summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog62
-rw-r--r--atomicio.c8
-rw-r--r--auth-rsa.c27
-rw-r--r--cipher.c18
-rw-r--r--hostfile.c18
-rw-r--r--log-client.c6
-rw-r--r--log-server.c8
-rw-r--r--packet.c12
-rw-r--r--pty.c2
-rw-r--r--pty.h4
-rw-r--r--readconf.c4
-rw-r--r--rsa.c6
-rw-r--r--scp.c6
-rw-r--r--servconf.c14
-rw-r--r--ssh-keygen.c94
-rw-r--r--ssh.124
-rw-r--r--ssh.c5
-rw-r--r--ssh.h4
-rw-r--r--sshconnect.c13
-rw-r--r--sshd.837
-rw-r--r--sshd.c116
-rw-r--r--version.h2
22 files changed, 310 insertions, 180 deletions
diff --git a/ChangeLog b/ChangeLog
index 4eb4ee6a7..68c577f68 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,65 @@
120000309
2 - OpenBSD CVS updates to v1.2.3
3 [ssh.h atomicio.c]
4 - int atomicio -> ssize_t (for alpha). ok deraadt@
5 [auth-rsa.c]
6 - delay MD5 computation until client sends response, free() early, cleanup.
7 [cipher.c]
8 - void* -> unsigned char*, ok niels@
9 [hostfile.c]
10 - remove unused variable 'len'. fix comments.
11 - remove unused variable
12 [log-client.c log-server.c]
13 - rename a cpp symbol, to avoid param.h collision
14 [packet.c]
15 - missing xfree()
16 - getsockname() requires initialized tolen; andy@guildsoftware.com
17 - use getpeername() in packet_connection_is_on_socket(), fixes sshd -i;
18 from Holger.Trapp@Informatik.TU-Chemnitz.DE
19 [pty.c pty.h]
20 - register cleanup for pty earlier. move code for pty-owner handling to
21 pty.c ok provos@, dugsong@
22 [readconf.c]
23 - turn off x11-fwd for the client, too.
24 [rsa.c]
25 - PKCS#1 padding
26 [scp.c]
27 - allow '.' in usernames; from jedgar@fxp.org
28 [servconf.c]
29 - typo: ignore_user_known_hosts int->flag; naddy@mips.rhein-neckar.de
30 - sync with sshd_config
31 [ssh-keygen.c]
32 - enable ssh-keygen -l -f ~/.ssh/known_hosts, ok deraadt@
33 [ssh.1]
34 - Change invalid 'CHAT' loglevel to 'VERBOSE'
35 [ssh.c]
36 - suppress AAAA query host when '-4' is used; from shin@nd.net.fujitsu.co.jp
37 - turn off x11-fwd for the client, too.
38 [sshconnect.c]
39 - missing xfree()
40 - retry rresvport_af(), too. from sumikawa@ebina.hitachi.co.jp.
41 - read error vs. "Connection closed by remote host"
42 [sshd.8]
43 - ie. -> i.e.,
44 - do not link to a commercial page..
45 - sync with sshd_config
46 [sshd.c]
47 - no need for poll.h; from bright@wintelcom.net
48 - log with level log() not fatal() if peer behaves badly.
49 - don't panic if client behaves strange. ok deraadt@
50 - make no-port-forwarding for RSA keys deny both -L and -R style fwding
51 - delay close() of pty until the pty has been chowned back to root
52 - oops, fix comment, too.
53 - missing xfree()
54 - move XAUTHORITY to subdir. ok dugsong@. fixes debian bug #57907, too.
55 (http://cgi.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=57907)
56 - register cleanup for pty earlier. move code for pty-owner handling to
57 pty.c ok provos@, dugsong@
58 - create x11 cookie file
59 - fix pr 1113, fclose() -> pclose(), todo: remote popen()
60 - version 1.2.3
61 - Cleaned up
62
120000308 6320000308
2 - Configure fix from Hiroshi Takekawa <takekawa@sr3.t.u-tokyo.ac.jp> 64 - Configure fix from Hiroshi Takekawa <takekawa@sr3.t.u-tokyo.ac.jp>
3 65
diff --git a/atomicio.c b/atomicio.c
index fcab2ea7f..d6797ec73 100644
--- a/atomicio.c
+++ b/atomicio.c
@@ -24,7 +24,7 @@
24 */ 24 */
25 25
26#include "includes.h" 26#include "includes.h"
27RCSID("$Id: atomicio.c,v 1.8 1999/12/14 22:06:28 damien Exp $"); 27RCSID("$Id: atomicio.c,v 1.9 2000/03/09 10:27:50 damien Exp $");
28 28
29#include "xmalloc.h" 29#include "xmalloc.h"
30#include "ssh.h" 30#include "ssh.h"
@@ -32,14 +32,14 @@ RCSID("$Id: atomicio.c,v 1.8 1999/12/14 22:06:28 damien Exp $");
32/* 32/*
33 * ensure all of data on socket comes through. f==read || f==write 33 * ensure all of data on socket comes through. f==read || f==write
34 */ 34 */
35int 35ssize_t
36atomicio(f, fd, s, n) 36atomicio(f, fd, s, n)
37 int (*f) (); 37 ssize_t (*f) ();
38 int fd; 38 int fd;
39 void *s; 39 void *s;
40 size_t n; 40 size_t n;
41{ 41{
42 int res, pos = 0; 42 ssize_t res, pos = 0;
43 43
44 while (n > pos) { 44 while (n > pos) {
45 res = (f) (fd, (char*)s + pos, n - pos); 45 res = (f) (fd, (char*)s + pos, n - pos);
diff --git a/auth-rsa.c b/auth-rsa.c
index 9d9e74928..ef7a2274e 100644
--- a/auth-rsa.c
+++ b/auth-rsa.c
@@ -16,7 +16,7 @@
16 */ 16 */
17 17
18#include "includes.h" 18#include "includes.h"
19RCSID("$Id: auth-rsa.c,v 1.12 2000/01/20 11:44:09 damien Exp $"); 19RCSID("$Id: auth-rsa.c,v 1.13 2000/03/09 10:27:50 damien Exp $");
20 20
21#include "rsa.h" 21#include "rsa.h"
22#include "packet.h" 22#include "packet.h"
@@ -68,9 +68,9 @@ extern unsigned char session_id[16];
68int 68int
69auth_rsa_challenge_dialog(BIGNUM *e, BIGNUM *n) 69auth_rsa_challenge_dialog(BIGNUM *e, BIGNUM *n)
70{ 70{
71 BIGNUM *challenge, *encrypted_challenge, *aux; 71 BIGNUM *challenge, *encrypted_challenge;
72 RSA *pk; 72 RSA *pk;
73 BN_CTX *ctx = BN_CTX_new(); 73 BN_CTX *ctx;
74 unsigned char buf[32], mdbuf[16], response[16]; 74 unsigned char buf[32], mdbuf[16], response[16];
75 MD5_CTX md; 75 MD5_CTX md;
76 unsigned int i; 76 unsigned int i;
@@ -78,11 +78,12 @@ auth_rsa_challenge_dialog(BIGNUM *e, BIGNUM *n)
78 78
79 encrypted_challenge = BN_new(); 79 encrypted_challenge = BN_new();
80 challenge = BN_new(); 80 challenge = BN_new();
81 aux = BN_new();
82 81
83 /* Generate a random challenge. */ 82 /* Generate a random challenge. */
84 BN_rand(challenge, 256, 0, 0); 83 BN_rand(challenge, 256, 0, 0);
84 ctx = BN_CTX_new();
85 BN_mod(challenge, challenge, n, ctx); 85 BN_mod(challenge, challenge, n, ctx);
86 BN_CTX_free(ctx);
86 87
87 /* Create the public key data structure. */ 88 /* Create the public key data structure. */
88 pk = RSA_new(); 89 pk = RSA_new();
@@ -99,8 +100,15 @@ auth_rsa_challenge_dialog(BIGNUM *e, BIGNUM *n)
99 packet_start(SSH_SMSG_AUTH_RSA_CHALLENGE); 100 packet_start(SSH_SMSG_AUTH_RSA_CHALLENGE);
100 packet_put_bignum(encrypted_challenge); 101 packet_put_bignum(encrypted_challenge);
101 packet_send(); 102 packet_send();
103 BN_clear_free(encrypted_challenge);
102 packet_write_wait(); 104 packet_write_wait();
103 105
106 /* Wait for a response. */
107 packet_read_expect(&plen, SSH_CMSG_AUTH_RSA_RESPONSE);
108 packet_integrity_check(plen, 16, SSH_CMSG_AUTH_RSA_RESPONSE);
109 for (i = 0; i < 16; i++)
110 response[i] = packet_get_char();
111
104 /* The response is MD5 of decrypted challenge plus session id. */ 112 /* The response is MD5 of decrypted challenge plus session id. */
105 len = BN_num_bytes(challenge); 113 len = BN_num_bytes(challenge);
106 if (len <= 0 || len > 32) 114 if (len <= 0 || len > 32)
@@ -111,18 +119,7 @@ auth_rsa_challenge_dialog(BIGNUM *e, BIGNUM *n)
111 MD5_Update(&md, buf, 32); 119 MD5_Update(&md, buf, 32);
112 MD5_Update(&md, session_id, 16); 120 MD5_Update(&md, session_id, 16);
113 MD5_Final(mdbuf, &md); 121 MD5_Final(mdbuf, &md);
114
115 /* We will no longer need these. */
116 BN_clear_free(encrypted_challenge);
117 BN_clear_free(challenge); 122 BN_clear_free(challenge);
118 BN_clear_free(aux);
119 BN_CTX_free(ctx);
120
121 /* Wait for a response. */
122 packet_read_expect(&plen, SSH_CMSG_AUTH_RSA_RESPONSE);
123 packet_integrity_check(plen, 16, SSH_CMSG_AUTH_RSA_RESPONSE);
124 for (i = 0; i < 16; i++)
125 response[i] = packet_get_char();
126 123
127 /* Verify that the response is the original challenge. */ 124 /* Verify that the response is the original challenge. */
128 if (memcmp(response, mdbuf, 16) != 0) { 125 if (memcmp(response, mdbuf, 16) != 0) {
diff --git a/cipher.c b/cipher.c
index 5589c24fa..c55c7dcbd 100644
--- a/cipher.c
+++ b/cipher.c
@@ -12,7 +12,7 @@
12 */ 12 */
13 13
14#include "includes.h" 14#include "includes.h"
15RCSID("$Id: cipher.c,v 1.12 2000/01/22 23:32:03 damien Exp $"); 15RCSID("$Id: cipher.c,v 1.13 2000/03/09 10:27:50 damien Exp $");
16 16
17#include "ssh.h" 17#include "ssh.h"
18#include "cipher.h" 18#include "cipher.h"
@@ -41,7 +41,7 @@ void
41SSH_3CBC_ENCRYPT(des_key_schedule ks1, 41SSH_3CBC_ENCRYPT(des_key_schedule ks1,
42 des_key_schedule ks2, des_cblock * iv2, 42 des_key_schedule ks2, des_cblock * iv2,
43 des_key_schedule ks3, des_cblock * iv3, 43 des_key_schedule ks3, des_cblock * iv3,
44 void *dest, void *src, 44 unsigned char *dest, unsigned char *src,
45 unsigned int len) 45 unsigned int len)
46{ 46{
47 des_cblock iv1; 47 des_cblock iv1;
@@ -49,20 +49,20 @@ SSH_3CBC_ENCRYPT(des_key_schedule ks1,
49 memcpy(&iv1, iv2, 8); 49 memcpy(&iv1, iv2, 8);
50 50
51 des_cbc_encrypt(src, dest, len, ks1, &iv1, DES_ENCRYPT); 51 des_cbc_encrypt(src, dest, len, ks1, &iv1, DES_ENCRYPT);
52 memcpy(&iv1, (char *)dest + len - 8, 8); 52 memcpy(&iv1, dest + len - 8, 8);
53 53
54 des_cbc_encrypt(dest, dest, len, ks2, iv2, DES_DECRYPT); 54 des_cbc_encrypt(dest, dest, len, ks2, iv2, DES_DECRYPT);
55 memcpy(iv2, &iv1, 8); /* Note how iv1 == iv2 on entry and exit. */ 55 memcpy(iv2, &iv1, 8); /* Note how iv1 == iv2 on entry and exit. */
56 56
57 des_cbc_encrypt(dest, dest, len, ks3, iv3, DES_ENCRYPT); 57 des_cbc_encrypt(dest, dest, len, ks3, iv3, DES_ENCRYPT);
58 memcpy(iv3, (char *)dest + len - 8, 8); 58 memcpy(iv3, dest + len - 8, 8);
59} 59}
60 60
61void 61void
62SSH_3CBC_DECRYPT(des_key_schedule ks1, 62SSH_3CBC_DECRYPT(des_key_schedule ks1,
63 des_key_schedule ks2, des_cblock * iv2, 63 des_key_schedule ks2, des_cblock * iv2,
64 des_key_schedule ks3, des_cblock * iv3, 64 des_key_schedule ks3, des_cblock * iv3,
65 void *dest, void *src, 65 unsigned char *dest, unsigned char *src,
66 unsigned int len) 66 unsigned int len)
67{ 67{
68 des_cblock iv1; 68 des_cblock iv1;
@@ -70,10 +70,10 @@ SSH_3CBC_DECRYPT(des_key_schedule ks1,
70 memcpy(&iv1, iv2, 8); 70 memcpy(&iv1, iv2, 8);
71 71
72 des_cbc_encrypt(src, dest, len, ks3, iv3, DES_DECRYPT); 72 des_cbc_encrypt(src, dest, len, ks3, iv3, DES_DECRYPT);
73 memcpy(iv3, (char *)src + len - 8, 8); 73 memcpy(iv3, src + len - 8, 8);
74 74
75 des_cbc_encrypt(dest, dest, len, ks2, iv2, DES_ENCRYPT); 75 des_cbc_encrypt(dest, dest, len, ks2, iv2, DES_ENCRYPT);
76 memcpy(iv2, (char *)dest + len - 8, 8); 76 memcpy(iv2, dest + len - 8, 8);
77 77
78 des_cbc_encrypt(dest, dest, len, ks1, &iv1, DES_DECRYPT); 78 des_cbc_encrypt(dest, dest, len, ks1, &iv1, DES_DECRYPT);
79 /* memcpy(&iv1, iv2, 8); */ 79 /* memcpy(&iv1, iv2, 8); */
@@ -273,7 +273,7 @@ cipher_encrypt(CipherContext *context, unsigned char *dest,
273 SSH_3CBC_ENCRYPT(context->u.des3.key1, 273 SSH_3CBC_ENCRYPT(context->u.des3.key1,
274 context->u.des3.key2, &context->u.des3.iv2, 274 context->u.des3.key2, &context->u.des3.iv2,
275 context->u.des3.key3, &context->u.des3.iv3, 275 context->u.des3.key3, &context->u.des3.iv3,
276 dest, (void *) src, len); 276 dest, (unsigned char *) src, len);
277 break; 277 break;
278 278
279 case SSH_CIPHER_BLOWFISH: 279 case SSH_CIPHER_BLOWFISH:
@@ -308,7 +308,7 @@ cipher_decrypt(CipherContext *context, unsigned char *dest,
308 SSH_3CBC_DECRYPT(context->u.des3.key1, 308 SSH_3CBC_DECRYPT(context->u.des3.key1,
309 context->u.des3.key2, &context->u.des3.iv2, 309 context->u.des3.key2, &context->u.des3.iv2,
310 context->u.des3.key3, &context->u.des3.iv3, 310 context->u.des3.key3, &context->u.des3.iv3,
311 dest, (void *) src, len); 311 dest, (unsigned char *) src, len);
312 break; 312 break;
313 313
314 case SSH_CIPHER_BLOWFISH: 314 case SSH_CIPHER_BLOWFISH:
diff --git a/hostfile.c b/hostfile.c
index 831ac592f..ea92fa048 100644
--- a/hostfile.c
+++ b/hostfile.c
@@ -14,13 +14,13 @@
14 */ 14 */
15 15
16#include "includes.h" 16#include "includes.h"
17RCSID("$OpenBSD: hostfile.c,v 1.11 2000/01/04 00:07:59 markus Exp $"); 17RCSID("$OpenBSD: hostfile.c,v 1.13 2000/02/18 10:20:20 markus Exp $");
18 18
19#include "packet.h" 19#include "packet.h"
20#include "ssh.h" 20#include "ssh.h"
21 21
22/* 22/*
23 * Reads a multiple-precision integer in hex from the buffer, and advances 23 * Reads a multiple-precision integer in decimal from the buffer, and advances
24 * the pointer. The integer must already be initialized. This function is 24 * the pointer. The integer must already be initialized. This function is
25 * permitted to modify the buffer. This leaves *cpp to point just beyond the 25 * permitted to modify the buffer. This leaves *cpp to point just beyond the
26 * last processed (and maybe modified) character. Note that this may modify 26 * last processed (and maybe modified) character. Note that this may modify
@@ -31,26 +31,23 @@ int
31auth_rsa_read_bignum(char **cpp, BIGNUM * value) 31auth_rsa_read_bignum(char **cpp, BIGNUM * value)
32{ 32{
33 char *cp = *cpp; 33 char *cp = *cpp;
34 int len, old; 34 int old;
35 35
36 /* Skip any leading whitespace. */ 36 /* Skip any leading whitespace. */
37 for (; *cp == ' ' || *cp == '\t'; cp++) 37 for (; *cp == ' ' || *cp == '\t'; cp++)
38 ; 38 ;
39 39
40 /* Check that it begins with a hex digit. */ 40 /* Check that it begins with a decimal digit. */
41 if (*cp < '0' || *cp > '9') 41 if (*cp < '0' || *cp > '9')
42 return 0; 42 return 0;
43 43
44 /* Save starting position. */ 44 /* Save starting position. */
45 *cpp = cp; 45 *cpp = cp;
46 46
47 /* Move forward until all hex digits skipped. */ 47 /* Move forward until all decimal digits skipped. */
48 for (; *cp >= '0' && *cp <= '9'; cp++) 48 for (; *cp >= '0' && *cp <= '9'; cp++)
49 ; 49 ;
50 50
51 /* Compute the length of the hex number. */
52 len = cp - *cpp;
53
54 /* Save the old terminating character, and replace it by \0. */ 51 /* Save the old terminating character, and replace it by \0. */
55 old = *cp; 52 old = *cp;
56 *cp = 0; 53 *cp = 0;
@@ -179,7 +176,7 @@ check_host_in_hostfile(const char *filename, const char *host,
179 FILE *f; 176 FILE *f;
180 char line[8192]; 177 char line[8192];
181 int linenum = 0; 178 int linenum = 0;
182 unsigned int bits, kbits, hostlen; 179 unsigned int kbits, hostlen;
183 char *cp, *cp2; 180 char *cp, *cp2;
184 HostStatus end_return; 181 HostStatus end_return;
185 182
@@ -198,9 +195,6 @@ check_host_in_hostfile(const char *filename, const char *host,
198 */ 195 */
199 end_return = HOST_NEW; 196 end_return = HOST_NEW;
200 197
201 /* size of modulus 'n' */
202 bits = BN_num_bits(n);
203
204 /* Go trough the file. */ 198 /* Go trough the file. */
205 while (fgets(line, sizeof(line), f)) { 199 while (fgets(line, sizeof(line), f)) {
206 cp = line; 200 cp = line;
diff --git a/log-client.c b/log-client.c
index 668aafff0..11ac45d7a 100644
--- a/log-client.c
+++ b/log-client.c
@@ -15,7 +15,7 @@
15 */ 15 */
16 16
17#include "includes.h" 17#include "includes.h"
18RCSID("$Id: log-client.c,v 1.4 2000/01/20 13:18:16 damien Exp $"); 18RCSID("$Id: log-client.c,v 1.5 2000/03/09 10:27:50 damien Exp $");
19 19
20#include "xmalloc.h" 20#include "xmalloc.h"
21#include "ssh.h" 21#include "ssh.h"
@@ -45,12 +45,12 @@ log_init(char *av0, LogLevel level, SyslogFacility ignored1, int ignored2)
45 } 45 }
46} 46}
47 47
48#define SSH_MSGBUFSIZE 1024 48#define MSGBUFSIZ 1024
49 49
50void 50void
51do_log(LogLevel level, const char *fmt, va_list args) 51do_log(LogLevel level, const char *fmt, va_list args)
52{ 52{
53 char msgbuf[SSH_MSGBUFSIZE]; 53 char msgbuf[MSGBUFSIZ];
54 54
55 if (level > log_level) 55 if (level > log_level)
56 return; 56 return;
diff --git a/log-server.c b/log-server.c
index 264288109..7f732ed3b 100644
--- a/log-server.c
+++ b/log-server.c
@@ -15,7 +15,7 @@
15 */ 15 */
16 16
17#include "includes.h" 17#include "includes.h"
18RCSID("$Id: log-server.c,v 1.6 2000/01/20 13:18:16 damien Exp $"); 18RCSID("$Id: log-server.c,v 1.7 2000/03/09 10:27:50 damien Exp $");
19 19
20#include <syslog.h> 20#include <syslog.h>
21#include "packet.h" 21#include "packet.h"
@@ -97,13 +97,13 @@ log_init(char *av0, LogLevel level, SyslogFacility facility, int on_stderr)
97 log_on_stderr = on_stderr; 97 log_on_stderr = on_stderr;
98} 98}
99 99
100#define SSH_MSGBUFSIZE 1024 100#define MSGBUFSIZ 1024
101 101
102void 102void
103do_log(LogLevel level, const char *fmt, va_list args) 103do_log(LogLevel level, const char *fmt, va_list args)
104{ 104{
105 char msgbuf[SSH_MSGBUFSIZE]; 105 char msgbuf[MSGBUFSIZ];
106 char fmtbuf[SSH_MSGBUFSIZE]; 106 char fmtbuf[MSGBUFSIZ];
107 char *txt = NULL; 107 char *txt = NULL;
108 int pri = LOG_INFO; 108 int pri = LOG_INFO;
109 109
diff --git a/packet.c b/packet.c
index d0f3a895a..f65ae989d 100644
--- a/packet.c
+++ b/packet.c
@@ -15,7 +15,7 @@
15 */ 15 */
16 16
17#include "includes.h" 17#include "includes.h"
18RCSID("$Id: packet.c,v 1.11 2000/01/22 22:38:00 damien Exp $"); 18RCSID("$Id: packet.c,v 1.12 2000/03/09 10:27:50 damien Exp $");
19 19
20#include "xmalloc.h" 20#include "xmalloc.h"
21#include "buffer.h" 21#include "buffer.h"
@@ -505,7 +505,7 @@ packet_read_poll(int *payload_len_ptr)
505{ 505{
506 unsigned int len, padded_len; 506 unsigned int len, padded_len;
507 unsigned char *ucp; 507 unsigned char *ucp;
508 char buf[8], *cp; 508 char buf[8], *cp, *msg;
509 unsigned int checksum, stored_checksum; 509 unsigned int checksum, stored_checksum;
510 510
511restart: 511restart:
@@ -575,7 +575,9 @@ restart:
575 575
576 /* Handle disconnect message. */ 576 /* Handle disconnect message. */
577 if ((unsigned char) buf[0] == SSH_MSG_DISCONNECT) { 577 if ((unsigned char) buf[0] == SSH_MSG_DISCONNECT) {
578 log("Received disconnect: %.900s", packet_get_string(NULL)); 578 msg = packet_get_string(NULL);
579 log("Received disconnect: %.900s", msg);
580 xfree(msg);
579 fatal_cleanup(); 581 fatal_cleanup();
580 } 582 }
581 583
@@ -585,7 +587,9 @@ restart:
585 587
586 /* Send debug messages as debugging output. */ 588 /* Send debug messages as debugging output. */
587 if ((unsigned char) buf[0] == SSH_MSG_DEBUG) { 589 if ((unsigned char) buf[0] == SSH_MSG_DEBUG) {
588 debug("Remote: %.900s", packet_get_string(NULL)); 590 msg = packet_get_string(NULL);
591 debug("Remote: %.900s", msg);
592 xfree(msg);
589 goto restart; 593 goto restart;
590 } 594 }
591 /* Return type. */ 595 /* Return type. */
diff --git a/pty.c b/pty.c
index 4c2dc9cfe..cf8d68884 100644
--- a/pty.c
+++ b/pty.c
@@ -14,7 +14,7 @@
14 */ 14 */
15 15
16#include "includes.h" 16#include "includes.h"
17RCSID("$Id: pty.c,v 1.14 2000/03/02 12:56:13 damien Exp $"); 17RCSID("$Id: pty.c,v 1.15 2000/03/09 10:27:51 damien Exp $");
18 18
19#ifdef HAVE_UTIL_H 19#ifdef HAVE_UTIL_H
20# include <util.h> 20# include <util.h>
diff --git a/pty.h b/pty.h
index 4d0e5f12b..b97b96df0 100644
--- a/pty.h
+++ b/pty.h
@@ -13,7 +13,7 @@
13 * tty. 13 * tty.
14 */ 14 */
15 15
16/* RCSID("$Id: pty.h,v 1.5 2000/03/02 12:30:53 damien Exp $"); */ 16/* RCSID("$Id: pty.h,v 1.6 2000/03/09 10:27:51 damien Exp $"); */
17 17
18#ifndef PTY_H 18#ifndef PTY_H
19#define PTY_H 19#define PTY_H
@@ -45,4 +45,6 @@ pty_change_window_size(int ptyfd, int row, int col,
45 45
46void pty_setowner(struct passwd *pw, const char *ttyname); 46void pty_setowner(struct passwd *pw, const char *ttyname);
47 47
48void pty_setowner(struct passwd *pw, const char *ttyname);
49
48#endif /* PTY_H */ 50#endif /* PTY_H */
diff --git a/readconf.c b/readconf.c
index 0ba78639e..99023d136 100644
--- a/readconf.c
+++ b/readconf.c
@@ -14,7 +14,7 @@
14 */ 14 */
15 15
16#include "includes.h" 16#include "includes.h"
17RCSID("$Id: readconf.c,v 1.7 1999/12/06 00:47:29 damien Exp $"); 17RCSID("$Id: readconf.c,v 1.8 2000/03/09 10:27:51 damien Exp $");
18 18
19#include "ssh.h" 19#include "ssh.h"
20#include "cipher.h" 20#include "cipher.h"
@@ -638,7 +638,7 @@ fill_default_options(Options * options)
638 if (options->forward_agent == -1) 638 if (options->forward_agent == -1)
639 options->forward_agent = 1; 639 options->forward_agent = 1;
640 if (options->forward_x11 == -1) 640 if (options->forward_x11 == -1)
641 options->forward_x11 = 1; 641 options->forward_x11 = 0;
642 if (options->gateway_ports == -1) 642 if (options->gateway_ports == -1)
643 options->gateway_ports = 0; 643 options->gateway_ports = 0;
644 if (options->use_privileged_port == -1) 644 if (options->use_privileged_port == -1)
diff --git a/rsa.c b/rsa.c
index 64786718c..023925295 100644
--- a/rsa.c
+++ b/rsa.c
@@ -35,7 +35,7 @@
35*/ 35*/
36 36
37#include "includes.h" 37#include "includes.h"
38RCSID("$Id: rsa.c,v 1.9 2000/03/05 06:14:38 damien Exp $"); 38RCSID("$Id: rsa.c,v 1.10 2000/03/09 10:27:51 damien Exp $");
39 39
40#include "rsa.h" 40#include "rsa.h"
41#include "ssh.h" 41#include "ssh.h"
@@ -159,7 +159,7 @@ rsa_public_encrypt(BIGNUM *out, BIGNUM *in, RSA *key)
159 BN_bn2bin(in, inbuf); 159 BN_bn2bin(in, inbuf);
160 160
161 if ((len = RSA_public_encrypt(ilen, inbuf, outbuf, key, 161 if ((len = RSA_public_encrypt(ilen, inbuf, outbuf, key,
162 RSA_PKCS1_PADDING)) <= 0) 162 RSA_PKCS1_PADDING)) <= 0)
163 fatal("rsa_public_encrypt() failed"); 163 fatal("rsa_public_encrypt() failed");
164 164
165 BN_bin2bn(outbuf, len, out); 165 BN_bin2bn(outbuf, len, out);
@@ -184,7 +184,7 @@ rsa_private_decrypt(BIGNUM *out, BIGNUM *in, RSA *key)
184 BN_bn2bin(in, inbuf); 184 BN_bn2bin(in, inbuf);
185 185
186 if ((len = RSA_private_decrypt(ilen, inbuf, outbuf, key, 186 if ((len = RSA_private_decrypt(ilen, inbuf, outbuf, key,
187 RSA_SSLV23_PADDING)) <= 0) 187 RSA_PKCS1_PADDING)) <= 0)
188 fatal("rsa_private_decrypt() failed"); 188 fatal("rsa_private_decrypt() failed");
189 189
190 BN_bin2bn(outbuf, len, out); 190 BN_bin2bn(outbuf, len, out);
diff --git a/scp.c b/scp.c
index 3074ccdaa..6e07879f0 100644
--- a/scp.c
+++ b/scp.c
@@ -45,7 +45,7 @@
45 */ 45 */
46 46
47#include "includes.h" 47#include "includes.h"
48RCSID("$Id: scp.c,v 1.16 2000/01/14 04:45:51 damien Exp $"); 48RCSID("$Id: scp.c,v 1.17 2000/03/09 10:27:51 damien Exp $");
49 49
50#include "ssh.h" 50#include "ssh.h"
51#include "xmalloc.h" 51#include "xmalloc.h"
@@ -1008,7 +1008,7 @@ run_err(const char *fmt,...)
1008 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 1008 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
1009 * SUCH DAMAGE. 1009 * SUCH DAMAGE.
1010 * 1010 *
1011 * $Id: scp.c,v 1.16 2000/01/14 04:45:51 damien Exp $ 1011 * $Id: scp.c,v 1.17 2000/03/09 10:27:51 damien Exp $
1012 */ 1012 */
1013 1013
1014char * 1014char *
@@ -1067,7 +1067,7 @@ okname(cp0)
1067 } while (*++cp); 1067 } while (*++cp);
1068 return (1); 1068 return (1);
1069 1069
1070bad: fprintf(stderr, "%s: invalid user name", cp0); 1070bad: fprintf(stderr, "%s: invalid user name\n", cp0);
1071 return (0); 1071 return (0);
1072} 1072}
1073 1073
diff --git a/servconf.c b/servconf.c
index 3425fe0ee..b08ac671f 100644
--- a/servconf.c
+++ b/servconf.c
@@ -12,7 +12,7 @@
12 */ 12 */
13 13
14#include "includes.h" 14#include "includes.h"
15RCSID("$Id: servconf.c,v 1.8 2000/01/14 04:45:51 damien Exp $"); 15RCSID("$Id: servconf.c,v 1.9 2000/03/09 10:27:51 damien Exp $");
16 16
17#include "ssh.h" 17#include "ssh.h"
18#include "servconf.h" 18#include "servconf.h"
@@ -87,7 +87,7 @@ fill_default_server_options(ServerOptions *options)
87 if (options->permit_root_login == -1) 87 if (options->permit_root_login == -1)
88 options->permit_root_login = 1; /* yes */ 88 options->permit_root_login = 1; /* yes */
89 if (options->ignore_rhosts == -1) 89 if (options->ignore_rhosts == -1)
90 options->ignore_rhosts = 0; 90 options->ignore_rhosts = 1;
91 if (options->ignore_user_known_hosts == -1) 91 if (options->ignore_user_known_hosts == -1)
92 options->ignore_user_known_hosts = 0; 92 options->ignore_user_known_hosts = 0;
93 if (options->check_mail == -1) 93 if (options->check_mail == -1)
@@ -95,9 +95,9 @@ fill_default_server_options(ServerOptions *options)
95 if (options->print_motd == -1) 95 if (options->print_motd == -1)
96 options->print_motd = 1; 96 options->print_motd = 1;
97 if (options->x11_forwarding == -1) 97 if (options->x11_forwarding == -1)
98 options->x11_forwarding = 1; 98 options->x11_forwarding = 0;
99 if (options->x11_display_offset == -1) 99 if (options->x11_display_offset == -1)
100 options->x11_display_offset = 1; 100 options->x11_display_offset = 10;
101 if (options->strict_modes == -1) 101 if (options->strict_modes == -1)
102 options->strict_modes = 1; 102 options->strict_modes = 1;
103 if (options->keepalives == -1) 103 if (options->keepalives == -1)
@@ -109,7 +109,7 @@ fill_default_server_options(ServerOptions *options)
109 if (options->rhosts_authentication == -1) 109 if (options->rhosts_authentication == -1)
110 options->rhosts_authentication = 0; 110 options->rhosts_authentication = 0;
111 if (options->rhosts_rsa_authentication == -1) 111 if (options->rhosts_rsa_authentication == -1)
112 options->rhosts_rsa_authentication = 1; 112 options->rhosts_rsa_authentication = 0;
113 if (options->rsa_authentication == -1) 113 if (options->rsa_authentication == -1)
114 options->rsa_authentication = 1; 114 options->rsa_authentication = 1;
115#ifdef KRB4 115#ifdef KRB4
@@ -133,7 +133,7 @@ fill_default_server_options(ServerOptions *options)
133 options->skey_authentication = 1; 133 options->skey_authentication = 1;
134#endif 134#endif
135 if (options->permit_empty_passwd == -1) 135 if (options->permit_empty_passwd == -1)
136 options->permit_empty_passwd = 1; 136 options->permit_empty_passwd = 0;
137 if (options->use_login == -1) 137 if (options->use_login == -1)
138 options->use_login = 0; 138 options->use_login = 0;
139} 139}
@@ -402,7 +402,7 @@ parse_flag:
402 402
403 case sIgnoreUserKnownHosts: 403 case sIgnoreUserKnownHosts:
404 intptr = &options->ignore_user_known_hosts; 404 intptr = &options->ignore_user_known_hosts;
405 goto parse_int; 405 goto parse_flag;
406 406
407 case sRhostsAuthentication: 407 case sRhostsAuthentication:
408 intptr = &options->rhosts_authentication; 408 intptr = &options->rhosts_authentication;
diff --git a/ssh-keygen.c b/ssh-keygen.c
index 2b674676d..bf7f0ced2 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -7,7 +7,7 @@
7 */ 7 */
8 8
9#include "includes.h" 9#include "includes.h"
10RCSID("$Id: ssh-keygen.c,v 1.10 1999/11/25 00:54:59 damien Exp $"); 10RCSID("$Id: ssh-keygen.c,v 1.11 2000/03/09 10:27:51 damien Exp $");
11 11
12#include "rsa.h" 12#include "rsa.h"
13#include "ssh.h" 13#include "ssh.h"
@@ -80,8 +80,11 @@ ask_filename(struct passwd *pw, const char *prompt)
80void 80void
81do_fingerprint(struct passwd *pw) 81do_fingerprint(struct passwd *pw)
82{ 82{
83 char *comment; 83 FILE *f;
84 BIGNUM *e, *n;
84 RSA *public_key; 85 RSA *public_key;
86 char *comment = NULL, *cp, *ep, line[16*1024];
87 int i, skip = 0, num = 1, invalid = 1;
85 struct stat st; 88 struct stat st;
86 89
87 if (!have_identity) 90 if (!have_identity)
@@ -90,38 +93,71 @@ do_fingerprint(struct passwd *pw)
90 perror(identity_file); 93 perror(identity_file);
91 exit(1); 94 exit(1);
92 } 95 }
96
93 public_key = RSA_new(); 97 public_key = RSA_new();
94 if (!load_public_key(identity_file, public_key, &comment)) { 98 if (load_public_key(identity_file, public_key, &comment)) {
95 char *cp, line[1024]; 99 printf("%d %s %s\n", BN_num_bits(public_key->n),
96 BIGNUM *e, *n; 100 fingerprint(public_key->e, public_key->n),
97 int dummy, invalid = 0; 101 comment);
98 FILE *f = fopen(identity_file, "r"); 102 RSA_free(public_key);
103 exit(0);
104 }
105 RSA_free(public_key);
106
107 f = fopen(identity_file, "r");
108 if (f != NULL) {
99 n = BN_new(); 109 n = BN_new();
100 e = BN_new(); 110 e = BN_new();
101 if (f && fgets(line, sizeof(line), f)) { 111 while (fgets(line, sizeof(line), f)) {
102 cp = line; 112 i = strlen(line) - 1;
103 line[strlen(line) - 1] = '\0'; 113 if (line[i] != '\n') {
104 if (auth_rsa_read_key(&cp, &dummy, e, n)) { 114 error("line %d too long: %.40s...", num, line);
105 public_key->e = e; 115 skip = 1;
106 public_key->n = n; 116 continue;
107 comment = xstrdup(cp ? cp : "no comment"); 117 }
108 } else { 118 num++;
109 invalid = 1; 119 if (skip) {
120 skip = 0;
121 continue;
122 }
123 line[i] = '\0';
124
125 /* Skip leading whitespace, empty and comment lines. */
126 for (cp = line; *cp == ' ' || *cp == '\t'; cp++)
127 ;
128 if (!*cp || *cp == '\n' || *cp == '#')
129 continue ;
130 i = strtol(cp, &ep, 10);
131 if (i == 0 || ep == NULL || (*ep != ' ' && *ep != '\t')) {
132 int quoted = 0;
133 comment = cp;
134 for (; *cp && (quoted || (*cp != ' ' && *cp != '\t')); cp++) {
135 if (*cp == '\\' && cp[1] == '"')
136 cp++; /* Skip both */
137 else if (*cp == '"')
138 quoted = !quoted;
139 }
140 if (!*cp)
141 continue;
142 *cp++ = '\0';
143 }
144 ep = cp;
145 if (auth_rsa_read_key(&cp, &i, e, n)) {
146 invalid = 0;
147 comment = *cp ? cp : comment;
148 printf("%d %s %s\n", BN_num_bits(n),
149 fingerprint(e, n),
150 comment ? comment : "no comment");
110 } 151 }
111 } else {
112 invalid = 1;
113 }
114 if (invalid) {
115 printf("%s is not a valid key file.\n", identity_file);
116 BN_free(e);
117 BN_free(n);
118 exit(1);
119 } 152 }
153 BN_free(e);
154 BN_free(n);
155 fclose(f);
156 }
157 if (invalid) {
158 printf("%s is not a valid key file.\n", identity_file);
159 exit(1);
120 } 160 }
121 printf("%d %s %s\n", BN_num_bits(public_key->n),
122 fingerprint(public_key->e, public_key->n),
123 comment);
124 RSA_free(public_key);
125 exit(0); 161 exit(0);
126} 162}
127 163
@@ -314,7 +350,7 @@ void
314usage(void) 350usage(void)
315{ 351{
316 printf("ssh-keygen version %s\n", SSH_VERSION); 352 printf("ssh-keygen version %s\n", SSH_VERSION);
317 printf("Usage: %s [-b bits] [-p] [-c] [-f file] [-P pass] [-N new-pass] [-C comment]\n", __progname); 353 printf("Usage: %s [-b bits] [-p] [-c] [-l] [-f file] [-P pass] [-N new-pass] [-C comment]\n", __progname);
318 exit(1); 354 exit(1);
319} 355}
320 356
diff --git a/ssh.1 b/ssh.1
index 7bea1b132..9f1ca97b6 100644
--- a/ssh.1
+++ b/ssh.1
@@ -9,7 +9,7 @@
9.\" 9.\"
10.\" Created: Sat Apr 22 21:55:14 1995 ylo 10.\" Created: Sat Apr 22 21:55:14 1995 ylo
11.\" 11.\"
12.\" $Id: ssh.1,v 1.17 2000/03/03 11:48:49 damien Exp $ 12.\" $Id: ssh.1,v 1.18 2000/03/09 10:27:52 damien Exp $
13.\" 13.\"
14.Dd September 25, 1999 14.Dd September 25, 1999
15.Dt SSH 1 15.Dt SSH 1
@@ -557,6 +557,8 @@ set. The argument must be
557.Dq yes 557.Dq yes
558or 558or
559.Dq no . 559.Dq no .
560The default is
561.Dq no .
560.It Cm GatewayPorts 562.It Cm GatewayPorts
561Specifies whether remote hosts are allowed to connect to local 563Specifies whether remote hosts are allowed to connect to local
562forwarded ports. 564forwarded ports.
@@ -813,7 +815,7 @@ and adds lines of the format
813.Dq VARNAME=value 815.Dq VARNAME=value
814to the environment. 816to the environment.
815.Sh FILES 817.Sh FILES
816.Bl -tag -width $HOME/.ssh/known_hosts 818.Bl -tag -width Ds
817.It Pa $HOME/.ssh/known_hosts 819.It Pa $HOME/.ssh/known_hosts
818Records host keys for all hosts the user has logged into (that are not 820Records host keys for all hosts the user has logged into (that are not
819in 821in
@@ -958,17 +960,12 @@ above.
958A version of this library which includes support for the RSA algorithm 960A version of this library which includes support for the RSA algorithm
959is required for proper operation. 961is required for proper operation.
960.Sh AUTHOR 962.Sh AUTHOR
961Tatu Ylonen <ylo@cs.hut.fi>
962.Pp
963Issues can be found from the SSH WWW home page:
964.Pp
965.Dl http://www.cs.hut.fi/ssh
966.Pp
967OpenSSH 963OpenSSH
968is a derivative of the original (free) ssh 1.2.12 release, but with bugs 964is a derivative of the original (free) ssh 1.2.12 release by Tatu Ylonen,
969removed and newer features re-added. Rapidly after the 1.2.12 release, 965but with bugs removed and newer features re-added. Rapidly after the
970newer versions bore successively more restrictive licenses. This version 9661.2.12 release, newer versions of the original ssh bore successively
971of OpenSSH 967more restrictive licenses, and thus demand for a free version was born.
968This version of OpenSSH
972.Bl -bullet 969.Bl -bullet
973.It 970.It
974has all components of a restrictive nature (i.e., patents, see 971has all components of a restrictive nature (i.e., patents, see
@@ -977,7 +974,8 @@ directly removed from the source code; any licensed or patented components
977are chosen from 974are chosen from
978external libraries. 975external libraries.
979.It 976.It
980has been updated to support ssh protocol 1.5. 977has been updated to support ssh protocol 1.5, making it compatible with
978all other ssh protocol 1 clients and servers.
981.It 979.It
982contains added support for 980contains added support for
983.Xr kerberos 8 981.Xr kerberos 8
diff --git a/ssh.c b/ssh.c
index 2d9a9d96b..bada8e189 100644
--- a/ssh.c
+++ b/ssh.c
@@ -11,7 +11,7 @@
11 */ 11 */
12 12
13#include "includes.h" 13#include "includes.h"
14RCSID("$Id: ssh.c,v 1.20 2000/03/02 12:09:21 damien Exp $"); 14RCSID("$Id: ssh.c,v 1.21 2000/03/09 10:27:52 damien Exp $");
15 15
16#include "xmalloc.h" 16#include "xmalloc.h"
17#include "ssh.h" 17#include "ssh.h"
@@ -103,6 +103,7 @@ usage()
103 fprintf(stderr, " -k Disable Kerberos ticket and AFS token forwarding.\n"); 103 fprintf(stderr, " -k Disable Kerberos ticket and AFS token forwarding.\n");
104#endif /* AFS */ 104#endif /* AFS */
105 fprintf(stderr, " -x Disable X11 connection forwarding.\n"); 105 fprintf(stderr, " -x Disable X11 connection forwarding.\n");
106 fprintf(stderr, " -X Enable X11 connection forwarding.\n");
106 fprintf(stderr, " -i file Identity for RSA authentication (default: ~/.ssh/identity).\n"); 107 fprintf(stderr, " -i file Identity for RSA authentication (default: ~/.ssh/identity).\n");
107 fprintf(stderr, " -t Tty; allocate a tty even if command is given.\n"); 108 fprintf(stderr, " -t Tty; allocate a tty even if command is given.\n");
108 fprintf(stderr, " -v Verbose; display verbose debugging messages.\n"); 109 fprintf(stderr, " -v Verbose; display verbose debugging messages.\n");
@@ -497,7 +498,7 @@ main(int ac, char **av)
497 struct addrinfo *ai = NULL; 498 struct addrinfo *ai = NULL;
498 int errgai; 499 int errgai;
499 memset(&hints, 0, sizeof(hints)); 500 memset(&hints, 0, sizeof(hints));
500 hints.ai_family = AF_UNSPEC; 501 hints.ai_family = IPv4or6;
501 hints.ai_flags = AI_CANONNAME; 502 hints.ai_flags = AI_CANONNAME;
502 hints.ai_socktype = SOCK_STREAM; 503 hints.ai_socktype = SOCK_STREAM;
503 errgai = getaddrinfo(host, NULL, &hints, &ai); 504 errgai = getaddrinfo(host, NULL, &hints, &ai);
diff --git a/ssh.h b/ssh.h
index 281ef1388..ee6e3c1f1 100644
--- a/ssh.h
+++ b/ssh.h
@@ -13,7 +13,7 @@
13 * 13 *
14 */ 14 */
15 15
16/* RCSID("$Id: ssh.h,v 1.26 2000/02/07 02:20:26 damien Exp $"); */ 16/* RCSID("$Id: ssh.h,v 1.27 2000/03/09 10:27:52 damien Exp $"); */
17 17
18#ifndef SSH_H 18#ifndef SSH_H
19#define SSH_H 19#define SSH_H
@@ -712,7 +712,7 @@ struct envstring {
712/* 712/*
713 * Ensure all of data on socket comes through. f==read || f==write 713 * Ensure all of data on socket comes through. f==read || f==write
714 */ 714 */
715int atomicio(int (*f)(), int fd, void *s, size_t n); 715ssize_t atomicio(ssize_t (*f)(), int fd, void *s, size_t n);
716 716
717#ifdef KRB4 717#ifdef KRB4
718#include <krb.h> 718#include <krb.h>
diff --git a/sshconnect.c b/sshconnect.c
index 5e2a34497..c4c9aee1f 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -8,7 +8,7 @@
8 */ 8 */
9 9
10#include "includes.h" 10#include "includes.h"
11RCSID("$OpenBSD: sshconnect.c,v 1.53 2000/01/18 09:42:17 markus Exp $"); 11RCSID("$OpenBSD: sshconnect.c,v 1.56 2000/02/18 08:50:33 markus Exp $");
12 12
13#ifdef HAVE_OPENSSL 13#ifdef HAVE_OPENSSL
14#include <openssl/bn.h> 14#include <openssl/bn.h>
@@ -156,8 +156,9 @@ ssh_create_socket(uid_t original_real_uid, int privileged, int family)
156 int p = IPPORT_RESERVED - 1; 156 int p = IPPORT_RESERVED - 1;
157 sock = rresvport_af(&p, family); 157 sock = rresvport_af(&p, family);
158 if (sock < 0) 158 if (sock < 0)
159 fatal("rresvport: af=%d %.100s", family, strerror(errno)); 159 error("rresvport: af=%d %.100s", family, strerror(errno));
160 debug("Allocated local port %d.", p); 160 else
161 debug("Allocated local port %d.", p);
161 } else { 162 } else {
162 /* 163 /*
163 * Just create an ordinary socket on arbitrary port. We use 164 * Just create an ordinary socket on arbitrary port. We use
@@ -891,6 +892,7 @@ try_skey_authentication()
891 log("WARNING: Encryption is disabled! " 892 log("WARNING: Encryption is disabled! "
892 "Reponse will be transmitted in clear text."); 893 "Reponse will be transmitted in clear text.");
893 fprintf(stderr, "%s\n", challenge); 894 fprintf(stderr, "%s\n", challenge);
895 xfree(challenge);
894 fflush(stderr); 896 fflush(stderr);
895 for (i = 0; i < options.number_of_password_prompts; i++) { 897 for (i = 0; i < options.number_of_password_prompts; i++) {
896 if (i != 0) 898 if (i != 0)
@@ -960,8 +962,11 @@ ssh_exchange_identification()
960 962
961 /* Read other side\'s version identification. */ 963 /* Read other side\'s version identification. */
962 for (i = 0; i < sizeof(buf) - 1; i++) { 964 for (i = 0; i < sizeof(buf) - 1; i++) {
963 if (read(connection_in, &buf[i], 1) != 1) 965 int len = read(connection_in, &buf[i], 1);
966 if (len < 0)
964 fatal("ssh_exchange_identification: read: %.100s", strerror(errno)); 967 fatal("ssh_exchange_identification: read: %.100s", strerror(errno));
968 if (len != 1)
969 fatal("ssh_exchange_identification: Connection closed by remote host");
965 if (buf[i] == '\r') { 970 if (buf[i] == '\r') {
966 buf[i] = '\n'; 971 buf[i] = '\n';
967 buf[i + 1] = 0; 972 buf[i + 1] = 0;
diff --git a/sshd.8 b/sshd.8
index 4ad73bb77..c5497cf9f 100644
--- a/sshd.8
+++ b/sshd.8
@@ -9,7 +9,7 @@
9.\" 9.\"
10.\" Created: Sat Apr 22 21:55:14 1995 ylo 10.\" Created: Sat Apr 22 21:55:14 1995 ylo
11.\" 11.\"
12.\" $Id: sshd.8,v 1.12 2000/01/22 08:57:41 damien Exp $ 12.\" $Id: sshd.8,v 1.13 2000/03/09 10:27:53 damien Exp $
13.\" 13.\"
14.Dd September 25, 1999 14.Dd September 25, 1999
15.Dt SSHD 8 15.Dt SSHD 8
@@ -258,13 +258,16 @@ Note that
258.Nm 258.Nm
259does not start if this file is group/world-accessible. 259does not start if this file is group/world-accessible.
260.It Cm IgnoreRhosts 260.It Cm IgnoreRhosts
261Specifies that rhosts and shosts files will not be used in 261Specifies that
262authentication. 262.Pa .rhosts
263and
264.Pa .shosts
265files will not be used in authentication.
263.Pa /etc/hosts.equiv 266.Pa /etc/hosts.equiv
264and 267and
265.Pa /etc/shosts.equiv 268.Pa /etc/shosts.equiv
266are still used. The default is 269are still used. The default is
267.Dq no . 270.Dq yes .
268.It Cm IgnoreUserKnownHosts 271.It Cm IgnoreUserKnownHosts
269Specifies whether 272Specifies whether
270.Nm 273.Nm
@@ -352,7 +355,7 @@ The default is
352When password authentication is allowed, it specifies whether the 355When password authentication is allowed, it specifies whether the
353server allows login to accounts with empty password strings. The default 356server allows login to accounts with empty password strings. The default
354is 357is
355.Dq yes . 358.Dq no .
356.It Cm PermitRootLogin 359.It Cm PermitRootLogin
357Specifies whether the root can log in using 360Specifies whether the root can log in using
358.Xr ssh 1 . 361.Xr ssh 1 .
@@ -403,7 +406,7 @@ The default is
403.It Cm RhostsRSAAuthentication 406.It Cm RhostsRSAAuthentication
404Specifies whether rhosts or /etc/hosts.equiv authentication together 407Specifies whether rhosts or /etc/hosts.equiv authentication together
405with successful RSA host authentication is allowed. The default is 408with successful RSA host authentication is allowed. The default is
406.Dq yes . 409.Dq no .
407.It Cm RSAAuthentication 410.It Cm RSAAuthentication
408Specifies whether pure RSA authentication is allowed. The default is 411Specifies whether pure RSA authentication is allowed. The default is
409.Dq yes . 412.Dq yes .
@@ -442,9 +445,10 @@ Specifies the first display number available for
442X11 forwarding. This prevents 445X11 forwarding. This prevents
443.Nm 446.Nm
444from interfering with real X11 servers. 447from interfering with real X11 servers.
448The default is 10.
445.It Cm X11Forwarding 449.It Cm X11Forwarding
446Specifies whether X11 forwarding is permitted. The default is 450Specifies whether X11 forwarding is permitted. The default is
447.Dq yes . 451.Dq no .
448Note that disabling X11 forwarding does not improve security in any 452Note that disabling X11 forwarding does not improve security in any
449way, as users can always install their own forwarders. 453way, as users can always install their own forwarders.
450.El 454.El
@@ -762,18 +766,12 @@ This can be used to specify
762machine-specific login-time initializations globally. This file 766machine-specific login-time initializations globally. This file
763should be writable only by root, and should be world-readable. 767should be writable only by root, and should be world-readable.
764.Sh AUTHOR 768.Sh AUTHOR
765Tatu Ylonen <ylo@cs.hut.fi>
766.Pp
767Information about new releases, mailing lists, and other related
768issues can be found from the SSH WWW home page:
769.Pp
770.Dl http://www.cs.hut.fi/ssh.
771.Pp
772OpenSSH 769OpenSSH
773is a derivative of the original (free) ssh 1.2.12 release, but with bugs 770is a derivative of the original (free) ssh 1.2.12 release by Tatu Ylonen,
774removed and newer features re-added. Rapidly after the 1.2.12 release, 771but with bugs removed and newer features re-added. Rapidly after the
775newer versions bore successively more restrictive licenses. This version 7721.2.12 release, newer versions of the original ssh bore successively
776of OpenSSH 773more restrictive licenses, and thus demand for a free version was born.
774This version of OpenSSH
777.Bl -bullet 775.Bl -bullet
778.It 776.It
779has all components of a restrictive nature (i.e., patents, see 777has all components of a restrictive nature (i.e., patents, see
@@ -782,7 +780,8 @@ directly removed from the source code; any licensed or patented components
782are chosen from 780are chosen from
783external libraries. 781external libraries.
784.It 782.It
785has been updated to support ssh protocol 1.5. 783has been updated to support ssh protocol 1.5, making it compatible with
784all other ssh protocol 1 clients and servers.
786.It 785.It
787contains added support for 786contains added support for
788.Xr kerberos 8 787.Xr kerberos 8
diff --git a/sshd.c b/sshd.c
index 0024440ed..829c0a712 100644
--- a/sshd.c
+++ b/sshd.c
@@ -11,7 +11,7 @@
11 */ 11 */
12 12
13#include "includes.h" 13#include "includes.h"
14RCSID("$OpenBSD: sshd.c,v 1.80 2000/01/20 15:19:22 markus Exp $"); 14RCSID("$OpenBSD: sshd.c,v 1.90 2000/03/06 20:29:04 markus Exp $");
15 15
16#include "xmalloc.h" 16#include "xmalloc.h"
17#include "rsa.h" 17#include "rsa.h"
@@ -148,6 +148,27 @@ void do_child(const char *command, struct passwd * pw, const char *term,
148 const char *auth_data, const char *ttyname); 148 const char *auth_data, const char *ttyname);
149 149
150/* 150/*
151 * Remove local Xauthority file.
152 */
153void
154xauthfile_cleanup_proc(void *ignore)
155{
156 debug("xauthfile_cleanup_proc called");
157
158 if (xauthfile != NULL) {
159 char *p;
160 unlink(xauthfile);
161 p = strrchr(xauthfile, '/');
162 if (p != NULL) {
163 *p = '\0';
164 rmdir(xauthfile);
165 }
166 xfree(xauthfile);
167 xauthfile = NULL;
168 }
169}
170
171/*
151 * Close all listening sockets 172 * Close all listening sockets
152 */ 173 */
153void 174void
@@ -234,6 +255,7 @@ grace_alarm_handler(int sig)
234char * 255char *
235get_authname(int type) 256get_authname(int type)
236{ 257{
258 static char buf[1024];
237 switch (type) { 259 switch (type) {
238 case SSH_CMSG_AUTH_PASSWORD: 260 case SSH_CMSG_AUTH_PASSWORD:
239 return "password"; 261 return "password";
@@ -252,8 +274,8 @@ get_authname(int type)
252 return "s/key"; 274 return "s/key";
253#endif 275#endif
254 } 276 }
255 fatal("get_authname: unknown auth %d: internal error", type); 277 snprintf(buf, sizeof buf, "bad-auth-msg-%d", type);
256 return NULL; 278 return buf;
257} 279}
258 280
259/* 281/*
@@ -878,7 +900,7 @@ main(int ac, char **av)
878 900
879 /* Cleanup user's local Xauthority file. */ 901 /* Cleanup user's local Xauthority file. */
880 if (xauthfile) 902 if (xauthfile)
881 unlink(xauthfile); 903 xauthfile_cleanup_proc(NULL);
882 904
883 /* The connection has been terminated. */ 905 /* The connection has been terminated. */
884 verbose("Closing connection to %.100s", remote_ip); 906 verbose("Closing connection to %.100s", remote_ip);
@@ -1089,12 +1111,14 @@ do_ssh_kex()
1089 * DenyUsers or user's primary group is listed in DenyGroups, false will 1111 * DenyUsers or user's primary group is listed in DenyGroups, false will
1090 * be returned. If AllowUsers isn't empty and user isn't listed there, or 1112 * be returned. If AllowUsers isn't empty and user isn't listed there, or
1091 * if AllowGroups isn't empty and user isn't listed there, false will be 1113 * if AllowGroups isn't empty and user isn't listed there, false will be
1092 * returned. Otherwise true is returned. 1114 * returned.
1093 * XXX This function should also check if user has a valid shell 1115 * If the user's shell is not executable, false will be returned.
1116 * Otherwise true is returned.
1094 */ 1117 */
1095static int 1118static int
1096allowed_user(struct passwd * pw) 1119allowed_user(struct passwd * pw)
1097{ 1120{
1121 struct stat st;
1098 struct group *grp; 1122 struct group *grp;
1099 int i; 1123 int i;
1100#ifdef WITH_AIXAUTHENTICATE 1124#ifdef WITH_AIXAUTHENTICATE
@@ -1105,7 +1129,11 @@ allowed_user(struct passwd * pw)
1105 if (!pw) 1129 if (!pw)
1106 return 0; 1130 return 0;
1107 1131
1108 /* XXX Should check for valid login shell */ 1132 /* deny if shell does not exists or is not executable */
1133 if (stat(pw->pw_shell, &st) != 0)
1134 return 0;
1135 if (!((st.st_mode & S_IFREG) && (st.st_mode & (S_IXOTH|S_IXUSR|S_IXGRP))))
1136 return 0;
1109 1137
1110 /* Return false if user is listed in DenyUsers */ 1138 /* Return false if user is listed in DenyUsers */
1111 if (options.num_deny_users > 0) { 1139 if (options.num_deny_users > 0) {
@@ -1202,6 +1230,7 @@ do_authentication()
1202 pw = getpwnam(user); 1230 pw = getpwnam(user);
1203 if (!pw || !allowed_user(pw)) 1231 if (!pw || !allowed_user(pw))
1204 do_fake_authloop(user); 1232 do_fake_authloop(user);
1233 xfree(user);
1205 1234
1206 /* Take a copy of the returned structure. */ 1235 /* Take a copy of the returned structure. */
1207 memset(&pwcopy, 0, sizeof(pwcopy)); 1236 memset(&pwcopy, 0, sizeof(pwcopy));
@@ -1224,7 +1253,7 @@ do_authentication()
1224 if (getuid() != 0 && pw->pw_uid != getuid()) 1253 if (getuid() != 0 && pw->pw_uid != getuid())
1225 packet_disconnect("Cannot change user when server not running as root."); 1254 packet_disconnect("Cannot change user when server not running as root.");
1226 1255
1227 debug("Attempting authentication for %.100s.", user); 1256 debug("Attempting authentication for %.100s.", pw->pw_name);
1228 1257
1229 /* If the user has no password, accept authentication immediately. */ 1258 /* If the user has no password, accept authentication immediately. */
1230 if (options.password_authentication && 1259 if (options.password_authentication &&
@@ -1510,17 +1539,22 @@ do_authloop(struct passwd * pw)
1510 get_remote_port(), 1539 get_remote_port(),
1511 user); 1540 user);
1512 1541
1513 if (authenticated) {
1514#ifdef USE_PAM 1542#ifdef USE_PAM
1543 if (authenticated) {
1515 if (!do_pam_account(pw->pw_name, client_user)) { 1544 if (!do_pam_account(pw->pw_name, client_user)) {
1516 if (client_user != NULL) 1545 if (client_user != NULL) {
1517 xfree(client_user); 1546 xfree(client_user);
1518 1547 client_user = NULL;
1548 }
1519 do_fake_authloop(pw->pw_name); 1549 do_fake_authloop(pw->pw_name);
1520 } 1550 }
1521#endif /* USE_PAM */
1522 return; 1551 return;
1523 } 1552 }
1553#else /* USE_PAM */
1554 if (authenticated) {
1555 return;
1556 }
1557#endif /* USE_PAM */
1524 1558
1525 if (client_user != NULL) { 1559 if (client_user != NULL) {
1526 xfree(client_user); 1560 xfree(client_user);
@@ -1572,6 +1606,7 @@ do_fake_authloop(char *user)
1572 /* Try to send a fake s/key challenge. */ 1606 /* Try to send a fake s/key challenge. */
1573 if (options.skey_authentication == 1 && 1607 if (options.skey_authentication == 1 &&
1574 (skeyinfo = skey_fake_keyinfo(user)) != NULL) { 1608 (skeyinfo = skey_fake_keyinfo(user)) != NULL) {
1609 password = NULL;
1575 if (type == SSH_CMSG_AUTH_TIS) { 1610 if (type == SSH_CMSG_AUTH_TIS) {
1576 packet_start(SSH_SMSG_AUTH_TIS_CHALLENGE); 1611 packet_start(SSH_SMSG_AUTH_TIS_CHALLENGE);
1577 packet_put_string(skeyinfo, strlen(skeyinfo)); 1612 packet_put_string(skeyinfo, strlen(skeyinfo));
@@ -1585,6 +1620,8 @@ do_fake_authloop(char *user)
1585 strncasecmp(password, "s/key", 5) == 0 ) { 1620 strncasecmp(password, "s/key", 5) == 0 ) {
1586 packet_send_debug(skeyinfo); 1621 packet_send_debug(skeyinfo);
1587 } 1622 }
1623 if (password != NULL)
1624 xfree(password);
1588 } 1625 }
1589#endif 1626#endif
1590 if (attempt > AUTH_FAIL_MAX) 1627 if (attempt > AUTH_FAIL_MAX)
@@ -1607,22 +1644,6 @@ do_fake_authloop(char *user)
1607 abort(); 1644 abort();
1608} 1645}
1609 1646
1610
1611/*
1612 * Remove local Xauthority file.
1613 */
1614static void
1615xauthfile_cleanup_proc(void *ignore)
1616{
1617 debug("xauthfile_cleanup_proc called");
1618
1619 if (xauthfile != NULL) {
1620 unlink(xauthfile);
1621 xfree(xauthfile);
1622 xauthfile = NULL;
1623 }
1624}
1625
1626struct pty_cleanup_context { 1647struct pty_cleanup_context {
1627 const char *ttyname; 1648 const char *ttyname;
1628 int pid; 1649 int pid;
@@ -1665,7 +1686,7 @@ do_authenticated(struct passwd * pw)
1665{ 1686{
1666 int type; 1687 int type;
1667 int compression_level = 0, enable_compression_after_reply = 0; 1688 int compression_level = 0, enable_compression_after_reply = 0;
1668 int have_pty = 0, ptyfd = -1, ttyfd = -1, xauthfd = -1; 1689 int have_pty = 0, ptyfd = -1, ttyfd = -1;
1669 int row, col, xpixel, ypixel, screen; 1690 int row, col, xpixel, ypixel, screen;
1670 char ttyname[64]; 1691 char ttyname[64];
1671 char *command, *term = NULL, *display = NULL, *proto = NULL, *data = NULL; 1692 char *command, *term = NULL, *display = NULL, *proto = NULL, *data = NULL;
@@ -1684,7 +1705,8 @@ do_authenticated(struct passwd * pw)
1684 * by the client telling us, so we can equally well trust the client 1705 * by the client telling us, so we can equally well trust the client
1685 * not to request anything bogus.) 1706 * not to request anything bogus.)
1686 */ 1707 */
1687 channel_permit_all_opens(); 1708 if (!no_port_forwarding_flag)
1709 channel_permit_all_opens();
1688 1710
1689 /* 1711 /*
1690 * We stay in this loop until the client requests to execute a shell 1712 * We stay in this loop until the client requests to execute a shell
@@ -1785,16 +1807,20 @@ do_authenticated(struct passwd * pw)
1785 1807
1786 /* Setup to always have a local .Xauthority. */ 1808 /* Setup to always have a local .Xauthority. */
1787 xauthfile = xmalloc(MAXPATHLEN); 1809 xauthfile = xmalloc(MAXPATHLEN);
1788 snprintf(xauthfile, MAXPATHLEN, "/tmp/XauthXXXXXX"); 1810 strlcpy(xauthfile, "/tmp/ssh-XXXXXXXX", MAXPATHLEN);
1789 1811 temporarily_use_uid(pw->pw_uid);
1790 if ((xauthfd = mkstemp(xauthfile)) != -1) { 1812 if (mkdtemp(xauthfile) == NULL) {
1791 fchown(xauthfd, pw->pw_uid, pw->pw_gid); 1813 restore_uid();
1792 close(xauthfd); 1814 error("private X11 dir: mkdtemp %s failed: %s",
1793 fatal_add_cleanup(xauthfile_cleanup_proc, NULL); 1815 xauthfile, strerror(errno));
1794 } else {
1795 xfree(xauthfile); 1816 xfree(xauthfile);
1796 xauthfile = NULL; 1817 xauthfile = NULL;
1818 goto fail;
1797 } 1819 }
1820 strlcat(xauthfile, "/cookies", MAXPATHLEN);
1821 open(xauthfile, O_RDWR|O_CREAT|O_EXCL, 0600);
1822 restore_uid();
1823 fatal_add_cleanup(xauthfile_cleanup_proc, NULL);
1798 break; 1824 break;
1799#else /* XAUTH_PATH */ 1825#else /* XAUTH_PATH */
1800 packet_send_debug("No xauth program; cannot forward with spoofing."); 1826 packet_send_debug("No xauth program; cannot forward with spoofing.");
@@ -2026,6 +2052,7 @@ do_exec_pty(const char *command, int ptyfd, int ttyfd,
2026 const char *auth_data) 2052 const char *auth_data)
2027{ 2053{
2028 int pid, fdout; 2054 int pid, fdout;
2055 int ptymaster;
2029 const char *hostname; 2056 const char *hostname;
2030 time_t last_login_time; 2057 time_t last_login_time;
2031 char buf[100], *time_string; 2058 char buf[100], *time_string;
@@ -2174,11 +2201,16 @@ do_exec_pty(const char *command, int ptyfd, int ttyfd,
2174 */ 2201 */
2175 fdout = dup(ptyfd); 2202 fdout = dup(ptyfd);
2176 if (fdout < 0) 2203 if (fdout < 0)
2177 packet_disconnect("dup failed: %.100s", strerror(errno)); 2204 packet_disconnect("dup #1 failed: %.100s", strerror(errno));
2205
2206 /* we keep a reference to the pty master */
2207 ptymaster = dup(ptyfd);
2208 if (ptymaster < 0)
2209 packet_disconnect("dup #2 failed: %.100s", strerror(errno));
2178 2210
2179 /* Enter interactive session. */ 2211 /* Enter interactive session. */
2180 server_loop(pid, ptyfd, fdout, -1); 2212 server_loop(pid, ptyfd, fdout, -1);
2181 /* server_loop has not closed ptyfd and fdout. */ 2213 /* server_loop _has_ closed ptyfd and fdout. */
2182 2214
2183 /* Cancel the cleanup function. */ 2215 /* Cancel the cleanup function. */
2184 fatal_remove_cleanup(pty_cleanup_proc, (void *) &cleanup_context); 2216 fatal_remove_cleanup(pty_cleanup_proc, (void *) &cleanup_context);
@@ -2194,8 +2226,8 @@ do_exec_pty(const char *command, int ptyfd, int ttyfd,
2194 * the pty cleanup, so that another process doesn't get this pty 2226 * the pty cleanup, so that another process doesn't get this pty
2195 * while we're still cleaning up. 2227 * while we're still cleaning up.
2196 */ 2228 */
2197 close(ptyfd); 2229 if (close(ptymaster) < 0)
2198 close(fdout); 2230 error("close(ptymaster): %s", strerror(errno));
2199} 2231}
2200 2232
2201/* 2233/*
@@ -2563,7 +2595,7 @@ do_child(const char *command, struct passwd * pw, const char *term,
2563 f = popen(XAUTH_PATH " -q -", "w"); 2595 f = popen(XAUTH_PATH " -q -", "w");
2564 if (f) { 2596 if (f) {
2565 fprintf(f, "add %s %s %s\n", display, auth_proto, auth_data); 2597 fprintf(f, "add %s %s %s\n", display, auth_proto, auth_data);
2566 fclose(f); 2598 pclose(f);
2567 } else 2599 } else
2568 fprintf(stderr, "Could not run %s -q -\n", XAUTH_PATH); 2600 fprintf(stderr, "Could not run %s -q -\n", XAUTH_PATH);
2569 } 2601 }
diff --git a/version.h b/version.h
index c2ef9ff4f..fe2e876ea 100644
--- a/version.h
+++ b/version.h
@@ -1 +1 @@
#define SSH_VERSION "OpenSSH-1.2.2" #define SSH_VERSION "OpenSSH-1.2.3"