diff options
-rw-r--r-- | ChangeLog | 608 | ||||
-rw-r--r-- | ChangeLog.linux | 20 | ||||
-rw-r--r-- | Makefile.GNU | 50 | ||||
-rw-r--r-- | Makefile.in | 73 | ||||
-rw-r--r-- | Makefile.inc | 11 | ||||
-rw-r--r-- | README.openssh | 4 | ||||
-rw-r--r-- | acconfig.h | 7 | ||||
-rw-r--r-- | auth-rsa.c | 9 | ||||
-rw-r--r-- | authfd.c | 8 | ||||
-rw-r--r-- | authfile.c | 9 | ||||
-rw-r--r-- | bufaux.c | 10 | ||||
-rw-r--r-- | cipher.c | 8 | ||||
-rw-r--r-- | cipher.h | 10 | ||||
-rw-r--r-- | config.h.in | 139 | ||||
-rw-r--r-- | configure.in | 54 | ||||
-rw-r--r-- | mpaux.c | 12 | ||||
-rw-r--r-- | packet.h | 8 | ||||
-rw-r--r-- | rsa.h | 10 | ||||
-rw-r--r-- | ssh-agent.c | 8 | ||||
-rw-r--r-- | ssh.c | 3 | ||||
-rw-r--r-- | ssh.h | 16 | ||||
-rw-r--r-- | sshconnect.c | 12 |
22 files changed, 413 insertions, 676 deletions
@@ -1,578 +1,30 @@ | |||
1 | Fri Nov 17 16:19:20 1995 Tatu Ylonen <ylo@trance.olari.clinet.fi> | 1 | 19991028 |
2 | 2 | - Further PAM enhancements. | |
3 | * Released 1.2.12. | 3 | - Much cleaner |
4 | 4 | - Now uses account and session modules for all logins. | |
5 | * channels.c: Commented out debugging messages about output draining. | 5 | - Integrated patch from Dan Brosemer <odin@linuxfreak.com> |
6 | 6 | - Build fixes | |
7 | * Added file OVERVIEW to give some idea about the structure of the | 7 | - Autoconf |
8 | ssh software. | 8 | - Change binary names to open* |
9 | 9 | - Fixed autoconf script to detect PAM on RH6.1 | |
10 | Thu Nov 16 16:40:17 1995 Tatu Ylonen <ylo@trance.olari.clinet.fi> | 10 | - Added tests for libpwdb, and OpenBSD functions to autoconf |
11 | 11 | 19991027 | |
12 | * canohost.c (get_remote_hostname): Don't ever return NULL (causes | 12 | - Adapted PAM patch. |
13 | segmentation violation). | 13 | - Released 1.0pre2 |
14 | 14 | ||
15 | * sshconnect.c: Host ip address printed incorrectly with -v. | 15 | - Excised my buggy replacements for strlcpy and mkdtemp |
16 | 16 | - Imported correct OpenBSD strlcpy and mkdtemp routines. | |
17 | * Implemented SSH_TTY environment variable. | 17 | - Reduced arc4random_stir entropy read to 32 bytes (256 bits) |
18 | 18 | - Picked up correct version number from OpenBSD | |
19 | Wed Nov 15 01:47:40 1995 Tatu Ylonen <ylo@trance.olari.clinet.fi> | 19 | - Added sshd.pam PAM configuration file |
20 | 20 | - Added sshd.init Redhat init script | |
21 | * Implemented server and client option KeepAlive to specify | 21 | - Added openssh.spec RPM spec file |
22 | whether to set SO_KEEPALIVE. Both default to "yes"; to disable | 22 | - Released 1.2pre3 |
23 | keepalives, set the value to "no" in both the server and the | 23 | |
24 | client configuration files. Updated manual pages. | 24 | 19991026 |
25 | 25 | - Fixed include paths of OpenSSL functions | |
26 | * sshd.c: Fixed Solaris utmp problem: wrong pid stored in utmp | 26 | - Use OpenSSL MD5 routines |
27 | (patch from Petri Virkkula <argon@bat.cs.hut.fi>). | 27 | - Imported RC4 code from nanocrypt |
28 | 28 | - Wrote replacements for OpenBSD arc4random* functions | |
29 | * login.c (record_logout): Fixed removing user from utmp on BSD | 29 | - Wrote replacements for strlcpy and mkdtemp |
30 | (with HAVE_LIBUTIL_LOGIN). | 30 | - Released 1.0pre1 |
31 | |||
32 | * Added cleanup functions to be called from fatal(). Arranged for | ||
33 | utmp to be cleaned if sshd terminates by calling fatal (e.g., | ||
34 | after dropping connection). Eliminated separate client-side | ||
35 | fatal() functions and moved fatal() to log-client.c. Made all | ||
36 | cleanups, including channel_stop_listening() and packet_close() | ||
37 | be called using this mechanism. | ||
38 | |||
39 | Thu Nov 9 09:58:05 1995 Tatu Ylonen <ylo@soikko.cs.hut.fi> | ||
40 | |||
41 | * sshd.c: Permit immediate login with empty password only if | ||
42 | password authentication is allowed. | ||
43 | |||
44 | Wed Nov 8 00:43:55 1995 Tatu Ylonen <ylo@soikko.cs.hut.fi> | ||
45 | |||
46 | * Eliminated unix-domain X11 forwarding. Inet-domain forwarding is | ||
47 | now the only supported form. Renamed server option | ||
48 | X11InetForwarding to X11Forwarding, and eliminated | ||
49 | X11UnixForwarding. Updated documentation. Updated RFC (marked | ||
50 | the SSH_CMSG_X11_REQUEST_FORWARDING message (code 26) as | ||
51 | obsolete, and removed all references to it). Increased protocol | ||
52 | version number to 1.3. | ||
53 | |||
54 | * scp.c (main): Added -B (BatchMode). Updated manual page. | ||
55 | |||
56 | * Cleaned up and updated all manual pages. | ||
57 | |||
58 | * clientloop.c: Added new escape sequences ~# (lists forwarded | ||
59 | connections), ~& (background ssh when waiting for forwarded | ||
60 | connections to terminate), ~? (list available escapes). | ||
61 | Polished the output of the connection listing. Updated | ||
62 | documentation. | ||
63 | |||
64 | * uidswap.c: If _POSIX_SAVED_IDS is defined, don't change the real | ||
65 | uid. Assume that _POSIX_SAVED_IDS also applies to seteuid. | ||
66 | This may solve problems with tcp_wrappers (libwrap) showing | ||
67 | connections as coming from root. | ||
68 | |||
69 | Tue Nov 7 20:28:57 1995 Tatu Ylonen <ylo@soikko.cs.hut.fi> | ||
70 | |||
71 | * Added RandomSeed server configuration option. The argument | ||
72 | specifies the location of the random seed file. Updated | ||
73 | documentation. | ||
74 | |||
75 | * Locate perl5 in configure. Generate make-ssh-known-hosts (with | ||
76 | the correct path for perl5) in Makefile.in, and install it with | ||
77 | the other programs. Updated manual page. | ||
78 | |||
79 | * sshd.c (main): Added a call to umask to set the umask to a | ||
80 | reasonable value. | ||
81 | |||
82 | * compress.c (buffer_compress): Fixed to follow the zlib | ||
83 | documentation (which is slightly confusing). | ||
84 | |||
85 | * INSTALL: Added information about Linux libc.so.4 problem. | ||
86 | |||
87 | Mon Nov 6 15:42:36 1995 Tatu Ylonen <ylo@soikko.cs.hut.fi> | ||
88 | |||
89 | * (Actually autoconf fix) Installed patch to AC_ARG_PROGRAM. | ||
90 | |||
91 | * sshd.c, sshd.8.in: Renamed $HOME/.environment -> | ||
92 | $HOME/.ssh/environment. | ||
93 | |||
94 | * configure.in: Disable shadow password checking on convex. | ||
95 | Convex has /etc/shadow, but sets pw_passwd automatically if | ||
96 | running as root. | ||
97 | |||
98 | * Eliminated HAVE_ETC_MASTER_PASSWD (NetBSD, FreeBSD); the | ||
99 | pw_passwd field is automatically filled if running as root. | ||
100 | Put explicit code in configure.in to prevent shadow password | ||
101 | checking on FreeBSD and NetBSD. | ||
102 | |||
103 | * serverloop.c (signchld_handler): Don't print error if wait | ||
104 | returns -1. | ||
105 | |||
106 | * Makefile.in (install): Fixed modes of data files. | ||
107 | |||
108 | * Makefile.in (install): Make links for slogin.1. | ||
109 | |||
110 | * make-ssh-known-hosts: Merged a patch from melo@ci.uminho.pt to | ||
111 | fix the ping command. | ||
112 | |||
113 | Fri Nov 3 16:25:28 1995 Tatu Ylonen <ylo@soikko.cs.hut.fi> | ||
114 | |||
115 | * ssh.1.in: Added more information about X11 forwarding. | ||
116 | |||
117 | Thu Nov 2 18:42:13 1995 Tatu Ylonen <ylo@soikko.cs.hut.fi> | ||
118 | |||
119 | * Changes to use O_NONBLOCK_BROKEN consistently. | ||
120 | |||
121 | * pty.c (pty_make_controlling_tty): Use setpgid instead of | ||
122 | setsid() on Ultrix. | ||
123 | |||
124 | * includes.h: Removed redundant #undefs for Ultrix and Sony News; | ||
125 | these are already handled in configure.in. | ||
126 | |||
127 | Tue Oct 31 13:31:28 1995 Tatu Ylonen <ylo@soikko.cs.hut.fi> | ||
128 | |||
129 | * configure.in: Define SSH_WTMP to /var/adm/wtmp is wtmp not found. | ||
130 | |||
131 | * configure.in: Disable vhangup on Ultrix. I am told this fixes | ||
132 | the server problems. | ||
133 | |||
134 | Sat Oct 28 14:22:05 1995 Tatu Ylonen <ylo@soikko.cs.hut.fi> | ||
135 | |||
136 | * sshconnect.c: Fixed a bug in connecting to a multi-homed host. | ||
137 | Restructured the connecting code to never try to use the same | ||
138 | socket a second time after a failed connection. | ||
139 | |||
140 | * Makefile.in: Added explicit -m option to install, and umask 022 | ||
141 | when creating directories and the host key. | ||
142 | |||
143 | Fri Oct 27 01:05:10 1995 Tatu Ylonen <ylo@soikko.cs.hut.fi> | ||
144 | |||
145 | * Makefile.in: Added cleaning of $(ZLIBDIR) to clean and distclean. | ||
146 | |||
147 | * login.c (get_last_login_time): Fixed a typo (define -> defined). | ||
148 | |||
149 | Thu Oct 26 01:28:07 1995 Tatu Ylonen <ylo@soikko.cs.hut.fi> | ||
150 | |||
151 | * configure.in: Moved testing for ANSI C compiler after the host | ||
152 | specific code (problems on HPUX). | ||
153 | |||
154 | * Minor fixes to /etc/default/login stuff from Bryan O'Sullivan. | ||
155 | |||
156 | * Fixed .SH NAME sections in manual pages. | ||
157 | |||
158 | * compress.c: Trying to fix a mysterious bug in the compression | ||
159 | glue. | ||
160 | |||
161 | * ssh-1.2.11. | ||
162 | |||
163 | * scp.c: disable agent forwarding when running ssh from scp. | ||
164 | |||
165 | * Added compression of plaintext packets using the gzip library | ||
166 | (zlib). Client configuration options Compression and | ||
167 | CompressionLevel (1-9 as in gzip). New ssh and scp option -C | ||
168 | (to enable compression). Updated RFC. | ||
169 | |||
170 | Wed Oct 25 05:11:55 1995 Tatu Ylonen <ylo@soikko.cs.hut.fi> | ||
171 | |||
172 | * Implemented ProxyCommand stuff based on patches from Bryan | ||
173 | O'Sullivan <bos@serpentine.com>. | ||
174 | |||
175 | * Merged BSD login/logout/lastlog patches from Mark Treacy | ||
176 | <mark@labtam.oz.au>. | ||
177 | |||
178 | * sshd.c: Added chdir("/"). | ||
179 | |||
180 | Tue Oct 24 00:29:01 1995 Tatu Ylonen <ylo@soikko.cs.hut.fi> | ||
181 | |||
182 | * Merged RSA environment= patches from Felix Leitner | ||
183 | <leitner@prz.tu-berlin.de> with some changes. | ||
184 | |||
185 | * sshd.c: Made the packet code use two separate descriptors for | ||
186 | the connection (one for input, the other for output). This will | ||
187 | make future extensions easier (e.g., non-socket transports, etc.). | ||
188 | sshd -i now uses both stdin and stdout separately. | ||
189 | |||
190 | Mon Oct 23 21:29:28 1995 Tatu Ylonen <ylo@soikko.cs.hut.fi> | ||
191 | |||
192 | * sshd.c: Merged execle -> execve patches from Mark Martinec | ||
193 | <Mark.Martinec@nsc.ijs.si>. This may help with execle bugs on | ||
194 | Convex (environment not getting passed properly). This might | ||
195 | also solve similar problems on Sonys; please test! | ||
196 | |||
197 | * Removed all compatibility code for protocol version 1.0. | ||
198 | THIS MEANS THAT WE ARE NO LONGER COMPATIBLE WITH SSH VERSIONS | ||
199 | PRIOR TO 1.1.0. | ||
200 | |||
201 | * randoms.c (random_acquire_light_environmental_noise): If | ||
202 | /dev/random is available, read up to 32 bytes (256 bits) from | ||
203 | there in non-blocking mode, and mix the new random bytes into | ||
204 | the pool. | ||
205 | |||
206 | * Added client configuration option StrictHostKeyChecking | ||
207 | (disabled by default). If this is enabled, the client will not | ||
208 | automatically add new host keys to $HOME/.ssh/known_hosts; | ||
209 | instead the connection will be refused if the host key is not | ||
210 | known. Similarly, if the host key has changed, the connection | ||
211 | will be refused instead if just issuing a warning. This | ||
212 | provides additional security against man-in-the-middle/trojan | ||
213 | horse attacks (especially in scripts where there is no-one to | ||
214 | see the warnings), but may be quite inconvenient in everyday | ||
215 | interactive use unless /etc/ssh_known_hosts is very complete, | ||
216 | because new host keys must now be added manually. | ||
217 | |||
218 | * sshconnect.c (ssh_connect): Use the user's uid when creating the | ||
219 | socket and connecting it. I am hoping that this might help with | ||
220 | tcp_wrappers showing the remote user as root. | ||
221 | |||
222 | * ssh.c: Try inet-domain X11 forwarding regardless of whether we | ||
223 | can get local authorization information. If we don't, we just | ||
224 | come up with fake information; the forwarding code will anyway | ||
225 | generate its own fake information and validate that the client | ||
226 | knows that information. It will then substitute our fake | ||
227 | information for that, but that info should get ignored by the | ||
228 | server if it doesn't support it. | ||
229 | |||
230 | * Added option BatchMode to disable password/passphrase querying | ||
231 | in scripts. | ||
232 | |||
233 | * auth-rh-rsa.c: Changed to use uid-swapping when reading | ||
234 | .ssh/known_hosts. | ||
235 | |||
236 | * sshd.8.in (command): Improved documentation of file permissions | ||
237 | on the manual pages. | ||
238 | |||
239 | Thu Oct 19 21:05:51 1995 Tatu Ylonen <ylo@soikko.cs.hut.fi> | ||
240 | |||
241 | * ssh-add.c (add_file): Fixed a bug causing ssh to sometimes refer | ||
242 | to freed memory (comment -> saved_comment). | ||
243 | |||
244 | * log-server.c: Added a prefix to debug/warning/error/fatal | ||
245 | messages describing message types. Syslog does not include that | ||
246 | information automatically. | ||
247 | |||
248 | Sun Oct 8 01:56:01 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi> | ||
249 | |||
250 | * Merged /etc/default/login and MAIL environment variable changes | ||
251 | from Bryan O'Sullivan <bos@serpentine.com>. | ||
252 | - mail spool file location | ||
253 | - process /etc/default/login | ||
254 | - add HAVE_ETC_DEFAULT_LOGIN | ||
255 | - new function child_get_env and read_etc_default_login (sshd.c) | ||
256 | |||
257 | * ssh-add.c (add_file): Fixed asking for passphrase. | ||
258 | |||
259 | * Makefile.in: Fixed installing configure-generated man pages when | ||
260 | compiling in a separate object directory. | ||
261 | |||
262 | * sshd.c (main): Moved RSA key generation until after allocating | ||
263 | the port number. (Actually, the code got duplicated because we | ||
264 | never listen when run from inetd.) | ||
265 | |||
266 | * ssh.c: Fixed a problem that caused scp to hang when called with | ||
267 | stdin closed. | ||
268 | |||
269 | Sat Oct 7 03:08:06 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi> | ||
270 | |||
271 | * Added server config option StrictModes. It specifies whether to | ||
272 | check ownership and modes of home directory and .rhosts files. | ||
273 | |||
274 | * ssh.c: If ssh is renamed/linked to a host name, connect to that | ||
275 | host. | ||
276 | |||
277 | * serverloop.c, clientloop.c: Ignore EAGAIN reported on read from | ||
278 | connection. Solaris has a kernel bug which causes select() to | ||
279 | sometimes wake up even though there is no data available. | ||
280 | |||
281 | * Display all open connections when printing the "Waiting for | ||
282 | forwarded connections to terminate" message. | ||
283 | |||
284 | * sshd.c, readconf.c: Added X11InetForwarding and | ||
285 | X11UnixForwarding server config options. | ||
286 | |||
287 | Thu Oct 5 17:41:16 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi> | ||
288 | |||
289 | * Some more SCO fixes. | ||
290 | |||
291 | Tue Oct 3 01:04:34 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi> | ||
292 | |||
293 | * Fixes and cleanups in README, INSTALL, COPYING. | ||
294 | |||
295 | Mon Oct 2 03:36:08 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi> | ||
296 | |||
297 | * ssh-add.c (add_file): Fixed a bug in ssh-add (xfree: NULL ...). | ||
298 | |||
299 | * Removed .BR from ".SH NAME" in man pages. | ||
300 | |||
301 | Sun Oct 1 04:16:07 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi> | ||
302 | |||
303 | * ssh-1.2.10. | ||
304 | |||
305 | * configure.in: When checking that the compiler works, check that | ||
306 | it understands ANSI C prototypes. | ||
307 | |||
308 | * Made uidswap error message a debug() to avoid confusing errors | ||
309 | on AIX (AIX geteuid is brain-damaged and fails even for root). | ||
310 | |||
311 | * Fixed an error in sshd.8 (FacistLogging -> FascistLogging). | ||
312 | |||
313 | * Fixed distribution in Makefile.in (missing manual page .in files). | ||
314 | |||
315 | Sat Sep 30 17:38:46 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi> | ||
316 | |||
317 | * auth-rhosts.c: Fixed serious security problem in | ||
318 | /etc/hosts.equiv authentication. | ||
319 | |||
320 | Fri Sep 29 00:41:02 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi> | ||
321 | |||
322 | * Include machine/endian.h on Paragon. | ||
323 | |||
324 | * ssh-add.c (add_file): Made ssh-add keep asking for the | ||
325 | passphrase until the user just types return or cancels. | ||
326 | Make the dialog display the comment of the key. | ||
327 | |||
328 | * Read use shosts.equiv in addition to /etc/hosts.equiv. | ||
329 | |||
330 | * sshd.8 is now sshd.8.in and is processed by configure to | ||
331 | substitute the proper paths for various files. Ditto for ssh.1. | ||
332 | Ditto for make-ssh-known-hosts.1. | ||
333 | |||
334 | * configure.in: Moved /etc/sshd_pid to PIDDIR/sshd.pid. PIDDIR | ||
335 | will be /var/run if it exists, and ETCDIR otherwise. | ||
336 | |||
337 | Thu Sep 28 21:52:42 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi> | ||
338 | |||
339 | * On Ultrix, check if sys/syslog.h needs to be included in | ||
340 | addition to syslog.h. | ||
341 | |||
342 | * make-ssh-known-hosts.pl: Merged Kivinen's fixes for HPUX. | ||
343 | |||
344 | * configure.in: Put -lwrap, -lsocks, etc. at the head of LIBS. | ||
345 | |||
346 | * Fixed case-insensitivity in auth-rhosts.c. | ||
347 | |||
348 | * Added missing socketpair.c to EXTRA_SRCS (needed on SCO), plus | ||
349 | other SCO fixes. | ||
350 | |||
351 | * Makefile.in: Fixed missing install_prefixes. | ||
352 | |||
353 | Wed Sep 27 03:57:00 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi> | ||
354 | |||
355 | * ssh-1.2.9. | ||
356 | |||
357 | * Added SOCKS support. | ||
358 | |||
359 | * Fixed default setting of IgnoreRhosts option. | ||
360 | |||
361 | * Pass the magic cookie to xauth in stdin instead of command line; | ||
362 | the command line is visible in ps. | ||
363 | |||
364 | * Added processing $HOME/.ssh/rc and /etc/sshrc. | ||
365 | |||
366 | * Added a section to sshd.8 on what happens at login time. | ||
367 | |||
368 | Tue Sep 26 01:27:40 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi> | ||
369 | |||
370 | * Don't define speed_t on SunOS 4.1.1; it conflicts with system | ||
371 | headers. | ||
372 | |||
373 | * Added support for .hushlogin. | ||
374 | |||
375 | * Added --with-etcdir. | ||
376 | |||
377 | * Read $HOME/.environment after /etc/environment. | ||
378 | |||
379 | Mon Sep 25 03:26:06 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi> | ||
380 | |||
381 | * Merged patches for SCO Unix (from Michael Henits). | ||
382 | |||
383 | Sun Sep 24 22:28:02 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi> | ||
384 | |||
385 | * Added ssh option ConnectionAttempts. | ||
386 | |||
387 | Sat Sep 23 12:30:15 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi> | ||
388 | |||
389 | * sshd.c: Don't print last login time and /etc/motd if a command | ||
390 | has been specified (with ssh -t host command). | ||
391 | |||
392 | * Added support for passing the screen number in X11 forwarding. | ||
393 | It is implemented as a compatible protocol extension, signalled | ||
394 | by SSH_PROTOFLAG_SCREEN_NUMBER by the child. | ||
395 | |||
396 | * clientloop.c: Fixed bugs in the order in which things were | ||
397 | processed. This may solve problems with some data not getting | ||
398 | sent to the server as soon as possible (probably solves the TCP | ||
399 | forwarding delayed close problem). Also, it looked like window | ||
400 | changes might not get transmitted as early as possible in some | ||
401 | cases. | ||
402 | |||
403 | * clientloop.c: Changed to detect window size change that | ||
404 | happened while ssh was suspended. | ||
405 | |||
406 | * ssh.c: Moved the do_session function (client main loop) to | ||
407 | clientloop.c. Divided it into smaller functions. General cleanup. | ||
408 | |||
409 | * ssh-1.2.8 | ||
410 | |||
411 | Fri Sep 22 22:07:46 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi> | ||
412 | |||
413 | * sshconnect.c (ssh_login): Made ssh_login take the options | ||
414 | structure as argument, instead of the individual arguments. | ||
415 | |||
416 | * auth-rhosts.c (check_rhosts_file): Added support for netgroups. | ||
417 | |||
418 | * auth-rhosts.c (check_rhosts_file): Added support for negated | ||
419 | entries. | ||
420 | |||
421 | Thu Sep 21 00:07:56 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi> | ||
422 | |||
423 | * auth-rhosts.c: Restructured rhosts authentication code. | ||
424 | Hosts.equiv now has same format as .rhosts: user names are allowed. | ||
425 | |||
426 | * Added support for the Intel Paragon. | ||
427 | |||
428 | * sshd.c: Don't use X11 forwarding with spoofing if no xauth | ||
429 | program. Changed configure.in to not define XAUTH_PATH if | ||
430 | there is no xauth program. | ||
431 | |||
432 | * ssh-1.2.7 | ||
433 | |||
434 | * sshd.c: Rewrote the code to build the environment. Now also reads | ||
435 | /etc/environment. | ||
436 | |||
437 | * sshd.c: Fixed problems in libwrap code. --with-libwrap now | ||
438 | takes optional library name/path. | ||
439 | |||
440 | * ssh-1.2.6 | ||
441 | |||
442 | * Define USE_PIPES by default. | ||
443 | |||
444 | * Added support for Univel Unixware and MachTen. | ||
445 | |||
446 | * Added IgnoreRhosts server option. | ||
447 | |||
448 | * Added USE_STRLEN_FOR_AF_UNIX; it is needed at least on MachTen. | ||
449 | |||
450 | Wed Sep 20 02:41:02 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi> | ||
451 | |||
452 | * sshd.c (do_child): don't call packet_close when /etc/nologin, | ||
453 | because packet_close does shutdown, and the message does not get | ||
454 | sent. | ||
455 | |||
456 | * pty.c (pty_allocate): Push ttcompat streams module. | ||
457 | |||
458 | * randoms.c (random_acquire_light_environmental_noise): Don't use | ||
459 | the second argument to gettimeofday as it is not supported on | ||
460 | all systems. | ||
461 | |||
462 | * login.c (record_login): Added NULL second argument to gettimeofday. | ||
463 | |||
464 | Tue Sep 19 13:25:48 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi> | ||
465 | |||
466 | * fixed pclose wait() in sshd key regeneration (now only collects | ||
467 | easily available noise). | ||
468 | |||
469 | * configure.in: test for bsdi before bsd*. | ||
470 | |||
471 | * ssh.c: Don't print "Connection closed" if -q. | ||
472 | |||
473 | Wed Sep 13 04:19:52 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi> | ||
474 | |||
475 | * Released ssh-1.2.5. | ||
476 | |||
477 | * Hopefully fixed "Waiting for forwarded connections to terminate" | ||
478 | message. | ||
479 | |||
480 | * randoms.c, md5.c: Large modifications to make these work on Cray | ||
481 | (which has no 32 bit integer type). | ||
482 | |||
483 | * Fixed a problem with forwarded connection closes not being | ||
484 | reported immediately. | ||
485 | |||
486 | * ssh.c: fixed rhosts authentication (broken by uid-swapping). | ||
487 | |||
488 | * scp.c: Don't use -l if server user not specified (it made | ||
489 | setting User in the configuration file not work). | ||
490 | |||
491 | * configure.in: don't use -pipe on BSDI. | ||
492 | |||
493 | * randoms.c: Major modifications to make it work without 32 bit | ||
494 | integers (e.g. Cray). | ||
495 | |||
496 | * md5.c: Major modifications to make it work without 32 bit | ||
497 | integers (e.g. Cray). | ||
498 | |||
499 | * Eliminated HPSUX_BROKEN_PTYS. The code is now enabled by | ||
500 | default on all systems. | ||
501 | |||
502 | Mon Sep 11 00:53:12 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi> | ||
503 | |||
504 | * sshd.c: don't include sshd pathname in log messages. | ||
505 | |||
506 | * Added libwrap stuff (includes support for identd). | ||
507 | |||
508 | * Added OSF/1 C2 extended security stuff. | ||
509 | |||
510 | * Fixed interactions between getuid() and uid-swap stuff. | ||
511 | |||
512 | Sun Sep 10 00:29:27 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi> | ||
513 | |||
514 | * serverloop.c: Don't send stdout data to client until after a few | ||
515 | milliseconds if there is very little data. This is because some | ||
516 | systems give data from pty one character at a time, which would | ||
517 | multiply data size by about 16. | ||
518 | |||
519 | * serverloop.c: Moved server do_session to a separate file and | ||
520 | renamed it server_loop. Split it into several functions and | ||
521 | partially rewrote it. Fixed "cat /etc/termcap | ssh foo cat" hangup. | ||
522 | |||
523 | * Screwed up something while checking stuff in under cvs. No harm, | ||
524 | but bogus log entries... | ||
525 | |||
526 | Sat Sep 9 02:24:51 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi> | ||
527 | |||
528 | * minfd.c (_get_permanent_fd): Use SHELL environment variable. | ||
529 | |||
530 | * channels.c (x11_create_display_inet): Created | ||
531 | HPSUX_NONSTANDARD_X11_KLUDGE; it causes DISPLAY to contain the | ||
532 | IP address of the host instead of the name, because HPSUX uses | ||
533 | some magic shared memory communication for local connections. | ||
534 | |||
535 | * Changed SIGHUP processing in server; it should now work multiple | ||
536 | times. | ||
537 | |||
538 | * Added length limits in many debug/log/error/fatal calls just in | ||
539 | case. | ||
540 | |||
541 | * login.c (get_last_login_time): Fixed location of lastlog. | ||
542 | |||
543 | * Rewrote all uid-swapping code. New files uidswap.h, uidswap.c. | ||
544 | |||
545 | * Fixed several security problems involving chmod and chgrp (race | ||
546 | conditions). Added warnings about dubious modes for /tmp/.X11-unix. | ||
547 | |||
548 | Fri Sep 8 20:03:36 1995 Tatu Ylonen <ylo@shadows.cs.hut.fi> | ||
549 | |||
550 | * Changed readconf.c to never display anything from the config | ||
551 | file. This should now be prevented otherwise, but let's play safe. | ||
552 | |||
553 | * log-server.c: Use %.500s in syslog() just to be sure (they | ||
554 | should already be shorter than 1024 though). | ||
555 | |||
556 | * sshd.c: Moved setuid in child a little earlier (just to be | ||
557 | conservative, there was no security problem that I could detect). | ||
558 | |||
559 | * README, INSTALL: Added info about mailing list and WWW page. | ||
560 | |||
561 | * sshd.c: Added code to use SIGCHLD and wait zombies immediately. | ||
562 | |||
563 | * Merged patch to set ut_addr in utmp. | ||
564 | |||
565 | * Created ChangeLog and added it to Makefile.in. | ||
566 | |||
567 | * Use read_passphrase instead of getpass(). | ||
568 | |||
569 | * Added SSH_FALLBACK_CIPHER. Fixed a bug in default cipher | ||
570 | selection (IDEA used to be selected even if not supported by the | ||
571 | server). | ||
572 | |||
573 | * Use no encryption for key files if empty passphrase. | ||
574 | |||
575 | * Added section about --without-idea in INSTALL. | ||
576 | |||
577 | * Version 1.2.0 was released a couple of days ago. | ||
578 | |||
diff --git a/ChangeLog.linux b/ChangeLog.linux deleted file mode 100644 index a28e577ac..000000000 --- a/ChangeLog.linux +++ /dev/null | |||
@@ -1,20 +0,0 @@ | |||
1 | 19991027 | ||
2 | - Adapted PAM patch. | ||
3 | - Released 1.0pre2 | ||
4 | |||
5 | - Excised my buggy replacements for strlcpy and mkdtemp | ||
6 | - Imported correct OpenBSD strlcpy and mkdtemp routines. | ||
7 | - Reduced arc4random_stir entropy read to 32 bytes (256 bits) | ||
8 | - Picked up correct version number from OpenBSD | ||
9 | - Added sshd.pam PAM configuration file | ||
10 | - Added sshd.init Redhat init script | ||
11 | - Added openssh.spec RPM spec file | ||
12 | - Released 1.2pre3 | ||
13 | |||
14 | 19991026 | ||
15 | - Fixed include paths of OpenSSL functions | ||
16 | - Use OpenSSL MD5 routines | ||
17 | - Imported RC4 code from nanocrypt | ||
18 | - Wrote replacements for OpenBSD arc4random* functions | ||
19 | - Wrote replacements for strlcpy and mkdtemp | ||
20 | - Released 1.0pre1 | ||
diff --git a/Makefile.GNU b/Makefile.GNU deleted file mode 100644 index 097199527..000000000 --- a/Makefile.GNU +++ /dev/null | |||
@@ -1,50 +0,0 @@ | |||
1 | OPT_FLAGS=-g | ||
2 | CFLAGS=$(OPT_FLAGS) -Wall -DETCDIR=\"/etc/ssh\" -DHAVE_PAM -DHAVE_PWDB | ||
3 | TARGETS=bin/libssh.a bin/ssh bin/sshd bin/ssh-add bin/ssh-keygen bin/ssh-agent bin/scp | ||
4 | LFLAGS=-L./bin | ||
5 | LIBS=-lssh -lcrypto -lz -lutil -lpwdb -lpam -ldl | ||
6 | AR=ar | ||
7 | RANLIB=ranlib | ||
8 | |||
9 | OBJS= authfd.o authfile.o auth-passwd.o auth-rhosts.o auth-rh-rsa.o \ | ||
10 | auth-rsa.o bufaux.o buffer.o canohost.o channels.o cipher.o \ | ||
11 | clientloop.o compress.o crc32.o deattack.o hostfile.o \ | ||
12 | log-client.o login.o log-server.o match.o mpaux.o packet.o pty.o \ | ||
13 | readconf.o readpass.o rsa.o servconf.o serverloop.o \ | ||
14 | sshconnect.o tildexpand.o ttymodes.o uidswap.o xmalloc.o \ | ||
15 | helper.o mktemp.o strlcpy.o rc4.o | ||
16 | |||
17 | all: $(OBJS) $(TARGETS) | ||
18 | |||
19 | bin/libssh.a: authfd.o authfile.o bufaux.o buffer.o canohost.o channels.o cipher.o compat.o compress.o crc32.o deattack.o hostfile.o match.o mpaux.o nchan.o packet.o readpass.o rsa.o tildexpand.o ttymodes.o uidswap.o xmalloc.o helper.o rc4.o mktemp.o strlcpy.o | ||
20 | [ -d bin ] || mkdir bin | ||
21 | $(AR) rv $@ $^ | ||
22 | $(RANLIB) $@ | ||
23 | |||
24 | bin/ssh: ssh.o sshconnect.o log-client.o readconf.o clientloop.o | ||
25 | [ -d bin ] || mkdir bin | ||
26 | $(CC) -o $@ $^ $(LFLAGS) $(LIBS) | ||
27 | |||
28 | bin/sshd: sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o pty.o log-server.o login.o servconf.o serverloop.o | ||
29 | [ -d bin ] || mkdir bin | ||
30 | $(CC) -o $@ $^ $(LFLAGS) $(LIBS) | ||
31 | |||
32 | bin/scp: scp.o | ||
33 | [ -d bin ] || mkdir bin | ||
34 | $(CC) -o $@ $^ $(LFLAGS) $(LIBS) | ||
35 | |||
36 | bin/ssh-add: ssh-add.o log-client.o | ||
37 | [ -d bin ] || mkdir bin | ||
38 | $(CC) -o $@ $^ $(LFLAGS) $(LIBS) | ||
39 | |||
40 | bin/ssh-agent: ssh-agent.o log-client.o | ||
41 | [ -d bin ] || mkdir bin | ||
42 | $(CC) -o $@ $^ $(LFLAGS) $(LIBS) | ||
43 | |||
44 | bin/ssh-keygen: ssh-keygen.o log-client.o | ||
45 | [ -d bin ] || mkdir bin | ||
46 | $(CC) -o $@ $^ $(LFLAGS) $(LIBS) | ||
47 | |||
48 | clean: | ||
49 | rm -f *.o core bin/* | ||
50 | |||
diff --git a/Makefile.in b/Makefile.in new file mode 100644 index 000000000..8e1d2f1a1 --- /dev/null +++ b/Makefile.in | |||
@@ -0,0 +1,73 @@ | |||
1 | prefix=@prefix@ | ||
2 | exec_prefix=@exec_prefix@ | ||
3 | bindir=@bindir@ | ||
4 | sbindir=@sbindir@ | ||
5 | libdir=@libdir@ | ||
6 | |||
7 | CC=@CC@ | ||
8 | CFLAGS=-g -Wall -DETCDIR=\"/etc/ssh\" @DEFS@ | ||
9 | TARGETS=bin/libopenssh.a bin/openssh bin/opensshd bin/openssh-add bin/openssh-keygen bin/openssh-agent bin/openscp | ||
10 | LFLAGS=-L./bin | ||
11 | LIBS=-lopenssh @LIBS@ | ||
12 | AR=@AR@ | ||
13 | RANLIB=@RANLIB@ | ||
14 | |||
15 | OBJS= authfd.o authfile.o auth-passwd.o auth-rhosts.o auth-rh-rsa.o \ | ||
16 | auth-rsa.o bufaux.o buffer.o canohost.o channels.o cipher.o \ | ||
17 | clientloop.o compress.o crc32.o deattack.o helper.o hostfile.o \ | ||
18 | log-client.o login.o log-server.o match.o mpaux.o packet.o pty.o \ | ||
19 | readconf.o readpass.o rsa.o servconf.o serverloop.o \ | ||
20 | sshconnect.o tildexpand.o ttymodes.o uidswap.o xmalloc.o \ | ||
21 | helper.o mktemp.o strlcpy.o rc4.o | ||
22 | |||
23 | all: $(OBJS) $(TARGETS) | ||
24 | |||
25 | bin/libopenssh.a: authfd.o authfile.o bufaux.o buffer.o canohost.o channels.o cipher.o compat.o compress.o crc32.o deattack.o hostfile.o match.o mpaux.o nchan.o packet.o readpass.o rsa.o tildexpand.o ttymodes.o uidswap.o xmalloc.o helper.o rc4.o mktemp.o strlcpy.o | ||
26 | [ -d bin ] || mkdir bin | ||
27 | $(AR) rv $@ $^ | ||
28 | $(RANLIB) $@ | ||
29 | |||
30 | bin/openssh: ssh.o sshconnect.o log-client.o readconf.o clientloop.o | ||
31 | [ -d bin ] || mkdir bin | ||
32 | $(CC) -o $@ $^ $(LFLAGS) $(LIBS) | ||
33 | |||
34 | bin/opensshd: sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o pty.o log-server.o login.o servconf.o serverloop.o | ||
35 | [ -d bin ] || mkdir bin | ||
36 | $(CC) -o $@ $^ $(LFLAGS) $(LIBS) | ||
37 | |||
38 | bin/openscp: scp.o | ||
39 | [ -d bin ] || mkdir bin | ||
40 | $(CC) -o $@ $^ $(LFLAGS) $(LIBS) | ||
41 | |||
42 | bin/openssh-add: ssh-add.o log-client.o | ||
43 | [ -d bin ] || mkdir bin | ||
44 | $(CC) -o $@ $^ $(LFLAGS) $(LIBS) | ||
45 | |||
46 | bin/openssh-agent: ssh-agent.o log-client.o | ||
47 | [ -d bin ] || mkdir bin | ||
48 | $(CC) -o $@ $^ $(LFLAGS) $(LIBS) | ||
49 | |||
50 | bin/openssh-keygen: ssh-keygen.o log-client.o | ||
51 | [ -d bin ] || mkdir bin | ||
52 | $(CC) -o $@ $^ $(LFLAGS) $(LIBS) | ||
53 | |||
54 | clean: | ||
55 | rm -f *.o core bin/* config.status config.cache config.log | ||
56 | |||
57 | install: | ||
58 | install -d $(bindir) | ||
59 | install -d $(sbindir) | ||
60 | install -d $(libdir) | ||
61 | install -c bin/openssh $(bindir)/openssh | ||
62 | install -c bin/openscp $(bindir)/openscp | ||
63 | install -c bin/openssh-add $(bindir)/openssh-add | ||
64 | install -c bin/openssh-agent $(bindir)/openssh-agent | ||
65 | install -c bin/openssh-keygen $(bindir)/openssh-keygen | ||
66 | install -c bin/opensshd $(sbindir)/opensshd | ||
67 | install -c bin/libopenssh.a $(libdir)/libopenssh.a | ||
68 | |||
69 | distclean: clean | ||
70 | rm -f Makefile config.h *~ | ||
71 | rm -rf bin | ||
72 | |||
73 | mrproper: distclean | ||
diff --git a/Makefile.inc b/Makefile.inc deleted file mode 100644 index fddf3da2f..000000000 --- a/Makefile.inc +++ /dev/null | |||
@@ -1,11 +0,0 @@ | |||
1 | CFLAGS+= -I${.CURDIR}/.. | ||
2 | |||
3 | .include <bsd.obj.mk> | ||
4 | |||
5 | .if exists(${.CURDIR}/../lib/${__objdir}) | ||
6 | LDADD+= -L${.CURDIR}/../lib/${__objdir} -lssh | ||
7 | DPADD+= ${.CURDIR}/../lib/${__objdir}/libssh.a | ||
8 | .else | ||
9 | LDADD+= -L${.CURDIR}/../lib -lssh | ||
10 | DPADD+= ${.CURDIR}/../lib/libssh.a | ||
11 | .endif | ||
diff --git a/README.openssh b/README.openssh index 02cb3c603..b5c9b5d99 100644 --- a/README.openssh +++ b/README.openssh | |||
@@ -33,8 +33,8 @@ The OpenBSD team | |||
33 | Miscellania - | 33 | Miscellania - |
34 | 34 | ||
35 | This version of SSH is based upon code retrieved from the OpenBSD CVS | 35 | This version of SSH is based upon code retrieved from the OpenBSD CVS |
36 | repository on 1999-10-26, which in turn was based on the last free | 36 | repository on 1999-10-26 patched by Damien Miller <djm@ibs.com.au>, which |
37 | version of SSH released by Tatu Ylonen. | 37 | in turn was based on the last free version of SSH released by Tatu Ylonen. |
38 | 38 | ||
39 | Code in helper.[ch] is Copyright 1999 Internet Business Solutions and | 39 | Code in helper.[ch] is Copyright 1999 Internet Business Solutions and |
40 | is released under a X11-style license (see source file for details). | 40 | is released under a X11-style license (see source file for details). |
diff --git a/acconfig.h b/acconfig.h new file mode 100644 index 000000000..7119b94ac --- /dev/null +++ b/acconfig.h | |||
@@ -0,0 +1,7 @@ | |||
1 | /* config.h.in. Generated by hand, don't use autoheader. */ | ||
2 | |||
3 | /* Define if your ssl headers are included with #include <ssl/header.h> */ | ||
4 | #undef HAVE_SSL | ||
5 | |||
6 | /* Define if your ssl headers are included with #include <openssl/header.h> */ | ||
7 | #undef HAVE_OPENSSL | ||
diff --git a/auth-rsa.c b/auth-rsa.c index 8de86d2de..076f8a3e4 100644 --- a/auth-rsa.c +++ b/auth-rsa.c | |||
@@ -15,8 +15,9 @@ validity of the host key. | |||
15 | 15 | ||
16 | */ | 16 | */ |
17 | 17 | ||
18 | #include "config.h" | ||
18 | #include "includes.h" | 19 | #include "includes.h" |
19 | RCSID("$Id: auth-rsa.c,v 1.1 1999/10/27 03:42:43 damien Exp $"); | 20 | RCSID("$Id: auth-rsa.c,v 1.2 1999/10/28 03:25:17 damien Exp $"); |
20 | 21 | ||
21 | #include "rsa.h" | 22 | #include "rsa.h" |
22 | #include "packet.h" | 23 | #include "packet.h" |
@@ -25,8 +26,14 @@ RCSID("$Id: auth-rsa.c,v 1.1 1999/10/27 03:42:43 damien Exp $"); | |||
25 | #include "mpaux.h" | 26 | #include "mpaux.h" |
26 | #include "uidswap.h" | 27 | #include "uidswap.h" |
27 | 28 | ||
29 | #ifdef HAVE_OPENSSL | ||
28 | #include <openssl/rsa.h> | 30 | #include <openssl/rsa.h> |
29 | #include <openssl/md5.h> | 31 | #include <openssl/md5.h> |
32 | #endif | ||
33 | #ifdef HAVE_SSL | ||
34 | #include <ssl/rsa.h> | ||
35 | #include <ssl/md5.h> | ||
36 | #endif | ||
30 | 37 | ||
31 | /* Flags that may be set in authorized_keys options. */ | 38 | /* Flags that may be set in authorized_keys options. */ |
32 | extern int no_port_forwarding_flag; | 39 | extern int no_port_forwarding_flag; |
@@ -13,8 +13,9 @@ Functions for connecting the local authentication agent. | |||
13 | 13 | ||
14 | */ | 14 | */ |
15 | 15 | ||
16 | #include "config.h" | ||
16 | #include "includes.h" | 17 | #include "includes.h" |
17 | RCSID("$Id: authfd.c,v 1.1 1999/10/27 03:42:43 damien Exp $"); | 18 | RCSID("$Id: authfd.c,v 1.2 1999/10/28 03:25:17 damien Exp $"); |
18 | 19 | ||
19 | #include "ssh.h" | 20 | #include "ssh.h" |
20 | #include "rsa.h" | 21 | #include "rsa.h" |
@@ -24,7 +25,12 @@ RCSID("$Id: authfd.c,v 1.1 1999/10/27 03:42:43 damien Exp $"); | |||
24 | #include "xmalloc.h" | 25 | #include "xmalloc.h" |
25 | #include "getput.h" | 26 | #include "getput.h" |
26 | 27 | ||
28 | #ifdef HAVE_OPENSSL | ||
27 | #include <openssl/rsa.h> | 29 | #include <openssl/rsa.h> |
30 | #endif | ||
31 | #ifdef HAVE_SSL | ||
32 | #include <ssl/rsa.h> | ||
33 | #endif | ||
28 | 34 | ||
29 | /* Returns the number of the authentication fd, or -1 if there is none. */ | 35 | /* Returns the number of the authentication fd, or -1 if there is none. */ |
30 | 36 | ||
diff --git a/authfile.c b/authfile.c index 49390e083..edd1cd9a2 100644 --- a/authfile.c +++ b/authfile.c | |||
@@ -14,10 +14,17 @@ for reading the passphrase from the user. | |||
14 | 14 | ||
15 | */ | 15 | */ |
16 | 16 | ||
17 | #include "config.h" | ||
17 | #include "includes.h" | 18 | #include "includes.h" |
18 | RCSID("$Id: authfile.c,v 1.1 1999/10/27 03:42:43 damien Exp $"); | 19 | RCSID("$Id: authfile.c,v 1.2 1999/10/28 03:25:17 damien Exp $"); |
19 | 20 | ||
21 | #ifdef HAVE_OPENSSL | ||
20 | #include <openssl/bn.h> | 22 | #include <openssl/bn.h> |
23 | #endif | ||
24 | #ifdef HAVE_SSL | ||
25 | #include <ssl/bn.h> | ||
26 | #endif | ||
27 | |||
21 | #include "xmalloc.h" | 28 | #include "xmalloc.h" |
22 | #include "buffer.h" | 29 | #include "buffer.h" |
23 | #include "bufaux.h" | 30 | #include "bufaux.h" |
@@ -14,11 +14,19 @@ Buffers. | |||
14 | 14 | ||
15 | */ | 15 | */ |
16 | 16 | ||
17 | #include "config.h" | ||
17 | #include "includes.h" | 18 | #include "includes.h" |
18 | RCSID("$Id: bufaux.c,v 1.1 1999/10/27 03:42:43 damien Exp $"); | 19 | RCSID("$Id: bufaux.c,v 1.2 1999/10/28 03:25:17 damien Exp $"); |
19 | 20 | ||
20 | #include "ssh.h" | 21 | #include "ssh.h" |
22 | |||
23 | #ifdef HAVE_OPENSSL | ||
21 | #include <openssl/bn.h> | 24 | #include <openssl/bn.h> |
25 | #endif | ||
26 | #ifdef HAVE_SSL | ||
27 | #include <ssl/bn.h> | ||
28 | #endif | ||
29 | |||
22 | #include "bufaux.h" | 30 | #include "bufaux.h" |
23 | #include "xmalloc.h" | 31 | #include "xmalloc.h" |
24 | #include "getput.h" | 32 | #include "getput.h" |
@@ -11,13 +11,19 @@ Created: Wed Apr 19 17:41:39 1995 ylo | |||
11 | 11 | ||
12 | */ | 12 | */ |
13 | 13 | ||
14 | #include "config.h" | ||
14 | #include "includes.h" | 15 | #include "includes.h" |
15 | RCSID("$Id: cipher.c,v 1.1 1999/10/27 03:42:44 damien Exp $"); | 16 | RCSID("$Id: cipher.c,v 1.2 1999/10/28 03:25:17 damien Exp $"); |
16 | 17 | ||
17 | #include "ssh.h" | 18 | #include "ssh.h" |
18 | #include "cipher.h" | 19 | #include "cipher.h" |
19 | 20 | ||
21 | #ifdef HAVE_OPENSSL | ||
20 | #include <openssl/md5.h> | 22 | #include <openssl/md5.h> |
23 | #endif | ||
24 | #ifdef HAVE_SSL | ||
25 | #include <ssl/md5.h> | ||
26 | #endif | ||
21 | 27 | ||
22 | /* | 28 | /* |
23 | * What kind of tripple DES are these 2 routines? | 29 | * What kind of tripple DES are these 2 routines? |
@@ -11,13 +11,21 @@ Created: Wed Apr 19 16:50:42 1995 ylo | |||
11 | 11 | ||
12 | */ | 12 | */ |
13 | 13 | ||
14 | /* RCSID("$Id: cipher.h,v 1.1 1999/10/27 03:42:44 damien Exp $"); */ | 14 | /* RCSID("$Id: cipher.h,v 1.2 1999/10/28 03:25:17 damien Exp $"); */ |
15 | |||
16 | #include "config.h" | ||
15 | 17 | ||
16 | #ifndef CIPHER_H | 18 | #ifndef CIPHER_H |
17 | #define CIPHER_H | 19 | #define CIPHER_H |
18 | 20 | ||
21 | #ifdef HAVE_OPENSSL | ||
19 | #include <openssl/des.h> | 22 | #include <openssl/des.h> |
20 | #include <openssl/blowfish.h> | 23 | #include <openssl/blowfish.h> |
24 | #endif | ||
25 | #ifdef HAVE_SSL | ||
26 | #include <ssl/des.h> | ||
27 | #include <ssl/blowfish.h> | ||
28 | #endif | ||
21 | 29 | ||
22 | /* Cipher types. New types can be added, but old types should not be removed | 30 | /* Cipher types. New types can be added, but old types should not be removed |
23 | for compatibility. The maximum allowed value is 31. */ | 31 | for compatibility. The maximum allowed value is 31. */ |
diff --git a/config.h.in b/config.h.in new file mode 100644 index 000000000..44a5686d0 --- /dev/null +++ b/config.h.in | |||
@@ -0,0 +1,139 @@ | |||
1 | /* config.h.in. Generated automatically from configure.in by autoheader. */ | ||
2 | |||
3 | /* Define to empty if the keyword does not work. */ | ||
4 | #undef const | ||
5 | |||
6 | /* Define to `int' if <sys/types.h> doesn't define. */ | ||
7 | #undef gid_t | ||
8 | |||
9 | /* Define if you don't have vprintf but do have _doprnt. */ | ||
10 | #undef HAVE_DOPRNT | ||
11 | |||
12 | /* Define if your struct stat has st_blksize. */ | ||
13 | #undef HAVE_ST_BLKSIZE | ||
14 | |||
15 | /* Define if you have <sys/wait.h> that is POSIX.1 compatible. */ | ||
16 | #undef HAVE_SYS_WAIT_H | ||
17 | |||
18 | /* Define if utime(file, NULL) sets file's timestamp to the present. */ | ||
19 | #undef HAVE_UTIME_NULL | ||
20 | |||
21 | /* Define if you have the vprintf function. */ | ||
22 | #undef HAVE_VPRINTF | ||
23 | |||
24 | /* Define as __inline if that's what the C compiler calls it. */ | ||
25 | #undef inline | ||
26 | |||
27 | /* Define to `int' if <sys/types.h> doesn't define. */ | ||
28 | #undef mode_t | ||
29 | |||
30 | /* Define to `long' if <sys/types.h> doesn't define. */ | ||
31 | #undef off_t | ||
32 | |||
33 | /* Define as the return type of signal handlers (int or void). */ | ||
34 | #undef RETSIGTYPE | ||
35 | |||
36 | /* Define to `unsigned' if <sys/types.h> doesn't define. */ | ||
37 | #undef size_t | ||
38 | |||
39 | /* Define if you have the ANSI C header files. */ | ||
40 | #undef STDC_HEADERS | ||
41 | |||
42 | /* Define if you can safely include both <sys/time.h> and <time.h>. */ | ||
43 | #undef TIME_WITH_SYS_TIME | ||
44 | |||
45 | /* Define to `int' if <sys/types.h> doesn't define. */ | ||
46 | #undef uid_t | ||
47 | |||
48 | /* Define if your ssl headers are included with #include <ssl/header.h> */ | ||
49 | #undef HAVE_SSL | ||
50 | |||
51 | /* Define if your ssl headers are included with #include <openssl/header.h> */ | ||
52 | #undef HAVE_OPENSSL | ||
53 | |||
54 | /* Define if you have the arc4random function. */ | ||
55 | #undef HAVE_ARC4RANDOM | ||
56 | |||
57 | /* Define if you have the gethostname function. */ | ||
58 | #undef HAVE_GETHOSTNAME | ||
59 | |||
60 | /* Define if you have the gettimeofday function. */ | ||
61 | #undef HAVE_GETTIMEOFDAY | ||
62 | |||
63 | /* Define if you have the mkdir function. */ | ||
64 | #undef HAVE_MKDIR | ||
65 | |||
66 | /* Define if you have the mkdtemp function. */ | ||
67 | #undef HAVE_MKDTEMP | ||
68 | |||
69 | /* Define if you have the rmdir function. */ | ||
70 | #undef HAVE_RMDIR | ||
71 | |||
72 | /* Define if you have the select function. */ | ||
73 | #undef HAVE_SELECT | ||
74 | |||
75 | /* Define if you have the setproctitle function. */ | ||
76 | #undef HAVE_SETPROCTITLE | ||
77 | |||
78 | /* Define if you have the socket function. */ | ||
79 | #undef HAVE_SOCKET | ||
80 | |||
81 | /* Define if you have the strerror function. */ | ||
82 | #undef HAVE_STRERROR | ||
83 | |||
84 | /* Define if you have the strlcpy function. */ | ||
85 | #undef HAVE_STRLCPY | ||
86 | |||
87 | /* Define if you have the strspn function. */ | ||
88 | #undef HAVE_STRSPN | ||
89 | |||
90 | /* Define if you have the strtol function. */ | ||
91 | #undef HAVE_STRTOL | ||
92 | |||
93 | /* Define if you have the <dirent.h> header file. */ | ||
94 | #undef HAVE_DIRENT_H | ||
95 | |||
96 | /* Define if you have the <fcntl.h> header file. */ | ||
97 | #undef HAVE_FCNTL_H | ||
98 | |||
99 | /* Define if you have the <ndir.h> header file. */ | ||
100 | #undef HAVE_NDIR_H | ||
101 | |||
102 | /* Define if you have the <paths.h> header file. */ | ||
103 | #undef HAVE_PATHS_H | ||
104 | |||
105 | /* Define if you have the <sys/dir.h> header file. */ | ||
106 | #undef HAVE_SYS_DIR_H | ||
107 | |||
108 | /* Define if you have the <sys/ioctl.h> header file. */ | ||
109 | #undef HAVE_SYS_IOCTL_H | ||
110 | |||
111 | /* Define if you have the <sys/ndir.h> header file. */ | ||
112 | #undef HAVE_SYS_NDIR_H | ||
113 | |||
114 | /* Define if you have the <sys/time.h> header file. */ | ||
115 | #undef HAVE_SYS_TIME_H | ||
116 | |||
117 | /* Define if you have the <syslog.h> header file. */ | ||
118 | #undef HAVE_SYSLOG_H | ||
119 | |||
120 | /* Define if you have the <unistd.h> header file. */ | ||
121 | #undef HAVE_UNISTD_H | ||
122 | |||
123 | /* Define if you have the crypto library (-lcrypto). */ | ||
124 | #undef HAVE_LIBCRYPTO | ||
125 | |||
126 | /* Define if you have the dl library (-ldl). */ | ||
127 | #undef HAVE_LIBDL | ||
128 | |||
129 | /* Define if you have the pam library (-lpam). */ | ||
130 | #undef HAVE_LIBPAM | ||
131 | |||
132 | /* Define if you have the pwdb library (-lpwdb). */ | ||
133 | #undef HAVE_LIBPWDB | ||
134 | |||
135 | /* Define if you have the util library (-lutil). */ | ||
136 | #undef HAVE_LIBUTIL | ||
137 | |||
138 | /* Define if you have the z library (-lz). */ | ||
139 | #undef HAVE_LIBZ | ||
diff --git a/configure.in b/configure.in new file mode 100644 index 000000000..0fac461c8 --- /dev/null +++ b/configure.in | |||
@@ -0,0 +1,54 @@ | |||
1 | dnl Process this file with autoconf to produce a configure script. | ||
2 | AC_INIT(auth-krb4.c) | ||
3 | |||
4 | AC_CONFIG_HEADER(config.h) | ||
5 | |||
6 | dnl Checks for programs. | ||
7 | AC_PROG_CC | ||
8 | AC_PROG_RANLIB | ||
9 | |||
10 | dnl Checks for libraries. | ||
11 | dnl Replace `main' with a function in -lcrypto: | ||
12 | AC_CHECK_LIB(crypto, CRYPTO_lock, ,AC_MSG_ERROR([*** libcrypto missing - please install first ***])) | ||
13 | dnl Replace `main' with a function in -lutil: | ||
14 | AC_CHECK_LIB(util, logout, ,AC_MSG_ERROR([*** -lutil missing - this is part of libc. ***])) | ||
15 | dnl Replace `main' with a function in -lz: | ||
16 | AC_CHECK_LIB(z, deflate, ,AC_MSG_ERROR([*** zlib missing - please install first ***])) | ||
17 | dnl check for pwdb | ||
18 | AC_CHECK_LIB(pwdb, pwdb_new, ,AC_MSG_ERROR([*** libpwdb missing - please install first ***])) | ||
19 | dnl check for dl | ||
20 | AC_CHECK_LIB(dl, dlopen, ,AC_MSG_ERROR([*** libdl missing - please install first ***])) | ||
21 | dnl check for pam | ||
22 | AC_CHECK_LIB(pam, pam_authenticate, ,AC_MSG_ERROR([*** PAM missing - please install first ***])) | ||
23 | |||
24 | dnl Check for stuff in path. | ||
25 | AC_CHECK_PROG(AR, ar, ar) | ||
26 | |||
27 | dnl Check for ssl headers | ||
28 | AC_CHECK_HEADER(openssl/bn.h, [AC_DEFINE(HAVE_OPENSSL)], [AC_CHECK_HEADER(ssl/bn.h, [AC_DEFINE(HAVE_SSL)], [AC_MSG_ERROR([*** ssl library missing - please install first ***])])]) | ||
29 | |||
30 | dnl Checks for header files. | ||
31 | AC_HEADER_DIRENT | ||
32 | AC_HEADER_STDC | ||
33 | AC_HEADER_SYS_WAIT | ||
34 | AC_CHECK_HEADERS(fcntl.h paths.h sys/ioctl.h sys/time.h syslog.h unistd.h) | ||
35 | |||
36 | dnl Checks for typedefs, structures, and compiler characteristics. | ||
37 | AC_C_CONST | ||
38 | AC_TYPE_UID_T | ||
39 | AC_C_INLINE | ||
40 | AC_TYPE_MODE_T | ||
41 | AC_TYPE_OFF_T | ||
42 | AC_TYPE_SIZE_T | ||
43 | AC_STRUCT_ST_BLKSIZE | ||
44 | AC_HEADER_TIME | ||
45 | |||
46 | dnl Checks for library functions. | ||
47 | AC_PROG_GCC_TRADITIONAL | ||
48 | AC_FUNC_MEMCMP | ||
49 | AC_TYPE_SIGNAL | ||
50 | AC_FUNC_UTIME_NULL | ||
51 | AC_FUNC_VPRINTF | ||
52 | AC_CHECK_FUNCS(gethostname gettimeofday mkdir rmdir select socket strerror strspn strtol strlcpy mkdtemp arc4random setproctitle) | ||
53 | |||
54 | AC_OUTPUT(Makefile) | ||
@@ -14,14 +14,22 @@ precision integers. | |||
14 | 14 | ||
15 | */ | 15 | */ |
16 | 16 | ||
17 | #include "config.h" | ||
17 | #include "includes.h" | 18 | #include "includes.h" |
18 | RCSID("$Id: mpaux.c,v 1.1 1999/10/27 03:42:44 damien Exp $"); | 19 | RCSID("$Id: mpaux.c,v 1.2 1999/10/28 03:25:17 damien Exp $"); |
19 | 20 | ||
21 | #ifdef HAVE_OPENSSL | ||
20 | #include <openssl/bn.h> | 22 | #include <openssl/bn.h> |
23 | #include <openssl/md5.h> | ||
24 | #endif | ||
25 | #ifdef HAVE_SSL | ||
26 | #include <ssl/bn.h> | ||
27 | #include <ssl/md5.h> | ||
28 | #endif | ||
29 | |||
21 | #include "getput.h" | 30 | #include "getput.h" |
22 | #include "xmalloc.h" | 31 | #include "xmalloc.h" |
23 | 32 | ||
24 | #include <openssl/md5.h> | ||
25 | 33 | ||
26 | void | 34 | void |
27 | compute_session_id(unsigned char session_id[16], | 35 | compute_session_id(unsigned char session_id[16], |
@@ -13,12 +13,18 @@ Interface for the packet protocol functions. | |||
13 | 13 | ||
14 | */ | 14 | */ |
15 | 15 | ||
16 | /* RCSID("$Id: packet.h,v 1.1 1999/10/27 03:42:44 damien Exp $"); */ | 16 | /* RCSID("$Id: packet.h,v 1.2 1999/10/28 03:25:17 damien Exp $"); */ |
17 | 17 | ||
18 | #include "config.h" | ||
18 | #ifndef PACKET_H | 19 | #ifndef PACKET_H |
19 | #define PACKET_H | 20 | #define PACKET_H |
20 | 21 | ||
22 | #ifdef HAVE_OPENSSL | ||
21 | #include <openssl/bn.h> | 23 | #include <openssl/bn.h> |
24 | #endif | ||
25 | #ifdef HAVE_SSL | ||
26 | #include <ssl/bn.h> | ||
27 | #endif | ||
22 | 28 | ||
23 | /* Sets the socket used for communication. Disables encryption until | 29 | /* Sets the socket used for communication. Disables encryption until |
24 | packet_set_encryption_key is called. It is permissible that fd_in | 30 | packet_set_encryption_key is called. It is permissible that fd_in |
@@ -13,13 +13,21 @@ RSA key generation, encryption and decryption. | |||
13 | 13 | ||
14 | */ | 14 | */ |
15 | 15 | ||
16 | /* RCSID("$Id: rsa.h,v 1.1 1999/10/27 03:42:44 damien Exp $"); */ | 16 | /* RCSID("$Id: rsa.h,v 1.2 1999/10/28 03:25:17 damien Exp $"); */ |
17 | #include "config.h" | ||
17 | 18 | ||
18 | #ifndef RSA_H | 19 | #ifndef RSA_H |
19 | #define RSA_H | 20 | #define RSA_H |
20 | 21 | ||
22 | #ifdef HAVE_OPENSSL | ||
21 | #include <openssl/bn.h> | 23 | #include <openssl/bn.h> |
22 | #include <openssl/rsa.h> | 24 | #include <openssl/rsa.h> |
25 | #endif | ||
26 | |||
27 | #ifdef HAVE_SSL | ||
28 | #include <ssl/bn.h> | ||
29 | #include <ssl/rsa.h> | ||
30 | #endif | ||
23 | 31 | ||
24 | /* Calls SSL RSA_generate_key, only copies to prv and pub */ | 32 | /* Calls SSL RSA_generate_key, only copies to prv and pub */ |
25 | void rsa_generate_key(RSA *prv, RSA *pub, unsigned int bits); | 33 | void rsa_generate_key(RSA *prv, RSA *pub, unsigned int bits); |
diff --git a/ssh-agent.c b/ssh-agent.c index 19165b8f1..562f3ccd9 100644 --- a/ssh-agent.c +++ b/ssh-agent.c | |||
@@ -13,8 +13,9 @@ The authentication agent program. | |||
13 | 13 | ||
14 | */ | 14 | */ |
15 | 15 | ||
16 | #include "config.h" | ||
16 | #include "includes.h" | 17 | #include "includes.h" |
17 | RCSID("$Id: ssh-agent.c,v 1.1 1999/10/27 03:42:45 damien Exp $"); | 18 | RCSID("$Id: ssh-agent.c,v 1.2 1999/10/28 03:25:17 damien Exp $"); |
18 | 19 | ||
19 | #include "ssh.h" | 20 | #include "ssh.h" |
20 | #include "rsa.h" | 21 | #include "rsa.h" |
@@ -26,7 +27,12 @@ RCSID("$Id: ssh-agent.c,v 1.1 1999/10/27 03:42:45 damien Exp $"); | |||
26 | #include "getput.h" | 27 | #include "getput.h" |
27 | #include "mpaux.h" | 28 | #include "mpaux.h" |
28 | 29 | ||
30 | #ifdef HAVE_OPENSSL | ||
29 | #include <openssl/md5.h> | 31 | #include <openssl/md5.h> |
32 | #endif | ||
33 | #ifdef HAVE_SSL | ||
34 | #include <ssl/md5.h> | ||
35 | #endif | ||
30 | 36 | ||
31 | typedef struct | 37 | typedef struct |
32 | { | 38 | { |
@@ -18,7 +18,7 @@ Modified to work with SSL by Niels Provos <provos@citi.umich.edu> in Canada. | |||
18 | */ | 18 | */ |
19 | 19 | ||
20 | #include "includes.h" | 20 | #include "includes.h" |
21 | RCSID("$Id: ssh.c,v 1.1 1999/10/27 03:42:45 damien Exp $"); | 21 | RCSID("$Id: ssh.c,v 1.2 1999/10/28 03:25:17 damien Exp $"); |
22 | 22 | ||
23 | #include "xmalloc.h" | 23 | #include "xmalloc.h" |
24 | #include "ssh.h" | 24 | #include "ssh.h" |
@@ -215,6 +215,7 @@ main(int ac, char **av) | |||
215 | else | 215 | else |
216 | cp = av0; | 216 | cp = av0; |
217 | if (strcmp(cp, "rsh") != 0 && strcmp(cp, "ssh") != 0 && | 217 | if (strcmp(cp, "rsh") != 0 && strcmp(cp, "ssh") != 0 && |
218 | strcmp(cp, "openssh") != 0 && strcmp(cp, "openlogin") != 0 && | ||
218 | strcmp(cp, "rlogin") != 0 && strcmp(cp, "slogin") != 0) | 219 | strcmp(cp, "rlogin") != 0 && strcmp(cp, "slogin") != 0) |
219 | host = cp; | 220 | host = cp; |
220 | 221 | ||
@@ -13,11 +13,25 @@ Generic header file for ssh. | |||
13 | 13 | ||
14 | */ | 14 | */ |
15 | 15 | ||
16 | /* RCSID("$Id: ssh.h,v 1.1 1999/10/27 03:42:45 damien Exp $"); */ | 16 | /* RCSID("$Id: ssh.h,v 1.2 1999/10/28 03:25:17 damien Exp $"); */ |
17 | 17 | ||
18 | #ifndef SSH_H | 18 | #ifndef SSH_H |
19 | #define SSH_H | 19 | #define SSH_H |
20 | 20 | ||
21 | /* Added by Dan */ | ||
22 | #ifndef SHUT_RDWR | ||
23 | enum | ||
24 | { | ||
25 | SHUT_RD = 0, /* No more receptions. */ | ||
26 | #define SHUT_RD SHUT_RD | ||
27 | SHUT_WR, /* No more transmissions. */ | ||
28 | #define SHUT_WR SHUT_WR | ||
29 | SHUT_RDWR /* No more receptions or transmissions. */ | ||
30 | #define SHUT_RDWR SHUT_RDWR | ||
31 | }; | ||
32 | #endif | ||
33 | |||
34 | |||
21 | #include "rsa.h" | 35 | #include "rsa.h" |
22 | #include "cipher.h" | 36 | #include "cipher.h" |
23 | 37 | ||
diff --git a/sshconnect.c b/sshconnect.c index 3437b04ca..647dfbd8d 100644 --- a/sshconnect.c +++ b/sshconnect.c | |||
@@ -14,10 +14,19 @@ login (authentication) dialog. | |||
14 | 14 | ||
15 | */ | 15 | */ |
16 | 16 | ||
17 | #include "config.h" | ||
17 | #include "includes.h" | 18 | #include "includes.h" |
18 | RCSID("$Id: sshconnect.c,v 1.1 1999/10/27 03:42:45 damien Exp $"); | 19 | RCSID("$Id: sshconnect.c,v 1.2 1999/10/28 03:25:17 damien Exp $"); |
19 | 20 | ||
21 | #ifdef HAVE_OPENSSL | ||
20 | #include <openssl/bn.h> | 22 | #include <openssl/bn.h> |
23 | #include <openssl/md5.h> | ||
24 | #endif | ||
25 | #ifdef HAVE_SSL | ||
26 | #include <ssl/bn.h> | ||
27 | #include <ssl/md5.h> | ||
28 | #endif | ||
29 | |||
21 | #include "xmalloc.h" | 30 | #include "xmalloc.h" |
22 | #include "rsa.h" | 31 | #include "rsa.h" |
23 | #include "ssh.h" | 32 | #include "ssh.h" |
@@ -28,7 +37,6 @@ RCSID("$Id: sshconnect.c,v 1.1 1999/10/27 03:42:45 damien Exp $"); | |||
28 | #include "uidswap.h" | 37 | #include "uidswap.h" |
29 | #include "compat.h" | 38 | #include "compat.h" |
30 | 39 | ||
31 | #include <openssl/md5.h> | ||
32 | 40 | ||
33 | /* Session id for the current session. */ | 41 | /* Session id for the current session. */ |
34 | unsigned char session_id[16]; | 42 | unsigned char session_id[16]; |