summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ChangeLog63
-rw-r--r--Makefile.in2
-rw-r--r--acconfig.h2
-rw-r--r--atomicio.c4
-rw-r--r--atomicio.h29
-rw-r--r--auth-chall.c3
-rw-r--r--auth-krb4.c12
-rw-r--r--auth-options.c29
-rw-r--r--auth-options.h19
-rw-r--r--auth-pam.c5
-rw-r--r--auth-passwd.c7
-rw-r--r--auth-rh-rsa.c17
-rw-r--r--auth-rhosts.c14
-rw-r--r--auth-rsa.c30
-rw-r--r--auth.c13
-rw-r--r--auth.h66
-rw-r--r--auth1.c12
-rw-r--r--auth2-chall.c4
-rw-r--r--auth2-pam.c7
-rw-r--r--auth2.c20
-rw-r--r--authfd.c12
-rw-r--r--authfile.c11
-rw-r--r--bufaux.c4
-rw-r--r--bufaux.h3
-rw-r--r--buffer.c4
-rw-r--r--canohost.c4
-rw-r--r--canohost.h36
-rw-r--r--channels.c21
-rw-r--r--cipher.c5
-rw-r--r--cli.c4
-rw-r--r--clientloop.c18
-rw-r--r--clientloop.h15
-rw-r--r--compat.c9
-rw-r--r--compress.c4
-rw-r--r--configure.in2
-rw-r--r--deattack.c4
-rw-r--r--dh.c17
-rw-r--r--dispatch.c6
-rw-r--r--entropy.c10
-rw-r--r--groupaccess.c2
-rw-r--r--hmac.c4
-rw-r--r--hostfile.c6
-rw-r--r--kex.c21
-rw-r--r--key.c10
-rw-r--r--key.h3
-rw-r--r--log-client.c4
-rw-r--r--log-server.c4
-rw-r--r--log.c4
-rw-r--r--log.h76
-rw-r--r--login.c2
-rw-r--r--login.h38
-rw-r--r--loginrec.c4
-rw-r--r--match.c4
-rw-r--r--misc.c (renamed from util.c)1
-rw-r--r--misc.h19
-rw-r--r--nchan.c9
-rw-r--r--packet.c6
-rw-r--r--pathnames.h136
-rw-r--r--pty.c4
-rw-r--r--radix.h26
-rw-r--r--readconf.c31
-rw-r--r--readpass.c3
-rw-r--r--readpass.h18
-rw-r--r--rsa.c4
-rw-r--r--scp.c12
-rw-r--r--servconf.c27
-rw-r--r--serverloop.c8
-rw-r--r--serverloop.h20
-rw-r--r--session.c31
-rw-r--r--sftp-server.c4
-rw-r--r--ssh-add.c19
-rw-r--r--ssh-agent.c101
-rw-r--r--ssh-dss.c22
-rw-r--r--ssh-keygen.16
-rw-r--r--ssh-keygen.c18
-rw-r--r--ssh-keyscan.c6
-rw-r--r--ssh-rsa.c13
-rw-r--r--ssh.c28
-rw-r--r--ssh.h467
-rw-r--r--ssh1.h84
-rw-r--r--sshconnect.c14
-rw-r--r--sshconnect.h28
-rw-r--r--sshconnect1.c19
-rw-r--r--sshconnect2.c14
-rw-r--r--sshd.84
-rw-r--r--sshd.c32
-rw-r--r--tildexpand.c4
-rw-r--r--tildexpand.h17
-rw-r--r--ttymodes.c5
-rw-r--r--uidswap.c4
-rw-r--r--xmalloc.c5
91 files changed, 1161 insertions, 837 deletions
diff --git a/ChangeLog b/ChangeLog
index df472f843..064d7fb5b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,66 @@
120010122
2 - (bal) OpenBSD Resync
3 - markus@cvs.openbsd.org 2001/01/19 12:45:26 GMT 2001 by markus
4 [servconf.c ssh.h sshd.c]
5 only auth-chall.c needs #ifdef SKEY
6 - markus@cvs.openbsd.org 2001/01/19 15:55:10 GMT 2001 by markus
7 [auth-krb4.c auth-options.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
8 auth1.c auth2.c channels.c clientloop.c dh.c dispatch.c nchan.c
9 packet.c pathname.h readconf.c scp.c servconf.c serverloop.c
10 session.c ssh-add.c ssh-keygen.c ssh-keyscan.c ssh.c ssh.h
11 ssh1.h sshconnect1.c sshd.c ttymodes.c]
12 move ssh1 definitions to ssh1.h, pathnames to pathnames.h
13 - markus@cvs.openbsd.org 2001/01/19 16:48:14
14 [sshd.8]
15 fix typo; from stevesk@
16 - markus@cvs.openbsd.org 2001/01/19 16:50:58
17 [ssh-dss.c]
18 clear and free digest, make consistent with other code (use dlen); from
19 stevesk@
20 - markus@cvs.openbsd.org 2001/01/20 15:55:20 GMT 2001 by markus
21 [auth-options.c auth-options.h auth-rsa.c auth2.c]
22 pass the filename to auth_parse_options()
23 - markus@cvs.openbsd.org 2001/01/20 17:59:40 GMT 2001
24 [readconf.c]
25 fix SIGSEGV from -o ""; problem noted by jehsom@togetherweb.com
26 - stevesk@cvs.openbsd.org 2001/01/20 18:20:29
27 [sshconnect2.c]
28 dh_new_group() does not return NULL. ok markus@
29 - markus@cvs.openbsd.org 2001/01/20 21:33:42
30 [ssh-add.c]
31 do not loop forever if askpass does not exist; from
32 andrew@pimlott.ne.mediaone.net
33 - djm@cvs.openbsd.org 2001/01/20 23:00:56
34 [servconf.c]
35 Check for NULL return from strdelim; ok markus
36 - djm@cvs.openbsd.org 2001/01/20 23:02:07
37 [readconf.c]
38 KNF; ok markus
39 - jakob@cvs.openbsd.org 2001/01/21 9:00:33
40 [ssh-keygen.1]
41 remove -R flag; ok markus@
42 - markus@cvs.openbsd.org 2001/01/21 19:05:40
43 [atomicio.c automicio.h auth-chall.c auth-krb4.c auth-options.c
44 auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
45 auth.c auth.h auth1.c auth2-chall.c auth2.c authfd.c authfile.c
46 bufaux.c bufaux.h buffer.c canahost.c canahost.h channels.c
47 cipher.c cli.c clientloop.c clientloop.h compat.c compress.c
48 deattack.c dh.c dispatch.c groupaccess.c hmac.c hostfile.c kex.c
49 key.c key.h log-client.c log-server.c log.c log.h login.c login.h
50 match.c misc.c misc.h nchan.c packet.c pty.c radix.h readconf.c
51 readpass.c readpass.h rsa.c scp.c servconf.c serverloop.c serverloop.h
52 session.c sftp-server.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c
53 ssh-keyscan.c ssh-rsa.c ssh.c ssh.h sshconnect.c sshconnect.h
54 sshconnect1.c sshconnect2.c sshd.c tildexpand.c tildexpand.h
55 ttysmodes.c uidswap.c xmalloc.c]
56 split ssh.h and try to cleanup the #include mess. remove unnecessary
57 #includes. rename util.[ch] -> misc.[ch]
58 - (bal) renamed 'PIDDIR' to '_PATH_SSH_PIDDIR' to match OpenBSD tree
59 - (bal) Moved #ifdef KRB4 in auth-krb4.c above the #include to resolve
60 conflict when compiling for non-kerb install
61 - (bal) removed the #ifdef SKEY in auth1.c to match Markus' changes
62 on 1/19.
63
120010120 6420010120
2 - (bal) OpenBSD Resync 65 - (bal) OpenBSD Resync
3 - markus@cvs.openbsd.org 2001/01/19 12:45:26 66 - markus@cvs.openbsd.org 2001/01/19 12:45:26
diff --git a/Makefile.in b/Makefile.in
index 57449dcd9..25ff41bdb 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -37,7 +37,7 @@ INSTALL_SSH_PRNG_CMDS=@INSTALL_SSH_PRNG_CMDS@
37 37
38TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-agent$(EXEEXT) scp$(EXEEXT) $(SFTP-SERVER) 38TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-agent$(EXEEXT) scp$(EXEEXT) $(SFTP-SERVER)
39 39
40LIBSSH_OBJS=atomicio.o authfd.o authfile.o bufaux.o buffer.o canohost.o channels.o cipher.o cli.o compat.o compress.o crc32.o cygwin_util.o deattack.o dispatch.o hmac.o hostfile.o key.o kex.o log.o match.o mpaux.o nchan.o packet.o radix.o rijndael.o entropy.o readpass.o rsa.o ssh-dss.o ssh-rsa.o tildexpand.o ttymodes.o uidswap.o util.o uuencode.o xmalloc.o 40LIBSSH_OBJS=atomicio.o authfd.o authfile.o bufaux.o buffer.o canohost.o channels.o cipher.o cli.o compat.o compress.o crc32.o cygwin_util.o deattack.o dispatch.o hmac.o hostfile.o key.o kex.o log.o match.o misc.o mpaux.o nchan.o packet.o radix.o rijndael.o entropy.o readpass.o rsa.o ssh-dss.o ssh-rsa.o tildexpand.o ttymodes.o uidswap.o uuencode.o xmalloc.o
41 41
42LIBOPENBSD_COMPAT_OBJS=bsd-arc4random.o bsd-base64.o bsd-bindresvport.o bsd-daemon.o bsd-getcwd.o bsd-getgrouplist.o bsd-inet_aton.o bsd-inet_ntoa.o bsd-misc.o bsd-mktemp.o bsd-realpath.o bsd-rresvport.o bsd-setenv.o bsd-sigaction.o bsd-snprintf.o bsd-strlcat.o bsd-strlcpy.o bsd-strmode.o bsd-strsep.o bsd-strtok.o bsd-vis.o bsd-setproctitle.o bsd-waitpid.o fake-getaddrinfo.o fake-getnameinfo.o next-posix.o 42LIBOPENBSD_COMPAT_OBJS=bsd-arc4random.o bsd-base64.o bsd-bindresvport.o bsd-daemon.o bsd-getcwd.o bsd-getgrouplist.o bsd-inet_aton.o bsd-inet_ntoa.o bsd-misc.o bsd-mktemp.o bsd-realpath.o bsd-rresvport.o bsd-setenv.o bsd-sigaction.o bsd-snprintf.o bsd-strlcat.o bsd-strlcpy.o bsd-strmode.o bsd-strsep.o bsd-strtok.o bsd-vis.o bsd-setproctitle.o bsd-waitpid.o fake-getaddrinfo.o fake-getnameinfo.o next-posix.o
43 43
diff --git a/acconfig.h b/acconfig.h
index 936a7ca5e..f0242eec4 100644
--- a/acconfig.h
+++ b/acconfig.h
@@ -268,7 +268,7 @@
268#undef USER_PATH 268#undef USER_PATH
269 269
270/* Specify location of ssh.pid */ 270/* Specify location of ssh.pid */
271#undef PIDDIR 271#undef _PATH_SSH_PIDDIR
272 272
273/* Use IPv4 for connection by default, IPv6 can still if explicity asked */ 273/* Use IPv4 for connection by default, IPv6 can still if explicity asked */
274#undef IPV4_DEFAULT 274#undef IPV4_DEFAULT
diff --git a/atomicio.c b/atomicio.c
index 29ff16c44..7985fb80d 100644
--- a/atomicio.c
+++ b/atomicio.c
@@ -24,10 +24,10 @@
24 */ 24 */
25 25
26#include "includes.h" 26#include "includes.h"
27RCSID("$OpenBSD: atomicio.c,v 1.7 2000/10/18 18:04:02 markus Exp $"); 27RCSID("$OpenBSD: atomicio.c,v 1.8 2001/01/21 19:05:40 markus Exp $");
28 28
29#include "xmalloc.h" 29#include "xmalloc.h"
30#include "ssh.h" 30#include "atomicio.h"
31 31
32/* 32/*
33 * ensure all of data on socket comes through. f==read || f==write 33 * ensure all of data on socket comes through. f==read || f==write
diff --git a/atomicio.h b/atomicio.h
new file mode 100644
index 000000000..15fc025c3
--- /dev/null
+++ b/atomicio.h
@@ -0,0 +1,29 @@
1/*
2 * Copyright (c) 1995,1999 Theo de Raadt
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 *
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
18 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24 */
25
26/*
27 * Ensure all of data on socket comes through. f==read || f==write
28 */
29ssize_t atomicio(ssize_t (*f)(), int fd, void *s, size_t n);
diff --git a/auth-chall.c b/auth-chall.c
index e99ddb39f..b8b0c5d1e 100644
--- a/auth-chall.c
+++ b/auth-chall.c
@@ -23,9 +23,8 @@
23 */ 23 */
24 24
25#include "includes.h" 25#include "includes.h"
26RCSID("$OpenBSD: auth-chall.c,v 1.2 2001/01/19 12:45:26 markus Exp $"); 26RCSID("$OpenBSD: auth-chall.c,v 1.3 2001/01/21 19:05:41 markus Exp $");
27 27
28#include "ssh.h"
29#include "auth.h" 28#include "auth.h"
30 29
31#ifdef SKEY 30#ifdef SKEY
diff --git a/auth-krb4.c b/auth-krb4.c
index 80e8f4292..d68806f95 100644
--- a/auth-krb4.c
+++ b/auth-krb4.c
@@ -23,14 +23,18 @@
23 */ 23 */
24 24
25#include "includes.h" 25#include "includes.h"
26RCSID("$OpenBSD: auth-krb4.c,v 1.22 2001/01/21 19:05:41 markus Exp $");
27
28#ifdef KRB4
29#include "ssh.h"
30#include "ssh1.h"
26#include "packet.h" 31#include "packet.h"
27#include "xmalloc.h" 32#include "xmalloc.h"
28#include "ssh.h" 33#include "log.h"
29#include "servconf.h" 34#include "servconf.h"
35#include "auth.h"
36#include "radix.h"
30 37
31RCSID("$OpenBSD: auth-krb4.c,v 1.20 2000/12/19 23:17:54 markus Exp $");
32
33#ifdef KRB4
34char *ticket = NULL; 38char *ticket = NULL;
35 39
36extern ServerOptions options; 40extern ServerOptions options;
diff --git a/auth-options.c b/auth-options.c
index ef61d8df8..5457d9b14 100644
--- a/auth-options.c
+++ b/auth-options.c
@@ -10,12 +10,14 @@
10 */ 10 */
11 11
12#include "includes.h" 12#include "includes.h"
13RCSID("$OpenBSD: auth-options.c,v 1.8 2001/01/13 18:38:00 markus Exp $"); 13RCSID("$OpenBSD: auth-options.c,v 1.11 2001/01/21 19:05:41 markus Exp $");
14 14
15#include "ssh.h"
16#include "packet.h" 15#include "packet.h"
17#include "xmalloc.h" 16#include "xmalloc.h"
18#include "match.h" 17#include "match.h"
18#include "log.h"
19#include "canohost.h"
20#include "auth-options.h"
19 21
20/* Flags set authorized_keys flags */ 22/* Flags set authorized_keys flags */
21int no_port_forwarding_flag = 0; 23int no_port_forwarding_flag = 0;
@@ -48,9 +50,12 @@ auth_clear_options(void)
48 } 50 }
49} 51}
50 52
51/* return 1 if access is granted, 0 if not. side effect: sets key option flags */ 53/*
54 * return 1 if access is granted, 0 if not.
55 * side effect: sets key option flags
56 */
52int 57int
53auth_parse_options(struct passwd *pw, char *options, u_long linenum) 58auth_parse_options(struct passwd *pw, char *options, char *file, u_long linenum)
54{ 59{
55 const char *cp; 60 const char *cp;
56 if (!options) 61 if (!options)
@@ -106,9 +111,9 @@ auth_parse_options(struct passwd *pw, char *options, u_long linenum)
106 } 111 }
107 if (!*options) { 112 if (!*options) {
108 debug("%.100s, line %lu: missing end quote", 113 debug("%.100s, line %lu: missing end quote",
109 SSH_USER_PERMITTED_KEYS, linenum); 114 file, linenum);
110 packet_send_debug("%.100s, line %lu: missing end quote", 115 packet_send_debug("%.100s, line %lu: missing end quote",
111 SSH_USER_PERMITTED_KEYS, linenum); 116 file, linenum);
112 continue; 117 continue;
113 } 118 }
114 forced_command[i] = 0; 119 forced_command[i] = 0;
@@ -136,9 +141,9 @@ auth_parse_options(struct passwd *pw, char *options, u_long linenum)
136 } 141 }
137 if (!*options) { 142 if (!*options) {
138 debug("%.100s, line %lu: missing end quote", 143 debug("%.100s, line %lu: missing end quote",
139 SSH_USER_PERMITTED_KEYS, linenum); 144 file, linenum);
140 packet_send_debug("%.100s, line %lu: missing end quote", 145 packet_send_debug("%.100s, line %lu: missing end quote",
141 SSH_USER_PERMITTED_KEYS, linenum); 146 file, linenum);
142 continue; 147 continue;
143 } 148 }
144 s[i] = 0; 149 s[i] = 0;
@@ -170,9 +175,9 @@ auth_parse_options(struct passwd *pw, char *options, u_long linenum)
170 } 175 }
171 if (!*options) { 176 if (!*options) {
172 debug("%.100s, line %lu: missing end quote", 177 debug("%.100s, line %lu: missing end quote",
173 SSH_USER_PERMITTED_KEYS, linenum); 178 file, linenum);
174 packet_send_debug("%.100s, line %lu: missing end quote", 179 packet_send_debug("%.100s, line %lu: missing end quote",
175 SSH_USER_PERMITTED_KEYS, linenum); 180 file, linenum);
176 continue; 181 continue;
177 } 182 }
178 patterns[i] = 0; 183 patterns[i] = 0;
@@ -219,9 +224,9 @@ next_option:
219 224
220bad_option: 225bad_option:
221 log("Bad options in %.100s file, line %lu: %.50s", 226 log("Bad options in %.100s file, line %lu: %.50s",
222 SSH_USER_PERMITTED_KEYS, linenum, options); 227 file, linenum, options);
223 packet_send_debug("Bad options in %.100s file, line %lu: %.50s", 228 packet_send_debug("Bad options in %.100s file, line %lu: %.50s",
224 SSH_USER_PERMITTED_KEYS, linenum, options); 229 file, linenum, options);
225 /* deny access */ 230 /* deny access */
226 return 0; 231 return 0;
227} 232}
diff --git a/auth-options.h b/auth-options.h
index 76d420d23..8ee269491 100644
--- a/auth-options.h
+++ b/auth-options.h
@@ -11,10 +11,17 @@
11 * called by a name other than "ssh" or "Secure Shell". 11 * called by a name other than "ssh" or "Secure Shell".
12 */ 12 */
13 13
14/* $OpenBSD: auth-options.h,v 1.6 2000/12/19 23:17:55 markus Exp $ */ 14/* $OpenBSD: auth-options.h,v 1.8 2001/01/21 19:05:42 markus Exp $ */
15 15
16#ifndef AUTH_OPTIONS_H 16#ifndef AUTH_OPTIONS_H
17#define AUTH_OPTIONS_H 17#define AUTH_OPTIONS_H
18
19/* Linked list of custom environment strings */
20struct envstring {
21 struct envstring *next;
22 char *s;
23};
24
18/* Flags that may be set in authorized_keys options. */ 25/* Flags that may be set in authorized_keys options. */
19extern int no_port_forwarding_flag; 26extern int no_port_forwarding_flag;
20extern int no_agent_forwarding_flag; 27extern int no_agent_forwarding_flag;
@@ -23,8 +30,14 @@ extern int no_pty_flag;
23extern char *forced_command; 30extern char *forced_command;
24extern struct envstring *custom_environment; 31extern struct envstring *custom_environment;
25 32
26/* return 1 if access is granted, 0 if not. side effect: sets key option flags */ 33/*
27int auth_parse_options(struct passwd *pw, char *options, u_long linenum); 34 * return 1 if access is granted, 0 if not.
35 * side effect: sets key option flags
36 */
37int
38auth_parse_options(struct passwd *pw, char *options, char *file,
39 u_long linenum);
40
28/* reset options flags */ 41/* reset options flags */
29void auth_clear_options(void); 42void auth_clear_options(void);
30 43
diff --git a/auth-pam.c b/auth-pam.c
index befb84c08..3d550b4dd 100644
--- a/auth-pam.c
+++ b/auth-pam.c
@@ -27,9 +27,12 @@
27#ifdef USE_PAM 27#ifdef USE_PAM
28#include "ssh.h" 28#include "ssh.h"
29#include "xmalloc.h" 29#include "xmalloc.h"
30#include "log.h"
30#include "servconf.h" 31#include "servconf.h"
32#include "canohost.h"
33#include "readpass.h"
31 34
32RCSID("$Id: auth-pam.c,v 1.21 2001/01/19 04:46:38 djm Exp $"); 35RCSID("$Id: auth-pam.c,v 1.22 2001/01/22 05:34:40 mouring Exp $");
33 36
34#define NEW_AUTHTOK_MSG \ 37#define NEW_AUTHTOK_MSG \
35 "Warning: Your password has expired, please change it now" 38 "Warning: Your password has expired, please change it now"
diff --git a/auth-passwd.c b/auth-passwd.c
index 8295ea177..541aca607 100644
--- a/auth-passwd.c
+++ b/auth-passwd.c
@@ -36,15 +36,14 @@
36 */ 36 */
37 37
38#include "includes.h" 38#include "includes.h"
39RCSID("$OpenBSD: auth-passwd.c,v 1.19 2001/01/18 16:59:59 markus Exp $"); 39RCSID("$OpenBSD: auth-passwd.c,v 1.20 2001/01/21 19:05:42 markus Exp $");
40 40
41#if !defined(USE_PAM) && !defined(HAVE_OSF_SIA) 41#if !defined(USE_PAM) && !defined(HAVE_OSF_SIA)
42 42
43#include "packet.h" 43#include "packet.h"
44#include "ssh.h"
45#include "servconf.h"
46#include "xmalloc.h" 44#include "xmalloc.h"
47 45#include "log.h"
46#include "servconf.h"
48#include "auth.h" 47#include "auth.h"
49 48
50#ifdef WITH_AIXAUTHENTICATE 49#ifdef WITH_AIXAUTHENTICATE
diff --git a/auth-rh-rsa.c b/auth-rh-rsa.c
index 48c075e66..87d51549d 100644
--- a/auth-rh-rsa.c
+++ b/auth-rh-rsa.c
@@ -13,18 +13,19 @@
13 */ 13 */
14 14
15#include "includes.h" 15#include "includes.h"
16RCSID("$OpenBSD: auth-rh-rsa.c,v 1.19 2000/12/21 15:10:16 markus Exp $"); 16RCSID("$OpenBSD: auth-rh-rsa.c,v 1.21 2001/01/21 19:05:42 markus Exp $");
17 17
18#include "packet.h" 18#include "packet.h"
19#include "ssh.h"
20#include "xmalloc.h" 19#include "xmalloc.h"
21#include "uidswap.h" 20#include "uidswap.h"
21#include "log.h"
22#include "servconf.h" 22#include "servconf.h"
23
24#include <openssl/rsa.h>
25#include <openssl/dsa.h>
26#include "key.h" 23#include "key.h"
27#include "hostfile.h" 24#include "hostfile.h"
25#include "pathnames.h"
26#include "auth.h"
27#include "tildexpand.h"
28#include "canohost.h"
28 29
29/* 30/*
30 * Tries to authenticate the user using the .rhosts file and the host using 31 * Tries to authenticate the user using the .rhosts file and the host using
@@ -59,15 +60,15 @@ auth_rhosts_rsa(struct passwd *pw, const char *client_user, RSA *client_host_key
59 found = key_new(KEY_RSA1); 60 found = key_new(KEY_RSA1);
60 61
61 /* Check if we know the host and its host key. */ 62 /* Check if we know the host and its host key. */
62 host_status = check_host_in_hostfile(SSH_SYSTEM_HOSTFILE, canonical_hostname, 63 host_status = check_host_in_hostfile(_PATH_SSH_SYSTEM_HOSTFILE, canonical_hostname,
63 client_key, found, NULL); 64 client_key, found, NULL);
64 65
65 /* Check user host file unless ignored. */ 66 /* Check user host file unless ignored. */
66 if (host_status != HOST_OK && !options.ignore_user_known_hosts) { 67 if (host_status != HOST_OK && !options.ignore_user_known_hosts) {
67 struct stat st; 68 struct stat st;
68 char *user_hostfile = tilde_expand_filename(SSH_USER_HOSTFILE, pw->pw_uid); 69 char *user_hostfile = tilde_expand_filename(_PATH_SSH_USER_HOSTFILE, pw->pw_uid);
69 /* 70 /*
70 * Check file permissions of SSH_USER_HOSTFILE, auth_rsa() 71 * Check file permissions of _PATH_SSH_USER_HOSTFILE, auth_rsa()
71 * did already check pw->pw_dir, but there is a race XXX 72 * did already check pw->pw_dir, but there is a race XXX
72 */ 73 */
73 if (options.strict_modes && 74 if (options.strict_modes &&
diff --git a/auth-rhosts.c b/auth-rhosts.c
index fb7dabe7a..4f9ea886d 100644
--- a/auth-rhosts.c
+++ b/auth-rhosts.c
@@ -14,13 +14,15 @@
14 */ 14 */
15 15
16#include "includes.h" 16#include "includes.h"
17RCSID("$OpenBSD: auth-rhosts.c,v 1.17 2000/12/19 23:17:55 markus Exp $"); 17RCSID("$OpenBSD: auth-rhosts.c,v 1.19 2001/01/21 19:05:42 markus Exp $");
18 18
19#include "packet.h" 19#include "packet.h"
20#include "ssh.h"
21#include "xmalloc.h" 20#include "xmalloc.h"
22#include "uidswap.h" 21#include "uidswap.h"
22#include "pathnames.h"
23#include "log.h"
23#include "servconf.h" 24#include "servconf.h"
25#include "canohost.h"
24 26
25/* 27/*
26 * This function processes an rhosts-style file (.rhosts, .shosts, or 28 * This function processes an rhosts-style file (.rhosts, .shosts, or
@@ -177,8 +179,8 @@ auth_rhosts(struct passwd *pw, const char *client_user)
177 179
178 /* Deny if The user has no .shosts or .rhosts file and there are no system-wide files. */ 180 /* Deny if The user has no .shosts or .rhosts file and there are no system-wide files. */
179 if (!rhosts_files[rhosts_file_index] && 181 if (!rhosts_files[rhosts_file_index] &&
180 stat("/etc/hosts.equiv", &st) < 0 && 182 stat(_PATH_RHOSTS_EQUIV, &st) < 0 &&
181 stat(SSH_HOSTS_EQUIV, &st) < 0) 183 stat(_PATH_SSH_HOSTS_EQUIV, &st) < 0)
182 return 0; 184 return 0;
183 185
184 hostname = get_canonical_hostname(); 186 hostname = get_canonical_hostname();
@@ -192,10 +194,10 @@ auth_rhosts(struct passwd *pw, const char *client_user)
192 hostname, ipaddr); 194 hostname, ipaddr);
193 return 1; 195 return 1;
194 } 196 }
195 if (check_rhosts_file(SSH_HOSTS_EQUIV, hostname, ipaddr, client_user, 197 if (check_rhosts_file(_PATH_SSH_HOSTS_EQUIV, hostname, ipaddr, client_user,
196 pw->pw_name)) { 198 pw->pw_name)) {
197 packet_send_debug("Accepted for %.100s [%.100s] by %.100s.", 199 packet_send_debug("Accepted for %.100s [%.100s] by %.100s.",
198 hostname, ipaddr, SSH_HOSTS_EQUIV); 200 hostname, ipaddr, _PATH_SSH_HOSTS_EQUIV);
199 return 1; 201 return 1;
200 } 202 }
201 } 203 }
diff --git a/auth-rsa.c b/auth-rsa.c
index 3daf4d13c..ee71655f3 100644
--- a/auth-rsa.c
+++ b/auth-rsa.c
@@ -14,21 +14,23 @@
14 */ 14 */
15 15
16#include "includes.h" 16#include "includes.h"
17RCSID("$OpenBSD: auth-rsa.c,v 1.34 2000/12/19 23:17:55 markus Exp $"); 17RCSID("$OpenBSD: auth-rsa.c,v 1.38 2001/01/21 19:05:42 markus Exp $");
18
19#include <openssl/rsa.h>
20#include <openssl/md5.h>
18 21
19#include "rsa.h" 22#include "rsa.h"
20#include "packet.h" 23#include "packet.h"
21#include "xmalloc.h" 24#include "xmalloc.h"
22#include "ssh.h" 25#include "ssh1.h"
23#include "mpaux.h" 26#include "mpaux.h"
24#include "uidswap.h" 27#include "uidswap.h"
25#include "match.h" 28#include "match.h"
26#include "servconf.h"
27#include "auth-options.h" 29#include "auth-options.h"
28 30#include "pathnames.h"
29#include <openssl/rsa.h> 31#include "log.h"
30#include <openssl/md5.h> 32#include "servconf.h"
31 33#include "auth.h"
32 34
33/* import */ 35/* import */
34extern ServerOptions options; 36extern ServerOptions options;
@@ -120,7 +122,7 @@ auth_rsa_challenge_dialog(RSA *pk)
120int 122int
121auth_rsa(struct passwd *pw, BIGNUM *client_n) 123auth_rsa(struct passwd *pw, BIGNUM *client_n)
122{ 124{
123 char line[8192], file[1024]; 125 char line[8192], file[MAXPATHLEN];
124 int authenticated; 126 int authenticated;
125 u_int bits; 127 u_int bits;
126 FILE *f; 128 FILE *f;
@@ -137,7 +139,7 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n)
137 139
138 /* The authorized keys. */ 140 /* The authorized keys. */
139 snprintf(file, sizeof file, "%.500s/%.100s", pw->pw_dir, 141 snprintf(file, sizeof file, "%.500s/%.100s", pw->pw_dir,
140 SSH_USER_PERMITTED_KEYS); 142 _PATH_SSH_USER_PERMITTED_KEYS);
141 143
142 /* Fail quietly if file does not exist */ 144 /* Fail quietly if file does not exist */
143 if (stat(file, &st) < 0) { 145 if (stat(file, &st) < 0) {
@@ -165,10 +167,10 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n)
165 "bad ownership or modes for '%s'.", pw->pw_name, file); 167 "bad ownership or modes for '%s'.", pw->pw_name, file);
166 fail = 1; 168 fail = 1;
167 } else { 169 } else {
168 /* Check path to SSH_USER_PERMITTED_KEYS */ 170 /* Check path to _PATH_SSH_USER_PERMITTED_KEYS */
169 int i; 171 int i;
170 static const char *check[] = { 172 static const char *check[] = {
171 "", SSH_USER_DIR, NULL 173 "", _PATH_SSH_USER_DIR, NULL
172 }; 174 };
173 for (i = 0; check[i]; i++) { 175 for (i = 0; check[i]; i++) {
174 snprintf(line, sizeof line, "%.500s/%.100s", pw->pw_dir, check[i]); 176 snprintf(line, sizeof line, "%.500s/%.100s", pw->pw_dir, check[i]);
@@ -235,9 +237,9 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n)
235 /* Parse the key from the line. */ 237 /* Parse the key from the line. */
236 if (!auth_rsa_read_key(&cp, &bits, pk->e, pk->n)) { 238 if (!auth_rsa_read_key(&cp, &bits, pk->e, pk->n)) {
237 debug("%.100s, line %lu: bad key syntax", 239 debug("%.100s, line %lu: bad key syntax",
238 SSH_USER_PERMITTED_KEYS, linenum); 240 file, linenum);
239 packet_send_debug("%.100s, line %lu: bad key syntax", 241 packet_send_debug("%.100s, line %lu: bad key syntax",
240 SSH_USER_PERMITTED_KEYS, linenum); 242 file, linenum);
241 continue; 243 continue;
242 } 244 }
243 /* cp now points to the comment part. */ 245 /* cp now points to the comment part. */
@@ -257,7 +259,7 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n)
257 * If our options do not allow this key to be used, 259 * If our options do not allow this key to be used,
258 * do not send challenge. 260 * do not send challenge.
259 */ 261 */
260 if (!auth_parse_options(pw, options, linenum)) 262 if (!auth_parse_options(pw, options, file, linenum))
261 continue; 263 continue;
262 264
263 /* Perform the challenge-response dialog for this key. */ 265 /* Perform the challenge-response dialog for this key. */
diff --git a/auth.c b/auth.c
index 814506d7c..187216d27 100644
--- a/auth.c
+++ b/auth.c
@@ -23,13 +23,8 @@
23 */ 23 */
24 24
25#include "includes.h" 25#include "includes.h"
26RCSID("$OpenBSD: auth.c,v 1.13 2001/01/18 16:59:59 markus Exp $"); 26RCSID("$OpenBSD: auth.c,v 1.14 2001/01/21 19:05:43 markus Exp $");
27 27
28#include "xmalloc.h"
29#include "ssh.h"
30#include "match.h"
31#include "servconf.h"
32#include "groupaccess.h"
33#ifdef HAVE_LOGIN_H 28#ifdef HAVE_LOGIN_H
34#include <login.h> 29#include <login.h>
35#endif 30#endif
@@ -37,8 +32,14 @@ RCSID("$OpenBSD: auth.c,v 1.13 2001/01/18 16:59:59 markus Exp $");
37#include <shadow.h> 32#include <shadow.h>
38#endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */ 33#endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */
39 34
35#include "xmalloc.h"
36#include "match.h"
37#include "groupaccess.h"
38#include "log.h"
39#include "servconf.h"
40#include "auth.h" 40#include "auth.h"
41#include "auth-options.h" 41#include "auth-options.h"
42#include "canohost.h"
42 43
43/* import */ 44/* import */
44extern ServerOptions options; 45extern ServerOptions options;
diff --git a/auth.h b/auth.h
index bf4787b68..b604e6304 100644
--- a/auth.h
+++ b/auth.h
@@ -21,11 +21,13 @@
21 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 21 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
22 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 22 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
23 * 23 *
24 * $OpenBSD: auth.h,v 1.9 2001/01/18 16:59:59 markus Exp $ 24 * $OpenBSD: auth.h,v 1.10 2001/01/21 19:05:43 markus Exp $
25 */ 25 */
26#ifndef AUTH_H 26#ifndef AUTH_H
27#define AUTH_H 27#define AUTH_H
28 28
29#include <openssl/rsa.h>
30
29typedef struct Authctxt Authctxt; 31typedef struct Authctxt Authctxt;
30struct Authctxt { 32struct Authctxt {
31 int success; 33 int success;
@@ -39,6 +41,68 @@ struct Authctxt {
39 char *style; 41 char *style;
40}; 42};
41 43
44/*
45 * Tries to authenticate the user using the .rhosts file. Returns true if
46 * authentication succeeds. If ignore_rhosts is non-zero, this will not
47 * consider .rhosts and .shosts (/etc/hosts.equiv will still be used).
48 */
49int auth_rhosts(struct passwd * pw, const char *client_user);
50
51/*
52 * Tries to authenticate the user using the .rhosts file and the host using
53 * its host key. Returns true if authentication succeeds.
54 */
55int
56auth_rhosts_rsa(struct passwd * pw, const char *client_user, RSA* client_host_key);
57
58/*
59 * Tries to authenticate the user using password. Returns true if
60 * authentication succeeds.
61 */
62int auth_password(struct passwd * pw, const char *password);
63
64/*
65 * Performs the RSA authentication dialog with the client. This returns 0 if
66 * the client could not be authenticated, and 1 if authentication was
67 * successful. This may exit if there is a serious protocol violation.
68 */
69int auth_rsa(struct passwd * pw, BIGNUM * client_n);
70
71/*
72 * Parses an RSA key (number of bits, e, n) from a string. Moves the pointer
73 * over the key. Skips any whitespace at the beginning and at end.
74 */
75int auth_rsa_read_key(char **cpp, u_int *bitsp, BIGNUM * e, BIGNUM * n);
76
77/*
78 * Performs the RSA authentication challenge-response dialog with the client,
79 * and returns true (non-zero) if the client gave the correct answer to our
80 * challenge; returns zero if the client gives a wrong answer.
81 */
82int auth_rsa_challenge_dialog(RSA *pk);
83
84#ifdef KRB4
85#include <krb.h>
86/*
87 * Performs Kerberos v4 mutual authentication with the client. This returns 0
88 * if the client could not be authenticated, and 1 if authentication was
89 * successful. This may exit if there is a serious protocol violation.
90 */
91int auth_krb4(const char *server_user, KTEXT auth, char **client);
92int krb4_init(uid_t uid);
93void krb4_cleanup_proc(void *ignore);
94int auth_krb4_password(struct passwd * pw, const char *password);
95
96#ifdef AFS
97#include <kafs.h>
98
99/* Accept passed Kerberos v4 ticket-granting ticket and AFS tokens. */
100int auth_kerberos_tgt(struct passwd * pw, const char *string);
101int auth_afs_token(struct passwd * pw, const char *token_string);
102#endif /* AFS */
103
104#endif /* KRB4 */
105
42#include "auth-pam.h" 106#include "auth-pam.h"
43#include "auth2-pam.h" 107#include "auth2-pam.h"
44 108
diff --git a/auth1.c b/auth1.c
index b480fdbec..50037fd83 100644
--- a/auth1.c
+++ b/auth1.c
@@ -10,7 +10,7 @@
10 */ 10 */
11 11
12#include "includes.h" 12#include "includes.h"
13RCSID("$OpenBSD: auth1.c,v 1.11 2001/01/18 16:59:59 markus Exp $"); 13RCSID("$OpenBSD: auth1.c,v 1.13 2001/01/21 19:05:43 markus Exp $");
14 14
15#ifdef HAVE_OSF_SIA 15#ifdef HAVE_OSF_SIA
16# include <sia.h> 16# include <sia.h>
@@ -19,10 +19,11 @@ RCSID("$OpenBSD: auth1.c,v 1.11 2001/01/18 16:59:59 markus Exp $");
19 19
20#include "xmalloc.h" 20#include "xmalloc.h"
21#include "rsa.h" 21#include "rsa.h"
22#include "ssh.h" 22#include "ssh1.h"
23#include "packet.h" 23#include "packet.h"
24#include "buffer.h" 24#include "buffer.h"
25#include "mpaux.h" 25#include "mpaux.h"
26#include "log.h"
26#include "servconf.h" 27#include "servconf.h"
27#include "compat.h" 28#include "compat.h"
28#include "auth.h" 29#include "auth.h"
@@ -278,11 +279,6 @@ do_authloop(Authctxt *authctxt)
278 xfree(password); 279 xfree(password);
279 break; 280 break;
280 281
281#ifdef SKEY /* ISSUE: Is this right? we don't define
282 having skey_authentication in
283 servconf.h by default so I assume
284 we need to deal with this via #ifdef
285 in some reasonable way */
286 case SSH_CMSG_AUTH_TIS: 282 case SSH_CMSG_AUTH_TIS:
287 debug("rcvd SSH_CMSG_AUTH_TIS"); 283 debug("rcvd SSH_CMSG_AUTH_TIS");
288 if (options.skey_authentication == 1) { 284 if (options.skey_authentication == 1) {
@@ -297,6 +293,7 @@ do_authloop(Authctxt *authctxt)
297 } 293 }
298 } 294 }
299 break; 295 break;
296
300 case SSH_CMSG_AUTH_TIS_RESPONSE: 297 case SSH_CMSG_AUTH_TIS_RESPONSE:
301 debug("rcvd SSH_CMSG_AUTH_TIS_RESPONSE"); 298 debug("rcvd SSH_CMSG_AUTH_TIS_RESPONSE");
302 if (options.skey_authentication == 1) { 299 if (options.skey_authentication == 1) {
@@ -308,7 +305,6 @@ do_authloop(Authctxt *authctxt)
308 xfree(response); 305 xfree(response);
309 } 306 }
310 break; 307 break;
311#endif /* ISSUE: End of wrong SKEY defines */
312 308
313 default: 309 default:
314 /* 310 /*
diff --git a/auth2-chall.c b/auth2-chall.c
index 77294f4b8..39dc285b9 100644
--- a/auth2-chall.c
+++ b/auth2-chall.c
@@ -22,14 +22,14 @@
22 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 22 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
23 */ 23 */
24#include "includes.h" 24#include "includes.h"
25RCSID("$OpenBSD: auth2-chall.c,v 1.1 2001/01/18 17:12:43 markus Exp $"); 25RCSID("$OpenBSD: auth2-chall.c,v 1.2 2001/01/21 19:05:43 markus Exp $");
26 26
27#include "ssh.h"
28#include "ssh2.h" 27#include "ssh2.h"
29#include "auth.h" 28#include "auth.h"
30#include "packet.h" 29#include "packet.h"
31#include "xmalloc.h" 30#include "xmalloc.h"
32#include "dispatch.h" 31#include "dispatch.h"
32#include "log.h"
33 33
34void send_userauth_into_request(Authctxt *authctxt, char *challenge, int echo); 34void send_userauth_into_request(Authctxt *authctxt, char *challenge, int echo);
35void input_userauth_info_response(int type, int plen, void *ctxt); 35void input_userauth_info_response(int type, int plen, void *ctxt);
diff --git a/auth2-pam.c b/auth2-pam.c
index adb36163e..c54ad31a2 100644
--- a/auth2-pam.c
+++ b/auth2-pam.c
@@ -1,14 +1,16 @@
1#include "includes.h" 1#include "includes.h"
2RCSID("$Id: auth2-pam.c,v 1.5 2001/01/19 05:37:32 mouring Exp $"); 2RCSID("$Id: auth2-pam.c,v 1.6 2001/01/22 05:34:40 mouring Exp $");
3 3
4#ifdef USE_PAM 4#ifdef USE_PAM
5#include <security/pam_appl.h>
6
5#include "ssh.h" 7#include "ssh.h"
6#include "ssh2.h" 8#include "ssh2.h"
7#include "auth.h" 9#include "auth.h"
8#include "packet.h" 10#include "packet.h"
9#include "xmalloc.h" 11#include "xmalloc.h"
10#include "dispatch.h" 12#include "dispatch.h"
11#include <security/pam_appl.h> 13#include "log.h"
12 14
13struct { 15struct {
14 int finished, num_received, num_expected; 16 int finished, num_received, num_expected;
@@ -31,7 +33,6 @@ int
31auth2_pam(Authctxt *authctxt) 33auth2_pam(Authctxt *authctxt)
32{ 34{
33 int retval = -1; 35 int retval = -1;
34 char *method = "PAM";
35 36
36 if (authctxt->user == NULL) 37 if (authctxt->user == NULL)
37 fatal("auth2_pam: internal error: no user"); 38 fatal("auth2_pam: internal error: no user");
diff --git a/auth2.c b/auth2.c
index bab1c2ed8..0d2214c72 100644
--- a/auth2.c
+++ b/auth2.c
@@ -23,34 +23,34 @@
23 */ 23 */
24 24
25#include "includes.h" 25#include "includes.h"
26RCSID("$OpenBSD: auth2.c,v 1.28 2001/01/18 17:00:00 markus Exp $"); 26RCSID("$OpenBSD: auth2.c,v 1.32 2001/01/21 19:05:44 markus Exp $");
27 27
28#ifdef HAVE_OSF_SIA 28#ifdef HAVE_OSF_SIA
29# include <sia.h> 29# include <sia.h>
30# include <siad.h> 30# include <siad.h>
31#endif 31#endif
32 32
33#include <openssl/dsa.h>
34#include <openssl/rsa.h>
35#include <openssl/evp.h> 33#include <openssl/evp.h>
36 34
35#include "ssh2.h"
37#include "xmalloc.h" 36#include "xmalloc.h"
38#include "rsa.h" 37#include "rsa.h"
39#include "ssh.h"
40#include "pty.h" 38#include "pty.h"
41#include "packet.h" 39#include "packet.h"
42#include "buffer.h" 40#include "buffer.h"
41#include "log.h"
43#include "servconf.h" 42#include "servconf.h"
44#include "compat.h" 43#include "compat.h"
45#include "channels.h" 44#include "channels.h"
46#include "bufaux.h" 45#include "bufaux.h"
47#include "ssh2.h"
48#include "auth.h" 46#include "auth.h"
49#include "session.h" 47#include "session.h"
50#include "dispatch.h" 48#include "dispatch.h"
51#include "auth.h" 49#include "auth.h"
50#include "cipher.h"
52#include "key.h" 51#include "key.h"
53#include "kex.h" 52#include "kex.h"
53#include "pathnames.h"
54 54
55#include "uidswap.h" 55#include "uidswap.h"
56#include "auth-options.h" 56#include "auth-options.h"
@@ -583,7 +583,7 @@ authmethod_lookup(const char *name)
583int 583int
584user_key_allowed(struct passwd *pw, Key *key) 584user_key_allowed(struct passwd *pw, Key *key)
585{ 585{
586 char line[8192], file[1024]; 586 char line[8192], file[MAXPATHLEN];
587 int found_key = 0; 587 int found_key = 0;
588 FILE *f; 588 FILE *f;
589 u_long linenum = 0; 589 u_long linenum = 0;
@@ -598,7 +598,7 @@ user_key_allowed(struct passwd *pw, Key *key)
598 598
599 /* The authorized keys. */ 599 /* The authorized keys. */
600 snprintf(file, sizeof file, "%.500s/%.100s", pw->pw_dir, 600 snprintf(file, sizeof file, "%.500s/%.100s", pw->pw_dir,
601 SSH_USER_PERMITTED_KEYS2); 601 _PATH_SSH_USER_PERMITTED_KEYS2);
602 602
603 /* Fail quietly if file does not exist */ 603 /* Fail quietly if file does not exist */
604 if (stat(file, &st) < 0) { 604 if (stat(file, &st) < 0) {
@@ -626,10 +626,10 @@ user_key_allowed(struct passwd *pw, Key *key)
626 key_type(key), pw->pw_name, file); 626 key_type(key), pw->pw_name, file);
627 fail = 1; 627 fail = 1;
628 } else { 628 } else {
629 /* Check path to SSH_USER_PERMITTED_KEYS */ 629 /* Check path to _PATH_SSH_USER_PERMITTED_KEYS */
630 int i; 630 int i;
631 static const char *check[] = { 631 static const char *check[] = {
632 "", SSH_USER_DIR, NULL 632 "", _PATH_SSH_USER_DIR, NULL
633 }; 633 };
634 for (i = 0; check[i]; i++) { 634 for (i = 0; check[i]; i++) {
635 snprintf(line, sizeof line, "%.500s/%.100s", 635 snprintf(line, sizeof line, "%.500s/%.100s",
@@ -686,7 +686,7 @@ user_key_allowed(struct passwd *pw, Key *key)
686 } 686 }
687 } 687 }
688 if (key_equal(found, key) && 688 if (key_equal(found, key) &&
689 auth_parse_options(pw, options, linenum) == 1) { 689 auth_parse_options(pw, options, file, linenum) == 1) {
690 found_key = 1; 690 found_key = 1;
691 debug("matching key found: file %s, line %ld", 691 debug("matching key found: file %s, line %ld",
692 file, linenum); 692 file, linenum);
diff --git a/authfd.c b/authfd.c
index e2456e39e..17f5d139a 100644
--- a/authfd.c
+++ b/authfd.c
@@ -35,7 +35,9 @@
35 */ 35 */
36 36
37#include "includes.h" 37#include "includes.h"
38RCSID("$OpenBSD: authfd.c,v 1.32 2000/12/20 19:37:21 markus Exp $"); 38RCSID("$OpenBSD: authfd.c,v 1.33 2001/01/21 19:05:44 markus Exp $");
39
40#include <openssl/evp.h>
39 41
40#include "ssh.h" 42#include "ssh.h"
41#include "rsa.h" 43#include "rsa.h"
@@ -43,14 +45,14 @@ RCSID("$OpenBSD: authfd.c,v 1.32 2000/12/20 19:37:21 markus Exp $");
43#include "bufaux.h" 45#include "bufaux.h"
44#include "xmalloc.h" 46#include "xmalloc.h"
45#include "getput.h" 47#include "getput.h"
46
47#include <openssl/rsa.h>
48#include <openssl/dsa.h>
49#include <openssl/evp.h>
50#include "key.h" 48#include "key.h"
51#include "authfd.h" 49#include "authfd.h"
50#include "cipher.h"
52#include "kex.h" 51#include "kex.h"
53#include "compat.h" 52#include "compat.h"
53#include "log.h"
54#include "atomicio.h"
55#include "authfd.h"
54 56
55/* helper */ 57/* helper */
56int decode_reply(int type); 58int decode_reply(int type);
diff --git a/authfile.c b/authfile.c
index 422d080b2..c79b2d021 100644
--- a/authfile.c
+++ b/authfile.c
@@ -36,20 +36,19 @@
36 */ 36 */
37 37
38#include "includes.h" 38#include "includes.h"
39RCSID("$OpenBSD: authfile.c,v 1.24 2000/12/20 19:26:56 markus Exp $"); 39RCSID("$OpenBSD: authfile.c,v 1.25 2001/01/21 19:05:44 markus Exp $");
40 40
41#include <openssl/bn.h>
42#include <openssl/dsa.h>
43#include <openssl/rsa.h>
44#include <openssl/err.h> 41#include <openssl/err.h>
45#include <openssl/pem.h>
46#include <openssl/evp.h> 42#include <openssl/evp.h>
43#include <openssl/pem.h>
47 44
45#include "cipher.h"
48#include "xmalloc.h" 46#include "xmalloc.h"
49#include "buffer.h" 47#include "buffer.h"
50#include "bufaux.h" 48#include "bufaux.h"
51#include "ssh.h"
52#include "key.h" 49#include "key.h"
50#include "ssh.h"
51#include "log.h"
53 52
54/* Version identification string for identity files. */ 53/* Version identification string for identity files. */
55#define AUTHFILE_ID_STRING "SSH PRIVATE KEY FILE FORMAT 1.1\n" 54#define AUTHFILE_ID_STRING "SSH PRIVATE KEY FILE FORMAT 1.1\n"
diff --git a/bufaux.c b/bufaux.c
index 2d20ad6db..8970ba137 100644
--- a/bufaux.c
+++ b/bufaux.c
@@ -37,13 +37,13 @@
37 */ 37 */
38 38
39#include "includes.h" 39#include "includes.h"
40RCSID("$OpenBSD: bufaux.c,v 1.16 2001/01/16 23:58:08 deraadt Exp $"); 40RCSID("$OpenBSD: bufaux.c,v 1.17 2001/01/21 19:05:45 markus Exp $");
41 41
42#include "ssh.h"
43#include <openssl/bn.h> 42#include <openssl/bn.h>
44#include "bufaux.h" 43#include "bufaux.h"
45#include "xmalloc.h" 44#include "xmalloc.h"
46#include "getput.h" 45#include "getput.h"
46#include "log.h"
47 47
48/* 48/*
49 * Stores an BIGNUM in the buffer with a 2-byte msb first bit count, followed 49 * Stores an BIGNUM in the buffer with a 2-byte msb first bit count, followed
diff --git a/bufaux.h b/bufaux.h
index ec4300227..8902ec2a8 100644
--- a/bufaux.h
+++ b/bufaux.h
@@ -10,12 +10,13 @@
10 * called by a name other than "ssh" or "Secure Shell". 10 * called by a name other than "ssh" or "Secure Shell".
11 */ 11 */
12 12
13/* RCSID("$OpenBSD: bufaux.h,v 1.10 2001/01/10 22:56:22 markus Exp $"); */ 13/* RCSID("$OpenBSD: bufaux.h,v 1.11 2001/01/21 19:05:45 markus Exp $"); */
14 14
15#ifndef BUFAUX_H 15#ifndef BUFAUX_H
16#define BUFAUX_H 16#define BUFAUX_H
17 17
18#include "buffer.h" 18#include "buffer.h"
19#include <openssl/bn.h>
19 20
20/* 21/*
21 * Stores an BIGNUM in the buffer with a 2-byte msb first bit count, followed 22 * Stores an BIGNUM in the buffer with a 2-byte msb first bit count, followed
diff --git a/buffer.c b/buffer.c
index 668c17383..0a8a4aa35 100644
--- a/buffer.c
+++ b/buffer.c
@@ -12,11 +12,11 @@
12 */ 12 */
13 13
14#include "includes.h" 14#include "includes.h"
15RCSID("$OpenBSD: buffer.c,v 1.9 2000/12/19 23:17:55 markus Exp $"); 15RCSID("$OpenBSD: buffer.c,v 1.10 2001/01/21 19:05:45 markus Exp $");
16 16
17#include "xmalloc.h" 17#include "xmalloc.h"
18#include "buffer.h" 18#include "buffer.h"
19#include "ssh.h" 19#include "log.h"
20 20
21/* Initializes the buffer structure. */ 21/* Initializes the buffer structure. */
22 22
diff --git a/canohost.c b/canohost.c
index 506446d05..9fa33c260 100644
--- a/canohost.c
+++ b/canohost.c
@@ -12,11 +12,11 @@
12 */ 12 */
13 13
14#include "includes.h" 14#include "includes.h"
15RCSID("$OpenBSD: canohost.c,v 1.17 2000/12/19 23:17:55 markus Exp $"); 15RCSID("$OpenBSD: canohost.c,v 1.18 2001/01/21 19:05:45 markus Exp $");
16 16
17#include "packet.h" 17#include "packet.h"
18#include "xmalloc.h" 18#include "xmalloc.h"
19#include "ssh.h" 19#include "log.h"
20 20
21/* 21/*
22 * Return the canonical name of the host at the other end of the socket. The 22 * Return the canonical name of the host at the other end of the socket. The
diff --git a/canohost.h b/canohost.h
new file mode 100644
index 000000000..572adb037
--- /dev/null
+++ b/canohost.h
@@ -0,0 +1,36 @@
1/*
2 * Author: Tatu Ylonen <ylo@cs.hut.fi>
3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4 * All rights reserved
5 *
6 * As far as I am concerned, the code I have written for this software
7 * can be used freely for any purpose. Any derived versions of this
8 * software must be clearly marked as such, and if the derived work is
9 * incompatible with the protocol description in the RFC file, it must be
10 * called by a name other than "ssh" or "Secure Shell".
11 */
12/*
13 * Returns the name of the machine at the other end of the socket. The
14 * returned string should be freed by the caller.
15 */
16char *get_remote_hostname(int socket);
17
18/*
19 * Return the canonical name of the host in the other side of the current
20 * connection (as returned by packet_get_connection). The host name is
21 * cached, so it is efficient to call this several times.
22 */
23const char *get_canonical_hostname(void);
24
25/*
26 * Returns the remote IP address as an ascii string. The value need not be
27 * freed by the caller.
28 */
29const char *get_remote_ipaddr(void);
30
31/* Returns the port number of the peer of the socket. */
32int get_peer_port(int sock);
33
34/* Returns the port number of the remote/local host. */
35int get_remote_port(void);
36int get_local_port(void);
diff --git a/channels.c b/channels.c
index 254f5df2f..a7da538ee 100644
--- a/channels.c
+++ b/channels.c
@@ -40,24 +40,24 @@
40 */ 40 */
41 41
42#include "includes.h" 42#include "includes.h"
43RCSID("$OpenBSD: channels.c,v 1.80 2001/01/08 22:03:23 markus Exp $"); 43RCSID("$OpenBSD: channels.c,v 1.82 2001/01/21 19:05:46 markus Exp $");
44
45#include <openssl/rsa.h>
46#include <openssl/dsa.h>
44 47
45#include "ssh.h" 48#include "ssh.h"
49#include "ssh1.h"
50#include "ssh2.h"
46#include "packet.h" 51#include "packet.h"
47#include "xmalloc.h" 52#include "xmalloc.h"
48#include "buffer.h" 53#include "buffer.h"
49#include "uidswap.h" 54#include "uidswap.h"
50#include "readconf.h" 55#include "log.h"
51#include "servconf.h" 56#include "misc.h"
52
53#include "channels.h" 57#include "channels.h"
54#include "nchan.h" 58#include "nchan.h"
55#include "compat.h" 59#include "compat.h"
56 60#include "canohost.h"
57#include "ssh2.h"
58
59#include <openssl/rsa.h>
60#include <openssl/dsa.h>
61#include "key.h" 61#include "key.h"
62#include "authfd.h" 62#include "authfd.h"
63 63
@@ -130,6 +130,9 @@ static int all_opens_permitted = 0;
130/* This is set to true if both sides support SSH_PROTOFLAG_HOST_IN_FWD_OPEN. */ 130/* This is set to true if both sides support SSH_PROTOFLAG_HOST_IN_FWD_OPEN. */
131static int have_hostname_in_open = 0; 131static int have_hostname_in_open = 0;
132 132
133/* AF_UNSPEC or AF_INET or AF_INET6 */
134extern int IPv4or6;
135
133/* Sets specific protocol options. */ 136/* Sets specific protocol options. */
134 137
135void 138void
diff --git a/cipher.c b/cipher.c
index 89e3c279f..c867216cc 100644
--- a/cipher.c
+++ b/cipher.c
@@ -35,10 +35,11 @@
35 */ 35 */
36 36
37#include "includes.h" 37#include "includes.h"
38RCSID("$OpenBSD: cipher.c,v 1.41 2000/12/19 23:17:56 markus Exp $"); 38RCSID("$OpenBSD: cipher.c,v 1.42 2001/01/21 19:05:46 markus Exp $");
39 39
40#include "ssh.h"
41#include "xmalloc.h" 40#include "xmalloc.h"
41#include "log.h"
42#include "cipher.h"
42 43
43#include <openssl/md5.h> 44#include <openssl/md5.h>
44 45
diff --git a/cli.c b/cli.c
index 931107f28..f86adac4e 100644
--- a/cli.c
+++ b/cli.c
@@ -1,8 +1,8 @@
1#include "includes.h" 1#include "includes.h"
2RCSID("$OpenBSD: cli.c,v 1.5 2001/01/08 08:50:29 markus Exp $"); 2RCSID("$OpenBSD: cli.c,v 1.6 2001/01/21 19:05:47 markus Exp $");
3 3
4#include "xmalloc.h" 4#include "xmalloc.h"
5#include "ssh.h" 5#include "log.h"
6 6
7static int cli_input = -1; 7static int cli_input = -1;
8static int cli_output = -1; 8static int cli_output = -1;
diff --git a/clientloop.c b/clientloop.c
index 9079bcda8..aade8606b 100644
--- a/clientloop.c
+++ b/clientloop.c
@@ -59,27 +59,25 @@
59 */ 59 */
60 60
61#include "includes.h" 61#include "includes.h"
62RCSID("$OpenBSD: clientloop.c,v 1.43 2001/01/13 19:14:08 markus Exp $"); 62RCSID("$OpenBSD: clientloop.c,v 1.45 2001/01/21 19:05:47 markus Exp $");
63 63
64#include "xmalloc.h"
65#include "ssh.h" 64#include "ssh.h"
65#include "ssh1.h"
66#include "ssh2.h"
67#include "xmalloc.h"
66#include "packet.h" 68#include "packet.h"
67#include "buffer.h" 69#include "buffer.h"
68#include "readconf.h"
69
70#include "ssh2.h"
71#include "compat.h" 70#include "compat.h"
72#include "channels.h" 71#include "channels.h"
73#include "dispatch.h" 72#include "dispatch.h"
74
75#include "buffer.h" 73#include "buffer.h"
76#include "bufaux.h" 74#include "bufaux.h"
77
78#include <openssl/dsa.h>
79#include <openssl/rsa.h>
80#include "key.h" 75#include "key.h"
81#include "authfd.h" 76#include "log.h"
77#include "readconf.h"
82#include "clientloop.h" 78#include "clientloop.h"
79#include "authfd.h"
80#include "atomicio.h"
83 81
84/* import options */ 82/* import options */
85extern Options options; 83extern Options options;
diff --git a/clientloop.h b/clientloop.h
index 3ad72aa55..58a1a7afb 100644
--- a/clientloop.h
+++ b/clientloop.h
@@ -1,4 +1,15 @@
1/* 1/*
2 * Author: Tatu Ylonen <ylo@cs.hut.fi>
3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4 * All rights reserved
5 *
6 * As far as I am concerned, the code I have written for this software
7 * can be used freely for any purpose. Any derived versions of this
8 * software must be clearly marked as such, and if the derived work is
9 * incompatible with the protocol description in the RFC file, it must be
10 * called by a name other than "ssh" or "Secure Shell".
11 */
12/*
2 * Copyright (c) 2001 Markus Friedl. All rights reserved. 13 * Copyright (c) 2001 Markus Friedl. All rights reserved.
3 * 14 *
4 * Redistribution and use in source and binary forms, with or without 15 * Redistribution and use in source and binary forms, with or without
@@ -21,4 +32,8 @@
21 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 32 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
22 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 33 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
23 */ 34 */
35
24void clientloop_set_session_ident(int id); 36void clientloop_set_session_ident(int id);
37
38/* Client side main loop for the interactive session. */
39int client_loop(int have_pty, int escape_char, int id);
diff --git a/compat.c b/compat.c
index 6e0ed65af..a7a98f8fe 100644
--- a/compat.c
+++ b/compat.c
@@ -25,10 +25,6 @@
25#include "includes.h" 25#include "includes.h"
26RCSID("$OpenBSD: compat.c,v 1.33 2001/01/08 22:29:05 markus Exp $"); 26RCSID("$OpenBSD: compat.c,v 1.33 2001/01/08 22:29:05 markus Exp $");
27 27
28#include "ssh.h"
29#include "packet.h"
30#include "xmalloc.h"
31#include "compat.h"
32#ifdef HAVE_LIBPCRE 28#ifdef HAVE_LIBPCRE
33# include <pcreposix.h> 29# include <pcreposix.h>
34#else /* Use native regex libraries */ 30#else /* Use native regex libraries */
@@ -43,6 +39,11 @@ RCSID("$OpenBSD: compat.c,v 1.33 2001/01/08 22:29:05 markus Exp $");
43# endif 39# endif
44#endif /* HAVE_LIBPCRE */ 40#endif /* HAVE_LIBPCRE */
45 41
42#include "packet.h"
43#include "xmalloc.h"
44#include "compat.h"
45#include "log.h"
46
46int compat13 = 0; 47int compat13 = 0;
47int compat20 = 0; 48int compat20 = 0;
48int datafellows = 0; 49int datafellows = 0;
diff --git a/compress.c b/compress.c
index 2437606b7..1871bc8cc 100644
--- a/compress.c
+++ b/compress.c
@@ -12,9 +12,9 @@
12 */ 12 */
13 13
14#include "includes.h" 14#include "includes.h"
15RCSID("$OpenBSD: compress.c,v 1.11 2000/12/20 19:37:21 markus Exp $"); 15RCSID("$OpenBSD: compress.c,v 1.12 2001/01/21 19:05:48 markus Exp $");
16 16
17#include "ssh.h" 17#include "log.h"
18#include "buffer.h" 18#include "buffer.h"
19#include "zlib.h" 19#include "zlib.h"
20 20
diff --git a/configure.in b/configure.in
index 23d5a0944..7007c9164 100644
--- a/configure.in
+++ b/configure.in
@@ -1382,7 +1382,7 @@ if test ! -d $piddir ; then
1382 esac 1382 esac
1383fi 1383fi
1384 1384
1385AC_DEFINE_UNQUOTED(PIDDIR, "$piddir") 1385AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir")
1386AC_SUBST(piddir) 1386AC_SUBST(piddir)
1387 1387
1388dnl allow user to disable some login recording features 1388dnl allow user to disable some login recording features
diff --git a/deattack.c b/deattack.c
index c3c3f08d2..9b9babace 100644
--- a/deattack.c
+++ b/deattack.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: deattack.c,v 1.11 2000/12/19 23:17:56 markus Exp $ */ 1/* $OpenBSD: deattack.c,v 1.12 2001/01/21 19:05:48 markus Exp $ */
2 2
3/* 3/*
4 * Cryptographic attack detector for ssh - source code 4 * Cryptographic attack detector for ssh - source code
@@ -21,7 +21,7 @@
21 21
22#include "includes.h" 22#include "includes.h"
23#include "deattack.h" 23#include "deattack.h"
24#include "ssh.h" 24#include "log.h"
25#include "crc32.h" 25#include "crc32.h"
26#include "getput.h" 26#include "getput.h"
27#include "xmalloc.h" 27#include "xmalloc.h"
diff --git a/dh.c b/dh.c
index 87a478450..f1f7e5d43 100644
--- a/dh.c
+++ b/dh.c
@@ -23,7 +23,7 @@
23 */ 23 */
24 24
25#include "includes.h" 25#include "includes.h"
26RCSID("$OpenBSD: dh.c,v 1.4 2001/01/15 21:43:51 markus Exp $"); 26RCSID("$OpenBSD: dh.c,v 1.6 2001/01/21 19:05:49 markus Exp $");
27 27
28#include "xmalloc.h" 28#include "xmalloc.h"
29 29
@@ -31,10 +31,13 @@ RCSID("$OpenBSD: dh.c,v 1.4 2001/01/15 21:43:51 markus Exp $");
31#include <openssl/dh.h> 31#include <openssl/dh.h>
32#include <openssl/evp.h> 32#include <openssl/evp.h>
33 33
34#include "ssh.h"
35#include "buffer.h" 34#include "buffer.h"
35#include "cipher.h"
36#include "kex.h" 36#include "kex.h"
37#include "dh.h" 37#include "dh.h"
38#include "pathnames.h"
39#include "log.h"
40#include "misc.h"
38 41
39int 42int
40parse_prime(int linenum, char *line, struct dhgroup *dhg) 43parse_prime(int linenum, char *line, struct dhgroup *dhg)
@@ -100,9 +103,9 @@ choose_dh(int minbits)
100 int linenum; 103 int linenum;
101 struct dhgroup dhg; 104 struct dhgroup dhg;
102 105
103 f = fopen(DH_PRIMES, "r"); 106 f = fopen(_PATH_DH_PRIMES, "r");
104 if (!f) { 107 if (!f) {
105 log("WARNING: %s does not exist, using old prime", DH_PRIMES); 108 log("WARNING: %s does not exist, using old prime", _PATH_DH_PRIMES);
106 return (dh_new_group1()); 109 return (dh_new_group1());
107 } 110 }
108 111
@@ -126,13 +129,13 @@ choose_dh(int minbits)
126 fclose (f); 129 fclose (f);
127 130
128 if (bestcount == 0) { 131 if (bestcount == 0) {
129 log("WARNING: no primes in %s, using old prime", DH_PRIMES); 132 log("WARNING: no primes in %s, using old prime", _PATH_DH_PRIMES);
130 return (dh_new_group1()); 133 return (dh_new_group1());
131 } 134 }
132 135
133 f = fopen(DH_PRIMES, "r"); 136 f = fopen(_PATH_DH_PRIMES, "r");
134 if (!f) { 137 if (!f) {
135 fatal("WARNING: %s dissappeared, giving up", DH_PRIMES); 138 fatal("WARNING: %s dissappeared, giving up", _PATH_DH_PRIMES);
136 } 139 }
137 140
138 linenum = 0; 141 linenum = 0;
diff --git a/dispatch.c b/dispatch.c
index db8951c1b..74fcc553c 100644
--- a/dispatch.c
+++ b/dispatch.c
@@ -22,8 +22,10 @@
22 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 22 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
23 */ 23 */
24#include "includes.h" 24#include "includes.h"
25RCSID("$OpenBSD: dispatch.c,v 1.5 2000/09/21 11:25:34 markus Exp $"); 25RCSID("$OpenBSD: dispatch.c,v 1.7 2001/01/21 19:05:49 markus Exp $");
26#include "ssh.h" 26
27#include "ssh1.h"
28#include "log.h"
27#include "dispatch.h" 29#include "dispatch.h"
28#include "packet.h" 30#include "packet.h"
29 31
diff --git a/entropy.c b/entropy.c
index 7cbc6951e..25e83889e 100644
--- a/entropy.c
+++ b/entropy.c
@@ -24,9 +24,6 @@
24 24
25#include "includes.h" 25#include "includes.h"
26 26
27#include "ssh.h"
28#include "xmalloc.h"
29
30#include <openssl/rand.h> 27#include <openssl/rand.h>
31#include <openssl/sha.h> 28#include <openssl/sha.h>
32 29
@@ -35,7 +32,12 @@
35# include <floatingpoint.h> 32# include <floatingpoint.h>
36#endif /* HAVE_FLOATINGPOINT_H */ 33#endif /* HAVE_FLOATINGPOINT_H */
37 34
38RCSID("$Id: entropy.c,v 1.23 2001/01/16 22:37:15 djm Exp $"); 35#include "ssh.h"
36#include "xmalloc.h"
37#include "atomicio.h"
38#include "log.h"
39
40RCSID("$Id: entropy.c,v 1.24 2001/01/22 05:34:41 mouring Exp $");
39 41
40#ifndef offsetof 42#ifndef offsetof
41# define offsetof(type, member) ((size_t) &((type *)0)->member) 43# define offsetof(type, member) ((size_t) &((type *)0)->member)
diff --git a/groupaccess.c b/groupaccess.c
index bf6be997e..9f72e577e 100644
--- a/groupaccess.c
+++ b/groupaccess.c
@@ -25,9 +25,9 @@
25#include "includes.h" 25#include "includes.h"
26 26
27#include "groupaccess.h" 27#include "groupaccess.h"
28#include "ssh.h"
29#include "xmalloc.h" 28#include "xmalloc.h"
30#include "match.h" 29#include "match.h"
30#include "log.h"
31 31
32static int ngroups; 32static int ngroups;
33static char *groups_byname[NGROUPS_MAX + 1]; /* +1 for base/primary group */ 33static char *groups_byname[NGROUPS_MAX + 1]; /* +1 for base/primary group */
diff --git a/hmac.c b/hmac.c
index 6c3883e67..e440d6117 100644
--- a/hmac.c
+++ b/hmac.c
@@ -23,11 +23,11 @@
23 */ 23 */
24 24
25#include "includes.h" 25#include "includes.h"
26RCSID("$OpenBSD: hmac.c,v 1.5 2000/12/19 23:17:56 markus Exp $"); 26RCSID("$OpenBSD: hmac.c,v 1.6 2001/01/21 19:05:49 markus Exp $");
27 27
28#include "xmalloc.h" 28#include "xmalloc.h"
29#include "ssh.h"
30#include "getput.h" 29#include "getput.h"
30#include "log.h"
31 31
32#include <openssl/hmac.h> 32#include <openssl/hmac.h>
33 33
diff --git a/hostfile.c b/hostfile.c
index 1c3fb22ad..b285ee83c 100644
--- a/hostfile.c
+++ b/hostfile.c
@@ -36,15 +36,13 @@
36 */ 36 */
37 37
38#include "includes.h" 38#include "includes.h"
39RCSID("$OpenBSD: hostfile.c,v 1.23 2000/12/21 15:10:16 markus Exp $"); 39RCSID("$OpenBSD: hostfile.c,v 1.24 2001/01/21 19:05:49 markus Exp $");
40 40
41#include "packet.h" 41#include "packet.h"
42#include "match.h" 42#include "match.h"
43#include "ssh.h"
44#include <openssl/rsa.h>
45#include <openssl/dsa.h>
46#include "key.h" 43#include "key.h"
47#include "hostfile.h" 44#include "hostfile.h"
45#include "log.h"
48 46
49/* 47/*
50 * Parses an RSA (number of bits, e, n) or DSA key from a string. Moves the 48 * Parses an RSA (number of bits, e, n) or DSA key from a string. Moves the
diff --git a/kex.c b/kex.c
index 9a31ae927..d3099f708 100644
--- a/kex.c
+++ b/kex.c
@@ -23,18 +23,7 @@
23 */ 23 */
24 24
25#include "includes.h" 25#include "includes.h"
26RCSID("$OpenBSD: kex.c,v 1.17 2001/01/08 21:48:17 markus Exp $"); 26RCSID("$OpenBSD: kex.c,v 1.18 2001/01/21 19:05:49 markus Exp $");
27
28#include "ssh.h"
29#include "ssh2.h"
30#include "xmalloc.h"
31#include "buffer.h"
32#include "bufaux.h"
33#include "packet.h"
34#include "compat.h"
35
36#include <openssl/bn.h>
37#include <openssl/dh.h>
38 27
39#include <openssl/crypto.h> 28#include <openssl/crypto.h>
40#include <openssl/bio.h> 29#include <openssl/bio.h>
@@ -42,8 +31,16 @@ RCSID("$OpenBSD: kex.c,v 1.17 2001/01/08 21:48:17 markus Exp $");
42#include <openssl/dh.h> 31#include <openssl/dh.h>
43#include <openssl/pem.h> 32#include <openssl/pem.h>
44 33
34#include "ssh2.h"
35#include "xmalloc.h"
36#include "buffer.h"
37#include "bufaux.h"
38#include "packet.h"
39#include "compat.h"
40#include "cipher.h"
45#include "kex.h" 41#include "kex.h"
46#include "key.h" 42#include "key.h"
43#include "log.h"
47 44
48#define KEX_COOKIE_LEN 16 45#define KEX_COOKIE_LEN 16
49 46
diff --git a/key.c b/key.c
index 21e13b863..a2306fed6 100644
--- a/key.c
+++ b/key.c
@@ -31,12 +31,11 @@
31 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 31 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
32 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 32 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
33 */ 33 */
34
35#include "includes.h" 34#include "includes.h"
36#include "ssh.h" 35RCSID("$OpenBSD: key.c,v 1.15 2001/01/21 19:05:50 markus Exp $");
37#include <openssl/rsa.h> 36
38#include <openssl/dsa.h>
39#include <openssl/evp.h> 37#include <openssl/evp.h>
38
40#include "xmalloc.h" 39#include "xmalloc.h"
41#include "key.h" 40#include "key.h"
42#include "rsa.h" 41#include "rsa.h"
@@ -45,8 +44,7 @@
45#include "uuencode.h" 44#include "uuencode.h"
46#include "buffer.h" 45#include "buffer.h"
47#include "bufaux.h" 46#include "bufaux.h"
48 47#include "log.h"
49RCSID("$OpenBSD: key.c,v 1.14 2001/01/16 19:20:06 markus Exp $");
50 48
51Key * 49Key *
52key_new(int type) 50key_new(int type)
diff --git a/key.h b/key.h
index 91f4d0055..00e71839a 100644
--- a/key.h
+++ b/key.h
@@ -24,6 +24,9 @@
24#ifndef KEY_H 24#ifndef KEY_H
25#define KEY_H 25#define KEY_H
26 26
27#include <openssl/rsa.h>
28#include <openssl/dsa.h>
29
27typedef struct Key Key; 30typedef struct Key Key;
28enum types { 31enum types {
29 KEY_RSA1, 32 KEY_RSA1,
diff --git a/log-client.c b/log-client.c
index 656499ad1..b35f77bc9 100644
--- a/log-client.c
+++ b/log-client.c
@@ -36,10 +36,10 @@
36 */ 36 */
37 37
38#include "includes.h" 38#include "includes.h"
39RCSID("$OpenBSD: log-client.c,v 1.14 2001/01/18 16:20:21 markus Exp $"); 39RCSID("$OpenBSD: log-client.c,v 1.15 2001/01/21 19:05:50 markus Exp $");
40 40
41#include "xmalloc.h" 41#include "xmalloc.h"
42#include "ssh.h" 42#include "log.h"
43 43
44static LogLevel log_level = SYSLOG_LEVEL_INFO; 44static LogLevel log_level = SYSLOG_LEVEL_INFO;
45 45
diff --git a/log-server.c b/log-server.c
index 3b19550e3..3c53d9c59 100644
--- a/log-server.c
+++ b/log-server.c
@@ -36,12 +36,12 @@
36 */ 36 */
37 37
38#include "includes.h" 38#include "includes.h"
39RCSID("$OpenBSD: log-server.c,v 1.19 2001/01/18 16:20:21 markus Exp $"); 39RCSID("$OpenBSD: log-server.c,v 1.20 2001/01/21 19:05:50 markus Exp $");
40 40
41#include <syslog.h> 41#include <syslog.h>
42#include "packet.h" 42#include "packet.h"
43#include "xmalloc.h" 43#include "xmalloc.h"
44#include "ssh.h" 44#include "log.h"
45 45
46static LogLevel log_level = SYSLOG_LEVEL_INFO; 46static LogLevel log_level = SYSLOG_LEVEL_INFO;
47static int log_on_stderr = 0; 47static int log_on_stderr = 0;
diff --git a/log.c b/log.c
index 9df2a93fd..7e01384fa 100644
--- a/log.c
+++ b/log.c
@@ -36,9 +36,9 @@
36 */ 36 */
37 37
38#include "includes.h" 38#include "includes.h"
39RCSID("$OpenBSD: log.c,v 1.14 2001/01/18 16:20:21 markus Exp $"); 39RCSID("$OpenBSD: log.c,v 1.15 2001/01/21 19:05:51 markus Exp $");
40 40
41#include "ssh.h" 41#include "log.h"
42#include "xmalloc.h" 42#include "xmalloc.h"
43 43
44/* Fatal messages. This function never returns. */ 44/* Fatal messages. This function never returns. */
diff --git a/log.h b/log.h
new file mode 100644
index 000000000..4b82ee3e7
--- /dev/null
+++ b/log.h
@@ -0,0 +1,76 @@
1/*
2 * Author: Tatu Ylonen <ylo@cs.hut.fi>
3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4 * All rights reserved
5 *
6 * As far as I am concerned, the code I have written for this software
7 * can be used freely for any purpose. Any derived versions of this
8 * software must be clearly marked as such, and if the derived work is
9 * incompatible with the protocol description in the RFC file, it must be
10 * called by a name other than "ssh" or "Secure Shell".
11 */
12
13#ifndef SSH_LOG_H
14#define SSH_LOG_H
15
16/* Supported syslog facilities and levels. */
17typedef enum {
18 SYSLOG_FACILITY_DAEMON,
19 SYSLOG_FACILITY_USER,
20 SYSLOG_FACILITY_AUTH,
21#ifdef LOG_AUTHPRIV
22 SYSLOG_FACILITY_AUTHPRIV,
23#endif
24 SYSLOG_FACILITY_LOCAL0,
25 SYSLOG_FACILITY_LOCAL1,
26 SYSLOG_FACILITY_LOCAL2,
27 SYSLOG_FACILITY_LOCAL3,
28 SYSLOG_FACILITY_LOCAL4,
29 SYSLOG_FACILITY_LOCAL5,
30 SYSLOG_FACILITY_LOCAL6,
31 SYSLOG_FACILITY_LOCAL7
32} SyslogFacility;
33
34typedef enum {
35 SYSLOG_LEVEL_QUIET,
36 SYSLOG_LEVEL_FATAL,
37 SYSLOG_LEVEL_ERROR,
38 SYSLOG_LEVEL_INFO,
39 SYSLOG_LEVEL_VERBOSE,
40 SYSLOG_LEVEL_DEBUG1,
41 SYSLOG_LEVEL_DEBUG2,
42 SYSLOG_LEVEL_DEBUG3
43} LogLevel;
44/* Initializes logging. */
45void log_init(char *av0, LogLevel level, SyslogFacility facility, int on_stderr);
46
47/* Logging implementation, depending on server or client */
48void do_log(LogLevel level, const char *fmt, va_list args);
49
50/* name to facility/level */
51SyslogFacility log_facility_number(char *name);
52LogLevel log_level_number(char *name);
53
54/* Output a message to syslog or stderr */
55void fatal(const char *fmt,...) __attribute__((format(printf, 1, 2)));
56void error(const char *fmt,...) __attribute__((format(printf, 1, 2)));
57void log(const char *fmt,...) __attribute__((format(printf, 1, 2)));
58void verbose(const char *fmt,...) __attribute__((format(printf, 1, 2)));
59void debug(const char *fmt,...) __attribute__((format(printf, 1, 2)));
60void debug2(const char *fmt,...) __attribute__((format(printf, 1, 2)));
61void debug3(const char *fmt,...) __attribute__((format(printf, 1, 2)));
62
63/* same as fatal() but w/o logging */
64void fatal_cleanup(void);
65
66/*
67 * Registers a cleanup function to be called by fatal()/fatal_cleanup()
68 * before exiting. It is permissible to call fatal_remove_cleanup for the
69 * function itself from the function.
70 */
71void fatal_add_cleanup(void (*proc) (void *context), void *context);
72
73/* Removes a cleanup function to be called at fatal(). */
74void fatal_remove_cleanup(void (*proc) (void *context), void *context);
75
76#endif
diff --git a/login.c b/login.c
index 649648faf..3e9af193d 100644
--- a/login.c
+++ b/login.c
@@ -39,7 +39,7 @@
39 */ 39 */
40 40
41#include "includes.h" 41#include "includes.h"
42RCSID("$OpenBSD: login.c,v 1.16 2000/12/19 23:17:57 markus Exp $"); 42RCSID("$OpenBSD: login.c,v 1.17 2001/01/21 19:05:51 markus Exp $");
43 43
44#include "loginrec.h" 44#include "loginrec.h"
45 45
diff --git a/login.h b/login.h
new file mode 100644
index 000000000..fc9b5ded1
--- /dev/null
+++ b/login.h
@@ -0,0 +1,38 @@
1/*
2 * Author: Tatu Ylonen <ylo@cs.hut.fi>
3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4 * All rights reserved
5 *
6 * As far as I am concerned, the code I have written for this software
7 * can be used freely for any purpose. Any derived versions of this
8 * software must be clearly marked as such, and if the derived work is
9 * incompatible with the protocol description in the RFC file, it must be
10 * called by a name other than "ssh" or "Secure Shell".
11 */
12#ifndef LOGIN_H
13#define LOGIN_H
14
15/*
16 * Returns the time when the user last logged in. Returns 0 if the
17 * information is not available. This must be called before record_login.
18 * The host from which the user logged in is stored in buf.
19 */
20u_long
21get_last_login_time(uid_t uid, const char *logname,
22 char *buf, u_int bufsize);
23
24/*
25 * Records that the user has logged in. This does many things normally done
26 * by login(1).
27 */
28void
29record_login(pid_t pid, const char *ttyname, const char *user, uid_t uid,
30 const char *host, struct sockaddr *addr);
31
32/*
33 * Records that the user has logged out. This does many thigs normally done
34 * by login(1) or init.
35 */
36void record_logout(pid_t pid, const char *ttyname);
37
38#endif
diff --git a/loginrec.c b/loginrec.c
index 4afe6fec1..dc723f742 100644
--- a/loginrec.c
+++ b/loginrec.c
@@ -160,8 +160,10 @@
160#include "ssh.h" 160#include "ssh.h"
161#include "xmalloc.h" 161#include "xmalloc.h"
162#include "loginrec.h" 162#include "loginrec.h"
163#include "log.h"
164#include "atomicio.h"
163 165
164RCSID("$Id: loginrec.c,v 1.29 2000/12/28 00:07:07 mouring Exp $"); 166RCSID("$Id: loginrec.c,v 1.30 2001/01/22 05:34:42 mouring Exp $");
165 167
166#ifdef HAVE_UTIL_H 168#ifdef HAVE_UTIL_H
167# include <util.h> 169# include <util.h>
diff --git a/match.c b/match.c
index 895ecab37..81030da6a 100644
--- a/match.c
+++ b/match.c
@@ -12,9 +12,9 @@
12 */ 12 */
13 13
14#include "includes.h" 14#include "includes.h"
15RCSID("$OpenBSD: match.c,v 1.10 2000/12/19 23:17:57 markus Exp $"); 15RCSID("$OpenBSD: match.c,v 1.11 2001/01/21 19:05:52 markus Exp $");
16 16
17#include "ssh.h" 17#include "match.h"
18 18
19/* 19/*
20 * Returns true if the given string matches the pattern (which may contain ? 20 * Returns true if the given string matches the pattern (which may contain ?
diff --git a/util.c b/misc.c
index 1a591a6f0..2d7b2fa60 100644
--- a/util.c
+++ b/misc.c
@@ -28,6 +28,7 @@
28RCSID("$OpenBSD: util.c,v 1.6 2000/10/27 07:32:19 markus Exp $"); 28RCSID("$OpenBSD: util.c,v 1.6 2000/10/27 07:32:19 markus Exp $");
29 29
30#include "ssh.h" 30#include "ssh.h"
31#include "log.h"
31 32
32char * 33char *
33chop(char *s) 34chop(char *s)
diff --git a/misc.h b/misc.h
new file mode 100644
index 000000000..8205a6070
--- /dev/null
+++ b/misc.h
@@ -0,0 +1,19 @@
1/*
2 * Author: Tatu Ylonen <ylo@cs.hut.fi>
3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4 * All rights reserved
5 *
6 * As far as I am concerned, the code I have written for this software
7 * can be used freely for any purpose. Any derived versions of this
8 * software must be clearly marked as such, and if the derived work is
9 * incompatible with the protocol description in the RFC file, it must be
10 * called by a name other than "ssh" or "Secure Shell".
11 */
12/* remove newline at end of string */
13char *chop(char *s);
14
15/* return next token in configuration line */
16char *strdelim(char **s);
17
18/* set filedescriptor to non-blocking */
19void set_nonblock(int fd);
diff --git a/nchan.c b/nchan.c
index 02c213c20..d049a945a 100644
--- a/nchan.c
+++ b/nchan.c
@@ -23,17 +23,16 @@
23 */ 23 */
24 24
25#include "includes.h" 25#include "includes.h"
26RCSID("$OpenBSD: nchan.c,v 1.20 2000/11/06 23:04:56 markus Exp $"); 26RCSID("$OpenBSD: nchan.c,v 1.22 2001/01/21 19:05:52 markus Exp $");
27
28#include "ssh.h"
29 27
28#include "ssh1.h"
29#include "ssh2.h"
30#include "buffer.h" 30#include "buffer.h"
31#include "packet.h" 31#include "packet.h"
32#include "channels.h" 32#include "channels.h"
33#include "nchan.h" 33#include "nchan.h"
34
35#include "ssh2.h"
36#include "compat.h" 34#include "compat.h"
35#include "log.h"
37 36
38/* functions manipulating channel states */ 37/* functions manipulating channel states */
39/* 38/*
diff --git a/packet.c b/packet.c
index bf3a7ee0b..1b7cd162b 100644
--- a/packet.c
+++ b/packet.c
@@ -37,13 +37,12 @@
37 */ 37 */
38 38
39#include "includes.h" 39#include "includes.h"
40RCSID("$OpenBSD: packet.c,v 1.44 2001/01/13 18:36:45 markus Exp $"); 40RCSID("$OpenBSD: packet.c,v 1.46 2001/01/21 19:05:53 markus Exp $");
41 41
42#include "xmalloc.h" 42#include "xmalloc.h"
43#include "buffer.h" 43#include "buffer.h"
44#include "packet.h" 44#include "packet.h"
45#include "bufaux.h" 45#include "bufaux.h"
46#include "ssh.h"
47#include "crc32.h" 46#include "crc32.h"
48#include "getput.h" 47#include "getput.h"
49 48
@@ -52,6 +51,7 @@ RCSID("$OpenBSD: packet.c,v 1.44 2001/01/13 18:36:45 markus Exp $");
52#include "channels.h" 51#include "channels.h"
53 52
54#include "compat.h" 53#include "compat.h"
54#include "ssh1.h"
55#include "ssh2.h" 55#include "ssh2.h"
56 56
57#include <openssl/bn.h> 57#include <openssl/bn.h>
@@ -61,6 +61,8 @@ RCSID("$OpenBSD: packet.c,v 1.44 2001/01/13 18:36:45 markus Exp $");
61#include "cipher.h" 61#include "cipher.h"
62#include "kex.h" 62#include "kex.h"
63#include "hmac.h" 63#include "hmac.h"
64#include "log.h"
65#include "canohost.h"
64 66
65#ifdef PACKET_DEBUG 67#ifdef PACKET_DEBUG
66#define DBG(x) x 68#define DBG(x) x
diff --git a/pathnames.h b/pathnames.h
new file mode 100644
index 000000000..702251c08
--- /dev/null
+++ b/pathnames.h
@@ -0,0 +1,136 @@
1/*
2 * Author: Tatu Ylonen <ylo@cs.hut.fi>
3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4 * All rights reserved
5 *
6 * As far as I am concerned, the code I have written for this software
7 * can be used freely for any purpose. Any derived versions of this
8 * software must be clearly marked as such, and if the derived work is
9 * incompatible with the protocol description in the RFC file, it must be
10 * called by a name other than "ssh" or "Secure Shell".
11 */
12
13#ifndef ETCDIR
14#define ETCDIR "/etc"
15#endif
16
17#ifndef _PATH_SSH_PIDDIR
18#define _PATH_SSH_PIDDIR "/var/run"
19#endif
20
21/*
22 * System-wide file containing host keys of known hosts. This file should be
23 * world-readable.
24 */
25#define _PATH_SSH_SYSTEM_HOSTFILE ETCDIR "/ssh_known_hosts"
26#define _PATH_SSH_SYSTEM_HOSTFILE2 ETCDIR "/ssh_known_hosts2"
27
28/*
29 * Of these, ssh_host_key must be readable only by root, whereas ssh_config
30 * should be world-readable.
31 */
32#define _PATH_HOST_KEY_FILE ETCDIR "/ssh_host_key"
33#define _PATH_SERVER_CONFIG_FILE ETCDIR "/sshd_config"
34#define _PATH_HOST_CONFIG_FILE ETCDIR "/ssh_config"
35#define _PATH_HOST_DSA_KEY_FILE ETCDIR "/ssh_host_dsa_key"
36#define _PATH_DH_PRIMES ETCDIR "/primes"
37
38#define _PATH_SSH_PROGRAM "/usr/bin/ssh"
39
40/*
41 * The process id of the daemon listening for connections is saved here to
42 * make it easier to kill the correct daemon when necessary.
43 */
44#define _PATH_SSH_DAEMON_PID_FILE _PATH_SSH_PIDDIR "/sshd.pid"
45
46/*
47 * The directory in user\'s home directory in which the files reside. The
48 * directory should be world-readable (though not all files are).
49 */
50#define _PATH_SSH_USER_DIR ".ssh"
51
52/*
53 * Per-user file containing host keys of known hosts. This file need not be
54 * readable by anyone except the user him/herself, though this does not
55 * contain anything particularly secret.
56 */
57#define _PATH_SSH_USER_HOSTFILE "~/.ssh/known_hosts"
58#define _PATH_SSH_USER_HOSTFILE2 "~/.ssh/known_hosts2"
59
60/*
61 * Name of the default file containing client-side authentication key. This
62 * file should only be readable by the user him/herself.
63 */
64#define _PATH_SSH_CLIENT_IDENTITY ".ssh/identity"
65#define _PATH_SSH_CLIENT_ID_DSA ".ssh/id_dsa"
66#define _PATH_SSH_CLIENT_ID_RSA ".ssh/id_rsa"
67
68/*
69 * Configuration file in user\'s home directory. This file need not be
70 * readable by anyone but the user him/herself, but does not contain anything
71 * particularly secret. If the user\'s home directory resides on an NFS
72 * volume where root is mapped to nobody, this may need to be world-readable.
73 */
74#define _PATH_SSH_USER_CONFFILE ".ssh/config"
75
76/*
77 * File containing a list of those rsa keys that permit logging in as this
78 * user. This file need not be readable by anyone but the user him/herself,
79 * but does not contain anything particularly secret. If the user\'s home
80 * directory resides on an NFS volume where root is mapped to nobody, this
81 * may need to be world-readable. (This file is read by the daemon which is
82 * running as root.)
83 */
84#define _PATH_SSH_USER_PERMITTED_KEYS ".ssh/authorized_keys"
85#define _PATH_SSH_USER_PERMITTED_KEYS2 ".ssh/authorized_keys2"
86
87/*
88 * Per-user and system-wide ssh "rc" files. These files are executed with
89 * /bin/sh before starting the shell or command if they exist. They will be
90 * passed "proto cookie" as arguments if X11 forwarding with spoofing is in
91 * use. xauth will be run if neither of these exists.
92 */
93#define _PATH_SSH_USER_RC ".ssh/rc"
94#define _PATH_SSH_SYSTEM_RC ETCDIR "/sshrc"
95
96/*
97 * Ssh-only version of /etc/hosts.equiv. Additionally, the daemon may use
98 * ~/.rhosts and /etc/hosts.equiv if rhosts authentication is enabled.
99 */
100#define _PATH_SSH_HOSTS_EQUIV ETCDIR "/shosts.equiv"
101#define _PATH_RHOSTS_EQUIV "/etc/hosts.equiv"
102
103/*
104 * Default location of askpass
105 */
106#define _PATH_SSH_ASKPASS_DEFAULT "/usr/X11R6/bin/ssh-askpass"
107
108/* for scp */
109#ifndef _PATH_CP
110#define _PATH_CP "cp"
111#endif
112
113/* path to login program */
114#ifndef LOGIN_PROGRAM
115# ifdef LOGIN_PROGRAM_FALLBACK
116# define LOGIN_PROGRAM LOGIN_PROGRAM_FALLBACK
117# else
118# define LOGIN_PROGRAM "/usr/bin/login"
119# endif
120#endif /* LOGIN_PROGRAM */
121
122/* Askpass program define */
123#ifndef ASKPASS_PROGRAM
124#define ASKPASS_PROGRAM "/usr/lib/ssh/ssh-askpass"
125#endif /* ASKPASS_PROGRAM */
126
127/*
128 * Relevant only when using builtin PRNG.
129 */
130#ifndef SSH_PRNG_SEED_FILE
131# define SSH_PRNG_SEED_FILE SSH_USER_DIR"/prng_seed"
132#endif /* SSH_PRNG_SEED_FILE */
133#ifndef SSH_PRNG_COMMAND_FILE
134# define SSH_PRNG_COMMAND_FILE ETCDIR "/ssh_prng_cmds"
135#endif /* SSH_PRNG_COMMAND_FILE */
136
diff --git a/pty.c b/pty.c
index 37a907822..384e921b5 100644
--- a/pty.c
+++ b/pty.c
@@ -12,14 +12,14 @@
12 */ 12 */
13 13
14#include "includes.h" 14#include "includes.h"
15RCSID("$OpenBSD: pty.c,v 1.19 2000/12/20 20:00:34 markus Exp $"); 15RCSID("$OpenBSD: pty.c,v 1.20 2001/01/21 19:05:53 markus Exp $");
16 16
17#ifdef HAVE_UTIL_H 17#ifdef HAVE_UTIL_H
18# include <util.h> 18# include <util.h>
19#endif /* HAVE_UTIL_H */ 19#endif /* HAVE_UTIL_H */
20 20
21#include "pty.h" 21#include "pty.h"
22#include "ssh.h" 22#include "log.h"
23 23
24/* Pty allocated with _getpty gets broken if we do I_PUSH:es to it. */ 24/* Pty allocated with _getpty gets broken if we do I_PUSH:es to it. */
25#if defined(HAVE__GETPTY) || defined(HAVE_OPENPTY) 25#if defined(HAVE__GETPTY) || defined(HAVE_OPENPTY)
diff --git a/radix.h b/radix.h
new file mode 100644
index 000000000..993fa5887
--- /dev/null
+++ b/radix.h
@@ -0,0 +1,26 @@
1/*
2 * Copyright (c) 1999 Dug Song. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the
11 * documentation and/or other materials provided with the distribution.
12 *
13 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
14 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
15 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
16 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
17 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
18 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
19 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
20 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
21 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
22 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
23 */
24
25int creds_to_radix(CREDENTIALS * creds, u_char *buf, size_t buflen);
26int radix_to_creds(const char *buf, CREDENTIALS * creds);
diff --git a/readconf.c b/readconf.c
index 7efaf85eb..a10aaff1c 100644
--- a/readconf.c
+++ b/readconf.c
@@ -12,13 +12,17 @@
12 */ 12 */
13 13
14#include "includes.h" 14#include "includes.h"
15RCSID("$OpenBSD: readconf.c,v 1.54 2001/01/18 16:20:22 markus Exp $"); 15RCSID("$OpenBSD: readconf.c,v 1.58 2001/01/21 19:05:53 markus Exp $");
16 16
17#include "ssh.h" 17#include "ssh.h"
18#include "readconf.h"
19#include "match.h"
20#include "xmalloc.h" 18#include "xmalloc.h"
21#include "compat.h" 19#include "compat.h"
20#include "cipher.h"
21#include "pathnames.h"
22#include "log.h"
23#include "readconf.h"
24#include "match.h"
25#include "misc.h"
22 26
23/* Format of the configuration file: 27/* Format of the configuration file:
24 28
@@ -247,7 +251,7 @@ process_config_line(Options *options, const char *host,
247 /* Ignore leading whitespace. */ 251 /* Ignore leading whitespace. */
248 if (*keyword == '\0') 252 if (*keyword == '\0')
249 keyword = strdelim(&s); 253 keyword = strdelim(&s);
250 if (!*keyword || *keyword == '\n' || *keyword == '#') 254 if (keyword == NULL || !*keyword || *keyword == '\n' || *keyword == '#')
251 return 0; 255 return 0;
252 256
253 opcode = parse_token(keyword, filename, linenum); 257 opcode = parse_token(keyword, filename, linenum);
@@ -599,8 +603,7 @@ parse_int:
599 } 603 }
600 604
601 /* Check that there is no garbage at end of line. */ 605 /* Check that there is no garbage at end of line. */
602 if ((arg = strdelim(&s)) != NULL && *arg != '\0') 606 if ((arg = strdelim(&s)) != NULL && *arg != '\0') {
603 {
604 fatal("%.200s line %d: garbage at end of line; \"%.200s\".", 607 fatal("%.200s line %d: garbage at end of line; \"%.200s\".",
605 filename, linenum, arg); 608 filename, linenum, arg);
606 } 609 }
@@ -782,27 +785,27 @@ fill_default_options(Options * options)
782 if (options->num_identity_files == 0) { 785 if (options->num_identity_files == 0) {
783 if (options->protocol & SSH_PROTO_1) { 786 if (options->protocol & SSH_PROTO_1) {
784 options->identity_files[options->num_identity_files] = 787 options->identity_files[options->num_identity_files] =
785 xmalloc(2 + strlen(SSH_CLIENT_IDENTITY) + 1); 788 xmalloc(2 + strlen(_PATH_SSH_CLIENT_IDENTITY) + 1);
786 sprintf(options->identity_files[options->num_identity_files++], 789 sprintf(options->identity_files[options->num_identity_files++],
787 "~/%.100s", SSH_CLIENT_IDENTITY); 790 "~/%.100s", _PATH_SSH_CLIENT_IDENTITY);
788 } 791 }
789 if (options->protocol & SSH_PROTO_2) { 792 if (options->protocol & SSH_PROTO_2) {
790 options->identity_files[options->num_identity_files] = 793 options->identity_files[options->num_identity_files] =
791 xmalloc(2 + strlen(SSH_CLIENT_ID_DSA) + 1); 794 xmalloc(2 + strlen(_PATH_SSH_CLIENT_ID_DSA) + 1);
792 sprintf(options->identity_files[options->num_identity_files++], 795 sprintf(options->identity_files[options->num_identity_files++],
793 "~/%.100s", SSH_CLIENT_ID_DSA); 796 "~/%.100s", _PATH_SSH_CLIENT_ID_DSA);
794 } 797 }
795 } 798 }
796 if (options->escape_char == -1) 799 if (options->escape_char == -1)
797 options->escape_char = '~'; 800 options->escape_char = '~';
798 if (options->system_hostfile == NULL) 801 if (options->system_hostfile == NULL)
799 options->system_hostfile = SSH_SYSTEM_HOSTFILE; 802 options->system_hostfile = _PATH_SSH_SYSTEM_HOSTFILE;
800 if (options->user_hostfile == NULL) 803 if (options->user_hostfile == NULL)
801 options->user_hostfile = SSH_USER_HOSTFILE; 804 options->user_hostfile = _PATH_SSH_USER_HOSTFILE;
802 if (options->system_hostfile2 == NULL) 805 if (options->system_hostfile2 == NULL)
803 options->system_hostfile2 = SSH_SYSTEM_HOSTFILE2; 806 options->system_hostfile2 = _PATH_SSH_SYSTEM_HOSTFILE2;
804 if (options->user_hostfile2 == NULL) 807 if (options->user_hostfile2 == NULL)
805 options->user_hostfile2 = SSH_USER_HOSTFILE2; 808 options->user_hostfile2 = _PATH_SSH_USER_HOSTFILE2;
806 if (options->log_level == (LogLevel) - 1) 809 if (options->log_level == (LogLevel) - 1)
807 options->log_level = SYSLOG_LEVEL_INFO; 810 options->log_level = SYSLOG_LEVEL_INFO;
808 /* options->proxy_command should not be set by default */ 811 /* options->proxy_command should not be set by default */
diff --git a/readpass.c b/readpass.c
index 64281edd6..fe158d549 100644
--- a/readpass.c
+++ b/readpass.c
@@ -32,10 +32,9 @@
32 */ 32 */
33 33
34#include "includes.h" 34#include "includes.h"
35RCSID("$OpenBSD: readpass.c,v 1.12 2000/10/11 20:14:39 markus Exp $"); 35RCSID("$OpenBSD: readpass.c,v 1.13 2001/01/21 19:05:54 markus Exp $");
36 36
37#include "xmalloc.h" 37#include "xmalloc.h"
38#include "ssh.h"
39#include "cli.h" 38#include "cli.h"
40 39
41/* 40/*
diff --git a/readpass.h b/readpass.h
new file mode 100644
index 000000000..fa64b4b34
--- /dev/null
+++ b/readpass.h
@@ -0,0 +1,18 @@
1/*
2 * Author: Tatu Ylonen <ylo@cs.hut.fi>
3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4 * All rights reserved
5 *
6 * As far as I am concerned, the code I have written for this software
7 * can be used freely for any purpose. Any derived versions of this
8 * software must be clearly marked as such, and if the derived work is
9 * incompatible with the protocol description in the RFC file, it must be
10 * called by a name other than "ssh" or "Secure Shell".
11 */
12
13/*
14 * Reads a passphrase from /dev/tty with echo turned off. Returns the
15 * passphrase (allocated with xmalloc). Exits if EOF is encountered. If
16 * from_stdin is true, the passphrase will be read from stdin instead.
17 */
18char *read_passphrase(char *prompt, int from_stdin);
diff --git a/rsa.c b/rsa.c
index e5eea29f5..04bb239e5 100644
--- a/rsa.c
+++ b/rsa.c
@@ -60,10 +60,10 @@
60 */ 60 */
61 61
62#include "includes.h" 62#include "includes.h"
63RCSID("$OpenBSD: rsa.c,v 1.18 2000/12/19 23:17:57 markus Exp $"); 63RCSID("$OpenBSD: rsa.c,v 1.19 2001/01/21 19:05:54 markus Exp $");
64 64
65#include "rsa.h" 65#include "rsa.h"
66#include "ssh.h" 66#include "log.h"
67#include "xmalloc.h" 67#include "xmalloc.h"
68 68
69void 69void
diff --git a/scp.c b/scp.c
index d353b5ead..401e400d4 100644
--- a/scp.c
+++ b/scp.c
@@ -75,14 +75,12 @@
75 */ 75 */
76 76
77#include "includes.h" 77#include "includes.h"
78RCSID("$OpenBSD: scp.c,v 1.49 2001/01/13 18:03:07 markus Exp $"); 78RCSID("$OpenBSD: scp.c,v 1.51 2001/01/21 19:05:55 markus Exp $");
79 79
80#include "ssh.h"
81#include "xmalloc.h" 80#include "xmalloc.h"
82 81#include "atomicio.h"
83#ifndef _PATH_CP 82#include "pathnames.h"
84#define _PATH_CP "cp" 83#include "log.h"
85#endif
86 84
87#ifdef HAVE___PROGNAME 85#ifdef HAVE___PROGNAME
88extern char *__progname; 86extern char *__progname;
@@ -130,7 +128,7 @@ int verbose_mode = 0;
130int showprogress = 1; 128int showprogress = 1;
131 129
132/* This is the program to execute for the secured connection. ("ssh" or -S) */ 130/* This is the program to execute for the secured connection. ("ssh" or -S) */
133char *ssh_program = SSH_PROGRAM; 131char *ssh_program = _PATH_SSH_PROGRAM;
134 132
135/* This is the list of arguments that scp passes to ssh */ 133/* This is the list of arguments that scp passes to ssh */
136struct { 134struct {
diff --git a/servconf.c b/servconf.c
index 801267b48..7dfd040c8 100644
--- a/servconf.c
+++ b/servconf.c
@@ -10,16 +10,32 @@
10 */ 10 */
11 11
12#include "includes.h" 12#include "includes.h"
13RCSID("$OpenBSD: servconf.c,v 1.59 2001/01/19 12:45:26 markus Exp $"); 13RCSID("$OpenBSD: servconf.c,v 1.62 2001/01/21 19:05:55 markus Exp $");
14
15#ifdef KRB4
16#include <krb.h>
17#endif
18#ifdef AFS
19#include <kafs.h>
20#endif
14 21
15#include "ssh.h" 22#include "ssh.h"
23#include "log.h"
16#include "servconf.h" 24#include "servconf.h"
17#include "xmalloc.h" 25#include "xmalloc.h"
18#include "compat.h" 26#include "compat.h"
27#include "pathnames.h"
28#include "tildexpand.h"
29#include "misc.h"
30#include "cipher.h"
31
19 32
20/* add listen address */ 33/* add listen address */
21void add_listen_addr(ServerOptions *options, char *addr); 34void add_listen_addr(ServerOptions *options, char *addr);
22 35
36/* AF_UNSPEC or AF_INET or AF_INET6 */
37extern int IPv4or6;
38
23/* Initializes the server options to their default values. */ 39/* Initializes the server options to their default values. */
24 40
25void 41void
@@ -87,16 +103,16 @@ fill_default_server_options(ServerOptions *options)
87 if (options->num_host_key_files == 0) { 103 if (options->num_host_key_files == 0) {
88 /* fill default hostkeys for protocols */ 104 /* fill default hostkeys for protocols */
89 if (options->protocol & SSH_PROTO_1) 105 if (options->protocol & SSH_PROTO_1)
90 options->host_key_files[options->num_host_key_files++] = HOST_KEY_FILE; 106 options->host_key_files[options->num_host_key_files++] = _PATH_HOST_KEY_FILE;
91 if (options->protocol & SSH_PROTO_2) 107 if (options->protocol & SSH_PROTO_2)
92 options->host_key_files[options->num_host_key_files++] = HOST_DSA_KEY_FILE; 108 options->host_key_files[options->num_host_key_files++] = _PATH_HOST_DSA_KEY_FILE;
93 } 109 }
94 if (options->num_ports == 0) 110 if (options->num_ports == 0)
95 options->ports[options->num_ports++] = SSH_DEFAULT_PORT; 111 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
96 if (options->listen_addrs == NULL) 112 if (options->listen_addrs == NULL)
97 add_listen_addr(options, NULL); 113 add_listen_addr(options, NULL);
98 if (options->pid_file == NULL) 114 if (options->pid_file == NULL)
99 options->pid_file = SSH_DAEMON_PID_FILE; 115 options->pid_file = _PATH_SSH_DAEMON_PID_FILE;
100 if (options->server_key_bits == -1) 116 if (options->server_key_bits == -1)
101 options->server_key_bits = 768; 117 options->server_key_bits = 768;
102 if (options->login_grace_time == -1) 118 if (options->login_grace_time == -1)
@@ -281,7 +297,6 @@ parse_token(const char *cp, const char *filename,
281void 297void
282add_listen_addr(ServerOptions *options, char *addr) 298add_listen_addr(ServerOptions *options, char *addr)
283{ 299{
284 extern int IPv4or6;
285 struct addrinfo hints, *ai, *aitop; 300 struct addrinfo hints, *ai, *aitop;
286 char strport[NI_MAXSERV]; 301 char strport[NI_MAXSERV];
287 int gaierr; 302 int gaierr;
@@ -332,7 +347,7 @@ read_server_config(ServerOptions *options, const char *filename)
332 /* Ignore leading whitespace */ 347 /* Ignore leading whitespace */
333 if (*arg == '\0') 348 if (*arg == '\0')
334 arg = strdelim(&cp); 349 arg = strdelim(&cp);
335 if (!*arg || *arg == '#') 350 if (!arg || !*arg || *arg == '#')
336 continue; 351 continue;
337 intptr = NULL; 352 intptr = NULL;
338 charptr = NULL; 353 charptr = NULL;
diff --git a/serverloop.c b/serverloop.c
index 958c9661e..a7f8e72b5 100644
--- a/serverloop.c
+++ b/serverloop.c
@@ -35,22 +35,24 @@
35 */ 35 */
36 36
37#include "includes.h" 37#include "includes.h"
38RCSID("$OpenBSD: serverloop.c,v 1.40 2001/01/18 17:00:00 markus Exp $"); 38RCSID("$OpenBSD: serverloop.c,v 1.42 2001/01/21 19:05:55 markus Exp $");
39 39
40#include "xmalloc.h" 40#include "xmalloc.h"
41#include "ssh.h"
42#include "packet.h" 41#include "packet.h"
43#include "buffer.h" 42#include "buffer.h"
43#include "log.h"
44#include "servconf.h" 44#include "servconf.h"
45#include "pty.h" 45#include "pty.h"
46#include "channels.h" 46#include "channels.h"
47
48#include "compat.h" 47#include "compat.h"
48#include "ssh1.h"
49#include "ssh2.h" 49#include "ssh2.h"
50#include "auth.h" 50#include "auth.h"
51#include "session.h" 51#include "session.h"
52#include "dispatch.h" 52#include "dispatch.h"
53#include "auth-options.h" 53#include "auth-options.h"
54#include "serverloop.h"
55#include "misc.h"
54 56
55extern ServerOptions options; 57extern ServerOptions options;
56 58
diff --git a/serverloop.h b/serverloop.h
new file mode 100644
index 000000000..915bffeab
--- /dev/null
+++ b/serverloop.h
@@ -0,0 +1,20 @@
1/*
2 * Author: Tatu Ylonen <ylo@cs.hut.fi>
3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4 * All rights reserved
5 *
6 * As far as I am concerned, the code I have written for this software
7 * can be used freely for any purpose. Any derived versions of this
8 * software must be clearly marked as such, and if the derived work is
9 * incompatible with the protocol description in the RFC file, it must be
10 * called by a name other than "ssh" or "Secure Shell".
11 */
12/*
13 * Performs the interactive session. This handles data transmission between
14 * the client and the program. Note that the notion of stdin, stdout, and
15 * stderr in this function is sort of reversed: this function writes to stdin
16 * (of the child program), and reads from stdout and stderr (of the child
17 * program).
18 */
19void server_loop(pid_t pid, int fdin, int fdout, int fderr);
20void server_loop2(void);
diff --git a/session.c b/session.c
index 20975cb6c..b6ab88731 100644
--- a/session.c
+++ b/session.c
@@ -33,24 +33,29 @@
33 */ 33 */
34 34
35#include "includes.h" 35#include "includes.h"
36RCSID("$OpenBSD: session.c,v 1.49 2001/01/18 17:00:00 markus Exp $"); 36RCSID("$OpenBSD: session.c,v 1.51 2001/01/21 19:05:56 markus Exp $");
37 37
38#include "xmalloc.h"
39#include "ssh.h" 38#include "ssh.h"
39#include "ssh1.h"
40#include "ssh2.h"
41#include "xmalloc.h"
40#include "pty.h" 42#include "pty.h"
41#include "packet.h" 43#include "packet.h"
42#include "buffer.h" 44#include "buffer.h"
43#include "mpaux.h" 45#include "mpaux.h"
44#include "servconf.h"
45#include "uidswap.h" 46#include "uidswap.h"
46#include "compat.h" 47#include "compat.h"
47#include "channels.h" 48#include "channels.h"
48#include "nchan.h" 49#include "nchan.h"
49
50#include "bufaux.h" 50#include "bufaux.h"
51#include "ssh2.h"
52#include "auth.h" 51#include "auth.h"
53#include "auth-options.h" 52#include "auth-options.h"
53#include "pathnames.h"
54#include "log.h"
55#include "servconf.h"
56#include "login.h"
57#include "serverloop.h"
58#include "canohost.h"
54 59
55#ifdef WITH_IRIX_PROJECT 60#ifdef WITH_IRIX_PROJECT
56#include <proj.h> 61#include <proj.h>
@@ -1333,28 +1338,28 @@ do_child(const char *command, struct passwd * pw, const char *term,
1333 * in this order). 1338 * in this order).
1334 */ 1339 */
1335 if (!options.use_login) { 1340 if (!options.use_login) {
1336 if (stat(SSH_USER_RC, &st) >= 0) { 1341 if (stat(_PATH_SSH_USER_RC, &st) >= 0) {
1337 if (debug_flag) 1342 if (debug_flag)
1338 fprintf(stderr, "Running %s %s\n", _PATH_BSHELL, SSH_USER_RC); 1343 fprintf(stderr, "Running %s %s\n", _PATH_BSHELL, _PATH_SSH_USER_RC);
1339 1344
1340 f = popen(_PATH_BSHELL " " SSH_USER_RC, "w"); 1345 f = popen(_PATH_BSHELL " " _PATH_SSH_USER_RC, "w");
1341 if (f) { 1346 if (f) {
1342 if (auth_proto != NULL && auth_data != NULL) 1347 if (auth_proto != NULL && auth_data != NULL)
1343 fprintf(f, "%s %s\n", auth_proto, auth_data); 1348 fprintf(f, "%s %s\n", auth_proto, auth_data);
1344 pclose(f); 1349 pclose(f);
1345 } else 1350 } else
1346 fprintf(stderr, "Could not run %s\n", SSH_USER_RC); 1351 fprintf(stderr, "Could not run %s\n", _PATH_SSH_USER_RC);
1347 } else if (stat(SSH_SYSTEM_RC, &st) >= 0) { 1352 } else if (stat(_PATH_SSH_SYSTEM_RC, &st) >= 0) {
1348 if (debug_flag) 1353 if (debug_flag)
1349 fprintf(stderr, "Running %s %s\n", _PATH_BSHELL, SSH_SYSTEM_RC); 1354 fprintf(stderr, "Running %s %s\n", _PATH_BSHELL, _PATH_SSH_SYSTEM_RC);
1350 1355
1351 f = popen(_PATH_BSHELL " " SSH_SYSTEM_RC, "w"); 1356 f = popen(_PATH_BSHELL " " _PATH_SSH_SYSTEM_RC, "w");
1352 if (f) { 1357 if (f) {
1353 if (auth_proto != NULL && auth_data != NULL) 1358 if (auth_proto != NULL && auth_data != NULL)
1354 fprintf(f, "%s %s\n", auth_proto, auth_data); 1359 fprintf(f, "%s %s\n", auth_proto, auth_data);
1355 pclose(f); 1360 pclose(f);
1356 } else 1361 } else
1357 fprintf(stderr, "Could not run %s\n", SSH_SYSTEM_RC); 1362 fprintf(stderr, "Could not run %s\n", _PATH_SSH_SYSTEM_RC);
1358 } else if (options.xauth_location != NULL) { 1363 } else if (options.xauth_location != NULL) {
1359 /* Add authority data to .Xauthority if appropriate. */ 1364 /* Add authority data to .Xauthority if appropriate. */
1360 if (auth_proto != NULL && auth_data != NULL) { 1365 if (auth_proto != NULL && auth_data != NULL) {
diff --git a/sftp-server.c b/sftp-server.c
index b99f087fa..b0a8d0d57 100644
--- a/sftp-server.c
+++ b/sftp-server.c
@@ -22,12 +22,12 @@
22 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 22 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
23 */ 23 */
24#include "includes.h" 24#include "includes.h"
25RCSID("$OpenBSD: sftp-server.c,v 1.13 2001/01/16 20:54:27 markus Exp $"); 25RCSID("$OpenBSD: sftp-server.c,v 1.14 2001/01/21 19:05:56 markus Exp $");
26 26
27#include "ssh.h"
28#include "buffer.h" 27#include "buffer.h"
29#include "bufaux.h" 28#include "bufaux.h"
30#include "getput.h" 29#include "getput.h"
30#include "log.h"
31#include "xmalloc.h" 31#include "xmalloc.h"
32 32
33#include "sftp.h" 33#include "sftp.h"
diff --git a/ssh-add.c b/ssh-add.c
index c3b3ab4a9..da6f3dcf1 100644
--- a/ssh-add.c
+++ b/ssh-add.c
@@ -35,18 +35,19 @@
35 */ 35 */
36 36
37#include "includes.h" 37#include "includes.h"
38RCSID("$OpenBSD: ssh-add.c,v 1.24 2001/01/13 18:14:13 markus Exp $"); 38RCSID("$OpenBSD: ssh-add.c,v 1.27 2001/01/21 19:05:56 markus Exp $");
39 39
40#include <openssl/evp.h> 40#include <openssl/evp.h>
41#include <openssl/rsa.h>
42#include <openssl/dsa.h>
43 41
44#include "rsa.h"
45#include "ssh.h" 42#include "ssh.h"
43#include "rsa.h"
44#include "log.h"
46#include "xmalloc.h" 45#include "xmalloc.h"
47#include "key.h" 46#include "key.h"
48#include "authfd.h" 47#include "authfd.h"
49#include "authfile.h" 48#include "authfile.h"
49#include "pathnames.h"
50#include "readpass.h"
50 51
51#ifdef HAVE___PROGNAME 52#ifdef HAVE___PROGNAME
52extern char *__progname; 53extern char *__progname;
@@ -103,6 +104,8 @@ ssh_askpass(char *askpass, char *msg)
103 int p[2], status; 104 int p[2], status;
104 char buf[1024]; 105 char buf[1024];
105 106
107 if (fflush(stdout) != 0)
108 error("ssh_askpass: fflush: %s", strerror(errno));
106 if (askpass == NULL) 109 if (askpass == NULL)
107 fatal("internal error: askpass undefined"); 110 fatal("internal error: askpass undefined");
108 if (pipe(p) < 0) 111 if (pipe(p) < 0)
@@ -117,9 +120,7 @@ ssh_askpass(char *askpass, char *msg)
117 fatal("ssh_askpass: exec(%s): %s", askpass, strerror(errno)); 120 fatal("ssh_askpass: exec(%s): %s", askpass, strerror(errno));
118 } 121 }
119 close(p[1]); 122 close(p[1]);
120 buf[0] = '\0'; 123 len = read(p[0], buf, sizeof buf);
121 atomicio(read, p[0], buf, sizeof buf);
122 len = strlen(buf);
123 close(p[0]); 124 close(p[0]);
124 while (waitpid(pid, &status, 0) < 0) 125 while (waitpid(pid, &status, 0) < 0)
125 if (errno != EINTR) 126 if (errno != EINTR)
@@ -166,7 +167,7 @@ add_file(AuthenticationConnection *ac, const char *filename)
166 if (getenv(SSH_ASKPASS_ENV)) 167 if (getenv(SSH_ASKPASS_ENV))
167 askpass = getenv(SSH_ASKPASS_ENV); 168 askpass = getenv(SSH_ASKPASS_ENV);
168 else 169 else
169 askpass = SSH_ASKPASS_DEFAULT; 170 askpass = _PATH_SSH_ASKPASS_DEFAULT;
170 } 171 }
171 172
172 /* At first, try empty passphrase */ 173 /* At first, try empty passphrase */
@@ -291,7 +292,7 @@ main(int argc, char **argv)
291 ssh_close_authentication_connection(ac); 292 ssh_close_authentication_connection(ac);
292 exit(1); 293 exit(1);
293 } 294 }
294 snprintf(buf, sizeof buf, "%s/%s", pw->pw_dir, SSH_CLIENT_IDENTITY); 295 snprintf(buf, sizeof buf, "%s/%s", pw->pw_dir, _PATH_SSH_CLIENT_IDENTITY);
295 if (deleting) 296 if (deleting)
296 delete_file(ac, buf); 297 delete_file(ac, buf);
297 else 298 else
diff --git a/ssh-agent.c b/ssh-agent.c
index 55704e492..bc577e76a 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-agent.c,v 1.45 2000/12/19 23:17:58 markus Exp $ */ 1/* $OpenBSD: ssh-agent.c,v 1.47 2001/01/21 19:05:56 markus Exp $ */
2 2
3/* 3/*
4 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -37,7 +37,10 @@
37 */ 37 */
38 38
39#include "includes.h" 39#include "includes.h"
40RCSID("$OpenBSD: ssh-agent.c,v 1.45 2000/12/19 23:17:58 markus Exp $"); 40RCSID("$OpenBSD: ssh-agent.c,v 1.47 2001/01/21 19:05:56 markus Exp $");
41
42#include <openssl/evp.h>
43#include <openssl/md5.h>
41 44
42#include "ssh.h" 45#include "ssh.h"
43#include "rsa.h" 46#include "rsa.h"
@@ -47,15 +50,12 @@ RCSID("$OpenBSD: ssh-agent.c,v 1.45 2000/12/19 23:17:58 markus Exp $");
47#include "packet.h" 50#include "packet.h"
48#include "getput.h" 51#include "getput.h"
49#include "mpaux.h" 52#include "mpaux.h"
50
51#include <openssl/evp.h>
52#include <openssl/md5.h>
53#include <openssl/dsa.h>
54#include <openssl/rsa.h>
55#include "key.h" 53#include "key.h"
56#include "authfd.h" 54#include "authfd.h"
55#include "cipher.h"
57#include "kex.h" 56#include "kex.h"
58#include "compat.h" 57#include "compat.h"
58#include "log.h"
59 59
60typedef struct { 60typedef struct {
61 int fd; 61 int fd;
@@ -97,6 +97,8 @@ extern char *__progname;
97char *__progname; 97char *__progname;
98#endif 98#endif
99 99
100int prepare_select(fd_set **, fd_set **, int *);
101
100void 102void
101idtab_init(void) 103idtab_init(void)
102{ 104{
@@ -293,7 +295,7 @@ process_remove_identity(SocketEntry *e, int version)
293 295
294 if (bits != key_size(key)) 296 if (bits != key_size(key))
295 log("Warning: identity keysize mismatch: actual %d, announced %d", 297 log("Warning: identity keysize mismatch: actual %d, announced %d",
296 key_size(key), bits); 298 key_size(key), bits);
297 break; 299 break;
298 case 2: 300 case 2:
299 blob = buffer_get_string(&e->input, &blen); 301 blob = buffer_get_string(&e->input, &blen);
@@ -388,7 +390,7 @@ process_add_identity(SocketEntry *e, int version)
388 switch (version) { 390 switch (version) {
389 case 1: 391 case 1:
390 k = key_new_private(KEY_RSA1); 392 k = key_new_private(KEY_RSA1);
391 buffer_get_int(&e->input); /* ignored */ 393 buffer_get_int(&e->input); /* ignored */
392 buffer_get_bignum(&e->input, k->rsa->n); 394 buffer_get_bignum(&e->input, k->rsa->n);
393 buffer_get_bignum(&e->input, k->rsa->e); 395 buffer_get_bignum(&e->input, k->rsa->e);
394 buffer_get_bignum(&e->input, k->rsa->d); 396 buffer_get_bignum(&e->input, k->rsa->d);
@@ -403,7 +405,7 @@ process_add_identity(SocketEntry *e, int version)
403 break; 405 break;
404 case 2: 406 case 2:
405 type_name = buffer_get_string(&e->input, NULL); 407 type_name = buffer_get_string(&e->input, NULL);
406 type = key_type_from_name(type_name); 408 type = key_type_from_name(type_name);
407 xfree(type_name); 409 xfree(type_name);
408 switch(type) { 410 switch(type) {
409 case KEY_DSA: 411 case KEY_DSA:
@@ -556,17 +558,17 @@ new_socket(int type, int fd)
556 buffer_init(&sockets[old_alloc].output); 558 buffer_init(&sockets[old_alloc].output);
557} 559}
558 560
559void 561int
560prepare_select(fd_set *readset, fd_set *writeset) 562prepare_select(fd_set **fdrp, fd_set **fdwp, int *fdl)
561{ 563{
562 u_int i; 564 u_int i, sz;
563 for (i = 0; i < sockets_alloc; i++) 565 int n = 0;
566
567 for (i = 0; i < sockets_alloc; i++) {
564 switch (sockets[i].type) { 568 switch (sockets[i].type) {
565 case AUTH_SOCKET: 569 case AUTH_SOCKET:
566 case AUTH_CONNECTION: 570 case AUTH_CONNECTION:
567 FD_SET(sockets[i].fd, readset); 571 n = MAX(n, sockets[i].fd);
568 if (buffer_len(&sockets[i].output) > 0)
569 FD_SET(sockets[i].fd, writeset);
570 break; 572 break;
571 case AUTH_UNUSED: 573 case AUTH_UNUSED:
572 break; 574 break;
@@ -574,6 +576,34 @@ prepare_select(fd_set *readset, fd_set *writeset)
574 fatal("Unknown socket type %d", sockets[i].type); 576 fatal("Unknown socket type %d", sockets[i].type);
575 break; 577 break;
576 } 578 }
579 }
580
581 sz = howmany(n+1, NFDBITS) * sizeof(fd_mask);
582 if (*fdrp == NULL || n > *fdl) {
583 if (*fdrp)
584 free(*fdrp);
585 if (*fdwp)
586 free(*fdwp);
587 *fdrp = xmalloc(sz);
588 *fdwp = xmalloc(sz);
589 *fdl = n;
590 }
591 memset(*fdrp, 0, sz);
592 memset(*fdwp, 0, sz);
593
594 for (i = 0; i < sockets_alloc; i++) {
595 switch (sockets[i].type) {
596 case AUTH_SOCKET:
597 case AUTH_CONNECTION:
598 FD_SET(sockets[i].fd, *fdrp);
599 if (buffer_len(&sockets[i].output) > 0)
600 FD_SET(sockets[i].fd, *fdwp);
601 break;
602 default:
603 break;
604 }
605 }
606 return (1);
577} 607}
578 608
579void 609void
@@ -592,7 +622,8 @@ after_select(fd_set *readset, fd_set *writeset)
592 case AUTH_SOCKET: 622 case AUTH_SOCKET:
593 if (FD_ISSET(sockets[i].fd, readset)) { 623 if (FD_ISSET(sockets[i].fd, readset)) {
594 slen = sizeof(sunaddr); 624 slen = sizeof(sunaddr);
595 sock = accept(sockets[i].fd, (struct sockaddr *) & sunaddr, &slen); 625 sock = accept(sockets[i].fd,
626 (struct sockaddr *) &sunaddr, &slen);
596 if (sock < 0) { 627 if (sock < 0) {
597 perror("accept from AUTH_SOCKET"); 628 perror("accept from AUTH_SOCKET");
598 break; 629 break;
@@ -603,8 +634,9 @@ after_select(fd_set *readset, fd_set *writeset)
603 case AUTH_CONNECTION: 634 case AUTH_CONNECTION:
604 if (buffer_len(&sockets[i].output) > 0 && 635 if (buffer_len(&sockets[i].output) > 0 &&
605 FD_ISSET(sockets[i].fd, writeset)) { 636 FD_ISSET(sockets[i].fd, writeset)) {
606 len = write(sockets[i].fd, buffer_ptr(&sockets[i].output), 637 len = write(sockets[i].fd,
607 buffer_len(&sockets[i].output)); 638 buffer_ptr(&sockets[i].output),
639 buffer_len(&sockets[i].output));
608 if (len <= 0) { 640 if (len <= 0) {
609 shutdown(sockets[i].fd, SHUT_RDWR); 641 shutdown(sockets[i].fd, SHUT_RDWR);
610 close(sockets[i].fd); 642 close(sockets[i].fd);
@@ -637,12 +669,15 @@ after_select(fd_set *readset, fd_set *writeset)
637void 669void
638check_parent_exists(int sig) 670check_parent_exists(int sig)
639{ 671{
672 int save_errno = errno;
673
640 if (parent_pid != -1 && kill(parent_pid, 0) < 0) { 674 if (parent_pid != -1 && kill(parent_pid, 0) < 0) {
641 /* printf("Parent has died - Authentication agent exiting.\n"); */ 675 /* printf("Parent has died - Authentication agent exiting.\n"); */
642 exit(1); 676 exit(1);
643 } 677 }
644 signal(SIGALRM, check_parent_exists); 678 signal(SIGALRM, check_parent_exists);
645 alarm(10); 679 alarm(10);
680 errno = save_errno;
646} 681}
647 682
648void 683void
@@ -664,14 +699,13 @@ usage()
664{ 699{
665 fprintf(stderr, "ssh-agent version %s\n", SSH_VERSION); 700 fprintf(stderr, "ssh-agent version %s\n", SSH_VERSION);
666 fprintf(stderr, "Usage: %s [-c | -s] [-k] [command {args...]]\n", 701 fprintf(stderr, "Usage: %s [-c | -s] [-k] [command {args...]]\n",
667 __progname); 702 __progname);
668 exit(1); 703 exit(1);
669} 704}
670 705
671int 706int
672main(int ac, char **av) 707main(int ac, char **av)
673{ 708{
674 fd_set readset, writeset;
675 int sock, c_flag = 0, k_flag = 0, s_flag = 0, ch; 709 int sock, c_flag = 0, k_flag = 0, s_flag = 0, ch;
676 struct sockaddr_un sunaddr; 710 struct sockaddr_un sunaddr;
677#ifdef HAVE_SETRLIMIT 711#ifdef HAVE_SETRLIMIT
@@ -680,6 +714,7 @@ main(int ac, char **av)
680 pid_t pid; 714 pid_t pid;
681 char *shell, *format, *pidstr, pidstrbuf[1 + 3 * sizeof pid]; 715 char *shell, *format, *pidstr, pidstrbuf[1 + 3 * sizeof pid];
682 extern int optind; 716 extern int optind;
717 fd_set *readsetp = NULL, *writesetp = NULL;
683 718
684 __progname = get_progname(av[0]); 719 __progname = get_progname(av[0]);
685 init_rng(); 720 init_rng();
@@ -722,14 +757,13 @@ main(int ac, char **av)
722 pidstr = getenv(SSH_AGENTPID_ENV_NAME); 757 pidstr = getenv(SSH_AGENTPID_ENV_NAME);
723 if (pidstr == NULL) { 758 if (pidstr == NULL) {
724 fprintf(stderr, "%s not set, cannot kill agent\n", 759 fprintf(stderr, "%s not set, cannot kill agent\n",
725 SSH_AGENTPID_ENV_NAME); 760 SSH_AGENTPID_ENV_NAME);
726 exit(1); 761 exit(1);
727 } 762 }
728 pid = atoi(pidstr); 763 pid = atoi(pidstr);
729 if (pid < 1) { /* XXX PID_MAX check too */ 764 if (pid < 1) {
730 /* Yes, PID_MAX check please */
731 fprintf(stderr, "%s=\"%s\", which is not a good PID\n", 765 fprintf(stderr, "%s=\"%s\", which is not a good PID\n",
732 SSH_AGENTPID_ENV_NAME, pidstr); 766 SSH_AGENTPID_ENV_NAME, pidstr);
733 exit(1); 767 exit(1);
734 } 768 }
735 if (kill(pid, SIGTERM) == -1) { 769 if (kill(pid, SIGTERM) == -1) {
@@ -751,7 +785,7 @@ main(int ac, char **av)
751 exit(1); 785 exit(1);
752 } 786 }
753 snprintf(socket_name, sizeof socket_name, "%s/agent.%d", socket_dir, 787 snprintf(socket_name, sizeof socket_name, "%s/agent.%d", socket_dir,
754 parent_pid); 788 parent_pid);
755 789
756 /* 790 /*
757 * Create socket early so it will exist before command gets run from 791 * Create socket early so it will exist before command gets run from
@@ -773,6 +807,7 @@ main(int ac, char **av)
773 perror("listen"); 807 perror("listen");
774 cleanup_exit(1); 808 cleanup_exit(1);
775 } 809 }
810
776 /* 811 /*
777 * Fork, and have the parent execute the command, if any, or present 812 * Fork, and have the parent execute the command, if any, or present
778 * the socket data. The child continues as the authentication agent. 813 * the socket data. The child continues as the authentication agent.
@@ -788,9 +823,9 @@ main(int ac, char **av)
788 if (ac == 0) { 823 if (ac == 0) {
789 format = c_flag ? "setenv %s %s;\n" : "%s=%s; export %s;\n"; 824 format = c_flag ? "setenv %s %s;\n" : "%s=%s; export %s;\n";
790 printf(format, SSH_AUTHSOCKET_ENV_NAME, socket_name, 825 printf(format, SSH_AUTHSOCKET_ENV_NAME, socket_name,
791 SSH_AUTHSOCKET_ENV_NAME); 826 SSH_AUTHSOCKET_ENV_NAME);
792 printf(format, SSH_AGENTPID_ENV_NAME, pidstrbuf, 827 printf(format, SSH_AGENTPID_ENV_NAME, pidstrbuf,
793 SSH_AGENTPID_ENV_NAME); 828 SSH_AGENTPID_ENV_NAME);
794 printf("echo Agent pid %d;\n", pid); 829 printf("echo Agent pid %d;\n", pid);
795 exit(0); 830 exit(0);
796 } 831 }
@@ -834,15 +869,13 @@ main(int ac, char **av)
834 signal(SIGHUP, cleanup_exit); 869 signal(SIGHUP, cleanup_exit);
835 signal(SIGTERM, cleanup_exit); 870 signal(SIGTERM, cleanup_exit);
836 while (1) { 871 while (1) {
837 FD_ZERO(&readset); 872 prepare_select(&readsetp, &writesetp, &max_fd);
838 FD_ZERO(&writeset); 873 if (select(max_fd + 1, readsetp, writesetp, NULL, NULL) < 0) {
839 prepare_select(&readset, &writeset);
840 if (select(max_fd + 1, &readset, &writeset, NULL, NULL) < 0) {
841 if (errno == EINTR) 874 if (errno == EINTR)
842 continue; 875 continue;
843 exit(1); 876 exit(1);
844 } 877 }
845 after_select(&readset, &writeset); 878 after_select(readsetp, writesetp);
846 } 879 }
847 /* NOTREACHED */ 880 /* NOTREACHED */
848} 881}
diff --git a/ssh-dss.c b/ssh-dss.c
index 96b1565d2..2366c2117 100644
--- a/ssh-dss.c
+++ b/ssh-dss.c
@@ -23,19 +23,16 @@
23 */ 23 */
24 24
25#include "includes.h" 25#include "includes.h"
26RCSID("$OpenBSD: ssh-dss.c,v 1.2 2000/12/19 23:17:58 markus Exp $"); 26RCSID("$OpenBSD: ssh-dss.c,v 1.4 2001/01/21 19:05:57 markus Exp $");
27
28#include <openssl/bn.h>
29#include <openssl/evp.h>
27 30
28#include "ssh.h"
29#include "xmalloc.h" 31#include "xmalloc.h"
30#include "buffer.h" 32#include "buffer.h"
31#include "bufaux.h" 33#include "bufaux.h"
32#include "compat.h" 34#include "compat.h"
33 35#include "log.h"
34#include <openssl/bn.h>
35#include <openssl/rsa.h>
36#include <openssl/dsa.h>
37#include <openssl/evp.h>
38
39#include "key.h" 36#include "key.h"
40 37
41#define INTBLOB_LEN 20 38#define INTBLOB_LEN 20
@@ -54,7 +51,7 @@ ssh_dss_sign(
54 EVP_MD_CTX md; 51 EVP_MD_CTX md;
55 u_int rlen; 52 u_int rlen;
56 u_int slen; 53 u_int slen;
57 u_int len; 54 u_int len, dlen;
58 u_char sigblob[SIGBLOB_LEN]; 55 u_char sigblob[SIGBLOB_LEN];
59 Buffer b; 56 Buffer b;
60 57
@@ -62,15 +59,18 @@ ssh_dss_sign(
62 error("ssh_dss_sign: no DSA key"); 59 error("ssh_dss_sign: no DSA key");
63 return -1; 60 return -1;
64 } 61 }
65 digest = xmalloc(evp_md->md_size); 62 dlen = evp_md->md_size;
63 digest = xmalloc(dlen);
66 EVP_DigestInit(&md, evp_md); 64 EVP_DigestInit(&md, evp_md);
67 EVP_DigestUpdate(&md, data, datalen); 65 EVP_DigestUpdate(&md, data, datalen);
68 EVP_DigestFinal(&md, digest, NULL); 66 EVP_DigestFinal(&md, digest, NULL);
69 67
70 sig = DSA_do_sign(digest, evp_md->md_size, key->dsa); 68 sig = DSA_do_sign(digest, dlen, key->dsa);
71 if (sig == NULL) { 69 if (sig == NULL) {
72 fatal("ssh_dss_sign: cannot sign"); 70 fatal("ssh_dss_sign: cannot sign");
73 } 71 }
72 memset(digest, 0, dlen);
73 xfree(digest);
74 74
75 rlen = BN_num_bytes(sig->r); 75 rlen = BN_num_bytes(sig->r);
76 slen = BN_num_bytes(sig->s); 76 slen = BN_num_bytes(sig->s);
diff --git a/ssh-keygen.1 b/ssh-keygen.1
index f7b08c983..9a9fac035 100644
--- a/ssh-keygen.1
+++ b/ssh-keygen.1
@@ -71,8 +71,6 @@
71.Nm ssh-keygen 71.Nm ssh-keygen
72.Fl l 72.Fl l
73.Op Fl f Ar input_keyfile 73.Op Fl f Ar input_keyfile
74.Nm ssh-keygen
75.Fl R
76.Sh DESCRIPTION 74.Sh DESCRIPTION
77.Nm 75.Nm
78generates and manages authentication keys for 76generates and manages authentication keys for
@@ -172,10 +170,6 @@ Provides the new comment.
172Provides the new passphrase. 170Provides the new passphrase.
173.It Fl P Ar passphrase 171.It Fl P Ar passphrase
174Provides the (old) passphrase. 172Provides the (old) passphrase.
175.It Fl R
176If RSA support is functional, immediately exits with code 0. If RSA
177support is not functional, exits with code 1. This flag will be
178removed once the RSA patent expires.
179.It Fl x 173.It Fl x
180This option will read a private 174This option will read a private
181OpenSSH DSA format file and print a SSH2-compatible public key to stdout. 175OpenSSH DSA format file and print a SSH2-compatible public key to stdout.
diff --git a/ssh-keygen.c b/ssh-keygen.c
index 5d9fa644e..9f519e596 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -12,22 +12,20 @@
12 */ 12 */
13 13
14#include "includes.h" 14#include "includes.h"
15RCSID("$OpenBSD: ssh-keygen.c,v 1.39 2001/01/13 18:03:07 markus Exp $"); 15RCSID("$OpenBSD: ssh-keygen.c,v 1.41 2001/01/21 19:05:57 markus Exp $");
16 16
17#include <openssl/evp.h> 17#include <openssl/evp.h>
18#include <openssl/pem.h> 18#include <openssl/pem.h>
19#include <openssl/rsa.h>
20#include <openssl/dsa.h>
21 19
22#include "ssh.h"
23#include "xmalloc.h" 20#include "xmalloc.h"
24#include "key.h" 21#include "key.h"
25#include "rsa.h"
26#include "authfile.h" 22#include "authfile.h"
27#include "uuencode.h" 23#include "uuencode.h"
28
29#include "buffer.h" 24#include "buffer.h"
30#include "bufaux.h" 25#include "bufaux.h"
26#include "pathnames.h"
27#include "log.h"
28#include "readpass.h"
31 29
32/* Number of bits in the RSA/DSA key. This value can be changed on the command line. */ 30/* Number of bits in the RSA/DSA key. This value can be changed on the command line. */
33int bits = 1024; 31int bits = 1024;
@@ -87,13 +85,13 @@ ask_filename(struct passwd *pw, const char *prompt)
87 85
88 switch (key_type_from_name(key_type_name)) { 86 switch (key_type_from_name(key_type_name)) {
89 case KEY_RSA1: 87 case KEY_RSA1:
90 name = SSH_CLIENT_IDENTITY; 88 name = _PATH_SSH_CLIENT_IDENTITY;
91 break; 89 break;
92 case KEY_DSA: 90 case KEY_DSA:
93 name = SSH_CLIENT_ID_DSA; 91 name = _PATH_SSH_CLIENT_ID_DSA;
94 break; 92 break;
95 case KEY_RSA: 93 case KEY_RSA:
96 name = SSH_CLIENT_ID_RSA; 94 name = _PATH_SSH_CLIENT_ID_RSA;
97 break; 95 break;
98 default: 96 default:
99 fprintf(stderr, "bad key type"); 97 fprintf(stderr, "bad key type");
@@ -757,7 +755,7 @@ main(int ac, char **av)
757 ask_filename(pw, "Enter file in which to save the key"); 755 ask_filename(pw, "Enter file in which to save the key");
758 756
759 /* Create ~/.ssh directory if it doesn\'t already exist. */ 757 /* Create ~/.ssh directory if it doesn\'t already exist. */
760 snprintf(dotsshdir, sizeof dotsshdir, "%s/%s", pw->pw_dir, SSH_USER_DIR); 758 snprintf(dotsshdir, sizeof dotsshdir, "%s/%s", pw->pw_dir, _PATH_SSH_USER_DIR);
761 if (strstr(identity_file, dotsshdir) != NULL && 759 if (strstr(identity_file, dotsshdir) != NULL &&
762 stat(dotsshdir, &st) < 0) { 760 stat(dotsshdir, &st) < 0) {
763 if (mkdir(dotsshdir, 0700) < 0) 761 if (mkdir(dotsshdir, 0700) < 0)
diff --git a/ssh-keyscan.c b/ssh-keyscan.c
index 69b029b05..64ac551b5 100644
--- a/ssh-keyscan.c
+++ b/ssh-keyscan.c
@@ -8,7 +8,7 @@
8 */ 8 */
9 9
10#include "includes.h" 10#include "includes.h"
11RCSID("$OpenBSD: ssh-keyscan.c,v 1.9 2001/01/13 18:12:47 markus Exp $"); 11RCSID("$OpenBSD: ssh-keyscan.c,v 1.11 2001/01/21 19:05:57 markus Exp $");
12 12
13#if defined(HAVE_SYS_QUEUE_H) && !defined(HAVE_BOGUS_SYS_QUEUE_H) 13#if defined(HAVE_SYS_QUEUE_H) && !defined(HAVE_BOGUS_SYS_QUEUE_H)
14#include <sys/queue.h> 14#include <sys/queue.h>
@@ -18,14 +18,14 @@ RCSID("$OpenBSD: ssh-keyscan.c,v 1.9 2001/01/13 18:12:47 markus Exp $");
18#include <errno.h> 18#include <errno.h>
19 19
20#include <openssl/bn.h> 20#include <openssl/bn.h>
21#include <openssl/rsa.h>
22#include <openssl/dsa.h>
23 21
24#include "xmalloc.h" 22#include "xmalloc.h"
25#include "ssh.h" 23#include "ssh.h"
24#include "ssh1.h"
26#include "key.h" 25#include "key.h"
27#include "buffer.h" 26#include "buffer.h"
28#include "bufaux.h" 27#include "bufaux.h"
28#include "log.h"
29 29
30static int argno = 1; /* Number of argument currently being parsed */ 30static int argno = 1; /* Number of argument currently being parsed */
31 31
diff --git a/ssh-rsa.c b/ssh-rsa.c
index e53af9e0a..2dc341066 100644
--- a/ssh-rsa.c
+++ b/ssh-rsa.c
@@ -23,18 +23,15 @@
23 */ 23 */
24 24
25#include "includes.h" 25#include "includes.h"
26RCSID("$OpenBSD: ssh-rsa.c,v 1.4 2001/01/16 19:20:06 markus Exp $"); 26RCSID("$OpenBSD: ssh-rsa.c,v 1.5 2001/01/21 19:05:58 markus Exp $");
27
28#include "ssh.h"
29#include "xmalloc.h"
30#include "buffer.h"
31#include "bufaux.h"
32 27
33#include <openssl/evp.h> 28#include <openssl/evp.h>
34#include <openssl/dsa.h>
35#include <openssl/rsa.h>
36#include <openssl/err.h> 29#include <openssl/err.h>
37 30
31#include "xmalloc.h"
32#include "log.h"
33#include "buffer.h"
34#include "bufaux.h"
38#include "key.h" 35#include "key.h"
39 36
40/* RSASSA-PKCS1-v1_5 (PKCS #1 v2.0 signature) with SHA1 */ 37/* RSASSA-PKCS1-v1_5 (PKCS #1 v2.0 signature) with SHA1 */
diff --git a/ssh.c b/ssh.c
index f1beb8c53..9f9055a5f 100644
--- a/ssh.c
+++ b/ssh.c
@@ -39,27 +39,31 @@
39 */ 39 */
40 40
41#include "includes.h" 41#include "includes.h"
42RCSID("$OpenBSD: ssh.c,v 1.82 2001/01/15 21:40:10 markus Exp $"); 42RCSID("$OpenBSD: ssh.c,v 1.84 2001/01/21 19:05:58 markus Exp $");
43 43
44#include <openssl/evp.h> 44#include <openssl/evp.h>
45#include <openssl/dsa.h>
46#include <openssl/rsa.h>
47#include <openssl/err.h> 45#include <openssl/err.h>
48 46
49#include "xmalloc.h"
50#include "ssh.h" 47#include "ssh.h"
48#include "ssh1.h"
49#include "ssh2.h"
50#include "compat.h"
51#include "cipher.h"
52#include "xmalloc.h"
51#include "packet.h" 53#include "packet.h"
52#include "buffer.h" 54#include "buffer.h"
53#include "readconf.h"
54#include "uidswap.h" 55#include "uidswap.h"
55
56#include "ssh2.h"
57#include "compat.h"
58#include "channels.h" 56#include "channels.h"
59#include "key.h" 57#include "key.h"
60#include "authfd.h" 58#include "authfd.h"
61#include "authfile.h" 59#include "authfile.h"
60#include "pathnames.h"
62#include "clientloop.h" 61#include "clientloop.h"
62#include "log.h"
63#include "readconf.h"
64#include "sshconnect.h"
65#include "tildexpand.h"
66#include "misc.h"
63 67
64#ifdef HAVE___PROGNAME 68#ifdef HAVE___PROGNAME
65extern char *__progname; 69extern char *__progname;
@@ -555,11 +559,11 @@ main(int ac, char **av)
555 log_init(av[0], options.log_level, SYSLOG_FACILITY_USER, 0); 559 log_init(av[0], options.log_level, SYSLOG_FACILITY_USER, 0);
556 560
557 /* Read per-user configuration file. */ 561 /* Read per-user configuration file. */
558 snprintf(buf, sizeof buf, "%.100s/%.100s", pw->pw_dir, SSH_USER_CONFFILE); 562 snprintf(buf, sizeof buf, "%.100s/%.100s", pw->pw_dir, _PATH_SSH_USER_CONFFILE);
559 read_config_file(buf, host, &options); 563 read_config_file(buf, host, &options);
560 564
561 /* Read systemwide configuration file. */ 565 /* Read systemwide configuration file. */
562 read_config_file(HOST_CONFIG_FILE, host, &options); 566 read_config_file(_PATH_HOST_CONFIG_FILE, host, &options);
563 567
564 /* Fill configuration defaults. */ 568 /* Fill configuration defaults. */
565 fill_default_options(&options); 569 fill_default_options(&options);
@@ -624,7 +628,7 @@ main(int ac, char **av)
624 host_private_key = RSA_new(); 628 host_private_key = RSA_new();
625 k.type = KEY_RSA1; 629 k.type = KEY_RSA1;
626 k.rsa = host_private_key; 630 k.rsa = host_private_key;
627 if (load_private_key(HOST_KEY_FILE, "", &k, NULL)) 631 if (load_private_key(_PATH_HOST_KEY_FILE, "", &k, NULL))
628 host_private_key_loaded = 1; 632 host_private_key_loaded = 1;
629 } 633 }
630 /* 634 /*
@@ -648,7 +652,7 @@ main(int ac, char **av)
648 * Now that we are back to our own permissions, create ~/.ssh 652 * Now that we are back to our own permissions, create ~/.ssh
649 * directory if it doesn\'t already exist. 653 * directory if it doesn\'t already exist.
650 */ 654 */
651 snprintf(buf, sizeof buf, "%.100s/%.100s", pw->pw_dir, SSH_USER_DIR); 655 snprintf(buf, sizeof buf, "%.100s/%.100s", pw->pw_dir, _PATH_SSH_USER_DIR);
652 if (stat(buf, &st) < 0) 656 if (stat(buf, &st) < 0)
653 if (mkdir(buf, 0700) < 0) 657 if (mkdir(buf, 0700) < 0)
654 error("Could not create directory '%.200s'.", buf); 658 error("Could not create directory '%.200s'.", buf);
diff --git a/ssh.h b/ssh.h
index 736d1dd65..5b60be603 100644
--- a/ssh.h
+++ b/ssh.h
@@ -3,8 +3,6 @@
3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4 * All rights reserved 4 * All rights reserved
5 * 5 *
6 * Generic header file for ssh.
7 *
8 * As far as I am concerned, the code I have written for this software 6 * As far as I am concerned, the code I have written for this software
9 * can be used freely for any purpose. Any derived versions of this 7 * can be used freely for any purpose. Any derived versions of this
10 * software must be clearly marked as such, and if the derived work is 8 * software must be clearly marked as such, and if the derived work is
@@ -12,7 +10,7 @@
12 * called by a name other than "ssh" or "Secure Shell". 10 * called by a name other than "ssh" or "Secure Shell".
13 */ 11 */
14 12
15/* RCSID("$OpenBSD: ssh.h,v 1.59 2001/01/19 12:45:27 markus Exp $"); */ 13/* RCSID("$OpenBSD: ssh.h,v 1.61 2001/01/21 19:05:59 markus Exp $"); */
16 14
17#ifndef SSH_H 15#ifndef SSH_H
18#define SSH_H 16#define SSH_H
@@ -26,8 +24,9 @@
26#ifdef HAVE_SYS_SELECT_H 24#ifdef HAVE_SYS_SELECT_H
27# include <sys/select.h> 25# include <sys/select.h>
28#endif 26#endif
29#include "rsa.h" 27
30#include "cipher.h" 28//#include "rsa.h"
29//#include "cipher.h"
31 30
32/* Cipher used for encrypting authentication files. */ 31/* Cipher used for encrypting authentication files. */
33#define SSH_AUTHFILE_CIPHER SSH_CIPHER_3DES 32#define SSH_AUTHFILE_CIPHER SSH_CIPHER_3DES
@@ -68,138 +67,21 @@
68# define SSHD_PAM_SERVICE "sshd" 67# define SSHD_PAM_SERVICE "sshd"
69#endif 68#endif
70 69
71#ifndef ETCDIR
72#define ETCDIR "/etc"
73#endif /* ETCDIR */
74
75#ifndef PIDDIR
76#define PIDDIR "/var/run"
77#endif /* PIDDIR */
78
79/*
80 * System-wide file containing host keys of known hosts. This file should be
81 * world-readable.
82 */
83#define SSH_SYSTEM_HOSTFILE ETCDIR "/ssh_known_hosts"
84#define SSH_SYSTEM_HOSTFILE2 ETCDIR "/ssh_known_hosts2"
85
86/*
87 * Of these, ssh_host_key must be readable only by root, whereas ssh_config
88 * should be world-readable.
89 */
90#define HOST_KEY_FILE ETCDIR "/ssh_host_key"
91#define SERVER_CONFIG_FILE ETCDIR "/sshd_config"
92#define HOST_CONFIG_FILE ETCDIR "/ssh_config"
93#define HOST_DSA_KEY_FILE ETCDIR "/ssh_host_dsa_key"
94#define DH_PRIMES ETCDIR "/primes"
95
96#ifndef SSH_PROGRAM
97#define SSH_PROGRAM "/usr/bin/ssh"
98#endif /* SSH_PROGRAM */
99
100#ifndef LOGIN_PROGRAM
101# ifdef LOGIN_PROGRAM_FALLBACK
102# define LOGIN_PROGRAM LOGIN_PROGRAM_FALLBACK
103# else
104# define LOGIN_PROGRAM "/usr/bin/login"
105# endif
106#endif /* LOGIN_PROGRAM */
107
108#ifndef ASKPASS_PROGRAM
109#define ASKPASS_PROGRAM "/usr/lib/ssh/ssh-askpass"
110#endif /* ASKPASS_PROGRAM */
111
112/*
113 * The process id of the daemon listening for connections is saved here to
114 * make it easier to kill the correct daemon when necessary.
115 */
116#define SSH_DAEMON_PID_FILE PIDDIR "/sshd.pid"
117
118/*
119 * The directory in user\'s home directory in which the files reside. The
120 * directory should be world-readable (though not all files are).
121 */
122#define SSH_USER_DIR ".ssh"
123
124/*
125 * Relevant only when using builtin PRNG.
126 */
127#ifndef SSH_PRNG_SEED_FILE
128# define SSH_PRNG_SEED_FILE SSH_USER_DIR"/prng_seed"
129#endif /* SSH_PRNG_SEED_FILE */
130#ifndef SSH_PRNG_COMMAND_FILE
131# define SSH_PRNG_COMMAND_FILE ETCDIR "/ssh_prng_cmds"
132#endif /* SSH_PRNG_COMMAND_FILE */
133
134/*
135 * Per-user file containing host keys of known hosts. This file need not be
136 * readable by anyone except the user him/herself, though this does not
137 * contain anything particularly secret.
138 */
139#define SSH_USER_HOSTFILE "~/.ssh/known_hosts"
140#define SSH_USER_HOSTFILE2 "~/.ssh/known_hosts2"
141
142/*
143 * Name of the default file containing client-side authentication key. This
144 * file should only be readable by the user him/herself.
145 */
146#define SSH_CLIENT_IDENTITY ".ssh/identity"
147#define SSH_CLIENT_ID_DSA ".ssh/id_dsa"
148#define SSH_CLIENT_ID_RSA ".ssh/id_rsa"
149
150/*
151 * Configuration file in user\'s home directory. This file need not be
152 * readable by anyone but the user him/herself, but does not contain anything
153 * particularly secret. If the user\'s home directory resides on an NFS
154 * volume where root is mapped to nobody, this may need to be world-readable.
155 */
156#define SSH_USER_CONFFILE ".ssh/config"
157
158/*
159 * File containing a list of those rsa keys that permit logging in as this
160 * user. This file need not be readable by anyone but the user him/herself,
161 * but does not contain anything particularly secret. If the user\'s home
162 * directory resides on an NFS volume where root is mapped to nobody, this
163 * may need to be world-readable. (This file is read by the daemon which is
164 * running as root.)
165 */
166#define SSH_USER_PERMITTED_KEYS ".ssh/authorized_keys"
167#define SSH_USER_PERMITTED_KEYS2 ".ssh/authorized_keys2"
168
169/*
170 * Per-user and system-wide ssh "rc" files. These files are executed with
171 * /bin/sh before starting the shell or command if they exist. They will be
172 * passed "proto cookie" as arguments if X11 forwarding with spoofing is in
173 * use. xauth will be run if neither of these exists.
174 */
175#define SSH_USER_RC ".ssh/rc"
176#define SSH_SYSTEM_RC ETCDIR "/sshrc"
177
178/*
179 * Ssh-only version of /etc/hosts.equiv. Additionally, the daemon may use
180 * ~/.rhosts and /etc/hosts.equiv if rhosts authentication is enabled.
181 */
182#define SSH_HOSTS_EQUIV ETCDIR "/shosts.equiv"
183
184/* 70/*
185 * Name of the environment variable containing the pathname of the 71 * Name of the environment variable containing the pathname of the
186 * authentication socket. 72 * authentication socket.
187 */ 73 */
188#define SSH_AUTHSOCKET_ENV_NAME "SSH_AUTH_SOCK" 74#define SSH_AGENTPID_ENV_NAME "SSH_AGENT_PID"
189 75
190/* 76/*
191 * Name of the environment variable containing the pathname of the 77 * Name of the environment variable containing the pathname of the
192 * authentication socket. 78 * authentication socket.
193 */ 79 */
194#define SSH_AGENTPID_ENV_NAME "SSH_AGENT_PID" 80#define SSH_AUTHSOCKET_ENV_NAME "SSH_AUTH_SOCK"
195 81
196/* 82/*
197 * Default path to ssh-askpass used by ssh-add, 83 * Environment variable for overwriting the default location of askpass
198 * environment variable for overwriting the default location
199 */ 84 */
200#ifndef SSH_ASKPASS_DEFAULT
201# define SSH_ASKPASS_DEFAULT "/usr/X11R6/bin/ssh-askpass"
202#endif
203#define SSH_ASKPASS_ENV "SSH_ASKPASS" 85#define SSH_ASKPASS_ENV "SSH_ASKPASS"
204 86
205/* 87/*
@@ -217,339 +99,4 @@
217/* Name of Kerberos service for SSH to use. */ 99/* Name of Kerberos service for SSH to use. */
218#define KRB4_SERVICE_NAME "rcmd" 100#define KRB4_SERVICE_NAME "rcmd"
219 101
220/*
221 * Authentication methods. New types can be added, but old types should not
222 * be removed for compatibility. The maximum allowed value is 31.
223 */
224#define SSH_AUTH_RHOSTS 1
225#define SSH_AUTH_RSA 2
226#define SSH_AUTH_PASSWORD 3
227#define SSH_AUTH_RHOSTS_RSA 4
228#define SSH_AUTH_TIS 5
229#define SSH_AUTH_KERBEROS 6
230#define SSH_PASS_KERBEROS_TGT 7
231 /* 8 to 15 are reserved */
232#define SSH_PASS_AFS_TOKEN 21
233
234/* Protocol flags. These are bit masks. */
235#define SSH_PROTOFLAG_SCREEN_NUMBER 1 /* X11 forwarding includes screen */
236#define SSH_PROTOFLAG_HOST_IN_FWD_OPEN 2 /* forwarding opens contain host */
237
238/*
239 * Definition of message types. New values can be added, but old values
240 * should not be removed or without careful consideration of the consequences
241 * for compatibility. The maximum value is 254; value 255 is reserved for
242 * future extension.
243 */
244/* Message name */ /* msg code */ /* arguments */
245#define SSH_MSG_NONE 0 /* no message */
246#define SSH_MSG_DISCONNECT 1 /* cause (string) */
247#define SSH_SMSG_PUBLIC_KEY 2 /* ck,msk,srvk,hostk */
248#define SSH_CMSG_SESSION_KEY 3 /* key (BIGNUM) */
249#define SSH_CMSG_USER 4 /* user (string) */
250#define SSH_CMSG_AUTH_RHOSTS 5 /* user (string) */
251#define SSH_CMSG_AUTH_RSA 6 /* modulus (BIGNUM) */
252#define SSH_SMSG_AUTH_RSA_CHALLENGE 7 /* int (BIGNUM) */
253#define SSH_CMSG_AUTH_RSA_RESPONSE 8 /* int (BIGNUM) */
254#define SSH_CMSG_AUTH_PASSWORD 9 /* pass (string) */
255#define SSH_CMSG_REQUEST_PTY 10 /* TERM, tty modes */
256#define SSH_CMSG_WINDOW_SIZE 11 /* row,col,xpix,ypix */
257#define SSH_CMSG_EXEC_SHELL 12 /* */
258#define SSH_CMSG_EXEC_CMD 13 /* cmd (string) */
259#define SSH_SMSG_SUCCESS 14 /* */
260#define SSH_SMSG_FAILURE 15 /* */
261#define SSH_CMSG_STDIN_DATA 16 /* data (string) */
262#define SSH_SMSG_STDOUT_DATA 17 /* data (string) */
263#define SSH_SMSG_STDERR_DATA 18 /* data (string) */
264#define SSH_CMSG_EOF 19 /* */
265#define SSH_SMSG_EXITSTATUS 20 /* status (int) */
266#define SSH_MSG_CHANNEL_OPEN_CONFIRMATION 21 /* channel (int) */
267#define SSH_MSG_CHANNEL_OPEN_FAILURE 22 /* channel (int) */
268#define SSH_MSG_CHANNEL_DATA 23 /* ch,data (int,str) */
269#define SSH_MSG_CHANNEL_CLOSE 24 /* channel (int) */
270#define SSH_MSG_CHANNEL_CLOSE_CONFIRMATION 25 /* channel (int) */
271/* SSH_CMSG_X11_REQUEST_FORWARDING 26 OBSOLETE */
272#define SSH_SMSG_X11_OPEN 27 /* channel (int) */
273#define SSH_CMSG_PORT_FORWARD_REQUEST 28 /* p,host,hp (i,s,i) */
274#define SSH_MSG_PORT_OPEN 29 /* ch,h,p (i,s,i) */
275#define SSH_CMSG_AGENT_REQUEST_FORWARDING 30 /* */
276#define SSH_SMSG_AGENT_OPEN 31 /* port (int) */
277#define SSH_MSG_IGNORE 32 /* string */
278#define SSH_CMSG_EXIT_CONFIRMATION 33 /* */
279#define SSH_CMSG_X11_REQUEST_FORWARDING 34 /* proto,data (s,s) */
280#define SSH_CMSG_AUTH_RHOSTS_RSA 35 /* user,mod (s,mpi) */
281#define SSH_MSG_DEBUG 36 /* string */
282#define SSH_CMSG_REQUEST_COMPRESSION 37 /* level 1-9 (int) */
283#define SSH_CMSG_MAX_PACKET_SIZE 38 /* size 4k-1024k (int) */
284#define SSH_CMSG_AUTH_TIS 39 /* we use this for s/key */
285#define SSH_SMSG_AUTH_TIS_CHALLENGE 40 /* challenge (string) */
286#define SSH_CMSG_AUTH_TIS_RESPONSE 41 /* response (string) */
287#define SSH_CMSG_AUTH_KERBEROS 42 /* (KTEXT) */
288#define SSH_SMSG_AUTH_KERBEROS_RESPONSE 43 /* (KTEXT) */
289#define SSH_CMSG_HAVE_KERBEROS_TGT 44 /* credentials (s) */
290#define SSH_CMSG_HAVE_AFS_TOKEN 65 /* token (s) */
291
292/*------------ definitions for login.c -------------*/
293
294/*
295 * Returns the time when the user last logged in. Returns 0 if the
296 * information is not available. This must be called before record_login.
297 * The host from which the user logged in is stored in buf.
298 */
299u_long
300get_last_login_time(uid_t uid, const char *logname,
301 char *buf, u_int bufsize);
302
303/*
304 * Records that the user has logged in. This does many things normally done
305 * by login(1).
306 */
307void
308record_login(pid_t pid, const char *ttyname, const char *user, uid_t uid,
309 const char *host, struct sockaddr *addr);
310
311/*
312 * Records that the user has logged out. This does many thigs normally done
313 * by login(1) or init.
314 */
315void record_logout(pid_t pid, const char *ttyname);
316
317/*------------ definitions for sshconnect.c ----------*/
318
319/*
320 * Opens a TCP/IP connection to the remote server on the given host. If port
321 * is 0, the default port will be used. If anonymous is zero, a privileged
322 * port will be allocated to make the connection. This requires super-user
323 * privileges if anonymous is false. Connection_attempts specifies the
324 * maximum number of tries, one per second. This returns true on success,
325 * and zero on failure. If the connection is successful, this calls
326 * packet_set_connection for the connection.
327 */
328int
329ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
330 u_short port, int connection_attempts,
331 int anonymous, uid_t original_real_uid,
332 const char *proxy_command);
333
334/*
335 * Starts a dialog with the server, and authenticates the current user on the
336 * server. This does not need any extra privileges. The basic connection to
337 * the server must already have been established before this is called. If
338 * login fails, this function prints an error and never returns. This
339 * initializes the random state, and leaves it initialized (it will also have
340 * references from the packet module).
341 */
342
343void
344ssh_login(int host_key_valid, RSA * host_key, const char *host,
345 struct sockaddr * hostaddr, uid_t original_real_uid);
346
347/*------------ Definitions for various authentication methods. -------*/
348
349/*
350 * Tries to authenticate the user using the .rhosts file. Returns true if
351 * authentication succeeds. If ignore_rhosts is non-zero, this will not
352 * consider .rhosts and .shosts (/etc/hosts.equiv will still be used).
353 */
354int auth_rhosts(struct passwd * pw, const char *client_user);
355
356/*
357 * Tries to authenticate the user using the .rhosts file and the host using
358 * its host key. Returns true if authentication succeeds.
359 */
360int
361auth_rhosts_rsa(struct passwd * pw, const char *client_user, RSA* client_host_key);
362
363/*
364 * Tries to authenticate the user using password. Returns true if
365 * authentication succeeds.
366 */
367int auth_password(struct passwd * pw, const char *password);
368
369/*
370 * Performs the RSA authentication dialog with the client. This returns 0 if
371 * the client could not be authenticated, and 1 if authentication was
372 * successful. This may exit if there is a serious protocol violation.
373 */
374int auth_rsa(struct passwd * pw, BIGNUM * client_n);
375
376/*
377 * Parses an RSA key (number of bits, e, n) from a string. Moves the pointer
378 * over the key. Skips any whitespace at the beginning and at end.
379 */
380int auth_rsa_read_key(char **cpp, u_int *bitsp, BIGNUM * e, BIGNUM * n);
381
382/*
383 * Returns the name of the machine at the other end of the socket. The
384 * returned string should be freed by the caller.
385 */
386char *get_remote_hostname(int socket);
387
388/*
389 * Return the canonical name of the host in the other side of the current
390 * connection (as returned by packet_get_connection). The host name is
391 * cached, so it is efficient to call this several times.
392 */
393const char *get_canonical_hostname(void);
394
395/*
396 * Returns the remote IP address as an ascii string. The value need not be
397 * freed by the caller.
398 */
399const char *get_remote_ipaddr(void);
400
401/* Returns the port number of the peer of the socket. */
402int get_peer_port(int sock);
403
404/* Returns the port number of the remote/local host. */
405int get_remote_port(void);
406int get_local_port(void);
407
408
409/*
410 * Performs the RSA authentication challenge-response dialog with the client,
411 * and returns true (non-zero) if the client gave the correct answer to our
412 * challenge; returns zero if the client gives a wrong answer.
413 */
414int auth_rsa_challenge_dialog(RSA *pk);
415
416/*
417 * Reads a passphrase from /dev/tty with echo turned off. Returns the
418 * passphrase (allocated with xmalloc). Exits if EOF is encountered. If
419 * from_stdin is true, the passphrase will be read from stdin instead.
420 */
421char *read_passphrase(const char *prompt, int from_stdin);
422
423
424/*------------ Definitions for logging. -----------------------*/
425
426/* Supported syslog facilities and levels. */
427typedef enum {
428 SYSLOG_FACILITY_DAEMON,
429 SYSLOG_FACILITY_USER,
430 SYSLOG_FACILITY_AUTH,
431#ifdef LOG_AUTHPRIV
432 SYSLOG_FACILITY_AUTHPRIV,
433#endif
434 SYSLOG_FACILITY_LOCAL0,
435 SYSLOG_FACILITY_LOCAL1,
436 SYSLOG_FACILITY_LOCAL2,
437 SYSLOG_FACILITY_LOCAL3,
438 SYSLOG_FACILITY_LOCAL4,
439 SYSLOG_FACILITY_LOCAL5,
440 SYSLOG_FACILITY_LOCAL6,
441 SYSLOG_FACILITY_LOCAL7
442} SyslogFacility;
443
444typedef enum {
445 SYSLOG_LEVEL_QUIET,
446 SYSLOG_LEVEL_FATAL,
447 SYSLOG_LEVEL_ERROR,
448 SYSLOG_LEVEL_INFO,
449 SYSLOG_LEVEL_VERBOSE,
450 SYSLOG_LEVEL_DEBUG1,
451 SYSLOG_LEVEL_DEBUG2,
452 SYSLOG_LEVEL_DEBUG3
453} LogLevel;
454/* Initializes logging. */
455void log_init(char *av0, LogLevel level, SyslogFacility facility, int on_stderr);
456
457/* Logging implementation, depending on server or client */
458void do_log(LogLevel level, const char *fmt, va_list args);
459
460/* name to facility/level */
461SyslogFacility log_facility_number(char *name);
462LogLevel log_level_number(char *name);
463
464/* Output a message to syslog or stderr */
465void fatal(const char *fmt,...) __attribute__((format(printf, 1, 2)));
466void error(const char *fmt,...) __attribute__((format(printf, 1, 2)));
467void log(const char *fmt,...) __attribute__((format(printf, 1, 2)));
468void verbose(const char *fmt,...) __attribute__((format(printf, 1, 2)));
469void debug(const char *fmt,...) __attribute__((format(printf, 1, 2)));
470void debug2(const char *fmt,...) __attribute__((format(printf, 1, 2)));
471void debug3(const char *fmt,...) __attribute__((format(printf, 1, 2)));
472
473/* same as fatal() but w/o logging */
474void fatal_cleanup(void);
475
476/*
477 * Registers a cleanup function to be called by fatal()/fatal_cleanup()
478 * before exiting. It is permissible to call fatal_remove_cleanup for the
479 * function itself from the function.
480 */
481void fatal_add_cleanup(void (*proc) (void *context), void *context);
482
483/* Removes a cleanup function to be called at fatal(). */
484void fatal_remove_cleanup(void (*proc) (void *context), void *context);
485
486/* ---- misc */
487
488/*
489 * Expands tildes in the file name. Returns data allocated by xmalloc.
490 * Warning: this calls getpw*.
491 */
492char *tilde_expand_filename(const char *filename, uid_t my_uid);
493
494/* remove newline at end of string */
495char *chop(char *s);
496
497/* return next token in configuration line */
498char *strdelim(char **s);
499
500/* set filedescriptor to non-blocking */
501void set_nonblock(int fd);
502
503/*
504 * Performs the interactive session. This handles data transmission between
505 * the client and the program. Note that the notion of stdin, stdout, and
506 * stderr in this function is sort of reversed: this function writes to stdin
507 * (of the child program), and reads from stdout and stderr (of the child
508 * program).
509 */
510void server_loop(pid_t pid, int fdin, int fdout, int fderr);
511void server_loop2(void);
512
513/* Client side main loop for the interactive session. */
514int client_loop(int have_pty, int escape_char, int id);
515
516/* Linked list of custom environment strings (see auth-rsa.c). */
517struct envstring {
518 struct envstring *next;
519 char *s;
520};
521
522/*
523 * Ensure all of data on socket comes through. f==read || f==write
524 */
525ssize_t atomicio(ssize_t (*f)(), int fd, void *s, size_t n);
526
527#ifdef KRB4
528#include <krb.h>
529/*
530 * Performs Kerberos v4 mutual authentication with the client. This returns 0
531 * if the client could not be authenticated, and 1 if authentication was
532 * successful. This may exit if there is a serious protocol violation.
533 */
534int auth_krb4(const char *server_user, KTEXT auth, char **client);
535int krb4_init(uid_t uid);
536void krb4_cleanup_proc(void *ignore);
537int auth_krb4_password(struct passwd * pw, const char *password);
538
539#ifdef AFS
540#include <kafs.h>
541
542/* Accept passed Kerberos v4 ticket-granting ticket and AFS tokens. */
543int auth_kerberos_tgt(struct passwd * pw, const char *string);
544int auth_afs_token(struct passwd * pw, const char *token_string);
545
546int creds_to_radix(CREDENTIALS * creds, u_char *buf, size_t buflen);
547int radix_to_creds(const char *buf, CREDENTIALS * creds);
548#endif /* AFS */
549
550#endif /* KRB4 */
551
552/* AF_UNSPEC or AF_INET or AF_INET6 */
553extern int IPv4or6;
554
555#endif /* SSH_H */ 102#endif /* SSH_H */
diff --git a/ssh1.h b/ssh1.h
new file mode 100644
index 000000000..a7782cebb
--- /dev/null
+++ b/ssh1.h
@@ -0,0 +1,84 @@
1/*
2 * Author: Tatu Ylonen <ylo@cs.hut.fi>
3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4 * All rights reserved
5 *
6 * As far as I am concerned, the code I have written for this software
7 * can be used freely for any purpose. Any derived versions of this
8 * software must be clearly marked as such, and if the derived work is
9 * incompatible with the protocol description in the RFC file, it must be
10 * called by a name other than "ssh" or "Secure Shell".
11 */
12
13/*
14 * Definition of message types. New values can be added, but old values
15 * should not be removed or without careful consideration of the consequences
16 * for compatibility. The maximum value is 254; value 255 is reserved for
17 * future extension.
18 */
19/* Message name */ /* msg code */ /* arguments */
20#define SSH_MSG_NONE 0 /* no message */
21#define SSH_MSG_DISCONNECT 1 /* cause (string) */
22#define SSH_SMSG_PUBLIC_KEY 2 /* ck,msk,srvk,hostk */
23#define SSH_CMSG_SESSION_KEY 3 /* key (BIGNUM) */
24#define SSH_CMSG_USER 4 /* user (string) */
25#define SSH_CMSG_AUTH_RHOSTS 5 /* user (string) */
26#define SSH_CMSG_AUTH_RSA 6 /* modulus (BIGNUM) */
27#define SSH_SMSG_AUTH_RSA_CHALLENGE 7 /* int (BIGNUM) */
28#define SSH_CMSG_AUTH_RSA_RESPONSE 8 /* int (BIGNUM) */
29#define SSH_CMSG_AUTH_PASSWORD 9 /* pass (string) */
30#define SSH_CMSG_REQUEST_PTY 10 /* TERM, tty modes */
31#define SSH_CMSG_WINDOW_SIZE 11 /* row,col,xpix,ypix */
32#define SSH_CMSG_EXEC_SHELL 12 /* */
33#define SSH_CMSG_EXEC_CMD 13 /* cmd (string) */
34#define SSH_SMSG_SUCCESS 14 /* */
35#define SSH_SMSG_FAILURE 15 /* */
36#define SSH_CMSG_STDIN_DATA 16 /* data (string) */
37#define SSH_SMSG_STDOUT_DATA 17 /* data (string) */
38#define SSH_SMSG_STDERR_DATA 18 /* data (string) */
39#define SSH_CMSG_EOF 19 /* */
40#define SSH_SMSG_EXITSTATUS 20 /* status (int) */
41#define SSH_MSG_CHANNEL_OPEN_CONFIRMATION 21 /* channel (int) */
42#define SSH_MSG_CHANNEL_OPEN_FAILURE 22 /* channel (int) */
43#define SSH_MSG_CHANNEL_DATA 23 /* ch,data (int,str) */
44#define SSH_MSG_CHANNEL_CLOSE 24 /* channel (int) */
45#define SSH_MSG_CHANNEL_CLOSE_CONFIRMATION 25 /* channel (int) */
46/* SSH_CMSG_X11_REQUEST_FORWARDING 26 OBSOLETE */
47#define SSH_SMSG_X11_OPEN 27 /* channel (int) */
48#define SSH_CMSG_PORT_FORWARD_REQUEST 28 /* p,host,hp (i,s,i) */
49#define SSH_MSG_PORT_OPEN 29 /* ch,h,p (i,s,i) */
50#define SSH_CMSG_AGENT_REQUEST_FORWARDING 30 /* */
51#define SSH_SMSG_AGENT_OPEN 31 /* port (int) */
52#define SSH_MSG_IGNORE 32 /* string */
53#define SSH_CMSG_EXIT_CONFIRMATION 33 /* */
54#define SSH_CMSG_X11_REQUEST_FORWARDING 34 /* proto,data (s,s) */
55#define SSH_CMSG_AUTH_RHOSTS_RSA 35 /* user,mod (s,mpi) */
56#define SSH_MSG_DEBUG 36 /* string */
57#define SSH_CMSG_REQUEST_COMPRESSION 37 /* level 1-9 (int) */
58#define SSH_CMSG_MAX_PACKET_SIZE 38 /* size 4k-1024k (int) */
59#define SSH_CMSG_AUTH_TIS 39 /* we use this for s/key */
60#define SSH_SMSG_AUTH_TIS_CHALLENGE 40 /* challenge (string) */
61#define SSH_CMSG_AUTH_TIS_RESPONSE 41 /* response (string) */
62#define SSH_CMSG_AUTH_KERBEROS 42 /* (KTEXT) */
63#define SSH_SMSG_AUTH_KERBEROS_RESPONSE 43 /* (KTEXT) */
64#define SSH_CMSG_HAVE_KERBEROS_TGT 44 /* credentials (s) */
65#define SSH_CMSG_HAVE_AFS_TOKEN 65 /* token (s) */
66
67/*
68 * Authentication methods. New types can be added, but old types should not
69 * be removed for compatibility. The maximum allowed value is 31.
70 */
71#define SSH_AUTH_RHOSTS 1
72#define SSH_AUTH_RSA 2
73#define SSH_AUTH_PASSWORD 3
74#define SSH_AUTH_RHOSTS_RSA 4
75#define SSH_AUTH_TIS 5
76#define SSH_AUTH_KERBEROS 6
77#define SSH_PASS_KERBEROS_TGT 7
78 /* 8 to 15 are reserved */
79#define SSH_PASS_AFS_TOKEN 21
80
81/* Protocol flags. These are bit masks. */
82#define SSH_PROTOFLAG_SCREEN_NUMBER 1 /* X11 forwarding includes screen */
83#define SSH_PROTOFLAG_HOST_IN_FWD_OPEN 2 /* forwarding opens contain host */
84
diff --git a/sshconnect.c b/sshconnect.c
index e40ba984c..0994126c0 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -13,23 +13,24 @@
13 */ 13 */
14 14
15#include "includes.h" 15#include "includes.h"
16RCSID("$OpenBSD: sshconnect.c,v 1.90 2001/01/13 18:32:50 markus Exp $"); 16RCSID("$OpenBSD: sshconnect.c,v 1.91 2001/01/21 19:05:59 markus Exp $");
17 17
18#include <openssl/bn.h> 18#include <openssl/bn.h>
19#include <openssl/dsa.h>
20#include <openssl/rsa.h>
21 19
20#include "ssh.h"
22#include "xmalloc.h" 21#include "xmalloc.h"
23#include "rsa.h" 22#include "rsa.h"
24#include "ssh.h"
25#include "buffer.h" 23#include "buffer.h"
26#include "packet.h" 24#include "packet.h"
27#include "uidswap.h" 25#include "uidswap.h"
28#include "compat.h" 26#include "compat.h"
29#include "readconf.h"
30#include "key.h" 27#include "key.h"
31#include "sshconnect.h" 28#include "sshconnect.h"
32#include "hostfile.h" 29#include "hostfile.h"
30#include "log.h"
31#include "readconf.h"
32#include "atomicio.h"
33#include "misc.h"
33 34
34char *client_version_string = NULL; 35char *client_version_string = NULL;
35char *server_version_string = NULL; 36char *server_version_string = NULL;
@@ -37,6 +38,9 @@ char *server_version_string = NULL;
37extern Options options; 38extern Options options;
38extern char *__progname; 39extern char *__progname;
39 40
41/* AF_UNSPEC or AF_INET or AF_INET6 */
42extern int IPv4or6;
43
40/* 44/*
41 * Connect to the given ssh server using a proxy command. 45 * Connect to the given ssh server using a proxy command.
42 */ 46 */
diff --git a/sshconnect.h b/sshconnect.h
index 720004675..4e16f2d85 100644
--- a/sshconnect.h
+++ b/sshconnect.h
@@ -23,6 +23,34 @@
23 */ 23 */
24#ifndef SSHCONNECT_H 24#ifndef SSHCONNECT_H
25#define SSHCONNECT_H 25#define SSHCONNECT_H
26/*
27 * Opens a TCP/IP connection to the remote server on the given host. If port
28 * is 0, the default port will be used. If anonymous is zero, a privileged
29 * port will be allocated to make the connection. This requires super-user
30 * privileges if anonymous is false. Connection_attempts specifies the
31 * maximum number of tries, one per second. This returns true on success,
32 * and zero on failure. If the connection is successful, this calls
33 * packet_set_connection for the connection.
34 */
35int
36ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
37 u_short port, int connection_attempts,
38 int anonymous, uid_t original_real_uid,
39 const char *proxy_command);
40
41/*
42 * Starts a dialog with the server, and authenticates the current user on the
43 * server. This does not need any extra privileges. The basic connection to
44 * the server must already have been established before this is called. If
45 * login fails, this function prints an error and never returns. This
46 * initializes the random state, and leaves it initialized (it will also have
47 * references from the packet module).
48 */
49
50void
51ssh_login(int host_key_valid, RSA * host_key, const char *host,
52 struct sockaddr * hostaddr, uid_t original_real_uid);
53
26 54
27void 55void
28check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, 56check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
diff --git a/sshconnect1.c b/sshconnect1.c
index b2d4e57bf..d0c0215ca 100644
--- a/sshconnect1.c
+++ b/sshconnect1.c
@@ -13,25 +13,36 @@
13 */ 13 */
14 14
15#include "includes.h" 15#include "includes.h"
16RCSID("$OpenBSD: sshconnect1.c,v 1.16 2001/01/18 17:00:00 markus Exp $"); 16RCSID("$OpenBSD: sshconnect1.c,v 1.18 2001/01/21 19:06:00 markus Exp $");
17 17
18#include <openssl/bn.h> 18#include <openssl/bn.h>
19#include <openssl/dsa.h>
20#include <openssl/rsa.h>
21#include <openssl/evp.h> 19#include <openssl/evp.h>
22 20
21#ifdef KRB4
22#include <krb.h>
23#include "radix.h"
24#endif
25#ifdef AFS
26#include <kafs.h>
27#endif
28
29#include "ssh.h"
30#include "ssh1.h"
23#include "xmalloc.h" 31#include "xmalloc.h"
24#include "rsa.h" 32#include "rsa.h"
25#include "ssh.h"
26#include "buffer.h" 33#include "buffer.h"
27#include "packet.h" 34#include "packet.h"
28#include "mpaux.h" 35#include "mpaux.h"
29#include "uidswap.h" 36#include "uidswap.h"
37#include "log.h"
30#include "readconf.h" 38#include "readconf.h"
31#include "key.h" 39#include "key.h"
32#include "authfd.h" 40#include "authfd.h"
33#include "sshconnect.h" 41#include "sshconnect.h"
34#include "authfile.h" 42#include "authfile.h"
43#include "readpass.h"
44#include "cipher.h"
45#include "canohost.h"
35 46
36/* Session id for the current session. */ 47/* Session id for the current session. */
37u_char session_id[16]; 48u_char session_id[16];
diff --git a/sshconnect2.c b/sshconnect2.c
index 8321c9eb7..6f41b987a 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -23,25 +23,23 @@
23 */ 23 */
24 24
25#include "includes.h" 25#include "includes.h"
26RCSID("$OpenBSD: sshconnect2.c,v 1.35 2001/01/04 22:21:26 markus Exp $"); 26RCSID("$OpenBSD: sshconnect2.c,v 1.37 2001/01/21 19:06:00 markus Exp $");
27 27
28#include <openssl/bn.h> 28#include <openssl/bn.h>
29#include <openssl/rsa.h>
30#include <openssl/dsa.h>
31#include <openssl/md5.h> 29#include <openssl/md5.h>
32#include <openssl/dh.h> 30#include <openssl/dh.h>
33#include <openssl/hmac.h> 31#include <openssl/hmac.h>
34 32
35#include "ssh.h" 33#include "ssh.h"
34#include "ssh2.h"
36#include "xmalloc.h" 35#include "xmalloc.h"
37#include "rsa.h" 36#include "rsa.h"
38#include "buffer.h" 37#include "buffer.h"
39#include "packet.h" 38#include "packet.h"
40#include "uidswap.h" 39#include "uidswap.h"
41#include "compat.h" 40#include "compat.h"
42#include "readconf.h"
43#include "bufaux.h" 41#include "bufaux.h"
44#include "ssh2.h" 42#include "cipher.h"
45#include "kex.h" 43#include "kex.h"
46#include "myproposal.h" 44#include "myproposal.h"
47#include "key.h" 45#include "key.h"
@@ -50,6 +48,9 @@ RCSID("$OpenBSD: sshconnect2.c,v 1.35 2001/01/04 22:21:26 markus Exp $");
50#include "cli.h" 48#include "cli.h"
51#include "dispatch.h" 49#include "dispatch.h"
52#include "authfd.h" 50#include "authfd.h"
51#include "log.h"
52#include "readconf.h"
53#include "readpass.h"
53 54
54void ssh_dh1_client(Kex *, char *, struct sockaddr *, Buffer *, Buffer *); 55void ssh_dh1_client(Kex *, char *, struct sockaddr *, Buffer *, Buffer *);
55void ssh_dhgex_client(Kex *, char *, struct sockaddr *, Buffer *, Buffer *); 56void ssh_dhgex_client(Kex *, char *, struct sockaddr *, Buffer *, Buffer *);
@@ -332,8 +333,7 @@ ssh_dhgex_client(Kex *kex, char *host, struct sockaddr *hostaddr,
332 if ((g = BN_new()) == NULL) 333 if ((g = BN_new()) == NULL)
333 fatal("BN_new"); 334 fatal("BN_new");
334 packet_get_bignum2(g, &dlen); 335 packet_get_bignum2(g, &dlen);
335 if ((dh = dh_new_group(g, p)) == NULL) 336 dh = dh_new_group(g, p);
336 fatal("dh_new_group");
337 337
338 dh_gen_key(dh); 338 dh_gen_key(dh);
339 339
diff --git a/sshd.8 b/sshd.8
index 415d960a1..9734c397e 100644
--- a/sshd.8
+++ b/sshd.8
@@ -34,7 +34,7 @@
34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36.\" 36.\"
37.\" $OpenBSD: sshd.8,v 1.82 2001/01/18 16:20:22 markus Exp $ 37.\" $OpenBSD: sshd.8,v 1.83 2001/01/19 16:48:14 markus Exp $
38.Dd September 25, 1999 38.Dd September 25, 1999
39.Dt SSHD 8 39.Dt SSHD 8
40.Os 40.Os
@@ -394,7 +394,7 @@ Specifies the file containing the private host keys (default
394used by SSH protocol versions 1 and 2. 394used by SSH protocol versions 1 and 2.
395Note that 395Note that
396.Nm 396.Nm
397if this file is group/world-accessible. 397will refuse to use a file if it is group/world-accessible.
398It is possible to have multiple host key files. 398It is possible to have multiple host key files.
399.Dq rsa1 399.Dq rsa1
400keys are used for version 1 and 400keys are used for version 1 and
diff --git a/sshd.c b/sshd.c
index 9eaf312dc..77a17e14a 100644
--- a/sshd.c
+++ b/sshd.c
@@ -40,32 +40,36 @@
40 */ 40 */
41 41
42#include "includes.h" 42#include "includes.h"
43RCSID("$OpenBSD: sshd.c,v 1.153 2001/01/19 12:45:27 markus Exp $"); 43RCSID("$OpenBSD: sshd.c,v 1.155 2001/01/21 19:06:00 markus Exp $");
44 44
45#include <openssl/dh.h>
46#include <openssl/bn.h>
47#include <openssl/hmac.h>
48
49#include "ssh.h"
50#include "ssh1.h"
51#include "ssh2.h"
45#include "xmalloc.h" 52#include "xmalloc.h"
46#include "rsa.h" 53#include "rsa.h"
47#include "ssh.h"
48#include "pty.h" 54#include "pty.h"
49#include "packet.h" 55#include "packet.h"
50#include "mpaux.h" 56#include "mpaux.h"
57#include "log.h"
51#include "servconf.h" 58#include "servconf.h"
52#include "uidswap.h" 59#include "uidswap.h"
53#include "compat.h" 60#include "compat.h"
54#include "buffer.h" 61#include "buffer.h"
55 62#include "cipher.h"
56#include "ssh2.h"
57#include <openssl/dh.h>
58#include <openssl/bn.h>
59#include <openssl/hmac.h>
60#include "kex.h" 63#include "kex.h"
61#include <openssl/dsa.h>
62#include <openssl/rsa.h>
63#include "key.h" 64#include "key.h"
64#include "dh.h" 65#include "dh.h"
65
66#include "auth.h"
67#include "myproposal.h" 66#include "myproposal.h"
68#include "authfile.h" 67#include "authfile.h"
68#include "pathnames.h"
69#include "atomicio.h"
70#include "canohost.h"
71#include "auth.h"
72#include "misc.h"
69 73
70#ifdef LIBWRAP 74#ifdef LIBWRAP
71#include <tcpd.h> 75#include <tcpd.h>
@@ -88,7 +92,7 @@ char *__progname;
88ServerOptions options; 92ServerOptions options;
89 93
90/* Name of the server configuration file. */ 94/* Name of the server configuration file. */
91char *config_file_name = SERVER_CONFIG_FILE; 95char *config_file_name = _PATH_SERVER_CONFIG_FILE;
92 96
93/* 97/*
94 * Flag indicating whether IPv4 or IPv6. This can be set on the command line. 98 * Flag indicating whether IPv4 or IPv6. This can be set on the command line.
@@ -643,7 +647,7 @@ main(int ac, char **av)
643 fprintf(stderr, "sshd version %s\n", SSH_VERSION); 647 fprintf(stderr, "sshd version %s\n", SSH_VERSION);
644 fprintf(stderr, "Usage: %s [options]\n", __progname); 648 fprintf(stderr, "Usage: %s [options]\n", __progname);
645 fprintf(stderr, "Options:\n"); 649 fprintf(stderr, "Options:\n");
646 fprintf(stderr, " -f file Configuration file (default %s)\n", SERVER_CONFIG_FILE); 650 fprintf(stderr, " -f file Configuration file (default %s)\n", _PATH_SERVER_CONFIG_FILE);
647 fprintf(stderr, " -d Debugging mode (multiple -d means more debugging)\n"); 651 fprintf(stderr, " -d Debugging mode (multiple -d means more debugging)\n");
648 fprintf(stderr, " -i Started from inetd\n"); 652 fprintf(stderr, " -i Started from inetd\n");
649 fprintf(stderr, " -D Do not fork into daemon mode\n"); 653 fprintf(stderr, " -D Do not fork into daemon mode\n");
@@ -653,7 +657,7 @@ main(int ac, char **av)
653 fprintf(stderr, " -g seconds Grace period for authentication (default: 600)\n"); 657 fprintf(stderr, " -g seconds Grace period for authentication (default: 600)\n");
654 fprintf(stderr, " -b bits Size of server RSA key (default: 768 bits)\n"); 658 fprintf(stderr, " -b bits Size of server RSA key (default: 768 bits)\n");
655 fprintf(stderr, " -h file File from which to read host key (default: %s)\n", 659 fprintf(stderr, " -h file File from which to read host key (default: %s)\n",
656 HOST_KEY_FILE); 660 _PATH_HOST_KEY_FILE);
657 fprintf(stderr, " -u len Maximum hostname length for utmp recording\n"); 661 fprintf(stderr, " -u len Maximum hostname length for utmp recording\n");
658 fprintf(stderr, " -4 Use IPv4 only\n"); 662 fprintf(stderr, " -4 Use IPv4 only\n");
659 fprintf(stderr, " -6 Use IPv6 only\n"); 663 fprintf(stderr, " -6 Use IPv6 only\n");
diff --git a/tildexpand.c b/tildexpand.c
index b091d51ec..b72744683 100644
--- a/tildexpand.c
+++ b/tildexpand.c
@@ -11,10 +11,10 @@
11 */ 11 */
12 12
13#include "includes.h" 13#include "includes.h"
14RCSID("$OpenBSD: tildexpand.c,v 1.9 2000/12/19 23:17:59 markus Exp $"); 14RCSID("$OpenBSD: tildexpand.c,v 1.10 2001/01/21 19:06:01 markus Exp $");
15 15
16#include "xmalloc.h" 16#include "xmalloc.h"
17#include "ssh.h" 17#include "log.h"
18 18
19/* 19/*
20 * Expands tildes in the file name. Returns data allocated by xmalloc. 20 * Expands tildes in the file name. Returns data allocated by xmalloc.
diff --git a/tildexpand.h b/tildexpand.h
new file mode 100644
index 000000000..fc9997736
--- /dev/null
+++ b/tildexpand.h
@@ -0,0 +1,17 @@
1/*
2 * Author: Tatu Ylonen <ylo@cs.hut.fi>
3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4 * All rights reserved
5 *
6 * As far as I am concerned, the code I have written for this software
7 * can be used freely for any purpose. Any derived versions of this
8 * software must be clearly marked as such, and if the derived work is
9 * incompatible with the protocol description in the RFC file, it must be
10 * called by a name other than "ssh" or "Secure Shell".
11 */
12
13/*
14 * Expands tildes in the file name. Returns data allocated by xmalloc.
15 * Warning: this calls getpw*.
16 */
17char *tilde_expand_filename(const char *filename, uid_t my_uid);
diff --git a/ttymodes.c b/ttymodes.c
index a7a3e9301..2516e9310 100644
--- a/ttymodes.c
+++ b/ttymodes.c
@@ -15,10 +15,11 @@
15 */ 15 */
16 16
17#include "includes.h" 17#include "includes.h"
18RCSID("$OpenBSD: ttymodes.c,v 1.8 2000/09/07 20:27:55 deraadt Exp $"); 18RCSID("$OpenBSD: ttymodes.c,v 1.10 2001/01/21 19:06:01 markus Exp $");
19 19
20#include "packet.h" 20#include "packet.h"
21#include "ssh.h" 21#include "log.h"
22#include "ssh1.h"
22 23
23#define TTY_OP_END 0 24#define TTY_OP_END 0
24#define TTY_OP_ISPEED 192 /* int follows */ 25#define TTY_OP_ISPEED 192 /* int follows */
diff --git a/uidswap.c b/uidswap.c
index fb95702a9..8b7f535be 100644
--- a/uidswap.c
+++ b/uidswap.c
@@ -12,9 +12,9 @@
12 */ 12 */
13 13
14#include "includes.h" 14#include "includes.h"
15RCSID("$OpenBSD: uidswap.c,v 1.12 2000/12/29 10:48:56 markus Exp $"); 15RCSID("$OpenBSD: uidswap.c,v 1.13 2001/01/21 19:06:01 markus Exp $");
16 16
17#include "ssh.h" 17#include "log.h"
18#include "uidswap.h" 18#include "uidswap.h"
19 19
20/* 20/*
diff --git a/xmalloc.c b/xmalloc.c
index 738c9cdc3..566bbfd20 100644
--- a/xmalloc.c
+++ b/xmalloc.c
@@ -13,9 +13,10 @@
13 */ 13 */
14 14
15#include "includes.h" 15#include "includes.h"
16RCSID("$OpenBSD: xmalloc.c,v 1.8 2000/09/07 20:27:55 deraadt Exp $"); 16RCSID("$OpenBSD: xmalloc.c,v 1.9 2001/01/21 19:06:02 markus Exp $");
17 17
18#include "ssh.h" 18#include "xmalloc.h"
19#include "log.h"
19 20
20void * 21void *
21xmalloc(size_t size) 22xmalloc(size_t size)
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-21 06:09:16 +0000