256" |
42 | #define KEX_RESUME "resume@appgate.com" | 42 | #define KEX_RESUME "resume@appgate.com" |
43 | /* The following represents the family of ECDH methods */ | 43 | #define KEX_ECDH_SHA2_NISTP256 "ecdh-sha2-nistp256" |
44 | #define KEX_ECDH_SHA2_STEM "ecdh-sha2-" | 44 | #define KEX_ECDH_SHA2_NISTP384 "ecdh-sha2-nistp384" |
45 | #define KEX_ECDH_SHA2_NISTP521 "ecdh-sha2-nistp521" | ||
45 | 46 | ||
46 | #define COMP_NONE 0 | 47 | #define COMP_NONE 0 |
47 | #define COMP_ZLIB 1 | 48 | #define COMP_ZLIB 1 |
@@ -89,7 +90,7 @@ typedef struct Newkeys Newkeys; | |||
89 | 90 | ||
90 | struct Enc { | 91 | struct Enc { |
91 | char *name; | 92 | char *name; |
92 | Cipher *cipher; | 93 | const Cipher *cipher; |
93 | int enabled; | 94 | int enabled; |
94 | u_int key_len; | 95 | u_int key_len; |
95 | u_int iv_len; | 96 | u_int iv_len; |
@@ -134,6 +135,7 @@ struct Kex { | |||
134 | sig_atomic_t done; | 135 | sig_atomic_t done; |
135 | int flags; | 136 | int flags; |
136 | const EVP_MD *evp_md; | 137 | const EVP_MD *evp_md; |
138 | int ec_nid; | ||
137 | #ifdef GSSAPI | 139 | #ifdef GSSAPI |
138 | int gss_deleg_creds; | 140 | int gss_deleg_creds; |
139 | int gss_trust_dns; | 141 | int gss_trust_dns; |
@@ -146,10 +148,12 @@ struct Kex { | |||
146 | Key *(*load_host_public_key)(int); | 148 | Key *(*load_host_public_key)(int); |
147 | Key *(*load_host_private_key)(int); | 149 | Key *(*load_host_private_key)(int); |
148 | int (*host_key_index)(Key *); | 150 | int (*host_key_index)(Key *); |
151 | void (*sign)(Key *, Key *, u_char **, u_int *, u_char *, u_int); | ||
149 | void (*kex[KEX_MAX])(Kex *); | 152 | void (*kex[KEX_MAX])(Kex *); |
150 | }; | 153 | }; |
151 | 154 | ||
152 | int kex_names_valid(const char *); | 155 | int kex_names_valid(const char *); |
156 | char *kex_alg_list(void); | ||
153 | 157 | ||
154 | Kex *kex_setup(char *[PROPOSAL_MAX]); | 158 | Kex *kex_setup(char *[PROPOSAL_MAX]); |
155 | void kex_finish(Kex *); | 159 | void kex_finish(Kex *); |
@@ -184,11 +188,6 @@ void | |||
184 | kex_ecdh_hash(const EVP_MD *, const EC_GROUP *, char *, char *, char *, int, | 188 | kex_ecdh_hash(const EVP_MD *, const EC_GROUP *, char *, char *, char *, int, |
185 | char *, int, u_char *, int, const EC_POINT *, const EC_POINT *, | 189 | char *, int, u_char *, int, const EC_POINT *, const EC_POINT *, |
186 | const BIGNUM *, u_char **, u_int *); | 190 | const BIGNUM *, u_char **, u_int *); |
187 | int kex_ecdh_name_to_nid(const char *); | ||
188 | const EVP_MD *kex_ecdh_name_to_evpmd(const char *); | ||
189 | #else | ||
190 | # define kex_ecdh_name_to_nid(x) (-1) | ||
191 | # define kex_ecdh_name_to_evpmd(x) (NULL) | ||
192 | #endif | 191 | #endif |
193 | 192 | ||
194 | void | 193 | void |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: kexdhc.c,v 1.12 2010/11/10 01:33:07 djm Exp $ */ | 1 | /* $OpenBSD: kexdhc.c,v 1.13 2013/05/17 00:13:13 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -125,7 +125,7 @@ kexdh_client(Kex *kex) | |||
125 | if (BN_bin2bn(kbuf, kout, shared_secret) == NULL) | 125 | if (BN_bin2bn(kbuf, kout, shared_secret) == NULL) |
126 | fatal("kexdh_client: BN_bin2bn failed"); | 126 | fatal("kexdh_client: BN_bin2bn failed"); |
127 | memset(kbuf, 0, klen); | 127 | memset(kbuf, 0, klen); |
128 | xfree(kbuf); | 128 | free(kbuf); |
129 | 129 | ||
130 | /* calc and verify H */ | 130 | /* calc and verify H */ |
131 | kex_dh_hash( | 131 | kex_dh_hash( |
@@ -139,14 +139,14 @@ kexdh_client(Kex *kex) | |||
139 | shared_secret, | 139 | shared_secret, |
140 | &hash, &hashlen | 140 | &hash, &hashlen |
141 | ); | 141 | ); |
142 | xfree(server_host_key_blob); | 142 | free(server_host_key_blob); |
143 | BN_clear_free(dh_server_pub); | 143 | BN_clear_free(dh_server_pub); |
144 | DH_free(dh); | 144 | DH_free(dh); |
145 | 145 | ||
146 | if (key_verify(server_host_key, signature, slen, hash, hashlen) != 1) | 146 | if (key_verify(server_host_key, signature, slen, hash, hashlen) != 1) |
147 | fatal("key_verify failed for server_host_key"); | 147 | fatal("key_verify failed for server_host_key"); |
148 | key_free(server_host_key); | 148 | key_free(server_host_key); |
149 | xfree(signature); | 149 | free(signature); |
150 | 150 | ||
151 | /* save session id */ | 151 | /* save session id */ |
152 | if (kex->session_id == NULL) { | 152 | if (kex->session_id == NULL) { |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: kexdhs.c,v 1.12 2010/11/10 01:33:07 djm Exp $ */ | 1 | /* $OpenBSD: kexdhs.c,v 1.14 2013/07/19 07:37:48 markus Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -80,9 +80,6 @@ kexdh_server(Kex *kex) | |||
80 | if (server_host_public == NULL) | 80 | if (server_host_public == NULL) |
81 | fatal("Unsupported hostkey type %d", kex->hostkey_type); | 81 | fatal("Unsupported hostkey type %d", kex->hostkey_type); |
82 | server_host_private = kex->load_host_private_key(kex->hostkey_type); | 82 | server_host_private = kex->load_host_private_key(kex->hostkey_type); |
83 | if (server_host_private == NULL) | ||
84 | fatal("Missing private key for hostkey type %d", | ||
85 | kex->hostkey_type); | ||
86 | 83 | ||
87 | /* key, cert */ | 84 | /* key, cert */ |
88 | if ((dh_client_pub = BN_new()) == NULL) | 85 | if ((dh_client_pub = BN_new()) == NULL) |
@@ -118,7 +115,7 @@ kexdh_server(Kex *kex) | |||
118 | if (BN_bin2bn(kbuf, kout, shared_secret) == NULL) | 115 | if (BN_bin2bn(kbuf, kout, shared_secret) == NULL) |
119 | fatal("kexdh_server: BN_bin2bn failed"); | 116 | fatal("kexdh_server: BN_bin2bn failed"); |
120 | memset(kbuf, 0, klen); | 117 | memset(kbuf, 0, klen); |
121 | xfree(kbuf); | 118 | free(kbuf); |
122 | 119 | ||
123 | key_to_blob(server_host_public, &server_host_key_blob, &sbloblen); | 120 | key_to_blob(server_host_public, &server_host_key_blob, &sbloblen); |
124 | 121 | ||
@@ -144,9 +141,8 @@ kexdh_server(Kex *kex) | |||
144 | } | 141 | } |
145 | 142 | ||
146 | /* sign H */ | 143 | /* sign H */ |
147 | if (PRIVSEP(key_sign(server_host_private, &signature, &slen, hash, | 144 | kex->sign(server_host_private, server_host_public, &signature, &slen, |
148 | hashlen)) < 0) | 145 | hash, hashlen); |
149 | fatal("kexdh_server: key_sign failed"); | ||
150 | 146 | ||
151 | /* destroy_sensitive_data(); */ | 147 | /* destroy_sensitive_data(); */ |
152 | 148 | ||
@@ -157,8 +153,8 @@ kexdh_server(Kex *kex) | |||
157 | packet_put_string(signature, slen); | 153 | packet_put_string(signature, slen); |
158 | packet_send(); | 154 | packet_send(); |
159 | 155 | ||
160 | xfree(signature); | 156 | free(signature); |
161 | xfree(server_host_key_blob); | 157 | free(server_host_key_blob); |
162 | /* have keys, free DH */ | 158 | /* have keys, free DH */ |
163 | DH_free(dh); | 159 | DH_free(dh); |
164 | 160 | ||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: kexecdh.c,v 1.3 2010/09/22 05:01:29 djm Exp $ */ | 1 | /* $OpenBSD: kexecdh.c,v 1.4 2013/04/19 01:06:50 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. |
4 | * Copyright (c) 2010 Damien Miller. All rights reserved. | 4 | * Copyright (c) 2010 Damien Miller. All rights reserved. |
@@ -45,24 +45,6 @@ | |||
45 | #include "kex.h" | 45 | #include "kex.h" |
46 | #include "log.h" | 46 | #include "log.h" |
47 | 47 | ||
48 | int | ||
49 | kex_ecdh_name_to_nid(const char *kexname) | ||
50 | { | ||
51 | if (strlen(kexname) < sizeof(KEX_ECDH_SHA2_STEM) - 1) | ||
52 | fatal("%s: kexname too short \"%s\"", __func__, kexname); | ||
53 | return key_curve_name_to_nid(kexname + sizeof(KEX_ECDH_SHA2_STEM) - 1); | ||
54 | } | ||
55 | |||
56 | const EVP_MD * | ||
57 | kex_ecdh_name_to_evpmd(const char *kexname) | ||
58 | { | ||
59 | int nid = kex_ecdh_name_to_nid(kexname); | ||
60 | |||
61 | if (nid == -1) | ||
62 | fatal("%s: unsupported ECDH curve \"%s\"", __func__, kexname); | ||
63 | return key_ec_nid_to_evpmd(nid); | ||
64 | } | ||
65 | |||
66 | void | 48 | void |
67 | kex_ecdh_hash( | 49 | kex_ecdh_hash( |
68 | const EVP_MD *evp_md, | 50 | const EVP_MD *evp_md, |
diff --git a/kexecdhc.c b/kexecdhc.c index 115d4bf83..6193836c7 100644 --- a/kexecdhc.c +++ b/kexecdhc.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: kexecdhc.c,v 1.2 2010/09/22 05:01:29 djm Exp $ */ | 1 | /* $OpenBSD: kexecdhc.c,v 1.4 2013/05/17 00:13:13 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. |
4 | * Copyright (c) 2010 Damien Miller. All rights reserved. | 4 | * Copyright (c) 2010 Damien Miller. All rights reserved. |
@@ -57,11 +57,8 @@ kexecdh_client(Kex *kex) | |||
57 | u_char *server_host_key_blob = NULL, *signature = NULL; | 57 | u_char *server_host_key_blob = NULL, *signature = NULL; |
58 | u_char *kbuf, *hash; | 58 | u_char *kbuf, *hash; |
59 | u_int klen, slen, sbloblen, hashlen; | 59 | u_int klen, slen, sbloblen, hashlen; |
60 | int curve_nid; | ||
61 | 60 | ||
62 | if ((curve_nid = kex_ecdh_name_to_nid(kex->name)) == -1) | 61 | if ((client_key = EC_KEY_new_by_curve_name(kex->ec_nid)) == NULL) |
63 | fatal("%s: unsupported ECDH curve \"%s\"", __func__, kex->name); | ||
64 | if ((client_key = EC_KEY_new_by_curve_name(curve_nid)) == NULL) | ||
65 | fatal("%s: EC_KEY_new_by_curve_name failed", __func__); | 62 | fatal("%s: EC_KEY_new_by_curve_name failed", __func__); |
66 | if (EC_KEY_generate_key(client_key) != 1) | 63 | if (EC_KEY_generate_key(client_key) != 1) |
67 | fatal("%s: EC_KEY_generate_key failed", __func__); | 64 | fatal("%s: EC_KEY_generate_key failed", __func__); |
@@ -123,7 +120,7 @@ kexecdh_client(Kex *kex) | |||
123 | if (BN_bin2bn(kbuf, klen, shared_secret) == NULL) | 120 | if (BN_bin2bn(kbuf, klen, shared_secret) == NULL) |
124 | fatal("%s: BN_bin2bn failed", __func__); | 121 | fatal("%s: BN_bin2bn failed", __func__); |
125 | memset(kbuf, 0, klen); | 122 | memset(kbuf, 0, klen); |
126 | xfree(kbuf); | 123 | free(kbuf); |
127 | 124 | ||
128 | /* calc and verify H */ | 125 | /* calc and verify H */ |
129 | kex_ecdh_hash( | 126 | kex_ecdh_hash( |
@@ -139,14 +136,14 @@ kexecdh_client(Kex *kex) | |||
139 | shared_secret, | 136 | shared_secret, |
140 | &hash, &hashlen | 137 | &hash, &hashlen |
141 | ); | 138 | ); |
142 | xfree(server_host_key_blob); | 139 | free(server_host_key_blob); |
143 | EC_POINT_clear_free(server_public); | 140 | EC_POINT_clear_free(server_public); |
144 | EC_KEY_free(client_key); | 141 | EC_KEY_free(client_key); |
145 | 142 | ||
146 | if (key_verify(server_host_key, signature, slen, hash, hashlen) != 1) | 143 | if (key_verify(server_host_key, signature, slen, hash, hashlen) != 1) |
147 | fatal("key_verify failed for server_host_key"); | 144 | fatal("key_verify failed for server_host_key"); |
148 | key_free(server_host_key); | 145 | key_free(server_host_key); |
149 | xfree(signature); | 146 | free(signature); |
150 | 147 | ||
151 | /* save session id */ | 148 | /* save session id */ |
152 | if (kex->session_id == NULL) { | 149 | if (kex->session_id == NULL) { |
diff --git a/kexecdhs.c b/kexecdhs.c index 8c515dfa6..3a580aacf 100644 --- a/kexecdhs.c +++ b/kexecdhs.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: kexecdhs.c,v 1.2 2010/09/22 05:01:29 djm Exp $ */ | 1 | /* $OpenBSD: kexecdhs.c,v 1.5 2013/07/19 07:37:48 markus Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. |
4 | * Copyright (c) 2010 Damien Miller. All rights reserved. | 4 | * Copyright (c) 2010 Damien Miller. All rights reserved. |
@@ -59,11 +59,8 @@ kexecdh_server(Kex *kex) | |||
59 | u_char *server_host_key_blob = NULL, *signature = NULL; | 59 | u_char *server_host_key_blob = NULL, *signature = NULL; |
60 | u_char *kbuf, *hash; | 60 | u_char *kbuf, *hash; |
61 | u_int klen, slen, sbloblen, hashlen; | 61 | u_int klen, slen, sbloblen, hashlen; |
62 | int curve_nid; | ||
63 | 62 | ||
64 | if ((curve_nid = kex_ecdh_name_to_nid(kex->name)) == -1) | 63 | if ((server_key = EC_KEY_new_by_curve_name(kex->ec_nid)) == NULL) |
65 | fatal("%s: unsupported ECDH curve \"%s\"", __func__, kex->name); | ||
66 | if ((server_key = EC_KEY_new_by_curve_name(curve_nid)) == NULL) | ||
67 | fatal("%s: EC_KEY_new_by_curve_name failed", __func__); | 64 | fatal("%s: EC_KEY_new_by_curve_name failed", __func__); |
68 | if (EC_KEY_generate_key(server_key) != 1) | 65 | if (EC_KEY_generate_key(server_key) != 1) |
69 | fatal("%s: EC_KEY_generate_key failed", __func__); | 66 | fatal("%s: EC_KEY_generate_key failed", __func__); |
@@ -81,9 +78,6 @@ kexecdh_server(Kex *kex) | |||
81 | if (server_host_public == NULL) | 78 | if (server_host_public == NULL) |
82 | fatal("Unsupported hostkey type %d", kex->hostkey_type); | 79 | fatal("Unsupported hostkey type %d", kex->hostkey_type); |
83 | server_host_private = kex->load_host_private_key(kex->hostkey_type); | 80 | server_host_private = kex->load_host_private_key(kex->hostkey_type); |
84 | if (server_host_private == NULL) | ||
85 | fatal("Missing private key for hostkey type %d", | ||
86 | kex->hostkey_type); | ||
87 | 81 | ||
88 | debug("expecting SSH2_MSG_KEX_ECDH_INIT"); | 82 | debug("expecting SSH2_MSG_KEX_ECDH_INIT"); |
89 | packet_read_expect(SSH2_MSG_KEX_ECDH_INIT); | 83 | packet_read_expect(SSH2_MSG_KEX_ECDH_INIT); |
@@ -115,7 +109,7 @@ kexecdh_server(Kex *kex) | |||
115 | if (BN_bin2bn(kbuf, klen, shared_secret) == NULL) | 109 | if (BN_bin2bn(kbuf, klen, shared_secret) == NULL) |
116 | fatal("%s: BN_bin2bn failed", __func__); | 110 | fatal("%s: BN_bin2bn failed", __func__); |
117 | memset(kbuf, 0, klen); | 111 | memset(kbuf, 0, klen); |
118 | xfree(kbuf); | 112 | free(kbuf); |
119 | 113 | ||
120 | /* calc H */ | 114 | /* calc H */ |
121 | key_to_blob(server_host_public, &server_host_key_blob, &sbloblen); | 115 | key_to_blob(server_host_public, &server_host_key_blob, &sbloblen); |
@@ -142,9 +136,8 @@ kexecdh_server(Kex *kex) | |||
142 | } | 136 | } |
143 | 137 | ||
144 | /* sign H */ | 138 | /* sign H */ |
145 | if (PRIVSEP(key_sign(server_host_private, &signature, &slen, | 139 | kex->sign(server_host_private, server_host_public, &signature, &slen, |
146 | hash, hashlen)) < 0) | 140 | hash, hashlen); |
147 | fatal("kexdh_server: key_sign failed"); | ||
148 | 141 | ||
149 | /* destroy_sensitive_data(); */ | 142 | /* destroy_sensitive_data(); */ |
150 | 143 | ||
@@ -155,8 +148,8 @@ kexecdh_server(Kex *kex) | |||
155 | packet_put_string(signature, slen); | 148 | packet_put_string(signature, slen); |
156 | packet_send(); | 149 | packet_send(); |
157 | 150 | ||
158 | xfree(signature); | 151 | free(signature); |
159 | xfree(server_host_key_blob); | 152 | free(server_host_key_blob); |
160 | /* have keys, free server key */ | 153 | /* have keys, free server key */ |
161 | EC_KEY_free(server_key); | 154 | EC_KEY_free(server_key); |
162 | 155 | ||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: kexgexc.c,v 1.12 2010/11/10 01:33:07 djm Exp $ */ | 1 | /* $OpenBSD: kexgexc.c,v 1.13 2013/05/17 00:13:13 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Niels Provos. All rights reserved. | 3 | * Copyright (c) 2000 Niels Provos. All rights reserved. |
4 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2001 Markus Friedl. All rights reserved. |
@@ -163,7 +163,7 @@ kexgex_client(Kex *kex) | |||
163 | if (BN_bin2bn(kbuf, kout, shared_secret) == NULL) | 163 | if (BN_bin2bn(kbuf, kout, shared_secret) == NULL) |
164 | fatal("kexgex_client: BN_bin2bn failed"); | 164 | fatal("kexgex_client: BN_bin2bn failed"); |
165 | memset(kbuf, 0, klen); | 165 | memset(kbuf, 0, klen); |
166 | xfree(kbuf); | 166 | free(kbuf); |
167 | 167 | ||
168 | if (datafellows & SSH_OLD_DHGEX) | 168 | if (datafellows & SSH_OLD_DHGEX) |
169 | min = max = -1; | 169 | min = max = -1; |
@@ -186,13 +186,13 @@ kexgex_client(Kex *kex) | |||
186 | 186 | ||
187 | /* have keys, free DH */ | 187 | /* have keys, free DH */ |
188 | DH_free(dh); | 188 | DH_free(dh); |
189 | xfree(server_host_key_blob); | 189 | free(server_host_key_blob); |
190 | BN_clear_free(dh_server_pub); | 190 | BN_clear_free(dh_server_pub); |
191 | 191 | ||
192 | if (key_verify(server_host_key, signature, slen, hash, hashlen) != 1) | 192 | if (key_verify(server_host_key, signature, slen, hash, hashlen) != 1) |
193 | fatal("key_verify failed for server_host_key"); | 193 | fatal("key_verify failed for server_host_key"); |
194 | key_free(server_host_key); | 194 | key_free(server_host_key); |
195 | xfree(signature); | 195 | free(signature); |
196 | 196 | ||
197 | /* save session id */ | 197 | /* save session id */ |
198 | if (kex->session_id == NULL) { | 198 | if (kex->session_id == NULL) { |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: kexgexs.c,v 1.14 2010/11/10 01:33:07 djm Exp $ */ | 1 | /* $OpenBSD: kexgexs.c,v 1.16 2013/07/19 07:37:48 markus Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Niels Provos. All rights reserved. | 3 | * Copyright (c) 2000 Niels Provos. All rights reserved. |
4 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2001 Markus Friedl. All rights reserved. |
@@ -68,10 +68,6 @@ kexgex_server(Kex *kex) | |||
68 | if (server_host_public == NULL) | 68 | if (server_host_public == NULL) |
69 | fatal("Unsupported hostkey type %d", kex->hostkey_type); | 69 | fatal("Unsupported hostkey type %d", kex->hostkey_type); |
70 | server_host_private = kex->load_host_private_key(kex->hostkey_type); | 70 | server_host_private = kex->load_host_private_key(kex->hostkey_type); |
71 | if (server_host_private == NULL) | ||
72 | fatal("Missing private key for hostkey type %d", | ||
73 | kex->hostkey_type); | ||
74 | |||
75 | 71 | ||
76 | type = packet_read(); | 72 | type = packet_read(); |
77 | switch (type) { | 73 | switch (type) { |
@@ -155,7 +151,7 @@ kexgex_server(Kex *kex) | |||
155 | if (BN_bin2bn(kbuf, kout, shared_secret) == NULL) | 151 | if (BN_bin2bn(kbuf, kout, shared_secret) == NULL) |
156 | fatal("kexgex_server: BN_bin2bn failed"); | 152 | fatal("kexgex_server: BN_bin2bn failed"); |
157 | memset(kbuf, 0, klen); | 153 | memset(kbuf, 0, klen); |
158 | xfree(kbuf); | 154 | free(kbuf); |
159 | 155 | ||
160 | key_to_blob(server_host_public, &server_host_key_blob, &sbloblen); | 156 | key_to_blob(server_host_public, &server_host_key_blob, &sbloblen); |
161 | 157 | ||
@@ -187,9 +183,8 @@ kexgex_server(Kex *kex) | |||
187 | } | 183 | } |
188 | 184 | ||
189 | /* sign H */ | 185 | /* sign H */ |
190 | if (PRIVSEP(key_sign(server_host_private, &signature, &slen, hash, | 186 | kex->sign(server_host_private, server_host_public, &signature, &slen, |
191 | hashlen)) < 0) | 187 | hash, hashlen); |
192 | fatal("kexgex_server: key_sign failed"); | ||
193 | 188 | ||
194 | /* destroy_sensitive_data(); */ | 189 | /* destroy_sensitive_data(); */ |
195 | 190 | ||
@@ -201,8 +196,8 @@ kexgex_server(Kex *kex) | |||
201 | packet_put_string(signature, slen); | 196 | packet_put_string(signature, slen); |
202 | packet_send(); | 197 | packet_send(); |
203 | 198 | ||
204 | xfree(signature); | 199 | free(signature); |
205 | xfree(server_host_key_blob); | 200 | free(server_host_key_blob); |
206 | /* have keys, free DH */ | 201 | /* have keys, free DH */ |
207 | DH_free(dh); | 202 | DH_free(dh); |
208 | 203 | ||
@@ -144,7 +144,7 @@ kexgss_client(Kex *kex) { | |||
144 | 144 | ||
145 | /* If we've got an old receive buffer get rid of it */ | 145 | /* If we've got an old receive buffer get rid of it */ |
146 | if (token_ptr != GSS_C_NO_BUFFER) | 146 | if (token_ptr != GSS_C_NO_BUFFER) |
147 | xfree(recv_tok.value); | 147 | free(recv_tok.value); |
148 | 148 | ||
149 | if (maj_status == GSS_S_COMPLETE) { | 149 | if (maj_status == GSS_S_COMPLETE) { |
150 | /* If mutual state flag is not true, kex fails */ | 150 | /* If mutual state flag is not true, kex fails */ |
@@ -261,7 +261,7 @@ kexgss_client(Kex *kex) { | |||
261 | fatal("kexdh_client: BN_bin2bn failed"); | 261 | fatal("kexdh_client: BN_bin2bn failed"); |
262 | 262 | ||
263 | memset(kbuf, 0, klen); | 263 | memset(kbuf, 0, klen); |
264 | xfree(kbuf); | 264 | free(kbuf); |
265 | 265 | ||
266 | switch (kex->kex_type) { | 266 | switch (kex->kex_type) { |
267 | case KEX_GSS_GRP1_SHA1: | 267 | case KEX_GSS_GRP1_SHA1: |
@@ -304,11 +304,10 @@ kexgss_client(Kex *kex) { | |||
304 | if (GSS_ERROR(ssh_gssapi_checkmic(ctxt, &gssbuf, &msg_tok))) | 304 | if (GSS_ERROR(ssh_gssapi_checkmic(ctxt, &gssbuf, &msg_tok))) |
305 | packet_disconnect("Hash's MIC didn't verify"); | 305 | packet_disconnect("Hash's MIC didn't verify"); |
306 | 306 | ||
307 | xfree(msg_tok.value); | 307 | free(msg_tok.value); |
308 | 308 | ||
309 | DH_free(dh); | 309 | DH_free(dh); |
310 | if (serverhostkey) | 310 | free(serverhostkey); |
311 | xfree(serverhostkey); | ||
312 | BN_clear_free(dh_server_pub); | 311 | BN_clear_free(dh_server_pub); |
313 | 312 | ||
314 | /* save session id */ | 313 | /* save session id */ |
@@ -78,9 +78,10 @@ kexgss_server(Kex *kex) | |||
78 | * in the GSSAPI code are no longer available. This kludges them back | 78 | * in the GSSAPI code are no longer available. This kludges them back |
79 | * into life | 79 | * into life |
80 | */ | 80 | */ |
81 | if (!ssh_gssapi_oid_table_ok()) | 81 | if (!ssh_gssapi_oid_table_ok()) { |
82 | if ((mechs = ssh_gssapi_server_mechanisms())) | 82 | mechs = ssh_gssapi_server_mechanisms(); |
83 | xfree(mechs); | 83 | free(mechs); |
84 | } | ||
84 | 85 | ||
85 | debug2("%s: Identifying %s", __func__, kex->name); | 86 | debug2("%s: Identifying %s", __func__, kex->name); |
86 | oid = ssh_gssapi_id_kex(NULL, kex->name, kex->kex_type); | 87 | oid = ssh_gssapi_id_kex(NULL, kex->name, kex->kex_type); |
@@ -158,7 +159,7 @@ kexgss_server(Kex *kex) | |||
158 | maj_status = PRIVSEP(ssh_gssapi_accept_ctx(ctxt, &recv_tok, | 159 | maj_status = PRIVSEP(ssh_gssapi_accept_ctx(ctxt, &recv_tok, |
159 | &send_tok, &ret_flags)); | 160 | &send_tok, &ret_flags)); |
160 | 161 | ||
161 | xfree(recv_tok.value); | 162 | free(recv_tok.value); |
162 | 163 | ||
163 | if (maj_status != GSS_S_COMPLETE && send_tok.length == 0) | 164 | if (maj_status != GSS_S_COMPLETE && send_tok.length == 0) |
164 | fatal("Zero length token output when incomplete"); | 165 | fatal("Zero length token output when incomplete"); |
@@ -207,7 +208,7 @@ kexgss_server(Kex *kex) | |||
207 | fatal("kexgss_server: BN_bin2bn failed"); | 208 | fatal("kexgss_server: BN_bin2bn failed"); |
208 | 209 | ||
209 | memset(kbuf, 0, klen); | 210 | memset(kbuf, 0, klen); |
210 | xfree(kbuf); | 211 | free(kbuf); |
211 | 212 | ||
212 | switch (kex->kex_type) { | 213 | switch (kex->kex_type) { |
213 | case KEX_GSS_GRP1_SHA1: | 214 | case KEX_GSS_GRP1_SHA1: |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: key.c,v 1.100 2013/01/17 23:00:01 djm Exp $ */ | 1 | /* $OpenBSD: key.c,v 1.104 2013/05/19 02:42:42 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * read_bignum(): | 3 | * read_bignum(): |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -187,14 +187,13 @@ cert_free(struct KeyCert *cert) | |||
187 | buffer_free(&cert->certblob); | 187 | buffer_free(&cert->certblob); |
188 | buffer_free(&cert->critical); | 188 | buffer_free(&cert->critical); |
189 | buffer_free(&cert->extensions); | 189 | buffer_free(&cert->extensions); |
190 | if (cert->key_id != NULL) | 190 | free(cert->key_id); |
191 | xfree(cert->key_id); | ||
192 | for (i = 0; i < cert->nprincipals; i++) | 191 | for (i = 0; i < cert->nprincipals; i++) |
193 | xfree(cert->principals[i]); | 192 | free(cert->principals[i]); |
194 | if (cert->principals != NULL) | 193 | free(cert->principals); |
195 | xfree(cert->principals); | ||
196 | if (cert->signature_key != NULL) | 194 | if (cert->signature_key != NULL) |
197 | key_free(cert->signature_key); | 195 | key_free(cert->signature_key); |
196 | free(cert); | ||
198 | } | 197 | } |
199 | 198 | ||
200 | void | 199 | void |
@@ -238,7 +237,7 @@ key_free(Key *k) | |||
238 | k->cert = NULL; | 237 | k->cert = NULL; |
239 | } | 238 | } |
240 | 239 | ||
241 | xfree(k); | 240 | free(k); |
242 | } | 241 | } |
243 | 242 | ||
244 | static int | 243 | static int |
@@ -388,7 +387,7 @@ key_fingerprint_raw(const Key *k, enum fp_type dgst_type, | |||
388 | EVP_DigestUpdate(&ctx, blob, len); | 387 | EVP_DigestUpdate(&ctx, blob, len); |
389 | EVP_DigestFinal(&ctx, retval, dgst_raw_length); | 388 | EVP_DigestFinal(&ctx, retval, dgst_raw_length); |
390 | memset(blob, 0, len); | 389 | memset(blob, 0, len); |
391 | xfree(blob); | 390 | free(blob); |
392 | } else { | 391 | } else { |
393 | fatal("key_fingerprint_raw: blob is null"); | 392 | fatal("key_fingerprint_raw: blob is null"); |
394 | } | 393 | } |
@@ -570,7 +569,7 @@ key_fingerprint_randomart(u_char *dgst_raw, u_int dgst_raw_len, const Key *k) | |||
570 | } | 569 | } |
571 | 570 | ||
572 | char * | 571 | char * |
573 | key_fingerprint(Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep) | 572 | key_fingerprint(const Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep) |
574 | { | 573 | { |
575 | char *retval = NULL; | 574 | char *retval = NULL; |
576 | u_char *dgst_raw; | 575 | u_char *dgst_raw; |
@@ -595,7 +594,7 @@ key_fingerprint(Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep) | |||
595 | break; | 594 | break; |
596 | } | 595 | } |
597 | memset(dgst_raw, 0, dgst_raw_len); | 596 | memset(dgst_raw, 0, dgst_raw_len); |
598 | xfree(dgst_raw); | 597 | free(dgst_raw); |
599 | return retval; | 598 | return retval; |
600 | } | 599 | } |
601 | 600 | ||
@@ -740,11 +739,11 @@ key_read(Key *ret, char **cpp) | |||
740 | n = uudecode(cp, blob, len); | 739 | n = uudecode(cp, blob, len); |
741 | if (n < 0) { | 740 | if (n < 0) { |
742 | error("key_read: uudecode %s failed", cp); | 741 | error("key_read: uudecode %s failed", cp); |
743 | xfree(blob); | 742 | free(blob); |
744 | return -1; | 743 | return -1; |
745 | } | 744 | } |
746 | k = key_from_blob(blob, (u_int)n); | 745 | k = key_from_blob(blob, (u_int)n); |
747 | xfree(blob); | 746 | free(blob); |
748 | if (k == NULL) { | 747 | if (k == NULL) { |
749 | error("key_read: key_from_blob %s failed", cp); | 748 | error("key_read: key_from_blob %s failed", cp); |
750 | return -1; | 749 | return -1; |
@@ -885,43 +884,13 @@ key_write(const Key *key, FILE *f) | |||
885 | fprintf(f, "%s %s", key_ssh_name(key), uu); | 884 | fprintf(f, "%s %s", key_ssh_name(key), uu); |
886 | success = 1; | 885 | success = 1; |
887 | } | 886 | } |
888 | xfree(blob); | 887 | free(blob); |
889 | xfree(uu); | 888 | free(uu); |
890 | 889 | ||
891 | return success; | 890 | return success; |
892 | } | 891 | } |
893 | 892 | ||
894 | const char * | 893 | const char * |
895 | key_type(const Key *k) | ||
896 | { | ||
897 | switch (k->type) { | ||
898 | case KEY_RSA1: | ||
899 | return "RSA1"; | ||
900 | case KEY_RSA: | ||
901 | return "RSA"; | ||
902 | case KEY_DSA: | ||
903 | return "DSA"; | ||
904 | #ifdef OPENSSL_HAS_ECC | ||
905 | case KEY_ECDSA: | ||
906 | return "ECDSA"; | ||
907 | #endif | ||
908 | case KEY_RSA_CERT_V00: | ||
909 | return "RSA-CERT-V00"; | ||
910 | case KEY_DSA_CERT_V00: | ||
911 | return "DSA-CERT-V00"; | ||
912 | case KEY_RSA_CERT: | ||
913 | return "RSA-CERT"; | ||
914 | case KEY_DSA_CERT: | ||
915 | return "DSA-CERT"; | ||
916 | #ifdef OPENSSL_HAS_ECC | ||
917 | case KEY_ECDSA_CERT: | ||
918 | return "ECDSA-CERT"; | ||
919 | #endif | ||
920 | } | ||
921 | return "unknown"; | ||
922 | } | ||
923 | |||
924 | const char * | ||
925 | key_cert_type(const Key *k) | 894 | key_cert_type(const Key *k) |
926 | { | 895 | { |
927 | switch (k->cert->type) { | 896 | switch (k->cert->type) { |
@@ -934,50 +903,60 @@ key_cert_type(const Key *k) | |||
934 | } | 903 | } |
935 | } | 904 | } |
936 | 905 | ||
906 | struct keytype { | ||
907 | char *name; | ||
908 | char *shortname; | ||
909 | int type; | ||
910 | int nid; | ||
911 | int cert; | ||
912 | }; | ||
913 | static const struct keytype keytypes[] = { | ||
914 | { NULL, "RSA1", KEY_RSA1, 0, 0 }, | ||
915 | { "ssh-rsa", "RSA", KEY_RSA, 0, 0 }, | ||
916 | { "ssh-dss", "DSA", KEY_DSA, 0, 0 }, | ||
917 | #ifdef OPENSSL_HAS_ECC | ||
918 | { "ecdsa-sha2-nistp256", "ECDSA", KEY_ECDSA, NID_X9_62_prime256v1, 0 }, | ||
919 | { "ecdsa-sha2-nistp384", "ECDSA", KEY_ECDSA, NID_secp384r1, 0 }, | ||
920 | { "ecdsa-sha2-nistp521", "ECDSA", KEY_ECDSA, NID_secp521r1, 0 }, | ||
921 | #endif /* OPENSSL_HAS_ECC */ | ||
922 | { "ssh-rsa-cert-v01@openssh.com", "RSA-CERT", KEY_RSA_CERT, 0, 1 }, | ||
923 | { "ssh-dss-cert-v01@openssh.com", "DSA-CERT", KEY_DSA_CERT, 0, 1 }, | ||
924 | #ifdef OPENSSL_HAS_ECC | ||
925 | { "ecdsa-sha2-nistp256-cert-v01@openssh.com", "ECDSA-CERT", | ||
926 | KEY_ECDSA_CERT, NID_X9_62_prime256v1, 1 }, | ||
927 | { "ecdsa-sha2-nistp384-cert-v01@openssh.com", "ECDSA-CERT", | ||
928 | KEY_ECDSA_CERT, NID_secp384r1, 1 }, | ||
929 | { "ecdsa-sha2-nistp521-cert-v01@openssh.com", "ECDSA-CERT", | ||
930 | KEY_ECDSA_CERT, NID_secp521r1, 1 }, | ||
931 | #endif /* OPENSSL_HAS_ECC */ | ||
932 | { "ssh-rsa-cert-v00@openssh.com", "RSA-CERT-V00", | ||
933 | KEY_RSA_CERT_V00, 0, 1 }, | ||
934 | { "ssh-dss-cert-v00@openssh.com", "DSA-CERT-V00", | ||
935 | KEY_DSA_CERT_V00, 0, 1 }, | ||
936 | { "null", "null", KEY_NULL, 0, 0 }, | ||
937 | { NULL, NULL, -1, -1, 0 } | ||
938 | }; | ||
939 | |||
940 | const char * | ||
941 | key_type(const Key *k) | ||
942 | { | ||
943 | const struct keytype *kt; | ||
944 | |||
945 | for (kt = keytypes; kt->type != -1; kt++) { | ||
946 | if (kt->type == k->type) | ||
947 | return kt->shortname; | ||
948 | } | ||
949 | return "unknown"; | ||
950 | } | ||
951 | |||
937 | static const char * | 952 | static const char * |
938 | key_ssh_name_from_type_nid(int type, int nid) | 953 | key_ssh_name_from_type_nid(int type, int nid) |
939 | { | 954 | { |
940 | switch (type) { | 955 | const struct keytype *kt; |
941 | case KEY_RSA: | 956 | |
942 | return "ssh-rsa"; | 957 | for (kt = keytypes; kt->type != -1; kt++) { |
943 | case KEY_DSA: | 958 | if (kt->type == type && (kt->nid == 0 || kt->nid == nid)) |
944 | return "ssh-dss"; | 959 | return kt->name; |
945 | case KEY_RSA_CERT_V00: | ||
946 | return "ssh-rsa-cert-v00@openssh.com"; | ||
947 | case KEY_DSA_CERT_V00: | ||
948 | return "ssh-dss-cert-v00@openssh.com"; | ||
949 | case KEY_RSA_CERT: | ||
950 | return "ssh-rsa-cert-v01@openssh.com"; | ||
951 | case KEY_DSA_CERT: | ||
952 | return "ssh-dss-cert-v01@openssh.com"; | ||
953 | #ifdef OPENSSL_HAS_ECC | ||
954 | case KEY_ECDSA: | ||
955 | switch (nid) { | ||
956 | case NID_X9_62_prime256v1: | ||
957 | return "ecdsa-sha2-nistp256"; | ||
958 | case NID_secp384r1: | ||
959 | return "ecdsa-sha2-nistp384"; | ||
960 | case NID_secp521r1: | ||
961 | return "ecdsa-sha2-nistp521"; | ||
962 | default: | ||
963 | break; | ||
964 | } | ||
965 | break; | ||
966 | case KEY_ECDSA_CERT: | ||
967 | switch (nid) { | ||
968 | case NID_X9_62_prime256v1: | ||
969 | return "ecdsa-sha2-nistp256-cert-v01@openssh.com"; | ||
970 | case NID_secp384r1: | ||
971 | return "ecdsa-sha2-nistp384-cert-v01@openssh.com"; | ||
972 | case NID_secp521r1: | ||
973 | return "ecdsa-sha2-nistp521-cert-v01@openssh.com"; | ||
974 | default: | ||
975 | break; | ||
976 | } | ||
977 | break; | ||
978 | #endif /* OPENSSL_HAS_ECC */ | ||
979 | case KEY_NULL: | ||
980 | return "null"; | ||
981 | } | 960 | } |
982 | return "ssh-unknown"; | 961 | return "ssh-unknown"; |
983 | } | 962 | } |
@@ -995,6 +974,56 @@ key_ssh_name_plain(const Key *k) | |||
995 | k->ecdsa_nid); | 974 | k->ecdsa_nid); |
996 | } | 975 | } |
997 | 976 | ||
977 | int | ||
978 | key_type_from_name(char *name) | ||
979 | { | ||
980 | const struct keytype *kt; | ||
981 | |||
982 | for (kt = keytypes; kt->type != -1; kt++) { | ||
983 | /* Only allow shortname matches for plain key types */ | ||
984 | if ((kt->name != NULL && strcmp(name, kt->name) == 0) || | ||
985 | (!kt->cert && strcasecmp(kt->shortname, name) == 0)) | ||
986 | return kt->type; | ||
987 | } | ||
988 | debug2("key_type_from_name: unknown key type '%s'", name); | ||
989 | return KEY_UNSPEC; | ||
990 | } | ||
991 | |||
992 | int | ||
993 | key_ecdsa_nid_from_name(const char *name) | ||
994 | { | ||
995 | const struct keytype *kt; | ||
996 | |||
997 | for (kt = keytypes; kt->type != -1; kt++) { | ||
998 | if (kt->type != KEY_ECDSA && kt->type != KEY_ECDSA_CERT) | ||
999 | continue; | ||
1000 | if (kt->name != NULL && strcmp(name, kt->name) == 0) | ||
1001 | return kt->nid; | ||
1002 | } | ||
1003 | debug2("%s: unknown/non-ECDSA key type '%s'", __func__, name); | ||
1004 | return -1; | ||
1005 | } | ||
1006 | |||
1007 | char * | ||
1008 | key_alg_list(void) | ||
1009 | { | ||
1010 | char *ret = NULL; | ||
1011 | size_t nlen, rlen = 0; | ||
1012 | const struct keytype *kt; | ||
1013 | |||
1014 | for (kt = keytypes; kt->type != -1; kt++) { | ||
1015 | if (kt->name == NULL) | ||
1016 | continue; | ||
1017 | if (ret != NULL) | ||
1018 | ret[rlen++] = '\n'; | ||
1019 | nlen = strlen(kt->name); | ||
1020 | ret = xrealloc(ret, 1, rlen + nlen + 2); | ||
1021 | memcpy(ret + rlen, kt->name, nlen + 1); | ||
1022 | rlen += nlen; | ||
1023 | } | ||
1024 | return ret; | ||
1025 | } | ||
1026 | |||
998 | u_int | 1027 | u_int |
999 | key_size(const Key *k) | 1028 | key_size(const Key *k) |
1000 | { | 1029 | { |
@@ -1250,67 +1279,6 @@ key_from_private(const Key *k) | |||
1250 | } | 1279 | } |
1251 | 1280 | ||
1252 | int | 1281 | int |
1253 | key_type_from_name(char *name) | ||
1254 | { | ||
1255 | if (strcmp(name, "rsa1") == 0) { | ||
1256 | return KEY_RSA1; | ||
1257 | } else if (strcmp(name, "rsa") == 0) { | ||
1258 | return KEY_RSA; | ||
1259 | } else if (strcmp(name, "dsa") == 0) { | ||
1260 | return KEY_DSA; | ||
1261 | } else if (strcmp(name, "ssh-rsa") == 0) { | ||
1262 | return KEY_RSA; | ||
1263 | } else if (strcmp(name, "ssh-dss") == 0) { | ||
1264 | return KEY_DSA; | ||
1265 | #ifdef OPENSSL_HAS_ECC | ||
1266 | } else if (strcmp(name, "ecdsa") == 0 || | ||
1267 | strcmp(name, "ecdsa-sha2-nistp256") == 0 || | ||
1268 | strcmp(name, "ecdsa-sha2-nistp384") == 0 || | ||
1269 | strcmp(name, "ecdsa-sha2-nistp521") == 0) { | ||
1270 | return KEY_ECDSA; | ||
1271 | #endif | ||
1272 | } else if (strcmp(name, "ssh-rsa-cert-v00@openssh.com") == 0) { | ||
1273 | return KEY_RSA_CERT_V00; | ||
1274 | } else if (strcmp(name, "ssh-dss-cert-v00@openssh.com") == 0) { | ||
1275 | return KEY_DSA_CERT_V00; | ||
1276 | } else if (strcmp(name, "ssh-rsa-cert-v01@openssh.com") == 0) { | ||
1277 | return KEY_RSA_CERT; | ||
1278 | } else if (strcmp(name, "ssh-dss-cert-v01@openssh.com") == 0) { | ||
1279 | return KEY_DSA_CERT; | ||
1280 | #ifdef OPENSSL_HAS_ECC | ||
1281 | } else if (strcmp(name, "ecdsa-sha2-nistp256-cert-v01@openssh.com") == 0 || | ||
1282 | strcmp(name, "ecdsa-sha2-nistp384-cert-v01@openssh.com") == 0 || | ||
1283 | strcmp(name, "ecdsa-sha2-nistp521-cert-v01@openssh.com") == 0) { | ||
1284 | return KEY_ECDSA_CERT; | ||
1285 | #endif | ||
1286 | } else if (strcmp(name, "null") == 0) { | ||
1287 | return KEY_NULL; | ||
1288 | } | ||
1289 | |||
1290 | debug2("key_type_from_name: unknown key type '%s'", name); | ||
1291 | return KEY_UNSPEC; | ||
1292 | } | ||
1293 | |||
1294 | int | ||
1295 | key_ecdsa_nid_from_name(const char *name) | ||
1296 | { | ||
1297 | #ifdef OPENSSL_HAS_ECC | ||
1298 | if (strcmp(name, "ecdsa-sha2-nistp256") == 0 || | ||
1299 | strcmp(name, "ecdsa-sha2-nistp256-cert-v01@openssh.com") == 0) | ||
1300 | return NID_X9_62_prime256v1; | ||
1301 | if (strcmp(name, "ecdsa-sha2-nistp384") == 0 || | ||
1302 | strcmp(name, "ecdsa-sha2-nistp384-cert-v01@openssh.com") == 0) | ||
1303 | return NID_secp384r1; | ||
1304 | if (strcmp(name, "ecdsa-sha2-nistp521") == 0 || | ||
1305 | strcmp(name, "ecdsa-sha2-nistp521-cert-v01@openssh.com") == 0) | ||
1306 | return NID_secp521r1; | ||
1307 | #endif /* OPENSSL_HAS_ECC */ | ||
1308 | |||
1309 | debug2("%s: unknown/non-ECDSA key type '%s'", __func__, name); | ||
1310 | return -1; | ||
1311 | } | ||
1312 | |||
1313 | int | ||
1314 | key_names_valid2(const char *names) | 1282 | key_names_valid2(const char *names) |
1315 | { | 1283 | { |
1316 | char *s, *cp, *p; | 1284 | char *s, *cp, *p; |
@@ -1323,12 +1291,12 @@ key_names_valid2(const char *names) | |||
1323 | switch (key_type_from_name(p)) { | 1291 | switch (key_type_from_name(p)) { |
1324 | case KEY_RSA1: | 1292 | case KEY_RSA1: |
1325 | case KEY_UNSPEC: | 1293 | case KEY_UNSPEC: |
1326 | xfree(s); | 1294 | free(s); |
1327 | return 0; | 1295 | return 0; |
1328 | } | 1296 | } |
1329 | } | 1297 | } |
1330 | debug3("key names ok: [%s]", names); | 1298 | debug3("key names ok: [%s]", names); |
1331 | xfree(s); | 1299 | free(s); |
1332 | return 1; | 1300 | return 1; |
1333 | } | 1301 | } |
1334 | 1302 | ||
@@ -1450,16 +1418,11 @@ cert_parse(Buffer *b, Key *key, const u_char *blob, u_int blen) | |||
1450 | 1418 | ||
1451 | out: | 1419 | out: |
1452 | buffer_free(&tmp); | 1420 | buffer_free(&tmp); |
1453 | if (principals != NULL) | 1421 | free(principals); |
1454 | xfree(principals); | 1422 | free(critical); |
1455 | if (critical != NULL) | 1423 | free(exts); |
1456 | xfree(critical); | 1424 | free(sig_key); |
1457 | if (exts != NULL) | 1425 | free(sig); |
1458 | xfree(exts); | ||
1459 | if (sig_key != NULL) | ||
1460 | xfree(sig_key); | ||
1461 | if (sig != NULL) | ||
1462 | xfree(sig); | ||
1463 | return ret; | 1426 | return ret; |
1464 | } | 1427 | } |
1465 | 1428 | ||
@@ -1579,10 +1542,8 @@ key_from_blob(const u_char *blob, u_int blen) | |||
1579 | if (key != NULL && rlen != 0) | 1542 | if (key != NULL && rlen != 0) |
1580 | error("key_from_blob: remaining bytes in key blob %d", rlen); | 1543 | error("key_from_blob: remaining bytes in key blob %d", rlen); |
1581 | out: | 1544 | out: |
1582 | if (ktype != NULL) | 1545 | free(ktype); |
1583 | xfree(ktype); | 1546 | free(curve); |
1584 | if (curve != NULL) | ||
1585 | xfree(curve); | ||
1586 | #ifdef OPENSSL_HAS_ECC | 1547 | #ifdef OPENSSL_HAS_ECC |
1587 | if (q != NULL) | 1548 | if (q != NULL) |
1588 | EC_POINT_free(q); | 1549 | EC_POINT_free(q); |
@@ -1932,7 +1893,7 @@ key_certify(Key *k, Key *ca) | |||
1932 | default: | 1893 | default: |
1933 | error("%s: key has incorrect type %s", __func__, key_type(k)); | 1894 | error("%s: key has incorrect type %s", __func__, key_type(k)); |
1934 | buffer_clear(&k->cert->certblob); | 1895 | buffer_clear(&k->cert->certblob); |
1935 | xfree(ca_blob); | 1896 | free(ca_blob); |
1936 | return -1; | 1897 | return -1; |
1937 | } | 1898 | } |
1938 | 1899 | ||
@@ -1968,7 +1929,7 @@ key_certify(Key *k, Key *ca) | |||
1968 | 1929 | ||
1969 | buffer_put_string(&k->cert->certblob, NULL, 0); /* reserved */ | 1930 | buffer_put_string(&k->cert->certblob, NULL, 0); /* reserved */ |
1970 | buffer_put_string(&k->cert->certblob, ca_blob, ca_len); | 1931 | buffer_put_string(&k->cert->certblob, ca_blob, ca_len); |
1971 | xfree(ca_blob); | 1932 | free(ca_blob); |
1972 | 1933 | ||
1973 | /* Sign the whole mess */ | 1934 | /* Sign the whole mess */ |
1974 | if (key_sign(ca, &sig_blob, &sig_len, buffer_ptr(&k->cert->certblob), | 1935 | if (key_sign(ca, &sig_blob, &sig_len, buffer_ptr(&k->cert->certblob), |
@@ -1979,7 +1940,7 @@ key_certify(Key *k, Key *ca) | |||
1979 | } | 1940 | } |
1980 | /* Append signature and we are done */ | 1941 | /* Append signature and we are done */ |
1981 | buffer_put_string(&k->cert->certblob, sig_blob, sig_len); | 1942 | buffer_put_string(&k->cert->certblob, sig_blob, sig_len); |
1982 | xfree(sig_blob); | 1943 | free(sig_blob); |
1983 | 1944 | ||
1984 | return 0; | 1945 | return 0; |
1985 | } | 1946 | } |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: key.h,v 1.35 2013/01/17 23:00:01 djm Exp $ */ | 1 | /* $OpenBSD: key.h,v 1.37 2013/05/19 02:42:42 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. |
@@ -96,7 +96,7 @@ void key_free(Key *); | |||
96 | Key *key_demote(const Key *); | 96 | Key *key_demote(const Key *); |
97 | int key_equal_public(const Key *, const Key *); | 97 | int key_equal_public(const Key *, const Key *); |
98 | int key_equal(const Key *, const Key *); | 98 | int key_equal(const Key *, const Key *); |
99 | char *key_fingerprint(Key *, enum fp_type, enum fp_rep); | 99 | char *key_fingerprint(const Key *, enum fp_type, enum fp_rep); |
100 | u_char *key_fingerprint_raw(const Key *, enum fp_type, u_int *); | 100 | u_char *key_fingerprint_raw(const Key *, enum fp_type, u_int *); |
101 | const char *key_type(const Key *); | 101 | const char *key_type(const Key *); |
102 | const char *key_cert_type(const Key *); | 102 | const char *key_cert_type(const Key *); |
@@ -119,15 +119,16 @@ int key_cert_is_legacy(const Key *); | |||
119 | 119 | ||
120 | int key_ecdsa_nid_from_name(const char *); | 120 | int key_ecdsa_nid_from_name(const char *); |
121 | int key_curve_name_to_nid(const char *); | 121 | int key_curve_name_to_nid(const char *); |
122 | const char * key_curve_nid_to_name(int); | 122 | const char *key_curve_nid_to_name(int); |
123 | u_int key_curve_nid_to_bits(int); | 123 | u_int key_curve_nid_to_bits(int); |
124 | int key_ecdsa_bits_to_nid(int); | 124 | int key_ecdsa_bits_to_nid(int); |
125 | #ifdef OPENSSL_HAS_ECC | 125 | #ifdef OPENSSL_HAS_ECC |
126 | int key_ecdsa_key_to_nid(EC_KEY *); | 126 | int key_ecdsa_key_to_nid(EC_KEY *); |
127 | const EVP_MD * key_ec_nid_to_evpmd(int nid); | 127 | const EVP_MD *key_ec_nid_to_evpmd(int nid); |
128 | int key_ec_validate_public(const EC_GROUP *, const EC_POINT *); | 128 | int key_ec_validate_public(const EC_GROUP *, const EC_POINT *); |
129 | int key_ec_validate_private(const EC_KEY *); | 129 | int key_ec_validate_private(const EC_KEY *); |
130 | #endif | 130 | #endif |
131 | char *key_alg_list(void); | ||
131 | 132 | ||
132 | Key *key_from_blob(const u_char *, u_int); | 133 | Key *key_from_blob(const u_char *, u_int); |
133 | int key_to_blob(const Key *, u_char **, u_int *); | 134 | int key_to_blob(const Key *, u_char **, u_int *); |
@@ -14,7 +14,7 @@ | |||
14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | 14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
15 | */ | 15 | */ |
16 | 16 | ||
17 | /* $OpenBSD: krl.c,v 1.10 2013/02/19 02:12:47 dtucker Exp $ */ | 17 | /* $OpenBSD: krl.c,v 1.13 2013/07/20 22:20:42 djm Exp $ */ |
18 | 18 | ||
19 | #include "includes.h" | 19 | #include "includes.h" |
20 | 20 | ||
@@ -502,8 +502,11 @@ choose_next_state(int current_state, u_int64_t contig, int final, | |||
502 | } | 502 | } |
503 | debug3("%s: contig %llu last_gap %llu next_gap %llu final %d, costs:" | 503 | debug3("%s: contig %llu last_gap %llu next_gap %llu final %d, costs:" |
504 | "list %llu range %llu bitmap %llu new bitmap %llu, " | 504 | "list %llu range %llu bitmap %llu new bitmap %llu, " |
505 | "selected 0x%02x%s", __func__, contig, last_gap, next_gap, final, | 505 | "selected 0x%02x%s", __func__, (long long unsigned)contig, |
506 | cost_list, cost_range, cost_bitmap, cost_bitmap_restart, new_state, | 506 | (long long unsigned)last_gap, (long long unsigned)next_gap, final, |
507 | (long long unsigned)cost_list, (long long unsigned)cost_range, | ||
508 | (long long unsigned)cost_bitmap, | ||
509 | (long long unsigned)cost_bitmap_restart, new_state, | ||
507 | *force_new_section ? " restart" : ""); | 510 | *force_new_section ? " restart" : ""); |
508 | return new_state; | 511 | return new_state; |
509 | } | 512 | } |
@@ -539,7 +542,8 @@ revoked_certs_generate(struct revoked_certs *rc, Buffer *buf) | |||
539 | rs != NULL; | 542 | rs != NULL; |
540 | rs = RB_NEXT(revoked_serial_tree, &rc->revoked_serials, rs)) { | 543 | rs = RB_NEXT(revoked_serial_tree, &rc->revoked_serials, rs)) { |
541 | debug3("%s: serial %llu:%llu state 0x%02x", __func__, | 544 | debug3("%s: serial %llu:%llu state 0x%02x", __func__, |
542 | rs->lo, rs->hi, state); | 545 | (long long unsigned)rs->lo, (long long unsigned)rs->hi, |
546 | state); | ||
543 | 547 | ||
544 | /* Check contiguous length and gap to next section (if any) */ | 548 | /* Check contiguous length and gap to next section (if any) */ |
545 | nrs = RB_NEXT(revoked_serial_tree, &rc->revoked_serials, rs); | 549 | nrs = RB_NEXT(revoked_serial_tree, &rc->revoked_serials, rs); |
@@ -883,9 +887,10 @@ ssh_krl_from_blob(Buffer *buf, struct ssh_krl **krlp, | |||
883 | char timestamp[64]; | 887 | char timestamp[64]; |
884 | int ret = -1, r, sig_seen; | 888 | int ret = -1, r, sig_seen; |
885 | Key *key = NULL, **ca_used = NULL; | 889 | Key *key = NULL, **ca_used = NULL; |
886 | u_char type, *blob; | 890 | u_char type, *blob, *rdata = NULL; |
887 | u_int i, j, sig_off, sects_off, blen, format_version, nca_used = 0; | 891 | u_int i, j, sig_off, sects_off, rlen, blen, format_version, nca_used; |
888 | 892 | ||
893 | nca_used = 0; | ||
889 | *krlp = NULL; | 894 | *krlp = NULL; |
890 | if (buffer_len(buf) < sizeof(KRL_MAGIC) - 1 || | 895 | if (buffer_len(buf) < sizeof(KRL_MAGIC) - 1 || |
891 | memcmp(buffer_ptr(buf), KRL_MAGIC, sizeof(KRL_MAGIC) - 1) != 0) { | 896 | memcmp(buffer_ptr(buf), KRL_MAGIC, sizeof(KRL_MAGIC) - 1) != 0) { |
@@ -928,8 +933,9 @@ ssh_krl_from_blob(Buffer *buf, struct ssh_krl **krlp, | |||
928 | } | 933 | } |
929 | 934 | ||
930 | format_timestamp(krl->generated_date, timestamp, sizeof(timestamp)); | 935 | format_timestamp(krl->generated_date, timestamp, sizeof(timestamp)); |
931 | debug("KRL version %llu generated at %s%s%s", krl->krl_version, | 936 | debug("KRL version %llu generated at %s%s%s", |
932 | timestamp, *krl->comment ? ": " : "", krl->comment); | 937 | (long long unsigned)krl->krl_version, timestamp, |
938 | *krl->comment ? ": " : "", krl->comment); | ||
933 | 939 | ||
934 | /* | 940 | /* |
935 | * 1st pass: verify signatures, if any. This is done to avoid | 941 | * 1st pass: verify signatures, if any. This is done to avoid |
@@ -967,7 +973,7 @@ ssh_krl_from_blob(Buffer *buf, struct ssh_krl **krlp, | |||
967 | } | 973 | } |
968 | /* Check signature over entire KRL up to this point */ | 974 | /* Check signature over entire KRL up to this point */ |
969 | if (key_verify(key, blob, blen, | 975 | if (key_verify(key, blob, blen, |
970 | buffer_ptr(buf), buffer_len(buf) - sig_off) == -1) { | 976 | buffer_ptr(buf), buffer_len(buf) - sig_off) != 1) { |
971 | error("bad signaure on KRL"); | 977 | error("bad signaure on KRL"); |
972 | goto out; | 978 | goto out; |
973 | } | 979 | } |
@@ -1010,21 +1016,22 @@ ssh_krl_from_blob(Buffer *buf, struct ssh_krl **krlp, | |||
1010 | case KRL_SECTION_EXPLICIT_KEY: | 1016 | case KRL_SECTION_EXPLICIT_KEY: |
1011 | case KRL_SECTION_FINGERPRINT_SHA1: | 1017 | case KRL_SECTION_FINGERPRINT_SHA1: |
1012 | while (buffer_len(§) > 0) { | 1018 | while (buffer_len(§) > 0) { |
1013 | if ((blob = buffer_get_string_ret(§, | 1019 | if ((rdata = buffer_get_string_ret(§, |
1014 | &blen)) == NULL) { | 1020 | &rlen)) == NULL) { |
1015 | error("%s: buffer error", __func__); | 1021 | error("%s: buffer error", __func__); |
1016 | goto out; | 1022 | goto out; |
1017 | } | 1023 | } |
1018 | if (type == KRL_SECTION_FINGERPRINT_SHA1 && | 1024 | if (type == KRL_SECTION_FINGERPRINT_SHA1 && |
1019 | blen != 20) { | 1025 | rlen != 20) { |
1020 | error("%s: bad SHA1 length", __func__); | 1026 | error("%s: bad SHA1 length", __func__); |
1021 | goto out; | 1027 | goto out; |
1022 | } | 1028 | } |
1023 | if (revoke_blob( | 1029 | if (revoke_blob( |
1024 | type == KRL_SECTION_EXPLICIT_KEY ? | 1030 | type == KRL_SECTION_EXPLICIT_KEY ? |
1025 | &krl->revoked_keys : &krl->revoked_sha1s, | 1031 | &krl->revoked_keys : &krl->revoked_sha1s, |
1026 | blob, blen) != 0) | 1032 | rdata, rlen) != 0) |
1027 | goto out; /* revoke_blob frees blob */ | 1033 | goto out; |
1034 | rdata = NULL; /* revoke_blob frees blob */ | ||
1028 | } | 1035 | } |
1029 | break; | 1036 | break; |
1030 | case KRL_SECTION_SIGNATURE: | 1037 | case KRL_SECTION_SIGNATURE: |
@@ -1090,6 +1097,7 @@ ssh_krl_from_blob(Buffer *buf, struct ssh_krl **krlp, | |||
1090 | key_free(ca_used[i]); | 1097 | key_free(ca_used[i]); |
1091 | } | 1098 | } |
1092 | free(ca_used); | 1099 | free(ca_used); |
1100 | free(rdata); | ||
1093 | if (key != NULL) | 1101 | if (key != NULL) |
1094 | key_free(key); | 1102 | key_free(key); |
1095 | buffer_free(©); | 1103 | buffer_free(©); |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: log.c,v 1.43 2012/09/06 04:37:39 dtucker Exp $ */ | 1 | /* $OpenBSD: log.c,v 1.45 2013/05/16 09:08:41 dtucker Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -38,6 +38,7 @@ | |||
38 | 38 | ||
39 | #include <sys/types.h> | 39 | #include <sys/types.h> |
40 | 40 | ||
41 | #include <fcntl.h> | ||
41 | #include <stdarg.h> | 42 | #include <stdarg.h> |
42 | #include <stdio.h> | 43 | #include <stdio.h> |
43 | #include <stdlib.h> | 44 | #include <stdlib.h> |
@@ -54,6 +55,7 @@ | |||
54 | 55 | ||
55 | static LogLevel log_level = SYSLOG_LEVEL_INFO; | 56 | static LogLevel log_level = SYSLOG_LEVEL_INFO; |
56 | static int log_on_stderr = 1; | 57 | static int log_on_stderr = 1; |
58 | static int log_stderr_fd = STDERR_FILENO; | ||
57 | static int log_facility = LOG_AUTH; | 59 | static int log_facility = LOG_AUTH; |
58 | static char *argv0; | 60 | static char *argv0; |
59 | static log_handler_fn *log_handler; | 61 | static log_handler_fn *log_handler; |
@@ -345,6 +347,20 @@ log_is_on_stderr(void) | |||
345 | return log_on_stderr; | 347 | return log_on_stderr; |
346 | } | 348 | } |
347 | 349 | ||
350 | /* redirect what would usually get written to stderr to specified file */ | ||
351 | void | ||
352 | log_redirect_stderr_to(const char *logfile) | ||
353 | { | ||
354 | int fd; | ||
355 | |||
356 | if ((fd = open(logfile, O_WRONLY|O_CREAT|O_APPEND, 0600)) == -1) { | ||
357 | fprintf(stderr, "Couldn't open logfile %s: %s\n", logfile, | ||
358 | strerror(errno)); | ||
359 | exit(1); | ||
360 | } | ||
361 | log_stderr_fd = fd; | ||
362 | } | ||
363 | |||
348 | #define MSGBUFSIZ 1024 | 364 | #define MSGBUFSIZ 1024 |
349 | 365 | ||
350 | void | 366 | void |
@@ -430,7 +446,7 @@ do_log(LogLevel level, const char *fmt, va_list args) | |||
430 | log_handler = tmp_handler; | 446 | log_handler = tmp_handler; |
431 | } else if (log_on_stderr) { | 447 | } else if (log_on_stderr) { |
432 | snprintf(msgbuf, sizeof msgbuf, "%s\r\n", fmtbuf); | 448 | snprintf(msgbuf, sizeof msgbuf, "%s\r\n", fmtbuf); |
433 | write(STDERR_FILENO, msgbuf, strlen(msgbuf)); | 449 | (void)write(log_stderr_fd, msgbuf, strlen(msgbuf)); |
434 | } else { | 450 | } else { |
435 | #if defined(HAVE_OPENLOG_R) && defined(SYSLOG_DATA_INIT) | 451 | #if defined(HAVE_OPENLOG_R) && defined(SYSLOG_DATA_INIT) |
436 | openlog_r(argv0 ? argv0 : __progname, LOG_PID, log_facility, &sdata); | 452 | openlog_r(argv0 ? argv0 : __progname, LOG_PID, log_facility, &sdata); |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: log.h,v 1.19 2012/09/06 04:37:39 dtucker Exp $ */ | 1 | /* $OpenBSD: log.h,v 1.20 2013/04/07 02:10:33 dtucker Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
@@ -51,6 +51,7 @@ typedef void (log_handler_fn)(LogLevel, const char *, void *); | |||
51 | void log_init(char *, LogLevel, SyslogFacility, int); | 51 | void log_init(char *, LogLevel, SyslogFacility, int); |
52 | void log_change_level(LogLevel); | 52 | void log_change_level(LogLevel); |
53 | int log_is_on_stderr(void); | 53 | int log_is_on_stderr(void); |
54 | void log_redirect_stderr_to(const char *); | ||
54 | 55 | ||
55 | SyslogFacility log_facility_number(char *); | 56 | SyslogFacility log_facility_number(char *); |
56 | const char * log_facility_name(SyslogFacility); | 57 | const char * log_facility_name(SyslogFacility); |
diff --git a/loginrec.c b/loginrec.c index f9662fa5c..59e8a44ee 100644 --- a/loginrec.c +++ b/loginrec.c | |||
@@ -347,7 +347,7 @@ logininfo *login_alloc_entry(pid_t pid, const char *username, | |||
347 | void | 347 | void |
348 | login_free_entry(struct logininfo *li) | 348 | login_free_entry(struct logininfo *li) |
349 | { | 349 | { |
350 | xfree(li); | 350 | free(li); |
351 | } | 351 | } |
352 | 352 | ||
353 | 353 | ||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: mac.c,v 1.21 2012/12/11 22:51:45 sthen Exp $ */ | 1 | /* $OpenBSD: mac.c,v 1.24 2013/06/03 00:03:18 dtucker Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -50,7 +50,7 @@ | |||
50 | #define SSH_UMAC 2 /* UMAC (not integrated with OpenSSL) */ | 50 | #define SSH_UMAC 2 /* UMAC (not integrated with OpenSSL) */ |
51 | #define SSH_UMAC128 3 | 51 | #define SSH_UMAC128 3 |
52 | 52 | ||
53 | struct { | 53 | struct macalg { |
54 | char *name; | 54 | char *name; |
55 | int type; | 55 | int type; |
56 | const EVP_MD * (*mdfunc)(void); | 56 | const EVP_MD * (*mdfunc)(void); |
@@ -58,7 +58,9 @@ struct { | |||
58 | int key_len; /* just for UMAC */ | 58 | int key_len; /* just for UMAC */ |
59 | int len; /* just for UMAC */ | 59 | int len; /* just for UMAC */ |
60 | int etm; /* Encrypt-then-MAC */ | 60 | int etm; /* Encrypt-then-MAC */ |
61 | } macs[] = { | 61 | }; |
62 | |||
63 | static const struct macalg macs[] = { | ||
62 | /* Encrypt-and-MAC (encrypt-and-authenticate) variants */ | 64 | /* Encrypt-and-MAC (encrypt-and-authenticate) variants */ |
63 | { "hmac-sha1", SSH_EVP, EVP_sha1, 0, 0, 0, 0 }, | 65 | { "hmac-sha1", SSH_EVP, EVP_sha1, 0, 0, 0, 0 }, |
64 | { "hmac-sha1-96", SSH_EVP, EVP_sha1, 96, 0, 0, 0 }, | 66 | { "hmac-sha1-96", SSH_EVP, EVP_sha1, 96, 0, 0, 0 }, |
@@ -89,38 +91,58 @@ struct { | |||
89 | { NULL, 0, NULL, 0, 0, 0, 0 } | 91 | { NULL, 0, NULL, 0, 0, 0, 0 } |
90 | }; | 92 | }; |
91 | 93 | ||
94 | /* Returns a comma-separated list of supported MACs. */ | ||
95 | char * | ||
96 | mac_alg_list(void) | ||
97 | { | ||
98 | char *ret = NULL; | ||
99 | size_t nlen, rlen = 0; | ||
100 | const struct macalg *m; | ||
101 | |||
102 | for (m = macs; m->name != NULL; m++) { | ||
103 | if (ret != NULL) | ||
104 | ret[rlen++] = '\n'; | ||
105 | nlen = strlen(m->name); | ||
106 | ret = xrealloc(ret, 1, rlen + nlen + 2); | ||
107 | memcpy(ret + rlen, m->name, nlen + 1); | ||
108 | rlen += nlen; | ||
109 | } | ||
110 | return ret; | ||
111 | } | ||
112 | |||
92 | static void | 113 | static void |
93 | mac_setup_by_id(Mac *mac, int which) | 114 | mac_setup_by_alg(Mac *mac, const struct macalg *macalg) |
94 | { | 115 | { |
95 | int evp_len; | 116 | int evp_len; |
96 | mac->type = macs[which].type; | 117 | |
118 | mac->type = macalg->type; | ||
97 | if (mac->type == SSH_EVP) { | 119 | if (mac->type == SSH_EVP) { |
98 | mac->evp_md = (*macs[which].mdfunc)(); | 120 | mac->evp_md = macalg->mdfunc(); |
99 | if ((evp_len = EVP_MD_size(mac->evp_md)) <= 0) | 121 | if ((evp_len = EVP_MD_size(mac->evp_md)) <= 0) |
100 | fatal("mac %s len %d", mac->name, evp_len); | 122 | fatal("mac %s len %d", mac->name, evp_len); |
101 | mac->key_len = mac->mac_len = (u_int)evp_len; | 123 | mac->key_len = mac->mac_len = (u_int)evp_len; |
102 | } else { | 124 | } else { |
103 | mac->mac_len = macs[which].len / 8; | 125 | mac->mac_len = macalg->len / 8; |
104 | mac->key_len = macs[which].key_len / 8; | 126 | mac->key_len = macalg->key_len / 8; |
105 | mac->umac_ctx = NULL; | 127 | mac->umac_ctx = NULL; |
106 | } | 128 | } |
107 | if (macs[which].truncatebits != 0) | 129 | if (macalg->truncatebits != 0) |
108 | mac->mac_len = macs[which].truncatebits / 8; | 130 | mac->mac_len = macalg->truncatebits / 8; |
109 | mac->etm = macs[which].etm; | 131 | mac->etm = macalg->etm; |
110 | } | 132 | } |
111 | 133 | ||
112 | int | 134 | int |
113 | mac_setup(Mac *mac, char *name) | 135 | mac_setup(Mac *mac, char *name) |
114 | { | 136 | { |
115 | int i; | 137 | const struct macalg *m; |
116 | 138 | ||
117 | for (i = 0; macs[i].name; i++) { | 139 | for (m = macs; m->name != NULL; m++) { |
118 | if (strcmp(name, macs[i].name) == 0) { | 140 | if (strcmp(name, m->name) != 0) |
119 | if (mac != NULL) | 141 | continue; |
120 | mac_setup_by_id(mac, i); | 142 | if (mac != NULL) |
121 | debug2("mac_setup: found %s", name); | 143 | mac_setup_by_alg(mac, m); |
122 | return (0); | 144 | debug2("mac_setup: found %s", name); |
123 | } | 145 | return (0); |
124 | } | 146 | } |
125 | debug2("mac_setup: unknown %s", name); | 147 | debug2("mac_setup: unknown %s", name); |
126 | return (-1); | 148 | return (-1); |
@@ -152,12 +174,15 @@ mac_init(Mac *mac) | |||
152 | u_char * | 174 | u_char * |
153 | mac_compute(Mac *mac, u_int32_t seqno, u_char *data, int datalen) | 175 | mac_compute(Mac *mac, u_int32_t seqno, u_char *data, int datalen) |
154 | { | 176 | { |
155 | static u_char m[EVP_MAX_MD_SIZE]; | 177 | static union { |
178 | u_char m[EVP_MAX_MD_SIZE]; | ||
179 | u_int64_t for_align; | ||
180 | } u; | ||
156 | u_char b[4], nonce[8]; | 181 | u_char b[4], nonce[8]; |
157 | 182 | ||
158 | if (mac->mac_len > sizeof(m)) | 183 | if (mac->mac_len > sizeof(u)) |
159 | fatal("mac_compute: mac too long %u %lu", | 184 | fatal("mac_compute: mac too long %u %lu", |
160 | mac->mac_len, (u_long)sizeof(m)); | 185 | mac->mac_len, (u_long)sizeof(u)); |
161 | 186 | ||
162 | switch (mac->type) { | 187 | switch (mac->type) { |
163 | case SSH_EVP: | 188 | case SSH_EVP: |
@@ -166,22 +191,22 @@ mac_compute(Mac *mac, u_int32_t seqno, u_char *data, int datalen) | |||
166 | HMAC_Init(&mac->evp_ctx, NULL, 0, NULL); | 191 | HMAC_Init(&mac->evp_ctx, NULL, 0, NULL); |
167 | HMAC_Update(&mac->evp_ctx, b, sizeof(b)); | 192 | HMAC_Update(&mac->evp_ctx, b, sizeof(b)); |
168 | HMAC_Update(&mac->evp_ctx, data, datalen); | 193 | HMAC_Update(&mac->evp_ctx, data, datalen); |
169 | HMAC_Final(&mac->evp_ctx, m, NULL); | 194 | HMAC_Final(&mac->evp_ctx, u.m, NULL); |
170 | break; | 195 | break; |
171 | case SSH_UMAC: | 196 | case SSH_UMAC: |
172 | put_u64(nonce, seqno); | 197 | put_u64(nonce, seqno); |
173 | umac_update(mac->umac_ctx, data, datalen); | 198 | umac_update(mac->umac_ctx, data, datalen); |
174 | umac_final(mac->umac_ctx, m, nonce); | 199 | umac_final(mac->umac_ctx, u.m, nonce); |
175 | break; | 200 | break; |
176 | case SSH_UMAC128: | 201 | case SSH_UMAC128: |
177 | put_u64(nonce, seqno); | 202 | put_u64(nonce, seqno); |
178 | umac128_update(mac->umac_ctx, data, datalen); | 203 | umac128_update(mac->umac_ctx, data, datalen); |
179 | umac128_final(mac->umac_ctx, m, nonce); | 204 | umac128_final(mac->umac_ctx, u.m, nonce); |
180 | break; | 205 | break; |
181 | default: | 206 | default: |
182 | fatal("mac_compute: unknown MAC type"); | 207 | fatal("mac_compute: unknown MAC type"); |
183 | } | 208 | } |
184 | return (m); | 209 | return (u.m); |
185 | } | 210 | } |
186 | 211 | ||
187 | void | 212 | void |
@@ -213,13 +238,13 @@ mac_valid(const char *names) | |||
213 | (p = strsep(&cp, MAC_SEP))) { | 238 | (p = strsep(&cp, MAC_SEP))) { |
214 | if (mac_setup(NULL, p) < 0) { | 239 | if (mac_setup(NULL, p) < 0) { |
215 | debug("bad mac %s [%s]", p, names); | 240 | debug("bad mac %s [%s]", p, names); |
216 | xfree(maclist); | 241 | free(maclist); |
217 | return (0); | 242 | return (0); |
218 | } else { | 243 | } else { |
219 | debug3("mac ok: %s [%s]", p, names); | 244 | debug3("mac ok: %s [%s]", p, names); |
220 | } | 245 | } |
221 | } | 246 | } |
222 | debug3("macs ok: [%s]", names); | 247 | debug3("macs ok: [%s]", names); |
223 | xfree(maclist); | 248 | free(maclist); |
224 | return (1); | 249 | return (1); |
225 | } | 250 | } |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: mac.h,v 1.6 2007/06/07 19:37:34 pvalchev Exp $ */ | 1 | /* $OpenBSD: mac.h,v 1.7 2013/04/19 01:06:50 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -24,6 +24,7 @@ | |||
24 | */ | 24 | */ |
25 | 25 | ||
26 | int mac_valid(const char *); | 26 | int mac_valid(const char *); |
27 | char *mac_alg_list(void); | ||
27 | int mac_setup(Mac *, char *); | 28 | int mac_setup(Mac *, char *); |
28 | int mac_init(Mac *); | 29 | int mac_init(Mac *); |
29 | u_char *mac_compute(Mac *, u_int32_t, u_char *, int); | 30 | u_char *mac_compute(Mac *, u_int32_t, u_char *, int); |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: match.c,v 1.27 2008/06/10 23:06:19 djm Exp $ */ | 1 | /* $OpenBSD: match.c,v 1.28 2013/05/17 00:13:13 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -40,6 +40,7 @@ | |||
40 | #include <sys/types.h> | 40 | #include <sys/types.h> |
41 | 41 | ||
42 | #include <ctype.h> | 42 | #include <ctype.h> |
43 | #include <stdlib.h> | ||
43 | #include <string.h> | 44 | #include <string.h> |
44 | 45 | ||
45 | #include "xmalloc.h" | 46 | #include "xmalloc.h" |
@@ -226,14 +227,14 @@ match_user(const char *user, const char *host, const char *ipaddr, | |||
226 | 227 | ||
227 | if ((ret = match_pattern(user, pat)) == 1) | 228 | if ((ret = match_pattern(user, pat)) == 1) |
228 | ret = match_host_and_ip(host, ipaddr, p); | 229 | ret = match_host_and_ip(host, ipaddr, p); |
229 | xfree(pat); | 230 | free(pat); |
230 | 231 | ||
231 | return ret; | 232 | return ret; |
232 | } | 233 | } |
233 | 234 | ||
234 | /* | 235 | /* |
235 | * Returns first item from client-list that is also supported by server-list, | 236 | * Returns first item from client-list that is also supported by server-list, |
236 | * caller must xfree() returned string. | 237 | * caller must free the returned string. |
237 | */ | 238 | */ |
238 | #define MAX_PROP 40 | 239 | #define MAX_PROP 40 |
239 | #define SEP "," | 240 | #define SEP "," |
@@ -264,15 +265,15 @@ match_list(const char *client, const char *server, u_int *next) | |||
264 | if (next != NULL) | 265 | if (next != NULL) |
265 | *next = (cp == NULL) ? | 266 | *next = (cp == NULL) ? |
266 | strlen(c) : (u_int)(cp - c); | 267 | strlen(c) : (u_int)(cp - c); |
267 | xfree(c); | 268 | free(c); |
268 | xfree(s); | 269 | free(s); |
269 | return ret; | 270 | return ret; |
270 | } | 271 | } |
271 | } | 272 | } |
272 | } | 273 | } |
273 | if (next != NULL) | 274 | if (next != NULL) |
274 | *next = strlen(c); | 275 | *next = strlen(c); |
275 | xfree(c); | 276 | free(c); |
276 | xfree(s); | 277 | free(s); |
277 | return NULL; | 278 | return NULL; |
278 | } | 279 | } |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: misc.c,v 1.86 2011/09/05 05:59:08 djm Exp $ */ | 1 | /* $OpenBSD: misc.c,v 1.91 2013/07/12 00:43:50 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * Copyright (c) 2005,2006 Damien Miller. All rights reserved. | 4 | * Copyright (c) 2005,2006 Damien Miller. All rights reserved. |
@@ -129,7 +129,7 @@ unset_nonblock(int fd) | |||
129 | const char * | 129 | const char * |
130 | ssh_gai_strerror(int gaierr) | 130 | ssh_gai_strerror(int gaierr) |
131 | { | 131 | { |
132 | if (gaierr == EAI_SYSTEM) | 132 | if (gaierr == EAI_SYSTEM && errno != 0) |
133 | return strerror(errno); | 133 | return strerror(errno); |
134 | return gai_strerror(gaierr); | 134 | return gai_strerror(gaierr); |
135 | } | 135 | } |
@@ -208,16 +208,18 @@ pwcopy(struct passwd *pw) | |||
208 | 208 | ||
209 | copy->pw_name = xstrdup(pw->pw_name); | 209 | copy->pw_name = xstrdup(pw->pw_name); |
210 | copy->pw_passwd = xstrdup(pw->pw_passwd); | 210 | copy->pw_passwd = xstrdup(pw->pw_passwd); |
211 | #ifdef HAVE_STRUCT_PASSWD_PW_GECOS | ||
211 | copy->pw_gecos = xstrdup(pw->pw_gecos); | 212 | copy->pw_gecos = xstrdup(pw->pw_gecos); |
213 | #endif | ||
212 | copy->pw_uid = pw->pw_uid; | 214 | copy->pw_uid = pw->pw_uid; |
213 | copy->pw_gid = pw->pw_gid; | 215 | copy->pw_gid = pw->pw_gid; |
214 | #ifdef HAVE_PW_EXPIRE_IN_PASSWD | 216 | #ifdef HAVE_STRUCT_PASSWD_PW_EXPIRE |
215 | copy->pw_expire = pw->pw_expire; | 217 | copy->pw_expire = pw->pw_expire; |
216 | #endif | 218 | #endif |
217 | #ifdef HAVE_PW_CHANGE_IN_PASSWD | 219 | #ifdef HAVE_STRUCT_PASSWD_PW_CHANGE |
218 | copy->pw_change = pw->pw_change; | 220 | copy->pw_change = pw->pw_change; |
219 | #endif | 221 | #endif |
220 | #ifdef HAVE_PW_CLASS_IN_PASSWD | 222 | #ifdef HAVE_STRUCT_PASSWD_PW_CLASS |
221 | copy->pw_class = xstrdup(pw->pw_class); | 223 | copy->pw_class = xstrdup(pw->pw_class); |
222 | #endif | 224 | #endif |
223 | copy->pw_dir = xstrdup(pw->pw_dir); | 225 | copy->pw_dir = xstrdup(pw->pw_dir); |
@@ -253,13 +255,13 @@ a2tun(const char *s, int *remote) | |||
253 | *remote = SSH_TUNID_ANY; | 255 | *remote = SSH_TUNID_ANY; |
254 | sp = xstrdup(s); | 256 | sp = xstrdup(s); |
255 | if ((ep = strchr(sp, ':')) == NULL) { | 257 | if ((ep = strchr(sp, ':')) == NULL) { |
256 | xfree(sp); | 258 | free(sp); |
257 | return (a2tun(s, NULL)); | 259 | return (a2tun(s, NULL)); |
258 | } | 260 | } |
259 | ep[0] = '\0'; ep++; | 261 | ep[0] = '\0'; ep++; |
260 | *remote = a2tun(ep, NULL); | 262 | *remote = a2tun(ep, NULL); |
261 | tun = a2tun(sp, NULL); | 263 | tun = a2tun(sp, NULL); |
262 | xfree(sp); | 264 | free(sp); |
263 | return (*remote == SSH_TUNID_ERR ? *remote : tun); | 265 | return (*remote == SSH_TUNID_ERR ? *remote : tun); |
264 | } | 266 | } |
265 | 267 | ||
@@ -492,7 +494,7 @@ replacearg(arglist *args, u_int which, char *fmt, ...) | |||
492 | if (which >= args->num) | 494 | if (which >= args->num) |
493 | fatal("replacearg: tried to replace invalid arg %d >= %d", | 495 | fatal("replacearg: tried to replace invalid arg %d >= %d", |
494 | which, args->num); | 496 | which, args->num); |
495 | xfree(args->list[which]); | 497 | free(args->list[which]); |
496 | args->list[which] = cp; | 498 | args->list[which] = cp; |
497 | } | 499 | } |
498 | 500 | ||
@@ -503,8 +505,8 @@ freeargs(arglist *args) | |||
503 | 505 | ||
504 | if (args->list != NULL) { | 506 | if (args->list != NULL) { |
505 | for (i = 0; i < args->num; i++) | 507 | for (i = 0; i < args->num; i++) |
506 | xfree(args->list[i]); | 508 | free(args->list[i]); |
507 | xfree(args->list); | 509 | free(args->list); |
508 | args->nalloc = args->num = 0; | 510 | args->nalloc = args->num = 0; |
509 | args->list = NULL; | 511 | args->list = NULL; |
510 | } | 512 | } |
@@ -517,8 +519,8 @@ freeargs(arglist *args) | |||
517 | char * | 519 | char * |
518 | tilde_expand_filename(const char *filename, uid_t uid) | 520 | tilde_expand_filename(const char *filename, uid_t uid) |
519 | { | 521 | { |
520 | const char *path; | 522 | const char *path, *sep; |
521 | char user[128], ret[MAXPATHLEN]; | 523 | char user[128], *ret; |
522 | struct passwd *pw; | 524 | struct passwd *pw; |
523 | u_int len, slash; | 525 | u_int len, slash; |
524 | 526 | ||
@@ -538,22 +540,21 @@ tilde_expand_filename(const char *filename, uid_t uid) | |||
538 | } else if ((pw = getpwuid(uid)) == NULL) /* ~/path */ | 540 | } else if ((pw = getpwuid(uid)) == NULL) /* ~/path */ |
539 | fatal("tilde_expand_filename: No such uid %ld", (long)uid); | 541 | fatal("tilde_expand_filename: No such uid %ld", (long)uid); |
540 | 542 | ||
541 | if (strlcpy(ret, pw->pw_dir, sizeof(ret)) >= sizeof(ret)) | ||
542 | fatal("tilde_expand_filename: Path too long"); | ||
543 | |||
544 | /* Make sure directory has a trailing '/' */ | 543 | /* Make sure directory has a trailing '/' */ |
545 | len = strlen(pw->pw_dir); | 544 | len = strlen(pw->pw_dir); |
546 | if ((len == 0 || pw->pw_dir[len - 1] != '/') && | 545 | if (len == 0 || pw->pw_dir[len - 1] != '/') |
547 | strlcat(ret, "/", sizeof(ret)) >= sizeof(ret)) | 546 | sep = "/"; |
548 | fatal("tilde_expand_filename: Path too long"); | 547 | else |
548 | sep = ""; | ||
549 | 549 | ||
550 | /* Skip leading '/' from specified path */ | 550 | /* Skip leading '/' from specified path */ |
551 | if (path != NULL) | 551 | if (path != NULL) |
552 | filename = path + 1; | 552 | filename = path + 1; |
553 | if (strlcat(ret, filename, sizeof(ret)) >= sizeof(ret)) | 553 | |
554 | if (xasprintf(&ret, "%s%s%s", pw->pw_dir, sep, filename) >= MAXPATHLEN) | ||
554 | fatal("tilde_expand_filename: Path too long"); | 555 | fatal("tilde_expand_filename: Path too long"); |
555 | 556 | ||
556 | return (xstrdup(ret)); | 557 | return (ret); |
557 | } | 558 | } |
558 | 559 | ||
559 | /* | 560 | /* |
@@ -920,6 +921,24 @@ ms_to_timeval(struct timeval *tv, int ms) | |||
920 | tv->tv_usec = (ms % 1000) * 1000; | 921 | tv->tv_usec = (ms % 1000) * 1000; |
921 | } | 922 | } |
922 | 923 | ||
924 | time_t | ||
925 | monotime(void) | ||
926 | { | ||
927 | #if defined(HAVE_CLOCK_GETTIME) && defined(CLOCK_MONOTONIC) | ||
928 | struct timespec ts; | ||
929 | static int gettime_failed = 0; | ||
930 | |||
931 | if (!gettime_failed) { | ||
932 | if (clock_gettime(CLOCK_MONOTONIC, &ts) == 0) | ||
933 | return (ts.tv_sec); | ||
934 | debug3("clock_gettime: %s", strerror(errno)); | ||
935 | gettime_failed = 1; | ||
936 | } | ||
937 | #endif | ||
938 | |||
939 | return time(NULL); | ||
940 | } | ||
941 | |||
923 | void | 942 | void |
924 | bandwidth_limit_init(struct bwlimit *bw, u_int64_t kbps, size_t buflen) | 943 | bandwidth_limit_init(struct bwlimit *bw, u_int64_t kbps, size_t buflen) |
925 | { | 944 | { |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: misc.h,v 1.48 2011/03/29 18:54:17 stevesk Exp $ */ | 1 | /* $OpenBSD: misc.h,v 1.49 2013/06/01 13:15:52 dtucker Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
@@ -35,6 +35,7 @@ char *tohex(const void *, size_t); | |||
35 | void sanitise_stdfd(void); | 35 | void sanitise_stdfd(void); |
36 | void ms_subtract_diff(struct timeval *, int *); | 36 | void ms_subtract_diff(struct timeval *, int *); |
37 | void ms_to_timeval(struct timeval *, int); | 37 | void ms_to_timeval(struct timeval *, int); |
38 | time_t monotime(void); | ||
38 | void sock_set_v6only(int); | 39 | void sock_set_v6only(int); |
39 | 40 | ||
40 | struct passwd *pwcopy(struct passwd *); | 41 | struct passwd *pwcopy(struct passwd *); |
@@ -71,4 +71,4 @@ STANDARDS | |||
71 | the Secure Shell (SSH) Transport Layer Protocol, RFC 4419, March 2006, | 71 | the Secure Shell (SSH) Transport Layer Protocol, RFC 4419, March 2006, |
72 | 2006. | 72 | 2006. |
73 | 73 | ||
74 | OpenBSD 5.3 September 26, 2012 OpenBSD 5.3 | 74 | OpenBSD 5.4 September 26, 2012 OpenBSD 5.4 |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: moduli.c,v 1.26 2012/07/06 00:41:59 dtucker Exp $ */ | 1 | /* $OpenBSD: moduli.c,v 1.27 2013/05/17 00:13:13 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright 1994 Phil Karn <karn@qualcomm.com> | 3 | * Copyright 1994 Phil Karn <karn@qualcomm.com> |
4 | * Copyright 1996-1998, 2003 William Allen Simpson <wsimpson@greendragon.com> | 4 | * Copyright 1996-1998, 2003 William Allen Simpson <wsimpson@greendragon.com> |
@@ -433,9 +433,9 @@ gen_candidates(FILE *out, u_int32_t memory, u_int32_t power, BIGNUM *start) | |||
433 | 433 | ||
434 | time(&time_stop); | 434 | time(&time_stop); |
435 | 435 | ||
436 | xfree(LargeSieve); | 436 | free(LargeSieve); |
437 | xfree(SmallSieve); | 437 | free(SmallSieve); |
438 | xfree(TinySieve); | 438 | free(TinySieve); |
439 | 439 | ||
440 | logit("%.24s Found %u candidates", ctime(&time_stop), r); | 440 | logit("%.24s Found %u candidates", ctime(&time_stop), r); |
441 | 441 | ||
@@ -709,7 +709,7 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted, | |||
709 | } | 709 | } |
710 | 710 | ||
711 | time(&time_stop); | 711 | time(&time_stop); |
712 | xfree(lp); | 712 | free(lp); |
713 | BN_free(p); | 713 | BN_free(p); |
714 | BN_free(q); | 714 | BN_free(q); |
715 | BN_CTX_free(ctx); | 715 | BN_CTX_free(ctx); |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: monitor.c,v 1.120 2012/12/11 22:16:21 markus Exp $ */ | 1 | /* $OpenBSD: monitor.c,v 1.127 2013/07/19 07:37:48 markus Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> | 3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> |
4 | * Copyright 2002 Markus Friedl <markus@openbsd.org> | 4 | * Copyright 2002 Markus Friedl <markus@openbsd.org> |
@@ -97,6 +97,7 @@ | |||
97 | #include "ssh2.h" | 97 | #include "ssh2.h" |
98 | #include "jpake.h" | 98 | #include "jpake.h" |
99 | #include "roaming.h" | 99 | #include "roaming.h" |
100 | #include "authfd.h" | ||
100 | #ifdef USE_CONSOLEKIT | 101 | #ifdef USE_CONSOLEKIT |
101 | #include "consolekit.h" | 102 | #include "consolekit.h" |
102 | #endif | 103 | #endif |
@@ -420,7 +421,7 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor) | |||
420 | "with SSH protocol 1"); | 421 | "with SSH protocol 1"); |
421 | if (authenticated && | 422 | if (authenticated && |
422 | !auth2_update_methods_lists(authctxt, | 423 | !auth2_update_methods_lists(authctxt, |
423 | auth_method)) { | 424 | auth_method, auth_submethod)) { |
424 | debug3("%s: method %s: partial", __func__, | 425 | debug3("%s: method %s: partial", __func__, |
425 | auth_method); | 426 | auth_method); |
426 | authenticated = 0; | 427 | authenticated = 0; |
@@ -450,8 +451,7 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor) | |||
450 | } | 451 | } |
451 | if (ent->flags & (MON_AUTHDECIDE|MON_ALOG)) { | 452 | if (ent->flags & (MON_AUTHDECIDE|MON_ALOG)) { |
452 | auth_log(authctxt, authenticated, partial, | 453 | auth_log(authctxt, authenticated, partial, |
453 | auth_method, auth_submethod, | 454 | auth_method, auth_submethod); |
454 | compat20 ? " ssh2" : ""); | ||
455 | if (!authenticated) | 455 | if (!authenticated) |
456 | authctxt->failures++; | 456 | authctxt->failures++; |
457 | } | 457 | } |
@@ -586,7 +586,7 @@ monitor_read_log(struct monitor *pmonitor) | |||
586 | do_log2(level, "%s [preauth]", msg); | 586 | do_log2(level, "%s [preauth]", msg); |
587 | 587 | ||
588 | buffer_free(&logmsg); | 588 | buffer_free(&logmsg); |
589 | xfree(msg); | 589 | free(msg); |
590 | 590 | ||
591 | return 0; | 591 | return 0; |
592 | } | 592 | } |
@@ -677,12 +677,9 @@ static void | |||
677 | monitor_reset_key_state(void) | 677 | monitor_reset_key_state(void) |
678 | { | 678 | { |
679 | /* reset state */ | 679 | /* reset state */ |
680 | if (key_blob != NULL) | 680 | free(key_blob); |
681 | xfree(key_blob); | 681 | free(hostbased_cuser); |
682 | if (hostbased_cuser != NULL) | 682 | free(hostbased_chost); |
683 | xfree(hostbased_cuser); | ||
684 | if (hostbased_chost != NULL) | ||
685 | xfree(hostbased_chost); | ||
686 | key_blob = NULL; | 683 | key_blob = NULL; |
687 | key_bloblen = 0; | 684 | key_bloblen = 0; |
688 | key_blobtype = MM_NOKEY; | 685 | key_blobtype = MM_NOKEY; |
@@ -725,6 +722,8 @@ mm_answer_moduli(int sock, Buffer *m) | |||
725 | return (0); | 722 | return (0); |
726 | } | 723 | } |
727 | 724 | ||
725 | extern AuthenticationConnection *auth_conn; | ||
726 | |||
728 | int | 727 | int |
729 | mm_answer_sign(int sock, Buffer *m) | 728 | mm_answer_sign(int sock, Buffer *m) |
730 | { | 729 | { |
@@ -753,18 +752,24 @@ mm_answer_sign(int sock, Buffer *m) | |||
753 | memcpy(session_id2, p, session_id2_len); | 752 | memcpy(session_id2, p, session_id2_len); |
754 | } | 753 | } |
755 | 754 | ||
756 | if ((key = get_hostkey_by_index(keyid)) == NULL) | 755 | if ((key = get_hostkey_by_index(keyid)) != NULL) { |
756 | if (key_sign(key, &signature, &siglen, p, datlen) < 0) | ||
757 | fatal("%s: key_sign failed", __func__); | ||
758 | } else if ((key = get_hostkey_public_by_index(keyid)) != NULL && | ||
759 | auth_conn != NULL) { | ||
760 | if (ssh_agent_sign(auth_conn, key, &signature, &siglen, p, | ||
761 | datlen) < 0) | ||
762 | fatal("%s: ssh_agent_sign failed", __func__); | ||
763 | } else | ||
757 | fatal("%s: no hostkey from index %d", __func__, keyid); | 764 | fatal("%s: no hostkey from index %d", __func__, keyid); |
758 | if (key_sign(key, &signature, &siglen, p, datlen) < 0) | ||
759 | fatal("%s: key_sign failed", __func__); | ||
760 | 765 | ||
761 | debug3("%s: signature %p(%u)", __func__, signature, siglen); | 766 | debug3("%s: signature %p(%u)", __func__, signature, siglen); |
762 | 767 | ||
763 | buffer_clear(m); | 768 | buffer_clear(m); |
764 | buffer_put_string(m, signature, siglen); | 769 | buffer_put_string(m, signature, siglen); |
765 | 770 | ||
766 | xfree(p); | 771 | free(p); |
767 | xfree(signature); | 772 | free(signature); |
768 | 773 | ||
769 | mm_request_send(sock, MONITOR_ANS_SIGN, m); | 774 | mm_request_send(sock, MONITOR_ANS_SIGN, m); |
770 | 775 | ||
@@ -795,7 +800,7 @@ mm_answer_pwnamallow(int sock, Buffer *m) | |||
795 | 800 | ||
796 | authctxt->user = xstrdup(username); | 801 | authctxt->user = xstrdup(username); |
797 | setproctitle("%s [priv]", pwent ? username : "unknown"); | 802 | setproctitle("%s [priv]", pwent ? username : "unknown"); |
798 | xfree(username); | 803 | free(username); |
799 | 804 | ||
800 | buffer_clear(m); | 805 | buffer_clear(m); |
801 | 806 | ||
@@ -813,8 +818,10 @@ mm_answer_pwnamallow(int sock, Buffer *m) | |||
813 | buffer_put_string(m, pwent, sizeof(struct passwd)); | 818 | buffer_put_string(m, pwent, sizeof(struct passwd)); |
814 | buffer_put_cstring(m, pwent->pw_name); | 819 | buffer_put_cstring(m, pwent->pw_name); |
815 | buffer_put_cstring(m, "*"); | 820 | buffer_put_cstring(m, "*"); |
821 | #ifdef HAVE_STRUCT_PASSWD_PW_GECOS | ||
816 | buffer_put_cstring(m, pwent->pw_gecos); | 822 | buffer_put_cstring(m, pwent->pw_gecos); |
817 | #ifdef HAVE_PW_CLASS_IN_PASSWD | 823 | #endif |
824 | #ifdef HAVE_STRUCT_PASSWD_PW_CLASS | ||
818 | buffer_put_cstring(m, pwent->pw_class); | 825 | buffer_put_cstring(m, pwent->pw_class); |
819 | #endif | 826 | #endif |
820 | buffer_put_cstring(m, pwent->pw_dir); | 827 | buffer_put_cstring(m, pwent->pw_dir); |
@@ -874,9 +881,7 @@ int mm_answer_auth2_read_banner(int sock, Buffer *m) | |||
874 | banner = auth2_read_banner(); | 881 | banner = auth2_read_banner(); |
875 | buffer_put_cstring(m, banner != NULL ? banner : ""); | 882 | buffer_put_cstring(m, banner != NULL ? banner : ""); |
876 | mm_request_send(sock, MONITOR_ANS_AUTH2_READ_BANNER, m); | 883 | mm_request_send(sock, MONITOR_ANS_AUTH2_READ_BANNER, m); |
877 | 884 | free(banner); | |
878 | if (banner != NULL) | ||
879 | xfree(banner); | ||
880 | 885 | ||
881 | return (0); | 886 | return (0); |
882 | } | 887 | } |
@@ -893,12 +898,12 @@ mm_answer_authserv(int sock, Buffer *m) | |||
893 | __func__, authctxt->service, authctxt->style, authctxt->role); | 898 | __func__, authctxt->service, authctxt->style, authctxt->role); |
894 | 899 | ||
895 | if (strlen(authctxt->style) == 0) { | 900 | if (strlen(authctxt->style) == 0) { |
896 | xfree(authctxt->style); | 901 | free(authctxt->style); |
897 | authctxt->style = NULL; | 902 | authctxt->style = NULL; |
898 | } | 903 | } |
899 | 904 | ||
900 | if (strlen(authctxt->role) == 0) { | 905 | if (strlen(authctxt->role) == 0) { |
901 | xfree(authctxt->role); | 906 | free(authctxt->role); |
902 | authctxt->role = NULL; | 907 | authctxt->role = NULL; |
903 | } | 908 | } |
904 | 909 | ||
@@ -915,7 +920,7 @@ mm_answer_authrole(int sock, Buffer *m) | |||
915 | __func__, authctxt->role); | 920 | __func__, authctxt->role); |
916 | 921 | ||
917 | if (strlen(authctxt->role) == 0) { | 922 | if (strlen(authctxt->role) == 0) { |
918 | xfree(authctxt->role); | 923 | free(authctxt->role); |
919 | authctxt->role = NULL; | 924 | authctxt->role = NULL; |
920 | } | 925 | } |
921 | 926 | ||
@@ -935,7 +940,7 @@ mm_answer_authpassword(int sock, Buffer *m) | |||
935 | authenticated = options.password_authentication && | 940 | authenticated = options.password_authentication && |
936 | auth_password(authctxt, passwd); | 941 | auth_password(authctxt, passwd); |
937 | memset(passwd, 0, strlen(passwd)); | 942 | memset(passwd, 0, strlen(passwd)); |
938 | xfree(passwd); | 943 | free(passwd); |
939 | 944 | ||
940 | buffer_clear(m); | 945 | buffer_clear(m); |
941 | buffer_put_int(m, authenticated); | 946 | buffer_put_int(m, authenticated); |
@@ -975,10 +980,10 @@ mm_answer_bsdauthquery(int sock, Buffer *m) | |||
975 | mm_request_send(sock, MONITOR_ANS_BSDAUTHQUERY, m); | 980 | mm_request_send(sock, MONITOR_ANS_BSDAUTHQUERY, m); |
976 | 981 | ||
977 | if (success) { | 982 | if (success) { |
978 | xfree(name); | 983 | free(name); |
979 | xfree(infotxt); | 984 | free(infotxt); |
980 | xfree(prompts); | 985 | free(prompts); |
981 | xfree(echo_on); | 986 | free(echo_on); |
982 | } | 987 | } |
983 | 988 | ||
984 | return (0); | 989 | return (0); |
@@ -998,7 +1003,7 @@ mm_answer_bsdauthrespond(int sock, Buffer *m) | |||
998 | auth_userresponse(authctxt->as, response, 0); | 1003 | auth_userresponse(authctxt->as, response, 0); |
999 | authctxt->as = NULL; | 1004 | authctxt->as = NULL; |
1000 | debug3("%s: <%s> = <%d>", __func__, response, authok); | 1005 | debug3("%s: <%s> = <%d>", __func__, response, authok); |
1001 | xfree(response); | 1006 | free(response); |
1002 | 1007 | ||
1003 | buffer_clear(m); | 1008 | buffer_clear(m); |
1004 | buffer_put_int(m, authok); | 1009 | buffer_put_int(m, authok); |
@@ -1006,9 +1011,10 @@ mm_answer_bsdauthrespond(int sock, Buffer *m) | |||
1006 | debug3("%s: sending authenticated: %d", __func__, authok); | 1011 | debug3("%s: sending authenticated: %d", __func__, authok); |
1007 | mm_request_send(sock, MONITOR_ANS_BSDAUTHRESPOND, m); | 1012 | mm_request_send(sock, MONITOR_ANS_BSDAUTHRESPOND, m); |
1008 | 1013 | ||
1009 | if (compat20) | 1014 | if (compat20) { |
1010 | auth_method = "keyboard-interactive"; /* XXX auth_submethod */ | 1015 | auth_method = "keyboard-interactive"; |
1011 | else | 1016 | auth_submethod = "bsdauth"; |
1017 | } else | ||
1012 | auth_method = "bsdauth"; | 1018 | auth_method = "bsdauth"; |
1013 | 1019 | ||
1014 | return (authok != 0); | 1020 | return (authok != 0); |
@@ -1050,7 +1056,7 @@ mm_answer_skeyrespond(int sock, Buffer *m) | |||
1050 | skey_haskey(authctxt->pw->pw_name) == 0 && | 1056 | skey_haskey(authctxt->pw->pw_name) == 0 && |
1051 | skey_passcheck(authctxt->pw->pw_name, response) != -1); | 1057 | skey_passcheck(authctxt->pw->pw_name, response) != -1); |
1052 | 1058 | ||
1053 | xfree(response); | 1059 | free(response); |
1054 | 1060 | ||
1055 | buffer_clear(m); | 1061 | buffer_clear(m); |
1056 | buffer_put_int(m, authok); | 1062 | buffer_put_int(m, authok); |
@@ -1135,19 +1141,17 @@ mm_answer_pam_query(int sock, Buffer *m) | |||
1135 | buffer_clear(m); | 1141 | buffer_clear(m); |
1136 | buffer_put_int(m, ret); | 1142 | buffer_put_int(m, ret); |
1137 | buffer_put_cstring(m, name); | 1143 | buffer_put_cstring(m, name); |
1138 | xfree(name); | 1144 | free(name); |
1139 | buffer_put_cstring(m, info); | 1145 | buffer_put_cstring(m, info); |
1140 | xfree(info); | 1146 | free(info); |
1141 | buffer_put_int(m, num); | 1147 | buffer_put_int(m, num); |
1142 | for (i = 0; i < num; ++i) { | 1148 | for (i = 0; i < num; ++i) { |
1143 | buffer_put_cstring(m, prompts[i]); | 1149 | buffer_put_cstring(m, prompts[i]); |
1144 | xfree(prompts[i]); | 1150 | free(prompts[i]); |
1145 | buffer_put_int(m, echo_on[i]); | 1151 | buffer_put_int(m, echo_on[i]); |
1146 | } | 1152 | } |
1147 | if (prompts != NULL) | 1153 | free(prompts); |
1148 | xfree(prompts); | 1154 | free(echo_on); |
1149 | if (echo_on != NULL) | ||
1150 | xfree(echo_on); | ||
1151 | auth_method = "keyboard-interactive"; | 1155 | auth_method = "keyboard-interactive"; |
1152 | auth_submethod = "pam"; | 1156 | auth_submethod = "pam"; |
1153 | mm_request_send(sock, MONITOR_ANS_PAM_QUERY, m); | 1157 | mm_request_send(sock, MONITOR_ANS_PAM_QUERY, m); |
@@ -1170,8 +1174,8 @@ mm_answer_pam_respond(int sock, Buffer *m) | |||
1170 | resp[i] = buffer_get_string(m, NULL); | 1174 | resp[i] = buffer_get_string(m, NULL); |
1171 | ret = (sshpam_device.respond)(sshpam_ctxt, num, resp); | 1175 | ret = (sshpam_device.respond)(sshpam_ctxt, num, resp); |
1172 | for (i = 0; i < num; ++i) | 1176 | for (i = 0; i < num; ++i) |
1173 | xfree(resp[i]); | 1177 | free(resp[i]); |
1174 | xfree(resp); | 1178 | free(resp); |
1175 | } else { | 1179 | } else { |
1176 | ret = (sshpam_device.respond)(sshpam_ctxt, num, NULL); | 1180 | ret = (sshpam_device.respond)(sshpam_ctxt, num, NULL); |
1177 | } | 1181 | } |
@@ -1229,6 +1233,7 @@ mm_answer_keyallowed(int sock, Buffer *m) | |||
1229 | case MM_USERKEY: | 1233 | case MM_USERKEY: |
1230 | allowed = options.pubkey_authentication && | 1234 | allowed = options.pubkey_authentication && |
1231 | user_key_allowed(authctxt->pw, key); | 1235 | user_key_allowed(authctxt->pw, key); |
1236 | pubkey_auth_info(authctxt, key, NULL); | ||
1232 | auth_method = "publickey"; | 1237 | auth_method = "publickey"; |
1233 | if (options.pubkey_authentication && allowed != 1) | 1238 | if (options.pubkey_authentication && allowed != 1) |
1234 | auth_clear_options(); | 1239 | auth_clear_options(); |
@@ -1237,6 +1242,9 @@ mm_answer_keyallowed(int sock, Buffer *m) | |||
1237 | allowed = options.hostbased_authentication && | 1242 | allowed = options.hostbased_authentication && |
1238 | hostbased_key_allowed(authctxt->pw, | 1243 | hostbased_key_allowed(authctxt->pw, |
1239 | cuser, chost, key); | 1244 | cuser, chost, key); |
1245 | pubkey_auth_info(authctxt, key, | ||
1246 | "client user \"%.100s\", client host \"%.100s\"", | ||
1247 | cuser, chost); | ||
1240 | auth_method = "hostbased"; | 1248 | auth_method = "hostbased"; |
1241 | break; | 1249 | break; |
1242 | case MM_RSAHOSTKEY: | 1250 | case MM_RSAHOSTKEY: |
@@ -1268,11 +1276,10 @@ mm_answer_keyallowed(int sock, Buffer *m) | |||
1268 | hostbased_chost = chost; | 1276 | hostbased_chost = chost; |
1269 | } else { | 1277 | } else { |
1270 | /* Log failed attempt */ | 1278 | /* Log failed attempt */ |
1271 | auth_log(authctxt, 0, 0, auth_method, NULL, | 1279 | auth_log(authctxt, 0, 0, auth_method, NULL); |
1272 | compat20 ? " ssh2" : ""); | 1280 | free(blob); |
1273 | xfree(blob); | 1281 | free(cuser); |
1274 | xfree(cuser); | 1282 | free(chost); |
1275 | xfree(chost); | ||
1276 | } | 1283 | } |
1277 | 1284 | ||
1278 | debug3("%s: key %p is %s", | 1285 | debug3("%s: key %p is %s", |
@@ -1294,7 +1301,7 @@ static int | |||
1294 | monitor_valid_userblob(u_char *data, u_int datalen) | 1301 | monitor_valid_userblob(u_char *data, u_int datalen) |
1295 | { | 1302 | { |
1296 | Buffer b; | 1303 | Buffer b; |
1297 | char *p; | 1304 | char *p, *userstyle; |
1298 | u_int len; | 1305 | u_int len; |
1299 | int fail = 0; | 1306 | int fail = 0; |
1300 | 1307 | ||
@@ -1315,26 +1322,30 @@ monitor_valid_userblob(u_char *data, u_int datalen) | |||
1315 | (len != session_id2_len) || | 1322 | (len != session_id2_len) || |
1316 | (timingsafe_bcmp(p, session_id2, session_id2_len) != 0)) | 1323 | (timingsafe_bcmp(p, session_id2, session_id2_len) != 0)) |
1317 | fail++; | 1324 | fail++; |
1318 | xfree(p); | 1325 | free(p); |
1319 | } | 1326 | } |
1320 | if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST) | 1327 | if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST) |
1321 | fail++; | 1328 | fail++; |
1322 | p = buffer_get_string(&b, NULL); | 1329 | p = buffer_get_cstring(&b, NULL); |
1323 | if (strcmp(authctxt->user, p) != 0) { | 1330 | xasprintf(&userstyle, "%s%s%s", authctxt->user, |
1331 | authctxt->style ? ":" : "", | ||
1332 | authctxt->style ? authctxt->style : ""); | ||
1333 | if (strcmp(userstyle, p) != 0) { | ||
1324 | logit("wrong user name passed to monitor: expected %s != %.100s", | 1334 | logit("wrong user name passed to monitor: expected %s != %.100s", |
1325 | authctxt->user, p); | 1335 | userstyle, p); |
1326 | fail++; | 1336 | fail++; |
1327 | } | 1337 | } |
1328 | xfree(p); | 1338 | free(userstyle); |
1339 | free(p); | ||
1329 | buffer_skip_string(&b); | 1340 | buffer_skip_string(&b); |
1330 | if (datafellows & SSH_BUG_PKAUTH) { | 1341 | if (datafellows & SSH_BUG_PKAUTH) { |
1331 | if (!buffer_get_char(&b)) | 1342 | if (!buffer_get_char(&b)) |
1332 | fail++; | 1343 | fail++; |
1333 | } else { | 1344 | } else { |
1334 | p = buffer_get_string(&b, NULL); | 1345 | p = buffer_get_cstring(&b, NULL); |
1335 | if (strcmp("publickey", p) != 0) | 1346 | if (strcmp("publickey", p) != 0) |
1336 | fail++; | 1347 | fail++; |
1337 | xfree(p); | 1348 | free(p); |
1338 | if (!buffer_get_char(&b)) | 1349 | if (!buffer_get_char(&b)) |
1339 | fail++; | 1350 | fail++; |
1340 | buffer_skip_string(&b); | 1351 | buffer_skip_string(&b); |
@@ -1351,7 +1362,7 @@ monitor_valid_hostbasedblob(u_char *data, u_int datalen, char *cuser, | |||
1351 | char *chost) | 1362 | char *chost) |
1352 | { | 1363 | { |
1353 | Buffer b; | 1364 | Buffer b; |
1354 | char *p; | 1365 | char *p, *userstyle; |
1355 | u_int len; | 1366 | u_int len; |
1356 | int fail = 0; | 1367 | int fail = 0; |
1357 | 1368 | ||
@@ -1363,22 +1374,26 @@ monitor_valid_hostbasedblob(u_char *data, u_int datalen, char *cuser, | |||
1363 | (len != session_id2_len) || | 1374 | (len != session_id2_len) || |
1364 | (timingsafe_bcmp(p, session_id2, session_id2_len) != 0)) | 1375 | (timingsafe_bcmp(p, session_id2, session_id2_len) != 0)) |
1365 | fail++; | 1376 | fail++; |
1366 | xfree(p); | 1377 | free(p); |
1367 | 1378 | ||
1368 | if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST) | 1379 | if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST) |
1369 | fail++; | 1380 | fail++; |
1370 | p = buffer_get_string(&b, NULL); | 1381 | p = buffer_get_cstring(&b, NULL); |
1371 | if (strcmp(authctxt->user, p) != 0) { | 1382 | xasprintf(&userstyle, "%s%s%s", authctxt->user, |
1383 | authctxt->style ? ":" : "", | ||
1384 | authctxt->style ? authctxt->style : ""); | ||
1385 | if (strcmp(userstyle, p) != 0) { | ||
1372 | logit("wrong user name passed to monitor: expected %s != %.100s", | 1386 | logit("wrong user name passed to monitor: expected %s != %.100s", |
1373 | authctxt->user, p); | 1387 | userstyle, p); |
1374 | fail++; | 1388 | fail++; |
1375 | } | 1389 | } |
1376 | xfree(p); | 1390 | free(userstyle); |
1391 | free(p); | ||
1377 | buffer_skip_string(&b); /* service */ | 1392 | buffer_skip_string(&b); /* service */ |
1378 | p = buffer_get_string(&b, NULL); | 1393 | p = buffer_get_cstring(&b, NULL); |
1379 | if (strcmp(p, "hostbased") != 0) | 1394 | if (strcmp(p, "hostbased") != 0) |
1380 | fail++; | 1395 | fail++; |
1381 | xfree(p); | 1396 | free(p); |
1382 | buffer_skip_string(&b); /* pkalg */ | 1397 | buffer_skip_string(&b); /* pkalg */ |
1383 | buffer_skip_string(&b); /* pkblob */ | 1398 | buffer_skip_string(&b); /* pkblob */ |
1384 | 1399 | ||
@@ -1388,13 +1403,13 @@ monitor_valid_hostbasedblob(u_char *data, u_int datalen, char *cuser, | |||
1388 | p[len - 1] = '\0'; | 1403 | p[len - 1] = '\0'; |
1389 | if (strcmp(p, chost) != 0) | 1404 | if (strcmp(p, chost) != 0) |
1390 | fail++; | 1405 | fail++; |
1391 | xfree(p); | 1406 | free(p); |
1392 | 1407 | ||
1393 | /* verify client user */ | 1408 | /* verify client user */ |
1394 | p = buffer_get_string(&b, NULL); | 1409 | p = buffer_get_string(&b, NULL); |
1395 | if (strcmp(p, cuser) != 0) | 1410 | if (strcmp(p, cuser) != 0) |
1396 | fail++; | 1411 | fail++; |
1397 | xfree(p); | 1412 | free(p); |
1398 | 1413 | ||
1399 | if (buffer_len(&b) != 0) | 1414 | if (buffer_len(&b) != 0) |
1400 | fail++; | 1415 | fail++; |
@@ -1443,9 +1458,9 @@ mm_answer_keyverify(int sock, Buffer *m) | |||
1443 | __func__, key, (verified == 1) ? "verified" : "unverified"); | 1458 | __func__, key, (verified == 1) ? "verified" : "unverified"); |
1444 | 1459 | ||
1445 | key_free(key); | 1460 | key_free(key); |
1446 | xfree(blob); | 1461 | free(blob); |
1447 | xfree(signature); | 1462 | free(signature); |
1448 | xfree(data); | 1463 | free(data); |
1449 | 1464 | ||
1450 | auth_method = key_blobtype == MM_USERKEY ? "publickey" : "hostbased"; | 1465 | auth_method = key_blobtype == MM_USERKEY ? "publickey" : "hostbased"; |
1451 | 1466 | ||
@@ -1573,7 +1588,7 @@ mm_answer_pty_cleanup(int sock, Buffer *m) | |||
1573 | if ((s = session_by_tty(tty)) != NULL) | 1588 | if ((s = session_by_tty(tty)) != NULL) |
1574 | mm_session_close(s); | 1589 | mm_session_close(s); |
1575 | buffer_clear(m); | 1590 | buffer_clear(m); |
1576 | xfree(tty); | 1591 | free(tty); |
1577 | return (0); | 1592 | return (0); |
1578 | } | 1593 | } |
1579 | 1594 | ||
@@ -1705,7 +1720,7 @@ mm_answer_rsa_challenge(int sock, Buffer *m) | |||
1705 | 1720 | ||
1706 | monitor_permit(mon_dispatch, MONITOR_REQ_RSARESPONSE, 1); | 1721 | monitor_permit(mon_dispatch, MONITOR_REQ_RSARESPONSE, 1); |
1707 | 1722 | ||
1708 | xfree(blob); | 1723 | free(blob); |
1709 | key_free(key); | 1724 | key_free(key); |
1710 | return (0); | 1725 | return (0); |
1711 | } | 1726 | } |
@@ -1737,9 +1752,9 @@ mm_answer_rsa_response(int sock, Buffer *m) | |||
1737 | fatal("%s: received bad response to challenge", __func__); | 1752 | fatal("%s: received bad response to challenge", __func__); |
1738 | success = auth_rsa_verify_response(key, ssh1_challenge, response); | 1753 | success = auth_rsa_verify_response(key, ssh1_challenge, response); |
1739 | 1754 | ||
1740 | xfree(blob); | 1755 | free(blob); |
1741 | key_free(key); | 1756 | key_free(key); |
1742 | xfree(response); | 1757 | free(response); |
1743 | 1758 | ||
1744 | auth_method = key_blobtype == MM_RSAUSERKEY ? "rsa" : "rhosts-rsa"; | 1759 | auth_method = key_blobtype == MM_RSAUSERKEY ? "rsa" : "rhosts-rsa"; |
1745 | 1760 | ||
@@ -1818,7 +1833,7 @@ mm_answer_audit_command(int socket, Buffer *m) | |||
1818 | cmd = buffer_get_string(m, &len); | 1833 | cmd = buffer_get_string(m, &len); |
1819 | /* sanity check command, if so how? */ | 1834 | /* sanity check command, if so how? */ |
1820 | audit_run_command(cmd); | 1835 | audit_run_command(cmd); |
1821 | xfree(cmd); | 1836 | free(cmd); |
1822 | return (0); | 1837 | return (0); |
1823 | } | 1838 | } |
1824 | #endif /* SSH_AUDIT_EVENTS */ | 1839 | #endif /* SSH_AUDIT_EVENTS */ |
@@ -1833,20 +1848,20 @@ monitor_apply_keystate(struct monitor *pmonitor) | |||
1833 | packet_set_protocol_flags(child_state.ssh1protoflags); | 1848 | packet_set_protocol_flags(child_state.ssh1protoflags); |
1834 | packet_set_encryption_key(child_state.ssh1key, | 1849 | packet_set_encryption_key(child_state.ssh1key, |
1835 | child_state.ssh1keylen, child_state.ssh1cipher); | 1850 | child_state.ssh1keylen, child_state.ssh1cipher); |
1836 | xfree(child_state.ssh1key); | 1851 | free(child_state.ssh1key); |
1837 | } | 1852 | } |
1838 | 1853 | ||
1839 | /* for rc4 and other stateful ciphers */ | 1854 | /* for rc4 and other stateful ciphers */ |
1840 | packet_set_keycontext(MODE_OUT, child_state.keyout); | 1855 | packet_set_keycontext(MODE_OUT, child_state.keyout); |
1841 | xfree(child_state.keyout); | 1856 | free(child_state.keyout); |
1842 | packet_set_keycontext(MODE_IN, child_state.keyin); | 1857 | packet_set_keycontext(MODE_IN, child_state.keyin); |
1843 | xfree(child_state.keyin); | 1858 | free(child_state.keyin); |
1844 | 1859 | ||
1845 | if (!compat20) { | 1860 | if (!compat20) { |
1846 | packet_set_iv(MODE_OUT, child_state.ivout); | 1861 | packet_set_iv(MODE_OUT, child_state.ivout); |
1847 | xfree(child_state.ivout); | 1862 | free(child_state.ivout); |
1848 | packet_set_iv(MODE_IN, child_state.ivin); | 1863 | packet_set_iv(MODE_IN, child_state.ivin); |
1849 | xfree(child_state.ivin); | 1864 | free(child_state.ivin); |
1850 | } | 1865 | } |
1851 | 1866 | ||
1852 | memcpy(&incoming_stream, &child_state.incoming, | 1867 | memcpy(&incoming_stream, &child_state.incoming, |
@@ -1858,18 +1873,22 @@ monitor_apply_keystate(struct monitor *pmonitor) | |||
1858 | if (options.compression) | 1873 | if (options.compression) |
1859 | mm_init_compression(pmonitor->m_zlib); | 1874 | mm_init_compression(pmonitor->m_zlib); |
1860 | 1875 | ||
1876 | if (options.rekey_limit || options.rekey_interval) | ||
1877 | packet_set_rekey_limits((u_int32_t)options.rekey_limit, | ||
1878 | (time_t)options.rekey_interval); | ||
1879 | |||
1861 | /* Network I/O buffers */ | 1880 | /* Network I/O buffers */ |
1862 | /* XXX inefficient for large buffers, need: buffer_init_from_string */ | 1881 | /* XXX inefficient for large buffers, need: buffer_init_from_string */ |
1863 | buffer_clear(packet_get_input()); | 1882 | buffer_clear(packet_get_input()); |
1864 | buffer_append(packet_get_input(), child_state.input, child_state.ilen); | 1883 | buffer_append(packet_get_input(), child_state.input, child_state.ilen); |
1865 | memset(child_state.input, 0, child_state.ilen); | 1884 | memset(child_state.input, 0, child_state.ilen); |
1866 | xfree(child_state.input); | 1885 | free(child_state.input); |
1867 | 1886 | ||
1868 | buffer_clear(packet_get_output()); | 1887 | buffer_clear(packet_get_output()); |
1869 | buffer_append(packet_get_output(), child_state.output, | 1888 | buffer_append(packet_get_output(), child_state.output, |
1870 | child_state.olen); | 1889 | child_state.olen); |
1871 | memset(child_state.output, 0, child_state.olen); | 1890 | memset(child_state.output, 0, child_state.olen); |
1872 | xfree(child_state.output); | 1891 | free(child_state.output); |
1873 | 1892 | ||
1874 | /* Roaming */ | 1893 | /* Roaming */ |
1875 | if (compat20) | 1894 | if (compat20) |
@@ -1908,11 +1927,11 @@ mm_get_kex(Buffer *m) | |||
1908 | blob = buffer_get_string(m, &bloblen); | 1927 | blob = buffer_get_string(m, &bloblen); |
1909 | buffer_init(&kex->my); | 1928 | buffer_init(&kex->my); |
1910 | buffer_append(&kex->my, blob, bloblen); | 1929 | buffer_append(&kex->my, blob, bloblen); |
1911 | xfree(blob); | 1930 | free(blob); |
1912 | blob = buffer_get_string(m, &bloblen); | 1931 | blob = buffer_get_string(m, &bloblen); |
1913 | buffer_init(&kex->peer); | 1932 | buffer_init(&kex->peer); |
1914 | buffer_append(&kex->peer, blob, bloblen); | 1933 | buffer_append(&kex->peer, blob, bloblen); |
1915 | xfree(blob); | 1934 | free(blob); |
1916 | kex->done = 1; | 1935 | kex->done = 1; |
1917 | kex->flags = buffer_get_int(m); | 1936 | kex->flags = buffer_get_int(m); |
1918 | kex->client_version_string = buffer_get_string(m, NULL); | 1937 | kex->client_version_string = buffer_get_string(m, NULL); |
@@ -1920,6 +1939,7 @@ mm_get_kex(Buffer *m) | |||
1920 | kex->load_host_public_key=&get_hostkey_public_by_type; | 1939 | kex->load_host_public_key=&get_hostkey_public_by_type; |
1921 | kex->load_host_private_key=&get_hostkey_private_by_type; | 1940 | kex->load_host_private_key=&get_hostkey_private_by_type; |
1922 | kex->host_key_index=&get_hostkey_index; | 1941 | kex->host_key_index=&get_hostkey_index; |
1942 | kex->sign = sshd_hostkey_sign; | ||
1923 | 1943 | ||
1924 | return (kex); | 1944 | return (kex); |
1925 | } | 1945 | } |
@@ -1955,12 +1975,12 @@ mm_get_keystate(struct monitor *pmonitor) | |||
1955 | 1975 | ||
1956 | blob = buffer_get_string(&m, &bloblen); | 1976 | blob = buffer_get_string(&m, &bloblen); |
1957 | current_keys[MODE_OUT] = mm_newkeys_from_blob(blob, bloblen); | 1977 | current_keys[MODE_OUT] = mm_newkeys_from_blob(blob, bloblen); |
1958 | xfree(blob); | 1978 | free(blob); |
1959 | 1979 | ||
1960 | debug3("%s: Waiting for second key", __func__); | 1980 | debug3("%s: Waiting for second key", __func__); |
1961 | blob = buffer_get_string(&m, &bloblen); | 1981 | blob = buffer_get_string(&m, &bloblen); |
1962 | current_keys[MODE_IN] = mm_newkeys_from_blob(blob, bloblen); | 1982 | current_keys[MODE_IN] = mm_newkeys_from_blob(blob, bloblen); |
1963 | xfree(blob); | 1983 | free(blob); |
1964 | 1984 | ||
1965 | /* Now get sequence numbers for the packets */ | 1985 | /* Now get sequence numbers for the packets */ |
1966 | seqnr = buffer_get_int(&m); | 1986 | seqnr = buffer_get_int(&m); |
@@ -1985,13 +2005,13 @@ mm_get_keystate(struct monitor *pmonitor) | |||
1985 | if (plen != sizeof(child_state.outgoing)) | 2005 | if (plen != sizeof(child_state.outgoing)) |
1986 | fatal("%s: bad request size", __func__); | 2006 | fatal("%s: bad request size", __func__); |
1987 | memcpy(&child_state.outgoing, p, sizeof(child_state.outgoing)); | 2007 | memcpy(&child_state.outgoing, p, sizeof(child_state.outgoing)); |
1988 | xfree(p); | 2008 | free(p); |
1989 | 2009 | ||
1990 | p = buffer_get_string(&m, &plen); | 2010 | p = buffer_get_string(&m, &plen); |
1991 | if (plen != sizeof(child_state.incoming)) | 2011 | if (plen != sizeof(child_state.incoming)) |
1992 | fatal("%s: bad request size", __func__); | 2012 | fatal("%s: bad request size", __func__); |
1993 | memcpy(&child_state.incoming, p, sizeof(child_state.incoming)); | 2013 | memcpy(&child_state.incoming, p, sizeof(child_state.incoming)); |
1994 | xfree(p); | 2014 | free(p); |
1995 | 2015 | ||
1996 | /* Network I/O buffers */ | 2016 | /* Network I/O buffers */ |
1997 | debug3("%s: Getting Network I/O buffers", __func__); | 2017 | debug3("%s: Getting Network I/O buffers", __func__); |
@@ -2116,7 +2136,7 @@ mm_answer_gss_setup_ctx(int sock, Buffer *m) | |||
2116 | 2136 | ||
2117 | major = ssh_gssapi_server_ctx(&gsscontext, &goid); | 2137 | major = ssh_gssapi_server_ctx(&gsscontext, &goid); |
2118 | 2138 | ||
2119 | xfree(goid.elements); | 2139 | free(goid.elements); |
2120 | 2140 | ||
2121 | buffer_clear(m); | 2141 | buffer_clear(m); |
2122 | buffer_put_int(m, major); | 2142 | buffer_put_int(m, major); |
@@ -2144,7 +2164,7 @@ mm_answer_gss_accept_ctx(int sock, Buffer *m) | |||
2144 | in.value = buffer_get_string(m, &len); | 2164 | in.value = buffer_get_string(m, &len); |
2145 | in.length = len; | 2165 | in.length = len; |
2146 | major = ssh_gssapi_accept_ctx(gsscontext, &in, &out, &flags); | 2166 | major = ssh_gssapi_accept_ctx(gsscontext, &in, &out, &flags); |
2147 | xfree(in.value); | 2167 | free(in.value); |
2148 | 2168 | ||
2149 | buffer_clear(m); | 2169 | buffer_clear(m); |
2150 | buffer_put_int(m, major); | 2170 | buffer_put_int(m, major); |
@@ -2180,8 +2200,8 @@ mm_answer_gss_checkmic(int sock, Buffer *m) | |||
2180 | 2200 | ||
2181 | ret = ssh_gssapi_checkmic(gsscontext, &gssbuf, &mic); | 2201 | ret = ssh_gssapi_checkmic(gsscontext, &gssbuf, &mic); |
2182 | 2202 | ||
2183 | xfree(gssbuf.value); | 2203 | free(gssbuf.value); |
2184 | xfree(mic.value); | 2204 | free(mic.value); |
2185 | 2205 | ||
2186 | buffer_clear(m); | 2206 | buffer_clear(m); |
2187 | buffer_put_int(m, ret); | 2207 | buffer_put_int(m, ret); |
@@ -2242,7 +2262,7 @@ mm_answer_gss_sign(int socket, Buffer *m) | |||
2242 | } | 2262 | } |
2243 | major = ssh_gssapi_sign(gsscontext, &data, &hash); | 2263 | major = ssh_gssapi_sign(gsscontext, &data, &hash); |
2244 | 2264 | ||
2245 | xfree(data.value); | 2265 | free(data.value); |
2246 | 2266 | ||
2247 | buffer_clear(m); | 2267 | buffer_clear(m); |
2248 | buffer_put_int(m, major); | 2268 | buffer_put_int(m, major); |
@@ -2272,9 +2292,9 @@ mm_answer_gss_updatecreds(int socket, Buffer *m) { | |||
2272 | 2292 | ||
2273 | ok = ssh_gssapi_update_creds(&store); | 2293 | ok = ssh_gssapi_update_creds(&store); |
2274 | 2294 | ||
2275 | xfree(store.filename); | 2295 | free(store.filename); |
2276 | xfree(store.envvar); | 2296 | free(store.envvar); |
2277 | xfree(store.envval); | 2297 | free(store.envval); |
2278 | 2298 | ||
2279 | buffer_clear(m); | 2299 | buffer_clear(m); |
2280 | buffer_put_int(m, ok); | 2300 | buffer_put_int(m, ok); |
@@ -2323,8 +2343,8 @@ mm_answer_jpake_step1(int sock, Buffer *m) | |||
2323 | 2343 | ||
2324 | bzero(x3_proof, x3_proof_len); | 2344 | bzero(x3_proof, x3_proof_len); |
2325 | bzero(x4_proof, x4_proof_len); | 2345 | bzero(x4_proof, x4_proof_len); |
2326 | xfree(x3_proof); | 2346 | free(x3_proof); |
2327 | xfree(x4_proof); | 2347 | free(x4_proof); |
2328 | 2348 | ||
2329 | monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_GET_PWDATA, 1); | 2349 | monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_GET_PWDATA, 1); |
2330 | monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_STEP1, 0); | 2350 | monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_STEP1, 0); |
@@ -2353,8 +2373,8 @@ mm_answer_jpake_get_pwdata(int sock, Buffer *m) | |||
2353 | 2373 | ||
2354 | bzero(hash_scheme, strlen(hash_scheme)); | 2374 | bzero(hash_scheme, strlen(hash_scheme)); |
2355 | bzero(salt, strlen(salt)); | 2375 | bzero(salt, strlen(salt)); |
2356 | xfree(hash_scheme); | 2376 | free(hash_scheme); |
2357 | xfree(salt); | 2377 | free(salt); |
2358 | 2378 | ||
2359 | monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_STEP2, 1); | 2379 | monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_STEP2, 1); |
2360 | 2380 | ||
@@ -2393,8 +2413,8 @@ mm_answer_jpake_step2(int sock, Buffer *m) | |||
2393 | 2413 | ||
2394 | bzero(x1_proof, x1_proof_len); | 2414 | bzero(x1_proof, x1_proof_len); |
2395 | bzero(x2_proof, x2_proof_len); | 2415 | bzero(x2_proof, x2_proof_len); |
2396 | xfree(x1_proof); | 2416 | free(x1_proof); |
2397 | xfree(x2_proof); | 2417 | free(x2_proof); |
2398 | 2418 | ||
2399 | buffer_clear(m); | 2419 | buffer_clear(m); |
2400 | 2420 | ||
@@ -2405,7 +2425,7 @@ mm_answer_jpake_step2(int sock, Buffer *m) | |||
2405 | mm_request_send(sock, MONITOR_ANS_JPAKE_STEP2, m); | 2425 | mm_request_send(sock, MONITOR_ANS_JPAKE_STEP2, m); |
2406 | 2426 | ||
2407 | bzero(x4_s_proof, x4_s_proof_len); | 2427 | bzero(x4_s_proof, x4_s_proof_len); |
2408 | xfree(x4_s_proof); | 2428 | free(x4_s_proof); |
2409 | 2429 | ||
2410 | monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_KEY_CONFIRM, 1); | 2430 | monitor_permit(mon_dispatch, MONITOR_REQ_JPAKE_KEY_CONFIRM, 1); |
2411 | 2431 | ||
@@ -2473,7 +2493,7 @@ mm_answer_jpake_check_confirm(int sock, Buffer *m) | |||
2473 | JPAKE_DEBUG_CTX((pctx, "check_confirm done in %s", __func__)); | 2493 | JPAKE_DEBUG_CTX((pctx, "check_confirm done in %s", __func__)); |
2474 | 2494 | ||
2475 | bzero(peer_confirm_hash, peer_confirm_hash_len); | 2495 | bzero(peer_confirm_hash, peer_confirm_hash_len); |
2476 | xfree(peer_confirm_hash); | 2496 | free(peer_confirm_hash); |
2477 | 2497 | ||
2478 | buffer_clear(m); | 2498 | buffer_clear(m); |
2479 | buffer_put_int(m, authenticated); | 2499 | buffer_put_int(m, authenticated); |
@@ -2508,10 +2528,9 @@ mm_answer_consolekit_register(int sock, Buffer *m) | |||
2508 | buffer_put_cstring(m, cookie != NULL ? cookie : ""); | 2528 | buffer_put_cstring(m, cookie != NULL ? cookie : ""); |
2509 | mm_request_send(sock, MONITOR_ANS_CONSOLEKIT_REGISTER, m); | 2529 | mm_request_send(sock, MONITOR_ANS_CONSOLEKIT_REGISTER, m); |
2510 | 2530 | ||
2511 | if (cookie != NULL) | 2531 | free(cookie); |
2512 | xfree(cookie); | 2532 | free(display); |
2513 | xfree(display); | 2533 | free(tty); |
2514 | xfree(tty); | ||
2515 | 2534 | ||
2516 | return (0); | 2535 | return (0); |
2517 | } | 2536 | } |
diff --git a/monitor_mm.c b/monitor_mm.c index faf9f3dcb..ee7bad4b4 100644 --- a/monitor_mm.c +++ b/monitor_mm.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: monitor_mm.c,v 1.16 2009/06/22 05:39:28 dtucker Exp $ */ | 1 | /* $OpenBSD: monitor_mm.c,v 1.17 2013/05/17 00:13:13 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> | 3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> |
4 | * All rights reserved. | 4 | * All rights reserved. |
@@ -35,6 +35,7 @@ | |||
35 | 35 | ||
36 | #include <errno.h> | 36 | #include <errno.h> |
37 | #include <stdarg.h> | 37 | #include <stdarg.h> |
38 | #include <stdlib.h> | ||
38 | #include <string.h> | 39 | #include <string.h> |
39 | 40 | ||
40 | #include "xmalloc.h" | 41 | #include "xmalloc.h" |
@@ -124,7 +125,7 @@ mm_freelist(struct mm_master *mmalloc, struct mmtree *head) | |||
124 | next = RB_NEXT(mmtree, head, mms); | 125 | next = RB_NEXT(mmtree, head, mms); |
125 | RB_REMOVE(mmtree, head, mms); | 126 | RB_REMOVE(mmtree, head, mms); |
126 | if (mmalloc == NULL) | 127 | if (mmalloc == NULL) |
127 | xfree(mms); | 128 | free(mms); |
128 | else | 129 | else |
129 | mm_free(mmalloc, mms); | 130 | mm_free(mmalloc, mms); |
130 | } | 131 | } |
@@ -147,7 +148,7 @@ mm_destroy(struct mm_master *mm) | |||
147 | __func__); | 148 | __func__); |
148 | #endif | 149 | #endif |
149 | if (mm->mmalloc == NULL) | 150 | if (mm->mmalloc == NULL) |
150 | xfree(mm); | 151 | free(mm); |
151 | else | 152 | else |
152 | mm_free(mm->mmalloc, mm); | 153 | mm_free(mm->mmalloc, mm); |
153 | } | 154 | } |
@@ -198,7 +199,7 @@ mm_malloc(struct mm_master *mm, size_t size) | |||
198 | if (mms->size == 0) { | 199 | if (mms->size == 0) { |
199 | RB_REMOVE(mmtree, &mm->rb_free, mms); | 200 | RB_REMOVE(mmtree, &mm->rb_free, mms); |
200 | if (mm->mmalloc == NULL) | 201 | if (mm->mmalloc == NULL) |
201 | xfree(mms); | 202 | free(mms); |
202 | else | 203 | else |
203 | mm_free(mm->mmalloc, mms); | 204 | mm_free(mm->mmalloc, mms); |
204 | } | 205 | } |
@@ -254,7 +255,7 @@ mm_free(struct mm_master *mm, void *address) | |||
254 | prev->size += mms->size; | 255 | prev->size += mms->size; |
255 | RB_REMOVE(mmtree, &mm->rb_free, mms); | 256 | RB_REMOVE(mmtree, &mm->rb_free, mms); |
256 | if (mm->mmalloc == NULL) | 257 | if (mm->mmalloc == NULL) |
257 | xfree(mms); | 258 | free(mms); |
258 | else | 259 | else |
259 | mm_free(mm->mmalloc, mms); | 260 | mm_free(mm->mmalloc, mms); |
260 | } else | 261 | } else |
@@ -278,7 +279,7 @@ mm_free(struct mm_master *mm, void *address) | |||
278 | RB_REMOVE(mmtree, &mm->rb_free, mms); | 279 | RB_REMOVE(mmtree, &mm->rb_free, mms); |
279 | 280 | ||
280 | if (mm->mmalloc == NULL) | 281 | if (mm->mmalloc == NULL) |
281 | xfree(mms); | 282 | free(mms); |
282 | else | 283 | else |
283 | mm_free(mm->mmalloc, mms); | 284 | mm_free(mm->mmalloc, mms); |
284 | } | 285 | } |
diff --git a/monitor_wrap.c b/monitor_wrap.c index e62650342..9662a4c63 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: monitor_wrap.c,v 1.75 2013/01/08 18:49:04 markus Exp $ */ | 1 | /* $OpenBSD: monitor_wrap.c,v 1.76 2013/05/17 00:13:13 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> | 3 | * Copyright 2002 Niels Provos <provos@citi.umich.edu> |
4 | * Copyright 2002 Markus Friedl <markus@openbsd.org> | 4 | * Copyright 2002 Markus Friedl <markus@openbsd.org> |
@@ -259,8 +259,10 @@ mm_getpwnamallow(const char *username) | |||
259 | fatal("%s: struct passwd size mismatch", __func__); | 259 | fatal("%s: struct passwd size mismatch", __func__); |
260 | pw->pw_name = buffer_get_string(&m, NULL); | 260 | pw->pw_name = buffer_get_string(&m, NULL); |
261 | pw->pw_passwd = buffer_get_string(&m, NULL); | 261 | pw->pw_passwd = buffer_get_string(&m, NULL); |
262 | #ifdef HAVE_STRUCT_PASSWD_PW_GECOS | ||
262 | pw->pw_gecos = buffer_get_string(&m, NULL); | 263 | pw->pw_gecos = buffer_get_string(&m, NULL); |
263 | #ifdef HAVE_PW_CLASS_IN_PASSWD | 264 | #endif |
265 | #ifdef HAVE_STRUCT_PASSWD_PW_CLASS | ||
264 | pw->pw_class = buffer_get_string(&m, NULL); | 266 | pw->pw_class = buffer_get_string(&m, NULL); |
265 | #endif | 267 | #endif |
266 | pw->pw_dir = buffer_get_string(&m, NULL); | 268 | pw->pw_dir = buffer_get_string(&m, NULL); |
@@ -286,7 +288,7 @@ out: | |||
286 | #undef M_CP_STRARRAYOPT | 288 | #undef M_CP_STRARRAYOPT |
287 | 289 | ||
288 | copy_set_server_options(&options, newopts, 1); | 290 | copy_set_server_options(&options, newopts, 1); |
289 | xfree(newopts); | 291 | free(newopts); |
290 | 292 | ||
291 | buffer_free(&m); | 293 | buffer_free(&m); |
292 | 294 | ||
@@ -312,7 +314,7 @@ mm_auth2_read_banner(void) | |||
312 | 314 | ||
313 | /* treat empty banner as missing banner */ | 315 | /* treat empty banner as missing banner */ |
314 | if (strlen(banner) == 0) { | 316 | if (strlen(banner) == 0) { |
315 | xfree(banner); | 317 | free(banner); |
316 | banner = NULL; | 318 | banner = NULL; |
317 | } | 319 | } |
318 | return (banner); | 320 | return (banner); |
@@ -423,7 +425,7 @@ mm_key_allowed(enum mm_keytype type, char *user, char *host, Key *key) | |||
423 | buffer_put_cstring(&m, user ? user : ""); | 425 | buffer_put_cstring(&m, user ? user : ""); |
424 | buffer_put_cstring(&m, host ? host : ""); | 426 | buffer_put_cstring(&m, host ? host : ""); |
425 | buffer_put_string(&m, blob, len); | 427 | buffer_put_string(&m, blob, len); |
426 | xfree(blob); | 428 | free(blob); |
427 | 429 | ||
428 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYALLOWED, &m); | 430 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYALLOWED, &m); |
429 | 431 | ||
@@ -466,7 +468,7 @@ mm_key_verify(Key *key, u_char *sig, u_int siglen, u_char *data, u_int datalen) | |||
466 | buffer_put_string(&m, blob, len); | 468 | buffer_put_string(&m, blob, len); |
467 | buffer_put_string(&m, sig, siglen); | 469 | buffer_put_string(&m, sig, siglen); |
468 | buffer_put_string(&m, data, datalen); | 470 | buffer_put_string(&m, data, datalen); |
469 | xfree(blob); | 471 | free(blob); |
470 | 472 | ||
471 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYVERIFY, &m); | 473 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYVERIFY, &m); |
472 | 474 | ||
@@ -635,7 +637,7 @@ mm_send_keystate(struct monitor *monitor) | |||
635 | keylen = packet_get_encryption_key(key); | 637 | keylen = packet_get_encryption_key(key); |
636 | buffer_put_string(&m, key, keylen); | 638 | buffer_put_string(&m, key, keylen); |
637 | memset(key, 0, keylen); | 639 | memset(key, 0, keylen); |
638 | xfree(key); | 640 | free(key); |
639 | 641 | ||
640 | ivlen = packet_get_keyiv_len(MODE_OUT); | 642 | ivlen = packet_get_keyiv_len(MODE_OUT); |
641 | packet_get_keyiv(MODE_OUT, iv, ivlen); | 643 | packet_get_keyiv(MODE_OUT, iv, ivlen); |
@@ -658,13 +660,13 @@ mm_send_keystate(struct monitor *monitor) | |||
658 | fatal("%s: conversion of newkeys failed", __func__); | 660 | fatal("%s: conversion of newkeys failed", __func__); |
659 | 661 | ||
660 | buffer_put_string(&m, blob, bloblen); | 662 | buffer_put_string(&m, blob, bloblen); |
661 | xfree(blob); | 663 | free(blob); |
662 | 664 | ||
663 | if (!mm_newkeys_to_blob(MODE_IN, &blob, &bloblen)) | 665 | if (!mm_newkeys_to_blob(MODE_IN, &blob, &bloblen)) |
664 | fatal("%s: conversion of newkeys failed", __func__); | 666 | fatal("%s: conversion of newkeys failed", __func__); |
665 | 667 | ||
666 | buffer_put_string(&m, blob, bloblen); | 668 | buffer_put_string(&m, blob, bloblen); |
667 | xfree(blob); | 669 | free(blob); |
668 | 670 | ||
669 | packet_get_state(MODE_OUT, &seqnr, &blocks, &packets, &bytes); | 671 | packet_get_state(MODE_OUT, &seqnr, &blocks, &packets, &bytes); |
670 | buffer_put_int(&m, seqnr); | 672 | buffer_put_int(&m, seqnr); |
@@ -684,13 +686,13 @@ mm_send_keystate(struct monitor *monitor) | |||
684 | p = xmalloc(plen+1); | 686 | p = xmalloc(plen+1); |
685 | packet_get_keycontext(MODE_OUT, p); | 687 | packet_get_keycontext(MODE_OUT, p); |
686 | buffer_put_string(&m, p, plen); | 688 | buffer_put_string(&m, p, plen); |
687 | xfree(p); | 689 | free(p); |
688 | 690 | ||
689 | plen = packet_get_keycontext(MODE_IN, NULL); | 691 | plen = packet_get_keycontext(MODE_IN, NULL); |
690 | p = xmalloc(plen+1); | 692 | p = xmalloc(plen+1); |
691 | packet_get_keycontext(MODE_IN, p); | 693 | packet_get_keycontext(MODE_IN, p); |
692 | buffer_put_string(&m, p, plen); | 694 | buffer_put_string(&m, p, plen); |
693 | xfree(p); | 695 | free(p); |
694 | 696 | ||
695 | /* Compression state */ | 697 | /* Compression state */ |
696 | debug3("%s: Sending compression state", __func__); | 698 | debug3("%s: Sending compression state", __func__); |
@@ -752,10 +754,10 @@ mm_pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, size_t namebuflen) | |||
752 | buffer_free(&m); | 754 | buffer_free(&m); |
753 | 755 | ||
754 | strlcpy(namebuf, p, namebuflen); /* Possible truncation */ | 756 | strlcpy(namebuf, p, namebuflen); /* Possible truncation */ |
755 | xfree(p); | 757 | free(p); |
756 | 758 | ||
757 | buffer_append(&loginmsg, msg, strlen(msg)); | 759 | buffer_append(&loginmsg, msg, strlen(msg)); |
758 | xfree(msg); | 760 | free(msg); |
759 | 761 | ||
760 | if ((*ptyfd = mm_receive_fd(pmonitor->m_recvfd)) == -1 || | 762 | if ((*ptyfd = mm_receive_fd(pmonitor->m_recvfd)) == -1 || |
761 | (*ttyfd = mm_receive_fd(pmonitor->m_recvfd)) == -1) | 763 | (*ttyfd = mm_receive_fd(pmonitor->m_recvfd)) == -1) |
@@ -821,7 +823,7 @@ mm_do_pam_account(void) | |||
821 | ret = buffer_get_int(&m); | 823 | ret = buffer_get_int(&m); |
822 | msg = buffer_get_string(&m, NULL); | 824 | msg = buffer_get_string(&m, NULL); |
823 | buffer_append(&loginmsg, msg, strlen(msg)); | 825 | buffer_append(&loginmsg, msg, strlen(msg)); |
824 | xfree(msg); | 826 | free(msg); |
825 | 827 | ||
826 | buffer_free(&m); | 828 | buffer_free(&m); |
827 | 829 | ||
@@ -1051,7 +1053,7 @@ mm_skey_query(void *ctx, char **name, char **infotxt, | |||
1051 | mm_chall_setup(name, infotxt, numprompts, prompts, echo_on); | 1053 | mm_chall_setup(name, infotxt, numprompts, prompts, echo_on); |
1052 | 1054 | ||
1053 | xasprintf(*prompts, "%s%s", challenge, SKEY_PROMPT); | 1055 | xasprintf(*prompts, "%s%s", challenge, SKEY_PROMPT); |
1054 | xfree(challenge); | 1056 | free(challenge); |
1055 | 1057 | ||
1056 | return (0); | 1058 | return (0); |
1057 | } | 1059 | } |
@@ -1125,7 +1127,7 @@ mm_auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey) | |||
1125 | if ((key = key_from_blob(blob, blen)) == NULL) | 1127 | if ((key = key_from_blob(blob, blen)) == NULL) |
1126 | fatal("%s: key_from_blob failed", __func__); | 1128 | fatal("%s: key_from_blob failed", __func__); |
1127 | *rkey = key; | 1129 | *rkey = key; |
1128 | xfree(blob); | 1130 | free(blob); |
1129 | } | 1131 | } |
1130 | buffer_free(&m); | 1132 | buffer_free(&m); |
1131 | 1133 | ||
@@ -1152,7 +1154,7 @@ mm_auth_rsa_generate_challenge(Key *key) | |||
1152 | 1154 | ||
1153 | buffer_init(&m); | 1155 | buffer_init(&m); |
1154 | buffer_put_string(&m, blob, blen); | 1156 | buffer_put_string(&m, blob, blen); |
1155 | xfree(blob); | 1157 | free(blob); |
1156 | 1158 | ||
1157 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_RSACHALLENGE, &m); | 1159 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_RSACHALLENGE, &m); |
1158 | mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_RSACHALLENGE, &m); | 1160 | mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_RSACHALLENGE, &m); |
@@ -1181,7 +1183,7 @@ mm_auth_rsa_verify_response(Key *key, BIGNUM *p, u_char response[16]) | |||
1181 | buffer_init(&m); | 1183 | buffer_init(&m); |
1182 | buffer_put_string(&m, blob, blen); | 1184 | buffer_put_string(&m, blob, blen); |
1183 | buffer_put_string(&m, response, 16); | 1185 | buffer_put_string(&m, response, 16); |
1184 | xfree(blob); | 1186 | free(blob); |
1185 | 1187 | ||
1186 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_RSARESPONSE, &m); | 1188 | mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_RSARESPONSE, &m); |
1187 | mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_RSARESPONSE, &m); | 1189 | mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_RSARESPONSE, &m); |
@@ -1539,7 +1541,7 @@ mm_consolekit_register(Session *s, const char *display) | |||
1539 | 1541 | ||
1540 | /* treat empty cookie as missing cookie */ | 1542 | /* treat empty cookie as missing cookie */ |
1541 | if (strlen(cookie) == 0) { | 1543 | if (strlen(cookie) == 0) { |
1542 | xfree(cookie); | 1544 | free(cookie); |
1543 | cookie = NULL; | 1545 | cookie = NULL; |
1544 | } | 1546 | } |
1545 | return (cookie); | 1547 | return (cookie); |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: mux.c,v 1.38 2013/01/02 00:32:07 djm Exp $ */ | 1 | /* $OpenBSD: mux.c,v 1.44 2013/07/12 00:19:58 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2002-2008 Damien Miller <djm@openbsd.org> | 3 | * Copyright (c) 2002-2008 Damien Miller <djm@openbsd.org> |
4 | * | 4 | * |
@@ -184,7 +184,7 @@ static const struct { | |||
184 | 184 | ||
185 | /* Cleanup callback fired on closure of mux slave _session_ channel */ | 185 | /* Cleanup callback fired on closure of mux slave _session_ channel */ |
186 | /* ARGSUSED */ | 186 | /* ARGSUSED */ |
187 | void | 187 | static void |
188 | mux_master_session_cleanup_cb(int cid, void *unused) | 188 | mux_master_session_cleanup_cb(int cid, void *unused) |
189 | { | 189 | { |
190 | Channel *cc, *c = channel_by_id(cid); | 190 | Channel *cc, *c = channel_by_id(cid); |
@@ -219,7 +219,8 @@ mux_master_control_cleanup_cb(int cid, void *unused) | |||
219 | __func__, c->self, c->remote_id); | 219 | __func__, c->self, c->remote_id); |
220 | c->remote_id = -1; | 220 | c->remote_id = -1; |
221 | sc->ctl_chan = -1; | 221 | sc->ctl_chan = -1; |
222 | if (sc->type != SSH_CHANNEL_OPEN) { | 222 | if (sc->type != SSH_CHANNEL_OPEN && |
223 | sc->type != SSH_CHANNEL_OPENING) { | ||
223 | debug2("%s: channel %d: not open", __func__, sc->self); | 224 | debug2("%s: channel %d: not open", __func__, sc->self); |
224 | chan_mark_dead(sc); | 225 | chan_mark_dead(sc); |
225 | } else { | 226 | } else { |
@@ -286,13 +287,13 @@ process_mux_master_hello(u_int rid, Channel *c, Buffer *m, Buffer *r) | |||
286 | char *value = buffer_get_string_ret(m, NULL); | 287 | char *value = buffer_get_string_ret(m, NULL); |
287 | 288 | ||
288 | if (name == NULL || value == NULL) { | 289 | if (name == NULL || value == NULL) { |
289 | if (name != NULL) | 290 | free(name); |
290 | xfree(name); | 291 | free(value); |
291 | goto malf; | 292 | goto malf; |
292 | } | 293 | } |
293 | debug2("Unrecognised slave extension \"%s\"", name); | 294 | debug2("Unrecognised slave extension \"%s\"", name); |
294 | xfree(name); | 295 | free(name); |
295 | xfree(value); | 296 | free(value); |
296 | } | 297 | } |
297 | state->hello_rcvd = 1; | 298 | state->hello_rcvd = 1; |
298 | return 0; | 299 | return 0; |
@@ -323,21 +324,17 @@ process_mux_new_session(u_int rid, Channel *c, Buffer *m, Buffer *r) | |||
323 | (cctx->term = buffer_get_string_ret(m, &len)) == NULL || | 324 | (cctx->term = buffer_get_string_ret(m, &len)) == NULL || |
324 | (cmd = buffer_get_string_ret(m, &len)) == NULL) { | 325 | (cmd = buffer_get_string_ret(m, &len)) == NULL) { |
325 | malf: | 326 | malf: |
326 | if (cmd != NULL) | 327 | free(cmd); |
327 | xfree(cmd); | 328 | free(reserved); |
328 | if (reserved != NULL) | ||
329 | xfree(reserved); | ||
330 | for (j = 0; j < env_len; j++) | 329 | for (j = 0; j < env_len; j++) |
331 | xfree(cctx->env[j]); | 330 | free(cctx->env[j]); |
332 | if (env_len > 0) | 331 | free(cctx->env); |
333 | xfree(cctx->env); | 332 | free(cctx->term); |
334 | if (cctx->term != NULL) | 333 | free(cctx); |
335 | xfree(cctx->term); | ||
336 | xfree(cctx); | ||
337 | error("%s: malformed message", __func__); | 334 | error("%s: malformed message", __func__); |
338 | return -1; | 335 | return -1; |
339 | } | 336 | } |
340 | xfree(reserved); | 337 | free(reserved); |
341 | reserved = NULL; | 338 | reserved = NULL; |
342 | 339 | ||
343 | while (buffer_len(m) > 0) { | 340 | while (buffer_len(m) > 0) { |
@@ -345,7 +342,7 @@ process_mux_new_session(u_int rid, Channel *c, Buffer *m, Buffer *r) | |||
345 | if ((cp = buffer_get_string_ret(m, &len)) == NULL) | 342 | if ((cp = buffer_get_string_ret(m, &len)) == NULL) |
346 | goto malf; | 343 | goto malf; |
347 | if (!env_permitted(cp)) { | 344 | if (!env_permitted(cp)) { |
348 | xfree(cp); | 345 | free(cp); |
349 | continue; | 346 | continue; |
350 | } | 347 | } |
351 | cctx->env = xrealloc(cctx->env, env_len + 2, | 348 | cctx->env = xrealloc(cctx->env, env_len + 2, |
@@ -366,7 +363,7 @@ process_mux_new_session(u_int rid, Channel *c, Buffer *m, Buffer *r) | |||
366 | 363 | ||
367 | buffer_init(&cctx->cmd); | 364 | buffer_init(&cctx->cmd); |
368 | buffer_append(&cctx->cmd, cmd, strlen(cmd)); | 365 | buffer_append(&cctx->cmd, cmd, strlen(cmd)); |
369 | xfree(cmd); | 366 | free(cmd); |
370 | cmd = NULL; | 367 | cmd = NULL; |
371 | 368 | ||
372 | /* Gather fds from client */ | 369 | /* Gather fds from client */ |
@@ -377,12 +374,11 @@ process_mux_new_session(u_int rid, Channel *c, Buffer *m, Buffer *r) | |||
377 | for (j = 0; j < i; j++) | 374 | for (j = 0; j < i; j++) |
378 | close(new_fd[j]); | 375 | close(new_fd[j]); |
379 | for (j = 0; j < env_len; j++) | 376 | for (j = 0; j < env_len; j++) |
380 | xfree(cctx->env[j]); | 377 | free(cctx->env[j]); |
381 | if (env_len > 0) | 378 | free(cctx->env); |
382 | xfree(cctx->env); | 379 | free(cctx->term); |
383 | xfree(cctx->term); | ||
384 | buffer_free(&cctx->cmd); | 380 | buffer_free(&cctx->cmd); |
385 | xfree(cctx); | 381 | free(cctx); |
386 | 382 | ||
387 | /* prepare reply */ | 383 | /* prepare reply */ |
388 | buffer_put_int(r, MUX_S_FAILURE); | 384 | buffer_put_int(r, MUX_S_FAILURE); |
@@ -407,14 +403,14 @@ process_mux_new_session(u_int rid, Channel *c, Buffer *m, Buffer *r) | |||
407 | close(new_fd[0]); | 403 | close(new_fd[0]); |
408 | close(new_fd[1]); | 404 | close(new_fd[1]); |
409 | close(new_fd[2]); | 405 | close(new_fd[2]); |
410 | xfree(cctx->term); | 406 | free(cctx->term); |
411 | if (env_len != 0) { | 407 | if (env_len != 0) { |
412 | for (i = 0; i < env_len; i++) | 408 | for (i = 0; i < env_len; i++) |
413 | xfree(cctx->env[i]); | 409 | free(cctx->env[i]); |
414 | xfree(cctx->env); | 410 | free(cctx->env); |
415 | } | 411 | } |
416 | buffer_free(&cctx->cmd); | 412 | buffer_free(&cctx->cmd); |
417 | xfree(cctx); | 413 | free(cctx); |
418 | return 0; | 414 | return 0; |
419 | } | 415 | } |
420 | 416 | ||
@@ -619,7 +615,7 @@ mux_confirm_remote_forward(int type, u_int32_t seq, void *ctxt) | |||
619 | buffer_put_int(&out, MUX_S_FAILURE); | 615 | buffer_put_int(&out, MUX_S_FAILURE); |
620 | buffer_put_int(&out, fctx->rid); | 616 | buffer_put_int(&out, fctx->rid); |
621 | buffer_put_cstring(&out, failmsg); | 617 | buffer_put_cstring(&out, failmsg); |
622 | xfree(failmsg); | 618 | free(failmsg); |
623 | out: | 619 | out: |
624 | buffer_put_string(&c->output, buffer_ptr(&out), buffer_len(&out)); | 620 | buffer_put_string(&c->output, buffer_ptr(&out), buffer_len(&out)); |
625 | buffer_free(&out); | 621 | buffer_free(&out); |
@@ -634,25 +630,28 @@ process_mux_open_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r) | |||
634 | Forward fwd; | 630 | Forward fwd; |
635 | char *fwd_desc = NULL; | 631 | char *fwd_desc = NULL; |
636 | u_int ftype; | 632 | u_int ftype; |
633 | u_int lport, cport; | ||
637 | int i, ret = 0, freefwd = 1; | 634 | int i, ret = 0, freefwd = 1; |
638 | 635 | ||
639 | fwd.listen_host = fwd.connect_host = NULL; | 636 | fwd.listen_host = fwd.connect_host = NULL; |
640 | if (buffer_get_int_ret(&ftype, m) != 0 || | 637 | if (buffer_get_int_ret(&ftype, m) != 0 || |
641 | (fwd.listen_host = buffer_get_string_ret(m, NULL)) == NULL || | 638 | (fwd.listen_host = buffer_get_string_ret(m, NULL)) == NULL || |
642 | buffer_get_int_ret(&fwd.listen_port, m) != 0 || | 639 | buffer_get_int_ret(&lport, m) != 0 || |
643 | (fwd.connect_host = buffer_get_string_ret(m, NULL)) == NULL || | 640 | (fwd.connect_host = buffer_get_string_ret(m, NULL)) == NULL || |
644 | buffer_get_int_ret(&fwd.connect_port, m) != 0) { | 641 | buffer_get_int_ret(&cport, m) != 0 || |
642 | lport > 65535 || cport > 65535) { | ||
645 | error("%s: malformed message", __func__); | 643 | error("%s: malformed message", __func__); |
646 | ret = -1; | 644 | ret = -1; |
647 | goto out; | 645 | goto out; |
648 | } | 646 | } |
649 | 647 | fwd.listen_port = lport; | |
648 | fwd.connect_port = cport; | ||
650 | if (*fwd.listen_host == '\0') { | 649 | if (*fwd.listen_host == '\0') { |
651 | xfree(fwd.listen_host); | 650 | free(fwd.listen_host); |
652 | fwd.listen_host = NULL; | 651 | fwd.listen_host = NULL; |
653 | } | 652 | } |
654 | if (*fwd.connect_host == '\0') { | 653 | if (*fwd.connect_host == '\0') { |
655 | xfree(fwd.connect_host); | 654 | free(fwd.connect_host); |
656 | fwd.connect_host = NULL; | 655 | fwd.connect_host = NULL; |
657 | } | 656 | } |
658 | 657 | ||
@@ -663,10 +662,8 @@ process_mux_open_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r) | |||
663 | ftype != MUX_FWD_DYNAMIC) { | 662 | ftype != MUX_FWD_DYNAMIC) { |
664 | logit("%s: invalid forwarding type %u", __func__, ftype); | 663 | logit("%s: invalid forwarding type %u", __func__, ftype); |
665 | invalid: | 664 | invalid: |
666 | if (fwd.listen_host) | 665 | free(fwd.listen_host); |
667 | xfree(fwd.listen_host); | 666 | free(fwd.connect_host); |
668 | if (fwd.connect_host) | ||
669 | xfree(fwd.connect_host); | ||
670 | buffer_put_int(r, MUX_S_FAILURE); | 667 | buffer_put_int(r, MUX_S_FAILURE); |
671 | buffer_put_int(r, rid); | 668 | buffer_put_int(r, rid); |
672 | buffer_put_cstring(r, "Invalid forwarding request"); | 669 | buffer_put_cstring(r, "Invalid forwarding request"); |
@@ -768,13 +765,10 @@ process_mux_open_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r) | |||
768 | buffer_put_int(r, MUX_S_OK); | 765 | buffer_put_int(r, MUX_S_OK); |
769 | buffer_put_int(r, rid); | 766 | buffer_put_int(r, rid); |
770 | out: | 767 | out: |
771 | if (fwd_desc != NULL) | 768 | free(fwd_desc); |
772 | xfree(fwd_desc); | ||
773 | if (freefwd) { | 769 | if (freefwd) { |
774 | if (fwd.listen_host != NULL) | 770 | free(fwd.listen_host); |
775 | xfree(fwd.listen_host); | 771 | free(fwd.connect_host); |
776 | if (fwd.connect_host != NULL) | ||
777 | xfree(fwd.connect_host); | ||
778 | } | 772 | } |
779 | return ret; | 773 | return ret; |
780 | } | 774 | } |
@@ -787,24 +781,28 @@ process_mux_close_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r) | |||
787 | const char *error_reason = NULL; | 781 | const char *error_reason = NULL; |
788 | u_int ftype; | 782 | u_int ftype; |
789 | int i, listen_port, ret = 0; | 783 | int i, listen_port, ret = 0; |
784 | u_int lport, cport; | ||
790 | 785 | ||
791 | fwd.listen_host = fwd.connect_host = NULL; | 786 | fwd.listen_host = fwd.connect_host = NULL; |
792 | if (buffer_get_int_ret(&ftype, m) != 0 || | 787 | if (buffer_get_int_ret(&ftype, m) != 0 || |
793 | (fwd.listen_host = buffer_get_string_ret(m, NULL)) == NULL || | 788 | (fwd.listen_host = buffer_get_string_ret(m, NULL)) == NULL || |
794 | buffer_get_int_ret(&fwd.listen_port, m) != 0 || | 789 | buffer_get_int_ret(&lport, m) != 0 || |
795 | (fwd.connect_host = buffer_get_string_ret(m, NULL)) == NULL || | 790 | (fwd.connect_host = buffer_get_string_ret(m, NULL)) == NULL || |
796 | buffer_get_int_ret(&fwd.connect_port, m) != 0) { | 791 | buffer_get_int_ret(&cport, m) != 0 || |
792 | lport > 65535 || cport > 65535) { | ||
797 | error("%s: malformed message", __func__); | 793 | error("%s: malformed message", __func__); |
798 | ret = -1; | 794 | ret = -1; |
799 | goto out; | 795 | goto out; |
800 | } | 796 | } |
797 | fwd.listen_port = lport; | ||
798 | fwd.connect_port = cport; | ||
801 | 799 | ||
802 | if (*fwd.listen_host == '\0') { | 800 | if (*fwd.listen_host == '\0') { |
803 | xfree(fwd.listen_host); | 801 | free(fwd.listen_host); |
804 | fwd.listen_host = NULL; | 802 | fwd.listen_host = NULL; |
805 | } | 803 | } |
806 | if (*fwd.connect_host == '\0') { | 804 | if (*fwd.connect_host == '\0') { |
807 | xfree(fwd.connect_host); | 805 | free(fwd.connect_host); |
808 | fwd.connect_host = NULL; | 806 | fwd.connect_host = NULL; |
809 | } | 807 | } |
810 | 808 | ||
@@ -861,10 +859,8 @@ process_mux_close_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r) | |||
861 | buffer_put_int(r, MUX_S_OK); | 859 | buffer_put_int(r, MUX_S_OK); |
862 | buffer_put_int(r, rid); | 860 | buffer_put_int(r, rid); |
863 | 861 | ||
864 | if (found_fwd->listen_host != NULL) | 862 | free(found_fwd->listen_host); |
865 | xfree(found_fwd->listen_host); | 863 | free(found_fwd->connect_host); |
866 | if (found_fwd->connect_host != NULL) | ||
867 | xfree(found_fwd->connect_host); | ||
868 | found_fwd->listen_host = found_fwd->connect_host = NULL; | 864 | found_fwd->listen_host = found_fwd->connect_host = NULL; |
869 | found_fwd->listen_port = found_fwd->connect_port = 0; | 865 | found_fwd->listen_port = found_fwd->connect_port = 0; |
870 | } else { | 866 | } else { |
@@ -873,12 +869,9 @@ process_mux_close_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r) | |||
873 | buffer_put_cstring(r, error_reason); | 869 | buffer_put_cstring(r, error_reason); |
874 | } | 870 | } |
875 | out: | 871 | out: |
876 | if (fwd_desc != NULL) | 872 | free(fwd_desc); |
877 | xfree(fwd_desc); | 873 | free(fwd.listen_host); |
878 | if (fwd.listen_host != NULL) | 874 | free(fwd.connect_host); |
879 | xfree(fwd.listen_host); | ||
880 | if (fwd.connect_host != NULL) | ||
881 | xfree(fwd.connect_host); | ||
882 | 875 | ||
883 | return ret; | 876 | return ret; |
884 | } | 877 | } |
@@ -895,14 +888,12 @@ process_mux_stdio_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r) | |||
895 | if ((reserved = buffer_get_string_ret(m, NULL)) == NULL || | 888 | if ((reserved = buffer_get_string_ret(m, NULL)) == NULL || |
896 | (chost = buffer_get_string_ret(m, NULL)) == NULL || | 889 | (chost = buffer_get_string_ret(m, NULL)) == NULL || |
897 | buffer_get_int_ret(&cport, m) != 0) { | 890 | buffer_get_int_ret(&cport, m) != 0) { |
898 | if (reserved != NULL) | 891 | free(reserved); |
899 | xfree(reserved); | 892 | free(chost); |
900 | if (chost != NULL) | ||
901 | xfree(chost); | ||
902 | error("%s: malformed message", __func__); | 893 | error("%s: malformed message", __func__); |
903 | return -1; | 894 | return -1; |
904 | } | 895 | } |
905 | xfree(reserved); | 896 | free(reserved); |
906 | 897 | ||
907 | debug2("%s: channel %d: request stdio fwd to %s:%u", | 898 | debug2("%s: channel %d: request stdio fwd to %s:%u", |
908 | __func__, c->self, chost, cport); | 899 | __func__, c->self, chost, cport); |
@@ -914,7 +905,7 @@ process_mux_stdio_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r) | |||
914 | __func__, i); | 905 | __func__, i); |
915 | for (j = 0; j < i; j++) | 906 | for (j = 0; j < i; j++) |
916 | close(new_fd[j]); | 907 | close(new_fd[j]); |
917 | xfree(chost); | 908 | free(chost); |
918 | 909 | ||
919 | /* prepare reply */ | 910 | /* prepare reply */ |
920 | buffer_put_int(r, MUX_S_FAILURE); | 911 | buffer_put_int(r, MUX_S_FAILURE); |
@@ -938,7 +929,7 @@ process_mux_stdio_fwd(u_int rid, Channel *c, Buffer *m, Buffer *r) | |||
938 | cleanup: | 929 | cleanup: |
939 | close(new_fd[0]); | 930 | close(new_fd[0]); |
940 | close(new_fd[1]); | 931 | close(new_fd[1]); |
941 | xfree(chost); | 932 | free(chost); |
942 | return 0; | 933 | return 0; |
943 | } | 934 | } |
944 | 935 | ||
@@ -1000,7 +991,7 @@ process_mux_stop_listening(u_int rid, Channel *c, Buffer *m, Buffer *r) | |||
1000 | if (mux_listener_channel != NULL) { | 991 | if (mux_listener_channel != NULL) { |
1001 | channel_free(mux_listener_channel); | 992 | channel_free(mux_listener_channel); |
1002 | client_stop_mux(); | 993 | client_stop_mux(); |
1003 | xfree(options.control_path); | 994 | free(options.control_path); |
1004 | options.control_path = NULL; | 995 | options.control_path = NULL; |
1005 | mux_listener_channel = NULL; | 996 | mux_listener_channel = NULL; |
1006 | muxserver_sock = -1; | 997 | muxserver_sock = -1; |
@@ -1100,7 +1091,7 @@ mux_exit_message(Channel *c, int exitval) | |||
1100 | Buffer m; | 1091 | Buffer m; |
1101 | Channel *mux_chan; | 1092 | Channel *mux_chan; |
1102 | 1093 | ||
1103 | debug3("%s: channel %d: exit message, evitval %d", __func__, c->self, | 1094 | debug3("%s: channel %d: exit message, exitval %d", __func__, c->self, |
1104 | exitval); | 1095 | exitval); |
1105 | 1096 | ||
1106 | if ((mux_chan = channel_by_id(c->ctl_chan)) == NULL) | 1097 | if ((mux_chan = channel_by_id(c->ctl_chan)) == NULL) |
@@ -1197,8 +1188,8 @@ muxserver_listen(void) | |||
1197 | close(muxserver_sock); | 1188 | close(muxserver_sock); |
1198 | muxserver_sock = -1; | 1189 | muxserver_sock = -1; |
1199 | } | 1190 | } |
1200 | xfree(orig_control_path); | 1191 | free(orig_control_path); |
1201 | xfree(options.control_path); | 1192 | free(options.control_path); |
1202 | options.control_path = NULL; | 1193 | options.control_path = NULL; |
1203 | options.control_master = SSHCTL_MASTER_NO; | 1194 | options.control_master = SSHCTL_MASTER_NO; |
1204 | return; | 1195 | return; |
@@ -1223,7 +1214,7 @@ muxserver_listen(void) | |||
1223 | goto disable_mux_master; | 1214 | goto disable_mux_master; |
1224 | } | 1215 | } |
1225 | unlink(options.control_path); | 1216 | unlink(options.control_path); |
1226 | xfree(options.control_path); | 1217 | free(options.control_path); |
1227 | options.control_path = orig_control_path; | 1218 | options.control_path = orig_control_path; |
1228 | 1219 | ||
1229 | set_nonblock(muxserver_sock); | 1220 | set_nonblock(muxserver_sock); |
@@ -1308,13 +1299,13 @@ mux_session_confirm(int id, int success, void *arg) | |||
1308 | cc->mux_pause = 0; /* start processing messages again */ | 1299 | cc->mux_pause = 0; /* start processing messages again */ |
1309 | c->open_confirm_ctx = NULL; | 1300 | c->open_confirm_ctx = NULL; |
1310 | buffer_free(&cctx->cmd); | 1301 | buffer_free(&cctx->cmd); |
1311 | xfree(cctx->term); | 1302 | free(cctx->term); |
1312 | if (cctx->env != NULL) { | 1303 | if (cctx->env != NULL) { |
1313 | for (i = 0; cctx->env[i] != NULL; i++) | 1304 | for (i = 0; cctx->env[i] != NULL; i++) |
1314 | xfree(cctx->env[i]); | 1305 | free(cctx->env[i]); |
1315 | xfree(cctx->env); | 1306 | free(cctx->env); |
1316 | } | 1307 | } |
1317 | xfree(cctx); | 1308 | free(cctx); |
1318 | } | 1309 | } |
1319 | 1310 | ||
1320 | /* ** Multiplexing client support */ | 1311 | /* ** Multiplexing client support */ |
@@ -1444,7 +1435,9 @@ mux_client_read_packet(int fd, Buffer *m) | |||
1444 | buffer_init(&queue); | 1435 | buffer_init(&queue); |
1445 | if (mux_client_read(fd, &queue, 4) != 0) { | 1436 | if (mux_client_read(fd, &queue, 4) != 0) { |
1446 | if ((oerrno = errno) == EPIPE) | 1437 | if ((oerrno = errno) == EPIPE) |
1447 | debug3("%s: read header failed: %s", __func__, strerror(errno)); | 1438 | debug3("%s: read header failed: %s", __func__, |
1439 | strerror(errno)); | ||
1440 | buffer_free(&queue); | ||
1448 | errno = oerrno; | 1441 | errno = oerrno; |
1449 | return -1; | 1442 | return -1; |
1450 | } | 1443 | } |
@@ -1452,6 +1445,7 @@ mux_client_read_packet(int fd, Buffer *m) | |||
1452 | if (mux_client_read(fd, &queue, need) != 0) { | 1445 | if (mux_client_read(fd, &queue, need) != 0) { |
1453 | oerrno = errno; | 1446 | oerrno = errno; |
1454 | debug3("%s: read body failed: %s", __func__, strerror(errno)); | 1447 | debug3("%s: read body failed: %s", __func__, strerror(errno)); |
1448 | buffer_free(&queue); | ||
1455 | errno = oerrno; | 1449 | errno = oerrno; |
1456 | return -1; | 1450 | return -1; |
1457 | } | 1451 | } |
@@ -1498,8 +1492,8 @@ mux_client_hello_exchange(int fd) | |||
1498 | char *value = buffer_get_string(&m, NULL); | 1492 | char *value = buffer_get_string(&m, NULL); |
1499 | 1493 | ||
1500 | debug2("Unrecognised master extension \"%s\"", name); | 1494 | debug2("Unrecognised master extension \"%s\"", name); |
1501 | xfree(name); | 1495 | free(name); |
1502 | xfree(value); | 1496 | free(value); |
1503 | } | 1497 | } |
1504 | buffer_free(&m); | 1498 | buffer_free(&m); |
1505 | return 0; | 1499 | return 0; |
@@ -1608,7 +1602,7 @@ mux_client_forward(int fd, int cancel_flag, u_int ftype, Forward *fwd) | |||
1608 | fwd_desc = format_forward(ftype, fwd); | 1602 | fwd_desc = format_forward(ftype, fwd); |
1609 | debug("Requesting %s %s", | 1603 | debug("Requesting %s %s", |
1610 | cancel_flag ? "cancellation of" : "forwarding of", fwd_desc); | 1604 | cancel_flag ? "cancellation of" : "forwarding of", fwd_desc); |
1611 | xfree(fwd_desc); | 1605 | free(fwd_desc); |
1612 | 1606 | ||
1613 | buffer_init(&m); | 1607 | buffer_init(&m); |
1614 | buffer_put_int(&m, cancel_flag ? MUX_C_CLOSE_FWD : MUX_C_OPEN_FWD); | 1608 | buffer_put_int(&m, cancel_flag ? MUX_C_CLOSE_FWD : MUX_C_OPEN_FWD); |
diff --git a/myproposal.h b/myproposal.h index 99d093461..4e913e3ce 100644 --- a/myproposal.h +++ b/myproposal.h | |||
@@ -26,6 +26,8 @@ | |||
26 | 26 | ||
27 | #include <openssl/opensslv.h> | 27 | #include <openssl/opensslv.h> |
28 | 28 | ||
29 | /* conditional algorithm support */ | ||
30 | |||
29 | #ifdef OPENSSL_HAS_ECC | 31 | #ifdef OPENSSL_HAS_ECC |
30 | # define KEX_ECDH_METHODS \ | 32 | # define KEX_ECDH_METHODS \ |
31 | "ecdh-sha2-nistp256," \ | 33 | "ecdh-sha2-nistp256," \ |
@@ -45,12 +47,22 @@ | |||
45 | # define HOSTKEY_ECDSA_METHODS | 47 | # define HOSTKEY_ECDSA_METHODS |
46 | #endif | 48 | #endif |
47 | 49 | ||
48 | /* Old OpenSSL doesn't support what we need for DHGEX-sha256 */ | 50 | #ifdef OPENSSL_HAVE_EVPGCM |
49 | #if OPENSSL_VERSION_NUMBER >= 0x00907000L | 51 | # define AESGCM_CIPHER_MODES \ |
52 | "aes128-gcm@openssh.com,aes256-gcm@openssh.com," | ||
53 | #else | ||
54 | # define AESGCM_CIPHER_MODES | ||
55 | #endif | ||
56 | |||
57 | #ifdef HAVE_EVP_SHA256 | ||
50 | # define KEX_SHA256_METHODS \ | 58 | # define KEX_SHA256_METHODS \ |
51 | "diffie-hellman-group-exchange-sha256," | 59 | "diffie-hellman-group-exchange-sha256," |
60 | #define SHA2_HMAC_MODES \ | ||
61 | "hmac-sha2-256," \ | ||
62 | "hmac-sha2-512," | ||
52 | #else | 63 | #else |
53 | # define KEX_SHA256_METHODS | 64 | # define KEX_SHA256_METHODS |
65 | # define SHA2_HMAC_MODES | ||
54 | #endif | 66 | #endif |
55 | 67 | ||
56 | # define KEX_DEFAULT_KEX \ | 68 | # define KEX_DEFAULT_KEX \ |
@@ -70,19 +82,15 @@ | |||
70 | "ssh-rsa," \ | 82 | "ssh-rsa," \ |
71 | "ssh-dss" | 83 | "ssh-dss" |
72 | 84 | ||
85 | /* the actual algorithms */ | ||
86 | |||
73 | #define KEX_DEFAULT_ENCRYPT \ | 87 | #define KEX_DEFAULT_ENCRYPT \ |
74 | "aes128-ctr,aes192-ctr,aes256-ctr," \ | 88 | "aes128-ctr,aes192-ctr,aes256-ctr," \ |
75 | "arcfour256,arcfour128," \ | 89 | "arcfour256,arcfour128," \ |
76 | "aes128-gcm@openssh.com,aes256-gcm@openssh.com," \ | 90 | AESGCM_CIPHER_MODES \ |
77 | "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \ | 91 | "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \ |
78 | "aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se" | 92 | "aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se" |
79 | #ifdef HAVE_EVP_SHA256 | 93 | |
80 | #define SHA2_HMAC_MODES \ | ||
81 | "hmac-sha2-256," \ | ||
82 | "hmac-sha2-512," | ||
83 | #else | ||
84 | # define SHA2_HMAC_MODES | ||
85 | #endif | ||
86 | #define KEX_DEFAULT_MAC \ | 94 | #define KEX_DEFAULT_MAC \ |
87 | "hmac-md5-etm@openssh.com," \ | 95 | "hmac-md5-etm@openssh.com," \ |
88 | "hmac-sha1-etm@openssh.com," \ | 96 | "hmac-sha1-etm@openssh.com," \ |
diff --git a/openbsd-compat/Makefile.in b/openbsd-compat/Makefile.in index e1c3651e8..365cf006d 100644 --- a/openbsd-compat/Makefile.in +++ b/openbsd-compat/Makefile.in | |||
@@ -1,4 +1,4 @@ | |||
1 | # $Id: Makefile.in,v 1.50 2013/02/15 01:13:02 dtucker Exp $ | 1 | # $Id: Makefile.in,v 1.51 2013/05/10 06:28:56 dtucker Exp $ |
2 | 2 | ||
3 | sysconfdir=@sysconfdir@ | 3 | sysconfdir=@sysconfdir@ |
4 | piddir=@piddir@ | 4 | piddir=@piddir@ |
@@ -16,7 +16,7 @@ RANLIB=@RANLIB@ | |||
16 | INSTALL=@INSTALL@ | 16 | INSTALL=@INSTALL@ |
17 | LDFLAGS=-L. @LDFLAGS@ | 17 | LDFLAGS=-L. @LDFLAGS@ |
18 | 18 | ||
19 | OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o fmt_scaled.o getcwd.o getgrouplist.o getopt.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o pwcache.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sha2.o sigact.o strlcat.o strlcpy.o strmode.o strnlen.o strptime.o strsep.o strtonum.o strtoll.o strtoul.o strtoull.o timingsafe_bcmp.o vis.o | 19 | OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o fmt_scaled.o getcwd.o getgrouplist.o getopt_long.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o pwcache.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sha2.o sigact.o strlcat.o strlcpy.o strmode.o strnlen.o strptime.o strsep.o strtonum.o strtoll.o strtoul.o strtoull.o timingsafe_bcmp.o vis.o |
20 | 20 | ||
21 | COMPAT=bsd-arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o getrrsetbyname-ldns.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-setres_id.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o | 21 | COMPAT=bsd-arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o getrrsetbyname-ldns.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-setres_id.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o |
22 | 22 | ||
diff --git a/openbsd-compat/bsd-cygwin_util.c b/openbsd-compat/bsd-cygwin_util.c index d3d2d913a..267e77a11 100644 --- a/openbsd-compat/bsd-cygwin_util.c +++ b/openbsd-compat/bsd-cygwin_util.c | |||
@@ -97,7 +97,7 @@ fetch_windows_environment(void) | |||
97 | void | 97 | void |
98 | free_windows_environment(char **p) | 98 | free_windows_environment(char **p) |
99 | { | 99 | { |
100 | xfree(p); | 100 | free(p); |
101 | } | 101 | } |
102 | 102 | ||
103 | #endif /* HAVE_CYGWIN */ | 103 | #endif /* HAVE_CYGWIN */ |
diff --git a/openbsd-compat/bsd-cygwin_util.h b/openbsd-compat/bsd-cygwin_util.h index 6061a6b01..372e41955 100644 --- a/openbsd-compat/bsd-cygwin_util.h +++ b/openbsd-compat/bsd-cygwin_util.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $Id: bsd-cygwin_util.h,v 1.15.4.1 2013/04/04 23:53:31 dtucker Exp $ */ | 1 | /* $Id: bsd-cygwin_util.h,v 1.16 2013/04/01 01:40:49 dtucker Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2000, 2001, 2011, 2013 Corinna Vinschen <vinschen@redhat.com> | 4 | * Copyright (c) 2000, 2001, 2011, 2013 Corinna Vinschen <vinschen@redhat.com> |
diff --git a/openbsd-compat/bsd-misc.h b/openbsd-compat/bsd-misc.h index 430066376..65c18ec2f 100644 --- a/openbsd-compat/bsd-misc.h +++ b/openbsd-compat/bsd-misc.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $Id: bsd-misc.h,v 1.23 2013/03/14 23:34:27 djm Exp $ */ | 1 | /* $Id: bsd-misc.h,v 1.25 2013/08/04 11:48:41 dtucker Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 1999-2004 Damien Miller <djm@mindrot.org> | 4 | * Copyright (c) 1999-2004 Damien Miller <djm@mindrot.org> |
@@ -110,4 +110,16 @@ int isblank(int); | |||
110 | pid_t getpgid(pid_t); | 110 | pid_t getpgid(pid_t); |
111 | #endif | 111 | #endif |
112 | 112 | ||
113 | #ifndef HAVE_ENDGRENT | ||
114 | # define endgrent() {} | ||
115 | #endif | ||
116 | |||
117 | #ifndef HAVE_KRB5_GET_ERROR_MESSAGE | ||
118 | # define krb5_get_error_message krb5_get_err_text | ||
119 | #endif | ||
120 | |||
121 | #ifndef HAVE_KRB5_FREE_ERROR_MESSAGE | ||
122 | # define krb5_free_error_message(a,b) while(0) | ||
123 | #endif | ||
124 | |||
113 | #endif /* _BSD_MISC_H */ | 125 | #endif /* _BSD_MISC_H */ |
diff --git a/openbsd-compat/getopt.c b/openbsd-compat/getopt.c deleted file mode 100644 index 5450e43d9..000000000 --- a/openbsd-compat/getopt.c +++ /dev/null | |||
@@ -1,123 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (c) 1987, 1993, 1994 | ||
3 | * The Regents of the University of California. All rights reserved. | ||
4 | * | ||
5 | * Redistribution and use in source and binary forms, with or without | ||
6 | * modification, are permitted provided that the following conditions | ||
7 | * are met: | ||
8 | * 1. Redistributions of source code must retain the above copyright | ||
9 | * notice, this list of conditions and the following disclaimer. | ||
10 | * 2. Redistributions in binary form must reproduce the above copyright | ||
11 | * notice, this list of conditions and the following disclaimer in the | ||
12 | * documentation and/or other materials provided with the distribution. | ||
13 | * 3. Neither the name of the University nor the names of its contributors | ||
14 | * may be used to endorse or promote products derived from this software | ||
15 | * without specific prior written permission. | ||
16 | * | ||
17 | * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND | ||
18 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
19 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
20 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE | ||
21 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
22 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
23 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
24 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
25 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
26 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
27 | * SUCH DAMAGE. | ||
28 | */ | ||
29 | |||
30 | /* OPENBSD ORIGINAL: lib/libc/stdlib/getopt.c */ | ||
31 | |||
32 | #include "includes.h" | ||
33 | #if !defined(HAVE_GETOPT) || !defined(HAVE_GETOPT_OPTRESET) | ||
34 | |||
35 | #if defined(LIBC_SCCS) && !defined(lint) | ||
36 | static char *rcsid = "$OpenBSD: getopt.c,v 1.5 2003/06/02 20:18:37 millert Exp $"; | ||
37 | #endif /* LIBC_SCCS and not lint */ | ||
38 | |||
39 | #include <stdio.h> | ||
40 | #include <stdlib.h> | ||
41 | #include <string.h> | ||
42 | |||
43 | int BSDopterr = 1, /* if error message should be printed */ | ||
44 | BSDoptind = 1, /* index into parent argv vector */ | ||
45 | BSDoptopt, /* character checked for validity */ | ||
46 | BSDoptreset; /* reset getopt */ | ||
47 | char *BSDoptarg; /* argument associated with option */ | ||
48 | |||
49 | #define BADCH (int)'?' | ||
50 | #define BADARG (int)':' | ||
51 | #define EMSG "" | ||
52 | |||
53 | /* | ||
54 | * getopt -- | ||
55 | * Parse argc/argv argument vector. | ||
56 | */ | ||
57 | int | ||
58 | BSDgetopt(nargc, nargv, ostr) | ||
59 | int nargc; | ||
60 | char * const *nargv; | ||
61 | const char *ostr; | ||
62 | { | ||
63 | extern char *__progname; | ||
64 | static char *place = EMSG; /* option letter processing */ | ||
65 | char *oli; /* option letter list index */ | ||
66 | |||
67 | if (ostr == NULL) | ||
68 | return (-1); | ||
69 | |||
70 | if (BSDoptreset || !*place) { /* update scanning pointer */ | ||
71 | BSDoptreset = 0; | ||
72 | if (BSDoptind >= nargc || *(place = nargv[BSDoptind]) != '-') { | ||
73 | place = EMSG; | ||
74 | return (-1); | ||
75 | } | ||
76 | if (place[1] && *++place == '-') { /* found "--" */ | ||
77 | ++BSDoptind; | ||
78 | place = EMSG; | ||
79 | return (-1); | ||
80 | } | ||
81 | } /* option letter okay? */ | ||
82 | if ((BSDoptopt = (int)*place++) == (int)':' || | ||
83 | !(oli = strchr(ostr, BSDoptopt))) { | ||
84 | /* | ||
85 | * if the user didn't specify '-' as an option, | ||
86 | * assume it means -1. | ||
87 | */ | ||
88 | if (BSDoptopt == (int)'-') | ||
89 | return (-1); | ||
90 | if (!*place) | ||
91 | ++BSDoptind; | ||
92 | if (BSDopterr && *ostr != ':') | ||
93 | (void)fprintf(stderr, | ||
94 | "%s: illegal option -- %c\n", __progname, BSDoptopt); | ||
95 | return (BADCH); | ||
96 | } | ||
97 | if (*++oli != ':') { /* don't need argument */ | ||
98 | BSDoptarg = NULL; | ||
99 | if (!*place) | ||
100 | ++BSDoptind; | ||
101 | } | ||
102 | else { /* need an argument */ | ||
103 | if (*place) /* no white space */ | ||
104 | BSDoptarg = place; | ||
105 | else if (nargc <= ++BSDoptind) { /* no arg */ | ||
106 | place = EMSG; | ||
107 | if (*ostr == ':') | ||
108 | return (BADARG); | ||
109 | if (BSDopterr) | ||
110 | (void)fprintf(stderr, | ||
111 | "%s: option requires an argument -- %c\n", | ||
112 | __progname, BSDoptopt); | ||
113 | return (BADCH); | ||
114 | } | ||
115 | else /* white space */ | ||
116 | BSDoptarg = nargv[BSDoptind]; | ||
117 | place = EMSG; | ||
118 | ++BSDoptind; | ||
119 | } | ||
120 | return (BSDoptopt); /* dump back option letter */ | ||
121 | } | ||
122 | |||
123 | #endif /* !defined(HAVE_GETOPT) || !defined(HAVE_OPTRESET) */ | ||
diff --git a/openbsd-compat/getopt.h b/openbsd-compat/getopt.h new file mode 100644 index 000000000..8eb12447e --- /dev/null +++ b/openbsd-compat/getopt.h | |||
@@ -0,0 +1,74 @@ | |||
1 | /* $OpenBSD: getopt.h,v 1.2 2008/06/26 05:42:04 ray Exp $ */ | ||
2 | /* $NetBSD: getopt.h,v 1.4 2000/07/07 10:43:54 ad Exp $ */ | ||
3 | |||
4 | /*- | ||
5 | * Copyright (c) 2000 The NetBSD Foundation, Inc. | ||
6 | * All rights reserved. | ||
7 | * | ||
8 | * This code is derived from software contributed to The NetBSD Foundation | ||
9 | * by Dieter Baron and Thomas Klausner. | ||
10 | * | ||
11 | * Redistribution and use in source and binary forms, with or without | ||
12 | * modification, are permitted provided that the following conditions | ||
13 | * are met: | ||
14 | * 1. Redistributions of source code must retain the above copyright | ||
15 | * notice, this list of conditions and the following disclaimer. | ||
16 | * 2. Redistributions in binary form must reproduce the above copyright | ||
17 | * notice, this list of conditions and the following disclaimer in the | ||
18 | * documentation and/or other materials provided with the distribution. | ||
19 | * | ||
20 | * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS | ||
21 | * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED | ||
22 | * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
23 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS | ||
24 | * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR | ||
25 | * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF | ||
26 | * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS | ||
27 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN | ||
28 | * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
29 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE | ||
30 | * POSSIBILITY OF SUCH DAMAGE. | ||
31 | */ | ||
32 | |||
33 | #ifndef _GETOPT_H_ | ||
34 | #define _GETOPT_H_ | ||
35 | |||
36 | /* | ||
37 | * GNU-like getopt_long() and 4.4BSD getsubopt()/optreset extensions | ||
38 | */ | ||
39 | #define no_argument 0 | ||
40 | #define required_argument 1 | ||
41 | #define optional_argument 2 | ||
42 | |||
43 | struct option { | ||
44 | /* name of long option */ | ||
45 | const char *name; | ||
46 | /* | ||
47 | * one of no_argument, required_argument, and optional_argument: | ||
48 | * whether option takes an argument | ||
49 | */ | ||
50 | int has_arg; | ||
51 | /* if not NULL, set *flag to val when option found */ | ||
52 | int *flag; | ||
53 | /* if flag not NULL, value to set *flag to; else return value */ | ||
54 | int val; | ||
55 | }; | ||
56 | |||
57 | int getopt_long(int, char * const *, const char *, | ||
58 | const struct option *, int *); | ||
59 | int getopt_long_only(int, char * const *, const char *, | ||
60 | const struct option *, int *); | ||
61 | #ifndef _GETOPT_DEFINED_ | ||
62 | #define _GETOPT_DEFINED_ | ||
63 | int getopt(int, char * const *, const char *); | ||
64 | int getsubopt(char **, char * const *, char **); | ||
65 | |||
66 | extern char *optarg; /* getopt(3) external variables */ | ||
67 | extern int opterr; | ||
68 | extern int optind; | ||
69 | extern int optopt; | ||
70 | extern int optreset; | ||
71 | extern char *suboptarg; /* getsubopt(3) external variable */ | ||
72 | #endif | ||
73 | |||
74 | #endif /* !_GETOPT_H_ */ | ||
diff --git a/openbsd-compat/getopt_long.c b/openbsd-compat/getopt_long.c new file mode 100644 index 000000000..e28947430 --- /dev/null +++ b/openbsd-compat/getopt_long.c | |||
@@ -0,0 +1,532 @@ | |||
1 | /* $OpenBSD: getopt_long.c,v 1.25 2011/03/05 22:10:11 guenther Exp $ */ | ||
2 | /* $NetBSD: getopt_long.c,v 1.15 2002/01/31 22:43:40 tv Exp $ */ | ||
3 | |||
4 | /* | ||
5 | * Copyright (c) 2002 Todd C. Miller <Todd.Miller@courtesan.com> | ||
6 | * | ||
7 | * Permission to use, copy, modify, and distribute this software for any | ||
8 | * purpose with or without fee is hereby granted, provided that the above | ||
9 | * copyright notice and this permission notice appear in all copies. | ||
10 | * | ||
11 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES | ||
12 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF | ||
13 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR | ||
14 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES | ||
15 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN | ||
16 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF | ||
17 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | ||
18 | * | ||
19 | * Sponsored in part by the Defense Advanced Research Projects | ||
20 | * Agency (DARPA) and Air Force Research Laboratory, Air Force | ||
21 | * Materiel Command, USAF, under agreement number F39502-99-1-0512. | ||
22 | */ | ||
23 | /*- | ||
24 | * Copyright (c) 2000 The NetBSD Foundation, Inc. | ||
25 | * All rights reserved. | ||
26 | * | ||
27 | * This code is derived from software contributed to The NetBSD Foundation | ||
28 | * by Dieter Baron and Thomas Klausner. | ||
29 | * | ||
30 | * Redistribution and use in source and binary forms, with or without | ||
31 | * modification, are permitted provided that the following conditions | ||
32 | * are met: | ||
33 | * 1. Redistributions of source code must retain the above copyright | ||
34 | * notice, this list of conditions and the following disclaimer. | ||
35 | * 2. Redistributions in binary form must reproduce the above copyright | ||
36 | * notice, this list of conditions and the following disclaimer in the | ||
37 | * documentation and/or other materials provided with the distribution. | ||
38 | * | ||
39 | * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS | ||
40 | * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED | ||
41 | * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
42 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS | ||
43 | * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR | ||
44 | * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF | ||
45 | * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS | ||
46 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN | ||
47 | * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
48 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE | ||
49 | * POSSIBILITY OF SUCH DAMAGE. | ||
50 | */ | ||
51 | |||
52 | /* OPENBSD ORIGINAL: lib/libc/stdlib/getopt_long.c */ | ||
53 | #include "includes.h" | ||
54 | |||
55 | #if !defined(HAVE_GETOPT) || !defined(HAVE_GETOPT_OPTRESET) | ||
56 | |||
57 | /* | ||
58 | * Some defines to make it easier to keep the code in sync with upstream. | ||
59 | * getopt opterr optind optopt optreset optarg are all in defines.h which is | ||
60 | * pulled in by includes.h. | ||
61 | */ | ||
62 | #define warnx logit | ||
63 | |||
64 | #if 0 | ||
65 | #include <err.h> | ||
66 | #include <getopt.h> | ||
67 | #endif | ||
68 | #include <errno.h> | ||
69 | #include <stdlib.h> | ||
70 | #include <string.h> | ||
71 | #include <stdarg.h> | ||
72 | |||
73 | #include "log.h" | ||
74 | |||
75 | int opterr = 1; /* if error message should be printed */ | ||
76 | int optind = 1; /* index into parent argv vector */ | ||
77 | int optopt = '?'; /* character checked for validity */ | ||
78 | int optreset; /* reset getopt */ | ||
79 | char *optarg; /* argument associated with option */ | ||
80 | |||
81 | #define PRINT_ERROR ((opterr) && (*options != ':')) | ||
82 | |||
83 | #define FLAG_PERMUTE 0x01 /* permute non-options to the end of argv */ | ||
84 | #define FLAG_ALLARGS 0x02 /* treat non-options as args to option "-1" */ | ||
85 | #define FLAG_LONGONLY 0x04 /* operate as getopt_long_only */ | ||
86 | |||
87 | /* return values */ | ||
88 | #define BADCH (int)'?' | ||
89 | #define BADARG ((*options == ':') ? (int)':' : (int)'?') | ||
90 | #define INORDER (int)1 | ||
91 | |||
92 | #define EMSG "" | ||
93 | |||
94 | static int getopt_internal(int, char * const *, const char *, | ||
95 | const struct option *, int *, int); | ||
96 | static int parse_long_options(char * const *, const char *, | ||
97 | const struct option *, int *, int); | ||
98 | static int gcd(int, int); | ||
99 | static void permute_args(int, int, int, char * const *); | ||
100 | |||
101 | static char *place = EMSG; /* option letter processing */ | ||
102 | |||
103 | /* XXX: set optreset to 1 rather than these two */ | ||
104 | static int nonopt_start = -1; /* first non option argument (for permute) */ | ||
105 | static int nonopt_end = -1; /* first option after non options (for permute) */ | ||
106 | |||
107 | /* Error messages */ | ||
108 | static const char recargchar[] = "option requires an argument -- %c"; | ||
109 | static const char recargstring[] = "option requires an argument -- %s"; | ||
110 | static const char ambig[] = "ambiguous option -- %.*s"; | ||
111 | static const char noarg[] = "option doesn't take an argument -- %.*s"; | ||
112 | static const char illoptchar[] = "unknown option -- %c"; | ||
113 | static const char illoptstring[] = "unknown option -- %s"; | ||
114 | |||
115 | /* | ||
116 | * Compute the greatest common divisor of a and b. | ||
117 | */ | ||
118 | static int | ||
119 | gcd(int a, int b) | ||
120 | { | ||
121 | int c; | ||
122 | |||
123 | c = a % b; | ||
124 | while (c != 0) { | ||
125 | a = b; | ||
126 | b = c; | ||
127 | c = a % b; | ||
128 | } | ||
129 | |||
130 | return (b); | ||
131 | } | ||
132 | |||
133 | /* | ||
134 | * Exchange the block from nonopt_start to nonopt_end with the block | ||
135 | * from nonopt_end to opt_end (keeping the same order of arguments | ||
136 | * in each block). | ||
137 | */ | ||
138 | static void | ||
139 | permute_args(int panonopt_start, int panonopt_end, int opt_end, | ||
140 | char * const *nargv) | ||
141 | { | ||
142 | int cstart, cyclelen, i, j, ncycle, nnonopts, nopts, pos; | ||
143 | char *swap; | ||
144 | |||
145 | /* | ||
146 | * compute lengths of blocks and number and size of cycles | ||
147 | */ | ||
148 | nnonopts = panonopt_end - panonopt_start; | ||
149 | nopts = opt_end - panonopt_end; | ||
150 | ncycle = gcd(nnonopts, nopts); | ||
151 | cyclelen = (opt_end - panonopt_start) / ncycle; | ||
152 | |||
153 | for (i = 0; i < ncycle; i++) { | ||
154 | cstart = panonopt_end+i; | ||
155 | pos = cstart; | ||
156 | for (j = 0; j < cyclelen; j++) { | ||
157 | if (pos >= panonopt_end) | ||
158 | pos -= nnonopts; | ||
159 | else | ||
160 | pos += nopts; | ||
161 | swap = nargv[pos]; | ||
162 | /* LINTED const cast */ | ||
163 | ((char **) nargv)[pos] = nargv[cstart]; | ||
164 | /* LINTED const cast */ | ||
165 | ((char **)nargv)[cstart] = swap; | ||
166 | } | ||
167 | } | ||
168 | } | ||
169 | |||
170 | /* | ||
171 | * parse_long_options -- | ||
172 | * Parse long options in argc/argv argument vector. | ||
173 | * Returns -1 if short_too is set and the option does not match long_options. | ||
174 | */ | ||
175 | static int | ||
176 | parse_long_options(char * const *nargv, const char *options, | ||
177 | const struct option *long_options, int *idx, int short_too) | ||
178 | { | ||
179 | char *current_argv, *has_equal; | ||
180 | size_t current_argv_len; | ||
181 | int i, match; | ||
182 | |||
183 | current_argv = place; | ||
184 | match = -1; | ||
185 | |||
186 | optind++; | ||
187 | |||
188 | if ((has_equal = strchr(current_argv, '=')) != NULL) { | ||
189 | /* argument found (--option=arg) */ | ||
190 | current_argv_len = has_equal - current_argv; | ||
191 | has_equal++; | ||
192 | } else | ||
193 | current_argv_len = strlen(current_argv); | ||
194 | |||
195 | for (i = 0; long_options[i].name; i++) { | ||
196 | /* find matching long option */ | ||
197 | if (strncmp(current_argv, long_options[i].name, | ||
198 | current_argv_len)) | ||
199 | continue; | ||
200 | |||
201 | if (strlen(long_options[i].name) == current_argv_len) { | ||
202 | /* exact match */ | ||
203 | match = i; | ||
204 | break; | ||
205 | } | ||
206 | /* | ||
207 | * If this is a known short option, don't allow | ||
208 | * a partial match of a single character. | ||
209 | */ | ||
210 | if (short_too && current_argv_len == 1) | ||
211 | continue; | ||
212 | |||
213 | if (match == -1) /* partial match */ | ||
214 | match = i; | ||
215 | else { | ||
216 | /* ambiguous abbreviation */ | ||
217 | if (PRINT_ERROR) | ||
218 | warnx(ambig, (int)current_argv_len, | ||
219 | current_argv); | ||
220 | optopt = 0; | ||
221 | return (BADCH); | ||
222 | } | ||
223 | } | ||
224 | if (match != -1) { /* option found */ | ||
225 | if (long_options[match].has_arg == no_argument | ||
226 | && has_equal) { | ||
227 | if (PRINT_ERROR) | ||
228 | warnx(noarg, (int)current_argv_len, | ||
229 | current_argv); | ||
230 | /* | ||
231 | * XXX: GNU sets optopt to val regardless of flag | ||
232 | */ | ||
233 | if (long_options[match].flag == NULL) | ||
234 | optopt = long_options[match].val; | ||
235 | else | ||
236 | optopt = 0; | ||
237 | return (BADARG); | ||
238 | } | ||
239 | if (long_options[match].has_arg == required_argument || | ||
240 | long_options[match].has_arg == optional_argument) { | ||
241 | if (has_equal) | ||
242 | optarg = has_equal; | ||
243 | else if (long_options[match].has_arg == | ||
244 | required_argument) { | ||
245 | /* | ||
246 | * optional argument doesn't use next nargv | ||
247 | */ | ||
248 | optarg = nargv[optind++]; | ||
249 | } | ||
250 | } | ||
251 | if ((long_options[match].has_arg == required_argument) | ||
252 | && (optarg == NULL)) { | ||
253 | /* | ||
254 | * Missing argument; leading ':' indicates no error | ||
255 | * should be generated. | ||
256 | */ | ||
257 | if (PRINT_ERROR) | ||
258 | warnx(recargstring, | ||
259 | current_argv); | ||
260 | /* | ||
261 | * XXX: GNU sets optopt to val regardless of flag | ||
262 | */ | ||
263 | if (long_options[match].flag == NULL) | ||
264 | optopt = long_options[match].val; | ||
265 | else | ||
266 | optopt = 0; | ||
267 | --optind; | ||
268 | return (BADARG); | ||
269 | } | ||
270 | } else { /* unknown option */ | ||
271 | if (short_too) { | ||
272 | --optind; | ||
273 | return (-1); | ||
274 | } | ||
275 | if (PRINT_ERROR) | ||
276 | warnx(illoptstring, current_argv); | ||
277 | optopt = 0; | ||
278 | return (BADCH); | ||
279 | } | ||
280 | if (idx) | ||
281 | *idx = match; | ||
282 | if (long_options[match].flag) { | ||
283 | *long_options[match].flag = long_options[match].val; | ||
284 | return (0); | ||
285 | } else | ||
286 | return (long_options[match].val); | ||
287 | } | ||
288 | |||
289 | /* | ||
290 | * getopt_internal -- | ||
291 | * Parse argc/argv argument vector. Called by user level routines. | ||
292 | */ | ||
293 | static int | ||
294 | getopt_internal(int nargc, char * const *nargv, const char *options, | ||
295 | const struct option *long_options, int *idx, int flags) | ||
296 | { | ||
297 | char *oli; /* option letter list index */ | ||
298 | int optchar, short_too; | ||
299 | static int posixly_correct = -1; | ||
300 | |||
301 | if (options == NULL) | ||
302 | return (-1); | ||
303 | |||
304 | /* | ||
305 | * XXX Some GNU programs (like cvs) set optind to 0 instead of | ||
306 | * XXX using optreset. Work around this braindamage. | ||
307 | */ | ||
308 | if (optind == 0) | ||
309 | optind = optreset = 1; | ||
310 | |||
311 | /* | ||
312 | * Disable GNU extensions if POSIXLY_CORRECT is set or options | ||
313 | * string begins with a '+'. | ||
314 | */ | ||
315 | if (posixly_correct == -1 || optreset) | ||
316 | posixly_correct = (getenv("POSIXLY_CORRECT") != NULL); | ||
317 | if (*options == '-') | ||
318 | flags |= FLAG_ALLARGS; | ||
319 | else if (posixly_correct || *options == '+') | ||
320 | flags &= ~FLAG_PERMUTE; | ||
321 | if (*options == '+' || *options == '-') | ||
322 | options++; | ||
323 | |||
324 | optarg = NULL; | ||
325 | if (optreset) | ||
326 | nonopt_start = nonopt_end = -1; | ||
327 | start: | ||
328 | if (optreset || !*place) { /* update scanning pointer */ | ||
329 | optreset = 0; | ||
330 | if (optind >= nargc) { /* end of argument vector */ | ||
331 | place = EMSG; | ||
332 | if (nonopt_end != -1) { | ||
333 | /* do permutation, if we have to */ | ||
334 | permute_args(nonopt_start, nonopt_end, | ||
335 | optind, nargv); | ||
336 | optind -= nonopt_end - nonopt_start; | ||
337 | } | ||
338 | else if (nonopt_start != -1) { | ||
339 | /* | ||
340 | * If we skipped non-options, set optind | ||
341 | * to the first of them. | ||
342 | */ | ||
343 | optind = nonopt_start; | ||
344 | } | ||
345 | nonopt_start = nonopt_end = -1; | ||
346 | return (-1); | ||
347 | } | ||
348 | if (*(place = nargv[optind]) != '-' || | ||
349 | (place[1] == '\0' && strchr(options, '-') == NULL)) { | ||
350 | place = EMSG; /* found non-option */ | ||
351 | if (flags & FLAG_ALLARGS) { | ||
352 | /* | ||
353 | * GNU extension: | ||
354 | * return non-option as argument to option 1 | ||
355 | */ | ||
356 | optarg = nargv[optind++]; | ||
357 | return (INORDER); | ||
358 | } | ||
359 | if (!(flags & FLAG_PERMUTE)) { | ||
360 | /* | ||
361 | * If no permutation wanted, stop parsing | ||
362 | * at first non-option. | ||
363 | */ | ||
364 | return (-1); | ||
365 | } | ||
366 | /* do permutation */ | ||
367 | if (nonopt_start == -1) | ||
368 | nonopt_start = optind; | ||
369 | else if (nonopt_end != -1) { | ||
370 | permute_args(nonopt_start, nonopt_end, | ||
371 | optind, nargv); | ||
372 | nonopt_start = optind - | ||
373 | (nonopt_end - nonopt_start); | ||
374 | nonopt_end = -1; | ||
375 | } | ||
376 | optind++; | ||
377 | /* process next argument */ | ||
378 | goto start; | ||
379 | } | ||
380 | if (nonopt_start != -1 && nonopt_end == -1) | ||
381 | nonopt_end = optind; | ||
382 | |||
383 | /* | ||
384 | * If we have "-" do nothing, if "--" we are done. | ||
385 | */ | ||
386 | if (place[1] != '\0' && *++place == '-' && place[1] == '\0') { | ||
387 | optind++; | ||
388 | place = EMSG; | ||
389 | /* | ||
390 | * We found an option (--), so if we skipped | ||
391 | * non-options, we have to permute. | ||
392 | */ | ||
393 | if (nonopt_end != -1) { | ||
394 | permute_args(nonopt_start, nonopt_end, | ||
395 | optind, nargv); | ||
396 | optind -= nonopt_end - nonopt_start; | ||
397 | } | ||
398 | nonopt_start = nonopt_end = -1; | ||
399 | return (-1); | ||
400 | } | ||
401 | } | ||
402 | |||
403 | /* | ||
404 | * Check long options if: | ||
405 | * 1) we were passed some | ||
406 | * 2) the arg is not just "-" | ||
407 | * 3) either the arg starts with -- we are getopt_long_only() | ||
408 | */ | ||
409 | if (long_options != NULL && place != nargv[optind] && | ||
410 | (*place == '-' || (flags & FLAG_LONGONLY))) { | ||
411 | short_too = 0; | ||
412 | if (*place == '-') | ||
413 | place++; /* --foo long option */ | ||
414 | else if (*place != ':' && strchr(options, *place) != NULL) | ||
415 | short_too = 1; /* could be short option too */ | ||
416 | |||
417 | optchar = parse_long_options(nargv, options, long_options, | ||
418 | idx, short_too); | ||
419 | if (optchar != -1) { | ||
420 | place = EMSG; | ||
421 | return (optchar); | ||
422 | } | ||
423 | } | ||
424 | |||
425 | if ((optchar = (int)*place++) == (int)':' || | ||
426 | (optchar == (int)'-' && *place != '\0') || | ||
427 | (oli = strchr(options, optchar)) == NULL) { | ||
428 | /* | ||
429 | * If the user specified "-" and '-' isn't listed in | ||
430 | * options, return -1 (non-option) as per POSIX. | ||
431 | * Otherwise, it is an unknown option character (or ':'). | ||
432 | */ | ||
433 | if (optchar == (int)'-' && *place == '\0') | ||
434 | return (-1); | ||
435 | if (!*place) | ||
436 | ++optind; | ||
437 | if (PRINT_ERROR) | ||
438 | warnx(illoptchar, optchar); | ||
439 | optopt = optchar; | ||
440 | return (BADCH); | ||
441 | } | ||
442 | if (long_options != NULL && optchar == 'W' && oli[1] == ';') { | ||
443 | /* -W long-option */ | ||
444 | if (*place) /* no space */ | ||
445 | /* NOTHING */; | ||
446 | else if (++optind >= nargc) { /* no arg */ | ||
447 | place = EMSG; | ||
448 | if (PRINT_ERROR) | ||
449 | warnx(recargchar, optchar); | ||
450 | optopt = optchar; | ||
451 | return (BADARG); | ||
452 | } else /* white space */ | ||
453 | place = nargv[optind]; | ||
454 | optchar = parse_long_options(nargv, options, long_options, | ||
455 | idx, 0); | ||
456 | place = EMSG; | ||
457 | return (optchar); | ||
458 | } | ||
459 | if (*++oli != ':') { /* doesn't take argument */ | ||
460 | if (!*place) | ||
461 | ++optind; | ||
462 | } else { /* takes (optional) argument */ | ||
463 | optarg = NULL; | ||
464 | if (*place) /* no white space */ | ||
465 | optarg = place; | ||
466 | else if (oli[1] != ':') { /* arg not optional */ | ||
467 | if (++optind >= nargc) { /* no arg */ | ||
468 | place = EMSG; | ||
469 | if (PRINT_ERROR) | ||
470 | warnx(recargchar, optchar); | ||
471 | optopt = optchar; | ||
472 | return (BADARG); | ||
473 | } else | ||
474 | optarg = nargv[optind]; | ||
475 | } | ||
476 | place = EMSG; | ||
477 | ++optind; | ||
478 | } | ||
479 | /* dump back option letter */ | ||
480 | return (optchar); | ||
481 | } | ||
482 | |||
483 | /* | ||
484 | * getopt -- | ||
485 | * Parse argc/argv argument vector. | ||
486 | * | ||
487 | * [eventually this will replace the BSD getopt] | ||
488 | */ | ||
489 | int | ||
490 | getopt(int nargc, char * const *nargv, const char *options) | ||
491 | { | ||
492 | |||
493 | /* | ||
494 | * We don't pass FLAG_PERMUTE to getopt_internal() since | ||
495 | * the BSD getopt(3) (unlike GNU) has never done this. | ||
496 | * | ||
497 | * Furthermore, since many privileged programs call getopt() | ||
498 | * before dropping privileges it makes sense to keep things | ||
499 | * as simple (and bug-free) as possible. | ||
500 | */ | ||
501 | return (getopt_internal(nargc, nargv, options, NULL, NULL, 0)); | ||
502 | } | ||
503 | |||
504 | #if 0 | ||
505 | /* | ||
506 | * getopt_long -- | ||
507 | * Parse argc/argv argument vector. | ||
508 | */ | ||
509 | int | ||
510 | getopt_long(int nargc, char * const *nargv, const char *options, | ||
511 | const struct option *long_options, int *idx) | ||
512 | { | ||
513 | |||
514 | return (getopt_internal(nargc, nargv, options, long_options, idx, | ||
515 | FLAG_PERMUTE)); | ||
516 | } | ||
517 | |||
518 | /* | ||
519 | * getopt_long_only -- | ||
520 | * Parse argc/argv argument vector. | ||
521 | */ | ||
522 | int | ||
523 | getopt_long_only(int nargc, char * const *nargv, const char *options, | ||
524 | const struct option *long_options, int *idx) | ||
525 | { | ||
526 | |||
527 | return (getopt_internal(nargc, nargv, options, long_options, idx, | ||
528 | FLAG_PERMUTE|FLAG_LONGONLY)); | ||
529 | } | ||
530 | #endif | ||
531 | |||
532 | #endif /* !defined(HAVE_GETOPT) || !defined(HAVE_OPTRESET) */ | ||
diff --git a/openbsd-compat/getrrsetbyname-ldns.c b/openbsd-compat/getrrsetbyname-ldns.c index 19666346b..343720f10 100644 --- a/openbsd-compat/getrrsetbyname-ldns.c +++ b/openbsd-compat/getrrsetbyname-ldns.c | |||
@@ -58,7 +58,6 @@ | |||
58 | 58 | ||
59 | #define malloc(x) (xmalloc(x)) | 59 | #define malloc(x) (xmalloc(x)) |
60 | #define calloc(x, y) (xcalloc((x),(y))) | 60 | #define calloc(x, y) (xcalloc((x),(y))) |
61 | #define free(x) (xfree(x)) | ||
62 | 61 | ||
63 | int | 62 | int |
64 | getrrsetbyname(const char *hostname, unsigned int rdclass, | 63 | getrrsetbyname(const char *hostname, unsigned int rdclass, |
diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h index a8c579f49..392fa38dc 100644 --- a/openbsd-compat/openbsd-compat.h +++ b/openbsd-compat/openbsd-compat.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $Id: openbsd-compat.h,v 1.55 2013/02/15 01:20:42 dtucker Exp $ */ | 1 | /* $Id: openbsd-compat.h,v 1.58 2013/06/05 22:30:21 dtucker Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 1999-2003 Damien Miller. All rights reserved. | 4 | * Copyright (c) 1999-2003 Damien Miller. All rights reserved. |
@@ -111,6 +111,10 @@ char *dirname(const char *path); | |||
111 | int fmt_scaled(long long number, char *result); | 111 | int fmt_scaled(long long number, char *result); |
112 | #endif | 112 | #endif |
113 | 113 | ||
114 | #ifndef HAVE_SCAN_SCALED | ||
115 | int scan_scaled(char *, long long *); | ||
116 | #endif | ||
117 | |||
114 | #if defined(BROKEN_INET_NTOA) || !defined(HAVE_INET_NTOA) | 118 | #if defined(BROKEN_INET_NTOA) || !defined(HAVE_INET_NTOA) |
115 | char *inet_ntoa(struct in_addr in); | 119 | char *inet_ntoa(struct in_addr in); |
116 | #endif | 120 | #endif |
@@ -139,6 +143,7 @@ int getgrouplist(const char *, gid_t, gid_t *, int *); | |||
139 | 143 | ||
140 | #if !defined(HAVE_GETOPT) || !defined(HAVE_GETOPT_OPTRESET) | 144 | #if !defined(HAVE_GETOPT) || !defined(HAVE_GETOPT_OPTRESET) |
141 | int BSDgetopt(int argc, char * const *argv, const char *opts); | 145 | int BSDgetopt(int argc, char * const *argv, const char *opts); |
146 | #include "openbsd-compat/getopt.h" | ||
142 | #endif | 147 | #endif |
143 | 148 | ||
144 | #if defined(HAVE_DECL_WRITEV) && HAVE_DECL_WRITEV == 0 | 149 | #if defined(HAVE_DECL_WRITEV) && HAVE_DECL_WRITEV == 0 |
@@ -202,6 +207,11 @@ unsigned long long strtoull(const char *, char **, int); | |||
202 | long long strtonum(const char *, long long, long long, const char **); | 207 | long long strtonum(const char *, long long, long long, const char **); |
203 | #endif | 208 | #endif |
204 | 209 | ||
210 | /* multibyte character support */ | ||
211 | #ifndef HAVE_MBLEN | ||
212 | # define mblen(x, y) 1 | ||
213 | #endif | ||
214 | |||
205 | #if !defined(HAVE_VASPRINTF) || !defined(HAVE_VSNPRINTF) | 215 | #if !defined(HAVE_VASPRINTF) || !defined(HAVE_VSNPRINTF) |
206 | # include <stdarg.h> | 216 | # include <stdarg.h> |
207 | #endif | 217 | #endif |
diff --git a/openbsd-compat/port-aix.c b/openbsd-compat/port-aix.c index 0bdefbf6d..8da367d48 100644 --- a/openbsd-compat/port-aix.c +++ b/openbsd-compat/port-aix.c | |||
@@ -86,7 +86,7 @@ aix_usrinfo(struct passwd *pw) | |||
86 | fatal("Couldn't set usrinfo: %s", strerror(errno)); | 86 | fatal("Couldn't set usrinfo: %s", strerror(errno)); |
87 | debug3("AIX/UsrInfo: set len %d", i); | 87 | debug3("AIX/UsrInfo: set len %d", i); |
88 | 88 | ||
89 | xfree(cp); | 89 | free(cp); |
90 | } | 90 | } |
91 | 91 | ||
92 | # ifdef WITH_AIXAUTHENTICATE | 92 | # ifdef WITH_AIXAUTHENTICATE |
@@ -215,16 +215,14 @@ sys_auth_passwd(Authctxt *ctxt, const char *password) | |||
215 | default: /* user can't change(2) or other error (-1) */ | 215 | default: /* user can't change(2) or other error (-1) */ |
216 | logit("Password can't be changed for user %s: %.100s", | 216 | logit("Password can't be changed for user %s: %.100s", |
217 | name, msg); | 217 | name, msg); |
218 | if (msg) | 218 | free(msg); |
219 | xfree(msg); | ||
220 | authsuccess = 0; | 219 | authsuccess = 0; |
221 | } | 220 | } |
222 | 221 | ||
223 | aix_restoreauthdb(); | 222 | aix_restoreauthdb(); |
224 | } | 223 | } |
225 | 224 | ||
226 | if (authmsg != NULL) | 225 | free(authmsg); |
227 | xfree(authmsg); | ||
228 | 226 | ||
229 | return authsuccess; | 227 | return authsuccess; |
230 | } | 228 | } |
@@ -269,7 +267,7 @@ sys_auth_allowed_user(struct passwd *pw, Buffer *loginmsg) | |||
269 | 267 | ||
270 | if (!permitted) | 268 | if (!permitted) |
271 | logit("Login restricted for %s: %.100s", pw->pw_name, msg); | 269 | logit("Login restricted for %s: %.100s", pw->pw_name, msg); |
272 | xfree(msg); | 270 | free(msg); |
273 | return permitted; | 271 | return permitted; |
274 | } | 272 | } |
275 | 273 | ||
diff --git a/openbsd-compat/port-linux.c b/openbsd-compat/port-linux.c index 2b8a14a59..de6ad3fd7 100644 --- a/openbsd-compat/port-linux.c +++ b/openbsd-compat/port-linux.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $Id: port-linux.c,v 1.17 2012/03/08 23:25:18 djm Exp $ */ | 1 | /* $Id: port-linux.c,v 1.18 2013/06/01 22:07:32 dtucker Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2005 Daniel Walsh <dwalsh@redhat.com> | 4 | * Copyright (c) 2005 Daniel Walsh <dwalsh@redhat.com> |
@@ -109,10 +109,8 @@ ssh_selinux_getctxbyname(char *pwname, const char *role) | |||
109 | } | 109 | } |
110 | 110 | ||
111 | #ifdef HAVE_GETSEUSERBYNAME | 111 | #ifdef HAVE_GETSEUSERBYNAME |
112 | if (sename != NULL) | 112 | free(sename); |
113 | xfree(sename); | 113 | free(lvl); |
114 | if (lvl != NULL) | ||
115 | xfree(lvl); | ||
116 | #endif | 114 | #endif |
117 | 115 | ||
118 | return sc; | 116 | return sc; |
@@ -230,8 +228,8 @@ ssh_selinux_change_context(const char *newname) | |||
230 | if (setcon(newctx) < 0) | 228 | if (setcon(newctx) < 0) |
231 | switchlog("%s: setcon %s from %s failed with %s", __func__, | 229 | switchlog("%s: setcon %s from %s failed with %s", __func__, |
232 | newctx, oldctx, strerror(errno)); | 230 | newctx, oldctx, strerror(errno)); |
233 | xfree(oldctx); | 231 | free(oldctx); |
234 | xfree(newctx); | 232 | free(newctx); |
235 | } | 233 | } |
236 | 234 | ||
237 | void | 235 | void |
diff --git a/openbsd-compat/xcrypt.c b/openbsd-compat/xcrypt.c index 6291e2884..c8aea461d 100644 --- a/openbsd-compat/xcrypt.c +++ b/openbsd-compat/xcrypt.c | |||
@@ -55,7 +55,12 @@ | |||
55 | 55 | ||
56 | # if defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT) | 56 | # if defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT) |
57 | # include "md5crypt.h" | 57 | # include "md5crypt.h" |
58 | # endif | 58 | # endif |
59 | |||
60 | # if !defined(HAVE_CRYPT) && defined(HAVE_DES_CRYPT) | ||
61 | # include <openssl/des.h> | ||
62 | # define crypt DES_crypt | ||
63 | # endif | ||
59 | 64 | ||
60 | char * | 65 | char * |
61 | xcrypt(const char *password, const char *salt) | 66 | xcrypt(const char *password, const char *salt) |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: packet.c,v 1.182 2013/04/11 02:27:50 djm Exp $ */ | 1 | /* $OpenBSD: packet.c,v 1.188 2013/07/12 00:19:58 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -58,6 +58,7 @@ | |||
58 | #include <string.h> | 58 | #include <string.h> |
59 | #include <unistd.h> | 59 | #include <unistd.h> |
60 | #include <signal.h> | 60 | #include <signal.h> |
61 | #include <time.h> | ||
61 | 62 | ||
62 | #include "xmalloc.h" | 63 | #include "xmalloc.h" |
63 | #include "buffer.h" | 64 | #include "buffer.h" |
@@ -165,9 +166,14 @@ struct session_state { | |||
165 | Newkeys *newkeys[MODE_MAX]; | 166 | Newkeys *newkeys[MODE_MAX]; |
166 | struct packet_state p_read, p_send; | 167 | struct packet_state p_read, p_send; |
167 | 168 | ||
169 | /* Volume-based rekeying */ | ||
168 | u_int64_t max_blocks_in, max_blocks_out; | 170 | u_int64_t max_blocks_in, max_blocks_out; |
169 | u_int32_t rekey_limit; | 171 | u_int32_t rekey_limit; |
170 | 172 | ||
173 | /* Time-based rekeying */ | ||
174 | time_t rekey_interval; /* how often in seconds */ | ||
175 | time_t rekey_time; /* time of last rekeying */ | ||
176 | |||
171 | /* Session key for protocol v1 */ | 177 | /* Session key for protocol v1 */ |
172 | u_char ssh1_key[SSH_SESSION_KEY_LENGTH]; | 178 | u_char ssh1_key[SSH_SESSION_KEY_LENGTH]; |
173 | u_int ssh1_keylen; | 179 | u_int ssh1_keylen; |
@@ -215,7 +221,7 @@ alloc_session_state(void) | |||
215 | void | 221 | void |
216 | packet_set_connection(int fd_in, int fd_out) | 222 | packet_set_connection(int fd_in, int fd_out) |
217 | { | 223 | { |
218 | Cipher *none = cipher_by_name("none"); | 224 | const Cipher *none = cipher_by_name("none"); |
219 | 225 | ||
220 | if (none == NULL) | 226 | if (none == NULL) |
221 | fatal("packet_set_connection: cannot load cipher 'none'"); | 227 | fatal("packet_set_connection: cannot load cipher 'none'"); |
@@ -545,7 +551,7 @@ packet_start_compression(int level) | |||
545 | void | 551 | void |
546 | packet_set_encryption_key(const u_char *key, u_int keylen, int number) | 552 | packet_set_encryption_key(const u_char *key, u_int keylen, int number) |
547 | { | 553 | { |
548 | Cipher *cipher = cipher_by_number(number); | 554 | const Cipher *cipher = cipher_by_number(number); |
549 | 555 | ||
550 | if (cipher == NULL) | 556 | if (cipher == NULL) |
551 | fatal("packet_set_encryption_key: unknown cipher number %d", number); | 557 | fatal("packet_set_encryption_key: unknown cipher number %d", number); |
@@ -760,13 +766,13 @@ set_newkeys(int mode) | |||
760 | memset(enc->iv, 0, enc->iv_len); | 766 | memset(enc->iv, 0, enc->iv_len); |
761 | memset(enc->key, 0, enc->key_len); | 767 | memset(enc->key, 0, enc->key_len); |
762 | memset(mac->key, 0, mac->key_len); | 768 | memset(mac->key, 0, mac->key_len); |
763 | xfree(enc->name); | 769 | free(enc->name); |
764 | xfree(enc->iv); | 770 | free(enc->iv); |
765 | xfree(enc->key); | 771 | free(enc->key); |
766 | xfree(mac->name); | 772 | free(mac->name); |
767 | xfree(mac->key); | 773 | free(mac->key); |
768 | xfree(comp->name); | 774 | free(comp->name); |
769 | xfree(active_state->newkeys[mode]); | 775 | free(active_state->newkeys[mode]); |
770 | } | 776 | } |
771 | active_state->newkeys[mode] = kex_get_newkeys(mode); | 777 | active_state->newkeys[mode] = kex_get_newkeys(mode); |
772 | if (active_state->newkeys[mode] == NULL) | 778 | if (active_state->newkeys[mode] == NULL) |
@@ -1009,6 +1015,7 @@ packet_send2(void) | |||
1009 | /* after a NEWKEYS message we can send the complete queue */ | 1015 | /* after a NEWKEYS message we can send the complete queue */ |
1010 | if (type == SSH2_MSG_NEWKEYS) { | 1016 | if (type == SSH2_MSG_NEWKEYS) { |
1011 | active_state->rekeying = 0; | 1017 | active_state->rekeying = 0; |
1018 | active_state->rekey_time = monotime(); | ||
1012 | while ((p = TAILQ_FIRST(&active_state->outgoing))) { | 1019 | while ((p = TAILQ_FIRST(&active_state->outgoing))) { |
1013 | type = p->type; | 1020 | type = p->type; |
1014 | debug("dequeue packet: %u", type); | 1021 | debug("dequeue packet: %u", type); |
@@ -1016,7 +1023,7 @@ packet_send2(void) | |||
1016 | memcpy(&active_state->outgoing_packet, &p->payload, | 1023 | memcpy(&active_state->outgoing_packet, &p->payload, |
1017 | sizeof(Buffer)); | 1024 | sizeof(Buffer)); |
1018 | TAILQ_REMOVE(&active_state->outgoing, p, next); | 1025 | TAILQ_REMOVE(&active_state->outgoing, p, next); |
1019 | xfree(p); | 1026 | free(p); |
1020 | packet_send2_wrapped(); | 1027 | packet_send2_wrapped(); |
1021 | } | 1028 | } |
1022 | } | 1029 | } |
@@ -1041,7 +1048,7 @@ packet_send(void) | |||
1041 | int | 1048 | int |
1042 | packet_read_seqnr(u_int32_t *seqnr_p) | 1049 | packet_read_seqnr(u_int32_t *seqnr_p) |
1043 | { | 1050 | { |
1044 | int type, len, ret, ms_remain, cont; | 1051 | int type, len, ret, cont, ms_remain = 0; |
1045 | fd_set *setp; | 1052 | fd_set *setp; |
1046 | char buf[8192]; | 1053 | char buf[8192]; |
1047 | struct timeval timeout, start, *timeoutp = NULL; | 1054 | struct timeval timeout, start, *timeoutp = NULL; |
@@ -1066,7 +1073,7 @@ packet_read_seqnr(u_int32_t *seqnr_p) | |||
1066 | packet_check_eom(); | 1073 | packet_check_eom(); |
1067 | /* If we got a packet, return it. */ | 1074 | /* If we got a packet, return it. */ |
1068 | if (type != SSH_MSG_NONE) { | 1075 | if (type != SSH_MSG_NONE) { |
1069 | xfree(setp); | 1076 | free(setp); |
1070 | return type; | 1077 | return type; |
1071 | } | 1078 | } |
1072 | /* | 1079 | /* |
@@ -1453,9 +1460,9 @@ packet_read_poll_seqnr(u_int32_t *seqnr_p) | |||
1453 | packet_get_char(); | 1460 | packet_get_char(); |
1454 | msg = packet_get_string(NULL); | 1461 | msg = packet_get_string(NULL); |
1455 | debug("Remote: %.900s", msg); | 1462 | debug("Remote: %.900s", msg); |
1456 | xfree(msg); | 1463 | free(msg); |
1457 | msg = packet_get_string(NULL); | 1464 | msg = packet_get_string(NULL); |
1458 | xfree(msg); | 1465 | free(msg); |
1459 | break; | 1466 | break; |
1460 | case SSH2_MSG_DISCONNECT: | 1467 | case SSH2_MSG_DISCONNECT: |
1461 | reason = packet_get_int(); | 1468 | reason = packet_get_int(); |
@@ -1466,7 +1473,7 @@ packet_read_poll_seqnr(u_int32_t *seqnr_p) | |||
1466 | SYSLOG_LEVEL_INFO : SYSLOG_LEVEL_ERROR, | 1473 | SYSLOG_LEVEL_INFO : SYSLOG_LEVEL_ERROR, |
1467 | "Received disconnect from %s: %u: %.400s", | 1474 | "Received disconnect from %s: %u: %.400s", |
1468 | get_remote_ipaddr(), reason, msg); | 1475 | get_remote_ipaddr(), reason, msg); |
1469 | xfree(msg); | 1476 | free(msg); |
1470 | cleanup_exit(255); | 1477 | cleanup_exit(255); |
1471 | break; | 1478 | break; |
1472 | case SSH2_MSG_UNIMPLEMENTED: | 1479 | case SSH2_MSG_UNIMPLEMENTED: |
@@ -1480,12 +1487,14 @@ packet_read_poll_seqnr(u_int32_t *seqnr_p) | |||
1480 | } else { | 1487 | } else { |
1481 | type = packet_read_poll1(); | 1488 | type = packet_read_poll1(); |
1482 | switch (type) { | 1489 | switch (type) { |
1490 | case SSH_MSG_NONE: | ||
1491 | return SSH_MSG_NONE; | ||
1483 | case SSH_MSG_IGNORE: | 1492 | case SSH_MSG_IGNORE: |
1484 | break; | 1493 | break; |
1485 | case SSH_MSG_DEBUG: | 1494 | case SSH_MSG_DEBUG: |
1486 | msg = packet_get_string(NULL); | 1495 | msg = packet_get_string(NULL); |
1487 | debug("Remote: %.900s", msg); | 1496 | debug("Remote: %.900s", msg); |
1488 | xfree(msg); | 1497 | free(msg); |
1489 | break; | 1498 | break; |
1490 | case SSH_MSG_DISCONNECT: | 1499 | case SSH_MSG_DISCONNECT: |
1491 | msg = packet_get_string(NULL); | 1500 | msg = packet_get_string(NULL); |
@@ -1494,8 +1503,7 @@ packet_read_poll_seqnr(u_int32_t *seqnr_p) | |||
1494 | cleanup_exit(255); | 1503 | cleanup_exit(255); |
1495 | break; | 1504 | break; |
1496 | default: | 1505 | default: |
1497 | if (type) | 1506 | DBG(debug("received packet type %d", type)); |
1498 | DBG(debug("received packet type %d", type)); | ||
1499 | return type; | 1507 | return type; |
1500 | } | 1508 | } |
1501 | } | 1509 | } |
@@ -1732,7 +1740,7 @@ void | |||
1732 | packet_write_wait(void) | 1740 | packet_write_wait(void) |
1733 | { | 1741 | { |
1734 | fd_set *setp; | 1742 | fd_set *setp; |
1735 | int ret, ms_remain; | 1743 | int ret, ms_remain = 0; |
1736 | struct timeval start, timeout, *timeoutp = NULL; | 1744 | struct timeval start, timeout, *timeoutp = NULL; |
1737 | 1745 | ||
1738 | setp = (fd_set *)xcalloc(howmany(active_state->connection_out + 1, | 1746 | setp = (fd_set *)xcalloc(howmany(active_state->connection_out + 1, |
@@ -1773,7 +1781,7 @@ packet_write_wait(void) | |||
1773 | } | 1781 | } |
1774 | packet_write_poll(); | 1782 | packet_write_poll(); |
1775 | } | 1783 | } |
1776 | xfree(setp); | 1784 | free(setp); |
1777 | } | 1785 | } |
1778 | 1786 | ||
1779 | /* Returns true if there is buffered data to write to the connection. */ | 1787 | /* Returns true if there is buffered data to write to the connection. */ |
@@ -1933,13 +1941,33 @@ packet_need_rekeying(void) | |||
1933 | (active_state->max_blocks_out && | 1941 | (active_state->max_blocks_out && |
1934 | (active_state->p_send.blocks > active_state->max_blocks_out)) || | 1942 | (active_state->p_send.blocks > active_state->max_blocks_out)) || |
1935 | (active_state->max_blocks_in && | 1943 | (active_state->max_blocks_in && |
1936 | (active_state->p_read.blocks > active_state->max_blocks_in)); | 1944 | (active_state->p_read.blocks > active_state->max_blocks_in)) || |
1945 | (active_state->rekey_interval != 0 && active_state->rekey_time + | ||
1946 | active_state->rekey_interval <= monotime()); | ||
1937 | } | 1947 | } |
1938 | 1948 | ||
1939 | void | 1949 | void |
1940 | packet_set_rekey_limit(u_int32_t bytes) | 1950 | packet_set_rekey_limits(u_int32_t bytes, time_t seconds) |
1941 | { | 1951 | { |
1952 | debug3("rekey after %lld bytes, %d seconds", (long long)bytes, | ||
1953 | (int)seconds); | ||
1942 | active_state->rekey_limit = bytes; | 1954 | active_state->rekey_limit = bytes; |
1955 | active_state->rekey_interval = seconds; | ||
1956 | /* | ||
1957 | * We set the time here so that in post-auth privsep slave we count | ||
1958 | * from the completion of the authentication. | ||
1959 | */ | ||
1960 | active_state->rekey_time = monotime(); | ||
1961 | } | ||
1962 | |||
1963 | time_t | ||
1964 | packet_get_rekey_timeout(void) | ||
1965 | { | ||
1966 | time_t seconds; | ||
1967 | |||
1968 | seconds = active_state->rekey_time + active_state->rekey_interval - | ||
1969 | monotime(); | ||
1970 | return (seconds <= 0 ? 1 : seconds); | ||
1943 | } | 1971 | } |
1944 | 1972 | ||
1945 | void | 1973 | void |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: packet.h,v 1.57 2012/01/25 19:40:09 markus Exp $ */ | 1 | /* $OpenBSD: packet.h,v 1.59 2013/07/12 00:19:59 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
@@ -71,7 +71,7 @@ void *packet_get_raw(u_int *length_ptr); | |||
71 | void *packet_get_string(u_int *length_ptr); | 71 | void *packet_get_string(u_int *length_ptr); |
72 | char *packet_get_cstring(u_int *length_ptr); | 72 | char *packet_get_cstring(u_int *length_ptr); |
73 | void *packet_get_string_ptr(u_int *length_ptr); | 73 | void *packet_get_string_ptr(u_int *length_ptr); |
74 | void packet_disconnect(const char *fmt,...) __attribute__((format(printf, 1, 2))); | 74 | void packet_disconnect(const char *fmt,...) __attribute__((noreturn)) __attribute__((format(printf, 1, 2))); |
75 | void packet_send_debug(const char *fmt,...) __attribute__((format(printf, 1, 2))); | 75 | void packet_send_debug(const char *fmt,...) __attribute__((format(printf, 1, 2))); |
76 | 76 | ||
77 | void set_newkeys(int mode); | 77 | void set_newkeys(int mode); |
@@ -115,7 +115,8 @@ do { \ | |||
115 | } while (0) | 115 | } while (0) |
116 | 116 | ||
117 | int packet_need_rekeying(void); | 117 | int packet_need_rekeying(void); |
118 | void packet_set_rekey_limit(u_int32_t); | 118 | void packet_set_rekey_limits(u_int32_t, time_t); |
119 | time_t packet_get_rekey_timeout(void); | ||
119 | 120 | ||
120 | void packet_backup_state(void); | 121 | void packet_backup_state(void); |
121 | void packet_restore_state(void); | 122 | void packet_restore_state(void); |
diff --git a/pathnames.h b/pathnames.h index 0cdfcef7f..47f7867d5 100644 --- a/pathnames.h +++ b/pathnames.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: pathnames.h,v 1.22 2011/05/23 03:30:07 djm Exp $ */ | 1 | /* $OpenBSD: pathnames.h,v 1.23 2013/04/05 00:31:49 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
@@ -72,18 +72,18 @@ | |||
72 | * readable by anyone except the user him/herself, though this does not | 72 | * readable by anyone except the user him/herself, though this does not |
73 | * contain anything particularly secret. | 73 | * contain anything particularly secret. |
74 | */ | 74 | */ |
75 | #define _PATH_SSH_USER_HOSTFILE "~/.ssh/known_hosts" | 75 | #define _PATH_SSH_USER_HOSTFILE "~/" _PATH_SSH_USER_DIR "/known_hosts" |
76 | /* backward compat for protocol 2 */ | 76 | /* backward compat for protocol 2 */ |
77 | #define _PATH_SSH_USER_HOSTFILE2 "~/.ssh/known_hosts2" | 77 | #define _PATH_SSH_USER_HOSTFILE2 "~/" _PATH_SSH_USER_DIR "/known_hosts2" |
78 | 78 | ||
79 | /* | 79 | /* |
80 | * Name of the default file containing client-side authentication key. This | 80 | * Name of the default file containing client-side authentication key. This |
81 | * file should only be readable by the user him/herself. | 81 | * file should only be readable by the user him/herself. |
82 | */ | 82 | */ |
83 | #define _PATH_SSH_CLIENT_IDENTITY ".ssh/identity" | 83 | #define _PATH_SSH_CLIENT_IDENTITY _PATH_SSH_USER_DIR "/identity" |
84 | #define _PATH_SSH_CLIENT_ID_DSA ".ssh/id_dsa" | 84 | #define _PATH_SSH_CLIENT_ID_DSA _PATH_SSH_USER_DIR "/id_dsa" |
85 | #define _PATH_SSH_CLIENT_ID_ECDSA ".ssh/id_ecdsa" | 85 | #define _PATH_SSH_CLIENT_ID_ECDSA _PATH_SSH_USER_DIR "/id_ecdsa" |
86 | #define _PATH_SSH_CLIENT_ID_RSA ".ssh/id_rsa" | 86 | #define _PATH_SSH_CLIENT_ID_RSA _PATH_SSH_USER_DIR "/id_rsa" |
87 | 87 | ||
88 | /* | 88 | /* |
89 | * Configuration file in user's home directory. This file need not be | 89 | * Configuration file in user's home directory. This file need not be |
@@ -91,7 +91,7 @@ | |||
91 | * particularly secret. If the user's home directory resides on an NFS | 91 | * particularly secret. If the user's home directory resides on an NFS |
92 | * volume where root is mapped to nobody, this may need to be world-readable. | 92 | * volume where root is mapped to nobody, this may need to be world-readable. |
93 | */ | 93 | */ |
94 | #define _PATH_SSH_USER_CONFFILE ".ssh/config" | 94 | #define _PATH_SSH_USER_CONFFILE _PATH_SSH_USER_DIR "/config" |
95 | 95 | ||
96 | /* | 96 | /* |
97 | * File containing a list of those rsa keys that permit logging in as this | 97 | * File containing a list of those rsa keys that permit logging in as this |
@@ -101,10 +101,10 @@ | |||
101 | * may need to be world-readable. (This file is read by the daemon which is | 101 | * may need to be world-readable. (This file is read by the daemon which is |
102 | * running as root.) | 102 | * running as root.) |
103 | */ | 103 | */ |
104 | #define _PATH_SSH_USER_PERMITTED_KEYS ".ssh/authorized_keys" | 104 | #define _PATH_SSH_USER_PERMITTED_KEYS _PATH_SSH_USER_DIR "/authorized_keys" |
105 | 105 | ||
106 | /* backward compat for protocol v2 */ | 106 | /* backward compat for protocol v2 */ |
107 | #define _PATH_SSH_USER_PERMITTED_KEYS2 ".ssh/authorized_keys2" | 107 | #define _PATH_SSH_USER_PERMITTED_KEYS2 _PATH_SSH_USER_DIR "/authorized_keys2" |
108 | 108 | ||
109 | /* | 109 | /* |
110 | * Per-user and system-wide ssh "rc" files. These files are executed with | 110 | * Per-user and system-wide ssh "rc" files. These files are executed with |
@@ -112,7 +112,7 @@ | |||
112 | * passed "proto cookie" as arguments if X11 forwarding with spoofing is in | 112 | * passed "proto cookie" as arguments if X11 forwarding with spoofing is in |
113 | * use. xauth will be run if neither of these exists. | 113 | * use. xauth will be run if neither of these exists. |
114 | */ | 114 | */ |
115 | #define _PATH_SSH_USER_RC ".ssh/rc" | 115 | #define _PATH_SSH_USER_RC _PATH_SSH_USER_DIR "/rc" |
116 | #define _PATH_SSH_SYSTEM_RC SSHDIR "/sshrc" | 116 | #define _PATH_SSH_SYSTEM_RC SSHDIR "/sshrc" |
117 | 117 | ||
118 | /* | 118 | /* |
diff --git a/progressmeter.c b/progressmeter.c index 0f95222d2..332bd3c99 100644 --- a/progressmeter.c +++ b/progressmeter.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: progressmeter.c,v 1.37 2006/08/03 03:34:42 deraadt Exp $ */ | 1 | /* $OpenBSD: progressmeter.c,v 1.39 2013/06/02 13:33:05 dtucker Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2003 Nils Nordman. All rights reserved. | 3 | * Copyright (c) 2003 Nils Nordman. All rights reserved. |
4 | * | 4 | * |
@@ -131,7 +131,7 @@ refresh_progress_meter(void) | |||
131 | 131 | ||
132 | transferred = *counter - cur_pos; | 132 | transferred = *counter - cur_pos; |
133 | cur_pos = *counter; | 133 | cur_pos = *counter; |
134 | now = time(NULL); | 134 | now = monotime(); |
135 | bytes_left = end_pos - cur_pos; | 135 | bytes_left = end_pos - cur_pos; |
136 | 136 | ||
137 | if (bytes_left > 0) | 137 | if (bytes_left > 0) |
@@ -249,7 +249,7 @@ update_progress_meter(int ignore) | |||
249 | void | 249 | void |
250 | start_progress_meter(char *f, off_t filesize, off_t *ctr) | 250 | start_progress_meter(char *f, off_t filesize, off_t *ctr) |
251 | { | 251 | { |
252 | start = last_update = time(NULL); | 252 | start = last_update = monotime(); |
253 | file = f; | 253 | file = f; |
254 | end_pos = filesize; | 254 | end_pos = filesize; |
255 | cur_pos = 0; | 255 | cur_pos = 0; |
diff --git a/readconf.c b/readconf.c index 0b26a6735..2778176c6 100644 --- a/readconf.c +++ b/readconf.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: readconf.c,v 1.196 2013/02/22 04:45:08 dtucker Exp $ */ | 1 | /* $OpenBSD: readconf.c,v 1.204 2013/06/10 19:19:44 dtucker Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -32,6 +32,9 @@ | |||
32 | #include <unistd.h> | 32 | #include <unistd.h> |
33 | #include <pwd.h> | 33 | #include <pwd.h> |
34 | #include <grp.h> | 34 | #include <grp.h> |
35 | #ifdef HAVE_UTIL_H | ||
36 | #include <util.h> | ||
37 | #endif | ||
35 | 38 | ||
36 | #include "xmalloc.h" | 39 | #include "xmalloc.h" |
37 | #include "ssh.h" | 40 | #include "ssh.h" |
@@ -139,9 +142,9 @@ typedef enum { | |||
139 | oHashKnownHosts, | 142 | oHashKnownHosts, |
140 | oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, | 143 | oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, |
141 | oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication, | 144 | oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication, |
142 | oKexAlgorithms, oIPQoS, oRequestTTY, | 145 | oKexAlgorithms, oIPQoS, oRequestTTY, oIgnoreUnknown, |
143 | oProtocolKeepAlives, oSetupTimeOut, | 146 | oProtocolKeepAlives, oSetupTimeOut, |
144 | oDeprecated, oUnsupported | 147 | oIgnoredUnknownOption, oDeprecated, oUnsupported |
145 | } OpCodes; | 148 | } OpCodes; |
146 | 149 | ||
147 | /* Textual representations of the tokens. */ | 150 | /* Textual representations of the tokens. */ |
@@ -262,6 +265,7 @@ static struct { | |||
262 | { "kexalgorithms", oKexAlgorithms }, | 265 | { "kexalgorithms", oKexAlgorithms }, |
263 | { "ipqos", oIPQoS }, | 266 | { "ipqos", oIPQoS }, |
264 | { "requesttty", oRequestTTY }, | 267 | { "requesttty", oRequestTTY }, |
268 | { "ignoreunknown", oIgnoreUnknown }, | ||
265 | { "protocolkeepalives", oProtocolKeepAlives }, | 269 | { "protocolkeepalives", oProtocolKeepAlives }, |
266 | { "setuptimeout", oSetupTimeOut }, | 270 | { "setuptimeout", oSetupTimeOut }, |
267 | 271 | ||
@@ -322,22 +326,20 @@ clear_forwardings(Options *options) | |||
322 | int i; | 326 | int i; |
323 | 327 | ||
324 | for (i = 0; i < options->num_local_forwards; i++) { | 328 | for (i = 0; i < options->num_local_forwards; i++) { |
325 | if (options->local_forwards[i].listen_host != NULL) | 329 | free(options->local_forwards[i].listen_host); |
326 | xfree(options->local_forwards[i].listen_host); | 330 | free(options->local_forwards[i].connect_host); |
327 | xfree(options->local_forwards[i].connect_host); | ||
328 | } | 331 | } |
329 | if (options->num_local_forwards > 0) { | 332 | if (options->num_local_forwards > 0) { |
330 | xfree(options->local_forwards); | 333 | free(options->local_forwards); |
331 | options->local_forwards = NULL; | 334 | options->local_forwards = NULL; |
332 | } | 335 | } |
333 | options->num_local_forwards = 0; | 336 | options->num_local_forwards = 0; |
334 | for (i = 0; i < options->num_remote_forwards; i++) { | 337 | for (i = 0; i < options->num_remote_forwards; i++) { |
335 | if (options->remote_forwards[i].listen_host != NULL) | 338 | free(options->remote_forwards[i].listen_host); |
336 | xfree(options->remote_forwards[i].listen_host); | 339 | free(options->remote_forwards[i].connect_host); |
337 | xfree(options->remote_forwards[i].connect_host); | ||
338 | } | 340 | } |
339 | if (options->num_remote_forwards > 0) { | 341 | if (options->num_remote_forwards > 0) { |
340 | xfree(options->remote_forwards); | 342 | free(options->remote_forwards); |
341 | options->remote_forwards = NULL; | 343 | options->remote_forwards = NULL; |
342 | } | 344 | } |
343 | options->num_remote_forwards = 0; | 345 | options->num_remote_forwards = 0; |
@@ -369,14 +371,17 @@ add_identity_file(Options *options, const char *dir, const char *filename, | |||
369 | */ | 371 | */ |
370 | 372 | ||
371 | static OpCodes | 373 | static OpCodes |
372 | parse_token(const char *cp, const char *filename, int linenum) | 374 | parse_token(const char *cp, const char *filename, int linenum, |
375 | const char *ignored_unknown) | ||
373 | { | 376 | { |
374 | u_int i; | 377 | int i; |
375 | 378 | ||
376 | for (i = 0; keywords[i].name; i++) | 379 | for (i = 0; keywords[i].name; i++) |
377 | if (strcasecmp(cp, keywords[i].name) == 0) | 380 | if (strcmp(cp, keywords[i].name) == 0) |
378 | return keywords[i].opcode; | 381 | return keywords[i].opcode; |
379 | 382 | if (ignored_unknown != NULL && match_pattern_list(cp, ignored_unknown, | |
383 | strlen(ignored_unknown), 1) == 1) | ||
384 | return oIgnoredUnknownOption; | ||
380 | error("%s: line %d: Bad configuration option: %s", | 385 | error("%s: line %d: Bad configuration option: %s", |
381 | filename, linenum, cp); | 386 | filename, linenum, cp); |
382 | return oBadOption; | 387 | return oBadOption; |
@@ -395,10 +400,10 @@ process_config_line(Options *options, const char *host, | |||
395 | { | 400 | { |
396 | char *s, **charptr, *endofnumber, *keyword, *arg, *arg2; | 401 | char *s, **charptr, *endofnumber, *keyword, *arg, *arg2; |
397 | char **cpptr, fwdarg[256]; | 402 | char **cpptr, fwdarg[256]; |
398 | u_int *uintptr, max_entries = 0; | 403 | u_int i, *uintptr, max_entries = 0; |
399 | int negated, opcode, *intptr, value, value2, scale; | 404 | int negated, opcode, *intptr, value, value2; |
400 | LogLevel *log_level_ptr; | 405 | LogLevel *log_level_ptr; |
401 | long long orig, val64; | 406 | long long val64; |
402 | size_t len; | 407 | size_t len; |
403 | Forward fwd; | 408 | Forward fwd; |
404 | 409 | ||
@@ -418,14 +423,22 @@ process_config_line(Options *options, const char *host, | |||
418 | keyword = strdelim(&s); | 423 | keyword = strdelim(&s); |
419 | if (keyword == NULL || !*keyword || *keyword == '\n' || *keyword == '#') | 424 | if (keyword == NULL || !*keyword || *keyword == '\n' || *keyword == '#') |
420 | return 0; | 425 | return 0; |
426 | /* Match lowercase keyword */ | ||
427 | for (i = 0; i < strlen(keyword); i++) | ||
428 | keyword[i] = tolower(keyword[i]); | ||
421 | 429 | ||
422 | opcode = parse_token(keyword, filename, linenum); | 430 | opcode = parse_token(keyword, filename, linenum, |
431 | options->ignored_unknown); | ||
423 | 432 | ||
424 | switch (opcode) { | 433 | switch (opcode) { |
425 | case oBadOption: | 434 | case oBadOption: |
426 | /* don't panic, but count bad options */ | 435 | /* don't panic, but count bad options */ |
427 | return -1; | 436 | return -1; |
428 | /* NOTREACHED */ | 437 | /* NOTREACHED */ |
438 | case oIgnoredUnknownOption: | ||
439 | debug("%s line %d: Ignored unknown option \"%s\"", | ||
440 | filename, linenum, keyword); | ||
441 | return 0; | ||
429 | case oConnectTimeout: | 442 | case oConnectTimeout: |
430 | intptr = &options->connection_timeout; | 443 | intptr = &options->connection_timeout; |
431 | parse_time: | 444 | parse_time: |
@@ -604,39 +617,32 @@ parse_yesnoask: | |||
604 | case oRekeyLimit: | 617 | case oRekeyLimit: |
605 | arg = strdelim(&s); | 618 | arg = strdelim(&s); |
606 | if (!arg || *arg == '\0') | 619 | if (!arg || *arg == '\0') |
607 | fatal("%.200s line %d: Missing argument.", filename, linenum); | 620 | fatal("%.200s line %d: Missing argument.", filename, |
608 | if (arg[0] < '0' || arg[0] > '9') | 621 | linenum); |
609 | fatal("%.200s line %d: Bad number.", filename, linenum); | 622 | if (strcmp(arg, "default") == 0) { |
610 | orig = val64 = strtoll(arg, &endofnumber, 10); | 623 | val64 = 0; |
611 | if (arg == endofnumber) | 624 | } else { |
612 | fatal("%.200s line %d: Bad number.", filename, linenum); | 625 | if (scan_scaled(arg, &val64) == -1) |
613 | switch (toupper(*endofnumber)) { | 626 | fatal("%.200s line %d: Bad number '%s': %s", |
614 | case '\0': | 627 | filename, linenum, arg, strerror(errno)); |
615 | scale = 1; | 628 | /* check for too-large or too-small limits */ |
616 | break; | 629 | if (val64 > UINT_MAX) |
617 | case 'K': | 630 | fatal("%.200s line %d: RekeyLimit too large", |
618 | scale = 1<<10; | 631 | filename, linenum); |
619 | break; | 632 | if (val64 != 0 && val64 < 16) |
620 | case 'M': | 633 | fatal("%.200s line %d: RekeyLimit too small", |
621 | scale = 1<<20; | 634 | filename, linenum); |
622 | break; | ||
623 | case 'G': | ||
624 | scale = 1<<30; | ||
625 | break; | ||
626 | default: | ||
627 | fatal("%.200s line %d: Invalid RekeyLimit suffix", | ||
628 | filename, linenum); | ||
629 | } | 635 | } |
630 | val64 *= scale; | ||
631 | /* detect integer wrap and too-large limits */ | ||
632 | if ((val64 / scale) != orig || val64 > UINT_MAX) | ||
633 | fatal("%.200s line %d: RekeyLimit too large", | ||
634 | filename, linenum); | ||
635 | if (val64 < 16) | ||
636 | fatal("%.200s line %d: RekeyLimit too small", | ||
637 | filename, linenum); | ||
638 | if (*activep && options->rekey_limit == -1) | 636 | if (*activep && options->rekey_limit == -1) |
639 | options->rekey_limit = (u_int32_t)val64; | 637 | options->rekey_limit = (u_int32_t)val64; |
638 | if (s != NULL) { /* optional rekey interval present */ | ||
639 | if (strcmp(s, "none") == 0) { | ||
640 | (void)strdelim(&s); /* discard */ | ||
641 | break; | ||
642 | } | ||
643 | intptr = &options->rekey_interval; | ||
644 | goto parse_time; | ||
645 | } | ||
640 | break; | 646 | break; |
641 | 647 | ||
642 | case oIdentityFile: | 648 | case oIdentityFile: |
@@ -1106,6 +1112,10 @@ parse_int: | |||
1106 | *intptr = value; | 1112 | *intptr = value; |
1107 | break; | 1113 | break; |
1108 | 1114 | ||
1115 | case oIgnoreUnknown: | ||
1116 | charptr = &options->ignored_unknown; | ||
1117 | goto parse_string; | ||
1118 | |||
1109 | case oDeprecated: | 1119 | case oDeprecated: |
1110 | debug("%s line %d: Deprecated option \"%s\"", | 1120 | debug("%s line %d: Deprecated option \"%s\"", |
1111 | filename, linenum, keyword); | 1121 | filename, linenum, keyword); |
@@ -1251,6 +1261,7 @@ initialize_options(Options * options) | |||
1251 | options->no_host_authentication_for_localhost = - 1; | 1261 | options->no_host_authentication_for_localhost = - 1; |
1252 | options->identities_only = - 1; | 1262 | options->identities_only = - 1; |
1253 | options->rekey_limit = - 1; | 1263 | options->rekey_limit = - 1; |
1264 | options->rekey_interval = -1; | ||
1254 | options->verify_host_key_dns = -1; | 1265 | options->verify_host_key_dns = -1; |
1255 | options->server_alive_interval = -1; | 1266 | options->server_alive_interval = -1; |
1256 | options->server_alive_count_max = -1; | 1267 | options->server_alive_count_max = -1; |
@@ -1271,6 +1282,7 @@ initialize_options(Options * options) | |||
1271 | options->ip_qos_interactive = -1; | 1282 | options->ip_qos_interactive = -1; |
1272 | options->ip_qos_bulk = -1; | 1283 | options->ip_qos_bulk = -1; |
1273 | options->request_tty = -1; | 1284 | options->request_tty = -1; |
1285 | options->ignored_unknown = NULL; | ||
1274 | } | 1286 | } |
1275 | 1287 | ||
1276 | /* | 1288 | /* |
@@ -1281,8 +1293,6 @@ initialize_options(Options * options) | |||
1281 | void | 1293 | void |
1282 | fill_default_options(Options * options) | 1294 | fill_default_options(Options * options) |
1283 | { | 1295 | { |
1284 | int len; | ||
1285 | |||
1286 | if (options->forward_agent == -1) | 1296 | if (options->forward_agent == -1) |
1287 | options->forward_agent = 0; | 1297 | options->forward_agent = 0; |
1288 | if (options->forward_x11 == -1) | 1298 | if (options->forward_x11 == -1) |
@@ -1396,6 +1406,8 @@ fill_default_options(Options * options) | |||
1396 | options->enable_ssh_keysign = 0; | 1406 | options->enable_ssh_keysign = 0; |
1397 | if (options->rekey_limit == -1) | 1407 | if (options->rekey_limit == -1) |
1398 | options->rekey_limit = 0; | 1408 | options->rekey_limit = 0; |
1409 | if (options->rekey_interval == -1) | ||
1410 | options->rekey_interval = 0; | ||
1399 | if (options->verify_host_key_dns == -1) | 1411 | if (options->verify_host_key_dns == -1) |
1400 | options->verify_host_key_dns = 0; | 1412 | options->verify_host_key_dns = 0; |
1401 | if (options->server_alive_interval == -1) { | 1413 | if (options->server_alive_interval == -1) { |
@@ -1504,7 +1516,7 @@ parse_forward(Forward *fwd, const char *fwdspec, int dynamicfwd, int remotefwd) | |||
1504 | i = 0; /* failure */ | 1516 | i = 0; /* failure */ |
1505 | } | 1517 | } |
1506 | 1518 | ||
1507 | xfree(p); | 1519 | free(p); |
1508 | 1520 | ||
1509 | if (dynamicfwd) { | 1521 | if (dynamicfwd) { |
1510 | if (!(i == 1 || i == 2)) | 1522 | if (!(i == 1 || i == 2)) |
@@ -1530,13 +1542,9 @@ parse_forward(Forward *fwd, const char *fwdspec, int dynamicfwd, int remotefwd) | |||
1530 | return (i); | 1542 | return (i); |
1531 | 1543 | ||
1532 | fail_free: | 1544 | fail_free: |
1533 | if (fwd->connect_host != NULL) { | 1545 | free(fwd->connect_host); |
1534 | xfree(fwd->connect_host); | 1546 | fwd->connect_host = NULL; |
1535 | fwd->connect_host = NULL; | 1547 | free(fwd->listen_host); |
1536 | } | 1548 | fwd->listen_host = NULL; |
1537 | if (fwd->listen_host != NULL) { | ||
1538 | xfree(fwd->listen_host); | ||
1539 | fwd->listen_host = NULL; | ||
1540 | } | ||
1541 | return (0); | 1549 | return (0); |
1542 | } | 1550 | } |
diff --git a/readconf.h b/readconf.h index 6ecbf281e..a508151f7 100644 --- a/readconf.h +++ b/readconf.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: readconf.h,v 1.93 2013/02/22 04:45:09 dtucker Exp $ */ | 1 | /* $OpenBSD: readconf.h,v 1.95 2013/05/16 04:27:50 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
@@ -116,6 +116,7 @@ typedef struct { | |||
116 | 116 | ||
117 | int enable_ssh_keysign; | 117 | int enable_ssh_keysign; |
118 | int64_t rekey_limit; | 118 | int64_t rekey_limit; |
119 | int rekey_interval; | ||
119 | int no_host_authentication_for_localhost; | 120 | int no_host_authentication_for_localhost; |
120 | int identities_only; | 121 | int identities_only; |
121 | int server_alive_interval; | 122 | int server_alive_interval; |
@@ -142,6 +143,8 @@ typedef struct { | |||
142 | int use_roaming; | 143 | int use_roaming; |
143 | 144 | ||
144 | int request_tty; | 145 | int request_tty; |
146 | |||
147 | char *ignored_unknown; /* Pattern list of unknown tokens to ignore */ | ||
145 | } Options; | 148 | } Options; |
146 | 149 | ||
147 | #define SSHCTL_MASTER_NO 0 | 150 | #define SSHCTL_MASTER_NO 0 |
diff --git a/readpass.c b/readpass.c index 599c8ef9a..e37d31158 100644 --- a/readpass.c +++ b/readpass.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: readpass.c,v 1.48 2010/12/15 00:49:27 djm Exp $ */ | 1 | /* $OpenBSD: readpass.c,v 1.49 2013/05/17 00:13:14 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -186,7 +186,7 @@ ask_permission(const char *fmt, ...) | |||
186 | if (*p == '\0' || *p == '\n' || | 186 | if (*p == '\0' || *p == '\n' || |
187 | strcasecmp(p, "yes") == 0) | 187 | strcasecmp(p, "yes") == 0) |
188 | allowed = 1; | 188 | allowed = 1; |
189 | xfree(p); | 189 | free(p); |
190 | } | 190 | } |
191 | 191 | ||
192 | return (allowed); | 192 | return (allowed); |
diff --git a/regress/Makefile b/regress/Makefile index 6ef5d9cce..ab2a6ae7b 100644 --- a/regress/Makefile +++ b/regress/Makefile | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: Makefile,v 1.62 2013/01/18 00:45:29 djm Exp $ | 1 | # $OpenBSD: Makefile,v 1.65 2013/04/18 02:46:12 djm Exp $ |
2 | 2 | ||
3 | REGRESS_TARGETS= t1 t2 t3 t4 t5 t6 t7 t8 t9 t-exec | 3 | REGRESS_TARGETS= t1 t2 t3 t4 t5 t6 t7 t8 t9 t-exec |
4 | tests: $(REGRESS_TARGETS) | 4 | tests: $(REGRESS_TARGETS) |
@@ -8,6 +8,7 @@ interop interop-tests: t-exec-interop | |||
8 | 8 | ||
9 | clean: | 9 | clean: |
10 | for F in $(CLEANFILES); do rm -f $(OBJ)$$F; done | 10 | for F in $(CLEANFILES); do rm -f $(OBJ)$$F; done |
11 | test -z "${SUDO}" || ${SUDO} rm -f ${SUDO_CLEAN} | ||
11 | rm -rf $(OBJ).putty | 12 | rm -rf $(OBJ).putty |
12 | 13 | ||
13 | distclean: clean | 14 | distclean: clean |
@@ -38,6 +39,7 @@ LTESTS= connect \ | |||
38 | key-options \ | 39 | key-options \ |
39 | scp \ | 40 | scp \ |
40 | sftp \ | 41 | sftp \ |
42 | sftp-chroot \ | ||
41 | sftp-cmds \ | 43 | sftp-cmds \ |
42 | sftp-badcmds \ | 44 | sftp-badcmds \ |
43 | sftp-batch \ | 45 | sftp-batch \ |
@@ -82,8 +84,11 @@ CLEANFILES= t2.out t3.out t6.out1 t6.out2 t7.out t7.out.pub copy.1 copy.2 \ | |||
82 | putty.rsa2 sshd_proxy_orig ssh_proxy_bak \ | 84 | putty.rsa2 sshd_proxy_orig ssh_proxy_bak \ |
83 | key.rsa-* key.dsa-* key.ecdsa-* \ | 85 | key.rsa-* key.dsa-* key.ecdsa-* \ |
84 | authorized_principals_${USER} expect actual ready \ | 86 | authorized_principals_${USER} expect actual ready \ |
85 | sshd_proxy.* authorized_keys_${USER}.* modpipe revoked-* krl-* | 87 | sshd_proxy.* authorized_keys_${USER}.* modpipe revoked-* krl-* \ |
88 | ssh.log failed-ssh.log sshd.log failed-sshd.log \ | ||
89 | regress.log failed-regress.log ssh-log-wrapper.sh | ||
86 | 90 | ||
91 | SUDO_CLEAN+= /var/run/testdata_${USER} /var/run/keycommand_${USER} | ||
87 | 92 | ||
88 | # Enable all malloc(3) randomisations and checks | 93 | # Enable all malloc(3) randomisations and checks |
89 | TEST_ENV= "MALLOC_OPTIONS=AFGJPRX" | 94 | TEST_ENV= "MALLOC_OPTIONS=AFGJPRX" |
@@ -150,14 +155,14 @@ t-exec: ${LTESTS:=.sh} | |||
150 | @if [ "x$?" = "x" ]; then exit 0; fi; \ | 155 | @if [ "x$?" = "x" ]; then exit 0; fi; \ |
151 | for TEST in ""$?; do \ | 156 | for TEST in ""$?; do \ |
152 | echo "run test $${TEST}" ... 1>&2; \ | 157 | echo "run test $${TEST}" ... 1>&2; \ |
153 | (env SUDO="${SUDO}" TEST_ENV=${TEST_ENV} sh ${.CURDIR}/test-exec.sh ${.OBJDIR} ${.CURDIR}/$${TEST}) || exit $$?; \ | 158 | (env SUDO="${SUDO}" TEST_ENV=${TEST_ENV} ${TEST_SHELL} ${.CURDIR}/test-exec.sh ${.OBJDIR} ${.CURDIR}/$${TEST}) || exit $$?; \ |
154 | done | 159 | done |
155 | 160 | ||
156 | t-exec-interop: ${INTEROP_TESTS:=.sh} | 161 | t-exec-interop: ${INTEROP_TESTS:=.sh} |
157 | @if [ "x$?" = "x" ]; then exit 0; fi; \ | 162 | @if [ "x$?" = "x" ]; then exit 0; fi; \ |
158 | for TEST in ""$?; do \ | 163 | for TEST in ""$?; do \ |
159 | echo "run test $${TEST}" ... 1>&2; \ | 164 | echo "run test $${TEST}" ... 1>&2; \ |
160 | (env SUDO="${SUDO}" TEST_ENV=${TEST_ENV} sh ${.CURDIR}/test-exec.sh ${.OBJDIR} ${.CURDIR}/$${TEST}) || exit $$?; \ | 165 | (env SUDO="${SUDO}" TEST_ENV=${TEST_ENV} ${TEST_SHELL} ${.CURDIR}/test-exec.sh ${.OBJDIR} ${.CURDIR}/$${TEST}) || exit $$?; \ |
161 | done | 166 | done |
162 | 167 | ||
163 | # Not run by default | 168 | # Not run by default |
diff --git a/regress/agent-getpeereid.sh b/regress/agent-getpeereid.sh index faf654c04..d5ae2d6e2 100644 --- a/regress/agent-getpeereid.sh +++ b/regress/agent-getpeereid.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: agent-getpeereid.sh,v 1.4 2007/11/25 15:35:09 jmc Exp $ | 1 | # $OpenBSD: agent-getpeereid.sh,v 1.5 2013/05/17 10:33:09 dtucker Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="disallow agent attach from other uid" | 4 | tid="disallow agent attach from other uid" |
@@ -18,7 +18,6 @@ if [ -z "$SUDO" ]; then | |||
18 | exit 0 | 18 | exit 0 |
19 | fi | 19 | fi |
20 | 20 | ||
21 | |||
22 | trace "start agent" | 21 | trace "start agent" |
23 | eval `${SSHAGENT} -s -a ${ASOCK}` > /dev/null | 22 | eval `${SSHAGENT} -s -a ${ASOCK}` > /dev/null |
24 | r=$? | 23 | r=$? |
diff --git a/regress/agent-timeout.sh b/regress/agent-timeout.sh index 3a40e7af8..68826594e 100644 --- a/regress/agent-timeout.sh +++ b/regress/agent-timeout.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: agent-timeout.sh,v 1.1 2002/06/06 00:38:40 markus Exp $ | 1 | # $OpenBSD: agent-timeout.sh,v 1.2 2013/05/17 01:16:09 dtucker Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="agent timeout test" | 4 | tid="agent timeout test" |
diff --git a/regress/agent.sh b/regress/agent.sh index 094cf694b..be7d91334 100644 --- a/regress/agent.sh +++ b/regress/agent.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: agent.sh,v 1.7 2007/11/25 15:35:09 jmc Exp $ | 1 | # $OpenBSD: agent.sh,v 1.8 2013/05/17 00:37:40 dtucker Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="simple agent test" | 4 | tid="simple agent test" |
@@ -19,7 +19,7 @@ else | |||
19 | fail "ssh-add -l did not fail with exit code 1" | 19 | fail "ssh-add -l did not fail with exit code 1" |
20 | fi | 20 | fi |
21 | trace "overwrite authorized keys" | 21 | trace "overwrite authorized keys" |
22 | echon > $OBJ/authorized_keys_$USER | 22 | printf '' > $OBJ/authorized_keys_$USER |
23 | for t in rsa rsa1; do | 23 | for t in rsa rsa1; do |
24 | # generate user key for agent | 24 | # generate user key for agent |
25 | rm -f $OBJ/$t-agent | 25 | rm -f $OBJ/$t-agent |
diff --git a/regress/bsd.regress.mk b/regress/bsd.regress.mk deleted file mode 100644 index 9b8011a01..000000000 --- a/regress/bsd.regress.mk +++ /dev/null | |||
@@ -1,79 +0,0 @@ | |||
1 | # $OpenBSD: bsd.regress.mk,v 1.9 2002/02/17 01:10:15 marc Exp $ | ||
2 | # No man pages for regression tests. | ||
3 | NOMAN= | ||
4 | |||
5 | # No installation. | ||
6 | install: | ||
7 | |||
8 | # If REGRESSTARGETS is defined and PROG is not defined, set NOPROG | ||
9 | .if defined(REGRESSTARGETS) && !defined(PROG) | ||
10 | NOPROG= | ||
11 | .endif | ||
12 | |||
13 | .include <bsd.prog.mk> | ||
14 | |||
15 | .MAIN: all | ||
16 | all: regress | ||
17 | |||
18 | # XXX - Need full path to REGRESSLOG, otherwise there will be much pain. | ||
19 | |||
20 | REGRESSLOG?=/dev/null | ||
21 | REGRESSNAME=${.CURDIR:S/${BSDSRCDIR}\/regress\///} | ||
22 | |||
23 | .if defined(PROG) && !empty(PROG) | ||
24 | run-regress-${PROG}: ${PROG} | ||
25 | ./${PROG} | ||
26 | .endif | ||
27 | |||
28 | .if !defined(REGRESSTARGETS) | ||
29 | REGRESSTARGETS=run-regress-${PROG} | ||
30 | . if defined(REGRESSSKIP) | ||
31 | REGRESSSKIPTARGETS=run-regress-${PROG} | ||
32 | . endif | ||
33 | .endif | ||
34 | |||
35 | REGRESSSKIPSLOW?=no | ||
36 | |||
37 | #.if (${REGRESSSKIPSLOW:L} == "yes") && defined(REGRESSSLOWTARGETS) | ||
38 | |||
39 | .if (${REGRESSSKIPSLOW} == "yes") && defined(REGRESSSLOWTARGETS) | ||
40 | REGRESSSKIPTARGETS+=${REGRESSSLOWTARGETS} | ||
41 | .endif | ||
42 | |||
43 | .if defined(REGRESSROOTTARGETS) | ||
44 | ROOTUSER!=id -g | ||
45 | SUDO?= | ||
46 | . if (${ROOTUSER} != 0) && empty(SUDO) | ||
47 | REGRESSSKIPTARGETS+=${REGRESSROOTTARGETS} | ||
48 | . endif | ||
49 | .endif | ||
50 | |||
51 | REGRESSSKIPTARGETS?= | ||
52 | |||
53 | regress: | ||
54 | .for RT in ${REGRESSTARGETS} | ||
55 | . if ${REGRESSSKIPTARGETS:M${RT}} | ||
56 | @echo -n "SKIP " >> ${REGRESSLOG} | ||
57 | . else | ||
58 | # XXX - we need a better method to see if a test fails due to timeout or just | ||
59 | # normal failure. | ||
60 | . if !defined(REGRESSMAXTIME) | ||
61 | @if cd ${.CURDIR} && ${MAKE} ${RT}; then \ | ||
62 | echo -n "SUCCESS " >> ${REGRESSLOG} ; \ | ||
63 | else \ | ||
64 | echo -n "FAIL " >> ${REGRESSLOG} ; \ | ||
65 | echo FAILED ; \ | ||
66 | fi | ||
67 | . else | ||
68 | @if cd ${.CURDIR} && (ulimit -t ${REGRESSMAXTIME} ; ${MAKE} ${RT}); then \ | ||
69 | echo -n "SUCCESS " >> ${REGRESSLOG} ; \ | ||
70 | else \ | ||
71 | echo -n "FAIL (possible timeout) " >> ${REGRESSLOG} ; \ | ||
72 | echo FAILED ; \ | ||
73 | fi | ||
74 | . endif | ||
75 | . endif | ||
76 | @echo ${REGRESSNAME}/${RT:S/^run-regress-//} >> ${REGRESSLOG} | ||
77 | .endfor | ||
78 | |||
79 | .PHONY: regress | ||
diff --git a/regress/cert-hostkey.sh b/regress/cert-hostkey.sh index 6216abd87..35cd39293 100644 --- a/regress/cert-hostkey.sh +++ b/regress/cert-hostkey.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: cert-hostkey.sh,v 1.6 2011/05/20 02:43:36 djm Exp $ | 1 | # $OpenBSD: cert-hostkey.sh,v 1.7 2013/05/17 00:37:40 dtucker Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="certified host keys" | 4 | tid="certified host keys" |
@@ -18,8 +18,8 @@ HOSTS='localhost-with-alias,127.0.0.1,::1' | |||
18 | ${SSHKEYGEN} -q -N '' -t rsa -f $OBJ/host_ca_key ||\ | 18 | ${SSHKEYGEN} -q -N '' -t rsa -f $OBJ/host_ca_key ||\ |
19 | fail "ssh-keygen of host_ca_key failed" | 19 | fail "ssh-keygen of host_ca_key failed" |
20 | ( | 20 | ( |
21 | echon '@cert-authority ' | 21 | printf '@cert-authority ' |
22 | echon "$HOSTS " | 22 | printf "$HOSTS " |
23 | cat $OBJ/host_ca_key.pub | 23 | cat $OBJ/host_ca_key.pub |
24 | ) > $OBJ/known_hosts-cert | 24 | ) > $OBJ/known_hosts-cert |
25 | 25 | ||
@@ -66,25 +66,25 @@ done | |||
66 | 66 | ||
67 | # Revoked certificates with key present | 67 | # Revoked certificates with key present |
68 | ( | 68 | ( |
69 | echon '@cert-authority ' | 69 | printf '@cert-authority ' |
70 | echon "$HOSTS " | 70 | printf "$HOSTS " |
71 | cat $OBJ/host_ca_key.pub | 71 | cat $OBJ/host_ca_key.pub |
72 | echon '@revoked ' | 72 | printf '@revoked ' |
73 | echon "* " | 73 | printf "* " |
74 | cat $OBJ/cert_host_key_rsa.pub | 74 | cat $OBJ/cert_host_key_rsa.pub |
75 | if test "x$TEST_SSH_ECC" = "xyes"; then | 75 | if test "x$TEST_SSH_ECC" = "xyes"; then |
76 | echon '@revoked ' | 76 | printf '@revoked ' |
77 | echon "* " | 77 | printf "* " |
78 | cat $OBJ/cert_host_key_ecdsa.pub | 78 | cat $OBJ/cert_host_key_ecdsa.pub |
79 | fi | 79 | fi |
80 | echon '@revoked ' | 80 | printf '@revoked ' |
81 | echon "* " | 81 | printf "* " |
82 | cat $OBJ/cert_host_key_dsa.pub | 82 | cat $OBJ/cert_host_key_dsa.pub |
83 | echon '@revoked ' | 83 | printf '@revoked ' |
84 | echon "* " | 84 | printf "* " |
85 | cat $OBJ/cert_host_key_rsa_v00.pub | 85 | cat $OBJ/cert_host_key_rsa_v00.pub |
86 | echon '@revoked ' | 86 | printf '@revoked ' |
87 | echon "* " | 87 | printf "* " |
88 | cat $OBJ/cert_host_key_dsa_v00.pub | 88 | cat $OBJ/cert_host_key_dsa_v00.pub |
89 | ) > $OBJ/known_hosts-cert | 89 | ) > $OBJ/known_hosts-cert |
90 | for privsep in yes no ; do | 90 | for privsep in yes no ; do |
@@ -108,11 +108,11 @@ done | |||
108 | 108 | ||
109 | # Revoked CA | 109 | # Revoked CA |
110 | ( | 110 | ( |
111 | echon '@cert-authority ' | 111 | printf '@cert-authority ' |
112 | echon "$HOSTS " | 112 | printf "$HOSTS " |
113 | cat $OBJ/host_ca_key.pub | 113 | cat $OBJ/host_ca_key.pub |
114 | echon '@revoked ' | 114 | printf '@revoked ' |
115 | echon "* " | 115 | printf "* " |
116 | cat $OBJ/host_ca_key.pub | 116 | cat $OBJ/host_ca_key.pub |
117 | ) > $OBJ/known_hosts-cert | 117 | ) > $OBJ/known_hosts-cert |
118 | for ktype in rsa dsa $ecdsa rsa_v00 dsa_v00 ; do | 118 | for ktype in rsa dsa $ecdsa rsa_v00 dsa_v00 ; do |
@@ -132,8 +132,8 @@ done | |||
132 | 132 | ||
133 | # Create a CA key and add it to known hosts | 133 | # Create a CA key and add it to known hosts |
134 | ( | 134 | ( |
135 | echon '@cert-authority ' | 135 | printf '@cert-authority ' |
136 | echon "$HOSTS " | 136 | printf "$HOSTS " |
137 | cat $OBJ/host_ca_key.pub | 137 | cat $OBJ/host_ca_key.pub |
138 | ) > $OBJ/known_hosts-cert | 138 | ) > $OBJ/known_hosts-cert |
139 | 139 | ||
@@ -200,7 +200,7 @@ for v in v01 v00 ; do | |||
200 | -n $HOSTS $OBJ/cert_host_key_${ktype} || | 200 | -n $HOSTS $OBJ/cert_host_key_${ktype} || |
201 | fail "couldn't sign cert_host_key_${ktype}" | 201 | fail "couldn't sign cert_host_key_${ktype}" |
202 | ( | 202 | ( |
203 | echon "$HOSTS " | 203 | printf "$HOSTS " |
204 | cat $OBJ/cert_host_key_${ktype}.pub | 204 | cat $OBJ/cert_host_key_${ktype}.pub |
205 | ) > $OBJ/known_hosts-cert | 205 | ) > $OBJ/known_hosts-cert |
206 | ( | 206 | ( |
@@ -220,8 +220,8 @@ done | |||
220 | 220 | ||
221 | # Wrong certificate | 221 | # Wrong certificate |
222 | ( | 222 | ( |
223 | echon '@cert-authority ' | 223 | printf '@cert-authority ' |
224 | echon "$HOSTS " | 224 | printf "$HOSTS " |
225 | cat $OBJ/host_ca_key.pub | 225 | cat $OBJ/host_ca_key.pub |
226 | ) > $OBJ/known_hosts-cert | 226 | ) > $OBJ/known_hosts-cert |
227 | for v in v01 v00 ; do | 227 | for v in v01 v00 ; do |
diff --git a/regress/cert-userkey.sh b/regress/cert-userkey.sh index 3bba9f8f2..6018b38f4 100644 --- a/regress/cert-userkey.sh +++ b/regress/cert-userkey.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: cert-userkey.sh,v 1.10 2013/01/18 00:45:29 djm Exp $ | 1 | # $OpenBSD: cert-userkey.sh,v 1.11 2013/05/17 00:37:40 dtucker Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="certified user keys" | 4 | tid="certified user keys" |
@@ -126,7 +126,7 @@ for ktype in rsa dsa $ecdsa rsa_v00 dsa_v00 ; do | |||
126 | # Wrong principals list | 126 | # Wrong principals list |
127 | verbose "$tid: ${_prefix} wrong principals key option" | 127 | verbose "$tid: ${_prefix} wrong principals key option" |
128 | ( | 128 | ( |
129 | echon 'cert-authority,principals="gregorsamsa" ' | 129 | printf 'cert-authority,principals="gregorsamsa" ' |
130 | cat $OBJ/user_ca_key.pub | 130 | cat $OBJ/user_ca_key.pub |
131 | ) > $OBJ/authorized_keys_$USER | 131 | ) > $OBJ/authorized_keys_$USER |
132 | ${SSH} -2i $OBJ/cert_user_key_${ktype} \ | 132 | ${SSH} -2i $OBJ/cert_user_key_${ktype} \ |
@@ -138,7 +138,7 @@ for ktype in rsa dsa $ecdsa rsa_v00 dsa_v00 ; do | |||
138 | # Correct principals list | 138 | # Correct principals list |
139 | verbose "$tid: ${_prefix} correct principals key option" | 139 | verbose "$tid: ${_prefix} correct principals key option" |
140 | ( | 140 | ( |
141 | echon 'cert-authority,principals="mekmitasdigoat" ' | 141 | printf 'cert-authority,principals="mekmitasdigoat" ' |
142 | cat $OBJ/user_ca_key.pub | 142 | cat $OBJ/user_ca_key.pub |
143 | ) > $OBJ/authorized_keys_$USER | 143 | ) > $OBJ/authorized_keys_$USER |
144 | ${SSH} -2i $OBJ/cert_user_key_${ktype} \ | 144 | ${SSH} -2i $OBJ/cert_user_key_${ktype} \ |
@@ -154,7 +154,7 @@ basic_tests() { | |||
154 | if test "x$auth" = "xauthorized_keys" ; then | 154 | if test "x$auth" = "xauthorized_keys" ; then |
155 | # Add CA to authorized_keys | 155 | # Add CA to authorized_keys |
156 | ( | 156 | ( |
157 | echon 'cert-authority ' | 157 | printf 'cert-authority ' |
158 | cat $OBJ/user_ca_key.pub | 158 | cat $OBJ/user_ca_key.pub |
159 | ) > $OBJ/authorized_keys_$USER | 159 | ) > $OBJ/authorized_keys_$USER |
160 | else | 160 | else |
@@ -264,7 +264,7 @@ test_one() { | |||
264 | if test "x$auth" = "xauthorized_keys" ; then | 264 | if test "x$auth" = "xauthorized_keys" ; then |
265 | # Add CA to authorized_keys | 265 | # Add CA to authorized_keys |
266 | ( | 266 | ( |
267 | echon "cert-authority${auth_opt} " | 267 | printf "cert-authority${auth_opt} " |
268 | cat $OBJ/user_ca_key.pub | 268 | cat $OBJ/user_ca_key.pub |
269 | ) > $OBJ/authorized_keys_$USER | 269 | ) > $OBJ/authorized_keys_$USER |
270 | else | 270 | else |
diff --git a/regress/cfgmatch.sh b/regress/cfgmatch.sh index 0603fab64..80cf22930 100644 --- a/regress/cfgmatch.sh +++ b/regress/cfgmatch.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: cfgmatch.sh,v 1.6 2011/06/03 05:35:10 dtucker Exp $ | 1 | # $OpenBSD: cfgmatch.sh,v 1.8 2013/05/17 00:37:40 dtucker Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="sshd_config match" | 4 | tid="sshd_config match" |
@@ -15,7 +15,7 @@ start_client() | |||
15 | rm -f $pidfile | 15 | rm -f $pidfile |
16 | ${SSH} -q -$p $fwd "$@" somehost \ | 16 | ${SSH} -q -$p $fwd "$@" somehost \ |
17 | exec sh -c \'"echo \$\$ > $pidfile; exec sleep 100"\' \ | 17 | exec sh -c \'"echo \$\$ > $pidfile; exec sleep 100"\' \ |
18 | >>$TEST_SSH_LOGFILE 2>&1 & | 18 | >>$TEST_REGRESS_LOGFILE 2>&1 & |
19 | client_pid=$! | 19 | client_pid=$! |
20 | # Wait for remote end | 20 | # Wait for remote end |
21 | n=0 | 21 | n=0 |
@@ -34,21 +34,20 @@ stop_client() | |||
34 | pid=`cat $pidfile` | 34 | pid=`cat $pidfile` |
35 | if [ ! -z "$pid" ]; then | 35 | if [ ! -z "$pid" ]; then |
36 | kill $pid | 36 | kill $pid |
37 | sleep 1 | ||
38 | fi | 37 | fi |
39 | wait | 38 | wait |
40 | } | 39 | } |
41 | 40 | ||
42 | cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak | 41 | cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak |
43 | grep -v AuthorizedKeysFile $OBJ/sshd_proxy_bak > $OBJ/sshd_proxy | ||
44 | echo "AuthorizedKeysFile /dev/null" >>$OBJ/sshd_proxy | ||
45 | echo "PermitOpen 127.0.0.1:1" >>$OBJ/sshd_config | 42 | echo "PermitOpen 127.0.0.1:1" >>$OBJ/sshd_config |
46 | echo "Match user $USER" >>$OBJ/sshd_proxy | ||
47 | echo "AuthorizedKeysFile /dev/null $OBJ/authorized_keys_%u" >>$OBJ/sshd_proxy | ||
48 | echo "Match Address 127.0.0.1" >>$OBJ/sshd_config | 43 | echo "Match Address 127.0.0.1" >>$OBJ/sshd_config |
49 | echo "PermitOpen 127.0.0.1:$PORT" >>$OBJ/sshd_config | 44 | echo "PermitOpen 127.0.0.1:$PORT" >>$OBJ/sshd_config |
50 | 45 | ||
46 | grep -v AuthorizedKeysFile $OBJ/sshd_proxy_bak > $OBJ/sshd_proxy | ||
47 | echo "AuthorizedKeysFile /dev/null" >>$OBJ/sshd_proxy | ||
51 | echo "PermitOpen 127.0.0.1:1" >>$OBJ/sshd_proxy | 48 | echo "PermitOpen 127.0.0.1:1" >>$OBJ/sshd_proxy |
49 | echo "Match user $USER" >>$OBJ/sshd_proxy | ||
50 | echo "AuthorizedKeysFile /dev/null $OBJ/authorized_keys_%u" >>$OBJ/sshd_proxy | ||
52 | echo "Match Address 127.0.0.1" >>$OBJ/sshd_proxy | 51 | echo "Match Address 127.0.0.1" >>$OBJ/sshd_proxy |
53 | echo "PermitOpen 127.0.0.1:$PORT" >>$OBJ/sshd_proxy | 52 | echo "PermitOpen 127.0.0.1:$PORT" >>$OBJ/sshd_proxy |
54 | 53 | ||
@@ -75,9 +74,9 @@ for p in 1 2; do | |||
75 | done | 74 | done |
76 | 75 | ||
77 | # Retry previous with key option, should also be denied. | 76 | # Retry previous with key option, should also be denied. |
78 | echon 'permitopen="127.0.0.1:'$PORT'" ' >$OBJ/authorized_keys_$USER | 77 | printf 'permitopen="127.0.0.1:'$PORT'" ' >$OBJ/authorized_keys_$USER |
79 | cat $OBJ/rsa.pub >> $OBJ/authorized_keys_$USER | 78 | cat $OBJ/rsa.pub >> $OBJ/authorized_keys_$USER |
80 | echon 'permitopen="127.0.0.1:'$PORT'" ' >>$OBJ/authorized_keys_$USER | 79 | printf 'permitopen="127.0.0.1:'$PORT'" ' >>$OBJ/authorized_keys_$USER |
81 | cat $OBJ/rsa1.pub >> $OBJ/authorized_keys_$USER | 80 | cat $OBJ/rsa1.pub >> $OBJ/authorized_keys_$USER |
82 | for p in 1 2; do | 81 | for p in 1 2; do |
83 | trace "match permitopen proxy w/key opts proto $p" | 82 | trace "match permitopen proxy w/key opts proto $p" |
diff --git a/regress/cipher-speed.sh b/regress/cipher-speed.sh index 65e5f35ec..489d9f5fa 100644 --- a/regress/cipher-speed.sh +++ b/regress/cipher-speed.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: cipher-speed.sh,v 1.7 2013/01/12 11:23:53 djm Exp $ | 1 | # $OpenBSD: cipher-speed.sh,v 1.9 2013/05/17 04:29:14 dtucker Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="cipher speed" | 4 | tid="cipher speed" |
diff --git a/regress/conch-ciphers.sh b/regress/conch-ciphers.sh index 5b65cd993..199d863a0 100644 --- a/regress/conch-ciphers.sh +++ b/regress/conch-ciphers.sh | |||
@@ -1,11 +1,8 @@ | |||
1 | # $OpenBSD: conch-ciphers.sh,v 1.2 2008/06/30 10:43:03 djm Exp $ | 1 | # $OpenBSD: conch-ciphers.sh,v 1.3 2013/05/17 04:29:14 dtucker Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="conch ciphers" | 4 | tid="conch ciphers" |
5 | 5 | ||
6 | DATA=/bin/ls | ||
7 | COPY=${OBJ}/copy | ||
8 | |||
9 | if test "x$REGRESS_INTEROP_CONCH" != "xyes" ; then | 6 | if test "x$REGRESS_INTEROP_CONCH" != "xyes" ; then |
10 | echo "conch interop tests not enabled" | 7 | echo "conch interop tests not enabled" |
11 | exit 0 | 8 | exit 0 |
diff --git a/regress/dynamic-forward.sh b/regress/dynamic-forward.sh index d1ab8059b..42fa8acdc 100644 --- a/regress/dynamic-forward.sh +++ b/regress/dynamic-forward.sh | |||
@@ -1,12 +1,10 @@ | |||
1 | # $OpenBSD: dynamic-forward.sh,v 1.9 2011/06/03 00:29:52 dtucker Exp $ | 1 | # $OpenBSD: dynamic-forward.sh,v 1.10 2013/05/17 04:29:14 dtucker Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="dynamic forwarding" | 4 | tid="dynamic forwarding" |
5 | 5 | ||
6 | FWDPORT=`expr $PORT + 1` | 6 | FWDPORT=`expr $PORT + 1` |
7 | 7 | ||
8 | DATA=/bin/ls${EXEEXT} | ||
9 | |||
10 | if have_prog nc && nc -h 2>&1 | grep "proxy address" >/dev/null; then | 8 | if have_prog nc && nc -h 2>&1 | grep "proxy address" >/dev/null; then |
11 | proxycmd="nc -x 127.0.0.1:$FWDPORT -X" | 9 | proxycmd="nc -x 127.0.0.1:$FWDPORT -X" |
12 | elif have_prog connect; then | 10 | elif have_prog connect; then |
diff --git a/regress/forcecommand.sh b/regress/forcecommand.sh index 99e51a60f..44d2b7ffd 100644 --- a/regress/forcecommand.sh +++ b/regress/forcecommand.sh | |||
@@ -1,13 +1,13 @@ | |||
1 | # $OpenBSD: forcecommand.sh,v 1.1 2006/07/19 13:09:28 dtucker Exp $ | 1 | # $OpenBSD: forcecommand.sh,v 1.2 2013/05/17 00:37:40 dtucker Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="forced command" | 4 | tid="forced command" |
5 | 5 | ||
6 | cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak | 6 | cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak |
7 | 7 | ||
8 | echon 'command="true" ' >$OBJ/authorized_keys_$USER | 8 | printf 'command="true" ' >$OBJ/authorized_keys_$USER |
9 | cat $OBJ/rsa.pub >> $OBJ/authorized_keys_$USER | 9 | cat $OBJ/rsa.pub >> $OBJ/authorized_keys_$USER |
10 | echon 'command="true" ' >>$OBJ/authorized_keys_$USER | 10 | printf 'command="true" ' >>$OBJ/authorized_keys_$USER |
11 | cat $OBJ/rsa1.pub >> $OBJ/authorized_keys_$USER | 11 | cat $OBJ/rsa1.pub >> $OBJ/authorized_keys_$USER |
12 | 12 | ||
13 | for p in 1 2; do | 13 | for p in 1 2; do |
@@ -16,9 +16,9 @@ for p in 1 2; do | |||
16 | fail "forced command in key proto $p" | 16 | fail "forced command in key proto $p" |
17 | done | 17 | done |
18 | 18 | ||
19 | echon 'command="false" ' >$OBJ/authorized_keys_$USER | 19 | printf 'command="false" ' >$OBJ/authorized_keys_$USER |
20 | cat $OBJ/rsa.pub >> $OBJ/authorized_keys_$USER | 20 | cat $OBJ/rsa.pub >> $OBJ/authorized_keys_$USER |
21 | echon 'command="false" ' >>$OBJ/authorized_keys_$USER | 21 | printf 'command="false" ' >>$OBJ/authorized_keys_$USER |
22 | cat $OBJ/rsa1.pub >> $OBJ/authorized_keys_$USER | 22 | cat $OBJ/rsa1.pub >> $OBJ/authorized_keys_$USER |
23 | 23 | ||
24 | cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy | 24 | cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy |
diff --git a/regress/forwarding.sh b/regress/forwarding.sh index f9c367beb..94873f22c 100644 --- a/regress/forwarding.sh +++ b/regress/forwarding.sh | |||
@@ -1,7 +1,8 @@ | |||
1 | # $OpenBSD: forwarding.sh,v 1.8 2012/06/01 00:47:35 djm Exp $ | 1 | # $OpenBSD: forwarding.sh,v 1.11 2013/06/10 21:56:43 dtucker Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="local and remote forwarding" | 4 | tid="local and remote forwarding" |
5 | |||
5 | DATA=/bin/ls${EXEEXT} | 6 | DATA=/bin/ls${EXEEXT} |
6 | 7 | ||
7 | start_sshd | 8 | start_sshd |
@@ -26,9 +27,9 @@ for p in 1 2; do | |||
26 | 27 | ||
27 | trace "transfer over forwarded channels and check result" | 28 | trace "transfer over forwarded channels and check result" |
28 | ${SSH} -$q -F $OBJ/ssh_config -p$last -o 'ConnectionAttempts=4' \ | 29 | ${SSH} -$q -F $OBJ/ssh_config -p$last -o 'ConnectionAttempts=4' \ |
29 | somehost cat $DATA > $OBJ/ls.copy | 30 | somehost cat ${DATA} > ${COPY} |
30 | test -f $OBJ/ls.copy || fail "failed copy $DATA" | 31 | test -f ${COPY} || fail "failed copy of ${DATA}" |
31 | cmp $DATA $OBJ/ls.copy || fail "corrupted copy of $DATA" | 32 | cmp ${DATA} ${COPY} || fail "corrupted copy of ${DATA}" |
32 | 33 | ||
33 | sleep 10 | 34 | sleep 10 |
34 | done | 35 | done |
@@ -75,7 +76,7 @@ for p in 1 2; do | |||
75 | else | 76 | else |
76 | # this one should fail | 77 | # this one should fail |
77 | ${SSH} -$p -F $OBJ/ssh_config -p ${base}01 true \ | 78 | ${SSH} -$p -F $OBJ/ssh_config -p ${base}01 true \ |
78 | 2>>$TEST_SSH_LOGFILE && \ | 79 | >>$TEST_REGRESS_LOGFILE 2>&1 && \ |
79 | fail "local forwarding not cleared" | 80 | fail "local forwarding not cleared" |
80 | fi | 81 | fi |
81 | sleep 10 | 82 | sleep 10 |
@@ -88,7 +89,7 @@ for p in 1 2; do | |||
88 | else | 89 | else |
89 | # this one should fail | 90 | # this one should fail |
90 | ${SSH} -$p -F $OBJ/ssh_config -p ${base}01 true \ | 91 | ${SSH} -$p -F $OBJ/ssh_config -p ${base}01 true \ |
91 | 2>>$TEST_SSH_LOGFILE && \ | 92 | >>$TEST_REGRESS_LOGFILE 2>&1 && \ |
92 | fail "remote forwarding not cleared" | 93 | fail "remote forwarding not cleared" |
93 | fi | 94 | fi |
94 | sleep 10 | 95 | sleep 10 |
@@ -103,3 +104,18 @@ for p in 2; do | |||
103 | fail "stdio forwarding proto $p" | 104 | fail "stdio forwarding proto $p" |
104 | fi | 105 | fi |
105 | done | 106 | done |
107 | |||
108 | echo "LocalForward ${base}01 127.0.0.1:$PORT" >> $OBJ/ssh_config | ||
109 | echo "RemoteForward ${base}02 127.0.0.1:${base}01" >> $OBJ/ssh_config | ||
110 | for p in 1 2; do | ||
111 | trace "config file: start forwarding, fork to background" | ||
112 | ${SSH} -$p -F $OBJ/ssh_config -f somehost sleep 10 | ||
113 | |||
114 | trace "config file: transfer over forwarded channels and check result" | ||
115 | ${SSH} -F $OBJ/ssh_config -p${base}02 -o 'ConnectionAttempts=4' \ | ||
116 | somehost cat ${DATA} > ${COPY} | ||
117 | test -f ${COPY} || fail "failed copy of ${DATA}" | ||
118 | cmp ${DATA} ${COPY} || fail "corrupted copy of ${DATA}" | ||
119 | |||
120 | wait | ||
121 | done | ||
diff --git a/regress/integrity.sh b/regress/integrity.sh index 4d46926d5..1d17fe10a 100644 --- a/regress/integrity.sh +++ b/regress/integrity.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: integrity.sh,v 1.7 2013/02/20 08:27:50 djm Exp $ | 1 | # $OpenBSD: integrity.sh,v 1.10 2013/05/17 01:32:11 dtucker Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="integrity" | 4 | tid="integrity" |
@@ -21,12 +21,13 @@ config_defined HAVE_EVP_SHA256 && | |||
21 | config_defined OPENSSL_HAVE_EVPGCM && \ | 21 | config_defined OPENSSL_HAVE_EVPGCM && \ |
22 | macs="$macs aes128-gcm@openssh.com aes256-gcm@openssh.com" | 22 | macs="$macs aes128-gcm@openssh.com aes256-gcm@openssh.com" |
23 | 23 | ||
24 | # sshd-command for proxy (see test-exec.sh) | 24 | # avoid DH group exchange as the extra traffic makes it harder to get the |
25 | cmd="$SUDO sh ${SRC}/sshd-log-wrapper.sh ${SSHD} ${TEST_SSH_LOGFILE} -i -f $OBJ/sshd_proxy" | 25 | # offset into the stream right. |
26 | echo "KexAlgorithms diffie-hellman-group14-sha1,diffie-hellman-group1-sha1" \ | ||
27 | >> $OBJ/ssh_proxy | ||
26 | 28 | ||
27 | jot() { | 29 | # sshd-command for proxy (see test-exec.sh) |
28 | awk "BEGIN { for (i = $2; i < $2 + $1; i++) { printf \"%d\n\", i } exit }" | 30 | cmd="$SUDO sh ${SRC}/sshd-log-wrapper.sh ${SSHD} ${TEST_SSHD_LOGFILE} -i -f $OBJ/sshd_proxy" |
29 | } | ||
30 | 31 | ||
31 | for m in $macs; do | 32 | for m in $macs; do |
32 | trace "test $tid: mac $m" | 33 | trace "test $tid: mac $m" |
@@ -47,14 +48,15 @@ for m in $macs; do | |||
47 | aes*gcm*) macopt="-c $m";; | 48 | aes*gcm*) macopt="-c $m";; |
48 | *) macopt="-m $m";; | 49 | *) macopt="-m $m";; |
49 | esac | 50 | esac |
50 | output=`${SSH} $macopt -2F $OBJ/ssh_proxy -o "$pxy" \ | 51 | verbose "test $tid: $m @$off" |
51 | 999.999.999.999 'printf "%4096s" " "' 2>&1` | 52 | ${SSH} $macopt -2F $OBJ/ssh_proxy -o "$pxy" \ |
53 | 999.999.999.999 'printf "%4096s" " "' >/dev/null | ||
52 | if [ $? -eq 0 ]; then | 54 | if [ $? -eq 0 ]; then |
53 | fail "ssh -m $m succeeds with bit-flip at $off" | 55 | fail "ssh -m $m succeeds with bit-flip at $off" |
54 | fi | 56 | fi |
55 | ecnt=`expr $ecnt + 1` | 57 | ecnt=`expr $ecnt + 1` |
56 | output=`echo $output | tr -s '\r\n' '.'` | 58 | output=$(tail -2 $TEST_SSH_LOGFILE | egrep -v "^debug" | \ |
57 | verbose "test $tid: $m @$off $output" | 59 | tr -s '\r\n' '.') |
58 | case "$output" in | 60 | case "$output" in |
59 | Bad?packet*) elen=`expr $elen + 1`; skip=3;; | 61 | Bad?packet*) elen=`expr $elen + 1`; skip=3;; |
60 | Corrupted?MAC* | Decryption?integrity?check?failed*) | 62 | Corrupted?MAC* | Decryption?integrity?check?failed*) |
diff --git a/regress/keytype.sh b/regress/keytype.sh index cb40c6864..59586bf0d 100644 --- a/regress/keytype.sh +++ b/regress/keytype.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: keytype.sh,v 1.1 2010/09/02 16:12:55 markus Exp $ | 1 | # $OpenBSD: keytype.sh,v 1.2 2013/05/17 00:37:40 dtucker Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="login with different key types" | 4 | tid="login with different key types" |
@@ -40,7 +40,7 @@ for ut in $ktypes; do | |||
40 | echo IdentityFile $OBJ/key.$ut | 40 | echo IdentityFile $OBJ/key.$ut |
41 | ) > $OBJ/ssh_proxy | 41 | ) > $OBJ/ssh_proxy |
42 | ( | 42 | ( |
43 | echon 'localhost-with-alias,127.0.0.1,::1 ' | 43 | printf 'localhost-with-alias,127.0.0.1,::1 ' |
44 | cat $OBJ/key.$ht.pub | 44 | cat $OBJ/key.$ht.pub |
45 | ) > $OBJ/known_hosts | 45 | ) > $OBJ/known_hosts |
46 | cat $OBJ/key.$ut.pub > $OBJ/authorized_keys_$USER | 46 | cat $OBJ/key.$ut.pub > $OBJ/authorized_keys_$USER |
diff --git a/regress/krl.sh b/regress/krl.sh index 62a239c38..de9cc8764 100644 --- a/regress/krl.sh +++ b/regress/krl.sh | |||
@@ -39,10 +39,6 @@ serial: 799 | |||
39 | serial: 599-701 | 39 | serial: 599-701 |
40 | EOF | 40 | EOF |
41 | 41 | ||
42 | jot() { | ||
43 | awk "BEGIN { for (i = $2; i < $2 + $1; i++) { printf \"%d\n\", i } exit }" | ||
44 | } | ||
45 | |||
46 | # A specification that revokes some certificated by key ID. | 42 | # A specification that revokes some certificated by key ID. |
47 | touch $OBJ/revoked-keyid | 43 | touch $OBJ/revoked-keyid |
48 | for n in 1 2 3 4 10 15 30 50 `jot 500 300` 999 1000 1001 1002; do | 44 | for n in 1 2 3 4 10 15 30 50 `jot 500 300` 999 1000 1001 1002; do |
diff --git a/regress/localcommand.sh b/regress/localcommand.sh index feade7a9d..8a9b56971 100644 --- a/regress/localcommand.sh +++ b/regress/localcommand.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: localcommand.sh,v 1.1 2007/10/29 06:57:13 dtucker Exp $ | 1 | # $OpenBSD: localcommand.sh,v 1.2 2013/05/17 10:24:48 dtucker Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="localcommand" | 4 | tid="localcommand" |
diff --git a/regress/login-timeout.sh b/regress/login-timeout.sh index 55fbb324d..d73923b9c 100644 --- a/regress/login-timeout.sh +++ b/regress/login-timeout.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: login-timeout.sh,v 1.4 2005/02/27 23:13:36 djm Exp $ | 1 | # $OpenBSD: login-timeout.sh,v 1.5 2013/05/17 10:23:52 dtucker Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="connect after login grace timeout" | 4 | tid="connect after login grace timeout" |
diff --git a/regress/modpipe.c b/regress/modpipe.c index 9629aa80b..85747cf7d 100755 --- a/regress/modpipe.c +++ b/regress/modpipe.c | |||
@@ -14,7 +14,7 @@ | |||
14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | 14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
15 | */ | 15 | */ |
16 | 16 | ||
17 | /* $OpenBSD: modpipe.c,v 1.4 2013/02/20 08:29:27 djm Exp $ */ | 17 | /* $OpenBSD: modpipe.c,v 1.5 2013/05/10 03:46:14 djm Exp $ */ |
18 | 18 | ||
19 | #include "includes.h" | 19 | #include "includes.h" |
20 | 20 | ||
@@ -25,7 +25,7 @@ | |||
25 | #include <stdarg.h> | 25 | #include <stdarg.h> |
26 | #include <stdlib.h> | 26 | #include <stdlib.h> |
27 | #include <errno.h> | 27 | #include <errno.h> |
28 | #include "openbsd-compat/getopt.c" | 28 | #include "openbsd-compat/getopt_long.c" |
29 | 29 | ||
30 | static void err(int, const char *, ...) __attribute__((format(printf, 2, 3))); | 30 | static void err(int, const char *, ...) __attribute__((format(printf, 2, 3))); |
31 | static void errx(int, const char *, ...) __attribute__((format(printf, 2, 3))); | 31 | static void errx(int, const char *, ...) __attribute__((format(printf, 2, 3))); |
diff --git a/regress/multiplex.sh b/regress/multiplex.sh index 1e6cc7606..3e697e691 100644 --- a/regress/multiplex.sh +++ b/regress/multiplex.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: multiplex.sh,v 1.17 2012/10/05 02:05:30 dtucker Exp $ | 1 | # $OpenBSD: multiplex.sh,v 1.21 2013/05/17 04:29:14 dtucker Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | CTL=/tmp/openssh.regress.ctl-sock.$$ | 4 | CTL=/tmp/openssh.regress.ctl-sock.$$ |
@@ -10,8 +10,7 @@ if config_defined DISABLE_FD_PASSING ; then | |||
10 | exit 0 | 10 | exit 0 |
11 | fi | 11 | fi |
12 | 12 | ||
13 | DATA=/bin/ls${EXEEXT} | 13 | P=3301 # test port |
14 | COPY=$OBJ/ls.copy | ||
15 | 14 | ||
16 | wait_for_mux_master_ready() | 15 | wait_for_mux_master_ready() |
17 | { | 16 | { |
@@ -25,10 +24,16 @@ wait_for_mux_master_ready() | |||
25 | 24 | ||
26 | start_sshd | 25 | start_sshd |
27 | 26 | ||
28 | trace "start master, fork to background" | 27 | start_mux_master() |
29 | ${SSH} -Nn2 -MS$CTL -F $OBJ/ssh_config -oSendEnv="_XXX_TEST" somehost & | 28 | { |
30 | MASTER_PID=$! | 29 | trace "start master, fork to background" |
31 | wait_for_mux_master_ready | 30 | ${SSH} -Nn2 -MS$CTL -F $OBJ/ssh_config -oSendEnv="_XXX_TEST" somehost \ |
31 | -E $TEST_REGRESS_LOGFILE 2>&1 & | ||
32 | MASTER_PID=$! | ||
33 | wait_for_mux_master_ready | ||
34 | } | ||
35 | |||
36 | start_mux_master | ||
32 | 37 | ||
33 | verbose "test $tid: envpass" | 38 | verbose "test $tid: envpass" |
34 | trace "env passing over multiplexed connection" | 39 | trace "env passing over multiplexed connection" |
@@ -55,13 +60,13 @@ cmp ${DATA} ${COPY} || fail "ssh -S ctl: corrupted copy of ${DATA}" | |||
55 | rm -f ${COPY} | 60 | rm -f ${COPY} |
56 | trace "sftp transfer over multiplexed connection and check result" | 61 | trace "sftp transfer over multiplexed connection and check result" |
57 | echo "get ${DATA} ${COPY}" | \ | 62 | echo "get ${DATA} ${COPY}" | \ |
58 | ${SFTP} -S ${SSH} -F $OBJ/ssh_config -oControlPath=$CTL otherhost >>$TEST_SSH_LOGFILE 2>&1 | 63 | ${SFTP} -S ${SSH} -F $OBJ/ssh_config -oControlPath=$CTL otherhost >>$TEST_REGRESS_LOGFILE 2>&1 |
59 | test -f ${COPY} || fail "sftp: failed copy ${DATA}" | 64 | test -f ${COPY} || fail "sftp: failed copy ${DATA}" |
60 | cmp ${DATA} ${COPY} || fail "sftp: corrupted copy of ${DATA}" | 65 | cmp ${DATA} ${COPY} || fail "sftp: corrupted copy of ${DATA}" |
61 | 66 | ||
62 | rm -f ${COPY} | 67 | rm -f ${COPY} |
63 | trace "scp transfer over multiplexed connection and check result" | 68 | trace "scp transfer over multiplexed connection and check result" |
64 | ${SCP} -S ${SSH} -F $OBJ/ssh_config -oControlPath=$CTL otherhost:${DATA} ${COPY} >>$TEST_SSH_LOGFILE 2>&1 | 69 | ${SCP} -S ${SSH} -F $OBJ/ssh_config -oControlPath=$CTL otherhost:${DATA} ${COPY} >>$TEST_REGRESS_LOGFILE 2>&1 |
65 | test -f ${COPY} || fail "scp: failed copy ${DATA}" | 70 | test -f ${COPY} || fail "scp: failed copy ${DATA}" |
66 | cmp ${DATA} ${COPY} || fail "scp: corrupted copy of ${DATA}" | 71 | cmp ${DATA} ${COPY} || fail "scp: corrupted copy of ${DATA}" |
67 | 72 | ||
@@ -87,11 +92,31 @@ for s in 0 1 4 5 44; do | |||
87 | done | 92 | done |
88 | 93 | ||
89 | verbose "test $tid: cmd check" | 94 | verbose "test $tid: cmd check" |
90 | ${SSH} -F $OBJ/ssh_config -S $CTL -Ocheck otherhost >>$TEST_SSH_LOGFILE 2>&1 \ | 95 | ${SSH} -F $OBJ/ssh_config -S $CTL -Ocheck otherhost >>$TEST_REGRESS_LOGFILE 2>&1 \ |
91 | || fail "check command failed" | 96 | || fail "check command failed" |
92 | 97 | ||
98 | verbose "test $tid: cmd forward local" | ||
99 | ${SSH} -F $OBJ/ssh_config -S $CTL -Oforward -L $P:localhost:$PORT otherhost \ | ||
100 | || fail "request local forward failed" | ||
101 | ${SSH} -F $OBJ/ssh_config -p$P otherhost true \ | ||
102 | || fail "connect to local forward port failed" | ||
103 | ${SSH} -F $OBJ/ssh_config -S $CTL -Ocancel -L $P:localhost:$PORT otherhost \ | ||
104 | || fail "cancel local forward failed" | ||
105 | ${SSH} -F $OBJ/ssh_config -p$P otherhost true \ | ||
106 | && fail "local forward port still listening" | ||
107 | |||
108 | verbose "test $tid: cmd forward remote" | ||
109 | ${SSH} -F $OBJ/ssh_config -S $CTL -Oforward -R $P:localhost:$PORT otherhost \ | ||
110 | || fail "request remote forward failed" | ||
111 | ${SSH} -F $OBJ/ssh_config -p$P otherhost true \ | ||
112 | || fail "connect to remote forwarded port failed" | ||
113 | ${SSH} -F $OBJ/ssh_config -S $CTL -Ocancel -R $P:localhost:$PORT otherhost \ | ||
114 | || fail "cancel remote forward failed" | ||
115 | ${SSH} -F $OBJ/ssh_config -p$P otherhost true \ | ||
116 | && fail "remote forward port still listening" | ||
117 | |||
93 | verbose "test $tid: cmd exit" | 118 | verbose "test $tid: cmd exit" |
94 | ${SSH} -F $OBJ/ssh_config -S $CTL -Oexit otherhost >>$TEST_SSH_LOGFILE 2>&1 \ | 119 | ${SSH} -F $OBJ/ssh_config -S $CTL -Oexit otherhost >>$TEST_REGRESS_LOGFILE 2>&1 \ |
95 | || fail "send exit command failed" | 120 | || fail "send exit command failed" |
96 | 121 | ||
97 | # Wait for master to exit | 122 | # Wait for master to exit |
@@ -101,15 +126,13 @@ kill -0 $MASTER_PID >/dev/null 2>&1 && fail "exit command failed" | |||
101 | # Restart master and test -O stop command with master using -N | 126 | # Restart master and test -O stop command with master using -N |
102 | verbose "test $tid: cmd stop" | 127 | verbose "test $tid: cmd stop" |
103 | trace "restart master, fork to background" | 128 | trace "restart master, fork to background" |
104 | ${SSH} -Nn2 -MS$CTL -F $OBJ/ssh_config -oSendEnv="_XXX_TEST" somehost & | 129 | start_mux_master |
105 | MASTER_PID=$! | ||
106 | wait_for_mux_master_ready | ||
107 | 130 | ||
108 | # start a long-running command then immediately request a stop | 131 | # start a long-running command then immediately request a stop |
109 | ${SSH} -F $OBJ/ssh_config -S $CTL otherhost "sleep 10; exit 0" \ | 132 | ${SSH} -F $OBJ/ssh_config -S $CTL otherhost "sleep 10; exit 0" \ |
110 | >>$TEST_SSH_LOGFILE 2>&1 & | 133 | >>$TEST_REGRESS_LOGFILE 2>&1 & |
111 | SLEEP_PID=$! | 134 | SLEEP_PID=$! |
112 | ${SSH} -F $OBJ/ssh_config -S $CTL -Ostop otherhost >>$TEST_SSH_LOGFILE 2>&1 \ | 135 | ${SSH} -F $OBJ/ssh_config -S $CTL -Ostop otherhost >>$TEST_REGRESS_LOGFILE 2>&1 \ |
113 | || fail "send stop command failed" | 136 | || fail "send stop command failed" |
114 | 137 | ||
115 | # wait until both long-running command and master have exited. | 138 | # wait until both long-running command and master have exited. |
diff --git a/regress/portnum.sh b/regress/portnum.sh index 1de0680fe..c56b869a3 100644 --- a/regress/portnum.sh +++ b/regress/portnum.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: portnum.sh,v 1.1 2009/08/13 00:57:17 djm Exp $ | 1 | # $OpenBSD: portnum.sh,v 1.2 2013/05/17 10:34:30 dtucker Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="port number parsing" | 4 | tid="port number parsing" |
diff --git a/regress/proto-version.sh b/regress/proto-version.sh index 1651a69e1..b876dd7ec 100644 --- a/regress/proto-version.sh +++ b/regress/proto-version.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: proto-version.sh,v 1.3 2002/03/15 13:08:56 markus Exp $ | 1 | # $OpenBSD: proto-version.sh,v 1.4 2013/05/17 00:37:40 dtucker Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="sshd version with different protocol combinations" | 4 | tid="sshd version with different protocol combinations" |
@@ -8,7 +8,7 @@ check_version () | |||
8 | { | 8 | { |
9 | version=$1 | 9 | version=$1 |
10 | expect=$2 | 10 | expect=$2 |
11 | banner=`echon | ${SSHD} -o "Protocol=${version}" -i -f ${OBJ}/sshd_proxy` | 11 | banner=`printf '' | ${SSHD} -o "Protocol=${version}" -i -f ${OBJ}/sshd_proxy` |
12 | case ${banner} in | 12 | case ${banner} in |
13 | SSH-1.99-*) | 13 | SSH-1.99-*) |
14 | proto=199 | 14 | proto=199 |
diff --git a/regress/proxy-connect.sh b/regress/proxy-connect.sh index 6a36b2513..76e602dd6 100644 --- a/regress/proxy-connect.sh +++ b/regress/proxy-connect.sh | |||
@@ -1,8 +1,9 @@ | |||
1 | # $OpenBSD: proxy-connect.sh,v 1.5 2002/12/09 15:28:46 markus Exp $ | 1 | # $OpenBSD: proxy-connect.sh,v 1.6 2013/03/07 00:20:34 djm Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="proxy connect" | 4 | tid="proxy connect" |
5 | 5 | ||
6 | verbose "plain username" | ||
6 | for p in 1 2; do | 7 | for p in 1 2; do |
7 | ${SSH} -$p -F $OBJ/ssh_proxy 999.999.999.999 true | 8 | ${SSH} -$p -F $OBJ/ssh_proxy 999.999.999.999 true |
8 | if [ $? -ne 0 ]; then | 9 | if [ $? -ne 0 ]; then |
@@ -16,3 +17,10 @@ for p in 1 2; do | |||
16 | fail "bad SSH_CONNECTION" | 17 | fail "bad SSH_CONNECTION" |
17 | fi | 18 | fi |
18 | done | 19 | done |
20 | |||
21 | verbose "username with style" | ||
22 | for p in 1 2; do | ||
23 | ${SSH} -$p -F $OBJ/ssh_proxy ${USER}:style@999.999.999.999 true || \ | ||
24 | fail "ssh proxyconnect protocol $p failed" | ||
25 | done | ||
26 | |||
diff --git a/regress/putty-ciphers.sh b/regress/putty-ciphers.sh index 928ea60d2..724a98cc1 100644 --- a/regress/putty-ciphers.sh +++ b/regress/putty-ciphers.sh | |||
@@ -1,11 +1,8 @@ | |||
1 | # $OpenBSD: putty-ciphers.sh,v 1.3 2008/11/10 02:06:35 djm Exp $ | 1 | # $OpenBSD: putty-ciphers.sh,v 1.4 2013/05/17 04:29:14 dtucker Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="putty ciphers" | 4 | tid="putty ciphers" |
5 | 5 | ||
6 | DATA=/bin/ls | ||
7 | COPY=${OBJ}/copy | ||
8 | |||
9 | if test "x$REGRESS_INTEROP_PUTTY" != "xyes" ; then | 6 | if test "x$REGRESS_INTEROP_PUTTY" != "xyes" ; then |
10 | echo "putty interop tests not enabled" | 7 | echo "putty interop tests not enabled" |
11 | exit 0 | 8 | exit 0 |
diff --git a/regress/putty-kex.sh b/regress/putty-kex.sh index 293885a8a..1844d6599 100644 --- a/regress/putty-kex.sh +++ b/regress/putty-kex.sh | |||
@@ -1,11 +1,8 @@ | |||
1 | # $OpenBSD: putty-kex.sh,v 1.2 2008/06/30 10:31:11 djm Exp $ | 1 | # $OpenBSD: putty-kex.sh,v 1.3 2013/05/17 04:29:14 dtucker Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="putty KEX" | 4 | tid="putty KEX" |
5 | 5 | ||
6 | DATA=/bin/ls | ||
7 | COPY=${OBJ}/copy | ||
8 | |||
9 | if test "x$REGRESS_INTEROP_PUTTY" != "xyes" ; then | 6 | if test "x$REGRESS_INTEROP_PUTTY" != "xyes" ; then |
10 | echo "putty interop tests not enabled" | 7 | echo "putty interop tests not enabled" |
11 | exit 0 | 8 | exit 0 |
diff --git a/regress/putty-transfer.sh b/regress/putty-transfer.sh index 9e1e1550a..aec0e04ee 100644 --- a/regress/putty-transfer.sh +++ b/regress/putty-transfer.sh | |||
@@ -1,11 +1,8 @@ | |||
1 | # $OpenBSD: putty-transfer.sh,v 1.2 2008/06/30 10:31:11 djm Exp $ | 1 | # $OpenBSD: putty-transfer.sh,v 1.3 2013/05/17 04:29:14 dtucker Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="putty transfer data" | 4 | tid="putty transfer data" |
5 | 5 | ||
6 | DATA=/bin/ls | ||
7 | COPY=${OBJ}/copy | ||
8 | |||
9 | if test "x$REGRESS_INTEROP_PUTTY" != "xyes" ; then | 6 | if test "x$REGRESS_INTEROP_PUTTY" != "xyes" ; then |
10 | echo "putty interop tests not enabled" | 7 | echo "putty interop tests not enabled" |
11 | exit 0 | 8 | exit 0 |
diff --git a/regress/reexec.sh b/regress/reexec.sh index 9464eb699..433573f06 100644 --- a/regress/reexec.sh +++ b/regress/reexec.sh | |||
@@ -1,12 +1,10 @@ | |||
1 | # $OpenBSD: reexec.sh,v 1.5 2004/10/08 02:01:50 djm Exp $ | 1 | # $OpenBSD: reexec.sh,v 1.7 2013/05/17 10:23:52 dtucker Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="reexec tests" | 4 | tid="reexec tests" |
5 | 5 | ||
6 | DATA=/bin/ls${EXEEXT} | 6 | SSHD_ORIG=$SSHD |
7 | COPY=${OBJ}/copy | 7 | SSHD_COPY=$OBJ/sshd |
8 | SSHD_ORIG=$SSHD${EXEEXT} | ||
9 | SSHD_COPY=$OBJ/sshd${EXEEXT} | ||
10 | 8 | ||
11 | # Start a sshd and then delete it | 9 | # Start a sshd and then delete it |
12 | start_sshd_copy () | 10 | start_sshd_copy () |
diff --git a/regress/rekey.sh b/regress/rekey.sh index 3c5f266fc..8eb7efaf9 100644 --- a/regress/rekey.sh +++ b/regress/rekey.sh | |||
@@ -1,23 +1,18 @@ | |||
1 | # $OpenBSD: rekey.sh,v 1.1 2003/03/28 13:58:28 markus Exp $ | 1 | # $OpenBSD: rekey.sh,v 1.8 2013/05/17 04:29:14 dtucker Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="rekey during transfer data" | 4 | tid="rekey" |
5 | 5 | ||
6 | DATA=${OBJ}/data | 6 | LOG=${TEST_SSH_LOGFILE} |
7 | COPY=${OBJ}/copy | ||
8 | LOG=${OBJ}/log | ||
9 | 7 | ||
10 | rm -f ${COPY} ${LOG} ${DATA} | 8 | rm -f ${LOG} |
11 | touch ${DATA} | ||
12 | dd if=/bin/ls${EXEEXT} of=${DATA} bs=1k seek=511 count=1 > /dev/null 2>&1 | ||
13 | 9 | ||
14 | for s in 16 1k 128k 256k; do | 10 | for s in 16 1k 128k 256k; do |
15 | trace "rekeylimit ${s}" | 11 | verbose "client rekeylimit ${s}" |
16 | rm -f ${COPY} | 12 | rm -f ${COPY} ${LOG} |
17 | cat $DATA | \ | 13 | cat $DATA | \ |
18 | ${SSH} -oCompression=no -oRekeyLimit=$s \ | 14 | ${SSH} -oCompression=no -oRekeyLimit=$s \ |
19 | -v -F $OBJ/ssh_proxy somehost "cat > ${COPY}" \ | 15 | -v -F $OBJ/ssh_proxy somehost "cat > ${COPY}" |
20 | 2> ${LOG} | ||
21 | if [ $? -ne 0 ]; then | 16 | if [ $? -ne 0 ]; then |
22 | fail "ssh failed" | 17 | fail "ssh failed" |
23 | fi | 18 | fi |
@@ -29,4 +24,86 @@ for s in 16 1k 128k 256k; do | |||
29 | fail "no rekeying occured" | 24 | fail "no rekeying occured" |
30 | fi | 25 | fi |
31 | done | 26 | done |
32 | rm -f ${COPY} ${LOG} ${DATA} | 27 | |
28 | for s in 5 10; do | ||
29 | verbose "client rekeylimit default ${s}" | ||
30 | rm -f ${COPY} ${LOG} | ||
31 | cat $DATA | \ | ||
32 | ${SSH} -oCompression=no -oRekeyLimit="default $s" -F \ | ||
33 | $OBJ/ssh_proxy somehost "cat >${COPY};sleep $s;sleep 3" | ||
34 | if [ $? -ne 0 ]; then | ||
35 | fail "ssh failed" | ||
36 | fi | ||
37 | cmp $DATA ${COPY} || fail "corrupted copy" | ||
38 | n=`grep 'NEWKEYS sent' ${LOG} | wc -l` | ||
39 | n=`expr $n - 1` | ||
40 | trace "$n rekeying(s)" | ||
41 | if [ $n -lt 1 ]; then | ||
42 | fail "no rekeying occured" | ||
43 | fi | ||
44 | done | ||
45 | |||
46 | for s in 5 10; do | ||
47 | verbose "client rekeylimit default ${s} no data" | ||
48 | rm -f ${COPY} ${LOG} | ||
49 | ${SSH} -oCompression=no -oRekeyLimit="default $s" -F \ | ||
50 | $OBJ/ssh_proxy somehost "sleep $s;sleep 3" | ||
51 | if [ $? -ne 0 ]; then | ||
52 | fail "ssh failed" | ||
53 | fi | ||
54 | n=`grep 'NEWKEYS sent' ${LOG} | wc -l` | ||
55 | n=`expr $n - 1` | ||
56 | trace "$n rekeying(s)" | ||
57 | if [ $n -lt 1 ]; then | ||
58 | fail "no rekeying occured" | ||
59 | fi | ||
60 | done | ||
61 | |||
62 | echo "rekeylimit default 5" >>$OBJ/sshd_proxy | ||
63 | for s in 5 10; do | ||
64 | verbose "server rekeylimit default ${s} no data" | ||
65 | rm -f ${COPY} ${LOG} | ||
66 | ${SSH} -oCompression=no -F $OBJ/ssh_proxy somehost "sleep $s;sleep 3" | ||
67 | if [ $? -ne 0 ]; then | ||
68 | fail "ssh failed" | ||
69 | fi | ||
70 | n=`grep 'NEWKEYS sent' ${LOG} | wc -l` | ||
71 | n=`expr $n - 1` | ||
72 | trace "$n rekeying(s)" | ||
73 | if [ $n -lt 1 ]; then | ||
74 | fail "no rekeying occured" | ||
75 | fi | ||
76 | done | ||
77 | |||
78 | verbose "rekeylimit parsing" | ||
79 | for size in 16 1k 1K 1m 1M 1g 1G; do | ||
80 | for time in 1 1m 1M 1h 1H 1d 1D 1w 1W; do | ||
81 | case $size in | ||
82 | 16) bytes=16 ;; | ||
83 | 1k|1K) bytes=1024 ;; | ||
84 | 1m|1M) bytes=1048576 ;; | ||
85 | 1g|1G) bytes=1073741824 ;; | ||
86 | esac | ||
87 | case $time in | ||
88 | 1) seconds=1 ;; | ||
89 | 1m|1M) seconds=60 ;; | ||
90 | 1h|1H) seconds=3600 ;; | ||
91 | 1d|1D) seconds=86400 ;; | ||
92 | 1w|1W) seconds=604800 ;; | ||
93 | esac | ||
94 | |||
95 | b=`$SUDO ${SSHD} -T -o "rekeylimit $size $time" -f $OBJ/sshd_proxy | \ | ||
96 | awk '/rekeylimit/{print $2}'` | ||
97 | s=`$SUDO ${SSHD} -T -o "rekeylimit $size $time" -f $OBJ/sshd_proxy | \ | ||
98 | awk '/rekeylimit/{print $3}'` | ||
99 | |||
100 | if [ "$bytes" != "$b" ]; then | ||
101 | fatal "rekeylimit size: expected $bytes got $b" | ||
102 | fi | ||
103 | if [ "$seconds" != "$s" ]; then | ||
104 | fatal "rekeylimit time: expected $time got $s" | ||
105 | fi | ||
106 | done | ||
107 | done | ||
108 | |||
109 | rm -f ${COPY} ${DATA} | ||
diff --git a/regress/runtests.sh b/regress/runtests.sh deleted file mode 100755 index 9808eb8a7..000000000 --- a/regress/runtests.sh +++ /dev/null | |||
@@ -1,13 +0,0 @@ | |||
1 | #!/bin/sh | ||
2 | |||
3 | TEST_SSH_SSH=../ssh | ||
4 | TEST_SSH_SSHD=../sshd | ||
5 | TEST_SSH_SSHAGENT=../ssh-agent | ||
6 | TEST_SSH_SSHADD=../ssh-add | ||
7 | TEST_SSH_SSHKEYGEN=../ssh-keygen | ||
8 | TEST_SSH_SSHKEYSCAN=../ssh-keyscan | ||
9 | TEST_SSH_SFTP=../sftp | ||
10 | TEST_SSH_SFTPSERVER=../sftp-server | ||
11 | |||
12 | pmake | ||
13 | |||
diff --git a/regress/scp.sh b/regress/scp.sh index c5d412dd9..29c5b35d4 100644 --- a/regress/scp.sh +++ b/regress/scp.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: scp.sh,v 1.7 2006/01/31 10:36:33 djm Exp $ | 1 | # $OpenBSD: scp.sh,v 1.9 2013/05/17 10:35:43 dtucker Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="scp" | 4 | tid="scp" |
@@ -12,8 +12,6 @@ else | |||
12 | DIFFOPT="-r" | 12 | DIFFOPT="-r" |
13 | fi | 13 | fi |
14 | 14 | ||
15 | DATA=/bin/ls${EXEEXT} | ||
16 | COPY=${OBJ}/copy | ||
17 | COPY2=${OBJ}/copy2 | 15 | COPY2=${OBJ}/copy2 |
18 | DIR=${COPY}.dd | 16 | DIR=${COPY}.dd |
19 | DIR2=${COPY}.dd2 | 17 | DIR2=${COPY}.dd2 |
diff --git a/regress/sftp-badcmds.sh b/regress/sftp-badcmds.sh index 08009f26b..7f85c4f22 100644 --- a/regress/sftp-badcmds.sh +++ b/regress/sftp-badcmds.sh | |||
@@ -1,12 +1,10 @@ | |||
1 | # $OpenBSD: sftp-badcmds.sh,v 1.4 2009/08/13 01:11:55 djm Exp $ | 1 | # $OpenBSD: sftp-badcmds.sh,v 1.6 2013/05/17 10:26:26 dtucker Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="sftp invalid commands" | 4 | tid="sftp invalid commands" |
5 | 5 | ||
6 | DATA=/bin/ls${EXEEXT} | ||
7 | DATA2=/bin/sh${EXEEXT} | 6 | DATA2=/bin/sh${EXEEXT} |
8 | NONEXIST=/NONEXIST.$$ | 7 | NONEXIST=/NONEXIST.$$ |
9 | COPY=${OBJ}/copy | ||
10 | GLOBFILES=`(cd /bin;echo l*)` | 8 | GLOBFILES=`(cd /bin;echo l*)` |
11 | 9 | ||
12 | rm -rf ${COPY} ${COPY}.1 ${COPY}.2 ${COPY}.dd | 10 | rm -rf ${COPY} ${COPY}.1 ${COPY}.2 ${COPY}.dd |
diff --git a/regress/sftp-batch.sh b/regress/sftp-batch.sh index a51ef0782..41011549b 100644 --- a/regress/sftp-batch.sh +++ b/regress/sftp-batch.sh | |||
@@ -1,10 +1,8 @@ | |||
1 | # $OpenBSD: sftp-batch.sh,v 1.4 2009/08/13 01:11:55 djm Exp $ | 1 | # $OpenBSD: sftp-batch.sh,v 1.5 2013/05/17 04:29:14 dtucker Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="sftp batchfile" | 4 | tid="sftp batchfile" |
5 | 5 | ||
6 | DATA=/bin/ls${EXEEXT} | ||
7 | COPY=${OBJ}/copy | ||
8 | BATCH=${OBJ}/sftp.bb | 6 | BATCH=${OBJ}/sftp.bb |
9 | 7 | ||
10 | rm -rf ${COPY} ${COPY}.1 ${COPY}.2 ${COPY}.dd ${BATCH}.* | 8 | rm -rf ${COPY} ${COPY}.1 ${COPY}.2 ${COPY}.dd ${BATCH}.* |
diff --git a/regress/sftp-chroot.sh b/regress/sftp-chroot.sh new file mode 100644 index 000000000..03b9bc6d7 --- /dev/null +++ b/regress/sftp-chroot.sh | |||
@@ -0,0 +1,25 @@ | |||
1 | # $OpenBSD: sftp-chroot.sh,v 1.2 2013/05/17 04:29:14 dtucker Exp $ | ||
2 | # Placed in the Public Domain. | ||
3 | |||
4 | tid="sftp in chroot" | ||
5 | |||
6 | CHROOT=/var/run | ||
7 | FILENAME=testdata_${USER} | ||
8 | PRIVDATA=${CHROOT}/${FILENAME} | ||
9 | |||
10 | if [ -z "$SUDO" ]; then | ||
11 | echo "skipped: need SUDO to create file in /var/run, test won't work without" | ||
12 | exit 0 | ||
13 | fi | ||
14 | |||
15 | $SUDO sh -c "echo mekmitastdigoat > $PRIVDATA" || \ | ||
16 | fatal "create $PRIVDATA failed" | ||
17 | |||
18 | start_sshd -oChrootDirectory=$CHROOT -oForceCommand="internal-sftp -d /" | ||
19 | |||
20 | verbose "test $tid: get" | ||
21 | ${SFTP} -qS "$SSH" -F $OBJ/ssh_config host:/${FILENAME} $COPY || \ | ||
22 | fatal "Fetch ${FILENAME} failed" | ||
23 | cmp $PRIVDATA $COPY || fail "$PRIVDATA $COPY differ" | ||
24 | |||
25 | $SUDO rm $PRIVDATA | ||
diff --git a/regress/sftp-cmds.sh b/regress/sftp-cmds.sh index 2e0300e16..aad7fcac2 100644 --- a/regress/sftp-cmds.sh +++ b/regress/sftp-cmds.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: sftp-cmds.sh,v 1.12 2012/06/01 00:52:52 djm Exp $ | 1 | # $OpenBSD: sftp-cmds.sh,v 1.14 2013/06/21 02:26:26 djm Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | # XXX - TODO: | 4 | # XXX - TODO: |
@@ -7,8 +7,6 @@ | |||
7 | 7 | ||
8 | tid="sftp commands" | 8 | tid="sftp commands" |
9 | 9 | ||
10 | DATA=/bin/ls${EXEEXT} | ||
11 | COPY=${OBJ}/copy | ||
12 | # test that these files are readable! | 10 | # test that these files are readable! |
13 | for i in `(cd /bin;echo l*)` | 11 | for i in `(cd /bin;echo l*)` |
14 | do | 12 | do |
@@ -108,7 +106,7 @@ rm -f ${COPY}.dd/* | |||
108 | verbose "$tid: get to directory" | 106 | verbose "$tid: get to directory" |
109 | echo "get $DATA ${COPY}.dd" | ${SFTP} -D ${SFTPSERVER} >/dev/null 2>&1 \ | 107 | echo "get $DATA ${COPY}.dd" | ${SFTP} -D ${SFTPSERVER} >/dev/null 2>&1 \ |
110 | || fail "get failed" | 108 | || fail "get failed" |
111 | cmp $DATA ${COPY}.dd/`basename $DATA` || fail "corrupted copy after get" | 109 | cmp $DATA ${COPY}.dd/$DATANAME || fail "corrupted copy after get" |
112 | 110 | ||
113 | rm -f ${COPY}.dd/* | 111 | rm -f ${COPY}.dd/* |
114 | verbose "$tid: glob get to directory" | 112 | verbose "$tid: glob get to directory" |
@@ -122,7 +120,7 @@ rm -f ${COPY}.dd/* | |||
122 | verbose "$tid: get to local dir" | 120 | verbose "$tid: get to local dir" |
123 | (echo "lcd ${COPY}.dd"; echo "get $DATA" ) | ${SFTP} -D ${SFTPSERVER} >/dev/null 2>&1 \ | 121 | (echo "lcd ${COPY}.dd"; echo "get $DATA" ) | ${SFTP} -D ${SFTPSERVER} >/dev/null 2>&1 \ |
124 | || fail "get failed" | 122 | || fail "get failed" |
125 | cmp $DATA ${COPY}.dd/`basename $DATA` || fail "corrupted copy after get" | 123 | cmp $DATA ${COPY}.dd/$DATANAME || fail "corrupted copy after get" |
126 | 124 | ||
127 | rm -f ${COPY}.dd/* | 125 | rm -f ${COPY}.dd/* |
128 | verbose "$tid: glob get to local dir" | 126 | verbose "$tid: glob get to local dir" |
@@ -156,7 +154,7 @@ rm -f ${COPY}.dd/* | |||
156 | verbose "$tid: put to directory" | 154 | verbose "$tid: put to directory" |
157 | echo "put $DATA ${COPY}.dd" | ${SFTP} -D ${SFTPSERVER} >/dev/null 2>&1 \ | 155 | echo "put $DATA ${COPY}.dd" | ${SFTP} -D ${SFTPSERVER} >/dev/null 2>&1 \ |
158 | || fail "put failed" | 156 | || fail "put failed" |
159 | cmp $DATA ${COPY}.dd/`basename $DATA` || fail "corrupted copy after put" | 157 | cmp $DATA ${COPY}.dd/$DATANAME || fail "corrupted copy after put" |
160 | 158 | ||
161 | rm -f ${COPY}.dd/* | 159 | rm -f ${COPY}.dd/* |
162 | verbose "$tid: glob put to directory" | 160 | verbose "$tid: glob put to directory" |
@@ -170,7 +168,7 @@ rm -f ${COPY}.dd/* | |||
170 | verbose "$tid: put to local dir" | 168 | verbose "$tid: put to local dir" |
171 | (echo "cd ${COPY}.dd"; echo "put $DATA") | ${SFTP} -D ${SFTPSERVER} >/dev/null 2>&1 \ | 169 | (echo "cd ${COPY}.dd"; echo "put $DATA") | ${SFTP} -D ${SFTPSERVER} >/dev/null 2>&1 \ |
172 | || fail "put failed" | 170 | || fail "put failed" |
173 | cmp $DATA ${COPY}.dd/`basename $DATA` || fail "corrupted copy after put" | 171 | cmp $DATA ${COPY}.dd/$DATANAME || fail "corrupted copy after put" |
174 | 172 | ||
175 | rm -f ${COPY}.dd/* | 173 | rm -f ${COPY}.dd/* |
176 | verbose "$tid: glob put to local dir" | 174 | verbose "$tid: glob put to local dir" |
diff --git a/regress/sftp.sh b/regress/sftp.sh index f84fa6f4e..b8e9f7527 100644 --- a/regress/sftp.sh +++ b/regress/sftp.sh | |||
@@ -1,11 +1,8 @@ | |||
1 | # $OpenBSD: sftp.sh,v 1.3 2009/08/13 01:11:55 djm Exp $ | 1 | # $OpenBSD: sftp.sh,v 1.5 2013/05/17 10:28:11 dtucker Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="basic sftp put/get" | 4 | tid="basic sftp put/get" |
5 | 5 | ||
6 | DATA=/bin/ls${EXEEXT} | ||
7 | COPY=${OBJ}/copy | ||
8 | |||
9 | SFTPCMDFILE=${OBJ}/batch | 6 | SFTPCMDFILE=${OBJ}/batch |
10 | cat >$SFTPCMDFILE <<EOF | 7 | cat >$SFTPCMDFILE <<EOF |
11 | version | 8 | version |
diff --git a/regress/ssh-com-client.sh b/regress/ssh-com-client.sh index 324a0a723..e4f80cf0a 100644 --- a/regress/ssh-com-client.sh +++ b/regress/ssh-com-client.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: ssh-com-client.sh,v 1.6 2004/02/24 17:06:52 markus Exp $ | 1 | # $OpenBSD: ssh-com-client.sh,v 1.7 2013/05/17 04:29:14 dtucker Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="connect with ssh.com client" | 4 | tid="connect with ssh.com client" |
@@ -67,10 +67,6 @@ EOF | |||
67 | # we need a real server (no ProxyConnect option) | 67 | # we need a real server (no ProxyConnect option) |
68 | start_sshd | 68 | start_sshd |
69 | 69 | ||
70 | DATA=/bin/ls${EXEEXT} | ||
71 | COPY=${OBJ}/copy | ||
72 | rm -f ${COPY} | ||
73 | |||
74 | # go for it | 70 | # go for it |
75 | for v in ${VERSIONS}; do | 71 | for v in ${VERSIONS}; do |
76 | ssh2=${TEST_COMBASE}/${v}/ssh2 | 72 | ssh2=${TEST_COMBASE}/${v}/ssh2 |
diff --git a/regress/ssh-com-sftp.sh b/regress/ssh-com-sftp.sh index be6f4e0dc..fabfa4983 100644 --- a/regress/ssh-com-sftp.sh +++ b/regress/ssh-com-sftp.sh | |||
@@ -1,10 +1,8 @@ | |||
1 | # $OpenBSD: ssh-com-sftp.sh,v 1.6 2009/08/20 18:43:07 djm Exp $ | 1 | # $OpenBSD: ssh-com-sftp.sh,v 1.7 2013/05/17 04:29:14 dtucker Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="basic sftp put/get with ssh.com server" | 4 | tid="basic sftp put/get with ssh.com server" |
5 | 5 | ||
6 | DATA=/bin/ls${EXEEXT} | ||
7 | COPY=${OBJ}/copy | ||
8 | SFTPCMDFILE=${OBJ}/batch | 6 | SFTPCMDFILE=${OBJ}/batch |
9 | 7 | ||
10 | cat >$SFTPCMDFILE <<EOF | 8 | cat >$SFTPCMDFILE <<EOF |
diff --git a/regress/ssh-com.sh b/regress/ssh-com.sh index 7bcd85b65..6c5cfe888 100644 --- a/regress/ssh-com.sh +++ b/regress/ssh-com.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: ssh-com.sh,v 1.7 2004/02/24 17:06:52 markus Exp $ | 1 | # $OpenBSD: ssh-com.sh,v 1.8 2013/05/17 00:37:40 dtucker Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="connect to ssh.com server" | 4 | tid="connect to ssh.com server" |
@@ -70,7 +70,7 @@ done | |||
70 | 70 | ||
71 | # convert and append DSA hostkey | 71 | # convert and append DSA hostkey |
72 | ( | 72 | ( |
73 | echon 'ssh2-localhost-with-alias,127.0.0.1,::1 ' | 73 | printf 'ssh2-localhost-with-alias,127.0.0.1,::1 ' |
74 | ${SSHKEYGEN} -if ${SRC}/dsa_ssh2.pub | 74 | ${SSHKEYGEN} -if ${SRC}/dsa_ssh2.pub |
75 | ) >> $OBJ/known_hosts | 75 | ) >> $OBJ/known_hosts |
76 | 76 | ||
diff --git a/regress/sshd-log-wrapper.sh b/regress/sshd-log-wrapper.sh index c7a5ef3a6..a9386be4d 100644 --- a/regress/sshd-log-wrapper.sh +++ b/regress/sshd-log-wrapper.sh | |||
@@ -1,5 +1,5 @@ | |||
1 | #!/bin/sh | 1 | #!/bin/sh |
2 | # $OpenBSD: sshd-log-wrapper.sh,v 1.2 2005/02/27 11:40:30 dtucker Exp $ | 2 | # $OpenBSD: sshd-log-wrapper.sh,v 1.3 2013/04/07 02:16:03 dtucker Exp $ |
3 | # Placed in the Public Domain. | 3 | # Placed in the Public Domain. |
4 | # | 4 | # |
5 | # simple wrapper for sshd proxy mode to catch stderr output | 5 | # simple wrapper for sshd proxy mode to catch stderr output |
@@ -10,4 +10,4 @@ log=$2 | |||
10 | shift | 10 | shift |
11 | shift | 11 | shift |
12 | 12 | ||
13 | exec $sshd $@ -e 2>>$log | 13 | exec $sshd -E$log $@ |
diff --git a/regress/stderr-after-eof.sh b/regress/stderr-after-eof.sh index 05a5ea56d..218ac6b68 100644 --- a/regress/stderr-after-eof.sh +++ b/regress/stderr-after-eof.sh | |||
@@ -1,29 +1,13 @@ | |||
1 | # $OpenBSD: stderr-after-eof.sh,v 1.1 2002/03/23 16:38:09 markus Exp $ | 1 | # $OpenBSD: stderr-after-eof.sh,v 1.2 2013/05/17 04:29:14 dtucker Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="stderr data after eof" | 4 | tid="stderr data after eof" |
5 | 5 | ||
6 | DATA=/etc/motd | ||
7 | DATA=${OBJ}/data | ||
8 | COPY=${OBJ}/copy | ||
9 | |||
10 | if have_prog md5sum; then | ||
11 | CHECKSUM=md5sum | ||
12 | elif have_prog openssl; then | ||
13 | CHECKSUM="openssl md5" | ||
14 | elif have_prog cksum; then | ||
15 | CHECKSUM=cksum | ||
16 | elif have_prog sum; then | ||
17 | CHECKSUM=sum | ||
18 | else | ||
19 | fatal "No checksum program available, aborting $tid test" | ||
20 | fi | ||
21 | |||
22 | # setup data | 6 | # setup data |
23 | rm -f ${DATA} ${COPY} | 7 | rm -f ${DATA} ${COPY} |
24 | cp /dev/null ${DATA} | 8 | cp /dev/null ${DATA} |
25 | for i in 1 2 3 4 5 6; do | 9 | for i in 1 2 3 4 5 6; do |
26 | (date;echo $i) | $CHECKSUM >> ${DATA} | 10 | (date;echo $i) | md5 >> ${DATA} |
27 | done | 11 | done |
28 | 12 | ||
29 | ${SSH} -2 -F $OBJ/ssh_proxy otherhost \ | 13 | ${SSH} -2 -F $OBJ/ssh_proxy otherhost \ |
diff --git a/regress/stderr-data.sh b/regress/stderr-data.sh index 1daf79bb5..b0bd2355c 100644 --- a/regress/stderr-data.sh +++ b/regress/stderr-data.sh | |||
@@ -1,12 +1,8 @@ | |||
1 | # $OpenBSD: stderr-data.sh,v 1.2 2002/03/27 22:39:52 markus Exp $ | 1 | # $OpenBSD: stderr-data.sh,v 1.3 2013/05/17 04:29:14 dtucker Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="stderr data transfer" | 4 | tid="stderr data transfer" |
5 | 5 | ||
6 | DATA=/bin/ls${EXEEXT} | ||
7 | COPY=${OBJ}/copy | ||
8 | rm -f ${COPY} | ||
9 | |||
10 | for n in '' -n; do | 6 | for n in '' -n; do |
11 | for p in 1 2; do | 7 | for p in 1 2; do |
12 | verbose "test $tid: proto $p ($n)" | 8 | verbose "test $tid: proto $p ($n)" |
diff --git a/regress/test-exec.sh b/regress/test-exec.sh index aa4e6e5c0..eee446264 100644 --- a/regress/test-exec.sh +++ b/regress/test-exec.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: test-exec.sh,v 1.37 2010/02/24 06:21:56 djm Exp $ | 1 | # $OpenBSD: test-exec.sh,v 1.46 2013/06/21 02:26:26 djm Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | #SUDO=sudo | 4 | #SUDO=sudo |
@@ -136,30 +136,49 @@ case "$SSHD" in | |||
136 | *) SSHD=`which sshd` ;; | 136 | *) SSHD=`which sshd` ;; |
137 | esac | 137 | esac |
138 | 138 | ||
139 | # Logfiles. | ||
140 | # SSH_LOGFILE should be the debug output of ssh(1) only | ||
141 | # SSHD_LOGFILE should be the debug output of sshd(8) only | ||
142 | # REGRESS_LOGFILE is the output of the test itself stdout and stderr | ||
139 | if [ "x$TEST_SSH_LOGFILE" = "x" ]; then | 143 | if [ "x$TEST_SSH_LOGFILE" = "x" ]; then |
140 | TEST_SSH_LOGFILE=/dev/null | 144 | TEST_SSH_LOGFILE=$OBJ/ssh.log |
145 | fi | ||
146 | if [ "x$TEST_SSHD_LOGFILE" = "x" ]; then | ||
147 | TEST_SSHD_LOGFILE=$OBJ/sshd.log | ||
148 | fi | ||
149 | if [ "x$TEST_REGRESS_LOGFILE" = "x" ]; then | ||
150 | TEST_REGRESS_LOGFILE=$OBJ/regress.log | ||
141 | fi | 151 | fi |
142 | 152 | ||
143 | # Some data for test copies | 153 | # truncate logfiles |
144 | DATA=$OBJ/testdata | 154 | >$TEST_SSH_LOGFILE |
145 | cat $SSHD${EXEEXT} $SSHD${EXEEXT} $SSHD${EXEEXT} $SSHD${EXEEXT} >$DATA | 155 | >$TEST_SSHD_LOGFILE |
156 | >$TEST_REGRESS_LOGFILE | ||
157 | |||
158 | # Create wrapper ssh with logging. We can't just specify "SSH=ssh -E..." | ||
159 | # because sftp and scp don't handle spaces in arguments. | ||
160 | SSHLOGWRAP=$OBJ/ssh-log-wrapper.sh | ||
161 | echo "#!/bin/sh" > $SSHLOGWRAP | ||
162 | echo "exec ${SSH} -E${TEST_SSH_LOGFILE} "'"$@"' >>$SSHLOGWRAP | ||
163 | |||
164 | chmod a+rx $OBJ/ssh-log-wrapper.sh | ||
165 | SSH="$SSHLOGWRAP" | ||
166 | |||
167 | # Some test data. We make a copy because some tests will overwrite it. | ||
168 | # The tests may assume that $DATA exists and is writable and $COPY does | ||
169 | # not exist. | ||
170 | DATANAME=data | ||
171 | DATA=$OBJ/${DATANAME} | ||
172 | cat $SSHD $SSHD $SSHD $SSHD >${DATA} | ||
173 | chmod u+w ${DATA} | ||
174 | COPY=$OBJ/copy | ||
175 | rm -f ${COPY} | ||
146 | 176 | ||
147 | # these should be used in tests | 177 | # these should be used in tests |
148 | export SSH SSHD SSHAGENT SSHADD SSHKEYGEN SSHKEYSCAN SFTP SFTPSERVER SCP | 178 | export SSH SSHD SSHAGENT SSHADD SSHKEYGEN SSHKEYSCAN SFTP SFTPSERVER SCP |
149 | #echo $SSH $SSHD $SSHAGENT $SSHADD $SSHKEYGEN $SSHKEYSCAN $SFTP $SFTPSERVER $SCP | 179 | #echo $SSH $SSHD $SSHAGENT $SSHADD $SSHKEYGEN $SSHKEYSCAN $SFTP $SFTPSERVER $SCP |
150 | 180 | ||
151 | # helper | 181 | # Portable specific functions |
152 | echon() | ||
153 | { | ||
154 | if [ "x`echo -n`" = "x" ]; then | ||
155 | echo -n "$@" | ||
156 | elif [ "x`echo '\c'`" = "x" ]; then | ||
157 | echo "$@\c" | ||
158 | else | ||
159 | fatal "Don't know how to echo without newline." | ||
160 | fi | ||
161 | } | ||
162 | |||
163 | have_prog() | 182 | have_prog() |
164 | { | 183 | { |
165 | saved_IFS="$IFS" | 184 | saved_IFS="$IFS" |
@@ -175,6 +194,37 @@ have_prog() | |||
175 | return 1 | 194 | return 1 |
176 | } | 195 | } |
177 | 196 | ||
197 | jot() { | ||
198 | awk "BEGIN { for (i = $2; i < $2 + $1; i++) { printf \"%d\n\", i } exit }" | ||
199 | } | ||
200 | |||
201 | # Check whether preprocessor symbols are defined in config.h. | ||
202 | config_defined () | ||
203 | { | ||
204 | str=$1 | ||
205 | while test "x$2" != "x" ; do | ||
206 | str="$str|$2" | ||
207 | shift | ||
208 | done | ||
209 | egrep "^#define.*($str)" ${BUILDDIR}/config.h >/dev/null 2>&1 | ||
210 | } | ||
211 | |||
212 | md5 () { | ||
213 | if have_prog md5sum; then | ||
214 | md5sum | ||
215 | elif have_prog openssl; then | ||
216 | openssl md5 | ||
217 | elif have_prog cksum; then | ||
218 | cksum | ||
219 | elif have_prog sum; then | ||
220 | sum | ||
221 | else | ||
222 | wc -c | ||
223 | fi | ||
224 | } | ||
225 | # End of portable specific functions | ||
226 | |||
227 | # helper | ||
178 | cleanup () | 228 | cleanup () |
179 | { | 229 | { |
180 | if [ -f $PIDFILE ]; then | 230 | if [ -f $PIDFILE ]; then |
@@ -199,9 +249,26 @@ cleanup () | |||
199 | fi | 249 | fi |
200 | } | 250 | } |
201 | 251 | ||
252 | start_debug_log () | ||
253 | { | ||
254 | echo "trace: $@" >$TEST_REGRESS_LOGFILE | ||
255 | echo "trace: $@" >$TEST_SSH_LOGFILE | ||
256 | echo "trace: $@" >$TEST_SSHD_LOGFILE | ||
257 | } | ||
258 | |||
259 | save_debug_log () | ||
260 | { | ||
261 | echo $@ >>$TEST_REGRESS_LOGFILE | ||
262 | echo $@ >>$TEST_SSH_LOGFILE | ||
263 | echo $@ >>$TEST_SSHD_LOGFILE | ||
264 | (cat $TEST_REGRESS_LOGFILE; echo) >>$OBJ/failed-regress.log | ||
265 | (cat $TEST_SSH_LOGFILE; echo) >>$OBJ/failed-ssh.log | ||
266 | (cat $TEST_SSHD_LOGFILE; echo) >>$OBJ/failed-sshd.log | ||
267 | } | ||
268 | |||
202 | trace () | 269 | trace () |
203 | { | 270 | { |
204 | echo "trace: $@" >>$TEST_SSH_LOGFILE | 271 | start_debug_log $@ |
205 | if [ "X$TEST_SSH_TRACE" = "Xyes" ]; then | 272 | if [ "X$TEST_SSH_TRACE" = "Xyes" ]; then |
206 | echo "$@" | 273 | echo "$@" |
207 | fi | 274 | fi |
@@ -209,7 +276,7 @@ trace () | |||
209 | 276 | ||
210 | verbose () | 277 | verbose () |
211 | { | 278 | { |
212 | echo "verbose: $@" >>$TEST_SSH_LOGFILE | 279 | start_debug_log $@ |
213 | if [ "X$TEST_SSH_QUIET" != "Xyes" ]; then | 280 | if [ "X$TEST_SSH_QUIET" != "Xyes" ]; then |
214 | echo "$@" | 281 | echo "$@" |
215 | fi | 282 | fi |
@@ -223,31 +290,21 @@ warn () | |||
223 | 290 | ||
224 | fail () | 291 | fail () |
225 | { | 292 | { |
226 | echo "FAIL: $@" >>$TEST_SSH_LOGFILE | 293 | save_debug_log "FAIL: $@" |
227 | RESULT=1 | 294 | RESULT=1 |
228 | echo "$@" | 295 | echo "$@" |
296 | |||
229 | } | 297 | } |
230 | 298 | ||
231 | fatal () | 299 | fatal () |
232 | { | 300 | { |
233 | echo "FATAL: $@" >>$TEST_SSH_LOGFILE | 301 | save_debug_log "FATAL: $@" |
234 | echon "FATAL: " | 302 | printf "FATAL: " |
235 | fail "$@" | 303 | fail "$@" |
236 | cleanup | 304 | cleanup |
237 | exit $RESULT | 305 | exit $RESULT |
238 | } | 306 | } |
239 | 307 | ||
240 | # Check whether preprocessor symbols are defined in config.h. | ||
241 | config_defined () | ||
242 | { | ||
243 | str=$1 | ||
244 | while test "x$2" != "x" ; do | ||
245 | str="$str|$2" | ||
246 | shift | ||
247 | done | ||
248 | egrep "^#define.*($str)" ${BUILDDIR}/config.h >/dev/null 2>&1 | ||
249 | } | ||
250 | |||
251 | RESULT=0 | 308 | RESULT=0 |
252 | PIDFILE=$OBJ/pidfile | 309 | PIDFILE=$OBJ/pidfile |
253 | 310 | ||
@@ -263,7 +320,7 @@ cat << EOF > $OBJ/sshd_config | |||
263 | #ListenAddress ::1 | 320 | #ListenAddress ::1 |
264 | PidFile $PIDFILE | 321 | PidFile $PIDFILE |
265 | AuthorizedKeysFile $OBJ/authorized_keys_%u | 322 | AuthorizedKeysFile $OBJ/authorized_keys_%u |
266 | LogLevel VERBOSE | 323 | LogLevel DEBUG3 |
267 | AcceptEnv _XXX_TEST_* | 324 | AcceptEnv _XXX_TEST_* |
268 | AcceptEnv _XXX_TEST | 325 | AcceptEnv _XXX_TEST |
269 | Subsystem sftp $SFTPSERVER | 326 | Subsystem sftp $SFTPSERVER |
@@ -295,8 +352,10 @@ Host * | |||
295 | ChallengeResponseAuthentication no | 352 | ChallengeResponseAuthentication no |
296 | HostbasedAuthentication no | 353 | HostbasedAuthentication no |
297 | PasswordAuthentication no | 354 | PasswordAuthentication no |
355 | RhostsRSAAuthentication no | ||
298 | BatchMode yes | 356 | BatchMode yes |
299 | StrictHostKeyChecking yes | 357 | StrictHostKeyChecking yes |
358 | LogLevel DEBUG3 | ||
300 | EOF | 359 | EOF |
301 | 360 | ||
302 | if [ ! -z "$TEST_SSH_SSH_CONFOPTS" ]; then | 361 | if [ ! -z "$TEST_SSH_SSH_CONFOPTS" ]; then |
@@ -309,13 +368,15 @@ rm -f $OBJ/known_hosts $OBJ/authorized_keys_$USER | |||
309 | trace "generate keys" | 368 | trace "generate keys" |
310 | for t in rsa rsa1; do | 369 | for t in rsa rsa1; do |
311 | # generate user key | 370 | # generate user key |
312 | rm -f $OBJ/$t | 371 | if [ ! -f $OBJ/$t ] || [ ${SSHKEYGEN} -nt $OBJ/$t ]; then |
313 | ${SSHKEYGEN} -b 1024 -q -N '' -t $t -f $OBJ/$t ||\ | 372 | rm -f $OBJ/$t |
314 | fail "ssh-keygen for $t failed" | 373 | ${SSHKEYGEN} -q -N '' -t $t -f $OBJ/$t ||\ |
374 | fail "ssh-keygen for $t failed" | ||
375 | fi | ||
315 | 376 | ||
316 | # known hosts file for client | 377 | # known hosts file for client |
317 | ( | 378 | ( |
318 | echon 'localhost-with-alias,127.0.0.1,::1 ' | 379 | printf 'localhost-with-alias,127.0.0.1,::1 ' |
319 | cat $OBJ/$t.pub | 380 | cat $OBJ/$t.pub |
320 | ) >> $OBJ/known_hosts | 381 | ) >> $OBJ/known_hosts |
321 | 382 | ||
@@ -370,7 +431,7 @@ if test "$REGRESS_INTEROP_PUTTY" = "yes" ; then | |||
370 | echo "Hostname=127.0.0.1" >> ${OBJ}/.putty/sessions/localhost_proxy | 431 | echo "Hostname=127.0.0.1" >> ${OBJ}/.putty/sessions/localhost_proxy |
371 | echo "PortNumber=$PORT" >> ${OBJ}/.putty/sessions/localhost_proxy | 432 | echo "PortNumber=$PORT" >> ${OBJ}/.putty/sessions/localhost_proxy |
372 | echo "ProxyMethod=5" >> ${OBJ}/.putty/sessions/localhost_proxy | 433 | echo "ProxyMethod=5" >> ${OBJ}/.putty/sessions/localhost_proxy |
373 | echo "ProxyTelnetCommand=sh ${SRC}/sshd-log-wrapper.sh ${SSHD} ${TEST_SSH_LOGFILE} -i -f $OBJ/sshd_proxy" >> ${OBJ}/.putty/sessions/localhost_proxy | 434 | echo "ProxyTelnetCommand=sh ${SRC}/sshd-log-wrapper.sh ${SSHD} ${TEST_SSHD_LOGFILE} -i -f $OBJ/sshd_proxy" >> ${OBJ}/.putty/sessions/localhost_proxy |
374 | 435 | ||
375 | REGRESS_INTEROP_PUTTY=yes | 436 | REGRESS_INTEROP_PUTTY=yes |
376 | fi | 437 | fi |
@@ -378,7 +439,7 @@ fi | |||
378 | # create a proxy version of the client config | 439 | # create a proxy version of the client config |
379 | ( | 440 | ( |
380 | cat $OBJ/ssh_config | 441 | cat $OBJ/ssh_config |
381 | echo proxycommand ${SUDO} sh ${SRC}/sshd-log-wrapper.sh ${SSHD} ${TEST_SSH_LOGFILE} -i -f $OBJ/sshd_proxy | 442 | echo proxycommand ${SUDO} sh ${SRC}/sshd-log-wrapper.sh ${SSHD} ${TEST_SSHD_LOGFILE} -i -f $OBJ/sshd_proxy |
382 | ) > $OBJ/ssh_proxy | 443 | ) > $OBJ/ssh_proxy |
383 | 444 | ||
384 | # check proxy config | 445 | # check proxy config |
@@ -388,7 +449,7 @@ start_sshd () | |||
388 | { | 449 | { |
389 | # start sshd | 450 | # start sshd |
390 | $SUDO ${SSHD} -f $OBJ/sshd_config "$@" -t || fatal "sshd_config broken" | 451 | $SUDO ${SSHD} -f $OBJ/sshd_config "$@" -t || fatal "sshd_config broken" |
391 | $SUDO ${SSHD} -f $OBJ/sshd_config -e "$@" >>$TEST_SSH_LOGFILE 2>&1 | 452 | $SUDO ${SSHD} -f $OBJ/sshd_config "$@" -E$TEST_SSHD_LOGFILE |
392 | 453 | ||
393 | trace "wait for sshd" | 454 | trace "wait for sshd" |
394 | i=0; | 455 | i=0; |
diff --git a/regress/transfer.sh b/regress/transfer.sh index 13ea367d5..1ae3ef5bf 100644 --- a/regress/transfer.sh +++ b/regress/transfer.sh | |||
@@ -1,11 +1,8 @@ | |||
1 | # $OpenBSD: transfer.sh,v 1.1 2002/03/27 00:03:37 markus Exp $ | 1 | # $OpenBSD: transfer.sh,v 1.2 2013/05/17 04:29:14 dtucker Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="transfer data" | 4 | tid="transfer data" |
5 | 5 | ||
6 | DATA=/bin/ls${EXEEXT} | ||
7 | COPY=${OBJ}/copy | ||
8 | |||
9 | for p in 1 2; do | 6 | for p in 1 2; do |
10 | verbose "$tid: proto $p" | 7 | verbose "$tid: proto $p" |
11 | rm -f ${COPY} | 8 | rm -f ${COPY} |
diff --git a/regress/try-ciphers.sh b/regress/try-ciphers.sh index 084a1457a..e17c9f5e9 100644 --- a/regress/try-ciphers.sh +++ b/regress/try-ciphers.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: try-ciphers.sh,v 1.19 2013/02/11 23:58:51 djm Exp $ | 1 | # $OpenBSD: try-ciphers.sh,v 1.20 2013/05/17 10:16:26 dtucker Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="try ciphers" | 4 | tid="try ciphers" |
diff --git a/roaming_client.c b/roaming_client.c index 48009d781..81c496827 100644 --- a/roaming_client.c +++ b/roaming_client.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: roaming_client.c,v 1.4 2011/12/07 05:44:38 djm Exp $ */ | 1 | /* $OpenBSD: roaming_client.c,v 1.5 2013/05/17 00:13:14 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2004-2009 AppGate Network Security AB | 3 | * Copyright (c) 2004-2009 AppGate Network Security AB |
4 | * | 4 | * |
@@ -187,10 +187,10 @@ roaming_resume(void) | |||
187 | debug("server doesn't allow resume"); | 187 | debug("server doesn't allow resume"); |
188 | goto fail; | 188 | goto fail; |
189 | } | 189 | } |
190 | xfree(str); | 190 | free(str); |
191 | for (i = 1; i < PROPOSAL_MAX; i++) { | 191 | for (i = 1; i < PROPOSAL_MAX; i++) { |
192 | /* kex algorithm taken care of so start with i=1 and not 0 */ | 192 | /* kex algorithm taken care of so start with i=1 and not 0 */ |
193 | xfree(packet_get_string(&len)); | 193 | free(packet_get_string(&len)); |
194 | } | 194 | } |
195 | i = packet_get_char(); /* first_kex_packet_follows */ | 195 | i = packet_get_char(); /* first_kex_packet_follows */ |
196 | if (i && (c = strchr(kexlist, ','))) | 196 | if (i && (c = strchr(kexlist, ','))) |
@@ -226,8 +226,7 @@ roaming_resume(void) | |||
226 | return 0; | 226 | return 0; |
227 | 227 | ||
228 | fail: | 228 | fail: |
229 | if (kexlist) | 229 | free(kexlist); |
230 | xfree(kexlist); | ||
231 | if (packet_get_connection_in() == packet_get_connection_out()) | 230 | if (packet_get_connection_in() == packet_get_connection_out()) |
232 | close(packet_get_connection_in()); | 231 | close(packet_get_connection_in()); |
233 | else { | 232 | else { |
diff --git a/roaming_common.c b/roaming_common.c index 8d0b6054a..50d6177d0 100644 --- a/roaming_common.c +++ b/roaming_common.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: roaming_common.c,v 1.9 2011/12/07 05:44:38 djm Exp $ */ | 1 | /* $OpenBSD: roaming_common.c,v 1.10 2013/07/12 00:19:59 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2004-2009 AppGate Network Security AB | 3 | * Copyright (c) 2004-2009 AppGate Network Security AB |
4 | * | 4 | * |
@@ -227,7 +227,7 @@ calculate_new_key(u_int64_t *key, u_int64_t cookie, u_int64_t challenge) | |||
227 | { | 227 | { |
228 | const EVP_MD *md = EVP_sha1(); | 228 | const EVP_MD *md = EVP_sha1(); |
229 | EVP_MD_CTX ctx; | 229 | EVP_MD_CTX ctx; |
230 | char hash[EVP_MAX_MD_SIZE]; | 230 | u_char hash[EVP_MAX_MD_SIZE]; |
231 | Buffer b; | 231 | Buffer b; |
232 | 232 | ||
233 | buffer_init(&b); | 233 | buffer_init(&b); |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: rsa.c,v 1.29 2006/11/06 21:25:28 markus Exp $ */ | 1 | /* $OpenBSD: rsa.c,v 1.30 2013/05/17 00:13:14 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -96,8 +96,8 @@ rsa_public_encrypt(BIGNUM *out, BIGNUM *in, RSA *key) | |||
96 | 96 | ||
97 | memset(outbuf, 0, olen); | 97 | memset(outbuf, 0, olen); |
98 | memset(inbuf, 0, ilen); | 98 | memset(inbuf, 0, ilen); |
99 | xfree(outbuf); | 99 | free(outbuf); |
100 | xfree(inbuf); | 100 | free(inbuf); |
101 | } | 101 | } |
102 | 102 | ||
103 | int | 103 | int |
@@ -122,8 +122,8 @@ rsa_private_decrypt(BIGNUM *out, BIGNUM *in, RSA *key) | |||
122 | } | 122 | } |
123 | memset(outbuf, 0, olen); | 123 | memset(outbuf, 0, olen); |
124 | memset(inbuf, 0, ilen); | 124 | memset(inbuf, 0, ilen); |
125 | xfree(outbuf); | 125 | free(outbuf); |
126 | xfree(inbuf); | 126 | free(inbuf); |
127 | return len; | 127 | return len; |
128 | } | 128 | } |
129 | 129 | ||
diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c index e12418399..cc1465305 100644 --- a/sandbox-seccomp-filter.c +++ b/sandbox-seccomp-filter.c | |||
@@ -91,6 +91,7 @@ static const struct sock_filter preauth_insns[] = { | |||
91 | SC_DENY(open, EACCES), | 91 | SC_DENY(open, EACCES), |
92 | SC_ALLOW(getpid), | 92 | SC_ALLOW(getpid), |
93 | SC_ALLOW(gettimeofday), | 93 | SC_ALLOW(gettimeofday), |
94 | SC_ALLOW(clock_gettime), | ||
94 | #ifdef __NR_time /* not defined on EABI ARM */ | 95 | #ifdef __NR_time /* not defined on EABI ARM */ |
95 | SC_ALLOW(time), | 96 | SC_ALLOW(time), |
96 | #endif | 97 | #endif |
diff --git a/sandbox-systrace.c b/sandbox-systrace.c index 2d16a627f..cc0db46c4 100644 --- a/sandbox-systrace.c +++ b/sandbox-systrace.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sandbox-systrace.c,v 1.6 2012/06/30 14:35:09 markus Exp $ */ | 1 | /* $OpenBSD: sandbox-systrace.c,v 1.7 2013/06/01 13:15:52 dtucker Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2011 Damien Miller <djm@mindrot.org> | 3 | * Copyright (c) 2011 Damien Miller <djm@mindrot.org> |
4 | * | 4 | * |
@@ -57,6 +57,7 @@ static const struct sandbox_policy preauth_policy[] = { | |||
57 | { SYS_exit, SYSTR_POLICY_PERMIT }, | 57 | { SYS_exit, SYSTR_POLICY_PERMIT }, |
58 | { SYS_getpid, SYSTR_POLICY_PERMIT }, | 58 | { SYS_getpid, SYSTR_POLICY_PERMIT }, |
59 | { SYS_gettimeofday, SYSTR_POLICY_PERMIT }, | 59 | { SYS_gettimeofday, SYSTR_POLICY_PERMIT }, |
60 | { SYS_clock_gettime, SYSTR_POLICY_PERMIT }, | ||
60 | { SYS_madvise, SYSTR_POLICY_PERMIT }, | 61 | { SYS_madvise, SYSTR_POLICY_PERMIT }, |
61 | { SYS_mmap, SYSTR_POLICY_PERMIT }, | 62 | { SYS_mmap, SYSTR_POLICY_PERMIT }, |
62 | { SYS_mprotect, SYSTR_POLICY_PERMIT }, | 63 | { SYS_mprotect, SYSTR_POLICY_PERMIT }, |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: schnorr.c,v 1.5 2010/12/03 23:49:26 djm Exp $ */ | 1 | /* $OpenBSD: schnorr.c,v 1.7 2013/05/17 00:13:14 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2008 Damien Miller. All rights reserved. | 3 | * Copyright (c) 2008 Damien Miller. All rights reserved. |
4 | * | 4 | * |
@@ -102,7 +102,7 @@ schnorr_hash(const BIGNUM *p, const BIGNUM *q, const BIGNUM *g, | |||
102 | out: | 102 | out: |
103 | buffer_free(&b); | 103 | buffer_free(&b); |
104 | bzero(digest, digest_len); | 104 | bzero(digest, digest_len); |
105 | xfree(digest); | 105 | free(digest); |
106 | digest_len = 0; | 106 | digest_len = 0; |
107 | if (success == 0) | 107 | if (success == 0) |
108 | return h; | 108 | return h; |
@@ -488,12 +488,13 @@ debug3_bn(const BIGNUM *n, const char *fmt, ...) | |||
488 | { | 488 | { |
489 | char *out, *h; | 489 | char *out, *h; |
490 | va_list args; | 490 | va_list args; |
491 | int ret; | ||
491 | 492 | ||
492 | out = NULL; | 493 | out = NULL; |
493 | va_start(args, fmt); | 494 | va_start(args, fmt); |
494 | vasprintf(&out, fmt, args); | 495 | ret = vasprintf(&out, fmt, args); |
495 | va_end(args); | 496 | va_end(args); |
496 | if (out == NULL) | 497 | if (ret == -1 || out == NULL) |
497 | fatal("%s: vasprintf failed", __func__); | 498 | fatal("%s: vasprintf failed", __func__); |
498 | 499 | ||
499 | if (n == NULL) | 500 | if (n == NULL) |
@@ -513,12 +514,13 @@ debug3_buf(const u_char *buf, u_int len, const char *fmt, ...) | |||
513 | char *out, h[65]; | 514 | char *out, h[65]; |
514 | u_int i, j; | 515 | u_int i, j; |
515 | va_list args; | 516 | va_list args; |
517 | int ret; | ||
516 | 518 | ||
517 | out = NULL; | 519 | out = NULL; |
518 | va_start(args, fmt); | 520 | va_start(args, fmt); |
519 | vasprintf(&out, fmt, args); | 521 | ret = vasprintf(&out, fmt, args); |
520 | va_end(args); | 522 | va_end(args); |
521 | if (out == NULL) | 523 | if (ret == -1 || out == NULL) |
522 | fatal("%s: vasprintf failed", __func__); | 524 | fatal("%s: vasprintf failed", __func__); |
523 | 525 | ||
524 | debug3("%s length %u%s", out, len, buf == NULL ? " (null)" : ""); | 526 | debug3("%s length %u%s", out, len, buf == NULL ? " (null)" : ""); |
@@ -571,7 +573,7 @@ modp_group_free(struct modp_group *grp) | |||
571 | if (grp->q != NULL) | 573 | if (grp->q != NULL) |
572 | BN_clear_free(grp->q); | 574 | BN_clear_free(grp->q); |
573 | bzero(grp, sizeof(*grp)); | 575 | bzero(grp, sizeof(*grp)); |
574 | xfree(grp); | 576 | free(grp); |
575 | } | 577 | } |
576 | 578 | ||
577 | /* main() function for self-test */ | 579 | /* main() function for self-test */ |
@@ -606,7 +608,7 @@ schnorr_selftest_one(const BIGNUM *grp_p, const BIGNUM *grp_q, | |||
606 | if (schnorr_verify_buf(grp_p, grp_q, grp_g, g_x, "junk", 4, | 608 | if (schnorr_verify_buf(grp_p, grp_q, grp_g, g_x, "junk", 4, |
607 | sig, siglen) != 0) | 609 | sig, siglen) != 0) |
608 | fatal("%s: verify should have failed (bit error)", __func__); | 610 | fatal("%s: verify should have failed (bit error)", __func__); |
609 | xfree(sig); | 611 | free(sig); |
610 | BN_free(g_x); | 612 | BN_free(g_x); |
611 | BN_CTX_free(bn_ctx); | 613 | BN_CTX_free(bn_ctx); |
612 | } | 614 | } |
@@ -155,4 +155,4 @@ AUTHORS | |||
155 | Timo Rinne <tri@iki.fi> | 155 | Timo Rinne <tri@iki.fi> |
156 | Tatu Ylonen <ylo@cs.hut.fi> | 156 | Tatu Ylonen <ylo@cs.hut.fi> |
157 | 157 | ||
158 | OpenBSD 5.3 September 5, 2011 OpenBSD 5.3 | 158 | OpenBSD 5.4 July 16, 2013 OpenBSD 5.4 |
@@ -8,9 +8,9 @@ | |||
8 | .\" | 8 | .\" |
9 | .\" Created: Sun May 7 00:14:37 1995 ylo | 9 | .\" Created: Sun May 7 00:14:37 1995 ylo |
10 | .\" | 10 | .\" |
11 | .\" $OpenBSD: scp.1,v 1.58 2011/09/05 07:01:44 jmc Exp $ | 11 | .\" $OpenBSD: scp.1,v 1.59 2013/07/16 00:07:52 schwarze Exp $ |
12 | .\" | 12 | .\" |
13 | .Dd $Mdocdate: September 5 2011 $ | 13 | .Dd $Mdocdate: July 16 2013 $ |
14 | .Dt SCP 1 | 14 | .Dt SCP 1 |
15 | .Os | 15 | .Os |
16 | .Sh NAME | 16 | .Sh NAME |
@@ -235,5 +235,5 @@ is based on the | |||
235 | program in BSD source code from the Regents of the University of | 235 | program in BSD source code from the Regents of the University of |
236 | California. | 236 | California. |
237 | .Sh AUTHORS | 237 | .Sh AUTHORS |
238 | .An Timo Rinne Aq tri@iki.fi | 238 | .An Timo Rinne Aq Mt tri@iki.fi |
239 | .An Tatu Ylonen Aq ylo@cs.hut.fi | 239 | .An Tatu Ylonen Aq Mt ylo@cs.hut.fi |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: scp.c,v 1.171 2011/09/09 22:37:01 djm Exp $ */ | 1 | /* $OpenBSD: scp.c,v 1.178 2013/06/22 06:31:57 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * scp - secure remote copy. This is basically patched BSD rcp which | 3 | * scp - secure remote copy. This is basically patched BSD rcp which |
4 | * uses ssh to do the data transfer (instead of using rcmd). | 4 | * uses ssh to do the data transfer (instead of using rcmd). |
@@ -558,6 +558,24 @@ scpio(void *_cnt, size_t s) | |||
558 | return 0; | 558 | return 0; |
559 | } | 559 | } |
560 | 560 | ||
561 | static int | ||
562 | do_times(int fd, int verb, const struct stat *sb) | ||
563 | { | ||
564 | /* strlen(2^64) == 20; strlen(10^6) == 7 */ | ||
565 | char buf[(20 + 7 + 2) * 2 + 2]; | ||
566 | |||
567 | (void)snprintf(buf, sizeof(buf), "T%llu 0 %llu 0\n", | ||
568 | (unsigned long long) (sb->st_mtime < 0 ? 0 : sb->st_mtime), | ||
569 | (unsigned long long) (sb->st_atime < 0 ? 0 : sb->st_atime)); | ||
570 | if (verb) { | ||
571 | fprintf(stderr, "File mtime %lld atime %lld\n", | ||
572 | (long long)sb->st_mtime, (long long)sb->st_atime); | ||
573 | fprintf(stderr, "Sending file timestamps: %s", buf); | ||
574 | } | ||
575 | (void) atomicio(vwrite, fd, buf, strlen(buf)); | ||
576 | return (response()); | ||
577 | } | ||
578 | |||
561 | void | 579 | void |
562 | toremote(char *targ, int argc, char **argv) | 580 | toremote(char *targ, int argc, char **argv) |
563 | { | 581 | { |
@@ -586,7 +604,7 @@ toremote(char *targ, int argc, char **argv) | |||
586 | } | 604 | } |
587 | 605 | ||
588 | if (tuser != NULL && !okname(tuser)) { | 606 | if (tuser != NULL && !okname(tuser)) { |
589 | xfree(arg); | 607 | free(arg); |
590 | return; | 608 | return; |
591 | } | 609 | } |
592 | 610 | ||
@@ -613,13 +631,13 @@ toremote(char *targ, int argc, char **argv) | |||
613 | *src == '-' ? "-- " : "", src); | 631 | *src == '-' ? "-- " : "", src); |
614 | if (do_cmd(host, suser, bp, &remin, &remout) < 0) | 632 | if (do_cmd(host, suser, bp, &remin, &remout) < 0) |
615 | exit(1); | 633 | exit(1); |
616 | (void) xfree(bp); | 634 | free(bp); |
617 | host = cleanhostname(thost); | 635 | host = cleanhostname(thost); |
618 | xasprintf(&bp, "%s -t %s%s", cmd, | 636 | xasprintf(&bp, "%s -t %s%s", cmd, |
619 | *targ == '-' ? "-- " : "", targ); | 637 | *targ == '-' ? "-- " : "", targ); |
620 | if (do_cmd2(host, tuser, bp, remin, remout) < 0) | 638 | if (do_cmd2(host, tuser, bp, remin, remout) < 0) |
621 | exit(1); | 639 | exit(1); |
622 | (void) xfree(bp); | 640 | free(bp); |
623 | (void) close(remin); | 641 | (void) close(remin); |
624 | (void) close(remout); | 642 | (void) close(remout); |
625 | remin = remout = -1; | 643 | remin = remout = -1; |
@@ -670,12 +688,12 @@ toremote(char *targ, int argc, char **argv) | |||
670 | exit(1); | 688 | exit(1); |
671 | if (response() < 0) | 689 | if (response() < 0) |
672 | exit(1); | 690 | exit(1); |
673 | (void) xfree(bp); | 691 | free(bp); |
674 | } | 692 | } |
675 | source(1, argv + i); | 693 | source(1, argv + i); |
676 | } | 694 | } |
677 | } | 695 | } |
678 | xfree(arg); | 696 | free(arg); |
679 | } | 697 | } |
680 | 698 | ||
681 | void | 699 | void |
@@ -719,11 +737,11 @@ tolocal(int argc, char **argv) | |||
719 | xasprintf(&bp, "%s -f %s%s", | 737 | xasprintf(&bp, "%s -f %s%s", |
720 | cmd, *src == '-' ? "-- " : "", src); | 738 | cmd, *src == '-' ? "-- " : "", src); |
721 | if (do_cmd(host, suser, bp, &remin, &remout) < 0) { | 739 | if (do_cmd(host, suser, bp, &remin, &remout) < 0) { |
722 | (void) xfree(bp); | 740 | free(bp); |
723 | ++errs; | 741 | ++errs; |
724 | continue; | 742 | continue; |
725 | } | 743 | } |
726 | xfree(bp); | 744 | free(bp); |
727 | sink(1, argv + argc - 1); | 745 | sink(1, argv + argc - 1); |
728 | (void) close(remin); | 746 | (void) close(remin); |
729 | remin = remout = -1; | 747 | remin = remout = -1; |
@@ -782,21 +800,7 @@ syserr: run_err("%s: %s", name, strerror(errno)); | |||
782 | ++last; | 800 | ++last; |
783 | curfile = last; | 801 | curfile = last; |
784 | if (pflag) { | 802 | if (pflag) { |
785 | /* | 803 | if (do_times(remout, verbose_mode, &stb) < 0) |
786 | * Make it compatible with possible future | ||
787 | * versions expecting microseconds. | ||
788 | */ | ||
789 | (void) snprintf(buf, sizeof buf, "T%lu 0 %lu 0\n", | ||
790 | (u_long) (stb.st_mtime < 0 ? 0 : stb.st_mtime), | ||
791 | (u_long) (stb.st_atime < 0 ? 0 : stb.st_atime)); | ||
792 | if (verbose_mode) { | ||
793 | fprintf(stderr, "File mtime %ld atime %ld\n", | ||
794 | (long)stb.st_mtime, (long)stb.st_atime); | ||
795 | fprintf(stderr, "Sending file timestamps: %s", | ||
796 | buf); | ||
797 | } | ||
798 | (void) atomicio(vwrite, remout, buf, strlen(buf)); | ||
799 | if (response() < 0) | ||
800 | goto next; | 804 | goto next; |
801 | } | 805 | } |
802 | #define FILEMODEMASK (S_ISUID|S_ISGID|S_IRWXU|S_IRWXG|S_IRWXO) | 806 | #define FILEMODEMASK (S_ISUID|S_ISGID|S_IRWXU|S_IRWXG|S_IRWXO) |
@@ -858,7 +862,7 @@ rsource(char *name, struct stat *statp) | |||
858 | { | 862 | { |
859 | DIR *dirp; | 863 | DIR *dirp; |
860 | struct dirent *dp; | 864 | struct dirent *dp; |
861 | char *last, *vect[1], path[1100]; | 865 | char *last, *vect[1], path[MAXPATHLEN]; |
862 | 866 | ||
863 | if (!(dirp = opendir(name))) { | 867 | if (!(dirp = opendir(name))) { |
864 | run_err("%s: %s", name, strerror(errno)); | 868 | run_err("%s: %s", name, strerror(errno)); |
@@ -870,11 +874,7 @@ rsource(char *name, struct stat *statp) | |||
870 | else | 874 | else |
871 | last++; | 875 | last++; |
872 | if (pflag) { | 876 | if (pflag) { |
873 | (void) snprintf(path, sizeof(path), "T%lu 0 %lu 0\n", | 877 | if (do_times(remout, verbose_mode, statp) < 0) { |
874 | (u_long) statp->st_mtime, | ||
875 | (u_long) statp->st_atime); | ||
876 | (void) atomicio(vwrite, remout, path, strlen(path)); | ||
877 | if (response() < 0) { | ||
878 | closedir(dirp); | 878 | closedir(dirp); |
879 | return; | 879 | return; |
880 | } | 880 | } |
@@ -920,6 +920,7 @@ sink(int argc, char **argv) | |||
920 | int amt, exists, first, ofd; | 920 | int amt, exists, first, ofd; |
921 | mode_t mode, omode, mask; | 921 | mode_t mode, omode, mask; |
922 | off_t size, statbytes; | 922 | off_t size, statbytes; |
923 | unsigned long long ull; | ||
923 | int setimes, targisdir, wrerrno = 0; | 924 | int setimes, targisdir, wrerrno = 0; |
924 | char ch, *cp, *np, *targ, *why, *vect[1], buf[2048]; | 925 | char ch, *cp, *np, *targ, *why, *vect[1], buf[2048]; |
925 | struct timeval tv[2]; | 926 | struct timeval tv[2]; |
@@ -978,17 +979,31 @@ sink(int argc, char **argv) | |||
978 | if (*cp == 'T') { | 979 | if (*cp == 'T') { |
979 | setimes++; | 980 | setimes++; |
980 | cp++; | 981 | cp++; |
981 | mtime.tv_sec = strtol(cp, &cp, 10); | 982 | if (!isdigit((unsigned char)*cp)) |
983 | SCREWUP("mtime.sec not present"); | ||
984 | ull = strtoull(cp, &cp, 10); | ||
982 | if (!cp || *cp++ != ' ') | 985 | if (!cp || *cp++ != ' ') |
983 | SCREWUP("mtime.sec not delimited"); | 986 | SCREWUP("mtime.sec not delimited"); |
987 | if ((time_t)ull < 0 || | ||
988 | (unsigned long long)(time_t)ull != ull) | ||
989 | setimes = 0; /* out of range */ | ||
990 | mtime.tv_sec = ull; | ||
984 | mtime.tv_usec = strtol(cp, &cp, 10); | 991 | mtime.tv_usec = strtol(cp, &cp, 10); |
985 | if (!cp || *cp++ != ' ') | 992 | if (!cp || *cp++ != ' ' || mtime.tv_usec < 0 || |
993 | mtime.tv_usec > 999999) | ||
986 | SCREWUP("mtime.usec not delimited"); | 994 | SCREWUP("mtime.usec not delimited"); |
987 | atime.tv_sec = strtol(cp, &cp, 10); | 995 | if (!isdigit((unsigned char)*cp)) |
996 | SCREWUP("atime.sec not present"); | ||
997 | ull = strtoull(cp, &cp, 10); | ||
988 | if (!cp || *cp++ != ' ') | 998 | if (!cp || *cp++ != ' ') |
989 | SCREWUP("atime.sec not delimited"); | 999 | SCREWUP("atime.sec not delimited"); |
1000 | if ((time_t)ull < 0 || | ||
1001 | (unsigned long long)(time_t)ull != ull) | ||
1002 | setimes = 0; /* out of range */ | ||
1003 | atime.tv_sec = ull; | ||
990 | atime.tv_usec = strtol(cp, &cp, 10); | 1004 | atime.tv_usec = strtol(cp, &cp, 10); |
991 | if (!cp || *cp++ != '\0') | 1005 | if (!cp || *cp++ != '\0' || atime.tv_usec < 0 || |
1006 | atime.tv_usec > 999999) | ||
992 | SCREWUP("atime.usec not delimited"); | 1007 | SCREWUP("atime.usec not delimited"); |
993 | (void) atomicio(vwrite, remout, "", 1); | 1008 | (void) atomicio(vwrite, remout, "", 1); |
994 | continue; | 1009 | continue; |
@@ -1031,8 +1046,7 @@ sink(int argc, char **argv) | |||
1031 | 1046 | ||
1032 | need = strlen(targ) + strlen(cp) + 250; | 1047 | need = strlen(targ) + strlen(cp) + 250; |
1033 | if (need > cursize) { | 1048 | if (need > cursize) { |
1034 | if (namebuf) | 1049 | free(namebuf); |
1035 | xfree(namebuf); | ||
1036 | namebuf = xmalloc(need); | 1050 | namebuf = xmalloc(need); |
1037 | cursize = need; | 1051 | cursize = need; |
1038 | } | 1052 | } |
@@ -1071,12 +1085,11 @@ sink(int argc, char **argv) | |||
1071 | } | 1085 | } |
1072 | if (mod_flag) | 1086 | if (mod_flag) |
1073 | (void) chmod(vect[0], mode); | 1087 | (void) chmod(vect[0], mode); |
1074 | if (vect[0]) | 1088 | free(vect[0]); |
1075 | xfree(vect[0]); | ||
1076 | continue; | 1089 | continue; |
1077 | } | 1090 | } |
1078 | omode = mode; | 1091 | omode = mode; |
1079 | mode |= S_IWRITE; | 1092 | mode |= S_IWUSR; |
1080 | if ((ofd = open(np, O_WRONLY|O_CREAT, mode)) < 0) { | 1093 | if ((ofd = open(np, O_WRONLY|O_CREAT, mode)) < 0) { |
1081 | bad: run_err("%s: %s", np, strerror(errno)); | 1094 | bad: run_err("%s: %s", np, strerror(errno)); |
1082 | continue; | 1095 | continue; |
@@ -1333,7 +1346,7 @@ void | |||
1333 | lostconn(int signo) | 1346 | lostconn(int signo) |
1334 | { | 1347 | { |
1335 | if (!iamremote) | 1348 | if (!iamremote) |
1336 | write(STDERR_FILENO, "lost connection\n", 16); | 1349 | (void)write(STDERR_FILENO, "lost connection\n", 16); |
1337 | if (signo) | 1350 | if (signo) |
1338 | _exit(1); | 1351 | _exit(1); |
1339 | else | 1352 | else |
diff --git a/servconf.c b/servconf.c index 1700d5aa6..a2928ff57 100644 --- a/servconf.c +++ b/servconf.c | |||
@@ -1,5 +1,5 @@ | |||
1 | 1 | ||
2 | /* $OpenBSD: servconf.c,v 1.234 2013/02/06 00:20:42 dtucker Exp $ */ | 2 | /* $OpenBSD: servconf.c,v 1.240 2013/07/19 07:37:48 markus Exp $ */ |
3 | /* | 3 | /* |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
5 | * All rights reserved | 5 | * All rights reserved |
@@ -20,6 +20,7 @@ | |||
20 | #include <netinet/in_systm.h> | 20 | #include <netinet/in_systm.h> |
21 | #include <netinet/ip.h> | 21 | #include <netinet/ip.h> |
22 | 22 | ||
23 | #include <ctype.h> | ||
23 | #include <netdb.h> | 24 | #include <netdb.h> |
24 | #include <pwd.h> | 25 | #include <pwd.h> |
25 | #include <stdio.h> | 26 | #include <stdio.h> |
@@ -29,6 +30,9 @@ | |||
29 | #include <unistd.h> | 30 | #include <unistd.h> |
30 | #include <stdarg.h> | 31 | #include <stdarg.h> |
31 | #include <errno.h> | 32 | #include <errno.h> |
33 | #ifdef HAVE_UTIL_H | ||
34 | #include <util.h> | ||
35 | #endif | ||
32 | 36 | ||
33 | #include "openbsd-compat/sys-queue.h" | 37 | #include "openbsd-compat/sys-queue.h" |
34 | #include "xmalloc.h" | 38 | #include "xmalloc.h" |
@@ -75,6 +79,7 @@ initialize_server_options(ServerOptions *options) | |||
75 | options->address_family = -1; | 79 | options->address_family = -1; |
76 | options->num_host_key_files = 0; | 80 | options->num_host_key_files = 0; |
77 | options->num_host_cert_files = 0; | 81 | options->num_host_cert_files = 0; |
82 | options->host_key_agent = NULL; | ||
78 | options->pid_file = NULL; | 83 | options->pid_file = NULL; |
79 | options->server_key_bits = -1; | 84 | options->server_key_bits = -1; |
80 | options->login_grace_time = -1; | 85 | options->login_grace_time = -1; |
@@ -114,6 +119,8 @@ initialize_server_options(ServerOptions *options) | |||
114 | options->permit_user_env = -1; | 119 | options->permit_user_env = -1; |
115 | options->use_login = -1; | 120 | options->use_login = -1; |
116 | options->compression = -1; | 121 | options->compression = -1; |
122 | options->rekey_limit = -1; | ||
123 | options->rekey_interval = -1; | ||
117 | options->allow_tcp_forwarding = -1; | 124 | options->allow_tcp_forwarding = -1; |
118 | options->allow_agent_forwarding = -1; | 125 | options->allow_agent_forwarding = -1; |
119 | options->num_allow_users = 0; | 126 | options->num_allow_users = 0; |
@@ -262,6 +269,10 @@ fill_default_server_options(ServerOptions *options) | |||
262 | options->use_login = 0; | 269 | options->use_login = 0; |
263 | if (options->compression == -1) | 270 | if (options->compression == -1) |
264 | options->compression = COMP_DELAYED; | 271 | options->compression = COMP_DELAYED; |
272 | if (options->rekey_limit == -1) | ||
273 | options->rekey_limit = 0; | ||
274 | if (options->rekey_interval == -1) | ||
275 | options->rekey_interval = 0; | ||
265 | if (options->allow_tcp_forwarding == -1) | 276 | if (options->allow_tcp_forwarding == -1) |
266 | options->allow_tcp_forwarding = FORWARD_ALLOW; | 277 | options->allow_tcp_forwarding = FORWARD_ALLOW; |
267 | if (options->allow_agent_forwarding == -1) | 278 | if (options->allow_agent_forwarding == -1) |
@@ -335,7 +346,7 @@ typedef enum { | |||
335 | sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, | 346 | sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, |
336 | sStrictModes, sPermitBlacklistedKeys, sEmptyPasswd, sTCPKeepAlive, | 347 | sStrictModes, sPermitBlacklistedKeys, sEmptyPasswd, sTCPKeepAlive, |
337 | sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression, | 348 | sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression, |
338 | sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, | 349 | sRekeyLimit, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, |
339 | sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile, | 350 | sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile, |
340 | sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, | 351 | sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, |
341 | sMaxStartups, sMaxAuthTries, sMaxSessions, | 352 | sMaxStartups, sMaxAuthTries, sMaxSessions, |
@@ -351,7 +362,7 @@ typedef enum { | |||
351 | sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, | 362 | sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, |
352 | sKexAlgorithms, sIPQoS, sVersionAddendum, | 363 | sKexAlgorithms, sIPQoS, sVersionAddendum, |
353 | sAuthorizedKeysCommand, sAuthorizedKeysCommandUser, | 364 | sAuthorizedKeysCommand, sAuthorizedKeysCommandUser, |
354 | sAuthenticationMethods, | 365 | sAuthenticationMethods, sHostKeyAgent, |
355 | sDebianBanner, | 366 | sDebianBanner, |
356 | sDeprecated, sUnsupported | 367 | sDeprecated, sUnsupported |
357 | } ServerOpCodes; | 368 | } ServerOpCodes; |
@@ -377,6 +388,7 @@ static struct { | |||
377 | { "port", sPort, SSHCFG_GLOBAL }, | 388 | { "port", sPort, SSHCFG_GLOBAL }, |
378 | { "hostkey", sHostKeyFile, SSHCFG_GLOBAL }, | 389 | { "hostkey", sHostKeyFile, SSHCFG_GLOBAL }, |
379 | { "hostdsakey", sHostKeyFile, SSHCFG_GLOBAL }, /* alias */ | 390 | { "hostdsakey", sHostKeyFile, SSHCFG_GLOBAL }, /* alias */ |
391 | { "hostkeyagent", sHostKeyAgent, SSHCFG_GLOBAL }, | ||
380 | { "pidfile", sPidFile, SSHCFG_GLOBAL }, | 392 | { "pidfile", sPidFile, SSHCFG_GLOBAL }, |
381 | { "serverkeybits", sServerKeyBits, SSHCFG_GLOBAL }, | 393 | { "serverkeybits", sServerKeyBits, SSHCFG_GLOBAL }, |
382 | { "logingracetime", sLoginGraceTime, SSHCFG_GLOBAL }, | 394 | { "logingracetime", sLoginGraceTime, SSHCFG_GLOBAL }, |
@@ -451,6 +463,7 @@ static struct { | |||
451 | { "permituserenvironment", sPermitUserEnvironment, SSHCFG_GLOBAL }, | 463 | { "permituserenvironment", sPermitUserEnvironment, SSHCFG_GLOBAL }, |
452 | { "uselogin", sUseLogin, SSHCFG_GLOBAL }, | 464 | { "uselogin", sUseLogin, SSHCFG_GLOBAL }, |
453 | { "compression", sCompression, SSHCFG_GLOBAL }, | 465 | { "compression", sCompression, SSHCFG_GLOBAL }, |
466 | { "rekeylimit", sRekeyLimit, SSHCFG_ALL }, | ||
454 | { "tcpkeepalive", sTCPKeepAlive, SSHCFG_GLOBAL }, | 467 | { "tcpkeepalive", sTCPKeepAlive, SSHCFG_GLOBAL }, |
455 | { "keepalive", sTCPKeepAlive, SSHCFG_GLOBAL }, /* obsolete alias */ | 468 | { "keepalive", sTCPKeepAlive, SSHCFG_GLOBAL }, /* obsolete alias */ |
456 | { "allowtcpforwarding", sAllowTcpForwarding, SSHCFG_ALL }, | 469 | { "allowtcpforwarding", sAllowTcpForwarding, SSHCFG_ALL }, |
@@ -539,7 +552,7 @@ derelativise_path(const char *path) | |||
539 | if (getcwd(cwd, sizeof(cwd)) == NULL) | 552 | if (getcwd(cwd, sizeof(cwd)) == NULL) |
540 | fatal("%s: getcwd: %s", __func__, strerror(errno)); | 553 | fatal("%s: getcwd: %s", __func__, strerror(errno)); |
541 | xasprintf(&ret, "%s/%s", cwd, expanded); | 554 | xasprintf(&ret, "%s/%s", cwd, expanded); |
542 | xfree(expanded); | 555 | free(expanded); |
543 | return ret; | 556 | return ret; |
544 | } | 557 | } |
545 | 558 | ||
@@ -831,13 +844,13 @@ process_server_config_line(ServerOptions *options, char *line, | |||
831 | struct connection_info *connectinfo) | 844 | struct connection_info *connectinfo) |
832 | { | 845 | { |
833 | char *cp, **charptr, *arg, *p; | 846 | char *cp, **charptr, *arg, *p; |
834 | int cmdline = 0, *intptr, value, value2, n; | 847 | int cmdline = 0, *intptr, value, value2, n, port; |
835 | SyslogFacility *log_facility_ptr; | 848 | SyslogFacility *log_facility_ptr; |
836 | LogLevel *log_level_ptr; | 849 | LogLevel *log_level_ptr; |
837 | ServerOpCodes opcode; | 850 | ServerOpCodes opcode; |
838 | int port; | ||
839 | u_int i, flags = 0; | 851 | u_int i, flags = 0; |
840 | size_t len; | 852 | size_t len; |
853 | long long val64; | ||
841 | const struct multistate *multistate_ptr; | 854 | const struct multistate *multistate_ptr; |
842 | 855 | ||
843 | cp = line; | 856 | cp = line; |
@@ -997,6 +1010,17 @@ process_server_config_line(ServerOptions *options, char *line, | |||
997 | } | 1010 | } |
998 | break; | 1011 | break; |
999 | 1012 | ||
1013 | case sHostKeyAgent: | ||
1014 | charptr = &options->host_key_agent; | ||
1015 | arg = strdelim(&cp); | ||
1016 | if (!arg || *arg == '\0') | ||
1017 | fatal("%s line %d: missing socket name.", | ||
1018 | filename, linenum); | ||
1019 | if (*activep && *charptr == NULL) | ||
1020 | *charptr = !strcmp(arg, SSH_AUTHSOCKET_ENV_NAME) ? | ||
1021 | xstrdup(arg) : derelativise_path(arg); | ||
1022 | break; | ||
1023 | |||
1000 | case sHostCertificate: | 1024 | case sHostCertificate: |
1001 | intptr = &options->num_host_cert_files; | 1025 | intptr = &options->num_host_cert_files; |
1002 | if (*intptr >= MAX_HOSTKEYS) | 1026 | if (*intptr >= MAX_HOSTKEYS) |
@@ -1164,6 +1188,37 @@ process_server_config_line(ServerOptions *options, char *line, | |||
1164 | multistate_ptr = multistate_compression; | 1188 | multistate_ptr = multistate_compression; |
1165 | goto parse_multistate; | 1189 | goto parse_multistate; |
1166 | 1190 | ||
1191 | case sRekeyLimit: | ||
1192 | arg = strdelim(&cp); | ||
1193 | if (!arg || *arg == '\0') | ||
1194 | fatal("%.200s line %d: Missing argument.", filename, | ||
1195 | linenum); | ||
1196 | if (strcmp(arg, "default") == 0) { | ||
1197 | val64 = 0; | ||
1198 | } else { | ||
1199 | if (scan_scaled(arg, &val64) == -1) | ||
1200 | fatal("%.200s line %d: Bad number '%s': %s", | ||
1201 | filename, linenum, arg, strerror(errno)); | ||
1202 | /* check for too-large or too-small limits */ | ||
1203 | if (val64 > UINT_MAX) | ||
1204 | fatal("%.200s line %d: RekeyLimit too large", | ||
1205 | filename, linenum); | ||
1206 | if (val64 != 0 && val64 < 16) | ||
1207 | fatal("%.200s line %d: RekeyLimit too small", | ||
1208 | filename, linenum); | ||
1209 | } | ||
1210 | if (*activep && options->rekey_limit == -1) | ||
1211 | options->rekey_limit = (u_int32_t)val64; | ||
1212 | if (cp != NULL) { /* optional rekey interval present */ | ||
1213 | if (strcmp(cp, "none") == 0) { | ||
1214 | (void)strdelim(&cp); /* discard */ | ||
1215 | break; | ||
1216 | } | ||
1217 | intptr = &options->rekey_interval; | ||
1218 | goto parse_time; | ||
1219 | } | ||
1220 | break; | ||
1221 | |||
1167 | case sGatewayPorts: | 1222 | case sGatewayPorts: |
1168 | intptr = &options->gateway_ports; | 1223 | intptr = &options->gateway_ports; |
1169 | multistate_ptr = multistate_gatewayports; | 1224 | multistate_ptr = multistate_gatewayports; |
@@ -1721,8 +1776,7 @@ int server_match_spec_complete(struct connection_info *ci) | |||
1721 | } while (0) | 1776 | } while (0) |
1722 | #define M_CP_STROPT(n) do {\ | 1777 | #define M_CP_STROPT(n) do {\ |
1723 | if (src->n != NULL) { \ | 1778 | if (src->n != NULL) { \ |
1724 | if (dst->n != NULL) \ | 1779 | free(dst->n); \ |
1725 | xfree(dst->n); \ | ||
1726 | dst->n = src->n; \ | 1780 | dst->n = src->n; \ |
1727 | } \ | 1781 | } \ |
1728 | } while(0) | 1782 | } while(0) |
@@ -1768,6 +1822,8 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth) | |||
1768 | M_CP_INTOPT(max_authtries); | 1822 | M_CP_INTOPT(max_authtries); |
1769 | M_CP_INTOPT(ip_qos_interactive); | 1823 | M_CP_INTOPT(ip_qos_interactive); |
1770 | M_CP_INTOPT(ip_qos_bulk); | 1824 | M_CP_INTOPT(ip_qos_bulk); |
1825 | M_CP_INTOPT(rekey_limit); | ||
1826 | M_CP_INTOPT(rekey_interval); | ||
1771 | 1827 | ||
1772 | /* See comment in servconf.h */ | 1828 | /* See comment in servconf.h */ |
1773 | COPY_MATCH_STRING_OPTS(); | 1829 | COPY_MATCH_STRING_OPTS(); |
@@ -1804,7 +1860,7 @@ parse_server_config(ServerOptions *options, const char *filename, Buffer *conf, | |||
1804 | linenum++, &active, connectinfo) != 0) | 1860 | linenum++, &active, connectinfo) != 0) |
1805 | bad_options++; | 1861 | bad_options++; |
1806 | } | 1862 | } |
1807 | xfree(obuf); | 1863 | free(obuf); |
1808 | if (bad_options > 0) | 1864 | if (bad_options > 0) |
1809 | fatal("%s: terminating, %d bad configuration options", | 1865 | fatal("%s: terminating, %d bad configuration options", |
1810 | filename, bad_options); | 1866 | filename, bad_options); |
@@ -2022,6 +2078,7 @@ dump_config(ServerOptions *o) | |||
2022 | dump_cfg_string(sVersionAddendum, o->version_addendum); | 2078 | dump_cfg_string(sVersionAddendum, o->version_addendum); |
2023 | dump_cfg_string(sAuthorizedKeysCommand, o->authorized_keys_command); | 2079 | dump_cfg_string(sAuthorizedKeysCommand, o->authorized_keys_command); |
2024 | dump_cfg_string(sAuthorizedKeysCommandUser, o->authorized_keys_command_user); | 2080 | dump_cfg_string(sAuthorizedKeysCommandUser, o->authorized_keys_command_user); |
2081 | dump_cfg_string(sHostKeyAgent, o->host_key_agent); | ||
2025 | 2082 | ||
2026 | /* string arguments requiring a lookup */ | 2083 | /* string arguments requiring a lookup */ |
2027 | dump_cfg_string(sLogLevel, log_level_name(o->log_level)); | 2084 | dump_cfg_string(sLogLevel, log_level_name(o->log_level)); |
@@ -2060,5 +2117,7 @@ dump_config(ServerOptions *o) | |||
2060 | printf("ipqos %s ", iptos2str(o->ip_qos_interactive)); | 2117 | printf("ipqos %s ", iptos2str(o->ip_qos_interactive)); |
2061 | printf("%s\n", iptos2str(o->ip_qos_bulk)); | 2118 | printf("%s\n", iptos2str(o->ip_qos_bulk)); |
2062 | 2119 | ||
2120 | printf("rekeylimit %lld %d\n", o->rekey_limit, o->rekey_interval); | ||
2121 | |||
2063 | channel_print_adm_permitted_opens(); | 2122 | channel_print_adm_permitted_opens(); |
2064 | } | 2123 | } |
diff --git a/servconf.h b/servconf.h index bc0536927..fd72ce2a3 100644 --- a/servconf.h +++ b/servconf.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: servconf.h,v 1.107 2013/01/03 05:49:36 djm Exp $ */ | 1 | /* $OpenBSD: servconf.h,v 1.109 2013/07/19 07:37:48 markus Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
@@ -65,6 +65,7 @@ typedef struct { | |||
65 | int num_host_key_files; /* Number of files for host keys. */ | 65 | int num_host_key_files; /* Number of files for host keys. */ |
66 | char *host_cert_files[MAX_HOSTCERTS]; /* Files containing host certs. */ | 66 | char *host_cert_files[MAX_HOSTCERTS]; /* Files containing host certs. */ |
67 | int num_host_cert_files; /* Number of files for host certs. */ | 67 | int num_host_cert_files; /* Number of files for host certs. */ |
68 | char *host_key_agent; /* ssh-agent socket for host keys. */ | ||
68 | char *pid_file; /* Where to put our pid */ | 69 | char *pid_file; /* Where to put our pid */ |
69 | int server_key_bits;/* Size of the server key. */ | 70 | int server_key_bits;/* Size of the server key. */ |
70 | int login_grace_time; /* Disconnect if no auth in this time | 71 | int login_grace_time; /* Disconnect if no auth in this time |
@@ -180,6 +181,9 @@ typedef struct { | |||
180 | char *authorized_keys_command; | 181 | char *authorized_keys_command; |
181 | char *authorized_keys_command_user; | 182 | char *authorized_keys_command_user; |
182 | 183 | ||
184 | int64_t rekey_limit; | ||
185 | int rekey_interval; | ||
186 | |||
183 | char *version_addendum; /* Appended to SSH banner */ | 187 | char *version_addendum; /* Appended to SSH banner */ |
184 | 188 | ||
185 | u_int num_auth_methods; | 189 | u_int num_auth_methods; |
diff --git a/serverloop.c b/serverloop.c index 9e5fa555e..5f22df3df 100644 --- a/serverloop.c +++ b/serverloop.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: serverloop.c,v 1.164 2012/12/07 01:51:35 dtucker Exp $ */ | 1 | /* $OpenBSD: serverloop.c,v 1.168 2013/07/12 00:19:59 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -148,7 +148,7 @@ static void | |||
148 | notify_parent(void) | 148 | notify_parent(void) |
149 | { | 149 | { |
150 | if (notify_pipe[1] != -1) | 150 | if (notify_pipe[1] != -1) |
151 | write(notify_pipe[1], "", 1); | 151 | (void)write(notify_pipe[1], "", 1); |
152 | } | 152 | } |
153 | static void | 153 | static void |
154 | notify_prepare(fd_set *readset) | 154 | notify_prepare(fd_set *readset) |
@@ -277,7 +277,7 @@ client_alive_check(void) | |||
277 | */ | 277 | */ |
278 | static void | 278 | static void |
279 | wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp, int *maxfdp, | 279 | wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp, int *maxfdp, |
280 | u_int *nallocp, u_int max_time_milliseconds) | 280 | u_int *nallocp, u_int64_t max_time_milliseconds) |
281 | { | 281 | { |
282 | struct timeval tv, *tvp; | 282 | struct timeval tv, *tvp; |
283 | int ret; | 283 | int ret; |
@@ -563,7 +563,7 @@ server_loop(pid_t pid, int fdin_arg, int fdout_arg, int fderr_arg) | |||
563 | int wait_status; /* Status returned by wait(). */ | 563 | int wait_status; /* Status returned by wait(). */ |
564 | pid_t wait_pid; /* pid returned by wait(). */ | 564 | pid_t wait_pid; /* pid returned by wait(). */ |
565 | int waiting_termination = 0; /* Have displayed waiting close message. */ | 565 | int waiting_termination = 0; /* Have displayed waiting close message. */ |
566 | u_int max_time_milliseconds; | 566 | u_int64_t max_time_milliseconds; |
567 | u_int previous_stdout_buffer_bytes; | 567 | u_int previous_stdout_buffer_bytes; |
568 | u_int stdout_buffer_bytes; | 568 | u_int stdout_buffer_bytes; |
569 | int type; | 569 | int type; |
@@ -694,7 +694,7 @@ server_loop(pid_t pid, int fdin_arg, int fdout_arg, int fderr_arg) | |||
694 | /* Display list of open channels. */ | 694 | /* Display list of open channels. */ |
695 | cp = channel_open_message(); | 695 | cp = channel_open_message(); |
696 | buffer_append(&stderr_buffer, cp, strlen(cp)); | 696 | buffer_append(&stderr_buffer, cp, strlen(cp)); |
697 | xfree(cp); | 697 | free(cp); |
698 | } | 698 | } |
699 | } | 699 | } |
700 | max_fd = MAX(connection_in, connection_out); | 700 | max_fd = MAX(connection_in, connection_out); |
@@ -722,10 +722,8 @@ server_loop(pid_t pid, int fdin_arg, int fdout_arg, int fderr_arg) | |||
722 | /* Process output to the client and to program stdin. */ | 722 | /* Process output to the client and to program stdin. */ |
723 | process_output(writeset); | 723 | process_output(writeset); |
724 | } | 724 | } |
725 | if (readset) | 725 | free(readset); |
726 | xfree(readset); | 726 | free(writeset); |
727 | if (writeset) | ||
728 | xfree(writeset); | ||
729 | 727 | ||
730 | /* Cleanup and termination code. */ | 728 | /* Cleanup and termination code. */ |
731 | 729 | ||
@@ -825,7 +823,9 @@ void | |||
825 | server_loop2(Authctxt *authctxt) | 823 | server_loop2(Authctxt *authctxt) |
826 | { | 824 | { |
827 | fd_set *readset = NULL, *writeset = NULL; | 825 | fd_set *readset = NULL, *writeset = NULL; |
828 | int rekeying = 0, max_fd, nalloc = 0; | 826 | int rekeying = 0, max_fd; |
827 | u_int nalloc = 0; | ||
828 | u_int64_t rekey_timeout_ms = 0; | ||
829 | 829 | ||
830 | debug("Entering interactive session for SSH2."); | 830 | debug("Entering interactive session for SSH2."); |
831 | 831 | ||
@@ -854,8 +854,13 @@ server_loop2(Authctxt *authctxt) | |||
854 | 854 | ||
855 | if (!rekeying && packet_not_very_much_data_to_write()) | 855 | if (!rekeying && packet_not_very_much_data_to_write()) |
856 | channel_output_poll(); | 856 | channel_output_poll(); |
857 | if (options.rekey_interval > 0 && compat20 && !rekeying) | ||
858 | rekey_timeout_ms = packet_get_rekey_timeout() * 1000; | ||
859 | else | ||
860 | rekey_timeout_ms = 0; | ||
861 | |||
857 | wait_until_can_do_something(&readset, &writeset, &max_fd, | 862 | wait_until_can_do_something(&readset, &writeset, &max_fd, |
858 | &nalloc, 0); | 863 | &nalloc, rekey_timeout_ms); |
859 | 864 | ||
860 | if (received_sigterm) { | 865 | if (received_sigterm) { |
861 | logit("Exiting on signal %d", (int)received_sigterm); | 866 | logit("Exiting on signal %d", (int)received_sigterm); |
@@ -879,10 +884,8 @@ server_loop2(Authctxt *authctxt) | |||
879 | } | 884 | } |
880 | collect_children(); | 885 | collect_children(); |
881 | 886 | ||
882 | if (readset) | 887 | free(readset); |
883 | xfree(readset); | 888 | free(writeset); |
884 | if (writeset) | ||
885 | xfree(writeset); | ||
886 | 889 | ||
887 | /* free all channels, no more reads and writes */ | 890 | /* free all channels, no more reads and writes */ |
888 | channel_free_all(); | 891 | channel_free_all(); |
@@ -917,7 +920,7 @@ server_input_stdin_data(int type, u_int32_t seq, void *ctxt) | |||
917 | packet_check_eom(); | 920 | packet_check_eom(); |
918 | buffer_append(&stdin_buffer, data, data_len); | 921 | buffer_append(&stdin_buffer, data, data_len); |
919 | memset(data, 0, data_len); | 922 | memset(data, 0, data_len); |
920 | xfree(data); | 923 | free(data); |
921 | } | 924 | } |
922 | 925 | ||
923 | static void | 926 | static void |
@@ -974,8 +977,8 @@ server_request_direct_tcpip(void) | |||
974 | originator, originator_port, target, target_port); | 977 | originator, originator_port, target, target_port); |
975 | } | 978 | } |
976 | 979 | ||
977 | xfree(originator); | 980 | free(originator); |
978 | xfree(target); | 981 | free(target); |
979 | 982 | ||
980 | return c; | 983 | return c; |
981 | } | 984 | } |
@@ -1104,7 +1107,7 @@ server_input_channel_open(int type, u_int32_t seq, void *ctxt) | |||
1104 | } | 1107 | } |
1105 | packet_send(); | 1108 | packet_send(); |
1106 | } | 1109 | } |
1107 | xfree(ctype); | 1110 | free(ctype); |
1108 | } | 1111 | } |
1109 | 1112 | ||
1110 | static void | 1113 | static void |
@@ -1149,7 +1152,7 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt) | |||
1149 | listen_address, listen_port, | 1152 | listen_address, listen_port, |
1150 | &allocated_listen_port, options.gateway_ports); | 1153 | &allocated_listen_port, options.gateway_ports); |
1151 | } | 1154 | } |
1152 | xfree(listen_address); | 1155 | free(listen_address); |
1153 | } else if (strcmp(rtype, "cancel-tcpip-forward") == 0) { | 1156 | } else if (strcmp(rtype, "cancel-tcpip-forward") == 0) { |
1154 | char *cancel_address; | 1157 | char *cancel_address; |
1155 | u_short cancel_port; | 1158 | u_short cancel_port; |
@@ -1161,7 +1164,7 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt) | |||
1161 | 1164 | ||
1162 | success = channel_cancel_rport_listener(cancel_address, | 1165 | success = channel_cancel_rport_listener(cancel_address, |
1163 | cancel_port); | 1166 | cancel_port); |
1164 | xfree(cancel_address); | 1167 | free(cancel_address); |
1165 | } else if (strcmp(rtype, "no-more-sessions@openssh.com") == 0) { | 1168 | } else if (strcmp(rtype, "no-more-sessions@openssh.com") == 0) { |
1166 | no_more_sessions = 1; | 1169 | no_more_sessions = 1; |
1167 | success = 1; | 1170 | success = 1; |
@@ -1174,7 +1177,7 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt) | |||
1174 | packet_send(); | 1177 | packet_send(); |
1175 | packet_write_wait(); | 1178 | packet_write_wait(); |
1176 | } | 1179 | } |
1177 | xfree(rtype); | 1180 | free(rtype); |
1178 | } | 1181 | } |
1179 | 1182 | ||
1180 | static void | 1183 | static void |
@@ -1206,7 +1209,7 @@ server_input_channel_req(int type, u_int32_t seq, void *ctxt) | |||
1206 | packet_put_int(c->remote_id); | 1209 | packet_put_int(c->remote_id); |
1207 | packet_send(); | 1210 | packet_send(); |
1208 | } | 1211 | } |
1209 | xfree(rtype); | 1212 | free(rtype); |
1210 | } | 1213 | } |
1211 | 1214 | ||
1212 | static void | 1215 | static void |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: session.c,v 1.261 2012/12/02 20:46:11 djm Exp $ */ | 1 | /* $OpenBSD: session.c,v 1.266 2013/07/19 07:37:48 markus Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
4 | * All rights reserved | 4 | * All rights reserved |
@@ -80,6 +80,7 @@ | |||
80 | #include "hostfile.h" | 80 | #include "hostfile.h" |
81 | #include "auth.h" | 81 | #include "auth.h" |
82 | #include "auth-options.h" | 82 | #include "auth-options.h" |
83 | #include "authfd.h" | ||
83 | #include "pathnames.h" | 84 | #include "pathnames.h" |
84 | #include "log.h" | 85 | #include "log.h" |
85 | #include "servconf.h" | 86 | #include "servconf.h" |
@@ -200,7 +201,7 @@ auth_input_request_forwarding(struct passwd * pw) | |||
200 | packet_send_debug("Agent forwarding disabled: " | 201 | packet_send_debug("Agent forwarding disabled: " |
201 | "mkdtemp() failed: %.100s", strerror(errno)); | 202 | "mkdtemp() failed: %.100s", strerror(errno)); |
202 | restore_uid(); | 203 | restore_uid(); |
203 | xfree(auth_sock_dir); | 204 | free(auth_sock_dir); |
204 | auth_sock_dir = NULL; | 205 | auth_sock_dir = NULL; |
205 | goto authsock_err; | 206 | goto authsock_err; |
206 | } | 207 | } |
@@ -245,11 +246,10 @@ auth_input_request_forwarding(struct passwd * pw) | |||
245 | return 1; | 246 | return 1; |
246 | 247 | ||
247 | authsock_err: | 248 | authsock_err: |
248 | if (auth_sock_name != NULL) | 249 | free(auth_sock_name); |
249 | xfree(auth_sock_name); | ||
250 | if (auth_sock_dir != NULL) { | 250 | if (auth_sock_dir != NULL) { |
251 | rmdir(auth_sock_dir); | 251 | rmdir(auth_sock_dir); |
252 | xfree(auth_sock_dir); | 252 | free(auth_sock_dir); |
253 | } | 253 | } |
254 | if (sock != -1) | 254 | if (sock != -1) |
255 | close(sock); | 255 | close(sock); |
@@ -365,8 +365,8 @@ do_authenticated1(Authctxt *authctxt) | |||
365 | packet_check_eom(); | 365 | packet_check_eom(); |
366 | success = session_setup_x11fwd(s); | 366 | success = session_setup_x11fwd(s); |
367 | if (!success) { | 367 | if (!success) { |
368 | xfree(s->auth_proto); | 368 | free(s->auth_proto); |
369 | xfree(s->auth_data); | 369 | free(s->auth_data); |
370 | s->auth_proto = NULL; | 370 | s->auth_proto = NULL; |
371 | s->auth_data = NULL; | 371 | s->auth_data = NULL; |
372 | } | 372 | } |
@@ -413,7 +413,7 @@ do_authenticated1(Authctxt *authctxt) | |||
413 | if (do_exec(s, command) != 0) | 413 | if (do_exec(s, command) != 0) |
414 | packet_disconnect( | 414 | packet_disconnect( |
415 | "command execution failed"); | 415 | "command execution failed"); |
416 | xfree(command); | 416 | free(command); |
417 | } else { | 417 | } else { |
418 | if (do_exec(s, NULL) != 0) | 418 | if (do_exec(s, NULL) != 0) |
419 | packet_disconnect( | 419 | packet_disconnect( |
@@ -978,7 +978,7 @@ child_set_env(char ***envp, u_int *envsizep, const char *name, | |||
978 | break; | 978 | break; |
979 | if (env[i]) { | 979 | if (env[i]) { |
980 | /* Reuse the slot. */ | 980 | /* Reuse the slot. */ |
981 | xfree(env[i]); | 981 | free(env[i]); |
982 | } else { | 982 | } else { |
983 | /* New variable. Expand if necessary. */ | 983 | /* New variable. Expand if necessary. */ |
984 | envsize = *envsizep; | 984 | envsize = *envsizep; |
@@ -1094,8 +1094,8 @@ read_etc_default_login(char ***env, u_int *envsize, uid_t uid) | |||
1094 | umask((mode_t)mask); | 1094 | umask((mode_t)mask); |
1095 | 1095 | ||
1096 | for (i = 0; tmpenv[i] != NULL; i++) | 1096 | for (i = 0; tmpenv[i] != NULL; i++) |
1097 | xfree(tmpenv[i]); | 1097 | free(tmpenv[i]); |
1098 | xfree(tmpenv); | 1098 | free(tmpenv); |
1099 | } | 1099 | } |
1100 | #endif /* HAVE_ETC_DEFAULT_LOGIN */ | 1100 | #endif /* HAVE_ETC_DEFAULT_LOGIN */ |
1101 | 1101 | ||
@@ -1111,7 +1111,7 @@ copy_environment(char **source, char ***env, u_int *envsize) | |||
1111 | for(i = 0; source[i] != NULL; i++) { | 1111 | for(i = 0; source[i] != NULL; i++) { |
1112 | var_name = xstrdup(source[i]); | 1112 | var_name = xstrdup(source[i]); |
1113 | if ((var_val = strstr(var_name, "=")) == NULL) { | 1113 | if ((var_val = strstr(var_name, "=")) == NULL) { |
1114 | xfree(var_name); | 1114 | free(var_name); |
1115 | continue; | 1115 | continue; |
1116 | } | 1116 | } |
1117 | *var_val++ = '\0'; | 1117 | *var_val++ = '\0'; |
@@ -1119,7 +1119,7 @@ copy_environment(char **source, char ***env, u_int *envsize) | |||
1119 | debug3("Copy environment: %s=%s", var_name, var_val); | 1119 | debug3("Copy environment: %s=%s", var_name, var_val); |
1120 | child_set_env(env, envsize, var_name, var_val); | 1120 | child_set_env(env, envsize, var_name, var_val); |
1121 | 1121 | ||
1122 | xfree(var_name); | 1122 | free(var_name); |
1123 | } | 1123 | } |
1124 | } | 1124 | } |
1125 | 1125 | ||
@@ -1223,8 +1223,8 @@ do_setup_env(Session *s, const char *shell) | |||
1223 | child_set_env(&env, &envsize, str, str + i + 1); | 1223 | child_set_env(&env, &envsize, str, str + i + 1); |
1224 | } | 1224 | } |
1225 | custom_environment = ce->next; | 1225 | custom_environment = ce->next; |
1226 | xfree(ce->s); | 1226 | free(ce->s); |
1227 | xfree(ce); | 1227 | free(ce); |
1228 | } | 1228 | } |
1229 | } | 1229 | } |
1230 | 1230 | ||
@@ -1236,7 +1236,7 @@ do_setup_env(Session *s, const char *shell) | |||
1236 | laddr = get_local_ipaddr(packet_get_connection_in()); | 1236 | laddr = get_local_ipaddr(packet_get_connection_in()); |
1237 | snprintf(buf, sizeof buf, "%.50s %d %.50s %d", | 1237 | snprintf(buf, sizeof buf, "%.50s %d %.50s %d", |
1238 | get_remote_ipaddr(), get_remote_port(), laddr, get_local_port()); | 1238 | get_remote_ipaddr(), get_remote_port(), laddr, get_local_port()); |
1239 | xfree(laddr); | 1239 | free(laddr); |
1240 | child_set_env(&env, &envsize, "SSH_CONNECTION", buf); | 1240 | child_set_env(&env, &envsize, "SSH_CONNECTION", buf); |
1241 | 1241 | ||
1242 | if (s->ttyfd != -1) | 1242 | if (s->ttyfd != -1) |
@@ -1412,7 +1412,7 @@ do_nologin(struct passwd *pw) | |||
1412 | #endif | 1412 | #endif |
1413 | if (stat(nl, &sb) == -1) { | 1413 | if (stat(nl, &sb) == -1) { |
1414 | if (nl != def_nl) | 1414 | if (nl != def_nl) |
1415 | xfree(nl); | 1415 | free(nl); |
1416 | return; | 1416 | return; |
1417 | } | 1417 | } |
1418 | 1418 | ||
@@ -1522,6 +1522,9 @@ do_setusercontext(struct passwd *pw, const char *role) | |||
1522 | safely_chroot(chroot_path, pw->pw_uid); | 1522 | safely_chroot(chroot_path, pw->pw_uid); |
1523 | free(tmp); | 1523 | free(tmp); |
1524 | free(chroot_path); | 1524 | free(chroot_path); |
1525 | /* Make sure we don't attempt to chroot again */ | ||
1526 | free(options.chroot_directory); | ||
1527 | options.chroot_directory = NULL; | ||
1525 | } | 1528 | } |
1526 | 1529 | ||
1527 | #ifdef HAVE_LOGIN_CAP | 1530 | #ifdef HAVE_LOGIN_CAP |
@@ -1538,6 +1541,9 @@ do_setusercontext(struct passwd *pw, const char *role) | |||
1538 | /* Permanently switch to the desired uid. */ | 1541 | /* Permanently switch to the desired uid. */ |
1539 | permanently_set_uid(pw); | 1542 | permanently_set_uid(pw); |
1540 | #endif | 1543 | #endif |
1544 | } else if (options.chroot_directory != NULL && | ||
1545 | strcasecmp(options.chroot_directory, "none") != 0) { | ||
1546 | fatal("server lacks privileges to chroot to ChrootDirectory"); | ||
1541 | } | 1547 | } |
1542 | 1548 | ||
1543 | if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid) | 1549 | if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid) |
@@ -1593,6 +1599,13 @@ launch_login(struct passwd *pw, const char *hostname) | |||
1593 | static void | 1599 | static void |
1594 | child_close_fds(void) | 1600 | child_close_fds(void) |
1595 | { | 1601 | { |
1602 | extern AuthenticationConnection *auth_conn; | ||
1603 | |||
1604 | if (auth_conn) { | ||
1605 | ssh_close_authentication_connection(auth_conn); | ||
1606 | auth_conn = NULL; | ||
1607 | } | ||
1608 | |||
1596 | if (packet_get_connection_in() == packet_get_connection_out()) | 1609 | if (packet_get_connection_in() == packet_get_connection_out()) |
1597 | close(packet_get_connection_in()); | 1610 | close(packet_get_connection_in()); |
1598 | else { | 1611 | else { |
@@ -2057,7 +2070,7 @@ session_pty_req(Session *s) | |||
2057 | s->ypixel = packet_get_int(); | 2070 | s->ypixel = packet_get_int(); |
2058 | 2071 | ||
2059 | if (strcmp(s->term, "") == 0) { | 2072 | if (strcmp(s->term, "") == 0) { |
2060 | xfree(s->term); | 2073 | free(s->term); |
2061 | s->term = NULL; | 2074 | s->term = NULL; |
2062 | } | 2075 | } |
2063 | 2076 | ||
@@ -2065,8 +2078,7 @@ session_pty_req(Session *s) | |||
2065 | debug("Allocating pty."); | 2078 | debug("Allocating pty."); |
2066 | if (!PRIVSEP(pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, | 2079 | if (!PRIVSEP(pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, |
2067 | sizeof(s->tty)))) { | 2080 | sizeof(s->tty)))) { |
2068 | if (s->term) | 2081 | free(s->term); |
2069 | xfree(s->term); | ||
2070 | s->term = NULL; | 2082 | s->term = NULL; |
2071 | s->ptyfd = -1; | 2083 | s->ptyfd = -1; |
2072 | s->ttyfd = -1; | 2084 | s->ttyfd = -1; |
@@ -2127,7 +2139,7 @@ session_subsystem_req(Session *s) | |||
2127 | logit("subsystem request for %.100s failed, subsystem not found", | 2139 | logit("subsystem request for %.100s failed, subsystem not found", |
2128 | subsys); | 2140 | subsys); |
2129 | 2141 | ||
2130 | xfree(subsys); | 2142 | free(subsys); |
2131 | return success; | 2143 | return success; |
2132 | } | 2144 | } |
2133 | 2145 | ||
@@ -2149,8 +2161,8 @@ session_x11_req(Session *s) | |||
2149 | 2161 | ||
2150 | success = session_setup_x11fwd(s); | 2162 | success = session_setup_x11fwd(s); |
2151 | if (!success) { | 2163 | if (!success) { |
2152 | xfree(s->auth_proto); | 2164 | free(s->auth_proto); |
2153 | xfree(s->auth_data); | 2165 | free(s->auth_data); |
2154 | s->auth_proto = NULL; | 2166 | s->auth_proto = NULL; |
2155 | s->auth_data = NULL; | 2167 | s->auth_data = NULL; |
2156 | } | 2168 | } |
@@ -2172,7 +2184,7 @@ session_exec_req(Session *s) | |||
2172 | char *command = packet_get_string(&len); | 2184 | char *command = packet_get_string(&len); |
2173 | packet_check_eom(); | 2185 | packet_check_eom(); |
2174 | success = do_exec(s, command) == 0; | 2186 | success = do_exec(s, command) == 0; |
2175 | xfree(command); | 2187 | free(command); |
2176 | return success; | 2188 | return success; |
2177 | } | 2189 | } |
2178 | 2190 | ||
@@ -2218,8 +2230,8 @@ session_env_req(Session *s) | |||
2218 | debug2("Ignoring env request %s: disallowed name", name); | 2230 | debug2("Ignoring env request %s: disallowed name", name); |
2219 | 2231 | ||
2220 | fail: | 2232 | fail: |
2221 | xfree(name); | 2233 | free(name); |
2222 | xfree(val); | 2234 | free(val); |
2223 | return (0); | 2235 | return (0); |
2224 | } | 2236 | } |
2225 | 2237 | ||
@@ -2405,24 +2417,16 @@ session_close_single_x11(int id, void *arg) | |||
2405 | if (s->x11_chanids[i] != id) | 2417 | if (s->x11_chanids[i] != id) |
2406 | session_close_x11(s->x11_chanids[i]); | 2418 | session_close_x11(s->x11_chanids[i]); |
2407 | } | 2419 | } |
2408 | xfree(s->x11_chanids); | 2420 | free(s->x11_chanids); |
2409 | s->x11_chanids = NULL; | 2421 | s->x11_chanids = NULL; |
2410 | if (s->display) { | 2422 | free(s->display); |
2411 | xfree(s->display); | 2423 | s->display = NULL; |
2412 | s->display = NULL; | 2424 | free(s->auth_proto); |
2413 | } | 2425 | s->auth_proto = NULL; |
2414 | if (s->auth_proto) { | 2426 | free(s->auth_data); |
2415 | xfree(s->auth_proto); | 2427 | s->auth_data = NULL; |
2416 | s->auth_proto = NULL; | 2428 | free(s->auth_display); |
2417 | } | 2429 | s->auth_display = NULL; |
2418 | if (s->auth_data) { | ||
2419 | xfree(s->auth_data); | ||
2420 | s->auth_data = NULL; | ||
2421 | } | ||
2422 | if (s->auth_display) { | ||
2423 | xfree(s->auth_display); | ||
2424 | s->auth_display = NULL; | ||
2425 | } | ||
2426 | } | 2430 | } |
2427 | 2431 | ||
2428 | static void | 2432 | static void |
@@ -2484,24 +2488,18 @@ session_close(Session *s) | |||
2484 | debug("session_close: session %d pid %ld", s->self, (long)s->pid); | 2488 | debug("session_close: session %d pid %ld", s->self, (long)s->pid); |
2485 | if (s->ttyfd != -1) | 2489 | if (s->ttyfd != -1) |
2486 | session_pty_cleanup(s); | 2490 | session_pty_cleanup(s); |
2487 | if (s->term) | 2491 | free(s->term); |
2488 | xfree(s->term); | 2492 | free(s->display); |
2489 | if (s->display) | 2493 | free(s->x11_chanids); |
2490 | xfree(s->display); | 2494 | free(s->auth_display); |
2491 | if (s->x11_chanids) | 2495 | free(s->auth_data); |
2492 | xfree(s->x11_chanids); | 2496 | free(s->auth_proto); |
2493 | if (s->auth_display) | ||
2494 | xfree(s->auth_display); | ||
2495 | if (s->auth_data) | ||
2496 | xfree(s->auth_data); | ||
2497 | if (s->auth_proto) | ||
2498 | xfree(s->auth_proto); | ||
2499 | if (s->env != NULL) { | 2497 | if (s->env != NULL) { |
2500 | for (i = 0; i < s->num_env; i++) { | 2498 | for (i = 0; i < s->num_env; i++) { |
2501 | xfree(s->env[i].name); | 2499 | free(s->env[i].name); |
2502 | xfree(s->env[i].val); | 2500 | free(s->env[i].val); |
2503 | } | 2501 | } |
2504 | xfree(s->env); | 2502 | free(s->env); |
2505 | } | 2503 | } |
2506 | session_proctitle(s); | 2504 | session_proctitle(s); |
2507 | session_unused(s->self); | 2505 | session_unused(s->self); |
diff --git a/sftp-client.c b/sftp-client.c index 85f2bd444..f4f1970b6 100644 --- a/sftp-client.c +++ b/sftp-client.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sftp-client.c,v 1.97 2012/07/02 12:13:26 dtucker Exp $ */ | 1 | /* $OpenBSD: sftp-client.c,v 1.101 2013/07/25 00:56:51 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org> | 3 | * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org> |
4 | * | 4 | * |
@@ -112,7 +112,7 @@ send_msg(struct sftp_conn *conn, Buffer *m) | |||
112 | iov[1].iov_len = buffer_len(m); | 112 | iov[1].iov_len = buffer_len(m); |
113 | 113 | ||
114 | if (atomiciov6(writev, conn->fd_out, iov, 2, | 114 | if (atomiciov6(writev, conn->fd_out, iov, 2, |
115 | conn->limit_kbps > 0 ? sftpio : NULL, &conn->bwlimit_out) != | 115 | conn->limit_kbps > 0 ? sftpio : NULL, &conn->bwlimit_out) != |
116 | buffer_len(m) + sizeof(mlen)) | 116 | buffer_len(m) + sizeof(mlen)) |
117 | fatal("Couldn't send packet: %s", strerror(errno)); | 117 | fatal("Couldn't send packet: %s", strerror(errno)); |
118 | 118 | ||
@@ -394,8 +394,8 @@ do_init(int fd_in, int fd_out, u_int transfer_buflen, u_int num_requests, | |||
394 | } else { | 394 | } else { |
395 | debug2("Unrecognised server extension \"%s\"", name); | 395 | debug2("Unrecognised server extension \"%s\"", name); |
396 | } | 396 | } |
397 | xfree(name); | 397 | free(name); |
398 | xfree(value); | 398 | free(value); |
399 | } | 399 | } |
400 | 400 | ||
401 | buffer_free(&msg); | 401 | buffer_free(&msg); |
@@ -509,7 +509,7 @@ do_lsreaddir(struct sftp_conn *conn, char *path, int printflag, | |||
509 | error("Couldn't read directory: %s", | 509 | error("Couldn't read directory: %s", |
510 | fx2txt(status)); | 510 | fx2txt(status)); |
511 | do_close(conn, handle, handle_len); | 511 | do_close(conn, handle, handle_len); |
512 | xfree(handle); | 512 | free(handle); |
513 | buffer_free(&msg); | 513 | buffer_free(&msg); |
514 | return(status); | 514 | return(status); |
515 | } | 515 | } |
@@ -552,14 +552,14 @@ do_lsreaddir(struct sftp_conn *conn, char *path, int printflag, | |||
552 | (*dir)[++ents] = NULL; | 552 | (*dir)[++ents] = NULL; |
553 | } | 553 | } |
554 | next: | 554 | next: |
555 | xfree(filename); | 555 | free(filename); |
556 | xfree(longname); | 556 | free(longname); |
557 | } | 557 | } |
558 | } | 558 | } |
559 | 559 | ||
560 | buffer_free(&msg); | 560 | buffer_free(&msg); |
561 | do_close(conn, handle, handle_len); | 561 | do_close(conn, handle, handle_len); |
562 | xfree(handle); | 562 | free(handle); |
563 | 563 | ||
564 | /* Don't return partial matches on interrupt */ | 564 | /* Don't return partial matches on interrupt */ |
565 | if (interrupted && dir != NULL && *dir != NULL) { | 565 | if (interrupted && dir != NULL && *dir != NULL) { |
@@ -582,11 +582,11 @@ void free_sftp_dirents(SFTP_DIRENT **s) | |||
582 | int i; | 582 | int i; |
583 | 583 | ||
584 | for (i = 0; s[i]; i++) { | 584 | for (i = 0; s[i]; i++) { |
585 | xfree(s[i]->filename); | 585 | free(s[i]->filename); |
586 | xfree(s[i]->longname); | 586 | free(s[i]->longname); |
587 | xfree(s[i]); | 587 | free(s[i]); |
588 | } | 588 | } |
589 | xfree(s); | 589 | free(s); |
590 | } | 590 | } |
591 | 591 | ||
592 | int | 592 | int |
@@ -760,7 +760,7 @@ do_realpath(struct sftp_conn *conn, char *path) | |||
760 | debug3("SSH_FXP_REALPATH %s -> %s size %lu", path, filename, | 760 | debug3("SSH_FXP_REALPATH %s -> %s size %lu", path, filename, |
761 | (unsigned long)a->size); | 761 | (unsigned long)a->size); |
762 | 762 | ||
763 | xfree(longname); | 763 | free(longname); |
764 | 764 | ||
765 | buffer_free(&msg); | 765 | buffer_free(&msg); |
766 | 766 | ||
@@ -907,7 +907,7 @@ do_readlink(struct sftp_conn *conn, char *path) | |||
907 | 907 | ||
908 | debug3("SSH_FXP_READLINK %s -> %s", path, filename); | 908 | debug3("SSH_FXP_READLINK %s -> %s", path, filename); |
909 | 909 | ||
910 | xfree(longname); | 910 | free(longname); |
911 | 911 | ||
912 | buffer_free(&msg); | 912 | buffer_free(&msg); |
913 | 913 | ||
@@ -988,16 +988,17 @@ send_read_request(struct sftp_conn *conn, u_int id, u_int64_t offset, | |||
988 | 988 | ||
989 | int | 989 | int |
990 | do_download(struct sftp_conn *conn, char *remote_path, char *local_path, | 990 | do_download(struct sftp_conn *conn, char *remote_path, char *local_path, |
991 | Attrib *a, int pflag) | 991 | Attrib *a, int pflag, int resume) |
992 | { | 992 | { |
993 | Attrib junk; | 993 | Attrib junk; |
994 | Buffer msg; | 994 | Buffer msg; |
995 | char *handle; | 995 | char *handle; |
996 | int local_fd, status = 0, write_error; | 996 | int local_fd = -1, status = 0, write_error; |
997 | int read_error, write_errno; | 997 | int read_error, write_errno, reordered = 0; |
998 | u_int64_t offset, size; | 998 | u_int64_t offset = 0, size, highwater; |
999 | u_int handle_len, mode, type, id, buflen, num_req, max_req; | 999 | u_int handle_len, mode, type, id, buflen, num_req, max_req; |
1000 | off_t progress_counter; | 1000 | off_t progress_counter; |
1001 | struct stat st; | ||
1001 | struct request { | 1002 | struct request { |
1002 | u_int id; | 1003 | u_int id; |
1003 | u_int len; | 1004 | u_int len; |
@@ -1050,21 +1051,36 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path, | |||
1050 | return(-1); | 1051 | return(-1); |
1051 | } | 1052 | } |
1052 | 1053 | ||
1053 | local_fd = open(local_path, O_WRONLY | O_CREAT | O_TRUNC, | 1054 | local_fd = open(local_path, O_WRONLY | O_CREAT | (resume ? 0 : O_TRUNC), |
1054 | mode | S_IWRITE); | 1055 | mode | S_IWUSR); |
1055 | if (local_fd == -1) { | 1056 | if (local_fd == -1) { |
1056 | error("Couldn't open local file \"%s\" for writing: %s", | 1057 | error("Couldn't open local file \"%s\" for writing: %s", |
1057 | local_path, strerror(errno)); | 1058 | local_path, strerror(errno)); |
1058 | do_close(conn, handle, handle_len); | 1059 | goto fail; |
1059 | buffer_free(&msg); | 1060 | } |
1060 | xfree(handle); | 1061 | offset = highwater = 0; |
1061 | return(-1); | 1062 | if (resume) { |
1063 | if (fstat(local_fd, &st) == -1) { | ||
1064 | error("Unable to stat local file \"%s\": %s", | ||
1065 | local_path, strerror(errno)); | ||
1066 | goto fail; | ||
1067 | } | ||
1068 | if ((size_t)st.st_size > size) { | ||
1069 | error("Unable to resume download of \"%s\": " | ||
1070 | "local file is larger than remote", local_path); | ||
1071 | fail: | ||
1072 | do_close(conn, handle, handle_len); | ||
1073 | buffer_free(&msg); | ||
1074 | free(handle); | ||
1075 | return -1; | ||
1076 | } | ||
1077 | offset = highwater = st.st_size; | ||
1062 | } | 1078 | } |
1063 | 1079 | ||
1064 | /* Read from remote and write to local */ | 1080 | /* Read from remote and write to local */ |
1065 | write_error = read_error = write_errno = num_req = offset = 0; | 1081 | write_error = read_error = write_errno = num_req = 0; |
1066 | max_req = 1; | 1082 | max_req = 1; |
1067 | progress_counter = 0; | 1083 | progress_counter = offset; |
1068 | 1084 | ||
1069 | if (showprogress && size != 0) | 1085 | if (showprogress && size != 0) |
1070 | start_progress_meter(remote_path, size, &progress_counter); | 1086 | start_progress_meter(remote_path, size, &progress_counter); |
@@ -1121,7 +1137,7 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path, | |||
1121 | read_error = 1; | 1137 | read_error = 1; |
1122 | max_req = 0; | 1138 | max_req = 0; |
1123 | TAILQ_REMOVE(&requests, req, tq); | 1139 | TAILQ_REMOVE(&requests, req, tq); |
1124 | xfree(req); | 1140 | free(req); |
1125 | num_req--; | 1141 | num_req--; |
1126 | break; | 1142 | break; |
1127 | case SSH2_FXP_DATA: | 1143 | case SSH2_FXP_DATA: |
@@ -1139,12 +1155,16 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path, | |||
1139 | write_error = 1; | 1155 | write_error = 1; |
1140 | max_req = 0; | 1156 | max_req = 0; |
1141 | } | 1157 | } |
1158 | else if (!reordered && req->offset <= highwater) | ||
1159 | highwater = req->offset + len; | ||
1160 | else if (!reordered && req->offset > highwater) | ||
1161 | reordered = 1; | ||
1142 | progress_counter += len; | 1162 | progress_counter += len; |
1143 | xfree(data); | 1163 | free(data); |
1144 | 1164 | ||
1145 | if (len == req->len) { | 1165 | if (len == req->len) { |
1146 | TAILQ_REMOVE(&requests, req, tq); | 1166 | TAILQ_REMOVE(&requests, req, tq); |
1147 | xfree(req); | 1167 | free(req); |
1148 | num_req--; | 1168 | num_req--; |
1149 | } else { | 1169 | } else { |
1150 | /* Resend the request for the missing data */ | 1170 | /* Resend the request for the missing data */ |
@@ -1187,7 +1207,15 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path, | |||
1187 | /* Sanity check */ | 1207 | /* Sanity check */ |
1188 | if (TAILQ_FIRST(&requests) != NULL) | 1208 | if (TAILQ_FIRST(&requests) != NULL) |
1189 | fatal("Transfer complete, but requests still in queue"); | 1209 | fatal("Transfer complete, but requests still in queue"); |
1190 | 1210 | /* Truncate at highest contiguous point to avoid holes on interrupt */ | |
1211 | if (read_error || write_error || interrupted) { | ||
1212 | if (reordered && resume) { | ||
1213 | error("Unable to resume download of \"%s\": " | ||
1214 | "server reordered requests", local_path); | ||
1215 | } | ||
1216 | debug("truncating at %llu", (unsigned long long)highwater); | ||
1217 | ftruncate(local_fd, highwater); | ||
1218 | } | ||
1191 | if (read_error) { | 1219 | if (read_error) { |
1192 | error("Couldn't read from remote file \"%s\" : %s", | 1220 | error("Couldn't read from remote file \"%s\" : %s", |
1193 | remote_path, fx2txt(status)); | 1221 | remote_path, fx2txt(status)); |
@@ -1199,7 +1227,8 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path, | |||
1199 | do_close(conn, handle, handle_len); | 1227 | do_close(conn, handle, handle_len); |
1200 | } else { | 1228 | } else { |
1201 | status = do_close(conn, handle, handle_len); | 1229 | status = do_close(conn, handle, handle_len); |
1202 | 1230 | if (interrupted) | |
1231 | status = -1; | ||
1203 | /* Override umask and utimes if asked */ | 1232 | /* Override umask and utimes if asked */ |
1204 | #ifdef HAVE_FCHMOD | 1233 | #ifdef HAVE_FCHMOD |
1205 | if (pflag && fchmod(local_fd, mode) == -1) | 1234 | if (pflag && fchmod(local_fd, mode) == -1) |
@@ -1220,14 +1249,14 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path, | |||
1220 | } | 1249 | } |
1221 | close(local_fd); | 1250 | close(local_fd); |
1222 | buffer_free(&msg); | 1251 | buffer_free(&msg); |
1223 | xfree(handle); | 1252 | free(handle); |
1224 | 1253 | ||
1225 | return(status); | 1254 | return(status); |
1226 | } | 1255 | } |
1227 | 1256 | ||
1228 | static int | 1257 | static int |
1229 | download_dir_internal(struct sftp_conn *conn, char *src, char *dst, | 1258 | download_dir_internal(struct sftp_conn *conn, char *src, char *dst, |
1230 | Attrib *dirattrib, int pflag, int printflag, int depth) | 1259 | Attrib *dirattrib, int pflag, int printflag, int depth, int resume) |
1231 | { | 1260 | { |
1232 | int i, ret = 0; | 1261 | int i, ret = 0; |
1233 | SFTP_DIRENT **dir_entries; | 1262 | SFTP_DIRENT **dir_entries; |
@@ -1280,11 +1309,11 @@ download_dir_internal(struct sftp_conn *conn, char *src, char *dst, | |||
1280 | continue; | 1309 | continue; |
1281 | if (download_dir_internal(conn, new_src, new_dst, | 1310 | if (download_dir_internal(conn, new_src, new_dst, |
1282 | &(dir_entries[i]->a), pflag, printflag, | 1311 | &(dir_entries[i]->a), pflag, printflag, |
1283 | depth + 1) == -1) | 1312 | depth + 1, resume) == -1) |
1284 | ret = -1; | 1313 | ret = -1; |
1285 | } else if (S_ISREG(dir_entries[i]->a.perm) ) { | 1314 | } else if (S_ISREG(dir_entries[i]->a.perm) ) { |
1286 | if (do_download(conn, new_src, new_dst, | 1315 | if (do_download(conn, new_src, new_dst, |
1287 | &(dir_entries[i]->a), pflag) == -1) { | 1316 | &(dir_entries[i]->a), pflag, resume) == -1) { |
1288 | error("Download of file %s to %s failed", | 1317 | error("Download of file %s to %s failed", |
1289 | new_src, new_dst); | 1318 | new_src, new_dst); |
1290 | ret = -1; | 1319 | ret = -1; |
@@ -1292,8 +1321,8 @@ download_dir_internal(struct sftp_conn *conn, char *src, char *dst, | |||
1292 | } else | 1321 | } else |
1293 | logit("%s: not a regular file\n", new_src); | 1322 | logit("%s: not a regular file\n", new_src); |
1294 | 1323 | ||
1295 | xfree(new_dst); | 1324 | free(new_dst); |
1296 | xfree(new_src); | 1325 | free(new_src); |
1297 | } | 1326 | } |
1298 | 1327 | ||
1299 | if (pflag) { | 1328 | if (pflag) { |
@@ -1317,7 +1346,7 @@ download_dir_internal(struct sftp_conn *conn, char *src, char *dst, | |||
1317 | 1346 | ||
1318 | int | 1347 | int |
1319 | download_dir(struct sftp_conn *conn, char *src, char *dst, | 1348 | download_dir(struct sftp_conn *conn, char *src, char *dst, |
1320 | Attrib *dirattrib, int pflag, int printflag) | 1349 | Attrib *dirattrib, int pflag, int printflag, int resume) |
1321 | { | 1350 | { |
1322 | char *src_canon; | 1351 | char *src_canon; |
1323 | int ret; | 1352 | int ret; |
@@ -1328,8 +1357,8 @@ download_dir(struct sftp_conn *conn, char *src, char *dst, | |||
1328 | } | 1357 | } |
1329 | 1358 | ||
1330 | ret = download_dir_internal(conn, src_canon, dst, | 1359 | ret = download_dir_internal(conn, src_canon, dst, |
1331 | dirattrib, pflag, printflag, 0); | 1360 | dirattrib, pflag, printflag, 0, resume); |
1332 | xfree(src_canon); | 1361 | free(src_canon); |
1333 | return ret; | 1362 | return ret; |
1334 | } | 1363 | } |
1335 | 1364 | ||
@@ -1340,7 +1369,7 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path, | |||
1340 | int local_fd; | 1369 | int local_fd; |
1341 | int status = SSH2_FX_OK; | 1370 | int status = SSH2_FX_OK; |
1342 | u_int handle_len, id, type; | 1371 | u_int handle_len, id, type; |
1343 | off_t offset; | 1372 | off_t offset, progress_counter; |
1344 | char *handle, *data; | 1373 | char *handle, *data; |
1345 | Buffer msg; | 1374 | Buffer msg; |
1346 | struct stat sb; | 1375 | struct stat sb; |
@@ -1408,9 +1437,10 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path, | |||
1408 | data = xmalloc(conn->transfer_buflen); | 1437 | data = xmalloc(conn->transfer_buflen); |
1409 | 1438 | ||
1410 | /* Read from local and write to remote */ | 1439 | /* Read from local and write to remote */ |
1411 | offset = 0; | 1440 | offset = progress_counter = 0; |
1412 | if (showprogress) | 1441 | if (showprogress) |
1413 | start_progress_meter(local_path, sb.st_size, &offset); | 1442 | start_progress_meter(local_path, sb.st_size, |
1443 | &progress_counter); | ||
1414 | 1444 | ||
1415 | for (;;) { | 1445 | for (;;) { |
1416 | int len; | 1446 | int len; |
@@ -1481,7 +1511,8 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path, | |||
1481 | debug3("In write loop, ack for %u %u bytes at %lld", | 1511 | debug3("In write loop, ack for %u %u bytes at %lld", |
1482 | ack->id, ack->len, (long long)ack->offset); | 1512 | ack->id, ack->len, (long long)ack->offset); |
1483 | ++ackid; | 1513 | ++ackid; |
1484 | xfree(ack); | 1514 | progress_counter += ack->len; |
1515 | free(ack); | ||
1485 | } | 1516 | } |
1486 | offset += len; | 1517 | offset += len; |
1487 | if (offset < 0) | 1518 | if (offset < 0) |
@@ -1491,7 +1522,7 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path, | |||
1491 | 1522 | ||
1492 | if (showprogress) | 1523 | if (showprogress) |
1493 | stop_progress_meter(); | 1524 | stop_progress_meter(); |
1494 | xfree(data); | 1525 | free(data); |
1495 | 1526 | ||
1496 | if (status != SSH2_FX_OK) { | 1527 | if (status != SSH2_FX_OK) { |
1497 | error("Couldn't write to remote file \"%s\": %s", | 1528 | error("Couldn't write to remote file \"%s\": %s", |
@@ -1511,7 +1542,7 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path, | |||
1511 | 1542 | ||
1512 | if (do_close(conn, handle, handle_len) != SSH2_FX_OK) | 1543 | if (do_close(conn, handle, handle_len) != SSH2_FX_OK) |
1513 | status = -1; | 1544 | status = -1; |
1514 | xfree(handle); | 1545 | free(handle); |
1515 | 1546 | ||
1516 | return status; | 1547 | return status; |
1517 | } | 1548 | } |
@@ -1551,7 +1582,7 @@ upload_dir_internal(struct sftp_conn *conn, char *src, char *dst, | |||
1551 | a.perm &= 01777; | 1582 | a.perm &= 01777; |
1552 | if (!pflag) | 1583 | if (!pflag) |
1553 | a.flags &= ~SSH2_FILEXFER_ATTR_ACMODTIME; | 1584 | a.flags &= ~SSH2_FILEXFER_ATTR_ACMODTIME; |
1554 | 1585 | ||
1555 | status = do_mkdir(conn, dst, &a, 0); | 1586 | status = do_mkdir(conn, dst, &a, 0); |
1556 | /* | 1587 | /* |
1557 | * we lack a portable status for errno EEXIST, | 1588 | * we lack a portable status for errno EEXIST, |
@@ -1561,7 +1592,7 @@ upload_dir_internal(struct sftp_conn *conn, char *src, char *dst, | |||
1561 | if (status != SSH2_FX_OK) { | 1592 | if (status != SSH2_FX_OK) { |
1562 | if (status != SSH2_FX_FAILURE) | 1593 | if (status != SSH2_FX_FAILURE) |
1563 | return -1; | 1594 | return -1; |
1564 | if (do_stat(conn, dst, 0) == NULL) | 1595 | if (do_stat(conn, dst, 0) == NULL) |
1565 | return -1; | 1596 | return -1; |
1566 | } | 1597 | } |
1567 | 1598 | ||
@@ -1569,7 +1600,7 @@ upload_dir_internal(struct sftp_conn *conn, char *src, char *dst, | |||
1569 | error("Failed to open dir \"%s\": %s", src, strerror(errno)); | 1600 | error("Failed to open dir \"%s\": %s", src, strerror(errno)); |
1570 | return -1; | 1601 | return -1; |
1571 | } | 1602 | } |
1572 | 1603 | ||
1573 | while (((dp = readdir(dirp)) != NULL) && !interrupted) { | 1604 | while (((dp = readdir(dirp)) != NULL) && !interrupted) { |
1574 | if (dp->d_ino == 0) | 1605 | if (dp->d_ino == 0) |
1575 | continue; | 1606 | continue; |
@@ -1597,8 +1628,8 @@ upload_dir_internal(struct sftp_conn *conn, char *src, char *dst, | |||
1597 | } | 1628 | } |
1598 | } else | 1629 | } else |
1599 | logit("%s: not a regular file\n", filename); | 1630 | logit("%s: not a regular file\n", filename); |
1600 | xfree(new_dst); | 1631 | free(new_dst); |
1601 | xfree(new_src); | 1632 | free(new_src); |
1602 | } | 1633 | } |
1603 | 1634 | ||
1604 | do_setstat(conn, dst, &a); | 1635 | do_setstat(conn, dst, &a); |
@@ -1620,7 +1651,7 @@ upload_dir(struct sftp_conn *conn, char *src, char *dst, int printflag, | |||
1620 | } | 1651 | } |
1621 | 1652 | ||
1622 | ret = upload_dir_internal(conn, src, dst_canon, pflag, printflag, 0); | 1653 | ret = upload_dir_internal(conn, src, dst_canon, pflag, printflag, 0); |
1623 | xfree(dst_canon); | 1654 | free(dst_canon); |
1624 | return ret; | 1655 | return ret; |
1625 | } | 1656 | } |
1626 | 1657 | ||
diff --git a/sftp-client.h b/sftp-client.h index aef54ef49..111a998c8 100644 --- a/sftp-client.h +++ b/sftp-client.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sftp-client.h,v 1.20 2010/12/04 00:18:01 djm Exp $ */ | 1 | /* $OpenBSD: sftp-client.h,v 1.21 2013/07/25 00:56:51 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org> | 4 | * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org> |
@@ -106,13 +106,13 @@ int do_symlink(struct sftp_conn *, char *, char *); | |||
106 | * Download 'remote_path' to 'local_path'. Preserve permissions and times | 106 | * Download 'remote_path' to 'local_path'. Preserve permissions and times |
107 | * if 'pflag' is set | 107 | * if 'pflag' is set |
108 | */ | 108 | */ |
109 | int do_download(struct sftp_conn *, char *, char *, Attrib *, int); | 109 | int do_download(struct sftp_conn *, char *, char *, Attrib *, int, int); |
110 | 110 | ||
111 | /* | 111 | /* |
112 | * Recursively download 'remote_directory' to 'local_directory'. Preserve | 112 | * Recursively download 'remote_directory' to 'local_directory'. Preserve |
113 | * times if 'pflag' is set | 113 | * times if 'pflag' is set |
114 | */ | 114 | */ |
115 | int download_dir(struct sftp_conn *, char *, char *, Attrib *, int, int); | 115 | int download_dir(struct sftp_conn *, char *, char *, Attrib *, int, int, int); |
116 | 116 | ||
117 | /* | 117 | /* |
118 | * Upload 'local_path' to 'remote_path'. Preserve permissions and times | 118 | * Upload 'local_path' to 'remote_path'. Preserve permissions and times |
diff --git a/sftp-common.c b/sftp-common.c index a042875c6..413efc209 100644 --- a/sftp-common.c +++ b/sftp-common.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sftp-common.c,v 1.23 2010/01/15 09:24:23 markus Exp $ */ | 1 | /* $OpenBSD: sftp-common.c,v 1.24 2013/05/17 00:13:14 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. |
4 | * Copyright (c) 2001 Damien Miller. All rights reserved. | 4 | * Copyright (c) 2001 Damien Miller. All rights reserved. |
@@ -128,8 +128,8 @@ decode_attrib(Buffer *b) | |||
128 | type = buffer_get_string(b, NULL); | 128 | type = buffer_get_string(b, NULL); |
129 | data = buffer_get_string(b, NULL); | 129 | data = buffer_get_string(b, NULL); |
130 | debug3("Got file attribute \"%s\"", type); | 130 | debug3("Got file attribute \"%s\"", type); |
131 | xfree(type); | 131 | free(type); |
132 | xfree(data); | 132 | free(data); |
133 | } | 133 | } |
134 | } | 134 | } |
135 | return &a; | 135 | return &a; |
diff --git a/sftp-glob.c b/sftp-glob.c index 06bf157ca..79b7bdb2f 100644 --- a/sftp-glob.c +++ b/sftp-glob.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sftp-glob.c,v 1.23 2011/10/04 14:17:32 djm Exp $ */ | 1 | /* $OpenBSD: sftp-glob.c,v 1.24 2013/05/17 00:13:14 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org> | 3 | * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org> |
4 | * | 4 | * |
@@ -51,7 +51,7 @@ fudge_opendir(const char *path) | |||
51 | r = xmalloc(sizeof(*r)); | 51 | r = xmalloc(sizeof(*r)); |
52 | 52 | ||
53 | if (do_readdir(cur.conn, (char *)path, &r->dir)) { | 53 | if (do_readdir(cur.conn, (char *)path, &r->dir)) { |
54 | xfree(r); | 54 | free(r); |
55 | return(NULL); | 55 | return(NULL); |
56 | } | 56 | } |
57 | 57 | ||
@@ -103,7 +103,7 @@ static void | |||
103 | fudge_closedir(struct SFTP_OPENDIR *od) | 103 | fudge_closedir(struct SFTP_OPENDIR *od) |
104 | { | 104 | { |
105 | free_sftp_dirents(od->dir); | 105 | free_sftp_dirents(od->dir); |
106 | xfree(od); | 106 | free(od); |
107 | } | 107 | } |
108 | 108 | ||
109 | static int | 109 | static int |
diff --git a/sftp-server.0 b/sftp-server.0 index 6beddcc13..bca318b38 100644 --- a/sftp-server.0 +++ b/sftp-server.0 | |||
@@ -62,7 +62,7 @@ SEE ALSO | |||
62 | sftp(1), ssh(1), sshd_config(5), sshd(8) | 62 | sftp(1), ssh(1), sshd_config(5), sshd(8) |
63 | 63 | ||
64 | T. Ylonen and S. Lehtinen, SSH File Transfer Protocol, | 64 | T. Ylonen and S. Lehtinen, SSH File Transfer Protocol, |
65 | draft-ietf-secsh-filexfer-00.txt, January 2001, work in progress | 65 | draft-ietf-secsh-filexfer-02.txt, October 2001, work in progress |
66 | material. | 66 | material. |
67 | 67 | ||
68 | HISTORY | 68 | HISTORY |
@@ -71,4 +71,4 @@ HISTORY | |||
71 | AUTHORS | 71 | AUTHORS |
72 | Markus Friedl <markus@openbsd.org> | 72 | Markus Friedl <markus@openbsd.org> |
73 | 73 | ||
74 | OpenBSD 5.3 January 4, 2013 OpenBSD 5.3 | 74 | OpenBSD 5.4 July 16, 2013 OpenBSD 5.4 |
diff --git a/sftp-server.8 b/sftp-server.8 index 2fd3df20c..cc925b96e 100644 --- a/sftp-server.8 +++ b/sftp-server.8 | |||
@@ -1,4 +1,4 @@ | |||
1 | .\" $OpenBSD: sftp-server.8,v 1.21 2013/01/04 19:26:38 jmc Exp $ | 1 | .\" $OpenBSD: sftp-server.8,v 1.23 2013/07/16 00:07:52 schwarze Exp $ |
2 | .\" | 2 | .\" |
3 | .\" Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | .\" Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | .\" | 4 | .\" |
@@ -22,7 +22,7 @@ | |||
22 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 22 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
23 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 23 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
24 | .\" | 24 | .\" |
25 | .Dd $Mdocdate: January 4 2013 $ | 25 | .Dd $Mdocdate: July 16 2013 $ |
26 | .Dt SFTP-SERVER 8 | 26 | .Dt SFTP-SERVER 8 |
27 | .Os | 27 | .Os |
28 | .Sh NAME | 28 | .Sh NAME |
@@ -124,8 +124,8 @@ establish a logging socket inside the chroot directory. | |||
124 | .%A T. Ylonen | 124 | .%A T. Ylonen |
125 | .%A S. Lehtinen | 125 | .%A S. Lehtinen |
126 | .%T "SSH File Transfer Protocol" | 126 | .%T "SSH File Transfer Protocol" |
127 | .%N draft-ietf-secsh-filexfer-00.txt | 127 | .%N draft-ietf-secsh-filexfer-02.txt |
128 | .%D January 2001 | 128 | .%D October 2001 |
129 | .%O work in progress material | 129 | .%O work in progress material |
130 | .Re | 130 | .Re |
131 | .Sh HISTORY | 131 | .Sh HISTORY |
@@ -133,4 +133,4 @@ establish a logging socket inside the chroot directory. | |||
133 | first appeared in | 133 | first appeared in |
134 | .Ox 2.8 . | 134 | .Ox 2.8 . |
135 | .Sh AUTHORS | 135 | .Sh AUTHORS |
136 | .An Markus Friedl Aq markus@openbsd.org | 136 | .An Markus Friedl Aq Mt markus@openbsd.org |
diff --git a/sftp-server.c b/sftp-server.c index cce074a56..285f21aaf 100644 --- a/sftp-server.c +++ b/sftp-server.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sftp-server.c,v 1.96 2013/01/04 19:26:38 jmc Exp $ */ | 1 | /* $OpenBSD: sftp-server.c,v 1.97 2013/05/17 00:13:14 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000-2004 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000-2004 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -319,11 +319,11 @@ handle_close(int handle) | |||
319 | 319 | ||
320 | if (handle_is_ok(handle, HANDLE_FILE)) { | 320 | if (handle_is_ok(handle, HANDLE_FILE)) { |
321 | ret = close(handles[handle].fd); | 321 | ret = close(handles[handle].fd); |
322 | xfree(handles[handle].name); | 322 | free(handles[handle].name); |
323 | handle_unused(handle); | 323 | handle_unused(handle); |
324 | } else if (handle_is_ok(handle, HANDLE_DIR)) { | 324 | } else if (handle_is_ok(handle, HANDLE_DIR)) { |
325 | ret = closedir(handles[handle].dirp); | 325 | ret = closedir(handles[handle].dirp); |
326 | xfree(handles[handle].name); | 326 | free(handles[handle].name); |
327 | handle_unused(handle); | 327 | handle_unused(handle); |
328 | } else { | 328 | } else { |
329 | errno = ENOENT; | 329 | errno = ENOENT; |
@@ -367,7 +367,7 @@ get_handle(void) | |||
367 | handle = get_string(&hlen); | 367 | handle = get_string(&hlen); |
368 | if (hlen < 256) | 368 | if (hlen < 256) |
369 | val = handle_from_string(handle, hlen); | 369 | val = handle_from_string(handle, hlen); |
370 | xfree(handle); | 370 | free(handle); |
371 | return val; | 371 | return val; |
372 | } | 372 | } |
373 | 373 | ||
@@ -450,7 +450,7 @@ send_handle(u_int32_t id, int handle) | |||
450 | handle_to_string(handle, &string, &hlen); | 450 | handle_to_string(handle, &string, &hlen); |
451 | debug("request %u: sent handle handle %d", id, handle); | 451 | debug("request %u: sent handle handle %d", id, handle); |
452 | send_data_or_handle(SSH2_FXP_HANDLE, id, string, hlen); | 452 | send_data_or_handle(SSH2_FXP_HANDLE, id, string, hlen); |
453 | xfree(string); | 453 | free(string); |
454 | } | 454 | } |
455 | 455 | ||
456 | static void | 456 | static void |
@@ -578,7 +578,7 @@ process_open(void) | |||
578 | } | 578 | } |
579 | if (status != SSH2_FX_OK) | 579 | if (status != SSH2_FX_OK) |
580 | send_status(id, status); | 580 | send_status(id, status); |
581 | xfree(name); | 581 | free(name); |
582 | } | 582 | } |
583 | 583 | ||
584 | static void | 584 | static void |
@@ -679,7 +679,7 @@ process_write(void) | |||
679 | } | 679 | } |
680 | } | 680 | } |
681 | send_status(id, status); | 681 | send_status(id, status); |
682 | xfree(data); | 682 | free(data); |
683 | } | 683 | } |
684 | 684 | ||
685 | static void | 685 | static void |
@@ -705,7 +705,7 @@ process_do_stat(int do_lstat) | |||
705 | } | 705 | } |
706 | if (status != SSH2_FX_OK) | 706 | if (status != SSH2_FX_OK) |
707 | send_status(id, status); | 707 | send_status(id, status); |
708 | xfree(name); | 708 | free(name); |
709 | } | 709 | } |
710 | 710 | ||
711 | static void | 711 | static void |
@@ -807,7 +807,7 @@ process_setstat(void) | |||
807 | status = errno_to_portable(errno); | 807 | status = errno_to_portable(errno); |
808 | } | 808 | } |
809 | send_status(id, status); | 809 | send_status(id, status); |
810 | xfree(name); | 810 | free(name); |
811 | } | 811 | } |
812 | 812 | ||
813 | static void | 813 | static void |
@@ -904,7 +904,7 @@ process_opendir(void) | |||
904 | } | 904 | } |
905 | if (status != SSH2_FX_OK) | 905 | if (status != SSH2_FX_OK) |
906 | send_status(id, status); | 906 | send_status(id, status); |
907 | xfree(path); | 907 | free(path); |
908 | } | 908 | } |
909 | 909 | ||
910 | static void | 910 | static void |
@@ -953,13 +953,13 @@ process_readdir(void) | |||
953 | if (count > 0) { | 953 | if (count > 0) { |
954 | send_names(id, count, stats); | 954 | send_names(id, count, stats); |
955 | for (i = 0; i < count; i++) { | 955 | for (i = 0; i < count; i++) { |
956 | xfree(stats[i].name); | 956 | free(stats[i].name); |
957 | xfree(stats[i].long_name); | 957 | free(stats[i].long_name); |
958 | } | 958 | } |
959 | } else { | 959 | } else { |
960 | send_status(id, SSH2_FX_EOF); | 960 | send_status(id, SSH2_FX_EOF); |
961 | } | 961 | } |
962 | xfree(stats); | 962 | free(stats); |
963 | } | 963 | } |
964 | } | 964 | } |
965 | 965 | ||
@@ -982,7 +982,7 @@ process_remove(void) | |||
982 | status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; | 982 | status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; |
983 | } | 983 | } |
984 | send_status(id, status); | 984 | send_status(id, status); |
985 | xfree(name); | 985 | free(name); |
986 | } | 986 | } |
987 | 987 | ||
988 | static void | 988 | static void |
@@ -1007,7 +1007,7 @@ process_mkdir(void) | |||
1007 | status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; | 1007 | status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; |
1008 | } | 1008 | } |
1009 | send_status(id, status); | 1009 | send_status(id, status); |
1010 | xfree(name); | 1010 | free(name); |
1011 | } | 1011 | } |
1012 | 1012 | ||
1013 | static void | 1013 | static void |
@@ -1028,7 +1028,7 @@ process_rmdir(void) | |||
1028 | status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; | 1028 | status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; |
1029 | } | 1029 | } |
1030 | send_status(id, status); | 1030 | send_status(id, status); |
1031 | xfree(name); | 1031 | free(name); |
1032 | } | 1032 | } |
1033 | 1033 | ||
1034 | static void | 1034 | static void |
@@ -1041,7 +1041,7 @@ process_realpath(void) | |||
1041 | id = get_int(); | 1041 | id = get_int(); |
1042 | path = get_string(NULL); | 1042 | path = get_string(NULL); |
1043 | if (path[0] == '\0') { | 1043 | if (path[0] == '\0') { |
1044 | xfree(path); | 1044 | free(path); |
1045 | path = xstrdup("."); | 1045 | path = xstrdup("."); |
1046 | } | 1046 | } |
1047 | debug3("request %u: realpath", id); | 1047 | debug3("request %u: realpath", id); |
@@ -1054,7 +1054,7 @@ process_realpath(void) | |||
1054 | s.name = s.long_name = resolvedname; | 1054 | s.name = s.long_name = resolvedname; |
1055 | send_names(id, 1, &s); | 1055 | send_names(id, 1, &s); |
1056 | } | 1056 | } |
1057 | xfree(path); | 1057 | free(path); |
1058 | } | 1058 | } |
1059 | 1059 | ||
1060 | static void | 1060 | static void |
@@ -1115,8 +1115,8 @@ process_rename(void) | |||
1115 | status = SSH2_FX_OK; | 1115 | status = SSH2_FX_OK; |
1116 | } | 1116 | } |
1117 | send_status(id, status); | 1117 | send_status(id, status); |
1118 | xfree(oldpath); | 1118 | free(oldpath); |
1119 | xfree(newpath); | 1119 | free(newpath); |
1120 | } | 1120 | } |
1121 | 1121 | ||
1122 | static void | 1122 | static void |
@@ -1141,7 +1141,7 @@ process_readlink(void) | |||
1141 | s.name = s.long_name = buf; | 1141 | s.name = s.long_name = buf; |
1142 | send_names(id, 1, &s); | 1142 | send_names(id, 1, &s); |
1143 | } | 1143 | } |
1144 | xfree(path); | 1144 | free(path); |
1145 | } | 1145 | } |
1146 | 1146 | ||
1147 | static void | 1147 | static void |
@@ -1164,8 +1164,8 @@ process_symlink(void) | |||
1164 | status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; | 1164 | status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; |
1165 | } | 1165 | } |
1166 | send_status(id, status); | 1166 | send_status(id, status); |
1167 | xfree(oldpath); | 1167 | free(oldpath); |
1168 | xfree(newpath); | 1168 | free(newpath); |
1169 | } | 1169 | } |
1170 | 1170 | ||
1171 | static void | 1171 | static void |
@@ -1185,8 +1185,8 @@ process_extended_posix_rename(u_int32_t id) | |||
1185 | status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; | 1185 | status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; |
1186 | } | 1186 | } |
1187 | send_status(id, status); | 1187 | send_status(id, status); |
1188 | xfree(oldpath); | 1188 | free(oldpath); |
1189 | xfree(newpath); | 1189 | free(newpath); |
1190 | } | 1190 | } |
1191 | 1191 | ||
1192 | static void | 1192 | static void |
@@ -1203,7 +1203,7 @@ process_extended_statvfs(u_int32_t id) | |||
1203 | send_status(id, errno_to_portable(errno)); | 1203 | send_status(id, errno_to_portable(errno)); |
1204 | else | 1204 | else |
1205 | send_statvfs(id, &st); | 1205 | send_statvfs(id, &st); |
1206 | xfree(path); | 1206 | free(path); |
1207 | } | 1207 | } |
1208 | 1208 | ||
1209 | static void | 1209 | static void |
@@ -1242,8 +1242,8 @@ process_extended_hardlink(u_int32_t id) | |||
1242 | status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; | 1242 | status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; |
1243 | } | 1243 | } |
1244 | send_status(id, status); | 1244 | send_status(id, status); |
1245 | xfree(oldpath); | 1245 | free(oldpath); |
1246 | xfree(newpath); | 1246 | free(newpath); |
1247 | } | 1247 | } |
1248 | 1248 | ||
1249 | static void | 1249 | static void |
@@ -1264,7 +1264,7 @@ process_extended(void) | |||
1264 | process_extended_hardlink(id); | 1264 | process_extended_hardlink(id); |
1265 | else | 1265 | else |
1266 | send_status(id, SSH2_FX_OP_UNSUPPORTED); /* MUST */ | 1266 | send_status(id, SSH2_FX_OP_UNSUPPORTED); /* MUST */ |
1267 | xfree(request); | 1267 | free(request); |
1268 | } | 1268 | } |
1269 | 1269 | ||
1270 | /* stolen from ssh-agent */ | 1270 | /* stolen from ssh-agent */ |
@@ -55,10 +55,10 @@ DESCRIPTION | |||
55 | used in conjunction with non-interactive authentication. A | 55 | used in conjunction with non-interactive authentication. A |
56 | batchfile of `-' may be used to indicate standard input. sftp | 56 | batchfile of `-' may be used to indicate standard input. sftp |
57 | will abort if any of the following commands fail: get, put, | 57 | will abort if any of the following commands fail: get, put, |
58 | rename, ln, rm, mkdir, chdir, ls, lchdir, chmod, chown, chgrp, | 58 | reget, rename, ln, rm, mkdir, chdir, ls, lchdir, chmod, chown, |
59 | lpwd, df, symlink, and lmkdir. Termination on error can be | 59 | chgrp, lpwd, df, symlink, and lmkdir. Termination on error can |
60 | suppressed on a command by command basis by prefixing the command | 60 | be suppressed on a command by command basis by prefixing the |
61 | with a `-' character (for example, -rm /tmp/blah*). | 61 | command with a `-' character (for example, -rm /tmp/blah*). |
62 | 62 | ||
63 | -C Enables compression (via ssh's -C flag). | 63 | -C Enables compression (via ssh's -C flag). |
64 | 64 | ||
@@ -209,7 +209,7 @@ INTERACTIVE COMMANDS | |||
209 | 209 | ||
210 | exit Quit sftp. | 210 | exit Quit sftp. |
211 | 211 | ||
212 | get [-Ppr] remote-path [local-path] | 212 | get [-aPpr] remote-path [local-path] |
213 | Retrieve the remote-path and store it on the local machine. If | 213 | Retrieve the remote-path and store it on the local machine. If |
214 | the local path name is not specified, it is given the same name | 214 | the local path name is not specified, it is given the same name |
215 | it has on the remote machine. remote-path may contain glob(3) | 215 | it has on the remote machine. remote-path may contain glob(3) |
@@ -217,6 +217,12 @@ INTERACTIVE COMMANDS | |||
217 | local-path is specified, then local-path must specify a | 217 | local-path is specified, then local-path must specify a |
218 | directory. | 218 | directory. |
219 | 219 | ||
220 | If the -a flag is specified, then attempt to resume partial | ||
221 | transfers of existing files. Note that resumption assumes that | ||
222 | any partial copy of the local file matches the remote copy. If | ||
223 | the remote file differs from the partial local copy then the | ||
224 | resultant file is likely to be corrupt. | ||
225 | |||
220 | If either the -P or -p flag is specified, then full file | 226 | If either the -P or -p flag is specified, then full file |
221 | permissions and access times are copied too. | 227 | permissions and access times are copied too. |
222 | 228 | ||
@@ -306,6 +312,10 @@ INTERACTIVE COMMANDS | |||
306 | 312 | ||
307 | quit Quit sftp. | 313 | quit Quit sftp. |
308 | 314 | ||
315 | reget [-Ppr] remote-path [local-path] | ||
316 | Resume download of remote-path. Equivalent to get with the -a | ||
317 | flag set. | ||
318 | |||
309 | rename oldpath newpath | 319 | rename oldpath newpath |
310 | Rename remote file from oldpath to newpath. | 320 | Rename remote file from oldpath to newpath. |
311 | 321 | ||
@@ -336,4 +346,4 @@ SEE ALSO | |||
336 | draft-ietf-secsh-filexfer-00.txt, January 2001, work in progress | 346 | draft-ietf-secsh-filexfer-00.txt, January 2001, work in progress |
337 | material. | 347 | material. |
338 | 348 | ||
339 | OpenBSD 5.3 September 5, 2011 OpenBSD 5.3 | 349 | OpenBSD 5.4 July 25, 2013 OpenBSD 5.4 |
@@ -1,4 +1,4 @@ | |||
1 | .\" $OpenBSD: sftp.1,v 1.91 2011/09/05 05:56:13 djm Exp $ | 1 | .\" $OpenBSD: sftp.1,v 1.92 2013/07/25 00:56:51 djm Exp $ |
2 | .\" | 2 | .\" |
3 | .\" Copyright (c) 2001 Damien Miller. All rights reserved. | 3 | .\" Copyright (c) 2001 Damien Miller. All rights reserved. |
4 | .\" | 4 | .\" |
@@ -22,7 +22,7 @@ | |||
22 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 22 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
23 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 23 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
24 | .\" | 24 | .\" |
25 | .Dd $Mdocdate: September 5 2011 $ | 25 | .Dd $Mdocdate: July 25 2013 $ |
26 | .Dt SFTP 1 | 26 | .Dt SFTP 1 |
27 | .Os | 27 | .Os |
28 | .Sh NAME | 28 | .Sh NAME |
@@ -129,7 +129,7 @@ may be used to indicate standard input. | |||
129 | .Nm | 129 | .Nm |
130 | will abort if any of the following | 130 | will abort if any of the following |
131 | commands fail: | 131 | commands fail: |
132 | .Ic get , put , rename , ln , | 132 | .Ic get , put , reget , rename , ln , |
133 | .Ic rm , mkdir , chdir , ls , | 133 | .Ic rm , mkdir , chdir , ls , |
134 | .Ic lchdir , chmod , chown , | 134 | .Ic lchdir , chmod , chown , |
135 | .Ic chgrp , lpwd , df , symlink , | 135 | .Ic chgrp , lpwd , df , symlink , |
@@ -343,7 +343,7 @@ extension. | |||
343 | Quit | 343 | Quit |
344 | .Nm sftp . | 344 | .Nm sftp . |
345 | .It Xo Ic get | 345 | .It Xo Ic get |
346 | .Op Fl Ppr | 346 | .Op Fl aPpr |
347 | .Ar remote-path | 347 | .Ar remote-path |
348 | .Op Ar local-path | 348 | .Op Ar local-path |
349 | .Xc | 349 | .Xc |
@@ -363,6 +363,14 @@ is specified, then | |||
363 | .Ar local-path | 363 | .Ar local-path |
364 | must specify a directory. | 364 | must specify a directory. |
365 | .Pp | 365 | .Pp |
366 | If the | ||
367 | .Fl a | ||
368 | flag is specified, then attempt to resume partial transfers of existing files. | ||
369 | Note that resumption assumes that any partial copy of the local file matches | ||
370 | the remote copy. | ||
371 | If the remote file differs from the partial local copy then the resultant file | ||
372 | is likely to be corrupt. | ||
373 | .Pp | ||
366 | If either the | 374 | If either the |
367 | .Fl P | 375 | .Fl P |
368 | or | 376 | or |
@@ -503,6 +511,18 @@ Display remote working directory. | |||
503 | .It Ic quit | 511 | .It Ic quit |
504 | Quit | 512 | Quit |
505 | .Nm sftp . | 513 | .Nm sftp . |
514 | .It Xo Ic reget | ||
515 | .Op Fl Ppr | ||
516 | .Ar remote-path | ||
517 | .Op Ar local-path | ||
518 | .Xc | ||
519 | Resume download of | ||
520 | .Ar remote-path . | ||
521 | Equivalent to | ||
522 | .Ic get | ||
523 | with the | ||
524 | .Fl a | ||
525 | flag set. | ||
506 | .It Ic rename Ar oldpath Ar newpath | 526 | .It Ic rename Ar oldpath Ar newpath |
507 | Rename remote file from | 527 | Rename remote file from |
508 | .Ar oldpath | 528 | .Ar oldpath |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sftp.c,v 1.142 2013/02/08 00:41:12 djm Exp $ */ | 1 | /* $OpenBSD: sftp.c,v 1.148 2013/07/25 00:56:52 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org> | 3 | * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org> |
4 | * | 4 | * |
@@ -38,6 +38,9 @@ | |||
38 | #ifdef HAVE_LIBGEN_H | 38 | #ifdef HAVE_LIBGEN_H |
39 | #include <libgen.h> | 39 | #include <libgen.h> |
40 | #endif | 40 | #endif |
41 | #ifdef HAVE_LOCALE_H | ||
42 | # include <locale.h> | ||
43 | #endif | ||
41 | #ifdef USE_LIBEDIT | 44 | #ifdef USE_LIBEDIT |
42 | #include <histedit.h> | 45 | #include <histedit.h> |
43 | #else | 46 | #else |
@@ -76,12 +79,18 @@ int batchmode = 0; | |||
76 | /* PID of ssh transport process */ | 79 | /* PID of ssh transport process */ |
77 | static pid_t sshpid = -1; | 80 | static pid_t sshpid = -1; |
78 | 81 | ||
82 | /* Suppress diagnositic messages */ | ||
83 | int quiet = 0; | ||
84 | |||
79 | /* This is set to 0 if the progressmeter is not desired. */ | 85 | /* This is set to 0 if the progressmeter is not desired. */ |
80 | int showprogress = 1; | 86 | int showprogress = 1; |
81 | 87 | ||
82 | /* When this option is set, we always recursively download/upload directories */ | 88 | /* When this option is set, we always recursively download/upload directories */ |
83 | int global_rflag = 0; | 89 | int global_rflag = 0; |
84 | 90 | ||
91 | /* When this option is set, we resume download if possible */ | ||
92 | int global_aflag = 0; | ||
93 | |||
85 | /* When this option is set, the file transfers will always preserve times */ | 94 | /* When this option is set, the file transfers will always preserve times */ |
86 | int global_pflag = 0; | 95 | int global_pflag = 0; |
87 | 96 | ||
@@ -145,6 +154,7 @@ extern char *__progname; | |||
145 | #define I_SYMLINK 21 | 154 | #define I_SYMLINK 21 |
146 | #define I_VERSION 22 | 155 | #define I_VERSION 22 |
147 | #define I_PROGRESS 23 | 156 | #define I_PROGRESS 23 |
157 | #define I_REGET 26 | ||
148 | 158 | ||
149 | struct CMD { | 159 | struct CMD { |
150 | const char *c; | 160 | const char *c; |
@@ -184,6 +194,7 @@ static const struct CMD cmds[] = { | |||
184 | { "put", I_PUT, LOCAL }, | 194 | { "put", I_PUT, LOCAL }, |
185 | { "pwd", I_PWD, REMOTE }, | 195 | { "pwd", I_PWD, REMOTE }, |
186 | { "quit", I_QUIT, NOARGS }, | 196 | { "quit", I_QUIT, NOARGS }, |
197 | { "reget", I_REGET, REMOTE }, | ||
187 | { "rename", I_RENAME, REMOTE }, | 198 | { "rename", I_RENAME, REMOTE }, |
188 | { "rm", I_RM, REMOTE }, | 199 | { "rm", I_RM, REMOTE }, |
189 | { "rmdir", I_RMDIR, REMOTE }, | 200 | { "rmdir", I_RMDIR, REMOTE }, |
@@ -215,7 +226,7 @@ cmd_interrupt(int signo) | |||
215 | const char msg[] = "\rInterrupt \n"; | 226 | const char msg[] = "\rInterrupt \n"; |
216 | int olderrno = errno; | 227 | int olderrno = errno; |
217 | 228 | ||
218 | write(STDERR_FILENO, msg, sizeof(msg) - 1); | 229 | (void)write(STDERR_FILENO, msg, sizeof(msg) - 1); |
219 | interrupted = 1; | 230 | interrupted = 1; |
220 | errno = olderrno; | 231 | errno = olderrno; |
221 | } | 232 | } |
@@ -233,6 +244,7 @@ help(void) | |||
233 | " filesystem containing 'path'\n" | 244 | " filesystem containing 'path'\n" |
234 | "exit Quit sftp\n" | 245 | "exit Quit sftp\n" |
235 | "get [-Ppr] remote [local] Download file\n" | 246 | "get [-Ppr] remote [local] Download file\n" |
247 | "reget remote [local] Resume download file\n" | ||
236 | "help Display this help text\n" | 248 | "help Display this help text\n" |
237 | "lcd path Change local directory to 'path'\n" | 249 | "lcd path Change local directory to 'path'\n" |
238 | "lls [ls-options [path]] Display local directory listing\n" | 250 | "lls [ls-options [path]] Display local directory listing\n" |
@@ -306,7 +318,7 @@ local_do_ls(const char *args) | |||
306 | /* XXX: quoting - rip quoting code from ftp? */ | 318 | /* XXX: quoting - rip quoting code from ftp? */ |
307 | snprintf(buf, len, _PATH_LS " %s", args); | 319 | snprintf(buf, len, _PATH_LS " %s", args); |
308 | local_do_shell(buf); | 320 | local_do_shell(buf); |
309 | xfree(buf); | 321 | free(buf); |
310 | } | 322 | } |
311 | } | 323 | } |
312 | 324 | ||
@@ -337,15 +349,15 @@ make_absolute(char *p, char *pwd) | |||
337 | /* Derelativise */ | 349 | /* Derelativise */ |
338 | if (p && p[0] != '/') { | 350 | if (p && p[0] != '/') { |
339 | abs_str = path_append(pwd, p); | 351 | abs_str = path_append(pwd, p); |
340 | xfree(p); | 352 | free(p); |
341 | return(abs_str); | 353 | return(abs_str); |
342 | } else | 354 | } else |
343 | return(p); | 355 | return(p); |
344 | } | 356 | } |
345 | 357 | ||
346 | static int | 358 | static int |
347 | parse_getput_flags(const char *cmd, char **argv, int argc, int *pflag, | 359 | parse_getput_flags(const char *cmd, char **argv, int argc, |
348 | int *rflag) | 360 | int *aflag, int *pflag, int *rflag) |
349 | { | 361 | { |
350 | extern int opterr, optind, optopt, optreset; | 362 | extern int opterr, optind, optopt, optreset; |
351 | int ch; | 363 | int ch; |
@@ -353,9 +365,12 @@ parse_getput_flags(const char *cmd, char **argv, int argc, int *pflag, | |||
353 | optind = optreset = 1; | 365 | optind = optreset = 1; |
354 | opterr = 0; | 366 | opterr = 0; |
355 | 367 | ||
356 | *rflag = *pflag = 0; | 368 | *aflag = *rflag = *pflag = 0; |
357 | while ((ch = getopt(argc, argv, "PpRr")) != -1) { | 369 | while ((ch = getopt(argc, argv, "aPpRr")) != -1) { |
358 | switch (ch) { | 370 | switch (ch) { |
371 | case 'a': | ||
372 | *aflag = 1; | ||
373 | break; | ||
359 | case 'p': | 374 | case 'p': |
360 | case 'P': | 375 | case 'P': |
361 | *pflag = 1; | 376 | *pflag = 1; |
@@ -513,7 +528,7 @@ pathname_is_dir(char *pathname) | |||
513 | 528 | ||
514 | static int | 529 | static int |
515 | process_get(struct sftp_conn *conn, char *src, char *dst, char *pwd, | 530 | process_get(struct sftp_conn *conn, char *src, char *dst, char *pwd, |
516 | int pflag, int rflag) | 531 | int pflag, int rflag, int resume) |
517 | { | 532 | { |
518 | char *abs_src = NULL; | 533 | char *abs_src = NULL; |
519 | char *abs_dst = NULL; | 534 | char *abs_dst = NULL; |
@@ -547,7 +562,7 @@ process_get(struct sftp_conn *conn, char *src, char *dst, char *pwd, | |||
547 | tmp = xstrdup(g.gl_pathv[i]); | 562 | tmp = xstrdup(g.gl_pathv[i]); |
548 | if ((filename = basename(tmp)) == NULL) { | 563 | if ((filename = basename(tmp)) == NULL) { |
549 | error("basename %s: %s", tmp, strerror(errno)); | 564 | error("basename %s: %s", tmp, strerror(errno)); |
550 | xfree(tmp); | 565 | free(tmp); |
551 | err = -1; | 566 | err = -1; |
552 | goto out; | 567 | goto out; |
553 | } | 568 | } |
@@ -563,24 +578,28 @@ process_get(struct sftp_conn *conn, char *src, char *dst, char *pwd, | |||
563 | } else { | 578 | } else { |
564 | abs_dst = xstrdup(filename); | 579 | abs_dst = xstrdup(filename); |
565 | } | 580 | } |
566 | xfree(tmp); | 581 | free(tmp); |
567 | 582 | ||
568 | printf("Fetching %s to %s\n", g.gl_pathv[i], abs_dst); | 583 | resume |= global_aflag; |
584 | if (!quiet && resume) | ||
585 | printf("Resuming %s to %s\n", g.gl_pathv[i], abs_dst); | ||
586 | else if (!quiet && !resume) | ||
587 | printf("Fetching %s to %s\n", g.gl_pathv[i], abs_dst); | ||
569 | if (pathname_is_dir(g.gl_pathv[i]) && (rflag || global_rflag)) { | 588 | if (pathname_is_dir(g.gl_pathv[i]) && (rflag || global_rflag)) { |
570 | if (download_dir(conn, g.gl_pathv[i], abs_dst, NULL, | 589 | if (download_dir(conn, g.gl_pathv[i], abs_dst, NULL, |
571 | pflag || global_pflag, 1) == -1) | 590 | pflag || global_pflag, 1, resume) == -1) |
572 | err = -1; | 591 | err = -1; |
573 | } else { | 592 | } else { |
574 | if (do_download(conn, g.gl_pathv[i], abs_dst, NULL, | 593 | if (do_download(conn, g.gl_pathv[i], abs_dst, NULL, |
575 | pflag || global_pflag) == -1) | 594 | pflag || global_pflag, resume) == -1) |
576 | err = -1; | 595 | err = -1; |
577 | } | 596 | } |
578 | xfree(abs_dst); | 597 | free(abs_dst); |
579 | abs_dst = NULL; | 598 | abs_dst = NULL; |
580 | } | 599 | } |
581 | 600 | ||
582 | out: | 601 | out: |
583 | xfree(abs_src); | 602 | free(abs_src); |
584 | globfree(&g); | 603 | globfree(&g); |
585 | return(err); | 604 | return(err); |
586 | } | 605 | } |
@@ -632,7 +651,7 @@ process_put(struct sftp_conn *conn, char *src, char *dst, char *pwd, | |||
632 | tmp = xstrdup(g.gl_pathv[i]); | 651 | tmp = xstrdup(g.gl_pathv[i]); |
633 | if ((filename = basename(tmp)) == NULL) { | 652 | if ((filename = basename(tmp)) == NULL) { |
634 | error("basename %s: %s", tmp, strerror(errno)); | 653 | error("basename %s: %s", tmp, strerror(errno)); |
635 | xfree(tmp); | 654 | free(tmp); |
636 | err = -1; | 655 | err = -1; |
637 | goto out; | 656 | goto out; |
638 | } | 657 | } |
@@ -648,9 +667,10 @@ process_put(struct sftp_conn *conn, char *src, char *dst, char *pwd, | |||
648 | } else { | 667 | } else { |
649 | abs_dst = make_absolute(xstrdup(filename), pwd); | 668 | abs_dst = make_absolute(xstrdup(filename), pwd); |
650 | } | 669 | } |
651 | xfree(tmp); | 670 | free(tmp); |
652 | 671 | ||
653 | printf("Uploading %s to %s\n", g.gl_pathv[i], abs_dst); | 672 | if (!quiet) |
673 | printf("Uploading %s to %s\n", g.gl_pathv[i], abs_dst); | ||
654 | if (pathname_is_dir(g.gl_pathv[i]) && (rflag || global_rflag)) { | 674 | if (pathname_is_dir(g.gl_pathv[i]) && (rflag || global_rflag)) { |
655 | if (upload_dir(conn, g.gl_pathv[i], abs_dst, | 675 | if (upload_dir(conn, g.gl_pathv[i], abs_dst, |
656 | pflag || global_pflag, 1) == -1) | 676 | pflag || global_pflag, 1) == -1) |
@@ -663,10 +683,8 @@ process_put(struct sftp_conn *conn, char *src, char *dst, char *pwd, | |||
663 | } | 683 | } |
664 | 684 | ||
665 | out: | 685 | out: |
666 | if (abs_dst) | 686 | free(abs_dst); |
667 | xfree(abs_dst); | 687 | free(tmp_dst); |
668 | if (tmp_dst) | ||
669 | xfree(tmp_dst); | ||
670 | globfree(&g); | 688 | globfree(&g); |
671 | return(err); | 689 | return(err); |
672 | } | 690 | } |
@@ -714,7 +732,7 @@ do_ls_dir(struct sftp_conn *conn, char *path, char *strip_path, int lflag) | |||
714 | /* Add any subpath that also needs to be counted */ | 732 | /* Add any subpath that also needs to be counted */ |
715 | tmp = path_strip(path, strip_path); | 733 | tmp = path_strip(path, strip_path); |
716 | m += strlen(tmp); | 734 | m += strlen(tmp); |
717 | xfree(tmp); | 735 | free(tmp); |
718 | 736 | ||
719 | if (ioctl(fileno(stdin), TIOCGWINSZ, &ws) != -1) | 737 | if (ioctl(fileno(stdin), TIOCGWINSZ, &ws) != -1) |
720 | width = ws.ws_col; | 738 | width = ws.ws_col; |
@@ -740,7 +758,7 @@ do_ls_dir(struct sftp_conn *conn, char *path, char *strip_path, int lflag) | |||
740 | 758 | ||
741 | tmp = path_append(path, d[n]->filename); | 759 | tmp = path_append(path, d[n]->filename); |
742 | fname = path_strip(tmp, strip_path); | 760 | fname = path_strip(tmp, strip_path); |
743 | xfree(tmp); | 761 | free(tmp); |
744 | 762 | ||
745 | if (lflag & LS_LONG_VIEW) { | 763 | if (lflag & LS_LONG_VIEW) { |
746 | if (lflag & (LS_NUMERIC_VIEW|LS_SI_UNITS)) { | 764 | if (lflag & (LS_NUMERIC_VIEW|LS_SI_UNITS)) { |
@@ -752,7 +770,7 @@ do_ls_dir(struct sftp_conn *conn, char *path, char *strip_path, int lflag) | |||
752 | lname = ls_file(fname, &sb, 1, | 770 | lname = ls_file(fname, &sb, 1, |
753 | (lflag & LS_SI_UNITS)); | 771 | (lflag & LS_SI_UNITS)); |
754 | printf("%s\n", lname); | 772 | printf("%s\n", lname); |
755 | xfree(lname); | 773 | free(lname); |
756 | } else | 774 | } else |
757 | printf("%s\n", d[n]->longname); | 775 | printf("%s\n", d[n]->longname); |
758 | } else { | 776 | } else { |
@@ -764,7 +782,7 @@ do_ls_dir(struct sftp_conn *conn, char *path, char *strip_path, int lflag) | |||
764 | c++; | 782 | c++; |
765 | } | 783 | } |
766 | 784 | ||
767 | xfree(fname); | 785 | free(fname); |
768 | } | 786 | } |
769 | 787 | ||
770 | if (!(lflag & LS_LONG_VIEW) && (c != 1)) | 788 | if (!(lflag & LS_LONG_VIEW) && (c != 1)) |
@@ -834,7 +852,7 @@ do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path, | |||
834 | lname = ls_file(fname, g.gl_statv[i], 1, | 852 | lname = ls_file(fname, g.gl_statv[i], 1, |
835 | (lflag & LS_SI_UNITS)); | 853 | (lflag & LS_SI_UNITS)); |
836 | printf("%s\n", lname); | 854 | printf("%s\n", lname); |
837 | xfree(lname); | 855 | free(lname); |
838 | } else { | 856 | } else { |
839 | printf("%-*s", colspace, fname); | 857 | printf("%-*s", colspace, fname); |
840 | if (c >= columns) { | 858 | if (c >= columns) { |
@@ -843,7 +861,7 @@ do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path, | |||
843 | } else | 861 | } else |
844 | c++; | 862 | c++; |
845 | } | 863 | } |
846 | xfree(fname); | 864 | free(fname); |
847 | } | 865 | } |
848 | 866 | ||
849 | if (!(lflag & LS_LONG_VIEW) && (c != 1)) | 867 | if (!(lflag & LS_LONG_VIEW) && (c != 1)) |
@@ -1112,8 +1130,9 @@ makeargv(const char *arg, int *argcp, int sloppy, char *lastquote, | |||
1112 | } | 1130 | } |
1113 | 1131 | ||
1114 | static int | 1132 | static int |
1115 | parse_args(const char **cpp, int *pflag, int *rflag, int *lflag, int *iflag, | 1133 | parse_args(const char **cpp, int *aflag, int *hflag, int *iflag, int *lflag, |
1116 | int *hflag, int *sflag, unsigned long *n_arg, char **path1, char **path2) | 1134 | int *pflag, int *rflag, int *sflag, unsigned long *n_arg, |
1135 | char **path1, char **path2) | ||
1117 | { | 1136 | { |
1118 | const char *cmd, *cp = *cpp; | 1137 | const char *cmd, *cp = *cpp; |
1119 | char *cp2, **argv; | 1138 | char *cp2, **argv; |
@@ -1157,14 +1176,15 @@ parse_args(const char **cpp, int *pflag, int *rflag, int *lflag, int *iflag, | |||
1157 | } | 1176 | } |
1158 | 1177 | ||
1159 | /* Get arguments and parse flags */ | 1178 | /* Get arguments and parse flags */ |
1160 | *lflag = *pflag = *rflag = *hflag = *n_arg = 0; | 1179 | *aflag = *lflag = *pflag = *rflag = *hflag = *n_arg = 0; |
1161 | *path1 = *path2 = NULL; | 1180 | *path1 = *path2 = NULL; |
1162 | optidx = 1; | 1181 | optidx = 1; |
1163 | switch (cmdnum) { | 1182 | switch (cmdnum) { |
1164 | case I_GET: | 1183 | case I_GET: |
1184 | case I_REGET: | ||
1165 | case I_PUT: | 1185 | case I_PUT: |
1166 | if ((optidx = parse_getput_flags(cmd, argv, argc, | 1186 | if ((optidx = parse_getput_flags(cmd, argv, argc, |
1167 | pflag, rflag)) == -1) | 1187 | aflag, pflag, rflag)) == -1) |
1168 | return -1; | 1188 | return -1; |
1169 | /* Get first pathname (mandatory) */ | 1189 | /* Get first pathname (mandatory) */ |
1170 | if (argc - optidx < 1) { | 1190 | if (argc - optidx < 1) { |
@@ -1179,6 +1199,11 @@ parse_args(const char **cpp, int *pflag, int *rflag, int *lflag, int *iflag, | |||
1179 | /* Destination is not globbed */ | 1199 | /* Destination is not globbed */ |
1180 | undo_glob_escape(*path2); | 1200 | undo_glob_escape(*path2); |
1181 | } | 1201 | } |
1202 | if (*aflag && cmdnum == I_PUT) { | ||
1203 | /* XXX implement resume for uploads */ | ||
1204 | error("Resume is not supported for uploads"); | ||
1205 | return -1; | ||
1206 | } | ||
1182 | break; | 1207 | break; |
1183 | case I_LINK: | 1208 | case I_LINK: |
1184 | if ((optidx = parse_link_flags(cmd, argv, argc, sflag)) == -1) | 1209 | if ((optidx = parse_link_flags(cmd, argv, argc, sflag)) == -1) |
@@ -1287,7 +1312,8 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd, | |||
1287 | int err_abort) | 1312 | int err_abort) |
1288 | { | 1313 | { |
1289 | char *path1, *path2, *tmp; | 1314 | char *path1, *path2, *tmp; |
1290 | int pflag = 0, rflag = 0, lflag = 0, iflag = 0, hflag = 0, sflag = 0; | 1315 | int aflag = 0, hflag = 0, iflag = 0, lflag = 0, pflag = 0; |
1316 | int rflag = 0, sflag = 0; | ||
1291 | int cmdnum, i; | 1317 | int cmdnum, i; |
1292 | unsigned long n_arg = 0; | 1318 | unsigned long n_arg = 0; |
1293 | Attrib a, *aa; | 1319 | Attrib a, *aa; |
@@ -1296,9 +1322,8 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd, | |||
1296 | glob_t g; | 1322 | glob_t g; |
1297 | 1323 | ||
1298 | path1 = path2 = NULL; | 1324 | path1 = path2 = NULL; |
1299 | cmdnum = parse_args(&cmd, &pflag, &rflag, &lflag, &iflag, &hflag, | 1325 | cmdnum = parse_args(&cmd, &aflag, &hflag, &iflag, &lflag, &pflag, |
1300 | &sflag, &n_arg, &path1, &path2); | 1326 | &rflag, &sflag, &n_arg, &path1, &path2); |
1301 | |||
1302 | if (iflag != 0) | 1327 | if (iflag != 0) |
1303 | err_abort = 0; | 1328 | err_abort = 0; |
1304 | 1329 | ||
@@ -1313,8 +1338,12 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd, | |||
1313 | /* Unrecognized command */ | 1338 | /* Unrecognized command */ |
1314 | err = -1; | 1339 | err = -1; |
1315 | break; | 1340 | break; |
1341 | case I_REGET: | ||
1342 | aflag = 1; | ||
1343 | /* FALLTHROUGH */ | ||
1316 | case I_GET: | 1344 | case I_GET: |
1317 | err = process_get(conn, path1, path2, *pwd, pflag, rflag); | 1345 | err = process_get(conn, path1, path2, *pwd, pflag, |
1346 | rflag, aflag); | ||
1318 | break; | 1347 | break; |
1319 | case I_PUT: | 1348 | case I_PUT: |
1320 | err = process_put(conn, path1, path2, *pwd, pflag, rflag); | 1349 | err = process_put(conn, path1, path2, *pwd, pflag, rflag); |
@@ -1335,7 +1364,8 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd, | |||
1335 | path1 = make_absolute(path1, *pwd); | 1364 | path1 = make_absolute(path1, *pwd); |
1336 | remote_glob(conn, path1, GLOB_NOCHECK, NULL, &g); | 1365 | remote_glob(conn, path1, GLOB_NOCHECK, NULL, &g); |
1337 | for (i = 0; g.gl_pathv[i] && !interrupted; i++) { | 1366 | for (i = 0; g.gl_pathv[i] && !interrupted; i++) { |
1338 | printf("Removing %s\n", g.gl_pathv[i]); | 1367 | if (!quiet) |
1368 | printf("Removing %s\n", g.gl_pathv[i]); | ||
1339 | err = do_rm(conn, g.gl_pathv[i]); | 1369 | err = do_rm(conn, g.gl_pathv[i]); |
1340 | if (err != 0 && err_abort) | 1370 | if (err != 0 && err_abort) |
1341 | break; | 1371 | break; |
@@ -1359,24 +1389,24 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd, | |||
1359 | break; | 1389 | break; |
1360 | } | 1390 | } |
1361 | if ((aa = do_stat(conn, tmp, 0)) == NULL) { | 1391 | if ((aa = do_stat(conn, tmp, 0)) == NULL) { |
1362 | xfree(tmp); | 1392 | free(tmp); |
1363 | err = 1; | 1393 | err = 1; |
1364 | break; | 1394 | break; |
1365 | } | 1395 | } |
1366 | if (!(aa->flags & SSH2_FILEXFER_ATTR_PERMISSIONS)) { | 1396 | if (!(aa->flags & SSH2_FILEXFER_ATTR_PERMISSIONS)) { |
1367 | error("Can't change directory: Can't check target"); | 1397 | error("Can't change directory: Can't check target"); |
1368 | xfree(tmp); | 1398 | free(tmp); |
1369 | err = 1; | 1399 | err = 1; |
1370 | break; | 1400 | break; |
1371 | } | 1401 | } |
1372 | if (!S_ISDIR(aa->perm)) { | 1402 | if (!S_ISDIR(aa->perm)) { |
1373 | error("Can't change directory: \"%s\" is not " | 1403 | error("Can't change directory: \"%s\" is not " |
1374 | "a directory", tmp); | 1404 | "a directory", tmp); |
1375 | xfree(tmp); | 1405 | free(tmp); |
1376 | err = 1; | 1406 | err = 1; |
1377 | break; | 1407 | break; |
1378 | } | 1408 | } |
1379 | xfree(*pwd); | 1409 | free(*pwd); |
1380 | *pwd = tmp; | 1410 | *pwd = tmp; |
1381 | break; | 1411 | break; |
1382 | case I_LS: | 1412 | case I_LS: |
@@ -1431,7 +1461,8 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd, | |||
1431 | a.perm = n_arg; | 1461 | a.perm = n_arg; |
1432 | remote_glob(conn, path1, GLOB_NOCHECK, NULL, &g); | 1462 | remote_glob(conn, path1, GLOB_NOCHECK, NULL, &g); |
1433 | for (i = 0; g.gl_pathv[i] && !interrupted; i++) { | 1463 | for (i = 0; g.gl_pathv[i] && !interrupted; i++) { |
1434 | printf("Changing mode on %s\n", g.gl_pathv[i]); | 1464 | if (!quiet) |
1465 | printf("Changing mode on %s\n", g.gl_pathv[i]); | ||
1435 | err = do_setstat(conn, g.gl_pathv[i], &a); | 1466 | err = do_setstat(conn, g.gl_pathv[i], &a); |
1436 | if (err != 0 && err_abort) | 1467 | if (err != 0 && err_abort) |
1437 | break; | 1468 | break; |
@@ -1460,10 +1491,14 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd, | |||
1460 | } | 1491 | } |
1461 | aa->flags &= SSH2_FILEXFER_ATTR_UIDGID; | 1492 | aa->flags &= SSH2_FILEXFER_ATTR_UIDGID; |
1462 | if (cmdnum == I_CHOWN) { | 1493 | if (cmdnum == I_CHOWN) { |
1463 | printf("Changing owner on %s\n", g.gl_pathv[i]); | 1494 | if (!quiet) |
1495 | printf("Changing owner on %s\n", | ||
1496 | g.gl_pathv[i]); | ||
1464 | aa->uid = n_arg; | 1497 | aa->uid = n_arg; |
1465 | } else { | 1498 | } else { |
1466 | printf("Changing group on %s\n", g.gl_pathv[i]); | 1499 | if (!quiet) |
1500 | printf("Changing group on %s\n", | ||
1501 | g.gl_pathv[i]); | ||
1467 | aa->gid = n_arg; | 1502 | aa->gid = n_arg; |
1468 | } | 1503 | } |
1469 | err = do_setstat(conn, g.gl_pathv[i], aa); | 1504 | err = do_setstat(conn, g.gl_pathv[i], aa); |
@@ -1504,10 +1539,8 @@ parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd, | |||
1504 | 1539 | ||
1505 | if (g.gl_pathc) | 1540 | if (g.gl_pathc) |
1506 | globfree(&g); | 1541 | globfree(&g); |
1507 | if (path1) | 1542 | free(path1); |
1508 | xfree(path1); | 1543 | free(path2); |
1509 | if (path2) | ||
1510 | xfree(path2); | ||
1511 | 1544 | ||
1512 | /* If an unignored error occurs in batch mode we should abort. */ | 1545 | /* If an unignored error occurs in batch mode we should abort. */ |
1513 | if (err_abort && err != 0) | 1546 | if (err_abort && err != 0) |
@@ -1617,8 +1650,8 @@ complete_cmd_parse(EditLine *el, char *cmd, int lastarg, char quote, | |||
1617 | complete_display(list, 0); | 1650 | complete_display(list, 0); |
1618 | 1651 | ||
1619 | for (y = 0; list[y] != NULL; y++) | 1652 | for (y = 0; list[y] != NULL; y++) |
1620 | xfree(list[y]); | 1653 | free(list[y]); |
1621 | xfree(list); | 1654 | free(list); |
1622 | return count; | 1655 | return count; |
1623 | } | 1656 | } |
1624 | 1657 | ||
@@ -1631,7 +1664,7 @@ complete_cmd_parse(EditLine *el, char *cmd, int lastarg, char quote, | |||
1631 | list[count] = NULL; | 1664 | list[count] = NULL; |
1632 | 1665 | ||
1633 | if (count == 0) { | 1666 | if (count == 0) { |
1634 | xfree(list); | 1667 | free(list); |
1635 | return 0; | 1668 | return 0; |
1636 | } | 1669 | } |
1637 | 1670 | ||
@@ -1641,8 +1674,8 @@ complete_cmd_parse(EditLine *el, char *cmd, int lastarg, char quote, | |||
1641 | complete_display(list, 0); | 1674 | complete_display(list, 0); |
1642 | 1675 | ||
1643 | for (y = 0; list[y]; y++) | 1676 | for (y = 0; list[y]; y++) |
1644 | xfree(list[y]); | 1677 | free(list[y]); |
1645 | xfree(list); | 1678 | free(list); |
1646 | 1679 | ||
1647 | if (tmp != NULL) { | 1680 | if (tmp != NULL) { |
1648 | tmplen = strlen(tmp); | 1681 | tmplen = strlen(tmp); |
@@ -1663,7 +1696,7 @@ complete_cmd_parse(EditLine *el, char *cmd, int lastarg, char quote, | |||
1663 | if (y > 0 && el_insertstr(el, argterm) == -1) | 1696 | if (y > 0 && el_insertstr(el, argterm) == -1) |
1664 | fatal("el_insertstr failed."); | 1697 | fatal("el_insertstr failed."); |
1665 | } | 1698 | } |
1666 | xfree(tmp); | 1699 | free(tmp); |
1667 | } | 1700 | } |
1668 | 1701 | ||
1669 | return count; | 1702 | return count; |
@@ -1694,8 +1727,9 @@ complete_match(EditLine *el, struct sftp_conn *conn, char *remote_path, | |||
1694 | char *file, int remote, int lastarg, char quote, int terminated) | 1727 | char *file, int remote, int lastarg, char quote, int terminated) |
1695 | { | 1728 | { |
1696 | glob_t g; | 1729 | glob_t g; |
1697 | char *tmp, *tmp2, ins[3]; | 1730 | char *tmp, *tmp2, ins[8]; |
1698 | u_int i, hadglob, pwdlen, len, tmplen, filelen, cesc, isesc, isabs; | 1731 | u_int i, hadglob, pwdlen, len, tmplen, filelen, cesc, isesc, isabs; |
1732 | int clen; | ||
1699 | const LineInfo *lf; | 1733 | const LineInfo *lf; |
1700 | 1734 | ||
1701 | /* Glob from "file" location */ | 1735 | /* Glob from "file" location */ |
@@ -1727,7 +1761,7 @@ complete_match(EditLine *el, struct sftp_conn *conn, char *remote_path, | |||
1727 | if (tmp[tmplen] == '/') | 1761 | if (tmp[tmplen] == '/') |
1728 | pwdlen = tmplen + 1; /* track last seen '/' */ | 1762 | pwdlen = tmplen + 1; /* track last seen '/' */ |
1729 | } | 1763 | } |
1730 | xfree(tmp); | 1764 | free(tmp); |
1731 | 1765 | ||
1732 | if (g.gl_matchc == 0) | 1766 | if (g.gl_matchc == 0) |
1733 | goto out; | 1767 | goto out; |
@@ -1742,7 +1776,7 @@ complete_match(EditLine *el, struct sftp_conn *conn, char *remote_path, | |||
1742 | 1776 | ||
1743 | tmp2 = complete_ambiguous(file, g.gl_pathv, g.gl_matchc); | 1777 | tmp2 = complete_ambiguous(file, g.gl_pathv, g.gl_matchc); |
1744 | tmp = path_strip(tmp2, isabs ? NULL : remote_path); | 1778 | tmp = path_strip(tmp2, isabs ? NULL : remote_path); |
1745 | xfree(tmp2); | 1779 | free(tmp2); |
1746 | 1780 | ||
1747 | if (tmp == NULL) | 1781 | if (tmp == NULL) |
1748 | goto out; | 1782 | goto out; |
@@ -1764,10 +1798,13 @@ complete_match(EditLine *el, struct sftp_conn *conn, char *remote_path, | |||
1764 | tmp2 = tmp + filelen - cesc; | 1798 | tmp2 = tmp + filelen - cesc; |
1765 | len = strlen(tmp2); | 1799 | len = strlen(tmp2); |
1766 | /* quote argument on way out */ | 1800 | /* quote argument on way out */ |
1767 | for (i = 0; i < len; i++) { | 1801 | for (i = 0; i < len; i += clen) { |
1802 | if ((clen = mblen(tmp2 + i, len - i)) < 0 || | ||
1803 | (size_t)clen > sizeof(ins) - 2) | ||
1804 | fatal("invalid multibyte character"); | ||
1768 | ins[0] = '\\'; | 1805 | ins[0] = '\\'; |
1769 | ins[1] = tmp2[i]; | 1806 | memcpy(ins + 1, tmp2 + i, clen); |
1770 | ins[2] = '\0'; | 1807 | ins[clen + 1] = '\0'; |
1771 | switch (tmp2[i]) { | 1808 | switch (tmp2[i]) { |
1772 | case '\'': | 1809 | case '\'': |
1773 | case '"': | 1810 | case '"': |
@@ -1804,7 +1841,7 @@ complete_match(EditLine *el, struct sftp_conn *conn, char *remote_path, | |||
1804 | if (i > 0 && el_insertstr(el, ins) == -1) | 1841 | if (i > 0 && el_insertstr(el, ins) == -1) |
1805 | fatal("el_insertstr failed."); | 1842 | fatal("el_insertstr failed."); |
1806 | } | 1843 | } |
1807 | xfree(tmp); | 1844 | free(tmp); |
1808 | 1845 | ||
1809 | out: | 1846 | out: |
1810 | globfree(&g); | 1847 | globfree(&g); |
@@ -1816,7 +1853,8 @@ static unsigned char | |||
1816 | complete(EditLine *el, int ch) | 1853 | complete(EditLine *el, int ch) |
1817 | { | 1854 | { |
1818 | char **argv, *line, quote; | 1855 | char **argv, *line, quote; |
1819 | u_int argc, carg, cursor, len, terminated, ret = CC_ERROR; | 1856 | int argc, carg; |
1857 | u_int cursor, len, terminated, ret = CC_ERROR; | ||
1820 | const LineInfo *lf; | 1858 | const LineInfo *lf; |
1821 | struct complete_ctx *complete_ctx; | 1859 | struct complete_ctx *complete_ctx; |
1822 | 1860 | ||
@@ -1830,7 +1868,7 @@ complete(EditLine *el, int ch) | |||
1830 | memcpy(line, lf->buffer, cursor); | 1868 | memcpy(line, lf->buffer, cursor); |
1831 | line[cursor] = '\0'; | 1869 | line[cursor] = '\0'; |
1832 | argv = makeargv(line, &carg, 1, "e, &terminated); | 1870 | argv = makeargv(line, &carg, 1, "e, &terminated); |
1833 | xfree(line); | 1871 | free(line); |
1834 | 1872 | ||
1835 | /* Get all the arguments on the line */ | 1873 | /* Get all the arguments on the line */ |
1836 | len = lf->lastchar - lf->buffer; | 1874 | len = lf->lastchar - lf->buffer; |
@@ -1842,7 +1880,7 @@ complete(EditLine *el, int ch) | |||
1842 | /* Ensure cursor is at EOL or a argument boundary */ | 1880 | /* Ensure cursor is at EOL or a argument boundary */ |
1843 | if (line[cursor] != ' ' && line[cursor] != '\0' && | 1881 | if (line[cursor] != ' ' && line[cursor] != '\0' && |
1844 | line[cursor] != '\n') { | 1882 | line[cursor] != '\n') { |
1845 | xfree(line); | 1883 | free(line); |
1846 | return ret; | 1884 | return ret; |
1847 | } | 1885 | } |
1848 | 1886 | ||
@@ -1870,7 +1908,7 @@ complete(EditLine *el, int ch) | |||
1870 | ret = CC_REDISPLAY; | 1908 | ret = CC_REDISPLAY; |
1871 | } | 1909 | } |
1872 | 1910 | ||
1873 | xfree(line); | 1911 | free(line); |
1874 | return ret; | 1912 | return ret; |
1875 | } | 1913 | } |
1876 | #endif /* USE_LIBEDIT */ | 1914 | #endif /* USE_LIBEDIT */ |
@@ -1922,31 +1960,30 @@ interactive_loop(struct sftp_conn *conn, char *file1, char *file2) | |||
1922 | dir = make_absolute(dir, remote_path); | 1960 | dir = make_absolute(dir, remote_path); |
1923 | 1961 | ||
1924 | if (remote_is_dir(conn, dir) && file2 == NULL) { | 1962 | if (remote_is_dir(conn, dir) && file2 == NULL) { |
1925 | printf("Changing to: %s\n", dir); | 1963 | if (!quiet) |
1964 | printf("Changing to: %s\n", dir); | ||
1926 | snprintf(cmd, sizeof cmd, "cd \"%s\"", dir); | 1965 | snprintf(cmd, sizeof cmd, "cd \"%s\"", dir); |
1927 | if (parse_dispatch_command(conn, cmd, | 1966 | if (parse_dispatch_command(conn, cmd, |
1928 | &remote_path, 1) != 0) { | 1967 | &remote_path, 1) != 0) { |
1929 | xfree(dir); | 1968 | free(dir); |
1930 | xfree(remote_path); | 1969 | free(remote_path); |
1931 | xfree(conn); | 1970 | free(conn); |
1932 | return (-1); | 1971 | return (-1); |
1933 | } | 1972 | } |
1934 | } else { | 1973 | } else { |
1935 | /* XXX this is wrong wrt quoting */ | 1974 | /* XXX this is wrong wrt quoting */ |
1936 | if (file2 == NULL) | 1975 | snprintf(cmd, sizeof cmd, "get%s %s%s%s", |
1937 | snprintf(cmd, sizeof cmd, "get %s", dir); | 1976 | global_aflag ? " -a" : "", dir, |
1938 | else | 1977 | file2 == NULL ? "" : " ", |
1939 | snprintf(cmd, sizeof cmd, "get %s %s", dir, | 1978 | file2 == NULL ? "" : file2); |
1940 | file2); | ||
1941 | |||
1942 | err = parse_dispatch_command(conn, cmd, | 1979 | err = parse_dispatch_command(conn, cmd, |
1943 | &remote_path, 1); | 1980 | &remote_path, 1); |
1944 | xfree(dir); | 1981 | free(dir); |
1945 | xfree(remote_path); | 1982 | free(remote_path); |
1946 | xfree(conn); | 1983 | free(conn); |
1947 | return (err); | 1984 | return (err); |
1948 | } | 1985 | } |
1949 | xfree(dir); | 1986 | free(dir); |
1950 | } | 1987 | } |
1951 | 1988 | ||
1952 | setlinebuf(stdout); | 1989 | setlinebuf(stdout); |
@@ -2004,8 +2041,8 @@ interactive_loop(struct sftp_conn *conn, char *file1, char *file2) | |||
2004 | if (err != 0) | 2041 | if (err != 0) |
2005 | break; | 2042 | break; |
2006 | } | 2043 | } |
2007 | xfree(remote_path); | 2044 | free(remote_path); |
2008 | xfree(conn); | 2045 | free(conn); |
2009 | 2046 | ||
2010 | #ifdef USE_LIBEDIT | 2047 | #ifdef USE_LIBEDIT |
2011 | if (el != NULL) | 2048 | if (el != NULL) |
@@ -2112,6 +2149,7 @@ main(int argc, char **argv) | |||
2112 | 2149 | ||
2113 | /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ | 2150 | /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ |
2114 | sanitise_stdfd(); | 2151 | sanitise_stdfd(); |
2152 | setlocale(LC_CTYPE, ""); | ||
2115 | 2153 | ||
2116 | __progname = ssh_get_progname(argv[0]); | 2154 | __progname = ssh_get_progname(argv[0]); |
2117 | memset(&args, '\0', sizeof(args)); | 2155 | memset(&args, '\0', sizeof(args)); |
@@ -2126,7 +2164,7 @@ main(int argc, char **argv) | |||
2126 | infile = stdin; | 2164 | infile = stdin; |
2127 | 2165 | ||
2128 | while ((ch = getopt(argc, argv, | 2166 | while ((ch = getopt(argc, argv, |
2129 | "1246hpqrvCc:D:i:l:o:s:S:b:B:F:P:R:")) != -1) { | 2167 | "1246ahpqrvCc:D:i:l:o:s:S:b:B:F:P:R:")) != -1) { |
2130 | switch (ch) { | 2168 | switch (ch) { |
2131 | /* Passed through to ssh(1) */ | 2169 | /* Passed through to ssh(1) */ |
2132 | case '4': | 2170 | case '4': |
@@ -2143,6 +2181,8 @@ main(int argc, char **argv) | |||
2143 | addargs(&args, "%s", optarg); | 2181 | addargs(&args, "%s", optarg); |
2144 | break; | 2182 | break; |
2145 | case 'q': | 2183 | case 'q': |
2184 | ll = SYSLOG_LEVEL_ERROR; | ||
2185 | quiet = 1; | ||
2146 | showprogress = 0; | 2186 | showprogress = 0; |
2147 | addargs(&args, "-%c", ch); | 2187 | addargs(&args, "-%c", ch); |
2148 | break; | 2188 | break; |
@@ -2164,6 +2204,9 @@ main(int argc, char **argv) | |||
2164 | case '2': | 2204 | case '2': |
2165 | sshver = 2; | 2205 | sshver = 2; |
2166 | break; | 2206 | break; |
2207 | case 'a': | ||
2208 | global_aflag = 1; | ||
2209 | break; | ||
2167 | case 'B': | 2210 | case 'B': |
2168 | copy_buffer_len = strtol(optarg, &cp, 10); | 2211 | copy_buffer_len = strtol(optarg, &cp, 10); |
2169 | if (copy_buffer_len == 0 || *cp != '\0') | 2212 | if (copy_buffer_len == 0 || *cp != '\0') |
@@ -2178,7 +2221,7 @@ main(int argc, char **argv) | |||
2178 | (infile = fopen(optarg, "r")) == NULL) | 2221 | (infile = fopen(optarg, "r")) == NULL) |
2179 | fatal("%s (%s).", strerror(errno), optarg); | 2222 | fatal("%s (%s).", strerror(errno), optarg); |
2180 | showprogress = 0; | 2223 | showprogress = 0; |
2181 | batchmode = 1; | 2224 | quiet = batchmode = 1; |
2182 | addargs(&args, "-obatchmode yes"); | 2225 | addargs(&args, "-obatchmode yes"); |
2183 | break; | 2226 | break; |
2184 | case 'p': | 2227 | case 'p': |
@@ -2275,7 +2318,7 @@ main(int argc, char **argv) | |||
2275 | if (conn == NULL) | 2318 | if (conn == NULL) |
2276 | fatal("Couldn't initialise connection to server"); | 2319 | fatal("Couldn't initialise connection to server"); |
2277 | 2320 | ||
2278 | if (!batchmode) { | 2321 | if (!quiet) { |
2279 | if (sftp_direct == NULL) | 2322 | if (sftp_direct == NULL) |
2280 | fprintf(stderr, "Connected to %s.\n", host); | 2323 | fprintf(stderr, "Connected to %s.\n", host); |
2281 | else | 2324 | else |
@@ -116,4 +116,4 @@ AUTHORS | |||
116 | created OpenSSH. Markus Friedl contributed the support for SSH protocol | 116 | created OpenSSH. Markus Friedl contributed the support for SSH protocol |
117 | versions 1.5 and 2.0. | 117 | versions 1.5 and 2.0. |
118 | 118 | ||
119 | OpenBSD 5.3 December 3, 2012 OpenBSD 5.3 | 119 | OpenBSD 5.4 December 3, 2012 OpenBSD 5.4 |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-add.c,v 1.105 2012/12/05 15:42:52 markus Exp $ */ | 1 | /* $OpenBSD: ssh-add.c,v 1.106 2013/05/17 00:13:14 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -90,7 +90,7 @@ clear_pass(void) | |||
90 | { | 90 | { |
91 | if (pass) { | 91 | if (pass) { |
92 | memset(pass, 0, strlen(pass)); | 92 | memset(pass, 0, strlen(pass)); |
93 | xfree(pass); | 93 | free(pass); |
94 | pass = NULL; | 94 | pass = NULL; |
95 | } | 95 | } |
96 | } | 96 | } |
@@ -215,7 +215,7 @@ add_file(AuthenticationConnection *ac, const char *filename, int key_only) | |||
215 | pass = read_passphrase(msg, RP_ALLOW_STDIN); | 215 | pass = read_passphrase(msg, RP_ALLOW_STDIN); |
216 | if (strcmp(pass, "") == 0) { | 216 | if (strcmp(pass, "") == 0) { |
217 | clear_pass(); | 217 | clear_pass(); |
218 | xfree(comment); | 218 | free(comment); |
219 | buffer_free(&keyblob); | 219 | buffer_free(&keyblob); |
220 | return -1; | 220 | return -1; |
221 | } | 221 | } |
@@ -246,9 +246,9 @@ add_file(AuthenticationConnection *ac, const char *filename, int key_only) | |||
246 | if (blacklisted_key(private, &fp) == 1) { | 246 | if (blacklisted_key(private, &fp) == 1) { |
247 | fprintf(stderr, "Public key %s blacklisted (see " | 247 | fprintf(stderr, "Public key %s blacklisted (see " |
248 | "ssh-vulnkey(1)); refusing to add it\n", fp); | 248 | "ssh-vulnkey(1)); refusing to add it\n", fp); |
249 | xfree(fp); | 249 | free(fp); |
250 | key_free(private); | 250 | key_free(private); |
251 | xfree(comment); | 251 | free(comment); |
252 | return -1; | 252 | return -1; |
253 | } | 253 | } |
254 | 254 | ||
@@ -290,8 +290,8 @@ add_file(AuthenticationConnection *ac, const char *filename, int key_only) | |||
290 | fprintf(stderr, "The user must confirm each use of the key\n"); | 290 | fprintf(stderr, "The user must confirm each use of the key\n"); |
291 | out: | 291 | out: |
292 | if (certpath != NULL) | 292 | if (certpath != NULL) |
293 | xfree(certpath); | 293 | free(certpath); |
294 | xfree(comment); | 294 | free(comment); |
295 | key_free(private); | 295 | key_free(private); |
296 | 296 | ||
297 | return ret; | 297 | return ret; |
@@ -316,7 +316,7 @@ update_card(AuthenticationConnection *ac, int add, const char *id) | |||
316 | add ? "add" : "remove", id); | 316 | add ? "add" : "remove", id); |
317 | ret = -1; | 317 | ret = -1; |
318 | } | 318 | } |
319 | xfree(pin); | 319 | free(pin); |
320 | return ret; | 320 | return ret; |
321 | } | 321 | } |
322 | 322 | ||
@@ -338,14 +338,14 @@ list_identities(AuthenticationConnection *ac, int do_fp) | |||
338 | SSH_FP_HEX); | 338 | SSH_FP_HEX); |
339 | printf("%d %s %s (%s)\n", | 339 | printf("%d %s %s (%s)\n", |
340 | key_size(key), fp, comment, key_type(key)); | 340 | key_size(key), fp, comment, key_type(key)); |
341 | xfree(fp); | 341 | free(fp); |
342 | } else { | 342 | } else { |
343 | if (!key_write(key, stdout)) | 343 | if (!key_write(key, stdout)) |
344 | fprintf(stderr, "key_write failed"); | 344 | fprintf(stderr, "key_write failed"); |
345 | fprintf(stdout, " %s\n", comment); | 345 | fprintf(stdout, " %s\n", comment); |
346 | } | 346 | } |
347 | key_free(key); | 347 | key_free(key); |
348 | xfree(comment); | 348 | free(comment); |
349 | } | 349 | } |
350 | } | 350 | } |
351 | if (!had_identities) { | 351 | if (!had_identities) { |
@@ -371,7 +371,7 @@ lock_agent(AuthenticationConnection *ac, int lock) | |||
371 | passok = 0; | 371 | passok = 0; |
372 | } | 372 | } |
373 | memset(p2, 0, strlen(p2)); | 373 | memset(p2, 0, strlen(p2)); |
374 | xfree(p2); | 374 | free(p2); |
375 | } | 375 | } |
376 | if (passok && ssh_lock_agent(ac, lock, p1)) { | 376 | if (passok && ssh_lock_agent(ac, lock, p1)) { |
377 | fprintf(stderr, "Agent %slocked.\n", lock ? "" : "un"); | 377 | fprintf(stderr, "Agent %slocked.\n", lock ? "" : "un"); |
@@ -379,7 +379,7 @@ lock_agent(AuthenticationConnection *ac, int lock) | |||
379 | } else | 379 | } else |
380 | fprintf(stderr, "Failed to %slock agent.\n", lock ? "" : "un"); | 380 | fprintf(stderr, "Failed to %slock agent.\n", lock ? "" : "un"); |
381 | memset(p1, 0, strlen(p1)); | 381 | memset(p1, 0, strlen(p1)); |
382 | xfree(p1); | 382 | free(p1); |
383 | return (ret); | 383 | return (ret); |
384 | } | 384 | } |
385 | 385 | ||
diff --git a/ssh-agent.0 b/ssh-agent.0 index 578984815..e5f0f7342 100644 --- a/ssh-agent.0 +++ b/ssh-agent.0 | |||
@@ -120,4 +120,4 @@ AUTHORS | |||
120 | created OpenSSH. Markus Friedl contributed the support for SSH protocol | 120 | created OpenSSH. Markus Friedl contributed the support for SSH protocol |
121 | versions 1.5 and 2.0. | 121 | versions 1.5 and 2.0. |
122 | 122 | ||
123 | OpenBSD 5.3 November 21, 2010 OpenBSD 5.3 | 123 | OpenBSD 5.4 November 21, 2010 OpenBSD 5.4 |
diff --git a/ssh-agent.c b/ssh-agent.c index b9498e6ef..c3b11729c 100644 --- a/ssh-agent.c +++ b/ssh-agent.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-agent.c,v 1.172 2011/06/03 01:37:40 dtucker Exp $ */ | 1 | /* $OpenBSD: ssh-agent.c,v 1.177 2013/07/20 01:50:20 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -106,7 +106,7 @@ typedef struct identity { | |||
106 | Key *key; | 106 | Key *key; |
107 | char *comment; | 107 | char *comment; |
108 | char *provider; | 108 | char *provider; |
109 | u_int death; | 109 | time_t death; |
110 | u_int confirm; | 110 | u_int confirm; |
111 | } Identity; | 111 | } Identity; |
112 | 112 | ||
@@ -122,7 +122,7 @@ int max_fd = 0; | |||
122 | 122 | ||
123 | /* pid of shell == parent of agent */ | 123 | /* pid of shell == parent of agent */ |
124 | pid_t parent_pid = -1; | 124 | pid_t parent_pid = -1; |
125 | u_int parent_alive_interval = 0; | 125 | time_t parent_alive_interval = 0; |
126 | 126 | ||
127 | /* pathname and directory for AUTH_SOCKET */ | 127 | /* pathname and directory for AUTH_SOCKET */ |
128 | char socket_name[MAXPATHLEN]; | 128 | char socket_name[MAXPATHLEN]; |
@@ -134,8 +134,8 @@ char *lock_passwd = NULL; | |||
134 | 134 | ||
135 | extern char *__progname; | 135 | extern char *__progname; |
136 | 136 | ||
137 | /* Default lifetime (0 == forever) */ | 137 | /* Default lifetime in seconds (0 == forever) */ |
138 | static int lifetime = 0; | 138 | static long lifetime = 0; |
139 | 139 | ||
140 | static void | 140 | static void |
141 | close_socket(SocketEntry *e) | 141 | close_socket(SocketEntry *e) |
@@ -172,10 +172,9 @@ static void | |||
172 | free_identity(Identity *id) | 172 | free_identity(Identity *id) |
173 | { | 173 | { |
174 | key_free(id->key); | 174 | key_free(id->key); |
175 | if (id->provider != NULL) | 175 | free(id->provider); |
176 | xfree(id->provider); | 176 | free(id->comment); |
177 | xfree(id->comment); | 177 | free(id); |
178 | xfree(id); | ||
179 | } | 178 | } |
180 | 179 | ||
181 | /* return matching private key for given public key */ | 180 | /* return matching private key for given public key */ |
@@ -203,7 +202,7 @@ confirm_key(Identity *id) | |||
203 | if (ask_permission("Allow use of key %s?\nKey fingerprint %s.", | 202 | if (ask_permission("Allow use of key %s?\nKey fingerprint %s.", |
204 | id->comment, p)) | 203 | id->comment, p)) |
205 | ret = 0; | 204 | ret = 0; |
206 | xfree(p); | 205 | free(p); |
207 | 206 | ||
208 | return (ret); | 207 | return (ret); |
209 | } | 208 | } |
@@ -230,7 +229,7 @@ process_request_identities(SocketEntry *e, int version) | |||
230 | u_int blen; | 229 | u_int blen; |
231 | key_to_blob(id->key, &blob, &blen); | 230 | key_to_blob(id->key, &blob, &blen); |
232 | buffer_put_string(&msg, blob, blen); | 231 | buffer_put_string(&msg, blob, blen); |
233 | xfree(blob); | 232 | free(blob); |
234 | } | 233 | } |
235 | buffer_put_cstring(&msg, id->comment); | 234 | buffer_put_cstring(&msg, id->comment); |
236 | } | 235 | } |
@@ -348,10 +347,9 @@ process_sign_request2(SocketEntry *e) | |||
348 | buffer_append(&e->output, buffer_ptr(&msg), | 347 | buffer_append(&e->output, buffer_ptr(&msg), |
349 | buffer_len(&msg)); | 348 | buffer_len(&msg)); |
350 | buffer_free(&msg); | 349 | buffer_free(&msg); |
351 | xfree(data); | 350 | free(data); |
352 | xfree(blob); | 351 | free(blob); |
353 | if (signature != NULL) | 352 | free(signature); |
354 | xfree(signature); | ||
355 | datafellows = odatafellows; | 353 | datafellows = odatafellows; |
356 | } | 354 | } |
357 | 355 | ||
@@ -378,7 +376,7 @@ process_remove_identity(SocketEntry *e, int version) | |||
378 | case 2: | 376 | case 2: |
379 | blob = buffer_get_string(&e->request, &blen); | 377 | blob = buffer_get_string(&e->request, &blen); |
380 | key = key_from_blob(blob, blen); | 378 | key = key_from_blob(blob, blen); |
381 | xfree(blob); | 379 | free(blob); |
382 | break; | 380 | break; |
383 | } | 381 | } |
384 | if (key != NULL) { | 382 | if (key != NULL) { |
@@ -430,10 +428,10 @@ process_remove_all_identities(SocketEntry *e, int version) | |||
430 | } | 428 | } |
431 | 429 | ||
432 | /* removes expired keys and returns number of seconds until the next expiry */ | 430 | /* removes expired keys and returns number of seconds until the next expiry */ |
433 | static u_int | 431 | static time_t |
434 | reaper(void) | 432 | reaper(void) |
435 | { | 433 | { |
436 | u_int deadline = 0, now = time(NULL); | 434 | time_t deadline = 0, now = monotime(); |
437 | Identity *id, *nxt; | 435 | Identity *id, *nxt; |
438 | int version; | 436 | int version; |
439 | Idtab *tab; | 437 | Idtab *tab; |
@@ -465,8 +463,9 @@ process_add_identity(SocketEntry *e, int version) | |||
465 | { | 463 | { |
466 | Idtab *tab = idtab_lookup(version); | 464 | Idtab *tab = idtab_lookup(version); |
467 | Identity *id; | 465 | Identity *id; |
468 | int type, success = 0, death = 0, confirm = 0; | 466 | int type, success = 0, confirm = 0; |
469 | char *type_name, *comment; | 467 | char *type_name, *comment; |
468 | time_t death = 0; | ||
470 | Key *k = NULL; | 469 | Key *k = NULL; |
471 | #ifdef OPENSSL_HAS_ECC | 470 | #ifdef OPENSSL_HAS_ECC |
472 | BIGNUM *exponent; | 471 | BIGNUM *exponent; |
@@ -509,7 +508,7 @@ process_add_identity(SocketEntry *e, int version) | |||
509 | cert = buffer_get_string(&e->request, &len); | 508 | cert = buffer_get_string(&e->request, &len); |
510 | if ((k = key_from_blob(cert, len)) == NULL) | 509 | if ((k = key_from_blob(cert, len)) == NULL) |
511 | fatal("Certificate parse failed"); | 510 | fatal("Certificate parse failed"); |
512 | xfree(cert); | 511 | free(cert); |
513 | key_add_private(k); | 512 | key_add_private(k); |
514 | buffer_get_bignum2(&e->request, k->dsa->priv_key); | 513 | buffer_get_bignum2(&e->request, k->dsa->priv_key); |
515 | break; | 514 | break; |
@@ -520,7 +519,7 @@ process_add_identity(SocketEntry *e, int version) | |||
520 | curve = buffer_get_string(&e->request, NULL); | 519 | curve = buffer_get_string(&e->request, NULL); |
521 | if (k->ecdsa_nid != key_curve_name_to_nid(curve)) | 520 | if (k->ecdsa_nid != key_curve_name_to_nid(curve)) |
522 | fatal("%s: curve names mismatch", __func__); | 521 | fatal("%s: curve names mismatch", __func__); |
523 | xfree(curve); | 522 | free(curve); |
524 | k->ecdsa = EC_KEY_new_by_curve_name(k->ecdsa_nid); | 523 | k->ecdsa = EC_KEY_new_by_curve_name(k->ecdsa_nid); |
525 | if (k->ecdsa == NULL) | 524 | if (k->ecdsa == NULL) |
526 | fatal("%s: EC_KEY_new_by_curve_name failed", | 525 | fatal("%s: EC_KEY_new_by_curve_name failed", |
@@ -551,7 +550,7 @@ process_add_identity(SocketEntry *e, int version) | |||
551 | cert = buffer_get_string(&e->request, &len); | 550 | cert = buffer_get_string(&e->request, &len); |
552 | if ((k = key_from_blob(cert, len)) == NULL) | 551 | if ((k = key_from_blob(cert, len)) == NULL) |
553 | fatal("Certificate parse failed"); | 552 | fatal("Certificate parse failed"); |
554 | xfree(cert); | 553 | free(cert); |
555 | key_add_private(k); | 554 | key_add_private(k); |
556 | if ((exponent = BN_new()) == NULL) | 555 | if ((exponent = BN_new()) == NULL) |
557 | fatal("%s: BN_new failed", __func__); | 556 | fatal("%s: BN_new failed", __func__); |
@@ -583,7 +582,7 @@ process_add_identity(SocketEntry *e, int version) | |||
583 | cert = buffer_get_string(&e->request, &len); | 582 | cert = buffer_get_string(&e->request, &len); |
584 | if ((k = key_from_blob(cert, len)) == NULL) | 583 | if ((k = key_from_blob(cert, len)) == NULL) |
585 | fatal("Certificate parse failed"); | 584 | fatal("Certificate parse failed"); |
586 | xfree(cert); | 585 | free(cert); |
587 | key_add_private(k); | 586 | key_add_private(k); |
588 | buffer_get_bignum2(&e->request, k->rsa->d); | 587 | buffer_get_bignum2(&e->request, k->rsa->d); |
589 | buffer_get_bignum2(&e->request, k->rsa->iqmp); | 588 | buffer_get_bignum2(&e->request, k->rsa->iqmp); |
@@ -591,11 +590,11 @@ process_add_identity(SocketEntry *e, int version) | |||
591 | buffer_get_bignum2(&e->request, k->rsa->q); | 590 | buffer_get_bignum2(&e->request, k->rsa->q); |
592 | break; | 591 | break; |
593 | default: | 592 | default: |
594 | xfree(type_name); | 593 | free(type_name); |
595 | buffer_clear(&e->request); | 594 | buffer_clear(&e->request); |
596 | goto send; | 595 | goto send; |
597 | } | 596 | } |
598 | xfree(type_name); | 597 | free(type_name); |
599 | break; | 598 | break; |
600 | } | 599 | } |
601 | /* enable blinding */ | 600 | /* enable blinding */ |
@@ -613,13 +612,13 @@ process_add_identity(SocketEntry *e, int version) | |||
613 | } | 612 | } |
614 | comment = buffer_get_string(&e->request, NULL); | 613 | comment = buffer_get_string(&e->request, NULL); |
615 | if (k == NULL) { | 614 | if (k == NULL) { |
616 | xfree(comment); | 615 | free(comment); |
617 | goto send; | 616 | goto send; |
618 | } | 617 | } |
619 | while (buffer_len(&e->request)) { | 618 | while (buffer_len(&e->request)) { |
620 | switch ((type = buffer_get_char(&e->request))) { | 619 | switch ((type = buffer_get_char(&e->request))) { |
621 | case SSH_AGENT_CONSTRAIN_LIFETIME: | 620 | case SSH_AGENT_CONSTRAIN_LIFETIME: |
622 | death = time(NULL) + buffer_get_int(&e->request); | 621 | death = monotime() + buffer_get_int(&e->request); |
623 | break; | 622 | break; |
624 | case SSH_AGENT_CONSTRAIN_CONFIRM: | 623 | case SSH_AGENT_CONSTRAIN_CONFIRM: |
625 | confirm = 1; | 624 | confirm = 1; |
@@ -627,14 +626,14 @@ process_add_identity(SocketEntry *e, int version) | |||
627 | default: | 626 | default: |
628 | error("process_add_identity: " | 627 | error("process_add_identity: " |
629 | "Unknown constraint type %d", type); | 628 | "Unknown constraint type %d", type); |
630 | xfree(comment); | 629 | free(comment); |
631 | key_free(k); | 630 | key_free(k); |
632 | goto send; | 631 | goto send; |
633 | } | 632 | } |
634 | } | 633 | } |
635 | success = 1; | 634 | success = 1; |
636 | if (lifetime && !death) | 635 | if (lifetime && !death) |
637 | death = time(NULL) + lifetime; | 636 | death = monotime() + lifetime; |
638 | if ((id = lookup_identity(k, version)) == NULL) { | 637 | if ((id = lookup_identity(k, version)) == NULL) { |
639 | id = xcalloc(1, sizeof(Identity)); | 638 | id = xcalloc(1, sizeof(Identity)); |
640 | id->key = k; | 639 | id->key = k; |
@@ -643,7 +642,7 @@ process_add_identity(SocketEntry *e, int version) | |||
643 | tab->nentries++; | 642 | tab->nentries++; |
644 | } else { | 643 | } else { |
645 | key_free(k); | 644 | key_free(k); |
646 | xfree(id->comment); | 645 | free(id->comment); |
647 | } | 646 | } |
648 | id->comment = comment; | 647 | id->comment = comment; |
649 | id->death = death; | 648 | id->death = death; |
@@ -665,7 +664,7 @@ process_lock_agent(SocketEntry *e, int lock) | |||
665 | if (locked && !lock && strcmp(passwd, lock_passwd) == 0) { | 664 | if (locked && !lock && strcmp(passwd, lock_passwd) == 0) { |
666 | locked = 0; | 665 | locked = 0; |
667 | memset(lock_passwd, 0, strlen(lock_passwd)); | 666 | memset(lock_passwd, 0, strlen(lock_passwd)); |
668 | xfree(lock_passwd); | 667 | free(lock_passwd); |
669 | lock_passwd = NULL; | 668 | lock_passwd = NULL; |
670 | success = 1; | 669 | success = 1; |
671 | } else if (!locked && lock) { | 670 | } else if (!locked && lock) { |
@@ -674,7 +673,7 @@ process_lock_agent(SocketEntry *e, int lock) | |||
674 | success = 1; | 673 | success = 1; |
675 | } | 674 | } |
676 | memset(passwd, 0, strlen(passwd)); | 675 | memset(passwd, 0, strlen(passwd)); |
677 | xfree(passwd); | 676 | free(passwd); |
678 | 677 | ||
679 | buffer_put_int(&e->output, 1); | 678 | buffer_put_int(&e->output, 1); |
680 | buffer_put_char(&e->output, | 679 | buffer_put_char(&e->output, |
@@ -701,7 +700,8 @@ static void | |||
701 | process_add_smartcard_key(SocketEntry *e) | 700 | process_add_smartcard_key(SocketEntry *e) |
702 | { | 701 | { |
703 | char *provider = NULL, *pin; | 702 | char *provider = NULL, *pin; |
704 | int i, type, version, count = 0, success = 0, death = 0, confirm = 0; | 703 | int i, type, version, count = 0, success = 0, confirm = 0; |
704 | time_t death = 0; | ||
705 | Key **keys = NULL, *k; | 705 | Key **keys = NULL, *k; |
706 | Identity *id; | 706 | Identity *id; |
707 | Idtab *tab; | 707 | Idtab *tab; |
@@ -712,7 +712,7 @@ process_add_smartcard_key(SocketEntry *e) | |||
712 | while (buffer_len(&e->request)) { | 712 | while (buffer_len(&e->request)) { |
713 | switch ((type = buffer_get_char(&e->request))) { | 713 | switch ((type = buffer_get_char(&e->request))) { |
714 | case SSH_AGENT_CONSTRAIN_LIFETIME: | 714 | case SSH_AGENT_CONSTRAIN_LIFETIME: |
715 | death = time(NULL) + buffer_get_int(&e->request); | 715 | death = monotime() + buffer_get_int(&e->request); |
716 | break; | 716 | break; |
717 | case SSH_AGENT_CONSTRAIN_CONFIRM: | 717 | case SSH_AGENT_CONSTRAIN_CONFIRM: |
718 | confirm = 1; | 718 | confirm = 1; |
@@ -724,7 +724,7 @@ process_add_smartcard_key(SocketEntry *e) | |||
724 | } | 724 | } |
725 | } | 725 | } |
726 | if (lifetime && !death) | 726 | if (lifetime && !death) |
727 | death = time(NULL) + lifetime; | 727 | death = monotime() + lifetime; |
728 | 728 | ||
729 | count = pkcs11_add_provider(provider, pin, &keys); | 729 | count = pkcs11_add_provider(provider, pin, &keys); |
730 | for (i = 0; i < count; i++) { | 730 | for (i = 0; i < count; i++) { |
@@ -747,12 +747,9 @@ process_add_smartcard_key(SocketEntry *e) | |||
747 | keys[i] = NULL; | 747 | keys[i] = NULL; |
748 | } | 748 | } |
749 | send: | 749 | send: |
750 | if (pin) | 750 | free(pin); |
751 | xfree(pin); | 751 | free(provider); |
752 | if (provider) | 752 | free(keys); |
753 | xfree(provider); | ||
754 | if (keys) | ||
755 | xfree(keys); | ||
756 | buffer_put_int(&e->output, 1); | 753 | buffer_put_int(&e->output, 1); |
757 | buffer_put_char(&e->output, | 754 | buffer_put_char(&e->output, |
758 | success ? SSH_AGENT_SUCCESS : SSH_AGENT_FAILURE); | 755 | success ? SSH_AGENT_SUCCESS : SSH_AGENT_FAILURE); |
@@ -768,7 +765,7 @@ process_remove_smartcard_key(SocketEntry *e) | |||
768 | 765 | ||
769 | provider = buffer_get_string(&e->request, NULL); | 766 | provider = buffer_get_string(&e->request, NULL); |
770 | pin = buffer_get_string(&e->request, NULL); | 767 | pin = buffer_get_string(&e->request, NULL); |
771 | xfree(pin); | 768 | free(pin); |
772 | 769 | ||
773 | for (version = 1; version < 3; version++) { | 770 | for (version = 1; version < 3; version++) { |
774 | tab = idtab_lookup(version); | 771 | tab = idtab_lookup(version); |
@@ -786,7 +783,7 @@ process_remove_smartcard_key(SocketEntry *e) | |||
786 | else | 783 | else |
787 | error("process_remove_smartcard_key:" | 784 | error("process_remove_smartcard_key:" |
788 | " pkcs11_del_provider failed"); | 785 | " pkcs11_del_provider failed"); |
789 | xfree(provider); | 786 | free(provider); |
790 | buffer_put_int(&e->output, 1); | 787 | buffer_put_int(&e->output, 1); |
791 | buffer_put_char(&e->output, | 788 | buffer_put_char(&e->output, |
792 | success ? SSH_AGENT_SUCCESS : SSH_AGENT_FAILURE); | 789 | success ? SSH_AGENT_SUCCESS : SSH_AGENT_FAILURE); |
@@ -931,9 +928,10 @@ static int | |||
931 | prepare_select(fd_set **fdrp, fd_set **fdwp, int *fdl, u_int *nallocp, | 928 | prepare_select(fd_set **fdrp, fd_set **fdwp, int *fdl, u_int *nallocp, |
932 | struct timeval **tvpp) | 929 | struct timeval **tvpp) |
933 | { | 930 | { |
934 | u_int i, sz, deadline; | 931 | u_int i, sz; |
935 | int n = 0; | 932 | int n = 0; |
936 | static struct timeval tv; | 933 | static struct timeval tv; |
934 | time_t deadline; | ||
937 | 935 | ||
938 | for (i = 0; i < sockets_alloc; i++) { | 936 | for (i = 0; i < sockets_alloc; i++) { |
939 | switch (sockets[i].type) { | 937 | switch (sockets[i].type) { |
@@ -951,10 +949,8 @@ prepare_select(fd_set **fdrp, fd_set **fdwp, int *fdl, u_int *nallocp, | |||
951 | 949 | ||
952 | sz = howmany(n+1, NFDBITS) * sizeof(fd_mask); | 950 | sz = howmany(n+1, NFDBITS) * sizeof(fd_mask); |
953 | if (*fdrp == NULL || sz > *nallocp) { | 951 | if (*fdrp == NULL || sz > *nallocp) { |
954 | if (*fdrp) | 952 | free(*fdrp); |
955 | xfree(*fdrp); | 953 | free(*fdwp); |
956 | if (*fdwp) | ||
957 | xfree(*fdwp); | ||
958 | *fdrp = xmalloc(sz); | 954 | *fdrp = xmalloc(sz); |
959 | *fdwp = xmalloc(sz); | 955 | *fdwp = xmalloc(sz); |
960 | *nallocp = sz; | 956 | *nallocp = sz; |
@@ -1348,9 +1344,8 @@ skip: | |||
1348 | if (ac > 0) | 1344 | if (ac > 0) |
1349 | parent_alive_interval = 10; | 1345 | parent_alive_interval = 10; |
1350 | idtab_init(); | 1346 | idtab_init(); |
1351 | if (!d_flag) | ||
1352 | signal(SIGINT, SIG_IGN); | ||
1353 | signal(SIGPIPE, SIG_IGN); | 1347 | signal(SIGPIPE, SIG_IGN); |
1348 | signal(SIGINT, d_flag ? cleanup_handler : SIG_IGN); | ||
1354 | signal(SIGHUP, cleanup_handler); | 1349 | signal(SIGHUP, cleanup_handler); |
1355 | signal(SIGTERM, cleanup_handler); | 1350 | signal(SIGTERM, cleanup_handler); |
1356 | nalloc = 0; | 1351 | nalloc = 0; |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-dss.c,v 1.27 2010/08/31 09:58:37 djm Exp $ */ | 1 | /* $OpenBSD: ssh-dss.c,v 1.28 2013/05/17 00:13:14 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -137,17 +137,17 @@ ssh_dss_verify(const Key *key, const u_char *signature, u_int signaturelen, | |||
137 | if (strcmp("ssh-dss", ktype) != 0) { | 137 | if (strcmp("ssh-dss", ktype) != 0) { |
138 | error("ssh_dss_verify: cannot handle type %s", ktype); | 138 | error("ssh_dss_verify: cannot handle type %s", ktype); |
139 | buffer_free(&b); | 139 | buffer_free(&b); |
140 | xfree(ktype); | 140 | free(ktype); |
141 | return -1; | 141 | return -1; |
142 | } | 142 | } |
143 | xfree(ktype); | 143 | free(ktype); |
144 | sigblob = buffer_get_string(&b, &len); | 144 | sigblob = buffer_get_string(&b, &len); |
145 | rlen = buffer_len(&b); | 145 | rlen = buffer_len(&b); |
146 | buffer_free(&b); | 146 | buffer_free(&b); |
147 | if (rlen != 0) { | 147 | if (rlen != 0) { |
148 | error("ssh_dss_verify: " | 148 | error("ssh_dss_verify: " |
149 | "remaining bytes in signature %d", rlen); | 149 | "remaining bytes in signature %d", rlen); |
150 | xfree(sigblob); | 150 | free(sigblob); |
151 | return -1; | 151 | return -1; |
152 | } | 152 | } |
153 | } | 153 | } |
@@ -169,7 +169,7 @@ ssh_dss_verify(const Key *key, const u_char *signature, u_int signaturelen, | |||
169 | 169 | ||
170 | /* clean up */ | 170 | /* clean up */ |
171 | memset(sigblob, 0, len); | 171 | memset(sigblob, 0, len); |
172 | xfree(sigblob); | 172 | free(sigblob); |
173 | 173 | ||
174 | /* sha1 the data */ | 174 | /* sha1 the data */ |
175 | EVP_DigestInit(&md, evp_md); | 175 | EVP_DigestInit(&md, evp_md); |
diff --git a/ssh-ecdsa.c b/ssh-ecdsa.c index 085468ee7..766338941 100644 --- a/ssh-ecdsa.c +++ b/ssh-ecdsa.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-ecdsa.c,v 1.5 2012/01/08 13:17:11 miod Exp $ */ | 1 | /* $OpenBSD: ssh-ecdsa.c,v 1.6 2013/05/17 00:13:14 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * Copyright (c) 2010 Damien Miller. All rights reserved. | 4 | * Copyright (c) 2010 Damien Miller. All rights reserved. |
@@ -119,16 +119,16 @@ ssh_ecdsa_verify(const Key *key, const u_char *signature, u_int signaturelen, | |||
119 | if (strcmp(key_ssh_name_plain(key), ktype) != 0) { | 119 | if (strcmp(key_ssh_name_plain(key), ktype) != 0) { |
120 | error("%s: cannot handle type %s", __func__, ktype); | 120 | error("%s: cannot handle type %s", __func__, ktype); |
121 | buffer_free(&b); | 121 | buffer_free(&b); |
122 | xfree(ktype); | 122 | free(ktype); |
123 | return -1; | 123 | return -1; |
124 | } | 124 | } |
125 | xfree(ktype); | 125 | free(ktype); |
126 | sigblob = buffer_get_string(&b, &len); | 126 | sigblob = buffer_get_string(&b, &len); |
127 | rlen = buffer_len(&b); | 127 | rlen = buffer_len(&b); |
128 | buffer_free(&b); | 128 | buffer_free(&b); |
129 | if (rlen != 0) { | 129 | if (rlen != 0) { |
130 | error("%s: remaining bytes in signature %d", __func__, rlen); | 130 | error("%s: remaining bytes in signature %d", __func__, rlen); |
131 | xfree(sigblob); | 131 | free(sigblob); |
132 | return -1; | 132 | return -1; |
133 | } | 133 | } |
134 | 134 | ||
@@ -149,7 +149,7 @@ ssh_ecdsa_verify(const Key *key, const u_char *signature, u_int signaturelen, | |||
149 | 149 | ||
150 | /* clean up */ | 150 | /* clean up */ |
151 | memset(sigblob, 0, len); | 151 | memset(sigblob, 0, len); |
152 | xfree(sigblob); | 152 | free(sigblob); |
153 | 153 | ||
154 | /* hash the data */ | 154 | /* hash the data */ |
155 | EVP_DigestInit(&md, evp_md); | 155 | EVP_DigestInit(&md, evp_md); |
diff --git a/ssh-keygen.0 b/ssh-keygen.0 index 3c7a64753..2b0e9a692 100644 --- a/ssh-keygen.0 +++ b/ssh-keygen.0 | |||
@@ -543,4 +543,4 @@ AUTHORS | |||
543 | created OpenSSH. Markus Friedl contributed the support for SSH protocol | 543 | created OpenSSH. Markus Friedl contributed the support for SSH protocol |
544 | versions 1.5 and 2.0. | 544 | versions 1.5 and 2.0. |
545 | 545 | ||
546 | OpenBSD 5.3 January 19, 2013 OpenBSD 5.3 | 546 | OpenBSD 5.4 June 27, 2013 OpenBSD 5.4 |
diff --git a/ssh-keygen.1 b/ssh-keygen.1 index 0d84ebd1e..753cc625b 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1 | |||
@@ -1,4 +1,4 @@ | |||
1 | .\" $OpenBSD: ssh-keygen.1,v 1.115 2013/01/19 07:13:25 jmc Exp $ | 1 | .\" $OpenBSD: ssh-keygen.1,v 1.116 2013/06/27 14:05:37 jmc Exp $ |
2 | .\" | 2 | .\" |
3 | .\" Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | .\" Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -35,7 +35,7 @@ | |||
35 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 35 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
36 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 36 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
37 | .\" | 37 | .\" |
38 | .Dd $Mdocdate: January 19 2013 $ | 38 | .Dd $Mdocdate: June 27 2013 $ |
39 | .Dt SSH-KEYGEN 1 | 39 | .Dt SSH-KEYGEN 1 |
40 | .Os | 40 | .Os |
41 | .Sh NAME | 41 | .Sh NAME |
@@ -512,8 +512,7 @@ of two times separated by a colon to indicate an explicit time interval. | |||
512 | The start time may be specified as a date in YYYYMMDD format, a time | 512 | The start time may be specified as a date in YYYYMMDD format, a time |
513 | in YYYYMMDDHHMMSS format or a relative time (to the current time) consisting | 513 | in YYYYMMDDHHMMSS format or a relative time (to the current time) consisting |
514 | of a minus sign followed by a relative time in the format described in the | 514 | of a minus sign followed by a relative time in the format described in the |
515 | .Sx TIME FORMATS | 515 | TIME FORMATS section of |
516 | section of | ||
517 | .Xr sshd_config 5 . | 516 | .Xr sshd_config 5 . |
518 | The end time may be specified as a YYYYMMDD date, a YYYYMMDDHHMMSS time or | 517 | The end time may be specified as a YYYYMMDD date, a YYYYMMDDHHMMSS time or |
519 | a relative time starting with a plus character. | 518 | a relative time starting with a plus character. |
diff --git a/ssh-keygen.c b/ssh-keygen.c index d1a205e18..03c444d42 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-keygen.c,v 1.225 2013/02/10 23:32:10 djm Exp $ */ | 1 | /* $OpenBSD: ssh-keygen.c,v 1.230 2013/07/20 01:44:37 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -252,7 +252,7 @@ load_identity(char *filename) | |||
252 | RP_ALLOW_STDIN); | 252 | RP_ALLOW_STDIN); |
253 | prv = key_load_private(filename, pass, NULL); | 253 | prv = key_load_private(filename, pass, NULL); |
254 | memset(pass, 0, strlen(pass)); | 254 | memset(pass, 0, strlen(pass)); |
255 | xfree(pass); | 255 | free(pass); |
256 | } | 256 | } |
257 | return prv; | 257 | return prv; |
258 | } | 258 | } |
@@ -288,7 +288,7 @@ do_convert_to_ssh2(struct passwd *pw, Key *k) | |||
288 | dump_base64(stdout, blob, len); | 288 | dump_base64(stdout, blob, len); |
289 | fprintf(stdout, "%s\n", SSH_COM_PUBLIC_END); | 289 | fprintf(stdout, "%s\n", SSH_COM_PUBLIC_END); |
290 | key_free(k); | 290 | key_free(k); |
291 | xfree(blob); | 291 | free(blob); |
292 | exit(0); | 292 | exit(0); |
293 | } | 293 | } |
294 | 294 | ||
@@ -415,12 +415,12 @@ do_convert_private_ssh2_from_blob(u_char *blob, u_int blen) | |||
415 | debug("ignore (%d %d %d %d)", i1, i2, i3, i4); | 415 | debug("ignore (%d %d %d %d)", i1, i2, i3, i4); |
416 | if (strcmp(cipher, "none") != 0) { | 416 | if (strcmp(cipher, "none") != 0) { |
417 | error("unsupported cipher %s", cipher); | 417 | error("unsupported cipher %s", cipher); |
418 | xfree(cipher); | 418 | free(cipher); |
419 | buffer_free(&b); | 419 | buffer_free(&b); |
420 | xfree(type); | 420 | free(type); |
421 | return NULL; | 421 | return NULL; |
422 | } | 422 | } |
423 | xfree(cipher); | 423 | free(cipher); |
424 | 424 | ||
425 | if (strstr(type, "dsa")) { | 425 | if (strstr(type, "dsa")) { |
426 | ktype = KEY_DSA; | 426 | ktype = KEY_DSA; |
@@ -428,11 +428,11 @@ do_convert_private_ssh2_from_blob(u_char *blob, u_int blen) | |||
428 | ktype = KEY_RSA; | 428 | ktype = KEY_RSA; |
429 | } else { | 429 | } else { |
430 | buffer_free(&b); | 430 | buffer_free(&b); |
431 | xfree(type); | 431 | free(type); |
432 | return NULL; | 432 | return NULL; |
433 | } | 433 | } |
434 | key = key_new_private(ktype); | 434 | key = key_new_private(ktype); |
435 | xfree(type); | 435 | free(type); |
436 | 436 | ||
437 | switch (key->type) { | 437 | switch (key->type) { |
438 | case KEY_DSA: | 438 | case KEY_DSA: |
@@ -475,7 +475,7 @@ do_convert_private_ssh2_from_blob(u_char *blob, u_int blen) | |||
475 | /* try the key */ | 475 | /* try the key */ |
476 | key_sign(key, &sig, &slen, data, sizeof(data)); | 476 | key_sign(key, &sig, &slen, data, sizeof(data)); |
477 | key_verify(key, sig, slen, data, sizeof(data)); | 477 | key_verify(key, sig, slen, data, sizeof(data)); |
478 | xfree(sig); | 478 | free(sig); |
479 | return key; | 479 | return key; |
480 | } | 480 | } |
481 | 481 | ||
@@ -524,7 +524,7 @@ do_convert_from_ssh2(struct passwd *pw, Key **k, int *private) | |||
524 | fatal("%s: %s: %s", __progname, identity_file, strerror(errno)); | 524 | fatal("%s: %s: %s", __progname, identity_file, strerror(errno)); |
525 | encoded[0] = '\0'; | 525 | encoded[0] = '\0'; |
526 | while ((blen = get_line(fp, line, sizeof(line))) != -1) { | 526 | while ((blen = get_line(fp, line, sizeof(line))) != -1) { |
527 | if (line[blen - 1] == '\\') | 527 | if (blen > 0 && line[blen - 1] == '\\') |
528 | escaped++; | 528 | escaped++; |
529 | if (strncmp(line, "----", 4) == 0 || | 529 | if (strncmp(line, "----", 4) == 0 || |
530 | strstr(line, ": ") != NULL) { | 530 | strstr(line, ": ") != NULL) { |
@@ -746,15 +746,15 @@ do_download(struct passwd *pw) | |||
746 | fp, key_type(keys[i])); | 746 | fp, key_type(keys[i])); |
747 | if (log_level >= SYSLOG_LEVEL_VERBOSE) | 747 | if (log_level >= SYSLOG_LEVEL_VERBOSE) |
748 | printf("%s\n", ra); | 748 | printf("%s\n", ra); |
749 | xfree(ra); | 749 | free(ra); |
750 | xfree(fp); | 750 | free(fp); |
751 | } else { | 751 | } else { |
752 | key_write(keys[i], stdout); | 752 | key_write(keys[i], stdout); |
753 | fprintf(stdout, "\n"); | 753 | fprintf(stdout, "\n"); |
754 | } | 754 | } |
755 | key_free(keys[i]); | 755 | key_free(keys[i]); |
756 | } | 756 | } |
757 | xfree(keys); | 757 | free(keys); |
758 | pkcs11_terminate(); | 758 | pkcs11_terminate(); |
759 | exit(0); | 759 | exit(0); |
760 | #else | 760 | #else |
@@ -791,13 +791,13 @@ do_fingerprint(struct passwd *pw) | |||
791 | if (log_level >= SYSLOG_LEVEL_VERBOSE) | 791 | if (log_level >= SYSLOG_LEVEL_VERBOSE) |
792 | printf("%s\n", ra); | 792 | printf("%s\n", ra); |
793 | key_free(public); | 793 | key_free(public); |
794 | xfree(comment); | 794 | free(comment); |
795 | xfree(ra); | 795 | free(ra); |
796 | xfree(fp); | 796 | free(fp); |
797 | exit(0); | 797 | exit(0); |
798 | } | 798 | } |
799 | if (comment) { | 799 | if (comment) { |
800 | xfree(comment); | 800 | free(comment); |
801 | comment = NULL; | 801 | comment = NULL; |
802 | } | 802 | } |
803 | 803 | ||
@@ -856,8 +856,8 @@ do_fingerprint(struct passwd *pw) | |||
856 | comment ? comment : "no comment", key_type(public)); | 856 | comment ? comment : "no comment", key_type(public)); |
857 | if (log_level >= SYSLOG_LEVEL_VERBOSE) | 857 | if (log_level >= SYSLOG_LEVEL_VERBOSE) |
858 | printf("%s\n", ra); | 858 | printf("%s\n", ra); |
859 | xfree(ra); | 859 | free(ra); |
860 | xfree(fp); | 860 | free(fp); |
861 | key_free(public); | 861 | key_free(public); |
862 | invalid = 0; | 862 | invalid = 0; |
863 | } | 863 | } |
@@ -980,8 +980,8 @@ printhost(FILE *f, const char *name, Key *public, int ca, int hash) | |||
980 | key_type(public)); | 980 | key_type(public)); |
981 | if (log_level >= SYSLOG_LEVEL_VERBOSE) | 981 | if (log_level >= SYSLOG_LEVEL_VERBOSE) |
982 | printf("%s\n", ra); | 982 | printf("%s\n", ra); |
983 | xfree(ra); | 983 | free(ra); |
984 | xfree(fp); | 984 | free(fp); |
985 | } else { | 985 | } else { |
986 | if (hash && (name = host_hash(name, NULL, 0)) == NULL) | 986 | if (hash && (name = host_hash(name, NULL, 0)) == NULL) |
987 | fatal("hash_host failed"); | 987 | fatal("hash_host failed"); |
@@ -1007,7 +1007,7 @@ do_known_hosts(struct passwd *pw, const char *name) | |||
1007 | if (strlcpy(identity_file, cp, sizeof(identity_file)) >= | 1007 | if (strlcpy(identity_file, cp, sizeof(identity_file)) >= |
1008 | sizeof(identity_file)) | 1008 | sizeof(identity_file)) |
1009 | fatal("Specified known hosts path too long"); | 1009 | fatal("Specified known hosts path too long"); |
1010 | xfree(cp); | 1010 | free(cp); |
1011 | have_identity = 1; | 1011 | have_identity = 1; |
1012 | } | 1012 | } |
1013 | if ((in = fopen(identity_file, "r")) == NULL) | 1013 | if ((in = fopen(identity_file, "r")) == NULL) |
@@ -1238,7 +1238,7 @@ do_change_passphrase(struct passwd *pw) | |||
1238 | private = key_load_private(identity_file, old_passphrase, | 1238 | private = key_load_private(identity_file, old_passphrase, |
1239 | &comment); | 1239 | &comment); |
1240 | memset(old_passphrase, 0, strlen(old_passphrase)); | 1240 | memset(old_passphrase, 0, strlen(old_passphrase)); |
1241 | xfree(old_passphrase); | 1241 | free(old_passphrase); |
1242 | if (private == NULL) { | 1242 | if (private == NULL) { |
1243 | printf("Bad passphrase.\n"); | 1243 | printf("Bad passphrase.\n"); |
1244 | exit(1); | 1244 | exit(1); |
@@ -1261,30 +1261,30 @@ do_change_passphrase(struct passwd *pw) | |||
1261 | if (strcmp(passphrase1, passphrase2) != 0) { | 1261 | if (strcmp(passphrase1, passphrase2) != 0) { |
1262 | memset(passphrase1, 0, strlen(passphrase1)); | 1262 | memset(passphrase1, 0, strlen(passphrase1)); |
1263 | memset(passphrase2, 0, strlen(passphrase2)); | 1263 | memset(passphrase2, 0, strlen(passphrase2)); |
1264 | xfree(passphrase1); | 1264 | free(passphrase1); |
1265 | xfree(passphrase2); | 1265 | free(passphrase2); |
1266 | printf("Pass phrases do not match. Try again.\n"); | 1266 | printf("Pass phrases do not match. Try again.\n"); |
1267 | exit(1); | 1267 | exit(1); |
1268 | } | 1268 | } |
1269 | /* Destroy the other copy. */ | 1269 | /* Destroy the other copy. */ |
1270 | memset(passphrase2, 0, strlen(passphrase2)); | 1270 | memset(passphrase2, 0, strlen(passphrase2)); |
1271 | xfree(passphrase2); | 1271 | free(passphrase2); |
1272 | } | 1272 | } |
1273 | 1273 | ||
1274 | /* Save the file using the new passphrase. */ | 1274 | /* Save the file using the new passphrase. */ |
1275 | if (!key_save_private(private, identity_file, passphrase1, comment)) { | 1275 | if (!key_save_private(private, identity_file, passphrase1, comment)) { |
1276 | printf("Saving the key failed: %s.\n", identity_file); | 1276 | printf("Saving the key failed: %s.\n", identity_file); |
1277 | memset(passphrase1, 0, strlen(passphrase1)); | 1277 | memset(passphrase1, 0, strlen(passphrase1)); |
1278 | xfree(passphrase1); | 1278 | free(passphrase1); |
1279 | key_free(private); | 1279 | key_free(private); |
1280 | xfree(comment); | 1280 | free(comment); |
1281 | exit(1); | 1281 | exit(1); |
1282 | } | 1282 | } |
1283 | /* Destroy the passphrase and the copy of the key in memory. */ | 1283 | /* Destroy the passphrase and the copy of the key in memory. */ |
1284 | memset(passphrase1, 0, strlen(passphrase1)); | 1284 | memset(passphrase1, 0, strlen(passphrase1)); |
1285 | xfree(passphrase1); | 1285 | free(passphrase1); |
1286 | key_free(private); /* Destroys contents */ | 1286 | key_free(private); /* Destroys contents */ |
1287 | xfree(comment); | 1287 | free(comment); |
1288 | 1288 | ||
1289 | printf("Your identification has been saved with the new passphrase.\n"); | 1289 | printf("Your identification has been saved with the new passphrase.\n"); |
1290 | exit(0); | 1290 | exit(0); |
@@ -1301,7 +1301,7 @@ do_print_resource_record(struct passwd *pw, char *fname, char *hname) | |||
1301 | struct stat st; | 1301 | struct stat st; |
1302 | 1302 | ||
1303 | if (fname == NULL) | 1303 | if (fname == NULL) |
1304 | ask_filename(pw, "Enter file in which the key is"); | 1304 | fatal("%s: no filename", __func__); |
1305 | if (stat(fname, &st) < 0) { | 1305 | if (stat(fname, &st) < 0) { |
1306 | if (errno == ENOENT) | 1306 | if (errno == ENOENT) |
1307 | return 0; | 1307 | return 0; |
@@ -1312,11 +1312,11 @@ do_print_resource_record(struct passwd *pw, char *fname, char *hname) | |||
1312 | if (public != NULL) { | 1312 | if (public != NULL) { |
1313 | export_dns_rr(hname, public, stdout, print_generic); | 1313 | export_dns_rr(hname, public, stdout, print_generic); |
1314 | key_free(public); | 1314 | key_free(public); |
1315 | xfree(comment); | 1315 | free(comment); |
1316 | return 1; | 1316 | return 1; |
1317 | } | 1317 | } |
1318 | if (comment) | 1318 | if (comment) |
1319 | xfree(comment); | 1319 | free(comment); |
1320 | 1320 | ||
1321 | printf("failed to read v2 public key from %s.\n", fname); | 1321 | printf("failed to read v2 public key from %s.\n", fname); |
1322 | exit(1); | 1322 | exit(1); |
@@ -1354,7 +1354,7 @@ do_change_comment(struct passwd *pw) | |||
1354 | private = key_load_private(identity_file, passphrase, &comment); | 1354 | private = key_load_private(identity_file, passphrase, &comment); |
1355 | if (private == NULL) { | 1355 | if (private == NULL) { |
1356 | memset(passphrase, 0, strlen(passphrase)); | 1356 | memset(passphrase, 0, strlen(passphrase)); |
1357 | xfree(passphrase); | 1357 | free(passphrase); |
1358 | printf("Bad passphrase.\n"); | 1358 | printf("Bad passphrase.\n"); |
1359 | exit(1); | 1359 | exit(1); |
1360 | } | 1360 | } |
@@ -1385,13 +1385,13 @@ do_change_comment(struct passwd *pw) | |||
1385 | if (!key_save_private(private, identity_file, passphrase, new_comment)) { | 1385 | if (!key_save_private(private, identity_file, passphrase, new_comment)) { |
1386 | printf("Saving the key failed: %s.\n", identity_file); | 1386 | printf("Saving the key failed: %s.\n", identity_file); |
1387 | memset(passphrase, 0, strlen(passphrase)); | 1387 | memset(passphrase, 0, strlen(passphrase)); |
1388 | xfree(passphrase); | 1388 | free(passphrase); |
1389 | key_free(private); | 1389 | key_free(private); |
1390 | xfree(comment); | 1390 | free(comment); |
1391 | exit(1); | 1391 | exit(1); |
1392 | } | 1392 | } |
1393 | memset(passphrase, 0, strlen(passphrase)); | 1393 | memset(passphrase, 0, strlen(passphrase)); |
1394 | xfree(passphrase); | 1394 | free(passphrase); |
1395 | public = key_from_private(private); | 1395 | public = key_from_private(private); |
1396 | key_free(private); | 1396 | key_free(private); |
1397 | 1397 | ||
@@ -1412,7 +1412,7 @@ do_change_comment(struct passwd *pw) | |||
1412 | fprintf(f, " %s\n", new_comment); | 1412 | fprintf(f, " %s\n", new_comment); |
1413 | fclose(f); | 1413 | fclose(f); |
1414 | 1414 | ||
1415 | xfree(comment); | 1415 | free(comment); |
1416 | 1416 | ||
1417 | printf("The comment in your key file has been changed.\n"); | 1417 | printf("The comment in your key file has been changed.\n"); |
1418 | exit(0); | 1418 | exit(0); |
@@ -1529,7 +1529,7 @@ load_pkcs11_key(char *path) | |||
1529 | } | 1529 | } |
1530 | key_free(keys[i]); | 1530 | key_free(keys[i]); |
1531 | } | 1531 | } |
1532 | xfree(keys); | 1532 | free(keys); |
1533 | key_free(public); | 1533 | key_free(public); |
1534 | return private; | 1534 | return private; |
1535 | #else | 1535 | #else |
@@ -1573,7 +1573,7 @@ do_ca_sign(struct passwd *pw, int argc, char **argv) | |||
1573 | fatal("No PKCS#11 key matching %s found", ca_key_path); | 1573 | fatal("No PKCS#11 key matching %s found", ca_key_path); |
1574 | } else if ((ca = load_identity(tmp)) == NULL) | 1574 | } else if ((ca = load_identity(tmp)) == NULL) |
1575 | fatal("Couldn't load CA key \"%s\"", tmp); | 1575 | fatal("Couldn't load CA key \"%s\"", tmp); |
1576 | xfree(tmp); | 1576 | free(tmp); |
1577 | 1577 | ||
1578 | for (i = 0; i < argc; i++) { | 1578 | for (i = 0; i < argc; i++) { |
1579 | /* Split list of principals */ | 1579 | /* Split list of principals */ |
@@ -1586,7 +1586,7 @@ do_ca_sign(struct passwd *pw, int argc, char **argv) | |||
1586 | if (*(plist[n] = xstrdup(cp)) == '\0') | 1586 | if (*(plist[n] = xstrdup(cp)) == '\0') |
1587 | fatal("Empty principal name"); | 1587 | fatal("Empty principal name"); |
1588 | } | 1588 | } |
1589 | xfree(otmp); | 1589 | free(otmp); |
1590 | } | 1590 | } |
1591 | 1591 | ||
1592 | tmp = tilde_expand_filename(argv[i], pw->pw_uid); | 1592 | tmp = tilde_expand_filename(argv[i], pw->pw_uid); |
@@ -1624,7 +1624,7 @@ do_ca_sign(struct passwd *pw, int argc, char **argv) | |||
1624 | if ((cp = strrchr(tmp, '.')) != NULL && strcmp(cp, ".pub") == 0) | 1624 | if ((cp = strrchr(tmp, '.')) != NULL && strcmp(cp, ".pub") == 0) |
1625 | *cp = '\0'; | 1625 | *cp = '\0'; |
1626 | xasprintf(&out, "%s-cert.pub", tmp); | 1626 | xasprintf(&out, "%s-cert.pub", tmp); |
1627 | xfree(tmp); | 1627 | free(tmp); |
1628 | 1628 | ||
1629 | if ((fd = open(out, O_WRONLY|O_CREAT|O_TRUNC, 0644)) == -1) | 1629 | if ((fd = open(out, O_WRONLY|O_CREAT|O_TRUNC, 0644)) == -1) |
1630 | fatal("Could not open \"%s\" for writing: %s", out, | 1630 | fatal("Could not open \"%s\" for writing: %s", out, |
@@ -1647,7 +1647,7 @@ do_ca_sign(struct passwd *pw, int argc, char **argv) | |||
1647 | } | 1647 | } |
1648 | 1648 | ||
1649 | key_free(public); | 1649 | key_free(public); |
1650 | xfree(out); | 1650 | free(out); |
1651 | } | 1651 | } |
1652 | pkcs11_terminate(); | 1652 | pkcs11_terminate(); |
1653 | exit(0); | 1653 | exit(0); |
@@ -1744,7 +1744,7 @@ parse_cert_times(char *timespec) | |||
1744 | 1744 | ||
1745 | if (cert_valid_to <= cert_valid_from) | 1745 | if (cert_valid_to <= cert_valid_from) |
1746 | fatal("Empty certificate validity interval"); | 1746 | fatal("Empty certificate validity interval"); |
1747 | xfree(from); | 1747 | free(from); |
1748 | } | 1748 | } |
1749 | 1749 | ||
1750 | static void | 1750 | static void |
@@ -1797,7 +1797,8 @@ add_cert_option(char *opt) | |||
1797 | static void | 1797 | static void |
1798 | show_options(const Buffer *optbuf, int v00, int in_critical) | 1798 | show_options(const Buffer *optbuf, int v00, int in_critical) |
1799 | { | 1799 | { |
1800 | u_char *name, *data; | 1800 | char *name; |
1801 | u_char *data; | ||
1801 | u_int dlen; | 1802 | u_int dlen; |
1802 | Buffer options, option; | 1803 | Buffer options, option; |
1803 | 1804 | ||
@@ -1822,13 +1823,13 @@ show_options(const Buffer *optbuf, int v00, int in_critical) | |||
1822 | strcmp(name, "source-address") == 0)) { | 1823 | strcmp(name, "source-address") == 0)) { |
1823 | data = buffer_get_string(&option, NULL); | 1824 | data = buffer_get_string(&option, NULL); |
1824 | printf(" %s\n", data); | 1825 | printf(" %s\n", data); |
1825 | xfree(data); | 1826 | free(data); |
1826 | } else { | 1827 | } else { |
1827 | printf(" UNKNOWN OPTION (len %u)\n", | 1828 | printf(" UNKNOWN OPTION (len %u)\n", |
1828 | buffer_len(&option)); | 1829 | buffer_len(&option)); |
1829 | buffer_clear(&option); | 1830 | buffer_clear(&option); |
1830 | } | 1831 | } |
1831 | xfree(name); | 1832 | free(name); |
1832 | if (buffer_len(&option) != 0) | 1833 | if (buffer_len(&option) != 0) |
1833 | fatal("Option corrupt: extra data at end"); | 1834 | fatal("Option corrupt: extra data at end"); |
1834 | } | 1835 | } |
@@ -2038,6 +2039,7 @@ update_krl_from_file(struct passwd *pw, const char *file, const Key *ca, | |||
2038 | } | 2039 | } |
2039 | if (strcmp(path, "-") != 0) | 2040 | if (strcmp(path, "-") != 0) |
2040 | fclose(krl_spec); | 2041 | fclose(krl_spec); |
2042 | free(path); | ||
2041 | } | 2043 | } |
2042 | 2044 | ||
2043 | static void | 2045 | static void |
@@ -2063,7 +2065,7 @@ do_gen_krl(struct passwd *pw, int updating, int argc, char **argv) | |||
2063 | tmp = tilde_expand_filename(ca_key_path, pw->pw_uid); | 2065 | tmp = tilde_expand_filename(ca_key_path, pw->pw_uid); |
2064 | if ((ca = key_load_public(tmp, NULL)) == NULL) | 2066 | if ((ca = key_load_public(tmp, NULL)) == NULL) |
2065 | fatal("Cannot load CA public key %s", tmp); | 2067 | fatal("Cannot load CA public key %s", tmp); |
2066 | xfree(tmp); | 2068 | free(tmp); |
2067 | } | 2069 | } |
2068 | 2070 | ||
2069 | if (updating) | 2071 | if (updating) |
@@ -2090,6 +2092,8 @@ do_gen_krl(struct passwd *pw, int updating, int argc, char **argv) | |||
2090 | close(fd); | 2092 | close(fd); |
2091 | buffer_free(&kbuf); | 2093 | buffer_free(&kbuf); |
2092 | ssh_krl_free(krl); | 2094 | ssh_krl_free(krl); |
2095 | if (ca != NULL) | ||
2096 | key_free(ca); | ||
2093 | } | 2097 | } |
2094 | 2098 | ||
2095 | static void | 2099 | static void |
@@ -2210,7 +2214,7 @@ main(int argc, char **argv) | |||
2210 | /* we need this for the home * directory. */ | 2214 | /* we need this for the home * directory. */ |
2211 | pw = getpwuid(getuid()); | 2215 | pw = getpwuid(getuid()); |
2212 | if (!pw) { | 2216 | if (!pw) { |
2213 | printf("You don't exist, go away!\n"); | 2217 | printf("No user exists for uid %lu\n", (u_long)getuid()); |
2214 | exit(1); | 2218 | exit(1); |
2215 | } | 2219 | } |
2216 | if (gethostname(hostname, sizeof(hostname)) < 0) { | 2220 | if (gethostname(hostname, sizeof(hostname)) < 0) { |
@@ -2599,14 +2603,14 @@ passphrase_again: | |||
2599 | */ | 2603 | */ |
2600 | memset(passphrase1, 0, strlen(passphrase1)); | 2604 | memset(passphrase1, 0, strlen(passphrase1)); |
2601 | memset(passphrase2, 0, strlen(passphrase2)); | 2605 | memset(passphrase2, 0, strlen(passphrase2)); |
2602 | xfree(passphrase1); | 2606 | free(passphrase1); |
2603 | xfree(passphrase2); | 2607 | free(passphrase2); |
2604 | printf("Passphrases do not match. Try again.\n"); | 2608 | printf("Passphrases do not match. Try again.\n"); |
2605 | goto passphrase_again; | 2609 | goto passphrase_again; |
2606 | } | 2610 | } |
2607 | /* Clear the other copy of the passphrase. */ | 2611 | /* Clear the other copy of the passphrase. */ |
2608 | memset(passphrase2, 0, strlen(passphrase2)); | 2612 | memset(passphrase2, 0, strlen(passphrase2)); |
2609 | xfree(passphrase2); | 2613 | free(passphrase2); |
2610 | } | 2614 | } |
2611 | 2615 | ||
2612 | if (identity_comment) { | 2616 | if (identity_comment) { |
@@ -2620,12 +2624,12 @@ passphrase_again: | |||
2620 | if (!key_save_private(private, identity_file, passphrase1, comment)) { | 2624 | if (!key_save_private(private, identity_file, passphrase1, comment)) { |
2621 | printf("Saving the key failed: %s.\n", identity_file); | 2625 | printf("Saving the key failed: %s.\n", identity_file); |
2622 | memset(passphrase1, 0, strlen(passphrase1)); | 2626 | memset(passphrase1, 0, strlen(passphrase1)); |
2623 | xfree(passphrase1); | 2627 | free(passphrase1); |
2624 | exit(1); | 2628 | exit(1); |
2625 | } | 2629 | } |
2626 | /* Clear the passphrase. */ | 2630 | /* Clear the passphrase. */ |
2627 | memset(passphrase1, 0, strlen(passphrase1)); | 2631 | memset(passphrase1, 0, strlen(passphrase1)); |
2628 | xfree(passphrase1); | 2632 | free(passphrase1); |
2629 | 2633 | ||
2630 | /* Clear the private key and the random number generator. */ | 2634 | /* Clear the private key and the random number generator. */ |
2631 | key_free(private); | 2635 | key_free(private); |
@@ -2660,8 +2664,8 @@ passphrase_again: | |||
2660 | printf("%s %s\n", fp, comment); | 2664 | printf("%s %s\n", fp, comment); |
2661 | printf("The key's randomart image is:\n"); | 2665 | printf("The key's randomart image is:\n"); |
2662 | printf("%s\n", ra); | 2666 | printf("%s\n", ra); |
2663 | xfree(ra); | 2667 | free(ra); |
2664 | xfree(fp); | 2668 | free(fp); |
2665 | } | 2669 | } |
2666 | 2670 | ||
2667 | key_free(public); | 2671 | key_free(public); |
diff --git a/ssh-keyscan.0 b/ssh-keyscan.0 index 559c5a1f4..3ea99c320 100644 --- a/ssh-keyscan.0 +++ b/ssh-keyscan.0 | |||
@@ -106,4 +106,4 @@ BUGS | |||
106 | This is because it opens a connection to the ssh port, reads the public | 106 | This is because it opens a connection to the ssh port, reads the public |
107 | key, and drops the connection as soon as it gets the key. | 107 | key, and drops the connection as soon as it gets the key. |
108 | 108 | ||
109 | OpenBSD 5.3 April 11, 2012 OpenBSD 5.3 | 109 | OpenBSD 5.4 July 16, 2013 OpenBSD 5.4 |
diff --git a/ssh-keyscan.1 b/ssh-keyscan.1 index f2b0fc8fa..c35ea05e0 100644 --- a/ssh-keyscan.1 +++ b/ssh-keyscan.1 | |||
@@ -1,4 +1,4 @@ | |||
1 | .\" $OpenBSD: ssh-keyscan.1,v 1.30 2012/04/11 13:34:17 djm Exp $ | 1 | .\" $OpenBSD: ssh-keyscan.1,v 1.31 2013/07/16 00:07:52 schwarze Exp $ |
2 | .\" | 2 | .\" |
3 | .\" Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. | 3 | .\" Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. |
4 | .\" | 4 | .\" |
@@ -6,7 +6,7 @@ | |||
6 | .\" permitted provided that due credit is given to the author and the | 6 | .\" permitted provided that due credit is given to the author and the |
7 | .\" OpenBSD project by leaving this copyright notice intact. | 7 | .\" OpenBSD project by leaving this copyright notice intact. |
8 | .\" | 8 | .\" |
9 | .Dd $Mdocdate: April 11 2012 $ | 9 | .Dd $Mdocdate: July 16 2013 $ |
10 | .Dt SSH-KEYSCAN 1 | 10 | .Dt SSH-KEYSCAN 1 |
11 | .Os | 11 | .Os |
12 | .Sh NAME | 12 | .Sh NAME |
@@ -164,9 +164,9 @@ $ ssh-keyscan -t rsa,dsa,ecdsa -f ssh_hosts | \e | |||
164 | .Xr sshd 8 | 164 | .Xr sshd 8 |
165 | .Sh AUTHORS | 165 | .Sh AUTHORS |
166 | .An -nosplit | 166 | .An -nosplit |
167 | .An David Mazieres Aq dm@lcs.mit.edu | 167 | .An David Mazieres Aq Mt dm@lcs.mit.edu |
168 | wrote the initial version, and | 168 | wrote the initial version, and |
169 | .An Wayne Davison Aq wayned@users.sourceforge.net | 169 | .An Wayne Davison Aq Mt wayned@users.sourceforge.net |
170 | added support for protocol version 2. | 170 | added support for protocol version 2. |
171 | .Sh BUGS | 171 | .Sh BUGS |
172 | It generates "Connection closed by remote host" messages on the consoles | 172 | It generates "Connection closed by remote host" messages on the consoles |
diff --git a/ssh-keyscan.c b/ssh-keyscan.c index c9de130f4..8b807c10a 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-keyscan.c,v 1.86 2012/04/11 13:34:17 djm Exp $ */ | 1 | /* $OpenBSD: ssh-keyscan.c,v 1.87 2013/05/17 00:13:14 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. | 3 | * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. |
4 | * | 4 | * |
@@ -263,7 +263,7 @@ keygrab_ssh2(con *c) | |||
263 | exit(1); | 263 | exit(1); |
264 | } | 264 | } |
265 | nonfatal_fatal = 0; | 265 | nonfatal_fatal = 0; |
266 | xfree(c->c_kex); | 266 | free(c->c_kex); |
267 | c->c_kex = NULL; | 267 | c->c_kex = NULL; |
268 | packet_close(); | 268 | packet_close(); |
269 | 269 | ||
@@ -329,7 +329,7 @@ conalloc(char *iname, char *oname, int keytype) | |||
329 | do { | 329 | do { |
330 | name = xstrsep(&namelist, ","); | 330 | name = xstrsep(&namelist, ","); |
331 | if (!name) { | 331 | if (!name) { |
332 | xfree(namebase); | 332 | free(namebase); |
333 | return (-1); | 333 | return (-1); |
334 | } | 334 | } |
335 | } while ((s = tcpconnect(name)) < 0); | 335 | } while ((s = tcpconnect(name)) < 0); |
@@ -363,10 +363,10 @@ confree(int s) | |||
363 | if (s >= maxfd || fdcon[s].c_status == CS_UNUSED) | 363 | if (s >= maxfd || fdcon[s].c_status == CS_UNUSED) |
364 | fatal("confree: attempt to free bad fdno %d", s); | 364 | fatal("confree: attempt to free bad fdno %d", s); |
365 | close(s); | 365 | close(s); |
366 | xfree(fdcon[s].c_namebase); | 366 | free(fdcon[s].c_namebase); |
367 | xfree(fdcon[s].c_output_name); | 367 | free(fdcon[s].c_output_name); |
368 | if (fdcon[s].c_status == CS_KEYS) | 368 | if (fdcon[s].c_status == CS_KEYS) |
369 | xfree(fdcon[s].c_data); | 369 | free(fdcon[s].c_data); |
370 | fdcon[s].c_status = CS_UNUSED; | 370 | fdcon[s].c_status = CS_UNUSED; |
371 | fdcon[s].c_keytype = 0; | 371 | fdcon[s].c_keytype = 0; |
372 | TAILQ_REMOVE(&tq, &fdcon[s], c_link); | 372 | TAILQ_REMOVE(&tq, &fdcon[s], c_link); |
@@ -553,8 +553,8 @@ conloop(void) | |||
553 | } else if (FD_ISSET(i, r)) | 553 | } else if (FD_ISSET(i, r)) |
554 | conread(i); | 554 | conread(i); |
555 | } | 555 | } |
556 | xfree(r); | 556 | free(r); |
557 | xfree(e); | 557 | free(e); |
558 | 558 | ||
559 | c = TAILQ_FIRST(&tq); | 559 | c = TAILQ_FIRST(&tq); |
560 | while (c && (c->c_tv.tv_sec < now.tv_sec || | 560 | while (c && (c->c_tv.tv_sec < now.tv_sec || |
diff --git a/ssh-keysign.0 b/ssh-keysign.0 index a2e9eec2b..808828a07 100644 --- a/ssh-keysign.0 +++ b/ssh-keysign.0 | |||
@@ -48,4 +48,4 @@ HISTORY | |||
48 | AUTHORS | 48 | AUTHORS |
49 | Markus Friedl <markus@openbsd.org> | 49 | Markus Friedl <markus@openbsd.org> |
50 | 50 | ||
51 | OpenBSD 5.3 August 31, 2010 OpenBSD 5.3 | 51 | OpenBSD 5.4 July 16, 2013 OpenBSD 5.4 |
diff --git a/ssh-keysign.8 b/ssh-keysign.8 index 5e09e0271..5e0b2d232 100644 --- a/ssh-keysign.8 +++ b/ssh-keysign.8 | |||
@@ -1,4 +1,4 @@ | |||
1 | .\" $OpenBSD: ssh-keysign.8,v 1.12 2010/08/31 11:54:45 djm Exp $ | 1 | .\" $OpenBSD: ssh-keysign.8,v 1.13 2013/07/16 00:07:52 schwarze Exp $ |
2 | .\" | 2 | .\" |
3 | .\" Copyright (c) 2002 Markus Friedl. All rights reserved. | 3 | .\" Copyright (c) 2002 Markus Friedl. All rights reserved. |
4 | .\" | 4 | .\" |
@@ -22,7 +22,7 @@ | |||
22 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 22 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
23 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 23 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
24 | .\" | 24 | .\" |
25 | .Dd $Mdocdate: August 31 2010 $ | 25 | .Dd $Mdocdate: July 16 2013 $ |
26 | .Dt SSH-KEYSIGN 8 | 26 | .Dt SSH-KEYSIGN 8 |
27 | .Os | 27 | .Os |
28 | .Sh NAME | 28 | .Sh NAME |
@@ -88,4 +88,4 @@ information corresponding with the private keys above. | |||
88 | first appeared in | 88 | first appeared in |
89 | .Ox 3.2 . | 89 | .Ox 3.2 . |
90 | .Sh AUTHORS | 90 | .Sh AUTHORS |
91 | .An Markus Friedl Aq markus@openbsd.org | 91 | .An Markus Friedl Aq Mt markus@openbsd.org |
diff --git a/ssh-keysign.c b/ssh-keysign.c index 1deb7e141..9a6653c7c 100644 --- a/ssh-keysign.c +++ b/ssh-keysign.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-keysign.c,v 1.36 2011/02/16 00:31:14 djm Exp $ */ | 1 | /* $OpenBSD: ssh-keysign.c,v 1.37 2013/05/17 00:13:14 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2002 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2002 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -78,7 +78,7 @@ valid_request(struct passwd *pw, char *host, Key **ret, u_char *data, | |||
78 | p = buffer_get_string(&b, &len); | 78 | p = buffer_get_string(&b, &len); |
79 | if (len != 20 && len != 32) | 79 | if (len != 20 && len != 32) |
80 | fail++; | 80 | fail++; |
81 | xfree(p); | 81 | free(p); |
82 | 82 | ||
83 | if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST) | 83 | if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST) |
84 | fail++; | 84 | fail++; |
@@ -90,13 +90,13 @@ valid_request(struct passwd *pw, char *host, Key **ret, u_char *data, | |||
90 | p = buffer_get_string(&b, NULL); | 90 | p = buffer_get_string(&b, NULL); |
91 | if (strcmp("ssh-connection", p) != 0) | 91 | if (strcmp("ssh-connection", p) != 0) |
92 | fail++; | 92 | fail++; |
93 | xfree(p); | 93 | free(p); |
94 | 94 | ||
95 | /* method */ | 95 | /* method */ |
96 | p = buffer_get_string(&b, NULL); | 96 | p = buffer_get_string(&b, NULL); |
97 | if (strcmp("hostbased", p) != 0) | 97 | if (strcmp("hostbased", p) != 0) |
98 | fail++; | 98 | fail++; |
99 | xfree(p); | 99 | free(p); |
100 | 100 | ||
101 | /* pubkey */ | 101 | /* pubkey */ |
102 | pkalg = buffer_get_string(&b, NULL); | 102 | pkalg = buffer_get_string(&b, NULL); |
@@ -109,8 +109,8 @@ valid_request(struct passwd *pw, char *host, Key **ret, u_char *data, | |||
109 | fail++; | 109 | fail++; |
110 | else if (key->type != pktype) | 110 | else if (key->type != pktype) |
111 | fail++; | 111 | fail++; |
112 | xfree(pkalg); | 112 | free(pkalg); |
113 | xfree(pkblob); | 113 | free(pkblob); |
114 | 114 | ||
115 | /* client host name, handle trailing dot */ | 115 | /* client host name, handle trailing dot */ |
116 | p = buffer_get_string(&b, &len); | 116 | p = buffer_get_string(&b, &len); |
@@ -121,14 +121,14 @@ valid_request(struct passwd *pw, char *host, Key **ret, u_char *data, | |||
121 | fail++; | 121 | fail++; |
122 | else if (strncasecmp(host, p, len - 1) != 0) | 122 | else if (strncasecmp(host, p, len - 1) != 0) |
123 | fail++; | 123 | fail++; |
124 | xfree(p); | 124 | free(p); |
125 | 125 | ||
126 | /* local user */ | 126 | /* local user */ |
127 | p = buffer_get_string(&b, NULL); | 127 | p = buffer_get_string(&b, NULL); |
128 | 128 | ||
129 | if (strcmp(pw->pw_name, p) != 0) | 129 | if (strcmp(pw->pw_name, p) != 0) |
130 | fail++; | 130 | fail++; |
131 | xfree(p); | 131 | free(p); |
132 | 132 | ||
133 | /* end of message */ | 133 | /* end of message */ |
134 | if (buffer_len(&b) != 0) | 134 | if (buffer_len(&b) != 0) |
@@ -233,7 +233,7 @@ main(int argc, char **argv) | |||
233 | data = buffer_get_string(&b, &dlen); | 233 | data = buffer_get_string(&b, &dlen); |
234 | if (valid_request(pw, host, &key, data, dlen) < 0) | 234 | if (valid_request(pw, host, &key, data, dlen) < 0) |
235 | fatal("not a valid request"); | 235 | fatal("not a valid request"); |
236 | xfree(host); | 236 | free(host); |
237 | 237 | ||
238 | found = 0; | 238 | found = 0; |
239 | for (i = 0; i < NUM_KEYTYPES; i++) { | 239 | for (i = 0; i < NUM_KEYTYPES; i++) { |
@@ -248,7 +248,7 @@ main(int argc, char **argv) | |||
248 | 248 | ||
249 | if (key_sign(keys[i], &signature, &slen, data, dlen) != 0) | 249 | if (key_sign(keys[i], &signature, &slen, data, dlen) != 0) |
250 | fatal("key_sign failed"); | 250 | fatal("key_sign failed"); |
251 | xfree(data); | 251 | free(data); |
252 | 252 | ||
253 | /* send reply */ | 253 | /* send reply */ |
254 | buffer_clear(&b); | 254 | buffer_clear(&b); |
diff --git a/ssh-pkcs11-client.c b/ssh-pkcs11-client.c index 82b11daf5..6c9f9d2c1 100644 --- a/ssh-pkcs11-client.c +++ b/ssh-pkcs11-client.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-pkcs11-client.c,v 1.3 2012/01/16 20:34:09 miod Exp $ */ | 1 | /* $OpenBSD: ssh-pkcs11-client.c,v 1.4 2013/05/17 00:13:14 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2010 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2010 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -121,7 +121,7 @@ pkcs11_rsa_private_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa, | |||
121 | buffer_put_string(&msg, blob, blen); | 121 | buffer_put_string(&msg, blob, blen); |
122 | buffer_put_string(&msg, from, flen); | 122 | buffer_put_string(&msg, from, flen); |
123 | buffer_put_int(&msg, 0); | 123 | buffer_put_int(&msg, 0); |
124 | xfree(blob); | 124 | free(blob); |
125 | send_msg(&msg); | 125 | send_msg(&msg); |
126 | buffer_clear(&msg); | 126 | buffer_clear(&msg); |
127 | 127 | ||
@@ -131,7 +131,7 @@ pkcs11_rsa_private_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa, | |||
131 | memcpy(to, signature, slen); | 131 | memcpy(to, signature, slen); |
132 | ret = slen; | 132 | ret = slen; |
133 | } | 133 | } |
134 | xfree(signature); | 134 | free(signature); |
135 | } | 135 | } |
136 | buffer_free(&msg); | 136 | buffer_free(&msg); |
137 | return (ret); | 137 | return (ret); |
@@ -205,11 +205,11 @@ pkcs11_add_provider(char *name, char *pin, Key ***keysp) | |||
205 | *keysp = xcalloc(nkeys, sizeof(Key *)); | 205 | *keysp = xcalloc(nkeys, sizeof(Key *)); |
206 | for (i = 0; i < nkeys; i++) { | 206 | for (i = 0; i < nkeys; i++) { |
207 | blob = buffer_get_string(&msg, &blen); | 207 | blob = buffer_get_string(&msg, &blen); |
208 | xfree(buffer_get_string(&msg, NULL)); | 208 | free(buffer_get_string(&msg, NULL)); |
209 | k = key_from_blob(blob, blen); | 209 | k = key_from_blob(blob, blen); |
210 | wrap_key(k->rsa); | 210 | wrap_key(k->rsa); |
211 | (*keysp)[i] = k; | 211 | (*keysp)[i] = k; |
212 | xfree(blob); | 212 | free(blob); |
213 | } | 213 | } |
214 | } else { | 214 | } else { |
215 | nkeys = -1; | 215 | nkeys = -1; |
diff --git a/ssh-pkcs11-helper.0 b/ssh-pkcs11-helper.0 index dcfaa222a..d9ea34248 100644 --- a/ssh-pkcs11-helper.0 +++ b/ssh-pkcs11-helper.0 | |||
@@ -22,4 +22,4 @@ HISTORY | |||
22 | AUTHORS | 22 | AUTHORS |
23 | Markus Friedl <markus@openbsd.org> | 23 | Markus Friedl <markus@openbsd.org> |
24 | 24 | ||
25 | OpenBSD 5.3 February 10, 2010 OpenBSD 5.3 | 25 | OpenBSD 5.4 July 16, 2013 OpenBSD 5.4 |
diff --git a/ssh-pkcs11-helper.8 b/ssh-pkcs11-helper.8 index 9bdaadc01..3728c4e4e 100644 --- a/ssh-pkcs11-helper.8 +++ b/ssh-pkcs11-helper.8 | |||
@@ -1,4 +1,4 @@ | |||
1 | .\" $OpenBSD: ssh-pkcs11-helper.8,v 1.3 2010/02/10 23:20:38 markus Exp $ | 1 | .\" $OpenBSD: ssh-pkcs11-helper.8,v 1.4 2013/07/16 00:07:52 schwarze Exp $ |
2 | .\" | 2 | .\" |
3 | .\" Copyright (c) 2010 Markus Friedl. All rights reserved. | 3 | .\" Copyright (c) 2010 Markus Friedl. All rights reserved. |
4 | .\" | 4 | .\" |
@@ -14,7 +14,7 @@ | |||
14 | .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF | 14 | .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF |
15 | .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | 15 | .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
16 | .\" | 16 | .\" |
17 | .Dd $Mdocdate: February 10 2010 $ | 17 | .Dd $Mdocdate: July 16 2013 $ |
18 | .Dt SSH-PKCS11-HELPER 8 | 18 | .Dt SSH-PKCS11-HELPER 8 |
19 | .Os | 19 | .Os |
20 | .Sh NAME | 20 | .Sh NAME |
@@ -40,4 +40,4 @@ is not intended to be invoked by the user, but from | |||
40 | first appeared in | 40 | first appeared in |
41 | .Ox 4.7 . | 41 | .Ox 4.7 . |
42 | .Sh AUTHORS | 42 | .Sh AUTHORS |
43 | .An Markus Friedl Aq markus@openbsd.org | 43 | .An Markus Friedl Aq Mt markus@openbsd.org |
diff --git a/ssh-pkcs11-helper.c b/ssh-pkcs11-helper.c index fcb5defc0..39b2e7c56 100644 --- a/ssh-pkcs11-helper.c +++ b/ssh-pkcs11-helper.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-pkcs11-helper.c,v 1.4 2012/07/02 12:13:26 dtucker Exp $ */ | 1 | /* $OpenBSD: ssh-pkcs11-helper.c,v 1.6 2013/05/17 00:13:14 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2010 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2010 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -79,7 +79,7 @@ del_keys_by_name(char *name) | |||
79 | nxt = TAILQ_NEXT(ki, next); | 79 | nxt = TAILQ_NEXT(ki, next); |
80 | if (!strcmp(ki->providername, name)) { | 80 | if (!strcmp(ki->providername, name)) { |
81 | TAILQ_REMOVE(&pkcs11_keylist, ki, next); | 81 | TAILQ_REMOVE(&pkcs11_keylist, ki, next); |
82 | xfree(ki->providername); | 82 | free(ki->providername); |
83 | key_free(ki->key); | 83 | key_free(ki->key); |
84 | free(ki); | 84 | free(ki); |
85 | } | 85 | } |
@@ -130,15 +130,15 @@ process_add(void) | |||
130 | key_to_blob(keys[i], &blob, &blen); | 130 | key_to_blob(keys[i], &blob, &blen); |
131 | buffer_put_string(&msg, blob, blen); | 131 | buffer_put_string(&msg, blob, blen); |
132 | buffer_put_cstring(&msg, name); | 132 | buffer_put_cstring(&msg, name); |
133 | xfree(blob); | 133 | free(blob); |
134 | add_key(keys[i], name); | 134 | add_key(keys[i], name); |
135 | } | 135 | } |
136 | xfree(keys); | 136 | free(keys); |
137 | } else { | 137 | } else { |
138 | buffer_put_char(&msg, SSH_AGENT_FAILURE); | 138 | buffer_put_char(&msg, SSH_AGENT_FAILURE); |
139 | } | 139 | } |
140 | xfree(pin); | 140 | free(pin); |
141 | xfree(name); | 141 | free(name); |
142 | send_msg(&msg); | 142 | send_msg(&msg); |
143 | buffer_free(&msg); | 143 | buffer_free(&msg); |
144 | } | 144 | } |
@@ -157,8 +157,8 @@ process_del(void) | |||
157 | buffer_put_char(&msg, SSH_AGENT_SUCCESS); | 157 | buffer_put_char(&msg, SSH_AGENT_SUCCESS); |
158 | else | 158 | else |
159 | buffer_put_char(&msg, SSH_AGENT_FAILURE); | 159 | buffer_put_char(&msg, SSH_AGENT_FAILURE); |
160 | xfree(pin); | 160 | free(pin); |
161 | xfree(name); | 161 | free(name); |
162 | send_msg(&msg); | 162 | send_msg(&msg); |
163 | buffer_free(&msg); | 163 | buffer_free(&msg); |
164 | } | 164 | } |
@@ -195,10 +195,9 @@ process_sign(void) | |||
195 | } else { | 195 | } else { |
196 | buffer_put_char(&msg, SSH_AGENT_FAILURE); | 196 | buffer_put_char(&msg, SSH_AGENT_FAILURE); |
197 | } | 197 | } |
198 | xfree(data); | 198 | free(data); |
199 | xfree(blob); | 199 | free(blob); |
200 | if (signature != NULL) | 200 | free(signature); |
201 | xfree(signature); | ||
202 | send_msg(&msg); | 201 | send_msg(&msg); |
203 | buffer_free(&msg); | 202 | buffer_free(&msg); |
204 | } | 203 | } |
@@ -274,7 +273,6 @@ main(int argc, char **argv) | |||
274 | LogLevel log_level = SYSLOG_LEVEL_ERROR; | 273 | LogLevel log_level = SYSLOG_LEVEL_ERROR; |
275 | char buf[4*4096]; | 274 | char buf[4*4096]; |
276 | 275 | ||
277 | extern char *optarg; | ||
278 | extern char *__progname; | 276 | extern char *__progname; |
279 | 277 | ||
280 | TAILQ_INIT(&pkcs11_keylist); | 278 | TAILQ_INIT(&pkcs11_keylist); |
diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c index 1f4c1c8e4..618c07526 100644 --- a/ssh-pkcs11.c +++ b/ssh-pkcs11.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-pkcs11.c,v 1.6 2010/06/08 21:32:19 markus Exp $ */ | 1 | /* $OpenBSD: ssh-pkcs11.c,v 1.8 2013/07/12 00:20:00 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2010 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2010 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -120,9 +120,9 @@ pkcs11_provider_unref(struct pkcs11_provider *p) | |||
120 | if (--p->refcount <= 0) { | 120 | if (--p->refcount <= 0) { |
121 | if (p->valid) | 121 | if (p->valid) |
122 | error("pkcs11_provider_unref: %p still valid", p); | 122 | error("pkcs11_provider_unref: %p still valid", p); |
123 | xfree(p->slotlist); | 123 | free(p->slotlist); |
124 | xfree(p->slotinfo); | 124 | free(p->slotinfo); |
125 | xfree(p); | 125 | free(p); |
126 | } | 126 | } |
127 | } | 127 | } |
128 | 128 | ||
@@ -180,9 +180,8 @@ pkcs11_rsa_finish(RSA *rsa) | |||
180 | rv = k11->orig_finish(rsa); | 180 | rv = k11->orig_finish(rsa); |
181 | if (k11->provider) | 181 | if (k11->provider) |
182 | pkcs11_provider_unref(k11->provider); | 182 | pkcs11_provider_unref(k11->provider); |
183 | if (k11->keyid) | 183 | free(k11->keyid); |
184 | xfree(k11->keyid); | 184 | free(k11); |
185 | xfree(k11); | ||
186 | } | 185 | } |
187 | return (rv); | 186 | return (rv); |
188 | } | 187 | } |
@@ -264,13 +263,13 @@ pkcs11_rsa_private_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa, | |||
264 | pin = read_passphrase(prompt, RP_ALLOW_EOF); | 263 | pin = read_passphrase(prompt, RP_ALLOW_EOF); |
265 | if (pin == NULL) | 264 | if (pin == NULL) |
266 | return (-1); /* bail out */ | 265 | return (-1); /* bail out */ |
267 | if ((rv = f->C_Login(si->session, CKU_USER, pin, strlen(pin))) | 266 | if ((rv = f->C_Login(si->session, CKU_USER, |
268 | != CKR_OK) { | 267 | (u_char *)pin, strlen(pin))) != CKR_OK) { |
269 | xfree(pin); | 268 | free(pin); |
270 | error("C_Login failed: %lu", rv); | 269 | error("C_Login failed: %lu", rv); |
271 | return (-1); | 270 | return (-1); |
272 | } | 271 | } |
273 | xfree(pin); | 272 | free(pin); |
274 | si->logged_in = 1; | 273 | si->logged_in = 1; |
275 | } | 274 | } |
276 | key_filter[1].pValue = k11->keyid; | 275 | key_filter[1].pValue = k11->keyid; |
@@ -329,7 +328,7 @@ pkcs11_rsa_wrap(struct pkcs11_provider *provider, CK_ULONG slotidx, | |||
329 | 328 | ||
330 | /* remove trailing spaces */ | 329 | /* remove trailing spaces */ |
331 | static void | 330 | static void |
332 | rmspace(char *buf, size_t len) | 331 | rmspace(u_char *buf, size_t len) |
333 | { | 332 | { |
334 | size_t i; | 333 | size_t i; |
335 | 334 | ||
@@ -367,8 +366,8 @@ pkcs11_open_session(struct pkcs11_provider *p, CK_ULONG slotidx, char *pin) | |||
367 | return (-1); | 366 | return (-1); |
368 | } | 367 | } |
369 | if (login_required && pin) { | 368 | if (login_required && pin) { |
370 | if ((rv = f->C_Login(session, CKU_USER, pin, strlen(pin))) | 369 | if ((rv = f->C_Login(session, CKU_USER, |
371 | != CKR_OK) { | 370 | (u_char *)pin, strlen(pin))) != CKR_OK) { |
372 | error("C_Login failed: %lu", rv); | 371 | error("C_Login failed: %lu", rv); |
373 | if ((rv = f->C_CloseSession(session)) != CKR_OK) | 372 | if ((rv = f->C_CloseSession(session)) != CKR_OK) |
374 | error("C_CloseSession failed: %lu", rv); | 373 | error("C_CloseSession failed: %lu", rv); |
@@ -470,7 +469,7 @@ pkcs11_fetch_keys(struct pkcs11_provider *p, CK_ULONG slotidx, Key ***keysp, | |||
470 | } | 469 | } |
471 | } | 470 | } |
472 | for (i = 0; i < 3; i++) | 471 | for (i = 0; i < 3; i++) |
473 | xfree(attribs[i].pValue); | 472 | free(attribs[i].pValue); |
474 | } | 473 | } |
475 | if ((rv = f->C_FindObjectsFinal(session)) != CKR_OK) | 474 | if ((rv = f->C_FindObjectsFinal(session)) != CKR_OK) |
476 | error("C_FindObjectsFinal failed: %lu", rv); | 475 | error("C_FindObjectsFinal failed: %lu", rv); |
@@ -579,11 +578,9 @@ fail: | |||
579 | if (need_finalize && (rv = f->C_Finalize(NULL)) != CKR_OK) | 578 | if (need_finalize && (rv = f->C_Finalize(NULL)) != CKR_OK) |
580 | error("C_Finalize failed: %lu", rv); | 579 | error("C_Finalize failed: %lu", rv); |
581 | if (p) { | 580 | if (p) { |
582 | if (p->slotlist) | 581 | free(p->slotlist); |
583 | xfree(p->slotlist); | 582 | free(p->slotinfo); |
584 | if (p->slotinfo) | 583 | free(p); |
585 | xfree(p->slotinfo); | ||
586 | xfree(p); | ||
587 | } | 584 | } |
588 | if (handle) | 585 | if (handle) |
589 | dlclose(handle); | 586 | dlclose(handle); |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-rsa.c,v 1.45 2010/08/31 09:58:37 djm Exp $ */ | 1 | /* $OpenBSD: ssh-rsa.c,v 1.46 2013/05/17 00:13:14 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000, 2003 Markus Friedl <markus@openbsd.org> | 3 | * Copyright (c) 2000, 2003 Markus Friedl <markus@openbsd.org> |
4 | * | 4 | * |
@@ -72,7 +72,7 @@ ssh_rsa_sign(const Key *key, u_char **sigp, u_int *lenp, | |||
72 | 72 | ||
73 | error("ssh_rsa_sign: RSA_sign failed: %s", | 73 | error("ssh_rsa_sign: RSA_sign failed: %s", |
74 | ERR_error_string(ecode, NULL)); | 74 | ERR_error_string(ecode, NULL)); |
75 | xfree(sig); | 75 | free(sig); |
76 | return -1; | 76 | return -1; |
77 | } | 77 | } |
78 | if (len < slen) { | 78 | if (len < slen) { |
@@ -82,7 +82,7 @@ ssh_rsa_sign(const Key *key, u_char **sigp, u_int *lenp, | |||
82 | memset(sig, 0, diff); | 82 | memset(sig, 0, diff); |
83 | } else if (len > slen) { | 83 | } else if (len > slen) { |
84 | error("ssh_rsa_sign: slen %u slen2 %u", slen, len); | 84 | error("ssh_rsa_sign: slen %u slen2 %u", slen, len); |
85 | xfree(sig); | 85 | free(sig); |
86 | return -1; | 86 | return -1; |
87 | } | 87 | } |
88 | /* encode signature */ | 88 | /* encode signature */ |
@@ -98,7 +98,7 @@ ssh_rsa_sign(const Key *key, u_char **sigp, u_int *lenp, | |||
98 | } | 98 | } |
99 | buffer_free(&b); | 99 | buffer_free(&b); |
100 | memset(sig, 's', slen); | 100 | memset(sig, 's', slen); |
101 | xfree(sig); | 101 | free(sig); |
102 | 102 | ||
103 | return 0; | 103 | return 0; |
104 | } | 104 | } |
@@ -131,23 +131,23 @@ ssh_rsa_verify(const Key *key, const u_char *signature, u_int signaturelen, | |||
131 | if (strcmp("ssh-rsa", ktype) != 0) { | 131 | if (strcmp("ssh-rsa", ktype) != 0) { |
132 | error("ssh_rsa_verify: cannot handle type %s", ktype); | 132 | error("ssh_rsa_verify: cannot handle type %s", ktype); |
133 | buffer_free(&b); | 133 | buffer_free(&b); |
134 | xfree(ktype); | 134 | free(ktype); |
135 | return -1; | 135 | return -1; |
136 | } | 136 | } |
137 | xfree(ktype); | 137 | free(ktype); |
138 | sigblob = buffer_get_string(&b, &len); | 138 | sigblob = buffer_get_string(&b, &len); |
139 | rlen = buffer_len(&b); | 139 | rlen = buffer_len(&b); |
140 | buffer_free(&b); | 140 | buffer_free(&b); |
141 | if (rlen != 0) { | 141 | if (rlen != 0) { |
142 | error("ssh_rsa_verify: remaining bytes in signature %d", rlen); | 142 | error("ssh_rsa_verify: remaining bytes in signature %d", rlen); |
143 | xfree(sigblob); | 143 | free(sigblob); |
144 | return -1; | 144 | return -1; |
145 | } | 145 | } |
146 | /* RSA_verify expects a signature of RSA_size */ | 146 | /* RSA_verify expects a signature of RSA_size */ |
147 | modlen = RSA_size(key->rsa); | 147 | modlen = RSA_size(key->rsa); |
148 | if (len > modlen) { | 148 | if (len > modlen) { |
149 | error("ssh_rsa_verify: len %u > modlen %u", len, modlen); | 149 | error("ssh_rsa_verify: len %u > modlen %u", len, modlen); |
150 | xfree(sigblob); | 150 | free(sigblob); |
151 | return -1; | 151 | return -1; |
152 | } else if (len < modlen) { | 152 | } else if (len < modlen) { |
153 | u_int diff = modlen - len; | 153 | u_int diff = modlen - len; |
@@ -161,7 +161,7 @@ ssh_rsa_verify(const Key *key, const u_char *signature, u_int signaturelen, | |||
161 | nid = (datafellows & SSH_BUG_RSASIGMD5) ? NID_md5 : NID_sha1; | 161 | nid = (datafellows & SSH_BUG_RSASIGMD5) ? NID_md5 : NID_sha1; |
162 | if ((evp_md = EVP_get_digestbynid(nid)) == NULL) { | 162 | if ((evp_md = EVP_get_digestbynid(nid)) == NULL) { |
163 | error("ssh_rsa_verify: EVP_get_digestbynid %d failed", nid); | 163 | error("ssh_rsa_verify: EVP_get_digestbynid %d failed", nid); |
164 | xfree(sigblob); | 164 | free(sigblob); |
165 | return -1; | 165 | return -1; |
166 | } | 166 | } |
167 | EVP_DigestInit(&md, evp_md); | 167 | EVP_DigestInit(&md, evp_md); |
@@ -171,7 +171,7 @@ ssh_rsa_verify(const Key *key, const u_char *signature, u_int signaturelen, | |||
171 | ret = openssh_RSA_verify(nid, digest, dlen, sigblob, len, key->rsa); | 171 | ret = openssh_RSA_verify(nid, digest, dlen, sigblob, len, key->rsa); |
172 | memset(digest, 'd', sizeof(digest)); | 172 | memset(digest, 'd', sizeof(digest)); |
173 | memset(sigblob, 's', len); | 173 | memset(sigblob, 's', len); |
174 | xfree(sigblob); | 174 | free(sigblob); |
175 | debug("ssh_rsa_verify: signature %scorrect", (ret==0) ? "in" : ""); | 175 | debug("ssh_rsa_verify: signature %scorrect", (ret==0) ? "in" : ""); |
176 | return ret; | 176 | return ret; |
177 | } | 177 | } |
@@ -262,7 +262,6 @@ openssh_RSA_verify(int type, u_char *hash, u_int hashlen, | |||
262 | } | 262 | } |
263 | ret = 1; | 263 | ret = 1; |
264 | done: | 264 | done: |
265 | if (decrypted) | 265 | free(decrypted); |
266 | xfree(decrypted); | ||
267 | return ret; | 266 | return ret; |
268 | } | 267 | } |
diff --git a/ssh-vulnkey.c b/ssh-vulnkey.c index f8125e0bb..ca1a5be74 100644 --- a/ssh-vulnkey.c +++ b/ssh-vulnkey.c | |||
@@ -94,7 +94,7 @@ describe_key(const char *filename, u_long linenum, const char *msg, | |||
94 | printf(":%lu: %s: %s %u %s %s\n", linenum, msg, | 94 | printf(":%lu: %s: %s %u %s %s\n", linenum, msg, |
95 | key_type(key), key_size(key), fp, comment); | 95 | key_type(key), key_size(key), fp, comment); |
96 | } | 96 | } |
97 | xfree(fp); | 97 | free(fp); |
98 | } | 98 | } |
99 | 99 | ||
100 | static int | 100 | static int |
@@ -247,8 +247,7 @@ do_filename(const char *filename, int quiet_open) | |||
247 | ret = 0; | 247 | ret = 0; |
248 | found = 1; | 248 | found = 1; |
249 | } | 249 | } |
250 | if (comment) | 250 | free(comment); |
251 | xfree(comment); | ||
252 | } | 251 | } |
253 | 252 | ||
254 | return ret; | 253 | return ret; |
@@ -282,12 +281,12 @@ do_user(const char *dir) | |||
282 | for (i = 0; default_files[i]; i++) { | 281 | for (i = 0; default_files[i]; i++) { |
283 | xasprintf(&file, "%s/%s", dir, default_files[i]); | 282 | xasprintf(&file, "%s/%s", dir, default_files[i]); |
284 | if (stat(file, &st) < 0 && errno == ENOENT) { | 283 | if (stat(file, &st) < 0 && errno == ENOENT) { |
285 | xfree(file); | 284 | free(file); |
286 | continue; | 285 | continue; |
287 | } | 286 | } |
288 | if (!do_filename(file, 0)) | 287 | if (!do_filename(file, 0)) |
289 | ret = 0; | 288 | ret = 0; |
290 | xfree(file); | 289 | free(file); |
291 | } | 290 | } |
292 | 291 | ||
293 | return ret; | 292 | return ret; |
@@ -5,11 +5,13 @@ NAME | |||
5 | 5 | ||
6 | SYNOPSIS | 6 | SYNOPSIS |
7 | ssh [-1246AaCfgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec] | 7 | ssh [-1246AaCfgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec] |
8 | [-D [bind_address:]port] [-e escape_char] [-F configfile] [-I pkcs11] | 8 | [-D [bind_address:]port] [-E log_file] [-e escape_char] |
9 | [-i identity_file] [-L [bind_address:]port:host:hostport] | 9 | [-F configfile] [-I pkcs11] [-i identity_file] |
10 | [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port] | 10 | [-L [bind_address:]port:host:hostport] [-l login_name] [-m mac_spec] |
11 | [-O ctl_cmd] [-o option] [-p port] | ||
11 | [-R [bind_address:]port:host:hostport] [-S ctl_path] [-W host:port] | 12 | [-R [bind_address:]port:host:hostport] [-S ctl_path] [-W host:port] |
12 | [-w local_tun[:remote_tun]] [user@]hostname [command] | 13 | [-w local_tun[:remote_tun]] [user@]hostname [command] |
14 | ssh -Q protocol_feature | ||
13 | 15 | ||
14 | DESCRIPTION | 16 | DESCRIPTION |
15 | ssh (SSH client) is a program for logging into a remote machine and for | 17 | ssh (SSH client) is a program for logging into a remote machine and for |
@@ -102,6 +104,9 @@ DESCRIPTION | |||
102 | be bound for local use only, while an empty address or `*' | 104 | be bound for local use only, while an empty address or `*' |
103 | indicates that the port should be available from all interfaces. | 105 | indicates that the port should be available from all interfaces. |
104 | 106 | ||
107 | -E log_file | ||
108 | Append debug logs to log_file instead of standard error. | ||
109 | |||
105 | -e escape_char | 110 | -e escape_char |
106 | Sets the escape character for sessions with a pty (default: `~'). | 111 | Sets the escape character for sessions with a pty (default: `~'). |
107 | The escape character is only recognized at the beginning of a | 112 | The escape character is only recognized at the beginning of a |
@@ -289,6 +294,14 @@ DESCRIPTION | |||
289 | Port to connect to on the remote host. This can be specified on | 294 | Port to connect to on the remote host. This can be specified on |
290 | a per-host basis in the configuration file. | 295 | a per-host basis in the configuration file. |
291 | 296 | ||
297 | -Q protocol_feature | ||
298 | Queries ssh for the algorithms supported for the specified | ||
299 | version 2 protocol_feature. The queriable features are: | ||
300 | ``cipher'' (supported symmetric ciphers), ``MAC'' (supported | ||
301 | message integrity codes), ``KEX'' (key exchange algorithms), | ||
302 | ``key'' (key types). Protocol features are treated case- | ||
303 | insensitively. | ||
304 | |||
292 | -q Quiet mode. Causes most warning and diagnostic messages to be | 305 | -q Quiet mode. Causes most warning and diagnostic messages to be |
293 | suppressed. | 306 | suppressed. |
294 | 307 | ||
@@ -788,7 +801,7 @@ FILES | |||
788 | This is the per-user configuration file. The file format and | 801 | This is the per-user configuration file. The file format and |
789 | configuration options are described in ssh_config(5). Because of | 802 | configuration options are described in ssh_config(5). Because of |
790 | the potential for abuse, this file must have strict permissions: | 803 | the potential for abuse, this file must have strict permissions: |
791 | read/write for the user, and not accessible by others. | 804 | read/write for the user, and not writable by others. |
792 | 805 | ||
793 | ~/.ssh/environment | 806 | ~/.ssh/environment |
794 | Contains additional definitions for environment variables; see | 807 | Contains additional definitions for environment variables; see |
@@ -919,4 +932,4 @@ AUTHORS | |||
919 | created OpenSSH. Markus Friedl contributed the support for SSH protocol | 932 | created OpenSSH. Markus Friedl contributed the support for SSH protocol |
920 | versions 1.5 and 2.0. | 933 | versions 1.5 and 2.0. |
921 | 934 | ||
922 | OpenBSD 5.3 October 4, 2012 OpenBSD 5.3 | 935 | OpenBSD 5.4 July 18, 2013 OpenBSD 5.4 |
@@ -33,8 +33,8 @@ | |||
33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
35 | .\" | 35 | .\" |
36 | .\" $OpenBSD: ssh.1,v 1.330 2012/10/04 13:21:50 markus Exp $ | 36 | .\" $OpenBSD: ssh.1,v 1.334 2013/07/18 01:12:26 djm Exp $ |
37 | .Dd $Mdocdate: October 4 2012 $ | 37 | .Dd $Mdocdate: July 18 2013 $ |
38 | .Dt SSH 1 | 38 | .Dt SSH 1 |
39 | .Os | 39 | .Os |
40 | .Sh NAME | 40 | .Sh NAME |
@@ -47,6 +47,7 @@ | |||
47 | .Op Fl b Ar bind_address | 47 | .Op Fl b Ar bind_address |
48 | .Op Fl c Ar cipher_spec | 48 | .Op Fl c Ar cipher_spec |
49 | .Op Fl D Oo Ar bind_address : Oc Ns Ar port | 49 | .Op Fl D Oo Ar bind_address : Oc Ns Ar port |
50 | .Op Fl E Ar log_file | ||
50 | .Op Fl e Ar escape_char | 51 | .Op Fl e Ar escape_char |
51 | .Op Fl F Ar configfile | 52 | .Op Fl F Ar configfile |
52 | .Op Fl I Ar pkcs11 | 53 | .Op Fl I Ar pkcs11 |
@@ -64,6 +65,8 @@ | |||
64 | .Oo Ar user Ns @ Oc Ns Ar hostname | 65 | .Oo Ar user Ns @ Oc Ns Ar hostname |
65 | .Op Ar command | 66 | .Op Ar command |
66 | .Ek | 67 | .Ek |
68 | .Nm | ||
69 | .Fl Q Ar protocol_feature | ||
67 | .Sh DESCRIPTION | 70 | .Sh DESCRIPTION |
68 | .Nm | 71 | .Nm |
69 | (SSH client) is a program for logging into a remote machine and for | 72 | (SSH client) is a program for logging into a remote machine and for |
@@ -217,6 +220,10 @@ indicates that the listening port be bound for local use only, while an | |||
217 | empty address or | 220 | empty address or |
218 | .Sq * | 221 | .Sq * |
219 | indicates that the port should be available from all interfaces. | 222 | indicates that the port should be available from all interfaces. |
223 | .It Fl E Ar log_file | ||
224 | Append debug logs to | ||
225 | .Ar log_file | ||
226 | instead of standard error. | ||
220 | .It Fl e Ar escape_char | 227 | .It Fl e Ar escape_char |
221 | Sets the escape character for sessions with a pty (default: | 228 | Sets the escape character for sessions with a pty (default: |
222 | .Ql ~ ) . | 229 | .Ql ~ ) . |
@@ -482,6 +489,21 @@ For full details of the options listed below, and their possible values, see | |||
482 | Port to connect to on the remote host. | 489 | Port to connect to on the remote host. |
483 | This can be specified on a | 490 | This can be specified on a |
484 | per-host basis in the configuration file. | 491 | per-host basis in the configuration file. |
492 | .It Fl Q Ar protocol_feature | ||
493 | Queries | ||
494 | .Nm | ||
495 | for the algorithms supported for the specified version 2 | ||
496 | .Ar protocol_feature . | ||
497 | The queriable features are: | ||
498 | .Dq cipher | ||
499 | (supported symmetric ciphers), | ||
500 | .Dq MAC | ||
501 | (supported message integrity codes), | ||
502 | .Dq KEX | ||
503 | (key exchange algorithms), | ||
504 | .Dq key | ||
505 | (key types). | ||
506 | Protocol features are treated case-insensitively. | ||
485 | .It Fl q | 507 | .It Fl q |
486 | Quiet mode. | 508 | Quiet mode. |
487 | Causes most warning and diagnostic messages to be suppressed. | 509 | Causes most warning and diagnostic messages to be suppressed. |
@@ -732,9 +754,7 @@ implements public key authentication protocol automatically, | |||
732 | using one of the DSA, ECDSA or RSA algorithms. | 754 | using one of the DSA, ECDSA or RSA algorithms. |
733 | Protocol 1 is restricted to using only RSA keys, | 755 | Protocol 1 is restricted to using only RSA keys, |
734 | but protocol 2 may use any. | 756 | but protocol 2 may use any. |
735 | The | 757 | The HISTORY section of |
736 | .Sx HISTORY | ||
737 | section of | ||
738 | .Xr ssl 8 | 758 | .Xr ssl 8 |
739 | (on non-OpenBSD systems, see | 759 | (on non-OpenBSD systems, see |
740 | .nh | 760 | .nh |
@@ -794,9 +814,7 @@ instead of a set of public/private keys, | |||
794 | signed certificates are used. | 814 | signed certificates are used. |
795 | This has the advantage that a single trusted certification authority | 815 | This has the advantage that a single trusted certification authority |
796 | can be used in place of many public/private keys. | 816 | can be used in place of many public/private keys. |
797 | See the | 817 | See the CERTIFICATES section of |
798 | .Sx CERTIFICATES | ||
799 | section of | ||
800 | .Xr ssh-keygen 1 | 818 | .Xr ssh-keygen 1 |
801 | for more information. | 819 | for more information. |
802 | .Pp | 820 | .Pp |
@@ -1323,7 +1341,7 @@ This is the per-user configuration file. | |||
1323 | The file format and configuration options are described in | 1341 | The file format and configuration options are described in |
1324 | .Xr ssh_config 5 . | 1342 | .Xr ssh_config 5 . |
1325 | Because of the potential for abuse, this file must have strict permissions: | 1343 | Because of the potential for abuse, this file must have strict permissions: |
1326 | read/write for the user, and not accessible by others. | 1344 | read/write for the user, and not writable by others. |
1327 | It may be group-writable provided that the group in question contains only | 1345 | It may be group-writable provided that the group in question contains only |
1328 | the user. | 1346 | the user. |
1329 | .Pp | 1347 | .Pp |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh.c,v 1.373 2013/02/22 22:09:01 djm Exp $ */ | 1 | /* $OpenBSD: ssh.c,v 1.381 2013/07/25 00:29:10 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -197,9 +197,9 @@ usage(void) | |||
197 | { | 197 | { |
198 | fprintf(stderr, | 198 | fprintf(stderr, |
199 | "usage: ssh [-1246AaCfgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]\n" | 199 | "usage: ssh [-1246AaCfgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]\n" |
200 | " [-D [bind_address:]port] [-e escape_char] [-F configfile]\n" | 200 | " [-D [bind_address:]port] [-E log_file] [-e escape_char]\n" |
201 | " [-I pkcs11] [-i identity_file]\n" | 201 | " [-F configfile] [-I pkcs11] [-i identity_file]\n" |
202 | " [-L [bind_address:]port:host:hostport]\n" | 202 | " [-L [bind_address:]port:host:hostport] [-Q protocol_feature]\n" |
203 | " [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]\n" | 203 | " [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]\n" |
204 | " [-R [bind_address:]port:host:hostport] [-S ctl_path]\n" | 204 | " [-R [bind_address:]port:host:hostport] [-S ctl_path]\n" |
205 | " [-W host:port] [-w local_tun[:remote_tun]]\n" | 205 | " [-W host:port] [-w local_tun[:remote_tun]]\n" |
@@ -226,7 +226,7 @@ tilde_expand_paths(char **paths, u_int num_paths) | |||
226 | 226 | ||
227 | for (i = 0; i < num_paths; i++) { | 227 | for (i = 0; i < num_paths; i++) { |
228 | cp = tilde_expand_filename(paths[i], original_real_uid); | 228 | cp = tilde_expand_filename(paths[i], original_real_uid); |
229 | xfree(paths[i]); | 229 | free(paths[i]); |
230 | paths[i] = cp; | 230 | paths[i] = cp; |
231 | } | 231 | } |
232 | } | 232 | } |
@@ -238,7 +238,7 @@ int | |||
238 | main(int ac, char **av) | 238 | main(int ac, char **av) |
239 | { | 239 | { |
240 | int i, r, opt, exit_status, use_syslog; | 240 | int i, r, opt, exit_status, use_syslog; |
241 | char *p, *cp, *line, *argv0, buf[MAXPATHLEN], *host_arg; | 241 | char *p, *cp, *line, *argv0, buf[MAXPATHLEN], *host_arg, *logfile; |
242 | char thishost[NI_MAXHOST], shorthost[NI_MAXHOST], portstr[NI_MAXSERV]; | 242 | char thishost[NI_MAXHOST], shorthost[NI_MAXHOST], portstr[NI_MAXSERV]; |
243 | struct stat st; | 243 | struct stat st; |
244 | struct passwd *pw; | 244 | struct passwd *pw; |
@@ -299,7 +299,7 @@ main(int ac, char **av) | |||
299 | /* Get user data. */ | 299 | /* Get user data. */ |
300 | pw = getpwuid(original_real_uid); | 300 | pw = getpwuid(original_real_uid); |
301 | if (!pw) { | 301 | if (!pw) { |
302 | logit("You don't exist, go away!"); | 302 | logit("No user exists for uid %lu", (u_long)original_real_uid); |
303 | exit(255); | 303 | exit(255); |
304 | } | 304 | } |
305 | /* Take a copy of the returned structure. */ | 305 | /* Take a copy of the returned structure. */ |
@@ -322,11 +322,12 @@ main(int ac, char **av) | |||
322 | /* Parse command-line arguments. */ | 322 | /* Parse command-line arguments. */ |
323 | host = NULL; | 323 | host = NULL; |
324 | use_syslog = 0; | 324 | use_syslog = 0; |
325 | logfile = NULL; | ||
325 | argv0 = av[0]; | 326 | argv0 = av[0]; |
326 | 327 | ||
327 | again: | 328 | again: |
328 | while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx" | 329 | while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx" |
329 | "ACD:F:I:KL:MNO:PR:S:TVw:W:XYy")) != -1) { | 330 | "ACD:E:F:I:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) { |
330 | switch (opt) { | 331 | switch (opt) { |
331 | case '1': | 332 | case '1': |
332 | options.protocol = SSH_PROTO_1; | 333 | options.protocol = SSH_PROTO_1; |
@@ -356,6 +357,9 @@ main(int ac, char **av) | |||
356 | case 'y': | 357 | case 'y': |
357 | use_syslog = 1; | 358 | use_syslog = 1; |
358 | break; | 359 | break; |
360 | case 'E': | ||
361 | logfile = xstrdup(optarg); | ||
362 | break; | ||
359 | case 'Y': | 363 | case 'Y': |
360 | options.forward_x11 = 1; | 364 | options.forward_x11 = 1; |
361 | options.forward_x11_trusted = 1; | 365 | options.forward_x11_trusted = 1; |
@@ -385,6 +389,22 @@ main(int ac, char **av) | |||
385 | case 'P': /* deprecated */ | 389 | case 'P': /* deprecated */ |
386 | options.use_privileged_port = 0; | 390 | options.use_privileged_port = 0; |
387 | break; | 391 | break; |
392 | case 'Q': /* deprecated */ | ||
393 | cp = NULL; | ||
394 | if (strcasecmp(optarg, "cipher") == 0) | ||
395 | cp = cipher_alg_list(); | ||
396 | else if (strcasecmp(optarg, "mac") == 0) | ||
397 | cp = mac_alg_list(); | ||
398 | else if (strcasecmp(optarg, "kex") == 0) | ||
399 | cp = kex_alg_list(); | ||
400 | else if (strcasecmp(optarg, "key") == 0) | ||
401 | cp = key_alg_list(); | ||
402 | if (cp == NULL) | ||
403 | fatal("Unsupported query \"%s\"", optarg); | ||
404 | printf("%s\n", cp); | ||
405 | free(cp); | ||
406 | exit(0); | ||
407 | break; | ||
388 | case 'a': | 408 | case 'a': |
389 | options.forward_agent = 0; | 409 | options.forward_agent = 0; |
390 | break; | 410 | break; |
@@ -427,9 +447,8 @@ main(int ac, char **av) | |||
427 | } else { | 447 | } else { |
428 | if (options.log_level < SYSLOG_LEVEL_DEBUG3) | 448 | if (options.log_level < SYSLOG_LEVEL_DEBUG3) |
429 | options.log_level++; | 449 | options.log_level++; |
430 | break; | ||
431 | } | 450 | } |
432 | /* FALLTHROUGH */ | 451 | break; |
433 | case 'V': | 452 | case 'V': |
434 | fprintf(stderr, "%s, %s\n", | 453 | fprintf(stderr, "%s, %s\n", |
435 | SSH_RELEASE, SSLeay_version(SSLEAY_VERSION)); | 454 | SSH_RELEASE, SSLeay_version(SSLEAY_VERSION)); |
@@ -454,7 +473,7 @@ main(int ac, char **av) | |||
454 | if (parse_forward(&fwd, optarg, 1, 0)) { | 473 | if (parse_forward(&fwd, optarg, 1, 0)) { |
455 | stdio_forward_host = fwd.listen_host; | 474 | stdio_forward_host = fwd.listen_host; |
456 | stdio_forward_port = fwd.listen_port; | 475 | stdio_forward_port = fwd.listen_port; |
457 | xfree(fwd.connect_host); | 476 | free(fwd.connect_host); |
458 | } else { | 477 | } else { |
459 | fprintf(stderr, | 478 | fprintf(stderr, |
460 | "Bad stdio forwarding specification '%s'\n", | 479 | "Bad stdio forwarding specification '%s'\n", |
@@ -582,7 +601,7 @@ main(int ac, char **av) | |||
582 | line, "command-line", 0, &dummy, SSHCONF_USERCONF) | 601 | line, "command-line", 0, &dummy, SSHCONF_USERCONF) |
583 | != 0) | 602 | != 0) |
584 | exit(255); | 603 | exit(255); |
585 | xfree(line); | 604 | free(line); |
586 | break; | 605 | break; |
587 | case 's': | 606 | case 's': |
588 | subsystem_flag = 1; | 607 | subsystem_flag = 1; |
@@ -663,18 +682,28 @@ main(int ac, char **av) | |||
663 | 682 | ||
664 | /* | 683 | /* |
665 | * Initialize "log" output. Since we are the client all output | 684 | * Initialize "log" output. Since we are the client all output |
666 | * actually goes to stderr. | 685 | * goes to stderr unless otherwise specified by -y or -E. |
667 | */ | 686 | */ |
687 | if (use_syslog && logfile != NULL) | ||
688 | fatal("Can't specify both -y and -E"); | ||
689 | if (logfile != NULL) { | ||
690 | log_redirect_stderr_to(logfile); | ||
691 | free(logfile); | ||
692 | } | ||
668 | log_init(argv0, | 693 | log_init(argv0, |
669 | options.log_level == -1 ? SYSLOG_LEVEL_INFO : options.log_level, | 694 | options.log_level == -1 ? SYSLOG_LEVEL_INFO : options.log_level, |
670 | SYSLOG_FACILITY_USER, !use_syslog); | 695 | SYSLOG_FACILITY_USER, !use_syslog); |
671 | 696 | ||
697 | if (debug_flag) | ||
698 | logit("%s, %s", SSH_VERSION, SSLeay_version(SSLEAY_VERSION)); | ||
699 | |||
672 | /* | 700 | /* |
673 | * Read per-user configuration file. Ignore the system wide config | 701 | * Read per-user configuration file. Ignore the system wide config |
674 | * file if the user specifies a config file on the command line. | 702 | * file if the user specifies a config file on the command line. |
675 | */ | 703 | */ |
676 | if (config != NULL) { | 704 | if (config != NULL) { |
677 | if (!read_config_file(config, host, &options, SSHCONF_USERCONF)) | 705 | if (strcasecmp(config, "none") != 0 && |
706 | !read_config_file(config, host, &options, SSHCONF_USERCONF)) | ||
678 | fatal("Can't open user config file %.100s: " | 707 | fatal("Can't open user config file %.100s: " |
679 | "%.100s", config, strerror(errno)); | 708 | "%.100s", config, strerror(errno)); |
680 | } else { | 709 | } else { |
@@ -749,7 +778,7 @@ main(int ac, char **av) | |||
749 | "p", portstr, "u", pw->pw_name, "L", shorthost, | 778 | "p", portstr, "u", pw->pw_name, "L", shorthost, |
750 | (char *)NULL); | 779 | (char *)NULL); |
751 | debug3("expanded LocalCommand: %s", options.local_command); | 780 | debug3("expanded LocalCommand: %s", options.local_command); |
752 | xfree(cp); | 781 | free(cp); |
753 | } | 782 | } |
754 | 783 | ||
755 | /* force lowercase for hostkey matching */ | 784 | /* force lowercase for hostkey matching */ |
@@ -761,24 +790,24 @@ main(int ac, char **av) | |||
761 | 790 | ||
762 | if (options.proxy_command != NULL && | 791 | if (options.proxy_command != NULL && |
763 | strcmp(options.proxy_command, "none") == 0) { | 792 | strcmp(options.proxy_command, "none") == 0) { |
764 | xfree(options.proxy_command); | 793 | free(options.proxy_command); |
765 | options.proxy_command = NULL; | 794 | options.proxy_command = NULL; |
766 | } | 795 | } |
767 | if (options.control_path != NULL && | 796 | if (options.control_path != NULL && |
768 | strcmp(options.control_path, "none") == 0) { | 797 | strcmp(options.control_path, "none") == 0) { |
769 | xfree(options.control_path); | 798 | free(options.control_path); |
770 | options.control_path = NULL; | 799 | options.control_path = NULL; |
771 | } | 800 | } |
772 | 801 | ||
773 | if (options.control_path != NULL) { | 802 | if (options.control_path != NULL) { |
774 | cp = tilde_expand_filename(options.control_path, | 803 | cp = tilde_expand_filename(options.control_path, |
775 | original_real_uid); | 804 | original_real_uid); |
776 | xfree(options.control_path); | 805 | free(options.control_path); |
777 | options.control_path = percent_expand(cp, "h", host, | 806 | options.control_path = percent_expand(cp, "h", host, |
778 | "l", thishost, "n", host_arg, "r", options.user, | 807 | "l", thishost, "n", host_arg, "r", options.user, |
779 | "p", portstr, "u", pw->pw_name, "L", shorthost, | 808 | "p", portstr, "u", pw->pw_name, "L", shorthost, |
780 | (char *)NULL); | 809 | (char *)NULL); |
781 | xfree(cp); | 810 | free(cp); |
782 | } | 811 | } |
783 | if (muxclient_command != 0 && options.control_path == NULL) | 812 | if (muxclient_command != 0 && options.control_path == NULL) |
784 | fatal("No ControlPath specified for \"-O\" command"); | 813 | fatal("No ControlPath specified for \"-O\" command"); |
@@ -929,13 +958,11 @@ main(int ac, char **av) | |||
929 | sensitive_data.keys[i] = NULL; | 958 | sensitive_data.keys[i] = NULL; |
930 | } | 959 | } |
931 | } | 960 | } |
932 | xfree(sensitive_data.keys); | 961 | free(sensitive_data.keys); |
933 | } | 962 | } |
934 | for (i = 0; i < options.num_identity_files; i++) { | 963 | for (i = 0; i < options.num_identity_files; i++) { |
935 | if (options.identity_files[i]) { | 964 | free(options.identity_files[i]); |
936 | xfree(options.identity_files[i]); | 965 | options.identity_files[i] = NULL; |
937 | options.identity_files[i] = NULL; | ||
938 | } | ||
939 | if (options.identity_keys[i]) { | 966 | if (options.identity_keys[i]) { |
940 | key_free(options.identity_keys[i]); | 967 | key_free(options.identity_keys[i]); |
941 | options.identity_keys[i] = NULL; | 968 | options.identity_keys[i] = NULL; |
@@ -995,6 +1022,7 @@ control_persist_detach(void) | |||
995 | if (devnull > STDERR_FILENO) | 1022 | if (devnull > STDERR_FILENO) |
996 | close(devnull); | 1023 | close(devnull); |
997 | } | 1024 | } |
1025 | daemon(1, 1); | ||
998 | setproctitle("%s [mux]", options.control_path); | 1026 | setproctitle("%s [mux]", options.control_path); |
999 | } | 1027 | } |
1000 | 1028 | ||
@@ -1453,6 +1481,11 @@ ssh_session2(void) | |||
1453 | 1481 | ||
1454 | if (!no_shell_flag || (datafellows & SSH_BUG_DUMMYCHAN)) | 1482 | if (!no_shell_flag || (datafellows & SSH_BUG_DUMMYCHAN)) |
1455 | id = ssh_session2_open(); | 1483 | id = ssh_session2_open(); |
1484 | else { | ||
1485 | packet_set_interactive( | ||
1486 | options.control_master == SSHCTL_MASTER_NO, | ||
1487 | options.ip_qos_interactive, options.ip_qos_bulk); | ||
1488 | } | ||
1456 | 1489 | ||
1457 | /* If we don't expect to open a new session, then disallow it */ | 1490 | /* If we don't expect to open a new session, then disallow it */ |
1458 | if (options.control_master == SSHCTL_MASTER_NO && | 1491 | if (options.control_master == SSHCTL_MASTER_NO && |
@@ -1525,7 +1558,7 @@ load_public_identity_files(void) | |||
1525 | xstrdup(options.pkcs11_provider); /* XXX */ | 1558 | xstrdup(options.pkcs11_provider); /* XXX */ |
1526 | n_ids++; | 1559 | n_ids++; |
1527 | } | 1560 | } |
1528 | xfree(keys); | 1561 | free(keys); |
1529 | } | 1562 | } |
1530 | #endif /* ENABLE_PKCS11 */ | 1563 | #endif /* ENABLE_PKCS11 */ |
1531 | if ((pw = getpwuid(original_real_uid)) == NULL) | 1564 | if ((pw = getpwuid(original_real_uid)) == NULL) |
@@ -1538,7 +1571,7 @@ load_public_identity_files(void) | |||
1538 | for (i = 0; i < options.num_identity_files; i++) { | 1571 | for (i = 0; i < options.num_identity_files; i++) { |
1539 | if (n_ids >= SSH_MAX_IDENTITY_FILES || | 1572 | if (n_ids >= SSH_MAX_IDENTITY_FILES || |
1540 | strcasecmp(options.identity_files[i], "none") == 0) { | 1573 | strcasecmp(options.identity_files[i], "none") == 0) { |
1541 | xfree(options.identity_files[i]); | 1574 | free(options.identity_files[i]); |
1542 | continue; | 1575 | continue; |
1543 | } | 1576 | } |
1544 | cp = tilde_expand_filename(options.identity_files[i], | 1577 | cp = tilde_expand_filename(options.identity_files[i], |
@@ -1546,7 +1579,7 @@ load_public_identity_files(void) | |||
1546 | filename = percent_expand(cp, "d", pwdir, | 1579 | filename = percent_expand(cp, "d", pwdir, |
1547 | "u", pwname, "l", thishost, "h", host, | 1580 | "u", pwname, "l", thishost, "h", host, |
1548 | "r", options.user, (char *)NULL); | 1581 | "r", options.user, (char *)NULL); |
1549 | xfree(cp); | 1582 | free(cp); |
1550 | public = key_load_public(filename, NULL); | 1583 | public = key_load_public(filename, NULL); |
1551 | debug("identity file %s type %d", filename, | 1584 | debug("identity file %s type %d", filename, |
1552 | public ? public->type : -1); | 1585 | public ? public->type : -1); |
@@ -1558,15 +1591,15 @@ load_public_identity_files(void) | |||
1558 | logit("Public key %s blacklisted (see " | 1591 | logit("Public key %s blacklisted (see " |
1559 | "ssh-vulnkey(1)); refusing to send it", | 1592 | "ssh-vulnkey(1)); refusing to send it", |
1560 | fp); | 1593 | fp); |
1561 | xfree(fp); | 1594 | free(fp); |
1562 | if (!options.use_blacklisted_keys) { | 1595 | if (!options.use_blacklisted_keys) { |
1563 | key_free(public); | 1596 | key_free(public); |
1564 | xfree(filename); | 1597 | free(filename); |
1565 | filename = NULL; | 1598 | filename = NULL; |
1566 | public = NULL; | 1599 | public = NULL; |
1567 | } | 1600 | } |
1568 | } | 1601 | } |
1569 | xfree(options.identity_files[i]); | 1602 | free(options.identity_files[i]); |
1570 | identity_files[n_ids] = filename; | 1603 | identity_files[n_ids] = filename; |
1571 | identity_keys[n_ids] = public; | 1604 | identity_keys[n_ids] = public; |
1572 | 1605 | ||
@@ -1579,14 +1612,14 @@ load_public_identity_files(void) | |||
1579 | debug("identity file %s type %d", cp, | 1612 | debug("identity file %s type %d", cp, |
1580 | public ? public->type : -1); | 1613 | public ? public->type : -1); |
1581 | if (public == NULL) { | 1614 | if (public == NULL) { |
1582 | xfree(cp); | 1615 | free(cp); |
1583 | continue; | 1616 | continue; |
1584 | } | 1617 | } |
1585 | if (!key_is_cert(public)) { | 1618 | if (!key_is_cert(public)) { |
1586 | debug("%s: key %s type %s is not a certificate", | 1619 | debug("%s: key %s type %s is not a certificate", |
1587 | __func__, cp, key_type(public)); | 1620 | __func__, cp, key_type(public)); |
1588 | key_free(public); | 1621 | key_free(public); |
1589 | xfree(cp); | 1622 | free(cp); |
1590 | continue; | 1623 | continue; |
1591 | } | 1624 | } |
1592 | identity_keys[n_ids] = public; | 1625 | identity_keys[n_ids] = public; |
@@ -1599,9 +1632,9 @@ load_public_identity_files(void) | |||
1599 | memcpy(options.identity_keys, identity_keys, sizeof(identity_keys)); | 1632 | memcpy(options.identity_keys, identity_keys, sizeof(identity_keys)); |
1600 | 1633 | ||
1601 | bzero(pwname, strlen(pwname)); | 1634 | bzero(pwname, strlen(pwname)); |
1602 | xfree(pwname); | 1635 | free(pwname); |
1603 | bzero(pwdir, strlen(pwdir)); | 1636 | bzero(pwdir, strlen(pwdir)); |
1604 | xfree(pwdir); | 1637 | free(pwdir); |
1605 | } | 1638 | } |
1606 | 1639 | ||
1607 | static void | 1640 | static void |
diff --git a/ssh_config b/ssh_config index 4281e7317..064b59359 100644 --- a/ssh_config +++ b/ssh_config | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: ssh_config,v 1.26 2010/01/11 01:39:46 dtucker Exp $ | 1 | # $OpenBSD: ssh_config,v 1.27 2013/05/16 02:00:34 dtucker Exp $ |
2 | 2 | ||
3 | # This is the ssh client system-wide configuration file. See | 3 | # This is the ssh client system-wide configuration file. See |
4 | # ssh_config(5) for more information. This file provides defaults for | 4 | # ssh_config(5) for more information. This file provides defaults for |
@@ -48,6 +48,7 @@ Host * | |||
48 | # PermitLocalCommand no | 48 | # PermitLocalCommand no |
49 | # VisualHostKey no | 49 | # VisualHostKey no |
50 | # ProxyCommand ssh -q -W %h:%p gateway.example.com | 50 | # ProxyCommand ssh -q -W %h:%p gateway.example.com |
51 | # RekeyLimit 1G 1h | ||
51 | SendEnv LANG LC_* | 52 | SendEnv LANG LC_* |
52 | HashKnownHosts yes | 53 | HashKnownHosts yes |
53 | GSSAPIAuthentication yes | 54 | GSSAPIAuthentication yes |
diff --git a/ssh_config.0 b/ssh_config.0 index 164d11817..bd9e1ad51 100644 --- a/ssh_config.0 +++ b/ssh_config.0 | |||
@@ -369,9 +369,9 @@ DESCRIPTION | |||
369 | for protocol version 1, and ~/.ssh/id_dsa, ~/.ssh/id_ecdsa and | 369 | for protocol version 1, and ~/.ssh/id_dsa, ~/.ssh/id_ecdsa and |
370 | ~/.ssh/id_rsa for protocol version 2. Additionally, any | 370 | ~/.ssh/id_rsa for protocol version 2. Additionally, any |
371 | identities represented by the authentication agent will be used | 371 | identities represented by the authentication agent will be used |
372 | for authentication. ssh(1) will try to load certificate | 372 | for authentication unless IdentitiesOnly is set. ssh(1) will try |
373 | information from the filename obtained by appending -cert.pub to | 373 | to load certificate information from the filename obtained by |
374 | the path of a specified IdentityFile. | 374 | appending -cert.pub to the path of a specified IdentityFile. |
375 | 375 | ||
376 | The file name may use the tilde syntax to refer to a user's home | 376 | The file name may use the tilde syntax to refer to a user's home |
377 | directory or one of the following escape characters: `%d' (local | 377 | directory or one of the following escape characters: `%d' (local |
@@ -384,6 +384,18 @@ DESCRIPTION | |||
384 | of identities tried (this behaviour differs from that of other | 384 | of identities tried (this behaviour differs from that of other |
385 | configuration directives). | 385 | configuration directives). |
386 | 386 | ||
387 | IdentityFile may be used in conjunction with IdentitiesOnly to | ||
388 | select which identities in an agent are offered during | ||
389 | authentication. | ||
390 | |||
391 | IgnoreUnknown | ||
392 | Specifies a pattern-list of unknown options to be ignored if they | ||
393 | are encountered in configuration parsing. This may be used to | ||
394 | suppress errors if ssh_config contains options that are | ||
395 | unrecognised by ssh(1). It is recommended that IgnoreUnknown be | ||
396 | listed early in the configuration file as it will not be applied | ||
397 | to unknown options that appear before it. | ||
398 | |||
387 | IPQoS Specifies the IPv4 type-of-service or DSCP class for connections. | 399 | IPQoS Specifies the IPv4 type-of-service or DSCP class for connections. |
388 | Accepted values are ``af11'', ``af12'', ``af13'', ``af21'', | 400 | Accepted values are ``af11'', ``af12'', ``af13'', ``af21'', |
389 | ``af22'', ``af23'', ``af31'', ``af32'', ``af33'', ``af41'', | 401 | ``af22'', ``af23'', ``af31'', ``af32'', ``af33'', ``af41'', |
@@ -552,11 +564,18 @@ DESCRIPTION | |||
552 | 564 | ||
553 | RekeyLimit | 565 | RekeyLimit |
554 | Specifies the maximum amount of data that may be transmitted | 566 | Specifies the maximum amount of data that may be transmitted |
555 | before the session key is renegotiated. The argument is the | 567 | before the session key is renegotiated, optionally followed a |
556 | number of bytes, with an optional suffix of `K', `M', or `G' to | 568 | maximum amount of time that may pass before the session key is |
557 | indicate Kilobytes, Megabytes, or Gigabytes, respectively. The | 569 | renegotiated. The first argument is specified in bytes and may |
558 | default is between `1G' and `4G', depending on the cipher. This | 570 | have a suffix of `K', `M', or `G' to indicate Kilobytes, |
559 | option applies to protocol version 2 only. | 571 | Megabytes, or Gigabytes, respectively. The default is between |
572 | `1G' and `4G', depending on the cipher. The optional second | ||
573 | value is specified in seconds and may use any of the units | ||
574 | documented in the TIME FORMATS section of sshd_config(5). The | ||
575 | default value for RekeyLimit is ``default none'', which means | ||
576 | that rekeying is performed after the cipher's default amount of | ||
577 | data has been sent or received and no time based rekeying is | ||
578 | done. This option applies to protocol version 2 only. | ||
560 | 579 | ||
561 | RemoteForward | 580 | RemoteForward |
562 | Specifies that a TCP port on the remote machine be forwarded over | 581 | Specifies that a TCP port on the remote machine be forwarded over |
@@ -773,4 +792,4 @@ AUTHORS | |||
773 | created OpenSSH. Markus Friedl contributed the support for SSH protocol | 792 | created OpenSSH. Markus Friedl contributed the support for SSH protocol |
774 | versions 1.5 and 2.0. | 793 | versions 1.5 and 2.0. |
775 | 794 | ||
776 | OpenBSD 5.3 January 8, 2013 OpenBSD 5.3 | 795 | OpenBSD 5.4 June 27, 2013 OpenBSD 5.4 |
diff --git a/ssh_config.5 b/ssh_config.5 index fa852acb1..127540a60 100644 --- a/ssh_config.5 +++ b/ssh_config.5 | |||
@@ -33,8 +33,8 @@ | |||
33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
35 | .\" | 35 | .\" |
36 | .\" $OpenBSD: ssh_config.5,v 1.161 2013/01/08 18:49:04 markus Exp $ | 36 | .\" $OpenBSD: ssh_config.5,v 1.166 2013/06/27 14:05:37 jmc Exp $ |
37 | .Dd $Mdocdate: January 8 2013 $ | 37 | .Dd $Mdocdate: June 27 2013 $ |
38 | .Dt SSH_CONFIG 5 | 38 | .Dt SSH_CONFIG 5 |
39 | .Os | 39 | .Os |
40 | .Sh NAME | 40 | .Sh NAME |
@@ -494,8 +494,7 @@ option is also enabled. | |||
494 | .It Cm ForwardX11Timeout | 494 | .It Cm ForwardX11Timeout |
495 | Specify a timeout for untrusted X11 forwarding | 495 | Specify a timeout for untrusted X11 forwarding |
496 | using the format described in the | 496 | using the format described in the |
497 | .Sx TIME FORMATS | 497 | TIME FORMATS section of |
498 | section of | ||
499 | .Xr sshd_config 5 . | 498 | .Xr sshd_config 5 . |
500 | X11 connections received by | 499 | X11 connections received by |
501 | .Xr ssh 1 | 500 | .Xr ssh 1 |
@@ -684,7 +683,9 @@ and | |||
684 | .Pa ~/.ssh/id_rsa | 683 | .Pa ~/.ssh/id_rsa |
685 | for protocol version 2. | 684 | for protocol version 2. |
686 | Additionally, any identities represented by the authentication agent | 685 | Additionally, any identities represented by the authentication agent |
687 | will be used for authentication. | 686 | will be used for authentication unless |
687 | .Cm IdentitiesOnly | ||
688 | is set. | ||
688 | .Xr ssh 1 | 689 | .Xr ssh 1 |
689 | will try to load certificate information from the filename obtained by | 690 | will try to load certificate information from the filename obtained by |
690 | appending | 691 | appending |
@@ -713,6 +714,22 @@ Multiple | |||
713 | .Cm IdentityFile | 714 | .Cm IdentityFile |
714 | directives will add to the list of identities tried (this behaviour | 715 | directives will add to the list of identities tried (this behaviour |
715 | differs from that of other configuration directives). | 716 | differs from that of other configuration directives). |
717 | .Pp | ||
718 | .Cm IdentityFile | ||
719 | may be used in conjunction with | ||
720 | .Cm IdentitiesOnly | ||
721 | to select which identities in an agent are offered during authentication. | ||
722 | .It Cm IgnoreUnknown | ||
723 | Specifies a pattern-list of unknown options to be ignored if they are | ||
724 | encountered in configuration parsing. | ||
725 | This may be used to suppress errors if | ||
726 | .Nm | ||
727 | contains options that are unrecognised by | ||
728 | .Xr ssh 1 . | ||
729 | It is recommended that | ||
730 | .Cm IgnoreUnknown | ||
731 | be listed early in the configuration file as it will not be applied | ||
732 | to unknown options that appear before it. | ||
716 | .It Cm IPQoS | 733 | .It Cm IPQoS |
717 | Specifies the IPv4 type-of-service or DSCP class for connections. | 734 | Specifies the IPv4 type-of-service or DSCP class for connections. |
718 | Accepted values are | 735 | Accepted values are |
@@ -987,8 +1004,9 @@ The default is | |||
987 | This option applies to protocol version 2 only. | 1004 | This option applies to protocol version 2 only. |
988 | .It Cm RekeyLimit | 1005 | .It Cm RekeyLimit |
989 | Specifies the maximum amount of data that may be transmitted before the | 1006 | Specifies the maximum amount of data that may be transmitted before the |
990 | session key is renegotiated. | 1007 | session key is renegotiated, optionally followed a maximum amount of |
991 | The argument is the number of bytes, with an optional suffix of | 1008 | time that may pass before the session key is renegotiated. |
1009 | The first argument is specified in bytes and may have a suffix of | ||
992 | .Sq K , | 1010 | .Sq K , |
993 | .Sq M , | 1011 | .Sq M , |
994 | or | 1012 | or |
@@ -999,6 +1017,16 @@ The default is between | |||
999 | and | 1017 | and |
1000 | .Sq 4G , | 1018 | .Sq 4G , |
1001 | depending on the cipher. | 1019 | depending on the cipher. |
1020 | The optional second value is specified in seconds and may use any of the | ||
1021 | units documented in the | ||
1022 | TIME FORMATS section of | ||
1023 | .Xr sshd_config 5 . | ||
1024 | The default value for | ||
1025 | .Cm RekeyLimit | ||
1026 | is | ||
1027 | .Dq default none , | ||
1028 | which means that rekeying is performed after the cipher's default amount | ||
1029 | of data has been sent or received and no time based rekeying is done. | ||
1002 | This option applies to protocol version 2 only. | 1030 | This option applies to protocol version 2 only. |
1003 | .It Cm RemoteForward | 1031 | .It Cm RemoteForward |
1004 | Specifies that a TCP port on the remote machine be forwarded over | 1032 | Specifies that a TCP port on the remote machine be forwarded over |
@@ -1310,9 +1338,7 @@ The default is | |||
1310 | .Dq no . | 1338 | .Dq no . |
1311 | Note that this option applies to protocol version 2 only. | 1339 | Note that this option applies to protocol version 2 only. |
1312 | .Pp | 1340 | .Pp |
1313 | See also | 1341 | See also VERIFYING HOST KEYS in |
1314 | .Sx VERIFYING HOST KEYS | ||
1315 | in | ||
1316 | .Xr ssh 1 . | 1342 | .Xr ssh 1 . |
1317 | .It Cm VisualHostKey | 1343 | .It Cm VisualHostKey |
1318 | If this flag is set to | 1344 | If this flag is set to |
diff --git a/sshconnect.c b/sshconnect.c index 1fa1d5963..ad960fdbf 100644 --- a/sshconnect.c +++ b/sshconnect.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshconnect.c,v 1.237 2013/02/22 19:13:56 markus Exp $ */ | 1 | /* $OpenBSD: sshconnect.c,v 1.238 2013/05/17 00:13:14 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -112,7 +112,7 @@ ssh_proxy_connect(const char *host, u_short port, const char *proxy_command) | |||
112 | xasprintf(&tmp, "exec %s", proxy_command); | 112 | xasprintf(&tmp, "exec %s", proxy_command); |
113 | command_string = percent_expand(tmp, "h", host, "p", strport, | 113 | command_string = percent_expand(tmp, "h", host, "p", strport, |
114 | "r", options.user, (char *)NULL); | 114 | "r", options.user, (char *)NULL); |
115 | xfree(tmp); | 115 | free(tmp); |
116 | 116 | ||
117 | /* Create pipes for communicating with the proxy. */ | 117 | /* Create pipes for communicating with the proxy. */ |
118 | if (pipe(pin) < 0 || pipe(pout) < 0) | 118 | if (pipe(pin) < 0 || pipe(pout) < 0) |
@@ -166,7 +166,7 @@ ssh_proxy_connect(const char *host, u_short port, const char *proxy_command) | |||
166 | close(pout[1]); | 166 | close(pout[1]); |
167 | 167 | ||
168 | /* Free the command name. */ | 168 | /* Free the command name. */ |
169 | xfree(command_string); | 169 | free(command_string); |
170 | 170 | ||
171 | /* Set the connection file descriptors. */ | 171 | /* Set the connection file descriptors. */ |
172 | packet_set_connection(pout[0], pin[1]); | 172 | packet_set_connection(pout[0], pin[1]); |
@@ -315,7 +315,7 @@ timeout_connect(int sockfd, const struct sockaddr *serv_addr, | |||
315 | fatal("Bogus return (%d) from select()", rc); | 315 | fatal("Bogus return (%d) from select()", rc); |
316 | } | 316 | } |
317 | 317 | ||
318 | xfree(fdset); | 318 | free(fdset); |
319 | 319 | ||
320 | done: | 320 | done: |
321 | if (result == 0 && *timeoutp > 0) { | 321 | if (result == 0 && *timeoutp > 0) { |
@@ -534,7 +534,7 @@ ssh_exchange_identification(int timeout_ms) | |||
534 | debug("ssh_exchange_identification: %s", buf); | 534 | debug("ssh_exchange_identification: %s", buf); |
535 | } | 535 | } |
536 | server_version_string = xstrdup(buf); | 536 | server_version_string = xstrdup(buf); |
537 | xfree(fdset); | 537 | free(fdset); |
538 | 538 | ||
539 | /* | 539 | /* |
540 | * Check that the versions match. In future this might accept | 540 | * Check that the versions match. In future this might accept |
@@ -610,8 +610,7 @@ confirm(const char *prompt) | |||
610 | ret = 0; | 610 | ret = 0; |
611 | if (p && strncasecmp(p, "yes", 3) == 0) | 611 | if (p && strncasecmp(p, "yes", 3) == 0) |
612 | ret = 1; | 612 | ret = 1; |
613 | if (p) | 613 | free(p); |
614 | xfree(p); | ||
615 | if (ret != -1) | 614 | if (ret != -1) |
616 | return ret; | 615 | return ret; |
617 | } | 616 | } |
@@ -835,8 +834,8 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, | |||
835 | ra = key_fingerprint(host_key, SSH_FP_MD5, | 834 | ra = key_fingerprint(host_key, SSH_FP_MD5, |
836 | SSH_FP_RANDOMART); | 835 | SSH_FP_RANDOMART); |
837 | logit("Host key fingerprint is %s\n%s\n", fp, ra); | 836 | logit("Host key fingerprint is %s\n%s\n", fp, ra); |
838 | xfree(ra); | 837 | free(ra); |
839 | xfree(fp); | 838 | free(fp); |
840 | } | 839 | } |
841 | break; | 840 | break; |
842 | case HOST_NEW: | 841 | case HOST_NEW: |
@@ -896,8 +895,8 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, | |||
896 | options.visual_host_key ? "\n" : "", | 895 | options.visual_host_key ? "\n" : "", |
897 | options.visual_host_key ? ra : "", | 896 | options.visual_host_key ? ra : "", |
898 | msg2); | 897 | msg2); |
899 | xfree(ra); | 898 | free(ra); |
900 | xfree(fp); | 899 | free(fp); |
901 | if (!confirm(msg)) | 900 | if (!confirm(msg)) |
902 | goto fail; | 901 | goto fail; |
903 | } | 902 | } |
@@ -1103,8 +1102,8 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, | |||
1103 | } | 1102 | } |
1104 | } | 1103 | } |
1105 | 1104 | ||
1106 | xfree(ip); | 1105 | free(ip); |
1107 | xfree(host); | 1106 | free(host); |
1108 | if (host_hostkeys != NULL) | 1107 | if (host_hostkeys != NULL) |
1109 | free_hostkeys(host_hostkeys); | 1108 | free_hostkeys(host_hostkeys); |
1110 | if (ip_hostkeys != NULL) | 1109 | if (ip_hostkeys != NULL) |
@@ -1126,8 +1125,8 @@ fail: | |||
1126 | } | 1125 | } |
1127 | if (raw_key != NULL) | 1126 | if (raw_key != NULL) |
1128 | key_free(raw_key); | 1127 | key_free(raw_key); |
1129 | xfree(ip); | 1128 | free(ip); |
1130 | xfree(host); | 1129 | free(host); |
1131 | if (host_hostkeys != NULL) | 1130 | if (host_hostkeys != NULL) |
1132 | free_hostkeys(host_hostkeys); | 1131 | free_hostkeys(host_hostkeys); |
1133 | if (ip_hostkeys != NULL) | 1132 | if (ip_hostkeys != NULL) |
@@ -1144,7 +1143,7 @@ verify_host_key(char *host, struct sockaddr *hostaddr, Key *host_key) | |||
1144 | 1143 | ||
1145 | fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX); | 1144 | fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX); |
1146 | debug("Server host key: %s %s", key_type(host_key), fp); | 1145 | debug("Server host key: %s %s", key_type(host_key), fp); |
1147 | xfree(fp); | 1146 | free(fp); |
1148 | 1147 | ||
1149 | /* XXX certs are not yet supported for DNS */ | 1148 | /* XXX certs are not yet supported for DNS */ |
1150 | if (!key_is_cert(host_key) && options.verify_host_key_dns && | 1149 | if (!key_is_cert(host_key) && options.verify_host_key_dns && |
@@ -1209,7 +1208,7 @@ ssh_login(Sensitive *sensitive, const char *orighost, | |||
1209 | ssh_kex(host, hostaddr); | 1208 | ssh_kex(host, hostaddr); |
1210 | ssh_userauth1(local_user, server_user, host, sensitive); | 1209 | ssh_userauth1(local_user, server_user, host, sensitive); |
1211 | } | 1210 | } |
1212 | xfree(local_user); | 1211 | free(local_user); |
1213 | } | 1212 | } |
1214 | 1213 | ||
1215 | void | 1214 | void |
@@ -1227,7 +1226,7 @@ ssh_put_password(char *password) | |||
1227 | strlcpy(padded, password, size); | 1226 | strlcpy(padded, password, size); |
1228 | packet_put_string(padded, size); | 1227 | packet_put_string(padded, size); |
1229 | memset(padded, 0, size); | 1228 | memset(padded, 0, size); |
1230 | xfree(padded); | 1229 | free(padded); |
1231 | } | 1230 | } |
1232 | 1231 | ||
1233 | /* print all known host keys for a given host, but skip keys of given type */ | 1232 | /* print all known host keys for a given host, but skip keys of given type */ |
@@ -1254,8 +1253,8 @@ show_other_keys(struct hostkeys *hostkeys, Key *key) | |||
1254 | key_type(found->key), fp); | 1253 | key_type(found->key), fp); |
1255 | if (options.visual_host_key) | 1254 | if (options.visual_host_key) |
1256 | logit("%s", ra); | 1255 | logit("%s", ra); |
1257 | xfree(ra); | 1256 | free(ra); |
1258 | xfree(fp); | 1257 | free(fp); |
1259 | ret = 1; | 1258 | ret = 1; |
1260 | } | 1259 | } |
1261 | return ret; | 1260 | return ret; |
@@ -1278,7 +1277,7 @@ warn_changed_key(Key *host_key) | |||
1278 | key_type(host_key), fp); | 1277 | key_type(host_key), fp); |
1279 | error("Please contact your system administrator."); | 1278 | error("Please contact your system administrator."); |
1280 | 1279 | ||
1281 | xfree(fp); | 1280 | free(fp); |
1282 | } | 1281 | } |
1283 | 1282 | ||
1284 | /* | 1283 | /* |
diff --git a/sshconnect1.c b/sshconnect1.c index fd07bbf74..d285e23c0 100644 --- a/sshconnect1.c +++ b/sshconnect1.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshconnect1.c,v 1.70 2006/11/06 21:25:28 markus Exp $ */ | 1 | /* $OpenBSD: sshconnect1.c,v 1.71 2013/05/17 00:13:14 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -84,7 +84,7 @@ try_agent_authentication(void) | |||
84 | 84 | ||
85 | /* Try this identity. */ | 85 | /* Try this identity. */ |
86 | debug("Trying RSA authentication via agent with '%.100s'", comment); | 86 | debug("Trying RSA authentication via agent with '%.100s'", comment); |
87 | xfree(comment); | 87 | free(comment); |
88 | 88 | ||
89 | /* Tell the server that we are willing to authenticate using this key. */ | 89 | /* Tell the server that we are willing to authenticate using this key. */ |
90 | packet_start(SSH_CMSG_AUTH_RSA); | 90 | packet_start(SSH_CMSG_AUTH_RSA); |
@@ -231,7 +231,7 @@ try_rsa_authentication(int idx) | |||
231 | */ | 231 | */ |
232 | if (type == SSH_SMSG_FAILURE) { | 232 | if (type == SSH_SMSG_FAILURE) { |
233 | debug("Server refused our key."); | 233 | debug("Server refused our key."); |
234 | xfree(comment); | 234 | free(comment); |
235 | return 0; | 235 | return 0; |
236 | } | 236 | } |
237 | /* Otherwise, the server should respond with a challenge. */ | 237 | /* Otherwise, the server should respond with a challenge. */ |
@@ -270,14 +270,14 @@ try_rsa_authentication(int idx) | |||
270 | quit = 1; | 270 | quit = 1; |
271 | } | 271 | } |
272 | memset(passphrase, 0, strlen(passphrase)); | 272 | memset(passphrase, 0, strlen(passphrase)); |
273 | xfree(passphrase); | 273 | free(passphrase); |
274 | if (private != NULL || quit) | 274 | if (private != NULL || quit) |
275 | break; | 275 | break; |
276 | debug2("bad passphrase given, try again..."); | 276 | debug2("bad passphrase given, try again..."); |
277 | } | 277 | } |
278 | } | 278 | } |
279 | /* We no longer need the comment. */ | 279 | /* We no longer need the comment. */ |
280 | xfree(comment); | 280 | free(comment); |
281 | 281 | ||
282 | if (private == NULL) { | 282 | if (private == NULL) { |
283 | if (!options.batch_mode && perm_ok) | 283 | if (!options.batch_mode && perm_ok) |
@@ -412,7 +412,7 @@ try_challenge_response_authentication(void) | |||
412 | packet_check_eom(); | 412 | packet_check_eom(); |
413 | snprintf(prompt, sizeof prompt, "%s%s", challenge, | 413 | snprintf(prompt, sizeof prompt, "%s%s", challenge, |
414 | strchr(challenge, '\n') ? "" : "\nResponse: "); | 414 | strchr(challenge, '\n') ? "" : "\nResponse: "); |
415 | xfree(challenge); | 415 | free(challenge); |
416 | if (i != 0) | 416 | if (i != 0) |
417 | error("Permission denied, please try again."); | 417 | error("Permission denied, please try again."); |
418 | if (options.cipher == SSH_CIPHER_NONE) | 418 | if (options.cipher == SSH_CIPHER_NONE) |
@@ -420,13 +420,13 @@ try_challenge_response_authentication(void) | |||
420 | "Response will be transmitted in clear text."); | 420 | "Response will be transmitted in clear text."); |
421 | response = read_passphrase(prompt, 0); | 421 | response = read_passphrase(prompt, 0); |
422 | if (strcmp(response, "") == 0) { | 422 | if (strcmp(response, "") == 0) { |
423 | xfree(response); | 423 | free(response); |
424 | break; | 424 | break; |
425 | } | 425 | } |
426 | packet_start(SSH_CMSG_AUTH_TIS_RESPONSE); | 426 | packet_start(SSH_CMSG_AUTH_TIS_RESPONSE); |
427 | ssh_put_password(response); | 427 | ssh_put_password(response); |
428 | memset(response, 0, strlen(response)); | 428 | memset(response, 0, strlen(response)); |
429 | xfree(response); | 429 | free(response); |
430 | packet_send(); | 430 | packet_send(); |
431 | packet_write_wait(); | 431 | packet_write_wait(); |
432 | type = packet_read(); | 432 | type = packet_read(); |
@@ -459,7 +459,7 @@ try_password_authentication(char *prompt) | |||
459 | packet_start(SSH_CMSG_AUTH_PASSWORD); | 459 | packet_start(SSH_CMSG_AUTH_PASSWORD); |
460 | ssh_put_password(password); | 460 | ssh_put_password(password); |
461 | memset(password, 0, strlen(password)); | 461 | memset(password, 0, strlen(password)); |
462 | xfree(password); | 462 | free(password); |
463 | packet_send(); | 463 | packet_send(); |
464 | packet_write_wait(); | 464 | packet_write_wait(); |
465 | 465 | ||
diff --git a/sshconnect2.c b/sshconnect2.c index 77b02e3bf..93818c991 100644 --- a/sshconnect2.c +++ b/sshconnect2.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshconnect2.c,v 1.192 2013/02/17 23:16:57 dtucker Exp $ */ | 1 | /* $OpenBSD: sshconnect2.c,v 1.198 2013/06/05 12:52:38 dtucker Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * Copyright (c) 2008 Damien Miller. All rights reserved. | 4 | * Copyright (c) 2008 Damien Miller. All rights reserved. |
@@ -146,10 +146,10 @@ order_hostkeyalgs(char *host, struct sockaddr *hostaddr, u_short port) | |||
146 | if (*first != '\0') | 146 | if (*first != '\0') |
147 | debug3("%s: prefer hostkeyalgs: %s", __func__, first); | 147 | debug3("%s: prefer hostkeyalgs: %s", __func__, first); |
148 | 148 | ||
149 | xfree(first); | 149 | free(first); |
150 | xfree(last); | 150 | free(last); |
151 | xfree(hostname); | 151 | free(hostname); |
152 | xfree(oavail); | 152 | free(oavail); |
153 | free_hostkeys(hostkeys); | 153 | free_hostkeys(hostkeys); |
154 | 154 | ||
155 | return ret; | 155 | return ret; |
@@ -229,12 +229,13 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port) | |||
229 | orig = myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS]; | 229 | orig = myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS]; |
230 | xasprintf(&myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS], | 230 | xasprintf(&myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS], |
231 | "%s,null", orig); | 231 | "%s,null", orig); |
232 | xfree(gss); | 232 | free(gss); |
233 | } | 233 | } |
234 | #endif | 234 | #endif |
235 | 235 | ||
236 | if (options.rekey_limit) | 236 | if (options.rekey_limit || options.rekey_interval) |
237 | packet_set_rekey_limit((u_int32_t)options.rekey_limit); | 237 | packet_set_rekey_limits((u_int32_t)options.rekey_limit, |
238 | (time_t)options.rekey_interval); | ||
238 | 239 | ||
239 | /* start key exchange */ | 240 | /* start key exchange */ |
240 | kex = kex_setup(myproposal); | 241 | kex = kex_setup(myproposal); |
@@ -445,7 +446,7 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host, | |||
445 | if (packet_remaining() > 0) { | 446 | if (packet_remaining() > 0) { |
446 | char *reply = packet_get_string(NULL); | 447 | char *reply = packet_get_string(NULL); |
447 | debug2("service_accept: %s", reply); | 448 | debug2("service_accept: %s", reply); |
448 | xfree(reply); | 449 | free(reply); |
449 | } else { | 450 | } else { |
450 | debug2("buggy server: service_accept w/o service"); | 451 | debug2("buggy server: service_accept w/o service"); |
451 | } | 452 | } |
@@ -492,15 +493,12 @@ userauth(Authctxt *authctxt, char *authlist) | |||
492 | if (authctxt->method != NULL && authctxt->method->cleanup != NULL) | 493 | if (authctxt->method != NULL && authctxt->method->cleanup != NULL) |
493 | authctxt->method->cleanup(authctxt); | 494 | authctxt->method->cleanup(authctxt); |
494 | 495 | ||
495 | if (authctxt->methoddata) { | 496 | free(authctxt->methoddata); |
496 | xfree(authctxt->methoddata); | 497 | authctxt->methoddata = NULL; |
497 | authctxt->methoddata = NULL; | ||
498 | } | ||
499 | if (authlist == NULL) { | 498 | if (authlist == NULL) { |
500 | authlist = authctxt->authlist; | 499 | authlist = authctxt->authlist; |
501 | } else { | 500 | } else { |
502 | if (authctxt->authlist) | 501 | free(authctxt->authlist); |
503 | xfree(authctxt->authlist); | ||
504 | authctxt->authlist = authlist; | 502 | authctxt->authlist = authlist; |
505 | } | 503 | } |
506 | for (;;) { | 504 | for (;;) { |
@@ -548,10 +546,10 @@ input_userauth_banner(int type, u_int32_t seq, void *ctxt) | |||
548 | msg = xmalloc(len * 4 + 1); /* max expansion from strnvis() */ | 546 | msg = xmalloc(len * 4 + 1); /* max expansion from strnvis() */ |
549 | strnvis(msg, raw, len * 4 + 1, VIS_SAFE|VIS_OCTAL|VIS_NOSLASH); | 547 | strnvis(msg, raw, len * 4 + 1, VIS_SAFE|VIS_OCTAL|VIS_NOSLASH); |
550 | fprintf(stderr, "%s", msg); | 548 | fprintf(stderr, "%s", msg); |
551 | xfree(msg); | 549 | free(msg); |
552 | } | 550 | } |
553 | xfree(raw); | 551 | free(raw); |
554 | xfree(lang); | 552 | free(lang); |
555 | } | 553 | } |
556 | 554 | ||
557 | /* ARGSUSED */ | 555 | /* ARGSUSED */ |
@@ -562,16 +560,12 @@ input_userauth_success(int type, u_int32_t seq, void *ctxt) | |||
562 | 560 | ||
563 | if (authctxt == NULL) | 561 | if (authctxt == NULL) |
564 | fatal("input_userauth_success: no authentication context"); | 562 | fatal("input_userauth_success: no authentication context"); |
565 | if (authctxt->authlist) { | 563 | free(authctxt->authlist); |
566 | xfree(authctxt->authlist); | 564 | authctxt->authlist = NULL; |
567 | authctxt->authlist = NULL; | ||
568 | } | ||
569 | if (authctxt->method != NULL && authctxt->method->cleanup != NULL) | 565 | if (authctxt->method != NULL && authctxt->method->cleanup != NULL) |
570 | authctxt->method->cleanup(authctxt); | 566 | authctxt->method->cleanup(authctxt); |
571 | if (authctxt->methoddata) { | 567 | free(authctxt->methoddata); |
572 | xfree(authctxt->methoddata); | 568 | authctxt->methoddata = NULL; |
573 | authctxt->methoddata = NULL; | ||
574 | } | ||
575 | authctxt->success = 1; /* break out */ | 569 | authctxt->success = 1; /* break out */ |
576 | } | 570 | } |
577 | 571 | ||
@@ -602,8 +596,12 @@ input_userauth_failure(int type, u_int32_t seq, void *ctxt) | |||
602 | partial = packet_get_char(); | 596 | partial = packet_get_char(); |
603 | packet_check_eom(); | 597 | packet_check_eom(); |
604 | 598 | ||
605 | if (partial != 0) | 599 | if (partial != 0) { |
606 | logit("Authenticated with partial success."); | 600 | logit("Authenticated with partial success."); |
601 | /* reset state */ | ||
602 | pubkey_cleanup(authctxt); | ||
603 | pubkey_prepare(authctxt); | ||
604 | } | ||
607 | debug("Authentications that can continue: %s", authlist); | 605 | debug("Authentications that can continue: %s", authlist); |
608 | 606 | ||
609 | userauth(authctxt, authlist); | 607 | userauth(authctxt, authlist); |
@@ -656,7 +654,7 @@ input_userauth_pk_ok(int type, u_int32_t seq, void *ctxt) | |||
656 | } | 654 | } |
657 | fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); | 655 | fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); |
658 | debug2("input_userauth_pk_ok: fp %s", fp); | 656 | debug2("input_userauth_pk_ok: fp %s", fp); |
659 | xfree(fp); | 657 | free(fp); |
660 | 658 | ||
661 | /* | 659 | /* |
662 | * search keys in the reverse order, because last candidate has been | 660 | * search keys in the reverse order, because last candidate has been |
@@ -672,8 +670,8 @@ input_userauth_pk_ok(int type, u_int32_t seq, void *ctxt) | |||
672 | done: | 670 | done: |
673 | if (key != NULL) | 671 | if (key != NULL) |
674 | key_free(key); | 672 | key_free(key); |
675 | xfree(pkalg); | 673 | free(pkalg); |
676 | xfree(pkblob); | 674 | free(pkblob); |
677 | 675 | ||
678 | /* try another method if we did not send a packet */ | 676 | /* try another method if we did not send a packet */ |
679 | if (sent == 0) | 677 | if (sent == 0) |
@@ -823,7 +821,7 @@ input_gssapi_response(int type, u_int32_t plen, void *ctxt) | |||
823 | if (oidlen <= 2 || | 821 | if (oidlen <= 2 || |
824 | oidv[0] != SSH_GSS_OIDTYPE || | 822 | oidv[0] != SSH_GSS_OIDTYPE || |
825 | oidv[1] != oidlen - 2) { | 823 | oidv[1] != oidlen - 2) { |
826 | xfree(oidv); | 824 | free(oidv); |
827 | debug("Badly encoded mechanism OID received"); | 825 | debug("Badly encoded mechanism OID received"); |
828 | userauth(authctxt, NULL); | 826 | userauth(authctxt, NULL); |
829 | return; | 827 | return; |
@@ -834,7 +832,7 @@ input_gssapi_response(int type, u_int32_t plen, void *ctxt) | |||
834 | 832 | ||
835 | packet_check_eom(); | 833 | packet_check_eom(); |
836 | 834 | ||
837 | xfree(oidv); | 835 | free(oidv); |
838 | 836 | ||
839 | if (GSS_ERROR(process_gssapi_token(ctxt, GSS_C_NO_BUFFER))) { | 837 | if (GSS_ERROR(process_gssapi_token(ctxt, GSS_C_NO_BUFFER))) { |
840 | /* Start again with next method on list */ | 838 | /* Start again with next method on list */ |
@@ -863,7 +861,7 @@ input_gssapi_token(int type, u_int32_t plen, void *ctxt) | |||
863 | 861 | ||
864 | status = process_gssapi_token(ctxt, &recv_tok); | 862 | status = process_gssapi_token(ctxt, &recv_tok); |
865 | 863 | ||
866 | xfree(recv_tok.value); | 864 | free(recv_tok.value); |
867 | 865 | ||
868 | if (GSS_ERROR(status)) { | 866 | if (GSS_ERROR(status)) { |
869 | /* Start again with the next method in the list */ | 867 | /* Start again with the next method in the list */ |
@@ -880,7 +878,7 @@ input_gssapi_errtok(int type, u_int32_t plen, void *ctxt) | |||
880 | Gssctxt *gssctxt; | 878 | Gssctxt *gssctxt; |
881 | gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER; | 879 | gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER; |
882 | gss_buffer_desc recv_tok; | 880 | gss_buffer_desc recv_tok; |
883 | OM_uint32 status, ms; | 881 | OM_uint32 ms; |
884 | u_int len; | 882 | u_int len; |
885 | 883 | ||
886 | if (authctxt == NULL) | 884 | if (authctxt == NULL) |
@@ -893,10 +891,10 @@ input_gssapi_errtok(int type, u_int32_t plen, void *ctxt) | |||
893 | packet_check_eom(); | 891 | packet_check_eom(); |
894 | 892 | ||
895 | /* Stick it into GSSAPI and see what it says */ | 893 | /* Stick it into GSSAPI and see what it says */ |
896 | status = ssh_gssapi_init_ctx(gssctxt, options.gss_deleg_creds, | 894 | (void)ssh_gssapi_init_ctx(gssctxt, options.gss_deleg_creds, |
897 | &recv_tok, &send_tok, NULL); | 895 | &recv_tok, &send_tok, NULL); |
898 | 896 | ||
899 | xfree(recv_tok.value); | 897 | free(recv_tok.value); |
900 | gss_release_buffer(&ms, &send_tok); | 898 | gss_release_buffer(&ms, &send_tok); |
901 | 899 | ||
902 | /* Server will be returning a failed packet after this one */ | 900 | /* Server will be returning a failed packet after this one */ |
@@ -906,20 +904,19 @@ input_gssapi_errtok(int type, u_int32_t plen, void *ctxt) | |||
906 | void | 904 | void |
907 | input_gssapi_error(int type, u_int32_t plen, void *ctxt) | 905 | input_gssapi_error(int type, u_int32_t plen, void *ctxt) |
908 | { | 906 | { |
909 | OM_uint32 maj, min; | ||
910 | char *msg; | 907 | char *msg; |
911 | char *lang; | 908 | char *lang; |
912 | 909 | ||
913 | maj=packet_get_int(); | 910 | /* maj */(void)packet_get_int(); |
914 | min=packet_get_int(); | 911 | /* min */(void)packet_get_int(); |
915 | msg=packet_get_string(NULL); | 912 | msg=packet_get_string(NULL); |
916 | lang=packet_get_string(NULL); | 913 | lang=packet_get_string(NULL); |
917 | 914 | ||
918 | packet_check_eom(); | 915 | packet_check_eom(); |
919 | 916 | ||
920 | debug("Server GSSAPI Error:\n%s", msg); | 917 | debug("Server GSSAPI Error:\n%s", msg); |
921 | xfree(msg); | 918 | free(msg); |
922 | xfree(lang); | 919 | free(lang); |
923 | } | 920 | } |
924 | 921 | ||
925 | int | 922 | int |
@@ -1002,7 +999,7 @@ userauth_passwd(Authctxt *authctxt) | |||
1002 | packet_put_char(0); | 999 | packet_put_char(0); |
1003 | packet_put_cstring(password); | 1000 | packet_put_cstring(password); |
1004 | memset(password, 0, strlen(password)); | 1001 | memset(password, 0, strlen(password)); |
1005 | xfree(password); | 1002 | free(password); |
1006 | packet_add_padding(64); | 1003 | packet_add_padding(64); |
1007 | packet_send(); | 1004 | packet_send(); |
1008 | 1005 | ||
@@ -1035,8 +1032,8 @@ input_userauth_passwd_changereq(int type, u_int32_t seqnr, void *ctxt) | |||
1035 | lang = packet_get_string(NULL); | 1032 | lang = packet_get_string(NULL); |
1036 | if (strlen(info) > 0) | 1033 | if (strlen(info) > 0) |
1037 | logit("%s", info); | 1034 | logit("%s", info); |
1038 | xfree(info); | 1035 | free(info); |
1039 | xfree(lang); | 1036 | free(lang); |
1040 | packet_start(SSH2_MSG_USERAUTH_REQUEST); | 1037 | packet_start(SSH2_MSG_USERAUTH_REQUEST); |
1041 | packet_put_cstring(authctxt->server_user); | 1038 | packet_put_cstring(authctxt->server_user); |
1042 | packet_put_cstring(authctxt->service); | 1039 | packet_put_cstring(authctxt->service); |
@@ -1048,7 +1045,7 @@ input_userauth_passwd_changereq(int type, u_int32_t seqnr, void *ctxt) | |||
1048 | password = read_passphrase(prompt, 0); | 1045 | password = read_passphrase(prompt, 0); |
1049 | packet_put_cstring(password); | 1046 | packet_put_cstring(password); |
1050 | memset(password, 0, strlen(password)); | 1047 | memset(password, 0, strlen(password)); |
1051 | xfree(password); | 1048 | free(password); |
1052 | password = NULL; | 1049 | password = NULL; |
1053 | while (password == NULL) { | 1050 | while (password == NULL) { |
1054 | snprintf(prompt, sizeof(prompt), | 1051 | snprintf(prompt, sizeof(prompt), |
@@ -1065,16 +1062,16 @@ input_userauth_passwd_changereq(int type, u_int32_t seqnr, void *ctxt) | |||
1065 | retype = read_passphrase(prompt, 0); | 1062 | retype = read_passphrase(prompt, 0); |
1066 | if (strcmp(password, retype) != 0) { | 1063 | if (strcmp(password, retype) != 0) { |
1067 | memset(password, 0, strlen(password)); | 1064 | memset(password, 0, strlen(password)); |
1068 | xfree(password); | 1065 | free(password); |
1069 | logit("Mismatch; try again, EOF to quit."); | 1066 | logit("Mismatch; try again, EOF to quit."); |
1070 | password = NULL; | 1067 | password = NULL; |
1071 | } | 1068 | } |
1072 | memset(retype, 0, strlen(retype)); | 1069 | memset(retype, 0, strlen(retype)); |
1073 | xfree(retype); | 1070 | free(retype); |
1074 | } | 1071 | } |
1075 | packet_put_cstring(password); | 1072 | packet_put_cstring(password); |
1076 | memset(password, 0, strlen(password)); | 1073 | memset(password, 0, strlen(password)); |
1077 | xfree(password); | 1074 | free(password); |
1078 | packet_add_padding(64); | 1075 | packet_add_padding(64); |
1079 | packet_send(); | 1076 | packet_send(); |
1080 | 1077 | ||
@@ -1129,13 +1126,13 @@ jpake_password_to_secret(Authctxt *authctxt, const char *crypt_scheme, | |||
1129 | 1126 | ||
1130 | bzero(password, strlen(password)); | 1127 | bzero(password, strlen(password)); |
1131 | bzero(crypted, strlen(crypted)); | 1128 | bzero(crypted, strlen(crypted)); |
1132 | xfree(password); | 1129 | free(password); |
1133 | xfree(crypted); | 1130 | free(crypted); |
1134 | 1131 | ||
1135 | if ((ret = BN_bin2bn(secret, secret_len, NULL)) == NULL) | 1132 | if ((ret = BN_bin2bn(secret, secret_len, NULL)) == NULL) |
1136 | fatal("%s: BN_bin2bn (secret)", __func__); | 1133 | fatal("%s: BN_bin2bn (secret)", __func__); |
1137 | bzero(secret, secret_len); | 1134 | bzero(secret, secret_len); |
1138 | xfree(secret); | 1135 | free(secret); |
1139 | 1136 | ||
1140 | return ret; | 1137 | return ret; |
1141 | } | 1138 | } |
@@ -1173,8 +1170,8 @@ input_userauth_jpake_server_step1(int type, u_int32_t seq, void *ctxt) | |||
1173 | pctx->s = jpake_password_to_secret(authctxt, crypt_scheme, salt); | 1170 | pctx->s = jpake_password_to_secret(authctxt, crypt_scheme, salt); |
1174 | bzero(crypt_scheme, strlen(crypt_scheme)); | 1171 | bzero(crypt_scheme, strlen(crypt_scheme)); |
1175 | bzero(salt, strlen(salt)); | 1172 | bzero(salt, strlen(salt)); |
1176 | xfree(crypt_scheme); | 1173 | free(crypt_scheme); |
1177 | xfree(salt); | 1174 | free(salt); |
1178 | JPAKE_DEBUG_BN((pctx->s, "%s: s = ", __func__)); | 1175 | JPAKE_DEBUG_BN((pctx->s, "%s: s = ", __func__)); |
1179 | 1176 | ||
1180 | /* Calculate step 2 values */ | 1177 | /* Calculate step 2 values */ |
@@ -1189,8 +1186,8 @@ input_userauth_jpake_server_step1(int type, u_int32_t seq, void *ctxt) | |||
1189 | 1186 | ||
1190 | bzero(x3_proof, x3_proof_len); | 1187 | bzero(x3_proof, x3_proof_len); |
1191 | bzero(x4_proof, x4_proof_len); | 1188 | bzero(x4_proof, x4_proof_len); |
1192 | xfree(x3_proof); | 1189 | free(x3_proof); |
1193 | xfree(x4_proof); | 1190 | free(x4_proof); |
1194 | 1191 | ||
1195 | JPAKE_DEBUG_CTX((pctx, "step 2 sending in %s", __func__)); | 1192 | JPAKE_DEBUG_CTX((pctx, "step 2 sending in %s", __func__)); |
1196 | 1193 | ||
@@ -1201,7 +1198,7 @@ input_userauth_jpake_server_step1(int type, u_int32_t seq, void *ctxt) | |||
1201 | packet_send(); | 1198 | packet_send(); |
1202 | 1199 | ||
1203 | bzero(x2_s_proof, x2_s_proof_len); | 1200 | bzero(x2_s_proof, x2_s_proof_len); |
1204 | xfree(x2_s_proof); | 1201 | free(x2_s_proof); |
1205 | 1202 | ||
1206 | /* Expect step 2 packet from peer */ | 1203 | /* Expect step 2 packet from peer */ |
1207 | dispatch_set(SSH2_MSG_USERAUTH_JPAKE_SERVER_STEP2, | 1204 | dispatch_set(SSH2_MSG_USERAUTH_JPAKE_SERVER_STEP2, |
@@ -1241,7 +1238,7 @@ input_userauth_jpake_server_step2(int type, u_int32_t seq, void *ctxt) | |||
1241 | &pctx->h_k_cid_sessid, &pctx->h_k_cid_sessid_len); | 1238 | &pctx->h_k_cid_sessid, &pctx->h_k_cid_sessid_len); |
1242 | 1239 | ||
1243 | bzero(x4_s_proof, x4_s_proof_len); | 1240 | bzero(x4_s_proof, x4_s_proof_len); |
1244 | xfree(x4_s_proof); | 1241 | free(x4_s_proof); |
1245 | 1242 | ||
1246 | JPAKE_DEBUG_CTX((pctx, "confirm sending in %s", __func__)); | 1243 | JPAKE_DEBUG_CTX((pctx, "confirm sending in %s", __func__)); |
1247 | 1244 | ||
@@ -1323,7 +1320,7 @@ sign_and_send_pubkey(Authctxt *authctxt, Identity *id) | |||
1323 | 1320 | ||
1324 | fp = key_fingerprint(id->key, SSH_FP_MD5, SSH_FP_HEX); | 1321 | fp = key_fingerprint(id->key, SSH_FP_MD5, SSH_FP_HEX); |
1325 | debug3("sign_and_send_pubkey: %s %s", key_type(id->key), fp); | 1322 | debug3("sign_and_send_pubkey: %s %s", key_type(id->key), fp); |
1326 | xfree(fp); | 1323 | free(fp); |
1327 | 1324 | ||
1328 | if (key_to_blob(id->key, &blob, &bloblen) == 0) { | 1325 | if (key_to_blob(id->key, &blob, &bloblen) == 0) { |
1329 | /* we cannot handle this key */ | 1326 | /* we cannot handle this key */ |
@@ -1358,7 +1355,7 @@ sign_and_send_pubkey(Authctxt *authctxt, Identity *id) | |||
1358 | ret = identity_sign(id, &signature, &slen, | 1355 | ret = identity_sign(id, &signature, &slen, |
1359 | buffer_ptr(&b), buffer_len(&b)); | 1356 | buffer_ptr(&b), buffer_len(&b)); |
1360 | if (ret == -1) { | 1357 | if (ret == -1) { |
1361 | xfree(blob); | 1358 | free(blob); |
1362 | buffer_free(&b); | 1359 | buffer_free(&b); |
1363 | return 0; | 1360 | return 0; |
1364 | } | 1361 | } |
@@ -1378,11 +1375,11 @@ sign_and_send_pubkey(Authctxt *authctxt, Identity *id) | |||
1378 | buffer_put_cstring(&b, key_ssh_name(id->key)); | 1375 | buffer_put_cstring(&b, key_ssh_name(id->key)); |
1379 | buffer_put_string(&b, blob, bloblen); | 1376 | buffer_put_string(&b, blob, bloblen); |
1380 | } | 1377 | } |
1381 | xfree(blob); | 1378 | free(blob); |
1382 | 1379 | ||
1383 | /* append signature */ | 1380 | /* append signature */ |
1384 | buffer_put_string(&b, signature, slen); | 1381 | buffer_put_string(&b, signature, slen); |
1385 | xfree(signature); | 1382 | free(signature); |
1386 | 1383 | ||
1387 | /* skip session id and packet type */ | 1384 | /* skip session id and packet type */ |
1388 | if (buffer_len(&b) < skip + 1) | 1385 | if (buffer_len(&b) < skip + 1) |
@@ -1422,7 +1419,7 @@ send_pubkey_test(Authctxt *authctxt, Identity *id) | |||
1422 | if (!(datafellows & SSH_BUG_PKAUTH)) | 1419 | if (!(datafellows & SSH_BUG_PKAUTH)) |
1423 | packet_put_cstring(key_ssh_name(id->key)); | 1420 | packet_put_cstring(key_ssh_name(id->key)); |
1424 | packet_put_string(blob, bloblen); | 1421 | packet_put_string(blob, bloblen); |
1425 | xfree(blob); | 1422 | free(blob); |
1426 | packet_send(); | 1423 | packet_send(); |
1427 | return 1; | 1424 | return 1; |
1428 | } | 1425 | } |
@@ -1441,8 +1438,11 @@ load_identity_file(char *filename, int userprovided) | |||
1441 | return NULL; | 1438 | return NULL; |
1442 | } | 1439 | } |
1443 | private = key_load_private_type(KEY_UNSPEC, filename, "", NULL, &perm_ok); | 1440 | private = key_load_private_type(KEY_UNSPEC, filename, "", NULL, &perm_ok); |
1444 | if (!perm_ok) | 1441 | if (!perm_ok) { |
1442 | if (private != NULL) | ||
1443 | key_free(private); | ||
1445 | return NULL; | 1444 | return NULL; |
1445 | } | ||
1446 | if (private == NULL) { | 1446 | if (private == NULL) { |
1447 | if (options.batch_mode) | 1447 | if (options.batch_mode) |
1448 | return NULL; | 1448 | return NULL; |
@@ -1459,7 +1459,7 @@ load_identity_file(char *filename, int userprovided) | |||
1459 | quit = 1; | 1459 | quit = 1; |
1460 | } | 1460 | } |
1461 | memset(passphrase, 0, strlen(passphrase)); | 1461 | memset(passphrase, 0, strlen(passphrase)); |
1462 | xfree(passphrase); | 1462 | free(passphrase); |
1463 | if (private != NULL || quit) | 1463 | if (private != NULL || quit) |
1464 | break; | 1464 | break; |
1465 | debug2("bad passphrase given, try again..."); | 1465 | debug2("bad passphrase given, try again..."); |
@@ -1524,7 +1524,7 @@ pubkey_prepare(Authctxt *authctxt) | |||
1524 | /* If IdentitiesOnly set and key not found then don't use it */ | 1524 | /* If IdentitiesOnly set and key not found then don't use it */ |
1525 | if (!found && options.identities_only) { | 1525 | if (!found && options.identities_only) { |
1526 | TAILQ_REMOVE(&files, id, next); | 1526 | TAILQ_REMOVE(&files, id, next); |
1527 | bzero(id, sizeof(id)); | 1527 | bzero(id, sizeof(*id)); |
1528 | free(id); | 1528 | free(id); |
1529 | } | 1529 | } |
1530 | } | 1530 | } |
@@ -1538,7 +1538,7 @@ pubkey_prepare(Authctxt *authctxt) | |||
1538 | /* agent keys from the config file are preferred */ | 1538 | /* agent keys from the config file are preferred */ |
1539 | if (key_equal(key, id->key)) { | 1539 | if (key_equal(key, id->key)) { |
1540 | key_free(key); | 1540 | key_free(key); |
1541 | xfree(comment); | 1541 | free(comment); |
1542 | TAILQ_REMOVE(&files, id, next); | 1542 | TAILQ_REMOVE(&files, id, next); |
1543 | TAILQ_INSERT_TAIL(preferred, id, next); | 1543 | TAILQ_INSERT_TAIL(preferred, id, next); |
1544 | id->ac = ac; | 1544 | id->ac = ac; |
@@ -1584,9 +1584,8 @@ pubkey_cleanup(Authctxt *authctxt) | |||
1584 | TAILQ_REMOVE(&authctxt->keys, id, next); | 1584 | TAILQ_REMOVE(&authctxt->keys, id, next); |
1585 | if (id->key) | 1585 | if (id->key) |
1586 | key_free(id->key); | 1586 | key_free(id->key); |
1587 | if (id->filename) | 1587 | free(id->filename); |
1588 | xfree(id->filename); | 1588 | free(id); |
1589 | xfree(id); | ||
1590 | } | 1589 | } |
1591 | } | 1590 | } |
1592 | 1591 | ||
@@ -1684,9 +1683,9 @@ input_userauth_info_req(int type, u_int32_t seq, void *ctxt) | |||
1684 | logit("%s", name); | 1683 | logit("%s", name); |
1685 | if (strlen(inst) > 0) | 1684 | if (strlen(inst) > 0) |
1686 | logit("%s", inst); | 1685 | logit("%s", inst); |
1687 | xfree(name); | 1686 | free(name); |
1688 | xfree(inst); | 1687 | free(inst); |
1689 | xfree(lang); | 1688 | free(lang); |
1690 | 1689 | ||
1691 | num_prompts = packet_get_int(); | 1690 | num_prompts = packet_get_int(); |
1692 | /* | 1691 | /* |
@@ -1707,8 +1706,8 @@ input_userauth_info_req(int type, u_int32_t seq, void *ctxt) | |||
1707 | 1706 | ||
1708 | packet_put_cstring(response); | 1707 | packet_put_cstring(response); |
1709 | memset(response, 0, strlen(response)); | 1708 | memset(response, 0, strlen(response)); |
1710 | xfree(response); | 1709 | free(response); |
1711 | xfree(prompt); | 1710 | free(prompt); |
1712 | } | 1711 | } |
1713 | packet_check_eom(); /* done with parsing incoming message. */ | 1712 | packet_check_eom(); /* done with parsing incoming message. */ |
1714 | 1713 | ||
@@ -1828,12 +1827,12 @@ userauth_hostbased(Authctxt *authctxt) | |||
1828 | if (p == NULL) { | 1827 | if (p == NULL) { |
1829 | error("userauth_hostbased: cannot get local ipaddr/name"); | 1828 | error("userauth_hostbased: cannot get local ipaddr/name"); |
1830 | key_free(private); | 1829 | key_free(private); |
1831 | xfree(blob); | 1830 | free(blob); |
1832 | return 0; | 1831 | return 0; |
1833 | } | 1832 | } |
1834 | xasprintf(&chost, "%s.", p); | 1833 | xasprintf(&chost, "%s.", p); |
1835 | debug2("userauth_hostbased: chost %s", chost); | 1834 | debug2("userauth_hostbased: chost %s", chost); |
1836 | xfree(p); | 1835 | free(p); |
1837 | 1836 | ||
1838 | service = datafellows & SSH_BUG_HBSERVICE ? "ssh-userauth" : | 1837 | service = datafellows & SSH_BUG_HBSERVICE ? "ssh-userauth" : |
1839 | authctxt->service; | 1838 | authctxt->service; |
@@ -1862,9 +1861,9 @@ userauth_hostbased(Authctxt *authctxt) | |||
1862 | buffer_free(&b); | 1861 | buffer_free(&b); |
1863 | if (ok != 0) { | 1862 | if (ok != 0) { |
1864 | error("key_sign failed"); | 1863 | error("key_sign failed"); |
1865 | xfree(chost); | 1864 | free(chost); |
1866 | xfree(pkalg); | 1865 | free(pkalg); |
1867 | xfree(blob); | 1866 | free(blob); |
1868 | return 0; | 1867 | return 0; |
1869 | } | 1868 | } |
1870 | packet_start(SSH2_MSG_USERAUTH_REQUEST); | 1869 | packet_start(SSH2_MSG_USERAUTH_REQUEST); |
@@ -1877,10 +1876,10 @@ userauth_hostbased(Authctxt *authctxt) | |||
1877 | packet_put_cstring(authctxt->local_user); | 1876 | packet_put_cstring(authctxt->local_user); |
1878 | packet_put_string(signature, slen); | 1877 | packet_put_string(signature, slen); |
1879 | memset(signature, 's', slen); | 1878 | memset(signature, 's', slen); |
1880 | xfree(signature); | 1879 | free(signature); |
1881 | xfree(chost); | 1880 | free(chost); |
1882 | xfree(pkalg); | 1881 | free(pkalg); |
1883 | xfree(blob); | 1882 | free(blob); |
1884 | 1883 | ||
1885 | packet_send(); | 1884 | packet_send(); |
1886 | return 1; | 1885 | return 1; |
@@ -1935,8 +1934,8 @@ userauth_jpake(Authctxt *authctxt) | |||
1935 | 1934 | ||
1936 | bzero(x1_proof, x1_proof_len); | 1935 | bzero(x1_proof, x1_proof_len); |
1937 | bzero(x2_proof, x2_proof_len); | 1936 | bzero(x2_proof, x2_proof_len); |
1938 | xfree(x1_proof); | 1937 | free(x1_proof); |
1939 | xfree(x2_proof); | 1938 | free(x2_proof); |
1940 | 1939 | ||
1941 | /* Expect step 1 packet from peer */ | 1940 | /* Expect step 1 packet from peer */ |
1942 | dispatch_set(SSH2_MSG_USERAUTH_JPAKE_SERVER_STEP1, | 1941 | dispatch_set(SSH2_MSG_USERAUTH_JPAKE_SERVER_STEP1, |
@@ -2013,8 +2012,7 @@ authmethod_get(char *authlist) | |||
2013 | 2012 | ||
2014 | if (supported == NULL || strcmp(authlist, supported) != 0) { | 2013 | if (supported == NULL || strcmp(authlist, supported) != 0) { |
2015 | debug3("start over, passed a different list %s", authlist); | 2014 | debug3("start over, passed a different list %s", authlist); |
2016 | if (supported != NULL) | 2015 | free(supported); |
2017 | xfree(supported); | ||
2018 | supported = xstrdup(authlist); | 2016 | supported = xstrdup(authlist); |
2019 | preferred = options.preferred_authentications; | 2017 | preferred = options.preferred_authentications; |
2020 | debug3("preferred %s", preferred); | 2018 | debug3("preferred %s", preferred); |
@@ -2035,9 +2033,10 @@ authmethod_get(char *authlist) | |||
2035 | authmethod_is_enabled(current)) { | 2033 | authmethod_is_enabled(current)) { |
2036 | debug3("authmethod_is_enabled %s", name); | 2034 | debug3("authmethod_is_enabled %s", name); |
2037 | debug("Next authentication method: %s", name); | 2035 | debug("Next authentication method: %s", name); |
2038 | xfree(name); | 2036 | free(name); |
2039 | return current; | 2037 | return current; |
2040 | } | 2038 | } |
2039 | free(name); | ||
2041 | } | 2040 | } |
2042 | } | 2041 | } |
2043 | 2042 | ||
@@ -5,8 +5,9 @@ NAME | |||
5 | 5 | ||
6 | SYNOPSIS | 6 | SYNOPSIS |
7 | sshd [-46DdeiqTt] [-b bits] [-C connection_spec] | 7 | sshd [-46DdeiqTt] [-b bits] [-C connection_spec] |
8 | [-c host_certificate_file] [-f config_file] [-g login_grace_time] | 8 | [-c host_certificate_file] [-E log_file] [-f config_file] |
9 | [-h host_key_file] [-k key_gen_time] [-o option] [-p port] [-u len] | 9 | [-g login_grace_time] [-h host_key_file] [-k key_gen_time] |
10 | [-o option] [-p port] [-u len] | ||
10 | 11 | ||
11 | DESCRIPTION | 12 | DESCRIPTION |
12 | sshd (OpenSSH Daemon) is the daemon program for ssh(1). Together these | 13 | sshd (OpenSSH Daemon) is the daemon program for ssh(1). Together these |
@@ -60,8 +61,10 @@ DESCRIPTION | |||
60 | option is only intended for debugging for the server. Multiple | 61 | option is only intended for debugging for the server. Multiple |
61 | -d options increase the debugging level. Maximum is 3. | 62 | -d options increase the debugging level. Maximum is 3. |
62 | 63 | ||
63 | -e When this option is specified, sshd will send the output to the | 64 | -E log_file |
64 | standard error instead of the system log. | 65 | Append debug logs to log_file instead of the system log. |
66 | |||
67 | -e Write debug logs to standard error instead of the system log. | ||
65 | 68 | ||
66 | -f config_file | 69 | -f config_file |
67 | Specifies the name of the configuration file. The default is | 70 | Specifies the name of the configuration file. The default is |
@@ -634,4 +637,4 @@ CAVEATS | |||
634 | System security is not improved unless rshd, rlogind, and rexecd are | 637 | System security is not improved unless rshd, rlogind, and rexecd are |
635 | disabled (thus completely disabling rlogin and rsh into the machine). | 638 | disabled (thus completely disabling rlogin and rsh into the machine). |
636 | 639 | ||
637 | OpenBSD 5.3 October 4, 2012 OpenBSD 5.3 | 640 | OpenBSD 5.4 June 27, 2013 OpenBSD 5.4 |
@@ -33,8 +33,8 @@ | |||
33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
35 | .\" | 35 | .\" |
36 | .\" $OpenBSD: sshd.8,v 1.267 2012/10/04 13:21:50 markus Exp $ | 36 | .\" $OpenBSD: sshd.8,v 1.270 2013/06/27 14:05:37 jmc Exp $ |
37 | .Dd $Mdocdate: October 4 2012 $ | 37 | .Dd $Mdocdate: June 27 2013 $ |
38 | .Dt SSHD 8 | 38 | .Dt SSHD 8 |
39 | .Os | 39 | .Os |
40 | .Sh NAME | 40 | .Sh NAME |
@@ -47,6 +47,7 @@ | |||
47 | .Op Fl b Ar bits | 47 | .Op Fl b Ar bits |
48 | .Op Fl C Ar connection_spec | 48 | .Op Fl C Ar connection_spec |
49 | .Op Fl c Ar host_certificate_file | 49 | .Op Fl c Ar host_certificate_file |
50 | .Op Fl E Ar log_file | ||
50 | .Op Fl f Ar config_file | 51 | .Op Fl f Ar config_file |
51 | .Op Fl g Ar login_grace_time | 52 | .Op Fl g Ar login_grace_time |
52 | .Op Fl h Ar host_key_file | 53 | .Op Fl h Ar host_key_file |
@@ -149,10 +150,12 @@ Multiple | |||
149 | .Fl d | 150 | .Fl d |
150 | options increase the debugging level. | 151 | options increase the debugging level. |
151 | Maximum is 3. | 152 | Maximum is 3. |
153 | .It Fl E Ar log_file | ||
154 | Append debug logs to | ||
155 | .Ar log_file | ||
156 | instead of the system log. | ||
152 | .It Fl e | 157 | .It Fl e |
153 | When this option is specified, | 158 | Write debug logs to standard error instead of the system log. |
154 | .Nm | ||
155 | will send the output to the standard error instead of the system log. | ||
156 | .It Fl f Ar config_file | 159 | .It Fl f Ar config_file |
157 | Specifies the name of the configuration file. | 160 | Specifies the name of the configuration file. |
158 | The default is | 161 | The default is |
@@ -567,9 +570,7 @@ is enabled. | |||
567 | Specifies that in addition to public key authentication, either the canonical | 570 | Specifies that in addition to public key authentication, either the canonical |
568 | name of the remote host or its IP address must be present in the | 571 | name of the remote host or its IP address must be present in the |
569 | comma-separated list of patterns. | 572 | comma-separated list of patterns. |
570 | See | 573 | See PATTERNS in |
571 | .Sx PATTERNS | ||
572 | in | ||
573 | .Xr ssh_config 5 | 574 | .Xr ssh_config 5 |
574 | for more information on patterns. | 575 | for more information on patterns. |
575 | .Pp | 576 | .Pp |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshd.c,v 1.397 2013/02/11 21:21:58 dtucker Exp $ */ | 1 | /* $OpenBSD: sshd.c,v 1.404 2013/07/19 07:37:48 markus Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -106,6 +106,7 @@ | |||
106 | #include "canohost.h" | 106 | #include "canohost.h" |
107 | #include "hostfile.h" | 107 | #include "hostfile.h" |
108 | #include "auth.h" | 108 | #include "auth.h" |
109 | #include "authfd.h" | ||
109 | #include "misc.h" | 110 | #include "misc.h" |
110 | #include "msg.h" | 111 | #include "msg.h" |
111 | #include "dispatch.h" | 112 | #include "dispatch.h" |
@@ -198,6 +199,10 @@ char *server_version_string = NULL; | |||
198 | /* for rekeying XXX fixme */ | 199 | /* for rekeying XXX fixme */ |
199 | Kex *xxx_kex; | 200 | Kex *xxx_kex; |
200 | 201 | ||
202 | /* Daemon's agent connection */ | ||
203 | AuthenticationConnection *auth_conn = NULL; | ||
204 | int have_agent = 0; | ||
205 | |||
201 | /* | 206 | /* |
202 | * Any really sensitive data in the application is contained in this | 207 | * Any really sensitive data in the application is contained in this |
203 | * structure. The idea is that this structure could be locked into memory so | 208 | * structure. The idea is that this structure could be locked into memory so |
@@ -210,6 +215,7 @@ struct { | |||
210 | Key *server_key; /* ephemeral server key */ | 215 | Key *server_key; /* ephemeral server key */ |
211 | Key *ssh1_host_key; /* ssh1 host key */ | 216 | Key *ssh1_host_key; /* ssh1 host key */ |
212 | Key **host_keys; /* all private host keys */ | 217 | Key **host_keys; /* all private host keys */ |
218 | Key **host_pubkeys; /* all public host keys */ | ||
213 | Key **host_certificates; /* all public host certificates */ | 219 | Key **host_certificates; /* all public host certificates */ |
214 | int have_ssh1_key; | 220 | int have_ssh1_key; |
215 | int have_ssh2_key; | 221 | int have_ssh2_key; |
@@ -658,6 +664,8 @@ privsep_preauth(Authctxt *authctxt) | |||
658 | debug2("Network child is on pid %ld", (long)pid); | 664 | debug2("Network child is on pid %ld", (long)pid); |
659 | 665 | ||
660 | pmonitor->m_pid = pid; | 666 | pmonitor->m_pid = pid; |
667 | if (have_agent) | ||
668 | auth_conn = ssh_get_authentication_connection(); | ||
661 | if (box != NULL) | 669 | if (box != NULL) |
662 | ssh_sandbox_parent_preauth(box, pid); | 670 | ssh_sandbox_parent_preauth(box, pid); |
663 | monitor_child_preauth(authctxt, pmonitor); | 671 | monitor_child_preauth(authctxt, pmonitor); |
@@ -772,6 +780,8 @@ list_hostkey_types(void) | |||
772 | for (i = 0; i < options.num_host_key_files; i++) { | 780 | for (i = 0; i < options.num_host_key_files; i++) { |
773 | key = sensitive_data.host_keys[i]; | 781 | key = sensitive_data.host_keys[i]; |
774 | if (key == NULL) | 782 | if (key == NULL) |
783 | key = sensitive_data.host_pubkeys[i]; | ||
784 | if (key == NULL) | ||
775 | continue; | 785 | continue; |
776 | switch (key->type) { | 786 | switch (key->type) { |
777 | case KEY_RSA: | 787 | case KEY_RSA: |
@@ -824,6 +834,8 @@ get_hostkey_by_type(int type, int need_private) | |||
824 | break; | 834 | break; |
825 | default: | 835 | default: |
826 | key = sensitive_data.host_keys[i]; | 836 | key = sensitive_data.host_keys[i]; |
837 | if (key == NULL && !need_private) | ||
838 | key = sensitive_data.host_pubkeys[i]; | ||
827 | break; | 839 | break; |
828 | } | 840 | } |
829 | if (key != NULL && key->type == type) | 841 | if (key != NULL && key->type == type) |
@@ -853,6 +865,14 @@ get_hostkey_by_index(int ind) | |||
853 | return (sensitive_data.host_keys[ind]); | 865 | return (sensitive_data.host_keys[ind]); |
854 | } | 866 | } |
855 | 867 | ||
868 | Key * | ||
869 | get_hostkey_public_by_index(int ind) | ||
870 | { | ||
871 | if (ind < 0 || ind >= options.num_host_key_files) | ||
872 | return (NULL); | ||
873 | return (sensitive_data.host_pubkeys[ind]); | ||
874 | } | ||
875 | |||
856 | int | 876 | int |
857 | get_hostkey_index(Key *key) | 877 | get_hostkey_index(Key *key) |
858 | { | 878 | { |
@@ -865,6 +885,8 @@ get_hostkey_index(Key *key) | |||
865 | } else { | 885 | } else { |
866 | if (key == sensitive_data.host_keys[i]) | 886 | if (key == sensitive_data.host_keys[i]) |
867 | return (i); | 887 | return (i); |
888 | if (key == sensitive_data.host_pubkeys[i]) | ||
889 | return (i); | ||
868 | } | 890 | } |
869 | } | 891 | } |
870 | return (-1); | 892 | return (-1); |
@@ -905,8 +927,9 @@ usage(void) | |||
905 | SSH_RELEASE, SSLeay_version(SSLEAY_VERSION)); | 927 | SSH_RELEASE, SSLeay_version(SSLEAY_VERSION)); |
906 | fprintf(stderr, | 928 | fprintf(stderr, |
907 | "usage: sshd [-46DdeiqTt] [-b bits] [-C connection_spec] [-c host_cert_file]\n" | 929 | "usage: sshd [-46DdeiqTt] [-b bits] [-C connection_spec] [-c host_cert_file]\n" |
908 | " [-f config_file] [-g login_grace_time] [-h host_key_file]\n" | 930 | " [-E log_file] [-f config_file] [-g login_grace_time]\n" |
909 | " [-k key_gen_time] [-o option] [-p port] [-u len]\n" | 931 | " [-h host_key_file] [-k key_gen_time] [-o option] [-p port]\n" |
932 | " [-u len]\n" | ||
910 | ); | 933 | ); |
911 | exit(1); | 934 | exit(1); |
912 | } | 935 | } |
@@ -977,7 +1000,7 @@ recv_rexec_state(int fd, Buffer *conf) | |||
977 | cp = buffer_get_string(&m, &len); | 1000 | cp = buffer_get_string(&m, &len); |
978 | if (conf != NULL) | 1001 | if (conf != NULL) |
979 | buffer_append(conf, cp, len + 1); | 1002 | buffer_append(conf, cp, len + 1); |
980 | xfree(cp); | 1003 | free(cp); |
981 | 1004 | ||
982 | if (buffer_get_int(&m)) { | 1005 | if (buffer_get_int(&m)) { |
983 | if (sensitive_data.server_key != NULL) | 1006 | if (sensitive_data.server_key != NULL) |
@@ -1028,7 +1051,9 @@ server_accept_inetd(int *sock_in, int *sock_out) | |||
1028 | if ((fd = open(_PATH_DEVNULL, O_RDWR, 0)) != -1) { | 1051 | if ((fd = open(_PATH_DEVNULL, O_RDWR, 0)) != -1) { |
1029 | dup2(fd, STDIN_FILENO); | 1052 | dup2(fd, STDIN_FILENO); |
1030 | dup2(fd, STDOUT_FILENO); | 1053 | dup2(fd, STDOUT_FILENO); |
1031 | if (fd > STDOUT_FILENO) | 1054 | if (!log_stderr) |
1055 | dup2(fd, STDERR_FILENO); | ||
1056 | if (fd > (log_stderr ? STDERR_FILENO : STDOUT_FILENO)) | ||
1032 | close(fd); | 1057 | close(fd); |
1033 | } | 1058 | } |
1034 | debug("inetd sockets after dupping: %d, %d", *sock_in, *sock_out); | 1059 | debug("inetd sockets after dupping: %d, %d", *sock_in, *sock_out); |
@@ -1139,7 +1164,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s) | |||
1139 | if (received_sighup) | 1164 | if (received_sighup) |
1140 | sighup_restart(); | 1165 | sighup_restart(); |
1141 | if (fdset != NULL) | 1166 | if (fdset != NULL) |
1142 | xfree(fdset); | 1167 | free(fdset); |
1143 | fdset = (fd_set *)xcalloc(howmany(maxfd + 1, NFDBITS), | 1168 | fdset = (fd_set *)xcalloc(howmany(maxfd + 1, NFDBITS), |
1144 | sizeof(fd_mask)); | 1169 | sizeof(fd_mask)); |
1145 | 1170 | ||
@@ -1188,8 +1213,8 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s) | |||
1188 | *newsock = accept(listen_socks[i], | 1213 | *newsock = accept(listen_socks[i], |
1189 | (struct sockaddr *)&from, &fromlen); | 1214 | (struct sockaddr *)&from, &fromlen); |
1190 | if (*newsock < 0) { | 1215 | if (*newsock < 0) { |
1191 | if (errno != EINTR && errno != EAGAIN && | 1216 | if (errno != EINTR && errno != EWOULDBLOCK && |
1192 | errno != EWOULDBLOCK) | 1217 | errno != ECONNABORTED && errno != EAGAIN) |
1193 | error("accept: %.100s", | 1218 | error("accept: %.100s", |
1194 | strerror(errno)); | 1219 | strerror(errno)); |
1195 | if (errno == EMFILE || errno == ENFILE) | 1220 | if (errno == EMFILE || errno == ENFILE) |
@@ -1340,12 +1365,14 @@ main(int ac, char **av) | |||
1340 | int sock_in = -1, sock_out = -1, newsock = -1; | 1365 | int sock_in = -1, sock_out = -1, newsock = -1; |
1341 | const char *remote_ip; | 1366 | const char *remote_ip; |
1342 | int remote_port; | 1367 | int remote_port; |
1343 | char *line; | 1368 | char *line, *logfile = NULL; |
1344 | int config_s[2] = { -1 , -1 }; | 1369 | int config_s[2] = { -1 , -1 }; |
1345 | u_int n; | 1370 | u_int n; |
1346 | u_int64_t ibytes, obytes; | 1371 | u_int64_t ibytes, obytes; |
1347 | mode_t new_umask; | 1372 | mode_t new_umask; |
1348 | Key *key; | 1373 | Key *key; |
1374 | Key *pubkey; | ||
1375 | int keytype; | ||
1349 | Authctxt *authctxt; | 1376 | Authctxt *authctxt; |
1350 | struct connection_info *connection_info = get_connection_info(0, 0); | 1377 | struct connection_info *connection_info = get_connection_info(0, 0); |
1351 | 1378 | ||
@@ -1378,7 +1405,7 @@ main(int ac, char **av) | |||
1378 | initialize_server_options(&options); | 1405 | initialize_server_options(&options); |
1379 | 1406 | ||
1380 | /* Parse command-line arguments. */ | 1407 | /* Parse command-line arguments. */ |
1381 | while ((opt = getopt(ac, av, "f:p:b:k:h:g:u:o:C:dDeiqrtQRT46")) != -1) { | 1408 | while ((opt = getopt(ac, av, "f:p:b:k:h:g:u:o:C:dDeE:iqrtQRT46")) != -1) { |
1382 | switch (opt) { | 1409 | switch (opt) { |
1383 | case '4': | 1410 | case '4': |
1384 | options.address_family = AF_INET; | 1411 | options.address_family = AF_INET; |
@@ -1407,6 +1434,9 @@ main(int ac, char **av) | |||
1407 | case 'D': | 1434 | case 'D': |
1408 | no_daemon_flag = 1; | 1435 | no_daemon_flag = 1; |
1409 | break; | 1436 | break; |
1437 | case 'E': | ||
1438 | logfile = xstrdup(optarg); | ||
1439 | /* FALLTHROUGH */ | ||
1410 | case 'e': | 1440 | case 'e': |
1411 | log_stderr = 1; | 1441 | log_stderr = 1; |
1412 | break; | 1442 | break; |
@@ -1485,7 +1515,7 @@ main(int ac, char **av) | |||
1485 | if (process_server_config_line(&options, line, | 1515 | if (process_server_config_line(&options, line, |
1486 | "command-line", 0, NULL, NULL) != 0) | 1516 | "command-line", 0, NULL, NULL) != 0) |
1487 | exit(1); | 1517 | exit(1); |
1488 | xfree(line); | 1518 | free(line); |
1489 | break; | 1519 | break; |
1490 | case '?': | 1520 | case '?': |
1491 | default: | 1521 | default: |
@@ -1504,6 +1534,11 @@ main(int ac, char **av) | |||
1504 | 1534 | ||
1505 | OpenSSL_add_all_algorithms(); | 1535 | OpenSSL_add_all_algorithms(); |
1506 | 1536 | ||
1537 | /* If requested, redirect the logs to the specified logfile. */ | ||
1538 | if (logfile != NULL) { | ||
1539 | log_redirect_stderr_to(logfile); | ||
1540 | free(logfile); | ||
1541 | } | ||
1507 | /* | 1542 | /* |
1508 | * Force logging to stderr until we have loaded the private host | 1543 | * Force logging to stderr until we have loaded the private host |
1509 | * key (unless started from inetd) | 1544 | * key (unless started from inetd) |
@@ -1612,32 +1647,55 @@ main(int ac, char **av) | |||
1612 | } else { | 1647 | } else { |
1613 | memset(privsep_pw->pw_passwd, 0, strlen(privsep_pw->pw_passwd)); | 1648 | memset(privsep_pw->pw_passwd, 0, strlen(privsep_pw->pw_passwd)); |
1614 | privsep_pw = pwcopy(privsep_pw); | 1649 | privsep_pw = pwcopy(privsep_pw); |
1615 | xfree(privsep_pw->pw_passwd); | 1650 | free(privsep_pw->pw_passwd); |
1616 | privsep_pw->pw_passwd = xstrdup("*"); | 1651 | privsep_pw->pw_passwd = xstrdup("*"); |
1617 | } | 1652 | } |
1618 | endpwent(); | 1653 | endpwent(); |
1619 | 1654 | ||
1620 | /* load private host keys */ | 1655 | /* load host keys */ |
1621 | sensitive_data.host_keys = xcalloc(options.num_host_key_files, | 1656 | sensitive_data.host_keys = xcalloc(options.num_host_key_files, |
1622 | sizeof(Key *)); | 1657 | sizeof(Key *)); |
1623 | for (i = 0; i < options.num_host_key_files; i++) | 1658 | sensitive_data.host_pubkeys = xcalloc(options.num_host_key_files, |
1659 | sizeof(Key *)); | ||
1660 | for (i = 0; i < options.num_host_key_files; i++) { | ||
1624 | sensitive_data.host_keys[i] = NULL; | 1661 | sensitive_data.host_keys[i] = NULL; |
1662 | sensitive_data.host_pubkeys[i] = NULL; | ||
1663 | } | ||
1664 | |||
1665 | if (options.host_key_agent) { | ||
1666 | if (strcmp(options.host_key_agent, SSH_AUTHSOCKET_ENV_NAME)) | ||
1667 | setenv(SSH_AUTHSOCKET_ENV_NAME, | ||
1668 | options.host_key_agent, 1); | ||
1669 | have_agent = ssh_agent_present(); | ||
1670 | } | ||
1625 | 1671 | ||
1626 | for (i = 0; i < options.num_host_key_files; i++) { | 1672 | for (i = 0; i < options.num_host_key_files; i++) { |
1627 | key = key_load_private(options.host_key_files[i], "", NULL); | 1673 | key = key_load_private(options.host_key_files[i], "", NULL); |
1674 | pubkey = key_load_public(options.host_key_files[i], NULL); | ||
1628 | sensitive_data.host_keys[i] = key; | 1675 | sensitive_data.host_keys[i] = key; |
1629 | if (key == NULL) { | 1676 | sensitive_data.host_pubkeys[i] = pubkey; |
1677 | |||
1678 | if (key == NULL && pubkey != NULL && pubkey->type != KEY_RSA1 && | ||
1679 | have_agent) { | ||
1680 | debug("will rely on agent for hostkey %s", | ||
1681 | options.host_key_files[i]); | ||
1682 | keytype = pubkey->type; | ||
1683 | } else if (key != NULL) { | ||
1684 | keytype = key->type; | ||
1685 | } else { | ||
1630 | error("Could not load host key: %s", | 1686 | error("Could not load host key: %s", |
1631 | options.host_key_files[i]); | 1687 | options.host_key_files[i]); |
1632 | sensitive_data.host_keys[i] = NULL; | 1688 | sensitive_data.host_keys[i] = NULL; |
1689 | sensitive_data.host_pubkeys[i] = NULL; | ||
1633 | continue; | 1690 | continue; |
1634 | } | 1691 | } |
1635 | if (auth_key_is_revoked(key, 1)) { | 1692 | if (auth_key_is_revoked(key != NULL ? key : pubkey, 1)) { |
1636 | key_free(key); | ||
1637 | sensitive_data.host_keys[i] = NULL; | 1693 | sensitive_data.host_keys[i] = NULL; |
1694 | sensitive_data.host_pubkeys[i] = NULL; | ||
1638 | continue; | 1695 | continue; |
1639 | } | 1696 | } |
1640 | switch (key->type) { | 1697 | |
1698 | switch (keytype) { | ||
1641 | case KEY_RSA1: | 1699 | case KEY_RSA1: |
1642 | sensitive_data.ssh1_host_key = key; | 1700 | sensitive_data.ssh1_host_key = key; |
1643 | sensitive_data.have_ssh1_key = 1; | 1701 | sensitive_data.have_ssh1_key = 1; |
@@ -1648,8 +1706,8 @@ main(int ac, char **av) | |||
1648 | sensitive_data.have_ssh2_key = 1; | 1706 | sensitive_data.have_ssh2_key = 1; |
1649 | break; | 1707 | break; |
1650 | } | 1708 | } |
1651 | debug("private host key: #%d type %d %s", i, key->type, | 1709 | debug("private host key: #%d type %d %s", i, keytype, |
1652 | key_type(key)); | 1710 | key_type(key ? key : pubkey)); |
1653 | } | 1711 | } |
1654 | if ((options.protocol & SSH_PROTO_1) && !sensitive_data.have_ssh1_key) { | 1712 | if ((options.protocol & SSH_PROTO_1) && !sensitive_data.have_ssh1_key) { |
1655 | logit("Disabling protocol version 1. Could not load host key"); | 1713 | logit("Disabling protocol version 1. Could not load host key"); |
@@ -1819,7 +1877,8 @@ main(int ac, char **av) | |||
1819 | 1877 | ||
1820 | /* Chdir to the root directory so that the current disk can be | 1878 | /* Chdir to the root directory so that the current disk can be |
1821 | unmounted if desired. */ | 1879 | unmounted if desired. */ |
1822 | chdir("/"); | 1880 | if (chdir("/") == -1) |
1881 | error("chdir(\"/\"): %s", strerror(errno)); | ||
1823 | 1882 | ||
1824 | /* ignore SIGPIPE */ | 1883 | /* ignore SIGPIPE */ |
1825 | signal(SIGPIPE, SIG_IGN); | 1884 | signal(SIGPIPE, SIG_IGN); |
@@ -2079,9 +2138,11 @@ main(int ac, char **av) | |||
2079 | buffer_init(&loginmsg); | 2138 | buffer_init(&loginmsg); |
2080 | auth_debug_reset(); | 2139 | auth_debug_reset(); |
2081 | 2140 | ||
2082 | if (use_privsep) | 2141 | if (use_privsep) { |
2083 | if (privsep_preauth(authctxt) == 1) | 2142 | if (privsep_preauth(authctxt) == 1) |
2084 | goto authenticated; | 2143 | goto authenticated; |
2144 | } else if (compat20 && have_agent) | ||
2145 | auth_conn = ssh_get_authentication_connection(); | ||
2085 | 2146 | ||
2086 | /* perform the key exchange */ | 2147 | /* perform the key exchange */ |
2087 | /* authenticate user and start session */ | 2148 | /* authenticate user and start session */ |
@@ -2368,7 +2429,7 @@ do_ssh1_kex(void) | |||
2368 | MD5_Update(&md, sensitive_data.ssh1_cookie, SSH_SESSION_KEY_LENGTH); | 2429 | MD5_Update(&md, sensitive_data.ssh1_cookie, SSH_SESSION_KEY_LENGTH); |
2369 | MD5_Final(session_key + 16, &md); | 2430 | MD5_Final(session_key + 16, &md); |
2370 | memset(buf, 0, bytes); | 2431 | memset(buf, 0, bytes); |
2371 | xfree(buf); | 2432 | free(buf); |
2372 | for (i = 0; i < 16; i++) | 2433 | for (i = 0; i < 16; i++) |
2373 | session_id[i] = session_key[i] ^ session_key[i + 16]; | 2434 | session_id[i] = session_key[i] ^ session_key[i + 16]; |
2374 | } | 2435 | } |
@@ -2395,6 +2456,23 @@ do_ssh1_kex(void) | |||
2395 | packet_write_wait(); | 2456 | packet_write_wait(); |
2396 | } | 2457 | } |
2397 | 2458 | ||
2459 | void | ||
2460 | sshd_hostkey_sign(Key *privkey, Key *pubkey, u_char **signature, u_int *slen, | ||
2461 | u_char *data, u_int dlen) | ||
2462 | { | ||
2463 | if (privkey) { | ||
2464 | if (PRIVSEP(key_sign(privkey, signature, slen, data, dlen) < 0)) | ||
2465 | fatal("%s: key_sign failed", __func__); | ||
2466 | } else if (use_privsep) { | ||
2467 | if (mm_key_sign(pubkey, signature, slen, data, dlen) < 0) | ||
2468 | fatal("%s: pubkey_sign failed", __func__); | ||
2469 | } else { | ||
2470 | if (ssh_agent_sign(auth_conn, pubkey, signature, slen, data, | ||
2471 | dlen)) | ||
2472 | fatal("%s: ssh_agent_sign failed", __func__); | ||
2473 | } | ||
2474 | } | ||
2475 | |||
2398 | /* | 2476 | /* |
2399 | * SSH2 key exchange: diffie-hellman-group1-sha1 | 2477 | * SSH2 key exchange: diffie-hellman-group1-sha1 |
2400 | */ | 2478 | */ |
@@ -2426,6 +2504,10 @@ do_ssh2_kex(void) | |||
2426 | if (options.kex_algorithms != NULL) | 2504 | if (options.kex_algorithms != NULL) |
2427 | myproposal[PROPOSAL_KEX_ALGS] = options.kex_algorithms; | 2505 | myproposal[PROPOSAL_KEX_ALGS] = options.kex_algorithms; |
2428 | 2506 | ||
2507 | if (options.rekey_limit || options.rekey_interval) | ||
2508 | packet_set_rekey_limits((u_int32_t)options.rekey_limit, | ||
2509 | (time_t)options.rekey_interval); | ||
2510 | |||
2429 | myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types(); | 2511 | myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types(); |
2430 | 2512 | ||
2431 | #ifdef GSSAPI | 2513 | #ifdef GSSAPI |
@@ -2490,6 +2572,7 @@ do_ssh2_kex(void) | |||
2490 | kex->load_host_public_key=&get_hostkey_public_by_type; | 2572 | kex->load_host_public_key=&get_hostkey_public_by_type; |
2491 | kex->load_host_private_key=&get_hostkey_private_by_type; | 2573 | kex->load_host_private_key=&get_hostkey_private_by_type; |
2492 | kex->host_key_index=&get_hostkey_index; | 2574 | kex->host_key_index=&get_hostkey_index; |
2575 | kex->sign = sshd_hostkey_sign; | ||
2493 | 2576 | ||
2494 | xxx_kex = kex; | 2577 | xxx_kex = kex; |
2495 | 2578 | ||
diff --git a/sshd_config b/sshd_config index 5de6846ef..9cfe28d03 100644 --- a/sshd_config +++ b/sshd_config | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: sshd_config,v 1.89 2013/02/06 00:20:42 dtucker Exp $ | 1 | # $OpenBSD: sshd_config,v 1.90 2013/05/16 04:09:14 dtucker Exp $ |
2 | 2 | ||
3 | # This is the sshd server system-wide configuration file. See | 3 | # This is the sshd server system-wide configuration file. See |
4 | # sshd_config(5) for more information. | 4 | # sshd_config(5) for more information. |
@@ -29,6 +29,9 @@ | |||
29 | #KeyRegenerationInterval 1h | 29 | #KeyRegenerationInterval 1h |
30 | #ServerKeyBits 1024 | 30 | #ServerKeyBits 1024 |
31 | 31 | ||
32 | # Ciphers and keying | ||
33 | #RekeyLimit default none | ||
34 | |||
32 | # Logging | 35 | # Logging |
33 | # obsoletes QuietMode and FascistLogging | 36 | # obsoletes QuietMode and FascistLogging |
34 | #SyslogFacility AUTH | 37 | #SyslogFacility AUTH |
diff --git a/sshd_config.0 b/sshd_config.0 index 2648db3d4..5f1df7b58 100644 --- a/sshd_config.0 +++ b/sshd_config.0 | |||
@@ -90,6 +90,13 @@ DESCRIPTION | |||
90 | example, it would not be possible to attempt password or | 90 | example, it would not be possible to attempt password or |
91 | keyboard-interactive authentication before public key. | 91 | keyboard-interactive authentication before public key. |
92 | 92 | ||
93 | For keyboard interactive authentication it is also possible to | ||
94 | restrict authentication to a specific device by appending a colon | ||
95 | followed by the device identifier ``bsdauth'', ``pam'', or | ||
96 | ``skey'', depending on the server configuration. For example, | ||
97 | ``keyboard-interactive:bsdauth'' would restrict keyboard | ||
98 | interactive authentication to the ``bsdauth'' device. | ||
99 | |||
93 | This option is only available for SSH protocol 2 and will yield a | 100 | This option is only available for SSH protocol 2 and will yield a |
94 | fatal error if enabled if protocol 1 is also enabled. Note that | 101 | fatal error if enabled if protocol 1 is also enabled. Note that |
95 | each authentication method listed should also be explicitly | 102 | each authentication method listed should also be explicitly |
@@ -99,7 +106,8 @@ DESCRIPTION | |||
99 | 106 | ||
100 | AuthorizedKeysCommand | 107 | AuthorizedKeysCommand |
101 | Specifies a program to be used to look up the user's public keys. | 108 | Specifies a program to be used to look up the user's public keys. |
102 | The program will be invoked with a single argument of the | 109 | The program must be owned by root and not writable by group or |
110 | others. It will be invoked with a single argument of the | ||
103 | username being authenticated, and should produce on standard | 111 | username being authenticated, and should produce on standard |
104 | output zero or more lines of authorized_keys output (see | 112 | output zero or more lines of authorized_keys output (see |
105 | AUTHORIZED_KEYS in sshd(8)). If a key supplied by | 113 | AUTHORIZED_KEYS in sshd(8)). If a key supplied by |
@@ -322,7 +330,16 @@ DESCRIPTION | |||
322 | sshd(8) will refuse to use a file if it is group/world- | 330 | sshd(8) will refuse to use a file if it is group/world- |
323 | accessible. It is possible to have multiple host key files. | 331 | accessible. It is possible to have multiple host key files. |
324 | ``rsa1'' keys are used for version 1 and ``dsa'', ``ecdsa'' or | 332 | ``rsa1'' keys are used for version 1 and ``dsa'', ``ecdsa'' or |
325 | ``rsa'' are used for version 2 of the SSH protocol. | 333 | ``rsa'' are used for version 2 of the SSH protocol. It is also |
334 | possible to specify public host key files instead. In this case | ||
335 | operations on the private key will be delegated to an | ||
336 | ssh-agent(1). | ||
337 | |||
338 | HostKeyAgent | ||
339 | Identifies the UNIX-domain socket used to communicate with an | ||
340 | agent that has access to the private host keys. If | ||
341 | ``SSH_AUTH_SOCK'' is specified, the location of the socket will | ||
342 | be read from the SSH_AUTH_SOCK environment variable. | ||
326 | 343 | ||
327 | IgnoreRhosts | 344 | IgnoreRhosts |
328 | Specifies that .rhosts and .shosts files will not be used in | 345 | Specifies that .rhosts and .shosts files will not be used in |
@@ -461,8 +478,9 @@ DESCRIPTION | |||
461 | KbdInteractiveAuthentication, KerberosAuthentication, | 478 | KbdInteractiveAuthentication, KerberosAuthentication, |
462 | MaxAuthTries, MaxSessions, PasswordAuthentication, | 479 | MaxAuthTries, MaxSessions, PasswordAuthentication, |
463 | PermitEmptyPasswords, PermitOpen, PermitRootLogin, PermitTunnel, | 480 | PermitEmptyPasswords, PermitOpen, PermitRootLogin, PermitTunnel, |
464 | PubkeyAuthentication, RhostsRSAAuthentication, RSAAuthentication, | 481 | PubkeyAuthentication, RekeyLimit, RhostsRSAAuthentication, |
465 | X11DisplayOffset, X11Forwarding and X11UseLocalHost. | 482 | RSAAuthentication, X11DisplayOffset, X11Forwarding and |
483 | X11UseLocalHost. | ||
466 | 484 | ||
467 | MaxAuthTries | 485 | MaxAuthTries |
468 | Specifies the maximum number of authentication attempts permitted | 486 | Specifies the maximum number of authentication attempts permitted |
@@ -571,6 +589,21 @@ DESCRIPTION | |||
571 | default is ``yes''. Note that this option applies to protocol | 589 | default is ``yes''. Note that this option applies to protocol |
572 | version 2 only. | 590 | version 2 only. |
573 | 591 | ||
592 | RekeyLimit | ||
593 | Specifies the maximum amount of data that may be transmitted | ||
594 | before the session key is renegotiated, optionally followed a | ||
595 | maximum amount of time that may pass before the session key is | ||
596 | renegotiated. The first argument is specified in bytes and may | ||
597 | have a suffix of `K', `M', or `G' to indicate Kilobytes, | ||
598 | Megabytes, or Gigabytes, respectively. The default is between | ||
599 | `1G' and `4G', depending on the cipher. The optional second | ||
600 | value is specified in seconds and may use any of the units | ||
601 | documented in the TIME FORMATS section. The default value for | ||
602 | RekeyLimit is ``default none'', which means that rekeying is | ||
603 | performed after the cipher's default amount of data has been sent | ||
604 | or received and no time based rekeying is done. This option | ||
605 | applies to protocol version 2 only. | ||
606 | |||
574 | RevokedKeys | 607 | RevokedKeys |
575 | Specifies revoked public keys. Keys listed in this file will be | 608 | Specifies revoked public keys. Keys listed in this file will be |
576 | refused for public key authentication. Note that if this file is | 609 | refused for public key authentication. Note that if this file is |
@@ -777,4 +810,4 @@ AUTHORS | |||
777 | versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support | 810 | versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support |
778 | for privilege separation. | 811 | for privilege separation. |
779 | 812 | ||
780 | OpenBSD 5.3 February 6, 2013 OpenBSD 5.3 | 813 | OpenBSD 5.4 July 19, 2013 OpenBSD 5.4 |
diff --git a/sshd_config.5 b/sshd_config.5 index 251d847fd..faf93fc90 100644 --- a/sshd_config.5 +++ b/sshd_config.5 | |||
@@ -33,8 +33,8 @@ | |||
33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
35 | .\" | 35 | .\" |
36 | .\" $OpenBSD: sshd_config.5,v 1.156 2013/02/06 00:20:42 dtucker Exp $ | 36 | .\" $OpenBSD: sshd_config.5,v 1.162 2013/07/19 07:37:48 markus Exp $ |
37 | .Dd $Mdocdate: February 6 2013 $ | 37 | .Dd $Mdocdate: July 19 2013 $ |
38 | .Dt SSHD_CONFIG 5 | 38 | .Dt SSHD_CONFIG 5 |
39 | .Os | 39 | .Os |
40 | .Sh NAME | 40 | .Sh NAME |
@@ -144,9 +144,7 @@ The allow/deny directives are processed in the following order: | |||
144 | and finally | 144 | and finally |
145 | .Cm AllowGroups . | 145 | .Cm AllowGroups . |
146 | .Pp | 146 | .Pp |
147 | See | 147 | See PATTERNS in |
148 | .Sx PATTERNS | ||
149 | in | ||
150 | .Xr ssh_config 5 | 148 | .Xr ssh_config 5 |
151 | for more information on patterns. | 149 | for more information on patterns. |
152 | .It Cm AllowTcpForwarding | 150 | .It Cm AllowTcpForwarding |
@@ -186,9 +184,7 @@ The allow/deny directives are processed in the following order: | |||
186 | and finally | 184 | and finally |
187 | .Cm AllowGroups . | 185 | .Cm AllowGroups . |
188 | .Pp | 186 | .Pp |
189 | See | 187 | See PATTERNS in |
190 | .Sx PATTERNS | ||
191 | in | ||
192 | .Xr ssh_config 5 | 188 | .Xr ssh_config 5 |
193 | for more information on patterns. | 189 | for more information on patterns. |
194 | .It Cm AuthenticationMethods | 190 | .It Cm AuthenticationMethods |
@@ -207,6 +203,20 @@ Only methods that are next in one or more lists are offered at each stage, | |||
207 | so for this example, it would not be possible to attempt password or | 203 | so for this example, it would not be possible to attempt password or |
208 | keyboard-interactive authentication before public key. | 204 | keyboard-interactive authentication before public key. |
209 | .Pp | 205 | .Pp |
206 | For keyboard interactive authentication it is also possible to | ||
207 | restrict authentication to a specific device by appending a | ||
208 | colon followed by the device identifier | ||
209 | .Dq bsdauth , | ||
210 | .Dq pam , | ||
211 | or | ||
212 | .Dq skey , | ||
213 | depending on the server configuration. | ||
214 | For example, | ||
215 | .Dq keyboard-interactive:bsdauth | ||
216 | would restrict keyboard interactive authentication to the | ||
217 | .Dq bsdauth | ||
218 | device. | ||
219 | .Pp | ||
210 | This option is only available for SSH protocol 2 and will yield a fatal | 220 | This option is only available for SSH protocol 2 and will yield a fatal |
211 | error if enabled if protocol 1 is also enabled. | 221 | error if enabled if protocol 1 is also enabled. |
212 | Note that each authentication method listed should also be explicitly enabled | 222 | Note that each authentication method listed should also be explicitly enabled |
@@ -215,11 +225,10 @@ The default is not to require multiple authentication; successful completion | |||
215 | of a single authentication method is sufficient. | 225 | of a single authentication method is sufficient. |
216 | .It Cm AuthorizedKeysCommand | 226 | .It Cm AuthorizedKeysCommand |
217 | Specifies a program to be used to look up the user's public keys. | 227 | Specifies a program to be used to look up the user's public keys. |
218 | The program will be invoked with a single argument of the username | 228 | The program must be owned by root and not writable by group or others. |
229 | It will be invoked with a single argument of the username | ||
219 | being authenticated, and should produce on standard output zero or | 230 | being authenticated, and should produce on standard output zero or |
220 | more lines of authorized_keys output (see | 231 | more lines of authorized_keys output (see AUTHORIZED_KEYS in |
221 | .Sx AUTHORIZED_KEYS | ||
222 | in | ||
223 | .Xr sshd 8 ) . | 232 | .Xr sshd 8 ) . |
224 | If a key supplied by AuthorizedKeysCommand does not successfully authenticate | 233 | If a key supplied by AuthorizedKeysCommand does not successfully authenticate |
225 | and authorize the user then public key authentication continues using the usual | 234 | and authorize the user then public key authentication continues using the usual |
@@ -234,7 +243,7 @@ than running authorized keys commands. | |||
234 | Specifies the file that contains the public keys that can be used | 243 | Specifies the file that contains the public keys that can be used |
235 | for user authentication. | 244 | for user authentication. |
236 | The format is described in the | 245 | The format is described in the |
237 | .Sx AUTHORIZED_KEYS FILE FORMAT | 246 | AUTHORIZED_KEYS FILE FORMAT |
238 | section of | 247 | section of |
239 | .Xr sshd 8 . | 248 | .Xr sshd 8 . |
240 | .Cm AuthorizedKeysFile | 249 | .Cm AuthorizedKeysFile |
@@ -258,9 +267,7 @@ When using certificates signed by a key listed in | |||
258 | this file lists names, one of which must appear in the certificate for it | 267 | this file lists names, one of which must appear in the certificate for it |
259 | to be accepted for authentication. | 268 | to be accepted for authentication. |
260 | Names are listed one per line preceded by key options (as described | 269 | Names are listed one per line preceded by key options (as described |
261 | in | 270 | in AUTHORIZED_KEYS FILE FORMAT in |
262 | .Sx AUTHORIZED_KEYS FILE FORMAT | ||
263 | in | ||
264 | .Xr sshd 8 ) . | 271 | .Xr sshd 8 ) . |
265 | Empty lines and comments starting with | 272 | Empty lines and comments starting with |
266 | .Ql # | 273 | .Ql # |
@@ -442,9 +449,7 @@ The allow/deny directives are processed in the following order: | |||
442 | and finally | 449 | and finally |
443 | .Cm AllowGroups . | 450 | .Cm AllowGroups . |
444 | .Pp | 451 | .Pp |
445 | See | 452 | See PATTERNS in |
446 | .Sx PATTERNS | ||
447 | in | ||
448 | .Xr ssh_config 5 | 453 | .Xr ssh_config 5 |
449 | for more information on patterns. | 454 | for more information on patterns. |
450 | .It Cm DenyUsers | 455 | .It Cm DenyUsers |
@@ -463,9 +468,7 @@ The allow/deny directives are processed in the following order: | |||
463 | and finally | 468 | and finally |
464 | .Cm AllowGroups . | 469 | .Cm AllowGroups . |
465 | .Pp | 470 | .Pp |
466 | See | 471 | See PATTERNS in |
467 | .Sx PATTERNS | ||
468 | in | ||
469 | .Xr ssh_config 5 | 472 | .Xr ssh_config 5 |
470 | for more information on patterns. | 473 | for more information on patterns. |
471 | .It Cm ForceCommand | 474 | .It Cm ForceCommand |
@@ -602,6 +605,18 @@ keys are used for version 1 and | |||
602 | or | 605 | or |
603 | .Dq rsa | 606 | .Dq rsa |
604 | are used for version 2 of the SSH protocol. | 607 | are used for version 2 of the SSH protocol. |
608 | It is also possible to specify public host key files instead. | ||
609 | In this case operations on the private key will be delegated | ||
610 | to an | ||
611 | .Xr ssh-agent 1 . | ||
612 | .It Cm HostKeyAgent | ||
613 | Identifies the UNIX-domain socket used to communicate | ||
614 | with an agent that has access to the private host keys. | ||
615 | If | ||
616 | .Dq SSH_AUTH_SOCK | ||
617 | is specified, the location of the socket will be read from the | ||
618 | .Ev SSH_AUTH_SOCK | ||
619 | environment variable. | ||
605 | .It Cm IgnoreRhosts | 620 | .It Cm IgnoreRhosts |
606 | Specifies that | 621 | Specifies that |
607 | .Pa .rhosts | 622 | .Pa .rhosts |
@@ -805,8 +820,7 @@ and | |||
805 | .Cm Address . | 820 | .Cm Address . |
806 | The match patterns may consist of single entries or comma-separated | 821 | The match patterns may consist of single entries or comma-separated |
807 | lists and may use the wildcard and negation operators described in the | 822 | lists and may use the wildcard and negation operators described in the |
808 | .Sx PATTERNS | 823 | PATTERNS section of |
809 | section of | ||
810 | .Xr ssh_config 5 . | 824 | .Xr ssh_config 5 . |
811 | .Pp | 825 | .Pp |
812 | The patterns in an | 826 | The patterns in an |
@@ -858,6 +872,7 @@ Available keywords are | |||
858 | .Cm PermitRootLogin , | 872 | .Cm PermitRootLogin , |
859 | .Cm PermitTunnel , | 873 | .Cm PermitTunnel , |
860 | .Cm PubkeyAuthentication , | 874 | .Cm PubkeyAuthentication , |
875 | .Cm RekeyLimit , | ||
861 | .Cm RhostsRSAAuthentication , | 876 | .Cm RhostsRSAAuthentication , |
862 | .Cm RSAAuthentication , | 877 | .Cm RSAAuthentication , |
863 | .Cm X11DisplayOffset , | 878 | .Cm X11DisplayOffset , |
@@ -1066,6 +1081,32 @@ Specifies whether public key authentication is allowed. | |||
1066 | The default is | 1081 | The default is |
1067 | .Dq yes . | 1082 | .Dq yes . |
1068 | Note that this option applies to protocol version 2 only. | 1083 | Note that this option applies to protocol version 2 only. |
1084 | .It Cm RekeyLimit | ||
1085 | Specifies the maximum amount of data that may be transmitted before the | ||
1086 | session key is renegotiated, optionally followed a maximum amount of | ||
1087 | time that may pass before the session key is renegotiated. | ||
1088 | The first argument is specified in bytes and may have a suffix of | ||
1089 | .Sq K , | ||
1090 | .Sq M , | ||
1091 | or | ||
1092 | .Sq G | ||
1093 | to indicate Kilobytes, Megabytes, or Gigabytes, respectively. | ||
1094 | The default is between | ||
1095 | .Sq 1G | ||
1096 | and | ||
1097 | .Sq 4G , | ||
1098 | depending on the cipher. | ||
1099 | The optional second value is specified in seconds and may use any of the | ||
1100 | units documented in the | ||
1101 | .Sx TIME FORMATS | ||
1102 | section. | ||
1103 | The default value for | ||
1104 | .Cm RekeyLimit | ||
1105 | is | ||
1106 | .Dq default none , | ||
1107 | which means that rekeying is performed after the cipher's default amount | ||
1108 | of data has been sent or received and no time based rekeying is done. | ||
1109 | This option applies to protocol version 2 only. | ||
1069 | .It Cm RevokedKeys | 1110 | .It Cm RevokedKeys |
1070 | Specifies revoked public keys. | 1111 | Specifies revoked public keys. |
1071 | Keys listed in this file will be refused for public key authentication. | 1112 | Keys listed in this file will be refused for public key authentication. |
@@ -1074,9 +1115,7 @@ be refused for all users. | |||
1074 | Keys may be specified as a text file, listing one public key per line, or as | 1115 | Keys may be specified as a text file, listing one public key per line, or as |
1075 | an OpenSSH Key Revocation List (KRL) as generated by | 1116 | an OpenSSH Key Revocation List (KRL) as generated by |
1076 | .Xr ssh-keygen 1 . | 1117 | .Xr ssh-keygen 1 . |
1077 | For more information on KRLs, see the | 1118 | For more information on KRLs, see the KEY REVOCATION LISTS section in |
1078 | .Sx KEY REVOCATION LISTS | ||
1079 | section in | ||
1080 | .Xr ssh-keygen 1 . | 1119 | .Xr ssh-keygen 1 . |
1081 | .It Cm RhostsRSAAuthentication | 1120 | .It Cm RhostsRSAAuthentication |
1082 | Specifies whether rhosts or /etc/hosts.equiv authentication together | 1121 | Specifies whether rhosts or /etc/hosts.equiv authentication together |
@@ -1168,9 +1207,7 @@ listed in the certificate's principals list. | |||
1168 | Note that certificates that lack a list of principals will not be permitted | 1207 | Note that certificates that lack a list of principals will not be permitted |
1169 | for authentication using | 1208 | for authentication using |
1170 | .Cm TrustedUserCAKeys . | 1209 | .Cm TrustedUserCAKeys . |
1171 | For more details on certificates, see the | 1210 | For more details on certificates, see the CERTIFICATES section in |
1172 | .Sx CERTIFICATES | ||
1173 | section in | ||
1174 | .Xr ssh-keygen 1 . | 1211 | .Xr ssh-keygen 1 . |
1175 | .It Cm UseDNS | 1212 | .It Cm UseDNS |
1176 | Specifies whether | 1213 | Specifies whether |
diff --git a/sshlogin.c b/sshlogin.c index 54629f747..2688d8d7b 100644 --- a/sshlogin.c +++ b/sshlogin.c | |||
@@ -97,7 +97,7 @@ store_lastlog_message(const char *user, uid_t uid) | |||
97 | time_string = sys_auth_get_lastlogin_msg(user, uid); | 97 | time_string = sys_auth_get_lastlogin_msg(user, uid); |
98 | if (time_string != NULL) { | 98 | if (time_string != NULL) { |
99 | buffer_append(&loginmsg, time_string, strlen(time_string)); | 99 | buffer_append(&loginmsg, time_string, strlen(time_string)); |
100 | xfree(time_string); | 100 | free(time_string); |
101 | } | 101 | } |
102 | # else | 102 | # else |
103 | last_login_time = get_last_login_time(uid, user, hostname, | 103 | last_login_time = get_last_login_time(uid, user, hostname, |
diff --git a/sshlogin.h b/sshlogin.h index 500d3fefd..52119a979 100644 --- a/sshlogin.h +++ b/sshlogin.h | |||
@@ -15,7 +15,7 @@ | |||
15 | void record_login(pid_t, const char *, const char *, uid_t, | 15 | void record_login(pid_t, const char *, const char *, uid_t, |
16 | const char *, struct sockaddr *, socklen_t); | 16 | const char *, struct sockaddr *, socklen_t); |
17 | void record_logout(pid_t, const char *, const char *); | 17 | void record_logout(pid_t, const char *, const char *); |
18 | time_t get_last_login_time(uid_t, const char *, char *, u_int); | 18 | time_t get_last_login_time(uid_t, const char *, char *, size_t); |
19 | 19 | ||
20 | #ifdef LOGIN_NEEDS_UTMPX | 20 | #ifdef LOGIN_NEEDS_UTMPX |
21 | void record_utmp_only(pid_t, const char *, const char *, const char *, | 21 | void record_utmp_only(pid_t, const char *, const char *, const char *, |
@@ -90,8 +90,7 @@ temporarily_use_uid(struct passwd *pw) | |||
90 | if (getgroups(saved_egroupslen, saved_egroups) < 0) | 90 | if (getgroups(saved_egroupslen, saved_egroups) < 0) |
91 | fatal("getgroups: %.100s", strerror(errno)); | 91 | fatal("getgroups: %.100s", strerror(errno)); |
92 | } else { /* saved_egroupslen == 0 */ | 92 | } else { /* saved_egroupslen == 0 */ |
93 | if (saved_egroups != NULL) | 93 | free(saved_egroups); |
94 | xfree(saved_egroups); | ||
95 | } | 94 | } |
96 | 95 | ||
97 | /* set and save the user's groups */ | 96 | /* set and save the user's groups */ |
@@ -109,8 +108,7 @@ temporarily_use_uid(struct passwd *pw) | |||
109 | if (getgroups(user_groupslen, user_groups) < 0) | 108 | if (getgroups(user_groupslen, user_groups) < 0) |
110 | fatal("getgroups: %.100s", strerror(errno)); | 109 | fatal("getgroups: %.100s", strerror(errno)); |
111 | } else { /* user_groupslen == 0 */ | 110 | } else { /* user_groupslen == 0 */ |
112 | if (user_groups) | 111 | free(user_groups); |
113 | xfree(user_groups); | ||
114 | } | 112 | } |
115 | } | 113 | } |
116 | /* Set the effective uid to the given (unprivileged) uid. */ | 114 | /* Set the effective uid to the given (unprivileged) uid. */ |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: umac.c,v 1.4 2011/10/19 10:39:48 djm Exp $ */ | 1 | /* $OpenBSD: umac.c,v 1.7 2013/07/22 05:00:17 djm Exp $ */ |
2 | /* ----------------------------------------------------------------------- | 2 | /* ----------------------------------------------------------------------- |
3 | * | 3 | * |
4 | * umac.c -- C Implementation UMAC Message Authentication | 4 | * umac.c -- C Implementation UMAC Message Authentication |
@@ -132,13 +132,13 @@ typedef unsigned int UWORD; /* Register */ | |||
132 | /* ---------------------------------------------------------------------- */ | 132 | /* ---------------------------------------------------------------------- */ |
133 | 133 | ||
134 | #if HAVE_SWAP32 | 134 | #if HAVE_SWAP32 |
135 | #define LOAD_UINT32_REVERSED(p) (swap32(*(UINT32 *)(p))) | 135 | #define LOAD_UINT32_REVERSED(p) (swap32(*(const UINT32 *)(p))) |
136 | #define STORE_UINT32_REVERSED(p,v) (*(UINT32 *)(p) = swap32(v)) | 136 | #define STORE_UINT32_REVERSED(p,v) (*(UINT32 *)(p) = swap32(v)) |
137 | #else /* HAVE_SWAP32 */ | 137 | #else /* HAVE_SWAP32 */ |
138 | 138 | ||
139 | static UINT32 LOAD_UINT32_REVERSED(void *ptr) | 139 | static UINT32 LOAD_UINT32_REVERSED(const void *ptr) |
140 | { | 140 | { |
141 | UINT32 temp = *(UINT32 *)ptr; | 141 | UINT32 temp = *(const UINT32 *)ptr; |
142 | temp = (temp >> 24) | ((temp & 0x00FF0000) >> 8 ) | 142 | temp = (temp >> 24) | ((temp & 0x00FF0000) >> 8 ) |
143 | | ((temp & 0x0000FF00) << 8 ) | (temp << 24); | 143 | | ((temp & 0x0000FF00) << 8 ) | (temp << 24); |
144 | return (UINT32)temp; | 144 | return (UINT32)temp; |
@@ -159,7 +159,7 @@ static void STORE_UINT32_REVERSED(void *ptr, UINT32 x) | |||
159 | */ | 159 | */ |
160 | 160 | ||
161 | #if (__LITTLE_ENDIAN__) | 161 | #if (__LITTLE_ENDIAN__) |
162 | #define LOAD_UINT32_LITTLE(ptr) (*(UINT32 *)(ptr)) | 162 | #define LOAD_UINT32_LITTLE(ptr) (*(const UINT32 *)(ptr)) |
163 | #define STORE_UINT32_BIG(ptr,x) STORE_UINT32_REVERSED(ptr,x) | 163 | #define STORE_UINT32_BIG(ptr,x) STORE_UINT32_REVERSED(ptr,x) |
164 | #else | 164 | #else |
165 | #define LOAD_UINT32_LITTLE(ptr) LOAD_UINT32_REVERSED(ptr) | 165 | #define LOAD_UINT32_LITTLE(ptr) LOAD_UINT32_REVERSED(ptr) |
@@ -184,7 +184,7 @@ typedef AES_KEY aes_int_key[1]; | |||
184 | #define aes_encryption(in,out,int_key) \ | 184 | #define aes_encryption(in,out,int_key) \ |
185 | AES_encrypt((u_char *)(in),(u_char *)(out),(AES_KEY *)int_key) | 185 | AES_encrypt((u_char *)(in),(u_char *)(out),(AES_KEY *)int_key) |
186 | #define aes_key_setup(key,int_key) \ | 186 | #define aes_key_setup(key,int_key) \ |
187 | AES_set_encrypt_key((u_char *)(key),UMAC_KEY_LEN*8,int_key) | 187 | AES_set_encrypt_key((const u_char *)(key),UMAC_KEY_LEN*8,int_key) |
188 | 188 | ||
189 | /* The user-supplied UMAC key is stretched using AES in a counter | 189 | /* The user-supplied UMAC key is stretched using AES in a counter |
190 | * mode to supply all random bits needed by UMAC. The kdf function takes | 190 | * mode to supply all random bits needed by UMAC. The kdf function takes |
@@ -240,7 +240,7 @@ static void pdf_init(pdf_ctx *pc, aes_int_key prf_key) | |||
240 | aes_encryption(pc->nonce, pc->cache, pc->prf_key); | 240 | aes_encryption(pc->nonce, pc->cache, pc->prf_key); |
241 | } | 241 | } |
242 | 242 | ||
243 | static void pdf_gen_xor(pdf_ctx *pc, UINT8 nonce[8], UINT8 buf[8]) | 243 | static void pdf_gen_xor(pdf_ctx *pc, const UINT8 nonce[8], UINT8 buf[8]) |
244 | { | 244 | { |
245 | /* 'ndx' indicates that we'll be using the 0th or 1st eight bytes | 245 | /* 'ndx' indicates that we'll be using the 0th or 1st eight bytes |
246 | * of the AES output. If last time around we returned the ndx-1st | 246 | * of the AES output. If last time around we returned the ndx-1st |
@@ -254,19 +254,21 @@ static void pdf_gen_xor(pdf_ctx *pc, UINT8 nonce[8], UINT8 buf[8]) | |||
254 | #elif (UMAC_OUTPUT_LEN > 8) | 254 | #elif (UMAC_OUTPUT_LEN > 8) |
255 | #define LOW_BIT_MASK 0 | 255 | #define LOW_BIT_MASK 0 |
256 | #endif | 256 | #endif |
257 | 257 | union { | |
258 | UINT8 tmp_nonce_lo[4]; | 258 | UINT8 tmp_nonce_lo[4]; |
259 | UINT32 align; | ||
260 | } t; | ||
259 | #if LOW_BIT_MASK != 0 | 261 | #if LOW_BIT_MASK != 0 |
260 | int ndx = nonce[7] & LOW_BIT_MASK; | 262 | int ndx = nonce[7] & LOW_BIT_MASK; |
261 | #endif | 263 | #endif |
262 | *(UINT32 *)tmp_nonce_lo = ((UINT32 *)nonce)[1]; | 264 | *(UINT32 *)t.tmp_nonce_lo = ((const UINT32 *)nonce)[1]; |
263 | tmp_nonce_lo[3] &= ~LOW_BIT_MASK; /* zero last bit */ | 265 | t.tmp_nonce_lo[3] &= ~LOW_BIT_MASK; /* zero last bit */ |
264 | 266 | ||
265 | if ( (((UINT32 *)tmp_nonce_lo)[0] != ((UINT32 *)pc->nonce)[1]) || | 267 | if ( (((UINT32 *)t.tmp_nonce_lo)[0] != ((UINT32 *)pc->nonce)[1]) || |
266 | (((UINT32 *)nonce)[0] != ((UINT32 *)pc->nonce)[0]) ) | 268 | (((const UINT32 *)nonce)[0] != ((UINT32 *)pc->nonce)[0]) ) |
267 | { | 269 | { |
268 | ((UINT32 *)pc->nonce)[0] = ((UINT32 *)nonce)[0]; | 270 | ((UINT32 *)pc->nonce)[0] = ((const UINT32 *)nonce)[0]; |
269 | ((UINT32 *)pc->nonce)[1] = ((UINT32 *)tmp_nonce_lo)[0]; | 271 | ((UINT32 *)pc->nonce)[1] = ((UINT32 *)t.tmp_nonce_lo)[0]; |
270 | aes_encryption(pc->nonce, pc->cache, pc->prf_key); | 272 | aes_encryption(pc->nonce, pc->cache, pc->prf_key); |
271 | } | 273 | } |
272 | 274 | ||
@@ -333,7 +335,7 @@ typedef struct { | |||
333 | 335 | ||
334 | #if (UMAC_OUTPUT_LEN == 4) | 336 | #if (UMAC_OUTPUT_LEN == 4) |
335 | 337 | ||
336 | static void nh_aux(void *kp, void *dp, void *hp, UINT32 dlen) | 338 | static void nh_aux(void *kp, const void *dp, void *hp, UINT32 dlen) |
337 | /* NH hashing primitive. Previous (partial) hash result is loaded and | 339 | /* NH hashing primitive. Previous (partial) hash result is loaded and |
338 | * then stored via hp pointer. The length of the data pointed at by "dp", | 340 | * then stored via hp pointer. The length of the data pointed at by "dp", |
339 | * "dlen", is guaranteed to be divisible by L1_PAD_BOUNDARY (32). Key | 341 | * "dlen", is guaranteed to be divisible by L1_PAD_BOUNDARY (32). Key |
@@ -343,7 +345,7 @@ static void nh_aux(void *kp, void *dp, void *hp, UINT32 dlen) | |||
343 | UINT64 h; | 345 | UINT64 h; |
344 | UWORD c = dlen / 32; | 346 | UWORD c = dlen / 32; |
345 | UINT32 *k = (UINT32 *)kp; | 347 | UINT32 *k = (UINT32 *)kp; |
346 | UINT32 *d = (UINT32 *)dp; | 348 | const UINT32 *d = (const UINT32 *)dp; |
347 | UINT32 d0,d1,d2,d3,d4,d5,d6,d7; | 349 | UINT32 d0,d1,d2,d3,d4,d5,d6,d7; |
348 | UINT32 k0,k1,k2,k3,k4,k5,k6,k7; | 350 | UINT32 k0,k1,k2,k3,k4,k5,k6,k7; |
349 | 351 | ||
@@ -368,7 +370,7 @@ static void nh_aux(void *kp, void *dp, void *hp, UINT32 dlen) | |||
368 | 370 | ||
369 | #elif (UMAC_OUTPUT_LEN == 8) | 371 | #elif (UMAC_OUTPUT_LEN == 8) |
370 | 372 | ||
371 | static void nh_aux(void *kp, void *dp, void *hp, UINT32 dlen) | 373 | static void nh_aux(void *kp, const void *dp, void *hp, UINT32 dlen) |
372 | /* Same as previous nh_aux, but two streams are handled in one pass, | 374 | /* Same as previous nh_aux, but two streams are handled in one pass, |
373 | * reading and writing 16 bytes of hash-state per call. | 375 | * reading and writing 16 bytes of hash-state per call. |
374 | */ | 376 | */ |
@@ -376,7 +378,7 @@ static void nh_aux(void *kp, void *dp, void *hp, UINT32 dlen) | |||
376 | UINT64 h1,h2; | 378 | UINT64 h1,h2; |
377 | UWORD c = dlen / 32; | 379 | UWORD c = dlen / 32; |
378 | UINT32 *k = (UINT32 *)kp; | 380 | UINT32 *k = (UINT32 *)kp; |
379 | UINT32 *d = (UINT32 *)dp; | 381 | const UINT32 *d = (const UINT32 *)dp; |
380 | UINT32 d0,d1,d2,d3,d4,d5,d6,d7; | 382 | UINT32 d0,d1,d2,d3,d4,d5,d6,d7; |
381 | UINT32 k0,k1,k2,k3,k4,k5,k6,k7, | 383 | UINT32 k0,k1,k2,k3,k4,k5,k6,k7, |
382 | k8,k9,k10,k11; | 384 | k8,k9,k10,k11; |
@@ -415,7 +417,7 @@ static void nh_aux(void *kp, void *dp, void *hp, UINT32 dlen) | |||
415 | 417 | ||
416 | #elif (UMAC_OUTPUT_LEN == 12) | 418 | #elif (UMAC_OUTPUT_LEN == 12) |
417 | 419 | ||
418 | static void nh_aux(void *kp, void *dp, void *hp, UINT32 dlen) | 420 | static void nh_aux(void *kp, const void *dp, void *hp, UINT32 dlen) |
419 | /* Same as previous nh_aux, but two streams are handled in one pass, | 421 | /* Same as previous nh_aux, but two streams are handled in one pass, |
420 | * reading and writing 24 bytes of hash-state per call. | 422 | * reading and writing 24 bytes of hash-state per call. |
421 | */ | 423 | */ |
@@ -423,7 +425,7 @@ static void nh_aux(void *kp, void *dp, void *hp, UINT32 dlen) | |||
423 | UINT64 h1,h2,h3; | 425 | UINT64 h1,h2,h3; |
424 | UWORD c = dlen / 32; | 426 | UWORD c = dlen / 32; |
425 | UINT32 *k = (UINT32 *)kp; | 427 | UINT32 *k = (UINT32 *)kp; |
426 | UINT32 *d = (UINT32 *)dp; | 428 | const UINT32 *d = (const UINT32 *)dp; |
427 | UINT32 d0,d1,d2,d3,d4,d5,d6,d7; | 429 | UINT32 d0,d1,d2,d3,d4,d5,d6,d7; |
428 | UINT32 k0,k1,k2,k3,k4,k5,k6,k7, | 430 | UINT32 k0,k1,k2,k3,k4,k5,k6,k7, |
429 | k8,k9,k10,k11,k12,k13,k14,k15; | 431 | k8,k9,k10,k11,k12,k13,k14,k15; |
@@ -470,7 +472,7 @@ static void nh_aux(void *kp, void *dp, void *hp, UINT32 dlen) | |||
470 | 472 | ||
471 | #elif (UMAC_OUTPUT_LEN == 16) | 473 | #elif (UMAC_OUTPUT_LEN == 16) |
472 | 474 | ||
473 | static void nh_aux(void *kp, void *dp, void *hp, UINT32 dlen) | 475 | static void nh_aux(void *kp, const void *dp, void *hp, UINT32 dlen) |
474 | /* Same as previous nh_aux, but two streams are handled in one pass, | 476 | /* Same as previous nh_aux, but two streams are handled in one pass, |
475 | * reading and writing 24 bytes of hash-state per call. | 477 | * reading and writing 24 bytes of hash-state per call. |
476 | */ | 478 | */ |
@@ -478,7 +480,7 @@ static void nh_aux(void *kp, void *dp, void *hp, UINT32 dlen) | |||
478 | UINT64 h1,h2,h3,h4; | 480 | UINT64 h1,h2,h3,h4; |
479 | UWORD c = dlen / 32; | 481 | UWORD c = dlen / 32; |
480 | UINT32 *k = (UINT32 *)kp; | 482 | UINT32 *k = (UINT32 *)kp; |
481 | UINT32 *d = (UINT32 *)dp; | 483 | const UINT32 *d = (const UINT32 *)dp; |
482 | UINT32 d0,d1,d2,d3,d4,d5,d6,d7; | 484 | UINT32 d0,d1,d2,d3,d4,d5,d6,d7; |
483 | UINT32 k0,k1,k2,k3,k4,k5,k6,k7, | 485 | UINT32 k0,k1,k2,k3,k4,k5,k6,k7, |
484 | k8,k9,k10,k11,k12,k13,k14,k15, | 486 | k8,k9,k10,k11,k12,k13,k14,k15, |
@@ -539,7 +541,7 @@ static void nh_aux(void *kp, void *dp, void *hp, UINT32 dlen) | |||
539 | 541 | ||
540 | /* ---------------------------------------------------------------------- */ | 542 | /* ---------------------------------------------------------------------- */ |
541 | 543 | ||
542 | static void nh_transform(nh_ctx *hc, UINT8 *buf, UINT32 nbytes) | 544 | static void nh_transform(nh_ctx *hc, const UINT8 *buf, UINT32 nbytes) |
543 | /* This function is a wrapper for the primitive NH hash functions. It takes | 545 | /* This function is a wrapper for the primitive NH hash functions. It takes |
544 | * as argument "hc" the current hash context and a buffer which must be a | 546 | * as argument "hc" the current hash context and a buffer which must be a |
545 | * multiple of L1_PAD_BOUNDARY. The key passed to nh_aux is offset | 547 | * multiple of L1_PAD_BOUNDARY. The key passed to nh_aux is offset |
@@ -614,7 +616,7 @@ static void nh_init(nh_ctx *hc, aes_int_key prf_key) | |||
614 | 616 | ||
615 | /* ---------------------------------------------------------------------- */ | 617 | /* ---------------------------------------------------------------------- */ |
616 | 618 | ||
617 | static void nh_update(nh_ctx *hc, UINT8 *buf, UINT32 nbytes) | 619 | static void nh_update(nh_ctx *hc, const UINT8 *buf, UINT32 nbytes) |
618 | /* Incorporate nbytes of data into a nh_ctx, buffer whatever is not an */ | 620 | /* Incorporate nbytes of data into a nh_ctx, buffer whatever is not an */ |
619 | /* even multiple of HASH_BUF_BYTES. */ | 621 | /* even multiple of HASH_BUF_BYTES. */ |
620 | { | 622 | { |
@@ -709,7 +711,7 @@ static void nh_final(nh_ctx *hc, UINT8 *result) | |||
709 | 711 | ||
710 | /* ---------------------------------------------------------------------- */ | 712 | /* ---------------------------------------------------------------------- */ |
711 | 713 | ||
712 | static void nh(nh_ctx *hc, UINT8 *buf, UINT32 padded_len, | 714 | static void nh(nh_ctx *hc, const UINT8 *buf, UINT32 padded_len, |
713 | UINT32 unpadded_len, UINT8 *result) | 715 | UINT32 unpadded_len, UINT8 *result) |
714 | /* All-in-one nh_update() and nh_final() equivalent. | 716 | /* All-in-one nh_update() and nh_final() equivalent. |
715 | * Assumes that padded_len is divisible by L1_PAD_BOUNDARY and result is | 717 | * Assumes that padded_len is divisible by L1_PAD_BOUNDARY and result is |
@@ -1047,7 +1049,7 @@ static int uhash_free(uhash_ctx_t ctx) | |||
1047 | #endif | 1049 | #endif |
1048 | /* ---------------------------------------------------------------------- */ | 1050 | /* ---------------------------------------------------------------------- */ |
1049 | 1051 | ||
1050 | static int uhash_update(uhash_ctx_t ctx, u_char *input, long len) | 1052 | static int uhash_update(uhash_ctx_t ctx, const u_char *input, long len) |
1051 | /* Given len bytes of data, we parse it into L1_KEY_LEN chunks and | 1053 | /* Given len bytes of data, we parse it into L1_KEY_LEN chunks and |
1052 | * hash each one with NH, calling the polyhash on each NH output. | 1054 | * hash each one with NH, calling the polyhash on each NH output. |
1053 | */ | 1055 | */ |
@@ -1057,7 +1059,7 @@ static int uhash_update(uhash_ctx_t ctx, u_char *input, long len) | |||
1057 | UINT8 *nh_result = (UINT8 *)&result_buf; | 1059 | UINT8 *nh_result = (UINT8 *)&result_buf; |
1058 | 1060 | ||
1059 | if (ctx->msg_len + len <= L1_KEY_LEN) { | 1061 | if (ctx->msg_len + len <= L1_KEY_LEN) { |
1060 | nh_update(&ctx->hash, (UINT8 *)input, len); | 1062 | nh_update(&ctx->hash, (const UINT8 *)input, len); |
1061 | ctx->msg_len += len; | 1063 | ctx->msg_len += len; |
1062 | } else { | 1064 | } else { |
1063 | 1065 | ||
@@ -1072,7 +1074,7 @@ static int uhash_update(uhash_ctx_t ctx, u_char *input, long len) | |||
1072 | /* bytes to complete the current nh_block. */ | 1074 | /* bytes to complete the current nh_block. */ |
1073 | if (bytes_hashed) { | 1075 | if (bytes_hashed) { |
1074 | bytes_remaining = (L1_KEY_LEN - bytes_hashed); | 1076 | bytes_remaining = (L1_KEY_LEN - bytes_hashed); |
1075 | nh_update(&ctx->hash, (UINT8 *)input, bytes_remaining); | 1077 | nh_update(&ctx->hash, (const UINT8 *)input, bytes_remaining); |
1076 | nh_final(&ctx->hash, nh_result); | 1078 | nh_final(&ctx->hash, nh_result); |
1077 | ctx->msg_len += bytes_remaining; | 1079 | ctx->msg_len += bytes_remaining; |
1078 | poly_hash(ctx,(UINT32 *)nh_result); | 1080 | poly_hash(ctx,(UINT32 *)nh_result); |
@@ -1082,7 +1084,7 @@ static int uhash_update(uhash_ctx_t ctx, u_char *input, long len) | |||
1082 | 1084 | ||
1083 | /* Hash directly from input stream if enough bytes */ | 1085 | /* Hash directly from input stream if enough bytes */ |
1084 | while (len >= L1_KEY_LEN) { | 1086 | while (len >= L1_KEY_LEN) { |
1085 | nh(&ctx->hash, (UINT8 *)input, L1_KEY_LEN, | 1087 | nh(&ctx->hash, (const UINT8 *)input, L1_KEY_LEN, |
1086 | L1_KEY_LEN, nh_result); | 1088 | L1_KEY_LEN, nh_result); |
1087 | ctx->msg_len += L1_KEY_LEN; | 1089 | ctx->msg_len += L1_KEY_LEN; |
1088 | len -= L1_KEY_LEN; | 1090 | len -= L1_KEY_LEN; |
@@ -1093,7 +1095,7 @@ static int uhash_update(uhash_ctx_t ctx, u_char *input, long len) | |||
1093 | 1095 | ||
1094 | /* pass remaining < L1_KEY_LEN bytes of input data to NH */ | 1096 | /* pass remaining < L1_KEY_LEN bytes of input data to NH */ |
1095 | if (len) { | 1097 | if (len) { |
1096 | nh_update(&ctx->hash, (UINT8 *)input, len); | 1098 | nh_update(&ctx->hash, (const UINT8 *)input, len); |
1097 | ctx->msg_len += len; | 1099 | ctx->msg_len += len; |
1098 | } | 1100 | } |
1099 | } | 1101 | } |
@@ -1209,14 +1211,14 @@ int umac_delete(struct umac_ctx *ctx) | |||
1209 | if (ctx) { | 1211 | if (ctx) { |
1210 | if (ALLOC_BOUNDARY) | 1212 | if (ALLOC_BOUNDARY) |
1211 | ctx = (struct umac_ctx *)ctx->free_ptr; | 1213 | ctx = (struct umac_ctx *)ctx->free_ptr; |
1212 | xfree(ctx); | 1214 | free(ctx); |
1213 | } | 1215 | } |
1214 | return (1); | 1216 | return (1); |
1215 | } | 1217 | } |
1216 | 1218 | ||
1217 | /* ---------------------------------------------------------------------- */ | 1219 | /* ---------------------------------------------------------------------- */ |
1218 | 1220 | ||
1219 | struct umac_ctx *umac_new(u_char key[]) | 1221 | struct umac_ctx *umac_new(const u_char key[]) |
1220 | /* Dynamically allocate a umac_ctx struct, initialize variables, | 1222 | /* Dynamically allocate a umac_ctx struct, initialize variables, |
1221 | * generate subkeys from key. Align to 16-byte boundary. | 1223 | * generate subkeys from key. Align to 16-byte boundary. |
1222 | */ | 1224 | */ |
@@ -1233,7 +1235,7 @@ struct umac_ctx *umac_new(u_char key[]) | |||
1233 | ctx = (struct umac_ctx *)((u_char *)ctx + bytes_to_add); | 1235 | ctx = (struct umac_ctx *)((u_char *)ctx + bytes_to_add); |
1234 | } | 1236 | } |
1235 | ctx->free_ptr = octx; | 1237 | ctx->free_ptr = octx; |
1236 | aes_key_setup(key,prf_key); | 1238 | aes_key_setup(key, prf_key); |
1237 | pdf_init(&ctx->pdf, prf_key); | 1239 | pdf_init(&ctx->pdf, prf_key); |
1238 | uhash_init(&ctx->hash, prf_key); | 1240 | uhash_init(&ctx->hash, prf_key); |
1239 | } | 1241 | } |
@@ -1243,18 +1245,18 @@ struct umac_ctx *umac_new(u_char key[]) | |||
1243 | 1245 | ||
1244 | /* ---------------------------------------------------------------------- */ | 1246 | /* ---------------------------------------------------------------------- */ |
1245 | 1247 | ||
1246 | int umac_final(struct umac_ctx *ctx, u_char tag[], u_char nonce[8]) | 1248 | int umac_final(struct umac_ctx *ctx, u_char tag[], const u_char nonce[8]) |
1247 | /* Incorporate any pending data, pad, and generate tag */ | 1249 | /* Incorporate any pending data, pad, and generate tag */ |
1248 | { | 1250 | { |
1249 | uhash_final(&ctx->hash, (u_char *)tag); | 1251 | uhash_final(&ctx->hash, (u_char *)tag); |
1250 | pdf_gen_xor(&ctx->pdf, (UINT8 *)nonce, (UINT8 *)tag); | 1252 | pdf_gen_xor(&ctx->pdf, (const UINT8 *)nonce, (UINT8 *)tag); |
1251 | 1253 | ||
1252 | return (1); | 1254 | return (1); |
1253 | } | 1255 | } |
1254 | 1256 | ||
1255 | /* ---------------------------------------------------------------------- */ | 1257 | /* ---------------------------------------------------------------------- */ |
1256 | 1258 | ||
1257 | int umac_update(struct umac_ctx *ctx, u_char *input, long len) | 1259 | int umac_update(struct umac_ctx *ctx, const u_char *input, long len) |
1258 | /* Given len bytes of data, we parse it into L1_KEY_LEN chunks and */ | 1260 | /* Given len bytes of data, we parse it into L1_KEY_LEN chunks and */ |
1259 | /* hash each one, calling the PDF on the hashed output whenever the hash- */ | 1261 | /* hash each one, calling the PDF on the hashed output whenever the hash- */ |
1260 | /* output buffer is full. */ | 1262 | /* output buffer is full. */ |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: umac.h,v 1.2 2012/10/04 13:21:50 markus Exp $ */ | 1 | /* $OpenBSD: umac.h,v 1.3 2013/07/22 12:20:02 djm Exp $ */ |
2 | /* ----------------------------------------------------------------------- | 2 | /* ----------------------------------------------------------------------- |
3 | * | 3 | * |
4 | * umac.h -- C Implementation UMAC Message Authentication | 4 | * umac.h -- C Implementation UMAC Message Authentication |
@@ -52,7 +52,7 @@ | |||
52 | extern "C" { | 52 | extern "C" { |
53 | #endif | 53 | #endif |
54 | 54 | ||
55 | struct umac_ctx *umac_new(u_char key[]); | 55 | struct umac_ctx *umac_new(const u_char key[]); |
56 | /* Dynamically allocate a umac_ctx struct, initialize variables, | 56 | /* Dynamically allocate a umac_ctx struct, initialize variables, |
57 | * generate subkeys from key. | 57 | * generate subkeys from key. |
58 | */ | 58 | */ |
@@ -62,10 +62,10 @@ int umac_reset(struct umac_ctx *ctx); | |||
62 | /* Reset a umac_ctx to begin authenicating a new message */ | 62 | /* Reset a umac_ctx to begin authenicating a new message */ |
63 | #endif | 63 | #endif |
64 | 64 | ||
65 | int umac_update(struct umac_ctx *ctx, u_char *input, long len); | 65 | int umac_update(struct umac_ctx *ctx, const u_char *input, long len); |
66 | /* Incorporate len bytes pointed to by input into context ctx */ | 66 | /* Incorporate len bytes pointed to by input into context ctx */ |
67 | 67 | ||
68 | int umac_final(struct umac_ctx *ctx, u_char tag[], u_char nonce[8]); | 68 | int umac_final(struct umac_ctx *ctx, u_char tag[], const u_char nonce[8]); |
69 | /* Incorporate any pending data and the ctr value, and return tag. | 69 | /* Incorporate any pending data and the ctr value, and return tag. |
70 | * This function returns error code if ctr < 0. | 70 | * This function returns error code if ctr < 0. |
71 | */ | 71 | */ |
@@ -117,9 +117,9 @@ int uhash(uhash_ctx_t ctx, | |||
117 | #endif | 117 | #endif |
118 | 118 | ||
119 | /* matching umac-128 API, we reuse umac_ctx, since it's opaque */ | 119 | /* matching umac-128 API, we reuse umac_ctx, since it's opaque */ |
120 | struct umac_ctx *umac128_new(u_char key[]); | 120 | struct umac_ctx *umac128_new(const u_char key[]); |
121 | int umac128_update(struct umac_ctx *ctx, u_char *input, long len); | 121 | int umac128_update(struct umac_ctx *ctx, const u_char *input, long len); |
122 | int umac128_final(struct umac_ctx *ctx, u_char tag[], u_char nonce[8]); | 122 | int umac128_final(struct umac_ctx *ctx, u_char tag[], const u_char nonce[8]); |
123 | int umac128_delete(struct umac_ctx *ctx); | 123 | int umac128_delete(struct umac_ctx *ctx); |
124 | 124 | ||
125 | #ifdef __cplusplus | 125 | #ifdef __cplusplus |
diff --git a/uuencode.c b/uuencode.c index 09d80d2fc..294c74304 100644 --- a/uuencode.c +++ b/uuencode.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: uuencode.c,v 1.26 2010/08/31 11:54:45 djm Exp $ */ | 1 | /* $OpenBSD: uuencode.c,v 1.27 2013/05/17 00:13:14 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -29,6 +29,7 @@ | |||
29 | #include <netinet/in.h> | 29 | #include <netinet/in.h> |
30 | #include <resolv.h> | 30 | #include <resolv.h> |
31 | #include <stdio.h> | 31 | #include <stdio.h> |
32 | #include <stdlib.h> | ||
32 | 33 | ||
33 | #include "xmalloc.h" | 34 | #include "xmalloc.h" |
34 | #include "uuencode.h" | 35 | #include "uuencode.h" |
@@ -67,7 +68,7 @@ uudecode(const char *src, u_char *target, size_t targsize) | |||
67 | /* and remove trailing whitespace because __b64_pton needs this */ | 68 | /* and remove trailing whitespace because __b64_pton needs this */ |
68 | *p = '\0'; | 69 | *p = '\0'; |
69 | len = __b64_pton(encoded, target, targsize); | 70 | len = __b64_pton(encoded, target, targsize); |
70 | xfree(encoded); | 71 | free(encoded); |
71 | return len; | 72 | return len; |
72 | } | 73 | } |
73 | 74 | ||
@@ -90,5 +91,5 @@ dump_base64(FILE *fp, const u_char *data, u_int len) | |||
90 | } | 91 | } |
91 | if (i % 70 != 69) | 92 | if (i % 70 != 69) |
92 | fprintf(fp, "\n"); | 93 | fprintf(fp, "\n"); |
93 | xfree(buf); | 94 | free(buf); |
94 | } | 95 | } |
@@ -1,8 +1,8 @@ | |||
1 | /* $OpenBSD: version.h,v 1.66 2013/02/10 21:19:34 markus Exp $ */ | 1 | /* $OpenBSD: version.h,v 1.67 2013/07/25 00:57:37 djm Exp $ */ |
2 | 2 | ||
3 | #define SSH_VERSION "OpenSSH_6.2" | 3 | #define SSH_VERSION "OpenSSH_6.3" |
4 | 4 | ||
5 | #define SSH_PORTABLE "p2" | 5 | #define SSH_PORTABLE "p1" |
6 | #define SSH_RELEASE_MINIMUM SSH_VERSION SSH_PORTABLE | 6 | #define SSH_RELEASE_MINIMUM SSH_VERSION SSH_PORTABLE |
7 | #ifdef SSH_EXTRAVERSION | 7 | #ifdef SSH_EXTRAVERSION |
8 | #define SSH_RELEASE SSH_RELEASE_MINIMUM " " SSH_EXTRAVERSION | 8 | #define SSH_RELEASE SSH_RELEASE_MINIMUM " " SSH_EXTRAVERSION |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: xmalloc.c,v 1.27 2006/08/03 03:34:42 deraadt Exp $ */ | 1 | /* $OpenBSD: xmalloc.c,v 1.28 2013/05/17 00:13:14 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -73,14 +73,6 @@ xrealloc(void *ptr, size_t nmemb, size_t size) | |||
73 | return new_ptr; | 73 | return new_ptr; |
74 | } | 74 | } |
75 | 75 | ||
76 | void | ||
77 | xfree(void *ptr) | ||
78 | { | ||
79 | if (ptr == NULL) | ||
80 | fatal("xfree: NULL pointer given as argument"); | ||
81 | free(ptr); | ||
82 | } | ||
83 | |||
84 | char * | 76 | char * |
85 | xstrdup(const char *str) | 77 | xstrdup(const char *str) |
86 | { | 78 | { |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: xmalloc.h,v 1.13 2006/08/03 03:34:42 deraadt Exp $ */ | 1 | /* $OpenBSD: xmalloc.h,v 1.14 2013/05/17 00:13:14 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
@@ -19,7 +19,6 @@ | |||
19 | void *xmalloc(size_t); | 19 | void *xmalloc(size_t); |
20 | void *xcalloc(size_t, size_t); | 20 | void *xcalloc(size_t, size_t); |
21 | void *xrealloc(void *, size_t, size_t); | 21 | void *xrealloc(void *, size_t, size_t); |
22 | void xfree(void *); | ||
23 | char *xstrdup(const char *); | 22 | char *xstrdup(const char *); |
24 | int xasprintf(char **, const char *, ...) | 23 | int xasprintf(char **, const char *, ...) |
25 | __attribute__((__format__ (printf, 2, 3))) | 24 | __attribute__((__format__ (printf, 2, 3))) |