summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--CREDITS4
-rw-r--r--ChangeLog531
-rw-r--r--LICENCE2
-rw-r--r--Makefile.in8
-rw-r--r--README9
-rw-r--r--README.privsep6
-rw-r--r--WARNING.RNG4
-rw-r--r--acconfig.h8
-rw-r--r--acss.c128
-rw-r--r--atomicio.c14
-rw-r--r--atomicio.h4
-rw-r--r--audit.c8
-rw-r--r--auth-krb5.c57
-rw-r--r--auth-pam.c45
-rw-r--r--auth-passwd.c4
-rw-r--r--auth-rh-rsa.c4
-rw-r--r--auth-rhosts.c4
-rw-r--r--auth-rsa.c6
-rw-r--r--auth-shadow.c4
-rw-r--r--auth-skey.c2
-rw-r--r--auth.c68
-rw-r--r--auth.h8
-rw-r--r--auth1.c328
-rw-r--r--auth2-chall.c11
-rw-r--r--auth2-gss.c9
-rw-r--r--auth2.c2
-rw-r--r--authfd.c12
-rw-r--r--authfile.c16
-rw-r--r--bufaux.c4
-rw-r--r--canohost.c9
-rw-r--r--channels.c108
-rw-r--r--channels.h9
-rw-r--r--cipher-acss.c6
-rw-r--r--cipher-ctr.c4
-rw-r--r--cipher.c102
-rw-r--r--clientloop.c153
-rw-r--r--clientloop.h9
-rwxr-xr-xconfig.guess586
-rw-r--r--config.h.in64
-rwxr-xr-xconfig.sub105
-rwxr-xr-xconfigure1286
-rw-r--r--configure.ac403
-rw-r--r--contrib/aix/pam.conf4
-rw-r--r--contrib/caldera/openssh.spec4
-rw-r--r--contrib/redhat/openssh.spec2
-rw-r--r--contrib/suse/openssh.spec2
-rw-r--r--debian/changelog6
-rw-r--r--defines.h51
-rw-r--r--dns.c33
-rw-r--r--entropy.c6
-rw-r--r--gss-genr.c6
-rw-r--r--gss-serv-krb5.c35
-rw-r--r--gss-serv.c21
-rw-r--r--hostfile.c4
-rw-r--r--includes.h13
-rw-r--r--kex.c43
-rw-r--r--kex.h12
-rw-r--r--key.c4
-rw-r--r--loginrec.c39
-rw-r--r--loginrec.h4
-rw-r--r--mac.c11
-rw-r--r--match.c4
-rw-r--r--mdoc2man.awk3
-rw-r--r--misc.c128
-rw-r--r--misc.h9
-rw-r--r--moduli.c33
-rw-r--r--monitor.c8
-rw-r--r--monitor_wrap.c25
-rw-r--r--mpaux.c46
-rw-r--r--mpaux.h22
-rw-r--r--msg.c15
-rw-r--r--myproposal.h7
-rw-r--r--openbsd-compat/Makefile.in8
-rw-r--r--openbsd-compat/bsd-cygwin_util.c2
-rw-r--r--openbsd-compat/bsd-misc.c20
-rw-r--r--openbsd-compat/fake-rfc2553.h16
-rw-r--r--openbsd-compat/getrrsetbyname.c4
-rw-r--r--openbsd-compat/openbsd-compat.h7
-rw-r--r--openbsd-compat/openssl-compat.c46
-rw-r--r--openbsd-compat/openssl-compat.h65
-rw-r--r--openbsd-compat/port-aix.c16
-rw-r--r--openbsd-compat/port-aix.h15
-rw-r--r--openbsd-compat/port-uw.c134
-rw-r--r--openbsd-compat/port-uw.h30
-rw-r--r--openbsd-compat/realpath.c266
-rw-r--r--openbsd-compat/strtoll.c151
-rw-r--r--openbsd-compat/strtonum.c69
-rw-r--r--openbsd-compat/xcrypt.c5
-rw-r--r--packet.c63
-rw-r--r--packet.h6
-rw-r--r--progressmeter.c49
-rw-r--r--readconf.c31
-rw-r--r--readconf.h7
-rw-r--r--readpass.c11
-rw-r--r--regress/reexec.sh6
-rw-r--r--regress/test-exec.sh7
-rw-r--r--scp.02
-rw-r--r--scp.c42
-rw-r--r--servconf.c36
-rw-r--r--serverloop.c6
-rw-r--r--session.c133
-rw-r--r--session.h5
-rw-r--r--sftp-client.c39
-rw-r--r--sftp-client.h4
-rw-r--r--sftp-server.02
-rw-r--r--sftp-server.c12
-rw-r--r--sftp.02
-rw-r--r--sftp.c53
-rw-r--r--ssh-add.018
-rw-r--r--ssh-add.114
-rw-r--r--ssh-add.c4
-rw-r--r--ssh-agent.021
-rw-r--r--ssh-agent.114
-rw-r--r--ssh-keygen.040
-rw-r--r--ssh-keygen.130
-rw-r--r--ssh-keygen.c82
-rw-r--r--ssh-keyscan.02
-rw-r--r--ssh-keyscan.c34
-rw-r--r--ssh-keysign.02
-rw-r--r--ssh-rand-helper.02
-rw-r--r--ssh-rand-helper.c16
-rw-r--r--ssh-rsa.c4
-rw-r--r--ssh.0166
-rw-r--r--ssh.184
-rw-r--r--ssh.c232
-rw-r--r--ssh_config.082
-rw-r--r--ssh_config.582
-rw-r--r--sshconnect.c81
-rw-r--r--sshconnect1.c4
-rw-r--r--sshconnect2.c18
-rw-r--r--sshd.050
-rw-r--r--sshd.832
-rw-r--r--sshd.c38
-rw-r--r--sshd_config6
-rw-r--r--sshd_config.033
-rw-r--r--sshd_config.537
-rw-r--r--sshpty.c4
-rw-r--r--tildexpand.c73
-rw-r--r--ttymodes.c30
-rw-r--r--version.h4
140 files changed, 4965 insertions, 2498 deletions
diff --git a/CREDITS b/CREDITS
index 2a77b8729..82b9f2210 100644
--- a/CREDITS
+++ b/CREDITS
@@ -3,6 +3,7 @@ Tatu Ylonen <ylo@cs.hut.fi> - Creator of SSH
3Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, 3Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos,
4Theo de Raadt, and Dug Song - Creators of OpenSSH 4Theo de Raadt, and Dug Song - Creators of OpenSSH
5 5
6Ahsan Rashid <arms@sco.com> - UnixWare long passwords
6Alain St-Denis <Alain.St-Denis@ec.gc.ca> - Irix fix 7Alain St-Denis <Alain.St-Denis@ec.gc.ca> - Irix fix
7Alexandre Oliva <oliva@lsd.ic.unicamp.br> - AIX fixes 8Alexandre Oliva <oliva@lsd.ic.unicamp.br> - AIX fixes
8Andre Lucas <andre@ae-35.com> - new login code, many fixes 9Andre Lucas <andre@ae-35.com> - new login code, many fixes
@@ -32,6 +33,7 @@ David Del Piero <David.DelPiero@qed.qld.gov.au> - bug fixes
32David Hesprich <darkgrue@gue-tech.org> - Configure fixes 33David Hesprich <darkgrue@gue-tech.org> - Configure fixes
33David Rankin <drankin@bohemians.lexington.ky.us> - libwrap, AIX, NetBSD fixes 34David Rankin <drankin@bohemians.lexington.ky.us> - libwrap, AIX, NetBSD fixes
34Dag-Erling Smørgrav <des at freebsd.org> - Challenge-Response PAM code. 35Dag-Erling Smørgrav <des at freebsd.org> - Challenge-Response PAM code.
36Dhiraj Gulati <dgulati@sco.com> - UnixWare long passwords
35Ed Eden <ede370@stl.rural.usda.gov> - configure fixes 37Ed Eden <ede370@stl.rural.usda.gov> - configure fixes
36Garrick James <garrick@james.net> - configure fixes 38Garrick James <garrick@james.net> - configure fixes
37Gary E. Miller <gem@rellim.com> - SCO support 39Gary E. Miller <gem@rellim.com> - SCO support
@@ -98,5 +100,5 @@ Apologies to anyone I have missed.
98 100
99Damien Miller <djm@mindrot.org> 101Damien Miller <djm@mindrot.org>
100 102
101$Id: CREDITS,v 1.79 2004/05/26 23:59:31 dtucker Exp $ 103$Id: CREDITS,v 1.80 2005/08/26 20:15:20 tim Exp $
102 104
diff --git a/ChangeLog b/ChangeLog
index e73b36e6d..5d7e7f182 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,514 @@
120050901
2 - (djm) Update RPM spec file versions
3
420050831
5 - (djm) OpenBSD CVS Sync
6 - djm@cvs.openbsd.org 2005/08/30 22:08:05
7 [gss-serv.c sshconnect2.c]
8 destroy credentials if krb5_kuserok() call fails. Stops credentials being
9 delegated to users who are not authorised for GSSAPIAuthentication when
10 GSSAPIDeletegateCredentials=yes and another authentication mechanism
11 succeeds; bz#1073 reported by paul.moore AT centrify.com, fix by
12 simon AT sxw.org.uk, tested todd@ biorn@ jakob@; ok deraadt@
13 - markus@cvs.openbsd.org 2005/08/31 09:28:42
14 [version.h]
15 4.2
16 - (dtucker) [README] Update release note URL to 4.2
17 - (tim) [configure.ac auth.c defines.h session.c openbsd-compat/port-uw.c
18 openbsd-compat/port-uw.h openbsd-compat/xcrypt.c] libiaf cleanup. Disable
19 libiaf bits for OpenServer6. Free memory allocated by ia_get_logpwd().
20 Feedback and OK dtucker@
21
2220050830
23 - (tim) [configure.ac] Back out last change. It needs to be done differently.
24
2520050829
26 - (tim) [configure.ac] ia_openinfo() seems broken on OSR6. Limit UW long
27 password support to 7.x for now.
28
2920050826
30 - (tim) [CREDITS LICENCE auth.c configure.ac defines.h includes.h session.c
31 openbsd-compat/Makefile.in openbsd-compat/openbsd-compat.h
32 openbsd-compat/xcrypt.c] New files [openssh/openbsd-compat/port-uw.c
33 openssh/openbsd-compat/port-uw.h] Support long passwords (> 8-char)
34 on UnixWare 7 from Dhiraj Gulati and Ahsan Rashid. Cleanup and testing
35 by tim@. Feedback and OK dtucker@
36
3720050823
38 - (dtucker) [regress/test-exec.sh] Do not prepend an extra "/" to a fully-
39 qualified sshd pathname since some systems (eg Cygwin) may consider "/foo"
40 and "//foo" to be different. Spotted by vinschen at redhat.com.
41 - (tim) [configure.ac] Not all gcc's support -Wsign-compare. Enhancements
42 and OK dtucker@
43 - (tim) [defines.h] PATH_MAX bits for OpenServer OK dtucker@
44
4520050821
46 - (dtucker) [configure.ac defines.h includes.h sftp.c] Add support for
47 LynxOS, patch from Olli Savia (ops at iki.fi). ok djm@
48
4920050816
50 - (djm) [ttymodes.c] bugzilla #1025: Fix encoding of _POSIX_VDISABLE,
51 from Jacob Nevins; ok dtucker@
52
5320050815
54 - (tim) [sftp.c] wrap el_end() in #ifdef USE_LIBEDIT
55 - (tim) [configure.ac] corrections to libedit tests. Report and patches
56 by skeleten AT shillest.net
57
5820050812
59 - (djm) OpenBSD CVS Sync
60 - markus@cvs.openbsd.org 2005/07/28 17:36:22
61 [packet.c]
62 missing packet_init_compression(); from solar
63 - djm@cvs.openbsd.org 2005/07/30 01:26:16
64 [ssh.c]
65 fix -D listen_host initialisation, so it picks up gateway_ports setting
66 correctly
67 - djm@cvs.openbsd.org 2005/07/30 02:03:47
68 [readconf.c]
69 listen_hosts initialisation here too; spotted greg AT y2005.nest.cx
70 - dtucker@cvs.openbsd.org 2005/08/06 10:03:12
71 [servconf.c]
72 Unbreak sshd ListenAddress for bare IPv6 addresses.
73 Report from Janusz Mucka; ok djm@
74 - jaredy@cvs.openbsd.org 2005/08/08 13:22:48
75 [sftp.c]
76 sftp prompt enhancements:
77 - in non-interactive mode, do not print an empty prompt at the end
78 before finishing
79 - print newline after EOF in editline mode
80 - call el_end() in editline mode
81 ok dtucker djm
82
8320050810
84 - (dtucker) [configure.ac] Test libedit library and headers for compatibility.
85 Report from skeleten AT shillest.net, ok djm@
86 - (dtucker) [LICENCE configure.ac defines.h openbsd-compat/realpath.c]
87 Sync current (thread-safe) version of realpath.c from OpenBSD (which is
88 in turn based on FreeBSD's). ok djm@
89
9020050809
91 - (tim) [configure.ac] Allow --with-audit=no. OK dtucker@
92 Report by skeleten AT shillest.net
93
9420050803
95 - (dtucker) [openbsd-compat/fake-rfc2553.h] Check for EAI_* defines
96 individually and use a value less likely to collide with real values from
97 netdb.h. Fixes compile warnings on FreeBSD 5.3. ok djm@
98 - (dtucker) [openbsd-compat/fake-rfc2553.h] MAX_INT -> INT_MAX since the
99 latter is specified in the standard.
100
10120050802
102 - (dtucker) OpenBSD CVS Sync
103 - dtucker@cvs.openbsd.org 2005/07/27 10:39:03
104 [scp.c hostfile.c sftp-client.c]
105 Silence bogus -Wuninitialized warnings; ok djm@
106 - (dtucker) [configure.ac] Enable -Wuninitialized by default when compiling
107 with gcc. ok djm@
108 - (dtucker) [configure.ac] Add a --with-Werror option to configure for
109 adding -Werror to CFLAGS when all of the configure tests are done. ok djm@
110
11120050726
112 - (dtucker) [configure.ac] Update zlib warning message too, pointed out by
113 tim@.
114 - (djm) OpenBSD CVS Sync
115 - otto@cvs.openbsd.org 2005/07/19 15:32:26
116 [auth-passwd.c]
117 auth_usercheck(3) can return NULL, so check for that. Report from
118 mpech@. ok markus@
119 - markus@cvs.openbsd.org 2005/07/25 11:59:40
120 [kex.c kex.h myproposal.h packet.c packet.h servconf.c session.c]
121 [sshconnect2.c sshd.c sshd_config sshd_config.5]
122 add a new compression method that delays compression until the user
123 has been authenticated successfully and set compression to 'delayed'
124 for sshd.
125 this breaks older openssh clients (< 3.5) if they insist on
126 compression, so you have to re-enable compression in sshd_config.
127 ok djm@
128
12920050725
130 - (dtucker) [configure.ac] Update zlib version check for CAN-2005-2096.
131
13220050717
133- OpenBSD CVS Sync
134 - djm@cvs.openbsd.org 2005/07/16 01:35:24
135 [auth1.c channels.c cipher.c clientloop.c kex.c session.c ssh.c]
136 [sshconnect.c]
137 spacing
138 - (djm) [acss.c auth-pam.c auth-shadow.c auth-skey.c auth1.c canohost.c]
139 [cipher-acss.c loginrec.c ssh-rand-helper.c sshd.c] Fix whitespace at EOL
140 in portable too ("perl -p -i -e 's/\s+$/\n/' *.[ch]")
141 - (djm) [auth-pam.c sftp.c] spaces vs. tabs at start of line
142 - djm@cvs.openbsd.org 2005/07/17 06:49:04
143 [channels.c channels.h session.c session.h]
144 Fix a number of X11 forwarding channel leaks:
145 1. Refuse multiple X11 forwarding requests on the same session
146 2. Clean up all listeners after a single_connection X11 forward, not just
147 the one that made the single connection
148 3. Destroy X11 listeners when the session owning them goes away
149 testing and ok dtucker@
150 - djm@cvs.openbsd.org 2005/07/17 07:17:55
151 [auth-rh-rsa.c auth-rhosts.c auth2-chall.c auth2-gss.c channels.c]
152 [cipher-ctr.c gss-genr.c gss-serv.c kex.c moduli.c readconf.c]
153 [serverloop.c session.c sftp-client.c sftp.c ssh-add.c ssh-keygen.c]
154 [sshconnect.c sshconnect2.c]
155 knf says that a 2nd level indent is four (not three or five) spaces
156 -(djm) [audit.c auth1.c auth2.c entropy.c loginrec.c serverloop.c]
157 [ssh-rand-helper.c] fix portable 2nd level indents at 4 spaces too
158 - (djm) [monitor.c monitor_wrap.c] -Wsign-compare for PAM monitor calls
159
16020050716
161 - (dtucker) [auth-pam.c] Ensure that only one side of the authentication
162 socketpair stays open on in both the monitor and PAM process. Patch from
163 Joerg Sonnenberger.
164
16520050714
166 - (dtucker) OpenBSD CVS Sync
167 - dtucker@cvs.openbsd.org 2005/07/06 09:33:05
168 [ssh.1]
169 clarify meaning of ssh -b ; with & ok jmc@
170 - dtucker@cvs.openbsd.org 2005/07/08 09:26:18
171 [misc.c]
172 Make comment match code; ok djm@
173 - markus@cvs.openbsd.org 2005/07/08 09:41:33
174 [channels.h]
175 race when efd gets closed while there is still buffered data:
176 change CHANNEL_EFD_OUTPUT_ACTIVE()
177 1) c->efd must always be valid AND
178 2a) no EOF has been seen OR
179 2b) there is buffered data
180 report, initial fix and testing Chuck Cranor
181 - dtucker@cvs.openbsd.org 2005/07/08 10:20:41
182 [ssh_config.5]
183 change BindAddress to match recent ssh -b change; prompted by markus@
184 - jmc@cvs.openbsd.org 2005/07/08 12:53:10
185 [ssh_config.5]
186 new sentence, new line;
187 - dtucker@cvs.openbsd.org 2005/07/14 04:00:43
188 [misc.h]
189 use __sentinel__ attribute; ok deraadt@ djm@ markus@
190 - (dtucker) [configure.ac defines.h] Define __sentinel__ to nothing if the
191 compiler doesn't understand it to prevent warnings. If any mainstream
192 compiler versions acquire it we can test for those versions. Based on
193 discussion with djm@.
194
19520050707
196 - dtucker [auth-krb5.c auth.h gss-serv-krb5.c] Move KRB5CCNAME generation for
197 the MIT Kerberos code path into a common function and expand mkstemp
198 template to be consistent with the rest of OpenSSH. From sxw at
199 inf.ed.ac.uk, ok djm@
200 - (dtucker) [auth-krb5.c] There's no guarantee that snprintf will set errno
201 in the case where the buffer is insufficient, so always return ENOMEM.
202 Also pointed out by sxw at inf.ed.ac.uk.
203 - (dtucker) [acconfig.h auth-krb5.c configure.ac gss-serv-krb5.c] Remove
204 calls to krb5_init_ets, which has not been required since krb-1.1.x and
205 most Kerberos versions no longer export in their public API. From sxw
206 at inf.ed.ac.uk, ok djm@
207
20820050706
209 - (djm) OpenBSD CVS Sync
210 - markus@cvs.openbsd.org 2005/07/01 13:19:47
211 [channels.c]
212 don't free() if getaddrinfo() fails; report mpech@
213 - djm@cvs.openbsd.org 2005/07/04 00:58:43
214 [channels.c clientloop.c clientloop.h misc.c misc.h ssh.c ssh_config.5]
215 implement support for X11 and agent forwarding over multiplex slave
216 connections. Because of protocol limitations, the slave connections inherit
217 the master's DISPLAY and SSH_AUTH_SOCK rather than distinctly forwarding
218 their own.
219 ok dtucker@ "put it in" deraadt@
220 - jmc@cvs.openbsd.org 2005/07/04 11:29:51
221 [ssh_config.5]
222 fix Xr and a little grammar;
223 - markus@cvs.openbsd.org 2005/07/04 14:04:11
224 [channels.c]
225 don't forget to set x11_saved_display
226
22720050626
228 - (djm) OpenBSD CVS Sync
229 - djm@cvs.openbsd.org 2005/06/17 22:53:47
230 [ssh.c sshconnect.c]
231 Fix ControlPath's %p expanding to "0" for a default port,
232 spotted dwmw2 AT infradead.org; ok markus@
233 - djm@cvs.openbsd.org 2005/06/18 04:30:36
234 [ssh.c ssh_config.5]
235 allow ControlPath=none, patch from dwmw2 AT infradead.org; ok dtucker@
236 - djm@cvs.openbsd.org 2005/06/25 22:47:49
237 [ssh.c]
238 do the default port filling code a few lines earlier, so it really
239 does fix %p
240
24120050618
242 - (djm) OpenBSD CVS Sync
243 - djm@cvs.openbsd.org 2005/05/20 12:57:01;
244 [auth1.c] split protocol 1 auth methods into separate functions, makes
245 authloop much more readable; fixes and ok markus@ (portable ok &
246 polish dtucker@)
247 - djm@cvs.openbsd.org 2005/06/17 02:44:33
248 [auth1.c] make this -Wsign-compare clean; ok avsm@ markus@
249 - (djm) [loginrec.c ssh-rand-helper.c] Fix -Wsign-compare for portable,
250 tested and fixes tim@
251
25220050617
253 - (djm) OpenBSD CVS Sync
254 - djm@cvs.openbsd.org 2005/06/16 03:38:36
255 [channels.c channels.h clientloop.c clientloop.h ssh.c]
256 move x11_get_proto from ssh.c to clientloop.c, to make muliplexed xfwd
257 easier later; ok deraadt@
258 - markus@cvs.openbsd.org 2005/06/16 08:00:00
259 [canohost.c channels.c sshd.c]
260 don't exit if getpeername fails for forwarded ports; bugzilla #1054;
261 ok djm
262 - djm@cvs.openbsd.org 2005/06/17 02:44:33
263 [auth-rsa.c auth.c auth1.c auth2-chall.c auth2-gss.c authfd.c authfile.c]
264 [bufaux.c canohost.c channels.c cipher.c clientloop.c dns.c gss-serv.c]
265 [kex.c kex.h key.c mac.c match.c misc.c packet.c packet.h scp.c]
266 [servconf.c session.c session.h sftp-client.c sftp-server.c sftp.c]
267 [ssh-keyscan.c ssh-rsa.c sshconnect.c sshconnect1.c sshconnect2.c sshd.c]
268 make this -Wsign-compare clean; ok avsm@ markus@
269 NB. auth1.c changes not committed yet (conflicts with uncommitted sync)
270 NB2. more work may be needed to make portable Wsign-compare clean
271 - (dtucker) [cipher.c openbsd-compat/openbsd-compat.h
272 openbsd-compat/openssl-compat.c] only include openssl compat stuff where
273 it's needed as it can cause conflicts elsewhere (eg xcrypt.c). Found by
274 and ok tim@
275
27620050616
277 - (djm) OpenBSD CVS Sync
278 - jaredy@cvs.openbsd.org 2005/06/07 13:25:23
279 [progressmeter.c]
280 catch SIGWINCH and resize progress meter accordingly; ok markus dtucker
281 - djm@cvs.openbsd.org 2005/06/06 11:20:36
282 [auth.c auth.h misc.c misc.h ssh.c ssh_config.5 sshconnect.c]
283 introduce a generic %foo expansion function. replace existing % expansion
284 and add expansion to ControlPath; ok markus@
285 - djm@cvs.openbsd.org 2005/06/08 03:50:00
286 [ssh-keygen.1 ssh-keygen.c sshd.8]
287 increase default rsa/dsa key length from 1024 to 2048 bits;
288 ok markus@ deraadt@
289 - djm@cvs.openbsd.org 2005/06/08 11:25:09
290 [clientloop.c readconf.c readconf.h ssh.c ssh_config.5]
291 add ControlMaster=auto/autoask options to support opportunistic
292 multiplexing; tested avsm@ and jakob@, ok markus@
293 - dtucker@cvs.openbsd.org 2005/06/09 13:43:49
294 [cipher.c]
295 Correctly initialize end of array sentinel; ok djm@
296 (Id sync only, change already in portable)
297
29820050609
299 - (dtucker) [cipher.c openbsd-compat/Makefile.in
300 openbsd-compat/openbsd-compat.h openbsd-compat/openssl-compat.{c,h}]
301 Move compatibility code for supporting older OpenSSL versions to the
302 compat layer. Suggested by and "no objection" djm@
303
30420050607
305 - (dtucker) [configure.ac] Continue the hunt for LLONG_MIN and LLONG_MAX:
306 in today's episode we attempt to coax it from limits.h where it may be
307 hiding, failing that we take the DIY approach. Tested by tim@
308
30920050603
310 - (dtucker) [configure.ac] Only try gcc -std=gnu99 if LLONG_MAX isn't
311 defined, and check that it helps before keeping it in CFLAGS. Some old
312 gcc's don't set an error code when encountering an unknown value in -std.
313 Found and tested by tim@.
314 - (dtucker) [configure.ac] Point configure's reporting address at the
315 openssh-unix-dev list. ok tim@ djm@
316
31720050602
318 - (tim) [configure.ac] Some platforms need sys/types.h for arpa/nameser.h.
319 Take AC_CHECK_HEADERS test out of ultrix section. It caused other platforms
320 to skip builtin standard includes tests. (first AC_CHECK_HEADERS test
321 must be run on all platforms) Add missing ;; to case statement. OK dtucker@
322
32320050601
324 - (dtucker) [configure.ac] Look for _getshort and _getlong in
325 arpa/nameser.h.
326 - (dtucker) [configure.ac openbsd-compat/Makefile.in openbsd-compat/strtoll.c]
327 Add strtoll to the compat library, from OpenBSD.
328 - (dtucker) OpenBSD CVS Sync
329 - avsm@cvs.openbsd.org 2005/05/26 02:08:05
330 [scp.c]
331 If copying multiple files to a target file (which normally fails, as it
332 must be a target directory), kill the spawned ssh child before exiting.
333 This stops it trying to authenticate and spewing lots of output.
334 deraadt@ ok
335 - dtucker@cvs.openbsd.org 2005/05/26 09:08:12
336 [ssh-keygen.c]
337 uint32_t -> u_int32_t for consistency; ok djm@
338 - djm@cvs.openbsd.org 2005/05/27 08:30:37
339 [ssh.c]
340 fix -O for cases where no ControlPath has been specified or socket at
341 ControlPath is not contactable; spotted by and ok avsm@
342 - (tim) [config.guess config.sub] Update to '2005-05-27' version.
343 - (tim) [configure.ac] set TEST_SHELL for OpenServer 6
344
34520050531
346 - (dtucker) [contrib/aix/pam.conf] Correct comments. From davidl at
347 vintela.com.
348 - (dtucker) [mdoc2man.awk] Teach it to understand .Ox.
349
35020050530
351 - (dtucker) [README] Link to new release notes. Beter late than never...
352
35320050529
354 - (dtucker) [openbsd-compat/port-aix.c] Bug #1046: AIX 5.3 expects the
355 argument to passwdexpired to be initialized to NULL. Suggested by tim@
356 While at it, initialize the other arguments to auth functions in case they
357 ever acquire this behaviour.
358 - (dtucker) [openbsd-compat/port-aix.c] Whitespace cleanups while there.
359 - (dtucker) [openbsd-compat/port-aix.c] Minor correction to debug message,
360 spotted by tim@.
361
36220050528
363 - (dtucker) [configure.ac] For AC_CHECK_HEADERS() and AC_CHECK_FUNCS() have
364 one entry per line to make it easier to merge changes. ok djm@
365 - (dtucker) [configure.ac] strsep() may be defined in string.h, so check
366 for its presence and include it in the strsep check.
367 - (dtucker) [configure.ac] getpgrp may be defined in unistd.h, so check for
368 its presence before doing AC_FUNC_GETPGRP.
369 - (dtucker) [configure.ac] Merge HP-UX blocks into a common block with minor
370 version-specific variations as required.
371 - (dtucker) [openbsd-compat/port-aix.h] Use the HAVE_DECL_* definitions as
372 per the autoconf man page. Configure should always define them but it
373 doesn't hurt to check.
374
37520050527
376 - (djm) [defines.h] Use our realpath if we have to define PATH_MAX, spotted by
377 David Leach; ok dtucker@
378 - (dtucker) [acconfig.h configure.ac defines.h includes.h sshpty.c
379 openbsd-compat/bsd-misc.c] Add support for Ultrix. No, that's not a typo.
380 Required changes from Bernhard Simon, integrated by me. ok djm@
381
38220050525
383 - (djm) [mpaux.c mpaux.h Makefile.in] Remove old mpaux.[ch] code, it has not
384 been used for a while
385 - (djm) OpenBSD CVS Sync
386 - otto@cvs.openbsd.org 2005/04/05 13:45:31
387 [ssh-keygen.c]
388 - djm@cvs.openbsd.org 2005/04/06 09:43:59
389 [sshd.c]
390 avoid harmless logspam by not performing setsockopt() on non-socket;
391 ok markus@
392 - dtucker@cvs.openbsd.org 2005/04/06 12:26:06
393 [ssh.c]
394 Fix debug call for port forwards; patch from pete at seebeyond.com,
395 ok djm@ (ID sync only - change already in portable)
396 - djm@cvs.openbsd.org 2005/04/09 04:32:54
397 [misc.c misc.h tildexpand.c Makefile.in]
398 replace tilde_expand_filename with a simpler implementation, ahead of
399 more whacking; ok deraadt@
400 - jmc@cvs.openbsd.org 2005/04/14 12:30:30
401 [ssh.1]
402 arg to -b is an address, not if_name;
403 ok markus@
404 - jakob@cvs.openbsd.org 2005/04/20 10:05:45
405 [dns.c]
406 do not try to look up SSHFP for numerical hostname. ok djm@
407 - djm@cvs.openbsd.org 2005/04/21 06:17:50
408 [ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 ssh_config.5 sshd.8]
409 [sshd_config.5] OpenSSH doesn't ever look at the $HOME environment
410 variable, so don't say that we do (bz #623); ok deraadt@
411 - djm@cvs.openbsd.org 2005/04/21 11:47:19
412 [ssh.c]
413 don't allocate a pty when -n flag (/dev/null stdin) is set, patch from
414 ignasi.roca AT fujitsu-siemens.com (bz #829); ok dtucker@
415 - dtucker@cvs.openbsd.org 2005/04/23 23:43:47
416 [readpass.c]
417 Add debug message if read_passphrase can't open /dev/tty; bz #471;
418 ok djm@
419 - jmc@cvs.openbsd.org 2005/04/26 12:59:02
420 [sftp-client.h]
421 spelling correction in comment from wiz@netbsd;
422 - jakob@cvs.openbsd.org 2005/04/26 13:08:37
423 [ssh.c ssh_config.5]
424 fallback gracefully if client cannot connect to ControlPath. ok djm@
425 - moritz@cvs.openbsd.org 2005/04/28 10:17:56
426 [progressmeter.c ssh-keyscan.c]
427 add snprintf checks. ok djm@ markus@
428 - markus@cvs.openbsd.org 2005/05/02 21:13:22
429 [readpass.c]
430 missing {}
431 - djm@cvs.openbsd.org 2005/05/10 10:28:11
432 [ssh.c]
433 print nice error message for EADDRINUSE as well (ID sync only)
434 - djm@cvs.openbsd.org 2005/05/10 10:30:43
435 [ssh.c]
436 report real errors on fallback from ControlMaster=no to normal connect
437 - markus@cvs.openbsd.org 2005/05/16 15:30:51
438 [readconf.c servconf.c]
439 check return value from strdelim() for NULL (AddressFamily); mpech
440 - djm@cvs.openbsd.org 2005/05/19 02:39:55
441 [sshd_config.5]
442 sort config options, from grunk AT pestilenz.org; ok jmc@
443 - djm@cvs.openbsd.org 2005/05/19 02:40:52
444 [sshd_config]
445 whitespace nit, from grunk AT pestilenz.org
446 - djm@cvs.openbsd.org 2005/05/19 02:42:26
447 [includes.h]
448 fix cast, from grunk AT pestilenz.org
449 - djm@cvs.openbsd.org 2005/05/20 10:50:55
450 [ssh_config.5]
451 give a ProxyCommand example using nc(1), with and ok jmc@
452 - jmc@cvs.openbsd.org 2005/05/20 11:23:32
453 [ssh_config.5]
454 oops - article and spacing;
455 - avsm@cvs.openbsd.org 2005/05/23 22:44:01
456 [moduli.c ssh-keygen.c]
457 - removes signed/unsigned comparisons in moduli generation
458 - use strtonum instead of atoi where its easier
459 - check some strlcpy overflow and fatal instead of truncate
460 - djm@cvs.openbsd.org 2005/05/23 23:32:46
461 [cipher.c myproposal.h ssh.1 ssh_config.5 sshd_config.5]
462 add support for draft-harris-ssh-arcfour-fixes-02 improved arcfour modes;
463 ok markus@
464 - avsm@cvs.openbsd.org 2005/05/24 02:05:09
465 [ssh-keygen.c]
466 some style nits from dmiller@, and use a fatal() instead of a printf()/exit
467 - avsm@cvs.openbsd.org 2005/05/24 17:32:44
468 [atomicio.c atomicio.h authfd.c monitor_wrap.c msg.c scp.c sftp-client.c]
469 [ssh-keyscan.c sshconnect.c]
470 Switch atomicio to use a simpler interface; it now returns a size_t
471 (containing number of bytes read/written), and indicates error by
472 returning 0. EOF is signalled by errno==EPIPE.
473 Typical use now becomes:
474
475 if (atomicio(read, ..., len) != len)
476 err(1,"read");
477
478 ok deraadt@, cloder@, djm@
479 - (dtucker) [regress/reexec.sh] Add ${EXEEXT} so this test also works on
480 Cygwin.
481 - (dtucker) [auth-pam.c] Bug #1033: Fix warnings building with PAM on Linux:
482 warning: dereferencing type-punned pointer will break strict-aliasing rules
483 warning: passing arg 3 of `pam_get_item' from incompatible pointer type
484 The type-punned pointer fix is based on a patch from SuSE's rpm. ok djm@
485 - (dtucker) [configure.ac openbsd-compat/getrrsetbyname.c] Bug #1033: Provide
486 templates for _getshort and _getlong if missing to prevent compiler warnings
487 on Linux.
488 - (djm) [configure.ac openbsd-compat/Makefile.in]
489 [openbsd-compat/openbsd-compat.h openbsd-compat/strtonum.c]
490 Add strtonum(3) from OpenBSD libc, new code needs it.
491 Unfortunately Linux forces us to do a bizarre dance with compiler
492 options to get LLONG_MIN/MAX; Spotted by and ok dtucker@
493
49420050524
495 - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
496 [contrib/suse/openssh.spec] Update spec file versions to 4.1p1
497 - (dtucker) [auth-pam.c] Since people don't seem to be getting the message
498 that USE_POSIX_THREADS is unsupported, not recommended and generally a bad
499 idea, it is now known as UNSUPPORTED_POSIX_THREADS_HACK. Attempting to use
500 USE_POSIX_THREADS will now generate an error so we don't silently change
501 behaviour. ok djm@
502 - (dtucker) [openbsd-compat/bsd-cygwin_util.c] Ensure sufficient memory
503 allocation when retrieving core Windows environment. Add CYGWIN variable
504 to propagated variables. Patch from vinschen at redhat.com, ok djm@
505 - Release 4.1p1
506
50720050524
508 - (djm) [openbsd-compat/readpassphrase.c] bz #950: Retry tcsetattr to ensure
509 terminal modes are reset correctly. Fix from peak AT argo.troja.mff.cuni.cz;
510 "looks ok" dtucker@
511
120050510 51220050510
2 - (srivasta) [selinux.c] if selinux is enabled, then provide funtions to 513 - (srivasta) [selinux.c] if selinux is enabled, then provide funtions to
3 initialize the pty and execution context for ssh. 514 initialize the pty and execution context for ssh.
@@ -22,24 +533,6 @@
22 - (srivasta) [auth.h] Added a role member in struct Authctxt 533 - (srivasta) [auth.h] Added a role member in struct Authctxt
23 - (srivasta) [Makefile.in (SSHDOBJS)] Add selinux.o 534 - (srivasta) [Makefile.in (SSHDOBJS)] Add selinux.o
24 535
2520050524
26 - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
27 [contrib/suse/openssh.spec] Update spec file versions to 4.1p1
28 - (dtucker) [auth-pam.c] Since people don't seem to be getting the message
29 that USE_POSIX_THREADS is unsupported, not recommended and generally a bad
30 idea, it is now known as UNSUPPORTED_POSIX_THREADS_HACK. Attempting to use
31 USE_POSIX_THREADS will now generate an error so we don't silently change
32 behaviour. ok djm@
33 - (dtucker) [openbsd-compat/bsd-cygwin_util.c] Ensure sufficient memory
34 allocation when retrieving core Windows environment. Add CYGWIN variable
35 to propagated variables. Patch from vinschen at redhat.com, ok djm@
36 - (djm) Release 4.1p1
37
3820050524
39 - (djm) [openbsd-compat/readpassphrase.c] bz #950: Retry tcsetattr to ensure
40 terminal modes are reset correctly. Fix from peak AT argo.troja.mff.cuni.cz;
41 "looks ok" dtucker@
42
4320050512 53620050512
44 - (tim) [buildpkg.sh.in] missing ${PKG_INSTALL_ROOT} in init script 537 - (tim) [buildpkg.sh.in] missing ${PKG_INSTALL_ROOT} in init script
45 hard link section. Bug 1038. 538 hard link section. Bug 1038.
@@ -2520,4 +3013,4 @@
2520 - (djm) Trim deprecated options from INSTALL. Mention UsePAM 3013 - (djm) Trim deprecated options from INSTALL. Mention UsePAM
2521 - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu 3014 - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
2522 3015
2523$Id: ChangeLog,v 1.3758.2.2 2005/05/25 12:24:56 djm Exp $ 3016$Id: ChangeLog,v 1.3887 2005/09/01 09:10:48 djm Exp $
diff --git a/LICENCE b/LICENCE
index ae03eb3a7..ac3634f22 100644
--- a/LICENCE
+++ b/LICENCE
@@ -204,6 +204,7 @@ OpenSSH contains no GPL code.
204 William Jones 204 William Jones
205 Darren Tucker 205 Darren Tucker
206 Sun Microsystems 206 Sun Microsystems
207 The SCO Group
207 208
208 * Redistribution and use in source and binary forms, with or without 209 * Redistribution and use in source and binary forms, with or without
209 * modification, are permitted provided that the following conditions 210 * modification, are permitted provided that the following conditions
@@ -255,6 +256,7 @@ OpenSSH contains no GPL code.
255 Damien Miller 256 Damien Miller
256 Eric P. Allman 257 Eric P. Allman
257 The Regents of the University of California 258 The Regents of the University of California
259 Constantin S. Svintsoff
258 260
259 * Redistribution and use in source and binary forms, with or without 261 * Redistribution and use in source and binary forms, with or without
260 * modification, are permitted provided that the following conditions 262 * modification, are permitted provided that the following conditions
diff --git a/Makefile.in b/Makefile.in
index 5ec45f352..7d43562d9 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -1,4 +1,4 @@
1# $Id: Makefile.in,v 1.270 2005/02/25 23:12:38 dtucker Exp $ 1# $Id: Makefile.in,v 1.273 2005/05/29 07:22:29 dtucker Exp $
2 2
3# uncomment if you run a non bourne compatable shell. Ie. csh 3# uncomment if you run a non bourne compatable shell. Ie. csh
4#SHELL = @SH@ 4#SHELL = @SH@
@@ -66,8 +66,8 @@ LIBSSH_OBJS=acss.o authfd.o authfile.o bufaux.o buffer.o \
66 canohost.o channels.o cipher.o cipher-acss.o cipher-aes.o \ 66 canohost.o channels.o cipher.o cipher-acss.o cipher-aes.o \
67 cipher-bf1.o cipher-ctr.o cipher-3des1.o cleanup.o \ 67 cipher-bf1.o cipher-ctr.o cipher-3des1.o cleanup.o \
68 compat.o compress.o crc32.o deattack.o fatal.o hostfile.o \ 68 compat.o compress.o crc32.o deattack.o fatal.o hostfile.o \
69 log.o match.o moduli.o mpaux.o nchan.o packet.o \ 69 log.o match.o moduli.o nchan.o packet.o \
70 readpass.o rsa.o tildexpand.o ttymodes.o xmalloc.o \ 70 readpass.o rsa.o ttymodes.o xmalloc.o \
71 atomicio.o key.o dispatch.o kex.o mac.o uidswap.o uuencode.o misc.o \ 71 atomicio.o key.o dispatch.o kex.o mac.o uidswap.o uuencode.o misc.o \
72 monitor_fdpass.o rijndael.o ssh-dss.o ssh-rsa.o dh.o kexdh.o \ 72 monitor_fdpass.o rijndael.o ssh-dss.o ssh-rsa.o dh.o kexdh.o \
73 kexgex.o kexdhc.o kexgexc.o scard.o msg.o progressmeter.o dns.o \ 73 kexgex.o kexdhc.o kexgexc.o scard.o msg.o progressmeter.o dns.o \
@@ -190,7 +190,7 @@ ssh_prng_cmds.out: ssh_prng_cmds
190 $(PERL) $(srcdir)/fixprogs ssh_prng_cmds $(ENT); \ 190 $(PERL) $(srcdir)/fixprogs ssh_prng_cmds $(ENT); \
191 fi 191 fi
192 192
193# fake rule to stop make trying to compile moduli.o into a binary "modulo" 193# fake rule to stop make trying to compile moduli.o into a binary "moduli.o"
194moduli: 194moduli:
195 echo 195 echo
196 196
diff --git a/README b/README
index 93682c3cb..51f0ca4fb 100644
--- a/README
+++ b/README
@@ -1,4 +1,4 @@
1See http://www.openssh.com/txt/release-4.0 for the release notes. 1See http://www.openssh.com/txt/release-4.2 for the release notes.
2 2
3- A Japanese translation of this document and of the OpenSSH FAQ is 3- A Japanese translation of this document and of the OpenSSH FAQ is
4- available at http://www.unixuser.org/~haruyama/security/openssh/index.html 4- available at http://www.unixuser.org/~haruyama/security/openssh/index.html
@@ -56,9 +56,10 @@ References -
56[2] http://www.aet.tu-cottbus.de/personen/jaenicke/postfix_tls/prngd.html 56[2] http://www.aet.tu-cottbus.de/personen/jaenicke/postfix_tls/prngd.html
57[3] http://www.gzip.org/zlib/ 57[3] http://www.gzip.org/zlib/
58[4] http://www.openssl.org/ 58[4] http://www.openssl.org/
59[5] http://www.kernel.org/pub/linux/libs/pam/ (PAM is standard on Solaris 59[5] http://www.openpam.org
60 and HP-UX 11) 60 http://www.kernel.org/pub/linux/libs/pam/
61 (PAM also is standard on Solaris and HP-UX 11)
61[6] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9 62[6] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9
62[7] http://www.openssh.com/faq.html 63[7] http://www.openssh.com/faq.html
63 64
64$Id: README,v 1.57 2005/03/09 03:32:28 dtucker Exp $ 65$Id: README,v 1.60 2005/08/31 14:05:57 dtucker Exp $
diff --git a/README.privsep b/README.privsep
index ecb9d6914..f565e72da 100644
--- a/README.privsep
+++ b/README.privsep
@@ -38,8 +38,8 @@ privsep user and chroot directory:
38Privsep requires operating system support for file descriptor passing. 38Privsep requires operating system support for file descriptor passing.
39Compression will be disabled on systems without a working mmap MAP_ANON. 39Compression will be disabled on systems without a working mmap MAP_ANON.
40 40
41PAM-enabled OpenSSH is known to function with privsep on AIX, HP-UX 41PAM-enabled OpenSSH is known to function with privsep on AIX, FreeBSD,
42(including Trusted Mode), Linux and Solaris. 42HP-UX (including Trusted Mode), Linux, NetBSD and Solaris.
43 43
44On Cygwin, Tru64 Unix, OpenServer, and Unicos only the pre-authentication 44On Cygwin, Tru64 Unix, OpenServer, and Unicos only the pre-authentication
45part of privsep is supported. Post-authentication privsep is disabled 45part of privsep is supported. Post-authentication privsep is disabled
@@ -60,4 +60,4 @@ process 1005 is the sshd process listening for new connections.
60process 6917 is the privileged monitor process, 6919 is the user owned 60process 6917 is the privileged monitor process, 6919 is the user owned
61sshd process and 6921 is the shell process. 61sshd process and 6921 is the shell process.
62 62
63$Id: README.privsep,v 1.15 2004/10/06 10:09:32 dtucker Exp $ 63$Id: README.privsep,v 1.16 2005/06/04 23:21:41 djm Exp $
diff --git a/WARNING.RNG b/WARNING.RNG
index 687891a73..97da74ff7 100644
--- a/WARNING.RNG
+++ b/WARNING.RNG
@@ -57,7 +57,7 @@ disproportionate time to execute.
57 57
58Tuning the random helper can be done by running ./ssh-random-helper in 58Tuning the random helper can be done by running ./ssh-random-helper in
59very verbose mode ("-vvv") and identifying the commands that are taking 59very verbose mode ("-vvv") and identifying the commands that are taking
60accessive amounts of time or hanging altogher. Any problem commands can 60excessive amounts of time or hanging altogher. Any problem commands can
61be modified or removed from ssh_prng_cmds. 61be modified or removed from ssh_prng_cmds.
62 62
63The default entropy collector will timeout programs which take too long 63The default entropy collector will timeout programs which take too long
@@ -92,4 +92,4 @@ If you are forced to use ssh-rand-helper consider still downloading
92prngd/egd and configure OpenSSH using --with-prngd-port=xx or 92prngd/egd and configure OpenSSH using --with-prngd-port=xx or
93--with-prngd-socket=xx (refer to INSTALL for more information). 93--with-prngd-socket=xx (refer to INSTALL for more information).
94 94
95$Id: WARNING.RNG,v 1.7 2004/12/06 11:40:11 dtucker Exp $ 95$Id: WARNING.RNG,v 1.8 2005/05/26 01:47:54 djm Exp $
diff --git a/acconfig.h b/acconfig.h
index 5721f65fb..79b5e8191 100644
--- a/acconfig.h
+++ b/acconfig.h
@@ -1,4 +1,4 @@
1/* $Id: acconfig.h,v 1.181 2005/02/25 23:07:38 dtucker Exp $ */ 1/* $Id: acconfig.h,v 1.183 2005/07/07 10:33:36 dtucker Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 1999-2003 Damien Miller. All rights reserved. 4 * Copyright (c) 1999-2003 Damien Miller. All rights reserved.
@@ -119,9 +119,6 @@
119/* Define if you are on NeXT */ 119/* Define if you are on NeXT */
120#undef HAVE_NEXT 120#undef HAVE_NEXT
121 121
122/* Define if you are on NEWS-OS */
123#undef HAVE_NEWS4
124
125/* Define if you want to enable PAM support */ 122/* Define if you want to enable PAM support */
126#undef USE_PAM 123#undef USE_PAM
127 124
@@ -205,9 +202,6 @@
205/* Define if you don't want to use lastlog in session.c */ 202/* Define if you don't want to use lastlog in session.c */
206#undef NO_SSH_LASTLOG 203#undef NO_SSH_LASTLOG
207 204
208/* Define if have krb5_init_ets */
209#undef KRB5_INIT_ETS
210
211/* Define if you don't want to use utmp */ 205/* Define if you don't want to use utmp */
212#undef DISABLE_UTMP 206#undef DISABLE_UTMP
213 207
diff --git a/acss.c b/acss.c
index 9364ba9fe..99efde071 100644
--- a/acss.c
+++ b/acss.c
@@ -1,4 +1,4 @@
1/* $Id: acss.c,v 1.2 2004/02/06 04:22:43 dtucker Exp $ */ 1/* $Id: acss.c,v 1.3 2005/07/17 07:04:47 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2004 The OpenBSD project 3 * Copyright (c) 2004 The OpenBSD project
4 * 4 *
@@ -24,37 +24,37 @@
24 24
25/* decryption sbox */ 25/* decryption sbox */
26static unsigned char sboxdec[] = { 26static unsigned char sboxdec[] = {
27 0x33, 0x73, 0x3b, 0x26, 0x63, 0x23, 0x6b, 0x76, 27 0x33, 0x73, 0x3b, 0x26, 0x63, 0x23, 0x6b, 0x76,
28 0x3e, 0x7e, 0x36, 0x2b, 0x6e, 0x2e, 0x66, 0x7b, 28 0x3e, 0x7e, 0x36, 0x2b, 0x6e, 0x2e, 0x66, 0x7b,
29 0xd3, 0x93, 0xdb, 0x06, 0x43, 0x03, 0x4b, 0x96, 29 0xd3, 0x93, 0xdb, 0x06, 0x43, 0x03, 0x4b, 0x96,
30 0xde, 0x9e, 0xd6, 0x0b, 0x4e, 0x0e, 0x46, 0x9b, 30 0xde, 0x9e, 0xd6, 0x0b, 0x4e, 0x0e, 0x46, 0x9b,
31 0x57, 0x17, 0x5f, 0x82, 0xc7, 0x87, 0xcf, 0x12, 31 0x57, 0x17, 0x5f, 0x82, 0xc7, 0x87, 0xcf, 0x12,
32 0x5a, 0x1a, 0x52, 0x8f, 0xca, 0x8a, 0xc2, 0x1f, 32 0x5a, 0x1a, 0x52, 0x8f, 0xca, 0x8a, 0xc2, 0x1f,
33 0xd9, 0x99, 0xd1, 0x00, 0x49, 0x09, 0x41, 0x90, 33 0xd9, 0x99, 0xd1, 0x00, 0x49, 0x09, 0x41, 0x90,
34 0xd8, 0x98, 0xd0, 0x01, 0x48, 0x08, 0x40, 0x91, 34 0xd8, 0x98, 0xd0, 0x01, 0x48, 0x08, 0x40, 0x91,
35 0x3d, 0x7d, 0x35, 0x24, 0x6d, 0x2d, 0x65, 0x74, 35 0x3d, 0x7d, 0x35, 0x24, 0x6d, 0x2d, 0x65, 0x74,
36 0x3c, 0x7c, 0x34, 0x25, 0x6c, 0x2c, 0x64, 0x75, 36 0x3c, 0x7c, 0x34, 0x25, 0x6c, 0x2c, 0x64, 0x75,
37 0xdd, 0x9d, 0xd5, 0x04, 0x4d, 0x0d, 0x45, 0x94, 37 0xdd, 0x9d, 0xd5, 0x04, 0x4d, 0x0d, 0x45, 0x94,
38 0xdc, 0x9c, 0xd4, 0x05, 0x4c, 0x0c, 0x44, 0x95, 38 0xdc, 0x9c, 0xd4, 0x05, 0x4c, 0x0c, 0x44, 0x95,
39 0x59, 0x19, 0x51, 0x80, 0xc9, 0x89, 0xc1, 0x10, 39 0x59, 0x19, 0x51, 0x80, 0xc9, 0x89, 0xc1, 0x10,
40 0x58, 0x18, 0x50, 0x81, 0xc8, 0x88, 0xc0, 0x11, 40 0x58, 0x18, 0x50, 0x81, 0xc8, 0x88, 0xc0, 0x11,
41 0xd7, 0x97, 0xdf, 0x02, 0x47, 0x07, 0x4f, 0x92, 41 0xd7, 0x97, 0xdf, 0x02, 0x47, 0x07, 0x4f, 0x92,
42 0xda, 0x9a, 0xd2, 0x0f, 0x4a, 0x0a, 0x42, 0x9f, 42 0xda, 0x9a, 0xd2, 0x0f, 0x4a, 0x0a, 0x42, 0x9f,
43 0x53, 0x13, 0x5b, 0x86, 0xc3, 0x83, 0xcb, 0x16, 43 0x53, 0x13, 0x5b, 0x86, 0xc3, 0x83, 0xcb, 0x16,
44 0x5e, 0x1e, 0x56, 0x8b, 0xce, 0x8e, 0xc6, 0x1b, 44 0x5e, 0x1e, 0x56, 0x8b, 0xce, 0x8e, 0xc6, 0x1b,
45 0xb3, 0xf3, 0xbb, 0xa6, 0xe3, 0xa3, 0xeb, 0xf6, 45 0xb3, 0xf3, 0xbb, 0xa6, 0xe3, 0xa3, 0xeb, 0xf6,
46 0xbe, 0xfe, 0xb6, 0xab, 0xee, 0xae, 0xe6, 0xfb, 46 0xbe, 0xfe, 0xb6, 0xab, 0xee, 0xae, 0xe6, 0xfb,
47 0x37, 0x77, 0x3f, 0x22, 0x67, 0x27, 0x6f, 0x72, 47 0x37, 0x77, 0x3f, 0x22, 0x67, 0x27, 0x6f, 0x72,
48 0x3a, 0x7a, 0x32, 0x2f, 0x6a, 0x2a, 0x62, 0x7f, 48 0x3a, 0x7a, 0x32, 0x2f, 0x6a, 0x2a, 0x62, 0x7f,
49 0xb9, 0xf9, 0xb1, 0xa0, 0xe9, 0xa9, 0xe1, 0xf0, 49 0xb9, 0xf9, 0xb1, 0xa0, 0xe9, 0xa9, 0xe1, 0xf0,
50 0xb8, 0xf8, 0xb0, 0xa1, 0xe8, 0xa8, 0xe0, 0xf1, 50 0xb8, 0xf8, 0xb0, 0xa1, 0xe8, 0xa8, 0xe0, 0xf1,
51 0x5d, 0x1d, 0x55, 0x84, 0xcd, 0x8d, 0xc5, 0x14, 51 0x5d, 0x1d, 0x55, 0x84, 0xcd, 0x8d, 0xc5, 0x14,
52 0x5c, 0x1c, 0x54, 0x85, 0xcc, 0x8c, 0xc4, 0x15, 52 0x5c, 0x1c, 0x54, 0x85, 0xcc, 0x8c, 0xc4, 0x15,
53 0xbd, 0xfd, 0xb5, 0xa4, 0xed, 0xad, 0xe5, 0xf4, 53 0xbd, 0xfd, 0xb5, 0xa4, 0xed, 0xad, 0xe5, 0xf4,
54 0xbc, 0xfc, 0xb4, 0xa5, 0xec, 0xac, 0xe4, 0xf5, 54 0xbc, 0xfc, 0xb4, 0xa5, 0xec, 0xac, 0xe4, 0xf5,
55 0x39, 0x79, 0x31, 0x20, 0x69, 0x29, 0x61, 0x70, 55 0x39, 0x79, 0x31, 0x20, 0x69, 0x29, 0x61, 0x70,
56 0x38, 0x78, 0x30, 0x21, 0x68, 0x28, 0x60, 0x71, 56 0x38, 0x78, 0x30, 0x21, 0x68, 0x28, 0x60, 0x71,
57 0xb7, 0xf7, 0xbf, 0xa2, 0xe7, 0xa7, 0xef, 0xf2, 57 0xb7, 0xf7, 0xbf, 0xa2, 0xe7, 0xa7, 0xef, 0xf2,
58 0xba, 0xfa, 0xb2, 0xaf, 0xea, 0xaa, 0xe2, 0xff 58 0xba, 0xfa, 0xb2, 0xaf, 0xea, 0xaa, 0xe2, 0xff
59}; 59};
60 60
@@ -95,38 +95,38 @@ static unsigned char sboxenc[] = {
95}; 95};
96 96
97static unsigned char reverse[] = { 97static unsigned char reverse[] = {
98 0x00, 0x80, 0x40, 0xc0, 0x20, 0xa0, 0x60, 0xe0, 98 0x00, 0x80, 0x40, 0xc0, 0x20, 0xa0, 0x60, 0xe0,
99 0x10, 0x90, 0x50, 0xd0, 0x30, 0xb0, 0x70, 0xf0, 99 0x10, 0x90, 0x50, 0xd0, 0x30, 0xb0, 0x70, 0xf0,
100 0x08, 0x88, 0x48, 0xc8, 0x28, 0xa8, 0x68, 0xe8, 100 0x08, 0x88, 0x48, 0xc8, 0x28, 0xa8, 0x68, 0xe8,
101 0x18, 0x98, 0x58, 0xd8, 0x38, 0xb8, 0x78, 0xf8, 101 0x18, 0x98, 0x58, 0xd8, 0x38, 0xb8, 0x78, 0xf8,
102 0x04, 0x84, 0x44, 0xc4, 0x24, 0xa4, 0x64, 0xe4, 102 0x04, 0x84, 0x44, 0xc4, 0x24, 0xa4, 0x64, 0xe4,
103 0x14, 0x94, 0x54, 0xd4, 0x34, 0xb4, 0x74, 0xf4, 103 0x14, 0x94, 0x54, 0xd4, 0x34, 0xb4, 0x74, 0xf4,
104 0x0c, 0x8c, 0x4c, 0xcc, 0x2c, 0xac, 0x6c, 0xec, 104 0x0c, 0x8c, 0x4c, 0xcc, 0x2c, 0xac, 0x6c, 0xec,
105 0x1c, 0x9c, 0x5c, 0xdc, 0x3c, 0xbc, 0x7c, 0xfc, 105 0x1c, 0x9c, 0x5c, 0xdc, 0x3c, 0xbc, 0x7c, 0xfc,
106 0x02, 0x82, 0x42, 0xc2, 0x22, 0xa2, 0x62, 0xe2, 106 0x02, 0x82, 0x42, 0xc2, 0x22, 0xa2, 0x62, 0xe2,
107 0x12, 0x92, 0x52, 0xd2, 0x32, 0xb2, 0x72, 0xf2, 107 0x12, 0x92, 0x52, 0xd2, 0x32, 0xb2, 0x72, 0xf2,
108 0x0a, 0x8a, 0x4a, 0xca, 0x2a, 0xaa, 0x6a, 0xea, 108 0x0a, 0x8a, 0x4a, 0xca, 0x2a, 0xaa, 0x6a, 0xea,
109 0x1a, 0x9a, 0x5a, 0xda, 0x3a, 0xba, 0x7a, 0xfa, 109 0x1a, 0x9a, 0x5a, 0xda, 0x3a, 0xba, 0x7a, 0xfa,
110 0x06, 0x86, 0x46, 0xc6, 0x26, 0xa6, 0x66, 0xe6, 110 0x06, 0x86, 0x46, 0xc6, 0x26, 0xa6, 0x66, 0xe6,
111 0x16, 0x96, 0x56, 0xd6, 0x36, 0xb6, 0x76, 0xf6, 111 0x16, 0x96, 0x56, 0xd6, 0x36, 0xb6, 0x76, 0xf6,
112 0x0e, 0x8e, 0x4e, 0xce, 0x2e, 0xae, 0x6e, 0xee, 112 0x0e, 0x8e, 0x4e, 0xce, 0x2e, 0xae, 0x6e, 0xee,
113 0x1e, 0x9e, 0x5e, 0xde, 0x3e, 0xbe, 0x7e, 0xfe, 113 0x1e, 0x9e, 0x5e, 0xde, 0x3e, 0xbe, 0x7e, 0xfe,
114 0x01, 0x81, 0x41, 0xc1, 0x21, 0xa1, 0x61, 0xe1, 114 0x01, 0x81, 0x41, 0xc1, 0x21, 0xa1, 0x61, 0xe1,
115 0x11, 0x91, 0x51, 0xd1, 0x31, 0xb1, 0x71, 0xf1, 115 0x11, 0x91, 0x51, 0xd1, 0x31, 0xb1, 0x71, 0xf1,
116 0x09, 0x89, 0x49, 0xc9, 0x29, 0xa9, 0x69, 0xe9, 116 0x09, 0x89, 0x49, 0xc9, 0x29, 0xa9, 0x69, 0xe9,
117 0x19, 0x99, 0x59, 0xd9, 0x39, 0xb9, 0x79, 0xf9, 117 0x19, 0x99, 0x59, 0xd9, 0x39, 0xb9, 0x79, 0xf9,
118 0x05, 0x85, 0x45, 0xc5, 0x25, 0xa5, 0x65, 0xe5, 118 0x05, 0x85, 0x45, 0xc5, 0x25, 0xa5, 0x65, 0xe5,
119 0x15, 0x95, 0x55, 0xd5, 0x35, 0xb5, 0x75, 0xf5, 119 0x15, 0x95, 0x55, 0xd5, 0x35, 0xb5, 0x75, 0xf5,
120 0x0d, 0x8d, 0x4d, 0xcd, 0x2d, 0xad, 0x6d, 0xed, 120 0x0d, 0x8d, 0x4d, 0xcd, 0x2d, 0xad, 0x6d, 0xed,
121 0x1d, 0x9d, 0x5d, 0xdd, 0x3d, 0xbd, 0x7d, 0xfd, 121 0x1d, 0x9d, 0x5d, 0xdd, 0x3d, 0xbd, 0x7d, 0xfd,
122 0x03, 0x83, 0x43, 0xc3, 0x23, 0xa3, 0x63, 0xe3, 122 0x03, 0x83, 0x43, 0xc3, 0x23, 0xa3, 0x63, 0xe3,
123 0x13, 0x93, 0x53, 0xd3, 0x33, 0xb3, 0x73, 0xf3, 123 0x13, 0x93, 0x53, 0xd3, 0x33, 0xb3, 0x73, 0xf3,
124 0x0b, 0x8b, 0x4b, 0xcb, 0x2b, 0xab, 0x6b, 0xeb, 124 0x0b, 0x8b, 0x4b, 0xcb, 0x2b, 0xab, 0x6b, 0xeb,
125 0x1b, 0x9b, 0x5b, 0xdb, 0x3b, 0xbb, 0x7b, 0xfb, 125 0x1b, 0x9b, 0x5b, 0xdb, 0x3b, 0xbb, 0x7b, 0xfb,
126 0x07, 0x87, 0x47, 0xc7, 0x27, 0xa7, 0x67, 0xe7, 126 0x07, 0x87, 0x47, 0xc7, 0x27, 0xa7, 0x67, 0xe7,
127 0x17, 0x97, 0x57, 0xd7, 0x37, 0xb7, 0x77, 0xf7, 127 0x17, 0x97, 0x57, 0xd7, 0x37, 0xb7, 0x77, 0xf7,
128 0x0f, 0x8f, 0x4f, 0xcf, 0x2f, 0xaf, 0x6f, 0xef, 128 0x0f, 0x8f, 0x4f, 0xcf, 0x2f, 0xaf, 0x6f, 0xef,
129 0x1f, 0x9f, 0x5f, 0xdf, 0x3f, 0xbf, 0x7f, 0xff 129 0x1f, 0x9f, 0x5f, 0xdf, 0x3f, 0xbf, 0x7f, 0xff
130}; 130};
131 131
132/* 132/*
diff --git a/atomicio.c b/atomicio.c
index 7637e1671..12abbda16 100644
--- a/atomicio.c
+++ b/atomicio.c
@@ -1,4 +1,5 @@
1/* 1/*
2 * Copyright (c) 2005 Anil Madhavapeddy. All rights reserved.
2 * Copyright (c) 1995,1999 Theo de Raadt. All rights reserved. 3 * Copyright (c) 1995,1999 Theo de Raadt. All rights reserved.
3 * All rights reserved. 4 * All rights reserved.
4 * 5 *
@@ -24,14 +25,14 @@
24 */ 25 */
25 26
26#include "includes.h" 27#include "includes.h"
27RCSID("$OpenBSD: atomicio.c,v 1.12 2003/07/31 15:50:16 avsm Exp $"); 28RCSID("$OpenBSD: atomicio.c,v 1.13 2005/05/24 17:32:43 avsm Exp $");
28 29
29#include "atomicio.h" 30#include "atomicio.h"
30 31
31/* 32/*
32 * ensure all of data on socket comes through. f==read || f==vwrite 33 * ensure all of data on socket comes through. f==read || f==vwrite
33 */ 34 */
34ssize_t 35size_t
35atomicio(f, fd, _s, n) 36atomicio(f, fd, _s, n)
36 ssize_t (*f) (int, void *, size_t); 37 ssize_t (*f) (int, void *, size_t);
37 int fd; 38 int fd;
@@ -39,7 +40,8 @@ atomicio(f, fd, _s, n)
39 size_t n; 40 size_t n;
40{ 41{
41 char *s = _s; 42 char *s = _s;
42 ssize_t res, pos = 0; 43 size_t pos = 0;
44 ssize_t res;
43 45
44 while (n > pos) { 46 while (n > pos) {
45 res = (f) (fd, s + pos, n - pos); 47 res = (f) (fd, s + pos, n - pos);
@@ -51,10 +53,12 @@ atomicio(f, fd, _s, n)
51 if (errno == EINTR || errno == EAGAIN) 53 if (errno == EINTR || errno == EAGAIN)
52#endif 54#endif
53 continue; 55 continue;
56 return 0;
54 case 0: 57 case 0:
55 return (res); 58 errno = EPIPE;
59 return pos;
56 default: 60 default:
57 pos += res; 61 pos += (u_int)res;
58 } 62 }
59 } 63 }
60 return (pos); 64 return (pos);
diff --git a/atomicio.h b/atomicio.h
index 5c0f392ef..7eccf206b 100644
--- a/atomicio.h
+++ b/atomicio.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: atomicio.h,v 1.5 2003/06/28 16:23:06 deraadt Exp $ */ 1/* $OpenBSD: atomicio.h,v 1.6 2005/05/24 17:32:43 avsm Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 1995,1999 Theo de Raadt. All rights reserved. 4 * Copyright (c) 1995,1999 Theo de Raadt. All rights reserved.
@@ -28,6 +28,6 @@
28/* 28/*
29 * Ensure all of data on socket comes through. f==read || f==vwrite 29 * Ensure all of data on socket comes through. f==read || f==vwrite
30 */ 30 */
31ssize_t atomicio(ssize_t (*)(int, void *, size_t), int, void *, size_t); 31size_t atomicio(ssize_t (*)(int, void *, size_t), int, void *, size_t);
32 32
33#define vwrite (ssize_t (*)(int, void *, size_t))write 33#define vwrite (ssize_t (*)(int, void *, size_t))write
diff --git a/audit.c b/audit.c
index 18fc41047..c77d0c012 100644
--- a/audit.c
+++ b/audit.c
@@ -1,4 +1,4 @@
1/* $Id: audit.c,v 1.2 2005/02/08 10:52:48 dtucker Exp $ */ 1/* $Id: audit.c,v 1.3 2005/07/17 07:26:44 djm Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2004, 2005 Darren Tucker. All rights reserved. 4 * Copyright (c) 2004, 2005 Darren Tucker. All rights reserved.
@@ -120,7 +120,7 @@ void
120audit_connection_from(const char *host, int port) 120audit_connection_from(const char *host, int port)
121{ 121{
122 debug("audit connection from %s port %d euid %d", host, port, 122 debug("audit connection from %s port %d euid %d", host, port,
123 (int)geteuid()); 123 (int)geteuid());
124} 124}
125 125
126/* 126/*
@@ -147,7 +147,7 @@ audit_session_open(const char *ttyn)
147 const char *t = ttyn ? ttyn : "(no tty)"; 147 const char *t = ttyn ? ttyn : "(no tty)";
148 148
149 debug("audit session open euid %d user %s tty name %s", geteuid(), 149 debug("audit session open euid %d user %s tty name %s", geteuid(),
150 audit_username(), t); 150 audit_username(), t);
151} 151}
152 152
153/* 153/*
@@ -163,7 +163,7 @@ audit_session_close(const char *ttyn)
163 const char *t = ttyn ? ttyn : "(no tty)"; 163 const char *t = ttyn ? ttyn : "(no tty)";
164 164
165 debug("audit session close euid %d user %s tty name %s", geteuid(), 165 debug("audit session close euid %d user %s tty name %s", geteuid(),
166 audit_username(), t); 166 audit_username(), t);
167} 167}
168 168
169/* 169/*
diff --git a/auth-krb5.c b/auth-krb5.c
index 2f742534a..c7367b49a 100644
--- a/auth-krb5.c
+++ b/auth-krb5.c
@@ -54,9 +54,6 @@ krb5_init(void *context)
54 problem = krb5_init_context(&authctxt->krb5_ctx); 54 problem = krb5_init_context(&authctxt->krb5_ctx);
55 if (problem) 55 if (problem)
56 return (problem); 56 return (problem);
57#ifdef KRB5_INIT_ETS
58 krb5_init_ets(authctxt->krb5_ctx);
59#endif
60 } 57 }
61 return (0); 58 return (0);
62} 59}
@@ -67,9 +64,6 @@ auth_krb5_password(Authctxt *authctxt, const char *password)
67#ifndef HEIMDAL 64#ifndef HEIMDAL
68 krb5_creds creds; 65 krb5_creds creds;
69 krb5_principal server; 66 krb5_principal server;
70 char ccname[40];
71 int tmpfd;
72 mode_t old_umask;
73#endif 67#endif
74 krb5_error_code problem; 68 krb5_error_code problem;
75 krb5_ccache ccache = NULL; 69 krb5_ccache ccache = NULL;
@@ -146,26 +140,7 @@ auth_krb5_password(Authctxt *authctxt, const char *password)
146 goto out; 140 goto out;
147 } 141 }
148 142
149 snprintf(ccname,sizeof(ccname),"FILE:/tmp/krb5cc_%d_XXXXXX",geteuid()); 143 problem = ssh_krb5_cc_gen(authctxt->krb5_ctx, &authctxt->krb5_fwd_ccache);
150
151 old_umask = umask(0177);
152 tmpfd = mkstemp(ccname + strlen("FILE:"));
153 umask(old_umask);
154 if (tmpfd == -1) {
155 logit("mkstemp(): %.100s", strerror(errno));
156 problem = errno;
157 goto out;
158 }
159
160 if (fchmod(tmpfd,S_IRUSR | S_IWUSR) == -1) {
161 logit("fchmod(): %.100s", strerror(errno));
162 close(tmpfd);
163 problem = errno;
164 goto out;
165 }
166 close(tmpfd);
167
168 problem = krb5_cc_resolve(authctxt->krb5_ctx, ccname, &authctxt->krb5_fwd_ccache);
169 if (problem) 144 if (problem)
170 goto out; 145 goto out;
171 146
@@ -234,4 +209,34 @@ krb5_cleanup_proc(Authctxt *authctxt)
234 } 209 }
235} 210}
236 211
212#ifndef HEIMDAL
213krb5_error_code
214ssh_krb5_cc_gen(krb5_context ctx, krb5_ccache *ccache) {
215 int tmpfd, ret;
216 char ccname[40];
217 mode_t old_umask;
218
219 ret = snprintf(ccname, sizeof(ccname),
220 "FILE:/tmp/krb5cc_%d_XXXXXXXXXX", geteuid());
221 if (ret == -1 || ret >= sizeof(ccname))
222 return ENOMEM;
223
224 old_umask = umask(0177);
225 tmpfd = mkstemp(ccname + strlen("FILE:"));
226 umask(old_umask);
227 if (tmpfd == -1) {
228 logit("mkstemp(): %.100s", strerror(errno));
229 return errno;
230 }
231
232 if (fchmod(tmpfd,S_IRUSR | S_IWUSR) == -1) {
233 logit("fchmod(): %.100s", strerror(errno));
234 close(tmpfd);
235 return errno;
236 }
237 close(tmpfd);
238
239 return (krb5_cc_resolve(ctx, ccname, ccache));
240}
241#endif /* !HEIMDAL */
237#endif /* KRB5 */ 242#endif /* KRB5 */
diff --git a/auth-pam.c b/auth-pam.c
index a8d372aac..0446cd559 100644
--- a/auth-pam.c
+++ b/auth-pam.c
@@ -47,7 +47,7 @@
47 47
48/* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */ 48/* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */
49#include "includes.h" 49#include "includes.h"
50RCSID("$Id: auth-pam.c,v 1.122 2005/05/25 06:18:10 dtucker Exp $"); 50RCSID("$Id: auth-pam.c,v 1.126 2005/07/17 07:18:50 djm Exp $");
51 51
52#ifdef USE_PAM 52#ifdef USE_PAM
53#if defined(HAVE_SECURITY_PAM_APPL_H) 53#if defined(HAVE_SECURITY_PAM_APPL_H)
@@ -56,6 +56,13 @@ RCSID("$Id: auth-pam.c,v 1.122 2005/05/25 06:18:10 dtucker Exp $");
56#include <pam/pam_appl.h> 56#include <pam/pam_appl.h>
57#endif 57#endif
58 58
59/* OpenGroup RFC86.0 and XSSO specify no "const" on arguments */
60#ifdef PAM_SUN_CODEBASE
61# define sshpam_const /* Solaris, HP-UX, AIX */
62#else
63# define sshpam_const const /* LinuxPAM, OpenPAM */
64#endif
65
59#include "auth.h" 66#include "auth.h"
60#include "auth-pam.h" 67#include "auth-pam.h"
61#include "buffer.h" 68#include "buffer.h"
@@ -116,14 +123,14 @@ static struct pam_ctxt *cleanup_ctxt;
116static int sshpam_thread_status = -1; 123static int sshpam_thread_status = -1;
117static mysig_t sshpam_oldsig; 124static mysig_t sshpam_oldsig;
118 125
119static void 126static void
120sshpam_sigchld_handler(int sig) 127sshpam_sigchld_handler(int sig)
121{ 128{
122 signal(SIGCHLD, SIG_DFL); 129 signal(SIGCHLD, SIG_DFL);
123 if (cleanup_ctxt == NULL) 130 if (cleanup_ctxt == NULL)
124 return; /* handler called after PAM cleanup, shouldn't happen */ 131 return; /* handler called after PAM cleanup, shouldn't happen */
125 if (waitpid(cleanup_ctxt->pam_thread, &sshpam_thread_status, WNOHANG) 132 if (waitpid(cleanup_ctxt->pam_thread, &sshpam_thread_status, WNOHANG)
126 <= 0) { 133 <= 0) {
127 /* PAM thread has not exitted, privsep slave must have */ 134 /* PAM thread has not exitted, privsep slave must have */
128 kill(cleanup_ctxt->pam_thread, SIGTERM); 135 kill(cleanup_ctxt->pam_thread, SIGTERM);
129 if (waitpid(cleanup_ctxt->pam_thread, &sshpam_thread_status, 0) 136 if (waitpid(cleanup_ctxt->pam_thread, &sshpam_thread_status, 0)
@@ -150,6 +157,7 @@ pthread_create(sp_pthread_t *thread, const void *attr __unused,
150 void *(*thread_start)(void *), void *arg) 157 void *(*thread_start)(void *), void *arg)
151{ 158{
152 pid_t pid; 159 pid_t pid;
160 struct pam_ctxt *ctx = arg;
153 161
154 sshpam_thread_status = -1; 162 sshpam_thread_status = -1;
155 switch ((pid = fork())) { 163 switch ((pid = fork())) {
@@ -157,10 +165,14 @@ pthread_create(sp_pthread_t *thread, const void *attr __unused,
157 error("fork(): %s", strerror(errno)); 165 error("fork(): %s", strerror(errno));
158 return (-1); 166 return (-1);
159 case 0: 167 case 0:
168 close(ctx->pam_psock);
169 ctx->pam_psock = -1;
160 thread_start(arg); 170 thread_start(arg);
161 _exit(1); 171 _exit(1);
162 default: 172 default:
163 *thread = pid; 173 *thread = pid;
174 close(ctx->pam_csock);
175 ctx->pam_csock = -1;
164 sshpam_oldsig = signal(SIGCHLD, sshpam_sigchld_handler); 176 sshpam_oldsig = signal(SIGCHLD, sshpam_sigchld_handler);
165 return (0); 177 return (0);
166 } 178 }
@@ -300,7 +312,7 @@ import_environments(Buffer *b)
300 * Conversation function for authentication thread. 312 * Conversation function for authentication thread.
301 */ 313 */
302static int 314static int
303sshpam_thread_conv(int n, struct pam_message **msg, 315sshpam_thread_conv(int n, sshpam_const struct pam_message **msg,
304 struct pam_response **resp, void *data) 316 struct pam_response **resp, void *data)
305{ 317{
306 Buffer buffer; 318 Buffer buffer;
@@ -399,8 +411,10 @@ sshpam_thread(void *ctxtp)
399 char **env_from_pam; 411 char **env_from_pam;
400 u_int i; 412 u_int i;
401 const char *pam_user; 413 const char *pam_user;
414 const char **ptr_pam_user = &pam_user;
402 415
403 pam_get_item(sshpam_handle, PAM_USER, (void **)&pam_user); 416 pam_get_item(sshpam_handle, PAM_USER,
417 (sshpam_const void **)ptr_pam_user);
404 environ[0] = NULL; 418 environ[0] = NULL;
405 419
406 if (sshpam_authctxt != NULL) { 420 if (sshpam_authctxt != NULL) {
@@ -492,7 +506,7 @@ sshpam_thread_cleanup(void)
492} 506}
493 507
494static int 508static int
495sshpam_null_conv(int n, struct pam_message **msg, 509sshpam_null_conv(int n, sshpam_const struct pam_message **msg,
496 struct pam_response **resp, void *data) 510 struct pam_response **resp, void *data)
497{ 511{
498 debug3("PAM: %s entering, %d messages", __func__, n); 512 debug3("PAM: %s entering, %d messages", __func__, n);
@@ -502,7 +516,7 @@ sshpam_null_conv(int n, struct pam_message **msg,
502static struct pam_conv null_conv = { sshpam_null_conv, NULL }; 516static struct pam_conv null_conv = { sshpam_null_conv, NULL };
503 517
504static int 518static int
505sshpam_store_conv(int n, struct pam_message **msg, 519sshpam_store_conv(int n, sshpam_const struct pam_message **msg,
506 struct pam_response **resp, void *data) 520 struct pam_response **resp, void *data)
507{ 521{
508 struct pam_response *reply; 522 struct pam_response *reply;
@@ -571,11 +585,12 @@ sshpam_init(Authctxt *authctxt)
571{ 585{
572 extern char *__progname; 586 extern char *__progname;
573 const char *pam_rhost, *pam_user, *user = authctxt->user; 587 const char *pam_rhost, *pam_user, *user = authctxt->user;
588 const char **ptr_pam_user = &pam_user;
574 589
575 if (sshpam_handle != NULL) { 590 if (sshpam_handle != NULL) {
576 /* We already have a PAM context; check if the user matches */ 591 /* We already have a PAM context; check if the user matches */
577 sshpam_err = pam_get_item(sshpam_handle, 592 sshpam_err = pam_get_item(sshpam_handle,
578 PAM_USER, (void **)&pam_user); 593 PAM_USER, (sshpam_const void **)ptr_pam_user);
579 if (sshpam_err == PAM_SUCCESS && strcmp(user, pam_user) == 0) 594 if (sshpam_err == PAM_SUCCESS && strcmp(user, pam_user) == 0)
580 return (0); 595 return (0);
581 pam_end(sshpam_handle, sshpam_err); 596 pam_end(sshpam_handle, sshpam_err);
@@ -765,7 +780,7 @@ sshpam_respond(void *ctx, u_int num, char **resp)
765 buffer_init(&buffer); 780 buffer_init(&buffer);
766 if (sshpam_authctxt->valid && 781 if (sshpam_authctxt->valid &&
767 (sshpam_authctxt->pw->pw_uid != 0 || 782 (sshpam_authctxt->pw->pw_uid != 0 ||
768 options.permit_root_login == PERMIT_YES)) 783 options.permit_root_login == PERMIT_YES))
769 buffer_put_cstring(&buffer, *resp); 784 buffer_put_cstring(&buffer, *resp);
770 else 785 else
771 buffer_put_cstring(&buffer, badpw); 786 buffer_put_cstring(&buffer, badpw);
@@ -838,7 +853,7 @@ do_pam_account(void)
838 sshpam_err = pam_acct_mgmt(sshpam_handle, 0); 853 sshpam_err = pam_acct_mgmt(sshpam_handle, 0);
839 debug3("PAM: %s pam_acct_mgmt = %d (%s)", __func__, sshpam_err, 854 debug3("PAM: %s pam_acct_mgmt = %d (%s)", __func__, sshpam_err,
840 pam_strerror(sshpam_handle, sshpam_err)); 855 pam_strerror(sshpam_handle, sshpam_err));
841 856
842 if (sshpam_err != PAM_SUCCESS && sshpam_err != PAM_NEW_AUTHTOK_REQD) { 857 if (sshpam_err != PAM_SUCCESS && sshpam_err != PAM_NEW_AUTHTOK_REQD) {
843 sshpam_account_status = 0; 858 sshpam_account_status = 0;
844 return (sshpam_account_status); 859 return (sshpam_account_status);
@@ -891,7 +906,7 @@ do_pam_setcred(int init)
891} 906}
892 907
893static int 908static int
894sshpam_tty_conv(int n, struct pam_message **msg, 909sshpam_tty_conv(int n, sshpam_const struct pam_message **msg,
895 struct pam_response **resp, void *data) 910 struct pam_response **resp, void *data)
896{ 911{
897 char input[PAM_MAX_MSG_SIZE]; 912 char input[PAM_MAX_MSG_SIZE];
@@ -1050,7 +1065,7 @@ free_pam_environment(char **env)
1050 * display. 1065 * display.
1051 */ 1066 */
1052static int 1067static int
1053sshpam_passwd_conv(int n, struct pam_message **msg, 1068sshpam_passwd_conv(int n, sshpam_const struct pam_message **msg,
1054 struct pam_response **resp, void *data) 1069 struct pam_response **resp, void *data)
1055{ 1070{
1056 struct pam_response *reply; 1071 struct pam_response *reply;
@@ -1096,7 +1111,7 @@ sshpam_passwd_conv(int n, struct pam_message **msg,
1096 *resp = reply; 1111 *resp = reply;
1097 return (PAM_SUCCESS); 1112 return (PAM_SUCCESS);
1098 1113
1099 fail: 1114 fail:
1100 for(i = 0; i < n; i++) { 1115 for(i = 0; i < n; i++) {
1101 if (reply[i].resp != NULL) 1116 if (reply[i].resp != NULL)
1102 xfree(reply[i].resp); 1117 xfree(reply[i].resp);
@@ -1129,7 +1144,7 @@ sshpam_auth_passwd(Authctxt *authctxt, const char *password)
1129 * information via timing (eg if the PAM config has a delay on fail). 1144 * information via timing (eg if the PAM config has a delay on fail).
1130 */ 1145 */
1131 if (!authctxt->valid || (authctxt->pw->pw_uid == 0 && 1146 if (!authctxt->valid || (authctxt->pw->pw_uid == 0 &&
1132 options.permit_root_login != PERMIT_YES)) 1147 options.permit_root_login != PERMIT_YES))
1133 sshpam_password = badpw; 1148 sshpam_password = badpw;
1134 1149
1135 sshpam_err = pam_set_item(sshpam_handle, PAM_CONV, 1150 sshpam_err = pam_set_item(sshpam_handle, PAM_CONV,
@@ -1143,7 +1158,7 @@ sshpam_auth_passwd(Authctxt *authctxt, const char *password)
1143 if (sshpam_err == PAM_SUCCESS && authctxt->valid) { 1158 if (sshpam_err == PAM_SUCCESS && authctxt->valid) {
1144 debug("PAM: password authentication accepted for %.100s", 1159 debug("PAM: password authentication accepted for %.100s",
1145 authctxt->user); 1160 authctxt->user);
1146 return 1; 1161 return 1;
1147 } else { 1162 } else {
1148 debug("PAM: password authentication failed for %.100s: %s", 1163 debug("PAM: password authentication failed for %.100s: %s",
1149 authctxt->valid ? authctxt->user : "an illegal user", 1164 authctxt->valid ? authctxt->user : "an illegal user",
diff --git a/auth-passwd.c b/auth-passwd.c
index 654e0b821..6e6d0d76a 100644
--- a/auth-passwd.c
+++ b/auth-passwd.c
@@ -36,7 +36,7 @@
36 */ 36 */
37 37
38#include "includes.h" 38#include "includes.h"
39RCSID("$OpenBSD: auth-passwd.c,v 1.33 2005/01/24 11:47:13 dtucker Exp $"); 39RCSID("$OpenBSD: auth-passwd.c,v 1.34 2005/07/19 15:32:26 otto Exp $");
40 40
41#include "packet.h" 41#include "packet.h"
42#include "buffer.h" 42#include "buffer.h"
@@ -163,6 +163,8 @@ sys_auth_passwd(Authctxt *authctxt, const char *password)
163 163
164 as = auth_usercheck(pw->pw_name, authctxt->style, "auth-ssh", 164 as = auth_usercheck(pw->pw_name, authctxt->style, "auth-ssh",
165 (char *)password); 165 (char *)password);
166 if (as == NULL)
167 return (0);
166 if (auth_getstate(as) & AUTH_PWEXPIRED) { 168 if (auth_getstate(as) & AUTH_PWEXPIRED) {
167 auth_close(as); 169 auth_close(as);
168 disable_forwarding(); 170 disable_forwarding();
diff --git a/auth-rh-rsa.c b/auth-rh-rsa.c
index 29eb538ec..c31f2b97b 100644
--- a/auth-rh-rsa.c
+++ b/auth-rh-rsa.c
@@ -13,7 +13,7 @@
13 */ 13 */
14 14
15#include "includes.h" 15#include "includes.h"
16RCSID("$OpenBSD: auth-rh-rsa.c,v 1.37 2003/11/04 08:54:09 djm Exp $"); 16RCSID("$OpenBSD: auth-rh-rsa.c,v 1.38 2005/07/17 07:17:54 djm Exp $");
17 17
18#include "packet.h" 18#include "packet.h"
19#include "uidswap.h" 19#include "uidswap.h"
@@ -86,7 +86,7 @@ auth_rhosts_rsa(Authctxt *authctxt, char *cuser, Key *client_host_key)
86 */ 86 */
87 87
88 verbose("Rhosts with RSA host authentication accepted for %.100s, %.100s on %.700s.", 88 verbose("Rhosts with RSA host authentication accepted for %.100s, %.100s on %.700s.",
89 pw->pw_name, cuser, chost); 89 pw->pw_name, cuser, chost);
90 packet_send_debug("Rhosts with RSA host authentication accepted."); 90 packet_send_debug("Rhosts with RSA host authentication accepted.");
91 return 1; 91 return 1;
92} 92}
diff --git a/auth-rhosts.c b/auth-rhosts.c
index 585246e82..aaba8557e 100644
--- a/auth-rhosts.c
+++ b/auth-rhosts.c
@@ -14,7 +14,7 @@
14 */ 14 */
15 15
16#include "includes.h" 16#include "includes.h"
17RCSID("$OpenBSD: auth-rhosts.c,v 1.32 2003/11/04 08:54:09 djm Exp $"); 17RCSID("$OpenBSD: auth-rhosts.c,v 1.33 2005/07/17 07:17:54 djm Exp $");
18 18
19#include "packet.h" 19#include "packet.h"
20#include "uidswap.h" 20#include "uidswap.h"
@@ -133,7 +133,7 @@ check_rhosts_file(const char *filename, const char *hostname,
133 /* If the entry was negated, deny access. */ 133 /* If the entry was negated, deny access. */
134 if (negated) { 134 if (negated) {
135 auth_debug_add("Matched negative entry in %.100s.", 135 auth_debug_add("Matched negative entry in %.100s.",
136 filename); 136 filename);
137 return 0; 137 return 0;
138 } 138 }
139 /* Accept authentication. */ 139 /* Accept authentication. */
diff --git a/auth-rsa.c b/auth-rsa.c
index 4378008d3..d9c9652dc 100644
--- a/auth-rsa.c
+++ b/auth-rsa.c
@@ -14,7 +14,7 @@
14 */ 14 */
15 15
16#include "includes.h" 16#include "includes.h"
17RCSID("$OpenBSD: auth-rsa.c,v 1.62 2004/12/11 01:48:56 dtucker Exp $"); 17RCSID("$OpenBSD: auth-rsa.c,v 1.63 2005/06/17 02:44:32 djm Exp $");
18 18
19#include <openssl/rsa.h> 19#include <openssl/rsa.h>
20#include <openssl/md5.h> 20#include <openssl/md5.h>
@@ -205,6 +205,7 @@ auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey)
205 while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) { 205 while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) {
206 char *cp; 206 char *cp;
207 char *key_options; 207 char *key_options;
208 int keybits;
208 209
209 /* Skip leading whitespace, empty and comment lines. */ 210 /* Skip leading whitespace, empty and comment lines. */
210 for (cp = line; *cp == ' ' || *cp == '\t'; cp++) 211 for (cp = line; *cp == ' ' || *cp == '\t'; cp++)
@@ -243,7 +244,8 @@ auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey)
243 continue; 244 continue;
244 245
245 /* check the real bits */ 246 /* check the real bits */
246 if (bits != BN_num_bits(key->rsa->n)) 247 keybits = BN_num_bits(key->rsa->n);
248 if (keybits < 0 || bits != (u_int)keybits)
247 logit("Warning: %s, line %lu: keysize mismatch: " 249 logit("Warning: %s, line %lu: keysize mismatch: "
248 "actual %d vs. announced %d.", 250 "actual %d vs. announced %d.",
249 file, linenum, BN_num_bits(key->rsa->n), bits); 251 file, linenum, BN_num_bits(key->rsa->n), bits);
diff --git a/auth-shadow.c b/auth-shadow.c
index f6004f68f..59737b93c 100644
--- a/auth-shadow.c
+++ b/auth-shadow.c
@@ -23,7 +23,7 @@
23 */ 23 */
24 24
25#include "includes.h" 25#include "includes.h"
26RCSID("$Id: auth-shadow.c,v 1.6 2005/02/16 03:20:06 dtucker Exp $"); 26RCSID("$Id: auth-shadow.c,v 1.7 2005/07/17 07:04:47 djm Exp $");
27 27
28#if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE) 28#if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE)
29#include <shadow.h> 29#include <shadow.h>
@@ -101,7 +101,7 @@ auth_shadow_pwexpired(Authctxt *ctxt)
101#if defined(__hpux) && !defined(HAVE_SECUREWARE) 101#if defined(__hpux) && !defined(HAVE_SECUREWARE)
102 if (iscomsec()) { 102 if (iscomsec()) {
103 struct pr_passwd *pr; 103 struct pr_passwd *pr;
104 104
105 pr = getprpwnam((char *)user); 105 pr = getprpwnam((char *)user);
106 106
107 /* Test for Trusted Mode expiry disabled */ 107 /* Test for Trusted Mode expiry disabled */
diff --git a/auth-skey.c b/auth-skey.c
index ac1af69ed..f676dbec9 100644
--- a/auth-skey.c
+++ b/auth-skey.c
@@ -47,7 +47,7 @@ skey_query(void *ctx, char **name, char **infotxt,
47 int len; 47 int len;
48 struct skey skey; 48 struct skey skey;
49 49
50 if (_compat_skeychallenge(&skey, authctxt->user, challenge, 50 if (_compat_skeychallenge(&skey, authctxt->user, challenge,
51 sizeof(challenge)) == -1) 51 sizeof(challenge)) == -1)
52 return -1; 52 return -1;
53 53
diff --git a/auth.c b/auth.c
index 46b013137..2dc5c2be6 100644
--- a/auth.c
+++ b/auth.c
@@ -23,7 +23,7 @@
23 */ 23 */
24 24
25#include "includes.h" 25#include "includes.h"
26RCSID("$OpenBSD: auth.c,v 1.58 2005/03/14 11:44:42 dtucker Exp $"); 26RCSID("$OpenBSD: auth.c,v 1.60 2005/06/17 02:44:32 djm Exp $");
27 27
28#ifdef HAVE_LOGIN_H 28#ifdef HAVE_LOGIN_H
29#include <login.h> 29#include <login.h>
@@ -76,7 +76,7 @@ allowed_user(struct passwd * pw)
76 struct stat st; 76 struct stat st;
77 const char *hostname = NULL, *ipaddr = NULL, *passwd = NULL; 77 const char *hostname = NULL, *ipaddr = NULL, *passwd = NULL;
78 char *shell; 78 char *shell;
79 int i; 79 u_int i;
80#ifdef USE_SHADOW 80#ifdef USE_SHADOW
81 struct spwd *spw = NULL; 81 struct spwd *spw = NULL;
82#endif 82#endif
@@ -97,7 +97,11 @@ allowed_user(struct passwd * pw)
97 /* grab passwd field for locked account check */ 97 /* grab passwd field for locked account check */
98#ifdef USE_SHADOW 98#ifdef USE_SHADOW
99 if (spw != NULL) 99 if (spw != NULL)
100#if defined(HAVE_LIBIAF) && !defined(BROKEN_LIBIAF)
101 passwd = get_iaf_password(pw);
102#else
100 passwd = spw->sp_pwdp; 103 passwd = spw->sp_pwdp;
104#endif /* HAVE_LIBIAF && !BROKEN_LIBIAF */
101#else 105#else
102 passwd = pw->pw_passwd; 106 passwd = pw->pw_passwd;
103#endif 107#endif
@@ -119,6 +123,9 @@ allowed_user(struct passwd * pw)
119 if (strstr(passwd, LOCKED_PASSWD_SUBSTR)) 123 if (strstr(passwd, LOCKED_PASSWD_SUBSTR))
120 locked = 1; 124 locked = 1;
121#endif 125#endif
126#if defined(HAVE_LIBIAF) && !defined(BROKEN_LIBIAF)
127 free(passwd);
128#endif /* HAVE_LIBIAF && !BROKEN_LIBIAF */
122 if (locked) { 129 if (locked) {
123 logit("User %.100s not allowed because account is locked", 130 logit("User %.100s not allowed because account is locked",
124 pw->pw_name); 131 pw->pw_name);
@@ -326,64 +333,41 @@ auth_root_allowed(char *method)
326 * 333 *
327 * This returns a buffer allocated by xmalloc. 334 * This returns a buffer allocated by xmalloc.
328 */ 335 */
329char * 336static char *
330expand_filename(const char *filename, struct passwd *pw) 337expand_authorized_keys(const char *filename, struct passwd *pw)
331{ 338{
332 Buffer buffer; 339 char *file, *ret;
333 char *file;
334 const char *cp;
335 340
336 /* 341 file = percent_expand(filename, "h", pw->pw_dir,
337 * Build the filename string in the buffer by making the appropriate 342 "u", pw->pw_name, (char *)NULL);
338 * substitutions to the given file name.
339 */
340 buffer_init(&buffer);
341 for (cp = filename; *cp; cp++) {
342 if (cp[0] == '%' && cp[1] == '%') {
343 buffer_append(&buffer, "%", 1);
344 cp++;
345 continue;
346 }
347 if (cp[0] == '%' && cp[1] == 'h') {
348 buffer_append(&buffer, pw->pw_dir, strlen(pw->pw_dir));
349 cp++;
350 continue;
351 }
352 if (cp[0] == '%' && cp[1] == 'u') {
353 buffer_append(&buffer, pw->pw_name,
354 strlen(pw->pw_name));
355 cp++;
356 continue;
357 }
358 buffer_append(&buffer, cp, 1);
359 }
360 buffer_append(&buffer, "\0", 1);
361 343
362 /* 344 /*
363 * Ensure that filename starts anchored. If not, be backward 345 * Ensure that filename starts anchored. If not, be backward
364 * compatible and prepend the '%h/' 346 * compatible and prepend the '%h/'
365 */ 347 */
366 file = xmalloc(MAXPATHLEN); 348 if (*file == '/')
367 cp = buffer_ptr(&buffer); 349 return (file);
368 if (*cp != '/') 350
369 snprintf(file, MAXPATHLEN, "%s/%s", pw->pw_dir, cp); 351 ret = xmalloc(MAXPATHLEN);
370 else 352 if (strlcpy(ret, pw->pw_dir, MAXPATHLEN) >= MAXPATHLEN ||
371 strlcpy(file, cp, MAXPATHLEN); 353 strlcat(ret, "/", MAXPATHLEN) >= MAXPATHLEN ||
354 strlcat(ret, file, MAXPATHLEN) >= MAXPATHLEN)
355 fatal("expand_authorized_keys: path too long");
372 356
373 buffer_free(&buffer); 357 xfree(file);
374 return file; 358 return (ret);
375} 359}
376 360
377char * 361char *
378authorized_keys_file(struct passwd *pw) 362authorized_keys_file(struct passwd *pw)
379{ 363{
380 return expand_filename(options.authorized_keys_file, pw); 364 return expand_authorized_keys(options.authorized_keys_file, pw);
381} 365}
382 366
383char * 367char *
384authorized_keys_file2(struct passwd *pw) 368authorized_keys_file2(struct passwd *pw)
385{ 369{
386 return expand_filename(options.authorized_keys_file2, pw); 370 return expand_authorized_keys(options.authorized_keys_file2, pw);
387} 371}
388 372
389/* return ok if key exists in sysfile or userfile */ 373/* return ok if key exists in sysfile or userfile */
diff --git a/auth.h b/auth.h
index d1399032e..f3a31c446 100644
--- a/auth.h
+++ b/auth.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth.h,v 1.50 2004/05/23 23:59:53 dtucker Exp $ */ 1/* $OpenBSD: auth.h,v 1.51 2005/06/06 11:20:36 djm Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2000 Markus Friedl. All rights reserved. 4 * Copyright (c) 2000 Markus Friedl. All rights reserved.
@@ -164,7 +164,6 @@ char *get_challenge(Authctxt *);
164int verify_response(Authctxt *, const char *); 164int verify_response(Authctxt *, const char *);
165void abandon_challenge_response(Authctxt *); 165void abandon_challenge_response(Authctxt *);
166 166
167char *expand_filename(const char *, struct passwd *);
168char *authorized_keys_file(struct passwd *); 167char *authorized_keys_file(struct passwd *);
169char *authorized_keys_file2(struct passwd *); 168char *authorized_keys_file2(struct passwd *);
170 169
@@ -193,4 +192,9 @@ int sys_auth_passwd(Authctxt *, const char *);
193#define AUTH_FAIL_MSG "Too many authentication failures for %.100s" 192#define AUTH_FAIL_MSG "Too many authentication failures for %.100s"
194 193
195#define SKEY_PROMPT "\nS/Key Password: " 194#define SKEY_PROMPT "\nS/Key Password: "
195
196#if defined(KRB5) && !defined(HEIMDAL)
197#include <krb5.h>
198krb5_error_code ssh_krb5_cc_gen(krb5_context, krb5_ccache *);
199#endif
196#endif 200#endif
diff --git a/auth1.c b/auth1.c
index 4fe00ddae..f89c3cf4f 100644
--- a/auth1.c
+++ b/auth1.c
@@ -10,7 +10,7 @@
10 */ 10 */
11 11
12#include "includes.h" 12#include "includes.h"
13RCSID("$OpenBSD: auth1.c,v 1.59 2004/07/28 09:40:29 markus Exp $"); 13RCSID("$OpenBSD: auth1.c,v 1.62 2005/07/16 01:35:24 djm Exp $");
14 14
15#include "xmalloc.h" 15#include "xmalloc.h"
16#include "rsa.h" 16#include "rsa.h"
@@ -31,28 +31,182 @@ RCSID("$OpenBSD: auth1.c,v 1.59 2004/07/28 09:40:29 markus Exp $");
31extern ServerOptions options; 31extern ServerOptions options;
32extern Buffer loginmsg; 32extern Buffer loginmsg;
33 33
34/* 34static int auth1_process_password(Authctxt *, char *, size_t);
35 * convert ssh auth msg type into description 35static int auth1_process_rsa(Authctxt *, char *, size_t);
36 */ 36static int auth1_process_rhosts_rsa(Authctxt *, char *, size_t);
37static int auth1_process_tis_challenge(Authctxt *, char *, size_t);
38static int auth1_process_tis_response(Authctxt *, char *, size_t);
39
40static char *client_user = NULL; /* Used to fill in remote user for PAM */
41
42struct AuthMethod1 {
43 int type;
44 char *name;
45 int *enabled;
46 int (*method)(Authctxt *, char *, size_t);
47};
48
49const struct AuthMethod1 auth1_methods[] = {
50 {
51 SSH_CMSG_AUTH_PASSWORD, "password",
52 &options.password_authentication, auth1_process_password
53 },
54 {
55 SSH_CMSG_AUTH_RSA, "rsa",
56 &options.rsa_authentication, auth1_process_rsa
57 },
58 {
59 SSH_CMSG_AUTH_RHOSTS_RSA, "rhosts-rsa",
60 &options.rhosts_rsa_authentication, auth1_process_rhosts_rsa
61 },
62 {
63 SSH_CMSG_AUTH_TIS, "challenge-response",
64 &options.challenge_response_authentication,
65 auth1_process_tis_challenge
66 },
67 {
68 SSH_CMSG_AUTH_TIS_RESPONSE, "challenge-response",
69 &options.challenge_response_authentication,
70 auth1_process_tis_response
71 },
72 { -1, NULL, NULL, NULL}
73};
74
75static const struct AuthMethod1
76*lookup_authmethod1(int type)
77{
78 int i;
79
80 for(i = 0; auth1_methods[i].name != NULL; i++)
81 if (auth1_methods[i].type == type)
82 return (&(auth1_methods[i]));
83
84 return (NULL);
85}
86
37static char * 87static char *
38get_authname(int type) 88get_authname(int type)
39{ 89{
40 static char buf[1024]; 90 const struct AuthMethod1 *a;
41 switch (type) { 91 static char buf[64];
42 case SSH_CMSG_AUTH_PASSWORD: 92
43 return "password"; 93 if ((a = lookup_authmethod1(type)) != NULL)
44 case SSH_CMSG_AUTH_RSA: 94 return (a->name);
45 return "rsa"; 95 snprintf(buf, sizeof(buf), "bad-auth-msg-%d", type);
46 case SSH_CMSG_AUTH_RHOSTS_RSA: 96 return (buf);
47 return "rhosts-rsa"; 97}
48 case SSH_CMSG_AUTH_RHOSTS: 98
49 return "rhosts"; 99static int
50 case SSH_CMSG_AUTH_TIS: 100auth1_process_password(Authctxt *authctxt, char *info, size_t infolen)
51 case SSH_CMSG_AUTH_TIS_RESPONSE: 101{
52 return "challenge-response"; 102 int authenticated = 0;
103 char *password;
104 u_int dlen;
105
106 /*
107 * Read user password. It is in plain text, but was
108 * transmitted over the encrypted channel so it is
109 * not visible to an outside observer.
110 */
111 password = packet_get_string(&dlen);
112 packet_check_eom();
113
114 /* Try authentication with the password. */
115 authenticated = PRIVSEP(auth_password(authctxt, password));
116
117 memset(password, 0, dlen);
118 xfree(password);
119
120 return (authenticated);
121}
122
123static int
124auth1_process_rsa(Authctxt *authctxt, char *info, size_t infolen)
125{
126 int authenticated = 0;
127 BIGNUM *n;
128
129 /* RSA authentication requested. */
130 if ((n = BN_new()) == NULL)
131 fatal("do_authloop: BN_new failed");
132 packet_get_bignum(n);
133 packet_check_eom();
134 authenticated = auth_rsa(authctxt, n);
135 BN_clear_free(n);
136
137 return (authenticated);
138}
139
140static int
141auth1_process_rhosts_rsa(Authctxt *authctxt, char *info, size_t infolen)
142{
143 int keybits, authenticated = 0;
144 u_int bits;
145 Key *client_host_key;
146 u_int ulen;
147
148 /*
149 * Get client user name. Note that we just have to
150 * trust the client; root on the client machine can
151 * claim to be any user.
152 */
153 client_user = packet_get_string(&ulen);
154
155 /* Get the client host key. */
156 client_host_key = key_new(KEY_RSA1);
157 bits = packet_get_int();
158 packet_get_bignum(client_host_key->rsa->e);
159 packet_get_bignum(client_host_key->rsa->n);
160
161 keybits = BN_num_bits(client_host_key->rsa->n);
162 if (keybits < 0 || bits != (u_int)keybits) {
163 verbose("Warning: keysize mismatch for client_host_key: "
164 "actual %d, announced %d",
165 BN_num_bits(client_host_key->rsa->n), bits);
53 } 166 }
54 snprintf(buf, sizeof buf, "bad-auth-msg-%d", type); 167 packet_check_eom();
55 return buf; 168
169 authenticated = auth_rhosts_rsa(authctxt, client_user,
170 client_host_key);
171 key_free(client_host_key);
172
173 snprintf(info, infolen, " ruser %.100s", client_user);
174
175 return (authenticated);
176}
177
178static int
179auth1_process_tis_challenge(Authctxt *authctxt, char *info, size_t infolen)
180{
181 char *challenge;
182
183 if ((challenge = get_challenge(authctxt)) == NULL)
184 return (0);
185
186 debug("sending challenge '%s'", challenge);
187 packet_start(SSH_SMSG_AUTH_TIS_CHALLENGE);
188 packet_put_cstring(challenge);
189 xfree(challenge);
190 packet_send();
191 packet_write_wait();
192
193 return (-1);
194}
195
196static int
197auth1_process_tis_response(Authctxt *authctxt, char *info, size_t infolen)
198{
199 int authenticated = 0;
200 char *response;
201 u_int dlen;
202
203 response = packet_get_string(&dlen);
204 packet_check_eom();
205 authenticated = verify_response(authctxt, response);
206 memset(response, 'r', dlen);
207 xfree(response);
208
209 return (authenticated);
56} 210}
57 211
58/* 212/*
@@ -63,14 +217,9 @@ static void
63do_authloop(Authctxt *authctxt) 217do_authloop(Authctxt *authctxt)
64{ 218{
65 int authenticated = 0; 219 int authenticated = 0;
66 u_int bits;
67 Key *client_host_key;
68 BIGNUM *n;
69 char *client_user, *password;
70 char info[1024]; 220 char info[1024];
71 u_int dlen; 221 int prev = 0, type = 0;
72 u_int ulen; 222 const struct AuthMethod1 *meth;
73 int prev, type = 0;
74 223
75 debug("Attempting authentication for %s%.100s.", 224 debug("Attempting authentication for %s%.100s.",
76 authctxt->valid ? "" : "invalid user ", authctxt->user); 225 authctxt->valid ? "" : "invalid user ", authctxt->user);
@@ -95,8 +244,6 @@ do_authloop(Authctxt *authctxt)
95 packet_send(); 244 packet_send();
96 packet_write_wait(); 245 packet_write_wait();
97 246
98 client_user = NULL;
99
100 for (;;) { 247 for (;;) {
101 /* default to fail */ 248 /* default to fail */
102 authenticated = 0; 249 authenticated = 0;
@@ -118,107 +265,21 @@ do_authloop(Authctxt *authctxt)
118 type != SSH_CMSG_AUTH_TIS_RESPONSE) 265 type != SSH_CMSG_AUTH_TIS_RESPONSE)
119 abandon_challenge_response(authctxt); 266 abandon_challenge_response(authctxt);
120 267
121 /* Process the packet. */ 268 if ((meth = lookup_authmethod1(type)) == NULL) {
122 switch (type) { 269 logit("Unknown message during authentication: "
123 case SSH_CMSG_AUTH_RHOSTS_RSA: 270 "type %d", type);
124 if (!options.rhosts_rsa_authentication) { 271 goto skip;
125 verbose("Rhosts with RSA authentication disabled."); 272 }
126 break; 273
127 } 274 if (!*(meth->enabled)) {
128 /* 275 verbose("%s authentication disabled.", meth->name);
129 * Get client user name. Note that we just have to 276 goto skip;
130 * trust the client; root on the client machine can
131 * claim to be any user.
132 */
133 client_user = packet_get_string(&ulen);
134
135 /* Get the client host key. */
136 client_host_key = key_new(KEY_RSA1);
137 bits = packet_get_int();
138 packet_get_bignum(client_host_key->rsa->e);
139 packet_get_bignum(client_host_key->rsa->n);
140
141 if (bits != BN_num_bits(client_host_key->rsa->n))
142 verbose("Warning: keysize mismatch for client_host_key: "
143 "actual %d, announced %d",
144 BN_num_bits(client_host_key->rsa->n), bits);
145 packet_check_eom();
146
147 authenticated = auth_rhosts_rsa(authctxt, client_user,
148 client_host_key);
149 key_free(client_host_key);
150
151 snprintf(info, sizeof info, " ruser %.100s", client_user);
152 break;
153
154 case SSH_CMSG_AUTH_RSA:
155 if (!options.rsa_authentication) {
156 verbose("RSA authentication disabled.");
157 break;
158 }
159 /* RSA authentication requested. */
160 if ((n = BN_new()) == NULL)
161 fatal("do_authloop: BN_new failed");
162 packet_get_bignum(n);
163 packet_check_eom();
164 authenticated = auth_rsa(authctxt, n);
165 BN_clear_free(n);
166 break;
167
168 case SSH_CMSG_AUTH_PASSWORD:
169 if (!options.password_authentication) {
170 verbose("Password authentication disabled.");
171 break;
172 }
173 /*
174 * Read user password. It is in plain text, but was
175 * transmitted over the encrypted channel so it is
176 * not visible to an outside observer.
177 */
178 password = packet_get_string(&dlen);
179 packet_check_eom();
180
181 /* Try authentication with the password. */
182 authenticated = PRIVSEP(auth_password(authctxt, password));
183
184 memset(password, 0, strlen(password));
185 xfree(password);
186 break;
187
188 case SSH_CMSG_AUTH_TIS:
189 debug("rcvd SSH_CMSG_AUTH_TIS");
190 if (options.challenge_response_authentication == 1) {
191 char *challenge = get_challenge(authctxt);
192 if (challenge != NULL) {
193 debug("sending challenge '%s'", challenge);
194 packet_start(SSH_SMSG_AUTH_TIS_CHALLENGE);
195 packet_put_cstring(challenge);
196 xfree(challenge);
197 packet_send();
198 packet_write_wait();
199 continue;
200 }
201 }
202 break;
203 case SSH_CMSG_AUTH_TIS_RESPONSE:
204 debug("rcvd SSH_CMSG_AUTH_TIS_RESPONSE");
205 if (options.challenge_response_authentication == 1) {
206 char *response = packet_get_string(&dlen);
207 packet_check_eom();
208 authenticated = verify_response(authctxt, response);
209 memset(response, 'r', dlen);
210 xfree(response);
211 }
212 break;
213
214 default:
215 /*
216 * Any unknown messages will be ignored (and failure
217 * returned) during authentication.
218 */
219 logit("Unknown message during authentication: type %d", type);
220 break;
221 } 277 }
278
279 authenticated = meth->method(authctxt, info, sizeof(info));
280 if (authenticated == -1)
281 continue; /* "postponed" */
282
222#ifdef BSD_AUTH 283#ifdef BSD_AUTH
223 if (authctxt->as) { 284 if (authctxt->as) {
224 auth_close(authctxt->as); 285 auth_close(authctxt->as);
@@ -238,7 +299,7 @@ do_authloop(Authctxt *authctxt)
238 299
239#ifdef HAVE_CYGWIN 300#ifdef HAVE_CYGWIN
240 if (authenticated && 301 if (authenticated &&
241 !check_nt_auth(type == SSH_CMSG_AUTH_PASSWORD, 302 !check_nt_auth(type == SSH_CMSG_AUTH_PASSWORD,
242 authctxt->pw)) { 303 authctxt->pw)) {
243 packet_disconnect("Authentication rejected for uid %d.", 304 packet_disconnect("Authentication rejected for uid %d.",
244 authctxt->pw == NULL ? -1 : authctxt->pw->pw_uid); 305 authctxt->pw == NULL ? -1 : authctxt->pw->pw_uid);
@@ -247,8 +308,8 @@ do_authloop(Authctxt *authctxt)
247#else 308#else
248 /* Special handling for root */ 309 /* Special handling for root */
249 if (authenticated && authctxt->pw->pw_uid == 0 && 310 if (authenticated && authctxt->pw->pw_uid == 0 &&
250 !auth_root_allowed(get_authname(type))) { 311 !auth_root_allowed(meth->name)) {
251 authenticated = 0; 312 authenticated = 0;
252# ifdef SSH_AUDIT_EVENTS 313# ifdef SSH_AUDIT_EVENTS
253 PRIVSEP(audit_event(SSH_LOGIN_ROOT_DENIED)); 314 PRIVSEP(audit_event(SSH_LOGIN_ROOT_DENIED));
254# endif 315# endif
@@ -262,7 +323,7 @@ do_authloop(Authctxt *authctxt)
262 size_t len; 323 size_t len;
263 324
264 error("Access denied for user %s by PAM account " 325 error("Access denied for user %s by PAM account "
265 "configuration", authctxt->user); 326 "configuration", authctxt->user);
266 len = buffer_len(&loginmsg); 327 len = buffer_len(&loginmsg);
267 buffer_append(&loginmsg, "\0", 1); 328 buffer_append(&loginmsg, "\0", 1);
268 msg = buffer_ptr(&loginmsg); 329 msg = buffer_ptr(&loginmsg);
@@ -276,6 +337,7 @@ do_authloop(Authctxt *authctxt)
276 } 337 }
277#endif 338#endif
278 339
340 skip:
279 /* Log before sending the reply */ 341 /* Log before sending the reply */
280 auth_log(authctxt, authenticated, get_authname(type), info); 342 auth_log(authctxt, authenticated, get_authname(type), info);
281 343
@@ -347,7 +409,7 @@ do_authentication(Authctxt *authctxt)
347 409
348 /* 410 /*
349 * If we are not running as root, the user must have the same uid as 411 * If we are not running as root, the user must have the same uid as
350 * the server. (Unless you are running Windows) 412 * the server.
351 */ 413 */
352#ifndef HAVE_CYGWIN 414#ifndef HAVE_CYGWIN
353 if (!use_privsep && getuid() != 0 && authctxt->pw && 415 if (!use_privsep && getuid() != 0 && authctxt->pw &&
diff --git a/auth2-chall.c b/auth2-chall.c
index 384a543ee..b147cadf3 100644
--- a/auth2-chall.c
+++ b/auth2-chall.c
@@ -23,7 +23,7 @@
23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24 */ 24 */
25#include "includes.h" 25#include "includes.h"
26RCSID("$OpenBSD: auth2-chall.c,v 1.22 2005/01/19 13:11:47 dtucker Exp $"); 26RCSID("$OpenBSD: auth2-chall.c,v 1.24 2005/07/17 07:17:54 djm Exp $");
27 27
28#include "ssh2.h" 28#include "ssh2.h"
29#include "auth.h" 29#include "auth.h"
@@ -167,7 +167,7 @@ kbdint_next_device(KbdintAuthctxt *kbdintctxt)
167 kbdintctxt->devices = t[len] ? xstrdup(t+len+1) : NULL; 167 kbdintctxt->devices = t[len] ? xstrdup(t+len+1) : NULL;
168 xfree(t); 168 xfree(t);
169 debug2("kbdint_next_device: devices %s", kbdintctxt->devices ? 169 debug2("kbdint_next_device: devices %s", kbdintctxt->devices ?
170 kbdintctxt->devices : "<empty>"); 170 kbdintctxt->devices : "<empty>");
171 } while (kbdintctxt->devices && !kbdintctxt->device); 171 } while (kbdintctxt->devices && !kbdintctxt->device);
172 172
173 return kbdintctxt->device ? 1 : 0; 173 return kbdintctxt->device ? 1 : 0;
@@ -239,8 +239,7 @@ send_userauth_info_request(Authctxt *authctxt)
239{ 239{
240 KbdintAuthctxt *kbdintctxt; 240 KbdintAuthctxt *kbdintctxt;
241 char *name, *instr, **prompts; 241 char *name, *instr, **prompts;
242 int i; 242 u_int i, *echo_on;
243 u_int *echo_on;
244 243
245 kbdintctxt = authctxt->kbdintctxt; 244 kbdintctxt = authctxt->kbdintctxt;
246 if (kbdintctxt->device->query(kbdintctxt->ctxt, 245 if (kbdintctxt->device->query(kbdintctxt->ctxt,
@@ -273,8 +272,8 @@ input_userauth_info_response(int type, u_int32_t seq, void *ctxt)
273{ 272{
274 Authctxt *authctxt = ctxt; 273 Authctxt *authctxt = ctxt;
275 KbdintAuthctxt *kbdintctxt; 274 KbdintAuthctxt *kbdintctxt;
276 int i, authenticated = 0, res, len; 275 int authenticated = 0, res, len;
277 u_int nresp; 276 u_int i, nresp;
278 char **response = NULL, *method; 277 char **response = NULL, *method;
279 278
280 if (authctxt == NULL) 279 if (authctxt == NULL)
diff --git a/auth2-gss.c b/auth2-gss.c
index 3289ba18e..4d468a0e8 100644
--- a/auth2-gss.c
+++ b/auth2-gss.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth2-gss.c,v 1.8 2004/06/21 17:36:31 avsm Exp $ */ 1/* $OpenBSD: auth2-gss.c,v 1.10 2005/07/17 07:17:54 djm Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. 4 * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
@@ -61,7 +61,7 @@ userauth_gssapi(Authctxt *authctxt)
61 int present; 61 int present;
62 OM_uint32 ms; 62 OM_uint32 ms;
63 u_int len; 63 u_int len;
64 char *doid = NULL; 64 u_char *doid = NULL;
65 65
66 if (!authctxt->valid || authctxt->user == NULL) 66 if (!authctxt->valid || authctxt->user == NULL)
67 return (0); 67 return (0);
@@ -82,9 +82,8 @@ userauth_gssapi(Authctxt *authctxt)
82 present = 0; 82 present = 0;
83 doid = packet_get_string(&len); 83 doid = packet_get_string(&len);
84 84
85 if (len > 2 && 85 if (len > 2 && doid[0] == SSH_GSS_OIDTYPE &&
86 doid[0] == SSH_GSS_OIDTYPE && 86 doid[1] == len - 2) {
87 doid[1] == len - 2) {
88 goid.elements = doid + 2; 87 goid.elements = doid + 2;
89 goid.length = len - 2; 88 goid.length = len - 2;
90 gss_test_oid_set_member(&ms, &goid, supported, 89 gss_test_oid_set_member(&ms, &goid, supported,
diff --git a/auth2.c b/auth2.c
index a89842358..dfb284691 100644
--- a/auth2.c
+++ b/auth2.c
@@ -240,7 +240,7 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method)
240 packet_write_wait(); 240 packet_write_wait();
241 } 241 }
242 fatal("Access denied for user %s by PAM account " 242 fatal("Access denied for user %s by PAM account "
243 "configuration", authctxt->user); 243 "configuration", authctxt->user);
244 } 244 }
245 } 245 }
246#endif 246#endif
diff --git a/authfd.c b/authfd.c
index 662350cef..8976616b4 100644
--- a/authfd.c
+++ b/authfd.c
@@ -35,7 +35,7 @@
35 */ 35 */
36 36
37#include "includes.h" 37#include "includes.h"
38RCSID("$OpenBSD: authfd.c,v 1.64 2004/08/11 21:44:31 avsm Exp $"); 38RCSID("$OpenBSD: authfd.c,v 1.66 2005/06/17 02:44:32 djm Exp $");
39 39
40#include <openssl/evp.h> 40#include <openssl/evp.h>
41 41
@@ -114,8 +114,7 @@ ssh_get_authentication_socket(void)
114static int 114static int
115ssh_request_reply(AuthenticationConnection *auth, Buffer *request, Buffer *reply) 115ssh_request_reply(AuthenticationConnection *auth, Buffer *request, Buffer *reply)
116{ 116{
117 int l; 117 u_int l, len;
118 u_int len;
119 char buf[1024]; 118 char buf[1024];
120 119
121 /* Get the length of the message, and format it in the buffer. */ 120 /* Get the length of the message, and format it in the buffer. */
@@ -149,8 +148,7 @@ ssh_request_reply(AuthenticationConnection *auth, Buffer *request, Buffer *reply
149 l = len; 148 l = len;
150 if (l > sizeof(buf)) 149 if (l > sizeof(buf))
151 l = sizeof(buf); 150 l = sizeof(buf);
152 l = atomicio(read, auth->fd, buf, l); 151 if (atomicio(read, auth->fd, buf, l) != l) {
153 if (l <= 0) {
154 error("Error reading response from authentication socket."); 152 error("Error reading response from authentication socket.");
155 return 0; 153 return 0;
156 } 154 }
@@ -303,6 +301,7 @@ ssh_get_first_identity(AuthenticationConnection *auth, char **comment, int versi
303Key * 301Key *
304ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int version) 302ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int version)
305{ 303{
304 int keybits;
306 u_int bits; 305 u_int bits;
307 u_char *blob; 306 u_char *blob;
308 u_int blen; 307 u_int blen;
@@ -323,7 +322,8 @@ ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int versio
323 buffer_get_bignum(&auth->identities, key->rsa->e); 322 buffer_get_bignum(&auth->identities, key->rsa->e);
324 buffer_get_bignum(&auth->identities, key->rsa->n); 323 buffer_get_bignum(&auth->identities, key->rsa->n);
325 *comment = buffer_get_string(&auth->identities, NULL); 324 *comment = buffer_get_string(&auth->identities, NULL);
326 if (bits != BN_num_bits(key->rsa->n)) 325 keybits = BN_num_bits(key->rsa->n);
326 if (keybits < 0 || bits != (u_int)keybits)
327 logit("Warning: identity keysize mismatch: actual %d, announced %u", 327 logit("Warning: identity keysize mismatch: actual %d, announced %u",
328 BN_num_bits(key->rsa->n), bits); 328 BN_num_bits(key->rsa->n), bits);
329 break; 329 break;
diff --git a/authfile.c b/authfile.c
index 6a04cd7a9..420813f37 100644
--- a/authfile.c
+++ b/authfile.c
@@ -36,7 +36,7 @@
36 */ 36 */
37 37
38#include "includes.h" 38#include "includes.h"
39RCSID("$OpenBSD: authfile.c,v 1.60 2004/12/11 01:48:56 dtucker Exp $"); 39RCSID("$OpenBSD: authfile.c,v 1.61 2005/06/17 02:44:32 djm Exp $");
40 40
41#include <openssl/err.h> 41#include <openssl/err.h>
42#include <openssl/evp.h> 42#include <openssl/evp.h>
@@ -52,6 +52,7 @@ RCSID("$OpenBSD: authfile.c,v 1.60 2004/12/11 01:48:56 dtucker Exp $");
52#include "authfile.h" 52#include "authfile.h"
53#include "rsa.h" 53#include "rsa.h"
54#include "misc.h" 54#include "misc.h"
55#include "atomicio.h"
55 56
56/* Version identification string for SSH v1 identity files. */ 57/* Version identification string for SSH v1 identity files. */
57static const char authfile_id_string[] = 58static const char authfile_id_string[] =
@@ -147,8 +148,8 @@ key_save_private_rsa1(Key *key, const char *filename, const char *passphrase,
147 buffer_free(&encrypted); 148 buffer_free(&encrypted);
148 return 0; 149 return 0;
149 } 150 }
150 if (write(fd, buffer_ptr(&encrypted), buffer_len(&encrypted)) != 151 if (atomicio(vwrite, fd, buffer_ptr(&encrypted),
151 buffer_len(&encrypted)) { 152 buffer_len(&encrypted)) != buffer_len(&encrypted)) {
152 error("write to key file %s failed: %s", filename, 153 error("write to key file %s failed: %s", filename,
153 strerror(errno)); 154 strerror(errno));
154 buffer_free(&encrypted); 155 buffer_free(&encrypted);
@@ -236,7 +237,7 @@ key_load_public_rsa1(int fd, const char *filename, char **commentp)
236 Key *pub; 237 Key *pub;
237 struct stat st; 238 struct stat st;
238 char *cp; 239 char *cp;
239 int i; 240 u_int i;
240 size_t len; 241 size_t len;
241 242
242 if (fstat(fd, &st) < 0) { 243 if (fstat(fd, &st) < 0) {
@@ -253,7 +254,7 @@ key_load_public_rsa1(int fd, const char *filename, char **commentp)
253 buffer_init(&buffer); 254 buffer_init(&buffer);
254 cp = buffer_append_space(&buffer, len); 255 cp = buffer_append_space(&buffer, len);
255 256
256 if (read(fd, cp, (size_t) len) != (size_t) len) { 257 if (atomicio(read, fd, cp, len) != len) {
257 debug("Read from key file %.200s failed: %.100s", filename, 258 debug("Read from key file %.200s failed: %.100s", filename,
258 strerror(errno)); 259 strerror(errno));
259 buffer_free(&buffer); 260 buffer_free(&buffer);
@@ -322,7 +323,8 @@ static Key *
322key_load_private_rsa1(int fd, const char *filename, const char *passphrase, 323key_load_private_rsa1(int fd, const char *filename, const char *passphrase,
323 char **commentp) 324 char **commentp)
324{ 325{
325 int i, check1, check2, cipher_type; 326 u_int i;
327 int check1, check2, cipher_type;
326 size_t len; 328 size_t len;
327 Buffer buffer, decrypted; 329 Buffer buffer, decrypted;
328 u_char *cp; 330 u_char *cp;
@@ -347,7 +349,7 @@ key_load_private_rsa1(int fd, const char *filename, const char *passphrase,
347 buffer_init(&buffer); 349 buffer_init(&buffer);
348 cp = buffer_append_space(&buffer, len); 350 cp = buffer_append_space(&buffer, len);
349 351
350 if (read(fd, cp, (size_t) len) != (size_t) len) { 352 if (atomicio(read, fd, cp, len) != len) {
351 debug("Read from key file %.200s failed: %.100s", filename, 353 debug("Read from key file %.200s failed: %.100s", filename,
352 strerror(errno)); 354 strerror(errno));
353 buffer_free(&buffer); 355 buffer_free(&buffer);
diff --git a/bufaux.c b/bufaux.c
index 5dbf2b770..8d096a056 100644
--- a/bufaux.c
+++ b/bufaux.c
@@ -37,7 +37,7 @@
37 */ 37 */
38 38
39#include "includes.h" 39#include "includes.h"
40RCSID("$OpenBSD: bufaux.c,v 1.35 2005/03/10 22:01:05 deraadt Exp $"); 40RCSID("$OpenBSD: bufaux.c,v 1.36 2005/06/17 02:44:32 djm Exp $");
41 41
42#include <openssl/bn.h> 42#include <openssl/bn.h>
43#include "bufaux.h" 43#include "bufaux.h"
@@ -154,7 +154,7 @@ buffer_put_bignum2_ret(Buffer *buffer, const BIGNUM *value)
154 buf[0] = 0x00; 154 buf[0] = 0x00;
155 /* Get the value of in binary */ 155 /* Get the value of in binary */
156 oi = BN_bn2bin(value, buf+1); 156 oi = BN_bn2bin(value, buf+1);
157 if (oi != bytes-1) { 157 if (oi < 0 || (u_int)oi != bytes - 1) {
158 error("buffer_put_bignum2_ret: BN_bn2bin() failed: " 158 error("buffer_put_bignum2_ret: BN_bn2bin() failed: "
159 "oi %d != bin_size %d", oi, bytes); 159 "oi %d != bin_size %d", oi, bytes);
160 xfree(buf); 160 xfree(buf);
diff --git a/canohost.c b/canohost.c
index 94d666432..c27086bfd 100644
--- a/canohost.c
+++ b/canohost.c
@@ -12,7 +12,7 @@
12 */ 12 */
13 13
14#include "includes.h" 14#include "includes.h"
15RCSID("$OpenBSD: canohost.c,v 1.42 2005/02/18 03:05:53 djm Exp $"); 15RCSID("$OpenBSD: canohost.c,v 1.44 2005/06/17 02:44:32 djm Exp $");
16 16
17#include "packet.h" 17#include "packet.h"
18#include "xmalloc.h" 18#include "xmalloc.h"
@@ -143,7 +143,8 @@ check_ip_options(int sock, char *ipaddr)
143 u_char options[200]; 143 u_char options[200];
144 char text[sizeof(options) * 3 + 1]; 144 char text[sizeof(options) * 3 + 1];
145 socklen_t option_size; 145 socklen_t option_size;
146 int i, ipproto; 146 u_int i;
147 int ipproto;
147 struct protoent *ip; 148 struct protoent *ip;
148 149
149 if ((ip = getprotobyname("ip")) != NULL) 150 if ((ip = getprotobyname("ip")) != NULL)
@@ -173,7 +174,7 @@ ipv64_normalise_mapped(struct sockaddr_storage *addr, socklen_t *len)
173 struct in_addr inaddr; 174 struct in_addr inaddr;
174 u_int16_t port; 175 u_int16_t port;
175 176
176 if (addr->ss_family != AF_INET6 || 177 if (addr->ss_family != AF_INET6 ||
177 !IN6_IS_ADDR_V4MAPPED(&a6->sin6_addr)) 178 !IN6_IS_ADDR_V4MAPPED(&a6->sin6_addr))
178 return; 179 return;
179 180
@@ -346,7 +347,7 @@ get_sock_port(int sock, int local)
346 } else { 347 } else {
347 if (getpeername(sock, (struct sockaddr *)&from, &fromlen) < 0) { 348 if (getpeername(sock, (struct sockaddr *)&from, &fromlen) < 0) {
348 debug("getpeername failed: %.100s", strerror(errno)); 349 debug("getpeername failed: %.100s", strerror(errno));
349 cleanup_exit(255); 350 return -1;
350 } 351 }
351 } 352 }
352 353
diff --git a/channels.c b/channels.c
index b8507ca13..707b57d86 100644
--- a/channels.c
+++ b/channels.c
@@ -39,7 +39,7 @@
39 */ 39 */
40 40
41#include "includes.h" 41#include "includes.h"
42RCSID("$OpenBSD: channels.c,v 1.214 2005/03/14 11:46:56 markus Exp $"); 42RCSID("$OpenBSD: channels.c,v 1.223 2005/07/17 07:17:54 djm Exp $");
43 43
44#include "ssh.h" 44#include "ssh.h"
45#include "ssh1.h" 45#include "ssh1.h"
@@ -111,6 +111,9 @@ static int all_opens_permitted = 0;
111/* Maximum number of fake X11 displays to try. */ 111/* Maximum number of fake X11 displays to try. */
112#define MAX_DISPLAYS 1000 112#define MAX_DISPLAYS 1000
113 113
114/* Saved X11 local (client) display. */
115static char *x11_saved_display = NULL;
116
114/* Saved X11 authentication protocol name. */ 117/* Saved X11 authentication protocol name. */
115static char *x11_saved_proto = NULL; 118static char *x11_saved_proto = NULL;
116 119
@@ -727,8 +730,8 @@ channel_pre_open(Channel *c, fd_set * readset, fd_set * writeset)
727 FD_SET(c->wfd, writeset); 730 FD_SET(c->wfd, writeset);
728 } else if (c->ostate == CHAN_OUTPUT_WAIT_DRAIN) { 731 } else if (c->ostate == CHAN_OUTPUT_WAIT_DRAIN) {
729 if (CHANNEL_EFD_OUTPUT_ACTIVE(c)) 732 if (CHANNEL_EFD_OUTPUT_ACTIVE(c))
730 debug2("channel %d: obuf_empty delayed efd %d/(%d)", 733 debug2("channel %d: obuf_empty delayed efd %d/(%d)",
731 c->self, c->efd, buffer_len(&c->extended)); 734 c->self, c->efd, buffer_len(&c->extended));
732 else 735 else
733 chan_obuf_empty(c); 736 chan_obuf_empty(c);
734 } 737 }
@@ -894,7 +897,7 @@ static int
894channel_decode_socks4(Channel *c, fd_set * readset, fd_set * writeset) 897channel_decode_socks4(Channel *c, fd_set * readset, fd_set * writeset)
895{ 898{
896 char *p, *host; 899 char *p, *host;
897 int len, have, i, found; 900 u_int len, have, i, found;
898 char username[256]; 901 char username[256];
899 struct { 902 struct {
900 u_int8_t version; 903 u_int8_t version;
@@ -979,7 +982,7 @@ channel_decode_socks5(Channel *c, fd_set * readset, fd_set * writeset)
979 } s5_req, s5_rsp; 982 } s5_req, s5_rsp;
980 u_int16_t dest_port; 983 u_int16_t dest_port;
981 u_char *p, dest_addr[255+1]; 984 u_char *p, dest_addr[255+1];
982 int i, have, found, nmethods, addrlen, af; 985 u_int have, i, found, nmethods, addrlen, af;
983 986
984 debug2("channel %d: decode socks5", c->self); 987 debug2("channel %d: decode socks5", c->self);
985 p = buffer_ptr(&c->input); 988 p = buffer_ptr(&c->input);
@@ -1075,7 +1078,8 @@ static void
1075channel_pre_dynamic(Channel *c, fd_set * readset, fd_set * writeset) 1078channel_pre_dynamic(Channel *c, fd_set * readset, fd_set * writeset)
1076{ 1079{
1077 u_char *p; 1080 u_char *p;
1078 int have, ret; 1081 u_int have;
1082 int ret;
1079 1083
1080 have = buffer_len(&c->input); 1084 have = buffer_len(&c->input);
1081 c->delayed = 0; 1085 c->delayed = 0;
@@ -1178,7 +1182,7 @@ port_open_helper(Channel *c, char *rtype)
1178 int direct; 1182 int direct;
1179 char buf[1024]; 1183 char buf[1024];
1180 char *remote_ipaddr = get_peer_ipaddr(c->sock); 1184 char *remote_ipaddr = get_peer_ipaddr(c->sock);
1181 u_short remote_port = get_peer_port(c->sock); 1185 int remote_port = get_peer_port(c->sock);
1182 1186
1183 direct = (strcmp(rtype, "direct-tcpip") == 0); 1187 direct = (strcmp(rtype, "direct-tcpip") == 0);
1184 1188
@@ -1208,7 +1212,7 @@ port_open_helper(Channel *c, char *rtype)
1208 } 1212 }
1209 /* originator host and port */ 1213 /* originator host and port */
1210 packet_put_cstring(remote_ipaddr); 1214 packet_put_cstring(remote_ipaddr);
1211 packet_put_int(remote_port); 1215 packet_put_int((u_int)remote_port);
1212 packet_send(); 1216 packet_send();
1213 } else { 1217 } else {
1214 packet_start(SSH_MSG_PORT_OPEN); 1218 packet_start(SSH_MSG_PORT_OPEN);
@@ -1809,8 +1813,8 @@ channel_output_poll(void)
1809 * hack for extended data: delay EOF if EFD still in use. 1813 * hack for extended data: delay EOF if EFD still in use.
1810 */ 1814 */
1811 if (CHANNEL_EFD_INPUT_ACTIVE(c)) 1815 if (CHANNEL_EFD_INPUT_ACTIVE(c))
1812 debug2("channel %d: ibuf_empty delayed efd %d/(%d)", 1816 debug2("channel %d: ibuf_empty delayed efd %d/(%d)",
1813 c->self, c->efd, buffer_len(&c->extended)); 1817 c->self, c->efd, buffer_len(&c->extended));
1814 else 1818 else
1815 chan_ibuf_empty(c); 1819 chan_ibuf_empty(c);
1816 } 1820 }
@@ -2195,11 +2199,11 @@ channel_setup_fwd_listener(int type, const char *listen_addr, u_short listen_por
2195 2199
2196 if (host == NULL) { 2200 if (host == NULL) {
2197 error("No forward host name."); 2201 error("No forward host name.");
2198 return success; 2202 return 0;
2199 } 2203 }
2200 if (strlen(host) > SSH_CHANNEL_PATH_LEN - 1) { 2204 if (strlen(host) > SSH_CHANNEL_PATH_LEN - 1) {
2201 error("Forward host name too long."); 2205 error("Forward host name too long.");
2202 return success; 2206 return 0;
2203 } 2207 }
2204 2208
2205 /* 2209 /*
@@ -2250,12 +2254,10 @@ channel_setup_fwd_listener(int type, const char *listen_addr, u_short listen_por
2250 packet_disconnect("getaddrinfo: fatal error: %s", 2254 packet_disconnect("getaddrinfo: fatal error: %s",
2251 gai_strerror(r)); 2255 gai_strerror(r));
2252 } else { 2256 } else {
2253 verbose("channel_setup_fwd_listener: " 2257 error("channel_setup_fwd_listener: "
2254 "getaddrinfo(%.64s): %s", addr, gai_strerror(r));
2255 packet_send_debug("channel_setup_fwd_listener: "
2256 "getaddrinfo(%.64s): %s", addr, gai_strerror(r)); 2258 "getaddrinfo(%.64s): %s", addr, gai_strerror(r));
2257 } 2259 }
2258 aitop = NULL; 2260 return 0;
2259 } 2261 }
2260 2262
2261 for (ai = aitop; ai; ai = ai->ai_next) { 2263 for (ai = aitop; ai; ai = ai->ai_next) {
@@ -2657,7 +2659,7 @@ channel_send_window_changes(void)
2657 */ 2659 */
2658int 2660int
2659x11_create_display_inet(int x11_display_offset, int x11_use_localhost, 2661x11_create_display_inet(int x11_display_offset, int x11_use_localhost,
2660 int single_connection, u_int *display_numberp) 2662 int single_connection, u_int *display_numberp, int **chanids)
2661{ 2663{
2662 Channel *nc = NULL; 2664 Channel *nc = NULL;
2663 int display_number, sock; 2665 int display_number, sock;
@@ -2751,6 +2753,8 @@ x11_create_display_inet(int x11_display_offset, int x11_use_localhost,
2751 } 2753 }
2752 2754
2753 /* Allocate a channel for each socket. */ 2755 /* Allocate a channel for each socket. */
2756 if (chanids != NULL)
2757 *chanids = xmalloc(sizeof(**chanids) * (num_socks + 1));
2754 for (n = 0; n < num_socks; n++) { 2758 for (n = 0; n < num_socks; n++) {
2755 sock = socks[n]; 2759 sock = socks[n];
2756 nc = channel_new("x11 listener", 2760 nc = channel_new("x11 listener",
@@ -2758,7 +2762,11 @@ x11_create_display_inet(int x11_display_offset, int x11_use_localhost,
2758 CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT, 2762 CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT,
2759 0, "X11 inet listener", 1); 2763 0, "X11 inet listener", 1);
2760 nc->single_connection = single_connection; 2764 nc->single_connection = single_connection;
2765 if (*chanids != NULL)
2766 (*chanids)[n] = nc->self;
2761 } 2767 }
2768 if (*chanids != NULL)
2769 (*chanids)[n] = -1;
2762 2770
2763 /* Return the display number for the DISPLAY environment variable. */ 2771 /* Return the display number for the DISPLAY environment variable. */
2764 *display_numberp = display_number; 2772 *display_numberp = display_number;
@@ -2956,19 +2964,27 @@ deny_input_open(int type, u_int32_t seq, void *ctxt)
2956 * This should be called in the client only. 2964 * This should be called in the client only.
2957 */ 2965 */
2958void 2966void
2959x11_request_forwarding_with_spoofing(int client_session_id, 2967x11_request_forwarding_with_spoofing(int client_session_id, const char *disp,
2960 const char *proto, const char *data) 2968 const char *proto, const char *data)
2961{ 2969{
2962 u_int data_len = (u_int) strlen(data) / 2; 2970 u_int data_len = (u_int) strlen(data) / 2;
2963 u_int i, value, len; 2971 u_int i, value;
2964 char *new_data; 2972 char *new_data;
2965 int screen_number; 2973 int screen_number;
2966 const char *cp; 2974 const char *cp;
2967 u_int32_t rnd = 0; 2975 u_int32_t rnd = 0;
2968 2976
2969 cp = getenv("DISPLAY"); 2977 if (x11_saved_display == NULL)
2970 if (cp) 2978 x11_saved_display = xstrdup(disp);
2971 cp = strchr(cp, ':'); 2979 else if (strcmp(disp, x11_saved_display) != 0) {
2980 error("x11_request_forwarding_with_spoofing: different "
2981 "$DISPLAY already forwarded");
2982 return;
2983 }
2984
2985 cp = disp;
2986 if (disp)
2987 cp = strchr(disp, ':');
2972 if (cp) 2988 if (cp)
2973 cp = strchr(cp, '.'); 2989 cp = strchr(cp, '.');
2974 if (cp) 2990 if (cp)
@@ -2976,33 +2992,31 @@ x11_request_forwarding_with_spoofing(int client_session_id,
2976 else 2992 else
2977 screen_number = 0; 2993 screen_number = 0;
2978 2994
2979 /* Save protocol name. */ 2995 if (x11_saved_proto == NULL) {
2980 x11_saved_proto = xstrdup(proto); 2996 /* Save protocol name. */
2981 2997 x11_saved_proto = xstrdup(proto);
2982 /* 2998 /*
2983 * Extract real authentication data and generate fake data of the 2999 * Extract real authentication data and generate fake data
2984 * same length. 3000 * of the same length.
2985 */ 3001 */
2986 x11_saved_data = xmalloc(data_len); 3002 x11_saved_data = xmalloc(data_len);
2987 x11_fake_data = xmalloc(data_len); 3003 x11_fake_data = xmalloc(data_len);
2988 for (i = 0; i < data_len; i++) { 3004 for (i = 0; i < data_len; i++) {
2989 if (sscanf(data + 2 * i, "%2x", &value) != 1) 3005 if (sscanf(data + 2 * i, "%2x", &value) != 1)
2990 fatal("x11_request_forwarding: bad authentication data: %.100s", data); 3006 fatal("x11_request_forwarding: bad "
2991 if (i % 4 == 0) 3007 "authentication data: %.100s", data);
2992 rnd = arc4random(); 3008 if (i % 4 == 0)
2993 x11_saved_data[i] = value; 3009 rnd = arc4random();
2994 x11_fake_data[i] = rnd & 0xff; 3010 x11_saved_data[i] = value;
2995 rnd >>= 8; 3011 x11_fake_data[i] = rnd & 0xff;
2996 } 3012 rnd >>= 8;
2997 x11_saved_data_len = data_len; 3013 }
2998 x11_fake_data_len = data_len; 3014 x11_saved_data_len = data_len;
3015 x11_fake_data_len = data_len;
3016 }
2999 3017
3000 /* Convert the fake data into hex. */ 3018 /* Convert the fake data into hex. */
3001 len = 2 * data_len + 1; 3019 new_data = tohex(x11_fake_data, data_len);
3002 new_data = xmalloc(len);
3003 for (i = 0; i < data_len; i++)
3004 snprintf(new_data + 2 * i, len - 2 * i,
3005 "%02x", (u_char) x11_fake_data[i]);
3006 3020
3007 /* Send the request packet. */ 3021 /* Send the request packet. */
3008 if (compat20) { 3022 if (compat20) {
diff --git a/channels.h b/channels.h
index fc20fb2c3..1cb2c3a34 100644
--- a/channels.h
+++ b/channels.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: channels.h,v 1.76 2005/03/01 10:09:52 djm Exp $ */ 1/* $OpenBSD: channels.h,v 1.79 2005/07/17 06:49:04 djm Exp $ */
2 2
3/* 3/*
4 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -149,7 +149,7 @@ struct Channel {
149 buffer_len(&c->extended) > 0)) 149 buffer_len(&c->extended) > 0))
150#define CHANNEL_EFD_OUTPUT_ACTIVE(c) \ 150#define CHANNEL_EFD_OUTPUT_ACTIVE(c) \
151 (compat20 && c->extended_usage == CHAN_EXTENDED_WRITE && \ 151 (compat20 && c->extended_usage == CHAN_EXTENDED_WRITE && \
152 ((c->efd != -1 && !(c->flags & (CHAN_EOF_RCVD|CHAN_CLOSE_RCVD))) || \ 152 c->efd != -1 && (!(c->flags & (CHAN_EOF_RCVD|CHAN_CLOSE_RCVD)) || \
153 buffer_len(&c->extended) > 0)) 153 buffer_len(&c->extended) > 0))
154 154
155/* channel management */ 155/* channel management */
@@ -214,9 +214,10 @@ int channel_cancel_rport_listener(const char *, u_short);
214/* x11 forwarding */ 214/* x11 forwarding */
215 215
216int x11_connect_display(void); 216int x11_connect_display(void);
217int x11_create_display_inet(int, int, int, u_int *); 217int x11_create_display_inet(int, int, int, u_int *, int **);
218void x11_input_open(int, u_int32_t, void *); 218void x11_input_open(int, u_int32_t, void *);
219void x11_request_forwarding_with_spoofing(int, const char *, const char *); 219void x11_request_forwarding_with_spoofing(int, const char *, const char *,
220 const char *);
220void deny_input_open(int, u_int32_t, void *); 221void deny_input_open(int, u_int32_t, void *);
221 222
222/* agent forwarding */ 223/* agent forwarding */
diff --git a/cipher-acss.c b/cipher-acss.c
index 3a966a74d..a95fa6747 100644
--- a/cipher-acss.c
+++ b/cipher-acss.c
@@ -17,7 +17,7 @@
17#include "includes.h" 17#include "includes.h"
18#include <openssl/evp.h> 18#include <openssl/evp.h>
19 19
20RCSID("$Id: cipher-acss.c,v 1.2 2004/02/06 04:26:11 dtucker Exp $"); 20RCSID("$Id: cipher-acss.c,v 1.3 2005/07/17 07:04:47 djm Exp $");
21 21
22#if !defined(EVP_CTRL_SET_ACSS_MODE) && (OPENSSL_VERSION_NUMBER >= 0x00907000L) 22#if !defined(EVP_CTRL_SET_ACSS_MODE) && (OPENSSL_VERSION_NUMBER >= 0x00907000L)
23 23
@@ -33,7 +33,7 @@ typedef struct {
33#define EVP_CTRL_SET_ACSS_SUBKEY 0xff07 33#define EVP_CTRL_SET_ACSS_SUBKEY 0xff07
34 34
35static int 35static int
36acss_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, 36acss_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
37 const unsigned char *iv, int enc) 37 const unsigned char *iv, int enc)
38{ 38{
39 acss_setkey(&data(ctx)->ks,key,enc,ACSS_DATA); 39 acss_setkey(&data(ctx)->ks,key,enc,ACSS_DATA);
@@ -41,7 +41,7 @@ acss_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
41} 41}
42 42
43static int 43static int
44acss_ciph(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, 44acss_ciph(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in,
45 unsigned int inl) 45 unsigned int inl)
46{ 46{
47 acss(&data(ctx)->ks,inl,in,out); 47 acss(&data(ctx)->ks,inl,in,out);
diff --git a/cipher-ctr.c b/cipher-ctr.c
index 43f1ede57..856177349 100644
--- a/cipher-ctr.c
+++ b/cipher-ctr.c
@@ -14,7 +14,7 @@
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15 */ 15 */
16#include "includes.h" 16#include "includes.h"
17RCSID("$OpenBSD: cipher-ctr.c,v 1.5 2004/12/22 02:13:19 djm Exp $"); 17RCSID("$OpenBSD: cipher-ctr.c,v 1.6 2005/07/17 07:17:55 djm Exp $");
18 18
19#include <openssl/evp.h> 19#include <openssl/evp.h>
20 20
@@ -95,7 +95,7 @@ ssh_aes_ctr_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv,
95 } 95 }
96 if (key != NULL) 96 if (key != NULL)
97 AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, 97 AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
98 &c->aes_ctx); 98 &c->aes_ctx);
99 if (iv != NULL) 99 if (iv != NULL)
100 memcpy(c->aes_counter, iv, AES_BLOCK_SIZE); 100 memcpy(c->aes_counter, iv, AES_BLOCK_SIZE);
101 return (1); 101 return (1);
diff --git a/cipher.c b/cipher.c
index beba4618d..0dddf270a 100644
--- a/cipher.c
+++ b/cipher.c
@@ -35,7 +35,7 @@
35 */ 35 */
36 36
37#include "includes.h" 37#include "includes.h"
38RCSID("$OpenBSD: cipher.c,v 1.73 2005/01/23 10:18:12 djm Exp $"); 38RCSID("$OpenBSD: cipher.c,v 1.77 2005/07/16 01:35:24 djm Exp $");
39 39
40#include "xmalloc.h" 40#include "xmalloc.h"
41#include "log.h" 41#include "log.h"
@@ -43,25 +43,8 @@ RCSID("$OpenBSD: cipher.c,v 1.73 2005/01/23 10:18:12 djm Exp $");
43 43
44#include <openssl/md5.h> 44#include <openssl/md5.h>
45 45
46#if OPENSSL_VERSION_NUMBER < 0x00906000L 46/* compatibility with old or broken OpenSSL versions */
47#define SSH_OLD_EVP 47#include "openbsd-compat/openssl-compat.h"
48#define EVP_CIPHER_CTX_get_app_data(e) ((e)->app_data)
49#endif
50
51#if OPENSSL_VERSION_NUMBER < 0x00907000L
52extern const EVP_CIPHER *evp_rijndael(void);
53extern void ssh_rijndael_iv(EVP_CIPHER_CTX *, int, u_char *, u_int);
54#endif
55
56#if !defined(EVP_CTRL_SET_ACSS_MODE)
57# if (OPENSSL_VERSION_NUMBER >= 0x00907000L)
58extern const EVP_CIPHER *evp_acss(void);
59# define EVP_acss evp_acss
60# define EVP_CTRL_SET_ACSS_MODE xxx /* used below */
61# else
62# define EVP_acss NULL /* Don't try to support ACSS on older OpenSSL */
63# endif /* (OPENSSL_VERSION_NUMBER >= 0x00906000L) */
64#endif /* !defined(EVP_CTRL_SET_ACSS_MODE) */
65 48
66extern const EVP_CIPHER *evp_ssh1_bf(void); 49extern const EVP_CIPHER *evp_ssh1_bf(void);
67extern const EVP_CIPHER *evp_ssh1_3des(void); 50extern const EVP_CIPHER *evp_ssh1_3des(void);
@@ -74,39 +57,32 @@ struct Cipher {
74 int number; /* for ssh1 only */ 57 int number; /* for ssh1 only */
75 u_int block_size; 58 u_int block_size;
76 u_int key_len; 59 u_int key_len;
60 u_int discard_len;
77 const EVP_CIPHER *(*evptype)(void); 61 const EVP_CIPHER *(*evptype)(void);
78} ciphers[] = { 62} ciphers[] = {
79 { "none", SSH_CIPHER_NONE, 8, 0, EVP_enc_null }, 63 { "none", SSH_CIPHER_NONE, 8, 0, 0, EVP_enc_null },
80 { "des", SSH_CIPHER_DES, 8, 8, EVP_des_cbc }, 64 { "des", SSH_CIPHER_DES, 8, 8, 0, EVP_des_cbc },
81 { "3des", SSH_CIPHER_3DES, 8, 16, evp_ssh1_3des }, 65 { "3des", SSH_CIPHER_3DES, 8, 16, 0, evp_ssh1_3des },
82 { "blowfish", SSH_CIPHER_BLOWFISH, 8, 32, evp_ssh1_bf }, 66 { "blowfish", SSH_CIPHER_BLOWFISH, 8, 32, 0, evp_ssh1_bf },
83 67
84 { "3des-cbc", SSH_CIPHER_SSH2, 8, 24, EVP_des_ede3_cbc }, 68 { "3des-cbc", SSH_CIPHER_SSH2, 8, 24, 0, EVP_des_ede3_cbc },
85 { "blowfish-cbc", SSH_CIPHER_SSH2, 8, 16, EVP_bf_cbc }, 69 { "blowfish-cbc", SSH_CIPHER_SSH2, 8, 16, 0, EVP_bf_cbc },
86 { "cast128-cbc", SSH_CIPHER_SSH2, 8, 16, EVP_cast5_cbc }, 70 { "cast128-cbc", SSH_CIPHER_SSH2, 8, 16, 0, EVP_cast5_cbc },
87 { "arcfour", SSH_CIPHER_SSH2, 8, 16, EVP_rc4 }, 71 { "arcfour", SSH_CIPHER_SSH2, 8, 16, 0, EVP_rc4 },
88#if OPENSSL_VERSION_NUMBER < 0x00907000L 72 { "arcfour128", SSH_CIPHER_SSH2, 8, 16, 1536, EVP_rc4 },
89 { "aes128-cbc", SSH_CIPHER_SSH2, 16, 16, evp_rijndael }, 73 { "arcfour256", SSH_CIPHER_SSH2, 8, 32, 1536, EVP_rc4 },
90 { "aes192-cbc", SSH_CIPHER_SSH2, 16, 24, evp_rijndael }, 74 { "aes128-cbc", SSH_CIPHER_SSH2, 16, 16, 0, EVP_aes_128_cbc },
91 { "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, evp_rijndael }, 75 { "aes192-cbc", SSH_CIPHER_SSH2, 16, 24, 0, EVP_aes_192_cbc },
76 { "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, 0, EVP_aes_256_cbc },
92 { "rijndael-cbc@lysator.liu.se", 77 { "rijndael-cbc@lysator.liu.se",
93 SSH_CIPHER_SSH2, 16, 32, evp_rijndael }, 78 SSH_CIPHER_SSH2, 16, 32, 0, EVP_aes_256_cbc },
94#else 79 { "aes128-ctr", SSH_CIPHER_SSH2, 16, 16, 0, evp_aes_128_ctr },
95 { "aes128-cbc", SSH_CIPHER_SSH2, 16, 16, EVP_aes_128_cbc }, 80 { "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, 0, evp_aes_128_ctr },
96 { "aes192-cbc", SSH_CIPHER_SSH2, 16, 24, EVP_aes_192_cbc }, 81 { "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, 0, evp_aes_128_ctr },
97 { "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, EVP_aes_256_cbc }, 82#ifdef USE_CIPHER_ACSS
98 { "rijndael-cbc@lysator.liu.se", 83 { "acss@openssh.org", SSH_CIPHER_SSH2, 16, 5, 0, EVP_acss },
99 SSH_CIPHER_SSH2, 16, 32, EVP_aes_256_cbc },
100#endif
101#if OPENSSL_VERSION_NUMBER >= 0x00905000L
102 { "aes128-ctr", SSH_CIPHER_SSH2, 16, 16, evp_aes_128_ctr },
103 { "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, evp_aes_128_ctr },
104 { "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, evp_aes_128_ctr },
105#endif 84#endif
106#if defined(EVP_CTRL_SET_ACSS_MODE) 85 { NULL, SSH_CIPHER_INVALID, 0, 0, 0, NULL }
107 { "acss@openssh.org", SSH_CIPHER_SSH2, 16, 5, EVP_acss },
108#endif
109 { NULL, SSH_CIPHER_INVALID, 0, 0, NULL }
110}; 86};
111 87
112/*--*/ 88/*--*/
@@ -222,8 +198,9 @@ cipher_init(CipherContext *cc, Cipher *cipher,
222 EVP_CIPHER *type; 198 EVP_CIPHER *type;
223#else 199#else
224 const EVP_CIPHER *type; 200 const EVP_CIPHER *type;
225#endif
226 int klen; 201 int klen;
202#endif
203 u_char *junk, *discard;
227 204
228 if (cipher->number == SSH_CIPHER_DES) { 205 if (cipher->number == SSH_CIPHER_DES) {
229 if (dowarn) { 206 if (dowarn) {
@@ -261,7 +238,7 @@ cipher_init(CipherContext *cc, Cipher *cipher,
261 fatal("cipher_init: EVP_CipherInit failed for %s", 238 fatal("cipher_init: EVP_CipherInit failed for %s",
262 cipher->name); 239 cipher->name);
263 klen = EVP_CIPHER_CTX_key_length(&cc->evp); 240 klen = EVP_CIPHER_CTX_key_length(&cc->evp);
264 if (klen > 0 && keylen != klen) { 241 if (klen > 0 && keylen != (u_int)klen) {
265 debug2("cipher_init: set keylen (%d -> %d)", klen, keylen); 242 debug2("cipher_init: set keylen (%d -> %d)", klen, keylen);
266 if (EVP_CIPHER_CTX_set_key_length(&cc->evp, keylen) == 0) 243 if (EVP_CIPHER_CTX_set_key_length(&cc->evp, keylen) == 0)
267 fatal("cipher_init: set keylen failed (%d -> %d)", 244 fatal("cipher_init: set keylen failed (%d -> %d)",
@@ -271,6 +248,17 @@ cipher_init(CipherContext *cc, Cipher *cipher,
271 fatal("cipher_init: EVP_CipherInit: set key failed for %s", 248 fatal("cipher_init: EVP_CipherInit: set key failed for %s",
272 cipher->name); 249 cipher->name);
273#endif 250#endif
251
252 if (cipher->discard_len > 0) {
253 junk = xmalloc(cipher->discard_len);
254 discard = xmalloc(cipher->discard_len);
255 if (EVP_Cipher(&cc->evp, discard, junk,
256 cipher->discard_len) == 0)
257 fatal("evp_crypt: EVP_Cipher failed during discard");
258 memset(discard, 0, cipher->discard_len);
259 xfree(junk);
260 xfree(discard);
261 }
274} 262}
275 263
276void 264void
@@ -278,23 +266,15 @@ cipher_crypt(CipherContext *cc, u_char *dest, const u_char *src, u_int len)
278{ 266{
279 if (len % cc->cipher->block_size) 267 if (len % cc->cipher->block_size)
280 fatal("cipher_encrypt: bad plaintext length %d", len); 268 fatal("cipher_encrypt: bad plaintext length %d", len);
281#ifdef SSH_OLD_EVP
282 EVP_Cipher(&cc->evp, dest, (u_char *)src, len);
283#else
284 if (EVP_Cipher(&cc->evp, dest, (u_char *)src, len) == 0) 269 if (EVP_Cipher(&cc->evp, dest, (u_char *)src, len) == 0)
285 fatal("evp_crypt: EVP_Cipher failed"); 270 fatal("evp_crypt: EVP_Cipher failed");
286#endif
287} 271}
288 272
289void 273void
290cipher_cleanup(CipherContext *cc) 274cipher_cleanup(CipherContext *cc)
291{ 275{
292#ifdef SSH_OLD_EVP
293 EVP_CIPHER_CTX_cleanup(&cc->evp);
294#else
295 if (EVP_CIPHER_CTX_cleanup(&cc->evp) == 0) 276 if (EVP_CIPHER_CTX_cleanup(&cc->evp) == 0)
296 error("cipher_cleanup: EVP_CIPHER_CTX_cleanup failed"); 277 error("cipher_cleanup: EVP_CIPHER_CTX_cleanup failed");
297#endif
298} 278}
299 279
300/* 280/*
@@ -349,9 +329,9 @@ cipher_get_keyiv(CipherContext *cc, u_char *iv, u_int len)
349 case SSH_CIPHER_DES: 329 case SSH_CIPHER_DES:
350 case SSH_CIPHER_BLOWFISH: 330 case SSH_CIPHER_BLOWFISH:
351 evplen = EVP_CIPHER_CTX_iv_length(&cc->evp); 331 evplen = EVP_CIPHER_CTX_iv_length(&cc->evp);
352 if (evplen == 0) 332 if (evplen <= 0)
353 return; 333 return;
354 if (evplen != len) 334 if ((u_int)evplen != len)
355 fatal("%s: wrong iv length %d != %d", __func__, 335 fatal("%s: wrong iv length %d != %d", __func__,
356 evplen, len); 336 evplen, len);
357#if OPENSSL_VERSION_NUMBER < 0x00907000L 337#if OPENSSL_VERSION_NUMBER < 0x00907000L
diff --git a/clientloop.c b/clientloop.c
index d36d816de..c9176c0d7 100644
--- a/clientloop.c
+++ b/clientloop.c
@@ -59,7 +59,7 @@
59 */ 59 */
60 60
61#include "includes.h" 61#include "includes.h"
62RCSID("$OpenBSD: clientloop.c,v 1.136 2005/03/10 22:01:05 deraadt Exp $"); 62RCSID("$OpenBSD: clientloop.c,v 1.141 2005/07/16 01:35:24 djm Exp $");
63 63
64#include "ssh.h" 64#include "ssh.h"
65#include "ssh1.h" 65#include "ssh1.h"
@@ -140,6 +140,8 @@ int session_ident = -1;
140struct confirm_ctx { 140struct confirm_ctx {
141 int want_tty; 141 int want_tty;
142 int want_subsys; 142 int want_subsys;
143 int want_x_fwd;
144 int want_agent_fwd;
143 Buffer cmd; 145 Buffer cmd;
144 char *term; 146 char *term;
145 struct termios tio; 147 struct termios tio;
@@ -208,6 +210,109 @@ get_current_time(void)
208 return (double) tv.tv_sec + (double) tv.tv_usec / 1000000.0; 210 return (double) tv.tv_sec + (double) tv.tv_usec / 1000000.0;
209} 211}
210 212
213#define SSH_X11_PROTO "MIT-MAGIC-COOKIE-1"
214void
215client_x11_get_proto(const char *display, const char *xauth_path,
216 u_int trusted, char **_proto, char **_data)
217{
218 char cmd[1024];
219 char line[512];
220 char xdisplay[512];
221 static char proto[512], data[512];
222 FILE *f;
223 int got_data = 0, generated = 0, do_unlink = 0, i;
224 char *xauthdir, *xauthfile;
225 struct stat st;
226
227 xauthdir = xauthfile = NULL;
228 *_proto = proto;
229 *_data = data;
230 proto[0] = data[0] = '\0';
231
232 if (xauth_path == NULL ||(stat(xauth_path, &st) == -1)) {
233 debug("No xauth program.");
234 } else {
235 if (display == NULL) {
236 debug("x11_get_proto: DISPLAY not set");
237 return;
238 }
239 /*
240 * Handle FamilyLocal case where $DISPLAY does
241 * not match an authorization entry. For this we
242 * just try "xauth list unix:displaynum.screennum".
243 * XXX: "localhost" match to determine FamilyLocal
244 * is not perfect.
245 */
246 if (strncmp(display, "localhost:", 10) == 0) {
247 snprintf(xdisplay, sizeof(xdisplay), "unix:%s",
248 display + 10);
249 display = xdisplay;
250 }
251 if (trusted == 0) {
252 xauthdir = xmalloc(MAXPATHLEN);
253 xauthfile = xmalloc(MAXPATHLEN);
254 strlcpy(xauthdir, "/tmp/ssh-XXXXXXXXXX", MAXPATHLEN);
255 if (mkdtemp(xauthdir) != NULL) {
256 do_unlink = 1;
257 snprintf(xauthfile, MAXPATHLEN, "%s/xauthfile",
258 xauthdir);
259 snprintf(cmd, sizeof(cmd),
260 "%s -f %s generate %s " SSH_X11_PROTO
261 " untrusted timeout 1200 2>" _PATH_DEVNULL,
262 xauth_path, xauthfile, display);
263 debug2("x11_get_proto: %s", cmd);
264 if (system(cmd) == 0)
265 generated = 1;
266 }
267 }
268 snprintf(cmd, sizeof(cmd),
269 "%s %s%s list %s . 2>" _PATH_DEVNULL,
270 xauth_path,
271 generated ? "-f " : "" ,
272 generated ? xauthfile : "",
273 display);
274 debug2("x11_get_proto: %s", cmd);
275 f = popen(cmd, "r");
276 if (f && fgets(line, sizeof(line), f) &&
277 sscanf(line, "%*s %511s %511s", proto, data) == 2)
278 got_data = 1;
279 if (f)
280 pclose(f);
281 }
282
283 if (do_unlink) {
284 unlink(xauthfile);
285 rmdir(xauthdir);
286 }
287 if (xauthdir)
288 xfree(xauthdir);
289 if (xauthfile)
290 xfree(xauthfile);
291
292 /*
293 * If we didn't get authentication data, just make up some
294 * data. The forwarding code will check the validity of the
295 * response anyway, and substitute this data. The X11
296 * server, however, will ignore this fake data and use
297 * whatever authentication mechanisms it was using otherwise
298 * for the local connection.
299 */
300 if (!got_data) {
301 u_int32_t rnd = 0;
302
303 logit("Warning: No xauth data; "
304 "using fake authentication data for X11 forwarding.");
305 strlcpy(proto, SSH_X11_PROTO, sizeof proto);
306 for (i = 0; i < 16; i++) {
307 if (i % 4 == 0)
308 rnd = arc4random();
309 snprintf(data + 2 * i, sizeof data - 2 * i, "%02x",
310 rnd & 0xff);
311 rnd >>= 8;
312 }
313 }
314}
315
211/* 316/*
212 * This is called when the interactive is entered. This checks if there is 317 * This is called when the interactive is entered. This checks if there is
213 * an EOF coming on stdin. We must check this explicitly, as select() does 318 * an EOF coming on stdin. We must check this explicitly, as select() does
@@ -533,6 +638,7 @@ static void
533client_extra_session2_setup(int id, void *arg) 638client_extra_session2_setup(int id, void *arg)
534{ 639{
535 struct confirm_ctx *cctx = arg; 640 struct confirm_ctx *cctx = arg;
641 const char *display;
536 Channel *c; 642 Channel *c;
537 int i; 643 int i;
538 644
@@ -541,6 +647,24 @@ client_extra_session2_setup(int id, void *arg)
541 if ((c = channel_lookup(id)) == NULL) 647 if ((c = channel_lookup(id)) == NULL)
542 fatal("%s: no channel for id %d", __func__, id); 648 fatal("%s: no channel for id %d", __func__, id);
543 649
650 display = getenv("DISPLAY");
651 if (cctx->want_x_fwd && options.forward_x11 && display != NULL) {
652 char *proto, *data;
653 /* Get reasonable local authentication information. */
654 client_x11_get_proto(display, options.xauth_location,
655 options.forward_x11_trusted, &proto, &data);
656 /* Request forwarding with authentication spoofing. */
657 debug("Requesting X11 forwarding with authentication spoofing.");
658 x11_request_forwarding_with_spoofing(id, display, proto, data);
659 /* XXX wait for reply */
660 }
661
662 if (cctx->want_agent_fwd && options.forward_agent) {
663 debug("Requesting authentication agent forwarding.");
664 channel_request_start(id, "auth-agent-req@openssh.com", 0);
665 packet_send();
666 }
667
544 client_session2_setup(id, cctx->want_tty, cctx->want_subsys, 668 client_session2_setup(id, cctx->want_tty, cctx->want_subsys,
545 cctx->term, &cctx->tio, c->rfd, &cctx->cmd, cctx->env, 669 cctx->term, &cctx->tio, c->rfd, &cctx->cmd, cctx->env,
546 client_subsystem_reply); 670 client_subsystem_reply);
@@ -561,12 +685,12 @@ client_process_control(fd_set * readset)
561{ 685{
562 Buffer m; 686 Buffer m;
563 Channel *c; 687 Channel *c;
564 int client_fd, new_fd[3], ver, i, allowed; 688 int client_fd, new_fd[3], ver, allowed;
565 socklen_t addrlen; 689 socklen_t addrlen;
566 struct sockaddr_storage addr; 690 struct sockaddr_storage addr;
567 struct confirm_ctx *cctx; 691 struct confirm_ctx *cctx;
568 char *cmd; 692 char *cmd;
569 u_int len, env_len, command, flags; 693 u_int i, len, env_len, command, flags;
570 uid_t euid; 694 uid_t euid;
571 gid_t egid; 695 gid_t egid;
572 696
@@ -606,7 +730,7 @@ client_process_control(fd_set * readset)
606 buffer_free(&m); 730 buffer_free(&m);
607 return; 731 return;
608 } 732 }
609 if ((ver = buffer_get_char(&m)) != 1) { 733 if ((ver = buffer_get_char(&m)) != SSHMUX_VER) {
610 error("%s: wrong client version %d", __func__, ver); 734 error("%s: wrong client version %d", __func__, ver);
611 buffer_free(&m); 735 buffer_free(&m);
612 close(client_fd); 736 close(client_fd);
@@ -621,13 +745,15 @@ client_process_control(fd_set * readset)
621 745
622 switch (command) { 746 switch (command) {
623 case SSHMUX_COMMAND_OPEN: 747 case SSHMUX_COMMAND_OPEN:
624 if (options.control_master == 2) 748 if (options.control_master == SSHCTL_MASTER_ASK ||
749 options.control_master == SSHCTL_MASTER_AUTO_ASK)
625 allowed = ask_permission("Allow shared connection " 750 allowed = ask_permission("Allow shared connection "
626 "to %s? ", host); 751 "to %s? ", host);
627 /* continue below */ 752 /* continue below */
628 break; 753 break;
629 case SSHMUX_COMMAND_TERMINATE: 754 case SSHMUX_COMMAND_TERMINATE:
630 if (options.control_master == 2) 755 if (options.control_master == SSHCTL_MASTER_ASK ||
756 options.control_master == SSHCTL_MASTER_AUTO_ASK)
631 allowed = ask_permission("Terminate shared connection " 757 allowed = ask_permission("Terminate shared connection "
632 "to %s? ", host); 758 "to %s? ", host);
633 if (allowed) 759 if (allowed)
@@ -638,7 +764,7 @@ client_process_control(fd_set * readset)
638 buffer_clear(&m); 764 buffer_clear(&m);
639 buffer_put_int(&m, allowed); 765 buffer_put_int(&m, allowed);
640 buffer_put_int(&m, getpid()); 766 buffer_put_int(&m, getpid());
641 if (ssh_msg_send(client_fd, /* version */1, &m) == -1) { 767 if (ssh_msg_send(client_fd, SSHMUX_VER, &m) == -1) {
642 error("%s: client msg_send failed", __func__); 768 error("%s: client msg_send failed", __func__);
643 close(client_fd); 769 close(client_fd);
644 buffer_free(&m); 770 buffer_free(&m);
@@ -658,7 +784,7 @@ client_process_control(fd_set * readset)
658 buffer_clear(&m); 784 buffer_clear(&m);
659 buffer_put_int(&m, allowed); 785 buffer_put_int(&m, allowed);
660 buffer_put_int(&m, getpid()); 786 buffer_put_int(&m, getpid());
661 if (ssh_msg_send(client_fd, /* version */1, &m) == -1) { 787 if (ssh_msg_send(client_fd, SSHMUX_VER, &m) == -1) {
662 error("%s: client msg_send failed", __func__); 788 error("%s: client msg_send failed", __func__);
663 close(client_fd); 789 close(client_fd);
664 buffer_free(&m); 790 buffer_free(&m);
@@ -679,7 +805,7 @@ client_process_control(fd_set * readset)
679 buffer_free(&m); 805 buffer_free(&m);
680 return; 806 return;
681 } 807 }
682 if ((ver = buffer_get_char(&m)) != 1) { 808 if ((ver = buffer_get_char(&m)) != SSHMUX_VER) {
683 error("%s: wrong client version %d", __func__, ver); 809 error("%s: wrong client version %d", __func__, ver);
684 buffer_free(&m); 810 buffer_free(&m);
685 close(client_fd); 811 close(client_fd);
@@ -690,6 +816,8 @@ client_process_control(fd_set * readset)
690 memset(cctx, 0, sizeof(*cctx)); 816 memset(cctx, 0, sizeof(*cctx));
691 cctx->want_tty = (flags & SSHMUX_FLAG_TTY) != 0; 817 cctx->want_tty = (flags & SSHMUX_FLAG_TTY) != 0;
692 cctx->want_subsys = (flags & SSHMUX_FLAG_SUBSYS) != 0; 818 cctx->want_subsys = (flags & SSHMUX_FLAG_SUBSYS) != 0;
819 cctx->want_x_fwd = (flags & SSHMUX_FLAG_X11_FWD) != 0;
820 cctx->want_agent_fwd = (flags & SSHMUX_FLAG_AGENT_FWD) != 0;
693 cctx->term = buffer_get_string(&m, &len); 821 cctx->term = buffer_get_string(&m, &len);
694 822
695 cmd = buffer_get_string(&m, &len); 823 cmd = buffer_get_string(&m, &len);
@@ -723,7 +851,7 @@ client_process_control(fd_set * readset)
723 851
724 /* This roundtrip is just for synchronisation of ttymodes */ 852 /* This roundtrip is just for synchronisation of ttymodes */
725 buffer_clear(&m); 853 buffer_clear(&m);
726 if (ssh_msg_send(client_fd, /* version */1, &m) == -1) { 854 if (ssh_msg_send(client_fd, SSHMUX_VER, &m) == -1) {
727 error("%s: client msg_send failed", __func__); 855 error("%s: client msg_send failed", __func__);
728 close(client_fd); 856 close(client_fd);
729 close(new_fd[0]); 857 close(new_fd[0]);
@@ -871,7 +999,10 @@ process_escapes(Buffer *bin, Buffer *bout, Buffer *berr, char *buf, int len)
871 u_char ch; 999 u_char ch;
872 char *s; 1000 char *s;
873 1001
874 for (i = 0; i < len; i++) { 1002 if (len <= 0)
1003 return (0);
1004
1005 for (i = 0; i < (u_int)len; i++) {
875 /* Get one character at a time. */ 1006 /* Get one character at a time. */
876 ch = buf[i]; 1007 ch = buf[i];
877 1008
diff --git a/clientloop.h b/clientloop.h
index b23c111cb..aed2d918b 100644
--- a/clientloop.h
+++ b/clientloop.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: clientloop.h,v 1.12 2004/11/07 00:01:46 djm Exp $ */ 1/* $OpenBSD: clientloop.h,v 1.14 2005/07/04 00:58:43 djm Exp $ */
2 2
3/* 3/*
4 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -37,10 +37,15 @@
37 37
38/* Client side main loop for the interactive session. */ 38/* Client side main loop for the interactive session. */
39int client_loop(int, int, int); 39int client_loop(int, int, int);
40void client_x11_get_proto(const char *, const char *, u_int,
41 char **, char **);
40void client_global_request_reply_fwd(int, u_int32_t, void *); 42void client_global_request_reply_fwd(int, u_int32_t, void *);
41void client_session2_setup(int, int, int, const char *, struct termios *, 43void client_session2_setup(int, int, int, const char *, struct termios *,
42 int, Buffer *, char **, dispatch_fn *); 44 int, Buffer *, char **, dispatch_fn *);
43 45
46/* Multiplexing protocol version */
47#define SSHMUX_VER 1
48
44/* Multiplexing control protocol flags */ 49/* Multiplexing control protocol flags */
45#define SSHMUX_COMMAND_OPEN 1 /* Open new connection */ 50#define SSHMUX_COMMAND_OPEN 1 /* Open new connection */
46#define SSHMUX_COMMAND_ALIVE_CHECK 2 /* Check master is alive */ 51#define SSHMUX_COMMAND_ALIVE_CHECK 2 /* Check master is alive */
@@ -48,3 +53,5 @@ void client_session2_setup(int, int, int, const char *, struct termios *,
48 53
49#define SSHMUX_FLAG_TTY (1) /* Request tty on open */ 54#define SSHMUX_FLAG_TTY (1) /* Request tty on open */
50#define SSHMUX_FLAG_SUBSYS (1<<1) /* Subsystem request on open */ 55#define SSHMUX_FLAG_SUBSYS (1<<1) /* Subsystem request on open */
56#define SSHMUX_FLAG_X11_FWD (1<<2) /* Request X11 forwarding */
57#define SSHMUX_FLAG_AGENT_FWD (1<<3) /* Request agent forwarding */
diff --git a/config.guess b/config.guess
index bb9d7aee4..6d71f752f 100755
--- a/config.guess
+++ b/config.guess
@@ -1,9 +1,9 @@
1#! /bin/sh 1#! /bin/sh
2# Attempt to guess a canonical system name. 2# Attempt to guess a canonical system name.
3# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 3# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
4# 2000, 2001, 2002, 2003 Free Software Foundation, Inc. 4# 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation, Inc.
5 5
6timestamp='2004-01-05' 6timestamp='2005-05-27'
7 7
8# This file is free software; you can redistribute it and/or modify it 8# This file is free software; you can redistribute it and/or modify it
9# under the terms of the GNU General Public License as published by 9# under the terms of the GNU General Public License as published by
@@ -17,13 +17,15 @@ timestamp='2004-01-05'
17# 17#
18# You should have received a copy of the GNU General Public License 18# You should have received a copy of the GNU General Public License
19# along with this program; if not, write to the Free Software 19# along with this program; if not, write to the Free Software
20# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. 20# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA
21# 02110-1301, USA.
21# 22#
22# As a special exception to the GNU General Public License, if you 23# As a special exception to the GNU General Public License, if you
23# distribute this file as part of a program that contains a 24# distribute this file as part of a program that contains a
24# configuration script generated by Autoconf, you may include it under 25# configuration script generated by Autoconf, you may include it under
25# the same distribution terms that you use for the rest of that program. 26# the same distribution terms that you use for the rest of that program.
26 27
28
27# Originally written by Per Bothner <per@bothner.com>. 29# Originally written by Per Bothner <per@bothner.com>.
28# Please send patches to <config-patches@gnu.org>. Submit a context 30# Please send patches to <config-patches@gnu.org>. Submit a context
29# diff and a properly formatted ChangeLog entry. 31# diff and a properly formatted ChangeLog entry.
@@ -53,7 +55,7 @@ version="\
53GNU config.guess ($timestamp) 55GNU config.guess ($timestamp)
54 56
55Originally written by Per Bothner. 57Originally written by Per Bothner.
56Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001 58Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005
57Free Software Foundation, Inc. 59Free Software Foundation, Inc.
58 60
59This is free software; see the source for copying conditions. There is NO 61This is free software; see the source for copying conditions. There is NO
@@ -66,11 +68,11 @@ Try \`$me --help' for more information."
66while test $# -gt 0 ; do 68while test $# -gt 0 ; do
67 case $1 in 69 case $1 in
68 --time-stamp | --time* | -t ) 70 --time-stamp | --time* | -t )
69 echo "$timestamp" ; exit 0 ;; 71 echo "$timestamp" ; exit ;;
70 --version | -v ) 72 --version | -v )
71 echo "$version" ; exit 0 ;; 73 echo "$version" ; exit ;;
72 --help | --h* | -h ) 74 --help | --h* | -h )
73 echo "$usage"; exit 0 ;; 75 echo "$usage"; exit ;;
74 -- ) # Stop option processing 76 -- ) # Stop option processing
75 shift; break ;; 77 shift; break ;;
76 - ) # Use stdin as input. 78 - ) # Use stdin as input.
@@ -196,53 +198,64 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
196 # contains redundant information, the shorter form: 198 # contains redundant information, the shorter form:
197 # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used. 199 # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used.
198 echo "${machine}-${os}${release}" 200 echo "${machine}-${os}${release}"
199 exit 0 ;; 201 exit ;;
202 amd64:OpenBSD:*:*)
203 echo x86_64-unknown-openbsd${UNAME_RELEASE}
204 exit ;;
200 amiga:OpenBSD:*:*) 205 amiga:OpenBSD:*:*)
201 echo m68k-unknown-openbsd${UNAME_RELEASE} 206 echo m68k-unknown-openbsd${UNAME_RELEASE}
202 exit 0 ;; 207 exit ;;
203 arc:OpenBSD:*:*) 208 cats:OpenBSD:*:*)
204 echo mipsel-unknown-openbsd${UNAME_RELEASE} 209 echo arm-unknown-openbsd${UNAME_RELEASE}
205 exit 0 ;; 210 exit ;;
206 hp300:OpenBSD:*:*) 211 hp300:OpenBSD:*:*)
207 echo m68k-unknown-openbsd${UNAME_RELEASE} 212 echo m68k-unknown-openbsd${UNAME_RELEASE}
208 exit 0 ;; 213 exit ;;
214 luna88k:OpenBSD:*:*)
215 echo m88k-unknown-openbsd${UNAME_RELEASE}
216 exit ;;
209 mac68k:OpenBSD:*:*) 217 mac68k:OpenBSD:*:*)
210 echo m68k-unknown-openbsd${UNAME_RELEASE} 218 echo m68k-unknown-openbsd${UNAME_RELEASE}
211 exit 0 ;; 219 exit ;;
212 macppc:OpenBSD:*:*) 220 macppc:OpenBSD:*:*)
213 echo powerpc-unknown-openbsd${UNAME_RELEASE} 221 echo powerpc-unknown-openbsd${UNAME_RELEASE}
214 exit 0 ;; 222 exit ;;
215 mvme68k:OpenBSD:*:*) 223 mvme68k:OpenBSD:*:*)
216 echo m68k-unknown-openbsd${UNAME_RELEASE} 224 echo m68k-unknown-openbsd${UNAME_RELEASE}
217 exit 0 ;; 225 exit ;;
218 mvme88k:OpenBSD:*:*) 226 mvme88k:OpenBSD:*:*)
219 echo m88k-unknown-openbsd${UNAME_RELEASE} 227 echo m88k-unknown-openbsd${UNAME_RELEASE}
220 exit 0 ;; 228 exit ;;
221 mvmeppc:OpenBSD:*:*) 229 mvmeppc:OpenBSD:*:*)
222 echo powerpc-unknown-openbsd${UNAME_RELEASE} 230 echo powerpc-unknown-openbsd${UNAME_RELEASE}
223 exit 0 ;; 231 exit ;;
224 pegasos:OpenBSD:*:*)
225 echo powerpc-unknown-openbsd${UNAME_RELEASE}
226 exit 0 ;;
227 pmax:OpenBSD:*:*)
228 echo mipsel-unknown-openbsd${UNAME_RELEASE}
229 exit 0 ;;
230 sgi:OpenBSD:*:*) 232 sgi:OpenBSD:*:*)
231 echo mipseb-unknown-openbsd${UNAME_RELEASE} 233 echo mips64-unknown-openbsd${UNAME_RELEASE}
232 exit 0 ;; 234 exit ;;
233 sun3:OpenBSD:*:*) 235 sun3:OpenBSD:*:*)
234 echo m68k-unknown-openbsd${UNAME_RELEASE} 236 echo m68k-unknown-openbsd${UNAME_RELEASE}
235 exit 0 ;; 237 exit ;;
236 wgrisc:OpenBSD:*:*)
237 echo mipsel-unknown-openbsd${UNAME_RELEASE}
238 exit 0 ;;
239 *:OpenBSD:*:*) 238 *:OpenBSD:*:*)
240 echo ${UNAME_MACHINE}-unknown-openbsd${UNAME_RELEASE} 239 echo ${UNAME_MACHINE}-unknown-openbsd${UNAME_RELEASE}
241 exit 0 ;; 240 exit ;;
241 *:ekkoBSD:*:*)
242 echo ${UNAME_MACHINE}-unknown-ekkobsd${UNAME_RELEASE}
243 exit ;;
244 macppc:MirBSD:*:*)
245 echo powerppc-unknown-mirbsd${UNAME_RELEASE}
246 exit ;;
247 *:MirBSD:*:*)
248 echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE}
249 exit ;;
242 alpha:OSF1:*:*) 250 alpha:OSF1:*:*)
243 if test $UNAME_RELEASE = "V4.0"; then 251 case $UNAME_RELEASE in
252 *4.0)
244 UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'` 253 UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'`
245 fi 254 ;;
255 *5.*)
256 UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'`
257 ;;
258 esac
246 # According to Compaq, /usr/sbin/psrinfo has been available on 259 # According to Compaq, /usr/sbin/psrinfo has been available on
247 # OSF/1 and Tru64 systems produced since 1995. I hope that 260 # OSF/1 and Tru64 systems produced since 1995. I hope that
248 # covers most systems running today. This code pipes the CPU 261 # covers most systems running today. This code pipes the CPU
@@ -280,45 +293,49 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
280 "EV7.9 (21364A)") 293 "EV7.9 (21364A)")
281 UNAME_MACHINE="alphaev79" ;; 294 UNAME_MACHINE="alphaev79" ;;
282 esac 295 esac
296 # A Pn.n version is a patched version.
283 # A Vn.n version is a released version. 297 # A Vn.n version is a released version.
284 # A Tn.n version is a released field test version. 298 # A Tn.n version is a released field test version.
285 # A Xn.n version is an unreleased experimental baselevel. 299 # A Xn.n version is an unreleased experimental baselevel.
286 # 1.2 uses "1.2" for uname -r. 300 # 1.2 uses "1.2" for uname -r.
287 echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[VTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` 301 echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
288 exit 0 ;; 302 exit ;;
289 Alpha*:OpenVMS:*:*)
290 echo alpha-hp-vms
291 exit 0 ;;
292 Alpha\ *:Windows_NT*:*) 303 Alpha\ *:Windows_NT*:*)
293 # How do we know it's Interix rather than the generic POSIX subsystem? 304 # How do we know it's Interix rather than the generic POSIX subsystem?
294 # Should we change UNAME_MACHINE based on the output of uname instead 305 # Should we change UNAME_MACHINE based on the output of uname instead
295 # of the specific Alpha model? 306 # of the specific Alpha model?
296 echo alpha-pc-interix 307 echo alpha-pc-interix
297 exit 0 ;; 308 exit ;;
298 21064:Windows_NT:50:3) 309 21064:Windows_NT:50:3)
299 echo alpha-dec-winnt3.5 310 echo alpha-dec-winnt3.5
300 exit 0 ;; 311 exit ;;
301 Amiga*:UNIX_System_V:4.0:*) 312 Amiga*:UNIX_System_V:4.0:*)
302 echo m68k-unknown-sysv4 313 echo m68k-unknown-sysv4
303 exit 0;; 314 exit ;;
304 *:[Aa]miga[Oo][Ss]:*:*) 315 *:[Aa]miga[Oo][Ss]:*:*)
305 echo ${UNAME_MACHINE}-unknown-amigaos 316 echo ${UNAME_MACHINE}-unknown-amigaos
306 exit 0 ;; 317 exit ;;
307 *:[Mm]orph[Oo][Ss]:*:*) 318 *:[Mm]orph[Oo][Ss]:*:*)
308 echo ${UNAME_MACHINE}-unknown-morphos 319 echo ${UNAME_MACHINE}-unknown-morphos
309 exit 0 ;; 320 exit ;;
310 *:OS/390:*:*) 321 *:OS/390:*:*)
311 echo i370-ibm-openedition 322 echo i370-ibm-openedition
312 exit 0 ;; 323 exit ;;
324 *:z/VM:*:*)
325 echo s390-ibm-zvmoe
326 exit ;;
313 *:OS400:*:*) 327 *:OS400:*:*)
314 echo powerpc-ibm-os400 328 echo powerpc-ibm-os400
315 exit 0 ;; 329 exit ;;
316 arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*) 330 arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*)
317 echo arm-acorn-riscix${UNAME_RELEASE} 331 echo arm-acorn-riscix${UNAME_RELEASE}
318 exit 0;; 332 exit ;;
333 arm:riscos:*:*|arm:RISCOS:*:*)
334 echo arm-unknown-riscos
335 exit ;;
319 SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*) 336 SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*)
320 echo hppa1.1-hitachi-hiuxmpp 337 echo hppa1.1-hitachi-hiuxmpp
321 exit 0;; 338 exit ;;
322 Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*) 339 Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*)
323 # akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE. 340 # akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE.
324 if test "`(/bin/universe) 2>/dev/null`" = att ; then 341 if test "`(/bin/universe) 2>/dev/null`" = att ; then
@@ -326,32 +343,32 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
326 else 343 else
327 echo pyramid-pyramid-bsd 344 echo pyramid-pyramid-bsd
328 fi 345 fi
329 exit 0 ;; 346 exit ;;
330 NILE*:*:*:dcosx) 347 NILE*:*:*:dcosx)
331 echo pyramid-pyramid-svr4 348 echo pyramid-pyramid-svr4
332 exit 0 ;; 349 exit ;;
333 DRS?6000:unix:4.0:6*) 350 DRS?6000:unix:4.0:6*)
334 echo sparc-icl-nx6 351 echo sparc-icl-nx6
335 exit 0 ;; 352 exit ;;
336 DRS?6000:UNIX_SV:4.2*:7*) 353 DRS?6000:UNIX_SV:4.2*:7* | DRS?6000:isis:4.2*:7*)
337 case `/usr/bin/uname -p` in 354 case `/usr/bin/uname -p` in
338 sparc) echo sparc-icl-nx7 && exit 0 ;; 355 sparc) echo sparc-icl-nx7; exit ;;
339 esac ;; 356 esac ;;
340 sun4H:SunOS:5.*:*) 357 sun4H:SunOS:5.*:*)
341 echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` 358 echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
342 exit 0 ;; 359 exit ;;
343 sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*) 360 sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*)
344 echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` 361 echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
345 exit 0 ;; 362 exit ;;
346 i86pc:SunOS:5.*:*) 363 i86pc:SunOS:5.*:*)
347 echo i386-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` 364 echo i386-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
348 exit 0 ;; 365 exit ;;
349 sun4*:SunOS:6*:*) 366 sun4*:SunOS:6*:*)
350 # According to config.sub, this is the proper way to canonicalize 367 # According to config.sub, this is the proper way to canonicalize
351 # SunOS6. Hard to guess exactly what SunOS6 will be like, but 368 # SunOS6. Hard to guess exactly what SunOS6 will be like, but
352 # it's likely to be more like Solaris than SunOS4. 369 # it's likely to be more like Solaris than SunOS4.
353 echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` 370 echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
354 exit 0 ;; 371 exit ;;
355 sun4*:SunOS:*:*) 372 sun4*:SunOS:*:*)
356 case "`/usr/bin/arch -k`" in 373 case "`/usr/bin/arch -k`" in
357 Series*|S4*) 374 Series*|S4*)
@@ -360,10 +377,10 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
360 esac 377 esac
361 # Japanese Language versions have a version number like `4.1.3-JL'. 378 # Japanese Language versions have a version number like `4.1.3-JL'.
362 echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'` 379 echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'`
363 exit 0 ;; 380 exit ;;
364 sun3*:SunOS:*:*) 381 sun3*:SunOS:*:*)
365 echo m68k-sun-sunos${UNAME_RELEASE} 382 echo m68k-sun-sunos${UNAME_RELEASE}
366 exit 0 ;; 383 exit ;;
367 sun*:*:4.2BSD:*) 384 sun*:*:4.2BSD:*)
368 UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null` 385 UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null`
369 test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3 386 test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3
@@ -375,10 +392,10 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
375 echo sparc-sun-sunos${UNAME_RELEASE} 392 echo sparc-sun-sunos${UNAME_RELEASE}
376 ;; 393 ;;
377 esac 394 esac
378 exit 0 ;; 395 exit ;;
379 aushp:SunOS:*:*) 396 aushp:SunOS:*:*)
380 echo sparc-auspex-sunos${UNAME_RELEASE} 397 echo sparc-auspex-sunos${UNAME_RELEASE}
381 exit 0 ;; 398 exit ;;
382 # The situation for MiNT is a little confusing. The machine name 399 # The situation for MiNT is a little confusing. The machine name
383 # can be virtually everything (everything which is not 400 # can be virtually everything (everything which is not
384 # "atarist" or "atariste" at least should have a processor 401 # "atarist" or "atariste" at least should have a processor
@@ -389,37 +406,40 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
389 # be no problem. 406 # be no problem.
390 atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*) 407 atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*)
391 echo m68k-atari-mint${UNAME_RELEASE} 408 echo m68k-atari-mint${UNAME_RELEASE}
392 exit 0 ;; 409 exit ;;
393 atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*) 410 atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*)
394 echo m68k-atari-mint${UNAME_RELEASE} 411 echo m68k-atari-mint${UNAME_RELEASE}
395 exit 0 ;; 412 exit ;;
396 *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*) 413 *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*)
397 echo m68k-atari-mint${UNAME_RELEASE} 414 echo m68k-atari-mint${UNAME_RELEASE}
398 exit 0 ;; 415 exit ;;
399 milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*) 416 milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*)
400 echo m68k-milan-mint${UNAME_RELEASE} 417 echo m68k-milan-mint${UNAME_RELEASE}
401 exit 0 ;; 418 exit ;;
402 hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*) 419 hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*)
403 echo m68k-hades-mint${UNAME_RELEASE} 420 echo m68k-hades-mint${UNAME_RELEASE}
404 exit 0 ;; 421 exit ;;
405 *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*) 422 *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*)
406 echo m68k-unknown-mint${UNAME_RELEASE} 423 echo m68k-unknown-mint${UNAME_RELEASE}
407 exit 0 ;; 424 exit ;;
425 m68k:machten:*:*)
426 echo m68k-apple-machten${UNAME_RELEASE}
427 exit ;;
408 powerpc:machten:*:*) 428 powerpc:machten:*:*)
409 echo powerpc-apple-machten${UNAME_RELEASE} 429 echo powerpc-apple-machten${UNAME_RELEASE}
410 exit 0 ;; 430 exit ;;
411 RISC*:Mach:*:*) 431 RISC*:Mach:*:*)
412 echo mips-dec-mach_bsd4.3 432 echo mips-dec-mach_bsd4.3
413 exit 0 ;; 433 exit ;;
414 RISC*:ULTRIX:*:*) 434 RISC*:ULTRIX:*:*)
415 echo mips-dec-ultrix${UNAME_RELEASE} 435 echo mips-dec-ultrix${UNAME_RELEASE}
416 exit 0 ;; 436 exit ;;
417 VAX*:ULTRIX*:*:*) 437 VAX*:ULTRIX*:*:*)
418 echo vax-dec-ultrix${UNAME_RELEASE} 438 echo vax-dec-ultrix${UNAME_RELEASE}
419 exit 0 ;; 439 exit ;;
420 2020:CLIX:*:* | 2430:CLIX:*:*) 440 2020:CLIX:*:* | 2430:CLIX:*:*)
421 echo clipper-intergraph-clix${UNAME_RELEASE} 441 echo clipper-intergraph-clix${UNAME_RELEASE}
422 exit 0 ;; 442 exit ;;
423 mips:*:*:UMIPS | mips:*:*:RISCos) 443 mips:*:*:UMIPS | mips:*:*:RISCos)
424 eval $set_cc_for_build 444 eval $set_cc_for_build
425 sed 's/^ //' << EOF >$dummy.c 445 sed 's/^ //' << EOF >$dummy.c
@@ -443,32 +463,33 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
443 exit (-1); 463 exit (-1);
444 } 464 }
445EOF 465EOF
446 $CC_FOR_BUILD -o $dummy $dummy.c \ 466 $CC_FOR_BUILD -o $dummy $dummy.c &&
447 && $dummy `echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` \ 467 dummyarg=`echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` &&
448 && exit 0 468 SYSTEM_NAME=`$dummy $dummyarg` &&
469 { echo "$SYSTEM_NAME"; exit; }
449 echo mips-mips-riscos${UNAME_RELEASE} 470 echo mips-mips-riscos${UNAME_RELEASE}
450 exit 0 ;; 471 exit ;;
451 Motorola:PowerMAX_OS:*:*) 472 Motorola:PowerMAX_OS:*:*)
452 echo powerpc-motorola-powermax 473 echo powerpc-motorola-powermax
453 exit 0 ;; 474 exit ;;
454 Motorola:*:4.3:PL8-*) 475 Motorola:*:4.3:PL8-*)
455 echo powerpc-harris-powermax 476 echo powerpc-harris-powermax
456 exit 0 ;; 477 exit ;;
457 Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*) 478 Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*)
458 echo powerpc-harris-powermax 479 echo powerpc-harris-powermax
459 exit 0 ;; 480 exit ;;
460 Night_Hawk:Power_UNIX:*:*) 481 Night_Hawk:Power_UNIX:*:*)
461 echo powerpc-harris-powerunix 482 echo powerpc-harris-powerunix
462 exit 0 ;; 483 exit ;;
463 m88k:CX/UX:7*:*) 484 m88k:CX/UX:7*:*)
464 echo m88k-harris-cxux7 485 echo m88k-harris-cxux7
465 exit 0 ;; 486 exit ;;
466 m88k:*:4*:R4*) 487 m88k:*:4*:R4*)
467 echo m88k-motorola-sysv4 488 echo m88k-motorola-sysv4
468 exit 0 ;; 489 exit ;;
469 m88k:*:3*:R3*) 490 m88k:*:3*:R3*)
470 echo m88k-motorola-sysv3 491 echo m88k-motorola-sysv3
471 exit 0 ;; 492 exit ;;
472 AViiON:dgux:*:*) 493 AViiON:dgux:*:*)
473 # DG/UX returns AViiON for all architectures 494 # DG/UX returns AViiON for all architectures
474 UNAME_PROCESSOR=`/usr/bin/uname -p` 495 UNAME_PROCESSOR=`/usr/bin/uname -p`
@@ -484,29 +505,29 @@ EOF
484 else 505 else
485 echo i586-dg-dgux${UNAME_RELEASE} 506 echo i586-dg-dgux${UNAME_RELEASE}
486 fi 507 fi
487 exit 0 ;; 508 exit ;;
488 M88*:DolphinOS:*:*) # DolphinOS (SVR3) 509 M88*:DolphinOS:*:*) # DolphinOS (SVR3)
489 echo m88k-dolphin-sysv3 510 echo m88k-dolphin-sysv3
490 exit 0 ;; 511 exit ;;
491 M88*:*:R3*:*) 512 M88*:*:R3*:*)
492 # Delta 88k system running SVR3 513 # Delta 88k system running SVR3
493 echo m88k-motorola-sysv3 514 echo m88k-motorola-sysv3
494 exit 0 ;; 515 exit ;;
495 XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3) 516 XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3)
496 echo m88k-tektronix-sysv3 517 echo m88k-tektronix-sysv3
497 exit 0 ;; 518 exit ;;
498 Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD) 519 Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD)
499 echo m68k-tektronix-bsd 520 echo m68k-tektronix-bsd
500 exit 0 ;; 521 exit ;;
501 *:IRIX*:*:*) 522 *:IRIX*:*:*)
502 echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'` 523 echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'`
503 exit 0 ;; 524 exit ;;
504 ????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX. 525 ????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX.
505 echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id 526 echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id
506 exit 0 ;; # Note that: echo "'`uname -s`'" gives 'AIX ' 527 exit ;; # Note that: echo "'`uname -s`'" gives 'AIX '
507 i*86:AIX:*:*) 528 i*86:AIX:*:*)
508 echo i386-ibm-aix 529 echo i386-ibm-aix
509 exit 0 ;; 530 exit ;;
510 ia64:AIX:*:*) 531 ia64:AIX:*:*)
511 if [ -x /usr/bin/oslevel ] ; then 532 if [ -x /usr/bin/oslevel ] ; then
512 IBM_REV=`/usr/bin/oslevel` 533 IBM_REV=`/usr/bin/oslevel`
@@ -514,7 +535,7 @@ EOF
514 IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} 535 IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
515 fi 536 fi
516 echo ${UNAME_MACHINE}-ibm-aix${IBM_REV} 537 echo ${UNAME_MACHINE}-ibm-aix${IBM_REV}
517 exit 0 ;; 538 exit ;;
518 *:AIX:2:3) 539 *:AIX:2:3)
519 if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then 540 if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then
520 eval $set_cc_for_build 541 eval $set_cc_for_build
@@ -529,14 +550,18 @@ EOF
529 exit(0); 550 exit(0);
530 } 551 }
531EOF 552EOF
532 $CC_FOR_BUILD -o $dummy $dummy.c && $dummy && exit 0 553 if $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy`
533 echo rs6000-ibm-aix3.2.5 554 then
555 echo "$SYSTEM_NAME"
556 else
557 echo rs6000-ibm-aix3.2.5
558 fi
534 elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then 559 elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then
535 echo rs6000-ibm-aix3.2.4 560 echo rs6000-ibm-aix3.2.4
536 else 561 else
537 echo rs6000-ibm-aix3.2 562 echo rs6000-ibm-aix3.2
538 fi 563 fi
539 exit 0 ;; 564 exit ;;
540 *:AIX:*:[45]) 565 *:AIX:*:[45])
541 IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'` 566 IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'`
542 if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then 567 if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then
@@ -550,28 +575,28 @@ EOF
550 IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} 575 IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
551 fi 576 fi
552 echo ${IBM_ARCH}-ibm-aix${IBM_REV} 577 echo ${IBM_ARCH}-ibm-aix${IBM_REV}
553 exit 0 ;; 578 exit ;;
554 *:AIX:*:*) 579 *:AIX:*:*)
555 echo rs6000-ibm-aix 580 echo rs6000-ibm-aix
556 exit 0 ;; 581 exit ;;
557 ibmrt:4.4BSD:*|romp-ibm:BSD:*) 582 ibmrt:4.4BSD:*|romp-ibm:BSD:*)
558 echo romp-ibm-bsd4.4 583 echo romp-ibm-bsd4.4
559 exit 0 ;; 584 exit ;;
560 ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC BSD and 585 ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC BSD and
561 echo romp-ibm-bsd${UNAME_RELEASE} # 4.3 with uname added to 586 echo romp-ibm-bsd${UNAME_RELEASE} # 4.3 with uname added to
562 exit 0 ;; # report: romp-ibm BSD 4.3 587 exit ;; # report: romp-ibm BSD 4.3
563 *:BOSX:*:*) 588 *:BOSX:*:*)
564 echo rs6000-bull-bosx 589 echo rs6000-bull-bosx
565 exit 0 ;; 590 exit ;;
566 DPX/2?00:B.O.S.:*:*) 591 DPX/2?00:B.O.S.:*:*)
567 echo m68k-bull-sysv3 592 echo m68k-bull-sysv3
568 exit 0 ;; 593 exit ;;
569 9000/[34]??:4.3bsd:1.*:*) 594 9000/[34]??:4.3bsd:1.*:*)
570 echo m68k-hp-bsd 595 echo m68k-hp-bsd
571 exit 0 ;; 596 exit ;;
572 hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*) 597 hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*)
573 echo m68k-hp-bsd4.4 598 echo m68k-hp-bsd4.4
574 exit 0 ;; 599 exit ;;
575 9000/[34678]??:HP-UX:*:*) 600 9000/[34678]??:HP-UX:*:*)
576 HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` 601 HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
577 case "${UNAME_MACHINE}" in 602 case "${UNAME_MACHINE}" in
@@ -635,7 +660,18 @@ EOF
635 then 660 then
636 # avoid double evaluation of $set_cc_for_build 661 # avoid double evaluation of $set_cc_for_build
637 test -n "$CC_FOR_BUILD" || eval $set_cc_for_build 662 test -n "$CC_FOR_BUILD" || eval $set_cc_for_build
638 if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E -) | grep __LP64__ >/dev/null 663
664 # hppa2.0w-hp-hpux* has a 64-bit kernel and a compiler generating
665 # 32-bit code. hppa64-hp-hpux* has the same kernel and a compiler
666 # generating 64-bit code. GNU and HP use different nomenclature:
667 #
668 # $ CC_FOR_BUILD=cc ./config.guess
669 # => hppa2.0w-hp-hpux11.23
670 # $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess
671 # => hppa64-hp-hpux11.23
672
673 if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) |
674 grep __LP64__ >/dev/null
639 then 675 then
640 HP_ARCH="hppa2.0w" 676 HP_ARCH="hppa2.0w"
641 else 677 else
@@ -643,11 +679,11 @@ EOF
643 fi 679 fi
644 fi 680 fi
645 echo ${HP_ARCH}-hp-hpux${HPUX_REV} 681 echo ${HP_ARCH}-hp-hpux${HPUX_REV}
646 exit 0 ;; 682 exit ;;
647 ia64:HP-UX:*:*) 683 ia64:HP-UX:*:*)
648 HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` 684 HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
649 echo ia64-hp-hpux${HPUX_REV} 685 echo ia64-hp-hpux${HPUX_REV}
650 exit 0 ;; 686 exit ;;
651 3050*:HI-UX:*:*) 687 3050*:HI-UX:*:*)
652 eval $set_cc_for_build 688 eval $set_cc_for_build
653 sed 's/^ //' << EOF >$dummy.c 689 sed 's/^ //' << EOF >$dummy.c
@@ -675,163 +711,166 @@ EOF
675 exit (0); 711 exit (0);
676 } 712 }
677EOF 713EOF
678 $CC_FOR_BUILD -o $dummy $dummy.c && $dummy && exit 0 714 $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` &&
715 { echo "$SYSTEM_NAME"; exit; }
679 echo unknown-hitachi-hiuxwe2 716 echo unknown-hitachi-hiuxwe2
680 exit 0 ;; 717 exit ;;
681 9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* ) 718 9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* )
682 echo hppa1.1-hp-bsd 719 echo hppa1.1-hp-bsd
683 exit 0 ;; 720 exit ;;
684 9000/8??:4.3bsd:*:*) 721 9000/8??:4.3bsd:*:*)
685 echo hppa1.0-hp-bsd 722 echo hppa1.0-hp-bsd
686 exit 0 ;; 723 exit ;;
687 *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*) 724 *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*)
688 echo hppa1.0-hp-mpeix 725 echo hppa1.0-hp-mpeix
689 exit 0 ;; 726 exit ;;
690 hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* ) 727 hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* )
691 echo hppa1.1-hp-osf 728 echo hppa1.1-hp-osf
692 exit 0 ;; 729 exit ;;
693 hp8??:OSF1:*:*) 730 hp8??:OSF1:*:*)
694 echo hppa1.0-hp-osf 731 echo hppa1.0-hp-osf
695 exit 0 ;; 732 exit ;;
696 i*86:OSF1:*:*) 733 i*86:OSF1:*:*)
697 if [ -x /usr/sbin/sysversion ] ; then 734 if [ -x /usr/sbin/sysversion ] ; then
698 echo ${UNAME_MACHINE}-unknown-osf1mk 735 echo ${UNAME_MACHINE}-unknown-osf1mk
699 else 736 else
700 echo ${UNAME_MACHINE}-unknown-osf1 737 echo ${UNAME_MACHINE}-unknown-osf1
701 fi 738 fi
702 exit 0 ;; 739 exit ;;
703 parisc*:Lites*:*:*) 740 parisc*:Lites*:*:*)
704 echo hppa1.1-hp-lites 741 echo hppa1.1-hp-lites
705 exit 0 ;; 742 exit ;;
706 C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*) 743 C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*)
707 echo c1-convex-bsd 744 echo c1-convex-bsd
708 exit 0 ;; 745 exit ;;
709 C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*) 746 C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*)
710 if getsysinfo -f scalar_acc 747 if getsysinfo -f scalar_acc
711 then echo c32-convex-bsd 748 then echo c32-convex-bsd
712 else echo c2-convex-bsd 749 else echo c2-convex-bsd
713 fi 750 fi
714 exit 0 ;; 751 exit ;;
715 C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*) 752 C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*)
716 echo c34-convex-bsd 753 echo c34-convex-bsd
717 exit 0 ;; 754 exit ;;
718 C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*) 755 C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*)
719 echo c38-convex-bsd 756 echo c38-convex-bsd
720 exit 0 ;; 757 exit ;;
721 C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*) 758 C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*)
722 echo c4-convex-bsd 759 echo c4-convex-bsd
723 exit 0 ;; 760 exit ;;
724 CRAY*Y-MP:*:*:*) 761 CRAY*Y-MP:*:*:*)
725 echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' 762 echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
726 exit 0 ;; 763 exit ;;
727 CRAY*[A-Z]90:*:*:*) 764 CRAY*[A-Z]90:*:*:*)
728 echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \ 765 echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \
729 | sed -e 's/CRAY.*\([A-Z]90\)/\1/' \ 766 | sed -e 's/CRAY.*\([A-Z]90\)/\1/' \
730 -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \ 767 -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \
731 -e 's/\.[^.]*$/.X/' 768 -e 's/\.[^.]*$/.X/'
732 exit 0 ;; 769 exit ;;
733 CRAY*TS:*:*:*) 770 CRAY*TS:*:*:*)
734 echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' 771 echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
735 exit 0 ;; 772 exit ;;
736 CRAY*T3E:*:*:*) 773 CRAY*T3E:*:*:*)
737 echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' 774 echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
738 exit 0 ;; 775 exit ;;
739 CRAY*SV1:*:*:*) 776 CRAY*SV1:*:*:*)
740 echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' 777 echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
741 exit 0 ;; 778 exit ;;
742 *:UNICOS/mp:*:*) 779 *:UNICOS/mp:*:*)
743 echo nv1-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' 780 echo craynv-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
744 exit 0 ;; 781 exit ;;
745 F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*) 782 F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*)
746 FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` 783 FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
747 FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` 784 FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
748 FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'` 785 FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'`
749 echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" 786 echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
750 exit 0 ;; 787 exit ;;
751 5000:UNIX_System_V:4.*:*) 788 5000:UNIX_System_V:4.*:*)
752 FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` 789 FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
753 FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'` 790 FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'`
754 echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" 791 echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
755 exit 0 ;; 792 exit ;;
756 i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*) 793 i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*)
757 echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE} 794 echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE}
758 exit 0 ;; 795 exit ;;
759 sparc*:BSD/OS:*:*) 796 sparc*:BSD/OS:*:*)
760 echo sparc-unknown-bsdi${UNAME_RELEASE} 797 echo sparc-unknown-bsdi${UNAME_RELEASE}
761 exit 0 ;; 798 exit ;;
762 *:BSD/OS:*:*) 799 *:BSD/OS:*:*)
763 echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE} 800 echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE}
764 exit 0 ;; 801 exit ;;
765 *:FreeBSD:*:*) 802 *:FreeBSD:*:*)
766 # Determine whether the default compiler uses glibc. 803 echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`
767 eval $set_cc_for_build 804 exit ;;
768 sed 's/^ //' << EOF >$dummy.c
769 #include <features.h>
770 #if __GLIBC__ >= 2
771 LIBC=gnu
772 #else
773 LIBC=
774 #endif
775EOF
776 eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^LIBC=`
777 # GNU/KFreeBSD systems have a "k" prefix to indicate we are using
778 # FreeBSD's kernel, but not the complete OS.
779 case ${LIBC} in gnu) kernel_only='k' ;; esac
780 echo ${UNAME_MACHINE}-unknown-${kernel_only}freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`${LIBC:+-$LIBC}
781 exit 0 ;;
782 i*:CYGWIN*:*) 805 i*:CYGWIN*:*)
783 echo ${UNAME_MACHINE}-pc-cygwin 806 echo ${UNAME_MACHINE}-pc-cygwin
784 exit 0 ;; 807 exit ;;
785 i*:MINGW*:*) 808 i*:MINGW*:*)
786 echo ${UNAME_MACHINE}-pc-mingw32 809 echo ${UNAME_MACHINE}-pc-mingw32
787 exit 0 ;; 810 exit ;;
811 i*:windows32*:*)
812 # uname -m includes "-pc" on this system.
813 echo ${UNAME_MACHINE}-mingw32
814 exit ;;
788 i*:PW*:*) 815 i*:PW*:*)
789 echo ${UNAME_MACHINE}-pc-pw32 816 echo ${UNAME_MACHINE}-pc-pw32
790 exit 0 ;; 817 exit ;;
791 x86:Interix*:[34]*) 818 x86:Interix*:[34]*)
792 echo i586-pc-interix${UNAME_RELEASE}|sed -e 's/\..*//' 819 echo i586-pc-interix${UNAME_RELEASE}|sed -e 's/\..*//'
793 exit 0 ;; 820 exit ;;
794 [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*) 821 [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*)
795 echo i${UNAME_MACHINE}-pc-mks 822 echo i${UNAME_MACHINE}-pc-mks
796 exit 0 ;; 823 exit ;;
797 i*:Windows_NT*:* | Pentium*:Windows_NT*:*) 824 i*:Windows_NT*:* | Pentium*:Windows_NT*:*)
798 # How do we know it's Interix rather than the generic POSIX subsystem? 825 # How do we know it's Interix rather than the generic POSIX subsystem?
799 # It also conflicts with pre-2.0 versions of AT&T UWIN. Should we 826 # It also conflicts with pre-2.0 versions of AT&T UWIN. Should we
800 # UNAME_MACHINE based on the output of uname instead of i386? 827 # UNAME_MACHINE based on the output of uname instead of i386?
801 echo i586-pc-interix 828 echo i586-pc-interix
802 exit 0 ;; 829 exit ;;
803 i*:UWIN*:*) 830 i*:UWIN*:*)
804 echo ${UNAME_MACHINE}-pc-uwin 831 echo ${UNAME_MACHINE}-pc-uwin
805 exit 0 ;; 832 exit ;;
833 amd64:CYGWIN*:*:*)
834 echo x86_64-unknown-cygwin
835 exit ;;
806 p*:CYGWIN*:*) 836 p*:CYGWIN*:*)
807 echo powerpcle-unknown-cygwin 837 echo powerpcle-unknown-cygwin
808 exit 0 ;; 838 exit ;;
809 prep*:SunOS:5.*:*) 839 prep*:SunOS:5.*:*)
810 echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` 840 echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
811 exit 0 ;; 841 exit ;;
812 *:GNU:*:*) 842 *:GNU:*:*)
813 # the GNU system 843 # the GNU system
814 echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'` 844 echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'`
815 exit 0 ;; 845 exit ;;
816 *:GNU/*:*:*) 846 *:GNU/*:*:*)
817 # other systems with GNU libc and userland 847 # other systems with GNU libc and userland
818 echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-gnu 848 echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-gnu
819 exit 0 ;; 849 exit ;;
820 i*86:Minix:*:*) 850 i*86:Minix:*:*)
821 echo ${UNAME_MACHINE}-pc-minix 851 echo ${UNAME_MACHINE}-pc-minix
822 exit 0 ;; 852 exit ;;
823 arm*:Linux:*:*) 853 arm*:Linux:*:*)
824 echo ${UNAME_MACHINE}-unknown-linux-gnu 854 echo ${UNAME_MACHINE}-unknown-linux-gnu
825 exit 0 ;; 855 exit ;;
826 cris:Linux:*:*) 856 cris:Linux:*:*)
827 echo cris-axis-linux-gnu 857 echo cris-axis-linux-gnu
828 exit 0 ;; 858 exit ;;
859 crisv32:Linux:*:*)
860 echo crisv32-axis-linux-gnu
861 exit ;;
862 frv:Linux:*:*)
863 echo frv-unknown-linux-gnu
864 exit ;;
829 ia64:Linux:*:*) 865 ia64:Linux:*:*)
830 echo ${UNAME_MACHINE}-unknown-linux-gnu 866 echo ${UNAME_MACHINE}-unknown-linux-gnu
831 exit 0 ;; 867 exit ;;
868 m32r*:Linux:*:*)
869 echo ${UNAME_MACHINE}-unknown-linux-gnu
870 exit ;;
832 m68*:Linux:*:*) 871 m68*:Linux:*:*)
833 echo ${UNAME_MACHINE}-unknown-linux-gnu 872 echo ${UNAME_MACHINE}-unknown-linux-gnu
834 exit 0 ;; 873 exit ;;
835 mips:Linux:*:*) 874 mips:Linux:*:*)
836 eval $set_cc_for_build 875 eval $set_cc_for_build
837 sed 's/^ //' << EOF >$dummy.c 876 sed 's/^ //' << EOF >$dummy.c
@@ -849,7 +888,7 @@ EOF
849 #endif 888 #endif
850EOF 889EOF
851 eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^CPU=` 890 eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^CPU=`
852 test x"${CPU}" != x && echo "${CPU}-unknown-linux-gnu" && exit 0 891 test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; }
853 ;; 892 ;;
854 mips64:Linux:*:*) 893 mips64:Linux:*:*)
855 eval $set_cc_for_build 894 eval $set_cc_for_build
@@ -868,14 +907,14 @@ EOF
868 #endif 907 #endif
869EOF 908EOF
870 eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^CPU=` 909 eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^CPU=`
871 test x"${CPU}" != x && echo "${CPU}-unknown-linux-gnu" && exit 0 910 test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; }
872 ;; 911 ;;
873 ppc:Linux:*:*) 912 ppc:Linux:*:*)
874 echo powerpc-unknown-linux-gnu 913 echo powerpc-unknown-linux-gnu
875 exit 0 ;; 914 exit ;;
876 ppc64:Linux:*:*) 915 ppc64:Linux:*:*)
877 echo powerpc64-unknown-linux-gnu 916 echo powerpc64-unknown-linux-gnu
878 exit 0 ;; 917 exit ;;
879 alpha:Linux:*:*) 918 alpha:Linux:*:*)
880 case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in 919 case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in
881 EV5) UNAME_MACHINE=alphaev5 ;; 920 EV5) UNAME_MACHINE=alphaev5 ;;
@@ -889,7 +928,7 @@ EOF
889 objdump --private-headers /bin/sh | grep ld.so.1 >/dev/null 928 objdump --private-headers /bin/sh | grep ld.so.1 >/dev/null
890 if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi 929 if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi
891 echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC} 930 echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC}
892 exit 0 ;; 931 exit ;;
893 parisc:Linux:*:* | hppa:Linux:*:*) 932 parisc:Linux:*:* | hppa:Linux:*:*)
894 # Look for CPU level 933 # Look for CPU level
895 case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in 934 case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in
@@ -897,25 +936,25 @@ EOF
897 PA8*) echo hppa2.0-unknown-linux-gnu ;; 936 PA8*) echo hppa2.0-unknown-linux-gnu ;;
898 *) echo hppa-unknown-linux-gnu ;; 937 *) echo hppa-unknown-linux-gnu ;;
899 esac 938 esac
900 exit 0 ;; 939 exit ;;
901 parisc64:Linux:*:* | hppa64:Linux:*:*) 940 parisc64:Linux:*:* | hppa64:Linux:*:*)
902 echo hppa64-unknown-linux-gnu 941 echo hppa64-unknown-linux-gnu
903 exit 0 ;; 942 exit ;;
904 s390:Linux:*:* | s390x:Linux:*:*) 943 s390:Linux:*:* | s390x:Linux:*:*)
905 echo ${UNAME_MACHINE}-ibm-linux 944 echo ${UNAME_MACHINE}-ibm-linux
906 exit 0 ;; 945 exit ;;
907 sh64*:Linux:*:*) 946 sh64*:Linux:*:*)
908 echo ${UNAME_MACHINE}-unknown-linux-gnu 947 echo ${UNAME_MACHINE}-unknown-linux-gnu
909 exit 0 ;; 948 exit ;;
910 sh*:Linux:*:*) 949 sh*:Linux:*:*)
911 echo ${UNAME_MACHINE}-unknown-linux-gnu 950 echo ${UNAME_MACHINE}-unknown-linux-gnu
912 exit 0 ;; 951 exit ;;
913 sparc:Linux:*:* | sparc64:Linux:*:*) 952 sparc:Linux:*:* | sparc64:Linux:*:*)
914 echo ${UNAME_MACHINE}-unknown-linux-gnu 953 echo ${UNAME_MACHINE}-unknown-linux-gnu
915 exit 0 ;; 954 exit ;;
916 x86_64:Linux:*:*) 955 x86_64:Linux:*:*)
917 echo x86_64-unknown-linux-gnu 956 echo x86_64-unknown-linux-gnu
918 exit 0 ;; 957 exit ;;
919 i*86:Linux:*:*) 958 i*86:Linux:*:*)
920 # The BFD linker knows what the default object file format is, so 959 # The BFD linker knows what the default object file format is, so
921 # first see if it will tell us. cd to the root directory to prevent 960 # first see if it will tell us. cd to the root directory to prevent
@@ -933,15 +972,15 @@ EOF
933 ;; 972 ;;
934 a.out-i386-linux) 973 a.out-i386-linux)
935 echo "${UNAME_MACHINE}-pc-linux-gnuaout" 974 echo "${UNAME_MACHINE}-pc-linux-gnuaout"
936 exit 0 ;; 975 exit ;;
937 coff-i386) 976 coff-i386)
938 echo "${UNAME_MACHINE}-pc-linux-gnucoff" 977 echo "${UNAME_MACHINE}-pc-linux-gnucoff"
939 exit 0 ;; 978 exit ;;
940 "") 979 "")
941 # Either a pre-BFD a.out linker (linux-gnuoldld) or 980 # Either a pre-BFD a.out linker (linux-gnuoldld) or
942 # one that does not give us useful --help. 981 # one that does not give us useful --help.
943 echo "${UNAME_MACHINE}-pc-linux-gnuoldld" 982 echo "${UNAME_MACHINE}-pc-linux-gnuoldld"
944 exit 0 ;; 983 exit ;;
945 esac 984 esac
946 # Determine whether the default compiler is a.out or elf 985 # Determine whether the default compiler is a.out or elf
947 eval $set_cc_for_build 986 eval $set_cc_for_build
@@ -969,15 +1008,18 @@ EOF
969 #endif 1008 #endif
970EOF 1009EOF
971 eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^LIBC=` 1010 eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^LIBC=`
972 test x"${LIBC}" != x && echo "${UNAME_MACHINE}-pc-linux-${LIBC}" && exit 0 1011 test x"${LIBC}" != x && {
973 test x"${TENTATIVE}" != x && echo "${TENTATIVE}" && exit 0 1012 echo "${UNAME_MACHINE}-pc-linux-${LIBC}"
1013 exit
1014 }
1015 test x"${TENTATIVE}" != x && { echo "${TENTATIVE}"; exit; }
974 ;; 1016 ;;
975 i*86:DYNIX/ptx:4*:*) 1017 i*86:DYNIX/ptx:4*:*)
976 # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. 1018 # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there.
977 # earlier versions are messed up and put the nodename in both 1019 # earlier versions are messed up and put the nodename in both
978 # sysname and nodename. 1020 # sysname and nodename.
979 echo i386-sequent-sysv4 1021 echo i386-sequent-sysv4
980 exit 0 ;; 1022 exit ;;
981 i*86:UNIX_SV:4.2MP:2.*) 1023 i*86:UNIX_SV:4.2MP:2.*)
982 # Unixware is an offshoot of SVR4, but it has its own version 1024 # Unixware is an offshoot of SVR4, but it has its own version
983 # number series starting with 2... 1025 # number series starting with 2...
@@ -985,27 +1027,27 @@ EOF
985 # I just have to hope. -- rms. 1027 # I just have to hope. -- rms.
986 # Use sysv4.2uw... so that sysv4* matches it. 1028 # Use sysv4.2uw... so that sysv4* matches it.
987 echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION} 1029 echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION}
988 exit 0 ;; 1030 exit ;;
989 i*86:OS/2:*:*) 1031 i*86:OS/2:*:*)
990 # If we were able to find `uname', then EMX Unix compatibility 1032 # If we were able to find `uname', then EMX Unix compatibility
991 # is probably installed. 1033 # is probably installed.
992 echo ${UNAME_MACHINE}-pc-os2-emx 1034 echo ${UNAME_MACHINE}-pc-os2-emx
993 exit 0 ;; 1035 exit ;;
994 i*86:XTS-300:*:STOP) 1036 i*86:XTS-300:*:STOP)
995 echo ${UNAME_MACHINE}-unknown-stop 1037 echo ${UNAME_MACHINE}-unknown-stop
996 exit 0 ;; 1038 exit ;;
997 i*86:atheos:*:*) 1039 i*86:atheos:*:*)
998 echo ${UNAME_MACHINE}-unknown-atheos 1040 echo ${UNAME_MACHINE}-unknown-atheos
999 exit 0 ;; 1041 exit ;;
1000 i*86:syllable:*:*) 1042 i*86:syllable:*:*)
1001 echo ${UNAME_MACHINE}-pc-syllable 1043 echo ${UNAME_MACHINE}-pc-syllable
1002 exit 0 ;; 1044 exit ;;
1003 i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.0*:*) 1045 i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.0*:*)
1004 echo i386-unknown-lynxos${UNAME_RELEASE} 1046 echo i386-unknown-lynxos${UNAME_RELEASE}
1005 exit 0 ;; 1047 exit ;;
1006 i*86:*DOS:*:*) 1048 i*86:*DOS:*:*)
1007 echo ${UNAME_MACHINE}-pc-msdosdjgpp 1049 echo ${UNAME_MACHINE}-pc-msdosdjgpp
1008 exit 0 ;; 1050 exit ;;
1009 i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*) 1051 i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*)
1010 UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'` 1052 UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'`
1011 if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then 1053 if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then
@@ -1013,16 +1055,16 @@ EOF
1013 else 1055 else
1014 echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL} 1056 echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL}
1015 fi 1057 fi
1016 exit 0 ;; 1058 exit ;;
1017 i*86:*:5:[678]*) 1059 i*86:*:5:[678]*)
1018 # Unixware 7.x, OpenUNIX 8, & OpenServer 6 1060 # UnixWare 7.x, OpenUNIX and OpenServer 6.
1019 case `/bin/uname -X | grep "^Machine"` in 1061 case `/bin/uname -X | grep "^Machine"` in
1020 *486*) UNAME_MACHINE=i486 ;; 1062 *486*) UNAME_MACHINE=i486 ;;
1021 *Pentium) UNAME_MACHINE=i586 ;; 1063 *Pentium) UNAME_MACHINE=i586 ;;
1022 *Pent*|*Celeron) UNAME_MACHINE=i686 ;; 1064 *Pent*|*Celeron) UNAME_MACHINE=i686 ;;
1023 esac 1065 esac
1024 echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION} 1066 echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION}
1025 exit 0 ;; 1067 exit ;;
1026 i*86:*:3.2:*) 1068 i*86:*:3.2:*)
1027 if test -f /usr/options/cb.name; then 1069 if test -f /usr/options/cb.name; then
1028 UNAME_REL=`sed -n 's/.*Version //p' </usr/options/cb.name` 1070 UNAME_REL=`sed -n 's/.*Version //p' </usr/options/cb.name`
@@ -1040,73 +1082,73 @@ EOF
1040 else 1082 else
1041 echo ${UNAME_MACHINE}-pc-sysv32 1083 echo ${UNAME_MACHINE}-pc-sysv32
1042 fi 1084 fi
1043 exit 0 ;; 1085 exit ;;
1044 pc:*:*:*) 1086 pc:*:*:*)
1045 # Left here for compatibility: 1087 # Left here for compatibility:
1046 # uname -m prints for DJGPP always 'pc', but it prints nothing about 1088 # uname -m prints for DJGPP always 'pc', but it prints nothing about
1047 # the processor, so we play safe by assuming i386. 1089 # the processor, so we play safe by assuming i386.
1048 echo i386-pc-msdosdjgpp 1090 echo i386-pc-msdosdjgpp
1049 exit 0 ;; 1091 exit ;;
1050 Intel:Mach:3*:*) 1092 Intel:Mach:3*:*)
1051 echo i386-pc-mach3 1093 echo i386-pc-mach3
1052 exit 0 ;; 1094 exit ;;
1053 paragon:*:*:*) 1095 paragon:*:*:*)
1054 echo i860-intel-osf1 1096 echo i860-intel-osf1
1055 exit 0 ;; 1097 exit ;;
1056 i860:*:4.*:*) # i860-SVR4 1098 i860:*:4.*:*) # i860-SVR4
1057 if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then 1099 if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then
1058 echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4 1100 echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4
1059 else # Add other i860-SVR4 vendors below as they are discovered. 1101 else # Add other i860-SVR4 vendors below as they are discovered.
1060 echo i860-unknown-sysv${UNAME_RELEASE} # Unknown i860-SVR4 1102 echo i860-unknown-sysv${UNAME_RELEASE} # Unknown i860-SVR4
1061 fi 1103 fi
1062 exit 0 ;; 1104 exit ;;
1063 mini*:CTIX:SYS*5:*) 1105 mini*:CTIX:SYS*5:*)
1064 # "miniframe" 1106 # "miniframe"
1065 echo m68010-convergent-sysv 1107 echo m68010-convergent-sysv
1066 exit 0 ;; 1108 exit ;;
1067 mc68k:UNIX:SYSTEM5:3.51m) 1109 mc68k:UNIX:SYSTEM5:3.51m)
1068 echo m68k-convergent-sysv 1110 echo m68k-convergent-sysv
1069 exit 0 ;; 1111 exit ;;
1070 M680?0:D-NIX:5.3:*) 1112 M680?0:D-NIX:5.3:*)
1071 echo m68k-diab-dnix 1113 echo m68k-diab-dnix
1072 exit 0 ;; 1114 exit ;;
1073 M68*:*:R3V[567]*:*) 1115 M68*:*:R3V[5678]*:*)
1074 test -r /sysV68 && echo 'm68k-motorola-sysv' && exit 0 ;; 1116 test -r /sysV68 && { echo 'm68k-motorola-sysv'; exit; } ;;
1075 3[345]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0) 1117 3[345]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0 | S7501*:*:4.0:3.0)
1076 OS_REL='' 1118 OS_REL=''
1077 test -r /etc/.relid \ 1119 test -r /etc/.relid \
1078 && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` 1120 && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid`
1079 /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ 1121 /bin/uname -p 2>/dev/null | grep 86 >/dev/null \
1080 && echo i486-ncr-sysv4.3${OS_REL} && exit 0 1122 && { echo i486-ncr-sysv4.3${OS_REL}; exit; }
1081 /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ 1123 /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \
1082 && echo i586-ncr-sysv4.3${OS_REL} && exit 0 ;; 1124 && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;;
1083 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*) 1125 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*)
1084 /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ 1126 /bin/uname -p 2>/dev/null | grep 86 >/dev/null \
1085 && echo i486-ncr-sysv4 && exit 0 ;; 1127 && { echo i486-ncr-sysv4; exit; } ;;
1086 m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*) 1128 m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*)
1087 echo m68k-unknown-lynxos${UNAME_RELEASE} 1129 echo m68k-unknown-lynxos${UNAME_RELEASE}
1088 exit 0 ;; 1130 exit ;;
1089 mc68030:UNIX_System_V:4.*:*) 1131 mc68030:UNIX_System_V:4.*:*)
1090 echo m68k-atari-sysv4 1132 echo m68k-atari-sysv4
1091 exit 0 ;; 1133 exit ;;
1092 TSUNAMI:LynxOS:2.*:*) 1134 TSUNAMI:LynxOS:2.*:*)
1093 echo sparc-unknown-lynxos${UNAME_RELEASE} 1135 echo sparc-unknown-lynxos${UNAME_RELEASE}
1094 exit 0 ;; 1136 exit ;;
1095 rs6000:LynxOS:2.*:*) 1137 rs6000:LynxOS:2.*:*)
1096 echo rs6000-unknown-lynxos${UNAME_RELEASE} 1138 echo rs6000-unknown-lynxos${UNAME_RELEASE}
1097 exit 0 ;; 1139 exit ;;
1098 PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.0*:*) 1140 PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.0*:*)
1099 echo powerpc-unknown-lynxos${UNAME_RELEASE} 1141 echo powerpc-unknown-lynxos${UNAME_RELEASE}
1100 exit 0 ;; 1142 exit ;;
1101 SM[BE]S:UNIX_SV:*:*) 1143 SM[BE]S:UNIX_SV:*:*)
1102 echo mips-dde-sysv${UNAME_RELEASE} 1144 echo mips-dde-sysv${UNAME_RELEASE}
1103 exit 0 ;; 1145 exit ;;
1104 RM*:ReliantUNIX-*:*:*) 1146 RM*:ReliantUNIX-*:*:*)
1105 echo mips-sni-sysv4 1147 echo mips-sni-sysv4
1106 exit 0 ;; 1148 exit ;;
1107 RM*:SINIX-*:*:*) 1149 RM*:SINIX-*:*:*)
1108 echo mips-sni-sysv4 1150 echo mips-sni-sysv4
1109 exit 0 ;; 1151 exit ;;
1110 *:SINIX-*:*:*) 1152 *:SINIX-*:*:*)
1111 if uname -p 2>/dev/null >/dev/null ; then 1153 if uname -p 2>/dev/null >/dev/null ; then
1112 UNAME_MACHINE=`(uname -p) 2>/dev/null` 1154 UNAME_MACHINE=`(uname -p) 2>/dev/null`
@@ -1114,68 +1156,73 @@ EOF
1114 else 1156 else
1115 echo ns32k-sni-sysv 1157 echo ns32k-sni-sysv
1116 fi 1158 fi
1117 exit 0 ;; 1159 exit ;;
1118 PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort 1160 PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort
1119 # says <Richard.M.Bartel@ccMail.Census.GOV> 1161 # says <Richard.M.Bartel@ccMail.Census.GOV>
1120 echo i586-unisys-sysv4 1162 echo i586-unisys-sysv4
1121 exit 0 ;; 1163 exit ;;
1122 *:UNIX_System_V:4*:FTX*) 1164 *:UNIX_System_V:4*:FTX*)
1123 # From Gerald Hewes <hewes@openmarket.com>. 1165 # From Gerald Hewes <hewes@openmarket.com>.
1124 # How about differentiating between stratus architectures? -djm 1166 # How about differentiating between stratus architectures? -djm
1125 echo hppa1.1-stratus-sysv4 1167 echo hppa1.1-stratus-sysv4
1126 exit 0 ;; 1168 exit ;;
1127 *:*:*:FTX*) 1169 *:*:*:FTX*)
1128 # From seanf@swdc.stratus.com. 1170 # From seanf@swdc.stratus.com.
1129 echo i860-stratus-sysv4 1171 echo i860-stratus-sysv4
1130 exit 0 ;; 1172 exit ;;
1173 i*86:VOS:*:*)
1174 # From Paul.Green@stratus.com.
1175 echo ${UNAME_MACHINE}-stratus-vos
1176 exit ;;
1131 *:VOS:*:*) 1177 *:VOS:*:*)
1132 # From Paul.Green@stratus.com. 1178 # From Paul.Green@stratus.com.
1133 echo hppa1.1-stratus-vos 1179 echo hppa1.1-stratus-vos
1134 exit 0 ;; 1180 exit ;;
1135 mc68*:A/UX:*:*) 1181 mc68*:A/UX:*:*)
1136 echo m68k-apple-aux${UNAME_RELEASE} 1182 echo m68k-apple-aux${UNAME_RELEASE}
1137 exit 0 ;; 1183 exit ;;
1138 news*:NEWS-OS:6*:*) 1184 news*:NEWS-OS:6*:*)
1139 echo mips-sony-newsos6 1185 echo mips-sony-newsos6
1140 exit 0 ;; 1186 exit ;;
1141 R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*) 1187 R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*)
1142 if [ -d /usr/nec ]; then 1188 if [ -d /usr/nec ]; then
1143 echo mips-nec-sysv${UNAME_RELEASE} 1189 echo mips-nec-sysv${UNAME_RELEASE}
1144 else 1190 else
1145 echo mips-unknown-sysv${UNAME_RELEASE} 1191 echo mips-unknown-sysv${UNAME_RELEASE}
1146 fi 1192 fi
1147 exit 0 ;; 1193 exit ;;
1148 BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only. 1194 BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only.
1149 echo powerpc-be-beos 1195 echo powerpc-be-beos
1150 exit 0 ;; 1196 exit ;;
1151 BeMac:BeOS:*:*) # BeOS running on Mac or Mac clone, PPC only. 1197 BeMac:BeOS:*:*) # BeOS running on Mac or Mac clone, PPC only.
1152 echo powerpc-apple-beos 1198 echo powerpc-apple-beos
1153 exit 0 ;; 1199 exit ;;
1154 BePC:BeOS:*:*) # BeOS running on Intel PC compatible. 1200 BePC:BeOS:*:*) # BeOS running on Intel PC compatible.
1155 echo i586-pc-beos 1201 echo i586-pc-beos
1156 exit 0 ;; 1202 exit ;;
1157 SX-4:SUPER-UX:*:*) 1203 SX-4:SUPER-UX:*:*)
1158 echo sx4-nec-superux${UNAME_RELEASE} 1204 echo sx4-nec-superux${UNAME_RELEASE}
1159 exit 0 ;; 1205 exit ;;
1160 SX-5:SUPER-UX:*:*) 1206 SX-5:SUPER-UX:*:*)
1161 echo sx5-nec-superux${UNAME_RELEASE} 1207 echo sx5-nec-superux${UNAME_RELEASE}
1162 exit 0 ;; 1208 exit ;;
1163 SX-6:SUPER-UX:*:*) 1209 SX-6:SUPER-UX:*:*)
1164 echo sx6-nec-superux${UNAME_RELEASE} 1210 echo sx6-nec-superux${UNAME_RELEASE}
1165 exit 0 ;; 1211 exit ;;
1166 Power*:Rhapsody:*:*) 1212 Power*:Rhapsody:*:*)
1167 echo powerpc-apple-rhapsody${UNAME_RELEASE} 1213 echo powerpc-apple-rhapsody${UNAME_RELEASE}
1168 exit 0 ;; 1214 exit ;;
1169 *:Rhapsody:*:*) 1215 *:Rhapsody:*:*)
1170 echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE} 1216 echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE}
1171 exit 0 ;; 1217 exit ;;
1172 *:Darwin:*:*) 1218 *:Darwin:*:*)
1173 case `uname -p` in 1219 UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown
1220 case $UNAME_PROCESSOR in
1174 *86) UNAME_PROCESSOR=i686 ;; 1221 *86) UNAME_PROCESSOR=i686 ;;
1175 powerpc) UNAME_PROCESSOR=powerpc ;; 1222 unknown) UNAME_PROCESSOR=powerpc ;;
1176 esac 1223 esac
1177 echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE} 1224 echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE}
1178 exit 0 ;; 1225 exit ;;
1179 *:procnto*:*:* | *:QNX:[0123456789]*:*) 1226 *:procnto*:*:* | *:QNX:[0123456789]*:*)
1180 UNAME_PROCESSOR=`uname -p` 1227 UNAME_PROCESSOR=`uname -p`
1181 if test "$UNAME_PROCESSOR" = "x86"; then 1228 if test "$UNAME_PROCESSOR" = "x86"; then
@@ -1183,22 +1230,25 @@ EOF
1183 UNAME_MACHINE=pc 1230 UNAME_MACHINE=pc
1184 fi 1231 fi
1185 echo ${UNAME_PROCESSOR}-${UNAME_MACHINE}-nto-qnx${UNAME_RELEASE} 1232 echo ${UNAME_PROCESSOR}-${UNAME_MACHINE}-nto-qnx${UNAME_RELEASE}
1186 exit 0 ;; 1233 exit ;;
1187 *:QNX:*:4*) 1234 *:QNX:*:4*)
1188 echo i386-pc-qnx 1235 echo i386-pc-qnx
1189 exit 0 ;; 1236 exit ;;
1237 NSE-?:NONSTOP_KERNEL:*:*)
1238 echo nse-tandem-nsk${UNAME_RELEASE}
1239 exit ;;
1190 NSR-?:NONSTOP_KERNEL:*:*) 1240 NSR-?:NONSTOP_KERNEL:*:*)
1191 echo nsr-tandem-nsk${UNAME_RELEASE} 1241 echo nsr-tandem-nsk${UNAME_RELEASE}
1192 exit 0 ;; 1242 exit ;;
1193 *:NonStop-UX:*:*) 1243 *:NonStop-UX:*:*)
1194 echo mips-compaq-nonstopux 1244 echo mips-compaq-nonstopux
1195 exit 0 ;; 1245 exit ;;
1196 BS2000:POSIX*:*:*) 1246 BS2000:POSIX*:*:*)
1197 echo bs2000-siemens-sysv 1247 echo bs2000-siemens-sysv
1198 exit 0 ;; 1248 exit ;;
1199 DS/*:UNIX_System_V:*:*) 1249 DS/*:UNIX_System_V:*:*)
1200 echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE} 1250 echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE}
1201 exit 0 ;; 1251 exit ;;
1202 *:Plan9:*:*) 1252 *:Plan9:*:*)
1203 # "uname -m" is not consistent, so use $cputype instead. 386 1253 # "uname -m" is not consistent, so use $cputype instead. 386
1204 # is converted to i386 for consistency with other x86 1254 # is converted to i386 for consistency with other x86
@@ -1209,31 +1259,44 @@ EOF
1209 UNAME_MACHINE="$cputype" 1259 UNAME_MACHINE="$cputype"
1210 fi 1260 fi
1211 echo ${UNAME_MACHINE}-unknown-plan9 1261 echo ${UNAME_MACHINE}-unknown-plan9
1212 exit 0 ;; 1262 exit ;;
1213 *:TOPS-10:*:*) 1263 *:TOPS-10:*:*)
1214 echo pdp10-unknown-tops10 1264 echo pdp10-unknown-tops10
1215 exit 0 ;; 1265 exit ;;
1216 *:TENEX:*:*) 1266 *:TENEX:*:*)
1217 echo pdp10-unknown-tenex 1267 echo pdp10-unknown-tenex
1218 exit 0 ;; 1268 exit ;;
1219 KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*) 1269 KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*)
1220 echo pdp10-dec-tops20 1270 echo pdp10-dec-tops20
1221 exit 0 ;; 1271 exit ;;
1222 XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*) 1272 XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*)
1223 echo pdp10-xkl-tops20 1273 echo pdp10-xkl-tops20
1224 exit 0 ;; 1274 exit ;;
1225 *:TOPS-20:*:*) 1275 *:TOPS-20:*:*)
1226 echo pdp10-unknown-tops20 1276 echo pdp10-unknown-tops20
1227 exit 0 ;; 1277 exit ;;
1228 *:ITS:*:*) 1278 *:ITS:*:*)
1229 echo pdp10-unknown-its 1279 echo pdp10-unknown-its
1230 exit 0 ;; 1280 exit ;;
1231 SEI:*:*:SEIUX) 1281 SEI:*:*:SEIUX)
1232 echo mips-sei-seiux${UNAME_RELEASE} 1282 echo mips-sei-seiux${UNAME_RELEASE}
1233 exit 0 ;; 1283 exit ;;
1234 *:DRAGONFLY:*:*) 1284 *:DragonFly:*:*)
1235 echo ${UNAME_MACHINE}-unknown-dragonfly${UNAME_RELEASE} 1285 echo ${UNAME_MACHINE}-unknown-dragonfly`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`
1236 exit 0 ;; 1286 exit ;;
1287 *:*VMS:*:*)
1288 UNAME_MACHINE=`(uname -p) 2>/dev/null`
1289 case "${UNAME_MACHINE}" in
1290 A*) echo alpha-dec-vms ; exit ;;
1291 I*) echo ia64-dec-vms ; exit ;;
1292 V*) echo vax-dec-vms ; exit ;;
1293 esac ;;
1294 *:XENIX:*:SysV)
1295 echo i386-pc-xenix
1296 exit ;;
1297 i*86:skyos:*:*)
1298 echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE}` | sed -e 's/ .*$//'
1299 exit ;;
1237esac 1300esac
1238 1301
1239#echo '(No uname command or uname output not recognized.)' 1>&2 1302#echo '(No uname command or uname output not recognized.)' 1>&2
@@ -1265,7 +1328,7 @@ main ()
1265#endif 1328#endif
1266 1329
1267#if defined (__arm) && defined (__acorn) && defined (__unix) 1330#if defined (__arm) && defined (__acorn) && defined (__unix)
1268 printf ("arm-acorn-riscix"); exit (0); 1331 printf ("arm-acorn-riscix\n"); exit (0);
1269#endif 1332#endif
1270 1333
1271#if defined (hp300) && !defined (hpux) 1334#if defined (hp300) && !defined (hpux)
@@ -1354,11 +1417,12 @@ main ()
1354} 1417}
1355EOF 1418EOF
1356 1419
1357$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && $dummy && exit 0 1420$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && SYSTEM_NAME=`$dummy` &&
1421 { echo "$SYSTEM_NAME"; exit; }
1358 1422
1359# Apollos put the system type in the environment. 1423# Apollos put the system type in the environment.
1360 1424
1361test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit 0; } 1425test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit; }
1362 1426
1363# Convex versions that predate uname can use getsysinfo(1) 1427# Convex versions that predate uname can use getsysinfo(1)
1364 1428
@@ -1367,22 +1431,22 @@ then
1367 case `getsysinfo -f cpu_type` in 1431 case `getsysinfo -f cpu_type` in
1368 c1*) 1432 c1*)
1369 echo c1-convex-bsd 1433 echo c1-convex-bsd
1370 exit 0 ;; 1434 exit ;;
1371 c2*) 1435 c2*)
1372 if getsysinfo -f scalar_acc 1436 if getsysinfo -f scalar_acc
1373 then echo c32-convex-bsd 1437 then echo c32-convex-bsd
1374 else echo c2-convex-bsd 1438 else echo c2-convex-bsd
1375 fi 1439 fi
1376 exit 0 ;; 1440 exit ;;
1377 c34*) 1441 c34*)
1378 echo c34-convex-bsd 1442 echo c34-convex-bsd
1379 exit 0 ;; 1443 exit ;;
1380 c38*) 1444 c38*)
1381 echo c38-convex-bsd 1445 echo c38-convex-bsd
1382 exit 0 ;; 1446 exit ;;
1383 c4*) 1447 c4*)
1384 echo c4-convex-bsd 1448 echo c4-convex-bsd
1385 exit 0 ;; 1449 exit ;;
1386 esac 1450 esac
1387fi 1451fi
1388 1452
@@ -1393,7 +1457,9 @@ This script, last modified $timestamp, has failed to recognize
1393the operating system you are using. It is advised that you 1457the operating system you are using. It is advised that you
1394download the most up to date version of the config scripts from 1458download the most up to date version of the config scripts from
1395 1459
1396 ftp://ftp.gnu.org/pub/gnu/config/ 1460 http://savannah.gnu.org/cgi-bin/viewcvs/*checkout*/config/config/config.guess
1461and
1462 http://savannah.gnu.org/cgi-bin/viewcvs/*checkout*/config/config/config.sub
1397 1463
1398If the version you run ($0) is already up to date, please 1464If the version you run ($0) is already up to date, please
1399send the following data and any information you think might be 1465send the following data and any information you think might be
diff --git a/config.h.in b/config.h.in
index 99a5d5730..551d7e5d9 100644
--- a/config.h.in
+++ b/config.h.in
@@ -1,5 +1,5 @@
1/* config.h.in. Generated from configure.ac by autoheader. */ 1/* config.h.in. Generated from configure.ac by autoheader. */
2/* $Id: acconfig.h,v 1.181 2005/02/25 23:07:38 dtucker Exp $ */ 2/* $Id: acconfig.h,v 1.183 2005/07/07 10:33:36 dtucker Exp $ */
3 3
4/* 4/*
5 * Copyright (c) 1999-2003 Damien Miller. All rights reserved. 5 * Copyright (c) 1999-2003 Damien Miller. All rights reserved.
@@ -119,9 +119,6 @@
119/* Define if you are on NeXT */ 119/* Define if you are on NeXT */
120#undef HAVE_NEXT 120#undef HAVE_NEXT
121 121
122/* Define if you are on NEWS-OS */
123#undef HAVE_NEWS4
124
125/* Define if you want to enable PAM support */ 122/* Define if you want to enable PAM support */
126#undef USE_PAM 123#undef USE_PAM
127 124
@@ -205,9 +202,6 @@
205/* Define if you don't want to use lastlog in session.c */ 202/* Define if you don't want to use lastlog in session.c */
206#undef NO_SSH_LASTLOG 203#undef NO_SSH_LASTLOG
207 204
208/* Define if have krb5_init_ets */
209#undef KRB5_INIT_ETS
210
211/* Define if you don't want to use utmp */ 205/* Define if you don't want to use utmp */
212#undef DISABLE_UTMP 206#undef DISABLE_UTMP
213 207
@@ -462,6 +456,18 @@
462 */ 456 */
463#undef AIX_GETNAMEINFO_HACK 457#undef AIX_GETNAMEINFO_HACK
464 458
459/* getgroups(0,NULL) will return -1 */
460#undef BROKEN_GETGROUPS
461
462/* ia_uinfo routines not supported by OS yet */
463#undef BROKEN_LIBIAF
464
465/* Ultrix mmap can't map files */
466#undef BROKEN_MMAP
467
468/* LynxOS has broken setvbuf() implementation */
469#undef BROKEN_SETVBUF
470
465/* Define to 1 if the `getpgrp' function requires zero arguments. */ 471/* Define to 1 if the `getpgrp' function requires zero arguments. */
466#undef GETPGRP_VOID 472#undef GETPGRP_VOID
467 473
@@ -471,6 +477,9 @@
471/* Define to 1 if you have the `arc4random' function. */ 477/* Define to 1 if you have the `arc4random' function. */
472#undef HAVE_ARC4RANDOM 478#undef HAVE_ARC4RANDOM
473 479
480/* OpenBSD's gcc has sentinel */
481#undef HAVE_ATTRIBUTE__SENTINEL__
482
474/* Define to 1 if you have the `b64_ntop' function. */ 483/* Define to 1 if you have the `b64_ntop' function. */
475#undef HAVE_B64_NTOP 484#undef HAVE_B64_NTOP
476 485
@@ -529,6 +538,14 @@
529 don't. */ 538 don't. */
530#undef HAVE_DECL_SETAUTHDB 539#undef HAVE_DECL_SETAUTHDB
531 540
541/* Define to 1 if you have the declaration of `_getlong', and to 0 if you
542 don't. */
543#undef HAVE_DECL__GETLONG
544
545/* Define to 1 if you have the declaration of `_getshort', and to 0 if you
546 don't. */
547#undef HAVE_DECL__GETSHORT
548
532/* Define to 1 if you have the <dirent.h> header file. */ 549/* Define to 1 if you have the <dirent.h> header file. */
533#undef HAVE_DIRENT_H 550#undef HAVE_DIRENT_H
534 551
@@ -547,9 +564,6 @@
547/* Define to 1 if you have the `endutxent' function. */ 564/* Define to 1 if you have the `endutxent' function. */
548#undef HAVE_ENDUTXENT 565#undef HAVE_ENDUTXENT
549 566
550/* Define to 1 if you have the `fchdir' function. */
551#undef HAVE_FCHDIR
552
553/* Define to 1 if you have the `fchmod' function. */ 567/* Define to 1 if you have the `fchmod' function. */
554#undef HAVE_FCHMOD 568#undef HAVE_FCHMOD
555 569
@@ -658,6 +672,9 @@
658/* Define to 1 if you have the <gssapi_krb5.h> header file. */ 672/* Define to 1 if you have the <gssapi_krb5.h> header file. */
659#undef HAVE_GSSAPI_KRB5_H 673#undef HAVE_GSSAPI_KRB5_H
660 674
675/* Define to 1 if you have the <iaf.h> header file. */
676#undef HAVE_IAF_H
677
661/* Define to 1 if you have the <ia.h> header file. */ 678/* Define to 1 if you have the <ia.h> header file. */
662#undef HAVE_IA_H 679#undef HAVE_IA_H
663 680
@@ -694,6 +711,9 @@
694/* Define to 1 if you have the <libgen.h> header file. */ 711/* Define to 1 if you have the <libgen.h> header file. */
695#undef HAVE_LIBGEN_H 712#undef HAVE_LIBGEN_H
696 713
714/* Define to 1 if you have the `iaf' library (-liaf). */
715#undef HAVE_LIBIAF
716
697/* Define to 1 if you have the `nsl' library (-lnsl). */ 717/* Define to 1 if you have the `nsl' library (-lnsl). */
698#undef HAVE_LIBNSL 718#undef HAVE_LIBNSL
699 719
@@ -922,6 +942,9 @@
922/* Define to 1 if you have the <stdlib.h> header file. */ 942/* Define to 1 if you have the <stdlib.h> header file. */
923#undef HAVE_STDLIB_H 943#undef HAVE_STDLIB_H
924 944
945/* Define to 1 if you have the `strdup' function. */
946#undef HAVE_STRDUP
947
925/* Define to 1 if you have the `strerror' function. */ 948/* Define to 1 if you have the `strerror' function. */
926#undef HAVE_STRERROR 949#undef HAVE_STRERROR
927 950
@@ -949,6 +972,12 @@
949/* Define to 1 if you have the `strsep' function. */ 972/* Define to 1 if you have the `strsep' function. */
950#undef HAVE_STRSEP 973#undef HAVE_STRSEP
951 974
975/* Define to 1 if you have the `strtoll' function. */
976#undef HAVE_STRTOLL
977
978/* Define to 1 if you have the `strtonum' function. */
979#undef HAVE_STRTONUM
980
952/* Define to 1 if you have the `strtoul' function. */ 981/* Define to 1 if you have the `strtoul' function. */
953#undef HAVE_STRTOUL 982#undef HAVE_STRTOUL
954 983
@@ -1006,6 +1035,9 @@
1006/* Define to 1 if you have the <sys/strtio.h> header file. */ 1035/* Define to 1 if you have the <sys/strtio.h> header file. */
1007#undef HAVE_SYS_STRTIO_H 1036#undef HAVE_SYS_STRTIO_H
1008 1037
1038/* Force use of sys/syslog.h on Ultrix */
1039#undef HAVE_SYS_SYSLOG_H
1040
1009/* Define to 1 if you have the <sys/sysmacros.h> header file. */ 1041/* Define to 1 if you have the <sys/sysmacros.h> header file. */
1010#undef HAVE_SYS_SYSMACROS_H 1042#undef HAVE_SYS_SYSMACROS_H
1011 1043
@@ -1105,6 +1137,15 @@
1105/* Define to 1 if you have the `__b64_pton' function. */ 1137/* Define to 1 if you have the `__b64_pton' function. */
1106#undef HAVE___B64_PTON 1138#undef HAVE___B64_PTON
1107 1139
1140/* max value of long long calculated by configure */
1141#undef LLONG_MAX
1142
1143/* min value of long long calculated by configure */
1144#undef LLONG_MIN
1145
1146/* Need setpgrp to acquire controlling tty */
1147#undef NEED_SETPRGP
1148
1108/* Define to the address where bug reports for this package should be sent. */ 1149/* Define to the address where bug reports for this package should be sent. */
1109#undef PACKAGE_BUGREPORT 1150#undef PACKAGE_BUGREPORT
1110 1151
@@ -1144,6 +1185,9 @@
1144/* Define to 1 if you have the ANSI C header files. */ 1185/* Define to 1 if you have the ANSI C header files. */
1145#undef STDC_HEADERS 1186#undef STDC_HEADERS
1146 1187
1188/* Support passwords > 8 chars */
1189#undef UNIXWARE_LONG_PASSWORDS
1190
1147/* Use BSM audit module */ 1191/* Use BSM audit module */
1148#undef USE_BSM_AUDIT 1192#undef USE_BSM_AUDIT
1149 1193
diff --git a/config.sub b/config.sub
index 463186dbf..519f2cd00 100755
--- a/config.sub
+++ b/config.sub
@@ -1,9 +1,9 @@
1#! /bin/sh 1#! /bin/sh
2# Configuration validation subroutine script. 2# Configuration validation subroutine script.
3# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 3# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
4# 2000, 2001, 2002, 2003 Free Software Foundation, Inc. 4# 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation, Inc.
5 5
6timestamp='2004-01-05' 6timestamp='2005-05-12'
7 7
8# This file is (in principle) common to ALL GNU software. 8# This file is (in principle) common to ALL GNU software.
9# The presence of a machine in this file suggests that SOME GNU software 9# The presence of a machine in this file suggests that SOME GNU software
@@ -21,14 +21,15 @@ timestamp='2004-01-05'
21# 21#
22# You should have received a copy of the GNU General Public License 22# You should have received a copy of the GNU General Public License
23# along with this program; if not, write to the Free Software 23# along with this program; if not, write to the Free Software
24# Foundation, Inc., 59 Temple Place - Suite 330, 24# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA
25# Boston, MA 02111-1307, USA. 25# 02110-1301, USA.
26 26#
27# As a special exception to the GNU General Public License, if you 27# As a special exception to the GNU General Public License, if you
28# distribute this file as part of a program that contains a 28# distribute this file as part of a program that contains a
29# configuration script generated by Autoconf, you may include it under 29# configuration script generated by Autoconf, you may include it under
30# the same distribution terms that you use for the rest of that program. 30# the same distribution terms that you use for the rest of that program.
31 31
32
32# Please send patches to <config-patches@gnu.org>. Submit a context 33# Please send patches to <config-patches@gnu.org>. Submit a context
33# diff and a properly formatted ChangeLog entry. 34# diff and a properly formatted ChangeLog entry.
34# 35#
@@ -70,7 +71,7 @@ Report bugs and patches to <config-patches@gnu.org>."
70version="\ 71version="\
71GNU config.sub ($timestamp) 72GNU config.sub ($timestamp)
72 73
73Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001 74Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005
74Free Software Foundation, Inc. 75Free Software Foundation, Inc.
75 76
76This is free software; see the source for copying conditions. There is NO 77This is free software; see the source for copying conditions. There is NO
@@ -83,11 +84,11 @@ Try \`$me --help' for more information."
83while test $# -gt 0 ; do 84while test $# -gt 0 ; do
84 case $1 in 85 case $1 in
85 --time-stamp | --time* | -t ) 86 --time-stamp | --time* | -t )
86 echo "$timestamp" ; exit 0 ;; 87 echo "$timestamp" ; exit ;;
87 --version | -v ) 88 --version | -v )
88 echo "$version" ; exit 0 ;; 89 echo "$version" ; exit ;;
89 --help | --h* | -h ) 90 --help | --h* | -h )
90 echo "$usage"; exit 0 ;; 91 echo "$usage"; exit ;;
91 -- ) # Stop option processing 92 -- ) # Stop option processing
92 shift; break ;; 93 shift; break ;;
93 - ) # Use stdin as input. 94 - ) # Use stdin as input.
@@ -99,7 +100,7 @@ while test $# -gt 0 ; do
99 *local*) 100 *local*)
100 # First pass through any local machine types. 101 # First pass through any local machine types.
101 echo $1 102 echo $1
102 exit 0;; 103 exit ;;
103 104
104 * ) 105 * )
105 break ;; 106 break ;;
@@ -145,7 +146,7 @@ case $os in
145 -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\ 146 -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\
146 -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \ 147 -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \
147 -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \ 148 -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \
148 -apple | -axis) 149 -apple | -axis | -knuth | -cray)
149 os= 150 os=
150 basic_machine=$1 151 basic_machine=$1
151 ;; 152 ;;
@@ -231,13 +232,14 @@ case $basic_machine in
231 | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \ 232 | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \
232 | am33_2.0 \ 233 | am33_2.0 \
233 | arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr \ 234 | arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr \
235 | bfin \
234 | c4x | clipper \ 236 | c4x | clipper \
235 | d10v | d30v | dlx | dsp16xx \ 237 | d10v | d30v | dlx | dsp16xx \
236 | fr30 | frv \ 238 | fr30 | frv \
237 | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ 239 | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \
238 | i370 | i860 | i960 | ia64 \ 240 | i370 | i860 | i960 | ia64 \
239 | ip2k | iq2000 \ 241 | ip2k | iq2000 \
240 | m32r | m68000 | m68k | m88k | mcore \ 242 | m32r | m32rle | m68000 | m68k | m88k | maxq | mcore \
241 | mips | mipsbe | mipseb | mipsel | mipsle \ 243 | mips | mipsbe | mipseb | mipsel | mipsle \
242 | mips16 \ 244 | mips16 \
243 | mips64 | mips64el \ 245 | mips64 | mips64el \
@@ -262,12 +264,13 @@ case $basic_machine in
262 | pyramid \ 264 | pyramid \
263 | sh | sh[1234] | sh[23]e | sh[34]eb | shbe | shle | sh[1234]le | sh3ele \ 265 | sh | sh[1234] | sh[23]e | sh[34]eb | shbe | shle | sh[1234]le | sh3ele \
264 | sh64 | sh64le \ 266 | sh64 | sh64le \
265 | sparc | sparc64 | sparc86x | sparclet | sparclite | sparcv9 | sparcv9b \ 267 | sparc | sparc64 | sparc64b | sparc86x | sparclet | sparclite \
268 | sparcv8 | sparcv9 | sparcv9b \
266 | strongarm \ 269 | strongarm \
267 | tahoe | thumb | tic4x | tic80 | tron \ 270 | tahoe | thumb | tic4x | tic80 | tron \
268 | v850 | v850e \ 271 | v850 | v850e \
269 | we32k \ 272 | we32k \
270 | x86 | xscale | xstormy16 | xtensa \ 273 | x86 | xscale | xscalee[bl] | xstormy16 | xtensa \
271 | z8k) 274 | z8k)
272 basic_machine=$basic_machine-unknown 275 basic_machine=$basic_machine-unknown
273 ;; 276 ;;
@@ -298,9 +301,9 @@ case $basic_machine in
298 | alphapca5[67]-* | alpha64pca5[67]-* | arc-* \ 301 | alphapca5[67]-* | alpha64pca5[67]-* | arc-* \
299 | arm-* | armbe-* | armle-* | armeb-* | armv*-* \ 302 | arm-* | armbe-* | armle-* | armeb-* | armv*-* \
300 | avr-* \ 303 | avr-* \
301 | bs2000-* \ 304 | bfin-* | bs2000-* \
302 | c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* | c55x-* | c6x-* \ 305 | c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* | c55x-* | c6x-* \
303 | clipper-* | cydra-* \ 306 | clipper-* | craynv-* | cydra-* \
304 | d10v-* | d30v-* | dlx-* \ 307 | d10v-* | d30v-* | dlx-* \
305 | elxsi-* \ 308 | elxsi-* \
306 | f30[01]-* | f700-* | fr30-* | frv-* | fx80-* \ 309 | f30[01]-* | f700-* | fr30-* | frv-* | fx80-* \
@@ -308,9 +311,9 @@ case $basic_machine in
308 | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \ 311 | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \
309 | i*86-* | i860-* | i960-* | ia64-* \ 312 | i*86-* | i860-* | i960-* | ia64-* \
310 | ip2k-* | iq2000-* \ 313 | ip2k-* | iq2000-* \
311 | m32r-* \ 314 | m32r-* | m32rle-* \
312 | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \ 315 | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \
313 | m88110-* | m88k-* | mcore-* \ 316 | m88110-* | m88k-* | maxq-* | mcore-* \
314 | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \ 317 | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \
315 | mips16-* \ 318 | mips16-* \
316 | mips64-* | mips64el-* \ 319 | mips64-* | mips64el-* \
@@ -326,8 +329,9 @@ case $basic_machine in
326 | mipsisa64sb1-* | mipsisa64sb1el-* \ 329 | mipsisa64sb1-* | mipsisa64sb1el-* \
327 | mipsisa64sr71k-* | mipsisa64sr71kel-* \ 330 | mipsisa64sr71k-* | mipsisa64sr71kel-* \
328 | mipstx39-* | mipstx39el-* \ 331 | mipstx39-* | mipstx39el-* \
332 | mmix-* \
329 | msp430-* \ 333 | msp430-* \
330 | none-* | np1-* | nv1-* | ns16k-* | ns32k-* \ 334 | none-* | np1-* | ns16k-* | ns32k-* \
331 | orion-* \ 335 | orion-* \
332 | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \ 336 | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \
333 | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \ 337 | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \
@@ -335,15 +339,16 @@ case $basic_machine in
335 | romp-* | rs6000-* \ 339 | romp-* | rs6000-* \
336 | sh-* | sh[1234]-* | sh[23]e-* | sh[34]eb-* | shbe-* \ 340 | sh-* | sh[1234]-* | sh[23]e-* | sh[34]eb-* | shbe-* \
337 | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \ 341 | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \
338 | sparc-* | sparc64-* | sparc86x-* | sparclet-* | sparclite-* \ 342 | sparc-* | sparc64-* | sparc64b-* | sparc86x-* | sparclet-* \
339 | sparcv9-* | sparcv9b-* | strongarm-* | sv1-* | sx?-* \ 343 | sparclite-* \
344 | sparcv8-* | sparcv9-* | sparcv9b-* | strongarm-* | sv1-* | sx?-* \
340 | tahoe-* | thumb-* \ 345 | tahoe-* | thumb-* \
341 | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \ 346 | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \
342 | tron-* \ 347 | tron-* \
343 | v850-* | v850e-* | vax-* \ 348 | v850-* | v850e-* | vax-* \
344 | we32k-* \ 349 | we32k-* \
345 | x86-* | x86_64-* | xps100-* | xscale-* | xstormy16-* \ 350 | x86-* | x86_64-* | xps100-* | xscale-* | xscalee[bl]-* \
346 | xtensa-* \ 351 | xstormy16-* | xtensa-* \
347 | ymp-* \ 352 | ymp-* \
348 | z8k-*) 353 | z8k-*)
349 ;; 354 ;;
@@ -363,6 +368,9 @@ case $basic_machine in
363 basic_machine=a29k-amd 368 basic_machine=a29k-amd
364 os=-udi 369 os=-udi
365 ;; 370 ;;
371 abacus)
372 basic_machine=abacus-unknown
373 ;;
366 adobe68k) 374 adobe68k)
367 basic_machine=m68010-adobe 375 basic_machine=m68010-adobe
368 os=-scout 376 os=-scout
@@ -442,12 +450,27 @@ case $basic_machine in
442 basic_machine=j90-cray 450 basic_machine=j90-cray
443 os=-unicos 451 os=-unicos
444 ;; 452 ;;
453 craynv)
454 basic_machine=craynv-cray
455 os=-unicosmp
456 ;;
457 cr16c)
458 basic_machine=cr16c-unknown
459 os=-elf
460 ;;
445 crds | unos) 461 crds | unos)
446 basic_machine=m68k-crds 462 basic_machine=m68k-crds
447 ;; 463 ;;
464 crisv32 | crisv32-* | etraxfs*)
465 basic_machine=crisv32-axis
466 ;;
448 cris | cris-* | etrax*) 467 cris | cris-* | etrax*)
449 basic_machine=cris-axis 468 basic_machine=cris-axis
450 ;; 469 ;;
470 crx)
471 basic_machine=crx-unknown
472 os=-elf
473 ;;
451 da30 | da30-*) 474 da30 | da30-*)
452 basic_machine=m68k-da30 475 basic_machine=m68k-da30
453 ;; 476 ;;
@@ -470,6 +493,10 @@ case $basic_machine in
470 basic_machine=m88k-motorola 493 basic_machine=m88k-motorola
471 os=-sysv3 494 os=-sysv3
472 ;; 495 ;;
496 djgpp)
497 basic_machine=i586-pc
498 os=-msdosdjgpp
499 ;;
473 dpx20 | dpx20-*) 500 dpx20 | dpx20-*)
474 basic_machine=rs6000-bull 501 basic_machine=rs6000-bull
475 os=-bosx 502 os=-bosx
@@ -648,10 +675,6 @@ case $basic_machine in
648 mips3*) 675 mips3*)
649 basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown 676 basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown
650 ;; 677 ;;
651 mmix*)
652 basic_machine=mmix-knuth
653 os=-mmixware
654 ;;
655 monitor) 678 monitor)
656 basic_machine=m68k-rom68k 679 basic_machine=m68k-rom68k
657 os=-coff 680 os=-coff
@@ -732,10 +755,6 @@ case $basic_machine in
732 np1) 755 np1)
733 basic_machine=np1-gould 756 basic_machine=np1-gould
734 ;; 757 ;;
735 nv1)
736 basic_machine=nv1-cray
737 os=-unicosmp
738 ;;
739 nsr-tandem) 758 nsr-tandem)
740 basic_machine=nsr-tandem 759 basic_machine=nsr-tandem
741 ;; 760 ;;
@@ -1018,6 +1037,10 @@ case $basic_machine in
1018 basic_machine=hppa1.1-winbond 1037 basic_machine=hppa1.1-winbond
1019 os=-proelf 1038 os=-proelf
1020 ;; 1039 ;;
1040 xbox)
1041 basic_machine=i686-pc
1042 os=-mingw32
1043 ;;
1021 xps | xps100) 1044 xps | xps100)
1022 basic_machine=xps100-honeywell 1045 basic_machine=xps100-honeywell
1023 ;; 1046 ;;
@@ -1048,6 +1071,9 @@ case $basic_machine in
1048 romp) 1071 romp)
1049 basic_machine=romp-ibm 1072 basic_machine=romp-ibm
1050 ;; 1073 ;;
1074 mmix)
1075 basic_machine=mmix-knuth
1076 ;;
1051 rs6000) 1077 rs6000)
1052 basic_machine=rs6000-ibm 1078 basic_machine=rs6000-ibm
1053 ;; 1079 ;;
@@ -1070,7 +1096,7 @@ case $basic_machine in
1070 sh64) 1096 sh64)
1071 basic_machine=sh64-unknown 1097 basic_machine=sh64-unknown
1072 ;; 1098 ;;
1073 sparc | sparcv9 | sparcv9b) 1099 sparc | sparcv8 | sparcv9 | sparcv9b)
1074 basic_machine=sparc-sun 1100 basic_machine=sparc-sun
1075 ;; 1101 ;;
1076 cydra) 1102 cydra)
@@ -1143,8 +1169,9 @@ case $os in
1143 | -aos* \ 1169 | -aos* \
1144 | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ 1170 | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \
1145 | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \ 1171 | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \
1146 | -hiux* | -386bsd* | -knetbsd* | -netbsd* | -openbsd* | -kfreebsd* | -freebsd* | -riscix* \ 1172 | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* | -openbsd* \
1147 | -lynxos* | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \ 1173 | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \
1174 | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
1148 | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \ 1175 | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \
1149 | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \ 1176 | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \
1150 | -chorusos* | -chorusrdb* \ 1177 | -chorusos* | -chorusrdb* \
@@ -1155,7 +1182,7 @@ case $os in
1155 | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \ 1182 | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \
1156 | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \ 1183 | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \
1157 | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \ 1184 | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \
1158 | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly*) 1185 | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* | -skyos*)
1159 # Remember, each alternative MUST END IN *, to match a version number. 1186 # Remember, each alternative MUST END IN *, to match a version number.
1160 ;; 1187 ;;
1161 -qnx*) 1188 -qnx*)
@@ -1282,6 +1309,9 @@ case $os in
1282 -kaos*) 1309 -kaos*)
1283 os=-kaos 1310 os=-kaos
1284 ;; 1311 ;;
1312 -zvmoe)
1313 os=-zvmoe
1314 ;;
1285 -none) 1315 -none)
1286 ;; 1316 ;;
1287 *) 1317 *)
@@ -1362,6 +1392,9 @@ case $basic_machine in
1362 *-ibm) 1392 *-ibm)
1363 os=-aix 1393 os=-aix
1364 ;; 1394 ;;
1395 *-knuth)
1396 os=-mmixware
1397 ;;
1365 *-wec) 1398 *-wec)
1366 os=-proelf 1399 os=-proelf
1367 ;; 1400 ;;
@@ -1527,7 +1560,7 @@ case $basic_machine in
1527esac 1560esac
1528 1561
1529echo $basic_machine$os 1562echo $basic_machine$os
1530exit 0 1563exit
1531 1564
1532# Local variables: 1565# Local variables:
1533# eval: (add-hook 'write-file-hooks 'time-stamp) 1566# eval: (add-hook 'write-file-hooks 'time-stamp)
diff --git a/configure b/configure
index 76819694c..bc27b88c2 100755
--- a/configure
+++ b/configure
@@ -2,6 +2,8 @@
2# Guess values for system-dependent variables and create Makefiles. 2# Guess values for system-dependent variables and create Makefiles.
3# Generated by GNU Autoconf 2.59 for OpenSSH Portable. 3# Generated by GNU Autoconf 2.59 for OpenSSH Portable.
4# 4#
5# Report bugs to <openssh-unix-dev@mindrot.org>.
6#
5# Copyright (C) 2003 Free Software Foundation, Inc. 7# Copyright (C) 2003 Free Software Foundation, Inc.
6# This configure script is free software; the Free Software Foundation 8# This configure script is free software; the Free Software Foundation
7# gives unlimited permission to copy, distribute and modify it. 9# gives unlimited permission to copy, distribute and modify it.
@@ -269,7 +271,7 @@ PACKAGE_NAME='OpenSSH'
269PACKAGE_TARNAME='openssh' 271PACKAGE_TARNAME='openssh'
270PACKAGE_VERSION='Portable' 272PACKAGE_VERSION='Portable'
271PACKAGE_STRING='OpenSSH Portable' 273PACKAGE_STRING='OpenSSH Portable'
272PACKAGE_BUGREPORT='' 274PACKAGE_BUGREPORT='openssh-unix-dev@mindrot.org'
273 275
274ac_unique_file="ssh.c" 276ac_unique_file="ssh.c"
275# Factoring default headers for most tests. 277# Factoring default headers for most tests.
@@ -867,6 +869,7 @@ Optional Packages:
867 --with-cppflags Specify additional flags to pass to preprocessor 869 --with-cppflags Specify additional flags to pass to preprocessor
868 --with-ldflags Specify additional flags to pass to linker 870 --with-ldflags Specify additional flags to pass to linker
869 --with-libs Specify additional libraries to link with 871 --with-libs Specify additional libraries to link with
872 --with-Werror Build main code with -Werror
870 --with-zlib=PATH Use zlib in PATH 873 --with-zlib=PATH Use zlib in PATH
871 --without-zlib-version-check Disable zlib version check 874 --without-zlib-version-check Disable zlib version check
872 --with-skey[=PATH] Enable S/Key support (optionally in PATH) 875 --with-skey[=PATH] Enable S/Key support (optionally in PATH)
@@ -909,6 +912,7 @@ Some influential environment variables:
909Use these variables to override the choices made by `configure' or to help 912Use these variables to override the choices made by `configure' or to help
910it to find libraries and programs with nonstandard names/locations. 913it to find libraries and programs with nonstandard names/locations.
911 914
915Report bugs to <openssh-unix-dev@mindrot.org>.
912_ACEOF 916_ACEOF
913fi 917fi
914 918
@@ -4083,8 +4087,251 @@ _ACEOF
4083 ;; 4087 ;;
4084esac 4088esac
4085 4089
4090
4091echo "$as_me:$LINENO: checking whether LLONG_MAX is declared" >&5
4092echo $ECHO_N "checking whether LLONG_MAX is declared... $ECHO_C" >&6
4093if test "${ac_cv_have_decl_LLONG_MAX+set}" = set; then
4094 echo $ECHO_N "(cached) $ECHO_C" >&6
4095else
4096 cat >conftest.$ac_ext <<_ACEOF
4097/* confdefs.h. */
4098_ACEOF
4099cat confdefs.h >>conftest.$ac_ext
4100cat >>conftest.$ac_ext <<_ACEOF
4101/* end confdefs.h. */
4102#include <limits.h>
4103
4104int
4105main ()
4106{
4107#ifndef LLONG_MAX
4108 char *p = (char *) LLONG_MAX;
4109#endif
4110
4111 ;
4112 return 0;
4113}
4114_ACEOF
4115rm -f conftest.$ac_objext
4116if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
4117 (eval $ac_compile) 2>conftest.er1
4118 ac_status=$?
4119 grep -v '^ *+' conftest.er1 >conftest.err
4120 rm -f conftest.er1
4121 cat conftest.err >&5
4122 echo "$as_me:$LINENO: \$? = $ac_status" >&5
4123 (exit $ac_status); } &&
4124 { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err'
4125 { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
4126 (eval $ac_try) 2>&5
4127 ac_status=$?
4128 echo "$as_me:$LINENO: \$? = $ac_status" >&5
4129 (exit $ac_status); }; } &&
4130 { ac_try='test -s conftest.$ac_objext'
4131 { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
4132 (eval $ac_try) 2>&5
4133 ac_status=$?
4134 echo "$as_me:$LINENO: \$? = $ac_status" >&5
4135 (exit $ac_status); }; }; then
4136 ac_cv_have_decl_LLONG_MAX=yes
4137else
4138 echo "$as_me: failed program was:" >&5
4139sed 's/^/| /' conftest.$ac_ext >&5
4140
4141ac_cv_have_decl_LLONG_MAX=no
4142fi
4143rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
4144fi
4145echo "$as_me:$LINENO: result: $ac_cv_have_decl_LLONG_MAX" >&5
4146echo "${ECHO_T}$ac_cv_have_decl_LLONG_MAX" >&6
4147if test $ac_cv_have_decl_LLONG_MAX = yes; then
4148 have_llong_max=1
4149fi
4150
4151
4086if test "$GCC" = "yes" || test "$GCC" = "egcs"; then 4152if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
4087 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wno-uninitialized" 4153 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
4154 GCC_VER=`$CC --version`
4155 case $GCC_VER in
4156 1.*) ;;
4157 2.8* | 2.9*) CFLAGS="$CFLAGS -Wsign-compare" ;;
4158 2.*) ;;
4159 *) CFLAGS="$CFLAGS -Wsign-compare" ;;
4160 esac
4161
4162 if test -z "$have_llong_max"; then
4163 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
4164 unset ac_cv_have_decl_LLONG_MAX
4165 saved_CFLAGS="$CFLAGS"
4166 CFLAGS="$CFLAGS -std=gnu99"
4167 echo "$as_me:$LINENO: checking whether LLONG_MAX is declared" >&5
4168echo $ECHO_N "checking whether LLONG_MAX is declared... $ECHO_C" >&6
4169if test "${ac_cv_have_decl_LLONG_MAX+set}" = set; then
4170 echo $ECHO_N "(cached) $ECHO_C" >&6
4171else
4172 cat >conftest.$ac_ext <<_ACEOF
4173/* confdefs.h. */
4174_ACEOF
4175cat confdefs.h >>conftest.$ac_ext
4176cat >>conftest.$ac_ext <<_ACEOF
4177/* end confdefs.h. */
4178#include <limits.h>
4179
4180
4181int
4182main ()
4183{
4184#ifndef LLONG_MAX
4185 char *p = (char *) LLONG_MAX;
4186#endif
4187
4188 ;
4189 return 0;
4190}
4191_ACEOF
4192rm -f conftest.$ac_objext
4193if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
4194 (eval $ac_compile) 2>conftest.er1
4195 ac_status=$?
4196 grep -v '^ *+' conftest.er1 >conftest.err
4197 rm -f conftest.er1
4198 cat conftest.err >&5
4199 echo "$as_me:$LINENO: \$? = $ac_status" >&5
4200 (exit $ac_status); } &&
4201 { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err'
4202 { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
4203 (eval $ac_try) 2>&5
4204 ac_status=$?
4205 echo "$as_me:$LINENO: \$? = $ac_status" >&5
4206 (exit $ac_status); }; } &&
4207 { ac_try='test -s conftest.$ac_objext'
4208 { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
4209 (eval $ac_try) 2>&5
4210 ac_status=$?
4211 echo "$as_me:$LINENO: \$? = $ac_status" >&5
4212 (exit $ac_status); }; }; then
4213 ac_cv_have_decl_LLONG_MAX=yes
4214else
4215 echo "$as_me: failed program was:" >&5
4216sed 's/^/| /' conftest.$ac_ext >&5
4217
4218ac_cv_have_decl_LLONG_MAX=no
4219fi
4220rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
4221fi
4222echo "$as_me:$LINENO: result: $ac_cv_have_decl_LLONG_MAX" >&5
4223echo "${ECHO_T}$ac_cv_have_decl_LLONG_MAX" >&6
4224if test $ac_cv_have_decl_LLONG_MAX = yes; then
4225 have_llong_max=1
4226else
4227 CFLAGS="$saved_CFLAGS"
4228fi
4229
4230 fi
4231fi
4232
4233if test -z "$have_llong_max"; then
4234 echo "$as_me:$LINENO: checking for max value of long long" >&5
4235echo $ECHO_N "checking for max value of long long... $ECHO_C" >&6
4236 if test "$cross_compiling" = yes; then
4237
4238 { echo "$as_me:$LINENO: WARNING: cross compiling: not checking" >&5
4239echo "$as_me: WARNING: cross compiling: not checking" >&2;}
4240
4241
4242else
4243 cat >conftest.$ac_ext <<_ACEOF
4244/* confdefs.h. */
4245_ACEOF
4246cat confdefs.h >>conftest.$ac_ext
4247cat >>conftest.$ac_ext <<_ACEOF
4248/* end confdefs.h. */
4249
4250#include <stdio.h>
4251/* Why is this so damn hard? */
4252#ifdef __GNUC__
4253# undef __GNUC__
4254#endif
4255#define __USE_ISOC99
4256#include <limits.h>
4257#define DATA "conftest.llminmax"
4258int main(void) {
4259 FILE *f;
4260 long long i, llmin, llmax = 0;
4261
4262 if((f = fopen(DATA,"w")) == NULL)
4263 exit(1);
4264
4265#if defined(LLONG_MIN) && defined(LLONG_MAX)
4266 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
4267 llmin = LLONG_MIN;
4268 llmax = LLONG_MAX;
4269#else
4270 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
4271 /* This will work on one's complement and two's complement */
4272 for (i = 1; i > llmax; i <<= 1, i++)
4273 llmax = i;
4274 llmin = llmax + 1LL; /* wrap */
4275#endif
4276
4277 /* Sanity check */
4278 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
4279 || llmax - 1 > llmax) {
4280 fprintf(f, "unknown unknown\n");
4281 exit(2);
4282 }
4283
4284 if (fprintf(f ,"%lld %lld", llmin, llmax) < 0)
4285 exit(3);
4286
4287 exit(0);
4288}
4289
4290_ACEOF
4291rm -f conftest$ac_exeext
4292if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
4293 (eval $ac_link) 2>&5
4294 ac_status=$?
4295 echo "$as_me:$LINENO: \$? = $ac_status" >&5
4296 (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
4297 { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
4298 (eval $ac_try) 2>&5
4299 ac_status=$?
4300 echo "$as_me:$LINENO: \$? = $ac_status" >&5
4301 (exit $ac_status); }; }; then
4302
4303 llong_min=`$AWK '{print $1}' conftest.llminmax`
4304 llong_max=`$AWK '{print $2}' conftest.llminmax`
4305 echo "$as_me:$LINENO: result: $llong_max" >&5
4306echo "${ECHO_T}$llong_max" >&6
4307
4308cat >>confdefs.h <<_ACEOF
4309#define LLONG_MAX ${llong_max}LL
4310_ACEOF
4311
4312 echo "$as_me:$LINENO: checking for min value of long long" >&5
4313echo $ECHO_N "checking for min value of long long... $ECHO_C" >&6
4314 echo "$as_me:$LINENO: result: $llong_min" >&5
4315echo "${ECHO_T}$llong_min" >&6
4316
4317cat >>confdefs.h <<_ACEOF
4318#define LLONG_MIN ${llong_min}LL
4319_ACEOF
4320
4321
4322else
4323 echo "$as_me: program exited with status $ac_status" >&5
4324echo "$as_me: failed program was:" >&5
4325sed 's/^/| /' conftest.$ac_ext >&5
4326
4327( exit $ac_status )
4328
4329 echo "$as_me:$LINENO: result: not found" >&5
4330echo "${ECHO_T}not found" >&6
4331
4332fi
4333rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
4334fi
4088fi 4335fi
4089 4336
4090 4337
@@ -5064,120 +5311,8 @@ _ACEOF
5064_ACEOF 5311_ACEOF
5065 5312
5066 ;; 5313 ;;
5067*-*-hpux10.26) 5314*-*-hpux*)
5068 if test -z "$GCC"; then 5315 # first we define all of the options common to all HP-UX releases
5069 CFLAGS="$CFLAGS -Ae"
5070 fi
5071 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
5072 IPADDR_IN_DISPLAY=yes
5073 cat >>confdefs.h <<\_ACEOF
5074#define HAVE_SECUREWARE 1
5075_ACEOF
5076
5077 cat >>confdefs.h <<\_ACEOF
5078#define USE_PIPES 1
5079_ACEOF
5080
5081 cat >>confdefs.h <<\_ACEOF
5082#define LOGIN_NO_ENDOPT 1
5083_ACEOF
5084
5085 cat >>confdefs.h <<\_ACEOF
5086#define LOGIN_NEEDS_UTMPX 1
5087_ACEOF
5088
5089 cat >>confdefs.h <<\_ACEOF
5090#define LOCKED_PASSWD_STRING "*"
5091_ACEOF
5092
5093 cat >>confdefs.h <<\_ACEOF
5094#define SPT_TYPE SPT_PSTAT
5095_ACEOF
5096
5097 LIBS="$LIBS -lsec -lsecpw"
5098
5099echo "$as_me:$LINENO: checking for t_error in -lxnet" >&5
5100echo $ECHO_N "checking for t_error in -lxnet... $ECHO_C" >&6
5101if test "${ac_cv_lib_xnet_t_error+set}" = set; then
5102 echo $ECHO_N "(cached) $ECHO_C" >&6
5103else
5104 ac_check_lib_save_LIBS=$LIBS
5105LIBS="-lxnet $LIBS"
5106cat >conftest.$ac_ext <<_ACEOF
5107/* confdefs.h. */
5108_ACEOF
5109cat confdefs.h >>conftest.$ac_ext
5110cat >>conftest.$ac_ext <<_ACEOF
5111/* end confdefs.h. */
5112
5113/* Override any gcc2 internal prototype to avoid an error. */
5114#ifdef __cplusplus
5115extern "C"
5116#endif
5117/* We use char because int might match the return type of a gcc2
5118 builtin and then its argument prototype would still apply. */
5119char t_error ();
5120int
5121main ()
5122{
5123t_error ();
5124 ;
5125 return 0;
5126}
5127_ACEOF
5128rm -f conftest.$ac_objext conftest$ac_exeext
5129if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
5130 (eval $ac_link) 2>conftest.er1
5131 ac_status=$?
5132 grep -v '^ *+' conftest.er1 >conftest.err
5133 rm -f conftest.er1
5134 cat conftest.err >&5
5135 echo "$as_me:$LINENO: \$? = $ac_status" >&5
5136 (exit $ac_status); } &&
5137 { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err'
5138 { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
5139 (eval $ac_try) 2>&5
5140 ac_status=$?
5141 echo "$as_me:$LINENO: \$? = $ac_status" >&5
5142 (exit $ac_status); }; } &&
5143 { ac_try='test -s conftest$ac_exeext'
5144 { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
5145 (eval $ac_try) 2>&5
5146 ac_status=$?
5147 echo "$as_me:$LINENO: \$? = $ac_status" >&5
5148 (exit $ac_status); }; }; then
5149 ac_cv_lib_xnet_t_error=yes
5150else
5151 echo "$as_me: failed program was:" >&5
5152sed 's/^/| /' conftest.$ac_ext >&5
5153
5154ac_cv_lib_xnet_t_error=no
5155fi
5156rm -f conftest.err conftest.$ac_objext \
5157 conftest$ac_exeext conftest.$ac_ext
5158LIBS=$ac_check_lib_save_LIBS
5159fi
5160echo "$as_me:$LINENO: result: $ac_cv_lib_xnet_t_error" >&5
5161echo "${ECHO_T}$ac_cv_lib_xnet_t_error" >&6
5162if test $ac_cv_lib_xnet_t_error = yes; then
5163 cat >>confdefs.h <<_ACEOF
5164#define HAVE_LIBXNET 1
5165_ACEOF
5166
5167 LIBS="-lxnet $LIBS"
5168
5169else
5170 { { echo "$as_me:$LINENO: error: *** -lxnet needed on HP-UX - check config.log ***" >&5
5171echo "$as_me: error: *** -lxnet needed on HP-UX - check config.log ***" >&2;}
5172 { (exit 1); exit 1; }; }
5173fi
5174
5175 disable_ptmx_check=yes
5176 ;;
5177*-*-hpux10*)
5178 if test -z "$GCC"; then
5179 CFLAGS="$CFLAGS -Ae"
5180 fi
5181 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1" 5316 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
5182 IPADDR_IN_DISPLAY=yes 5317 IPADDR_IN_DISPLAY=yes
5183 cat >>confdefs.h <<\_ACEOF 5318 cat >>confdefs.h <<\_ACEOF
@@ -5278,123 +5413,44 @@ echo "$as_me: error: *** -lxnet needed on HP-UX - check config.log ***" >&2;}
5278 { (exit 1); exit 1; }; } 5413 { (exit 1); exit 1; }; }
5279fi 5414fi
5280 5415
5281 ;;
5282*-*-hpux11*)
5283 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
5284 IPADDR_IN_DISPLAY=yes
5285 cat >>confdefs.h <<\_ACEOF
5286#define PAM_SUN_CODEBASE 1
5287_ACEOF
5288
5289 cat >>confdefs.h <<\_ACEOF
5290#define USE_PIPES 1
5291_ACEOF
5292
5293 cat >>confdefs.h <<\_ACEOF
5294#define LOGIN_NO_ENDOPT 1
5295_ACEOF
5296 5416
5297 cat >>confdefs.h <<\_ACEOF 5417 # next, we define all of the options specific to major releases
5298#define LOGIN_NEEDS_UTMPX 1 5418 case "$host" in
5419 *-*-hpux10*)
5420 if test -z "$GCC"; then
5421 CFLAGS="$CFLAGS -Ae"
5422 fi
5423 ;;
5424 *-*-hpux11*)
5425 cat >>confdefs.h <<\_ACEOF
5426#define PAM_SUN_CODEBASE 1
5299_ACEOF 5427_ACEOF
5300 5428
5301 cat >>confdefs.h <<\_ACEOF 5429 cat >>confdefs.h <<\_ACEOF
5302#define DISABLE_UTMP 1 5430#define DISABLE_UTMP 1
5303_ACEOF 5431_ACEOF
5304 5432
5305 cat >>confdefs.h <<\_ACEOF
5306#define LOCKED_PASSWD_STRING "*"
5307_ACEOF
5308
5309 cat >>confdefs.h <<\_ACEOF
5310#define SPT_TYPE SPT_PSTAT
5311_ACEOF
5312
5313 5433
5314cat >>confdefs.h <<\_ACEOF 5434cat >>confdefs.h <<\_ACEOF
5315#define USE_BTMP 1 5435#define USE_BTMP 1
5316_ACEOF 5436_ACEOF
5317 5437
5318 check_for_hpux_broken_getaddrinfo=1 5438 check_for_hpux_broken_getaddrinfo=1
5319 check_for_conflicting_getspnam=1 5439 check_for_conflicting_getspnam=1
5320 LIBS="$LIBS -lsec" 5440 ;;
5321 5441 esac
5322echo "$as_me:$LINENO: checking for t_error in -lxnet" >&5
5323echo $ECHO_N "checking for t_error in -lxnet... $ECHO_C" >&6
5324if test "${ac_cv_lib_xnet_t_error+set}" = set; then
5325 echo $ECHO_N "(cached) $ECHO_C" >&6
5326else
5327 ac_check_lib_save_LIBS=$LIBS
5328LIBS="-lxnet $LIBS"
5329cat >conftest.$ac_ext <<_ACEOF
5330/* confdefs.h. */
5331_ACEOF
5332cat confdefs.h >>conftest.$ac_ext
5333cat >>conftest.$ac_ext <<_ACEOF
5334/* end confdefs.h. */
5335
5336/* Override any gcc2 internal prototype to avoid an error. */
5337#ifdef __cplusplus
5338extern "C"
5339#endif
5340/* We use char because int might match the return type of a gcc2
5341 builtin and then its argument prototype would still apply. */
5342char t_error ();
5343int
5344main ()
5345{
5346t_error ();
5347 ;
5348 return 0;
5349}
5350_ACEOF
5351rm -f conftest.$ac_objext conftest$ac_exeext
5352if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
5353 (eval $ac_link) 2>conftest.er1
5354 ac_status=$?
5355 grep -v '^ *+' conftest.er1 >conftest.err
5356 rm -f conftest.er1
5357 cat conftest.err >&5
5358 echo "$as_me:$LINENO: \$? = $ac_status" >&5
5359 (exit $ac_status); } &&
5360 { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err'
5361 { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
5362 (eval $ac_try) 2>&5
5363 ac_status=$?
5364 echo "$as_me:$LINENO: \$? = $ac_status" >&5
5365 (exit $ac_status); }; } &&
5366 { ac_try='test -s conftest$ac_exeext'
5367 { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
5368 (eval $ac_try) 2>&5
5369 ac_status=$?
5370 echo "$as_me:$LINENO: \$? = $ac_status" >&5
5371 (exit $ac_status); }; }; then
5372 ac_cv_lib_xnet_t_error=yes
5373else
5374 echo "$as_me: failed program was:" >&5
5375sed 's/^/| /' conftest.$ac_ext >&5
5376 5442
5377ac_cv_lib_xnet_t_error=no 5443 # lastly, we define options specific to minor releases
5378fi 5444 case "$host" in
5379rm -f conftest.err conftest.$ac_objext \ 5445 *-*-hpux10.26)
5380 conftest$ac_exeext conftest.$ac_ext 5446 cat >>confdefs.h <<\_ACEOF
5381LIBS=$ac_check_lib_save_LIBS 5447#define HAVE_SECUREWARE 1
5382fi
5383echo "$as_me:$LINENO: result: $ac_cv_lib_xnet_t_error" >&5
5384echo "${ECHO_T}$ac_cv_lib_xnet_t_error" >&6
5385if test $ac_cv_lib_xnet_t_error = yes; then
5386 cat >>confdefs.h <<_ACEOF
5387#define HAVE_LIBXNET 1
5388_ACEOF 5448_ACEOF
5389 5449
5390 LIBS="-lxnet $LIBS" 5450 disable_ptmx_check=yes
5391 5451 LIBS="$LIBS -lsecpw"
5392else 5452 ;;
5393 { { echo "$as_me:$LINENO: error: *** -lxnet needed on HP-UX - check config.log ***" >&5 5453 esac
5394echo "$as_me: error: *** -lxnet needed on HP-UX - check config.log ***" >&2;}
5395 { (exit 1); exit 1; }; }
5396fi
5397
5398 ;; 5454 ;;
5399*-*-irix5*) 5455*-*-irix5*)
5400 PATH="$PATH:/usr/etc" 5456 PATH="$PATH:/usr/etc"
@@ -5632,8 +5688,9 @@ _ACEOF
5632 esac 5688 esac
5633 ;; 5689 ;;
5634mips-sony-bsd|mips-sony-newsos4) 5690mips-sony-bsd|mips-sony-newsos4)
5635 cat >>confdefs.h <<\_ACEOF 5691
5636#define HAVE_NEWS4 1 5692cat >>confdefs.h <<\_ACEOF
5693#define NEED_SETPRGP
5637_ACEOF 5694_ACEOF
5638 5695
5639 SONY=1 5696 SONY=1
@@ -5683,6 +5740,13 @@ _ACEOF
5683_ACEOF 5740_ACEOF
5684 5741
5685 ;; 5742 ;;
5743*-*-openbsd*)
5744
5745cat >>confdefs.h <<\_ACEOF
5746#define HAVE_ATTRIBUTE__SENTINEL__ 1
5747_ACEOF
5748
5749 ;;
5686*-*-solaris*) 5750*-*-solaris*)
5687 if test "x$withval" != "xno" ; then 5751 if test "x$withval" != "xno" ; then
5688 need_dash_r=1 5752 need_dash_r=1
@@ -6075,6 +6139,12 @@ _ACEOF
6075 ;; 6139 ;;
6076# UnixWare 7.x, OpenUNIX 8 6140# UnixWare 7.x, OpenUNIX 8
6077*-*-sysv5*) 6141*-*-sysv5*)
6142 check_for_libcrypt_later=1
6143
6144cat >>confdefs.h <<\_ACEOF
6145#define UNIXWARE_LONG_PASSWORDS 1
6146_ACEOF
6147
6078 cat >>confdefs.h <<\_ACEOF 6148 cat >>confdefs.h <<\_ACEOF
6079#define USE_PIPES 1 6149#define USE_PIPES 1
6080_ACEOF 6150_ACEOF
@@ -6096,6 +6166,16 @@ cat >>confdefs.h <<\_ACEOF
6096#define PASSWD_NEEDS_USERNAME 1 6166#define PASSWD_NEEDS_USERNAME 1
6097_ACEOF 6167_ACEOF
6098 6168
6169 case "$host" in
6170 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
6171 TEST_SHELL=/u95/bin/sh
6172
6173cat >>confdefs.h <<\_ACEOF
6174#define BROKEN_LIBIAF 1
6175_ACEOF
6176
6177 ;;
6178 esac
6099 ;; 6179 ;;
6100*-*-sysv*) 6180*-*-sysv*)
6101 ;; 6181 ;;
@@ -6427,6 +6507,42 @@ _ACEOF
6427_ACEOF 6507_ACEOF
6428 6508
6429 ;; 6509 ;;
6510
6511*-*-ultrix*)
6512
6513cat >>confdefs.h <<\_ACEOF
6514#define BROKEN_GETGROUPS
6515_ACEOF
6516
6517
6518cat >>confdefs.h <<\_ACEOF
6519#define BROKEN_MMAP
6520_ACEOF
6521
6522
6523cat >>confdefs.h <<\_ACEOF
6524#define NEED_SETPRGP
6525_ACEOF
6526
6527
6528cat >>confdefs.h <<\_ACEOF
6529#define HAVE_SYS_SYSLOG_H 1
6530_ACEOF
6531
6532 ;;
6533
6534*-*-lynxos)
6535 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
6536 cat >>confdefs.h <<\_ACEOF
6537#define MISSING_HOWMANY 1
6538_ACEOF
6539
6540
6541cat >>confdefs.h <<\_ACEOF
6542#define BROKEN_SETVBUF 1
6543_ACEOF
6544
6545 ;;
6430esac 6546esac
6431 6547
6432# Allow user to specify flags 6548# Allow user to specify flags
@@ -6479,6 +6595,20 @@ if test "${with_libs+set}" = set; then
6479 6595
6480fi; 6596fi;
6481 6597
6598# Check whether --with-Werror or --without-Werror was given.
6599if test "${with_Werror+set}" = set; then
6600 withval="$with_Werror"
6601
6602 if test -n "$withval" && test "x$withval" != "xno"; then
6603 werror_flags="-Werror"
6604 if "x${withval}" != "xyes"; then
6605 werror_flags="$withval"
6606 fi
6607 fi
6608
6609
6610fi;
6611
6482echo "$as_me:$LINENO: checking compiler and flags for sanity" >&5 6612echo "$as_me:$LINENO: checking compiler and flags for sanity" >&5
6483echo $ECHO_N "checking compiler and flags for sanity... $ECHO_C" >&6 6613echo $ECHO_N "checking compiler and flags for sanity... $ECHO_C" >&6
6484if test "$cross_compiling" = yes; then 6614if test "$cross_compiling" = yes; then
@@ -6527,7 +6657,6 @@ fi
6527rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext 6657rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
6528fi 6658fi
6529 6659
6530# Checks for header files.
6531 6660
6532echo "$as_me:$LINENO: checking for egrep" >&5 6661echo "$as_me:$LINENO: checking for egrep" >&5
6533echo $ECHO_N "checking for egrep... $ECHO_C" >&6 6662echo $ECHO_N "checking for egrep... $ECHO_C" >&6
@@ -6835,16 +6964,69 @@ done
6835 6964
6836 6965
6837 6966
6838for ac_header in bstring.h crypt.h dirent.h endian.h features.h \ 6967
6839 floatingpoint.h getopt.h glob.h ia.h lastlog.h limits.h login.h \ 6968
6840 login_cap.h maillock.h ndir.h netdb.h netgroup.h \ 6969
6841 netinet/in_systm.h pam/pam_appl.h paths.h pty.h readpassphrase.h \ 6970for ac_header in \
6842 rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \ 6971 bstring.h \
6843 strings.h sys/dir.h sys/strtio.h sys/audit.h sys/bitypes.h \ 6972 crypt.h \
6844 sys/bsdtty.h sys/cdefs.h sys/mman.h sys/ndir.h sys/prctl.h \ 6973 dirent.h \
6845 sys/pstat.h sys/select.h sys/stat.h sys/stream.h \ 6974 endian.h \
6846 sys/stropts.h sys/sysmacros.h sys/time.h sys/timers.h sys/un.h \ 6975 features.h \
6847 time.h tmpdir.h ttyent.h usersec.h util.h utime.h utmp.h utmpx.h vis.h 6976 floatingpoint.h \
6977 getopt.h \
6978 glob.h \
6979 ia.h \
6980 iaf.h \
6981 lastlog.h \
6982 limits.h \
6983 login.h \
6984 login_cap.h \
6985 maillock.h \
6986 ndir.h \
6987 netdb.h \
6988 netgroup.h \
6989 netinet/in_systm.h \
6990 pam/pam_appl.h \
6991 paths.h \
6992 pty.h \
6993 readpassphrase.h \
6994 rpc/types.h \
6995 security/pam_appl.h \
6996 shadow.h \
6997 stddef.h \
6998 stdint.h \
6999 string.h \
7000 strings.h \
7001 sys/audit.h \
7002 sys/bitypes.h \
7003 sys/bsdtty.h \
7004 sys/cdefs.h \
7005 sys/dir.h \
7006 sys/mman.h \
7007 sys/ndir.h \
7008 sys/prctl.h \
7009 sys/pstat.h \
7010 sys/select.h \
7011 sys/stat.h \
7012 sys/stream.h \
7013 sys/stropts.h \
7014 sys/strtio.h \
7015 sys/sysmacros.h \
7016 sys/time.h \
7017 sys/timers.h \
7018 sys/un.h \
7019 time.h \
7020 tmpdir.h \
7021 ttyent.h \
7022 unistd.h \
7023 usersec.h \
7024 util.h \
7025 utime.h \
7026 utmp.h \
7027 utmpx.h \
7028 vis.h \
7029
6848do 7030do
6849as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` 7031as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
6850if eval "test \"\${$as_ac_Header+set}\" = set"; then 7032if eval "test \"\${$as_ac_Header+set}\" = set"; then
@@ -6964,9 +7146,9 @@ echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&
6964echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;} 7146echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
6965 ( 7147 (
6966 cat <<\_ASBOX 7148 cat <<\_ASBOX
6967## ---------------------------------- ## 7149## ------------------------------------------- ##
6968## Report this to the OpenSSH lists. ## 7150## Report this to openssh-unix-dev@mindrot.org ##
6969## ---------------------------------- ## 7151## ------------------------------------------- ##
6970_ASBOX 7152_ASBOX
6971 ) | 7153 ) |
6972 sed "s/^/$as_me: WARNING: /" >&2 7154 sed "s/^/$as_me: WARNING: /" >&2
@@ -7613,9 +7795,9 @@ echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&
7613echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;} 7795echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
7614 ( 7796 (
7615 cat <<\_ASBOX 7797 cat <<\_ASBOX
7616## ---------------------------------- ## 7798## ------------------------------------------- ##
7617## Report this to the OpenSSH lists. ## 7799## Report this to openssh-unix-dev@mindrot.org ##
7618## ---------------------------------- ## 7800## ------------------------------------------- ##
7619_ASBOX 7801_ASBOX
7620 ) | 7802 ) |
7621 sed "s/^/$as_me: WARNING: /" >&2 7803 sed "s/^/$as_me: WARNING: /" >&2
@@ -7901,9 +8083,9 @@ echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&
7901echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;} 8083echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
7902 ( 8084 (
7903 cat <<\_ASBOX 8085 cat <<\_ASBOX
7904## ---------------------------------- ## 8086## ------------------------------------------- ##
7905## Report this to the OpenSSH lists. ## 8087## Report this to openssh-unix-dev@mindrot.org ##
7906## ---------------------------------- ## 8088## ------------------------------------------- ##
7907_ASBOX 8089_ASBOX
7908 ) | 8090 ) |
7909 sed "s/^/$as_me: WARNING: /" >&2 8091 sed "s/^/$as_me: WARNING: /" >&2
@@ -8522,9 +8704,9 @@ echo "$as_me: WARNING: zlib.h: proceeding with the preprocessor's result" >&2;}
8522echo "$as_me: WARNING: zlib.h: in the future, the compiler will take precedence" >&2;} 8704echo "$as_me: WARNING: zlib.h: in the future, the compiler will take precedence" >&2;}
8523 ( 8705 (
8524 cat <<\_ASBOX 8706 cat <<\_ASBOX
8525## ---------------------------------- ## 8707## ------------------------------------------- ##
8526## Report this to the OpenSSH lists. ## 8708## Report this to openssh-unix-dev@mindrot.org ##
8527## ---------------------------------- ## 8709## ------------------------------------------- ##
8528_ASBOX 8710_ASBOX
8529 ) | 8711 ) |
8530 sed "s/^/$as_me: WARNING: /" >&2 8712 sed "s/^/$as_me: WARNING: /" >&2
@@ -8591,8 +8773,8 @@ int main()
8591 if (a == 1 && b == 1 && c >= 4) 8773 if (a == 1 && b == 1 && c >= 4)
8592 exit(0); 8774 exit(0);
8593 8775
8594 /* 1.2.1.2 and up are OK */ 8776 /* 1.2.3 and up are OK */
8595 if (v >= 1020102) 8777 if (v >= 1020300)
8596 exit(0); 8778 exit(0);
8597 8779
8598 exit(2); 8780 exit(2);
@@ -8626,14 +8808,14 @@ Your reported zlib version has known security problems. It's possible your
8626vendor has fixed these problems without changing the version number. If you 8808vendor has fixed these problems without changing the version number. If you
8627are sure this is the case, you can disable the check by running 8809are sure this is the case, you can disable the check by running
8628\"./configure --without-zlib-version-check\". 8810\"./configure --without-zlib-version-check\".
8629If you are in doubt, upgrade zlib to version 1.2.1.2 or greater. 8811If you are in doubt, upgrade zlib to version 1.2.3 or greater.
8630See http://www.gzip.org/zlib/ for details." >&5 8812See http://www.gzip.org/zlib/ for details." >&5
8631echo "$as_me: error: *** zlib too old - check config.log *** 8813echo "$as_me: error: *** zlib too old - check config.log ***
8632Your reported zlib version has known security problems. It's possible your 8814Your reported zlib version has known security problems. It's possible your
8633vendor has fixed these problems without changing the version number. If you 8815vendor has fixed these problems without changing the version number. If you
8634are sure this is the case, you can disable the check by running 8816are sure this is the case, you can disable the check by running
8635\"./configure --without-zlib-version-check\". 8817\"./configure --without-zlib-version-check\".
8636If you are in doubt, upgrade zlib to version 1.2.1.2 or greater. 8818If you are in doubt, upgrade zlib to version 1.2.3 or greater.
8637See http://www.gzip.org/zlib/ for details." >&2;} 8819See http://www.gzip.org/zlib/ for details." >&2;}
8638 { (exit 1); exit 1; }; } 8820 { (exit 1); exit 1; }; }
8639 else 8821 else
@@ -9095,9 +9277,9 @@ echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&
9095echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;} 9277echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
9096 ( 9278 (
9097 cat <<\_ASBOX 9279 cat <<\_ASBOX
9098## ---------------------------------- ## 9280## ------------------------------------------- ##
9099## Report this to the OpenSSH lists. ## 9281## Report this to openssh-unix-dev@mindrot.org ##
9100## ---------------------------------- ## 9282## ------------------------------------------- ##
9101_ASBOX 9283_ASBOX
9102 ) | 9284 ) |
9103 sed "s/^/$as_me: WARNING: /" >&2 9285 sed "s/^/$as_me: WARNING: /" >&2
@@ -9997,6 +10179,59 @@ echo "$as_me: error: libedit not found" >&2;}
9997 { (exit 1); exit 1; }; } 10179 { (exit 1); exit 1; }; }
9998fi 10180fi
9999 10181
10182 echo "$as_me:$LINENO: checking if libedit version is compatible" >&5
10183echo $ECHO_N "checking if libedit version is compatible... $ECHO_C" >&6
10184 cat >conftest.$ac_ext <<_ACEOF
10185/* confdefs.h. */
10186_ACEOF
10187cat confdefs.h >>conftest.$ac_ext
10188cat >>conftest.$ac_ext <<_ACEOF
10189/* end confdefs.h. */
10190
10191#include <histedit.h>
10192int main(void)
10193{
10194 int i = H_SETSIZE;
10195 el_init("", NULL, NULL, NULL);
10196 exit(0);
10197}
10198
10199_ACEOF
10200rm -f conftest.$ac_objext
10201if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
10202 (eval $ac_compile) 2>conftest.er1
10203 ac_status=$?
10204 grep -v '^ *+' conftest.er1 >conftest.err
10205 rm -f conftest.er1
10206 cat conftest.err >&5
10207 echo "$as_me:$LINENO: \$? = $ac_status" >&5
10208 (exit $ac_status); } &&
10209 { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err'
10210 { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
10211 (eval $ac_try) 2>&5
10212 ac_status=$?
10213 echo "$as_me:$LINENO: \$? = $ac_status" >&5
10214 (exit $ac_status); }; } &&
10215 { ac_try='test -s conftest.$ac_objext'
10216 { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
10217 (eval $ac_try) 2>&5
10218 ac_status=$?
10219 echo "$as_me:$LINENO: \$? = $ac_status" >&5
10220 (exit $ac_status); }; }; then
10221 echo "$as_me:$LINENO: result: yes" >&5
10222echo "${ECHO_T}yes" >&6
10223else
10224 echo "$as_me: failed program was:" >&5
10225sed 's/^/| /' conftest.$ac_ext >&5
10226
10227 echo "$as_me:$LINENO: result: no" >&5
10228echo "${ECHO_T}no" >&6
10229 { { echo "$as_me:$LINENO: error: libedit version is not compatible" >&5
10230echo "$as_me: error: libedit version is not compatible" >&2;}
10231 { (exit 1); exit 1; }; }
10232
10233fi
10234rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
10000 fi 10235 fi
10001 10236
10002fi; 10237fi;
@@ -10135,9 +10370,9 @@ echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&
10135echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;} 10370echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
10136 ( 10371 (
10137 cat <<\_ASBOX 10372 cat <<\_ASBOX
10138## ---------------------------------- ## 10373## ------------------------------------------- ##
10139## Report this to the OpenSSH lists. ## 10374## Report this to openssh-unix-dev@mindrot.org ##
10140## ---------------------------------- ## 10375## ------------------------------------------- ##
10141_ASBOX 10376_ASBOX
10142 ) | 10377 ) |
10143 sed "s/^/$as_me: WARNING: /" >&2 10378 sed "s/^/$as_me: WARNING: /" >&2
@@ -10467,6 +10702,10 @@ cat >>confdefs.h <<\_ACEOF
10467_ACEOF 10702_ACEOF
10468 10703
10469 ;; 10704 ;;
10705 no)
10706 echo "$as_me:$LINENO: result: no" >&5
10707echo "${ECHO_T}no" >&6
10708 ;;
10470 *) 10709 *)
10471 { { echo "$as_me:$LINENO: error: Unknown audit module $withval" >&5 10710 { { echo "$as_me:$LINENO: error: Unknown audit module $withval" >&5
10472echo "$as_me: error: Unknown audit module $withval" >&2;} 10711echo "$as_me: error: Unknown audit module $withval" >&2;}
@@ -10554,19 +10793,89 @@ fi;
10554 10793
10555 10794
10556 10795
10796
10797
10557for ac_func in \ 10798for ac_func in \
10558 arc4random __b64_ntop b64_ntop __b64_pton b64_pton bcopy \ 10799 arc4random \
10559 bindresvport_sa clock closefrom dirfd fchdir fchmod fchown \ 10800 b64_ntop \
10560 freeaddrinfo futimes getaddrinfo getcwd getgrouplist getnameinfo \ 10801 __b64_ntop \
10561 getopt getpeereid _getpty getrlimit getttyent glob inet_aton \ 10802 b64_pton \
10562 inet_ntoa inet_ntop innetgr login_getcapbool md5_crypt memmove \ 10803 __b64_pton \
10563 mkdtemp mmap ngetaddrinfo nsleep ogetaddrinfo openlog_r openpty \ 10804 bcopy \
10564 pstat prctl readpassphrase realpath recvmsg rresvport_af sendmsg \ 10805 bindresvport_sa \
10565 setdtablesize setegid setenv seteuid setgroups setlogin setpcred \ 10806 clock \
10566 setproctitle setregid setreuid setrlimit \ 10807 closefrom \
10567 setsid setvbuf sigaction sigvec snprintf socketpair strerror \ 10808 dirfd \
10568 strlcat strlcpy strmode strnvis strtoul sysconf tcgetpgrp \ 10809 fchmod \
10569 truncate unsetenv updwtmpx utimes vhangup vsnprintf waitpid \ 10810 fchown \
10811 freeaddrinfo \
10812 futimes \
10813 getaddrinfo \
10814 getcwd \
10815 getgrouplist \
10816 getnameinfo \
10817 getopt \
10818 getpeereid \
10819 _getpty \
10820 getrlimit \
10821 getttyent \
10822 glob \
10823 inet_aton \
10824 inet_ntoa \
10825 inet_ntop \
10826 innetgr \
10827 login_getcapbool \
10828 md5_crypt \
10829 memmove \
10830 mkdtemp \
10831 mmap \
10832 ngetaddrinfo \
10833 nsleep \
10834 ogetaddrinfo \
10835 openlog_r \
10836 openpty \
10837 prctl \
10838 pstat \
10839 readpassphrase \
10840 realpath \
10841 recvmsg \
10842 rresvport_af \
10843 sendmsg \
10844 setdtablesize \
10845 setegid \
10846 setenv \
10847 seteuid \
10848 setgroups \
10849 setlogin \
10850 setpcred \
10851 setproctitle \
10852 setregid \
10853 setreuid \
10854 setrlimit \
10855 setsid \
10856 setvbuf \
10857 sigaction \
10858 sigvec \
10859 snprintf \
10860 socketpair \
10861 strdup \
10862 strerror \
10863 strlcat \
10864 strlcpy \
10865 strmode \
10866 strnvis \
10867 strtonum \
10868 strtoll \
10869 strtoul \
10870 sysconf \
10871 tcgetpgrp \
10872 truncate \
10873 unsetenv \
10874 updwtmpx \
10875 utimes \
10876 vhangup \
10877 vsnprintf \
10878 waitpid \
10570 10879
10571do 10880do
10572as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` 10881as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
@@ -10959,9 +11268,9 @@ _ACEOF
10959fi 11268fi
10960 11269
10961 11270
10962echo "$as_me:$LINENO: checking whether strsep is declared" >&5 11271echo "$as_me:$LINENO: checking whether getrusage is declared" >&5
10963echo $ECHO_N "checking whether strsep is declared... $ECHO_C" >&6 11272echo $ECHO_N "checking whether getrusage is declared... $ECHO_C" >&6
10964if test "${ac_cv_have_decl_strsep+set}" = set; then 11273if test "${ac_cv_have_decl_getrusage+set}" = set; then
10965 echo $ECHO_N "(cached) $ECHO_C" >&6 11274 echo $ECHO_N "(cached) $ECHO_C" >&6
10966else 11275else
10967 cat >conftest.$ac_ext <<_ACEOF 11276 cat >conftest.$ac_ext <<_ACEOF
@@ -10974,8 +11283,8 @@ $ac_includes_default
10974int 11283int
10975main () 11284main ()
10976{ 11285{
10977#ifndef strsep 11286#ifndef getrusage
10978 char *p = (char *) strsep; 11287 char *p = (char *) getrusage;
10979#endif 11288#endif
10980 11289
10981 ; 11290 ;
@@ -11003,20 +11312,20 @@ if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
11003 ac_status=$? 11312 ac_status=$?
11004 echo "$as_me:$LINENO: \$? = $ac_status" >&5 11313 echo "$as_me:$LINENO: \$? = $ac_status" >&5
11005 (exit $ac_status); }; }; then 11314 (exit $ac_status); }; }; then
11006 ac_cv_have_decl_strsep=yes 11315 ac_cv_have_decl_getrusage=yes
11007else 11316else
11008 echo "$as_me: failed program was:" >&5 11317 echo "$as_me: failed program was:" >&5
11009sed 's/^/| /' conftest.$ac_ext >&5 11318sed 's/^/| /' conftest.$ac_ext >&5
11010 11319
11011ac_cv_have_decl_strsep=no 11320ac_cv_have_decl_getrusage=no
11012fi 11321fi
11013rm -f conftest.err conftest.$ac_objext conftest.$ac_ext 11322rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
11014fi 11323fi
11015echo "$as_me:$LINENO: result: $ac_cv_have_decl_strsep" >&5 11324echo "$as_me:$LINENO: result: $ac_cv_have_decl_getrusage" >&5
11016echo "${ECHO_T}$ac_cv_have_decl_strsep" >&6 11325echo "${ECHO_T}$ac_cv_have_decl_getrusage" >&6
11017if test $ac_cv_have_decl_strsep = yes; then 11326if test $ac_cv_have_decl_getrusage = yes; then
11018 11327
11019for ac_func in strsep 11328for ac_func in getrusage
11020do 11329do
11021as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` 11330as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
11022echo "$as_me:$LINENO: checking for $ac_func" >&5 11331echo "$as_me:$LINENO: checking for $ac_func" >&5
@@ -11118,9 +11427,9 @@ done
11118 11427
11119fi 11428fi
11120 11429
11121echo "$as_me:$LINENO: checking whether getrusage is declared" >&5 11430echo "$as_me:$LINENO: checking whether strsep is declared" >&5
11122echo $ECHO_N "checking whether getrusage is declared... $ECHO_C" >&6 11431echo $ECHO_N "checking whether strsep is declared... $ECHO_C" >&6
11123if test "${ac_cv_have_decl_getrusage+set}" = set; then 11432if test "${ac_cv_have_decl_strsep+set}" = set; then
11124 echo $ECHO_N "(cached) $ECHO_C" >&6 11433 echo $ECHO_N "(cached) $ECHO_C" >&6
11125else 11434else
11126 cat >conftest.$ac_ext <<_ACEOF 11435 cat >conftest.$ac_ext <<_ACEOF
@@ -11129,12 +11438,17 @@ _ACEOF
11129cat confdefs.h >>conftest.$ac_ext 11438cat confdefs.h >>conftest.$ac_ext
11130cat >>conftest.$ac_ext <<_ACEOF 11439cat >>conftest.$ac_ext <<_ACEOF
11131/* end confdefs.h. */ 11440/* end confdefs.h. */
11132$ac_includes_default 11441
11442#ifdef HAVE_STRING_H
11443# include <string.h>
11444#endif
11445
11446
11133int 11447int
11134main () 11448main ()
11135{ 11449{
11136#ifndef getrusage 11450#ifndef strsep
11137 char *p = (char *) getrusage; 11451 char *p = (char *) strsep;
11138#endif 11452#endif
11139 11453
11140 ; 11454 ;
@@ -11162,20 +11476,20 @@ if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
11162 ac_status=$? 11476 ac_status=$?
11163 echo "$as_me:$LINENO: \$? = $ac_status" >&5 11477 echo "$as_me:$LINENO: \$? = $ac_status" >&5
11164 (exit $ac_status); }; }; then 11478 (exit $ac_status); }; }; then
11165 ac_cv_have_decl_getrusage=yes 11479 ac_cv_have_decl_strsep=yes
11166else 11480else
11167 echo "$as_me: failed program was:" >&5 11481 echo "$as_me: failed program was:" >&5
11168sed 's/^/| /' conftest.$ac_ext >&5 11482sed 's/^/| /' conftest.$ac_ext >&5
11169 11483
11170ac_cv_have_decl_getrusage=no 11484ac_cv_have_decl_strsep=no
11171fi 11485fi
11172rm -f conftest.err conftest.$ac_objext conftest.$ac_ext 11486rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
11173fi 11487fi
11174echo "$as_me:$LINENO: result: $ac_cv_have_decl_getrusage" >&5 11488echo "$as_me:$LINENO: result: $ac_cv_have_decl_strsep" >&5
11175echo "${ECHO_T}$ac_cv_have_decl_getrusage" >&6 11489echo "${ECHO_T}$ac_cv_have_decl_strsep" >&6
11176if test $ac_cv_have_decl_getrusage = yes; then 11490if test $ac_cv_have_decl_strsep = yes; then
11177 11491
11178for ac_func in getrusage 11492for ac_func in strsep
11179do 11493do
11180as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` 11494as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
11181echo "$as_me:$LINENO: checking for $ac_func" >&5 11495echo "$as_me:$LINENO: checking for $ac_func" >&5
@@ -14222,6 +14536,79 @@ fi
14222fi 14536fi
14223 14537
14224 14538
14539echo "$as_me:$LINENO: checking for ia_openinfo in -liaf" >&5
14540echo $ECHO_N "checking for ia_openinfo in -liaf... $ECHO_C" >&6
14541if test "${ac_cv_lib_iaf_ia_openinfo+set}" = set; then
14542 echo $ECHO_N "(cached) $ECHO_C" >&6
14543else
14544 ac_check_lib_save_LIBS=$LIBS
14545LIBS="-liaf $LIBS"
14546cat >conftest.$ac_ext <<_ACEOF
14547/* confdefs.h. */
14548_ACEOF
14549cat confdefs.h >>conftest.$ac_ext
14550cat >>conftest.$ac_ext <<_ACEOF
14551/* end confdefs.h. */
14552
14553/* Override any gcc2 internal prototype to avoid an error. */
14554#ifdef __cplusplus
14555extern "C"
14556#endif
14557/* We use char because int might match the return type of a gcc2
14558 builtin and then its argument prototype would still apply. */
14559char ia_openinfo ();
14560int
14561main ()
14562{
14563ia_openinfo ();
14564 ;
14565 return 0;
14566}
14567_ACEOF
14568rm -f conftest.$ac_objext conftest$ac_exeext
14569if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
14570 (eval $ac_link) 2>conftest.er1
14571 ac_status=$?
14572 grep -v '^ *+' conftest.er1 >conftest.err
14573 rm -f conftest.er1
14574 cat conftest.err >&5
14575 echo "$as_me:$LINENO: \$? = $ac_status" >&5
14576 (exit $ac_status); } &&
14577 { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err'
14578 { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
14579 (eval $ac_try) 2>&5
14580 ac_status=$?
14581 echo "$as_me:$LINENO: \$? = $ac_status" >&5
14582 (exit $ac_status); }; } &&
14583 { ac_try='test -s conftest$ac_exeext'
14584 { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
14585 (eval $ac_try) 2>&5
14586 ac_status=$?
14587 echo "$as_me:$LINENO: \$? = $ac_status" >&5
14588 (exit $ac_status); }; }; then
14589 ac_cv_lib_iaf_ia_openinfo=yes
14590else
14591 echo "$as_me: failed program was:" >&5
14592sed 's/^/| /' conftest.$ac_ext >&5
14593
14594ac_cv_lib_iaf_ia_openinfo=no
14595fi
14596rm -f conftest.err conftest.$ac_objext \
14597 conftest$ac_exeext conftest.$ac_ext
14598LIBS=$ac_check_lib_save_LIBS
14599fi
14600echo "$as_me:$LINENO: result: $ac_cv_lib_iaf_ia_openinfo" >&5
14601echo "${ECHO_T}$ac_cv_lib_iaf_ia_openinfo" >&6
14602if test $ac_cv_lib_iaf_ia_openinfo = yes; then
14603 cat >>confdefs.h <<_ACEOF
14604#define HAVE_LIBIAF 1
14605_ACEOF
14606
14607 LIBS="-liaf $LIBS"
14608
14609fi
14610
14611
14225### Configure cryptographic random number support 14612### Configure cryptographic random number support
14226 14613
14227# Check wheter OpenSSL seeds itself 14614# Check wheter OpenSSL seeds itself
@@ -21018,9 +21405,9 @@ echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&
21018echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;} 21405echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
21019 ( 21406 (
21020 cat <<\_ASBOX 21407 cat <<\_ASBOX
21021## ---------------------------------- ## 21408## ------------------------------------------- ##
21022## Report this to the OpenSSH lists. ## 21409## Report this to openssh-unix-dev@mindrot.org ##
21023## ---------------------------------- ## 21410## ------------------------------------------- ##
21024_ASBOX 21411_ASBOX
21025 ) | 21412 ) |
21026 sed "s/^/$as_me: WARNING: /" >&2 21413 sed "s/^/$as_me: WARNING: /" >&2
@@ -21799,6 +22186,150 @@ _ACEOF
21799fi 22186fi
21800done 22187done
21801 22188
22189 echo "$as_me:$LINENO: checking whether _getshort is declared" >&5
22190echo $ECHO_N "checking whether _getshort is declared... $ECHO_C" >&6
22191if test "${ac_cv_have_decl__getshort+set}" = set; then
22192 echo $ECHO_N "(cached) $ECHO_C" >&6
22193else
22194 cat >conftest.$ac_ext <<_ACEOF
22195/* confdefs.h. */
22196_ACEOF
22197cat confdefs.h >>conftest.$ac_ext
22198cat >>conftest.$ac_ext <<_ACEOF
22199/* end confdefs.h. */
22200#include <sys/types.h>
22201 #include <arpa/nameser.h>
22202
22203int
22204main ()
22205{
22206#ifndef _getshort
22207 char *p = (char *) _getshort;
22208#endif
22209
22210 ;
22211 return 0;
22212}
22213_ACEOF
22214rm -f conftest.$ac_objext
22215if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
22216 (eval $ac_compile) 2>conftest.er1
22217 ac_status=$?
22218 grep -v '^ *+' conftest.er1 >conftest.err
22219 rm -f conftest.er1
22220 cat conftest.err >&5
22221 echo "$as_me:$LINENO: \$? = $ac_status" >&5
22222 (exit $ac_status); } &&
22223 { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err'
22224 { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
22225 (eval $ac_try) 2>&5
22226 ac_status=$?
22227 echo "$as_me:$LINENO: \$? = $ac_status" >&5
22228 (exit $ac_status); }; } &&
22229 { ac_try='test -s conftest.$ac_objext'
22230 { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
22231 (eval $ac_try) 2>&5
22232 ac_status=$?
22233 echo "$as_me:$LINENO: \$? = $ac_status" >&5
22234 (exit $ac_status); }; }; then
22235 ac_cv_have_decl__getshort=yes
22236else
22237 echo "$as_me: failed program was:" >&5
22238sed 's/^/| /' conftest.$ac_ext >&5
22239
22240ac_cv_have_decl__getshort=no
22241fi
22242rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
22243fi
22244echo "$as_me:$LINENO: result: $ac_cv_have_decl__getshort" >&5
22245echo "${ECHO_T}$ac_cv_have_decl__getshort" >&6
22246if test $ac_cv_have_decl__getshort = yes; then
22247
22248cat >>confdefs.h <<_ACEOF
22249#define HAVE_DECL__GETSHORT 1
22250_ACEOF
22251
22252
22253else
22254 cat >>confdefs.h <<_ACEOF
22255#define HAVE_DECL__GETSHORT 0
22256_ACEOF
22257
22258
22259fi
22260echo "$as_me:$LINENO: checking whether _getlong is declared" >&5
22261echo $ECHO_N "checking whether _getlong is declared... $ECHO_C" >&6
22262if test "${ac_cv_have_decl__getlong+set}" = set; then
22263 echo $ECHO_N "(cached) $ECHO_C" >&6
22264else
22265 cat >conftest.$ac_ext <<_ACEOF
22266/* confdefs.h. */
22267_ACEOF
22268cat confdefs.h >>conftest.$ac_ext
22269cat >>conftest.$ac_ext <<_ACEOF
22270/* end confdefs.h. */
22271#include <sys/types.h>
22272 #include <arpa/nameser.h>
22273
22274int
22275main ()
22276{
22277#ifndef _getlong
22278 char *p = (char *) _getlong;
22279#endif
22280
22281 ;
22282 return 0;
22283}
22284_ACEOF
22285rm -f conftest.$ac_objext
22286if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
22287 (eval $ac_compile) 2>conftest.er1
22288 ac_status=$?
22289 grep -v '^ *+' conftest.er1 >conftest.err
22290 rm -f conftest.er1
22291 cat conftest.err >&5
22292 echo "$as_me:$LINENO: \$? = $ac_status" >&5
22293 (exit $ac_status); } &&
22294 { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err'
22295 { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
22296 (eval $ac_try) 2>&5
22297 ac_status=$?
22298 echo "$as_me:$LINENO: \$? = $ac_status" >&5
22299 (exit $ac_status); }; } &&
22300 { ac_try='test -s conftest.$ac_objext'
22301 { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
22302 (eval $ac_try) 2>&5
22303 ac_status=$?
22304 echo "$as_me:$LINENO: \$? = $ac_status" >&5
22305 (exit $ac_status); }; }; then
22306 ac_cv_have_decl__getlong=yes
22307else
22308 echo "$as_me: failed program was:" >&5
22309sed 's/^/| /' conftest.$ac_ext >&5
22310
22311ac_cv_have_decl__getlong=no
22312fi
22313rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
22314fi
22315echo "$as_me:$LINENO: result: $ac_cv_have_decl__getlong" >&5
22316echo "${ECHO_T}$ac_cv_have_decl__getlong" >&6
22317if test $ac_cv_have_decl__getlong = yes; then
22318
22319cat >>confdefs.h <<_ACEOF
22320#define HAVE_DECL__GETLONG 1
22321_ACEOF
22322
22323
22324else
22325 cat >>confdefs.h <<_ACEOF
22326#define HAVE_DECL__GETLONG 0
22327_ACEOF
22328
22329
22330fi
22331
22332
21802 echo "$as_me:$LINENO: checking for HEADER.ad" >&5 22333 echo "$as_me:$LINENO: checking for HEADER.ad" >&5
21803echo $ECHO_N "checking for HEADER.ad... $ECHO_C" >&6 22334echo $ECHO_N "checking for HEADER.ad... $ECHO_C" >&6
21804if test "${ac_cv_member_HEADER_ad+set}" = set; then 22335if test "${ac_cv_member_HEADER_ad+set}" = set; then
@@ -22045,9 +22576,9 @@ echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&
22045echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;} 22576echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
22046 ( 22577 (
22047 cat <<\_ASBOX 22578 cat <<\_ASBOX
22048## ---------------------------------- ## 22579## ------------------------------------------- ##
22049## Report this to the OpenSSH lists. ## 22580## Report this to openssh-unix-dev@mindrot.org ##
22050## ---------------------------------- ## 22581## ------------------------------------------- ##
22051_ASBOX 22582_ASBOX
22052 ) | 22583 ) |
22053 sed "s/^/$as_me: WARNING: /" >&2 22584 sed "s/^/$as_me: WARNING: /" >&2
@@ -22695,9 +23226,9 @@ echo "$as_me: WARNING: gssapi.h: proceeding with the preprocessor's result" >&2;
22695echo "$as_me: WARNING: gssapi.h: in the future, the compiler will take precedence" >&2;} 23226echo "$as_me: WARNING: gssapi.h: in the future, the compiler will take precedence" >&2;}
22696 ( 23227 (
22697 cat <<\_ASBOX 23228 cat <<\_ASBOX
22698## ---------------------------------- ## 23229## ------------------------------------------- ##
22699## Report this to the OpenSSH lists. ## 23230## Report this to openssh-unix-dev@mindrot.org ##
22700## ---------------------------------- ## 23231## ------------------------------------------- ##
22701_ASBOX 23232_ASBOX
22702 ) | 23233 ) |
22703 sed "s/^/$as_me: WARNING: /" >&2 23234 sed "s/^/$as_me: WARNING: /" >&2
@@ -22840,9 +23371,9 @@ echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&
22840echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;} 23371echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
22841 ( 23372 (
22842 cat <<\_ASBOX 23373 cat <<\_ASBOX
22843## ---------------------------------- ## 23374## ------------------------------------------- ##
22844## Report this to the OpenSSH lists. ## 23375## Report this to openssh-unix-dev@mindrot.org ##
22845## ---------------------------------- ## 23376## ------------------------------------------- ##
22846_ASBOX 23377_ASBOX
22847 ) | 23378 ) |
22848 sed "s/^/$as_me: WARNING: /" >&2 23379 sed "s/^/$as_me: WARNING: /" >&2
@@ -22997,9 +23528,9 @@ echo "$as_me: WARNING: gssapi_krb5.h: proceeding with the preprocessor's result"
22997echo "$as_me: WARNING: gssapi_krb5.h: in the future, the compiler will take precedence" >&2;} 23528echo "$as_me: WARNING: gssapi_krb5.h: in the future, the compiler will take precedence" >&2;}
22998 ( 23529 (
22999 cat <<\_ASBOX 23530 cat <<\_ASBOX
23000## ---------------------------------- ## 23531## ------------------------------------------- ##
23001## Report this to the OpenSSH lists. ## 23532## Report this to openssh-unix-dev@mindrot.org ##
23002## ---------------------------------- ## 23533## ------------------------------------------- ##
23003_ASBOX 23534_ASBOX
23004 ) | 23535 ) |
23005 sed "s/^/$as_me: WARNING: /" >&2 23536 sed "s/^/$as_me: WARNING: /" >&2
@@ -23155,9 +23686,9 @@ echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&
23155echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;} 23686echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
23156 ( 23687 (
23157 cat <<\_ASBOX 23688 cat <<\_ASBOX
23158## ---------------------------------- ## 23689## ------------------------------------------- ##
23159## Report this to the OpenSSH lists. ## 23690## Report this to openssh-unix-dev@mindrot.org ##
23160## ---------------------------------- ## 23691## ------------------------------------------- ##
23161_ASBOX 23692_ASBOX
23162 ) | 23693 ) |
23163 sed "s/^/$as_me: WARNING: /" >&2 23694 sed "s/^/$as_me: WARNING: /" >&2
@@ -23305,9 +23836,9 @@ echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&
23305echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;} 23836echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
23306 ( 23837 (
23307 cat <<\_ASBOX 23838 cat <<\_ASBOX
23308## ---------------------------------- ## 23839## ------------------------------------------- ##
23309## Report this to the OpenSSH lists. ## 23840## Report this to openssh-unix-dev@mindrot.org ##
23310## ---------------------------------- ## 23841## ------------------------------------------- ##
23311_ASBOX 23842_ASBOX
23312 ) | 23843 ) |
23313 sed "s/^/$as_me: WARNING: /" >&2 23844 sed "s/^/$as_me: WARNING: /" >&2
@@ -23455,9 +23986,9 @@ echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&
23455echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;} 23986echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
23456 ( 23987 (
23457 cat <<\_ASBOX 23988 cat <<\_ASBOX
23458## ---------------------------------- ## 23989## ------------------------------------------- ##
23459## Report this to the OpenSSH lists. ## 23990## Report this to openssh-unix-dev@mindrot.org ##
23460## ---------------------------------- ## 23991## ------------------------------------------- ##
23461_ASBOX 23992_ASBOX
23462 ) | 23993 ) |
23463 sed "s/^/$as_me: WARNING: /" >&2 23994 sed "s/^/$as_me: WARNING: /" >&2
@@ -23612,133 +24143,6 @@ _ACEOF
23612 24143
23613fi 24144fi
23614 24145
23615 echo "$as_me:$LINENO: checking for library containing krb5_init_ets" >&5
23616echo $ECHO_N "checking for library containing krb5_init_ets... $ECHO_C" >&6
23617if test "${ac_cv_search_krb5_init_ets+set}" = set; then
23618 echo $ECHO_N "(cached) $ECHO_C" >&6
23619else
23620 ac_func_search_save_LIBS=$LIBS
23621ac_cv_search_krb5_init_ets=no
23622cat >conftest.$ac_ext <<_ACEOF
23623/* confdefs.h. */
23624_ACEOF
23625cat confdefs.h >>conftest.$ac_ext
23626cat >>conftest.$ac_ext <<_ACEOF
23627/* end confdefs.h. */
23628
23629/* Override any gcc2 internal prototype to avoid an error. */
23630#ifdef __cplusplus
23631extern "C"
23632#endif
23633/* We use char because int might match the return type of a gcc2
23634 builtin and then its argument prototype would still apply. */
23635char krb5_init_ets ();
23636int
23637main ()
23638{
23639krb5_init_ets ();
23640 ;
23641 return 0;
23642}
23643_ACEOF
23644rm -f conftest.$ac_objext conftest$ac_exeext
23645if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
23646 (eval $ac_link) 2>conftest.er1
23647 ac_status=$?
23648 grep -v '^ *+' conftest.er1 >conftest.err
23649 rm -f conftest.er1
23650 cat conftest.err >&5
23651 echo "$as_me:$LINENO: \$? = $ac_status" >&5
23652 (exit $ac_status); } &&
23653 { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err'
23654 { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
23655 (eval $ac_try) 2>&5
23656 ac_status=$?
23657 echo "$as_me:$LINENO: \$? = $ac_status" >&5
23658 (exit $ac_status); }; } &&
23659 { ac_try='test -s conftest$ac_exeext'
23660 { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
23661 (eval $ac_try) 2>&5
23662 ac_status=$?
23663 echo "$as_me:$LINENO: \$? = $ac_status" >&5
23664 (exit $ac_status); }; }; then
23665 ac_cv_search_krb5_init_ets="none required"
23666else
23667 echo "$as_me: failed program was:" >&5
23668sed 's/^/| /' conftest.$ac_ext >&5
23669
23670fi
23671rm -f conftest.err conftest.$ac_objext \
23672 conftest$ac_exeext conftest.$ac_ext
23673if test "$ac_cv_search_krb5_init_ets" = no; then
23674 for ac_lib in $K5LIBS; do
23675 LIBS="-l$ac_lib $ac_func_search_save_LIBS"
23676 cat >conftest.$ac_ext <<_ACEOF
23677/* confdefs.h. */
23678_ACEOF
23679cat confdefs.h >>conftest.$ac_ext
23680cat >>conftest.$ac_ext <<_ACEOF
23681/* end confdefs.h. */
23682
23683/* Override any gcc2 internal prototype to avoid an error. */
23684#ifdef __cplusplus
23685extern "C"
23686#endif
23687/* We use char because int might match the return type of a gcc2
23688 builtin and then its argument prototype would still apply. */
23689char krb5_init_ets ();
23690int
23691main ()
23692{
23693krb5_init_ets ();
23694 ;
23695 return 0;
23696}
23697_ACEOF
23698rm -f conftest.$ac_objext conftest$ac_exeext
23699if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
23700 (eval $ac_link) 2>conftest.er1
23701 ac_status=$?
23702 grep -v '^ *+' conftest.er1 >conftest.err
23703 rm -f conftest.er1
23704 cat conftest.err >&5
23705 echo "$as_me:$LINENO: \$? = $ac_status" >&5
23706 (exit $ac_status); } &&
23707 { ac_try='test -z "$ac_c_werror_flag" || test ! -s conftest.err'
23708 { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
23709 (eval $ac_try) 2>&5
23710 ac_status=$?
23711 echo "$as_me:$LINENO: \$? = $ac_status" >&5
23712 (exit $ac_status); }; } &&
23713 { ac_try='test -s conftest$ac_exeext'
23714 { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
23715 (eval $ac_try) 2>&5
23716 ac_status=$?
23717 echo "$as_me:$LINENO: \$? = $ac_status" >&5
23718 (exit $ac_status); }; }; then
23719 ac_cv_search_krb5_init_ets="-l$ac_lib"
23720break
23721else
23722 echo "$as_me: failed program was:" >&5
23723sed 's/^/| /' conftest.$ac_ext >&5
23724
23725fi
23726rm -f conftest.err conftest.$ac_objext \
23727 conftest$ac_exeext conftest.$ac_ext
23728 done
23729fi
23730LIBS=$ac_func_search_save_LIBS
23731fi
23732echo "$as_me:$LINENO: result: $ac_cv_search_krb5_init_ets" >&5
23733echo "${ECHO_T}$ac_cv_search_krb5_init_ets" >&6
23734if test "$ac_cv_search_krb5_init_ets" != no; then
23735 test "$ac_cv_search_krb5_init_ets" = "none required" || LIBS="$ac_cv_search_krb5_init_ets $LIBS"
23736 cat >>confdefs.h <<\_ACEOF
23737#define KRB5_INIT_ETS 1
23738_ACEOF
23739
23740fi
23741
23742 24146
23743 24147
23744fi; 24148fi;
@@ -25020,6 +25424,8 @@ if test "$ac_cv_lib_pam_pam_set_item" = yes ; then
25020 LIBS=`echo $LIBS | sed 's/-ldl //'` 25424 LIBS=`echo $LIBS | sed 's/-ldl //'`
25021fi 25425fi
25022 25426
25427CFLAGS="$CFLAGS $werror_flags"
25428
25023 25429
25024 ac_config_files="$ac_config_files Makefile buildpkg.sh opensshd.init openbsd-compat/Makefile scard/Makefile ssh_prng_cmds survey.sh" 25430 ac_config_files="$ac_config_files Makefile buildpkg.sh opensshd.init openbsd-compat/Makefile scard/Makefile ssh_prng_cmds survey.sh"
25025 25431
diff --git a/configure.ac b/configure.ac
index c94df6d6f..849e2f771 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,4 +1,4 @@
1# $Id: configure.ac,v 1.260 2005/04/24 07:52:23 dtucker Exp $ 1# $Id: configure.ac,v 1.292 2005/08/31 16:59:49 tim Exp $
2# 2#
3# Copyright (c) 1999-2004 Damien Miller 3# Copyright (c) 1999-2004 Damien Miller
4# 4#
@@ -14,7 +14,7 @@
14# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 16
17AC_INIT(OpenSSH, Portable) 17AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
18AC_CONFIG_SRCDIR([ssh.c]) 18AC_CONFIG_SRCDIR([ssh.c])
19 19
20AC_CONFIG_HEADER(config.h) 20AC_CONFIG_HEADER(config.h)
@@ -77,8 +77,94 @@ fi
77AC_SUBST(LD) 77AC_SUBST(LD)
78 78
79AC_C_INLINE 79AC_C_INLINE
80
81AC_CHECK_DECL(LLONG_MAX, have_llong_max=1, , [#include <limits.h>])
82
80if test "$GCC" = "yes" || test "$GCC" = "egcs"; then 83if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
81 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wno-uninitialized" 84 CFLAGS="$CFLAGS -Wall -Wpointer-arith -Wuninitialized"
85 GCC_VER=`$CC --version`
86 case $GCC_VER in
87 1.*) ;;
88 2.8* | 2.9*) CFLAGS="$CFLAGS -Wsign-compare" ;;
89 2.*) ;;
90 *) CFLAGS="$CFLAGS -Wsign-compare" ;;
91 esac
92
93 if test -z "$have_llong_max"; then
94 # retry LLONG_MAX with -std=gnu99, needed on some Linuxes
95 unset ac_cv_have_decl_LLONG_MAX
96 saved_CFLAGS="$CFLAGS"
97 CFLAGS="$CFLAGS -std=gnu99"
98 AC_CHECK_DECL(LLONG_MAX,
99 [have_llong_max=1],
100 [CFLAGS="$saved_CFLAGS"],
101 [#include <limits.h>]
102 )
103 fi
104fi
105
106if test -z "$have_llong_max"; then
107 AC_MSG_CHECKING([for max value of long long])
108 AC_RUN_IFELSE(
109 [AC_LANG_SOURCE([[
110#include <stdio.h>
111/* Why is this so damn hard? */
112#ifdef __GNUC__
113# undef __GNUC__
114#endif
115#define __USE_ISOC99
116#include <limits.h>
117#define DATA "conftest.llminmax"
118int main(void) {
119 FILE *f;
120 long long i, llmin, llmax = 0;
121
122 if((f = fopen(DATA,"w")) == NULL)
123 exit(1);
124
125#if defined(LLONG_MIN) && defined(LLONG_MAX)
126 fprintf(stderr, "Using system header for LLONG_MIN and LLONG_MAX\n");
127 llmin = LLONG_MIN;
128 llmax = LLONG_MAX;
129#else
130 fprintf(stderr, "Calculating LLONG_MIN and LLONG_MAX\n");
131 /* This will work on one's complement and two's complement */
132 for (i = 1; i > llmax; i <<= 1, i++)
133 llmax = i;
134 llmin = llmax + 1LL; /* wrap */
135#endif
136
137 /* Sanity check */
138 if (llmin + 1 < llmin || llmin - 1 < llmin || llmax + 1 > llmax
139 || llmax - 1 > llmax) {
140 fprintf(f, "unknown unknown\n");
141 exit(2);
142 }
143
144 if (fprintf(f ,"%lld %lld", llmin, llmax) < 0)
145 exit(3);
146
147 exit(0);
148}
149 ]])],
150 [
151 llong_min=`$AWK '{print $1}' conftest.llminmax`
152 llong_max=`$AWK '{print $2}' conftest.llminmax`
153 AC_MSG_RESULT($llong_max)
154 AC_DEFINE_UNQUOTED(LLONG_MAX, [${llong_max}LL],
155 [max value of long long calculated by configure])
156 AC_MSG_CHECKING([for min value of long long])
157 AC_MSG_RESULT($llong_min)
158 AC_DEFINE_UNQUOTED(LLONG_MIN, [${llong_min}LL],
159 [min value of long long calculated by configure])
160 ],
161 [
162 AC_MSG_RESULT(not found)
163 ],
164 [
165 AC_MSG_WARN([cross compiling: not checking])
166 ]
167 )
82fi 168fi
83 169
84AC_ARG_WITH(rpath, 170AC_ARG_WITH(rpath,
@@ -181,51 +267,43 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
181 AC_DEFINE(BROKEN_SETREGID) 267 AC_DEFINE(BROKEN_SETREGID)
182 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1) 268 AC_DEFINE_UNQUOTED(BIND_8_COMPAT, 1)
183 ;; 269 ;;
184*-*-hpux10.26) 270*-*-hpux*)
185 if test -z "$GCC"; then 271 # first we define all of the options common to all HP-UX releases
186 CFLAGS="$CFLAGS -Ae"
187 fi
188 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
189 IPADDR_IN_DISPLAY=yes
190 AC_DEFINE(HAVE_SECUREWARE)
191 AC_DEFINE(USE_PIPES)
192 AC_DEFINE(LOGIN_NO_ENDOPT)
193 AC_DEFINE(LOGIN_NEEDS_UTMPX)
194 AC_DEFINE(LOCKED_PASSWD_STRING, "*")
195 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
196 LIBS="$LIBS -lsec -lsecpw"
197 AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
198 disable_ptmx_check=yes
199 ;;
200*-*-hpux10*)
201 if test -z "$GCC"; then
202 CFLAGS="$CFLAGS -Ae"
203 fi
204 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
205 IPADDR_IN_DISPLAY=yes
206 AC_DEFINE(USE_PIPES)
207 AC_DEFINE(LOGIN_NO_ENDOPT)
208 AC_DEFINE(LOGIN_NEEDS_UTMPX)
209 AC_DEFINE(LOCKED_PASSWD_STRING, "*")
210 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
211 LIBS="$LIBS -lsec"
212 AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
213 ;;
214*-*-hpux11*)
215 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1" 272 CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
216 IPADDR_IN_DISPLAY=yes 273 IPADDR_IN_DISPLAY=yes
217 AC_DEFINE(PAM_SUN_CODEBASE)
218 AC_DEFINE(USE_PIPES) 274 AC_DEFINE(USE_PIPES)
219 AC_DEFINE(LOGIN_NO_ENDOPT) 275 AC_DEFINE(LOGIN_NO_ENDOPT)
220 AC_DEFINE(LOGIN_NEEDS_UTMPX) 276 AC_DEFINE(LOGIN_NEEDS_UTMPX)
221 AC_DEFINE(DISABLE_UTMP)
222 AC_DEFINE(LOCKED_PASSWD_STRING, "*") 277 AC_DEFINE(LOCKED_PASSWD_STRING, "*")
223 AC_DEFINE(SPT_TYPE,SPT_PSTAT) 278 AC_DEFINE(SPT_TYPE,SPT_PSTAT)
224 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
225 check_for_hpux_broken_getaddrinfo=1
226 check_for_conflicting_getspnam=1
227 LIBS="$LIBS -lsec" 279 LIBS="$LIBS -lsec"
228 AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])) 280 AC_CHECK_LIB(xnet, t_error, ,
281 AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***]))
282
283 # next, we define all of the options specific to major releases
284 case "$host" in
285 *-*-hpux10*)
286 if test -z "$GCC"; then
287 CFLAGS="$CFLAGS -Ae"
288 fi
289 ;;
290 *-*-hpux11*)
291 AC_DEFINE(PAM_SUN_CODEBASE)
292 AC_DEFINE(DISABLE_UTMP)
293 AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins])
294 check_for_hpux_broken_getaddrinfo=1
295 check_for_conflicting_getspnam=1
296 ;;
297 esac
298
299 # lastly, we define options specific to minor releases
300 case "$host" in
301 *-*-hpux10.26)
302 AC_DEFINE(HAVE_SECUREWARE)
303 disable_ptmx_check=yes
304 LIBS="$LIBS -lsecpw"
305 ;;
306 esac
229 ;; 307 ;;
230*-*-irix5*) 308*-*-irix5*)
231 PATH="$PATH:/usr/etc" 309 PATH="$PATH:/usr/etc"
@@ -277,7 +355,7 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
277 esac 355 esac
278 ;; 356 ;;
279mips-sony-bsd|mips-sony-newsos4) 357mips-sony-bsd|mips-sony-newsos4)
280 AC_DEFINE(HAVE_NEWS4) 358 AC_DEFINE(NEED_SETPRGP, [], [Need setpgrp to acquire controlling tty])
281 SONY=1 359 SONY=1
282 ;; 360 ;;
283*-*-netbsd*) 361*-*-netbsd*)
@@ -304,6 +382,9 @@ mips-sony-bsd|mips-sony-newsos4)
304 AC_DEFINE(USE_PIPES) 382 AC_DEFINE(USE_PIPES)
305 AC_DEFINE(BROKEN_SAVED_UIDS) 383 AC_DEFINE(BROKEN_SAVED_UIDS)
306 ;; 384 ;;
385*-*-openbsd*)
386 AC_DEFINE(HAVE_ATTRIBUTE__SENTINEL__, 1, [OpenBSD's gcc has sentinel])
387 ;;
307*-*-solaris*) 388*-*-solaris*)
308 if test "x$withval" != "xno" ; then 389 if test "x$withval" != "xno" ; then
309 need_dash_r=1 390 need_dash_r=1
@@ -373,11 +454,19 @@ mips-sony-bsd|mips-sony-newsos4)
373 ;; 454 ;;
374# UnixWare 7.x, OpenUNIX 8 455# UnixWare 7.x, OpenUNIX 8
375*-*-sysv5*) 456*-*-sysv5*)
457 check_for_libcrypt_later=1
458 AC_DEFINE(UNIXWARE_LONG_PASSWORDS, 1, [Support passwords > 8 chars])
376 AC_DEFINE(USE_PIPES) 459 AC_DEFINE(USE_PIPES)
377 AC_DEFINE(SETEUID_BREAKS_SETUID) 460 AC_DEFINE(SETEUID_BREAKS_SETUID)
378 AC_DEFINE(BROKEN_SETREUID) 461 AC_DEFINE(BROKEN_SETREUID)
379 AC_DEFINE(BROKEN_SETREGID) 462 AC_DEFINE(BROKEN_SETREGID)
380 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd]) 463 AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd])
464 case "$host" in
465 *-*-sysv5SCO_SV*) # SCO OpenServer 6.x
466 TEST_SHELL=/u95/bin/sh
467 AC_DEFINE(BROKEN_LIBIAF, 1, [ia_uinfo routines not supported by OS yet])
468 ;;
469 esac
381 ;; 470 ;;
382*-*-sysv*) 471*-*-sysv*)
383 ;; 472 ;;
@@ -476,6 +565,19 @@ mips-sony-bsd|mips-sony-newsos4)
476 AC_DEFINE(MISSING_HOWMANY) 565 AC_DEFINE(MISSING_HOWMANY)
477 AC_DEFINE(MISSING_FD_MASK) 566 AC_DEFINE(MISSING_FD_MASK)
478 ;; 567 ;;
568
569*-*-ultrix*)
570 AC_DEFINE(BROKEN_GETGROUPS, [], [getgroups(0,NULL) will return -1])
571 AC_DEFINE(BROKEN_MMAP, [], [Ultrix mmap can't map files])
572 AC_DEFINE(NEED_SETPRGP, [], [Need setpgrp to acquire controlling tty])
573 AC_DEFINE(HAVE_SYS_SYSLOG_H, 1, [Force use of sys/syslog.h on Ultrix])
574 ;;
575
576*-*-lynxos)
577 CFLAGS="$CFLAGS -D__NO_INCLUDE_WARN__"
578 AC_DEFINE(MISSING_HOWMANY)
579 AC_DEFINE(BROKEN_SETVBUF, 1, [LynxOS has broken setvbuf() implementation])
580 ;;
479esac 581esac
480 582
481# Allow user to specify flags 583# Allow user to specify flags
@@ -515,6 +617,17 @@ AC_ARG_WITH(libs,
515 fi 617 fi
516 ] 618 ]
517) 619)
620AC_ARG_WITH(Werror,
621 [ --with-Werror Build main code with -Werror],
622 [
623 if test -n "$withval" && test "x$withval" != "xno"; then
624 werror_flags="-Werror"
625 if "x${withval}" != "xyes"; then
626 werror_flags="$withval"
627 fi
628 fi
629 ]
630)
518 631
519AC_MSG_CHECKING(compiler and flags for sanity) 632AC_MSG_CHECKING(compiler and flags for sanity)
520AC_RUN_IFELSE( 633AC_RUN_IFELSE(
@@ -530,17 +643,67 @@ int main(){exit(0);}
530 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ] 643 [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ]
531) 644)
532 645
533# Checks for header files. 646dnl Checks for header files.
534AC_CHECK_HEADERS(bstring.h crypt.h dirent.h endian.h features.h \ 647AC_CHECK_HEADERS( \
535 floatingpoint.h getopt.h glob.h ia.h lastlog.h limits.h login.h \ 648 bstring.h \
536 login_cap.h maillock.h ndir.h netdb.h netgroup.h \ 649 crypt.h \
537 netinet/in_systm.h pam/pam_appl.h paths.h pty.h readpassphrase.h \ 650 dirent.h \
538 rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \ 651 endian.h \
539 strings.h sys/dir.h sys/strtio.h sys/audit.h sys/bitypes.h \ 652 features.h \
540 sys/bsdtty.h sys/cdefs.h sys/mman.h sys/ndir.h sys/prctl.h \ 653 floatingpoint.h \
541 sys/pstat.h sys/select.h sys/stat.h sys/stream.h \ 654 getopt.h \
542 sys/stropts.h sys/sysmacros.h sys/time.h sys/timers.h sys/un.h \ 655 glob.h \
543 time.h tmpdir.h ttyent.h usersec.h util.h utime.h utmp.h utmpx.h vis.h) 656 ia.h \
657 iaf.h \
658 lastlog.h \
659 limits.h \
660 login.h \
661 login_cap.h \
662 maillock.h \
663 ndir.h \
664 netdb.h \
665 netgroup.h \
666 netinet/in_systm.h \
667 pam/pam_appl.h \
668 paths.h \
669 pty.h \
670 readpassphrase.h \
671 rpc/types.h \
672 security/pam_appl.h \
673 shadow.h \
674 stddef.h \
675 stdint.h \
676 string.h \
677 strings.h \
678 sys/audit.h \
679 sys/bitypes.h \
680 sys/bsdtty.h \
681 sys/cdefs.h \
682 sys/dir.h \
683 sys/mman.h \
684 sys/ndir.h \
685 sys/prctl.h \
686 sys/pstat.h \
687 sys/select.h \
688 sys/stat.h \
689 sys/stream.h \
690 sys/stropts.h \
691 sys/strtio.h \
692 sys/sysmacros.h \
693 sys/time.h \
694 sys/timers.h \
695 sys/un.h \
696 time.h \
697 tmpdir.h \
698 ttyent.h \
699 unistd.h \
700 usersec.h \
701 util.h \
702 utime.h \
703 utmp.h \
704 utmpx.h \
705 vis.h \
706)
544 707
545# sys/ptms.h requires sys/stream.h to be included first on Solaris 708# sys/ptms.h requires sys/stream.h to be included first on Solaris
546AC_CHECK_HEADERS(sys/ptms.h, [], [], [ 709AC_CHECK_HEADERS(sys/ptms.h, [], [], [
@@ -668,8 +831,8 @@ int main()
668 if (a == 1 && b == 1 && c >= 4) 831 if (a == 1 && b == 1 && c >= 4)
669 exit(0); 832 exit(0);
670 833
671 /* 1.2.1.2 and up are OK */ 834 /* 1.2.3 and up are OK */
672 if (v >= 1020102) 835 if (v >= 1020300)
673 exit(0); 836 exit(0);
674 837
675 exit(2); 838 exit(2);
@@ -683,7 +846,7 @@ Your reported zlib version has known security problems. It's possible your
683vendor has fixed these problems without changing the version number. If you 846vendor has fixed these problems without changing the version number. If you
684are sure this is the case, you can disable the check by running 847are sure this is the case, you can disable the check by running
685"./configure --without-zlib-version-check". 848"./configure --without-zlib-version-check".
686If you are in doubt, upgrade zlib to version 1.2.1.2 or greater. 849If you are in doubt, upgrade zlib to version 1.2.3 or greater.
687See http://www.gzip.org/zlib/ for details.]) 850See http://www.gzip.org/zlib/ for details.])
688 else 851 else
689 AC_MSG_WARN([zlib version may have security problems]) 852 AC_MSG_WARN([zlib version may have security problems])
@@ -884,6 +1047,21 @@ AC_ARG_WITH(libedit,
884 [ AC_MSG_ERROR(libedit not found) ], 1047 [ AC_MSG_ERROR(libedit not found) ],
885 [ -lcurses ] 1048 [ -lcurses ]
886 ) 1049 )
1050 AC_MSG_CHECKING(if libedit version is compatible)
1051 AC_COMPILE_IFELSE(
1052 [AC_LANG_SOURCE([[
1053#include <histedit.h>
1054int main(void)
1055{
1056 int i = H_SETSIZE;
1057 el_init("", NULL, NULL, NULL);
1058 exit(0);
1059}
1060 ]])],
1061 [ AC_MSG_RESULT(yes) ],
1062 [ AC_MSG_RESULT(no)
1063 AC_MSG_ERROR(libedit version is not compatible) ]
1064 )
887 fi ] 1065 fi ]
888) 1066)
889 1067
@@ -912,6 +1090,9 @@ AC_ARG_WITH(audit,
912 AC_MSG_RESULT(debug) 1090 AC_MSG_RESULT(debug)
913 AC_DEFINE(SSH_AUDIT_EVENTS, [], Use audit debugging module) 1091 AC_DEFINE(SSH_AUDIT_EVENTS, [], Use audit debugging module)
914 ;; 1092 ;;
1093 no)
1094 AC_MSG_RESULT(no)
1095 ;;
915 *) 1096 *)
916 AC_MSG_ERROR([Unknown audit module $withval]) 1097 AC_MSG_ERROR([Unknown audit module $withval])
917 ;; 1098 ;;
@@ -919,19 +1100,87 @@ AC_ARG_WITH(audit,
919) 1100)
920 1101
921dnl Checks for library functions. Please keep in alphabetical order 1102dnl Checks for library functions. Please keep in alphabetical order
922AC_CHECK_FUNCS(\ 1103AC_CHECK_FUNCS( \
923 arc4random __b64_ntop b64_ntop __b64_pton b64_pton bcopy \ 1104 arc4random \
924 bindresvport_sa clock closefrom dirfd fchdir fchmod fchown \ 1105 b64_ntop \
925 freeaddrinfo futimes getaddrinfo getcwd getgrouplist getnameinfo \ 1106 __b64_ntop \
926 getopt getpeereid _getpty getrlimit getttyent glob inet_aton \ 1107 b64_pton \
927 inet_ntoa inet_ntop innetgr login_getcapbool md5_crypt memmove \ 1108 __b64_pton \
928 mkdtemp mmap ngetaddrinfo nsleep ogetaddrinfo openlog_r openpty \ 1109 bcopy \
929 pstat prctl readpassphrase realpath recvmsg rresvport_af sendmsg \ 1110 bindresvport_sa \
930 setdtablesize setegid setenv seteuid setgroups setlogin setpcred \ 1111 clock \
931 setproctitle setregid setreuid setrlimit \ 1112 closefrom \
932 setsid setvbuf sigaction sigvec snprintf socketpair strerror \ 1113 dirfd \
933 strlcat strlcpy strmode strnvis strtoul sysconf tcgetpgrp \ 1114 fchmod \
934 truncate unsetenv updwtmpx utimes vhangup vsnprintf waitpid \ 1115 fchown \
1116 freeaddrinfo \
1117 futimes \
1118 getaddrinfo \
1119 getcwd \
1120 getgrouplist \
1121 getnameinfo \
1122 getopt \
1123 getpeereid \
1124 _getpty \
1125 getrlimit \
1126 getttyent \
1127 glob \
1128 inet_aton \
1129 inet_ntoa \
1130 inet_ntop \
1131 innetgr \
1132 login_getcapbool \
1133 md5_crypt \
1134 memmove \
1135 mkdtemp \
1136 mmap \
1137 ngetaddrinfo \
1138 nsleep \
1139 ogetaddrinfo \
1140 openlog_r \
1141 openpty \
1142 prctl \
1143 pstat \
1144 readpassphrase \
1145 realpath \
1146 recvmsg \
1147 rresvport_af \
1148 sendmsg \
1149 setdtablesize \
1150 setegid \
1151 setenv \
1152 seteuid \
1153 setgroups \
1154 setlogin \
1155 setpcred \
1156 setproctitle \
1157 setregid \
1158 setreuid \
1159 setrlimit \
1160 setsid \
1161 setvbuf \
1162 sigaction \
1163 sigvec \
1164 snprintf \
1165 socketpair \
1166 strdup \
1167 strerror \
1168 strlcat \
1169 strlcpy \
1170 strmode \
1171 strnvis \
1172 strtonum \
1173 strtoll \
1174 strtoul \
1175 sysconf \
1176 tcgetpgrp \
1177 truncate \
1178 unsetenv \
1179 updwtmpx \
1180 utimes \
1181 vhangup \
1182 vsnprintf \
1183 waitpid \
935) 1184)
936 1185
937# IRIX has a const char return value for gai_strerror() 1186# IRIX has a const char return value for gai_strerror()
@@ -952,8 +1201,15 @@ str = gai_strerror(0);],[
952AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP)) 1201AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP))
953 1202
954dnl Make sure prototypes are defined for these before using them. 1203dnl Make sure prototypes are defined for these before using them.
955AC_CHECK_DECL(strsep, [AC_CHECK_FUNCS(strsep)])
956AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)]) 1204AC_CHECK_DECL(getrusage, [AC_CHECK_FUNCS(getrusage)])
1205AC_CHECK_DECL(strsep,
1206 [AC_CHECK_FUNCS(strsep)],
1207 [],
1208 [
1209#ifdef HAVE_STRING_H
1210# include <string.h>
1211#endif
1212 ])
957 1213
958dnl tcsendbreak might be a macro 1214dnl tcsendbreak might be a macro
959AC_CHECK_DECL(tcsendbreak, 1215AC_CHECK_DECL(tcsendbreak,
@@ -1477,6 +1733,7 @@ if test "x$check_for_libcrypt_later" = "x1"; then
1477 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt") 1733 AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
1478fi 1734fi
1479 1735
1736AC_CHECK_LIB(iaf, ia_openinfo)
1480 1737
1481### Configure cryptographic random number support 1738### Configure cryptographic random number support
1482 1739
@@ -2410,6 +2667,9 @@ int main()
2410 AC_MSG_RESULT(no)]) 2667 AC_MSG_RESULT(no)])
2411 ]) 2668 ])
2412 AC_CHECK_FUNCS(_getshort _getlong) 2669 AC_CHECK_FUNCS(_getshort _getlong)
2670 AC_CHECK_DECLS([_getshort, _getlong], , ,
2671 [#include <sys/types.h>
2672 #include <arpa/nameser.h>])
2413 AC_CHECK_MEMBER(HEADER.ad, 2673 AC_CHECK_MEMBER(HEADER.ad,
2414 [AC_DEFINE(HAVE_HEADER_AD)],, 2674 [AC_DEFINE(HAVE_HEADER_AD)],,
2415 [#include <arpa/nameser.h>]) 2675 [#include <arpa/nameser.h>])
@@ -2525,7 +2785,6 @@ AC_ARG_WITH(kerberos5,
2525 2785
2526 LIBS="$LIBS $K5LIBS" 2786 LIBS="$LIBS $K5LIBS"
2527 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS)) 2787 AC_SEARCH_LIBS(k_hasafs, kafs, AC_DEFINE(USE_AFS))
2528 AC_SEARCH_LIBS(krb5_init_ets, $K5LIBS, AC_DEFINE(KRB5_INIT_ETS))
2529 ] 2788 ]
2530) 2789)
2531 2790
@@ -3164,6 +3423,10 @@ if test "$ac_cv_lib_pam_pam_set_item" = yes ; then
3164 LIBS=`echo $LIBS | sed 's/-ldl //'` 3423 LIBS=`echo $LIBS | sed 's/-ldl //'`
3165fi 3424fi
3166 3425
3426dnl Adding -Werror to CFLAGS early prevents configure tests from running.
3427dnl Add now.
3428CFLAGS="$CFLAGS $werror_flags"
3429
3167AC_EXEEXT 3430AC_EXEEXT
3168AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openbsd-compat/Makefile \ 3431AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openbsd-compat/Makefile \
3169 scard/Makefile ssh_prng_cmds survey.sh]) 3432 scard/Makefile ssh_prng_cmds survey.sh])
diff --git a/contrib/aix/pam.conf b/contrib/aix/pam.conf
index 1495f43cb..f1528b005 100644
--- a/contrib/aix/pam.conf
+++ b/contrib/aix/pam.conf
@@ -11,10 +11,10 @@ OTHER auth required /usr/lib/security/pam_aix
11sshd account required /usr/lib/security/pam_aix 11sshd account required /usr/lib/security/pam_aix
12OTHER account required /usr/lib/security/pam_aix 12OTHER account required /usr/lib/security/pam_aix
13 13
14# Session Management 14# Password Management
15sshd password required /usr/lib/security/pam_aix 15sshd password required /usr/lib/security/pam_aix
16OTHER password required /usr/lib/security/pam_aix 16OTHER password required /usr/lib/security/pam_aix
17 17
18# Password Management 18# Session Management
19sshd session required /usr/lib/security/pam_aix 19sshd session required /usr/lib/security/pam_aix
20OTHER session required /usr/lib/security/pam_aix 20OTHER session required /usr/lib/security/pam_aix
diff --git a/contrib/caldera/openssh.spec b/contrib/caldera/openssh.spec
index 355663ed4..bfde0fefc 100644
--- a/contrib/caldera/openssh.spec
+++ b/contrib/caldera/openssh.spec
@@ -17,7 +17,7 @@
17#old cvs stuff. please update before use. may be deprecated. 17#old cvs stuff. please update before use. may be deprecated.
18%define use_stable 1 18%define use_stable 1
19%if %{use_stable} 19%if %{use_stable}
20 %define version 4.1p1 20 %define version 4.2p1
21 %define cvs %{nil} 21 %define cvs %{nil}
22 %define release 1 22 %define release 1
23%else 23%else
@@ -357,4 +357,4 @@ fi
357* Mon Jan 01 1998 ... 357* Mon Jan 01 1998 ...
358Template Version: 1.31 358Template Version: 1.31
359 359
360$Id: openssh.spec,v 1.54 2005/05/25 04:43:48 djm Exp $ 360$Id: openssh.spec,v 1.55 2005/09/01 09:10:49 djm Exp $
diff --git a/contrib/redhat/openssh.spec b/contrib/redhat/openssh.spec
index 430c4d323..049b07fe4 100644
--- a/contrib/redhat/openssh.spec
+++ b/contrib/redhat/openssh.spec
@@ -1,4 +1,4 @@
1%define ver 4.1p1 1%define ver 4.2p1
2%define rel 1 2%define rel 1
3 3
4# OpenSSH privilege separation requires a user & group ID 4# OpenSSH privilege separation requires a user & group ID
diff --git a/contrib/suse/openssh.spec b/contrib/suse/openssh.spec
index a574d3f2f..6ad862fad 100644
--- a/contrib/suse/openssh.spec
+++ b/contrib/suse/openssh.spec
@@ -1,6 +1,6 @@
1Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation 1Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation
2Name: openssh 2Name: openssh
3Version: 4.1p1 3Version: 4.2p1
4URL: http://www.openssh.com/ 4URL: http://www.openssh.com/
5Release: 1 5Release: 1
6Source0: openssh-%{version}.tar.gz 6Source0: openssh-%{version}.tar.gz
diff --git a/debian/changelog b/debian/changelog
index 3ad593e10..b277b7435 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
1openssh (1:4.2p1-1) UNRELEASED; urgency=low
2
3 * New upstream release.
4
5 -- Colin Watson <cjwatson@debian.org> Wed, 14 Sep 2005 13:35:17 +0100
6
1openssh (1:4.1p1-7) unstable; urgency=low 7openssh (1:4.1p1-7) unstable; urgency=low
2 8
3 * Do the IDEA host key check on a temporary file to avoid altering 9 * Do the IDEA host key check on a temporary file to avoid altering
diff --git a/defines.h b/defines.h
index 7758bc37a..408b988b5 100644
--- a/defines.h
+++ b/defines.h
@@ -25,7 +25,7 @@
25#ifndef _DEFINES_H 25#ifndef _DEFINES_H
26#define _DEFINES_H 26#define _DEFINES_H
27 27
28/* $Id: defines.h,v 1.119 2005/02/20 10:01:49 dtucker Exp $ */ 28/* $Id: defines.h,v 1.127 2005/08/31 16:59:49 tim Exp $ */
29 29
30 30
31/* Constants */ 31/* Constants */
@@ -54,10 +54,24 @@ enum
54# ifdef PATH_MAX 54# ifdef PATH_MAX
55# define MAXPATHLEN PATH_MAX 55# define MAXPATHLEN PATH_MAX
56# else /* PATH_MAX */ 56# else /* PATH_MAX */
57# define MAXPATHLEN 64 /* Should be safe */ 57# define MAXPATHLEN 64
58/* realpath uses a fixed buffer of size MAXPATHLEN, so force use of ours */
59# ifndef BROKEN_REALPATH
60# define BROKEN_REALPATH 1
61# endif /* BROKEN_REALPATH */
58# endif /* PATH_MAX */ 62# endif /* PATH_MAX */
59#endif /* MAXPATHLEN */ 63#endif /* MAXPATHLEN */
60 64
65#ifndef PATH_MAX
66# ifdef _POSIX_PATH_MAX
67# define PATH_MAX _POSIX_PATH_MAX
68# endif
69#endif
70
71#ifndef MAXSYMLINKS
72# define MAXSYMLINKS 5
73#endif
74
61#ifndef STDIN_FILENO 75#ifndef STDIN_FILENO
62# define STDIN_FILENO 0 76# define STDIN_FILENO 0
63#endif 77#endif
@@ -432,6 +446,10 @@ struct winsize {
432# define __dead __attribute__((noreturn)) 446# define __dead __attribute__((noreturn))
433#endif 447#endif
434 448
449#if !defined(HAVE_ATTRIBUTE__SENTINEL__) && !defined(__sentinel__)
450# define __sentinel__
451#endif
452
435/* *-*-nto-qnx doesn't define this macro in the system headers */ 453/* *-*-nto-qnx doesn't define this macro in the system headers */
436#ifdef MISSING_HOWMANY 454#ifdef MISSING_HOWMANY
437# define howmany(x,y) (((x)+((y)-1))/(y)) 455# define howmany(x,y) (((x)+((y)-1))/(y))
@@ -567,6 +585,23 @@ struct winsize {
567# define SSH_SYSFDMAX 10000 585# define SSH_SYSFDMAX 10000
568#endif 586#endif
569 587
588#if defined(__Lynx__)
589 /*
590 * LynxOS defines these in param.h which we do not want to include since
591 * it will also pull in a bunch of kernel definitions.
592 */
593# define ALIGNBYTES (sizeof(int) - 1)
594# define ALIGN(p) (((unsigned)p + ALIGNBYTES) & ~ALIGNBYTES)
595 /* Missing prototypes on LynxOS */
596 int snprintf (char *, size_t, const char *, ...);
597 int mkstemp (char *);
598 char *crypt (const char *, const char *);
599 int seteuid (uid_t);
600 int setegid (gid_t);
601 char *mkdtemp (char *);
602 int rresvport_af (int *, sa_family_t);
603 int innetgr (const char *, const char *, const char *, const char *);
604#endif
570 605
571/* 606/*
572 * Define this to use pipes instead of socketpairs for communicating with the 607 * Define this to use pipes instead of socketpairs for communicating with the
@@ -653,6 +688,10 @@ struct winsize {
653# define CUSTOM_SYS_AUTH_PASSWD 1 688# define CUSTOM_SYS_AUTH_PASSWD 1
654#endif 689#endif
655 690
691#if defined(HAVE_LIBIAF) && !defined(BROKEN_LIBIAF)
692# define CUSTOM_SYS_AUTH_PASSWD 1
693#endif
694
656/* HP-UX 11.11 */ 695/* HP-UX 11.11 */
657#ifdef BTMP_FILE 696#ifdef BTMP_FILE
658# define _PATH_BTMP BTMP_FILE 697# define _PATH_BTMP BTMP_FILE
@@ -664,4 +703,12 @@ struct winsize {
664 703
665/** end of login recorder definitions */ 704/** end of login recorder definitions */
666 705
706#ifdef BROKEN_GETGROUPS
707# define getgroups(a,b) ((a)==0 && (b)==NULL ? NGROUPS_MAX : getgroups((a),(b)))
708#endif
709
710#if defined(HAVE_MMAP) && defined(BROKEN_MMAP)
711# undef HAVE_MMAP
712#endif
713
667#endif /* _DEFINES_H */ 714#endif /* _DEFINES_H */
diff --git a/dns.c b/dns.c
index 140ab6042..4487c1aba 100644
--- a/dns.c
+++ b/dns.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: dns.c,v 1.10 2004/06/21 17:36:31 avsm Exp $ */ 1/* $OpenBSD: dns.c,v 1.12 2005/06/17 02:44:32 djm Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2003 Wesley Griffin. All rights reserved. 4 * Copyright (c) 2003 Wesley Griffin. All rights reserved.
@@ -43,7 +43,7 @@
43#include "uuencode.h" 43#include "uuencode.h"
44 44
45extern char *__progname; 45extern char *__progname;
46RCSID("$OpenBSD: dns.c,v 1.10 2004/06/21 17:36:31 avsm Exp $"); 46RCSID("$OpenBSD: dns.c,v 1.12 2005/06/17 02:44:32 djm Exp $");
47 47
48#ifndef LWRES 48#ifndef LWRES
49static const char *errset_text[] = { 49static const char *errset_text[] = {
@@ -142,6 +142,26 @@ dns_read_rdata(u_int8_t *algorithm, u_int8_t *digest_type,
142 return success; 142 return success;
143} 143}
144 144
145/*
146 * Check if hostname is numerical.
147 * Returns -1 if hostname is numeric, 0 otherwise
148 */
149static int
150is_numeric_hostname(const char *hostname)
151{
152 struct addrinfo hints, *ai;
153
154 memset(&hints, 0, sizeof(hints));
155 hints.ai_socktype = SOCK_DGRAM;
156 hints.ai_flags = AI_NUMERICHOST;
157
158 if (getaddrinfo(hostname, "0", &hints, &ai) == 0) {
159 freeaddrinfo(ai);
160 return -1;
161 }
162
163 return 0;
164}
145 165
146/* 166/*
147 * Verify the given hostname, address and host key using DNS. 167 * Verify the given hostname, address and host key using DNS.
@@ -151,7 +171,7 @@ int
151verify_host_key_dns(const char *hostname, struct sockaddr *address, 171verify_host_key_dns(const char *hostname, struct sockaddr *address,
152 const Key *hostkey, int *flags) 172 const Key *hostkey, int *flags)
153{ 173{
154 int counter; 174 u_int counter;
155 int result; 175 int result;
156 struct rrsetinfo *fingerprints = NULL; 176 struct rrsetinfo *fingerprints = NULL;
157 177
@@ -171,6 +191,11 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address,
171 if (hostkey == NULL) 191 if (hostkey == NULL)
172 fatal("No key to look up!"); 192 fatal("No key to look up!");
173 193
194 if (is_numeric_hostname(hostname)) {
195 debug("skipped DNS lookup for numerical hostname");
196 return -1;
197 }
198
174 result = getrrsetbyname(hostname, DNS_RDATACLASS_IN, 199 result = getrrsetbyname(hostname, DNS_RDATACLASS_IN,
175 DNS_RDATATYPE_SSHFP, 0, &fingerprints); 200 DNS_RDATATYPE_SSHFP, 0, &fingerprints);
176 if (result) { 201 if (result) {
@@ -249,7 +274,7 @@ export_dns_rr(const char *hostname, const Key *key, FILE *f, int generic)
249 u_char *rdata_digest; 274 u_char *rdata_digest;
250 u_int rdata_digest_len; 275 u_int rdata_digest_len;
251 276
252 int i; 277 u_int i;
253 int success = 0; 278 int success = 0;
254 279
255 if (dns_read_key(&rdata_pubkey_algorithm, &rdata_digest_type, 280 if (dns_read_key(&rdata_pubkey_algorithm, &rdata_digest_type,
diff --git a/entropy.c b/entropy.c
index 572e8cece..e48d6d3f9 100644
--- a/entropy.c
+++ b/entropy.c
@@ -45,7 +45,7 @@
45 * XXX: we should tell the child how many bytes we need. 45 * XXX: we should tell the child how many bytes we need.
46 */ 46 */
47 47
48RCSID("$Id: entropy.c,v 1.48 2003/11/21 12:56:47 djm Exp $"); 48RCSID("$Id: entropy.c,v 1.49 2005/07/17 07:26:44 djm Exp $");
49 49
50#ifndef OPENSSL_PRNG_ONLY 50#ifndef OPENSSL_PRNG_ONLY
51#define RANDOM_SEED_SIZE 48 51#define RANDOM_SEED_SIZE 48
@@ -114,8 +114,8 @@ seed_rng(void)
114 close(p[0]); 114 close(p[0]);
115 115
116 if (waitpid(pid, &ret, 0) == -1) 116 if (waitpid(pid, &ret, 0) == -1)
117 fatal("Couldn't wait for ssh-rand-helper completion: %s", 117 fatal("Couldn't wait for ssh-rand-helper completion: %s",
118 strerror(errno)); 118 strerror(errno));
119 signal(SIGCHLD, old_sigchld); 119 signal(SIGCHLD, old_sigchld);
120 120
121 /* We don't mind if the child exits upon a SIGPIPE */ 121 /* We don't mind if the child exits upon a SIGPIPE */
diff --git a/gss-genr.c b/gss-genr.c
index 3f5727b3e..9bc31aa2a 100644
--- a/gss-genr.c
+++ b/gss-genr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: gss-genr.c,v 1.3 2003/11/21 11:57:03 djm Exp $ */ 1/* $OpenBSD: gss-genr.c,v 1.4 2005/07/17 07:17:55 djm Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. 4 * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
@@ -78,8 +78,8 @@ ssh_gssapi_error(Gssctxt *ctxt)
78} 78}
79 79
80char * 80char *
81ssh_gssapi_last_error(Gssctxt *ctxt, 81ssh_gssapi_last_error(Gssctxt *ctxt, OM_uint32 *major_status,
82 OM_uint32 *major_status, OM_uint32 *minor_status) 82 OM_uint32 *minor_status)
83{ 83{
84 OM_uint32 lmin; 84 OM_uint32 lmin;
85 gss_buffer_desc msg = GSS_C_EMPTY_BUFFER; 85 gss_buffer_desc msg = GSS_C_EMPTY_BUFFER;
diff --git a/gss-serv-krb5.c b/gss-serv-krb5.c
index 91d87f798..4f02621dd 100644
--- a/gss-serv-krb5.c
+++ b/gss-serv-krb5.c
@@ -65,9 +65,6 @@ ssh_gssapi_krb5_init(void)
65 logit("Cannot initialize krb5 context"); 65 logit("Cannot initialize krb5 context");
66 return 0; 66 return 0;
67 } 67 }
68#ifdef KRB5_INIT_ETS
69 krb5_init_ets(krb_context);
70#endif
71 68
72 return 1; 69 return 1;
73} 70}
@@ -131,34 +128,10 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_client *client)
131 return; 128 return;
132 } 129 }
133#else 130#else
134 { 131 if ((problem = ssh_krb5_cc_gen(krb_context, &ccache))) {
135 int tmpfd; 132 logit("ssh_krb5_cc_gen(): %.100s",
136 char ccname[40]; 133 krb5_get_err_text(krb_context, problem));
137 mode_t old_umask; 134 return;
138
139 snprintf(ccname, sizeof(ccname),
140 "FILE:/tmp/krb5cc_%d_XXXXXX", geteuid());
141
142 old_umask = umask(0177);
143 tmpfd = mkstemp(ccname + strlen("FILE:"));
144 umask(old_umask);
145 if (tmpfd == -1) {
146 logit("mkstemp(): %.100s", strerror(errno));
147 problem = errno;
148 return;
149 }
150 if (fchmod(tmpfd, S_IRUSR | S_IWUSR) == -1) {
151 logit("fchmod(): %.100s", strerror(errno));
152 close(tmpfd);
153 problem = errno;
154 return;
155 }
156 close(tmpfd);
157 if ((problem = krb5_cc_resolve(krb_context, ccname, &ccache))) {
158 logit("krb5_cc_resolve(): %.100s",
159 krb5_get_err_text(krb_context, problem));
160 return;
161 }
162 } 135 }
163#endif /* #ifdef HEIMDAL */ 136#endif /* #ifdef HEIMDAL */
164 137
diff --git a/gss-serv.c b/gss-serv.c
index de32a3f2e..117130459 100644
--- a/gss-serv.c
+++ b/gss-serv.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: gss-serv.c,v 1.5 2003/11/17 11:06:07 markus Exp $ */ 1/* $OpenBSD: gss-serv.c,v 1.8 2005/08/30 22:08:05 djm Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. 4 * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
@@ -134,7 +134,7 @@ ssh_gssapi_accept_ctx(Gssctxt *ctx, gss_buffer_desc *recv_tok,
134static OM_uint32 134static OM_uint32
135ssh_gssapi_parse_ename(Gssctxt *ctx, gss_buffer_t ename, gss_buffer_t name) 135ssh_gssapi_parse_ename(Gssctxt *ctx, gss_buffer_t ename, gss_buffer_t name)
136{ 136{
137 char *tok; 137 u_char *tok;
138 OM_uint32 offset; 138 OM_uint32 offset;
139 OM_uint32 oidl; 139 OM_uint32 oidl;
140 140
@@ -164,7 +164,7 @@ ssh_gssapi_parse_ename(Gssctxt *ctx, gss_buffer_t ename, gss_buffer_t name)
164 */ 164 */
165 if (tok[4] != 0x06 || tok[5] != oidl || 165 if (tok[4] != 0x06 || tok[5] != oidl ||
166 ename->length < oidl+6 || 166 ename->length < oidl+6 ||
167 !ssh_gssapi_check_oid(ctx,tok+6,oidl)) 167 !ssh_gssapi_check_oid(ctx,tok+6,oidl))
168 return GSS_S_FAILURE; 168 return GSS_S_FAILURE;
169 169
170 offset = oidl+6; 170 offset = oidl+6;
@@ -267,7 +267,7 @@ ssh_gssapi_do_child(char ***envp, u_int *envsizep)
267 debug("Setting %s to %s", gssapi_client.store.envvar, 267 debug("Setting %s to %s", gssapi_client.store.envvar,
268 gssapi_client.store.envval); 268 gssapi_client.store.envval);
269 child_set_env(envp, envsizep, gssapi_client.store.envvar, 269 child_set_env(envp, envsizep, gssapi_client.store.envvar,
270 gssapi_client.store.envval); 270 gssapi_client.store.envval);
271 } 271 }
272} 272}
273 273
@@ -275,13 +275,24 @@ ssh_gssapi_do_child(char ***envp, u_int *envsizep)
275int 275int
276ssh_gssapi_userok(char *user) 276ssh_gssapi_userok(char *user)
277{ 277{
278 OM_uint32 lmin;
279
278 if (gssapi_client.exportedname.length == 0 || 280 if (gssapi_client.exportedname.length == 0 ||
279 gssapi_client.exportedname.value == NULL) { 281 gssapi_client.exportedname.value == NULL) {
280 debug("No suitable client data"); 282 debug("No suitable client data");
281 return 0; 283 return 0;
282 } 284 }
283 if (gssapi_client.mech && gssapi_client.mech->userok) 285 if (gssapi_client.mech && gssapi_client.mech->userok)
284 return ((*gssapi_client.mech->userok)(&gssapi_client, user)); 286 if ((*gssapi_client.mech->userok)(&gssapi_client, user))
287 return 1;
288 else {
289 /* Destroy delegated credentials if userok fails */
290 gss_release_buffer(&lmin, &gssapi_client.displayname);
291 gss_release_buffer(&lmin, &gssapi_client.exportedname);
292 gss_release_cred(&lmin, &gssapi_client.creds);
293 memset(&gssapi_client, 0, sizeof(ssh_gssapi_client));
294 return 0;
295 }
285 else 296 else
286 debug("ssh_gssapi_userok: Unknown GSSAPI mechanism"); 297 debug("ssh_gssapi_userok: Unknown GSSAPI mechanism");
287 return (0); 298 return (0);
diff --git a/hostfile.c b/hostfile.c
index bf2a31c9b..63550a29d 100644
--- a/hostfile.c
+++ b/hostfile.c
@@ -36,7 +36,7 @@
36 */ 36 */
37 37
38#include "includes.h" 38#include "includes.h"
39RCSID("$OpenBSD: hostfile.c,v 1.34 2005/03/10 22:01:05 deraadt Exp $"); 39RCSID("$OpenBSD: hostfile.c,v 1.35 2005/07/27 10:39:03 dtucker Exp $");
40 40
41#include <resolv.h> 41#include <resolv.h>
42#include <openssl/hmac.h> 42#include <openssl/hmac.h>
@@ -315,7 +315,7 @@ add_host_to_hostfile(const char *filename, const char *host, const Key *key,
315{ 315{
316 FILE *f; 316 FILE *f;
317 int success = 0; 317 int success = 0;
318 char *hashed_host; 318 char *hashed_host = NULL;
319 319
320 if (key == NULL) 320 if (key == NULL)
321 return 1; /* XXX ? */ 321 return 1; /* XXX ? */
diff --git a/includes.h b/includes.h
index 3d3aa3b21..fa65aa38d 100644
--- a/includes.h
+++ b/includes.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: includes.h,v 1.18 2004/06/13 15:03:02 djm Exp $ */ 1/* $OpenBSD: includes.h,v 1.19 2005/05/19 02:42:26 djm Exp $ */
2 2
3/* 3/*
4 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -17,10 +17,11 @@
17#define INCLUDES_H 17#define INCLUDES_H
18 18
19#define RCSID(msg) \ 19#define RCSID(msg) \
20static /**/const char *const rcsid[] = { (char *)rcsid, "\100(#)" msg } 20static /**/const char *const rcsid[] = { (const char *)rcsid, "\100(#)" msg }
21 21
22#include "config.h" 22#include "config.h"
23 23
24#include <stdarg.h>
24#include <stdio.h> 25#include <stdio.h>
25#include <ctype.h> 26#include <ctype.h>
26#include <errno.h> 27#include <errno.h>
@@ -168,6 +169,10 @@ static /**/const char *const rcsid[] = { (char *)rcsid, "\100(#)" msg }
168# include <ia.h> 169# include <ia.h>
169#endif 170#endif
170 171
172#ifdef HAVE_IAF_H
173# include <iaf.h>
174#endif
175
171#ifdef HAVE_TMPDIR_H 176#ifdef HAVE_TMPDIR_H
172# include <tmpdir.h> 177# include <tmpdir.h>
173#endif 178#endif
@@ -181,6 +186,10 @@ static /**/const char *const rcsid[] = { (char *)rcsid, "\100(#)" msg }
181# include <kafs.h> 186# include <kafs.h>
182#endif 187#endif
183 188
189#if defined(HAVE_SYS_SYSLOG_H)
190# include <sys/syslog.h>
191#endif
192
184/* 193/*
185 * On HP-UX 11.11, shadow.h and prot.h provide conflicting declarations 194 * On HP-UX 11.11, shadow.h and prot.h provide conflicting declarations
186 * of getspnam when _INCLUDE__STDC__ is defined, so we unset it here. 195 * of getspnam when _INCLUDE__STDC__ is defined, so we unset it here.
diff --git a/kex.c b/kex.c
index a668346c3..5dce335fe 100644
--- a/kex.c
+++ b/kex.c
@@ -23,7 +23,7 @@
23 */ 23 */
24 24
25#include "includes.h" 25#include "includes.h"
26RCSID("$OpenBSD: kex.c,v 1.60 2004/06/21 17:36:31 avsm Exp $"); 26RCSID("$OpenBSD: kex.c,v 1.64 2005/07/25 11:59:39 markus Exp $");
27 27
28#include <openssl/crypto.h> 28#include <openssl/crypto.h>
29 29
@@ -52,7 +52,7 @@ static void kex_choose_conf(Kex *);
52static void 52static void
53kex_prop2buf(Buffer *b, char *proposal[PROPOSAL_MAX]) 53kex_prop2buf(Buffer *b, char *proposal[PROPOSAL_MAX])
54{ 54{
55 int i; 55 u_int i;
56 56
57 buffer_clear(b); 57 buffer_clear(b);
58 /* 58 /*
@@ -101,7 +101,7 @@ kex_buf2prop(Buffer *raw, int *first_kex_follows)
101static void 101static void
102kex_prop_free(char **proposal) 102kex_prop_free(char **proposal)
103{ 103{
104 int i; 104 u_int i;
105 105
106 for (i = 0; i < PROPOSAL_MAX; i++) 106 for (i = 0; i < PROPOSAL_MAX; i++)
107 xfree(proposal[i]); 107 xfree(proposal[i]);
@@ -150,7 +150,7 @@ kex_send_kexinit(Kex *kex)
150{ 150{
151 u_int32_t rnd = 0; 151 u_int32_t rnd = 0;
152 u_char *cookie; 152 u_char *cookie;
153 int i; 153 u_int i;
154 154
155 if (kex == NULL) { 155 if (kex == NULL) {
156 error("kex_send_kexinit: no kex, cannot rekey"); 156 error("kex_send_kexinit: no kex, cannot rekey");
@@ -183,8 +183,7 @@ void
183kex_input_kexinit(int type, u_int32_t seq, void *ctxt) 183kex_input_kexinit(int type, u_int32_t seq, void *ctxt)
184{ 184{
185 char *ptr; 185 char *ptr;
186 int dlen; 186 u_int i, dlen;
187 int i;
188 Kex *kex = (Kex *)ctxt; 187 Kex *kex = (Kex *)ctxt;
189 188
190 debug("SSH2_MSG_KEXINIT received"); 189 debug("SSH2_MSG_KEXINIT received");
@@ -276,10 +275,12 @@ choose_comp(Comp *comp, char *client, char *server)
276 char *name = match_list(client, server, NULL); 275 char *name = match_list(client, server, NULL);
277 if (name == NULL) 276 if (name == NULL)
278 fatal("no matching comp found: client %s server %s", client, server); 277 fatal("no matching comp found: client %s server %s", client, server);
279 if (strcmp(name, "zlib") == 0) { 278 if (strcmp(name, "zlib@openssh.com") == 0) {
280 comp->type = 1; 279 comp->type = COMP_DELAYED;
280 } else if (strcmp(name, "zlib") == 0) {
281 comp->type = COMP_ZLIB;
281 } else if (strcmp(name, "none") == 0) { 282 } else if (strcmp(name, "none") == 0) {
282 comp->type = 0; 283 comp->type = COMP_NONE;
283 } else { 284 } else {
284 fatal("unsupported comp %s", name); 285 fatal("unsupported comp %s", name);
285 } 286 }
@@ -343,9 +344,7 @@ kex_choose_conf(Kex *kex)
343 char **my, **peer; 344 char **my, **peer;
344 char **cprop, **sprop; 345 char **cprop, **sprop;
345 int nenc, nmac, ncomp; 346 int nenc, nmac, ncomp;
346 int mode; 347 u_int mode, ctos, need;
347 int ctos; /* direction: if true client-to-server */
348 int need;
349 int first_kex_follows, type; 348 int first_kex_follows, type;
350 349
351 my = kex_buf2prop(&kex->my, NULL); 350 my = kex_buf2prop(&kex->my, NULL);
@@ -395,7 +394,7 @@ kex_choose_conf(Kex *kex)
395 394
396 /* ignore the next message if the proposals do not match */ 395 /* ignore the next message if the proposals do not match */
397 if (first_kex_follows && !proposals_match(my, peer) && 396 if (first_kex_follows && !proposals_match(my, peer) &&
398 !(datafellows & SSH_BUG_FIRSTKEX)) { 397 !(datafellows & SSH_BUG_FIRSTKEX)) {
399 type = packet_read(); 398 type = packet_read();
400 debug2("skipping next packet (type %u)", type); 399 debug2("skipping next packet (type %u)", type);
401 } 400 }
@@ -405,15 +404,19 @@ kex_choose_conf(Kex *kex)
405} 404}
406 405
407static u_char * 406static u_char *
408derive_key(Kex *kex, int id, int need, u_char *hash, BIGNUM *shared_secret) 407derive_key(Kex *kex, int id, u_int need, u_char *hash, BIGNUM *shared_secret)
409{ 408{
410 Buffer b; 409 Buffer b;
411 const EVP_MD *evp_md = EVP_sha1(); 410 const EVP_MD *evp_md = EVP_sha1();
412 EVP_MD_CTX md; 411 EVP_MD_CTX md;
413 char c = id; 412 char c = id;
414 int have; 413 u_int have;
415 int mdsz = EVP_MD_size(evp_md); 414 int mdsz = EVP_MD_size(evp_md);
416 u_char *digest = xmalloc(roundup(need, mdsz)); 415 u_char *digest;
416
417 if (mdsz < 0)
418 fatal("derive_key: mdsz < 0");
419 digest = xmalloc(roundup(need, mdsz));
417 420
418 buffer_init(&b); 421 buffer_init(&b);
419 buffer_put_bignum2(&b, shared_secret); 422 buffer_put_bignum2(&b, shared_secret);
@@ -455,7 +458,7 @@ void
455kex_derive_keys(Kex *kex, u_char *hash, BIGNUM *shared_secret) 458kex_derive_keys(Kex *kex, u_char *hash, BIGNUM *shared_secret)
456{ 459{
457 u_char *keys[NKEYS]; 460 u_char *keys[NKEYS];
458 int i, mode, ctos; 461 u_int i, mode, ctos;
459 462
460 for (i = 0; i < NKEYS; i++) 463 for (i = 0; i < NKEYS; i++)
461 keys[i] = derive_key(kex, 'A'+i, kex->we_need, hash, shared_secret); 464 keys[i] = derive_key(kex, 'A'+i, kex->we_need, hash, shared_secret);
@@ -493,13 +496,13 @@ derive_ssh1_session_id(BIGNUM *host_modulus, BIGNUM *server_modulus,
493 EVP_DigestInit(&md, evp_md); 496 EVP_DigestInit(&md, evp_md);
494 497
495 len = BN_num_bytes(host_modulus); 498 len = BN_num_bytes(host_modulus);
496 if (len < (512 / 8) || len > sizeof(nbuf)) 499 if (len < (512 / 8) || (u_int)len > sizeof(nbuf))
497 fatal("%s: bad host modulus (len %d)", __func__, len); 500 fatal("%s: bad host modulus (len %d)", __func__, len);
498 BN_bn2bin(host_modulus, nbuf); 501 BN_bn2bin(host_modulus, nbuf);
499 EVP_DigestUpdate(&md, nbuf, len); 502 EVP_DigestUpdate(&md, nbuf, len);
500 503
501 len = BN_num_bytes(server_modulus); 504 len = BN_num_bytes(server_modulus);
502 if (len < (512 / 8) || len > sizeof(nbuf)) 505 if (len < (512 / 8) || (u_int)len > sizeof(nbuf))
503 fatal("%s: bad server modulus (len %d)", __func__, len); 506 fatal("%s: bad server modulus (len %d)", __func__, len);
504 BN_bn2bin(server_modulus, nbuf); 507 BN_bn2bin(server_modulus, nbuf);
505 EVP_DigestUpdate(&md, nbuf, len); 508 EVP_DigestUpdate(&md, nbuf, len);
@@ -518,7 +521,7 @@ derive_ssh1_session_id(BIGNUM *host_modulus, BIGNUM *server_modulus,
518void 521void
519dump_digest(char *msg, u_char *digest, int len) 522dump_digest(char *msg, u_char *digest, int len)
520{ 523{
521 int i; 524 u_int i;
522 525
523 fprintf(stderr, "%s\n", msg); 526 fprintf(stderr, "%s\n", msg);
524 for (i = 0; i< len; i++) { 527 for (i = 0; i< len; i++) {
diff --git a/kex.h b/kex.h
index d9e9d6522..3024a2717 100644
--- a/kex.h
+++ b/kex.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: kex.h,v 1.35 2004/06/13 12:53:24 djm Exp $ */ 1/* $OpenBSD: kex.h,v 1.37 2005/07/25 11:59:39 markus Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. 4 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
@@ -35,6 +35,10 @@
35#define KEX_DH14 "diffie-hellman-group14-sha1" 35#define KEX_DH14 "diffie-hellman-group14-sha1"
36#define KEX_DHGEX "diffie-hellman-group-exchange-sha1" 36#define KEX_DHGEX "diffie-hellman-group-exchange-sha1"
37 37
38#define COMP_NONE 0
39#define COMP_ZLIB 1
40#define COMP_DELAYED 2
41
38enum kex_init_proposals { 42enum kex_init_proposals {
39 PROPOSAL_KEX_ALGS, 43 PROPOSAL_KEX_ALGS,
40 PROPOSAL_SERVER_HOST_KEY_ALGS, 44 PROPOSAL_SERVER_HOST_KEY_ALGS,
@@ -83,9 +87,9 @@ struct Mac {
83 char *name; 87 char *name;
84 int enabled; 88 int enabled;
85 const EVP_MD *md; 89 const EVP_MD *md;
86 int mac_len; 90 u_int mac_len;
87 u_char *key; 91 u_char *key;
88 int key_len; 92 u_int key_len;
89}; 93};
90struct Comp { 94struct Comp {
91 int type; 95 int type;
@@ -101,7 +105,7 @@ struct Kex {
101 u_char *session_id; 105 u_char *session_id;
102 u_int session_id_len; 106 u_int session_id_len;
103 Newkeys *newkeys[MODE_MAX]; 107 Newkeys *newkeys[MODE_MAX];
104 int we_need; 108 u_int we_need;
105 int server; 109 int server;
106 char *name; 110 char *name;
107 int hostkey_type; 111 int hostkey_type;
diff --git a/key.c b/key.c
index e41930464..08c158b59 100644
--- a/key.c
+++ b/key.c
@@ -32,7 +32,7 @@
32 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 32 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
33 */ 33 */
34#include "includes.h" 34#include "includes.h"
35RCSID("$OpenBSD: key.c,v 1.57 2004/10/29 23:57:05 djm Exp $"); 35RCSID("$OpenBSD: key.c,v 1.58 2005/06/17 02:44:32 djm Exp $");
36 36
37#include <openssl/evp.h> 37#include <openssl/evp.h>
38 38
@@ -231,7 +231,7 @@ static char *
231key_fingerprint_hex(u_char *dgst_raw, u_int dgst_raw_len) 231key_fingerprint_hex(u_char *dgst_raw, u_int dgst_raw_len)
232{ 232{
233 char *retval; 233 char *retval;
234 int i; 234 u_int i;
235 235
236 retval = xmalloc(dgst_raw_len * 3 + 1); 236 retval = xmalloc(dgst_raw_len * 3 + 1);
237 retval[0] = '\0'; 237 retval[0] = '\0';
diff --git a/loginrec.c b/loginrec.c
index 361ac4cb7..c3783c991 100644
--- a/loginrec.c
+++ b/loginrec.c
@@ -165,7 +165,7 @@
165# include <libutil.h> 165# include <libutil.h>
166#endif 166#endif
167 167
168RCSID("$Id: loginrec.c,v 1.67 2005/02/15 11:19:28 dtucker Exp $"); 168RCSID("$Id: loginrec.c,v 1.70 2005/07/17 07:26:44 djm Exp $");
169 169
170/** 170/**
171 ** prototypes for helper functions in this file 171 ** prototypes for helper functions in this file
@@ -362,7 +362,7 @@ login_init_entry(struct logininfo *li, int pid, const char *username,
362 strlcpy(li->username, username, sizeof(li->username)); 362 strlcpy(li->username, username, sizeof(li->username));
363 pw = getpwnam(li->username); 363 pw = getpwnam(li->username);
364 if (pw == NULL) { 364 if (pw == NULL) {
365 fatal("%s: Cannot find user \"%s\"", __func__, 365 fatal("%s: Cannot find user \"%s\"", __func__,
366 li->username); 366 li->username);
367 } 367 }
368 li->uid = pw->pw_uid; 368 li->uid = pw->pw_uid;
@@ -374,7 +374,7 @@ login_init_entry(struct logininfo *li, int pid, const char *username,
374 return (1); 374 return (1);
375} 375}
376 376
377/* 377/*
378 * login_set_current_time(struct logininfo *) - set the current time 378 * login_set_current_time(struct logininfo *) - set the current time
379 * 379 *
380 * Set the current time in a logininfo structure. This function is 380 * Set the current time in a logininfo structure. This function is
@@ -443,8 +443,9 @@ login_write(struct logininfo *li)
443 wtmpx_write_entry(li); 443 wtmpx_write_entry(li);
444#endif 444#endif
445#ifdef CUSTOM_SYS_AUTH_RECORD_LOGIN 445#ifdef CUSTOM_SYS_AUTH_RECORD_LOGIN
446 if (li->type == LTYPE_LOGIN && 446 if (li->type == LTYPE_LOGIN &&
447 !sys_auth_record_login(li->username,li->hostname,li->line, &loginmsg)) 447 !sys_auth_record_login(li->username,li->hostname,li->line,
448 &loginmsg))
448 logit("Writing login record failed for %s", li->username); 449 logit("Writing login record failed for %s", li->username);
449#endif 450#endif
450#ifdef SSH_AUDIT_EVENTS 451#ifdef SSH_AUDIT_EVENTS
@@ -534,7 +535,7 @@ getlast_entry(struct logininfo *li)
534 * sure dst has enough space, if not just copy src (ugh) 535 * sure dst has enough space, if not just copy src (ugh)
535 */ 536 */
536char * 537char *
537line_fullname(char *dst, const char *src, int dstsize) 538line_fullname(char *dst, const char *src, u_int dstsize)
538{ 539{
539 memset(dst, '\0', dstsize); 540 memset(dst, '\0', dstsize);
540 if ((strncmp(src, "/dev/", 5) == 0) || (dstsize < (strlen(src) + 5))) 541 if ((strncmp(src, "/dev/", 5) == 0) || (dstsize < (strlen(src) + 5)))
@@ -558,7 +559,7 @@ line_stripname(char *dst, const char *src, int dstsize)
558 return (dst); 559 return (dst);
559} 560}
560 561
561/* 562/*
562 * line_abbrevname(): Return the abbreviated (usually four-character) 563 * line_abbrevname(): Return the abbreviated (usually four-character)
563 * form of the line (Just use the last <dstsize> characters of the 564 * form of the line (Just use the last <dstsize> characters of the
564 * full name.) 565 * full name.)
@@ -808,7 +809,7 @@ utmp_write_library(struct logininfo *li, struct utmp *ut)
808} 809}
809# else /* UTMP_USE_LIBRARY */ 810# else /* UTMP_USE_LIBRARY */
810 811
811/* 812/*
812 * Write a utmp entry direct to the file 813 * Write a utmp entry direct to the file
813 * This is a slightly modification of code in OpenBSD's login.c 814 * This is a slightly modification of code in OpenBSD's login.c
814 */ 815 */
@@ -852,7 +853,7 @@ utmp_write_direct(struct logininfo *li, struct utmp *ut)
852 return (0); 853 return (0);
853 } 854 }
854 if (ret != pos) { 855 if (ret != pos) {
855 logit("%s: Couldn't seek to tty %d slot in %s", 856 logit("%s: Couldn't seek to tty %d slot in %s",
856 __func__, tty, UTMP_FILE); 857 __func__, tty, UTMP_FILE);
857 return (0); 858 return (0);
858 } 859 }
@@ -1052,7 +1053,7 @@ utmpx_write_entry(struct logininfo *li)
1052 1053
1053#ifdef USE_WTMP 1054#ifdef USE_WTMP
1054 1055
1055/* 1056/*
1056 * Write a wtmp entry direct to the end of the file 1057 * Write a wtmp entry direct to the end of the file
1057 * This is a slight modification of code in OpenBSD's logwtmp.c 1058 * This is a slight modification of code in OpenBSD's logwtmp.c
1058 */ 1059 */
@@ -1113,7 +1114,7 @@ wtmp_write_entry(struct logininfo *li)
1113} 1114}
1114 1115
1115 1116
1116/* 1117/*
1117 * Notes on fetching login data from wtmp/wtmpx 1118 * Notes on fetching login data from wtmp/wtmpx
1118 * 1119 *
1119 * Logouts are usually recorded with (amongst other things) a blank 1120 * Logouts are usually recorded with (amongst other things) a blank
@@ -1157,12 +1158,12 @@ wtmp_get_entry(struct logininfo *li)
1157 li->tv_sec = li->tv_usec = 0; 1158 li->tv_sec = li->tv_usec = 0;
1158 1159
1159 if ((fd = open(WTMP_FILE, O_RDONLY)) < 0) { 1160 if ((fd = open(WTMP_FILE, O_RDONLY)) < 0) {
1160 logit("%s: problem opening %s: %s", __func__, 1161 logit("%s: problem opening %s: %s", __func__,
1161 WTMP_FILE, strerror(errno)); 1162 WTMP_FILE, strerror(errno));
1162 return (0); 1163 return (0);
1163 } 1164 }
1164 if (fstat(fd, &st) != 0) { 1165 if (fstat(fd, &st) != 0) {
1165 logit("%s: couldn't stat %s: %s", __func__, 1166 logit("%s: couldn't stat %s: %s", __func__,
1166 WTMP_FILE, strerror(errno)); 1167 WTMP_FILE, strerror(errno));
1167 close(fd); 1168 close(fd);
1168 return (0); 1169 return (0);
@@ -1177,7 +1178,7 @@ wtmp_get_entry(struct logininfo *li)
1177 1178
1178 while (!found) { 1179 while (!found) {
1179 if (atomicio(read, fd, &ut, sizeof(ut)) != sizeof(ut)) { 1180 if (atomicio(read, fd, &ut, sizeof(ut)) != sizeof(ut)) {
1180 logit("%s: read of %s failed: %s", __func__, 1181 logit("%s: read of %s failed: %s", __func__,
1181 WTMP_FILE, strerror(errno)); 1182 WTMP_FILE, strerror(errno));
1182 close (fd); 1183 close (fd);
1183 return (0); 1184 return (0);
@@ -1235,7 +1236,7 @@ wtmpx_write(struct logininfo *li, struct utmpx *utx)
1235 int fd, ret = 1; 1236 int fd, ret = 1;
1236 1237
1237 if ((fd = open(WTMPX_FILE, O_WRONLY|O_APPEND, 0)) < 0) { 1238 if ((fd = open(WTMPX_FILE, O_WRONLY|O_APPEND, 0)) < 0) {
1238 logit("%s: problem opening %s: %s", __func__, 1239 logit("%s: problem opening %s: %s", __func__,
1239 WTMPX_FILE, strerror(errno)); 1240 WTMPX_FILE, strerror(errno));
1240 return (0); 1241 return (0);
1241 } 1242 }
@@ -1322,12 +1323,12 @@ wtmpx_get_entry(struct logininfo *li)
1322 li->tv_sec = li->tv_usec = 0; 1323 li->tv_sec = li->tv_usec = 0;
1323 1324
1324 if ((fd = open(WTMPX_FILE, O_RDONLY)) < 0) { 1325 if ((fd = open(WTMPX_FILE, O_RDONLY)) < 0) {
1325 logit("%s: problem opening %s: %s", __func__, 1326 logit("%s: problem opening %s: %s", __func__,
1326 WTMPX_FILE, strerror(errno)); 1327 WTMPX_FILE, strerror(errno));
1327 return (0); 1328 return (0);
1328 } 1329 }
1329 if (fstat(fd, &st) != 0) { 1330 if (fstat(fd, &st) != 0) {
1330 logit("%s: couldn't stat %s: %s", __func__, 1331 logit("%s: couldn't stat %s: %s", __func__,
1331 WTMPX_FILE, strerror(errno)); 1332 WTMPX_FILE, strerror(errno));
1332 close(fd); 1333 close(fd);
1333 return (0); 1334 return (0);
@@ -1342,13 +1343,13 @@ wtmpx_get_entry(struct logininfo *li)
1342 1343
1343 while (!found) { 1344 while (!found) {
1344 if (atomicio(read, fd, &utx, sizeof(utx)) != sizeof(utx)) { 1345 if (atomicio(read, fd, &utx, sizeof(utx)) != sizeof(utx)) {
1345 logit("%s: read of %s failed: %s", __func__, 1346 logit("%s: read of %s failed: %s", __func__,
1346 WTMPX_FILE, strerror(errno)); 1347 WTMPX_FILE, strerror(errno));
1347 close (fd); 1348 close (fd);
1348 return (0); 1349 return (0);
1349 } 1350 }
1350 /* 1351 /*
1351 * Logouts are recorded as a blank username on a particular 1352 * Logouts are recorded as a blank username on a particular
1352 * line. So, we just need to find the username in struct utmpx 1353 * line. So, we just need to find the username in struct utmpx
1353 */ 1354 */
1354 if (wtmpx_islogin(li, &utx)) { 1355 if (wtmpx_islogin(li, &utx)) {
diff --git a/loginrec.h b/loginrec.h
index d1a12a853..8e3390178 100644
--- a/loginrec.h
+++ b/loginrec.h
@@ -35,7 +35,7 @@
35#include <netinet/in.h> 35#include <netinet/in.h>
36#include <sys/socket.h> 36#include <sys/socket.h>
37 37
38/* RCSID("$Id: loginrec.h,v 1.9 2005/02/02 06:10:11 dtucker Exp $"); */ 38/* RCSID("$Id: loginrec.h,v 1.10 2005/06/19 00:19:44 djm Exp $"); */
39 39
40/** 40/**
41 ** you should use the login_* calls to work around platform dependencies 41 ** you should use the login_* calls to work around platform dependencies
@@ -128,7 +128,7 @@ struct logininfo *login_get_lastlog(struct logininfo *li, const int uid);
128unsigned int login_get_lastlog_time(const int uid); 128unsigned int login_get_lastlog_time(const int uid);
129 129
130/* produce various forms of the line filename */ 130/* produce various forms of the line filename */
131char *line_fullname(char *dst, const char *src, int dstsize); 131char *line_fullname(char *dst, const char *src, u_int dstsize);
132char *line_stripname(char *dst, const char *src, int dstsize); 132char *line_stripname(char *dst, const char *src, int dstsize);
133char *line_abbrevname(char *dst, const char *src, int dstsize); 133char *line_abbrevname(char *dst, const char *src, int dstsize);
134 134
diff --git a/mac.c b/mac.c
index 097f0b93b..2bda5a1b9 100644
--- a/mac.c
+++ b/mac.c
@@ -23,7 +23,7 @@
23 */ 23 */
24 24
25#include "includes.h" 25#include "includes.h"
26RCSID("$OpenBSD: mac.c,v 1.6 2003/09/18 13:02:21 miod Exp $"); 26RCSID("$OpenBSD: mac.c,v 1.7 2005/06/17 02:44:32 djm Exp $");
27 27
28#include <openssl/hmac.h> 28#include <openssl/hmac.h>
29 29
@@ -51,12 +51,15 @@ struct {
51int 51int
52mac_init(Mac *mac, char *name) 52mac_init(Mac *mac, char *name)
53{ 53{
54 int i; 54 int i, evp_len;
55
55 for (i = 0; macs[i].name; i++) { 56 for (i = 0; macs[i].name; i++) {
56 if (strcmp(name, macs[i].name) == 0) { 57 if (strcmp(name, macs[i].name) == 0) {
57 if (mac != NULL) { 58 if (mac != NULL) {
58 mac->md = (*macs[i].mdfunc)(); 59 mac->md = (*macs[i].mdfunc)();
59 mac->key_len = mac->mac_len = EVP_MD_size(mac->md); 60 if ((evp_len = EVP_MD_size(mac->md)) <= 0)
61 fatal("mac %s len %d", name, evp_len);
62 mac->key_len = mac->mac_len = (u_int)evp_len;
60 if (macs[i].truncatebits != 0) 63 if (macs[i].truncatebits != 0)
61 mac->mac_len = macs[i].truncatebits/8; 64 mac->mac_len = macs[i].truncatebits/8;
62 } 65 }
@@ -77,7 +80,7 @@ mac_compute(Mac *mac, u_int32_t seqno, u_char *data, int datalen)
77 80
78 if (mac->key == NULL) 81 if (mac->key == NULL)
79 fatal("mac_compute: no key"); 82 fatal("mac_compute: no key");
80 if ((u_int)mac->mac_len > sizeof(m)) 83 if (mac->mac_len > sizeof(m))
81 fatal("mac_compute: mac too long"); 84 fatal("mac_compute: mac too long");
82 HMAC_Init(&c, mac->key, mac->key_len, mac->md); 85 HMAC_Init(&c, mac->key, mac->key_len, mac->md);
83 PUT_32BIT(b, seqno); 86 PUT_32BIT(b, seqno);
diff --git a/match.c b/match.c
index 3ddb62730..29fb7dab9 100644
--- a/match.c
+++ b/match.c
@@ -35,7 +35,7 @@
35 */ 35 */
36 36
37#include "includes.h" 37#include "includes.h"
38RCSID("$OpenBSD: match.c,v 1.19 2002/03/01 13:12:10 markus Exp $"); 38RCSID("$OpenBSD: match.c,v 1.20 2005/06/17 02:44:32 djm Exp $");
39 39
40#include "match.h" 40#include "match.h"
41#include "xmalloc.h" 41#include "xmalloc.h"
@@ -254,7 +254,7 @@ match_list(const char *client, const char *server, u_int *next)
254 ret = xstrdup(p); 254 ret = xstrdup(p);
255 if (next != NULL) 255 if (next != NULL)
256 *next = (cp == NULL) ? 256 *next = (cp == NULL) ?
257 strlen(c) : cp - c; 257 strlen(c) : (u_int)(cp - c);
258 xfree(c); 258 xfree(c);
259 xfree(s); 259 xfree(s);
260 return ret; 260 return ret;
diff --git a/mdoc2man.awk b/mdoc2man.awk
index 4e72cdc1c..d6eaf4601 100644
--- a/mdoc2man.awk
+++ b/mdoc2man.awk
@@ -140,6 +140,9 @@ function add(str) {
140 } else if(match(words[w],"^Dt$")) { 140 } else if(match(words[w],"^Dt$")) {
141 id=wtail() 141 id=wtail()
142 next 142 next
143 } else if(match(words[w],"^Ox$")) {
144 add("OpenBSD")
145 skip=1
143 } else if(match(words[w],"^Os$")) { 146 } else if(match(words[w],"^Os$")) {
144 add(".TH " id " \"" date "\" \"" wtail() "\"") 147 add(".TH " id " \"" date "\" \"" wtail() "\"")
145 } else if(match(words[w],"^Sh$")) { 148 } else if(match(words[w],"^Sh$")) {
diff --git a/misc.c b/misc.c
index 7adbcea1c..2dd8ae6e3 100644
--- a/misc.c
+++ b/misc.c
@@ -1,5 +1,6 @@
1/* 1/*
2 * Copyright (c) 2000 Markus Friedl. All rights reserved. 2 * Copyright (c) 2000 Markus Friedl. All rights reserved.
3 * Copyright (c) 2005 Damien Miller. All rights reserved.
3 * 4 *
4 * Redistribution and use in source and binary forms, with or without 5 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions 6 * modification, are permitted provided that the following conditions
@@ -23,7 +24,7 @@
23 */ 24 */
24 25
25#include "includes.h" 26#include "includes.h"
26RCSID("$OpenBSD: misc.c,v 1.29 2005/03/10 22:01:05 deraadt Exp $"); 27RCSID("$OpenBSD: misc.c,v 1.34 2005/07/08 09:26:18 dtucker Exp $");
27 28
28#include "misc.h" 29#include "misc.h"
29#include "log.h" 30#include "log.h"
@@ -376,6 +377,114 @@ addargs(arglist *args, char *fmt, ...)
376} 377}
377 378
378/* 379/*
380 * Expands tildes in the file name. Returns data allocated by xmalloc.
381 * Warning: this calls getpw*.
382 */
383char *
384tilde_expand_filename(const char *filename, uid_t uid)
385{
386 const char *path;
387 char user[128], ret[MAXPATHLEN];
388 struct passwd *pw;
389 u_int len, slash;
390
391 if (*filename != '~')
392 return (xstrdup(filename));
393 filename++;
394
395 path = strchr(filename, '/');
396 if (path != NULL && path > filename) { /* ~user/path */
397 slash = path - filename;
398 if (slash > sizeof(user) - 1)
399 fatal("tilde_expand_filename: ~username too long");
400 memcpy(user, filename, slash);
401 user[slash] = '\0';
402 if ((pw = getpwnam(user)) == NULL)
403 fatal("tilde_expand_filename: No such user %s", user);
404 } else if ((pw = getpwuid(uid)) == NULL) /* ~/path */
405 fatal("tilde_expand_filename: No such uid %d", uid);
406
407 if (strlcpy(ret, pw->pw_dir, sizeof(ret)) >= sizeof(ret))
408 fatal("tilde_expand_filename: Path too long");
409
410 /* Make sure directory has a trailing '/' */
411 len = strlen(pw->pw_dir);
412 if ((len == 0 || pw->pw_dir[len - 1] != '/') &&
413 strlcat(ret, "/", sizeof(ret)) >= sizeof(ret))
414 fatal("tilde_expand_filename: Path too long");
415
416 /* Skip leading '/' from specified path */
417 if (path != NULL)
418 filename = path + 1;
419 if (strlcat(ret, filename, sizeof(ret)) >= sizeof(ret))
420 fatal("tilde_expand_filename: Path too long");
421
422 return (xstrdup(ret));
423}
424
425/*
426 * Expand a string with a set of %[char] escapes. A number of escapes may be
427 * specified as (char *escape_chars, char *replacement) pairs. The list must
428 * be terminated by a NULL escape_char. Returns replaced string in memory
429 * allocated by xmalloc.
430 */
431char *
432percent_expand(const char *string, ...)
433{
434#define EXPAND_MAX_KEYS 16
435 struct {
436 const char *key;
437 const char *repl;
438 } keys[EXPAND_MAX_KEYS];
439 u_int num_keys, i, j;
440 char buf[4096];
441 va_list ap;
442
443 /* Gather keys */
444 va_start(ap, string);
445 for (num_keys = 0; num_keys < EXPAND_MAX_KEYS; num_keys++) {
446 keys[num_keys].key = va_arg(ap, char *);
447 if (keys[num_keys].key == NULL)
448 break;
449 keys[num_keys].repl = va_arg(ap, char *);
450 if (keys[num_keys].repl == NULL)
451 fatal("percent_expand: NULL replacement");
452 }
453 va_end(ap);
454
455 if (num_keys >= EXPAND_MAX_KEYS)
456 fatal("percent_expand: too many keys");
457
458 /* Expand string */
459 *buf = '\0';
460 for (i = 0; *string != '\0'; string++) {
461 if (*string != '%') {
462 append:
463 buf[i++] = *string;
464 if (i >= sizeof(buf))
465 fatal("percent_expand: string too long");
466 buf[i] = '\0';
467 continue;
468 }
469 string++;
470 if (*string == '%')
471 goto append;
472 for (j = 0; j < num_keys; j++) {
473 if (strchr(keys[j].key, *string) != NULL) {
474 i = strlcat(buf, keys[j].repl, sizeof(buf));
475 if (i >= sizeof(buf))
476 fatal("percent_expand: string too long");
477 break;
478 }
479 }
480 if (j >= num_keys)
481 fatal("percent_expand: unknown key %%%c", *string);
482 }
483 return (xstrdup(buf));
484#undef EXPAND_MAX_KEYS
485}
486
487/*
379 * Read an entire line from a public key file into a static buffer, discarding 488 * Read an entire line from a public key file into a static buffer, discarding
380 * lines that exceed the buffer size. Returns 0 on success, -1 on failure. 489 * lines that exceed the buffer size. Returns 0 on success, -1 on failure.
381 */ 490 */
@@ -397,3 +506,20 @@ read_keyfile_line(FILE *f, const char *filename, char *buf, size_t bufsz,
397 } 506 }
398 return -1; 507 return -1;
399} 508}
509
510char *
511tohex(const u_char *d, u_int l)
512{
513 char b[3], *r;
514 u_int i, hl;
515
516 hl = l * 2 + 1;
517 r = xmalloc(hl);
518 *r = '\0';
519 for (i = 0; i < l; i++) {
520 snprintf(b, sizeof(b), "%02x", d[i]);
521 strlcat(r, b, hl);
522 }
523 return (r);
524}
525
diff --git a/misc.h b/misc.h
index 8bbc87f0d..2d630feb5 100644
--- a/misc.h
+++ b/misc.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: misc.h,v 1.21 2005/03/01 10:09:52 djm Exp $ */ 1/* $OpenBSD: misc.h,v 1.25 2005/07/14 04:00:43 dtucker Exp $ */
2 2
3/* 3/*
4 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -24,6 +24,9 @@ char *hpdelim(char **);
24char *cleanhostname(char *); 24char *cleanhostname(char *);
25char *colon(char *); 25char *colon(char *);
26long convtime(const char *); 26long convtime(const char *);
27char *tilde_expand_filename(const char *, uid_t);
28char *percent_expand(const char *, ...) __attribute__((__sentinel__));
29char *tohex(const u_char *, u_int);
27 30
28struct passwd *pwcopy(struct passwd *); 31struct passwd *pwcopy(struct passwd *);
29 32
@@ -35,10 +38,6 @@ struct arglist {
35}; 38};
36void addargs(arglist *, char *, ...) __attribute__((format(printf, 2, 3))); 39void addargs(arglist *, char *, ...) __attribute__((format(printf, 2, 3)));
37 40
38/* tildexpand.c */
39
40char *tilde_expand_filename(const char *, uid_t);
41
42/* readpass.c */ 41/* readpass.c */
43 42
44#define RP_ECHO 0x0001 43#define RP_ECHO 0x0001
diff --git a/moduli.c b/moduli.c
index 8b05248e2..d53806ea6 100644
--- a/moduli.c
+++ b/moduli.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: moduli.c,v 1.10 2005/01/17 03:25:46 dtucker Exp $ */ 1/* $OpenBSD: moduli.c,v 1.12 2005/07/17 07:17:55 djm Exp $ */
2/* 2/*
3 * Copyright 1994 Phil Karn <karn@qualcomm.com> 3 * Copyright 1994 Phil Karn <karn@qualcomm.com>
4 * Copyright 1996-1998, 2003 William Allen Simpson <wsimpson@greendragon.com> 4 * Copyright 1996-1998, 2003 William Allen Simpson <wsimpson@greendragon.com>
@@ -112,22 +112,22 @@
112#define TINY_NUMBER (1UL<<16) 112#define TINY_NUMBER (1UL<<16)
113 113
114/* Ensure enough bit space for testing 2*q. */ 114/* Ensure enough bit space for testing 2*q. */
115#define TEST_MAXIMUM (1UL<<16) 115#define TEST_MAXIMUM (1UL<<16)
116#define TEST_MINIMUM (QSIZE_MINIMUM + 1) 116#define TEST_MINIMUM (QSIZE_MINIMUM + 1)
117/* real TEST_MINIMUM (1UL << (SHIFT_WORD - TEST_POWER)) */ 117/* real TEST_MINIMUM (1UL << (SHIFT_WORD - TEST_POWER)) */
118#define TEST_POWER (3) /* 2**n, n < SHIFT_WORD */ 118#define TEST_POWER (3) /* 2**n, n < SHIFT_WORD */
119 119
120/* bit operations on 32-bit words */ 120/* bit operations on 32-bit words */
121#define BIT_CLEAR(a,n) ((a)[(n)>>SHIFT_WORD] &= ~(1L << ((n) & 31))) 121#define BIT_CLEAR(a,n) ((a)[(n)>>SHIFT_WORD] &= ~(1L << ((n) & 31)))
122#define BIT_SET(a,n) ((a)[(n)>>SHIFT_WORD] |= (1L << ((n) & 31))) 122#define BIT_SET(a,n) ((a)[(n)>>SHIFT_WORD] |= (1L << ((n) & 31)))
123#define BIT_TEST(a,n) ((a)[(n)>>SHIFT_WORD] & (1L << ((n) & 31))) 123#define BIT_TEST(a,n) ((a)[(n)>>SHIFT_WORD] & (1L << ((n) & 31)))
124 124
125/* 125/*
126 * Prime testing defines 126 * Prime testing defines
127 */ 127 */
128 128
129/* Minimum number of primality tests to perform */ 129/* Minimum number of primality tests to perform */
130#define TRIAL_MINIMUM (4) 130#define TRIAL_MINIMUM (4)
131 131
132/* 132/*
133 * Sieving data (XXX - move to struct) 133 * Sieving data (XXX - move to struct)
@@ -144,7 +144,7 @@ static u_int32_t *LargeSieve, largewords, largetries, largenumbers;
144static u_int32_t largebits, largememory; /* megabytes */ 144static u_int32_t largebits, largememory; /* megabytes */
145static BIGNUM *largebase; 145static BIGNUM *largebase;
146 146
147int gen_candidates(FILE *, int, int, BIGNUM *); 147int gen_candidates(FILE *, u_int32_t, u_int32_t, BIGNUM *);
148int prime_test(FILE *, FILE *, u_int32_t, u_int32_t); 148int prime_test(FILE *, FILE *, u_int32_t, u_int32_t);
149 149
150/* 150/*
@@ -241,19 +241,20 @@ sieve_large(u_int32_t s)
241 * The list is checked against small known primes (less than 2**30). 241 * The list is checked against small known primes (less than 2**30).
242 */ 242 */
243int 243int
244gen_candidates(FILE *out, int memory, int power, BIGNUM *start) 244gen_candidates(FILE *out, u_int32_t memory, u_int32_t power, BIGNUM *start)
245{ 245{
246 BIGNUM *q; 246 BIGNUM *q;
247 u_int32_t j, r, s, t; 247 u_int32_t j, r, s, t;
248 u_int32_t smallwords = TINY_NUMBER >> 6; 248 u_int32_t smallwords = TINY_NUMBER >> 6;
249 u_int32_t tinywords = TINY_NUMBER >> 6; 249 u_int32_t tinywords = TINY_NUMBER >> 6;
250 time_t time_start, time_stop; 250 time_t time_start, time_stop;
251 int i, ret = 0; 251 u_int32_t i;
252 int ret = 0;
252 253
253 largememory = memory; 254 largememory = memory;
254 255
255 if (memory != 0 && 256 if (memory != 0 &&
256 (memory < LARGE_MINIMUM || memory > LARGE_MAXIMUM)) { 257 (memory < LARGE_MINIMUM || memory > LARGE_MAXIMUM)) {
257 error("Invalid memory amount (min %ld, max %ld)", 258 error("Invalid memory amount (min %ld, max %ld)",
258 LARGE_MINIMUM, LARGE_MAXIMUM); 259 LARGE_MINIMUM, LARGE_MAXIMUM);
259 return (-1); 260 return (-1);
@@ -371,8 +372,8 @@ gen_candidates(FILE *out, int memory, int power, BIGNUM *start)
371 * fencepost errors, the last pass is skipped. 372 * fencepost errors, the last pass is skipped.
372 */ 373 */
373 for (smallbase = TINY_NUMBER + 3; 374 for (smallbase = TINY_NUMBER + 3;
374 smallbase < (SMALL_MAXIMUM - TINY_NUMBER); 375 smallbase < (SMALL_MAXIMUM - TINY_NUMBER);
375 smallbase += TINY_NUMBER) { 376 smallbase += TINY_NUMBER) {
376 for (i = 0; i < tinybits; i++) { 377 for (i = 0; i < tinybits; i++) {
377 if (BIT_TEST(TinySieve, i)) 378 if (BIT_TEST(TinySieve, i))
378 continue; /* 2*i+3 is composite */ 379 continue; /* 2*i+3 is composite */
@@ -548,7 +549,7 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted)
548 * due to earlier inconsistencies in interpretation, check 549 * due to earlier inconsistencies in interpretation, check
549 * the proposed bit size. 550 * the proposed bit size.
550 */ 551 */
551 if (BN_num_bits(p) != (in_size + 1)) { 552 if ((u_int32_t)BN_num_bits(p) != (in_size + 1)) {
552 debug2("%10u: bit size %u mismatch", count_in, in_size); 553 debug2("%10u: bit size %u mismatch", count_in, in_size);
553 continue; 554 continue;
554 } 555 }
diff --git a/monitor.c b/monitor.c
index c751179b5..081aabbdc 100644
--- a/monitor.c
+++ b/monitor.c
@@ -875,8 +875,8 @@ int
875mm_answer_pam_query(int sock, Buffer *m) 875mm_answer_pam_query(int sock, Buffer *m)
876{ 876{
877 char *name, *info, **prompts; 877 char *name, *info, **prompts;
878 u_int num, *echo_on; 878 u_int i, num, *echo_on;
879 int i, ret; 879 int ret;
880 880
881 debug3("%s", __func__); 881 debug3("%s", __func__);
882 sshpam_authok = NULL; 882 sshpam_authok = NULL;
@@ -909,8 +909,8 @@ int
909mm_answer_pam_respond(int sock, Buffer *m) 909mm_answer_pam_respond(int sock, Buffer *m)
910{ 910{
911 char **resp; 911 char **resp;
912 u_int num; 912 u_int i, num;
913 int i, ret; 913 int ret;
914 914
915 debug3("%s", __func__); 915 debug3("%s", __func__);
916 sshpam_authok = NULL; 916 sshpam_authok = NULL;
diff --git a/monitor_wrap.c b/monitor_wrap.c
index e005a4505..d8814682a 100644
--- a/monitor_wrap.c
+++ b/monitor_wrap.c
@@ -25,7 +25,7 @@
25 */ 25 */
26 26
27#include "includes.h" 27#include "includes.h"
28RCSID("$OpenBSD: monitor_wrap.c,v 1.39 2004/07/17 05:31:41 dtucker Exp $"); 28RCSID("$OpenBSD: monitor_wrap.c,v 1.40 2005/05/24 17:32:43 avsm Exp $");
29 29
30#include <openssl/bn.h> 30#include <openssl/bn.h>
31#include <openssl/dh.h> 31#include <openssl/dh.h>
@@ -95,9 +95,9 @@ mm_request_send(int sock, enum monitor_reqtype type, Buffer *m)
95 PUT_32BIT(buf, mlen + 1); 95 PUT_32BIT(buf, mlen + 1);
96 buf[4] = (u_char) type; /* 1st byte of payload is mesg-type */ 96 buf[4] = (u_char) type; /* 1st byte of payload is mesg-type */
97 if (atomicio(vwrite, sock, buf, sizeof(buf)) != sizeof(buf)) 97 if (atomicio(vwrite, sock, buf, sizeof(buf)) != sizeof(buf))
98 fatal("%s: write", __func__); 98 fatal("%s: write: %s", __func__, strerror(errno));
99 if (atomicio(vwrite, sock, buffer_ptr(m), mlen) != mlen) 99 if (atomicio(vwrite, sock, buffer_ptr(m), mlen) != mlen)
100 fatal("%s: write", __func__); 100 fatal("%s: write: %s", __func__, strerror(errno));
101} 101}
102 102
103void 103void
@@ -105,24 +105,21 @@ mm_request_receive(int sock, Buffer *m)
105{ 105{
106 u_char buf[4]; 106 u_char buf[4];
107 u_int msg_len; 107 u_int msg_len;
108 ssize_t res;
109 108
110 debug3("%s entering", __func__); 109 debug3("%s entering", __func__);
111 110
112 res = atomicio(read, sock, buf, sizeof(buf)); 111 if (atomicio(read, sock, buf, sizeof(buf)) != sizeof(buf)) {
113 if (res != sizeof(buf)) { 112 if (errno == EPIPE)
114 if (res == 0)
115 cleanup_exit(255); 113 cleanup_exit(255);
116 fatal("%s: read: %ld", __func__, (long)res); 114 fatal("%s: read: %s", __func__, strerror(errno));
117 } 115 }
118 msg_len = GET_32BIT(buf); 116 msg_len = GET_32BIT(buf);
119 if (msg_len > 256 * 1024) 117 if (msg_len > 256 * 1024)
120 fatal("%s: read: bad msg_len %d", __func__, msg_len); 118 fatal("%s: read: bad msg_len %d", __func__, msg_len);
121 buffer_clear(m); 119 buffer_clear(m);
122 buffer_append_space(m, msg_len); 120 buffer_append_space(m, msg_len);
123 res = atomicio(read, sock, buffer_ptr(m), msg_len); 121 if (atomicio(read, sock, buffer_ptr(m), msg_len) != msg_len)
124 if (res != msg_len) 122 fatal("%s: read: %s", __func__, strerror(errno));
125 fatal("%s: read: %ld != msg_len", __func__, (long)res);
126} 123}
127 124
128void 125void
@@ -768,7 +765,8 @@ mm_sshpam_query(void *ctx, char **name, char **info,
768 u_int *num, char ***prompts, u_int **echo_on) 765 u_int *num, char ***prompts, u_int **echo_on)
769{ 766{
770 Buffer m; 767 Buffer m;
771 int i, ret; 768 u_int i;
769 int ret;
772 770
773 debug3("%s", __func__); 771 debug3("%s", __func__);
774 buffer_init(&m); 772 buffer_init(&m);
@@ -794,7 +792,8 @@ int
794mm_sshpam_respond(void *ctx, u_int num, char **resp) 792mm_sshpam_respond(void *ctx, u_int num, char **resp)
795{ 793{
796 Buffer m; 794 Buffer m;
797 int i, ret; 795 u_int i;
796 int ret;
798 797
799 debug3("%s", __func__); 798 debug3("%s", __func__);
800 buffer_init(&m); 799 buffer_init(&m);
diff --git a/mpaux.c b/mpaux.c
deleted file mode 100644
index 0c486275f..000000000
--- a/mpaux.c
+++ /dev/null
@@ -1,46 +0,0 @@
1/*
2 * Author: Tatu Ylonen <ylo@cs.hut.fi>
3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4 * All rights reserved
5 * This file contains various auxiliary functions related to multiple
6 * precision integers.
7 *
8 * As far as I am concerned, the code I have written for this software
9 * can be used freely for any purpose. Any derived versions of this
10 * software must be clearly marked as such, and if the derived work is
11 * incompatible with the protocol description in the RFC file, it must be
12 * called by a name other than "ssh" or "Secure Shell".
13 */
14
15#include "includes.h"
16RCSID("$OpenBSD: mpaux.c,v 1.16 2001/02/08 19:30:52 itojun Exp $");
17
18#include <openssl/bn.h>
19#include "getput.h"
20#include "xmalloc.h"
21
22#include <openssl/md5.h>
23
24#include "mpaux.h"
25
26void
27compute_session_id(u_char session_id[16],
28 u_char cookie[8],
29 BIGNUM* host_key_n,
30 BIGNUM* session_key_n)
31{
32 u_int host_key_bytes = BN_num_bytes(host_key_n);
33 u_int session_key_bytes = BN_num_bytes(session_key_n);
34 u_int bytes = host_key_bytes + session_key_bytes;
35 u_char *buf = xmalloc(bytes);
36 MD5_CTX md;
37
38 BN_bn2bin(host_key_n, buf);
39 BN_bn2bin(session_key_n, buf + host_key_bytes);
40 MD5_Init(&md);
41 MD5_Update(&md, buf, bytes);
42 MD5_Update(&md, cookie, 8);
43 MD5_Final(session_id, &md);
44 memset(buf, 0, bytes);
45 xfree(buf);
46}
diff --git a/mpaux.h b/mpaux.h
deleted file mode 100644
index 2a312f5cb..000000000
--- a/mpaux.h
+++ /dev/null
@@ -1,22 +0,0 @@
1/* $OpenBSD: mpaux.h,v 1.12 2002/03/04 17:27:39 stevesk Exp $ */
2
3/*
4 * Author: Tatu Ylonen <ylo@cs.hut.fi>
5 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
6 * All rights reserved
7 * This file contains various auxiliary functions related to multiple
8 * precision integers.
9 *
10 * As far as I am concerned, the code I have written for this software
11 * can be used freely for any purpose. Any derived versions of this
12 * software must be clearly marked as such, and if the derived work is
13 * incompatible with the protocol description in the RFC file, it must be
14 * called by a name other than "ssh" or "Secure Shell".
15 */
16
17#ifndef MPAUX_H
18#define MPAUX_H
19
20void compute_session_id(u_char[16], u_char[8], BIGNUM *, BIGNUM *);
21
22#endif /* MPAUX_H */
diff --git a/msg.c b/msg.c
index 30bc3f107..3e4c2882c 100644
--- a/msg.c
+++ b/msg.c
@@ -22,7 +22,7 @@
22 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 22 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
23 */ 23 */
24#include "includes.h" 24#include "includes.h"
25RCSID("$OpenBSD: msg.c,v 1.7 2003/11/17 09:45:39 djm Exp $"); 25RCSID("$OpenBSD: msg.c,v 1.8 2005/05/24 17:32:43 avsm Exp $");
26 26
27#include "buffer.h" 27#include "buffer.h"
28#include "getput.h" 28#include "getput.h"
@@ -55,15 +55,13 @@ int
55ssh_msg_recv(int fd, Buffer *m) 55ssh_msg_recv(int fd, Buffer *m)
56{ 56{
57 u_char buf[4]; 57 u_char buf[4];
58 ssize_t res;
59 u_int msg_len; 58 u_int msg_len;
60 59
61 debug3("ssh_msg_recv entering"); 60 debug3("ssh_msg_recv entering");
62 61
63 res = atomicio(read, fd, buf, sizeof(buf)); 62 if (atomicio(read, fd, buf, sizeof(buf)) != sizeof(buf)) {
64 if (res != sizeof(buf)) { 63 if (errno != EPIPE)
65 if (res != 0) 64 error("ssh_msg_recv: read: header");
66 error("ssh_msg_recv: read: header %ld", (long)res);
67 return (-1); 65 return (-1);
68 } 66 }
69 msg_len = GET_32BIT(buf); 67 msg_len = GET_32BIT(buf);
@@ -73,9 +71,8 @@ ssh_msg_recv(int fd, Buffer *m)
73 } 71 }
74 buffer_clear(m); 72 buffer_clear(m);
75 buffer_append_space(m, msg_len); 73 buffer_append_space(m, msg_len);
76 res = atomicio(read, fd, buffer_ptr(m), msg_len); 74 if (atomicio(read, fd, buffer_ptr(m), msg_len) != msg_len) {
77 if (res != msg_len) { 75 error("ssh_msg_recv: read: %s", strerror(errno));
78 error("ssh_msg_recv: read: %ld != msg_len", (long)res);
79 return (-1); 76 return (-1);
80 } 77 }
81 return (0); 78 return (0);
diff --git a/myproposal.h b/myproposal.h
index 228ed6882..d8cba1caf 100644
--- a/myproposal.h
+++ b/myproposal.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: myproposal.h,v 1.16 2004/06/13 12:53:24 djm Exp $ */ 1/* $OpenBSD: myproposal.h,v 1.18 2005/07/25 11:59:39 markus Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2000 Markus Friedl. All rights reserved. 4 * Copyright (c) 2000 Markus Friedl. All rights reserved.
@@ -28,14 +28,15 @@
28 "diffie-hellman-group1-sha1" 28 "diffie-hellman-group1-sha1"
29#define KEX_DEFAULT_PK_ALG "ssh-rsa,ssh-dss" 29#define KEX_DEFAULT_PK_ALG "ssh-rsa,ssh-dss"
30#define KEX_DEFAULT_ENCRYPT \ 30#define KEX_DEFAULT_ENCRYPT \
31 "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour," \ 31 "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \
32 "arcfour128,arcfour256,arcfour," \
32 "aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se," \ 33 "aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se," \
33 "aes128-ctr,aes192-ctr,aes256-ctr" 34 "aes128-ctr,aes192-ctr,aes256-ctr"
34#define KEX_DEFAULT_MAC \ 35#define KEX_DEFAULT_MAC \
35 "hmac-md5,hmac-sha1,hmac-ripemd160," \ 36 "hmac-md5,hmac-sha1,hmac-ripemd160," \
36 "hmac-ripemd160@openssh.com," \ 37 "hmac-ripemd160@openssh.com," \
37 "hmac-sha1-96,hmac-md5-96" 38 "hmac-sha1-96,hmac-md5-96"
38#define KEX_DEFAULT_COMP "none,zlib" 39#define KEX_DEFAULT_COMP "none,zlib@openssh.com,zlib"
39#define KEX_DEFAULT_LANG "" 40#define KEX_DEFAULT_LANG ""
40 41
41 42
diff --git a/openbsd-compat/Makefile.in b/openbsd-compat/Makefile.in
index 0f34f2240..6f5ee2845 100644
--- a/openbsd-compat/Makefile.in
+++ b/openbsd-compat/Makefile.in
@@ -1,4 +1,4 @@
1# $Id: Makefile.in,v 1.31 2004/08/15 08:41:00 djm Exp $ 1# $Id: Makefile.in,v 1.35 2005/08/26 20:15:20 tim Exp $
2 2
3sysconfdir=@sysconfdir@ 3sysconfdir=@sysconfdir@
4piddir=@piddir@ 4piddir=@piddir@
@@ -16,11 +16,11 @@ RANLIB=@RANLIB@
16INSTALL=@INSTALL@ 16INSTALL=@INSTALL@
17LDFLAGS=-L. @LDFLAGS@ 17LDFLAGS=-L. @LDFLAGS@
18 18
19OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o getcwd.o getgrouplist.o getopt.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sigact.o strlcat.o strlcpy.o strmode.o strsep.o strtoul.o vis.o 19OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o getcwd.o getgrouplist.o getopt.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sigact.o strlcat.o strlcpy.o strmode.o strsep.o strtonum.o strtoll.o strtoul.o vis.o
20 20
21COMPAT=bsd-arc4random.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-snprintf.o bsd-waitpid.o fake-rfc2553.o xmmap.o xcrypt.o 21COMPAT=bsd-arc4random.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-snprintf.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o
22 22
23PORTS=port-irix.o port-aix.o 23PORTS=port-irix.o port-aix.o port-uw.o
24 24
25.c.o: 25.c.o:
26 $(CC) $(CFLAGS) $(CPPFLAGS) -c $< 26 $(CC) $(CFLAGS) $(CPPFLAGS) -c $<
diff --git a/openbsd-compat/bsd-cygwin_util.c b/openbsd-compat/bsd-cygwin_util.c
index ff394ec17..b5e3cc52b 100644
--- a/openbsd-compat/bsd-cygwin_util.c
+++ b/openbsd-compat/bsd-cygwin_util.c
@@ -29,7 +29,7 @@
29 29
30#include "includes.h" 30#include "includes.h"
31 31
32RCSID("$Id: bsd-cygwin_util.c,v 1.13.4.1 2005/05/25 09:42:40 dtucker Exp $"); 32RCSID("$Id: bsd-cygwin_util.c,v 1.14 2005/05/25 09:42:11 dtucker Exp $");
33 33
34#ifdef HAVE_CYGWIN 34#ifdef HAVE_CYGWIN
35 35
diff --git a/openbsd-compat/bsd-misc.c b/openbsd-compat/bsd-misc.c
index 41f92cce9..6ba9bd986 100644
--- a/openbsd-compat/bsd-misc.c
+++ b/openbsd-compat/bsd-misc.c
@@ -18,7 +18,7 @@
18#include "includes.h" 18#include "includes.h"
19#include "xmalloc.h" 19#include "xmalloc.h"
20 20
21RCSID("$Id: bsd-misc.c,v 1.26 2005/02/25 23:07:38 dtucker Exp $"); 21RCSID("$Id: bsd-misc.c,v 1.27 2005/05/27 11:13:41 dtucker Exp $");
22 22
23#ifndef HAVE___PROGNAME 23#ifndef HAVE___PROGNAME
24char *__progname; 24char *__progname;
@@ -212,3 +212,21 @@ mysignal(int sig, mysig_t act)
212 return (signal(sig, act)); 212 return (signal(sig, act));
213#endif 213#endif
214} 214}
215
216#ifndef HAVE_STRDUP
217char *
218strdup(const char *str)
219{
220 size_t len;
221 char *cp;
222
223 len = strlen(str) + 1;
224 cp = malloc(len);
225 if (cp != NULL)
226 if (strlcpy(cp, str, len) != len) {
227 free(cp);
228 return NULL;
229 }
230 return cp;
231}
232#endif
diff --git a/openbsd-compat/fake-rfc2553.h b/openbsd-compat/fake-rfc2553.h
index 636792ed7..cbcf7f727 100644
--- a/openbsd-compat/fake-rfc2553.h
+++ b/openbsd-compat/fake-rfc2553.h
@@ -1,4 +1,4 @@
1/* $Id: fake-rfc2553.h,v 1.10 2005/02/11 07:32:13 dtucker Exp $ */ 1/* $Id: fake-rfc2553.h,v 1.12 2005/08/03 05:36:21 dtucker Exp $ */
2 2
3/* 3/*
4 * Copyright (C) 2000-2003 Damien Miller. All rights reserved. 4 * Copyright (C) 2000-2003 Damien Miller. All rights reserved.
@@ -114,10 +114,16 @@ struct sockaddr_in6 {
114#endif /* !NI_MAXHOST */ 114#endif /* !NI_MAXHOST */
115 115
116#ifndef EAI_NODATA 116#ifndef EAI_NODATA
117# define EAI_NODATA 1 117# define EAI_NODATA (INT_MAX - 1)
118# define EAI_MEMORY 2 118#endif
119# define EAI_NONAME 3 119#ifndef EAI_MEMORY
120# define EAI_SYSTEM 4 120# define EAI_MEMORY (INT_MAX - 2)
121#endif
122#ifndef EAI_NONAME
123# define EAI_NONAME (INT_MAX - 3)
124#endif
125#ifndef EAI_SYSTEM
126# define EAI_SYSTEM (INT_MAX - 4)
121#endif 127#endif
122 128
123#ifndef HAVE_STRUCT_ADDRINFO 129#ifndef HAVE_STRUCT_ADDRINFO
diff --git a/openbsd-compat/getrrsetbyname.c b/openbsd-compat/getrrsetbyname.c
index 4e869c4df..2016ffe31 100644
--- a/openbsd-compat/getrrsetbyname.c
+++ b/openbsd-compat/getrrsetbyname.c
@@ -144,6 +144,8 @@ _getshort(msgp)
144 GETSHORT(u, msgp); 144 GETSHORT(u, msgp);
145 return (u); 145 return (u);
146} 146}
147#elif defined(HAVE_DECL__GETSHORT) && (HAVE_DECL__GETSHORT == 0)
148u_int16_t _getshort(register const u_char *);
147#endif 149#endif
148 150
149#ifndef HAVE__GETLONG 151#ifndef HAVE__GETLONG
@@ -156,6 +158,8 @@ _getlong(msgp)
156 GETLONG(u, msgp); 158 GETLONG(u, msgp);
157 return (u); 159 return (u);
158} 160}
161#elif defined(HAVE_DECL__GETLONG) && (HAVE_DECL__GETLONG == 0)
162u_int32_t _getlong(register const u_char *);
159#endif 163#endif
160 164
161int 165int
diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h
index 89d1454e0..ba68bc27e 100644
--- a/openbsd-compat/openbsd-compat.h
+++ b/openbsd-compat/openbsd-compat.h
@@ -1,4 +1,4 @@
1/* $Id: openbsd-compat.h,v 1.26 2004/08/15 08:41:00 djm Exp $ */ 1/* $Id: openbsd-compat.h,v 1.30 2005/08/26 20:15:20 tim Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 1999-2003 Damien Miller. All rights reserved. 4 * Copyright (c) 1999-2003 Damien Miller. All rights reserved.
@@ -152,6 +152,10 @@ int openpty(int *, int *, char *, struct termios *, struct winsize *);
152int snprintf(char *, size_t, const char *, ...); 152int snprintf(char *, size_t, const char *, ...);
153#endif 153#endif
154 154
155#ifndef HAVE_STRTONUM
156long long strtonum(const char *, long long, long long, const char **);
157#endif
158
155#ifndef HAVE_VSNPRINTF 159#ifndef HAVE_VSNPRINTF
156int vsnprintf(char *, size_t, const char *, va_list); 160int vsnprintf(char *, size_t, const char *, va_list);
157#endif 161#endif
@@ -169,5 +173,6 @@ char *shadow_pw(struct passwd *pw);
169#include "bsd-cygwin_util.h" 173#include "bsd-cygwin_util.h"
170#include "port-irix.h" 174#include "port-irix.h"
171#include "port-aix.h" 175#include "port-aix.h"
176#include "port-uw.h"
172 177
173#endif /* _OPENBSD_COMPAT_H */ 178#endif /* _OPENBSD_COMPAT_H */
diff --git a/openbsd-compat/openssl-compat.c b/openbsd-compat/openssl-compat.c
new file mode 100644
index 000000000..b690e8fe6
--- /dev/null
+++ b/openbsd-compat/openssl-compat.c
@@ -0,0 +1,46 @@
1/* $Id: openssl-compat.c,v 1.2 2005/06/17 11:15:21 dtucker Exp $ */
2
3/*
4 * Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au>
5 *
6 * Permission to use, copy, modify, and distribute this software for any
7 * purpose with or without fee is hereby granted, provided that the above
8 * copyright notice and this permission notice appear in all copies.
9 *
10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14 * WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER
15 * IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
16 * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 */
18
19#include "includes.h"
20
21#define SSH_DONT_REDEF_EVP
22#include "openssl-compat.h"
23
24#ifdef SSH_OLD_EVP
25int
26ssh_EVP_CipherInit(EVP_CIPHER_CTX *evp, const EVP_CIPHER *type,
27 unsigned char *key, unsigned char *iv, int enc)
28{
29 EVP_CipherInit(evp, type, key, iv, enc);
30 return 1;
31}
32
33int
34ssh_EVP_Cipher(EVP_CIPHER_CTX *evp, char *dst, char *src, int len)
35{
36 EVP_Cipher(evp, dst, src, len);
37 return 1;
38}
39
40int
41ssh_EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *evp)
42{
43 EVP_CIPHER_CTX_cleanup(evp);
44 return 1;
45}
46#endif
diff --git a/openbsd-compat/openssl-compat.h b/openbsd-compat/openssl-compat.h
new file mode 100644
index 000000000..d9b2fa55f
--- /dev/null
+++ b/openbsd-compat/openssl-compat.h
@@ -0,0 +1,65 @@
1/* $Id: openssl-compat.h,v 1.1 2005/06/09 11:45:11 dtucker Exp $ */
2
3/*
4 * Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au>
5 *
6 * Permission to use, copy, modify, and distribute this software for any
7 * purpose with or without fee is hereby granted, provided that the above
8 * copyright notice and this permission notice appear in all copies.
9 *
10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14 * WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER
15 * IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
16 * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 */
18
19#include "includes.h"
20#include <openssl/evp.h>
21
22#if OPENSSL_VERSION_NUMBER < 0x00906000L
23# define SSH_OLD_EVP
24# define EVP_CIPHER_CTX_get_app_data(e) ((e)->app_data)
25#endif
26
27#if OPENSSL_VERSION_NUMBER < 0x00907000L
28# define EVP_aes_128_cbc evp_rijndael
29# define EVP_aes_192_cbc evp_rijndael
30# define EVP_aes_256_cbc evp_rijndael
31extern const EVP_CIPHER *evp_rijndael(void);
32extern void ssh_rijndael_iv(EVP_CIPHER_CTX *, int, u_char *, u_int);
33#endif
34
35#if !defined(EVP_CTRL_SET_ACSS_MODE)
36# if (OPENSSL_VERSION_NUMBER >= 0x00907000L)
37# define USE_CIPHER_ACSS 1
38extern const EVP_CIPHER *evp_acss(void);
39# define EVP_acss evp_acss
40# else
41# define EVP_acss NULL
42# endif
43#endif
44
45/*
46 * insert comment here
47 */
48#ifdef SSH_OLD_EVP
49
50# ifndef SSH_DONT_REDEF_EVP
51
52# ifdef EVP_Cipher
53# undef EVP_Cipher
54# endif
55
56# define EVP_CipherInit(a,b,c,d,e) ssh_EVP_CipherInit((a),(b),(c),(d),(e))
57# define EVP_Cipher(a,b,c,d) ssh_EVP_Cipher((a),(b),(c),(d))
58# define EVP_CIPHER_CTX_cleanup(a) ssh_EVP_CIPHER_CTX_cleanup((a))
59# endif
60
61int ssh_EVP_CipherInit(EVP_CIPHER_CTX *, const EVP_CIPHER *, unsigned char *,
62 unsigned char *, int);
63int ssh_EVP_Cipher(EVP_CIPHER_CTX *, char *, char *, int);
64int ssh_EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *);
65#endif
diff --git a/openbsd-compat/port-aix.c b/openbsd-compat/port-aix.c
index cf5d4b9a3..81d8124e0 100644
--- a/openbsd-compat/port-aix.c
+++ b/openbsd-compat/port-aix.c
@@ -1,7 +1,7 @@
1/* 1/*
2 * 2 *
3 * Copyright (c) 2001 Gert Doering. All rights reserved. 3 * Copyright (c) 2001 Gert Doering. All rights reserved.
4 * Copyright (c) 2003,2004 Darren Tucker. All rights reserved. 4 * Copyright (c) 2003,2004,2005 Darren Tucker. All rights reserved.
5 * 5 *
6 * Redistribution and use in source and binary forms, with or without 6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions 7 * modification, are permitted provided that the following conditions
@@ -42,14 +42,12 @@ static char old_registry[REGISTRY_SIZE] = "";
42# endif 42# endif
43 43
44/* 44/*
45 * AIX has a "usrinfo" area where logname and other stuff is stored - 45 * AIX has a "usrinfo" area where logname and other stuff is stored -
46 * a few applications actually use this and die if it's not set 46 * a few applications actually use this and die if it's not set
47 * 47 *
48 * NOTE: TTY= should be set, but since no one uses it and it's hard to 48 * NOTE: TTY= should be set, but since no one uses it and it's hard to
49 * acquire due to privsep code. We will just drop support. 49 * acquire due to privsep code. We will just drop support.
50 */ 50 */
51
52
53void 51void
54aix_usrinfo(struct passwd *pw) 52aix_usrinfo(struct passwd *pw)
55{ 53{
@@ -60,7 +58,7 @@ aix_usrinfo(struct passwd *pw)
60 len = sizeof("LOGNAME= NAME= ") + (2 * strlen(pw->pw_name)); 58 len = sizeof("LOGNAME= NAME= ") + (2 * strlen(pw->pw_name));
61 cp = xmalloc(len); 59 cp = xmalloc(len);
62 60
63 i = snprintf(cp, len, "LOGNAME=%s%cNAME=%s%c", pw->pw_name, '\0', 61 i = snprintf(cp, len, "LOGNAME=%s%cNAME=%s%c", pw->pw_name, '\0',
64 pw->pw_name, '\0'); 62 pw->pw_name, '\0');
65 if (usrinfo(SETUINFO, cp, i) == -1) 63 if (usrinfo(SETUINFO, cp, i) == -1)
66 fatal("Couldn't set usrinfo: %s", strerror(errno)); 64 fatal("Couldn't set usrinfo: %s", strerror(errno));
@@ -153,14 +151,14 @@ aix_valid_authentications(const char *user)
153int 151int
154sys_auth_passwd(Authctxt *ctxt, const char *password) 152sys_auth_passwd(Authctxt *ctxt, const char *password)
155{ 153{
156 char *authmsg = NULL, *msg, *name = ctxt->pw->pw_name; 154 char *authmsg = NULL, *msg = NULL, *name = ctxt->pw->pw_name;
157 int authsuccess = 0, expired, reenter, result; 155 int authsuccess = 0, expired, reenter, result;
158 156
159 do { 157 do {
160 result = authenticate((char *)name, (char *)password, &reenter, 158 result = authenticate((char *)name, (char *)password, &reenter,
161 &authmsg); 159 &authmsg);
162 aix_remove_embedded_newlines(authmsg); 160 aix_remove_embedded_newlines(authmsg);
163 debug3("AIX/authenticate result %d, msg %.100s", result, 161 debug3("AIX/authenticate result %d, authmsg %.100s", result,
164 authmsg); 162 authmsg);
165 } while (reenter); 163 } while (reenter);
166 164
@@ -170,7 +168,7 @@ sys_auth_passwd(Authctxt *ctxt, const char *password)
170 if (result == 0) { 168 if (result == 0) {
171 authsuccess = 1; 169 authsuccess = 1;
172 170
173 /* 171 /*
174 * Record successful login. We don't have a pty yet, so just 172 * Record successful login. We don't have a pty yet, so just
175 * label the line as "ssh" 173 * label the line as "ssh"
176 */ 174 */
@@ -257,7 +255,7 @@ int
257sys_auth_record_login(const char *user, const char *host, const char *ttynm, 255sys_auth_record_login(const char *user, const char *host, const char *ttynm,
258 Buffer *loginmsg) 256 Buffer *loginmsg)
259{ 257{
260 char *msg; 258 char *msg = NULL;
261 int success = 0; 259 int success = 0;
262 260
263 aix_setauthdb(user); 261 aix_setauthdb(user);
diff --git a/openbsd-compat/port-aix.h b/openbsd-compat/port-aix.h
index 9e3dce4dd..37b2c12b0 100644
--- a/openbsd-compat/port-aix.h
+++ b/openbsd-compat/port-aix.h
@@ -1,8 +1,9 @@
1/* $Id: port-aix.h,v 1.25 2005/03/21 11:46:34 dtucker Exp $ */ 1/* $Id: port-aix.h,v 1.26 2005/05/28 10:28:40 dtucker Exp $ */
2 2
3/* 3/*
4 * 4 *
5 * Copyright (c) 2001 Gert Doering. All rights reserved. 5 * Copyright (c) 2001 Gert Doering. All rights reserved.
6 * Copyright (c) 2004, 2005 Darren Tucker. All rights reserved.
6 * 7 *
7 * Redistribution and use in source and binary forms, with or without 8 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions 9 * modification, are permitted provided that the following conditions
@@ -47,23 +48,23 @@
47 48
48/* These should be in the system headers but are not. */ 49/* These should be in the system headers but are not. */
49int usrinfo(int, char *, int); 50int usrinfo(int, char *, int);
50#if (HAVE_DECL_SETAUTHDB == 0) 51#if defined(HAVE_DECL_SETAUTHDB) && (HAVE_DECL_SETAUTHDB == 0)
51int setauthdb(const char *, char *); 52int setauthdb(const char *, char *);
52#endif 53#endif
53/* these may or may not be in the headers depending on the version */ 54/* these may or may not be in the headers depending on the version */
54#if (HAVE_DECL_AUTHENTICATE == 0) 55#if defined(HAVE_DECL_AUTHENTICATE) && (HAVE_DECL_AUTHENTICATE == 0)
55int authenticate(char *, char *, int *, char **); 56int authenticate(char *, char *, int *, char **);
56#endif 57#endif
57#if (HAVE_DECL_LOGINFAILED == 0) 58#if defined(HAVE_DECL_LOGINFAILED) && (HAVE_DECL_LOGINFAILED == 0)
58int loginfailed(char *, char *, char *); 59int loginfailed(char *, char *, char *);
59#endif 60#endif
60#if (HAVE_DECL_LOGINRESTRICTIONS == 0) 61#if defined(HAVE_DECL_LOGINRESTRICTIONS) && (HAVE_DECL_LOGINRESTRICTIONS == 0)
61int loginrestrictions(char *, int, char *, char **); 62int loginrestrictions(char *, int, char *, char **);
62#endif 63#endif
63#if (HAVE_DECL_LOGINSUCCESS == 0) 64#if defined(HAVE_DECL_LOGINSUCCESS) && (HAVE_DECL_LOGINSUCCESS == 0)
64int loginsuccess(char *, char *, char *, char **); 65int loginsuccess(char *, char *, char *, char **);
65#endif 66#endif
66#if (HAVE_DECL_PASSWDEXPIRED == 0) 67#if defined(HAVE_DECL_PASSWDEXPIRED) && (HAVE_DECL_PASSWDEXPIRED == 0)
67int passwdexpired(char *, char **); 68int passwdexpired(char *, char **);
68#endif 69#endif
69 70
diff --git a/openbsd-compat/port-uw.c b/openbsd-compat/port-uw.c
new file mode 100644
index 000000000..d881ff028
--- /dev/null
+++ b/openbsd-compat/port-uw.c
@@ -0,0 +1,134 @@
1/*
2 * Copyright (c) 2005 The SCO Group. All rights reserved.
3 * Copyright (c) 2005 Tim Rice. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 *
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
18 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24 */
25
26#include "includes.h"
27
28#if defined(HAVE_LIBIAF) && !defined(BROKEN_LIBIAF)
29#ifdef HAVE_CRYPT_H
30#include <crypt.h>
31#endif
32#include "packet.h"
33#include "buffer.h"
34#include "log.h"
35#include "servconf.h"
36#include "auth.h"
37#include "auth-options.h"
38
39int nischeck(char *);
40
41int
42sys_auth_passwd(Authctxt *authctxt, const char *password)
43{
44 struct passwd *pw = authctxt->pw;
45 char *encrypted_password;
46 char *salt;
47 int result;
48
49 /* Just use the supplied fake password if authctxt is invalid */
50 char *pw_password = authctxt->valid ? shadow_pw(pw) : pw->pw_passwd;
51
52 /* Check for users with no password. */
53 if (strcmp(pw_password, "") == 0 && strcmp(password, "") == 0)
54 return (1);
55
56 /* Encrypt the candidate password using the proper salt. */
57 salt = (pw_password[0] && pw_password[1]) ? pw_password : "xx";
58#ifdef UNIXWARE_LONG_PASSWORDS
59 if (!nischeck(pw->pw_name))
60 encrypted_password = bigcrypt(password, salt);
61 else
62#endif /* UNIXWARE_LONG_PASSWORDS */
63 encrypted_password = xcrypt(password, salt);
64
65 /*
66 * Authentication is accepted if the encrypted passwords
67 * are identical.
68 */
69 result = (strcmp(encrypted_password, pw_password) == 0);
70
71 if (authctxt->valid)
72 free(pw_password);
73 return(result);
74}
75
76#ifdef UNIXWARE_LONG_PASSWORDS
77int
78nischeck(char *namep)
79{
80 char password_file[] = "/etc/passwd";
81 FILE *fd;
82 struct passwd *ent = NULL;
83
84 if ((fd = fopen (password_file, "r")) == NULL) {
85 /*
86 * If the passwd file has dissapeared we are in a bad state.
87 * However, returning 0 will send us back through the
88 * authentication scheme that has checked the ia database for
89 * passwords earlier.
90 */
91 return(0);
92 }
93
94 /*
95 * fgetpwent() only reads from password file, so we know for certain
96 * that the user is local.
97 */
98 while (ent = fgetpwent(fd)) {
99 if (strcmp (ent->pw_name, namep) == 0) {
100 /* Local user */
101 fclose (fd);
102 return(0);
103 }
104 }
105
106 fclose (fd);
107 return (1);
108}
109
110#endif /* UNIXWARE_LONG_PASSWORDS */
111
112/*
113 NOTE: ia_get_logpwd() allocates memory for arg 2
114 functions that call shadow_pw() will need to free
115 */
116
117char *
118get_iaf_password(struct passwd *pw)
119{
120 char *pw_password = NULL;
121
122 uinfo_t uinfo;
123 if (!ia_openinfo(pw->pw_name,&uinfo)) {
124 ia_get_logpwd(uinfo, &pw_password);
125 if (pw_password == NULL)
126 fatal("ia_get_logpwd: Unable to get the shadow passwd");
127 ia_closeinfo(uinfo);
128 return pw_password;
129 }
130 else
131 fatal("ia_openinfo: Unable to open the shadow passwd file");
132}
133#endif /* HAVE_LIBIAF && !BROKEN_LIBIAF */
134
diff --git a/openbsd-compat/port-uw.h b/openbsd-compat/port-uw.h
new file mode 100644
index 000000000..3589b2e44
--- /dev/null
+++ b/openbsd-compat/port-uw.h
@@ -0,0 +1,30 @@
1/*
2 * Copyright (c) 2005 Tim Rice. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the
11 * documentation and/or other materials provided with the distribution.
12 *
13 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
14 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
15 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
16 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
17 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
18 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
19 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
20 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
21 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
22 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
23 */
24
25#include "includes.h"
26
27#if defined(HAVE_LIBIAF) && !defined(BROKEN_LIBIAF)
28char * get_iaf_password(struct passwd *pw);
29#endif
30
diff --git a/openbsd-compat/realpath.c b/openbsd-compat/realpath.c
index 7f73bd998..8430bec24 100644
--- a/openbsd-compat/realpath.c
+++ b/openbsd-compat/realpath.c
@@ -1,11 +1,7 @@
1/* OPENBSD ORIGINAL: lib/libc/stdlib/realpath.c */ 1/* OPENBSD ORIGINAL: lib/libc/stdlib/realpath.c */
2 2
3/* 3/*
4 * Copyright (c) 1994 4 * Copyright (c) 2003 Constantin S. Svintsoff <kostik@iclub.nsu.ru>
5 * The Regents of the University of California. All rights reserved.
6 *
7 * This code is derived from software contributed to Berkeley by
8 * Jan-Simon Pendry.
9 * 5 *
10 * Redistribution and use in source and binary forms, with or without 6 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions 7 * modification, are permitted provided that the following conditions
@@ -15,14 +11,14 @@
15 * 2. Redistributions in binary form must reproduce the above copyright 11 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the 12 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution. 13 * documentation and/or other materials provided with the distribution.
18 * 3. Neither the name of the University nor the names of its contributors 14 * 3. The names of the authors may not be used to endorse or promote
19 * may be used to endorse or promote products derived from this software 15 * products derived from this software without specific prior written
20 * without specific prior written permission. 16 * permission.
21 * 17 *
22 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 18 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 21 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
@@ -36,169 +32,165 @@
36 32
37#if !defined(HAVE_REALPATH) || defined(BROKEN_REALPATH) 33#if !defined(HAVE_REALPATH) || defined(BROKEN_REALPATH)
38 34
39#if defined(LIBC_SCCS) && !defined(lint)
40static char *rcsid = "$OpenBSD: realpath.c,v 1.11 2004/11/30 15:12:59 millert Exp $";
41#endif /* LIBC_SCCS and not lint */
42
43#include <sys/param.h> 35#include <sys/param.h>
44#include <sys/stat.h> 36#include <sys/stat.h>
45 37
46#include <errno.h> 38#include <errno.h>
47#include <fcntl.h>
48#include <stdlib.h> 39#include <stdlib.h>
49#include <string.h> 40#include <string.h>
50#include <unistd.h> 41#include <unistd.h>
51 42
52/* 43/*
53 * MAXSYMLINKS 44 * char *realpath(const char *path, char resolved[PATH_MAX]);
54 */
55#ifndef MAXSYMLINKS
56#define MAXSYMLINKS 5
57#endif
58
59/*
60 * char *realpath(const char *path, char resolved_path[MAXPATHLEN]);
61 * 45 *
62 * Find the real name of path, by removing all ".", ".." and symlink 46 * Find the real name of path, by removing all ".", ".." and symlink
63 * components. Returns (resolved) on success, or (NULL) on failure, 47 * components. Returns (resolved) on success, or (NULL) on failure,
64 * in which case the path which caused trouble is left in (resolved). 48 * in which case the path which caused trouble is left in (resolved).
65 */ 49 */
66char * 50char *
67realpath(const char *path, char *resolved) 51realpath(const char *path, char resolved[PATH_MAX])
68{ 52{
69 struct stat sb; 53 struct stat sb;
70 int fd, n, needslash, serrno; 54 char *p, *q, *s;
71 char *p, *q, wbuf[MAXPATHLEN]; 55 size_t left_len, resolved_len;
72 int symlinks = 0; 56 unsigned symlinks;
73 57 int serrno, slen;
74 /* Save the starting point. */ 58 char left[PATH_MAX], next_token[PATH_MAX], symlink[PATH_MAX];
75#ifndef HAVE_FCHDIR 59
76 char start[MAXPATHLEN]; 60 serrno = errno;
77 /* this is potentially racy but without fchdir we have no option */ 61 symlinks = 0;
78 if (getcwd(start, sizeof(start)) == NULL) { 62 if (path[0] == '/') {
79 resolved[0] = '.'; 63 resolved[0] = '/';
80 resolved[1] = '\0'; 64 resolved[1] = '\0';
81 return (NULL); 65 if (path[1] == '\0')
66 return (resolved);
67 resolved_len = 1;
68 left_len = strlcpy(left, path + 1, sizeof(left));
69 } else {
70 if (getcwd(resolved, PATH_MAX) == NULL) {
71 strlcpy(resolved, ".", PATH_MAX);
72 return (NULL);
73 }
74 resolved_len = strlen(resolved);
75 left_len = strlcpy(left, path, sizeof(left));
82 } 76 }
83#endif 77 if (left_len >= sizeof(left) || resolved_len >= PATH_MAX) {
84 if ((fd = open(".", O_RDONLY)) < 0) { 78 errno = ENAMETOOLONG;
85 resolved[0] = '.';
86 resolved[1] = '\0';
87 return (NULL); 79 return (NULL);
88 } 80 }
89 81
90 /* Convert "." -> "" to optimize away a needless lstat() and chdir() */
91 if (path[0] == '.' && path[1] == '\0')
92 path = "";
93
94 /* 82 /*
95 * Find the dirname and basename from the path to be resolved. 83 * Iterate over path components in `left'.
96 * Change directory to the dirname component.
97 * lstat the basename part.
98 * if it is a symlink, read in the value and loop.
99 * if it is a directory, then change to that directory.
100 * get the current directory name and append the basename.
101 */ 84 */
102 if (strlcpy(resolved, path, MAXPATHLEN) >= MAXPATHLEN) { 85 while (left_len != 0) {
103 serrno = ENAMETOOLONG; 86 /*
104 goto err2; 87 * Extract the next path component and adjust `left'
105 } 88 * and its length.
106loop: 89 */
107 q = strrchr(resolved, '/'); 90 p = strchr(left, '/');
108 if (q != NULL) { 91 s = p ? p : left + left_len;
109 p = q + 1; 92 if (s - left >= sizeof(next_token)) {
110 if (q == resolved) 93 errno = ENAMETOOLONG;
111 q = "/"; 94 return (NULL);
112 else {
113 do {
114 --q;
115 } while (q > resolved && *q == '/');
116 q[1] = '\0';
117 q = resolved;
118 } 95 }
119 if (chdir(q) < 0) 96 memcpy(next_token, left, s - left);
120 goto err1; 97 next_token[s - left] = '\0';
121 } else 98 left_len -= s - left;
122 p = resolved; 99 if (p != NULL)
123 100 memmove(left, s + 1, left_len + 1);
124 /* Deal with the last component. */ 101 if (resolved[resolved_len - 1] != '/') {
125 if (*p != '\0' && lstat(p, &sb) == 0) { 102 if (resolved_len + 1 >= PATH_MAX) {
126 if (S_ISLNK(sb.st_mode)) { 103 errno = ENAMETOOLONG;
127 if (++symlinks > MAXSYMLINKS) { 104 return (NULL);
128 errno = ELOOP;
129 goto err1;
130 } 105 }
131 if ((n = readlink(p, resolved, MAXPATHLEN-1)) < 0) 106 resolved[resolved_len++] = '/';
132 goto err1; 107 resolved[resolved_len] = '\0';
133 resolved[n] = '\0';
134 goto loop;
135 } 108 }
136 if (S_ISDIR(sb.st_mode)) { 109 if (next_token[0] == '\0')
137 if (chdir(p) < 0) 110 continue;
138 goto err1; 111 else if (strcmp(next_token, ".") == 0)
139 p = ""; 112 continue;
113 else if (strcmp(next_token, "..") == 0) {
114 /*
115 * Strip the last path component except when we have
116 * single "/"
117 */
118 if (resolved_len > 1) {
119 resolved[resolved_len - 1] = '\0';
120 q = strrchr(resolved, '/') + 1;
121 *q = '\0';
122 resolved_len = q - resolved;
123 }
124 continue;
140 } 125 }
141 }
142
143 /*
144 * Save the last component name and get the full pathname of
145 * the current directory.
146 */
147 if (strlcpy(wbuf, p, sizeof(wbuf)) >= sizeof(wbuf)) {
148 errno = ENAMETOOLONG;
149 goto err1;
150 }
151 if (getcwd(resolved, MAXPATHLEN) == NULL)
152 goto err1;
153
154 /*
155 * Join the two strings together, ensuring that the right thing
156 * happens if the last component is empty, or the dirname is root.
157 */
158 if (resolved[0] == '/' && resolved[1] == '\0')
159 needslash = 0;
160 else
161 needslash = 1;
162 126
163 if (*wbuf) { 127 /*
164 if (strlen(resolved) + strlen(wbuf) + needslash >= MAXPATHLEN) { 128 * Append the next path component and lstat() it. If
129 * lstat() fails we still can return successfully if
130 * there are no more path components left.
131 */
132 resolved_len = strlcat(resolved, next_token, PATH_MAX);
133 if (resolved_len >= PATH_MAX) {
165 errno = ENAMETOOLONG; 134 errno = ENAMETOOLONG;
166 goto err1; 135 return (NULL);
167 } 136 }
168 if (needslash) { 137 if (lstat(resolved, &sb) != 0) {
169 if (strlcat(resolved, "/", MAXPATHLEN) >= MAXPATHLEN) { 138 if (errno == ENOENT && p == NULL) {
170 errno = ENAMETOOLONG; 139 errno = serrno;
171 goto err1; 140 return (resolved);
172 } 141 }
142 return (NULL);
173 } 143 }
174 if (strlcat(resolved, wbuf, MAXPATHLEN) >= MAXPATHLEN) { 144 if (S_ISLNK(sb.st_mode)) {
175 errno = ENAMETOOLONG; 145 if (symlinks++ > MAXSYMLINKS) {
176 goto err1; 146 errno = ELOOP;
177 } 147 return (NULL);
178 } 148 }
149 slen = readlink(resolved, symlink, sizeof(symlink) - 1);
150 if (slen < 0)
151 return (NULL);
152 symlink[slen] = '\0';
153 if (symlink[0] == '/') {
154 resolved[1] = 0;
155 resolved_len = 1;
156 } else if (resolved_len > 1) {
157 /* Strip the last path component. */
158 resolved[resolved_len - 1] = '\0';
159 q = strrchr(resolved, '/') + 1;
160 *q = '\0';
161 resolved_len = q - resolved;
162 }
179 163
180 /* Go back to where we came from. */ 164 /*
181#ifdef HAVE_FCHDIR 165 * If there are any path components left, then
182 if (fchdir(fd) < 0) { 166 * append them to symlink. The result is placed
183#else 167 * in `left'.
184 if (chdir(start) < 0) { 168 */
185#endif 169 if (p != NULL) {
186 serrno = errno; 170 if (symlink[slen - 1] != '/') {
187 goto err2; 171 if (slen + 1 >= sizeof(symlink)) {
172 errno = ENAMETOOLONG;
173 return (NULL);
174 }
175 symlink[slen] = '/';
176 symlink[slen + 1] = 0;
177 }
178 left_len = strlcat(symlink, left, sizeof(left));
179 if (left_len >= sizeof(left)) {
180 errno = ENAMETOOLONG;
181 return (NULL);
182 }
183 }
184 left_len = strlcpy(left, symlink, sizeof(left));
185 }
188 } 186 }
189 187
190 /* It's okay if the close fails, what's an fd more or less? */ 188 /*
191 (void)close(fd); 189 * Remove trailing slash except when the resolved pathname
190 * is a single "/".
191 */
192 if (resolved_len > 1 && resolved[resolved_len - 1] == '/')
193 resolved[resolved_len - 1] = '\0';
192 return (resolved); 194 return (resolved);
193
194err1: serrno = errno;
195#ifdef HAVE_FCHDIR
196 (void)fchdir(fd);
197#else
198 chdir(start);
199#endif
200err2: (void)close(fd);
201 errno = serrno;
202 return (NULL);
203} 195}
204#endif /* !defined(HAVE_REALPATH) || defined(BROKEN_REALPATH) */ 196#endif /* !defined(HAVE_REALPATH) || defined(BROKEN_REALPATH) */
diff --git a/openbsd-compat/strtoll.c b/openbsd-compat/strtoll.c
new file mode 100644
index 000000000..60c276f8a
--- /dev/null
+++ b/openbsd-compat/strtoll.c
@@ -0,0 +1,151 @@
1/* OPENBSD ORIGINAL: lib/libc/stdlib/strtoll.c */
2
3/*-
4 * Copyright (c) 1992 The Regents of the University of California.
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. Neither the name of the University nor the names of its contributors
16 * may be used to endorse or promote products derived from this software
17 * without specific prior written permission.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 * SUCH DAMAGE.
30 */
31
32#include "includes.h"
33#ifndef HAVE_STRTOLL
34
35#if defined(LIBC_SCCS) && !defined(lint)
36static const char rcsid[] = "$OpenBSD: strtoll.c,v 1.4 2005/03/30 18:51:49 pat Exp $";
37#endif /* LIBC_SCCS and not lint */
38
39#include <sys/types.h>
40
41#include <ctype.h>
42#include <errno.h>
43#include <limits.h>
44#include <stdlib.h>
45
46/*
47 * Convert a string to a long long.
48 *
49 * Ignores `locale' stuff. Assumes that the upper and lower case
50 * alphabets and digits are each contiguous.
51 */
52long long
53strtoll(const char *nptr, char **endptr, int base)
54{
55 const char *s;
56 long long acc, cutoff;
57 int c;
58 int neg, any, cutlim;
59
60 /*
61 * Skip white space and pick up leading +/- sign if any.
62 * If base is 0, allow 0x for hex and 0 for octal, else
63 * assume decimal; if base is already 16, allow 0x.
64 */
65 s = nptr;
66 do {
67 c = (unsigned char) *s++;
68 } while (isspace(c));
69 if (c == '-') {
70 neg = 1;
71 c = *s++;
72 } else {
73 neg = 0;
74 if (c == '+')
75 c = *s++;
76 }
77 if ((base == 0 || base == 16) &&
78 c == '0' && (*s == 'x' || *s == 'X')) {
79 c = s[1];
80 s += 2;
81 base = 16;
82 }
83 if (base == 0)
84 base = c == '0' ? 8 : 10;
85
86 /*
87 * Compute the cutoff value between legal numbers and illegal
88 * numbers. That is the largest legal value, divided by the
89 * base. An input number that is greater than this value, if
90 * followed by a legal input character, is too big. One that
91 * is equal to this value may be valid or not; the limit
92 * between valid and invalid numbers is then based on the last
93 * digit. For instance, if the range for long longs is
94 * [-9223372036854775808..9223372036854775807] and the input base
95 * is 10, cutoff will be set to 922337203685477580 and cutlim to
96 * either 7 (neg==0) or 8 (neg==1), meaning that if we have
97 * accumulated a value > 922337203685477580, or equal but the
98 * next digit is > 7 (or 8), the number is too big, and we will
99 * return a range error.
100 *
101 * Set any if any `digits' consumed; make it negative to indicate
102 * overflow.
103 */
104 cutoff = neg ? LLONG_MIN : LLONG_MAX;
105 cutlim = cutoff % base;
106 cutoff /= base;
107 if (neg) {
108 if (cutlim > 0) {
109 cutlim -= base;
110 cutoff += 1;
111 }
112 cutlim = -cutlim;
113 }
114 for (acc = 0, any = 0;; c = (unsigned char) *s++) {
115 if (isdigit(c))
116 c -= '0';
117 else if (isalpha(c))
118 c -= isupper(c) ? 'A' - 10 : 'a' - 10;
119 else
120 break;
121 if (c >= base)
122 break;
123 if (any < 0)
124 continue;
125 if (neg) {
126 if (acc < cutoff || (acc == cutoff && c > cutlim)) {
127 any = -1;
128 acc = LLONG_MIN;
129 errno = ERANGE;
130 } else {
131 any = 1;
132 acc *= base;
133 acc -= c;
134 }
135 } else {
136 if (acc > cutoff || (acc == cutoff && c > cutlim)) {
137 any = -1;
138 acc = LLONG_MAX;
139 errno = ERANGE;
140 } else {
141 any = 1;
142 acc *= base;
143 acc += c;
144 }
145 }
146 }
147 if (endptr != 0)
148 *endptr = (char *) (any ? s - 1 : nptr);
149 return (acc);
150}
151#endif /* HAVE_STRTOLL */
diff --git a/openbsd-compat/strtonum.c b/openbsd-compat/strtonum.c
new file mode 100644
index 000000000..b681ed83b
--- /dev/null
+++ b/openbsd-compat/strtonum.c
@@ -0,0 +1,69 @@
1/* OPENBSD ORIGINAL: lib/libc/stdlib/strtonum.c */
2
3/* $OpenBSD: strtonum.c,v 1.6 2004/08/03 19:38:01 millert Exp $ */
4
5/*
6 * Copyright (c) 2004 Ted Unangst and Todd Miller
7 * All rights reserved.
8 *
9 * Permission to use, copy, modify, and distribute this software for any
10 * purpose with or without fee is hereby granted, provided that the above
11 * copyright notice and this permission notice appear in all copies.
12 *
13 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
14 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
15 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
16 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
17 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
18 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
19 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 */
21
22#include "includes.h"
23#ifndef HAVE_STRTONUM
24#include <limits.h>
25
26#define INVALID 1
27#define TOOSMALL 2
28#define TOOLARGE 3
29
30long long
31strtonum(const char *numstr, long long minval, long long maxval,
32 const char **errstrp)
33{
34 long long ll = 0;
35 char *ep;
36 int error = 0;
37 struct errval {
38 const char *errstr;
39 int err;
40 } ev[4] = {
41 { NULL, 0 },
42 { "invalid", EINVAL },
43 { "too small", ERANGE },
44 { "too large", ERANGE },
45 };
46
47 ev[0].err = errno;
48 errno = 0;
49 if (minval > maxval)
50 error = INVALID;
51 else {
52 ll = strtoll(numstr, &ep, 10);
53 if (numstr == ep || *ep != '\0')
54 error = INVALID;
55 else if ((ll == LLONG_MIN && errno == ERANGE) || ll < minval)
56 error = TOOSMALL;
57 else if ((ll == LLONG_MAX && errno == ERANGE) || ll > maxval)
58 error = TOOLARGE;
59 }
60 if (errstrp != NULL)
61 *errstrp = ev[error].errstr;
62 errno = ev[error].err;
63 if (error)
64 ll = 0;
65
66 return (ll);
67}
68
69#endif /* HAVE_STRTONUM */
diff --git a/openbsd-compat/xcrypt.c b/openbsd-compat/xcrypt.c
index c3cea3c86..9afa0b9f2 100644
--- a/openbsd-compat/xcrypt.c
+++ b/openbsd-compat/xcrypt.c
@@ -93,6 +93,11 @@ shadow_pw(struct passwd *pw)
93 if (spw != NULL) 93 if (spw != NULL)
94 pw_password = spw->sp_pwdp; 94 pw_password = spw->sp_pwdp;
95# endif 95# endif
96
97#if defined(HAVE_LIBIAF) && !defined(BROKEN_LIBIAF)
98 return(get_iaf_password(pw));
99#endif
100
96# if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW) 101# if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW)
97 struct passwd_adjunct *spw; 102 struct passwd_adjunct *spw;
98 if (issecure() && (spw = getpwanam(pw->pw_name)) != NULL) 103 if (issecure() && (spw = getpwanam(pw->pw_name)) != NULL)
diff --git a/packet.c b/packet.c
index e2607b20f..4becde0a4 100644
--- a/packet.c
+++ b/packet.c
@@ -37,7 +37,7 @@
37 */ 37 */
38 38
39#include "includes.h" 39#include "includes.h"
40RCSID("$OpenBSD: packet.c,v 1.116 2004/10/20 11:48:53 markus Exp $"); 40RCSID("$OpenBSD: packet.c,v 1.119 2005/07/28 17:36:22 markus Exp $");
41 41
42#include "openbsd-compat/sys-queue.h" 42#include "openbsd-compat/sys-queue.h"
43 43
@@ -118,6 +118,12 @@ static int initialized = 0;
118/* Set to true if the connection is interactive. */ 118/* Set to true if the connection is interactive. */
119static int interactive_mode = 0; 119static int interactive_mode = 0;
120 120
121/* Set to true if we are the server side. */
122static int server_side = 0;
123
124/* Set to true if we are authenticated. */
125static int after_authentication = 0;
126
121/* Session key information for Encryption and MAC */ 127/* Session key information for Encryption and MAC */
122Newkeys *newkeys[MODE_MAX]; 128Newkeys *newkeys[MODE_MAX];
123static struct packet_state { 129static struct packet_state {
@@ -627,7 +633,9 @@ set_newkeys(int mode)
627 /* Deleting the keys does not gain extra security */ 633 /* Deleting the keys does not gain extra security */
628 /* memset(enc->iv, 0, enc->block_size); 634 /* memset(enc->iv, 0, enc->block_size);
629 memset(enc->key, 0, enc->key_len); */ 635 memset(enc->key, 0, enc->key_len); */
630 if (comp->type != 0 && comp->enabled == 0) { 636 if ((comp->type == COMP_ZLIB ||
637 (comp->type == COMP_DELAYED && after_authentication)) &&
638 comp->enabled == 0) {
631 packet_init_compression(); 639 packet_init_compression();
632 if (mode == MODE_OUT) 640 if (mode == MODE_OUT)
633 buffer_compress_init_send(6); 641 buffer_compress_init_send(6);
@@ -648,6 +656,35 @@ set_newkeys(int mode)
648} 656}
649 657
650/* 658/*
659 * Delayed compression for SSH2 is enabled after authentication:
660 * This happans on the server side after a SSH2_MSG_USERAUTH_SUCCESS is sent,
661 * and on the client side after a SSH2_MSG_USERAUTH_SUCCESS is received.
662 */
663static void
664packet_enable_delayed_compress(void)
665{
666 Comp *comp = NULL;
667 int mode;
668
669 /*
670 * Remember that we are past the authentication step, so rekeying
671 * with COMP_DELAYED will turn on compression immediately.
672 */
673 after_authentication = 1;
674 for (mode = 0; mode < MODE_MAX; mode++) {
675 comp = &newkeys[mode]->comp;
676 if (comp && !comp->enabled && comp->type == COMP_DELAYED) {
677 packet_init_compression();
678 if (mode == MODE_OUT)
679 buffer_compress_init_send(6);
680 else
681 buffer_compress_init_recv();
682 comp->enabled = 1;
683 }
684 }
685}
686
687/*
651 * Finalize packet in SSH2 format (compress, mac, encrypt, enqueue) 688 * Finalize packet in SSH2 format (compress, mac, encrypt, enqueue)
652 */ 689 */
653static void 690static void
@@ -760,6 +797,8 @@ packet_send2_wrapped(void)
760 797
761 if (type == SSH2_MSG_NEWKEYS) 798 if (type == SSH2_MSG_NEWKEYS)
762 set_newkeys(MODE_OUT); 799 set_newkeys(MODE_OUT);
800 else if (type == SSH2_MSG_USERAUTH_SUCCESS && server_side)
801 packet_enable_delayed_compress();
763} 802}
764 803
765static void 804static void
@@ -1006,7 +1045,7 @@ packet_read_poll2(u_int32_t *seqnr_p)
1006 static u_int packet_length = 0; 1045 static u_int packet_length = 0;
1007 u_int padlen, need; 1046 u_int padlen, need;
1008 u_char *macbuf, *cp, type; 1047 u_char *macbuf, *cp, type;
1009 int maclen, block_size; 1048 u_int maclen, block_size;
1010 Enc *enc = NULL; 1049 Enc *enc = NULL;
1011 Mac *mac = NULL; 1050 Mac *mac = NULL;
1012 Comp *comp = NULL; 1051 Comp *comp = NULL;
@@ -1113,6 +1152,8 @@ packet_read_poll2(u_int32_t *seqnr_p)
1113 packet_disconnect("Invalid ssh2 packet type: %d", type); 1152 packet_disconnect("Invalid ssh2 packet type: %d", type);
1114 if (type == SSH2_MSG_NEWKEYS) 1153 if (type == SSH2_MSG_NEWKEYS)
1115 set_newkeys(MODE_IN); 1154 set_newkeys(MODE_IN);
1155 else if (type == SSH2_MSG_USERAUTH_SUCCESS && !server_side)
1156 packet_enable_delayed_compress();
1116#ifdef PACKET_DEBUG 1157#ifdef PACKET_DEBUG
1117 fprintf(stderr, "read/plain[%d]:\r\n", type); 1158 fprintf(stderr, "read/plain[%d]:\r\n", type);
1118 buffer_dump(&incoming_packet); 1159 buffer_dump(&incoming_packet);
@@ -1243,9 +1284,9 @@ packet_get_bignum2(BIGNUM * value)
1243} 1284}
1244 1285
1245void * 1286void *
1246packet_get_raw(int *length_ptr) 1287packet_get_raw(u_int *length_ptr)
1247{ 1288{
1248 int bytes = buffer_len(&incoming_packet); 1289 u_int bytes = buffer_len(&incoming_packet);
1249 1290
1250 if (length_ptr != NULL) 1291 if (length_ptr != NULL)
1251 *length_ptr = bytes; 1292 *length_ptr = bytes;
@@ -1538,3 +1579,15 @@ packet_set_rekey_limit(u_int32_t bytes)
1538{ 1579{
1539 rekey_limit = bytes; 1580 rekey_limit = bytes;
1540} 1581}
1582
1583void
1584packet_set_server(void)
1585{
1586 server_side = 1;
1587}
1588
1589void
1590packet_set_authenticated(void)
1591{
1592 after_authentication = 1;
1593}
diff --git a/packet.h b/packet.h
index fb7b3c05a..c2367c234 100644
--- a/packet.h
+++ b/packet.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: packet.h,v 1.41 2004/05/11 19:01:43 deraadt Exp $ */ 1/* $OpenBSD: packet.h,v 1.43 2005/07/25 11:59:40 markus Exp $ */
2 2
3/* 3/*
4 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -30,6 +30,8 @@ u_int packet_get_protocol_flags(void);
30void packet_start_compression(int); 30void packet_start_compression(int);
31void packet_set_interactive(int); 31void packet_set_interactive(int);
32int packet_is_interactive(void); 32int packet_is_interactive(void);
33void packet_set_server(void);
34void packet_set_authenticated(void);
33 35
34void packet_start(u_char); 36void packet_start(u_char);
35void packet_put_char(int ch); 37void packet_put_char(int ch);
@@ -52,7 +54,7 @@ u_int packet_get_char(void);
52u_int packet_get_int(void); 54u_int packet_get_int(void);
53void packet_get_bignum(BIGNUM * value); 55void packet_get_bignum(BIGNUM * value);
54void packet_get_bignum2(BIGNUM * value); 56void packet_get_bignum2(BIGNUM * value);
55void *packet_get_raw(int *length_ptr); 57void *packet_get_raw(u_int *length_ptr);
56void *packet_get_string(u_int *length_ptr); 58void *packet_get_string(u_int *length_ptr);
57void packet_disconnect(const char *fmt,...) __attribute__((format(printf, 1, 2))); 59void packet_disconnect(const char *fmt,...) __attribute__((format(printf, 1, 2)));
58void packet_send_debug(const char *fmt,...) __attribute__((format(printf, 1, 2))); 60void packet_send_debug(const char *fmt,...) __attribute__((format(printf, 1, 2)));
diff --git a/progressmeter.c b/progressmeter.c
index 93f5a3e62..3cda09061 100644
--- a/progressmeter.c
+++ b/progressmeter.c
@@ -23,7 +23,7 @@
23 */ 23 */
24 24
25#include "includes.h" 25#include "includes.h"
26RCSID("$OpenBSD: progressmeter.c,v 1.22 2004/07/11 17:48:47 deraadt Exp $"); 26RCSID("$OpenBSD: progressmeter.c,v 1.24 2005/06/07 13:25:23 jaredy Exp $");
27 27
28#include "progressmeter.h" 28#include "progressmeter.h"
29#include "atomicio.h" 29#include "atomicio.h"
@@ -42,6 +42,10 @@ static int can_output(void);
42static void format_size(char *, int, off_t); 42static void format_size(char *, int, off_t);
43static void format_rate(char *, int, off_t); 43static void format_rate(char *, int, off_t);
44 44
45/* window resizing */
46static void sig_winch(int);
47static void setscreensize(void);
48
45/* updates the progressmeter to reflect the current state of the transfer */ 49/* updates the progressmeter to reflect the current state of the transfer */
46void refresh_progress_meter(void); 50void refresh_progress_meter(void);
47 51
@@ -57,6 +61,7 @@ static volatile off_t *counter; /* progress counter */
57static long stalled; /* how long we have been stalled */ 61static long stalled; /* how long we have been stalled */
58static int bytes_per_second; /* current speed in bytes per second */ 62static int bytes_per_second; /* current speed in bytes per second */
59static int win_size; /* terminal window size */ 63static int win_size; /* terminal window size */
64static volatile sig_atomic_t win_resized; /* for window resizing */
60 65
61/* units for format_size */ 66/* units for format_size */
62static const char unit[] = " KMGT"; 67static const char unit[] = " KMGT";
@@ -147,6 +152,8 @@ refresh_progress_meter(void)
147 len = snprintf(buf, file_len + 1, "\r%s", file); 152 len = snprintf(buf, file_len + 1, "\r%s", file);
148 if (len < 0) 153 if (len < 0)
149 len = 0; 154 len = 0;
155 if (len >= file_len + 1)
156 len = file_len;
150 for (i = len; i < file_len; i++ ) 157 for (i = len; i < file_len; i++ )
151 buf[i] = ' '; 158 buf[i] = ' ';
152 buf[file_len] = '\0'; 159 buf[file_len] = '\0';
@@ -215,6 +222,10 @@ update_progress_meter(int ignore)
215 222
216 save_errno = errno; 223 save_errno = errno;
217 224
225 if (win_resized) {
226 setscreensize();
227 win_resized = 0;
228 }
218 if (can_output()) 229 if (can_output())
219 refresh_progress_meter(); 230 refresh_progress_meter();
220 231
@@ -226,8 +237,6 @@ update_progress_meter(int ignore)
226void 237void
227start_progress_meter(char *f, off_t filesize, off_t *ctr) 238start_progress_meter(char *f, off_t filesize, off_t *ctr)
228{ 239{
229 struct winsize winsize;
230
231 start = last_update = time(NULL); 240 start = last_update = time(NULL);
232 file = f; 241 file = f;
233 end_pos = filesize; 242 end_pos = filesize;
@@ -236,20 +245,12 @@ start_progress_meter(char *f, off_t filesize, off_t *ctr)
236 stalled = 0; 245 stalled = 0;
237 bytes_per_second = 0; 246 bytes_per_second = 0;
238 247
239 if (ioctl(STDOUT_FILENO, TIOCGWINSZ, &winsize) != -1 && 248 setscreensize();
240 winsize.ws_col != 0) {
241 if (winsize.ws_col > MAX_WINSIZE)
242 win_size = MAX_WINSIZE;
243 else
244 win_size = winsize.ws_col;
245 } else
246 win_size = DEFAULT_WINSIZE;
247 win_size += 1; /* trailing \0 */
248
249 if (can_output()) 249 if (can_output())
250 refresh_progress_meter(); 250 refresh_progress_meter();
251 251
252 signal(SIGALRM, update_progress_meter); 252 signal(SIGALRM, update_progress_meter);
253 signal(SIGWINCH, sig_winch);
253 alarm(UPDATE_INTERVAL); 254 alarm(UPDATE_INTERVAL);
254} 255}
255 256
@@ -267,3 +268,25 @@ stop_progress_meter(void)
267 268
268 atomicio(vwrite, STDOUT_FILENO, "\n", 1); 269 atomicio(vwrite, STDOUT_FILENO, "\n", 1);
269} 270}
271
272static void
273sig_winch(int sig)
274{
275 win_resized = 1;
276}
277
278static void
279setscreensize(void)
280{
281 struct winsize winsize;
282
283 if (ioctl(STDOUT_FILENO, TIOCGWINSZ, &winsize) != -1 &&
284 winsize.ws_col != 0) {
285 if (winsize.ws_col > MAX_WINSIZE)
286 win_size = MAX_WINSIZE;
287 else
288 win_size = winsize.ws_col;
289 } else
290 win_size = DEFAULT_WINSIZE;
291 win_size += 1; /* trailing \0 */
292}
diff --git a/readconf.c b/readconf.c
index be14cd5b8..d2c5a77f7 100644
--- a/readconf.c
+++ b/readconf.c
@@ -12,7 +12,7 @@
12 */ 12 */
13 13
14#include "includes.h" 14#include "includes.h"
15RCSID("$OpenBSD: readconf.c,v 1.139 2005/03/10 22:01:05 deraadt Exp $"); 15RCSID("$OpenBSD: readconf.c,v 1.143 2005/07/30 02:03:47 djm Exp $");
16 16
17#include "ssh.h" 17#include "ssh.h"
18#include "xmalloc.h" 18#include "xmalloc.h"
@@ -698,7 +698,7 @@ parse_int:
698 fwd.listen_host = cleanhostname(fwd.listen_host); 698 fwd.listen_host = cleanhostname(fwd.listen_host);
699 } else { 699 } else {
700 fwd.listen_port = a2port(fwd.listen_host); 700 fwd.listen_port = a2port(fwd.listen_host);
701 fwd.listen_host = ""; 701 fwd.listen_host = NULL;
702 } 702 }
703 if (fwd.listen_port == 0) 703 if (fwd.listen_port == 0)
704 fatal("%.200s line %d: Badly formatted port number.", 704 fatal("%.200s line %d: Badly formatted port number.",
@@ -746,6 +746,9 @@ parse_int:
746 746
747 case oAddressFamily: 747 case oAddressFamily:
748 arg = strdelim(&s); 748 arg = strdelim(&s);
749 if (!arg || *arg == '\0')
750 fatal("%s line %d: missing address family.",
751 filename, linenum);
749 intptr = &options->address_family; 752 intptr = &options->address_family;
750 if (strcasecmp(arg, "inet") == 0) 753 if (strcasecmp(arg, "inet") == 0)
751 value = AF_INET; 754 value = AF_INET;
@@ -797,7 +800,27 @@ parse_int:
797 800
798 case oControlMaster: 801 case oControlMaster:
799 intptr = &options->control_master; 802 intptr = &options->control_master;
800 goto parse_yesnoask; 803 arg = strdelim(&s);
804 if (!arg || *arg == '\0')
805 fatal("%.200s line %d: Missing ControlMaster argument.",
806 filename, linenum);
807 value = 0; /* To avoid compiler warning... */
808 if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0)
809 value = SSHCTL_MASTER_YES;
810 else if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0)
811 value = SSHCTL_MASTER_NO;
812 else if (strcmp(arg, "auto") == 0)
813 value = SSHCTL_MASTER_AUTO;
814 else if (strcmp(arg, "ask") == 0)
815 value = SSHCTL_MASTER_ASK;
816 else if (strcmp(arg, "autoask") == 0)
817 value = SSHCTL_MASTER_AUTO_ASK;
818 else
819 fatal("%.200s line %d: Bad ControlMaster argument.",
820 filename, linenum);
821 if (*activep && *intptr == -1)
822 *intptr = value;
823 break;
801 824
802 case oHashKnownHosts: 825 case oHashKnownHosts:
803 intptr = &options->hash_known_hosts; 826 intptr = &options->hash_known_hosts;
@@ -824,7 +847,7 @@ parse_int:
824 /* Check that there is no garbage at end of line. */ 847 /* Check that there is no garbage at end of line. */
825 if ((arg = strdelim(&s)) != NULL && *arg != '\0') { 848 if ((arg = strdelim(&s)) != NULL && *arg != '\0') {
826 fatal("%.200s line %d: garbage at end of line; \"%.200s\".", 849 fatal("%.200s line %d: garbage at end of line; \"%.200s\".",
827 filename, linenum, arg); 850 filename, linenum, arg);
828 } 851 }
829 return 0; 852 return 0;
830} 853}
diff --git a/readconf.h b/readconf.h
index d26063a0b..a68734437 100644
--- a/readconf.h
+++ b/readconf.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: readconf.h,v 1.66 2005/03/01 10:40:27 djm Exp $ */ 1/* $OpenBSD: readconf.h,v 1.67 2005/06/08 11:25:09 djm Exp $ */
2 2
3/* 3/*
4 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -117,6 +117,11 @@ typedef struct {
117 int hash_known_hosts; 117 int hash_known_hosts;
118} Options; 118} Options;
119 119
120#define SSHCTL_MASTER_NO 0
121#define SSHCTL_MASTER_YES 1
122#define SSHCTL_MASTER_AUTO 2
123#define SSHCTL_MASTER_ASK 3
124#define SSHCTL_MASTER_AUTO_ASK 4
120 125
121void initialize_options(Options *); 126void initialize_options(Options *);
122void fill_default_options(Options *); 127void fill_default_options(Options *);
diff --git a/readpass.c b/readpass.c
index c2bacdcd4..7914799a4 100644
--- a/readpass.c
+++ b/readpass.c
@@ -23,7 +23,7 @@
23 */ 23 */
24 24
25#include "includes.h" 25#include "includes.h"
26RCSID("$OpenBSD: readpass.c,v 1.31 2004/10/29 22:53:56 djm Exp $"); 26RCSID("$OpenBSD: readpass.c,v 1.33 2005/05/02 21:13:22 markus Exp $");
27 27
28#include "xmalloc.h" 28#include "xmalloc.h"
29#include "misc.h" 29#include "misc.h"
@@ -106,15 +106,20 @@ read_passphrase(const char *prompt, int flags)
106 if (flags & RP_USE_ASKPASS) 106 if (flags & RP_USE_ASKPASS)
107 use_askpass = 1; 107 use_askpass = 1;
108 else if (flags & RP_ALLOW_STDIN) { 108 else if (flags & RP_ALLOW_STDIN) {
109 if (!isatty(STDIN_FILENO)) 109 if (!isatty(STDIN_FILENO)) {
110 debug("read_passphrase: stdin is not a tty");
110 use_askpass = 1; 111 use_askpass = 1;
112 }
111 } else { 113 } else {
112 rppflags |= RPP_REQUIRE_TTY; 114 rppflags |= RPP_REQUIRE_TTY;
113 ttyfd = open(_PATH_TTY, O_RDWR); 115 ttyfd = open(_PATH_TTY, O_RDWR);
114 if (ttyfd >= 0) 116 if (ttyfd >= 0)
115 close(ttyfd); 117 close(ttyfd);
116 else 118 else {
119 debug("read_passphrase: can't open %s: %s", _PATH_TTY,
120 strerror(errno));
117 use_askpass = 1; 121 use_askpass = 1;
122 }
118 } 123 }
119 124
120 if ((flags & RP_USE_ASKPASS) && getenv("DISPLAY") == NULL) 125 if ((flags & RP_USE_ASKPASS) && getenv("DISPLAY") == NULL)
diff --git a/regress/reexec.sh b/regress/reexec.sh
index d69b8c577..4f824a31d 100644
--- a/regress/reexec.sh
+++ b/regress/reexec.sh
@@ -3,10 +3,10 @@
3 3
4tid="reexec tests" 4tid="reexec tests"
5 5
6DATA=/bin/ls 6DATA=/bin/ls${EXEEXT}
7COPY=${OBJ}/copy 7COPY=${OBJ}/copy
8SSHD_ORIG=$SSHD 8SSHD_ORIG=$SSHD${EXEEXT}
9SSHD_COPY=$OBJ/sshd 9SSHD_COPY=$OBJ/sshd${EXEEXT}
10 10
11# Start a sshd and then delete it 11# Start a sshd and then delete it
12start_sshd_copy () 12start_sshd_copy ()
diff --git a/regress/test-exec.sh b/regress/test-exec.sh
index bd0c025ba..4b3a70eb3 100644
--- a/regress/test-exec.sh
+++ b/regress/test-exec.sh
@@ -96,9 +96,10 @@ if [ "x$TEST_SSH_SCP" != "x" ]; then
96fi 96fi
97 97
98# Path to sshd must be absolute for rexec 98# Path to sshd must be absolute for rexec
99if [ ! -x /$SSHD ]; then 99case "$SSHD" in
100 SSHD=`which sshd` 100/*) ;;
101fi 101*) SSHD=`which sshd` ;;
102esac
102 103
103if [ "x$TEST_SSH_LOGFILE" = "x" ]; then 104if [ "x$TEST_SSH_LOGFILE" = "x" ]; then
104 TEST_SSH_LOGFILE=/dev/null 105 TEST_SSH_LOGFILE=/dev/null
diff --git a/scp.0 b/scp.0
index 24b9fb096..aa54dda3f 100644
--- a/scp.0
+++ b/scp.0
@@ -141,4 +141,4 @@ AUTHORS
141 Timo Rinne <tri@iki.fi> 141 Timo Rinne <tri@iki.fi>
142 Tatu Ylonen <ylo@cs.hut.fi> 142 Tatu Ylonen <ylo@cs.hut.fi>
143 143
144OpenBSD 3.7 September 25, 1999 3 144OpenBSD 3.8 September 25, 1999 3
diff --git a/scp.c b/scp.c
index 1d34cc639..1407aa71d 100644
--- a/scp.c
+++ b/scp.c
@@ -71,7 +71,7 @@
71 */ 71 */
72 72
73#include "includes.h" 73#include "includes.h"
74RCSID("$OpenBSD: scp.c,v 1.121 2005/04/02 12:41:16 djm Exp $"); 74RCSID("$OpenBSD: scp.c,v 1.125 2005/07/27 10:39:03 dtucker Exp $");
75 75
76#include "xmalloc.h" 76#include "xmalloc.h"
77#include "atomicio.h" 77#include "atomicio.h"
@@ -109,11 +109,13 @@ static void
109killchild(int signo) 109killchild(int signo)
110{ 110{
111 if (do_cmd_pid > 1) { 111 if (do_cmd_pid > 1) {
112 kill(do_cmd_pid, signo); 112 kill(do_cmd_pid, signo ? signo : SIGTERM);
113 waitpid(do_cmd_pid, NULL, 0); 113 waitpid(do_cmd_pid, NULL, 0);
114 } 114 }
115 115
116 _exit(1); 116 if (signo)
117 _exit(1);
118 exit(1);
117} 119}
118 120
119/* 121/*
@@ -184,7 +186,7 @@ do_cmd(char *host, char *remuser, char *cmd, int *fdin, int *fdout, int argc)
184} 186}
185 187
186typedef struct { 188typedef struct {
187 int cnt; 189 size_t cnt;
188 char *buf; 190 char *buf;
189} BUF; 191} BUF;
190 192
@@ -502,8 +504,9 @@ source(int argc, char **argv)
502 struct stat stb; 504 struct stat stb;
503 static BUF buffer; 505 static BUF buffer;
504 BUF *bp; 506 BUF *bp;
505 off_t i, amt, result, statbytes; 507 off_t i, amt, statbytes;
506 int fd, haderr, indx; 508 size_t result;
509 int fd = -1, haderr, indx;
507 char *last, *name, buf[2048]; 510 char *last, *name, buf[2048];
508 int len; 511 int len;
509 512
@@ -578,14 +581,14 @@ next: (void) close(fd);
578 if (!haderr) { 581 if (!haderr) {
579 result = atomicio(read, fd, bp->buf, amt); 582 result = atomicio(read, fd, bp->buf, amt);
580 if (result != amt) 583 if (result != amt)
581 haderr = result >= 0 ? EIO : errno; 584 haderr = errno;
582 } 585 }
583 if (haderr) 586 if (haderr)
584 (void) atomicio(vwrite, remout, bp->buf, amt); 587 (void) atomicio(vwrite, remout, bp->buf, amt);
585 else { 588 else {
586 result = atomicio(vwrite, remout, bp->buf, amt); 589 result = atomicio(vwrite, remout, bp->buf, amt);
587 if (result != amt) 590 if (result != amt)
588 haderr = result >= 0 ? EIO : errno; 591 haderr = errno;
589 statbytes += result; 592 statbytes += result;
590 } 593 }
591 if (limit_rate) 594 if (limit_rate)
@@ -720,8 +723,9 @@ sink(int argc, char **argv)
720 YES, NO, DISPLAYED 723 YES, NO, DISPLAYED
721 } wrerr; 724 } wrerr;
722 BUF *bp; 725 BUF *bp;
723 off_t i, j; 726 off_t i;
724 int amt, count, exists, first, mask, mode, ofd, omode; 727 size_t j, count;
728 int amt, exists, first, mask, mode, ofd, omode;
725 off_t size, statbytes; 729 off_t size, statbytes;
726 int setimes, targisdir, wrerrno = 0; 730 int setimes, targisdir, wrerrno = 0;
727 char ch, *cp, *np, *targ, *why, *vect[1], buf[2048]; 731 char ch, *cp, *np, *targ, *why, *vect[1], buf[2048];
@@ -748,7 +752,7 @@ sink(int argc, char **argv)
748 targisdir = 1; 752 targisdir = 1;
749 for (first = 1;; first = 0) { 753 for (first = 1;; first = 0) {
750 cp = buf; 754 cp = buf;
751 if (atomicio(read, remin, cp, 1) <= 0) 755 if (atomicio(read, remin, cp, 1) != 1)
752 return; 756 return;
753 if (*cp++ == '\n') 757 if (*cp++ == '\n')
754 SCREWUP("unexpected <newline>"); 758 SCREWUP("unexpected <newline>");
@@ -829,7 +833,7 @@ sink(int argc, char **argv)
829 } 833 }
830 if (targisdir) { 834 if (targisdir) {
831 static char *namebuf; 835 static char *namebuf;
832 static int cursize; 836 static size_t cursize;
833 size_t need; 837 size_t need;
834 838
835 need = strlen(targ) + strlen(cp) + 250; 839 need = strlen(targ) + strlen(cp) + 250;
@@ -902,7 +906,7 @@ bad: run_err("%s: %s", np, strerror(errno));
902 count += amt; 906 count += amt;
903 do { 907 do {
904 j = atomicio(read, remin, cp, amt); 908 j = atomicio(read, remin, cp, amt);
905 if (j <= 0) { 909 if (j == 0) {
906 run_err("%s", j ? strerror(errno) : 910 run_err("%s", j ? strerror(errno) :
907 "dropped connection"); 911 "dropped connection");
908 exit(1); 912 exit(1);
@@ -918,10 +922,10 @@ bad: run_err("%s: %s", np, strerror(errno));
918 if (count == bp->cnt) { 922 if (count == bp->cnt) {
919 /* Keep reading so we stay sync'd up. */ 923 /* Keep reading so we stay sync'd up. */
920 if (wrerr == NO) { 924 if (wrerr == NO) {
921 j = atomicio(vwrite, ofd, bp->buf, count); 925 if (atomicio(vwrite, ofd, bp->buf,
922 if (j != count) { 926 count) != count) {
923 wrerr = YES; 927 wrerr = YES;
924 wrerrno = j >= 0 ? EIO : errno; 928 wrerrno = errno;
925 } 929 }
926 } 930 }
927 count = 0; 931 count = 0;
@@ -931,9 +935,9 @@ bad: run_err("%s: %s", np, strerror(errno));
931 if (showprogress) 935 if (showprogress)
932 stop_progress_meter(); 936 stop_progress_meter();
933 if (count != 0 && wrerr == NO && 937 if (count != 0 && wrerr == NO &&
934 (j = atomicio(vwrite, ofd, bp->buf, count)) != count) { 938 atomicio(vwrite, ofd, bp->buf, count) != count) {
935 wrerr = YES; 939 wrerr = YES;
936 wrerrno = j >= 0 ? EIO : errno; 940 wrerrno = errno;
937 } 941 }
938 if (wrerr == NO && ftruncate(ofd, size) != 0) { 942 if (wrerr == NO && ftruncate(ofd, size) != 0) {
939 run_err("%s: truncate: %s", np, strerror(errno)); 943 run_err("%s: truncate: %s", np, strerror(errno));
@@ -1070,7 +1074,7 @@ verifydir(char *cp)
1070 errno = ENOTDIR; 1074 errno = ENOTDIR;
1071 } 1075 }
1072 run_err("%s: %s", cp, strerror(errno)); 1076 run_err("%s: %s", cp, strerror(errno));
1073 exit(1); 1077 killchild(0);
1074} 1078}
1075 1079
1076int 1080int
diff --git a/servconf.c b/servconf.c
index 96ad18084..9e420a527 100644
--- a/servconf.c
+++ b/servconf.c
@@ -10,7 +10,7 @@
10 */ 10 */
11 11
12#include "includes.h" 12#include "includes.h"
13RCSID("$OpenBSD: servconf.c,v 1.140 2005/03/10 22:01:05 deraadt Exp $"); 13RCSID("$OpenBSD: servconf.c,v 1.144 2005/08/06 10:03:12 dtucker Exp $");
14 14
15#include "ssh.h" 15#include "ssh.h"
16#include "log.h" 16#include "log.h"
@@ -201,7 +201,7 @@ fill_default_server_options(ServerOptions *options)
201 if (options->use_login == -1) 201 if (options->use_login == -1)
202 options->use_login = 0; 202 options->use_login = 0;
203 if (options->compression == -1) 203 if (options->compression == -1)
204 options->compression = 1; 204 options->compression = COMP_DELAYED;
205 if (options->allow_tcp_forwarding == -1) 205 if (options->allow_tcp_forwarding == -1)
206 options->allow_tcp_forwarding = 1; 206 options->allow_tcp_forwarding = 1;
207 if (options->gateway_ports == -1) 207 if (options->gateway_ports == -1)
@@ -398,7 +398,7 @@ parse_token(const char *cp, const char *filename,
398static void 398static void
399add_listen_addr(ServerOptions *options, char *addr, u_short port) 399add_listen_addr(ServerOptions *options, char *addr, u_short port)
400{ 400{
401 int i; 401 u_int i;
402 402
403 if (options->num_ports == 0) 403 if (options->num_ports == 0)
404 options->ports[options->num_ports++] = SSH_DEFAULT_PORT; 404 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
@@ -438,9 +438,10 @@ process_server_config_line(ServerOptions *options, char *line,
438 const char *filename, int linenum) 438 const char *filename, int linenum)
439{ 439{
440 char *cp, **charptr, *arg, *p; 440 char *cp, **charptr, *arg, *p;
441 int *intptr, value, i, n; 441 int *intptr, value, n;
442 ServerOpCodes opcode; 442 ServerOpCodes opcode;
443 u_short port; 443 u_short port;
444 u_int i;
444 445
445 cp = line; 446 cp = line;
446 arg = strdelim(&cp); 447 arg = strdelim(&cp);
@@ -516,6 +517,12 @@ parse_time:
516 if (arg == NULL || *arg == '\0') 517 if (arg == NULL || *arg == '\0')
517 fatal("%s line %d: missing address", 518 fatal("%s line %d: missing address",
518 filename, linenum); 519 filename, linenum);
520 /* check for bare IPv6 address: no "[]" and 2 or more ":" */
521 if (strchr(arg, '[') == NULL && (p = strchr(arg, ':')) != NULL
522 && strchr(p+1, ':') != NULL) {
523 add_listen_addr(options, arg, 0);
524 break;
525 }
519 p = hpdelim(&arg); 526 p = hpdelim(&arg);
520 if (p == NULL) 527 if (p == NULL)
521 fatal("%s line %d: bad address:port usage", 528 fatal("%s line %d: bad address:port usage",
@@ -532,6 +539,9 @@ parse_time:
532 539
533 case sAddressFamily: 540 case sAddressFamily:
534 arg = strdelim(&cp); 541 arg = strdelim(&cp);
542 if (!arg || *arg == '\0')
543 fatal("%s line %d: missing address family.",
544 filename, linenum);
535 intptr = &options->address_family; 545 intptr = &options->address_family;
536 if (options->listen_addrs != NULL) 546 if (options->listen_addrs != NULL)
537 fatal("%s line %d: address family must be specified before " 547 fatal("%s line %d: address family must be specified before "
@@ -721,7 +731,23 @@ parse_flag:
721 731
722 case sCompression: 732 case sCompression:
723 intptr = &options->compression; 733 intptr = &options->compression;
724 goto parse_flag; 734 arg = strdelim(&cp);
735 if (!arg || *arg == '\0')
736 fatal("%s line %d: missing yes/no/delayed "
737 "argument.", filename, linenum);
738 value = 0; /* silence compiler */
739 if (strcmp(arg, "delayed") == 0)
740 value = COMP_DELAYED;
741 else if (strcmp(arg, "yes") == 0)
742 value = COMP_ZLIB;
743 else if (strcmp(arg, "no") == 0)
744 value = COMP_NONE;
745 else
746 fatal("%s line %d: Bad yes/no/delayed "
747 "argument: %s", filename, linenum, arg);
748 if (*intptr == -1)
749 *intptr = value;
750 break;
725 751
726 case sGatewayPorts: 752 case sGatewayPorts:
727 intptr = &options->gateway_ports; 753 intptr = &options->gateway_ports;
diff --git a/serverloop.c b/serverloop.c
index 48bea96a1..031847873 100644
--- a/serverloop.c
+++ b/serverloop.c
@@ -35,7 +35,7 @@
35 */ 35 */
36 36
37#include "includes.h" 37#include "includes.h"
38RCSID("$OpenBSD: serverloop.c,v 1.117 2004/08/11 21:43:05 avsm Exp $"); 38RCSID("$OpenBSD: serverloop.c,v 1.118 2005/07/17 07:17:55 djm Exp $");
39 39
40#include "xmalloc.h" 40#include "xmalloc.h"
41#include "packet.h" 41#include "packet.h"
@@ -865,7 +865,7 @@ server_request_direct_tcpip(void)
865 packet_check_eom(); 865 packet_check_eom();
866 866
867 debug("server_request_direct_tcpip: originator %s port %d, target %s port %d", 867 debug("server_request_direct_tcpip: originator %s port %d, target %s port %d",
868 originator, originator_port, target, target_port); 868 originator, originator_port, target, target_port);
869 869
870 /* XXX check permission */ 870 /* XXX check permission */
871 sock = channel_connect_to(target, target_port); 871 sock = channel_connect_to(target, target_port);
@@ -983,7 +983,7 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt)
983#ifndef NO_IPPORT_RESERVED_CONCEPT 983#ifndef NO_IPPORT_RESERVED_CONCEPT
984 || (listen_port < IPPORT_RESERVED && pw->pw_uid != 0) 984 || (listen_port < IPPORT_RESERVED && pw->pw_uid != 0)
985#endif 985#endif
986 ) { 986 ) {
987 success = 0; 987 success = 0;
988 packet_send_debug("Server has disabled port forwarding."); 988 packet_send_debug("Server has disabled port forwarding.");
989 } else { 989 } else {
diff --git a/session.c b/session.c
index bdfcb26f9..fb719d42a 100644
--- a/session.c
+++ b/session.c
@@ -33,7 +33,7 @@
33 */ 33 */
34 34
35#include "includes.h" 35#include "includes.h"
36RCSID("$OpenBSD: session.c,v 1.181 2004/12/23 17:35:48 markus Exp $"); 36RCSID("$OpenBSD: session.c,v 1.186 2005/07/25 11:59:40 markus Exp $");
37 37
38#include "ssh.h" 38#include "ssh.h"
39#include "ssh1.h" 39#include "ssh1.h"
@@ -56,6 +56,7 @@ RCSID("$OpenBSD: session.c,v 1.181 2004/12/23 17:35:48 markus Exp $");
56#include "serverloop.h" 56#include "serverloop.h"
57#include "canohost.h" 57#include "canohost.h"
58#include "session.h" 58#include "session.h"
59#include "kex.h"
59#include "monitor_wrap.h" 60#include "monitor_wrap.h"
60 61
61#include "selinux.h" 62#include "selinux.h"
@@ -198,11 +199,11 @@ auth_input_request_forwarding(struct passwd * pw)
198static void 199static void
199display_loginmsg(void) 200display_loginmsg(void)
200{ 201{
201 if (buffer_len(&loginmsg) > 0) { 202 if (buffer_len(&loginmsg) > 0) {
202 buffer_append(&loginmsg, "\0", 1); 203 buffer_append(&loginmsg, "\0", 1);
203 printf("%s", (char *)buffer_ptr(&loginmsg)); 204 printf("%s", (char *)buffer_ptr(&loginmsg));
204 buffer_clear(&loginmsg); 205 buffer_clear(&loginmsg);
205 } 206 }
206} 207}
207 208
208void 209void
@@ -274,7 +275,7 @@ do_authenticated1(Authctxt *authctxt)
274 compression_level); 275 compression_level);
275 break; 276 break;
276 } 277 }
277 if (!options.compression) { 278 if (options.compression == COMP_NONE) {
278 debug2("compression disabled"); 279 debug2("compression disabled");
279 break; 280 break;
280 } 281 }
@@ -948,7 +949,8 @@ read_etc_default_login(char ***env, u_int *envsize, uid_t uid)
948} 949}
949#endif /* HAVE_ETC_DEFAULT_LOGIN */ 950#endif /* HAVE_ETC_DEFAULT_LOGIN */
950 951
951void copy_environment(char **source, char ***env, u_int *envsize) 952void
953copy_environment(char **source, char ***env, u_int *envsize)
952{ 954{
953 char *var_name, *var_val; 955 char *var_name, *var_val;
954 int i; 956 int i;
@@ -1334,6 +1336,11 @@ do_setusercontext(struct passwd *pw)
1334# ifdef _AIX 1336# ifdef _AIX
1335 aix_usrinfo(pw); 1337 aix_usrinfo(pw);
1336# endif /* _AIX */ 1338# endif /* _AIX */
1339#if defined(HAVE_LIBIAF) && !defined(BROKEN_LIBIAF)
1340 if (set_id(pw->pw_name) != 0) {
1341 exit(1);
1342 }
1343#endif /* HAVE_LIBIAF && !BROKEN_LIBIAF */
1337 /* Permanently switch to the desired uid. */ 1344 /* Permanently switch to the desired uid. */
1338 permanently_set_uid(pw); 1345 permanently_set_uid(pw);
1339#endif 1346#endif
@@ -1533,7 +1540,7 @@ do_child(Session *s, const char *command)
1533 */ 1540 */
1534 1541
1535 if (options.kerberos_get_afs_token && k_hasafs() && 1542 if (options.kerberos_get_afs_token && k_hasafs() &&
1536 (s->authctxt->krb5_ctx != NULL)) { 1543 (s->authctxt->krb5_ctx != NULL)) {
1537 char cell[64]; 1544 char cell[64];
1538 1545
1539 debug("Getting AFS token"); 1546 debug("Getting AFS token");
@@ -1637,6 +1644,7 @@ session_new(void)
1637 s->ttyfd = -1; 1644 s->ttyfd = -1;
1638 s->used = 1; 1645 s->used = 1;
1639 s->self = i; 1646 s->self = i;
1647 s->x11_chanids = NULL;
1640 debug("session_new: session %d", i); 1648 debug("session_new: session %d", i);
1641 return s; 1649 return s;
1642 } 1650 }
@@ -1710,6 +1718,29 @@ session_by_channel(int id)
1710} 1718}
1711 1719
1712static Session * 1720static Session *
1721session_by_x11_channel(int id)
1722{
1723 int i, j;
1724
1725 for (i = 0; i < MAX_SESSIONS; i++) {
1726 Session *s = &sessions[i];
1727
1728 if (s->x11_chanids == NULL || !s->used)
1729 continue;
1730 for (j = 0; s->x11_chanids[j] != -1; j++) {
1731 if (s->x11_chanids[j] == id) {
1732 debug("session_by_x11_channel: session %d "
1733 "channel %d", s->self, id);
1734 return s;
1735 }
1736 }
1737 }
1738 debug("session_by_x11_channel: unknown channel %d", id);
1739 session_dump();
1740 return NULL;
1741}
1742
1743static Session *
1713session_by_pid(pid_t pid) 1744session_by_pid(pid_t pid)
1714{ 1745{
1715 int i; 1746 int i;
@@ -1804,7 +1835,7 @@ session_subsystem_req(Session *s)
1804 u_int len; 1835 u_int len;
1805 int success = 0; 1836 int success = 0;
1806 char *cmd, *subsys = packet_get_string(&len); 1837 char *cmd, *subsys = packet_get_string(&len);
1807 int i; 1838 u_int i;
1808 1839
1809 packet_check_eom(); 1840 packet_check_eom();
1810 logit("subsystem request for %.100s", subsys); 1841 logit("subsystem request for %.100s", subsys);
@@ -1838,6 +1869,11 @@ session_x11_req(Session *s)
1838{ 1869{
1839 int success; 1870 int success;
1840 1871
1872 if (s->auth_proto != NULL || s->auth_data != NULL) {
1873 error("session_x11_req: session %d: "
1874 "x11 fowarding already active", s->self);
1875 return 0;
1876 }
1841 s->single_connection = packet_get_char(); 1877 s->single_connection = packet_get_char();
1842 s->auth_proto = packet_get_string(NULL); 1878 s->auth_proto = packet_get_string(NULL);
1843 s->auth_data = packet_get_string(NULL); 1879 s->auth_data = packet_get_string(NULL);
@@ -2063,9 +2099,66 @@ sig2name(int sig)
2063} 2099}
2064 2100
2065static void 2101static void
2102session_close_x11(int id)
2103{
2104 Channel *c;
2105
2106 if ((c = channel_lookup(id)) == NULL) {
2107 debug("session_close_x11: x11 channel %d missing", id);
2108 } else {
2109 /* Detach X11 listener */
2110 debug("session_close_x11: detach x11 channel %d", id);
2111 channel_cancel_cleanup(id);
2112 if (c->ostate != CHAN_OUTPUT_CLOSED)
2113 chan_mark_dead(c);
2114 }
2115}
2116
2117static void
2118session_close_single_x11(int id, void *arg)
2119{
2120 Session *s;
2121 u_int i;
2122
2123 debug3("session_close_single_x11: channel %d", id);
2124 channel_cancel_cleanup(id);
2125 if ((s = session_by_x11_channel(id)) == NULL)
2126 fatal("session_close_single_x11: no x11 channel %d", id);
2127 for (i = 0; s->x11_chanids[i] != -1; i++) {
2128 debug("session_close_single_x11: session %d: "
2129 "closing channel %d", s->self, s->x11_chanids[i]);
2130 /*
2131 * The channel "id" is already closing, but make sure we
2132 * close all of its siblings.
2133 */
2134 if (s->x11_chanids[i] != id)
2135 session_close_x11(s->x11_chanids[i]);
2136 }
2137 xfree(s->x11_chanids);
2138 s->x11_chanids = NULL;
2139 if (s->display) {
2140 xfree(s->display);
2141 s->display = NULL;
2142 }
2143 if (s->auth_proto) {
2144 xfree(s->auth_proto);
2145 s->auth_proto = NULL;
2146 }
2147 if (s->auth_data) {
2148 xfree(s->auth_data);
2149 s->auth_data = NULL;
2150 }
2151 if (s->auth_display) {
2152 xfree(s->auth_display);
2153 s->auth_display = NULL;
2154 }
2155}
2156
2157static void
2066session_exit_message(Session *s, int status) 2158session_exit_message(Session *s, int status)
2067{ 2159{
2068 Channel *c; 2160 Channel *c;
2161 u_int i;
2069 2162
2070 if ((c = channel_lookup(s->chanid)) == NULL) 2163 if ((c = channel_lookup(s->chanid)) == NULL)
2071 fatal("session_exit_message: session %d: no channel %d", 2164 fatal("session_exit_message: session %d: no channel %d",
@@ -2105,12 +2198,20 @@ session_exit_message(Session *s, int status)
2105 if (c->ostate != CHAN_OUTPUT_CLOSED) 2198 if (c->ostate != CHAN_OUTPUT_CLOSED)
2106 chan_write_failed(c); 2199 chan_write_failed(c);
2107 s->chanid = -1; 2200 s->chanid = -1;
2201
2202 /* Close any X11 listeners associated with this session */
2203 if (s->x11_chanids != NULL) {
2204 for (i = 0; s->x11_chanids[i] != -1; i++) {
2205 session_close_x11(s->x11_chanids[i]);
2206 s->x11_chanids[i] = -1;
2207 }
2208 }
2108} 2209}
2109 2210
2110void 2211void
2111session_close(Session *s) 2212session_close(Session *s)
2112{ 2213{
2113 int i; 2214 u_int i;
2114 2215
2115 debug("session_close: session %d pid %ld", s->self, (long)s->pid); 2216 debug("session_close: session %d pid %ld", s->self, (long)s->pid);
2116 if (s->ttyfd != -1) 2217 if (s->ttyfd != -1)
@@ -2119,6 +2220,8 @@ session_close(Session *s)
2119 xfree(s->term); 2220 xfree(s->term);
2120 if (s->display) 2221 if (s->display)
2121 xfree(s->display); 2222 xfree(s->display);
2223 if (s->x11_chanids)
2224 xfree(s->x11_chanids);
2122 if (s->auth_display) 2225 if (s->auth_display)
2123 xfree(s->auth_display); 2226 xfree(s->auth_display);
2124 if (s->auth_data) 2227 if (s->auth_data)
@@ -2157,6 +2260,7 @@ void
2157session_close_by_channel(int id, void *arg) 2260session_close_by_channel(int id, void *arg)
2158{ 2261{
2159 Session *s = session_by_channel(id); 2262 Session *s = session_by_channel(id);
2263
2160 if (s == NULL) { 2264 if (s == NULL) {
2161 debug("session_close_by_channel: no session for id %d", id); 2265 debug("session_close_by_channel: no session for id %d", id);
2162 return; 2266 return;
@@ -2237,6 +2341,7 @@ session_setup_x11fwd(Session *s)
2237 struct stat st; 2341 struct stat st;
2238 char display[512], auth_display[512]; 2342 char display[512], auth_display[512];
2239 char hostname[MAXHOSTNAMELEN]; 2343 char hostname[MAXHOSTNAMELEN];
2344 u_int i;
2240 2345
2241 if (no_x11_forwarding_flag) { 2346 if (no_x11_forwarding_flag) {
2242 packet_send_debug("X11 forwarding disabled in user configuration file."); 2347 packet_send_debug("X11 forwarding disabled in user configuration file.");
@@ -2262,10 +2367,14 @@ session_setup_x11fwd(Session *s)
2262 } 2367 }
2263 if (x11_create_display_inet(options.x11_display_offset, 2368 if (x11_create_display_inet(options.x11_display_offset,
2264 options.x11_use_localhost, s->single_connection, 2369 options.x11_use_localhost, s->single_connection,
2265 &s->display_number) == -1) { 2370 &s->display_number, &s->x11_chanids) == -1) {
2266 debug("x11_create_display_inet failed."); 2371 debug("x11_create_display_inet failed.");
2267 return 0; 2372 return 0;
2268 } 2373 }
2374 for (i = 0; s->x11_chanids[i] != -1; i++) {
2375 channel_register_cleanup(s->x11_chanids[i],
2376 session_close_single_x11);
2377 }
2269 2378
2270 /* Set up a suitable value for the DISPLAY variable. */ 2379 /* Set up a suitable value for the DISPLAY variable. */
2271 if (gethostname(hostname, sizeof(hostname)) < 0) 2380 if (gethostname(hostname, sizeof(hostname)) < 0)
diff --git a/session.h b/session.h
index 48be5070c..a2598a99c 100644
--- a/session.h
+++ b/session.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: session.h,v 1.23 2004/07/17 05:31:41 dtucker Exp $ */ 1/* $OpenBSD: session.h,v 1.25 2005/07/17 06:49:04 djm Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. 4 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
@@ -49,8 +49,9 @@ struct Session {
49 int single_connection; 49 int single_connection;
50 /* proto 2 */ 50 /* proto 2 */
51 int chanid; 51 int chanid;
52 int *x11_chanids;
52 int is_subsystem; 53 int is_subsystem;
53 int num_env; 54 u_int num_env;
54 struct { 55 struct {
55 char *name; 56 char *name;
56 char *val; 57 char *val;
diff --git a/sftp-client.c b/sftp-client.c
index 92df42751..afbd1e6f3 100644
--- a/sftp-client.c
+++ b/sftp-client.c
@@ -20,7 +20,7 @@
20/* XXX: copy between two remote sites */ 20/* XXX: copy between two remote sites */
21 21
22#include "includes.h" 22#include "includes.h"
23RCSID("$OpenBSD: sftp-client.c,v 1.53 2005/03/10 22:01:05 deraadt Exp $"); 23RCSID("$OpenBSD: sftp-client.c,v 1.57 2005/07/27 10:39:03 dtucker Exp $");
24 24
25#include "openbsd-compat/sys-queue.h" 25#include "openbsd-compat/sys-queue.h"
26 26
@@ -64,10 +64,10 @@ send_msg(int fd, Buffer *m)
64 64
65 /* Send length first */ 65 /* Send length first */
66 PUT_32BIT(mlen, buffer_len(m)); 66 PUT_32BIT(mlen, buffer_len(m));
67 if (atomicio(vwrite, fd, mlen, sizeof(mlen)) <= 0) 67 if (atomicio(vwrite, fd, mlen, sizeof(mlen)) != sizeof(mlen))
68 fatal("Couldn't send packet: %s", strerror(errno)); 68 fatal("Couldn't send packet: %s", strerror(errno));
69 69
70 if (atomicio(vwrite, fd, buffer_ptr(m), buffer_len(m)) <= 0) 70 if (atomicio(vwrite, fd, buffer_ptr(m), buffer_len(m)) != buffer_len(m))
71 fatal("Couldn't send packet: %s", strerror(errno)); 71 fatal("Couldn't send packet: %s", strerror(errno));
72 72
73 buffer_clear(m); 73 buffer_clear(m);
@@ -76,26 +76,27 @@ send_msg(int fd, Buffer *m)
76static void 76static void
77get_msg(int fd, Buffer *m) 77get_msg(int fd, Buffer *m)
78{ 78{
79 ssize_t len;
80 u_int msg_len; 79 u_int msg_len;
81 80
82 buffer_append_space(m, 4); 81 buffer_append_space(m, 4);
83 len = atomicio(read, fd, buffer_ptr(m), 4); 82 if (atomicio(read, fd, buffer_ptr(m), 4) != 4) {
84 if (len == 0) 83 if (errno == EPIPE)
85 fatal("Connection closed"); 84 fatal("Connection closed");
86 else if (len == -1) 85 else
87 fatal("Couldn't read packet: %s", strerror(errno)); 86 fatal("Couldn't read packet: %s", strerror(errno));
87 }
88 88
89 msg_len = buffer_get_int(m); 89 msg_len = buffer_get_int(m);
90 if (msg_len > MAX_MSG_LENGTH) 90 if (msg_len > MAX_MSG_LENGTH)
91 fatal("Received message too long %u", msg_len); 91 fatal("Received message too long %u", msg_len);
92 92
93 buffer_append_space(m, msg_len); 93 buffer_append_space(m, msg_len);
94 len = atomicio(read, fd, buffer_ptr(m), msg_len); 94 if (atomicio(read, fd, buffer_ptr(m), msg_len) != msg_len) {
95 if (len == 0) 95 if (errno == EPIPE)
96 fatal("Connection closed"); 96 fatal("Connection closed");
97 else if (len == -1) 97 else
98 fatal("Read packet: %s", strerror(errno)); 98 fatal("Read packet: %s", strerror(errno));
99 }
99} 100}
100 101
101static void 102static void
@@ -310,7 +311,7 @@ do_lsreaddir(struct sftp_conn *conn, char *path, int printflag,
310 SFTP_DIRENT ***dir) 311 SFTP_DIRENT ***dir)
311{ 312{
312 Buffer msg; 313 Buffer msg;
313 u_int type, id, handle_len, i, expected_id, ents = 0; 314 u_int count, type, id, handle_len, i, expected_id, ents = 0;
314 char *handle; 315 char *handle;
315 316
316 id = conn->msg_id++; 317 id = conn->msg_id++;
@@ -334,8 +335,6 @@ do_lsreaddir(struct sftp_conn *conn, char *path, int printflag,
334 } 335 }
335 336
336 for (; !interrupted;) { 337 for (; !interrupted;) {
337 int count;
338
339 id = expected_id = conn->msg_id++; 338 id = expected_id = conn->msg_id++;
340 339
341 debug3("Sending SSH2_FXP_READDIR I:%u", id); 340 debug3("Sending SSH2_FXP_READDIR I:%u", id);
@@ -743,10 +742,10 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path,
743 Attrib junk, *a; 742 Attrib junk, *a;
744 Buffer msg; 743 Buffer msg;
745 char *handle; 744 char *handle;
746 int local_fd, status, num_req, max_req, write_error; 745 int local_fd, status = 0, write_error;
747 int read_error, write_errno; 746 int read_error, write_errno;
748 u_int64_t offset, size; 747 u_int64_t offset, size;
749 u_int handle_len, mode, type, id, buflen; 748 u_int handle_len, mode, type, id, buflen, num_req, max_req;
750 off_t progress_counter; 749 off_t progress_counter;
751 struct request { 750 struct request {
752 u_int id; 751 u_int id;
@@ -1127,7 +1126,7 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path,
1127 goto done; 1126 goto done;
1128 } 1127 }
1129 debug3("In write loop, ack for %u %u bytes at %llu", 1128 debug3("In write loop, ack for %u %u bytes at %llu",
1130 ack->id, ack->len, (unsigned long long)ack->offset); 1129 ack->id, ack->len, (unsigned long long)ack->offset);
1131 ++ackid; 1130 ++ackid;
1132 xfree(ack); 1131 xfree(ack);
1133 } 1132 }
diff --git a/sftp-client.h b/sftp-client.h
index 991e05d33..c8a41f377 100644
--- a/sftp-client.h
+++ b/sftp-client.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: sftp-client.h,v 1.13 2004/11/29 07:41:24 djm Exp $ */ 1/* $OpenBSD: sftp-client.h,v 1.14 2005/04/26 12:59:02 jmc Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org> 4 * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
@@ -30,7 +30,7 @@ struct SFTP_DIRENT {
30}; 30};
31 31
32/* 32/*
33 * Initialiase a SSH filexfer connection. Returns NULL on error or 33 * Initialise a SSH filexfer connection. Returns NULL on error or
34 * a pointer to a initialized sftp_conn struct on success. 34 * a pointer to a initialized sftp_conn struct on success.
35 */ 35 */
36struct sftp_conn *do_init(int, int, u_int, u_int); 36struct sftp_conn *do_init(int, int, u_int, u_int);
diff --git a/sftp-server.0 b/sftp-server.0
index b1c89c702..285ff706e 100644
--- a/sftp-server.0
+++ b/sftp-server.0
@@ -24,4 +24,4 @@ AUTHORS
24HISTORY 24HISTORY
25 sftp-server first appeared in OpenBSD 2.8 . 25 sftp-server first appeared in OpenBSD 2.8 .
26 26
27OpenBSD 3.7 August 30, 2000 1 27OpenBSD 3.8 August 30, 2000 1
diff --git a/sftp-server.c b/sftp-server.c
index e82280057..6870e7732 100644
--- a/sftp-server.c
+++ b/sftp-server.c
@@ -14,7 +14,7 @@
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15 */ 15 */
16#include "includes.h" 16#include "includes.h"
17RCSID("$OpenBSD: sftp-server.c,v 1.47 2004/06/25 05:38:48 dtucker Exp $"); 17RCSID("$OpenBSD: sftp-server.c,v 1.48 2005/06/17 02:44:33 djm Exp $");
18 18
19#include "buffer.h" 19#include "buffer.h"
20#include "bufaux.h" 20#include "bufaux.h"
@@ -130,7 +130,7 @@ Handle handles[100];
130static void 130static void
131handle_init(void) 131handle_init(void)
132{ 132{
133 int i; 133 u_int i;
134 134
135 for (i = 0; i < sizeof(handles)/sizeof(Handle); i++) 135 for (i = 0; i < sizeof(handles)/sizeof(Handle); i++)
136 handles[i].use = HANDLE_UNUSED; 136 handles[i].use = HANDLE_UNUSED;
@@ -139,7 +139,7 @@ handle_init(void)
139static int 139static int
140handle_new(int use, const char *name, int fd, DIR *dirp) 140handle_new(int use, const char *name, int fd, DIR *dirp)
141{ 141{
142 int i; 142 u_int i;
143 143
144 for (i = 0; i < sizeof(handles)/sizeof(Handle); i++) { 144 for (i = 0; i < sizeof(handles)/sizeof(Handle); i++) {
145 if (handles[i].use == HANDLE_UNUSED) { 145 if (handles[i].use == HANDLE_UNUSED) {
@@ -156,7 +156,7 @@ handle_new(int use, const char *name, int fd, DIR *dirp)
156static int 156static int
157handle_is_ok(int i, int type) 157handle_is_ok(int i, int type)
158{ 158{
159 return i >= 0 && i < sizeof(handles)/sizeof(Handle) && 159 return i >= 0 && (u_int)i < sizeof(handles)/sizeof(Handle) &&
160 handles[i].use == type; 160 handles[i].use == type;
161} 161}
162 162
@@ -477,10 +477,10 @@ process_write(void)
477 } else { 477 } else {
478/* XXX ATOMICIO ? */ 478/* XXX ATOMICIO ? */
479 ret = write(fd, data, len); 479 ret = write(fd, data, len);
480 if (ret == -1) { 480 if (ret < 0) {
481 error("process_write: write failed"); 481 error("process_write: write failed");
482 status = errno_to_portable(errno); 482 status = errno_to_portable(errno);
483 } else if (ret == len) { 483 } else if ((size_t)ret == len) {
484 status = SSH2_FX_OK; 484 status = SSH2_FX_OK;
485 } else { 485 } else {
486 logit("nothing at all written"); 486 logit("nothing at all written");
diff --git a/sftp.0 b/sftp.0
index 604b62d5a..1205c437b 100644
--- a/sftp.0
+++ b/sftp.0
@@ -262,4 +262,4 @@ SEE ALSO
262 T. Ylonen and S. Lehtinen, SSH File Transfer Protocol, draft-ietf-secsh- 262 T. Ylonen and S. Lehtinen, SSH File Transfer Protocol, draft-ietf-secsh-
263 filexfer-00.txt, January 2001, work in progress material. 263 filexfer-00.txt, January 2001, work in progress material.
264 264
265OpenBSD 3.7 February 4, 2001 4 265OpenBSD 3.8 February 4, 2001 4
diff --git a/sftp.c b/sftp.c
index 16a6cf0c6..f98ed7d27 100644
--- a/sftp.c
+++ b/sftp.c
@@ -16,7 +16,7 @@
16 16
17#include "includes.h" 17#include "includes.h"
18 18
19RCSID("$OpenBSD: sftp.c,v 1.63 2005/03/10 22:01:05 deraadt Exp $"); 19RCSID("$OpenBSD: sftp.c,v 1.66 2005/08/08 13:22:48 jaredy Exp $");
20 20
21#ifdef USE_LIBEDIT 21#ifdef USE_LIBEDIT
22#include <histedit.h> 22#include <histedit.h>
@@ -404,7 +404,7 @@ get_pathname(const char **cpp, char **path)
404{ 404{
405 const char *cp = *cpp, *end; 405 const char *cp = *cpp, *end;
406 char quot; 406 char quot;
407 int i, j; 407 u_int i, j;
408 408
409 cp += strspn(cp, WHITESPACE); 409 cp += strspn(cp, WHITESPACE);
410 if (!*cp) { 410 if (!*cp) {
@@ -664,14 +664,15 @@ sdirent_comp(const void *aa, const void *bb)
664static int 664static int
665do_ls_dir(struct sftp_conn *conn, char *path, char *strip_path, int lflag) 665do_ls_dir(struct sftp_conn *conn, char *path, char *strip_path, int lflag)
666{ 666{
667 int n, c = 1, colspace = 0, columns = 1; 667 int n;
668 u_int c = 1, colspace = 0, columns = 1;
668 SFTP_DIRENT **d; 669 SFTP_DIRENT **d;
669 670
670 if ((n = do_readdir(conn, path, &d)) != 0) 671 if ((n = do_readdir(conn, path, &d)) != 0)
671 return (n); 672 return (n);
672 673
673 if (!(lflag & LS_SHORT_VIEW)) { 674 if (!(lflag & LS_SHORT_VIEW)) {
674 int m = 0, width = 80; 675 u_int m = 0, width = 80;
675 struct winsize ws; 676 struct winsize ws;
676 char *tmp; 677 char *tmp;
677 678
@@ -747,7 +748,7 @@ do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path,
747 int lflag) 748 int lflag)
748{ 749{
749 glob_t g; 750 glob_t g;
750 int i, c = 1, colspace = 0, columns = 1; 751 u_int i, c = 1, colspace = 0, columns = 1;
751 Attrib *a = NULL; 752 Attrib *a = NULL;
752 753
753 memset(&g, 0, sizeof(g)); 754 memset(&g, 0, sizeof(g));
@@ -783,7 +784,7 @@ do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path,
783 } 784 }
784 785
785 if (!(lflag & LS_SHORT_VIEW)) { 786 if (!(lflag & LS_SHORT_VIEW)) {
786 int m = 0, width = 80; 787 u_int m = 0, width = 80;
787 struct winsize ws; 788 struct winsize ws;
788 789
789 /* Count entries for sort and find longest filename */ 790 /* Count entries for sort and find longest filename */
@@ -1236,7 +1237,7 @@ interactive_loop(int fd_in, int fd_out, char *file1, char *file2)
1236 char *dir = NULL; 1237 char *dir = NULL;
1237 char cmd[2048]; 1238 char cmd[2048];
1238 struct sftp_conn *conn; 1239 struct sftp_conn *conn;
1239 int err; 1240 int err, interactive;
1240 EditLine *el = NULL; 1241 EditLine *el = NULL;
1241#ifdef USE_LIBEDIT 1242#ifdef USE_LIBEDIT
1242 History *hl = NULL; 1243 History *hl = NULL;
@@ -1294,14 +1295,15 @@ interactive_loop(int fd_in, int fd_out, char *file1, char *file2)
1294 xfree(dir); 1295 xfree(dir);
1295 } 1296 }
1296 1297
1297#if HAVE_SETVBUF 1298#if defined(HAVE_SETVBUF) && !defined(BROKEN_SETVBUF)
1298 setvbuf(stdout, NULL, _IOLBF, 0); 1299 setvbuf(stdout, NULL, _IOLBF, 0);
1299 setvbuf(infile, NULL, _IOLBF, 0); 1300 setvbuf(infile, NULL, _IOLBF, 0);
1300#else 1301#else
1301 setlinebuf(stdout); 1302 setlinebuf(stdout);
1302 setlinebuf(infile); 1303 setlinebuf(infile);
1303#endif 1304#endif
1304 1305
1306 interactive = !batchmode && isatty(STDIN_FILENO);
1305 err = 0; 1307 err = 0;
1306 for (;;) { 1308 for (;;) {
1307 char *cp; 1309 char *cp;
@@ -1309,20 +1311,28 @@ interactive_loop(int fd_in, int fd_out, char *file1, char *file2)
1309 signal(SIGINT, SIG_IGN); 1311 signal(SIGINT, SIG_IGN);
1310 1312
1311 if (el == NULL) { 1313 if (el == NULL) {
1312 printf("sftp> "); 1314 if (interactive)
1315 printf("sftp> ");
1313 if (fgets(cmd, sizeof(cmd), infile) == NULL) { 1316 if (fgets(cmd, sizeof(cmd), infile) == NULL) {
1314 printf("\n"); 1317 if (interactive)
1318 printf("\n");
1315 break; 1319 break;
1316 } 1320 }
1317 if (batchmode) /* Echo command */ 1321 if (!interactive) { /* Echo command */
1318 printf("%s", cmd); 1322 printf("sftp> %s", cmd);
1323 if (strlen(cmd) > 0 &&
1324 cmd[strlen(cmd) - 1] != '\n')
1325 printf("\n");
1326 }
1319 } else { 1327 } else {
1320#ifdef USE_LIBEDIT 1328#ifdef USE_LIBEDIT
1321 const char *line; 1329 const char *line;
1322 int count = 0; 1330 int count = 0;
1323 1331
1324 if ((line = el_gets(el, &count)) == NULL || count <= 0) 1332 if ((line = el_gets(el, &count)) == NULL || count <= 0) {
1325 break; 1333 printf("\n");
1334 break;
1335 }
1326 history(hl, &hev, H_ENTER, line); 1336 history(hl, &hev, H_ENTER, line);
1327 if (strlcpy(cmd, line, sizeof(cmd)) >= sizeof(cmd)) { 1337 if (strlcpy(cmd, line, sizeof(cmd)) >= sizeof(cmd)) {
1328 fprintf(stderr, "Error: input line too long\n"); 1338 fprintf(stderr, "Error: input line too long\n");
@@ -1345,6 +1355,11 @@ interactive_loop(int fd_in, int fd_out, char *file1, char *file2)
1345 } 1355 }
1346 xfree(pwd); 1356 xfree(pwd);
1347 1357
1358#ifdef USE_LIBEDIT
1359 if (el != NULL)
1360 el_end(el);
1361#endif /* USE_LIBEDIT */
1362
1348 /* err == 1 signifies normal "quit" exit */ 1363 /* err == 1 signifies normal "quit" exit */
1349 return (err >= 0 ? 0 : -1); 1364 return (err >= 0 ? 0 : -1);
1350} 1365}
@@ -1475,7 +1490,7 @@ main(int argc, char **argv)
1475 1490
1476 /* Allow "-" as stdin */ 1491 /* Allow "-" as stdin */
1477 if (strcmp(optarg, "-") != 0 && 1492 if (strcmp(optarg, "-") != 0 &&
1478 (infile = fopen(optarg, "r")) == NULL) 1493 (infile = fopen(optarg, "r")) == NULL)
1479 fatal("%s (%s).", strerror(errno), optarg); 1494 fatal("%s (%s).", strerror(errno), optarg);
1480 showprogress = 0; 1495 showprogress = 0;
1481 batchmode = 1; 1496 batchmode = 1;
@@ -1561,8 +1576,8 @@ main(int argc, char **argv)
1561 err = interactive_loop(in, out, file1, file2); 1576 err = interactive_loop(in, out, file1, file2);
1562 1577
1563#if !defined(USE_PIPES) 1578#if !defined(USE_PIPES)
1564 shutdown(in, SHUT_RDWR); 1579 shutdown(in, SHUT_RDWR);
1565 shutdown(out, SHUT_RDWR); 1580 shutdown(out, SHUT_RDWR);
1566#endif 1581#endif
1567 1582
1568 close(in); 1583 close(in);
diff --git a/ssh-add.0 b/ssh-add.0
index fba38887c..1c2455f9b 100644
--- a/ssh-add.0
+++ b/ssh-add.0
@@ -11,11 +11,11 @@ SYNOPSIS
11DESCRIPTION 11DESCRIPTION
12 ssh-add adds RSA or DSA identities to the authentication agent, 12 ssh-add adds RSA or DSA identities to the authentication agent,
13 ssh-agent(1). When run without arguments, it adds the files 13 ssh-agent(1). When run without arguments, it adds the files
14 $HOME/.ssh/id_rsa, $HOME/.ssh/id_dsa and $HOME/.ssh/identity. Alterna- 14 ~/.ssh/id_rsa, ~/.ssh/id_dsa and ~/.ssh/identity. Alternative file names
15 tive file names can be given on the command line. If any file requires a 15 can be given on the command line. If any file requires a passphrase,
16 passphrase, ssh-add asks for the passphrase from the user. The 16 ssh-add asks for the passphrase from the user. The passphrase is read
17 passphrase is read from the user's tty. ssh-add retries the last 17 from the user's tty. ssh-add retries the last passphrase if multiple
18 passphrase if multiple identity files are given. 18 identity files are given.
19 19
20 The authentication agent must be running and the SSH_AUTH_SOCK environ- 20 The authentication agent must be running and the SSH_AUTH_SOCK environ-
21 ment variable must contain the name of its socket for ssh-add to work. 21 ment variable must contain the name of its socket for ssh-add to work.
@@ -70,15 +70,15 @@ ENVIRONMENT
70 with the agent. 70 with the agent.
71 71
72FILES 72FILES
73 $HOME/.ssh/identity 73 ~/.ssh/identity
74 Contains the protocol version 1 RSA authentication identity of 74 Contains the protocol version 1 RSA authentication identity of
75 the user. 75 the user.
76 76
77 $HOME/.ssh/id_dsa 77 ~/.ssh/id_dsa
78 Contains the protocol version 2 DSA authentication identity of 78 Contains the protocol version 2 DSA authentication identity of
79 the user. 79 the user.
80 80
81 $HOME/.ssh/id_rsa 81 ~/.ssh/id_rsa
82 Contains the protocol version 2 RSA authentication identity of 82 Contains the protocol version 2 RSA authentication identity of
83 the user. 83 the user.
84 84
@@ -99,4 +99,4 @@ AUTHORS
99 ated OpenSSH. Markus Friedl contributed the support for SSH protocol 99 ated OpenSSH. Markus Friedl contributed the support for SSH protocol
100 versions 1.5 and 2.0. 100 versions 1.5 and 2.0.
101 101
102OpenBSD 3.7 September 25, 1999 2 102OpenBSD 3.8 September 25, 1999 2
diff --git a/ssh-add.1 b/ssh-add.1
index 1f3df5bec..327fcddae 100644
--- a/ssh-add.1
+++ b/ssh-add.1
@@ -1,4 +1,4 @@
1.\" $OpenBSD: ssh-add.1,v 1.42 2005/03/01 17:32:19 jmc Exp $ 1.\" $OpenBSD: ssh-add.1,v 1.43 2005/04/21 06:17:50 djm Exp $
2.\" 2.\"
3.\" -*- nroff -*- 3.\" -*- nroff -*-
4.\" 4.\"
@@ -57,10 +57,10 @@
57adds RSA or DSA identities to the authentication agent, 57adds RSA or DSA identities to the authentication agent,
58.Xr ssh-agent 1 . 58.Xr ssh-agent 1 .
59When run without arguments, it adds the files 59When run without arguments, it adds the files
60.Pa $HOME/.ssh/id_rsa , 60.Pa ~/.ssh/id_rsa ,
61.Pa $HOME/.ssh/id_dsa 61.Pa ~/.ssh/id_dsa
62and 62and
63.Pa $HOME/.ssh/identity . 63.Pa ~/.ssh/identity .
64Alternative file names can be given on the command line. 64Alternative file names can be given on the command line.
65If any file requires a passphrase, 65If any file requires a passphrase,
66.Nm 66.Nm
@@ -142,11 +142,11 @@ agent.
142.El 142.El
143.Sh FILES 143.Sh FILES
144.Bl -tag -width Ds 144.Bl -tag -width Ds
145.It Pa $HOME/.ssh/identity 145.It Pa ~/.ssh/identity
146Contains the protocol version 1 RSA authentication identity of the user. 146Contains the protocol version 1 RSA authentication identity of the user.
147.It Pa $HOME/.ssh/id_dsa 147.It Pa ~/.ssh/id_dsa
148Contains the protocol version 2 DSA authentication identity of the user. 148Contains the protocol version 2 DSA authentication identity of the user.
149.It Pa $HOME/.ssh/id_rsa 149.It Pa ~/.ssh/id_rsa
150Contains the protocol version 2 RSA authentication identity of the user. 150Contains the protocol version 2 RSA authentication identity of the user.
151.El 151.El
152.Pp 152.Pp
diff --git a/ssh-add.c b/ssh-add.c
index a796647a7..a3428769c 100644
--- a/ssh-add.c
+++ b/ssh-add.c
@@ -35,7 +35,7 @@
35 */ 35 */
36 36
37#include "includes.h" 37#include "includes.h"
38RCSID("$OpenBSD: ssh-add.c,v 1.71 2005/03/10 22:01:06 deraadt Exp $"); 38RCSID("$OpenBSD: ssh-add.c,v 1.72 2005/07/17 07:17:55 djm Exp $");
39 39
40#include <openssl/evp.h> 40#include <openssl/evp.h>
41 41
@@ -145,7 +145,7 @@ add_file(AuthenticationConnection *ac, const char *filename)
145 /* clear passphrase since it did not work */ 145 /* clear passphrase since it did not work */
146 clear_pass(); 146 clear_pass();
147 snprintf(msg, sizeof msg, "Enter passphrase for %.200s: ", 147 snprintf(msg, sizeof msg, "Enter passphrase for %.200s: ",
148 comment); 148 comment);
149 for (;;) { 149 for (;;) {
150 pass = read_passphrase(msg, RP_ALLOW_STDIN); 150 pass = read_passphrase(msg, RP_ALLOW_STDIN);
151 if (strcmp(pass, "") == 0) { 151 if (strcmp(pass, "") == 0) {
diff --git a/ssh-agent.0 b/ssh-agent.0
index 34da0a941..8490a9da8 100644
--- a/ssh-agent.0
+++ b/ssh-agent.0
@@ -45,13 +45,12 @@ DESCRIPTION
45 45
46 The agent initially does not have any private keys. Keys are added using 46 The agent initially does not have any private keys. Keys are added using
47 ssh-add(1). When executed without arguments, ssh-add(1) adds the files 47 ssh-add(1). When executed without arguments, ssh-add(1) adds the files
48 $HOME/.ssh/id_rsa, $HOME/.ssh/id_dsa and $HOME/.ssh/identity. If the 48 ~/.ssh/id_rsa, ~/.ssh/id_dsa and ~/.ssh/identity. If the identity has a
49 identity has a passphrase, ssh-add(1) asks for the passphrase (using a 49 passphrase, ssh-add(1) asks for the passphrase (using a small X11 appli-
50 small X11 application if running under X11, or from the terminal if run- 50 cation if running under X11, or from the terminal if running without X).
51 ning without X). It then sends the identity to the agent. Several iden- 51 It then sends the identity to the agent. Several identities can be
52 tities can be stored in the agent; the agent can automatically use any of 52 stored in the agent; the agent can automatically use any of these identi-
53 these identities. ssh-add -l displays the identities currently held by 53 ties. ssh-add -l displays the identities currently held by the agent.
54 the agent.
55 54
56 The idea is that the agent is run in the user's local PC, laptop, or ter- 55 The idea is that the agent is run in the user's local PC, laptop, or ter-
57 minal. Authentication data need not be stored on any other machine, and 56 minal. Authentication data need not be stored on any other machine, and
@@ -87,15 +86,15 @@ DESCRIPTION
87 terminates. 86 terminates.
88 87
89FILES 88FILES
90 $HOME/.ssh/identity 89 ~/.ssh/identity
91 Contains the protocol version 1 RSA authentication identity of 90 Contains the protocol version 1 RSA authentication identity of
92 the user. 91 the user.
93 92
94 $HOME/.ssh/id_dsa 93 ~/.ssh/id_dsa
95 Contains the protocol version 2 DSA authentication identity of 94 Contains the protocol version 2 DSA authentication identity of
96 the user. 95 the user.
97 96
98 $HOME/.ssh/id_rsa 97 ~/.ssh/id_rsa
99 Contains the protocol version 2 RSA authentication identity of 98 Contains the protocol version 2 RSA authentication identity of
100 the user. 99 the user.
101 100
@@ -115,4 +114,4 @@ AUTHORS
115 ated OpenSSH. Markus Friedl contributed the support for SSH protocol 114 ated OpenSSH. Markus Friedl contributed the support for SSH protocol
116 versions 1.5 and 2.0. 115 versions 1.5 and 2.0.
117 116
118OpenBSD 3.7 September 25, 1999 2 117OpenBSD 3.8 September 25, 1999 2
diff --git a/ssh-agent.1 b/ssh-agent.1
index 226804e5f..741cf4bd1 100644
--- a/ssh-agent.1
+++ b/ssh-agent.1
@@ -1,4 +1,4 @@
1.\" $OpenBSD: ssh-agent.1,v 1.41 2004/07/11 17:48:47 deraadt Exp $ 1.\" $OpenBSD: ssh-agent.1,v 1.42 2005/04/21 06:17:50 djm Exp $
2.\" 2.\"
3.\" Author: Tatu Ylonen <ylo@cs.hut.fi> 3.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
4.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -111,10 +111,10 @@ Keys are added using
111When executed without arguments, 111When executed without arguments,
112.Xr ssh-add 1 112.Xr ssh-add 1
113adds the files 113adds the files
114.Pa $HOME/.ssh/id_rsa , 114.Pa ~/.ssh/id_rsa ,
115.Pa $HOME/.ssh/id_dsa 115.Pa ~/.ssh/id_dsa
116and 116and
117.Pa $HOME/.ssh/identity . 117.Pa ~/.ssh/identity .
118If the identity has a passphrase, 118If the identity has a passphrase,
119.Xr ssh-add 1 119.Xr ssh-add 1
120asks for the passphrase (using a small X11 application if running 120asks for the passphrase (using a small X11 application if running
@@ -179,11 +179,11 @@ The agent exits automatically when the command given on the command
179line terminates. 179line terminates.
180.Sh FILES 180.Sh FILES
181.Bl -tag -width Ds 181.Bl -tag -width Ds
182.It Pa $HOME/.ssh/identity 182.It Pa ~/.ssh/identity
183Contains the protocol version 1 RSA authentication identity of the user. 183Contains the protocol version 1 RSA authentication identity of the user.
184.It Pa $HOME/.ssh/id_dsa 184.It Pa ~/.ssh/id_dsa
185Contains the protocol version 2 DSA authentication identity of the user. 185Contains the protocol version 2 DSA authentication identity of the user.
186.It Pa $HOME/.ssh/id_rsa 186.It Pa ~/.ssh/id_rsa
187Contains the protocol version 2 RSA authentication identity of the user. 187Contains the protocol version 2 RSA authentication identity of the user.
188.It Pa /tmp/ssh-XXXXXXXX/agent.<ppid> 188.It Pa /tmp/ssh-XXXXXXXX/agent.<ppid>
189Unix-domain sockets used to contain the connection to the 189Unix-domain sockets used to contain the connection to the
diff --git a/ssh-keygen.0 b/ssh-keygen.0
index dd251e4bc..de651e9c4 100644
--- a/ssh-keygen.0
+++ b/ssh-keygen.0
@@ -33,9 +33,9 @@ DESCRIPTION
33 group exchange (DH-GEX). See the MODULI GENERATION section for details. 33 group exchange (DH-GEX). See the MODULI GENERATION section for details.
34 34
35 Normally each user wishing to use SSH with RSA or DSA authentication runs 35 Normally each user wishing to use SSH with RSA or DSA authentication runs
36 this once to create the authentication key in $HOME/.ssh/identity, 36 this once to create the authentication key in ~/.ssh/identity,
37 $HOME/.ssh/id_dsa or $HOME/.ssh/id_rsa. Additionally, the system admin- 37 ~/.ssh/id_dsa or ~/.ssh/id_rsa. Additionally, the system administrator
38 istrator may use this to generate host keys, as seen in /etc/rc. 38 may use this to generate host keys, as seen in /etc/rc.
39 39
40 Normally this program generates the key and asks for a file in which to 40 Normally this program generates the key and asks for a file in which to
41 store the private key. The public key is stored in a file with the same 41 store the private key. The public key is stored in a file with the same
@@ -75,8 +75,8 @@ DESCRIPTION
75 75
76 -b bits 76 -b bits
77 Specifies the number of bits in the key to create. Minimum is 77 Specifies the number of bits in the key to create. Minimum is
78 512 bits. Generally, 1024 bits is considered sufficient. The 78 512 bits. Generally, 2048 bits is considered sufficient. The
79 default is 1024 bits. 79 default is 2048 bits.
80 80
81 -C comment 81 -C comment
82 Provides a new comment. 82 Provides a new comment.
@@ -217,7 +217,7 @@ MODULI GENERATION
217 a connection share common moduli. 217 a connection share common moduli.
218 218
219FILES 219FILES
220 $HOME/.ssh/identity 220 ~/.ssh/identity
221 Contains the protocol version 1 RSA authentication identity of 221 Contains the protocol version 1 RSA authentication identity of
222 the user. This file should not be readable by anyone but the us- 222 the user. This file should not be readable by anyone but the us-
223 er. It is possible to specify a passphrase when generating the 223 er. It is possible to specify a passphrase when generating the
@@ -226,14 +226,14 @@ FILES
226 ssh-keygen but it is offered as the default file for the private 226 ssh-keygen but it is offered as the default file for the private
227 key. ssh(1) will read this file when a login attempt is made. 227 key. ssh(1) will read this file when a login attempt is made.
228 228
229 $HOME/.ssh/identity.pub 229 ~/.ssh/identity.pub
230 Contains the protocol version 1 RSA public key for authentica- 230 Contains the protocol version 1 RSA public key for authentica-
231 tion. The contents of this file should be added to 231 tion. The contents of this file should be added to
232 $HOME/.ssh/authorized_keys on all machines where the user wishes 232 ~/.ssh/authorized_keys on all machines where the user wishes to
233 to log in using RSA authentication. There is no need to keep the 233 log in using RSA authentication. There is no need to keep the
234 contents of this file secret. 234 contents of this file secret.
235 235
236 $HOME/.ssh/id_dsa 236 ~/.ssh/id_dsa
237 Contains the protocol version 2 DSA authentication identity of 237 Contains the protocol version 2 DSA authentication identity of
238 the user. This file should not be readable by anyone but the us- 238 the user. This file should not be readable by anyone but the us-
239 er. It is possible to specify a passphrase when generating the 239 er. It is possible to specify a passphrase when generating the
@@ -242,14 +242,14 @@ FILES
242 ssh-keygen but it is offered as the default file for the private 242 ssh-keygen but it is offered as the default file for the private
243 key. ssh(1) will read this file when a login attempt is made. 243 key. ssh(1) will read this file when a login attempt is made.
244 244
245 $HOME/.ssh/id_dsa.pub 245 ~/.ssh/id_dsa.pub
246 Contains the protocol version 2 DSA public key for authentica- 246 Contains the protocol version 2 DSA public key for authentica-
247 tion. The contents of this file should be added to 247 tion. The contents of this file should be added to
248 $HOME/.ssh/authorized_keys on all machines where the user wishes 248 ~/.ssh/authorized_keys on all machines where the user wishes to
249 to log in using public key authentication. There is no need to 249 log in using public key authentication. There is no need to keep
250 keep the contents of this file secret. 250 the contents of this file secret.
251 251
252 $HOME/.ssh/id_rsa 252 ~/.ssh/id_rsa
253 Contains the protocol version 2 RSA authentication identity of 253 Contains the protocol version 2 RSA authentication identity of
254 the user. This file should not be readable by anyone but the us- 254 the user. This file should not be readable by anyone but the us-
255 er. It is possible to specify a passphrase when generating the 255 er. It is possible to specify a passphrase when generating the
@@ -258,12 +258,12 @@ FILES
258 ssh-keygen but it is offered as the default file for the private 258 ssh-keygen but it is offered as the default file for the private
259 key. ssh(1) will read this file when a login attempt is made. 259 key. ssh(1) will read this file when a login attempt is made.
260 260
261 $HOME/.ssh/id_rsa.pub 261 ~/.ssh/id_rsa.pub
262 Contains the protocol version 2 RSA public key for authentica- 262 Contains the protocol version 2 RSA public key for authentica-
263 tion. The contents of this file should be added to 263 tion. The contents of this file should be added to
264 $HOME/.ssh/authorized_keys on all machines where the user wishes 264 ~/.ssh/authorized_keys on all machines where the user wishes to
265 to log in using public key authentication. There is no need to 265 log in using public key authentication. There is no need to keep
266 keep the contents of this file secret. 266 the contents of this file secret.
267 267
268 /etc/moduli 268 /etc/moduli
269 Contains Diffie-Hellman groups used for DH-GEX. The file format 269 Contains Diffie-Hellman groups used for DH-GEX. The file format
@@ -282,4 +282,4 @@ AUTHORS
282 created OpenSSH. Markus Friedl contributed the support for SSH protocol 282 created OpenSSH. Markus Friedl contributed the support for SSH protocol
283 versions 1.5 and 2.0. 283 versions 1.5 and 2.0.
284 284
285OpenBSD 3.7 September 25, 1999 5 285OpenBSD 3.8 September 25, 1999 5
diff --git a/ssh-keygen.1 b/ssh-keygen.1
index c14eed14e..5454d00ce 100644
--- a/ssh-keygen.1
+++ b/ssh-keygen.1
@@ -1,4 +1,4 @@
1.\" $OpenBSD: ssh-keygen.1,v 1.67 2005/03/14 10:09:03 dtucker Exp $ 1.\" $OpenBSD: ssh-keygen.1,v 1.69 2005/06/08 03:50:00 djm Exp $
2.\" 2.\"
3.\" -*- nroff -*- 3.\" -*- nroff -*-
4.\" 4.\"
@@ -129,10 +129,10 @@ section for details.
129Normally each user wishing to use SSH 129Normally each user wishing to use SSH
130with RSA or DSA authentication runs this once to create the authentication 130with RSA or DSA authentication runs this once to create the authentication
131key in 131key in
132.Pa $HOME/.ssh/identity , 132.Pa ~/.ssh/identity ,
133.Pa $HOME/.ssh/id_dsa 133.Pa ~/.ssh/id_dsa
134or 134or
135.Pa $HOME/.ssh/id_rsa . 135.Pa ~/.ssh/id_rsa .
136Additionally, the system administrator may use this to generate host keys, 136Additionally, the system administrator may use this to generate host keys,
137as seen in 137as seen in
138.Pa /etc/rc . 138.Pa /etc/rc .
@@ -188,8 +188,8 @@ Show the bubblebabble digest of specified private or public key file.
188.It Fl b Ar bits 188.It Fl b Ar bits
189Specifies the number of bits in the key to create. 189Specifies the number of bits in the key to create.
190Minimum is 512 bits. 190Minimum is 512 bits.
191Generally, 1024 bits is considered sufficient. 191Generally, 2048 bits is considered sufficient.
192The default is 1024 bits. 192The default is 2048 bits.
193.It Fl C Ar comment 193.It Fl C Ar comment
194Provides a new comment. 194Provides a new comment.
195.It Fl c 195.It Fl c
@@ -381,7 +381,7 @@ It is important that this file contains moduli of a range of bit lengths and
381that both ends of a connection share common moduli. 381that both ends of a connection share common moduli.
382.Sh FILES 382.Sh FILES
383.Bl -tag -width Ds 383.Bl -tag -width Ds
384.It Pa $HOME/.ssh/identity 384.It Pa ~/.ssh/identity
385Contains the protocol version 1 RSA authentication identity of the user. 385Contains the protocol version 1 RSA authentication identity of the user.
386This file should not be readable by anyone but the user. 386This file should not be readable by anyone but the user.
387It is possible to 387It is possible to
@@ -392,14 +392,14 @@ This file is not automatically accessed by
392but it is offered as the default file for the private key. 392but it is offered as the default file for the private key.
393.Xr ssh 1 393.Xr ssh 1
394will read this file when a login attempt is made. 394will read this file when a login attempt is made.
395.It Pa $HOME/.ssh/identity.pub 395.It Pa ~/.ssh/identity.pub
396Contains the protocol version 1 RSA public key for authentication. 396Contains the protocol version 1 RSA public key for authentication.
397The contents of this file should be added to 397The contents of this file should be added to
398.Pa $HOME/.ssh/authorized_keys 398.Pa ~/.ssh/authorized_keys
399on all machines 399on all machines
400where the user wishes to log in using RSA authentication. 400where the user wishes to log in using RSA authentication.
401There is no need to keep the contents of this file secret. 401There is no need to keep the contents of this file secret.
402.It Pa $HOME/.ssh/id_dsa 402.It Pa ~/.ssh/id_dsa
403Contains the protocol version 2 DSA authentication identity of the user. 403Contains the protocol version 2 DSA authentication identity of the user.
404This file should not be readable by anyone but the user. 404This file should not be readable by anyone but the user.
405It is possible to 405It is possible to
@@ -410,14 +410,14 @@ This file is not automatically accessed by
410but it is offered as the default file for the private key. 410but it is offered as the default file for the private key.
411.Xr ssh 1 411.Xr ssh 1
412will read this file when a login attempt is made. 412will read this file when a login attempt is made.
413.It Pa $HOME/.ssh/id_dsa.pub 413.It Pa ~/.ssh/id_dsa.pub
414Contains the protocol version 2 DSA public key for authentication. 414Contains the protocol version 2 DSA public key for authentication.
415The contents of this file should be added to 415The contents of this file should be added to
416.Pa $HOME/.ssh/authorized_keys 416.Pa ~/.ssh/authorized_keys
417on all machines 417on all machines
418where the user wishes to log in using public key authentication. 418where the user wishes to log in using public key authentication.
419There is no need to keep the contents of this file secret. 419There is no need to keep the contents of this file secret.
420.It Pa $HOME/.ssh/id_rsa 420.It Pa ~/.ssh/id_rsa
421Contains the protocol version 2 RSA authentication identity of the user. 421Contains the protocol version 2 RSA authentication identity of the user.
422This file should not be readable by anyone but the user. 422This file should not be readable by anyone but the user.
423It is possible to 423It is possible to
@@ -428,10 +428,10 @@ This file is not automatically accessed by
428but it is offered as the default file for the private key. 428but it is offered as the default file for the private key.
429.Xr ssh 1 429.Xr ssh 1
430will read this file when a login attempt is made. 430will read this file when a login attempt is made.
431.It Pa $HOME/.ssh/id_rsa.pub 431.It Pa ~/.ssh/id_rsa.pub
432Contains the protocol version 2 RSA public key for authentication. 432Contains the protocol version 2 RSA public key for authentication.
433The contents of this file should be added to 433The contents of this file should be added to
434.Pa $HOME/.ssh/authorized_keys 434.Pa ~/.ssh/authorized_keys
435on all machines 435on all machines
436where the user wishes to log in using public key authentication. 436where the user wishes to log in using public key authentication.
437There is no need to keep the contents of this file secret. 437There is no need to keep the contents of this file secret.
diff --git a/ssh-keygen.c b/ssh-keygen.c
index 92885506a..b17851946 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -12,7 +12,7 @@
12 */ 12 */
13 13
14#include "includes.h" 14#include "includes.h"
15RCSID("$OpenBSD: ssh-keygen.c,v 1.122 2005/03/11 14:59:06 markus Exp $"); 15RCSID("$OpenBSD: ssh-keygen.c,v 1.128 2005/07/17 07:17:55 djm Exp $");
16 16
17#include <openssl/evp.h> 17#include <openssl/evp.h>
18#include <openssl/pem.h> 18#include <openssl/pem.h>
@@ -36,7 +36,7 @@ RCSID("$OpenBSD: ssh-keygen.c,v 1.122 2005/03/11 14:59:06 markus Exp $");
36#include "dns.h" 36#include "dns.h"
37 37
38/* Number of bits in the RSA/DSA key. This value can be changed on the command line. */ 38/* Number of bits in the RSA/DSA key. This value can be changed on the command line. */
39int bits = 1024; 39u_int32_t bits = 2048;
40 40
41/* 41/*
42 * Flag indicating that we just want to change the passphrase. This can be 42 * Flag indicating that we just want to change the passphrase. This can be
@@ -90,7 +90,7 @@ extern char *__progname;
90char hostname[MAXHOSTNAMELEN]; 90char hostname[MAXHOSTNAMELEN];
91 91
92/* moduli.c */ 92/* moduli.c */
93int gen_candidates(FILE *, int, int, BIGNUM *); 93int gen_candidates(FILE *, u_int32_t, u_int32_t, BIGNUM *);
94int prime_test(FILE *, FILE *, u_int32_t, u_int32_t); 94int prime_test(FILE *, FILE *, u_int32_t, u_int32_t);
95 95
96static void 96static void
@@ -738,7 +738,7 @@ do_known_hosts(struct passwd *pw, const char *name)
738 fprintf(stderr, "WARNING: %s contains unhashed " 738 fprintf(stderr, "WARNING: %s contains unhashed "
739 "entries\n", old); 739 "entries\n", old);
740 fprintf(stderr, "Delete this file to ensure privacy " 740 fprintf(stderr, "Delete this file to ensure privacy "
741 "of hostnames\n"); 741 "of hostnames\n");
742 } 742 }
743 } 743 }
744 744
@@ -959,31 +959,38 @@ usage(void)
959{ 959{
960 fprintf(stderr, "Usage: %s [options]\n", __progname); 960 fprintf(stderr, "Usage: %s [options]\n", __progname);
961 fprintf(stderr, "Options:\n"); 961 fprintf(stderr, "Options:\n");
962 fprintf(stderr, " -a trials Number of trials for screening DH-GEX moduli.\n");
963 fprintf(stderr, " -B Show bubblebabble digest of key file.\n");
962 fprintf(stderr, " -b bits Number of bits in the key to create.\n"); 964 fprintf(stderr, " -b bits Number of bits in the key to create.\n");
965 fprintf(stderr, " -C comment Provide new comment.\n");
963 fprintf(stderr, " -c Change comment in private and public key files.\n"); 966 fprintf(stderr, " -c Change comment in private and public key files.\n");
967#ifdef SMARTCARD
968 fprintf(stderr, " -D reader Download public key from smartcard.\n");
969#endif /* SMARTCARD */
964 fprintf(stderr, " -e Convert OpenSSH to IETF SECSH key file.\n"); 970 fprintf(stderr, " -e Convert OpenSSH to IETF SECSH key file.\n");
971 fprintf(stderr, " -F hostname Find hostname in known hosts file.\n");
965 fprintf(stderr, " -f filename Filename of the key file.\n"); 972 fprintf(stderr, " -f filename Filename of the key file.\n");
973 fprintf(stderr, " -G file Generate candidates for DH-GEX moduli.\n");
966 fprintf(stderr, " -g Use generic DNS resource record format.\n"); 974 fprintf(stderr, " -g Use generic DNS resource record format.\n");
975 fprintf(stderr, " -H Hash names in known_hosts file.\n");
967 fprintf(stderr, " -i Convert IETF SECSH to OpenSSH key file.\n"); 976 fprintf(stderr, " -i Convert IETF SECSH to OpenSSH key file.\n");
968 fprintf(stderr, " -l Show fingerprint of key file.\n"); 977 fprintf(stderr, " -l Show fingerprint of key file.\n");
969 fprintf(stderr, " -p Change passphrase of private key file.\n"); 978 fprintf(stderr, " -M memory Amount of memory (MB) to use for generating DH-GEX moduli.\n");
970 fprintf(stderr, " -q Quiet.\n");
971 fprintf(stderr, " -y Read private key file and print public key.\n");
972 fprintf(stderr, " -t type Specify type of key to create.\n");
973 fprintf(stderr, " -B Show bubblebabble digest of key file.\n");
974 fprintf(stderr, " -H Hash names in known_hosts file\n");
975 fprintf(stderr, " -F hostname Find hostname in known hosts file\n");
976 fprintf(stderr, " -C comment Provide new comment.\n");
977 fprintf(stderr, " -N phrase Provide new passphrase.\n"); 979 fprintf(stderr, " -N phrase Provide new passphrase.\n");
978 fprintf(stderr, " -P phrase Provide old passphrase.\n"); 980 fprintf(stderr, " -P phrase Provide old passphrase.\n");
981 fprintf(stderr, " -p Change passphrase of private key file.\n");
982 fprintf(stderr, " -q Quiet.\n");
983 fprintf(stderr, " -R hostname Remove host from known_hosts file.\n");
979 fprintf(stderr, " -r hostname Print DNS resource record.\n"); 984 fprintf(stderr, " -r hostname Print DNS resource record.\n");
985 fprintf(stderr, " -S start Start point (hex) for generating DH-GEX moduli.\n");
986 fprintf(stderr, " -T file Screen candidates for DH-GEX moduli.\n");
987 fprintf(stderr, " -t type Specify type of key to create.\n");
980#ifdef SMARTCARD 988#ifdef SMARTCARD
981 fprintf(stderr, " -D reader Download public key from smartcard.\n");
982 fprintf(stderr, " -U reader Upload private key to smartcard.\n"); 989 fprintf(stderr, " -U reader Upload private key to smartcard.\n");
983#endif /* SMARTCARD */ 990#endif /* SMARTCARD */
984 991 fprintf(stderr, " -v Verbose.\n");
985 fprintf(stderr, " -G file Generate candidates for DH-GEX moduli\n"); 992 fprintf(stderr, " -W gen Generator to use for generating DH-GEX moduli.\n");
986 fprintf(stderr, " -T file Screen candidates for DH-GEX moduli\n"); 993 fprintf(stderr, " -y Read private key file and print public key.\n");
987 994
988 exit(1); 995 exit(1);
989} 996}
@@ -1000,12 +1007,13 @@ main(int ac, char **av)
1000 Key *private, *public; 1007 Key *private, *public;
1001 struct passwd *pw; 1008 struct passwd *pw;
1002 struct stat st; 1009 struct stat st;
1003 int opt, type, fd, download = 0, memory = 0; 1010 int opt, type, fd, download = 0;
1004 int generator_wanted = 0, trials = 100; 1011 u_int32_t memory = 0, generator_wanted = 0, trials = 100;
1005 int do_gen_candidates = 0, do_screen_candidates = 0; 1012 int do_gen_candidates = 0, do_screen_candidates = 0;
1006 int log_level = SYSLOG_LEVEL_INFO; 1013 int log_level = SYSLOG_LEVEL_INFO;
1007 BIGNUM *start = NULL; 1014 BIGNUM *start = NULL;
1008 FILE *f; 1015 FILE *f;
1016 const char *errstr;
1009 1017
1010 extern int optind; 1018 extern int optind;
1011 extern char *optarg; 1019 extern char *optarg;
@@ -1033,11 +1041,10 @@ main(int ac, char **av)
1033 "degiqpclBHvxXyF:b:f:t:U:D:P:N:C:r:g:R:T:G:M:S:a:W:")) != -1) { 1041 "degiqpclBHvxXyF:b:f:t:U:D:P:N:C:r:g:R:T:G:M:S:a:W:")) != -1) {
1034 switch (opt) { 1042 switch (opt) {
1035 case 'b': 1043 case 'b':
1036 bits = atoi(optarg); 1044 bits = strtonum(optarg, 512, 32768, &errstr);
1037 if (bits < 512 || bits > 32768) { 1045 if (errstr)
1038 printf("Bits has bad value.\n"); 1046 fatal("Bits has bad value %s (%s)",
1039 exit(1); 1047 optarg, errstr);
1040 }
1041 break; 1048 break;
1042 case 'F': 1049 case 'F':
1043 find_host = 1; 1050 find_host = 1;
@@ -1063,7 +1070,9 @@ main(int ac, char **av)
1063 change_comment = 1; 1070 change_comment = 1;
1064 break; 1071 break;
1065 case 'f': 1072 case 'f':
1066 strlcpy(identity_file, optarg, sizeof(identity_file)); 1073 if (strlcpy(identity_file, optarg, sizeof(identity_file)) >=
1074 sizeof(identity_file))
1075 fatal("Identity filename too long");
1067 have_identity = 1; 1076 have_identity = 1;
1068 break; 1077 break;
1069 case 'g': 1078 case 'g':
@@ -1118,23 +1127,34 @@ main(int ac, char **av)
1118 rr_hostname = optarg; 1127 rr_hostname = optarg;
1119 break; 1128 break;
1120 case 'W': 1129 case 'W':
1121 generator_wanted = atoi(optarg); 1130 generator_wanted = strtonum(optarg, 1, UINT_MAX, &errstr);
1122 if (generator_wanted < 1) 1131 if (errstr)
1123 fatal("Desired generator has bad value."); 1132 fatal("Desired generator has bad value: %s (%s)",
1133 optarg, errstr);
1124 break; 1134 break;
1125 case 'a': 1135 case 'a':
1126 trials = atoi(optarg); 1136 trials = strtonum(optarg, 1, UINT_MAX, &errstr);
1137 if (errstr)
1138 fatal("Invalid number of trials: %s (%s)",
1139 optarg, errstr);
1127 break; 1140 break;
1128 case 'M': 1141 case 'M':
1129 memory = atoi(optarg); 1142 memory = strtonum(optarg, 1, UINT_MAX, &errstr);
1143 if (errstr) {
1144 fatal("Memory limit is %s: %s", errstr, optarg);
1145 }
1130 break; 1146 break;
1131 case 'G': 1147 case 'G':
1132 do_gen_candidates = 1; 1148 do_gen_candidates = 1;
1133 strlcpy(out_file, optarg, sizeof(out_file)); 1149 if (strlcpy(out_file, optarg, sizeof(out_file)) >=
1150 sizeof(out_file))
1151 fatal("Output filename too long");
1134 break; 1152 break;
1135 case 'T': 1153 case 'T':
1136 do_screen_candidates = 1; 1154 do_screen_candidates = 1;
1137 strlcpy(out_file, optarg, sizeof(out_file)); 1155 if (strlcpy(out_file, optarg, sizeof(out_file)) >=
1156 sizeof(out_file))
1157 fatal("Output filename too long");
1138 break; 1158 break;
1139 case 'S': 1159 case 'S':
1140 /* XXX - also compare length against bits */ 1160 /* XXX - also compare length against bits */
diff --git a/ssh-keyscan.0 b/ssh-keyscan.0
index eb55a017c..b365148e4 100644
--- a/ssh-keyscan.0
+++ b/ssh-keyscan.0
@@ -104,4 +104,4 @@ BUGS
104 This is because it opens a connection to the ssh port, reads the public 104 This is because it opens a connection to the ssh port, reads the public
105 key, and drops the connection as soon as it gets the key. 105 key, and drops the connection as soon as it gets the key.
106 106
107OpenBSD 3.7 January 1, 1996 2 107OpenBSD 3.8 January 1, 1996 2
diff --git a/ssh-keyscan.c b/ssh-keyscan.c
index 7d10c6c3e..64eecfb9a 100644
--- a/ssh-keyscan.c
+++ b/ssh-keyscan.c
@@ -7,7 +7,7 @@
7 */ 7 */
8 8
9#include "includes.h" 9#include "includes.h"
10RCSID("$OpenBSD: ssh-keyscan.c,v 1.52 2005/03/01 15:47:14 jmc Exp $"); 10RCSID("$OpenBSD: ssh-keyscan.c,v 1.55 2005/06/17 02:44:33 djm Exp $");
11 11
12#include "openbsd-compat/sys-queue.h" 12#include "openbsd-compat/sys-queue.h"
13 13
@@ -166,7 +166,7 @@ Linebuf_lineno(Linebuf * lb)
166static char * 166static char *
167Linebuf_getline(Linebuf * lb) 167Linebuf_getline(Linebuf * lb)
168{ 168{
169 int n = 0; 169 size_t n = 0;
170 void *p; 170 void *p;
171 171
172 lb->lineno++; 172 lb->lineno++;
@@ -493,7 +493,7 @@ conrecycle(int s)
493static void 493static void
494congreet(int s) 494congreet(int s)
495{ 495{
496 int remote_major = 0, remote_minor = 0, n = 0; 496 int n = 0, remote_major = 0, remote_minor = 0;
497 char buf[256], *cp; 497 char buf[256], *cp;
498 char remote_version[sizeof buf]; 498 char remote_version[sizeof buf];
499 size_t bufsiz; 499 size_t bufsiz;
@@ -506,14 +506,17 @@ congreet(int s)
506 *cp = '\n'; 506 *cp = '\n';
507 cp++; 507 cp++;
508 } 508 }
509 if (n < 0) {
510 if (errno != ECONNREFUSED)
511 error("read (%s): %s", c->c_name, strerror(errno));
512 conrecycle(s);
513 return;
514 }
515 if (n == 0) { 509 if (n == 0) {
516 error("%s: Connection closed by remote host", c->c_name); 510 switch (errno) {
511 case EPIPE:
512 error("%s: Connection closed by remote host", c->c_name);
513 break;
514 case ECONNREFUSED:
515 break;
516 default:
517 error("read (%s): %s", c->c_name, strerror(errno));
518 break;
519 }
517 conrecycle(s); 520 conrecycle(s);
518 return; 521 return;
519 } 522 }
@@ -543,7 +546,12 @@ congreet(int s)
543 n = snprintf(buf, sizeof buf, "SSH-%d.%d-OpenSSH-keyscan\r\n", 546 n = snprintf(buf, sizeof buf, "SSH-%d.%d-OpenSSH-keyscan\r\n",
544 c->c_keytype == KT_RSA1? PROTOCOL_MAJOR_1 : PROTOCOL_MAJOR_2, 547 c->c_keytype == KT_RSA1? PROTOCOL_MAJOR_1 : PROTOCOL_MAJOR_2,
545 c->c_keytype == KT_RSA1? PROTOCOL_MINOR_1 : PROTOCOL_MINOR_2); 548 c->c_keytype == KT_RSA1? PROTOCOL_MINOR_1 : PROTOCOL_MINOR_2);
546 if (atomicio(vwrite, s, buf, n) != n) { 549 if (n < 0 || (size_t)n >= sizeof(buf)) {
550 error("snprintf: buffer too small");
551 confree(s);
552 return;
553 }
554 if (atomicio(vwrite, s, buf, n) != (size_t)n) {
547 error("write (%s): %s", c->c_name, strerror(errno)); 555 error("write (%s): %s", c->c_name, strerror(errno));
548 confree(s); 556 confree(s);
549 return; 557 return;
@@ -561,14 +569,14 @@ static void
561conread(int s) 569conread(int s)
562{ 570{
563 con *c = &fdcon[s]; 571 con *c = &fdcon[s];
564 int n; 572 size_t n;
565 573
566 if (c->c_status == CS_CON) { 574 if (c->c_status == CS_CON) {
567 congreet(s); 575 congreet(s);
568 return; 576 return;
569 } 577 }
570 n = atomicio(read, s, c->c_data + c->c_off, c->c_len - c->c_off); 578 n = atomicio(read, s, c->c_data + c->c_off, c->c_len - c->c_off);
571 if (n < 0) { 579 if (n == 0) {
572 error("read (%s): %s", c->c_name, strerror(errno)); 580 error("read (%s): %s", c->c_name, strerror(errno));
573 confree(s); 581 confree(s);
574 return; 582 return;
diff --git a/ssh-keysign.0 b/ssh-keysign.0
index e35b1c7f7..ea944a6fe 100644
--- a/ssh-keysign.0
+++ b/ssh-keysign.0
@@ -39,4 +39,4 @@ HISTORY
39AUTHORS 39AUTHORS
40 Markus Friedl <markus@openbsd.org> 40 Markus Friedl <markus@openbsd.org>
41 41
42OpenBSD 3.7 May 24, 2002 1 42OpenBSD 3.8 May 24, 2002 1
diff --git a/ssh-rand-helper.0 b/ssh-rand-helper.0
index d33bbbd51..35a7a7ce5 100644
--- a/ssh-rand-helper.0
+++ b/ssh-rand-helper.0
@@ -46,4 +46,4 @@ AUTHORS
46SEE ALSO 46SEE ALSO
47 ssh(1), ssh-add(1), ssh-keygen(1), sshd(8) 47 ssh(1), ssh-add(1), ssh-keygen(1), sshd(8)
48 48
49OpenBSD 3.7 April 14, 2002 1 49OpenBSD 3.8 April 14, 2002 1
diff --git a/ssh-rand-helper.c b/ssh-rand-helper.c
index d7d8d0f3b..87e52cf75 100644
--- a/ssh-rand-helper.c
+++ b/ssh-rand-helper.c
@@ -39,7 +39,7 @@
39#include "pathnames.h" 39#include "pathnames.h"
40#include "log.h" 40#include "log.h"
41 41
42RCSID("$Id: ssh-rand-helper.c,v 1.23 2005/02/16 02:32:30 dtucker Exp $"); 42RCSID("$Id: ssh-rand-helper.c,v 1.26 2005/07/17 07:26:44 djm Exp $");
43 43
44/* Number of bytes we write out */ 44/* Number of bytes we write out */
45#define OUTPUT_SEED_SIZE 48 45#define OUTPUT_SEED_SIZE 48
@@ -123,7 +123,7 @@ get_random_bytes_prngd(unsigned char *buf, int len,
123 unsigned short tcp_port, char *socket_path) 123 unsigned short tcp_port, char *socket_path)
124{ 124{
125 int fd, addr_len, rval, errors; 125 int fd, addr_len, rval, errors;
126 char msg[2]; 126 u_char msg[2];
127 struct sockaddr_storage addr; 127 struct sockaddr_storage addr;
128 struct sockaddr_in *addr_in = (struct sockaddr_in *)&addr; 128 struct sockaddr_in *addr_in = (struct sockaddr_in *)&addr;
129 struct sockaddr_un *addr_un = (struct sockaddr_un *)&addr; 129 struct sockaddr_un *addr_un = (struct sockaddr_un *)&addr;
@@ -135,8 +135,8 @@ get_random_bytes_prngd(unsigned char *buf, int len,
135 if (socket_path != NULL && 135 if (socket_path != NULL &&
136 strlen(socket_path) >= sizeof(addr_un->sun_path)) 136 strlen(socket_path) >= sizeof(addr_un->sun_path))
137 fatal("Random pool path is too long"); 137 fatal("Random pool path is too long");
138 if (len > 255) 138 if (len <= 0 || len > 255)
139 fatal("Too many bytes to read from PRNGD"); 139 fatal("Too many bytes (%d) to read from PRNGD", len);
140 140
141 memset(&addr, '\0', sizeof(addr)); 141 memset(&addr, '\0', sizeof(addr));
142 142
@@ -190,7 +190,7 @@ reopen:
190 goto done; 190 goto done;
191 } 191 }
192 192
193 if (atomicio(read, fd, buf, len) != len) { 193 if (atomicio(read, fd, buf, len) != (size_t)len) {
194 if (errno == EPIPE && errors < 10) { 194 if (errno == EPIPE && errors < 10) {
195 close(fd); 195 close(fd);
196 errors++; 196 errors++;
@@ -398,8 +398,8 @@ hash_command_output(entropy_cmd_t *src, unsigned char *hash)
398 debug3("Time elapsed: %d msec", msec_elapsed); 398 debug3("Time elapsed: %d msec", msec_elapsed);
399 399
400 if (waitpid(pid, &status, 0) == -1) { 400 if (waitpid(pid, &status, 0) == -1) {
401 error("Couldn't wait for child '%s' completion: %s", 401 error("Couldn't wait for child '%s' completion: %s",
402 src->cmdstring, strerror(errno)); 402 src->cmdstring, strerror(errno));
403 return 0.0; 403 return 0.0;
404 } 404 }
405 405
@@ -600,7 +600,7 @@ prng_write_seedfile(void)
600 save_errno = errno; 600 save_errno = errno;
601 unlink(tmpseed); 601 unlink(tmpseed);
602 fatal("problem renaming PRNG seedfile from %.100s " 602 fatal("problem renaming PRNG seedfile from %.100s "
603 "to %.100s (%.100s)", tmpseed, filename, 603 "to %.100s (%.100s)", tmpseed, filename,
604 strerror(save_errno)); 604 strerror(save_errno));
605 } 605 }
606 } 606 }
diff --git a/ssh-rsa.c b/ssh-rsa.c
index 6e3be0a7e..eb422d07e 100644
--- a/ssh-rsa.c
+++ b/ssh-rsa.c
@@ -14,7 +14,7 @@
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15 */ 15 */
16#include "includes.h" 16#include "includes.h"
17RCSID("$OpenBSD: ssh-rsa.c,v 1.31 2003/11/10 16:23:41 jakob Exp $"); 17RCSID("$OpenBSD: ssh-rsa.c,v 1.32 2005/06/17 02:44:33 djm Exp $");
18 18
19#include <openssl/evp.h> 19#include <openssl/evp.h>
20#include <openssl/err.h> 20#include <openssl/err.h>
@@ -238,7 +238,7 @@ openssh_RSA_verify(int type, u_char *hash, u_int hashlen,
238 ERR_error_string(ERR_get_error(), NULL)); 238 ERR_error_string(ERR_get_error(), NULL));
239 goto done; 239 goto done;
240 } 240 }
241 if (len != hlen + oidlen) { 241 if (len < 0 || (u_int)len != hlen + oidlen) {
242 error("bad decrypted len: %d != %d + %d", len, hlen, oidlen); 242 error("bad decrypted len: %d != %d + %d", len, hlen, oidlen);
243 goto done; 243 goto done;
244 } 244 }
diff --git a/ssh.0 b/ssh.0
index 2397456b2..274fab8b5 100644
--- a/ssh.0
+++ b/ssh.0
@@ -30,16 +30,16 @@ DESCRIPTION
30 bined with RSA-based host authentication. If the machine the user logs 30 bined with RSA-based host authentication. If the machine the user logs
31 in from is listed in /etc/hosts.equiv or /etc/shosts.equiv on the remote 31 in from is listed in /etc/hosts.equiv or /etc/shosts.equiv on the remote
32 machine, and the user names are the same on both sides, or if the files 32 machine, and the user names are the same on both sides, or if the files
33 $HOME/.rhosts or $HOME/.shosts exist in the user's home directory on the 33 ~/.rhosts or ~/.shosts exist in the user's home directory on the remote
34 remote machine and contain a line containing the name of the client ma- 34 machine and contain a line containing the name of the client machine and
35 chine and the name of the user on that machine, the user is considered 35 the name of the user on that machine, the user is considered for log in.
36 for log in. Additionally, if the server can verify the client's host key 36 Additionally, if the server can verify the client's host key (see
37 (see /etc/ssh/ssh_known_hosts and $HOME/.ssh/known_hosts in the FILES 37 /etc/ssh/ssh_known_hosts and ~/.ssh/known_hosts in the FILES section),
38 section), only then is login permitted. This authentication method clos- 38 only then is login permitted. This authentication method closes security
39 es security holes due to IP spoofing, DNS spoofing and routing spoofing. 39 holes due to IP spoofing, DNS spoofing and routing spoofing. [Note to
40 [Note to the administrator: /etc/hosts.equiv, $HOME/.rhosts, and the 40 the administrator: /etc/hosts.equiv, ~/.rhosts, and the rlogin/rsh proto-
41 rlogin/rsh protocol in general, are inherently insecure and should be 41 col in general, are inherently insecure and should be disabled if securi-
42 disabled if security is desired.] 42 ty is desired.]
43 43
44 As a second authentication method, ssh supports RSA based authentication. 44 As a second authentication method, ssh supports RSA based authentication.
45 The scheme is based on public-key cryptography: there are cryptosystems 45 The scheme is based on public-key cryptography: there are cryptosystems
@@ -49,25 +49,25 @@ DESCRIPTION
49 key pair for authentication purposes. The server knows the public key, 49 key pair for authentication purposes. The server knows the public key,
50 and only the user knows the private key. 50 and only the user knows the private key.
51 51
52 The file $HOME/.ssh/authorized_keys lists the public keys that are per- 52 The file ~/.ssh/authorized_keys lists the public keys that are permitted
53 mitted for logging in. When the user logs in, the ssh program tells the 53 for logging in. When the user logs in, the ssh program tells the server
54 server which key pair it would like to use for authentication. The serv- 54 which key pair it would like to use for authentication. The server
55 er checks if this key is permitted, and if so, sends the user (actually 55 checks if this key is permitted, and if so, sends the user (actually the
56 the ssh program running on behalf of the user) a challenge, a random num- 56 ssh program running on behalf of the user) a challenge, a random number,
57 ber, encrypted by the user's public key. The challenge can only be de- 57 encrypted by the user's public key. The challenge can only be decrypted
58 crypted using the proper private key. The user's client then decrypts 58 using the proper private key. The user's client then decrypts the chal-
59 the challenge using the private key, proving that he/she knows the pri- 59 lenge using the private key, proving that he/she knows the private key
60 vate key but without disclosing it to the server. 60 but without disclosing it to the server.
61 61
62 ssh implements the RSA authentication protocol automatically. The user 62 ssh implements the RSA authentication protocol automatically. The user
63 creates his/her RSA key pair by running ssh-keygen(1). This stores the 63 creates his/her RSA key pair by running ssh-keygen(1). This stores the
64 private key in $HOME/.ssh/identity and stores the public key in 64 private key in ~/.ssh/identity and stores the public key in
65 $HOME/.ssh/identity.pub in the user's home directory. The user should 65 ~/.ssh/identity.pub in the user's home directory. The user should then
66 then copy the identity.pub to $HOME/.ssh/authorized_keys in his/her home 66 copy the identity.pub to ~/.ssh/authorized_keys in his/her home directory
67 directory on the remote machine (the authorized_keys file corresponds to 67 on the remote machine (the authorized_keys file corresponds to the con-
68 the conventional $HOME/.rhosts file, and has one key per line, though the 68 ventional ~/.rhosts file, and has one key per line, though the lines can
69 lines can be very long). After this, the user can log in without giving 69 be very long). After this, the user can log in without giving the pass-
70 the password. 70 word.
71 71
72 The most convenient way to use RSA authentication may be with an authen- 72 The most convenient way to use RSA authentication may be with an authen-
73 tication agent. See ssh-agent(1) for more information. 73 tication agent. See ssh-agent(1) for more information.
@@ -87,13 +87,12 @@ DESCRIPTION
87 87
88 The public key method is similar to RSA authentication described in the 88 The public key method is similar to RSA authentication described in the
89 previous section and allows the RSA or DSA algorithm to be used: The 89 previous section and allows the RSA or DSA algorithm to be used: The
90 client uses his private key, $HOME/.ssh/id_dsa or $HOME/.ssh/id_rsa, to 90 client uses his private key, ~/.ssh/id_dsa or ~/.ssh/id_rsa, to sign the
91 sign the session identifier and sends the result to the server. The 91 session identifier and sends the result to the server. The server checks
92 server checks whether the matching public key is listed in 92 whether the matching public key is listed in ~/.ssh/authorized_keys and
93 $HOME/.ssh/authorized_keys and grants access if both the key is found and 93 grants access if both the key is found and the signature is correct. The
94 the signature is correct. The session identifier is derived from a 94 session identifier is derived from a shared Diffie-Hellman value and is
95 shared Diffie-Hellman value and is only known to the client and the serv- 95 only known to the client and the server.
96 er.
97 96
98 If public key authentication fails or is not available, a password can be 97 If public key authentication fails or is not available, a password can be
99 sent encrypted to the remote host to prove the user's identity. 98 sent encrypted to the remote host to prove the user's identity.
@@ -194,13 +193,13 @@ DESCRIPTION
194 Server authentication 193 Server authentication
195 ssh automatically maintains and checks a database containing identifica- 194 ssh automatically maintains and checks a database containing identifica-
196 tions for all hosts it has ever been used with. Host keys are stored in 195 tions for all hosts it has ever been used with. Host keys are stored in
197 $HOME/.ssh/known_hosts in the user's home directory. Additionally, the 196 ~/.ssh/known_hosts in the user's home directory. Additionally, the file
198 file /etc/ssh/ssh_known_hosts is automatically checked for known hosts. 197 /etc/ssh/ssh_known_hosts is automatically checked for known hosts. Any
199 Any new hosts are automatically added to the user's file. If a host's 198 new hosts are automatically added to the user's file. If a host's iden-
200 identification ever changes, ssh warns about this and disables password 199 tification ever changes, ssh warns about this and disables password au-
201 authentication to prevent a trojan horse from getting the user's pass- 200 thentication to prevent a trojan horse from getting the user's password.
202 word. Another purpose of this mechanism is to prevent man-in-the-middle 201 Another purpose of this mechanism is to prevent man-in-the-middle attacks
203 attacks which could otherwise be used to circumvent the encryption. The 202 which could otherwise be used to circumvent the encryption. The
204 StrictHostKeyChecking option can be used to prevent logins to machines 203 StrictHostKeyChecking option can be used to prevent logins to machines
205 whose host key is not known or has changed. 204 whose host key is not known or has changed.
206 205
@@ -234,8 +233,9 @@ DESCRIPTION
234 -a Disables forwarding of the authentication agent connection. 233 -a Disables forwarding of the authentication agent connection.
235 234
236 -b bind_address 235 -b bind_address
237 Specify the interface to transmit from on machines with multiple 236 Use bind_address on the local machine as the source address of
238 interfaces or aliased addresses. 237 the connection. Only useful on systems with more than one ad-
238 dress.
239 239
240 -C Requests compression of all data (including stdin, stdout, 240 -C Requests compression of all data (including stdin, stdout,
241 stderr, and data for forwarded X11 and TCP/IP connections). The 241 stderr, and data for forwarded X11 and TCP/IP connections). The
@@ -262,11 +262,13 @@ DESCRIPTION
262 For protocol version 2 cipher_spec is a comma-separated list of 262 For protocol version 2 cipher_spec is a comma-separated list of
263 ciphers listed in order of preference. The supported ciphers are 263 ciphers listed in order of preference. The supported ciphers are
264 ``3des-cbc'', ``aes128-cbc'', ``aes192-cbc'', ``aes256-cbc'', 264 ``3des-cbc'', ``aes128-cbc'', ``aes192-cbc'', ``aes256-cbc'',
265 ``aes128-ctr'', ``aes192-ctr'', ``aes256-ctr'', ``arcfour'', 265 ``aes128-ctr'', ``aes192-ctr'', ``aes256-ctr'', ``arcfour128'',
266 ``blowfish-cbc'', and ``cast128-cbc''. The default is 266 ``arcfour256'', ``arcfour'', ``blowfish-cbc'', and
267 ``cast128-cbc''. The default is
267 268
268 ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour, 269 ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,
269 aes192-cbc,aes256-cbc'' 270 arcfour256,arcfour,aes192-cbc,aes256-cbc,aes128-ctr,
271 aes192-ctr,aes256-ctr''
270 272
271 -D port 273 -D port
272 Specifies a local ``dynamic'' application-level port forwarding. 274 Specifies a local ``dynamic'' application-level port forwarding.
@@ -292,7 +294,7 @@ DESCRIPTION
292 Specifies an alternative per-user configuration file. If a con- 294 Specifies an alternative per-user configuration file. If a con-
293 figuration file is given on the command line, the system-wide 295 figuration file is given on the command line, the system-wide
294 configuration file (/etc/ssh/ssh_config) will be ignored. The 296 configuration file (/etc/ssh/ssh_config) will be ignored. The
295 default for the per-user configuration file is $HOME/.ssh/config. 297 default for the per-user configuration file is ~/.ssh/config.
296 298
297 -f Requests ssh to go to background just before command execution. 299 -f Requests ssh to go to background just before command execution.
298 This is useful if ssh is going to ask for passwords or passphras- 300 This is useful if ssh is going to ask for passwords or passphras-
@@ -309,12 +311,12 @@ DESCRIPTION
309 311
310 -i identity_file 312 -i identity_file
311 Selects a file from which the identity (private key) for RSA or 313 Selects a file from which the identity (private key) for RSA or
312 DSA authentication is read. The default is $HOME/.ssh/identity 314 DSA authentication is read. The default is ~/.ssh/identity for
313 for protocol version 1, and $HOME/.ssh/id_rsa and 315 protocol version 1, and ~/.ssh/id_rsa and ~/.ssh/id_dsa for pro-
314 $HOME/.ssh/id_dsa for protocol version 2. Identity files may al- 316 tocol version 2. Identity files may also be specified on a per-
315 so be specified on a per-host basis in the configuration file. 317 host basis in the configuration file. It is possible to have
316 It is possible to have multiple -i options (and multiple identi- 318 multiple -i options (and multiple identities specified in config-
317 ties specified in configuration files). 319 uration files).
318 320
319 -k Disables forwarding (delegation) of GSSAPI credentials to the 321 -k Disables forwarding (delegation) of GSSAPI credentials to the
320 server. 322 server.
@@ -567,17 +569,17 @@ ENVIRONMENT
567 569
568 USER Set to the name of the user logging in. 570 USER Set to the name of the user logging in.
569 571
570 Additionally, ssh reads $HOME/.ssh/environment, and adds lines of the 572 Additionally, ssh reads ~/.ssh/environment, and adds lines of the format
571 format ``VARNAME=value'' to the environment if the file exists and if 573 ``VARNAME=value'' to the environment if the file exists and if users are
572 users are allowed to change their environment. For more information, see 574 allowed to change their environment. For more information, see the
573 the PermitUserEnvironment option in sshd_config(5). 575 PermitUserEnvironment option in sshd_config(5).
574 576
575FILES 577FILES
576 $HOME/.ssh/known_hosts 578 ~/.ssh/known_hosts
577 Records host keys for all hosts the user has logged into that are 579 Records host keys for all hosts the user has logged into that are
578 not in /etc/ssh/ssh_known_hosts. See sshd(8). 580 not in /etc/ssh/ssh_known_hosts. See sshd(8).
579 581
580 $HOME/.ssh/identity, $HOME/.ssh/id_dsa, $HOME/.ssh/id_rsa 582 ~/.ssh/identity, ~/.ssh/id_dsa, ~/.ssh/id_rsa
581 Contains the authentication identity of the user. They are for 583 Contains the authentication identity of the user. They are for
582 protocol 1 RSA, protocol 2 DSA, and protocol 2 RSA, respectively. 584 protocol 1 RSA, protocol 2 DSA, and protocol 2 RSA, respectively.
583 These files contain sensitive data and should be readable by the 585 These files contain sensitive data and should be readable by the
@@ -587,27 +589,27 @@ FILES
587 key; the passphrase will be used to encrypt the sensitive part of 589 key; the passphrase will be used to encrypt the sensitive part of
588 this file using 3DES. 590 this file using 3DES.
589 591
590 $HOME/.ssh/identity.pub, $HOME/.ssh/id_dsa.pub, $HOME/.ssh/id_rsa.pub 592 ~/.ssh/identity.pub, ~/.ssh/id_dsa.pub, ~/.ssh/id_rsa.pub
591 Contains the public key for authentication (public part of the 593 Contains the public key for authentication (public part of the
592 identity file in human-readable form). The contents of the 594 identity file in human-readable form). The contents of the
593 $HOME/.ssh/identity.pub file should be added to the file 595 ~/.ssh/identity.pub file should be added to the file
594 $HOME/.ssh/authorized_keys on all machines where the user wishes 596 ~/.ssh/authorized_keys on all machines where the user wishes to
595 to log in using protocol version 1 RSA authentication. The con- 597 log in using protocol version 1 RSA authentication. The contents
596 tents of the $HOME/.ssh/id_dsa.pub and $HOME/.ssh/id_rsa.pub file 598 of the ~/.ssh/id_dsa.pub and ~/.ssh/id_rsa.pub file should be
597 should be added to $HOME/.ssh/authorized_keys on all machines 599 added to ~/.ssh/authorized_keys on all machines where the user
598 where the user wishes to log in using protocol version 2 DSA/RSA 600 wishes to log in using protocol version 2 DSA/RSA authentication.
599 authentication. These files are not sensitive and can (but need 601 These files are not sensitive and can (but need not) be readable
600 not) be readable by anyone. These files are never used automati- 602 by anyone. These files are never used automatically and are not
601 cally and are not necessary; they are only provided for the con- 603 necessary; they are only provided for the convenience of the us-
602 venience of the user. 604 er.
603 605
604 $HOME/.ssh/config 606 ~/.ssh/config
605 This is the per-user configuration file. The file format and 607 This is the per-user configuration file. The file format and
606 configuration options are described in ssh_config(5). Because of 608 configuration options are described in ssh_config(5). Because of
607 the potential for abuse, this file must have strict permissions: 609 the potential for abuse, this file must have strict permissions:
608 read/write for the user, and not accessible by others. 610 read/write for the user, and not accessible by others.
609 611
610 $HOME/.ssh/authorized_keys 612 ~/.ssh/authorized_keys
611 Lists the public keys (RSA/DSA) that can be used for logging in 613 Lists the public keys (RSA/DSA) that can be used for logging in
612 as this user. The format of this file is described in the 614 as this user. The format of this file is described in the
613 sshd(8) manual page. In the simplest form the format is the same 615 sshd(8) manual page. In the simplest form the format is the same
@@ -648,7 +650,7 @@ FILES
648 requirement that ssh be setuid root when that authentication 650 requirement that ssh be setuid root when that authentication
649 method is used. By default ssh is not setuid root. 651 method is used. By default ssh is not setuid root.
650 652
651 $HOME/.rhosts 653 ~/.rhosts
652 This file is used in RhostsRSAAuthentication and 654 This file is used in RhostsRSAAuthentication and
653 HostbasedAuthentication authentication to list the host/user 655 HostbasedAuthentication authentication to list the host/user
654 pairs that are permitted to log in. (Note that this file is also 656 pairs that are permitted to log in. (Note that this file is also
@@ -665,12 +667,12 @@ FILES
665 Note that sshd(8) allows authentication only in combination with 667 Note that sshd(8) allows authentication only in combination with
666 client host key authentication before permitting log in. If the 668 client host key authentication before permitting log in. If the
667 server machine does not have the client's host key in 669 server machine does not have the client's host key in
668 /etc/ssh/ssh_known_hosts, it can be stored in 670 /etc/ssh/ssh_known_hosts, it can be stored in ~/.ssh/known_hosts.
669 $HOME/.ssh/known_hosts. The easiest way to do this is to connect 671 The easiest way to do this is to connect back to the client from
670 back to the client from the server machine using ssh; this will 672 the server machine using ssh; this will automatically add the
671 automatically add the host key to $HOME/.ssh/known_hosts. 673 host key to ~/.ssh/known_hosts.
672 674
673 $HOME/.shosts 675 ~/.shosts
674 This file is used exactly the same way as .rhosts. The purpose 676 This file is used exactly the same way as .rhosts. The purpose
675 for having this file is to be able to use RhostsRSAAuthentication 677 for having this file is to be able to use RhostsRSAAuthentication
676 and HostbasedAuthentication authentication without permitting lo- 678 and HostbasedAuthentication authentication without permitting lo-
@@ -696,12 +698,12 @@ FILES
696 just before the user's shell (or command) is started. See the 698 just before the user's shell (or command) is started. See the
697 sshd(8) manual page for more information. 699 sshd(8) manual page for more information.
698 700
699 $HOME/.ssh/rc 701 ~/.ssh/rc
700 Commands in this file are executed by ssh when the user logs in 702 Commands in this file are executed by ssh when the user logs in
701 just before the user's shell (or command) is started. See the 703 just before the user's shell (or command) is started. See the
702 sshd(8) manual page for more information. 704 sshd(8) manual page for more information.
703 705
704 $HOME/.ssh/environment 706 ~/.ssh/environment
705 Contains additional definitions for environment variables, see 707 Contains additional definitions for environment variables, see
706 section ENVIRONMENT above. 708 section ENVIRONMENT above.
707 709
@@ -725,4 +727,4 @@ AUTHORS
725 created OpenSSH. Markus Friedl contributed the support for SSH protocol 727 created OpenSSH. Markus Friedl contributed the support for SSH protocol
726 versions 1.5 and 2.0. 728 versions 1.5 and 2.0.
727 729
728OpenBSD 3.7 September 25, 1999 11 730OpenBSD 3.8 September 25, 1999 12
diff --git a/ssh.1 b/ssh.1
index 9b4daa36e..9ce28be69 100644
--- a/ssh.1
+++ b/ssh.1
@@ -34,7 +34,7 @@
34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36.\" 36.\"
37.\" $OpenBSD: ssh.1,v 1.205 2005/03/07 23:41:54 jmc Exp $ 37.\" $OpenBSD: ssh.1,v 1.209 2005/07/06 09:33:05 dtucker Exp $
38.Dd September 25, 1999 38.Dd September 25, 1999
39.Dt SSH 1 39.Dt SSH 1
40.Os 40.Os
@@ -109,9 +109,9 @@ or
109.Pa /etc/shosts.equiv 109.Pa /etc/shosts.equiv
110on the remote machine, and the user names are 110on the remote machine, and the user names are
111the same on both sides, or if the files 111the same on both sides, or if the files
112.Pa $HOME/.rhosts 112.Pa ~/.rhosts
113or 113or
114.Pa $HOME/.shosts 114.Pa ~/.shosts
115exist in the user's home directory on the 115exist in the user's home directory on the
116remote machine and contain a line containing the name of the client 116remote machine and contain a line containing the name of the client
117machine and the name of the user on that machine, the user is 117machine and the name of the user on that machine, the user is
@@ -120,7 +120,7 @@ Additionally, if the server can verify the client's
120host key (see 120host key (see
121.Pa /etc/ssh/ssh_known_hosts 121.Pa /etc/ssh/ssh_known_hosts
122and 122and
123.Pa $HOME/.ssh/known_hosts 123.Pa ~/.ssh/known_hosts
124in the 124in the
125.Sx FILES 125.Sx FILES
126section), only then is login permitted. 126section), only then is login permitted.
@@ -128,7 +128,7 @@ This authentication method closes security holes due to IP
128spoofing, DNS spoofing and routing spoofing. 128spoofing, DNS spoofing and routing spoofing.
129[Note to the administrator: 129[Note to the administrator:
130.Pa /etc/hosts.equiv , 130.Pa /etc/hosts.equiv ,
131.Pa $HOME/.rhosts , 131.Pa ~/.rhosts ,
132and the rlogin/rsh protocol in general, are inherently insecure and should be 132and the rlogin/rsh protocol in general, are inherently insecure and should be
133disabled if security is desired.] 133disabled if security is desired.]
134.Pp 134.Pp
@@ -144,7 +144,7 @@ key pair for authentication purposes.
144The server knows the public key, and only the user knows the private key. 144The server knows the public key, and only the user knows the private key.
145.Pp 145.Pp
146The file 146The file
147.Pa $HOME/.ssh/authorized_keys 147.Pa ~/.ssh/authorized_keys
148lists the public keys that are permitted for logging in. 148lists the public keys that are permitted for logging in.
149When the user logs in, the 149When the user logs in, the
150.Nm 150.Nm
@@ -165,18 +165,18 @@ implements the RSA authentication protocol automatically.
165The user creates his/her RSA key pair by running 165The user creates his/her RSA key pair by running
166.Xr ssh-keygen 1 . 166.Xr ssh-keygen 1 .
167This stores the private key in 167This stores the private key in
168.Pa $HOME/.ssh/identity 168.Pa ~/.ssh/identity
169and stores the public key in 169and stores the public key in
170.Pa $HOME/.ssh/identity.pub 170.Pa ~/.ssh/identity.pub
171in the user's home directory. 171in the user's home directory.
172The user should then copy the 172The user should then copy the
173.Pa identity.pub 173.Pa identity.pub
174to 174to
175.Pa $HOME/.ssh/authorized_keys 175.Pa ~/.ssh/authorized_keys
176in his/her home directory on the remote machine (the 176in his/her home directory on the remote machine (the
177.Pa authorized_keys 177.Pa authorized_keys
178file corresponds to the conventional 178file corresponds to the conventional
179.Pa $HOME/.rhosts 179.Pa ~/.rhosts
180file, and has one key 180file, and has one key
181per line, though the lines can be very long). 181per line, though the lines can be very long).
182After this, the user can log in without giving the password. 182After this, the user can log in without giving the password.
@@ -206,12 +206,12 @@ password authentication are tried.
206The public key method is similar to RSA authentication described 206The public key method is similar to RSA authentication described
207in the previous section and allows the RSA or DSA algorithm to be used: 207in the previous section and allows the RSA or DSA algorithm to be used:
208The client uses his private key, 208The client uses his private key,
209.Pa $HOME/.ssh/id_dsa 209.Pa ~/.ssh/id_dsa
210or 210or
211.Pa $HOME/.ssh/id_rsa , 211.Pa ~/.ssh/id_rsa ,
212to sign the session identifier and sends the result to the server. 212to sign the session identifier and sends the result to the server.
213The server checks whether the matching public key is listed in 213The server checks whether the matching public key is listed in
214.Pa $HOME/.ssh/authorized_keys 214.Pa ~/.ssh/authorized_keys
215and grants access if both the key is found and the signature is correct. 215and grants access if both the key is found and the signature is correct.
216The session identifier is derived from a shared Diffie-Hellman value 216The session identifier is derived from a shared Diffie-Hellman value
217and is only known to the client and the server. 217and is only known to the client and the server.
@@ -365,7 +365,7 @@ electronic purse; another is going through firewalls.
365automatically maintains and checks a database containing 365automatically maintains and checks a database containing
366identifications for all hosts it has ever been used with. 366identifications for all hosts it has ever been used with.
367Host keys are stored in 367Host keys are stored in
368.Pa $HOME/.ssh/known_hosts 368.Pa ~/.ssh/known_hosts
369in the user's home directory. 369in the user's home directory.
370Additionally, the file 370Additionally, the file
371.Pa /etc/ssh/ssh_known_hosts 371.Pa /etc/ssh/ssh_known_hosts
@@ -423,8 +423,11 @@ authenticate using the identities loaded into the agent.
423.It Fl a 423.It Fl a
424Disables forwarding of the authentication agent connection. 424Disables forwarding of the authentication agent connection.
425.It Fl b Ar bind_address 425.It Fl b Ar bind_address
426Specify the interface to transmit from on machines with multiple 426Use
427interfaces or aliased addresses. 427.Ar bind_address
428on the local machine as the source address
429of the connection.
430Only useful on systems with more than one address.
428.It Fl C 431.It Fl C
429Requests compression of all data (including stdin, stdout, stderr, and 432Requests compression of all data (including stdin, stdout, stderr, and
430data for forwarded X11 and TCP/IP connections). 433data for forwarded X11 and TCP/IP connections).
@@ -479,14 +482,17 @@ The supported ciphers are
479.Dq aes128-ctr , 482.Dq aes128-ctr ,
480.Dq aes192-ctr , 483.Dq aes192-ctr ,
481.Dq aes256-ctr , 484.Dq aes256-ctr ,
485.Dq arcfour128 ,
486.Dq arcfour256 ,
482.Dq arcfour , 487.Dq arcfour ,
483.Dq blowfish-cbc , 488.Dq blowfish-cbc ,
484and 489and
485.Dq cast128-cbc . 490.Dq cast128-cbc .
486The default is 491The default is
487.Bd -literal 492.Bd -literal
488 ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour, 493 ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,
489 aes192-cbc,aes256-cbc'' 494 arcfour256,arcfour,aes192-cbc,aes256-cbc,aes128-ctr,
495 aes192-ctr,aes256-ctr''
490.Ed 496.Ed
491.It Fl D Ar port 497.It Fl D Ar port
492Specifies a local 498Specifies a local
@@ -522,7 +528,7 @@ the system-wide configuration file
522.Pq Pa /etc/ssh/ssh_config 528.Pq Pa /etc/ssh/ssh_config
523will be ignored. 529will be ignored.
524The default for the per-user configuration file is 530The default for the per-user configuration file is
525.Pa $HOME/.ssh/config . 531.Pa ~/.ssh/config .
526.It Fl f 532.It Fl f
527Requests 533Requests
528.Nm 534.Nm
@@ -548,11 +554,11 @@ private RSA key.
548Selects a file from which the identity (private key) for 554Selects a file from which the identity (private key) for
549RSA or DSA authentication is read. 555RSA or DSA authentication is read.
550The default is 556The default is
551.Pa $HOME/.ssh/identity 557.Pa ~/.ssh/identity
552for protocol version 1, and 558for protocol version 1, and
553.Pa $HOME/.ssh/id_rsa 559.Pa ~/.ssh/id_rsa
554and 560and
555.Pa $HOME/.ssh/id_dsa 561.Pa ~/.ssh/id_dsa
556for protocol version 2. 562for protocol version 2.
557Identity files may also be specified on 563Identity files may also be specified on
558a per-host basis in the configuration file. 564a per-host basis in the configuration file.
@@ -945,7 +951,7 @@ Set to the name of the user logging in.
945Additionally, 951Additionally,
946.Nm 952.Nm
947reads 953reads
948.Pa $HOME/.ssh/environment , 954.Pa ~/.ssh/environment ,
949and adds lines of the format 955and adds lines of the format
950.Dq VARNAME=value 956.Dq VARNAME=value
951to the environment if the file exists and if users are allowed to 957to the environment if the file exists and if users are allowed to
@@ -956,13 +962,13 @@ option in
956.Xr sshd_config 5 . 962.Xr sshd_config 5 .
957.Sh FILES 963.Sh FILES
958.Bl -tag -width Ds 964.Bl -tag -width Ds
959.It Pa $HOME/.ssh/known_hosts 965.It Pa ~/.ssh/known_hosts
960Records host keys for all hosts the user has logged into that are not 966Records host keys for all hosts the user has logged into that are not
961in 967in
962.Pa /etc/ssh/ssh_known_hosts . 968.Pa /etc/ssh/ssh_known_hosts .
963See 969See
964.Xr sshd 8 . 970.Xr sshd 8 .
965.It Pa $HOME/.ssh/identity, $HOME/.ssh/id_dsa, $HOME/.ssh/id_rsa 971.It Pa ~/.ssh/identity, ~/.ssh/id_dsa, ~/.ssh/id_rsa
966Contains the authentication identity of the user. 972Contains the authentication identity of the user.
967They are for protocol 1 RSA, protocol 2 DSA, and protocol 2 RSA, respectively. 973They are for protocol 1 RSA, protocol 2 DSA, and protocol 2 RSA, respectively.
968These files 974These files
@@ -974,21 +980,21 @@ ignores a private key file if it is accessible by others.
974It is possible to specify a passphrase when 980It is possible to specify a passphrase when
975generating the key; the passphrase will be used to encrypt the 981generating the key; the passphrase will be used to encrypt the
976sensitive part of this file using 3DES. 982sensitive part of this file using 3DES.
977.It Pa $HOME/.ssh/identity.pub, $HOME/.ssh/id_dsa.pub, $HOME/.ssh/id_rsa.pub 983.It Pa ~/.ssh/identity.pub, ~/.ssh/id_dsa.pub, ~/.ssh/id_rsa.pub
978Contains the public key for authentication (public part of the 984Contains the public key for authentication (public part of the
979identity file in human-readable form). 985identity file in human-readable form).
980The contents of the 986The contents of the
981.Pa $HOME/.ssh/identity.pub 987.Pa ~/.ssh/identity.pub
982file should be added to the file 988file should be added to the file
983.Pa $HOME/.ssh/authorized_keys 989.Pa ~/.ssh/authorized_keys
984on all machines 990on all machines
985where the user wishes to log in using protocol version 1 RSA authentication. 991where the user wishes to log in using protocol version 1 RSA authentication.
986The contents of the 992The contents of the
987.Pa $HOME/.ssh/id_dsa.pub 993.Pa ~/.ssh/id_dsa.pub
988and 994and
989.Pa $HOME/.ssh/id_rsa.pub 995.Pa ~/.ssh/id_rsa.pub
990file should be added to 996file should be added to
991.Pa $HOME/.ssh/authorized_keys 997.Pa ~/.ssh/authorized_keys
992on all machines 998on all machines
993where the user wishes to log in using protocol version 2 DSA/RSA authentication. 999where the user wishes to log in using protocol version 2 DSA/RSA authentication.
994These files are not 1000These files are not
@@ -996,7 +1002,7 @@ sensitive and can (but need not) be readable by anyone.
996These files are 1002These files are
997never used automatically and are not necessary; they are only provided for 1003never used automatically and are not necessary; they are only provided for
998the convenience of the user. 1004the convenience of the user.
999.It Pa $HOME/.ssh/config 1005.It Pa ~/.ssh/config
1000This is the per-user configuration file. 1006This is the per-user configuration file.
1001The file format and configuration options are described in 1007The file format and configuration options are described in
1002.Xr ssh_config 5 . 1008.Xr ssh_config 5 .
@@ -1004,7 +1010,7 @@ Because of the potential for abuse, this file must have strict permissions:
1004read/write for the user, and not accessible by others. 1010read/write for the user, and not accessible by others.
1005It may be group-writable provided that the group in question contains only 1011It may be group-writable provided that the group in question contains only
1006the user. 1012the user.
1007.It Pa $HOME/.ssh/authorized_keys 1013.It Pa ~/.ssh/authorized_keys
1008Lists the public keys (RSA/DSA) that can be used for logging in as this user. 1014Lists the public keys (RSA/DSA) that can be used for logging in as this user.
1009The format of this file is described in the 1015The format of this file is described in the
1010.Xr sshd 8 1016.Xr sshd 8
@@ -1064,7 +1070,7 @@ be setuid root when that authentication method is used.
1064By default 1070By default
1065.Nm 1071.Nm
1066is not setuid root. 1072is not setuid root.
1067.It Pa $HOME/.rhosts 1073.It Pa ~/.rhosts
1068This file is used in 1074This file is used in
1069.Cm RhostsRSAAuthentication 1075.Cm RhostsRSAAuthentication
1070and 1076and
@@ -1094,12 +1100,12 @@ authentication before permitting log in.
1094If the server machine does not have the client's host key in 1100If the server machine does not have the client's host key in
1095.Pa /etc/ssh/ssh_known_hosts , 1101.Pa /etc/ssh/ssh_known_hosts ,
1096it can be stored in 1102it can be stored in
1097.Pa $HOME/.ssh/known_hosts . 1103.Pa ~/.ssh/known_hosts .
1098The easiest way to do this is to 1104The easiest way to do this is to
1099connect back to the client from the server machine using ssh; this 1105connect back to the client from the server machine using ssh; this
1100will automatically add the host key to 1106will automatically add the host key to
1101.Pa $HOME/.ssh/known_hosts . 1107.Pa ~/.ssh/known_hosts .
1102.It Pa $HOME/.shosts 1108.It Pa ~/.shosts
1103This file is used exactly the same way as 1109This file is used exactly the same way as
1104.Pa .rhosts . 1110.Pa .rhosts .
1105The purpose for 1111The purpose for
@@ -1139,7 +1145,7 @@ when the user logs in just before the user's shell (or command) is started.
1139See the 1145See the
1140.Xr sshd 8 1146.Xr sshd 8
1141manual page for more information. 1147manual page for more information.
1142.It Pa $HOME/.ssh/rc 1148.It Pa ~/.ssh/rc
1143Commands in this file are executed by 1149Commands in this file are executed by
1144.Nm 1150.Nm
1145when the user logs in just before the user's shell (or command) is 1151when the user logs in just before the user's shell (or command) is
@@ -1147,7 +1153,7 @@ started.
1147See the 1153See the
1148.Xr sshd 8 1154.Xr sshd 8
1149manual page for more information. 1155manual page for more information.
1150.It Pa $HOME/.ssh/environment 1156.It Pa ~/.ssh/environment
1151Contains additional definitions for environment variables, see section 1157Contains additional definitions for environment variables, see section
1152.Sx ENVIRONMENT 1158.Sx ENVIRONMENT
1153above. 1159above.
diff --git a/ssh.c b/ssh.c
index d85e56fd7..75a0d9b23 100644
--- a/ssh.c
+++ b/ssh.c
@@ -40,7 +40,7 @@
40 */ 40 */
41 41
42#include "includes.h" 42#include "includes.h"
43RCSID("$OpenBSD: ssh.c,v 1.234 2005/03/10 22:01:06 deraadt Exp $"); 43RCSID("$OpenBSD: ssh.c,v 1.249 2005/07/30 01:26:16 djm Exp $");
44 44
45#include <openssl/evp.h> 45#include <openssl/evp.h>
46#include <openssl/err.h> 46#include <openssl/err.h>
@@ -145,7 +145,7 @@ pid_t proxy_command_pid = 0;
145int control_fd = -1; 145int control_fd = -1;
146 146
147/* Multiplexing control command */ 147/* Multiplexing control command */
148static u_int mux_command = SSHMUX_COMMAND_OPEN; 148static u_int mux_command = 0;
149 149
150/* Only used in control client mode */ 150/* Only used in control client mode */
151volatile sig_atomic_t control_client_terminate = 0; 151volatile sig_atomic_t control_client_terminate = 0;
@@ -185,6 +185,7 @@ main(int ac, char **av)
185 int dummy; 185 int dummy;
186 extern int optind, optreset; 186 extern int optind, optreset;
187 extern char *optarg; 187 extern char *optarg;
188 struct servent *sp;
188 Forward fwd; 189 Forward fwd;
189 190
190 __progname = ssh_get_progname(av[0]); 191 __progname = ssh_get_progname(av[0]);
@@ -391,8 +392,10 @@ again:
391 } 392 }
392 break; 393 break;
393 case 'M': 394 case 'M':
394 options.control_master = 395 if (options.control_master == SSHCTL_MASTER_YES)
395 (options.control_master >= 1) ? 2 : 1; 396 options.control_master = SSHCTL_MASTER_ASK;
397 else
398 options.control_master = SSHCTL_MASTER_YES;
396 break; 399 break;
397 case 'p': 400 case 'p':
398 options.port = a2port(optarg); 401 options.port = a2port(optarg);
@@ -441,7 +444,7 @@ again:
441 fwd.listen_host = cleanhostname(fwd.listen_host); 444 fwd.listen_host = cleanhostname(fwd.listen_host);
442 } else { 445 } else {
443 fwd.listen_port = a2port(fwd.listen_host); 446 fwd.listen_port = a2port(fwd.listen_host);
444 fwd.listen_host = ""; 447 fwd.listen_host = NULL;
445 } 448 }
446 449
447 if (fwd.listen_port == 0) { 450 if (fwd.listen_port == 0) {
@@ -555,7 +558,7 @@ again:
555 if (no_tty_flag) 558 if (no_tty_flag)
556 tty_flag = 0; 559 tty_flag = 0;
557 /* Do not allocate a tty if stdin is not a tty. */ 560 /* Do not allocate a tty if stdin is not a tty. */
558 if (!isatty(fileno(stdin)) && !force_tty_flag) { 561 if ((!isatty(fileno(stdin)) || stdin_null_flag) && !force_tty_flag) {
559 if (tty_flag) 562 if (tty_flag)
560 logit("Pseudo-terminal will not be allocated because stdin is not a terminal."); 563 logit("Pseudo-terminal will not be allocated because stdin is not a terminal.");
561 tty_flag = 0; 564 tty_flag = 0;
@@ -609,16 +612,31 @@ again:
609 *p = tolower(*p); 612 *p = tolower(*p);
610 } 613 }
611 614
615 /* Get default port if port has not been set. */
616 if (options.port == 0) {
617 sp = getservbyname(SSH_SERVICE_NAME, "tcp");
618 options.port = sp ? ntohs(sp->s_port) : SSH_DEFAULT_PORT;
619 }
620
612 if (options.proxy_command != NULL && 621 if (options.proxy_command != NULL &&
613 strcmp(options.proxy_command, "none") == 0) 622 strcmp(options.proxy_command, "none") == 0)
614 options.proxy_command = NULL; 623 options.proxy_command = NULL;
624 if (options.control_path != NULL &&
625 strcmp(options.control_path, "none") == 0)
626 options.control_path = NULL;
615 627
616 if (options.control_path != NULL) { 628 if (options.control_path != NULL) {
617 options.control_path = tilde_expand_filename( 629 snprintf(buf, sizeof(buf), "%d", options.port);
618 options.control_path, original_real_uid); 630 cp = tilde_expand_filename(options.control_path,
631 original_real_uid);
632 options.control_path = percent_expand(cp, "p", buf, "h", host,
633 "r", options.user, (char *)NULL);
634 xfree(cp);
619 } 635 }
620 if (options.control_path != NULL && options.control_master == 0) 636 if (mux_command != 0 && options.control_path == NULL)
621 control_client(options.control_path); /* This doesn't return */ 637 fatal("No ControlPath specified for \"-O\" command");
638 if (options.control_path != NULL)
639 control_client(options.control_path);
622 640
623 /* Open a connection to the remote host. */ 641 /* Open a connection to the remote host. */
624 if (ssh_connect(host, &hostaddr, options.port, 642 if (ssh_connect(host, &hostaddr, options.port,
@@ -747,110 +765,6 @@ again:
747 return exit_status; 765 return exit_status;
748} 766}
749 767
750#define SSH_X11_PROTO "MIT-MAGIC-COOKIE-1"
751
752static void
753x11_get_proto(char **_proto, char **_data)
754{
755 char cmd[1024];
756 char line[512];
757 char xdisplay[512];
758 static char proto[512], data[512];
759 FILE *f;
760 int got_data = 0, generated = 0, do_unlink = 0, i;
761 char *display, *xauthdir, *xauthfile;
762 struct stat st;
763
764 xauthdir = xauthfile = NULL;
765 *_proto = proto;
766 *_data = data;
767 proto[0] = data[0] = '\0';
768
769 if (!options.xauth_location ||
770 (stat(options.xauth_location, &st) == -1)) {
771 debug("No xauth program.");
772 } else {
773 if ((display = getenv("DISPLAY")) == NULL) {
774 debug("x11_get_proto: DISPLAY not set");
775 return;
776 }
777 /*
778 * Handle FamilyLocal case where $DISPLAY does
779 * not match an authorization entry. For this we
780 * just try "xauth list unix:displaynum.screennum".
781 * XXX: "localhost" match to determine FamilyLocal
782 * is not perfect.
783 */
784 if (strncmp(display, "localhost:", 10) == 0) {
785 snprintf(xdisplay, sizeof(xdisplay), "unix:%s",
786 display + 10);
787 display = xdisplay;
788 }
789 if (options.forward_x11_trusted == 0) {
790 xauthdir = xmalloc(MAXPATHLEN);
791 xauthfile = xmalloc(MAXPATHLEN);
792 strlcpy(xauthdir, "/tmp/ssh-XXXXXXXXXX", MAXPATHLEN);
793 if (mkdtemp(xauthdir) != NULL) {
794 do_unlink = 1;
795 snprintf(xauthfile, MAXPATHLEN, "%s/xauthfile",
796 xauthdir);
797 snprintf(cmd, sizeof(cmd),
798 "%s -f %s generate %s " SSH_X11_PROTO
799 " untrusted timeout 1200 2>" _PATH_DEVNULL,
800 options.xauth_location, xauthfile, display);
801 debug2("x11_get_proto: %s", cmd);
802 if (system(cmd) == 0)
803 generated = 1;
804 }
805 }
806 snprintf(cmd, sizeof(cmd),
807 "%s %s%s list %s . 2>" _PATH_DEVNULL,
808 options.xauth_location,
809 generated ? "-f " : "" ,
810 generated ? xauthfile : "",
811 display);
812 debug2("x11_get_proto: %s", cmd);
813 f = popen(cmd, "r");
814 if (f && fgets(line, sizeof(line), f) &&
815 sscanf(line, "%*s %511s %511s", proto, data) == 2)
816 got_data = 1;
817 if (f)
818 pclose(f);
819 }
820
821 if (do_unlink) {
822 unlink(xauthfile);
823 rmdir(xauthdir);
824 }
825 if (xauthdir)
826 xfree(xauthdir);
827 if (xauthfile)
828 xfree(xauthfile);
829
830 /*
831 * If we didn't get authentication data, just make up some
832 * data. The forwarding code will check the validity of the
833 * response anyway, and substitute this data. The X11
834 * server, however, will ignore this fake data and use
835 * whatever authentication mechanisms it was using otherwise
836 * for the local connection.
837 */
838 if (!got_data) {
839 u_int32_t rnd = 0;
840
841 logit("Warning: No xauth data; "
842 "using fake authentication data for X11 forwarding.");
843 strlcpy(proto, SSH_X11_PROTO, sizeof proto);
844 for (i = 0; i < 16; i++) {
845 if (i % 4 == 0)
846 rnd = arc4random();
847 snprintf(data + 2 * i, sizeof data - 2 * i, "%02x",
848 rnd & 0xff);
849 rnd >>= 8;
850 }
851 }
852}
853
854static void 768static void
855ssh_init_forwarding(void) 769ssh_init_forwarding(void)
856{ 770{
@@ -881,8 +795,8 @@ ssh_init_forwarding(void)
881 for (i = 0; i < options.num_remote_forwards; i++) { 795 for (i = 0; i < options.num_remote_forwards; i++) {
882 debug("Remote connections from %.200s:%d forwarded to " 796 debug("Remote connections from %.200s:%d forwarded to "
883 "local address %.200s:%d", 797 "local address %.200s:%d",
884 (options.remote_forwards[i].listen_host == NULL) ? 798 (options.remote_forwards[i].listen_host == NULL) ?
885 (options.gateway_ports ? "*" : "LOCALHOST") : 799 (options.gateway_ports ? "*" : "LOCALHOST") :
886 options.remote_forwards[i].listen_host, 800 options.remote_forwards[i].listen_host,
887 options.remote_forwards[i].listen_port, 801 options.remote_forwards[i].listen_port,
888 options.remote_forwards[i].connect_host, 802 options.remote_forwards[i].connect_host,
@@ -913,6 +827,7 @@ ssh_session(void)
913 int have_tty = 0; 827 int have_tty = 0;
914 struct winsize ws; 828 struct winsize ws;
915 char *cp; 829 char *cp;
830 const char *display;
916 831
917 /* Enable compression if requested. */ 832 /* Enable compression if requested. */
918 if (options.compression) { 833 if (options.compression) {
@@ -974,13 +889,15 @@ ssh_session(void)
974 packet_disconnect("Protocol error waiting for pty request response."); 889 packet_disconnect("Protocol error waiting for pty request response.");
975 } 890 }
976 /* Request X11 forwarding if enabled and DISPLAY is set. */ 891 /* Request X11 forwarding if enabled and DISPLAY is set. */
977 if (options.forward_x11 && getenv("DISPLAY") != NULL) { 892 display = getenv("DISPLAY");
893 if (options.forward_x11 && display != NULL) {
978 char *proto, *data; 894 char *proto, *data;
979 /* Get reasonable local authentication information. */ 895 /* Get reasonable local authentication information. */
980 x11_get_proto(&proto, &data); 896 client_x11_get_proto(display, options.xauth_location,
897 options.forward_x11_trusted, &proto, &data);
981 /* Request forwarding with authentication spoofing. */ 898 /* Request forwarding with authentication spoofing. */
982 debug("Requesting X11 forwarding with authentication spoofing."); 899 debug("Requesting X11 forwarding with authentication spoofing.");
983 x11_request_forwarding_with_spoofing(0, proto, data); 900 x11_request_forwarding_with_spoofing(0, display, proto, data);
984 901
985 /* Read response from the server. */ 902 /* Read response from the server. */
986 type = packet_read(); 903 type = packet_read();
@@ -1082,9 +999,12 @@ ssh_control_listener(void)
1082 mode_t old_umask; 999 mode_t old_umask;
1083 int addr_len; 1000 int addr_len;
1084 1001
1085 if (options.control_path == NULL || options.control_master <= 0) 1002 if (options.control_path == NULL ||
1003 options.control_master == SSHCTL_MASTER_NO)
1086 return; 1004 return;
1087 1005
1006 debug("setting up multiplex master socket");
1007
1088 memset(&addr, '\0', sizeof(addr)); 1008 memset(&addr, '\0', sizeof(addr));
1089 addr.sun_family = AF_UNIX; 1009 addr.sun_family = AF_UNIX;
1090 addr_len = offsetof(struct sockaddr_un, sun_path) + 1010 addr_len = offsetof(struct sockaddr_un, sun_path) +
@@ -1119,15 +1039,18 @@ static void
1119ssh_session2_setup(int id, void *arg) 1039ssh_session2_setup(int id, void *arg)
1120{ 1040{
1121 extern char **environ; 1041 extern char **environ;
1122 1042 const char *display;
1123 int interactive = tty_flag; 1043 int interactive = tty_flag;
1124 if (options.forward_x11 && getenv("DISPLAY") != NULL) { 1044
1045 display = getenv("DISPLAY");
1046 if (options.forward_x11 && display != NULL) {
1125 char *proto, *data; 1047 char *proto, *data;
1126 /* Get reasonable local authentication information. */ 1048 /* Get reasonable local authentication information. */
1127 x11_get_proto(&proto, &data); 1049 client_x11_get_proto(display, options.xauth_location,
1050 options.forward_x11_trusted, &proto, &data);
1128 /* Request forwarding with authentication spoofing. */ 1051 /* Request forwarding with authentication spoofing. */
1129 debug("Requesting X11 forwarding with authentication spoofing."); 1052 debug("Requesting X11 forwarding with authentication spoofing.");
1130 x11_request_forwarding_with_spoofing(id, proto, data); 1053 x11_request_forwarding_with_spoofing(id, display, proto, data);
1131 interactive = 1; 1054 interactive = 1;
1132 /* XXX wait for reply */ 1055 /* XXX wait for reply */
1133 } 1056 }
@@ -1295,13 +1218,18 @@ control_client(const char *path)
1295 extern char **environ; 1218 extern char **environ;
1296 u_int flags; 1219 u_int flags;
1297 1220
1298 if (stdin_null_flag) { 1221 if (mux_command == 0)
1299 if ((fd = open(_PATH_DEVNULL, O_RDONLY)) == -1) 1222 mux_command = SSHMUX_COMMAND_OPEN;
1300 fatal("open(/dev/null): %s", strerror(errno)); 1223
1301 if (dup2(fd, STDIN_FILENO) == -1) 1224 switch (options.control_master) {
1302 fatal("dup2: %s", strerror(errno)); 1225 case SSHCTL_MASTER_AUTO:
1303 if (fd > STDERR_FILENO) 1226 case SSHCTL_MASTER_AUTO_ASK:
1304 close(fd); 1227 debug("auto-mux: Trying existing master");
1228 /* FALLTHROUGH */
1229 case SSHCTL_MASTER_NO:
1230 break;
1231 default:
1232 return;
1305 } 1233 }
1306 1234
1307 memset(&addr, '\0', sizeof(addr)); 1235 memset(&addr, '\0', sizeof(addr));
@@ -1316,31 +1244,55 @@ control_client(const char *path)
1316 if ((sock = socket(PF_UNIX, SOCK_STREAM, 0)) < 0) 1244 if ((sock = socket(PF_UNIX, SOCK_STREAM, 0)) < 0)
1317 fatal("%s socket(): %s", __func__, strerror(errno)); 1245 fatal("%s socket(): %s", __func__, strerror(errno));
1318 1246
1319 if (connect(sock, (struct sockaddr*)&addr, addr_len) == -1) 1247 if (connect(sock, (struct sockaddr*)&addr, addr_len) == -1) {
1320 fatal("Couldn't connect to %s: %s", path, strerror(errno)); 1248 if (mux_command != SSHMUX_COMMAND_OPEN) {
1249 fatal("Control socket connect(%.100s): %s", path,
1250 strerror(errno));
1251 }
1252 if (errno == ENOENT)
1253 debug("Control socket \"%.100s\" does not exist", path);
1254 else {
1255 error("Control socket connect(%.100s): %s", path,
1256 strerror(errno));
1257 }
1258 close(sock);
1259 return;
1260 }
1261
1262 if (stdin_null_flag) {
1263 if ((fd = open(_PATH_DEVNULL, O_RDONLY)) == -1)
1264 fatal("open(/dev/null): %s", strerror(errno));
1265 if (dup2(fd, STDIN_FILENO) == -1)
1266 fatal("dup2: %s", strerror(errno));
1267 if (fd > STDERR_FILENO)
1268 close(fd);
1269 }
1321 1270
1322 if ((term = getenv("TERM")) == NULL) 1271 term = getenv("TERM");
1323 term = "";
1324 1272
1325 flags = 0; 1273 flags = 0;
1326 if (tty_flag) 1274 if (tty_flag)
1327 flags |= SSHMUX_FLAG_TTY; 1275 flags |= SSHMUX_FLAG_TTY;
1328 if (subsystem_flag) 1276 if (subsystem_flag)
1329 flags |= SSHMUX_FLAG_SUBSYS; 1277 flags |= SSHMUX_FLAG_SUBSYS;
1278 if (options.forward_x11)
1279 flags |= SSHMUX_FLAG_X11_FWD;
1280 if (options.forward_agent)
1281 flags |= SSHMUX_FLAG_AGENT_FWD;
1330 1282
1331 buffer_init(&m); 1283 buffer_init(&m);
1332 1284
1333 /* Send our command to server */ 1285 /* Send our command to server */
1334 buffer_put_int(&m, mux_command); 1286 buffer_put_int(&m, mux_command);
1335 buffer_put_int(&m, flags); 1287 buffer_put_int(&m, flags);
1336 if (ssh_msg_send(sock, /* version */1, &m) == -1) 1288 if (ssh_msg_send(sock, SSHMUX_VER, &m) == -1)
1337 fatal("%s: msg_send", __func__); 1289 fatal("%s: msg_send", __func__);
1338 buffer_clear(&m); 1290 buffer_clear(&m);
1339 1291
1340 /* Get authorisation status and PID of controlee */ 1292 /* Get authorisation status and PID of controlee */
1341 if (ssh_msg_recv(sock, &m) == -1) 1293 if (ssh_msg_recv(sock, &m) == -1)
1342 fatal("%s: msg_recv", __func__); 1294 fatal("%s: msg_recv", __func__);
1343 if (buffer_get_char(&m) != 1) 1295 if (buffer_get_char(&m) != SSHMUX_VER)
1344 fatal("%s: wrong version", __func__); 1296 fatal("%s: wrong version", __func__);
1345 if (buffer_get_int(&m) != 1) 1297 if (buffer_get_int(&m) != 1)
1346 fatal("Connection to master denied"); 1298 fatal("Connection to master denied");
@@ -1364,7 +1316,7 @@ control_client(const char *path)
1364 } 1316 }
1365 1317
1366 /* SSHMUX_COMMAND_OPEN */ 1318 /* SSHMUX_COMMAND_OPEN */
1367 buffer_put_cstring(&m, term); 1319 buffer_put_cstring(&m, term ? term : "");
1368 buffer_append(&command, "\0", 1); 1320 buffer_append(&command, "\0", 1);
1369 buffer_put_cstring(&m, buffer_ptr(&command)); 1321 buffer_put_cstring(&m, buffer_ptr(&command));
1370 1322
@@ -1386,7 +1338,7 @@ control_client(const char *path)
1386 } 1338 }
1387 } 1339 }
1388 1340
1389 if (ssh_msg_send(sock, /* version */1, &m) == -1) 1341 if (ssh_msg_send(sock, SSHMUX_VER, &m) == -1)
1390 fatal("%s: msg_send", __func__); 1342 fatal("%s: msg_send", __func__);
1391 1343
1392 mm_send_fd(sock, STDIN_FILENO); 1344 mm_send_fd(sock, STDIN_FILENO);
@@ -1397,7 +1349,7 @@ control_client(const char *path)
1397 buffer_clear(&m); 1349 buffer_clear(&m);
1398 if (ssh_msg_recv(sock, &m) == -1) 1350 if (ssh_msg_recv(sock, &m) == -1)
1399 fatal("%s: msg_recv", __func__); 1351 fatal("%s: msg_recv", __func__);
1400 if (buffer_get_char(&m) != 1) 1352 if (buffer_get_char(&m) != SSHMUX_VER)
1401 fatal("%s: wrong version", __func__); 1353 fatal("%s: wrong version", __func__);
1402 buffer_free(&m); 1354 buffer_free(&m);
1403 1355
diff --git a/ssh_config.0 b/ssh_config.0
index 92be76b6d..a2706b69c 100644
--- a/ssh_config.0
+++ b/ssh_config.0
@@ -4,14 +4,14 @@ NAME
4 ssh_config - OpenSSH SSH client configuration files 4 ssh_config - OpenSSH SSH client configuration files
5 5
6SYNOPSIS 6SYNOPSIS
7 $HOME/.ssh/config 7 ~/.ssh/config
8 /etc/ssh/ssh_config 8 /etc/ssh/ssh_config
9 9
10DESCRIPTION 10DESCRIPTION
11 ssh obtains configuration data from the following sources in the follow- 11 ssh obtains configuration data from the following sources in the follow-
12 ing order: 12 ing order:
13 1. command-line options 13 1. command-line options
14 2. user's configuration file ($HOME/.ssh/config) 14 2. user's configuration file (~/.ssh/config)
15 3. system-wide configuration file (/etc/ssh/ssh_config) 15 3. system-wide configuration file (/etc/ssh/ssh_config)
16 16
17 For each parameter, the first obtained value will be used. The configu- 17 For each parameter, the first obtained value will be used. The configu-
@@ -57,9 +57,10 @@ DESCRIPTION
57 ``yes'' or ``no''. The default is ``no''. 57 ``yes'' or ``no''. The default is ``no''.
58 58
59 BindAddress 59 BindAddress
60 Specify the interface to transmit from on machines with multiple 60 Use the specified address on the local machine as the source ad-
61 interfaces or aliased addresses. Note that this option does not 61 dress of the connection. Only useful on systems with more than
62 work if UsePrivilegedPort is set to ``yes''. 62 one address. Note that this option does not work if
63 UsePrivilegedPort is set to ``yes''.
63 64
64 ChallengeResponseAuthentication 65 ChallengeResponseAuthentication
65 Specifies whether to use challenge response authentication. The 66 Specifies whether to use challenge response authentication. The
@@ -85,11 +86,12 @@ DESCRIPTION
85 preference. Multiple ciphers must be comma-separated. The sup- 86 preference. Multiple ciphers must be comma-separated. The sup-
86 ported ciphers are ``3des-cbc'', ``aes128-cbc'', ``aes192-cbc'', 87 ported ciphers are ``3des-cbc'', ``aes128-cbc'', ``aes192-cbc'',
87 ``aes256-cbc'', ``aes128-ctr'', ``aes192-ctr'', ``aes256-ctr'', 88 ``aes256-cbc'', ``aes128-ctr'', ``aes192-ctr'', ``aes256-ctr'',
88 ``arcfour'', ``blowfish-cbc'', and ``cast128-cbc''. The default 89 ``arcfour128'', ``arcfour256'', ``arcfour'', ``blowfish-cbc'',
89 is 90 and ``cast128-cbc''. The default is
90 91
91 ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour, 92 ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,
92 aes192-cbc,aes256-cbc'' 93 arcfour256,arcfour,aes192-cbc,aes256-cbc,aes128-ctr,
94 aes192-ctr,aes256-ctr''
93 95
94 ClearAllForwardings 96 ClearAllForwardings
95 Specifies that all local, remote and dynamic port forwardings 97 Specifies that all local, remote and dynamic port forwardings
@@ -131,11 +133,30 @@ DESCRIPTION
131 tion rather than initiating new ones. Setting this to ``ask'' 133 tion rather than initiating new ones. Setting this to ``ask''
132 will cause ssh to listen for control connections, but require 134 will cause ssh to listen for control connections, but require
133 confirmation using the SSH_ASKPASS program before they are ac- 135 confirmation using the SSH_ASKPASS program before they are ac-
134 cepted (see ssh-add(1) for details). 136 cepted (see ssh-add(1) for details). If the ControlPath can not
137 be opened, ssh will continue without connecting to a master in-
138 stance.
139
140 X11 and ssh-agent(1) forwarding is supported over these multi-
141 plexed connections, however the display and agent fowarded will
142 be the one belonging to the master connection i.e. it is not pos-
143 sible to forward multiple displays or agents.
144
145 Two additional options allow for opportunistic multiplexing: try
146 to use a master connection but fall back to creating a new one if
147 one does not already exist. These options are: ``auto'' and
148 ``autoask''. The latter requires confirmation like the ``ask''
149 option.
135 150
136 ControlPath 151 ControlPath
137 Specify the path to the control socket used for connection shar- 152 Specify the path to the control socket used for connection shar-
138 ing. See ControlMaster above. 153 ing as described in the ControlMaster section above or the string
154 ``none'' to disable connection sharing. In the path, `%h' will
155 be substituted by the target host name, `%p' the port and `%r' by
156 the remote login username. It is recommended that any
157 ControlPath used for opportunistic connection sharing include all
158 three of these escape sequences. This ensures that shared con-
159 nections are uniquely identified.
139 160
140 DynamicForward 161 DynamicForward
141 Specifies that a TCP/IP port on the local machine be forwarded 162 Specifies that a TCP/IP port on the local machine be forwarded
@@ -228,9 +249,9 @@ DESCRIPTION
228 249
229 HashKnownHosts 250 HashKnownHosts
230 Indicates that ssh should hash host names and addresses when they 251 Indicates that ssh should hash host names and addresses when they
231 are added to $HOME/.ssh/known_hosts. These hashed names may be 252 are added to ~/.ssh/known_hosts. These hashed names may be used
232 used normally by ssh and sshd, but they do not reveal identifying 253 normally by ssh and sshd, but they do not reveal identifying in-
233 information should the file's contents be disclosed. The default 254 formation should the file's contents be disclosed. The default
234 is ``no''. Note that hashing of names and addresses will not be 255 is ``no''. Note that hashing of names and addresses will not be
235 retrospectively applied to existing known hosts files, but these 256 retrospectively applied to existing known hosts files, but these
236 may be manually hashed using ssh-keygen(1). 257 may be manually hashed using ssh-keygen(1).
@@ -261,14 +282,13 @@ DESCRIPTION
261 282
262 IdentityFile 283 IdentityFile
263 Specifies a file from which the user's RSA or DSA authentication 284 Specifies a file from which the user's RSA or DSA authentication
264 identity is read. The default is $HOME/.ssh/identity for proto- 285 identity is read. The default is ~/.ssh/identity for protocol
265 col version 1, and $HOME/.ssh/id_rsa and $HOME/.ssh/id_dsa for 286 version 1, and ~/.ssh/id_rsa and ~/.ssh/id_dsa for protocol ver-
266 protocol version 2. Additionally, any identities represented by 287 sion 2. Additionally, any identities represented by the authen-
267 the authentication agent will be used for authentication. The 288 tication agent will be used for authentication. The file name
268 file name may use the tilde syntax to refer to a user's home di- 289 may use the tilde syntax to refer to a user's home directory. It
269 rectory. It is possible to have multiple identity files speci- 290 is possible to have multiple identity files specified in configu-
270 fied in configuration files; all these identities will be tried 291 ration files; all these identities will be tried in sequence.
271 in sequence.
272 292
273 IdentitiesOnly 293 IdentitiesOnly
274 Specifies that ssh should only use the authentication identity 294 Specifies that ssh should only use the authentication identity
@@ -362,6 +382,12 @@ DESCRIPTION
362 tirely. Note that CheckHostIP is not available for connects with 382 tirely. Note that CheckHostIP is not available for connects with
363 a proxy command. 383 a proxy command.
364 384
385 This directive is useful in conjunction with nc(1) and its proxy
386 support. For example, the following directive would connect via
387 an HTTP proxy at 192.0.2.0:
388
389 ProxyCommand /usr/bin/nc -X connect -x 192.0.2.0:8080 %h %p
390
365 PubkeyAuthentication 391 PubkeyAuthentication
366 Specifies whether to try public key authentication. The argument 392 Specifies whether to try public key authentication. The argument
367 to this keyword must be ``yes'' or ``no''. The default is 393 to this keyword must be ``yes'' or ``no''. The default is
@@ -441,9 +467,9 @@ DESCRIPTION
441 467
442 StrictHostKeyChecking 468 StrictHostKeyChecking
443 If this flag is set to ``yes'', ssh will never automatically add 469 If this flag is set to ``yes'', ssh will never automatically add
444 host keys to the $HOME/.ssh/known_hosts file, and refuses to con- 470 host keys to the ~/.ssh/known_hosts file, and refuses to connect
445 nect to hosts whose host key has changed. This provides maximum 471 to hosts whose host key has changed. This provides maximum pro-
446 protection against trojan horse attacks, however, can be annoying 472 tection against trojan horse attacks, however, can be annoying
447 when the /etc/ssh/ssh_known_hosts file is poorly maintained, or 473 when the /etc/ssh/ssh_known_hosts file is poorly maintained, or
448 connections to new hosts are frequently made. This option forces 474 connections to new hosts are frequently made. This option forces
449 the user to manually add all new hosts. If this flag is set to 475 the user to manually add all new hosts. If this flag is set to
@@ -484,7 +510,7 @@ DESCRIPTION
484 510
485 UserKnownHostsFile 511 UserKnownHostsFile
486 Specifies a file to use for the user host key database instead of 512 Specifies a file to use for the user host key database instead of
487 $HOME/.ssh/known_hosts. 513 ~/.ssh/known_hosts.
488 514
489 VerifyHostKeyDNS 515 VerifyHostKeyDNS
490 Specifies whether to verify the remote key using DNS and SSHFP 516 Specifies whether to verify the remote key using DNS and SSHFP
@@ -503,7 +529,7 @@ DESCRIPTION
503 is /usr/X11R6/bin/xauth. 529 is /usr/X11R6/bin/xauth.
504 530
505FILES 531FILES
506 $HOME/.ssh/config 532 ~/.ssh/config
507 This is the per-user configuration file. The format of this file 533 This is the per-user configuration file. The format of this file
508 is described above. This file is used by the ssh client. Be- 534 is described above. This file is used by the ssh client. Be-
509 cause of the potential for abuse, this file must have strict per- 535 cause of the potential for abuse, this file must have strict per-
@@ -525,4 +551,4 @@ AUTHORS
525 ated OpenSSH. Markus Friedl contributed the support for SSH protocol 551 ated OpenSSH. Markus Friedl contributed the support for SSH protocol
526 versions 1.5 and 2.0. 552 versions 1.5 and 2.0.
527 553
528OpenBSD 3.7 September 25, 1999 8 554OpenBSD 3.8 September 25, 1999 9
diff --git a/ssh_config.5 b/ssh_config.5
index 03801f5ac..b232a0203 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -34,7 +34,7 @@
34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36.\" 36.\"
37.\" $OpenBSD: ssh_config.5,v 1.49 2005/03/16 11:10:38 jmc Exp $ 37.\" $OpenBSD: ssh_config.5,v 1.61 2005/07/08 12:53:10 jmc Exp $
38.Dd September 25, 1999 38.Dd September 25, 1999
39.Dt SSH_CONFIG 5 39.Dt SSH_CONFIG 5
40.Os 40.Os
@@ -43,7 +43,7 @@
43.Nd OpenSSH SSH client configuration files 43.Nd OpenSSH SSH client configuration files
44.Sh SYNOPSIS 44.Sh SYNOPSIS
45.Bl -tag -width Ds -compact 45.Bl -tag -width Ds -compact
46.It Pa $HOME/.ssh/config 46.It Pa ~/.ssh/config
47.It Pa /etc/ssh/ssh_config 47.It Pa /etc/ssh/ssh_config
48.El 48.El
49.Sh DESCRIPTION 49.Sh DESCRIPTION
@@ -55,7 +55,7 @@ the following order:
55command-line options 55command-line options
56.It 56.It
57user's configuration file 57user's configuration file
58.Pq Pa $HOME/.ssh/config 58.Pq Pa ~/.ssh/config
59.It 59.It
60system-wide configuration file 60system-wide configuration file
61.Pq Pa /etc/ssh/ssh_config 61.Pq Pa /etc/ssh/ssh_config
@@ -143,8 +143,9 @@ or
143The default is 143The default is
144.Dq no . 144.Dq no .
145.It Cm BindAddress 145.It Cm BindAddress
146Specify the interface to transmit from on machines with multiple 146Use the specified address on the local machine as the source address of
147interfaces or aliased addresses. 147the connection.
148Only useful on systems with more than one address.
148Note that this option does not work if 149Note that this option does not work if
149.Cm UsePrivilegedPort 150.Cm UsePrivilegedPort
150is set to 151is set to
@@ -200,14 +201,17 @@ The supported ciphers are
200.Dq aes128-ctr , 201.Dq aes128-ctr ,
201.Dq aes192-ctr , 202.Dq aes192-ctr ,
202.Dq aes256-ctr , 203.Dq aes256-ctr ,
204.Dq arcfour128 ,
205.Dq arcfour256 ,
203.Dq arcfour , 206.Dq arcfour ,
204.Dq blowfish-cbc , 207.Dq blowfish-cbc ,
205and 208and
206.Dq cast128-cbc . 209.Dq cast128-cbc .
207The default is 210The default is
208.Bd -literal 211.Bd -literal
209 ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour, 212 ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,
210 aes192-cbc,aes256-cbc'' 213 arcfour256,arcfour,aes192-cbc,aes256-cbc,aes128-ctr,
214 aes192-ctr,aes256-ctr''
211.Ed 215.Ed
212.It Cm ClearAllForwardings 216.It Cm ClearAllForwardings
213Specifies that all local, remote and dynamic port forwardings 217Specifies that all local, remote and dynamic port forwardings
@@ -277,11 +281,47 @@ to listen for control connections, but require confirmation using the
277program before they are accepted (see 281program before they are accepted (see
278.Xr ssh-add 1 282.Xr ssh-add 1
279for details). 283for details).
284If the
285.Cm ControlPath
286can not be opened,
287.Nm ssh
288will continue without connecting to a master instance.
289.Pp
290X11 and
291.Xr ssh-agent 1
292forwarding is supported over these multiplexed connections, however the
293display and agent fowarded will be the one belonging to the master
294connection i.e. it is not possible to forward multiple displays or agents.
295.Pp
296Two additional options allow for opportunistic multiplexing: try to use a
297master connection but fall back to creating a new one if one does not already
298exist.
299These options are:
300.Dq auto
301and
302.Dq autoask .
303The latter requires confirmation like the
304.Dq ask
305option.
280.It Cm ControlPath 306.It Cm ControlPath
281Specify the path to the control socket used for connection sharing. 307Specify the path to the control socket used for connection sharing as described
282See 308in the
283.Cm ControlMaster 309.Cm ControlMaster
284above. 310section above or the string
311.Dq none
312to disable connection sharing.
313In the path,
314.Ql %h
315will be substituted by the target host name,
316.Ql %p
317the port and
318.Ql %r
319by the remote login username.
320It is recommended that any
321.Cm ControlPath
322used for opportunistic connection sharing include
323all three of these escape sequences.
324This ensures that shared connections are uniquely identified.
285.It Cm DynamicForward 325.It Cm DynamicForward
286Specifies that a TCP/IP port on the local machine be forwarded 326Specifies that a TCP/IP port on the local machine be forwarded
287over the secure channel, and the application 327over the secure channel, and the application
@@ -419,7 +459,7 @@ Note that this option applies to protocol version 2 only.
419Indicates that 459Indicates that
420.Nm ssh 460.Nm ssh
421should hash host names and addresses when they are added to 461should hash host names and addresses when they are added to
422.Pa $HOME/.ssh/known_hosts . 462.Pa ~/.ssh/known_hosts .
423These hashed names may be used normally by 463These hashed names may be used normally by
424.Nm ssh 464.Nm ssh
425and 465and
@@ -465,11 +505,11 @@ specifications).
465Specifies a file from which the user's RSA or DSA authentication identity 505Specifies a file from which the user's RSA or DSA authentication identity
466is read. 506is read.
467The default is 507The default is
468.Pa $HOME/.ssh/identity 508.Pa ~/.ssh/identity
469for protocol version 1, and 509for protocol version 1, and
470.Pa $HOME/.ssh/id_rsa 510.Pa ~/.ssh/id_rsa
471and 511and
472.Pa $HOME/.ssh/id_dsa 512.Pa ~/.ssh/id_dsa
473for protocol version 2. 513for protocol version 2.
474Additionally, any identities represented by the authentication agent 514Additionally, any identities represented by the authentication agent
475will be used for authentication. 515will be used for authentication.
@@ -624,6 +664,14 @@ Note that
624.Cm CheckHostIP 664.Cm CheckHostIP
625is not available for connects with a proxy command. 665is not available for connects with a proxy command.
626.Pp 666.Pp
667This directive is useful in conjunction with
668.Xr nc 1
669and its proxy support.
670For example, the following directive would connect via an HTTP proxy at
671192.0.2.0:
672.Bd -literal -offset 3n
673ProxyCommand /usr/bin/nc -X connect -x 192.0.2.0:8080 %h %p
674.Ed
627.It Cm PubkeyAuthentication 675.It Cm PubkeyAuthentication
628Specifies whether to try public key authentication. 676Specifies whether to try public key authentication.
629The argument to this keyword must be 677The argument to this keyword must be
@@ -784,7 +832,7 @@ If this flag is set to
784.Dq yes , 832.Dq yes ,
785.Nm ssh 833.Nm ssh
786will never automatically add host keys to the 834will never automatically add host keys to the
787.Pa $HOME/.ssh/known_hosts 835.Pa ~/.ssh/known_hosts
788file, and refuses to connect to hosts whose host key has changed. 836file, and refuses to connect to hosts whose host key has changed.
789This provides maximum protection against trojan horse attacks, 837This provides maximum protection against trojan horse attacks,
790however, can be annoying when the 838however, can be annoying when the
@@ -862,7 +910,7 @@ having to remember to give the user name on the command line.
862.It Cm UserKnownHostsFile 910.It Cm UserKnownHostsFile
863Specifies a file to use for the user 911Specifies a file to use for the user
864host key database instead of 912host key database instead of
865.Pa $HOME/.ssh/known_hosts . 913.Pa ~/.ssh/known_hosts .
866.It Cm VerifyHostKeyDNS 914.It Cm VerifyHostKeyDNS
867Specifies whether to verify the remote key using DNS and SSHFP resource 915Specifies whether to verify the remote key using DNS and SSHFP resource
868records. 916records.
@@ -895,7 +943,7 @@ The default is
895.El 943.El
896.Sh FILES 944.Sh FILES
897.Bl -tag -width Ds 945.Bl -tag -width Ds
898.It Pa $HOME/.ssh/config 946.It Pa ~/.ssh/config
899This is the per-user configuration file. 947This is the per-user configuration file.
900The format of this file is described above. 948The format of this file is described above.
901This file is used by the 949This file is used by the
diff --git a/sshconnect.c b/sshconnect.c
index 10a614127..10eaac35d 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -13,7 +13,7 @@
13 */ 13 */
14 14
15#include "includes.h" 15#include "includes.h"
16RCSID("$OpenBSD: sshconnect.c,v 1.162 2005/03/10 22:01:06 deraadt Exp $"); 16RCSID("$OpenBSD: sshconnect.c,v 1.168 2005/07/17 07:17:55 djm Exp $");
17 17
18#include <openssl/bn.h> 18#include <openssl/bn.h>
19 19
@@ -66,12 +66,11 @@ static void warn_changed_key(Key *);
66static int 66static int
67ssh_proxy_connect(const char *host, u_short port, const char *proxy_command) 67ssh_proxy_connect(const char *host, u_short port, const char *proxy_command)
68{ 68{
69 Buffer command; 69 char *command_string, *tmp;
70 const char *cp;
71 char *command_string;
72 int pin[2], pout[2]; 70 int pin[2], pout[2];
73 pid_t pid; 71 pid_t pid;
74 char strport[NI_MAXSERV]; 72 char strport[NI_MAXSERV];
73 size_t len;
75 74
76 /* Convert the port number into a string. */ 75 /* Convert the port number into a string. */
77 snprintf(strport, sizeof strport, "%hu", port); 76 snprintf(strport, sizeof strport, "%hu", port);
@@ -83,31 +82,13 @@ ssh_proxy_connect(const char *host, u_short port, const char *proxy_command)
83 * Use "exec" to avoid "sh -c" processes on some platforms 82 * Use "exec" to avoid "sh -c" processes on some platforms
84 * (e.g. Solaris) 83 * (e.g. Solaris)
85 */ 84 */
86 buffer_init(&command); 85 len = strlen(proxy_command) + 6;
87 buffer_append(&command, "exec ", 5); 86 tmp = xmalloc(len);
88 87 strlcpy(tmp, "exec ", len);
89 for (cp = proxy_command; *cp; cp++) { 88 strlcat(tmp, proxy_command, len);
90 if (cp[0] == '%' && cp[1] == '%') { 89 command_string = percent_expand(tmp, "h", host,
91 buffer_append(&command, "%", 1); 90 "p", strport, (char *)NULL);
92 cp++; 91 xfree(tmp);
93 continue;
94 }
95 if (cp[0] == '%' && cp[1] == 'h') {
96 buffer_append(&command, host, strlen(host));
97 cp++;
98 continue;
99 }
100 if (cp[0] == '%' && cp[1] == 'p') {
101 buffer_append(&command, strport, strlen(strport));
102 cp++;
103 continue;
104 }
105 buffer_append(&command, cp, 1);
106 }
107 buffer_append(&command, "\0", 1);
108
109 /* Get the final command string. */
110 command_string = buffer_ptr(&command);
111 92
112 /* Create pipes for communicating with the proxy. */ 93 /* Create pipes for communicating with the proxy. */
113 if (pipe(pin) < 0 || pipe(pout) < 0) 94 if (pipe(pin) < 0 || pipe(pout) < 0)
@@ -161,7 +142,7 @@ ssh_proxy_connect(const char *host, u_short port, const char *proxy_command)
161 close(pout[1]); 142 close(pout[1]);
162 143
163 /* Free the command name. */ 144 /* Free the command name. */
164 buffer_free(&command); 145 xfree(command_string);
165 146
166 /* Set the connection file descriptors. */ 147 /* Set the connection file descriptors. */
167 packet_set_connection(pout[0], pin[1], options.setuptimeout); 148 packet_set_connection(pout[0], pin[1], options.setuptimeout);
@@ -315,18 +296,9 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
315 int sock = -1, attempt; 296 int sock = -1, attempt;
316 char ntop[NI_MAXHOST], strport[NI_MAXSERV]; 297 char ntop[NI_MAXHOST], strport[NI_MAXSERV];
317 struct addrinfo hints, *ai, *aitop; 298 struct addrinfo hints, *ai, *aitop;
318 struct servent *sp;
319 299
320 debug2("ssh_connect: needpriv %d", needpriv); 300 debug2("ssh_connect: needpriv %d", needpriv);
321 301
322 /* Get default port if port has not been set. */
323 if (port == 0) {
324 sp = getservbyname(SSH_SERVICE_NAME, "tcp");
325 if (sp)
326 port = ntohs(sp->s_port);
327 else
328 port = SSH_DEFAULT_PORT;
329 }
330 /* If a proxy command is given, connect using it. */ 302 /* If a proxy command is given, connect using it. */
331 if (proxy_command != NULL) 303 if (proxy_command != NULL)
332 return ssh_proxy_connect(host, port, proxy_command); 304 return ssh_proxy_connect(host, port, proxy_command);
@@ -428,10 +400,11 @@ static void
428ssh_exchange_identification(void) 400ssh_exchange_identification(void)
429{ 401{
430 char buf[256], remote_version[256]; /* must be same size! */ 402 char buf[256], remote_version[256]; /* must be same size! */
431 int remote_major, remote_minor, i, mismatch; 403 int remote_major, remote_minor, mismatch;
432 int connection_in = packet_get_connection_in(); 404 int connection_in = packet_get_connection_in();
433 int connection_out = packet_get_connection_out(); 405 int connection_out = packet_get_connection_out();
434 int minor1 = PROTOCOL_MINOR_1; 406 int minor1 = PROTOCOL_MINOR_1;
407 u_int i;
435 struct sigaction sa, osa; 408 struct sigaction sa, osa;
436 409
437 /* Read other side's version identification. 410 /* Read other side's version identification.
@@ -448,16 +421,28 @@ ssh_exchange_identification(void)
448 } 421 }
449 for (;;) { 422 for (;;) {
450 for (i = 0; i < sizeof(buf) - 1; ) { 423 for (i = 0; i < sizeof(buf) - 1; ) {
451 int len = read(connection_in, &buf[i], 1); 424 ssize_t len = read(connection_in, &buf[i], 1);
452 if (banner_timedout) 425 if (banner_timedout)
453 fatal("ssh_exchange_identification: Timeout waiting for version information."); 426 fatal("ssh_exchange_identification: Timeout waiting for version information.");
454 if (len < 0) { 427 if (len == 0)
455 if (errno == EINTR) 428 errno = EPIPE;
429
430 if (len != 1 && errno == EPIPE)
431 fatal("ssh_exchange_identification: Connection closed by remote host");
432 else if (len != 1) {
433#ifdef EWOULDBLOCK
434 if (errno == EINTR || errno == EAGAIN || errno == EWOULDBLOCK)
435#else
436 if (errno == EINTR || errno == EAGAIN)
437#endif
456 continue; 438 continue;
457 fatal("ssh_exchange_identification: read: %.100s", strerror(errno)); 439 fatal("ssh_exchange_identification: read: %.100s", strerror(errno));
458 } 440 }
459 if (len != 1) 441 if (buf[i] == '\r') {
460 fatal("ssh_exchange_identification: Connection closed by remote host"); 442 buf[i] = '\n';
443 buf[i + 1] = 0;
444 continue; /**XXX wait for \n */
445 }
461 if (buf[i] == '\n') { 446 if (buf[i] == '\n') {
462 buf[i + 1] = 0; 447 buf[i + 1] = 0;
463 break; 448 break;
@@ -605,7 +590,7 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
605 switch (hostaddr->sa_family) { 590 switch (hostaddr->sa_family) {
606 case AF_INET: 591 case AF_INET:
607 local = (ntohl(((struct sockaddr_in *)hostaddr)-> 592 local = (ntohl(((struct sockaddr_in *)hostaddr)->
608 sin_addr.s_addr) >> 24) == IN_LOOPBACKNET; 593 sin_addr.s_addr) >> 24) == IN_LOOPBACKNET;
609 salen = sizeof(struct sockaddr_in); 594 salen = sizeof(struct sockaddr_in);
610 break; 595 break;
611 case AF_INET6: 596 case AF_INET6:
@@ -738,8 +723,8 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
738 723
739 if (show_other_keys(host, host_key)) 724 if (show_other_keys(host, host_key))
740 snprintf(msg1, sizeof(msg1), 725 snprintf(msg1, sizeof(msg1),
741 "\nbut keys of different type are already" 726 "\nbut keys of different type are already"
742 " known for this host."); 727 " known for this host.");
743 else 728 else
744 snprintf(msg1, sizeof(msg1), "."); 729 snprintf(msg1, sizeof(msg1), ".");
745 /* The default */ 730 /* The default */
diff --git a/sshconnect1.c b/sshconnect1.c
index 6e2e31c02..bd05723c7 100644
--- a/sshconnect1.c
+++ b/sshconnect1.c
@@ -13,7 +13,7 @@
13 */ 13 */
14 14
15#include "includes.h" 15#include "includes.h"
16RCSID("$OpenBSD: sshconnect1.c,v 1.60 2004/07/28 09:40:29 markus Exp $"); 16RCSID("$OpenBSD: sshconnect1.c,v 1.61 2005/06/17 02:44:33 djm Exp $");
17 17
18#include <openssl/bn.h> 18#include <openssl/bn.h>
19#include <openssl/md5.h> 19#include <openssl/md5.h>
@@ -162,7 +162,7 @@ respond_to_rsa_challenge(BIGNUM * challenge, RSA * prv)
162 /* Compute the response. */ 162 /* Compute the response. */
163 /* The response is MD5 of decrypted challenge plus session id. */ 163 /* The response is MD5 of decrypted challenge plus session id. */
164 len = BN_num_bytes(challenge); 164 len = BN_num_bytes(challenge);
165 if (len <= 0 || len > sizeof(buf)) 165 if (len <= 0 || (u_int)len > sizeof(buf))
166 packet_disconnect( 166 packet_disconnect(
167 "respond_to_rsa_challenge: bad challenge length %d", len); 167 "respond_to_rsa_challenge: bad challenge length %d", len);
168 168
diff --git a/sshconnect2.c b/sshconnect2.c
index 68d56d020..ee7932d68 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -23,7 +23,7 @@
23 */ 23 */
24 24
25#include "includes.h" 25#include "includes.h"
26RCSID("$OpenBSD: sshconnect2.c,v 1.138 2004/06/13 12:53:24 djm Exp $"); 26RCSID("$OpenBSD: sshconnect2.c,v 1.142 2005/08/30 22:08:05 djm Exp $");
27 27
28#include "openbsd-compat/sys-queue.h" 28#include "openbsd-compat/sys-queue.h"
29 29
@@ -101,10 +101,10 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
101 compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_STOC]); 101 compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_STOC]);
102 if (options.compression) { 102 if (options.compression) {
103 myproposal[PROPOSAL_COMP_ALGS_CTOS] = 103 myproposal[PROPOSAL_COMP_ALGS_CTOS] =
104 myproposal[PROPOSAL_COMP_ALGS_STOC] = "zlib,none"; 104 myproposal[PROPOSAL_COMP_ALGS_STOC] = "zlib@openssh.com,zlib,none";
105 } else { 105 } else {
106 myproposal[PROPOSAL_COMP_ALGS_CTOS] = 106 myproposal[PROPOSAL_COMP_ALGS_CTOS] =
107 myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zlib"; 107 myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zlib@openssh.com,zlib";
108 } 108 }
109 if (options.macs != NULL) { 109 if (options.macs != NULL) {
110 myproposal[PROPOSAL_MAC_ALGS_CTOS] = 110 myproposal[PROPOSAL_MAC_ALGS_CTOS] =
@@ -352,7 +352,7 @@ void
352input_userauth_error(int type, u_int32_t seq, void *ctxt) 352input_userauth_error(int type, u_int32_t seq, void *ctxt)
353{ 353{
354 fatal("input_userauth_error: bad message during authentication: " 354 fatal("input_userauth_error: bad message during authentication: "
355 "type %d", type); 355 "type %d", type);
356} 356}
357 357
358void 358void
@@ -482,7 +482,7 @@ userauth_gssapi(Authctxt *authctxt)
482{ 482{
483 Gssctxt *gssctxt = NULL; 483 Gssctxt *gssctxt = NULL;
484 static gss_OID_set gss_supported = NULL; 484 static gss_OID_set gss_supported = NULL;
485 static int mech = 0; 485 static u_int mech = 0;
486 OM_uint32 min; 486 OM_uint32 min;
487 int ok = 0; 487 int ok = 0;
488 488
@@ -509,7 +509,8 @@ userauth_gssapi(Authctxt *authctxt)
509 } 509 }
510 } 510 }
511 511
512 if (!ok) return 0; 512 if (!ok)
513 return 0;
513 514
514 authctxt->methoddata=(void *)gssctxt; 515 authctxt->methoddata=(void *)gssctxt;
515 516
@@ -544,7 +545,8 @@ process_gssapi_token(void *ctxt, gss_buffer_t recv_tok)
544 Authctxt *authctxt = ctxt; 545 Authctxt *authctxt = ctxt;
545 Gssctxt *gssctxt = authctxt->methoddata; 546 Gssctxt *gssctxt = authctxt->methoddata;
546 gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER; 547 gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;
547 gss_buffer_desc gssbuf, mic; 548 gss_buffer_desc mic = GSS_C_EMPTY_BUFFER;
549 gss_buffer_desc gssbuf;
548 OM_uint32 status, ms, flags; 550 OM_uint32 status, ms, flags;
549 Buffer b; 551 Buffer b;
550 552
@@ -678,7 +680,7 @@ input_gssapi_errtok(int type, u_int32_t plen, void *ctxt)
678 680
679 /* Stick it into GSSAPI and see what it says */ 681 /* Stick it into GSSAPI and see what it says */
680 status = ssh_gssapi_init_ctx(gssctxt, options.gss_deleg_creds, 682 status = ssh_gssapi_init_ctx(gssctxt, options.gss_deleg_creds,
681 &recv_tok, &send_tok, NULL); 683 &recv_tok, &send_tok, NULL);
682 684
683 xfree(recv_tok.value); 685 xfree(recv_tok.value);
684 gss_release_buffer(&ms, &send_tok); 686 gss_release_buffer(&ms, &send_tok);
diff --git a/sshd.0 b/sshd.0
index e509a9dfa..9a9613b54 100644
--- a/sshd.0
+++ b/sshd.0
@@ -21,7 +21,7 @@ DESCRIPTION
21 sshd works as follows: 21 sshd works as follows:
22 22
23 SSH protocol version 1 23 SSH protocol version 1
24 Each host has a host-specific RSA key (normally 1024 bits) used to iden- 24 Each host has a host-specific RSA key (normally 2048 bits) used to iden-
25 tify the host. Additionally, when the daemon starts, it generates a 25 tify the host. Additionally, when the daemon starts, it generates a
26 server RSA key (normally 768 bits). This key is normally regenerated ev- 26 server RSA key (normally 768 bits). This key is normally regenerated ev-
27 ery hour if it has been used, and is never stored on disk. 27 ery hour if it has been used, and is never stored on disk.
@@ -200,8 +200,7 @@ LOGIN PROCESS
200 200
201 1. If the login is on a tty, and no command has been specified, 201 1. If the login is on a tty, and no command has been specified,
202 prints last login time and /etc/motd (unless prevented in the 202 prints last login time and /etc/motd (unless prevented in the
203 configuration file or by $HOME/.hushlogin; see the FILES sec- 203 configuration file or by ~/.hushlogin; see the FILES section).
204 tion).
205 204
206 2. If the login is on a tty, records login time. 205 2. If the login is on a tty, records login time.
207 206
@@ -212,21 +211,20 @@ LOGIN PROCESS
212 211
213 5. Sets up basic environment. 212 5. Sets up basic environment.
214 213
215 6. Reads the file $HOME/.ssh/environment, if it exists, and users 214 6. Reads the file ~/.ssh/environment, if it exists, and users are
216 are allowed to change their environment. See the 215 allowed to change their environment. See the
217 PermitUserEnvironment option in sshd_config(5). 216 PermitUserEnvironment option in sshd_config(5).
218 217
219 7. Changes to user's home directory. 218 7. Changes to user's home directory.
220 219
221 8. If $HOME/.ssh/rc exists, runs it; else if /etc/ssh/sshrc ex- 220 8. If ~/.ssh/rc exists, runs it; else if /etc/ssh/sshrc exists,
222 ists, runs it; otherwise runs xauth. The ``rc'' files are 221 runs it; otherwise runs xauth. The ``rc'' files are given the
223 given the X11 authentication protocol and cookie in standard 222 X11 authentication protocol and cookie in standard input.
224 input.
225 223
226 9. Runs user's shell or command. 224 9. Runs user's shell or command.
227 225
228AUTHORIZED_KEYS FILE FORMAT 226AUTHORIZED_KEYS FILE FORMAT
229 $HOME/.ssh/authorized_keys is the default file that lists the public keys 227 ~/.ssh/authorized_keys is the default file that lists the public keys
230 that are permitted for RSA authentication in protocol version 1 and for 228 that are permitted for RSA authentication in protocol version 1 and for
231 public key authentication (PubkeyAuthentication) in protocol version 2. 229 public key authentication (PubkeyAuthentication) in protocol version 2.
232 AuthorizedKeysFile may be used to specify an alternative file. 230 AuthorizedKeysFile may be used to specify an alternative file.
@@ -329,10 +327,10 @@ AUTHORIZED_KEYS FILE FORMAT
329 permitopen="10.2.1.55:80",permitopen="10.2.1.56:25" 1024 33 23...2323 327 permitopen="10.2.1.55:80",permitopen="10.2.1.56:25" 1024 33 23...2323
330 328
331SSH_KNOWN_HOSTS FILE FORMAT 329SSH_KNOWN_HOSTS FILE FORMAT
332 The /etc/ssh/ssh_known_hosts and $HOME/.ssh/known_hosts files contain 330 The /etc/ssh/ssh_known_hosts and ~/.ssh/known_hosts files contain host
333 host public keys for all known hosts. The global file should be prepared 331 public keys for all known hosts. The global file should be prepared by
334 by the administrator (optional), and the per-user file is maintained au- 332 the administrator (optional), and the per-user file is maintained auto-
335 tomatically: whenever the user connects from an unknown host its key is 333 matically: whenever the user connects from an unknown host its key is
336 added to the per-user file. 334 added to the per-user file.
337 335
338 Each line in these files contains the following fields: hostnames, bits, 336 Each line in these files contains the following fields: hostnames, bits,
@@ -417,7 +415,7 @@ FILES
417 The content of this file is not sensitive; it can be world-read- 415 The content of this file is not sensitive; it can be world-read-
418 able. 416 able.
419 417
420 $HOME/.ssh/authorized_keys 418 ~/.ssh/authorized_keys
421 Lists the public keys (RSA or DSA) that can be used to log into 419 Lists the public keys (RSA or DSA) that can be used to log into
422 the user's account. This file must be readable by root (which 420 the user's account. This file must be readable by root (which
423 may on some machines imply it being world-readable if the user's 421 may on some machines imply it being world-readable if the user's
@@ -427,7 +425,7 @@ FILES
427 identity.pub, id_dsa.pub and/or id_rsa.pub files into this file, 425 identity.pub, id_dsa.pub and/or id_rsa.pub files into this file,
428 as described in ssh-keygen(1). 426 as described in ssh-keygen(1).
429 427
430 /etc/ssh/ssh_known_hosts, $HOME/.ssh/known_hosts 428 /etc/ssh/ssh_known_hosts, ~/.ssh/known_hosts
431 These files are consulted when using rhosts with RSA host authen- 429 These files are consulted when using rhosts with RSA host authen-
432 tication or protocol version 2 hostbased authentication to check 430 tication or protocol version 2 hostbased authentication to check
433 the public key of the host. The key must be listed in one of 431 the public key of the host. The key must be listed in one of
@@ -435,12 +433,12 @@ FILES
435 verify that it is connecting to the correct remote host. These 433 verify that it is connecting to the correct remote host. These
436 files should be writable only by root/the owner. 434 files should be writable only by root/the owner.
437 /etc/ssh/ssh_known_hosts should be world-readable, and 435 /etc/ssh/ssh_known_hosts should be world-readable, and
438 $HOME/.ssh/known_hosts can, but need not be, world-readable. 436 ~/.ssh/known_hosts can, but need not be, world-readable.
439 437
440 /etc/motd 438 /etc/motd
441 See motd(5). 439 See motd(5).
442 440
443 $HOME/.hushlogin 441 ~/.hushlogin
444 This file is used to suppress printing the last login time and 442 This file is used to suppress printing the last login time and
445 /etc/motd, if PrintLastLog and PrintMotd, respectively, are en- 443 /etc/motd, if PrintLastLog and PrintMotd, respectively, are en-
446 abled. It does not suppress printing of the banner specified by 444 abled. It does not suppress printing of the banner specified by
@@ -456,7 +454,7 @@ FILES
456 Access controls that should be enforced by tcp-wrappers are de- 454 Access controls that should be enforced by tcp-wrappers are de-
457 fined here. Further details are described in hosts_access(5). 455 fined here. Further details are described in hosts_access(5).
458 456
459 $HOME/.rhosts 457 ~/.rhosts
460 This file is used during RhostsRSAAuthentication and 458 This file is used during RhostsRSAAuthentication and
461 HostbasedAuthentication and contains host-username pairs, sepa- 459 HostbasedAuthentication and contains host-username pairs, sepa-
462 rated by a space, one per line. The given user on the corre- 460 rated by a space, one per line. The given user on the corre-
@@ -469,7 +467,7 @@ FILES
469 user name may be of the form +@groupname to specify all hosts or 467 user name may be of the form +@groupname to specify all hosts or
470 all users in the group. 468 all users in the group.
471 469
472 $HOME/.shosts 470 ~/.shosts
473 For ssh, this file is exactly the same as for .rhosts. However, 471 For ssh, this file is exactly the same as for .rhosts. However,
474 this file is not used by rlogin and rshd, so using this permits 472 this file is not used by rlogin and rshd, so using this permits
475 access using SSH only. 473 access using SSH only.
@@ -505,7 +503,7 @@ FILES
505 file may be useful in environments that want to run both 503 file may be useful in environments that want to run both
506 rsh/rlogin and ssh. 504 rsh/rlogin and ssh.
507 505
508 $HOME/.ssh/environment 506 ~/.ssh/environment
509 This file is read into the environment at login (if it exists). 507 This file is read into the environment at login (if it exists).
510 It can only contain empty lines, comment lines (that start with 508 It can only contain empty lines, comment lines (that start with
511 `#'), and assignment lines of the form name=value. The file 509 `#'), and assignment lines of the form name=value. The file
@@ -513,7 +511,7 @@ FILES
513 anyone else. Environment processing is disabled by default and 511 anyone else. Environment processing is disabled by default and
514 is controlled via the PermitUserEnvironment option. 512 is controlled via the PermitUserEnvironment option.
515 513
516 $HOME/.ssh/rc 514 ~/.ssh/rc
517 If this file exists, it is run with /bin/sh after reading the en- 515 If this file exists, it is run with /bin/sh after reading the en-
518 vironment files but before starting the user's shell or command. 516 vironment files but before starting the user's shell or command.
519 It must not produce any output on stdout; stderr must be used in- 517 It must not produce any output on stdout; stderr must be used in-
@@ -548,9 +546,9 @@ FILES
548 readable by anyone else. 546 readable by anyone else.
549 547
550 /etc/ssh/sshrc 548 /etc/ssh/sshrc
551 Like $HOME/.ssh/rc. This can be used to specify machine-specific 549 Like ~/.ssh/rc. This can be used to specify machine-specific lo-
552 login-time initializations globally. This file should be 550 gin-time initializations globally. This file should be writable
553 writable only by root, and should be world-readable. 551 only by root, and should be world-readable.
554 552
555SEE ALSO 553SEE ALSO
556 scp(1), sftp(1), ssh(1), ssh-add(1), ssh-agent(1), ssh-keygen(1), 554 scp(1), sftp(1), ssh(1), ssh-add(1), ssh-agent(1), ssh-keygen(1),
@@ -573,4 +571,4 @@ AUTHORS
573 versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support 571 versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support
574 for privilege separation. 572 for privilege separation.
575 573
576OpenBSD 3.7 September 25, 1999 9 574OpenBSD 3.8 September 25, 1999 9
diff --git a/sshd.8 b/sshd.8
index 99e62173c..92eb7a9da 100644
--- a/sshd.8
+++ b/sshd.8
@@ -34,7 +34,7 @@
34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36.\" 36.\"
37.\" $OpenBSD: sshd.8,v 1.206 2005/03/01 14:59:49 jmc Exp $ 37.\" $OpenBSD: sshd.8,v 1.208 2005/06/08 03:50:00 djm Exp $
38.Dd September 25, 1999 38.Dd September 25, 1999
39.Dt SSHD 8 39.Dt SSHD 8
40.Os 40.Os
@@ -80,7 +80,7 @@ supports both SSH protocol version 1 and 2 simultaneously.
80works as follows: 80works as follows:
81.Ss SSH protocol version 1 81.Ss SSH protocol version 1
82Each host has a host-specific RSA key 82Each host has a host-specific RSA key
83(normally 1024 bits) used to identify the host. 83(normally 2048 bits) used to identify the host.
84Additionally, when 84Additionally, when
85the daemon starts, it generates a server RSA key (normally 768 bits). 85the daemon starts, it generates a server RSA key (normally 768 bits).
86This key is normally regenerated every hour if it has been used, and 86This key is normally regenerated every hour if it has been used, and
@@ -353,7 +353,7 @@ If the login is on a tty, and no command has been specified,
353prints last login time and 353prints last login time and
354.Pa /etc/motd 354.Pa /etc/motd
355(unless prevented in the configuration file or by 355(unless prevented in the configuration file or by
356.Pa $HOME/.hushlogin ; 356.Pa ~/.hushlogin ;
357see the 357see the
358.Sx FILES 358.Sx FILES
359section). 359section).
@@ -370,7 +370,7 @@ Changes to run with normal user privileges.
370Sets up basic environment. 370Sets up basic environment.
371.It 371.It
372Reads the file 372Reads the file
373.Pa $HOME/.ssh/environment , 373.Pa ~/.ssh/environment ,
374if it exists, and users are allowed to change their environment. 374if it exists, and users are allowed to change their environment.
375See the 375See the
376.Cm PermitUserEnvironment 376.Cm PermitUserEnvironment
@@ -380,7 +380,7 @@ option in
380Changes to user's home directory. 380Changes to user's home directory.
381.It 381.It
382If 382If
383.Pa $HOME/.ssh/rc 383.Pa ~/.ssh/rc
384exists, runs it; else if 384exists, runs it; else if
385.Pa /etc/ssh/sshrc 385.Pa /etc/ssh/sshrc
386exists, runs 386exists, runs
@@ -393,7 +393,7 @@ authentication protocol and cookie in standard input.
393Runs user's shell or command. 393Runs user's shell or command.
394.El 394.El
395.Sh AUTHORIZED_KEYS FILE FORMAT 395.Sh AUTHORIZED_KEYS FILE FORMAT
396.Pa $HOME/.ssh/authorized_keys 396.Pa ~/.ssh/authorized_keys
397is the default file that lists the public keys that are 397is the default file that lists the public keys that are
398permitted for RSA authentication in protocol version 1 398permitted for RSA authentication in protocol version 1
399and for public key authentication (PubkeyAuthentication) 399and for public key authentication (PubkeyAuthentication)
@@ -531,7 +531,7 @@ permitopen="10.2.1.55:80",permitopen="10.2.1.56:25" 1024 33 23...2323
531The 531The
532.Pa /etc/ssh/ssh_known_hosts 532.Pa /etc/ssh/ssh_known_hosts
533and 533and
534.Pa $HOME/.ssh/known_hosts 534.Pa ~/.ssh/known_hosts
535files contain host public keys for all known hosts. 535files contain host public keys for all known hosts.
536The global file should 536The global file should
537be prepared by the administrator (optional), and the per-user file is 537be prepared by the administrator (optional), and the per-user file is
@@ -642,7 +642,7 @@ listening for connections (if there are several daemons running
642concurrently for different ports, this contains the process ID of the one 642concurrently for different ports, this contains the process ID of the one
643started last). 643started last).
644The content of this file is not sensitive; it can be world-readable. 644The content of this file is not sensitive; it can be world-readable.
645.It Pa $HOME/.ssh/authorized_keys 645.It Pa ~/.ssh/authorized_keys
646Lists the public keys (RSA or DSA) that can be used to log into the user's account. 646Lists the public keys (RSA or DSA) that can be used to log into the user's account.
647This file must be readable by root (which may on some machines imply 647This file must be readable by root (which may on some machines imply
648it being world-readable if the user's home directory resides on an NFS 648it being world-readable if the user's home directory resides on an NFS
@@ -656,7 +656,7 @@ and/or
656.Pa id_rsa.pub 656.Pa id_rsa.pub
657files into this file, as described in 657files into this file, as described in
658.Xr ssh-keygen 1 . 658.Xr ssh-keygen 1 .
659.It Pa "/etc/ssh/ssh_known_hosts", "$HOME/.ssh/known_hosts" 659.It Pa "/etc/ssh/ssh_known_hosts", "~/.ssh/known_hosts"
660These files are consulted when using rhosts with RSA host 660These files are consulted when using rhosts with RSA host
661authentication or protocol version 2 hostbased authentication 661authentication or protocol version 2 hostbased authentication
662to check the public key of the host. 662to check the public key of the host.
@@ -666,12 +666,12 @@ to verify that it is connecting to the correct remote host.
666These files should be writable only by root/the owner. 666These files should be writable only by root/the owner.
667.Pa /etc/ssh/ssh_known_hosts 667.Pa /etc/ssh/ssh_known_hosts
668should be world-readable, and 668should be world-readable, and
669.Pa $HOME/.ssh/known_hosts 669.Pa ~/.ssh/known_hosts
670can, but need not be, world-readable. 670can, but need not be, world-readable.
671.It Pa /etc/motd 671.It Pa /etc/motd
672See 672See
673.Xr motd 5 . 673.Xr motd 5 .
674.It Pa $HOME/.hushlogin 674.It Pa ~/.hushlogin
675This file is used to suppress printing the last login time and 675This file is used to suppress printing the last login time and
676.Pa /etc/motd , 676.Pa /etc/motd ,
677if 677if
@@ -694,7 +694,7 @@ The file should be world-readable.
694Access controls that should be enforced by tcp-wrappers are defined here. 694Access controls that should be enforced by tcp-wrappers are defined here.
695Further details are described in 695Further details are described in
696.Xr hosts_access 5 . 696.Xr hosts_access 5 .
697.It Pa $HOME/.rhosts 697.It Pa ~/.rhosts
698This file is used during 698This file is used during
699.Cm RhostsRSAAuthentication 699.Cm RhostsRSAAuthentication
700and 700and
@@ -712,7 +712,7 @@ It is also possible to use netgroups in the file.
712Either host or user 712Either host or user
713name may be of the form +@groupname to specify all hosts or all users 713name may be of the form +@groupname to specify all hosts or all users
714in the group. 714in the group.
715.It Pa $HOME/.shosts 715.It Pa ~/.shosts
716For ssh, 716For ssh,
717this file is exactly the same as for 717this file is exactly the same as for
718.Pa .rhosts . 718.Pa .rhosts .
@@ -761,7 +761,7 @@ This is processed exactly as
761.Pa /etc/hosts.equiv . 761.Pa /etc/hosts.equiv .
762However, this file may be useful in environments that want to run both 762However, this file may be useful in environments that want to run both
763rsh/rlogin and ssh. 763rsh/rlogin and ssh.
764.It Pa $HOME/.ssh/environment 764.It Pa ~/.ssh/environment
765This file is read into the environment at login (if it exists). 765This file is read into the environment at login (if it exists).
766It can only contain empty lines, comment lines (that start with 766It can only contain empty lines, comment lines (that start with
767.Ql # ) , 767.Ql # ) ,
@@ -772,7 +772,7 @@ Environment processing is disabled by default and is
772controlled via the 772controlled via the
773.Cm PermitUserEnvironment 773.Cm PermitUserEnvironment
774option. 774option.
775.It Pa $HOME/.ssh/rc 775.It Pa ~/.ssh/rc
776If this file exists, it is run with 776If this file exists, it is run with
777.Pa /bin/sh 777.Pa /bin/sh
778after reading the 778after reading the
@@ -817,7 +817,7 @@ This file should be writable only by the user, and need not be
817readable by anyone else. 817readable by anyone else.
818.It Pa /etc/ssh/sshrc 818.It Pa /etc/ssh/sshrc
819Like 819Like
820.Pa $HOME/.ssh/rc . 820.Pa ~/.ssh/rc .
821This can be used to specify 821This can be used to specify
822machine-specific login-time initializations globally. 822machine-specific login-time initializations globally.
823This file should be writable only by root, and should be world-readable. 823This file should be writable only by root, and should be world-readable.
diff --git a/sshd.c b/sshd.c
index 8f782d48c..86468318e 100644
--- a/sshd.c
+++ b/sshd.c
@@ -42,7 +42,7 @@
42 */ 42 */
43 43
44#include "includes.h" 44#include "includes.h"
45RCSID("$OpenBSD: sshd.c,v 1.308 2005/02/08 22:24:57 dtucker Exp $"); 45RCSID("$OpenBSD: sshd.c,v 1.312 2005/07/25 11:59:40 markus Exp $");
46 46
47#include <openssl/dh.h> 47#include <openssl/dh.h>
48#include <openssl/bn.h> 48#include <openssl/bn.h>
@@ -358,7 +358,8 @@ key_regeneration_alarm(int sig)
358static void 358static void
359sshd_exchange_identification(int sock_in, int sock_out) 359sshd_exchange_identification(int sock_in, int sock_out)
360{ 360{
361 int i, mismatch; 361 u_int i;
362 int mismatch;
362 int remote_major, remote_minor; 363 int remote_major, remote_minor;
363 int major, minor; 364 int major, minor;
364 char *s; 365 char *s;
@@ -670,6 +671,12 @@ privsep_postauth(Authctxt *authctxt)
670 671
671 /* It is safe now to apply the key state */ 672 /* It is safe now to apply the key state */
672 monitor_apply_keystate(pmonitor); 673 monitor_apply_keystate(pmonitor);
674
675 /*
676 * Tell the packet layer that authentication was successful, since
677 * this information is not part of the key state.
678 */
679 packet_set_authenticated();
673} 680}
674 681
675static char * 682static char *
@@ -1038,7 +1045,7 @@ main(int ac, char **av)
1038 /* 1045 /*
1039 * Unset KRB5CCNAME, otherwise the user's session may inherit it from 1046 * Unset KRB5CCNAME, otherwise the user's session may inherit it from
1040 * root's environment 1047 * root's environment
1041 */ 1048 */
1042 if (getenv("KRB5CCNAME") != NULL) 1049 if (getenv("KRB5CCNAME") != NULL)
1043 unsetenv("KRB5CCNAME"); 1050 unsetenv("KRB5CCNAME");
1044 1051
@@ -1620,19 +1627,22 @@ main(int ac, char **av)
1620 signal(SIGCHLD, SIG_DFL); 1627 signal(SIGCHLD, SIG_DFL);
1621 signal(SIGINT, SIG_DFL); 1628 signal(SIGINT, SIG_DFL);
1622 1629
1623 /* Set SO_KEEPALIVE if requested. */
1624 if (options.tcp_keep_alive &&
1625 setsockopt(sock_in, SOL_SOCKET, SO_KEEPALIVE, &on,
1626 sizeof(on)) < 0)
1627 error("setsockopt SO_KEEPALIVE: %.100s", strerror(errno));
1628
1629 /* 1630 /*
1630 * Register our connection. This turns encryption off because we do 1631 * Register our connection. This turns encryption off because we do
1631 * not have a key. 1632 * not have a key.
1632 */ 1633 */
1633 packet_set_connection(sock_in, sock_out, -1); 1634 packet_set_connection(sock_in, sock_out, -1);
1635 packet_set_server();
1634 1636
1635 remote_port = get_remote_port(); 1637 /* Set SO_KEEPALIVE if requested. */
1638 if (options.tcp_keep_alive && packet_connection_is_on_socket() &&
1639 setsockopt(sock_in, SOL_SOCKET, SO_KEEPALIVE, &on, sizeof(on)) < 0)
1640 error("setsockopt SO_KEEPALIVE: %.100s", strerror(errno));
1641
1642 if ((remote_port = get_remote_port()) < 0) {
1643 debug("get_remote_port failed");
1644 cleanup_exit(255);
1645 }
1636 remote_ip = get_remote_ipaddr(); 1646 remote_ip = get_remote_ipaddr();
1637 1647
1638#ifdef SSH_AUDIT_EVENTS 1648#ifdef SSH_AUDIT_EVENTS
@@ -1903,7 +1913,7 @@ do_ssh1_kex(void)
1903 if (!rsafail) { 1913 if (!rsafail) {
1904 BN_mask_bits(session_key_int, sizeof(session_key) * 8); 1914 BN_mask_bits(session_key_int, sizeof(session_key) * 8);
1905 len = BN_num_bytes(session_key_int); 1915 len = BN_num_bytes(session_key_int);
1906 if (len < 0 || len > sizeof(session_key)) { 1916 if (len < 0 || (u_int)len > sizeof(session_key)) {
1907 error("do_connection: bad session key len from %s: " 1917 error("do_connection: bad session key len from %s: "
1908 "session_key_int %d > sizeof(session_key) %lu", 1918 "session_key_int %d > sizeof(session_key) %lu",
1909 get_remote_ipaddr(), len, (u_long)sizeof(session_key)); 1919 get_remote_ipaddr(), len, (u_long)sizeof(session_key));
@@ -1990,10 +2000,14 @@ do_ssh2_kex(void)
1990 myproposal[PROPOSAL_MAC_ALGS_CTOS] = 2000 myproposal[PROPOSAL_MAC_ALGS_CTOS] =
1991 myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs; 2001 myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
1992 } 2002 }
1993 if (!options.compression) { 2003 if (options.compression == COMP_NONE) {
1994 myproposal[PROPOSAL_COMP_ALGS_CTOS] = 2004 myproposal[PROPOSAL_COMP_ALGS_CTOS] =
1995 myproposal[PROPOSAL_COMP_ALGS_STOC] = "none"; 2005 myproposal[PROPOSAL_COMP_ALGS_STOC] = "none";
2006 } else if (options.compression == COMP_DELAYED) {
2007 myproposal[PROPOSAL_COMP_ALGS_CTOS] =
2008 myproposal[PROPOSAL_COMP_ALGS_STOC] = "none,zlib@openssh.com";
1996 } 2009 }
2010
1997 myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types(); 2011 myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types();
1998 2012
1999 /* start key exchange */ 2013 /* start key exchange */
diff --git a/sshd_config b/sshd_config
index 53ae9942e..1440c05ff 100644
--- a/sshd_config
+++ b/sshd_config
@@ -1,4 +1,4 @@
1# $OpenBSD: sshd_config,v 1.70 2004/12/23 23:11:00 djm Exp $ 1# $OpenBSD: sshd_config,v 1.72 2005/07/25 11:59:40 markus Exp $
2 2
3# This is the sshd server system-wide configuration file. See 3# This is the sshd server system-wide configuration file. See
4# sshd_config(5) for more information. 4# sshd_config(5) for more information.
@@ -27,7 +27,7 @@
27#ServerKeyBits 768 27#ServerKeyBits 768
28 28
29# Logging 29# Logging
30#obsoletes QuietMode and FascistLogging 30# obsoletes QuietMode and FascistLogging
31#SyslogFacility AUTH 31#SyslogFacility AUTH
32#LogLevel INFO 32#LogLevel INFO
33 33
@@ -90,7 +90,7 @@
90#UseLogin no 90#UseLogin no
91#UsePrivilegeSeparation yes 91#UsePrivilegeSeparation yes
92#PermitUserEnvironment no 92#PermitUserEnvironment no
93#Compression yes 93#Compression delayed
94#ClientAliveInterval 0 94#ClientAliveInterval 0
95#ClientAliveCountMax 3 95#ClientAliveCountMax 3
96#UseDNS yes 96#UseDNS yes
diff --git a/sshd_config.0 b/sshd_config.0
index 036c85946..d821a84b6 100644
--- a/sshd_config.0
+++ b/sshd_config.0
@@ -83,18 +83,13 @@ DESCRIPTION
83 Specifies the ciphers allowed for protocol version 2. Multiple 83 Specifies the ciphers allowed for protocol version 2. Multiple
84 ciphers must be comma-separated. The supported ciphers are 84 ciphers must be comma-separated. The supported ciphers are
85 ``3des-cbc'', ``aes128-cbc'', ``aes192-cbc'', ``aes256-cbc'', 85 ``3des-cbc'', ``aes128-cbc'', ``aes192-cbc'', ``aes256-cbc'',
86 ``aes128-ctr'', ``aes192-ctr'', ``aes256-ctr'', ``arcfour'', 86 ``aes128-ctr'', ``aes192-ctr'', ``aes256-ctr'', ``arcfour128'',
87 ``blowfish-cbc'', and ``cast128-cbc''. The default is 87 ``arcfour256'', ``arcfour'', ``blowfish-cbc'', and
88 ``cast128-cbc''. The default is
88 89
89 ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour, 90 ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,
90 aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr'' 91 arcfour256,arcfour,aes192-cbc,aes256-cbc,aes128-ctr,
91 92 aes192-ctr,aes256-ctr''
92 ClientAliveInterval
93 Sets a timeout interval in seconds after which if no data has
94 been received from the client, sshd will send a message through
95 the encrypted channel to request a response from the client. The
96 default is 0, indicating that these messages will not be sent to
97 the client. This option applies to protocol version 2 only.
98 93
99 ClientAliveCountMax 94 ClientAliveCountMax
100 Sets the number of client alive messages (see above) which may be 95 Sets the number of client alive messages (see above) which may be
@@ -113,9 +108,17 @@ DESCRIPTION
113 15, and ClientAliveCountMax is left at the default, unresponsive 108 15, and ClientAliveCountMax is left at the default, unresponsive
114 ssh clients will be disconnected after approximately 45 seconds. 109 ssh clients will be disconnected after approximately 45 seconds.
115 110
111 ClientAliveInterval
112 Sets a timeout interval in seconds after which if no data has
113 been received from the client, sshd will send a message through
114 the encrypted channel to request a response from the client. The
115 default is 0, indicating that these messages will not be sent to
116 the client. This option applies to protocol version 2 only.
117
116 Compression 118 Compression
117 Specifies whether compression is allowed. The argument must be 119 Specifies whether compression is allowed, or delayed until the
118 ``yes'' or ``no''. The default is ``yes''. 120 user has authenticated successfully. The argument must be
121 ``yes'', ``delayed'', or ``no''. The default is ``delayed''.
119 122
120 DenyGroups 123 DenyGroups
121 This keyword can be followed by a list of group name patterns, 124 This keyword can be followed by a list of group name patterns,
@@ -183,7 +186,7 @@ DESCRIPTION
183 186
184 IgnoreUserKnownHosts 187 IgnoreUserKnownHosts
185 Specifies whether sshd should ignore the user's 188 Specifies whether sshd should ignore the user's
186 $HOME/.ssh/known_hosts during RhostsRSAAuthentication or 189 ~/.ssh/known_hosts during RhostsRSAAuthentication or
187 HostbasedAuthentication. The default is ``no''. 190 HostbasedAuthentication. The default is ``no''.
188 191
189 KerberosAuthentication 192 KerberosAuthentication
@@ -498,4 +501,4 @@ AUTHORS
498 versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support 501 versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support
499 for privilege separation. 502 for privilege separation.
500 503
501OpenBSD 3.7 September 25, 1999 8 504OpenBSD 3.8 September 25, 1999 8
diff --git a/sshd_config.5 b/sshd_config.5
index ea79a54bf..048e8924e 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -34,7 +34,7 @@
34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36.\" 36.\"
37.\" $OpenBSD: sshd_config.5,v 1.40 2005/03/18 17:05:00 jmc Exp $ 37.\" $OpenBSD: sshd_config.5,v 1.44 2005/07/25 11:59:40 markus Exp $
38.Dd September 25, 1999 38.Dd September 25, 1999
39.Dt SSHD_CONFIG 5 39.Dt SSHD_CONFIG 5
40.Os 40.Os
@@ -168,24 +168,18 @@ The supported ciphers are
168.Dq aes128-ctr , 168.Dq aes128-ctr ,
169.Dq aes192-ctr , 169.Dq aes192-ctr ,
170.Dq aes256-ctr , 170.Dq aes256-ctr ,
171.Dq arcfour128 ,
172.Dq arcfour256 ,
171.Dq arcfour , 173.Dq arcfour ,
172.Dq blowfish-cbc , 174.Dq blowfish-cbc ,
173and 175and
174.Dq cast128-cbc . 176.Dq cast128-cbc .
175The default is 177The default is
176.Bd -literal 178.Bd -literal
177 ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour, 179 ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,
178 aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr'' 180 arcfour256,arcfour,aes192-cbc,aes256-cbc,aes128-ctr,
181 aes192-ctr,aes256-ctr''
179.Ed 182.Ed
180.It Cm ClientAliveInterval
181Sets a timeout interval in seconds after which if no data has been received
182from the client,
183.Nm sshd
184will send a message through the encrypted
185channel to request a response from the client.
186The default
187is 0, indicating that these messages will not be sent to the client.
188This option applies to protocol version 2 only.
189.It Cm ClientAliveCountMax 183.It Cm ClientAliveCountMax
190Sets the number of client alive messages (see above) which may be 184Sets the number of client alive messages (see above) which may be
191sent without 185sent without
@@ -213,14 +207,25 @@ If
213.Cm ClientAliveCountMax 207.Cm ClientAliveCountMax
214is left at the default, unresponsive ssh clients 208is left at the default, unresponsive ssh clients
215will be disconnected after approximately 45 seconds. 209will be disconnected after approximately 45 seconds.
210.It Cm ClientAliveInterval
211Sets a timeout interval in seconds after which if no data has been received
212from the client,
213.Nm sshd
214will send a message through the encrypted
215channel to request a response from the client.
216The default
217is 0, indicating that these messages will not be sent to the client.
218This option applies to protocol version 2 only.
216.It Cm Compression 219.It Cm Compression
217Specifies whether compression is allowed. 220Specifies whether compression is allowed, or delayed until
221the user has authenticated successfully.
218The argument must be 222The argument must be
219.Dq yes 223.Dq yes ,
224.Dq delayed ,
220or 225or
221.Dq no . 226.Dq no .
222The default is 227The default is
223.Dq yes . 228.Dq delayed .
224.It Cm DenyGroups 229.It Cm DenyGroups
225This keyword can be followed by a list of group name patterns, separated 230This keyword can be followed by a list of group name patterns, separated
226by spaces. 231by spaces.
@@ -327,7 +332,7 @@ The default is
327Specifies whether 332Specifies whether
328.Nm sshd 333.Nm sshd
329should ignore the user's 334should ignore the user's
330.Pa $HOME/.ssh/known_hosts 335.Pa ~/.ssh/known_hosts
331during 336during
332.Cm RhostsRSAAuthentication 337.Cm RhostsRSAAuthentication
333or 338or
diff --git a/sshpty.c b/sshpty.c
index 71b8daa0d..a3d0b8dfc 100644
--- a/sshpty.c
+++ b/sshpty.c
@@ -130,10 +130,10 @@ pty_make_controlling_tty(int *ttyfd, const char *tty)
130 if (ioctl(*ttyfd, TIOCSCTTY, NULL) < 0) 130 if (ioctl(*ttyfd, TIOCSCTTY, NULL) < 0)
131 error("ioctl(TIOCSCTTY): %.100s", strerror(errno)); 131 error("ioctl(TIOCSCTTY): %.100s", strerror(errno));
132#endif /* TIOCSCTTY */ 132#endif /* TIOCSCTTY */
133#ifdef HAVE_NEWS4 133#ifdef NEED_SETPGRP
134 if (setpgrp(0,0) < 0) 134 if (setpgrp(0,0) < 0)
135 error("SETPGRP %s",strerror(errno)); 135 error("SETPGRP %s",strerror(errno));
136#endif /* HAVE_NEWS4 */ 136#endif /* NEED_SETPGRP */
137#ifdef USE_VHANGUP 137#ifdef USE_VHANGUP
138 old = signal(SIGHUP, SIG_IGN); 138 old = signal(SIGHUP, SIG_IGN);
139 vhangup(); 139 vhangup();
diff --git a/tildexpand.c b/tildexpand.c
deleted file mode 100644
index cedb653b2..000000000
--- a/tildexpand.c
+++ /dev/null
@@ -1,73 +0,0 @@
1/*
2 * Author: Tatu Ylonen <ylo@cs.hut.fi>
3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4 * All rights reserved
5 *
6 * As far as I am concerned, the code I have written for this software
7 * can be used freely for any purpose. Any derived versions of this
8 * software must be clearly marked as such, and if the derived work is
9 * incompatible with the protocol description in the RFC file, it must be
10 * called by a name other than "ssh" or "Secure Shell".
11 */
12
13#include "includes.h"
14RCSID("$OpenBSD: tildexpand.c,v 1.15 2004/05/21 08:43:03 markus Exp $");
15
16#include "xmalloc.h"
17#include "log.h"
18#include "misc.h"
19
20/*
21 * Expands tildes in the file name. Returns data allocated by xmalloc.
22 * Warning: this calls getpw*.
23 */
24char *
25tilde_expand_filename(const char *filename, uid_t my_uid)
26{
27 const char *cp;
28 u_int userlen;
29 char *expanded;
30 struct passwd *pw;
31 char user[100];
32 int len;
33
34 /* Return immediately if no tilde. */
35 if (filename[0] != '~')
36 return xstrdup(filename);
37
38 /* Skip the tilde. */
39 filename++;
40
41 /* Find where the username ends. */
42 cp = strchr(filename, '/');
43 if (cp)
44 userlen = cp - filename; /* Something after username. */
45 else
46 userlen = strlen(filename); /* Nothing after username. */
47 if (userlen == 0)
48 pw = getpwuid(my_uid); /* Own home directory. */
49 else {
50 /* Tilde refers to someone elses home directory. */
51 if (userlen > sizeof(user) - 1)
52 fatal("User name after tilde too long.");
53 memcpy(user, filename, userlen);
54 user[userlen] = 0;
55 pw = getpwnam(user);
56 }
57 if (!pw)
58 fatal("Unknown user %100s.", user);
59
60 /* If referring to someones home directory, return it now. */
61 if (!cp) {
62 /* Only home directory specified */
63 return xstrdup(pw->pw_dir);
64 }
65 /* Build a path combining the specified directory and path. */
66 len = strlen(pw->pw_dir) + strlen(cp + 1) + 2;
67 if (len > MAXPATHLEN)
68 fatal("Home directory too long (%d > %d", len-1, MAXPATHLEN-1);
69 expanded = xmalloc(len);
70 snprintf(expanded, len, "%s%s%s", pw->pw_dir,
71 strcmp(pw->pw_dir, "/") ? "/" : "", cp + 1);
72 return expanded;
73}
diff --git a/ttymodes.c b/ttymodes.c
index c32e213a4..cf4c7d5c6 100644
--- a/ttymodes.c
+++ b/ttymodes.c
@@ -241,6 +241,32 @@ baud_to_speed(int baud)
241} 241}
242 242
243/* 243/*
244 * Encode a special character into SSH line format.
245 */
246static u_int
247special_char_encode(cc_t c)
248{
249#ifdef _POSIX_VDISABLE
250 if (c == _POSIX_VDISABLE)
251 return 255;
252#endif /* _POSIX_VDISABLE */
253 return c;
254}
255
256/*
257 * Decode a special character from SSH line format.
258 */
259static cc_t
260special_char_decode(u_int c)
261{
262#ifdef _POSIX_VDISABLE
263 if (c == 255)
264 return _POSIX_VDISABLE;
265#endif /* _POSIX_VDISABLE */
266 return c;
267}
268
269/*
244 * Encodes terminal modes for the terminal referenced by fd 270 * Encodes terminal modes for the terminal referenced by fd
245 * or tiop in a portable manner, and appends the modes to a packet 271 * or tiop in a portable manner, and appends the modes to a packet
246 * being constructed. 272 * being constructed.
@@ -287,7 +313,7 @@ tty_make_modes(int fd, struct termios *tiop)
287#define TTYCHAR(NAME, OP) \ 313#define TTYCHAR(NAME, OP) \
288 debug3("tty_make_modes: %d %d", OP, tio.c_cc[NAME]); \ 314 debug3("tty_make_modes: %d %d", OP, tio.c_cc[NAME]); \
289 buffer_put_char(&buf, OP); \ 315 buffer_put_char(&buf, OP); \
290 put_arg(&buf, tio.c_cc[NAME]); 316 put_arg(&buf, special_char_encode(tio.c_cc[NAME]));
291 317
292#define TTYMODE(NAME, FIELD, OP) \ 318#define TTYMODE(NAME, FIELD, OP) \
293 debug3("tty_make_modes: %d %d", OP, ((tio.FIELD & NAME) != 0)); \ 319 debug3("tty_make_modes: %d %d", OP, ((tio.FIELD & NAME) != 0)); \
@@ -375,7 +401,7 @@ tty_parse_modes(int fd, int *n_bytes_ptr)
375#define TTYCHAR(NAME, OP) \ 401#define TTYCHAR(NAME, OP) \
376 case OP: \ 402 case OP: \
377 n_bytes += arg_size; \ 403 n_bytes += arg_size; \
378 tio.c_cc[NAME] = get_arg(); \ 404 tio.c_cc[NAME] = special_char_decode(get_arg()); \
379 debug3("tty_parse_modes: %d %d", OP, tio.c_cc[NAME]); \ 405 debug3("tty_parse_modes: %d %d", OP, tio.c_cc[NAME]); \
380 break; 406 break;
381#define TTYMODE(NAME, FIELD, OP) \ 407#define TTYMODE(NAME, FIELD, OP) \
diff --git a/version.h b/version.h
index 2ab1d442a..c4397326f 100644
--- a/version.h
+++ b/version.h
@@ -1,6 +1,6 @@
1/* $OpenBSD: version.h,v 1.44 2005/03/16 21:17:39 markus Exp $ */ 1/* $OpenBSD: version.h,v 1.45 2005/08/31 09:28:42 markus Exp $ */
2 2
3#define SSH_VERSION "OpenSSH_4.1" 3#define SSH_VERSION "OpenSSH_4.2"
4 4
5#define SSH_PORTABLE "p1" 5#define SSH_PORTABLE "p1"
6#ifndef SSH_EXTRAVERSION 6#ifndef SSH_EXTRAVERSION
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-10 21:02:47 +0000