diff options
-rw-r--r-- | ChangeLog | 63 | ||||
-rw-r--r-- | Makefile.in | 2 | ||||
-rw-r--r-- | acconfig.h | 2 | ||||
-rw-r--r-- | atomicio.c | 4 | ||||
-rw-r--r-- | atomicio.h | 29 | ||||
-rw-r--r-- | auth-chall.c | 3 | ||||
-rw-r--r-- | auth-krb4.c | 12 | ||||
-rw-r--r-- | auth-options.c | 29 | ||||
-rw-r--r-- | auth-options.h | 19 | ||||
-rw-r--r-- | auth-pam.c | 5 | ||||
-rw-r--r-- | auth-passwd.c | 7 | ||||
-rw-r--r-- | auth-rh-rsa.c | 17 | ||||
-rw-r--r-- | auth-rhosts.c | 14 | ||||
-rw-r--r-- | auth-rsa.c | 30 | ||||
-rw-r--r-- | auth.c | 13 | ||||
-rw-r--r-- | auth.h | 66 | ||||
-rw-r--r-- | auth1.c | 12 | ||||
-rw-r--r-- | auth2-chall.c | 4 | ||||
-rw-r--r-- | auth2-pam.c | 7 | ||||
-rw-r--r-- | auth2.c | 20 | ||||
-rw-r--r-- | authfd.c | 12 | ||||
-rw-r--r-- | authfile.c | 11 | ||||
-rw-r--r-- | bufaux.c | 4 | ||||
-rw-r--r-- | bufaux.h | 3 | ||||
-rw-r--r-- | buffer.c | 4 | ||||
-rw-r--r-- | canohost.c | 4 | ||||
-rw-r--r-- | canohost.h | 36 | ||||
-rw-r--r-- | channels.c | 21 | ||||
-rw-r--r-- | cipher.c | 5 | ||||
-rw-r--r-- | cli.c | 4 | ||||
-rw-r--r-- | clientloop.c | 18 | ||||
-rw-r--r-- | clientloop.h | 15 | ||||
-rw-r--r-- | compat.c | 9 | ||||
-rw-r--r-- | compress.c | 4 | ||||
-rw-r--r-- | configure.in | 2 | ||||
-rw-r--r-- | deattack.c | 4 | ||||
-rw-r--r-- | dh.c | 17 | ||||
-rw-r--r-- | dispatch.c | 6 | ||||
-rw-r--r-- | entropy.c | 10 | ||||
-rw-r--r-- | groupaccess.c | 2 | ||||
-rw-r--r-- | hmac.c | 4 | ||||
-rw-r--r-- | hostfile.c | 6 | ||||
-rw-r--r-- | kex.c | 21 | ||||
-rw-r--r-- | key.c | 10 | ||||
-rw-r--r-- | key.h | 3 | ||||
-rw-r--r-- | log-client.c | 4 | ||||
-rw-r--r-- | log-server.c | 4 | ||||
-rw-r--r-- | log.c | 4 | ||||
-rw-r--r-- | log.h | 76 | ||||
-rw-r--r-- | login.c | 2 | ||||
-rw-r--r-- | login.h | 38 | ||||
-rw-r--r-- | loginrec.c | 4 | ||||
-rw-r--r-- | match.c | 4 | ||||
-rw-r--r-- | misc.c (renamed from util.c) | 1 | ||||
-rw-r--r-- | misc.h | 19 | ||||
-rw-r--r-- | nchan.c | 9 | ||||
-rw-r--r-- | packet.c | 6 | ||||
-rw-r--r-- | pathnames.h | 136 | ||||
-rw-r--r-- | pty.c | 4 | ||||
-rw-r--r-- | radix.h | 26 | ||||
-rw-r--r-- | readconf.c | 31 | ||||
-rw-r--r-- | readpass.c | 3 | ||||
-rw-r--r-- | readpass.h | 18 | ||||
-rw-r--r-- | rsa.c | 4 | ||||
-rw-r--r-- | scp.c | 12 | ||||
-rw-r--r-- | servconf.c | 27 | ||||
-rw-r--r-- | serverloop.c | 8 | ||||
-rw-r--r-- | serverloop.h | 20 | ||||
-rw-r--r-- | session.c | 31 | ||||
-rw-r--r-- | sftp-server.c | 4 | ||||
-rw-r--r-- | ssh-add.c | 19 | ||||
-rw-r--r-- | ssh-agent.c | 101 | ||||
-rw-r--r-- | ssh-dss.c | 22 | ||||
-rw-r--r-- | ssh-keygen.1 | 6 | ||||
-rw-r--r-- | ssh-keygen.c | 18 | ||||
-rw-r--r-- | ssh-keyscan.c | 6 | ||||
-rw-r--r-- | ssh-rsa.c | 13 | ||||
-rw-r--r-- | ssh.c | 28 | ||||
-rw-r--r-- | ssh.h | 467 | ||||
-rw-r--r-- | ssh1.h | 84 | ||||
-rw-r--r-- | sshconnect.c | 14 | ||||
-rw-r--r-- | sshconnect.h | 28 | ||||
-rw-r--r-- | sshconnect1.c | 19 | ||||
-rw-r--r-- | sshconnect2.c | 14 | ||||
-rw-r--r-- | sshd.8 | 4 | ||||
-rw-r--r-- | sshd.c | 32 | ||||
-rw-r--r-- | tildexpand.c | 4 | ||||
-rw-r--r-- | tildexpand.h | 17 | ||||
-rw-r--r-- | ttymodes.c | 5 | ||||
-rw-r--r-- | uidswap.c | 4 | ||||
-rw-r--r-- | xmalloc.c | 5 |
91 files changed, 1161 insertions, 837 deletions
@@ -1,3 +1,66 @@ | |||
1 | 20010122 | ||
2 | - (bal) OpenBSD Resync | ||
3 | - markus@cvs.openbsd.org 2001/01/19 12:45:26 GMT 2001 by markus | ||
4 | [servconf.c ssh.h sshd.c] | ||
5 | only auth-chall.c needs #ifdef SKEY | ||
6 | - markus@cvs.openbsd.org 2001/01/19 15:55:10 GMT 2001 by markus | ||
7 | [auth-krb4.c auth-options.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c | ||
8 | auth1.c auth2.c channels.c clientloop.c dh.c dispatch.c nchan.c | ||
9 | packet.c pathname.h readconf.c scp.c servconf.c serverloop.c | ||
10 | session.c ssh-add.c ssh-keygen.c ssh-keyscan.c ssh.c ssh.h | ||
11 | ssh1.h sshconnect1.c sshd.c ttymodes.c] | ||
12 | move ssh1 definitions to ssh1.h, pathnames to pathnames.h | ||
13 | - markus@cvs.openbsd.org 2001/01/19 16:48:14 | ||
14 | [sshd.8] | ||
15 | fix typo; from stevesk@ | ||
16 | - markus@cvs.openbsd.org 2001/01/19 16:50:58 | ||
17 | [ssh-dss.c] | ||
18 | clear and free digest, make consistent with other code (use dlen); from | ||
19 | stevesk@ | ||
20 | - markus@cvs.openbsd.org 2001/01/20 15:55:20 GMT 2001 by markus | ||
21 | [auth-options.c auth-options.h auth-rsa.c auth2.c] | ||
22 | pass the filename to auth_parse_options() | ||
23 | - markus@cvs.openbsd.org 2001/01/20 17:59:40 GMT 2001 | ||
24 | [readconf.c] | ||
25 | fix SIGSEGV from -o ""; problem noted by jehsom@togetherweb.com | ||
26 | - stevesk@cvs.openbsd.org 2001/01/20 18:20:29 | ||
27 | [sshconnect2.c] | ||
28 | dh_new_group() does not return NULL. ok markus@ | ||
29 | - markus@cvs.openbsd.org 2001/01/20 21:33:42 | ||
30 | [ssh-add.c] | ||
31 | do not loop forever if askpass does not exist; from | ||
32 | andrew@pimlott.ne.mediaone.net | ||
33 | - djm@cvs.openbsd.org 2001/01/20 23:00:56 | ||
34 | [servconf.c] | ||
35 | Check for NULL return from strdelim; ok markus | ||
36 | - djm@cvs.openbsd.org 2001/01/20 23:02:07 | ||
37 | [readconf.c] | ||
38 | KNF; ok markus | ||
39 | - jakob@cvs.openbsd.org 2001/01/21 9:00:33 | ||
40 | [ssh-keygen.1] | ||
41 | remove -R flag; ok markus@ | ||
42 | - markus@cvs.openbsd.org 2001/01/21 19:05:40 | ||
43 | [atomicio.c automicio.h auth-chall.c auth-krb4.c auth-options.c | ||
44 | auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c | ||
45 | auth.c auth.h auth1.c auth2-chall.c auth2.c authfd.c authfile.c | ||
46 | bufaux.c bufaux.h buffer.c canahost.c canahost.h channels.c | ||
47 | cipher.c cli.c clientloop.c clientloop.h compat.c compress.c | ||
48 | deattack.c dh.c dispatch.c groupaccess.c hmac.c hostfile.c kex.c | ||
49 | key.c key.h log-client.c log-server.c log.c log.h login.c login.h | ||
50 | match.c misc.c misc.h nchan.c packet.c pty.c radix.h readconf.c | ||
51 | readpass.c readpass.h rsa.c scp.c servconf.c serverloop.c serverloop.h | ||
52 | session.c sftp-server.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c | ||
53 | ssh-keyscan.c ssh-rsa.c ssh.c ssh.h sshconnect.c sshconnect.h | ||
54 | sshconnect1.c sshconnect2.c sshd.c tildexpand.c tildexpand.h | ||
55 | ttysmodes.c uidswap.c xmalloc.c] | ||
56 | split ssh.h and try to cleanup the #include mess. remove unnecessary | ||
57 | #includes. rename util.[ch] -> misc.[ch] | ||
58 | - (bal) renamed 'PIDDIR' to '_PATH_SSH_PIDDIR' to match OpenBSD tree | ||
59 | - (bal) Moved #ifdef KRB4 in auth-krb4.c above the #include to resolve | ||
60 | conflict when compiling for non-kerb install | ||
61 | - (bal) removed the #ifdef SKEY in auth1.c to match Markus' changes | ||
62 | on 1/19. | ||
63 | |||
1 | 20010120 | 64 | 20010120 |
2 | - (bal) OpenBSD Resync | 65 | - (bal) OpenBSD Resync |
3 | - markus@cvs.openbsd.org 2001/01/19 12:45:26 | 66 | - markus@cvs.openbsd.org 2001/01/19 12:45:26 |
diff --git a/Makefile.in b/Makefile.in index 57449dcd9..25ff41bdb 100644 --- a/Makefile.in +++ b/Makefile.in | |||
@@ -37,7 +37,7 @@ INSTALL_SSH_PRNG_CMDS=@INSTALL_SSH_PRNG_CMDS@ | |||
37 | 37 | ||
38 | TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-agent$(EXEEXT) scp$(EXEEXT) $(SFTP-SERVER) | 38 | TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-agent$(EXEEXT) scp$(EXEEXT) $(SFTP-SERVER) |
39 | 39 | ||
40 | LIBSSH_OBJS=atomicio.o authfd.o authfile.o bufaux.o buffer.o canohost.o channels.o cipher.o cli.o compat.o compress.o crc32.o cygwin_util.o deattack.o dispatch.o hmac.o hostfile.o key.o kex.o log.o match.o mpaux.o nchan.o packet.o radix.o rijndael.o entropy.o readpass.o rsa.o ssh-dss.o ssh-rsa.o tildexpand.o ttymodes.o uidswap.o util.o uuencode.o xmalloc.o | 40 | LIBSSH_OBJS=atomicio.o authfd.o authfile.o bufaux.o buffer.o canohost.o channels.o cipher.o cli.o compat.o compress.o crc32.o cygwin_util.o deattack.o dispatch.o hmac.o hostfile.o key.o kex.o log.o match.o misc.o mpaux.o nchan.o packet.o radix.o rijndael.o entropy.o readpass.o rsa.o ssh-dss.o ssh-rsa.o tildexpand.o ttymodes.o uidswap.o uuencode.o xmalloc.o |
41 | 41 | ||
42 | LIBOPENBSD_COMPAT_OBJS=bsd-arc4random.o bsd-base64.o bsd-bindresvport.o bsd-daemon.o bsd-getcwd.o bsd-getgrouplist.o bsd-inet_aton.o bsd-inet_ntoa.o bsd-misc.o bsd-mktemp.o bsd-realpath.o bsd-rresvport.o bsd-setenv.o bsd-sigaction.o bsd-snprintf.o bsd-strlcat.o bsd-strlcpy.o bsd-strmode.o bsd-strsep.o bsd-strtok.o bsd-vis.o bsd-setproctitle.o bsd-waitpid.o fake-getaddrinfo.o fake-getnameinfo.o next-posix.o | 42 | LIBOPENBSD_COMPAT_OBJS=bsd-arc4random.o bsd-base64.o bsd-bindresvport.o bsd-daemon.o bsd-getcwd.o bsd-getgrouplist.o bsd-inet_aton.o bsd-inet_ntoa.o bsd-misc.o bsd-mktemp.o bsd-realpath.o bsd-rresvport.o bsd-setenv.o bsd-sigaction.o bsd-snprintf.o bsd-strlcat.o bsd-strlcpy.o bsd-strmode.o bsd-strsep.o bsd-strtok.o bsd-vis.o bsd-setproctitle.o bsd-waitpid.o fake-getaddrinfo.o fake-getnameinfo.o next-posix.o |
43 | 43 | ||
diff --git a/acconfig.h b/acconfig.h index 936a7ca5e..f0242eec4 100644 --- a/acconfig.h +++ b/acconfig.h | |||
@@ -268,7 +268,7 @@ | |||
268 | #undef USER_PATH | 268 | #undef USER_PATH |
269 | 269 | ||
270 | /* Specify location of ssh.pid */ | 270 | /* Specify location of ssh.pid */ |
271 | #undef PIDDIR | 271 | #undef _PATH_SSH_PIDDIR |
272 | 272 | ||
273 | /* Use IPv4 for connection by default, IPv6 can still if explicity asked */ | 273 | /* Use IPv4 for connection by default, IPv6 can still if explicity asked */ |
274 | #undef IPV4_DEFAULT | 274 | #undef IPV4_DEFAULT |
diff --git a/atomicio.c b/atomicio.c index 29ff16c44..7985fb80d 100644 --- a/atomicio.c +++ b/atomicio.c | |||
@@ -24,10 +24,10 @@ | |||
24 | */ | 24 | */ |
25 | 25 | ||
26 | #include "includes.h" | 26 | #include "includes.h" |
27 | RCSID("$OpenBSD: atomicio.c,v 1.7 2000/10/18 18:04:02 markus Exp $"); | 27 | RCSID("$OpenBSD: atomicio.c,v 1.8 2001/01/21 19:05:40 markus Exp $"); |
28 | 28 | ||
29 | #include "xmalloc.h" | 29 | #include "xmalloc.h" |
30 | #include "ssh.h" | 30 | #include "atomicio.h" |
31 | 31 | ||
32 | /* | 32 | /* |
33 | * ensure all of data on socket comes through. f==read || f==write | 33 | * ensure all of data on socket comes through. f==read || f==write |
diff --git a/atomicio.h b/atomicio.h new file mode 100644 index 000000000..15fc025c3 --- /dev/null +++ b/atomicio.h | |||
@@ -0,0 +1,29 @@ | |||
1 | /* | ||
2 | * Copyright (c) 1995,1999 Theo de Raadt | ||
3 | * All rights reserved. | ||
4 | * | ||
5 | * Redistribution and use in source and binary forms, with or without | ||
6 | * modification, are permitted provided that the following conditions | ||
7 | * are met: | ||
8 | * 1. Redistributions of source code must retain the above copyright | ||
9 | * notice, this list of conditions and the following disclaimer. | ||
10 | * 2. Redistributions in binary form must reproduce the above copyright | ||
11 | * notice, this list of conditions and the following disclaimer in the | ||
12 | * documentation and/or other materials provided with the distribution. | ||
13 | * | ||
14 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | ||
15 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | ||
16 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | ||
17 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | ||
18 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
19 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | ||
20 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | ||
21 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | ||
22 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | ||
23 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | ||
24 | */ | ||
25 | |||
26 | /* | ||
27 | * Ensure all of data on socket comes through. f==read || f==write | ||
28 | */ | ||
29 | ssize_t atomicio(ssize_t (*f)(), int fd, void *s, size_t n); | ||
diff --git a/auth-chall.c b/auth-chall.c index e99ddb39f..b8b0c5d1e 100644 --- a/auth-chall.c +++ b/auth-chall.c | |||
@@ -23,9 +23,8 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$OpenBSD: auth-chall.c,v 1.2 2001/01/19 12:45:26 markus Exp $"); | 26 | RCSID("$OpenBSD: auth-chall.c,v 1.3 2001/01/21 19:05:41 markus Exp $"); |
27 | 27 | ||
28 | #include "ssh.h" | ||
29 | #include "auth.h" | 28 | #include "auth.h" |
30 | 29 | ||
31 | #ifdef SKEY | 30 | #ifdef SKEY |
diff --git a/auth-krb4.c b/auth-krb4.c index 80e8f4292..d68806f95 100644 --- a/auth-krb4.c +++ b/auth-krb4.c | |||
@@ -23,14 +23,18 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$OpenBSD: auth-krb4.c,v 1.22 2001/01/21 19:05:41 markus Exp $"); | ||
27 | |||
28 | #ifdef KRB4 | ||
29 | #include "ssh.h" | ||
30 | #include "ssh1.h" | ||
26 | #include "packet.h" | 31 | #include "packet.h" |
27 | #include "xmalloc.h" | 32 | #include "xmalloc.h" |
28 | #include "ssh.h" | 33 | #include "log.h" |
29 | #include "servconf.h" | 34 | #include "servconf.h" |
35 | #include "auth.h" | ||
36 | #include "radix.h" | ||
30 | 37 | ||
31 | RCSID("$OpenBSD: auth-krb4.c,v 1.20 2000/12/19 23:17:54 markus Exp $"); | ||
32 | |||
33 | #ifdef KRB4 | ||
34 | char *ticket = NULL; | 38 | char *ticket = NULL; |
35 | 39 | ||
36 | extern ServerOptions options; | 40 | extern ServerOptions options; |
diff --git a/auth-options.c b/auth-options.c index ef61d8df8..5457d9b14 100644 --- a/auth-options.c +++ b/auth-options.c | |||
@@ -10,12 +10,14 @@ | |||
10 | */ | 10 | */ |
11 | 11 | ||
12 | #include "includes.h" | 12 | #include "includes.h" |
13 | RCSID("$OpenBSD: auth-options.c,v 1.8 2001/01/13 18:38:00 markus Exp $"); | 13 | RCSID("$OpenBSD: auth-options.c,v 1.11 2001/01/21 19:05:41 markus Exp $"); |
14 | 14 | ||
15 | #include "ssh.h" | ||
16 | #include "packet.h" | 15 | #include "packet.h" |
17 | #include "xmalloc.h" | 16 | #include "xmalloc.h" |
18 | #include "match.h" | 17 | #include "match.h" |
18 | #include "log.h" | ||
19 | #include "canohost.h" | ||
20 | #include "auth-options.h" | ||
19 | 21 | ||
20 | /* Flags set authorized_keys flags */ | 22 | /* Flags set authorized_keys flags */ |
21 | int no_port_forwarding_flag = 0; | 23 | int no_port_forwarding_flag = 0; |
@@ -48,9 +50,12 @@ auth_clear_options(void) | |||
48 | } | 50 | } |
49 | } | 51 | } |
50 | 52 | ||
51 | /* return 1 if access is granted, 0 if not. side effect: sets key option flags */ | 53 | /* |
54 | * return 1 if access is granted, 0 if not. | ||
55 | * side effect: sets key option flags | ||
56 | */ | ||
52 | int | 57 | int |
53 | auth_parse_options(struct passwd *pw, char *options, u_long linenum) | 58 | auth_parse_options(struct passwd *pw, char *options, char *file, u_long linenum) |
54 | { | 59 | { |
55 | const char *cp; | 60 | const char *cp; |
56 | if (!options) | 61 | if (!options) |
@@ -106,9 +111,9 @@ auth_parse_options(struct passwd *pw, char *options, u_long linenum) | |||
106 | } | 111 | } |
107 | if (!*options) { | 112 | if (!*options) { |
108 | debug("%.100s, line %lu: missing end quote", | 113 | debug("%.100s, line %lu: missing end quote", |
109 | SSH_USER_PERMITTED_KEYS, linenum); | 114 | file, linenum); |
110 | packet_send_debug("%.100s, line %lu: missing end quote", | 115 | packet_send_debug("%.100s, line %lu: missing end quote", |
111 | SSH_USER_PERMITTED_KEYS, linenum); | 116 | file, linenum); |
112 | continue; | 117 | continue; |
113 | } | 118 | } |
114 | forced_command[i] = 0; | 119 | forced_command[i] = 0; |
@@ -136,9 +141,9 @@ auth_parse_options(struct passwd *pw, char *options, u_long linenum) | |||
136 | } | 141 | } |
137 | if (!*options) { | 142 | if (!*options) { |
138 | debug("%.100s, line %lu: missing end quote", | 143 | debug("%.100s, line %lu: missing end quote", |
139 | SSH_USER_PERMITTED_KEYS, linenum); | 144 | file, linenum); |
140 | packet_send_debug("%.100s, line %lu: missing end quote", | 145 | packet_send_debug("%.100s, line %lu: missing end quote", |
141 | SSH_USER_PERMITTED_KEYS, linenum); | 146 | file, linenum); |
142 | continue; | 147 | continue; |
143 | } | 148 | } |
144 | s[i] = 0; | 149 | s[i] = 0; |
@@ -170,9 +175,9 @@ auth_parse_options(struct passwd *pw, char *options, u_long linenum) | |||
170 | } | 175 | } |
171 | if (!*options) { | 176 | if (!*options) { |
172 | debug("%.100s, line %lu: missing end quote", | 177 | debug("%.100s, line %lu: missing end quote", |
173 | SSH_USER_PERMITTED_KEYS, linenum); | 178 | file, linenum); |
174 | packet_send_debug("%.100s, line %lu: missing end quote", | 179 | packet_send_debug("%.100s, line %lu: missing end quote", |
175 | SSH_USER_PERMITTED_KEYS, linenum); | 180 | file, linenum); |
176 | continue; | 181 | continue; |
177 | } | 182 | } |
178 | patterns[i] = 0; | 183 | patterns[i] = 0; |
@@ -219,9 +224,9 @@ next_option: | |||
219 | 224 | ||
220 | bad_option: | 225 | bad_option: |
221 | log("Bad options in %.100s file, line %lu: %.50s", | 226 | log("Bad options in %.100s file, line %lu: %.50s", |
222 | SSH_USER_PERMITTED_KEYS, linenum, options); | 227 | file, linenum, options); |
223 | packet_send_debug("Bad options in %.100s file, line %lu: %.50s", | 228 | packet_send_debug("Bad options in %.100s file, line %lu: %.50s", |
224 | SSH_USER_PERMITTED_KEYS, linenum, options); | 229 | file, linenum, options); |
225 | /* deny access */ | 230 | /* deny access */ |
226 | return 0; | 231 | return 0; |
227 | } | 232 | } |
diff --git a/auth-options.h b/auth-options.h index 76d420d23..8ee269491 100644 --- a/auth-options.h +++ b/auth-options.h | |||
@@ -11,10 +11,17 @@ | |||
11 | * called by a name other than "ssh" or "Secure Shell". | 11 | * called by a name other than "ssh" or "Secure Shell". |
12 | */ | 12 | */ |
13 | 13 | ||
14 | /* $OpenBSD: auth-options.h,v 1.6 2000/12/19 23:17:55 markus Exp $ */ | 14 | /* $OpenBSD: auth-options.h,v 1.8 2001/01/21 19:05:42 markus Exp $ */ |
15 | 15 | ||
16 | #ifndef AUTH_OPTIONS_H | 16 | #ifndef AUTH_OPTIONS_H |
17 | #define AUTH_OPTIONS_H | 17 | #define AUTH_OPTIONS_H |
18 | |||
19 | /* Linked list of custom environment strings */ | ||
20 | struct envstring { | ||
21 | struct envstring *next; | ||
22 | char *s; | ||
23 | }; | ||
24 | |||
18 | /* Flags that may be set in authorized_keys options. */ | 25 | /* Flags that may be set in authorized_keys options. */ |
19 | extern int no_port_forwarding_flag; | 26 | extern int no_port_forwarding_flag; |
20 | extern int no_agent_forwarding_flag; | 27 | extern int no_agent_forwarding_flag; |
@@ -23,8 +30,14 @@ extern int no_pty_flag; | |||
23 | extern char *forced_command; | 30 | extern char *forced_command; |
24 | extern struct envstring *custom_environment; | 31 | extern struct envstring *custom_environment; |
25 | 32 | ||
26 | /* return 1 if access is granted, 0 if not. side effect: sets key option flags */ | 33 | /* |
27 | int auth_parse_options(struct passwd *pw, char *options, u_long linenum); | 34 | * return 1 if access is granted, 0 if not. |
35 | * side effect: sets key option flags | ||
36 | */ | ||
37 | int | ||
38 | auth_parse_options(struct passwd *pw, char *options, char *file, | ||
39 | u_long linenum); | ||
40 | |||
28 | /* reset options flags */ | 41 | /* reset options flags */ |
29 | void auth_clear_options(void); | 42 | void auth_clear_options(void); |
30 | 43 | ||
diff --git a/auth-pam.c b/auth-pam.c index befb84c08..3d550b4dd 100644 --- a/auth-pam.c +++ b/auth-pam.c | |||
@@ -27,9 +27,12 @@ | |||
27 | #ifdef USE_PAM | 27 | #ifdef USE_PAM |
28 | #include "ssh.h" | 28 | #include "ssh.h" |
29 | #include "xmalloc.h" | 29 | #include "xmalloc.h" |
30 | #include "log.h" | ||
30 | #include "servconf.h" | 31 | #include "servconf.h" |
32 | #include "canohost.h" | ||
33 | #include "readpass.h" | ||
31 | 34 | ||
32 | RCSID("$Id: auth-pam.c,v 1.21 2001/01/19 04:46:38 djm Exp $"); | 35 | RCSID("$Id: auth-pam.c,v 1.22 2001/01/22 05:34:40 mouring Exp $"); |
33 | 36 | ||
34 | #define NEW_AUTHTOK_MSG \ | 37 | #define NEW_AUTHTOK_MSG \ |
35 | "Warning: Your password has expired, please change it now" | 38 | "Warning: Your password has expired, please change it now" |
diff --git a/auth-passwd.c b/auth-passwd.c index 8295ea177..541aca607 100644 --- a/auth-passwd.c +++ b/auth-passwd.c | |||
@@ -36,15 +36,14 @@ | |||
36 | */ | 36 | */ |
37 | 37 | ||
38 | #include "includes.h" | 38 | #include "includes.h" |
39 | RCSID("$OpenBSD: auth-passwd.c,v 1.19 2001/01/18 16:59:59 markus Exp $"); | 39 | RCSID("$OpenBSD: auth-passwd.c,v 1.20 2001/01/21 19:05:42 markus Exp $"); |
40 | 40 | ||
41 | #if !defined(USE_PAM) && !defined(HAVE_OSF_SIA) | 41 | #if !defined(USE_PAM) && !defined(HAVE_OSF_SIA) |
42 | 42 | ||
43 | #include "packet.h" | 43 | #include "packet.h" |
44 | #include "ssh.h" | ||
45 | #include "servconf.h" | ||
46 | #include "xmalloc.h" | 44 | #include "xmalloc.h" |
47 | 45 | #include "log.h" | |
46 | #include "servconf.h" | ||
48 | #include "auth.h" | 47 | #include "auth.h" |
49 | 48 | ||
50 | #ifdef WITH_AIXAUTHENTICATE | 49 | #ifdef WITH_AIXAUTHENTICATE |
diff --git a/auth-rh-rsa.c b/auth-rh-rsa.c index 48c075e66..87d51549d 100644 --- a/auth-rh-rsa.c +++ b/auth-rh-rsa.c | |||
@@ -13,18 +13,19 @@ | |||
13 | */ | 13 | */ |
14 | 14 | ||
15 | #include "includes.h" | 15 | #include "includes.h" |
16 | RCSID("$OpenBSD: auth-rh-rsa.c,v 1.19 2000/12/21 15:10:16 markus Exp $"); | 16 | RCSID("$OpenBSD: auth-rh-rsa.c,v 1.21 2001/01/21 19:05:42 markus Exp $"); |
17 | 17 | ||
18 | #include "packet.h" | 18 | #include "packet.h" |
19 | #include "ssh.h" | ||
20 | #include "xmalloc.h" | 19 | #include "xmalloc.h" |
21 | #include "uidswap.h" | 20 | #include "uidswap.h" |
21 | #include "log.h" | ||
22 | #include "servconf.h" | 22 | #include "servconf.h" |
23 | |||
24 | #include <openssl/rsa.h> | ||
25 | #include <openssl/dsa.h> | ||
26 | #include "key.h" | 23 | #include "key.h" |
27 | #include "hostfile.h" | 24 | #include "hostfile.h" |
25 | #include "pathnames.h" | ||
26 | #include "auth.h" | ||
27 | #include "tildexpand.h" | ||
28 | #include "canohost.h" | ||
28 | 29 | ||
29 | /* | 30 | /* |
30 | * Tries to authenticate the user using the .rhosts file and the host using | 31 | * Tries to authenticate the user using the .rhosts file and the host using |
@@ -59,15 +60,15 @@ auth_rhosts_rsa(struct passwd *pw, const char *client_user, RSA *client_host_key | |||
59 | found = key_new(KEY_RSA1); | 60 | found = key_new(KEY_RSA1); |
60 | 61 | ||
61 | /* Check if we know the host and its host key. */ | 62 | /* Check if we know the host and its host key. */ |
62 | host_status = check_host_in_hostfile(SSH_SYSTEM_HOSTFILE, canonical_hostname, | 63 | host_status = check_host_in_hostfile(_PATH_SSH_SYSTEM_HOSTFILE, canonical_hostname, |
63 | client_key, found, NULL); | 64 | client_key, found, NULL); |
64 | 65 | ||
65 | /* Check user host file unless ignored. */ | 66 | /* Check user host file unless ignored. */ |
66 | if (host_status != HOST_OK && !options.ignore_user_known_hosts) { | 67 | if (host_status != HOST_OK && !options.ignore_user_known_hosts) { |
67 | struct stat st; | 68 | struct stat st; |
68 | char *user_hostfile = tilde_expand_filename(SSH_USER_HOSTFILE, pw->pw_uid); | 69 | char *user_hostfile = tilde_expand_filename(_PATH_SSH_USER_HOSTFILE, pw->pw_uid); |
69 | /* | 70 | /* |
70 | * Check file permissions of SSH_USER_HOSTFILE, auth_rsa() | 71 | * Check file permissions of _PATH_SSH_USER_HOSTFILE, auth_rsa() |
71 | * did already check pw->pw_dir, but there is a race XXX | 72 | * did already check pw->pw_dir, but there is a race XXX |
72 | */ | 73 | */ |
73 | if (options.strict_modes && | 74 | if (options.strict_modes && |
diff --git a/auth-rhosts.c b/auth-rhosts.c index fb7dabe7a..4f9ea886d 100644 --- a/auth-rhosts.c +++ b/auth-rhosts.c | |||
@@ -14,13 +14,15 @@ | |||
14 | */ | 14 | */ |
15 | 15 | ||
16 | #include "includes.h" | 16 | #include "includes.h" |
17 | RCSID("$OpenBSD: auth-rhosts.c,v 1.17 2000/12/19 23:17:55 markus Exp $"); | 17 | RCSID("$OpenBSD: auth-rhosts.c,v 1.19 2001/01/21 19:05:42 markus Exp $"); |
18 | 18 | ||
19 | #include "packet.h" | 19 | #include "packet.h" |
20 | #include "ssh.h" | ||
21 | #include "xmalloc.h" | 20 | #include "xmalloc.h" |
22 | #include "uidswap.h" | 21 | #include "uidswap.h" |
22 | #include "pathnames.h" | ||
23 | #include "log.h" | ||
23 | #include "servconf.h" | 24 | #include "servconf.h" |
25 | #include "canohost.h" | ||
24 | 26 | ||
25 | /* | 27 | /* |
26 | * This function processes an rhosts-style file (.rhosts, .shosts, or | 28 | * This function processes an rhosts-style file (.rhosts, .shosts, or |
@@ -177,8 +179,8 @@ auth_rhosts(struct passwd *pw, const char *client_user) | |||
177 | 179 | ||
178 | /* Deny if The user has no .shosts or .rhosts file and there are no system-wide files. */ | 180 | /* Deny if The user has no .shosts or .rhosts file and there are no system-wide files. */ |
179 | if (!rhosts_files[rhosts_file_index] && | 181 | if (!rhosts_files[rhosts_file_index] && |
180 | stat("/etc/hosts.equiv", &st) < 0 && | 182 | stat(_PATH_RHOSTS_EQUIV, &st) < 0 && |
181 | stat(SSH_HOSTS_EQUIV, &st) < 0) | 183 | stat(_PATH_SSH_HOSTS_EQUIV, &st) < 0) |
182 | return 0; | 184 | return 0; |
183 | 185 | ||
184 | hostname = get_canonical_hostname(); | 186 | hostname = get_canonical_hostname(); |
@@ -192,10 +194,10 @@ auth_rhosts(struct passwd *pw, const char *client_user) | |||
192 | hostname, ipaddr); | 194 | hostname, ipaddr); |
193 | return 1; | 195 | return 1; |
194 | } | 196 | } |
195 | if (check_rhosts_file(SSH_HOSTS_EQUIV, hostname, ipaddr, client_user, | 197 | if (check_rhosts_file(_PATH_SSH_HOSTS_EQUIV, hostname, ipaddr, client_user, |
196 | pw->pw_name)) { | 198 | pw->pw_name)) { |
197 | packet_send_debug("Accepted for %.100s [%.100s] by %.100s.", | 199 | packet_send_debug("Accepted for %.100s [%.100s] by %.100s.", |
198 | hostname, ipaddr, SSH_HOSTS_EQUIV); | 200 | hostname, ipaddr, _PATH_SSH_HOSTS_EQUIV); |
199 | return 1; | 201 | return 1; |
200 | } | 202 | } |
201 | } | 203 | } |
diff --git a/auth-rsa.c b/auth-rsa.c index 3daf4d13c..ee71655f3 100644 --- a/auth-rsa.c +++ b/auth-rsa.c | |||
@@ -14,21 +14,23 @@ | |||
14 | */ | 14 | */ |
15 | 15 | ||
16 | #include "includes.h" | 16 | #include "includes.h" |
17 | RCSID("$OpenBSD: auth-rsa.c,v 1.34 2000/12/19 23:17:55 markus Exp $"); | 17 | RCSID("$OpenBSD: auth-rsa.c,v 1.38 2001/01/21 19:05:42 markus Exp $"); |
18 | |||
19 | #include <openssl/rsa.h> | ||
20 | #include <openssl/md5.h> | ||
18 | 21 | ||
19 | #include "rsa.h" | 22 | #include "rsa.h" |
20 | #include "packet.h" | 23 | #include "packet.h" |
21 | #include "xmalloc.h" | 24 | #include "xmalloc.h" |
22 | #include "ssh.h" | 25 | #include "ssh1.h" |
23 | #include "mpaux.h" | 26 | #include "mpaux.h" |
24 | #include "uidswap.h" | 27 | #include "uidswap.h" |
25 | #include "match.h" | 28 | #include "match.h" |
26 | #include "servconf.h" | ||
27 | #include "auth-options.h" | 29 | #include "auth-options.h" |
28 | 30 | #include "pathnames.h" | |
29 | #include <openssl/rsa.h> | 31 | #include "log.h" |
30 | #include <openssl/md5.h> | 32 | #include "servconf.h" |
31 | 33 | #include "auth.h" | |
32 | 34 | ||
33 | /* import */ | 35 | /* import */ |
34 | extern ServerOptions options; | 36 | extern ServerOptions options; |
@@ -120,7 +122,7 @@ auth_rsa_challenge_dialog(RSA *pk) | |||
120 | int | 122 | int |
121 | auth_rsa(struct passwd *pw, BIGNUM *client_n) | 123 | auth_rsa(struct passwd *pw, BIGNUM *client_n) |
122 | { | 124 | { |
123 | char line[8192], file[1024]; | 125 | char line[8192], file[MAXPATHLEN]; |
124 | int authenticated; | 126 | int authenticated; |
125 | u_int bits; | 127 | u_int bits; |
126 | FILE *f; | 128 | FILE *f; |
@@ -137,7 +139,7 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n) | |||
137 | 139 | ||
138 | /* The authorized keys. */ | 140 | /* The authorized keys. */ |
139 | snprintf(file, sizeof file, "%.500s/%.100s", pw->pw_dir, | 141 | snprintf(file, sizeof file, "%.500s/%.100s", pw->pw_dir, |
140 | SSH_USER_PERMITTED_KEYS); | 142 | _PATH_SSH_USER_PERMITTED_KEYS); |
141 | 143 | ||
142 | /* Fail quietly if file does not exist */ | 144 | /* Fail quietly if file does not exist */ |
143 | if (stat(file, &st) < 0) { | 145 | if (stat(file, &st) < 0) { |
@@ -165,10 +167,10 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n) | |||
165 | "bad ownership or modes for '%s'.", pw->pw_name, file); | 167 | "bad ownership or modes for '%s'.", pw->pw_name, file); |
166 | fail = 1; | 168 | fail = 1; |
167 | } else { | 169 | } else { |
168 | /* Check path to SSH_USER_PERMITTED_KEYS */ | 170 | /* Check path to _PATH_SSH_USER_PERMITTED_KEYS */ |
169 | int i; | 171 | int i; |
170 | static const char *check[] = { | 172 | static const char *check[] = { |
171 | "", SSH_USER_DIR, NULL | 173 | "", _PATH_SSH_USER_DIR, NULL |
172 | }; | 174 | }; |
173 | for (i = 0; check[i]; i++) { | 175 | for (i = 0; check[i]; i++) { |
174 | snprintf(line, sizeof line, "%.500s/%.100s", pw->pw_dir, check[i]); | 176 | snprintf(line, sizeof line, "%.500s/%.100s", pw->pw_dir, check[i]); |
@@ -235,9 +237,9 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n) | |||
235 | /* Parse the key from the line. */ | 237 | /* Parse the key from the line. */ |
236 | if (!auth_rsa_read_key(&cp, &bits, pk->e, pk->n)) { | 238 | if (!auth_rsa_read_key(&cp, &bits, pk->e, pk->n)) { |
237 | debug("%.100s, line %lu: bad key syntax", | 239 | debug("%.100s, line %lu: bad key syntax", |
238 | SSH_USER_PERMITTED_KEYS, linenum); | 240 | file, linenum); |
239 | packet_send_debug("%.100s, line %lu: bad key syntax", | 241 | packet_send_debug("%.100s, line %lu: bad key syntax", |
240 | SSH_USER_PERMITTED_KEYS, linenum); | 242 | file, linenum); |
241 | continue; | 243 | continue; |
242 | } | 244 | } |
243 | /* cp now points to the comment part. */ | 245 | /* cp now points to the comment part. */ |
@@ -257,7 +259,7 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n) | |||
257 | * If our options do not allow this key to be used, | 259 | * If our options do not allow this key to be used, |
258 | * do not send challenge. | 260 | * do not send challenge. |
259 | */ | 261 | */ |
260 | if (!auth_parse_options(pw, options, linenum)) | 262 | if (!auth_parse_options(pw, options, file, linenum)) |
261 | continue; | 263 | continue; |
262 | 264 | ||
263 | /* Perform the challenge-response dialog for this key. */ | 265 | /* Perform the challenge-response dialog for this key. */ |
@@ -23,13 +23,8 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$OpenBSD: auth.c,v 1.13 2001/01/18 16:59:59 markus Exp $"); | 26 | RCSID("$OpenBSD: auth.c,v 1.14 2001/01/21 19:05:43 markus Exp $"); |
27 | 27 | ||
28 | #include "xmalloc.h" | ||
29 | #include "ssh.h" | ||
30 | #include "match.h" | ||
31 | #include "servconf.h" | ||
32 | #include "groupaccess.h" | ||
33 | #ifdef HAVE_LOGIN_H | 28 | #ifdef HAVE_LOGIN_H |
34 | #include <login.h> | 29 | #include <login.h> |
35 | #endif | 30 | #endif |
@@ -37,8 +32,14 @@ RCSID("$OpenBSD: auth.c,v 1.13 2001/01/18 16:59:59 markus Exp $"); | |||
37 | #include <shadow.h> | 32 | #include <shadow.h> |
38 | #endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */ | 33 | #endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */ |
39 | 34 | ||
35 | #include "xmalloc.h" | ||
36 | #include "match.h" | ||
37 | #include "groupaccess.h" | ||
38 | #include "log.h" | ||
39 | #include "servconf.h" | ||
40 | #include "auth.h" | 40 | #include "auth.h" |
41 | #include "auth-options.h" | 41 | #include "auth-options.h" |
42 | #include "canohost.h" | ||
42 | 43 | ||
43 | /* import */ | 44 | /* import */ |
44 | extern ServerOptions options; | 45 | extern ServerOptions options; |
@@ -21,11 +21,13 @@ | |||
21 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 21 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
22 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 22 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
23 | * | 23 | * |
24 | * $OpenBSD: auth.h,v 1.9 2001/01/18 16:59:59 markus Exp $ | 24 | * $OpenBSD: auth.h,v 1.10 2001/01/21 19:05:43 markus Exp $ |
25 | */ | 25 | */ |
26 | #ifndef AUTH_H | 26 | #ifndef AUTH_H |
27 | #define AUTH_H | 27 | #define AUTH_H |
28 | 28 | ||
29 | #include <openssl/rsa.h> | ||
30 | |||
29 | typedef struct Authctxt Authctxt; | 31 | typedef struct Authctxt Authctxt; |
30 | struct Authctxt { | 32 | struct Authctxt { |
31 | int success; | 33 | int success; |
@@ -39,6 +41,68 @@ struct Authctxt { | |||
39 | char *style; | 41 | char *style; |
40 | }; | 42 | }; |
41 | 43 | ||
44 | /* | ||
45 | * Tries to authenticate the user using the .rhosts file. Returns true if | ||
46 | * authentication succeeds. If ignore_rhosts is non-zero, this will not | ||
47 | * consider .rhosts and .shosts (/etc/hosts.equiv will still be used). | ||
48 | */ | ||
49 | int auth_rhosts(struct passwd * pw, const char *client_user); | ||
50 | |||
51 | /* | ||
52 | * Tries to authenticate the user using the .rhosts file and the host using | ||
53 | * its host key. Returns true if authentication succeeds. | ||
54 | */ | ||
55 | int | ||
56 | auth_rhosts_rsa(struct passwd * pw, const char *client_user, RSA* client_host_key); | ||
57 | |||
58 | /* | ||
59 | * Tries to authenticate the user using password. Returns true if | ||
60 | * authentication succeeds. | ||
61 | */ | ||
62 | int auth_password(struct passwd * pw, const char *password); | ||
63 | |||
64 | /* | ||
65 | * Performs the RSA authentication dialog with the client. This returns 0 if | ||
66 | * the client could not be authenticated, and 1 if authentication was | ||
67 | * successful. This may exit if there is a serious protocol violation. | ||
68 | */ | ||
69 | int auth_rsa(struct passwd * pw, BIGNUM * client_n); | ||
70 | |||
71 | /* | ||
72 | * Parses an RSA key (number of bits, e, n) from a string. Moves the pointer | ||
73 | * over the key. Skips any whitespace at the beginning and at end. | ||
74 | */ | ||
75 | int auth_rsa_read_key(char **cpp, u_int *bitsp, BIGNUM * e, BIGNUM * n); | ||
76 | |||
77 | /* | ||
78 | * Performs the RSA authentication challenge-response dialog with the client, | ||
79 | * and returns true (non-zero) if the client gave the correct answer to our | ||
80 | * challenge; returns zero if the client gives a wrong answer. | ||
81 | */ | ||
82 | int auth_rsa_challenge_dialog(RSA *pk); | ||
83 | |||
84 | #ifdef KRB4 | ||
85 | #include <krb.h> | ||
86 | /* | ||
87 | * Performs Kerberos v4 mutual authentication with the client. This returns 0 | ||
88 | * if the client could not be authenticated, and 1 if authentication was | ||
89 | * successful. This may exit if there is a serious protocol violation. | ||
90 | */ | ||
91 | int auth_krb4(const char *server_user, KTEXT auth, char **client); | ||
92 | int krb4_init(uid_t uid); | ||
93 | void krb4_cleanup_proc(void *ignore); | ||
94 | int auth_krb4_password(struct passwd * pw, const char *password); | ||
95 | |||
96 | #ifdef AFS | ||
97 | #include <kafs.h> | ||
98 | |||
99 | /* Accept passed Kerberos v4 ticket-granting ticket and AFS tokens. */ | ||
100 | int auth_kerberos_tgt(struct passwd * pw, const char *string); | ||
101 | int auth_afs_token(struct passwd * pw, const char *token_string); | ||
102 | #endif /* AFS */ | ||
103 | |||
104 | #endif /* KRB4 */ | ||
105 | |||
42 | #include "auth-pam.h" | 106 | #include "auth-pam.h" |
43 | #include "auth2-pam.h" | 107 | #include "auth2-pam.h" |
44 | 108 | ||
@@ -10,7 +10,7 @@ | |||
10 | */ | 10 | */ |
11 | 11 | ||
12 | #include "includes.h" | 12 | #include "includes.h" |
13 | RCSID("$OpenBSD: auth1.c,v 1.11 2001/01/18 16:59:59 markus Exp $"); | 13 | RCSID("$OpenBSD: auth1.c,v 1.13 2001/01/21 19:05:43 markus Exp $"); |
14 | 14 | ||
15 | #ifdef HAVE_OSF_SIA | 15 | #ifdef HAVE_OSF_SIA |
16 | # include <sia.h> | 16 | # include <sia.h> |
@@ -19,10 +19,11 @@ RCSID("$OpenBSD: auth1.c,v 1.11 2001/01/18 16:59:59 markus Exp $"); | |||
19 | 19 | ||
20 | #include "xmalloc.h" | 20 | #include "xmalloc.h" |
21 | #include "rsa.h" | 21 | #include "rsa.h" |
22 | #include "ssh.h" | 22 | #include "ssh1.h" |
23 | #include "packet.h" | 23 | #include "packet.h" |
24 | #include "buffer.h" | 24 | #include "buffer.h" |
25 | #include "mpaux.h" | 25 | #include "mpaux.h" |
26 | #include "log.h" | ||
26 | #include "servconf.h" | 27 | #include "servconf.h" |
27 | #include "compat.h" | 28 | #include "compat.h" |
28 | #include "auth.h" | 29 | #include "auth.h" |
@@ -278,11 +279,6 @@ do_authloop(Authctxt *authctxt) | |||
278 | xfree(password); | 279 | xfree(password); |
279 | break; | 280 | break; |
280 | 281 | ||
281 | #ifdef SKEY /* ISSUE: Is this right? we don't define | ||
282 | having skey_authentication in | ||
283 | servconf.h by default so I assume | ||
284 | we need to deal with this via #ifdef | ||
285 | in some reasonable way */ | ||
286 | case SSH_CMSG_AUTH_TIS: | 282 | case SSH_CMSG_AUTH_TIS: |
287 | debug("rcvd SSH_CMSG_AUTH_TIS"); | 283 | debug("rcvd SSH_CMSG_AUTH_TIS"); |
288 | if (options.skey_authentication == 1) { | 284 | if (options.skey_authentication == 1) { |
@@ -297,6 +293,7 @@ do_authloop(Authctxt *authctxt) | |||
297 | } | 293 | } |
298 | } | 294 | } |
299 | break; | 295 | break; |
296 | |||
300 | case SSH_CMSG_AUTH_TIS_RESPONSE: | 297 | case SSH_CMSG_AUTH_TIS_RESPONSE: |
301 | debug("rcvd SSH_CMSG_AUTH_TIS_RESPONSE"); | 298 | debug("rcvd SSH_CMSG_AUTH_TIS_RESPONSE"); |
302 | if (options.skey_authentication == 1) { | 299 | if (options.skey_authentication == 1) { |
@@ -308,7 +305,6 @@ do_authloop(Authctxt *authctxt) | |||
308 | xfree(response); | 305 | xfree(response); |
309 | } | 306 | } |
310 | break; | 307 | break; |
311 | #endif /* ISSUE: End of wrong SKEY defines */ | ||
312 | 308 | ||
313 | default: | 309 | default: |
314 | /* | 310 | /* |
diff --git a/auth2-chall.c b/auth2-chall.c index 77294f4b8..39dc285b9 100644 --- a/auth2-chall.c +++ b/auth2-chall.c | |||
@@ -22,14 +22,14 @@ | |||
22 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 22 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
23 | */ | 23 | */ |
24 | #include "includes.h" | 24 | #include "includes.h" |
25 | RCSID("$OpenBSD: auth2-chall.c,v 1.1 2001/01/18 17:12:43 markus Exp $"); | 25 | RCSID("$OpenBSD: auth2-chall.c,v 1.2 2001/01/21 19:05:43 markus Exp $"); |
26 | 26 | ||
27 | #include "ssh.h" | ||
28 | #include "ssh2.h" | 27 | #include "ssh2.h" |
29 | #include "auth.h" | 28 | #include "auth.h" |
30 | #include "packet.h" | 29 | #include "packet.h" |
31 | #include "xmalloc.h" | 30 | #include "xmalloc.h" |
32 | #include "dispatch.h" | 31 | #include "dispatch.h" |
32 | #include "log.h" | ||
33 | 33 | ||
34 | void send_userauth_into_request(Authctxt *authctxt, char *challenge, int echo); | 34 | void send_userauth_into_request(Authctxt *authctxt, char *challenge, int echo); |
35 | void input_userauth_info_response(int type, int plen, void *ctxt); | 35 | void input_userauth_info_response(int type, int plen, void *ctxt); |
diff --git a/auth2-pam.c b/auth2-pam.c index adb36163e..c54ad31a2 100644 --- a/auth2-pam.c +++ b/auth2-pam.c | |||
@@ -1,14 +1,16 @@ | |||
1 | #include "includes.h" | 1 | #include "includes.h" |
2 | RCSID("$Id: auth2-pam.c,v 1.5 2001/01/19 05:37:32 mouring Exp $"); | 2 | RCSID("$Id: auth2-pam.c,v 1.6 2001/01/22 05:34:40 mouring Exp $"); |
3 | 3 | ||
4 | #ifdef USE_PAM | 4 | #ifdef USE_PAM |
5 | #include <security/pam_appl.h> | ||
6 | |||
5 | #include "ssh.h" | 7 | #include "ssh.h" |
6 | #include "ssh2.h" | 8 | #include "ssh2.h" |
7 | #include "auth.h" | 9 | #include "auth.h" |
8 | #include "packet.h" | 10 | #include "packet.h" |
9 | #include "xmalloc.h" | 11 | #include "xmalloc.h" |
10 | #include "dispatch.h" | 12 | #include "dispatch.h" |
11 | #include <security/pam_appl.h> | 13 | #include "log.h" |
12 | 14 | ||
13 | struct { | 15 | struct { |
14 | int finished, num_received, num_expected; | 16 | int finished, num_received, num_expected; |
@@ -31,7 +33,6 @@ int | |||
31 | auth2_pam(Authctxt *authctxt) | 33 | auth2_pam(Authctxt *authctxt) |
32 | { | 34 | { |
33 | int retval = -1; | 35 | int retval = -1; |
34 | char *method = "PAM"; | ||
35 | 36 | ||
36 | if (authctxt->user == NULL) | 37 | if (authctxt->user == NULL) |
37 | fatal("auth2_pam: internal error: no user"); | 38 | fatal("auth2_pam: internal error: no user"); |
@@ -23,34 +23,34 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$OpenBSD: auth2.c,v 1.28 2001/01/18 17:00:00 markus Exp $"); | 26 | RCSID("$OpenBSD: auth2.c,v 1.32 2001/01/21 19:05:44 markus Exp $"); |
27 | 27 | ||
28 | #ifdef HAVE_OSF_SIA | 28 | #ifdef HAVE_OSF_SIA |
29 | # include <sia.h> | 29 | # include <sia.h> |
30 | # include <siad.h> | 30 | # include <siad.h> |
31 | #endif | 31 | #endif |
32 | 32 | ||
33 | #include <openssl/dsa.h> | ||
34 | #include <openssl/rsa.h> | ||
35 | #include <openssl/evp.h> | 33 | #include <openssl/evp.h> |
36 | 34 | ||
35 | #include "ssh2.h" | ||
37 | #include "xmalloc.h" | 36 | #include "xmalloc.h" |
38 | #include "rsa.h" | 37 | #include "rsa.h" |
39 | #include "ssh.h" | ||
40 | #include "pty.h" | 38 | #include "pty.h" |
41 | #include "packet.h" | 39 | #include "packet.h" |
42 | #include "buffer.h" | 40 | #include "buffer.h" |
41 | #include "log.h" | ||
43 | #include "servconf.h" | 42 | #include "servconf.h" |
44 | #include "compat.h" | 43 | #include "compat.h" |
45 | #include "channels.h" | 44 | #include "channels.h" |
46 | #include "bufaux.h" | 45 | #include "bufaux.h" |
47 | #include "ssh2.h" | ||
48 | #include "auth.h" | 46 | #include "auth.h" |
49 | #include "session.h" | 47 | #include "session.h" |
50 | #include "dispatch.h" | 48 | #include "dispatch.h" |
51 | #include "auth.h" | 49 | #include "auth.h" |
50 | #include "cipher.h" | ||
52 | #include "key.h" | 51 | #include "key.h" |
53 | #include "kex.h" | 52 | #include "kex.h" |
53 | #include "pathnames.h" | ||
54 | 54 | ||
55 | #include "uidswap.h" | 55 | #include "uidswap.h" |
56 | #include "auth-options.h" | 56 | #include "auth-options.h" |
@@ -583,7 +583,7 @@ authmethod_lookup(const char *name) | |||
583 | int | 583 | int |
584 | user_key_allowed(struct passwd *pw, Key *key) | 584 | user_key_allowed(struct passwd *pw, Key *key) |
585 | { | 585 | { |
586 | char line[8192], file[1024]; | 586 | char line[8192], file[MAXPATHLEN]; |
587 | int found_key = 0; | 587 | int found_key = 0; |
588 | FILE *f; | 588 | FILE *f; |
589 | u_long linenum = 0; | 589 | u_long linenum = 0; |
@@ -598,7 +598,7 @@ user_key_allowed(struct passwd *pw, Key *key) | |||
598 | 598 | ||
599 | /* The authorized keys. */ | 599 | /* The authorized keys. */ |
600 | snprintf(file, sizeof file, "%.500s/%.100s", pw->pw_dir, | 600 | snprintf(file, sizeof file, "%.500s/%.100s", pw->pw_dir, |
601 | SSH_USER_PERMITTED_KEYS2); | 601 | _PATH_SSH_USER_PERMITTED_KEYS2); |
602 | 602 | ||
603 | /* Fail quietly if file does not exist */ | 603 | /* Fail quietly if file does not exist */ |
604 | if (stat(file, &st) < 0) { | 604 | if (stat(file, &st) < 0) { |
@@ -626,10 +626,10 @@ user_key_allowed(struct passwd *pw, Key *key) | |||
626 | key_type(key), pw->pw_name, file); | 626 | key_type(key), pw->pw_name, file); |
627 | fail = 1; | 627 | fail = 1; |
628 | } else { | 628 | } else { |
629 | /* Check path to SSH_USER_PERMITTED_KEYS */ | 629 | /* Check path to _PATH_SSH_USER_PERMITTED_KEYS */ |
630 | int i; | 630 | int i; |
631 | static const char *check[] = { | 631 | static const char *check[] = { |
632 | "", SSH_USER_DIR, NULL | 632 | "", _PATH_SSH_USER_DIR, NULL |
633 | }; | 633 | }; |
634 | for (i = 0; check[i]; i++) { | 634 | for (i = 0; check[i]; i++) { |
635 | snprintf(line, sizeof line, "%.500s/%.100s", | 635 | snprintf(line, sizeof line, "%.500s/%.100s", |
@@ -686,7 +686,7 @@ user_key_allowed(struct passwd *pw, Key *key) | |||
686 | } | 686 | } |
687 | } | 687 | } |
688 | if (key_equal(found, key) && | 688 | if (key_equal(found, key) && |
689 | auth_parse_options(pw, options, linenum) == 1) { | 689 | auth_parse_options(pw, options, file, linenum) == 1) { |
690 | found_key = 1; | 690 | found_key = 1; |
691 | debug("matching key found: file %s, line %ld", | 691 | debug("matching key found: file %s, line %ld", |
692 | file, linenum); | 692 | file, linenum); |
@@ -35,7 +35,9 @@ | |||
35 | */ | 35 | */ |
36 | 36 | ||
37 | #include "includes.h" | 37 | #include "includes.h" |
38 | RCSID("$OpenBSD: authfd.c,v 1.32 2000/12/20 19:37:21 markus Exp $"); | 38 | RCSID("$OpenBSD: authfd.c,v 1.33 2001/01/21 19:05:44 markus Exp $"); |
39 | |||
40 | #include <openssl/evp.h> | ||
39 | 41 | ||
40 | #include "ssh.h" | 42 | #include "ssh.h" |
41 | #include "rsa.h" | 43 | #include "rsa.h" |
@@ -43,14 +45,14 @@ RCSID("$OpenBSD: authfd.c,v 1.32 2000/12/20 19:37:21 markus Exp $"); | |||
43 | #include "bufaux.h" | 45 | #include "bufaux.h" |
44 | #include "xmalloc.h" | 46 | #include "xmalloc.h" |
45 | #include "getput.h" | 47 | #include "getput.h" |
46 | |||
47 | #include <openssl/rsa.h> | ||
48 | #include <openssl/dsa.h> | ||
49 | #include <openssl/evp.h> | ||
50 | #include "key.h" | 48 | #include "key.h" |
51 | #include "authfd.h" | 49 | #include "authfd.h" |
50 | #include "cipher.h" | ||
52 | #include "kex.h" | 51 | #include "kex.h" |
53 | #include "compat.h" | 52 | #include "compat.h" |
53 | #include "log.h" | ||
54 | #include "atomicio.h" | ||
55 | #include "authfd.h" | ||
54 | 56 | ||
55 | /* helper */ | 57 | /* helper */ |
56 | int decode_reply(int type); | 58 | int decode_reply(int type); |
diff --git a/authfile.c b/authfile.c index 422d080b2..c79b2d021 100644 --- a/authfile.c +++ b/authfile.c | |||
@@ -36,20 +36,19 @@ | |||
36 | */ | 36 | */ |
37 | 37 | ||
38 | #include "includes.h" | 38 | #include "includes.h" |
39 | RCSID("$OpenBSD: authfile.c,v 1.24 2000/12/20 19:26:56 markus Exp $"); | 39 | RCSID("$OpenBSD: authfile.c,v 1.25 2001/01/21 19:05:44 markus Exp $"); |
40 | 40 | ||
41 | #include <openssl/bn.h> | ||
42 | #include <openssl/dsa.h> | ||
43 | #include <openssl/rsa.h> | ||
44 | #include <openssl/err.h> | 41 | #include <openssl/err.h> |
45 | #include <openssl/pem.h> | ||
46 | #include <openssl/evp.h> | 42 | #include <openssl/evp.h> |
43 | #include <openssl/pem.h> | ||
47 | 44 | ||
45 | #include "cipher.h" | ||
48 | #include "xmalloc.h" | 46 | #include "xmalloc.h" |
49 | #include "buffer.h" | 47 | #include "buffer.h" |
50 | #include "bufaux.h" | 48 | #include "bufaux.h" |
51 | #include "ssh.h" | ||
52 | #include "key.h" | 49 | #include "key.h" |
50 | #include "ssh.h" | ||
51 | #include "log.h" | ||
53 | 52 | ||
54 | /* Version identification string for identity files. */ | 53 | /* Version identification string for identity files. */ |
55 | #define AUTHFILE_ID_STRING "SSH PRIVATE KEY FILE FORMAT 1.1\n" | 54 | #define AUTHFILE_ID_STRING "SSH PRIVATE KEY FILE FORMAT 1.1\n" |
@@ -37,13 +37,13 @@ | |||
37 | */ | 37 | */ |
38 | 38 | ||
39 | #include "includes.h" | 39 | #include "includes.h" |
40 | RCSID("$OpenBSD: bufaux.c,v 1.16 2001/01/16 23:58:08 deraadt Exp $"); | 40 | RCSID("$OpenBSD: bufaux.c,v 1.17 2001/01/21 19:05:45 markus Exp $"); |
41 | 41 | ||
42 | #include "ssh.h" | ||
43 | #include <openssl/bn.h> | 42 | #include <openssl/bn.h> |
44 | #include "bufaux.h" | 43 | #include "bufaux.h" |
45 | #include "xmalloc.h" | 44 | #include "xmalloc.h" |
46 | #include "getput.h" | 45 | #include "getput.h" |
46 | #include "log.h" | ||
47 | 47 | ||
48 | /* | 48 | /* |
49 | * Stores an BIGNUM in the buffer with a 2-byte msb first bit count, followed | 49 | * Stores an BIGNUM in the buffer with a 2-byte msb first bit count, followed |
@@ -10,12 +10,13 @@ | |||
10 | * called by a name other than "ssh" or "Secure Shell". | 10 | * called by a name other than "ssh" or "Secure Shell". |
11 | */ | 11 | */ |
12 | 12 | ||
13 | /* RCSID("$OpenBSD: bufaux.h,v 1.10 2001/01/10 22:56:22 markus Exp $"); */ | 13 | /* RCSID("$OpenBSD: bufaux.h,v 1.11 2001/01/21 19:05:45 markus Exp $"); */ |
14 | 14 | ||
15 | #ifndef BUFAUX_H | 15 | #ifndef BUFAUX_H |
16 | #define BUFAUX_H | 16 | #define BUFAUX_H |
17 | 17 | ||
18 | #include "buffer.h" | 18 | #include "buffer.h" |
19 | #include <openssl/bn.h> | ||
19 | 20 | ||
20 | /* | 21 | /* |
21 | * Stores an BIGNUM in the buffer with a 2-byte msb first bit count, followed | 22 | * Stores an BIGNUM in the buffer with a 2-byte msb first bit count, followed |
@@ -12,11 +12,11 @@ | |||
12 | */ | 12 | */ |
13 | 13 | ||
14 | #include "includes.h" | 14 | #include "includes.h" |
15 | RCSID("$OpenBSD: buffer.c,v 1.9 2000/12/19 23:17:55 markus Exp $"); | 15 | RCSID("$OpenBSD: buffer.c,v 1.10 2001/01/21 19:05:45 markus Exp $"); |
16 | 16 | ||
17 | #include "xmalloc.h" | 17 | #include "xmalloc.h" |
18 | #include "buffer.h" | 18 | #include "buffer.h" |
19 | #include "ssh.h" | 19 | #include "log.h" |
20 | 20 | ||
21 | /* Initializes the buffer structure. */ | 21 | /* Initializes the buffer structure. */ |
22 | 22 | ||
diff --git a/canohost.c b/canohost.c index 506446d05..9fa33c260 100644 --- a/canohost.c +++ b/canohost.c | |||
@@ -12,11 +12,11 @@ | |||
12 | */ | 12 | */ |
13 | 13 | ||
14 | #include "includes.h" | 14 | #include "includes.h" |
15 | RCSID("$OpenBSD: canohost.c,v 1.17 2000/12/19 23:17:55 markus Exp $"); | 15 | RCSID("$OpenBSD: canohost.c,v 1.18 2001/01/21 19:05:45 markus Exp $"); |
16 | 16 | ||
17 | #include "packet.h" | 17 | #include "packet.h" |
18 | #include "xmalloc.h" | 18 | #include "xmalloc.h" |
19 | #include "ssh.h" | 19 | #include "log.h" |
20 | 20 | ||
21 | /* | 21 | /* |
22 | * Return the canonical name of the host at the other end of the socket. The | 22 | * Return the canonical name of the host at the other end of the socket. The |
diff --git a/canohost.h b/canohost.h new file mode 100644 index 000000000..572adb037 --- /dev/null +++ b/canohost.h | |||
@@ -0,0 +1,36 @@ | |||
1 | /* | ||
2 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | ||
3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | ||
4 | * All rights reserved | ||
5 | * | ||
6 | * As far as I am concerned, the code I have written for this software | ||
7 | * can be used freely for any purpose. Any derived versions of this | ||
8 | * software must be clearly marked as such, and if the derived work is | ||
9 | * incompatible with the protocol description in the RFC file, it must be | ||
10 | * called by a name other than "ssh" or "Secure Shell". | ||
11 | */ | ||
12 | /* | ||
13 | * Returns the name of the machine at the other end of the socket. The | ||
14 | * returned string should be freed by the caller. | ||
15 | */ | ||
16 | char *get_remote_hostname(int socket); | ||
17 | |||
18 | /* | ||
19 | * Return the canonical name of the host in the other side of the current | ||
20 | * connection (as returned by packet_get_connection). The host name is | ||
21 | * cached, so it is efficient to call this several times. | ||
22 | */ | ||
23 | const char *get_canonical_hostname(void); | ||
24 | |||
25 | /* | ||
26 | * Returns the remote IP address as an ascii string. The value need not be | ||
27 | * freed by the caller. | ||
28 | */ | ||
29 | const char *get_remote_ipaddr(void); | ||
30 | |||
31 | /* Returns the port number of the peer of the socket. */ | ||
32 | int get_peer_port(int sock); | ||
33 | |||
34 | /* Returns the port number of the remote/local host. */ | ||
35 | int get_remote_port(void); | ||
36 | int get_local_port(void); | ||
diff --git a/channels.c b/channels.c index 254f5df2f..a7da538ee 100644 --- a/channels.c +++ b/channels.c | |||
@@ -40,24 +40,24 @@ | |||
40 | */ | 40 | */ |
41 | 41 | ||
42 | #include "includes.h" | 42 | #include "includes.h" |
43 | RCSID("$OpenBSD: channels.c,v 1.80 2001/01/08 22:03:23 markus Exp $"); | 43 | RCSID("$OpenBSD: channels.c,v 1.82 2001/01/21 19:05:46 markus Exp $"); |
44 | |||
45 | #include <openssl/rsa.h> | ||
46 | #include <openssl/dsa.h> | ||
44 | 47 | ||
45 | #include "ssh.h" | 48 | #include "ssh.h" |
49 | #include "ssh1.h" | ||
50 | #include "ssh2.h" | ||
46 | #include "packet.h" | 51 | #include "packet.h" |
47 | #include "xmalloc.h" | 52 | #include "xmalloc.h" |
48 | #include "buffer.h" | 53 | #include "buffer.h" |
49 | #include "uidswap.h" | 54 | #include "uidswap.h" |
50 | #include "readconf.h" | 55 | #include "log.h" |
51 | #include "servconf.h" | 56 | #include "misc.h" |
52 | |||
53 | #include "channels.h" | 57 | #include "channels.h" |
54 | #include "nchan.h" | 58 | #include "nchan.h" |
55 | #include "compat.h" | 59 | #include "compat.h" |
56 | 60 | #include "canohost.h" | |
57 | #include "ssh2.h" | ||
58 | |||
59 | #include <openssl/rsa.h> | ||
60 | #include <openssl/dsa.h> | ||
61 | #include "key.h" | 61 | #include "key.h" |
62 | #include "authfd.h" | 62 | #include "authfd.h" |
63 | 63 | ||
@@ -130,6 +130,9 @@ static int all_opens_permitted = 0; | |||
130 | /* This is set to true if both sides support SSH_PROTOFLAG_HOST_IN_FWD_OPEN. */ | 130 | /* This is set to true if both sides support SSH_PROTOFLAG_HOST_IN_FWD_OPEN. */ |
131 | static int have_hostname_in_open = 0; | 131 | static int have_hostname_in_open = 0; |
132 | 132 | ||
133 | /* AF_UNSPEC or AF_INET or AF_INET6 */ | ||
134 | extern int IPv4or6; | ||
135 | |||
133 | /* Sets specific protocol options. */ | 136 | /* Sets specific protocol options. */ |
134 | 137 | ||
135 | void | 138 | void |
@@ -35,10 +35,11 @@ | |||
35 | */ | 35 | */ |
36 | 36 | ||
37 | #include "includes.h" | 37 | #include "includes.h" |
38 | RCSID("$OpenBSD: cipher.c,v 1.41 2000/12/19 23:17:56 markus Exp $"); | 38 | RCSID("$OpenBSD: cipher.c,v 1.42 2001/01/21 19:05:46 markus Exp $"); |
39 | 39 | ||
40 | #include "ssh.h" | ||
41 | #include "xmalloc.h" | 40 | #include "xmalloc.h" |
41 | #include "log.h" | ||
42 | #include "cipher.h" | ||
42 | 43 | ||
43 | #include <openssl/md5.h> | 44 | #include <openssl/md5.h> |
44 | 45 | ||
@@ -1,8 +1,8 @@ | |||
1 | #include "includes.h" | 1 | #include "includes.h" |
2 | RCSID("$OpenBSD: cli.c,v 1.5 2001/01/08 08:50:29 markus Exp $"); | 2 | RCSID("$OpenBSD: cli.c,v 1.6 2001/01/21 19:05:47 markus Exp $"); |
3 | 3 | ||
4 | #include "xmalloc.h" | 4 | #include "xmalloc.h" |
5 | #include "ssh.h" | 5 | #include "log.h" |
6 | 6 | ||
7 | static int cli_input = -1; | 7 | static int cli_input = -1; |
8 | static int cli_output = -1; | 8 | static int cli_output = -1; |
diff --git a/clientloop.c b/clientloop.c index 9079bcda8..aade8606b 100644 --- a/clientloop.c +++ b/clientloop.c | |||
@@ -59,27 +59,25 @@ | |||
59 | */ | 59 | */ |
60 | 60 | ||
61 | #include "includes.h" | 61 | #include "includes.h" |
62 | RCSID("$OpenBSD: clientloop.c,v 1.43 2001/01/13 19:14:08 markus Exp $"); | 62 | RCSID("$OpenBSD: clientloop.c,v 1.45 2001/01/21 19:05:47 markus Exp $"); |
63 | 63 | ||
64 | #include "xmalloc.h" | ||
65 | #include "ssh.h" | 64 | #include "ssh.h" |
65 | #include "ssh1.h" | ||
66 | #include "ssh2.h" | ||
67 | #include "xmalloc.h" | ||
66 | #include "packet.h" | 68 | #include "packet.h" |
67 | #include "buffer.h" | 69 | #include "buffer.h" |
68 | #include "readconf.h" | ||
69 | |||
70 | #include "ssh2.h" | ||
71 | #include "compat.h" | 70 | #include "compat.h" |
72 | #include "channels.h" | 71 | #include "channels.h" |
73 | #include "dispatch.h" | 72 | #include "dispatch.h" |
74 | |||
75 | #include "buffer.h" | 73 | #include "buffer.h" |
76 | #include "bufaux.h" | 74 | #include "bufaux.h" |
77 | |||
78 | #include <openssl/dsa.h> | ||
79 | #include <openssl/rsa.h> | ||
80 | #include "key.h" | 75 | #include "key.h" |
81 | #include "authfd.h" | 76 | #include "log.h" |
77 | #include "readconf.h" | ||
82 | #include "clientloop.h" | 78 | #include "clientloop.h" |
79 | #include "authfd.h" | ||
80 | #include "atomicio.h" | ||
83 | 81 | ||
84 | /* import options */ | 82 | /* import options */ |
85 | extern Options options; | 83 | extern Options options; |
diff --git a/clientloop.h b/clientloop.h index 3ad72aa55..58a1a7afb 100644 --- a/clientloop.h +++ b/clientloop.h | |||
@@ -1,4 +1,15 @@ | |||
1 | /* | 1 | /* |
2 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | ||
3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | ||
4 | * All rights reserved | ||
5 | * | ||
6 | * As far as I am concerned, the code I have written for this software | ||
7 | * can be used freely for any purpose. Any derived versions of this | ||
8 | * software must be clearly marked as such, and if the derived work is | ||
9 | * incompatible with the protocol description in the RFC file, it must be | ||
10 | * called by a name other than "ssh" or "Secure Shell". | ||
11 | */ | ||
12 | /* | ||
2 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | 13 | * Copyright (c) 2001 Markus Friedl. All rights reserved. |
3 | * | 14 | * |
4 | * Redistribution and use in source and binary forms, with or without | 15 | * Redistribution and use in source and binary forms, with or without |
@@ -21,4 +32,8 @@ | |||
21 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 32 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
22 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 33 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
23 | */ | 34 | */ |
35 | |||
24 | void clientloop_set_session_ident(int id); | 36 | void clientloop_set_session_ident(int id); |
37 | |||
38 | /* Client side main loop for the interactive session. */ | ||
39 | int client_loop(int have_pty, int escape_char, int id); | ||
@@ -25,10 +25,6 @@ | |||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$OpenBSD: compat.c,v 1.33 2001/01/08 22:29:05 markus Exp $"); | 26 | RCSID("$OpenBSD: compat.c,v 1.33 2001/01/08 22:29:05 markus Exp $"); |
27 | 27 | ||
28 | #include "ssh.h" | ||
29 | #include "packet.h" | ||
30 | #include "xmalloc.h" | ||
31 | #include "compat.h" | ||
32 | #ifdef HAVE_LIBPCRE | 28 | #ifdef HAVE_LIBPCRE |
33 | # include <pcreposix.h> | 29 | # include <pcreposix.h> |
34 | #else /* Use native regex libraries */ | 30 | #else /* Use native regex libraries */ |
@@ -43,6 +39,11 @@ RCSID("$OpenBSD: compat.c,v 1.33 2001/01/08 22:29:05 markus Exp $"); | |||
43 | # endif | 39 | # endif |
44 | #endif /* HAVE_LIBPCRE */ | 40 | #endif /* HAVE_LIBPCRE */ |
45 | 41 | ||
42 | #include "packet.h" | ||
43 | #include "xmalloc.h" | ||
44 | #include "compat.h" | ||
45 | #include "log.h" | ||
46 | |||
46 | int compat13 = 0; | 47 | int compat13 = 0; |
47 | int compat20 = 0; | 48 | int compat20 = 0; |
48 | int datafellows = 0; | 49 | int datafellows = 0; |
diff --git a/compress.c b/compress.c index 2437606b7..1871bc8cc 100644 --- a/compress.c +++ b/compress.c | |||
@@ -12,9 +12,9 @@ | |||
12 | */ | 12 | */ |
13 | 13 | ||
14 | #include "includes.h" | 14 | #include "includes.h" |
15 | RCSID("$OpenBSD: compress.c,v 1.11 2000/12/20 19:37:21 markus Exp $"); | 15 | RCSID("$OpenBSD: compress.c,v 1.12 2001/01/21 19:05:48 markus Exp $"); |
16 | 16 | ||
17 | #include "ssh.h" | 17 | #include "log.h" |
18 | #include "buffer.h" | 18 | #include "buffer.h" |
19 | #include "zlib.h" | 19 | #include "zlib.h" |
20 | 20 | ||
diff --git a/configure.in b/configure.in index 23d5a0944..7007c9164 100644 --- a/configure.in +++ b/configure.in | |||
@@ -1382,7 +1382,7 @@ if test ! -d $piddir ; then | |||
1382 | esac | 1382 | esac |
1383 | fi | 1383 | fi |
1384 | 1384 | ||
1385 | AC_DEFINE_UNQUOTED(PIDDIR, "$piddir") | 1385 | AC_DEFINE_UNQUOTED(_PATH_SSH_PIDDIR, "$piddir") |
1386 | AC_SUBST(piddir) | 1386 | AC_SUBST(piddir) |
1387 | 1387 | ||
1388 | dnl allow user to disable some login recording features | 1388 | dnl allow user to disable some login recording features |
diff --git a/deattack.c b/deattack.c index c3c3f08d2..9b9babace 100644 --- a/deattack.c +++ b/deattack.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: deattack.c,v 1.11 2000/12/19 23:17:56 markus Exp $ */ | 1 | /* $OpenBSD: deattack.c,v 1.12 2001/01/21 19:05:48 markus Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Cryptographic attack detector for ssh - source code | 4 | * Cryptographic attack detector for ssh - source code |
@@ -21,7 +21,7 @@ | |||
21 | 21 | ||
22 | #include "includes.h" | 22 | #include "includes.h" |
23 | #include "deattack.h" | 23 | #include "deattack.h" |
24 | #include "ssh.h" | 24 | #include "log.h" |
25 | #include "crc32.h" | 25 | #include "crc32.h" |
26 | #include "getput.h" | 26 | #include "getput.h" |
27 | #include "xmalloc.h" | 27 | #include "xmalloc.h" |
@@ -23,7 +23,7 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$OpenBSD: dh.c,v 1.4 2001/01/15 21:43:51 markus Exp $"); | 26 | RCSID("$OpenBSD: dh.c,v 1.6 2001/01/21 19:05:49 markus Exp $"); |
27 | 27 | ||
28 | #include "xmalloc.h" | 28 | #include "xmalloc.h" |
29 | 29 | ||
@@ -31,10 +31,13 @@ RCSID("$OpenBSD: dh.c,v 1.4 2001/01/15 21:43:51 markus Exp $"); | |||
31 | #include <openssl/dh.h> | 31 | #include <openssl/dh.h> |
32 | #include <openssl/evp.h> | 32 | #include <openssl/evp.h> |
33 | 33 | ||
34 | #include "ssh.h" | ||
35 | #include "buffer.h" | 34 | #include "buffer.h" |
35 | #include "cipher.h" | ||
36 | #include "kex.h" | 36 | #include "kex.h" |
37 | #include "dh.h" | 37 | #include "dh.h" |
38 | #include "pathnames.h" | ||
39 | #include "log.h" | ||
40 | #include "misc.h" | ||
38 | 41 | ||
39 | int | 42 | int |
40 | parse_prime(int linenum, char *line, struct dhgroup *dhg) | 43 | parse_prime(int linenum, char *line, struct dhgroup *dhg) |
@@ -100,9 +103,9 @@ choose_dh(int minbits) | |||
100 | int linenum; | 103 | int linenum; |
101 | struct dhgroup dhg; | 104 | struct dhgroup dhg; |
102 | 105 | ||
103 | f = fopen(DH_PRIMES, "r"); | 106 | f = fopen(_PATH_DH_PRIMES, "r"); |
104 | if (!f) { | 107 | if (!f) { |
105 | log("WARNING: %s does not exist, using old prime", DH_PRIMES); | 108 | log("WARNING: %s does not exist, using old prime", _PATH_DH_PRIMES); |
106 | return (dh_new_group1()); | 109 | return (dh_new_group1()); |
107 | } | 110 | } |
108 | 111 | ||
@@ -126,13 +129,13 @@ choose_dh(int minbits) | |||
126 | fclose (f); | 129 | fclose (f); |
127 | 130 | ||
128 | if (bestcount == 0) { | 131 | if (bestcount == 0) { |
129 | log("WARNING: no primes in %s, using old prime", DH_PRIMES); | 132 | log("WARNING: no primes in %s, using old prime", _PATH_DH_PRIMES); |
130 | return (dh_new_group1()); | 133 | return (dh_new_group1()); |
131 | } | 134 | } |
132 | 135 | ||
133 | f = fopen(DH_PRIMES, "r"); | 136 | f = fopen(_PATH_DH_PRIMES, "r"); |
134 | if (!f) { | 137 | if (!f) { |
135 | fatal("WARNING: %s dissappeared, giving up", DH_PRIMES); | 138 | fatal("WARNING: %s dissappeared, giving up", _PATH_DH_PRIMES); |
136 | } | 139 | } |
137 | 140 | ||
138 | linenum = 0; | 141 | linenum = 0; |
diff --git a/dispatch.c b/dispatch.c index db8951c1b..74fcc553c 100644 --- a/dispatch.c +++ b/dispatch.c | |||
@@ -22,8 +22,10 @@ | |||
22 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 22 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
23 | */ | 23 | */ |
24 | #include "includes.h" | 24 | #include "includes.h" |
25 | RCSID("$OpenBSD: dispatch.c,v 1.5 2000/09/21 11:25:34 markus Exp $"); | 25 | RCSID("$OpenBSD: dispatch.c,v 1.7 2001/01/21 19:05:49 markus Exp $"); |
26 | #include "ssh.h" | 26 | |
27 | #include "ssh1.h" | ||
28 | #include "log.h" | ||
27 | #include "dispatch.h" | 29 | #include "dispatch.h" |
28 | #include "packet.h" | 30 | #include "packet.h" |
29 | 31 | ||
@@ -24,9 +24,6 @@ | |||
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | 26 | ||
27 | #include "ssh.h" | ||
28 | #include "xmalloc.h" | ||
29 | |||
30 | #include <openssl/rand.h> | 27 | #include <openssl/rand.h> |
31 | #include <openssl/sha.h> | 28 | #include <openssl/sha.h> |
32 | 29 | ||
@@ -35,7 +32,12 @@ | |||
35 | # include <floatingpoint.h> | 32 | # include <floatingpoint.h> |
36 | #endif /* HAVE_FLOATINGPOINT_H */ | 33 | #endif /* HAVE_FLOATINGPOINT_H */ |
37 | 34 | ||
38 | RCSID("$Id: entropy.c,v 1.23 2001/01/16 22:37:15 djm Exp $"); | 35 | #include "ssh.h" |
36 | #include "xmalloc.h" | ||
37 | #include "atomicio.h" | ||
38 | #include "log.h" | ||
39 | |||
40 | RCSID("$Id: entropy.c,v 1.24 2001/01/22 05:34:41 mouring Exp $"); | ||
39 | 41 | ||
40 | #ifndef offsetof | 42 | #ifndef offsetof |
41 | # define offsetof(type, member) ((size_t) &((type *)0)->member) | 43 | # define offsetof(type, member) ((size_t) &((type *)0)->member) |
diff --git a/groupaccess.c b/groupaccess.c index bf6be997e..9f72e577e 100644 --- a/groupaccess.c +++ b/groupaccess.c | |||
@@ -25,9 +25,9 @@ | |||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | 26 | ||
27 | #include "groupaccess.h" | 27 | #include "groupaccess.h" |
28 | #include "ssh.h" | ||
29 | #include "xmalloc.h" | 28 | #include "xmalloc.h" |
30 | #include "match.h" | 29 | #include "match.h" |
30 | #include "log.h" | ||
31 | 31 | ||
32 | static int ngroups; | 32 | static int ngroups; |
33 | static char *groups_byname[NGROUPS_MAX + 1]; /* +1 for base/primary group */ | 33 | static char *groups_byname[NGROUPS_MAX + 1]; /* +1 for base/primary group */ |
@@ -23,11 +23,11 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$OpenBSD: hmac.c,v 1.5 2000/12/19 23:17:56 markus Exp $"); | 26 | RCSID("$OpenBSD: hmac.c,v 1.6 2001/01/21 19:05:49 markus Exp $"); |
27 | 27 | ||
28 | #include "xmalloc.h" | 28 | #include "xmalloc.h" |
29 | #include "ssh.h" | ||
30 | #include "getput.h" | 29 | #include "getput.h" |
30 | #include "log.h" | ||
31 | 31 | ||
32 | #include <openssl/hmac.h> | 32 | #include <openssl/hmac.h> |
33 | 33 | ||
diff --git a/hostfile.c b/hostfile.c index 1c3fb22ad..b285ee83c 100644 --- a/hostfile.c +++ b/hostfile.c | |||
@@ -36,15 +36,13 @@ | |||
36 | */ | 36 | */ |
37 | 37 | ||
38 | #include "includes.h" | 38 | #include "includes.h" |
39 | RCSID("$OpenBSD: hostfile.c,v 1.23 2000/12/21 15:10:16 markus Exp $"); | 39 | RCSID("$OpenBSD: hostfile.c,v 1.24 2001/01/21 19:05:49 markus Exp $"); |
40 | 40 | ||
41 | #include "packet.h" | 41 | #include "packet.h" |
42 | #include "match.h" | 42 | #include "match.h" |
43 | #include "ssh.h" | ||
44 | #include <openssl/rsa.h> | ||
45 | #include <openssl/dsa.h> | ||
46 | #include "key.h" | 43 | #include "key.h" |
47 | #include "hostfile.h" | 44 | #include "hostfile.h" |
45 | #include "log.h" | ||
48 | 46 | ||
49 | /* | 47 | /* |
50 | * Parses an RSA (number of bits, e, n) or DSA key from a string. Moves the | 48 | * Parses an RSA (number of bits, e, n) or DSA key from a string. Moves the |
@@ -23,18 +23,7 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$OpenBSD: kex.c,v 1.17 2001/01/08 21:48:17 markus Exp $"); | 26 | RCSID("$OpenBSD: kex.c,v 1.18 2001/01/21 19:05:49 markus Exp $"); |
27 | |||
28 | #include "ssh.h" | ||
29 | #include "ssh2.h" | ||
30 | #include "xmalloc.h" | ||
31 | #include "buffer.h" | ||
32 | #include "bufaux.h" | ||
33 | #include "packet.h" | ||
34 | #include "compat.h" | ||
35 | |||
36 | #include <openssl/bn.h> | ||
37 | #include <openssl/dh.h> | ||
38 | 27 | ||
39 | #include <openssl/crypto.h> | 28 | #include <openssl/crypto.h> |
40 | #include <openssl/bio.h> | 29 | #include <openssl/bio.h> |
@@ -42,8 +31,16 @@ RCSID("$OpenBSD: kex.c,v 1.17 2001/01/08 21:48:17 markus Exp $"); | |||
42 | #include <openssl/dh.h> | 31 | #include <openssl/dh.h> |
43 | #include <openssl/pem.h> | 32 | #include <openssl/pem.h> |
44 | 33 | ||
34 | #include "ssh2.h" | ||
35 | #include "xmalloc.h" | ||
36 | #include "buffer.h" | ||
37 | #include "bufaux.h" | ||
38 | #include "packet.h" | ||
39 | #include "compat.h" | ||
40 | #include "cipher.h" | ||
45 | #include "kex.h" | 41 | #include "kex.h" |
46 | #include "key.h" | 42 | #include "key.h" |
43 | #include "log.h" | ||
47 | 44 | ||
48 | #define KEX_COOKIE_LEN 16 | 45 | #define KEX_COOKIE_LEN 16 |
49 | 46 | ||
@@ -31,12 +31,11 @@ | |||
31 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 31 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
32 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 32 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
33 | */ | 33 | */ |
34 | |||
35 | #include "includes.h" | 34 | #include "includes.h" |
36 | #include "ssh.h" | 35 | RCSID("$OpenBSD: key.c,v 1.15 2001/01/21 19:05:50 markus Exp $"); |
37 | #include <openssl/rsa.h> | 36 | |
38 | #include <openssl/dsa.h> | ||
39 | #include <openssl/evp.h> | 37 | #include <openssl/evp.h> |
38 | |||
40 | #include "xmalloc.h" | 39 | #include "xmalloc.h" |
41 | #include "key.h" | 40 | #include "key.h" |
42 | #include "rsa.h" | 41 | #include "rsa.h" |
@@ -45,8 +44,7 @@ | |||
45 | #include "uuencode.h" | 44 | #include "uuencode.h" |
46 | #include "buffer.h" | 45 | #include "buffer.h" |
47 | #include "bufaux.h" | 46 | #include "bufaux.h" |
48 | 47 | #include "log.h" | |
49 | RCSID("$OpenBSD: key.c,v 1.14 2001/01/16 19:20:06 markus Exp $"); | ||
50 | 48 | ||
51 | Key * | 49 | Key * |
52 | key_new(int type) | 50 | key_new(int type) |
@@ -24,6 +24,9 @@ | |||
24 | #ifndef KEY_H | 24 | #ifndef KEY_H |
25 | #define KEY_H | 25 | #define KEY_H |
26 | 26 | ||
27 | #include <openssl/rsa.h> | ||
28 | #include <openssl/dsa.h> | ||
29 | |||
27 | typedef struct Key Key; | 30 | typedef struct Key Key; |
28 | enum types { | 31 | enum types { |
29 | KEY_RSA1, | 32 | KEY_RSA1, |
diff --git a/log-client.c b/log-client.c index 656499ad1..b35f77bc9 100644 --- a/log-client.c +++ b/log-client.c | |||
@@ -36,10 +36,10 @@ | |||
36 | */ | 36 | */ |
37 | 37 | ||
38 | #include "includes.h" | 38 | #include "includes.h" |
39 | RCSID("$OpenBSD: log-client.c,v 1.14 2001/01/18 16:20:21 markus Exp $"); | 39 | RCSID("$OpenBSD: log-client.c,v 1.15 2001/01/21 19:05:50 markus Exp $"); |
40 | 40 | ||
41 | #include "xmalloc.h" | 41 | #include "xmalloc.h" |
42 | #include "ssh.h" | 42 | #include "log.h" |
43 | 43 | ||
44 | static LogLevel log_level = SYSLOG_LEVEL_INFO; | 44 | static LogLevel log_level = SYSLOG_LEVEL_INFO; |
45 | 45 | ||
diff --git a/log-server.c b/log-server.c index 3b19550e3..3c53d9c59 100644 --- a/log-server.c +++ b/log-server.c | |||
@@ -36,12 +36,12 @@ | |||
36 | */ | 36 | */ |
37 | 37 | ||
38 | #include "includes.h" | 38 | #include "includes.h" |
39 | RCSID("$OpenBSD: log-server.c,v 1.19 2001/01/18 16:20:21 markus Exp $"); | 39 | RCSID("$OpenBSD: log-server.c,v 1.20 2001/01/21 19:05:50 markus Exp $"); |
40 | 40 | ||
41 | #include <syslog.h> | 41 | #include <syslog.h> |
42 | #include "packet.h" | 42 | #include "packet.h" |
43 | #include "xmalloc.h" | 43 | #include "xmalloc.h" |
44 | #include "ssh.h" | 44 | #include "log.h" |
45 | 45 | ||
46 | static LogLevel log_level = SYSLOG_LEVEL_INFO; | 46 | static LogLevel log_level = SYSLOG_LEVEL_INFO; |
47 | static int log_on_stderr = 0; | 47 | static int log_on_stderr = 0; |
@@ -36,9 +36,9 @@ | |||
36 | */ | 36 | */ |
37 | 37 | ||
38 | #include "includes.h" | 38 | #include "includes.h" |
39 | RCSID("$OpenBSD: log.c,v 1.14 2001/01/18 16:20:21 markus Exp $"); | 39 | RCSID("$OpenBSD: log.c,v 1.15 2001/01/21 19:05:51 markus Exp $"); |
40 | 40 | ||
41 | #include "ssh.h" | 41 | #include "log.h" |
42 | #include "xmalloc.h" | 42 | #include "xmalloc.h" |
43 | 43 | ||
44 | /* Fatal messages. This function never returns. */ | 44 | /* Fatal messages. This function never returns. */ |
@@ -0,0 +1,76 @@ | |||
1 | /* | ||
2 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | ||
3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | ||
4 | * All rights reserved | ||
5 | * | ||
6 | * As far as I am concerned, the code I have written for this software | ||
7 | * can be used freely for any purpose. Any derived versions of this | ||
8 | * software must be clearly marked as such, and if the derived work is | ||
9 | * incompatible with the protocol description in the RFC file, it must be | ||
10 | * called by a name other than "ssh" or "Secure Shell". | ||
11 | */ | ||
12 | |||
13 | #ifndef SSH_LOG_H | ||
14 | #define SSH_LOG_H | ||
15 | |||
16 | /* Supported syslog facilities and levels. */ | ||
17 | typedef enum { | ||
18 | SYSLOG_FACILITY_DAEMON, | ||
19 | SYSLOG_FACILITY_USER, | ||
20 | SYSLOG_FACILITY_AUTH, | ||
21 | #ifdef LOG_AUTHPRIV | ||
22 | SYSLOG_FACILITY_AUTHPRIV, | ||
23 | #endif | ||
24 | SYSLOG_FACILITY_LOCAL0, | ||
25 | SYSLOG_FACILITY_LOCAL1, | ||
26 | SYSLOG_FACILITY_LOCAL2, | ||
27 | SYSLOG_FACILITY_LOCAL3, | ||
28 | SYSLOG_FACILITY_LOCAL4, | ||
29 | SYSLOG_FACILITY_LOCAL5, | ||
30 | SYSLOG_FACILITY_LOCAL6, | ||
31 | SYSLOG_FACILITY_LOCAL7 | ||
32 | } SyslogFacility; | ||
33 | |||
34 | typedef enum { | ||
35 | SYSLOG_LEVEL_QUIET, | ||
36 | SYSLOG_LEVEL_FATAL, | ||
37 | SYSLOG_LEVEL_ERROR, | ||
38 | SYSLOG_LEVEL_INFO, | ||
39 | SYSLOG_LEVEL_VERBOSE, | ||
40 | SYSLOG_LEVEL_DEBUG1, | ||
41 | SYSLOG_LEVEL_DEBUG2, | ||
42 | SYSLOG_LEVEL_DEBUG3 | ||
43 | } LogLevel; | ||
44 | /* Initializes logging. */ | ||
45 | void log_init(char *av0, LogLevel level, SyslogFacility facility, int on_stderr); | ||
46 | |||
47 | /* Logging implementation, depending on server or client */ | ||
48 | void do_log(LogLevel level, const char *fmt, va_list args); | ||
49 | |||
50 | /* name to facility/level */ | ||
51 | SyslogFacility log_facility_number(char *name); | ||
52 | LogLevel log_level_number(char *name); | ||
53 | |||
54 | /* Output a message to syslog or stderr */ | ||
55 | void fatal(const char *fmt,...) __attribute__((format(printf, 1, 2))); | ||
56 | void error(const char *fmt,...) __attribute__((format(printf, 1, 2))); | ||
57 | void log(const char *fmt,...) __attribute__((format(printf, 1, 2))); | ||
58 | void verbose(const char *fmt,...) __attribute__((format(printf, 1, 2))); | ||
59 | void debug(const char *fmt,...) __attribute__((format(printf, 1, 2))); | ||
60 | void debug2(const char *fmt,...) __attribute__((format(printf, 1, 2))); | ||
61 | void debug3(const char *fmt,...) __attribute__((format(printf, 1, 2))); | ||
62 | |||
63 | /* same as fatal() but w/o logging */ | ||
64 | void fatal_cleanup(void); | ||
65 | |||
66 | /* | ||
67 | * Registers a cleanup function to be called by fatal()/fatal_cleanup() | ||
68 | * before exiting. It is permissible to call fatal_remove_cleanup for the | ||
69 | * function itself from the function. | ||
70 | */ | ||
71 | void fatal_add_cleanup(void (*proc) (void *context), void *context); | ||
72 | |||
73 | /* Removes a cleanup function to be called at fatal(). */ | ||
74 | void fatal_remove_cleanup(void (*proc) (void *context), void *context); | ||
75 | |||
76 | #endif | ||
@@ -39,7 +39,7 @@ | |||
39 | */ | 39 | */ |
40 | 40 | ||
41 | #include "includes.h" | 41 | #include "includes.h" |
42 | RCSID("$OpenBSD: login.c,v 1.16 2000/12/19 23:17:57 markus Exp $"); | 42 | RCSID("$OpenBSD: login.c,v 1.17 2001/01/21 19:05:51 markus Exp $"); |
43 | 43 | ||
44 | #include "loginrec.h" | 44 | #include "loginrec.h" |
45 | 45 | ||
diff --git a/login.h b/login.h new file mode 100644 index 000000000..fc9b5ded1 --- /dev/null +++ b/login.h | |||
@@ -0,0 +1,38 @@ | |||
1 | /* | ||
2 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | ||
3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | ||
4 | * All rights reserved | ||
5 | * | ||
6 | * As far as I am concerned, the code I have written for this software | ||
7 | * can be used freely for any purpose. Any derived versions of this | ||
8 | * software must be clearly marked as such, and if the derived work is | ||
9 | * incompatible with the protocol description in the RFC file, it must be | ||
10 | * called by a name other than "ssh" or "Secure Shell". | ||
11 | */ | ||
12 | #ifndef LOGIN_H | ||
13 | #define LOGIN_H | ||
14 | |||
15 | /* | ||
16 | * Returns the time when the user last logged in. Returns 0 if the | ||
17 | * information is not available. This must be called before record_login. | ||
18 | * The host from which the user logged in is stored in buf. | ||
19 | */ | ||
20 | u_long | ||
21 | get_last_login_time(uid_t uid, const char *logname, | ||
22 | char *buf, u_int bufsize); | ||
23 | |||
24 | /* | ||
25 | * Records that the user has logged in. This does many things normally done | ||
26 | * by login(1). | ||
27 | */ | ||
28 | void | ||
29 | record_login(pid_t pid, const char *ttyname, const char *user, uid_t uid, | ||
30 | const char *host, struct sockaddr *addr); | ||
31 | |||
32 | /* | ||
33 | * Records that the user has logged out. This does many thigs normally done | ||
34 | * by login(1) or init. | ||
35 | */ | ||
36 | void record_logout(pid_t pid, const char *ttyname); | ||
37 | |||
38 | #endif | ||
diff --git a/loginrec.c b/loginrec.c index 4afe6fec1..dc723f742 100644 --- a/loginrec.c +++ b/loginrec.c | |||
@@ -160,8 +160,10 @@ | |||
160 | #include "ssh.h" | 160 | #include "ssh.h" |
161 | #include "xmalloc.h" | 161 | #include "xmalloc.h" |
162 | #include "loginrec.h" | 162 | #include "loginrec.h" |
163 | #include "log.h" | ||
164 | #include "atomicio.h" | ||
163 | 165 | ||
164 | RCSID("$Id: loginrec.c,v 1.29 2000/12/28 00:07:07 mouring Exp $"); | 166 | RCSID("$Id: loginrec.c,v 1.30 2001/01/22 05:34:42 mouring Exp $"); |
165 | 167 | ||
166 | #ifdef HAVE_UTIL_H | 168 | #ifdef HAVE_UTIL_H |
167 | # include <util.h> | 169 | # include <util.h> |
@@ -12,9 +12,9 @@ | |||
12 | */ | 12 | */ |
13 | 13 | ||
14 | #include "includes.h" | 14 | #include "includes.h" |
15 | RCSID("$OpenBSD: match.c,v 1.10 2000/12/19 23:17:57 markus Exp $"); | 15 | RCSID("$OpenBSD: match.c,v 1.11 2001/01/21 19:05:52 markus Exp $"); |
16 | 16 | ||
17 | #include "ssh.h" | 17 | #include "match.h" |
18 | 18 | ||
19 | /* | 19 | /* |
20 | * Returns true if the given string matches the pattern (which may contain ? | 20 | * Returns true if the given string matches the pattern (which may contain ? |
@@ -28,6 +28,7 @@ | |||
28 | RCSID("$OpenBSD: util.c,v 1.6 2000/10/27 07:32:19 markus Exp $"); | 28 | RCSID("$OpenBSD: util.c,v 1.6 2000/10/27 07:32:19 markus Exp $"); |
29 | 29 | ||
30 | #include "ssh.h" | 30 | #include "ssh.h" |
31 | #include "log.h" | ||
31 | 32 | ||
32 | char * | 33 | char * |
33 | chop(char *s) | 34 | chop(char *s) |
@@ -0,0 +1,19 @@ | |||
1 | /* | ||
2 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | ||
3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | ||
4 | * All rights reserved | ||
5 | * | ||
6 | * As far as I am concerned, the code I have written for this software | ||
7 | * can be used freely for any purpose. Any derived versions of this | ||
8 | * software must be clearly marked as such, and if the derived work is | ||
9 | * incompatible with the protocol description in the RFC file, it must be | ||
10 | * called by a name other than "ssh" or "Secure Shell". | ||
11 | */ | ||
12 | /* remove newline at end of string */ | ||
13 | char *chop(char *s); | ||
14 | |||
15 | /* return next token in configuration line */ | ||
16 | char *strdelim(char **s); | ||
17 | |||
18 | /* set filedescriptor to non-blocking */ | ||
19 | void set_nonblock(int fd); | ||
@@ -23,17 +23,16 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$OpenBSD: nchan.c,v 1.20 2000/11/06 23:04:56 markus Exp $"); | 26 | RCSID("$OpenBSD: nchan.c,v 1.22 2001/01/21 19:05:52 markus Exp $"); |
27 | |||
28 | #include "ssh.h" | ||
29 | 27 | ||
28 | #include "ssh1.h" | ||
29 | #include "ssh2.h" | ||
30 | #include "buffer.h" | 30 | #include "buffer.h" |
31 | #include "packet.h" | 31 | #include "packet.h" |
32 | #include "channels.h" | 32 | #include "channels.h" |
33 | #include "nchan.h" | 33 | #include "nchan.h" |
34 | |||
35 | #include "ssh2.h" | ||
36 | #include "compat.h" | 34 | #include "compat.h" |
35 | #include "log.h" | ||
37 | 36 | ||
38 | /* functions manipulating channel states */ | 37 | /* functions manipulating channel states */ |
39 | /* | 38 | /* |
@@ -37,13 +37,12 @@ | |||
37 | */ | 37 | */ |
38 | 38 | ||
39 | #include "includes.h" | 39 | #include "includes.h" |
40 | RCSID("$OpenBSD: packet.c,v 1.44 2001/01/13 18:36:45 markus Exp $"); | 40 | RCSID("$OpenBSD: packet.c,v 1.46 2001/01/21 19:05:53 markus Exp $"); |
41 | 41 | ||
42 | #include "xmalloc.h" | 42 | #include "xmalloc.h" |
43 | #include "buffer.h" | 43 | #include "buffer.h" |
44 | #include "packet.h" | 44 | #include "packet.h" |
45 | #include "bufaux.h" | 45 | #include "bufaux.h" |
46 | #include "ssh.h" | ||
47 | #include "crc32.h" | 46 | #include "crc32.h" |
48 | #include "getput.h" | 47 | #include "getput.h" |
49 | 48 | ||
@@ -52,6 +51,7 @@ RCSID("$OpenBSD: packet.c,v 1.44 2001/01/13 18:36:45 markus Exp $"); | |||
52 | #include "channels.h" | 51 | #include "channels.h" |
53 | 52 | ||
54 | #include "compat.h" | 53 | #include "compat.h" |
54 | #include "ssh1.h" | ||
55 | #include "ssh2.h" | 55 | #include "ssh2.h" |
56 | 56 | ||
57 | #include <openssl/bn.h> | 57 | #include <openssl/bn.h> |
@@ -61,6 +61,8 @@ RCSID("$OpenBSD: packet.c,v 1.44 2001/01/13 18:36:45 markus Exp $"); | |||
61 | #include "cipher.h" | 61 | #include "cipher.h" |
62 | #include "kex.h" | 62 | #include "kex.h" |
63 | #include "hmac.h" | 63 | #include "hmac.h" |
64 | #include "log.h" | ||
65 | #include "canohost.h" | ||
64 | 66 | ||
65 | #ifdef PACKET_DEBUG | 67 | #ifdef PACKET_DEBUG |
66 | #define DBG(x) x | 68 | #define DBG(x) x |
diff --git a/pathnames.h b/pathnames.h new file mode 100644 index 000000000..702251c08 --- /dev/null +++ b/pathnames.h | |||
@@ -0,0 +1,136 @@ | |||
1 | /* | ||
2 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | ||
3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | ||
4 | * All rights reserved | ||
5 | * | ||
6 | * As far as I am concerned, the code I have written for this software | ||
7 | * can be used freely for any purpose. Any derived versions of this | ||
8 | * software must be clearly marked as such, and if the derived work is | ||
9 | * incompatible with the protocol description in the RFC file, it must be | ||
10 | * called by a name other than "ssh" or "Secure Shell". | ||
11 | */ | ||
12 | |||
13 | #ifndef ETCDIR | ||
14 | #define ETCDIR "/etc" | ||
15 | #endif | ||
16 | |||
17 | #ifndef _PATH_SSH_PIDDIR | ||
18 | #define _PATH_SSH_PIDDIR "/var/run" | ||
19 | #endif | ||
20 | |||
21 | /* | ||
22 | * System-wide file containing host keys of known hosts. This file should be | ||
23 | * world-readable. | ||
24 | */ | ||
25 | #define _PATH_SSH_SYSTEM_HOSTFILE ETCDIR "/ssh_known_hosts" | ||
26 | #define _PATH_SSH_SYSTEM_HOSTFILE2 ETCDIR "/ssh_known_hosts2" | ||
27 | |||
28 | /* | ||
29 | * Of these, ssh_host_key must be readable only by root, whereas ssh_config | ||
30 | * should be world-readable. | ||
31 | */ | ||
32 | #define _PATH_HOST_KEY_FILE ETCDIR "/ssh_host_key" | ||
33 | #define _PATH_SERVER_CONFIG_FILE ETCDIR "/sshd_config" | ||
34 | #define _PATH_HOST_CONFIG_FILE ETCDIR "/ssh_config" | ||
35 | #define _PATH_HOST_DSA_KEY_FILE ETCDIR "/ssh_host_dsa_key" | ||
36 | #define _PATH_DH_PRIMES ETCDIR "/primes" | ||
37 | |||
38 | #define _PATH_SSH_PROGRAM "/usr/bin/ssh" | ||
39 | |||
40 | /* | ||
41 | * The process id of the daemon listening for connections is saved here to | ||
42 | * make it easier to kill the correct daemon when necessary. | ||
43 | */ | ||
44 | #define _PATH_SSH_DAEMON_PID_FILE _PATH_SSH_PIDDIR "/sshd.pid" | ||
45 | |||
46 | /* | ||
47 | * The directory in user\'s home directory in which the files reside. The | ||
48 | * directory should be world-readable (though not all files are). | ||
49 | */ | ||
50 | #define _PATH_SSH_USER_DIR ".ssh" | ||
51 | |||
52 | /* | ||
53 | * Per-user file containing host keys of known hosts. This file need not be | ||
54 | * readable by anyone except the user him/herself, though this does not | ||
55 | * contain anything particularly secret. | ||
56 | */ | ||
57 | #define _PATH_SSH_USER_HOSTFILE "~/.ssh/known_hosts" | ||
58 | #define _PATH_SSH_USER_HOSTFILE2 "~/.ssh/known_hosts2" | ||
59 | |||
60 | /* | ||
61 | * Name of the default file containing client-side authentication key. This | ||
62 | * file should only be readable by the user him/herself. | ||
63 | */ | ||
64 | #define _PATH_SSH_CLIENT_IDENTITY ".ssh/identity" | ||
65 | #define _PATH_SSH_CLIENT_ID_DSA ".ssh/id_dsa" | ||
66 | #define _PATH_SSH_CLIENT_ID_RSA ".ssh/id_rsa" | ||
67 | |||
68 | /* | ||
69 | * Configuration file in user\'s home directory. This file need not be | ||
70 | * readable by anyone but the user him/herself, but does not contain anything | ||
71 | * particularly secret. If the user\'s home directory resides on an NFS | ||
72 | * volume where root is mapped to nobody, this may need to be world-readable. | ||
73 | */ | ||
74 | #define _PATH_SSH_USER_CONFFILE ".ssh/config" | ||
75 | |||
76 | /* | ||
77 | * File containing a list of those rsa keys that permit logging in as this | ||
78 | * user. This file need not be readable by anyone but the user him/herself, | ||
79 | * but does not contain anything particularly secret. If the user\'s home | ||
80 | * directory resides on an NFS volume where root is mapped to nobody, this | ||
81 | * may need to be world-readable. (This file is read by the daemon which is | ||
82 | * running as root.) | ||
83 | */ | ||
84 | #define _PATH_SSH_USER_PERMITTED_KEYS ".ssh/authorized_keys" | ||
85 | #define _PATH_SSH_USER_PERMITTED_KEYS2 ".ssh/authorized_keys2" | ||
86 | |||
87 | /* | ||
88 | * Per-user and system-wide ssh "rc" files. These files are executed with | ||
89 | * /bin/sh before starting the shell or command if they exist. They will be | ||
90 | * passed "proto cookie" as arguments if X11 forwarding with spoofing is in | ||
91 | * use. xauth will be run if neither of these exists. | ||
92 | */ | ||
93 | #define _PATH_SSH_USER_RC ".ssh/rc" | ||
94 | #define _PATH_SSH_SYSTEM_RC ETCDIR "/sshrc" | ||
95 | |||
96 | /* | ||
97 | * Ssh-only version of /etc/hosts.equiv. Additionally, the daemon may use | ||
98 | * ~/.rhosts and /etc/hosts.equiv if rhosts authentication is enabled. | ||
99 | */ | ||
100 | #define _PATH_SSH_HOSTS_EQUIV ETCDIR "/shosts.equiv" | ||
101 | #define _PATH_RHOSTS_EQUIV "/etc/hosts.equiv" | ||
102 | |||
103 | /* | ||
104 | * Default location of askpass | ||
105 | */ | ||
106 | #define _PATH_SSH_ASKPASS_DEFAULT "/usr/X11R6/bin/ssh-askpass" | ||
107 | |||
108 | /* for scp */ | ||
109 | #ifndef _PATH_CP | ||
110 | #define _PATH_CP "cp" | ||
111 | #endif | ||
112 | |||
113 | /* path to login program */ | ||
114 | #ifndef LOGIN_PROGRAM | ||
115 | # ifdef LOGIN_PROGRAM_FALLBACK | ||
116 | # define LOGIN_PROGRAM LOGIN_PROGRAM_FALLBACK | ||
117 | # else | ||
118 | # define LOGIN_PROGRAM "/usr/bin/login" | ||
119 | # endif | ||
120 | #endif /* LOGIN_PROGRAM */ | ||
121 | |||
122 | /* Askpass program define */ | ||
123 | #ifndef ASKPASS_PROGRAM | ||
124 | #define ASKPASS_PROGRAM "/usr/lib/ssh/ssh-askpass" | ||
125 | #endif /* ASKPASS_PROGRAM */ | ||
126 | |||
127 | /* | ||
128 | * Relevant only when using builtin PRNG. | ||
129 | */ | ||
130 | #ifndef SSH_PRNG_SEED_FILE | ||
131 | # define SSH_PRNG_SEED_FILE SSH_USER_DIR"/prng_seed" | ||
132 | #endif /* SSH_PRNG_SEED_FILE */ | ||
133 | #ifndef SSH_PRNG_COMMAND_FILE | ||
134 | # define SSH_PRNG_COMMAND_FILE ETCDIR "/ssh_prng_cmds" | ||
135 | #endif /* SSH_PRNG_COMMAND_FILE */ | ||
136 | |||
@@ -12,14 +12,14 @@ | |||
12 | */ | 12 | */ |
13 | 13 | ||
14 | #include "includes.h" | 14 | #include "includes.h" |
15 | RCSID("$OpenBSD: pty.c,v 1.19 2000/12/20 20:00:34 markus Exp $"); | 15 | RCSID("$OpenBSD: pty.c,v 1.20 2001/01/21 19:05:53 markus Exp $"); |
16 | 16 | ||
17 | #ifdef HAVE_UTIL_H | 17 | #ifdef HAVE_UTIL_H |
18 | # include <util.h> | 18 | # include <util.h> |
19 | #endif /* HAVE_UTIL_H */ | 19 | #endif /* HAVE_UTIL_H */ |
20 | 20 | ||
21 | #include "pty.h" | 21 | #include "pty.h" |
22 | #include "ssh.h" | 22 | #include "log.h" |
23 | 23 | ||
24 | /* Pty allocated with _getpty gets broken if we do I_PUSH:es to it. */ | 24 | /* Pty allocated with _getpty gets broken if we do I_PUSH:es to it. */ |
25 | #if defined(HAVE__GETPTY) || defined(HAVE_OPENPTY) | 25 | #if defined(HAVE__GETPTY) || defined(HAVE_OPENPTY) |
diff --git a/radix.h b/radix.h new file mode 100644 index 000000000..993fa5887 --- /dev/null +++ b/radix.h | |||
@@ -0,0 +1,26 @@ | |||
1 | /* | ||
2 | * Copyright (c) 1999 Dug Song. All rights reserved. | ||
3 | * | ||
4 | * Redistribution and use in source and binary forms, with or without | ||
5 | * modification, are permitted provided that the following conditions | ||
6 | * are met: | ||
7 | * 1. Redistributions of source code must retain the above copyright | ||
8 | * notice, this list of conditions and the following disclaimer. | ||
9 | * 2. Redistributions in binary form must reproduce the above copyright | ||
10 | * notice, this list of conditions and the following disclaimer in the | ||
11 | * documentation and/or other materials provided with the distribution. | ||
12 | * | ||
13 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | ||
14 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | ||
15 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | ||
16 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | ||
17 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
18 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | ||
19 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | ||
20 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | ||
21 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | ||
22 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | ||
23 | */ | ||
24 | |||
25 | int creds_to_radix(CREDENTIALS * creds, u_char *buf, size_t buflen); | ||
26 | int radix_to_creds(const char *buf, CREDENTIALS * creds); | ||
diff --git a/readconf.c b/readconf.c index 7efaf85eb..a10aaff1c 100644 --- a/readconf.c +++ b/readconf.c | |||
@@ -12,13 +12,17 @@ | |||
12 | */ | 12 | */ |
13 | 13 | ||
14 | #include "includes.h" | 14 | #include "includes.h" |
15 | RCSID("$OpenBSD: readconf.c,v 1.54 2001/01/18 16:20:22 markus Exp $"); | 15 | RCSID("$OpenBSD: readconf.c,v 1.58 2001/01/21 19:05:53 markus Exp $"); |
16 | 16 | ||
17 | #include "ssh.h" | 17 | #include "ssh.h" |
18 | #include "readconf.h" | ||
19 | #include "match.h" | ||
20 | #include "xmalloc.h" | 18 | #include "xmalloc.h" |
21 | #include "compat.h" | 19 | #include "compat.h" |
20 | #include "cipher.h" | ||
21 | #include "pathnames.h" | ||
22 | #include "log.h" | ||
23 | #include "readconf.h" | ||
24 | #include "match.h" | ||
25 | #include "misc.h" | ||
22 | 26 | ||
23 | /* Format of the configuration file: | 27 | /* Format of the configuration file: |
24 | 28 | ||
@@ -247,7 +251,7 @@ process_config_line(Options *options, const char *host, | |||
247 | /* Ignore leading whitespace. */ | 251 | /* Ignore leading whitespace. */ |
248 | if (*keyword == '\0') | 252 | if (*keyword == '\0') |
249 | keyword = strdelim(&s); | 253 | keyword = strdelim(&s); |
250 | if (!*keyword || *keyword == '\n' || *keyword == '#') | 254 | if (keyword == NULL || !*keyword || *keyword == '\n' || *keyword == '#') |
251 | return 0; | 255 | return 0; |
252 | 256 | ||
253 | opcode = parse_token(keyword, filename, linenum); | 257 | opcode = parse_token(keyword, filename, linenum); |
@@ -599,8 +603,7 @@ parse_int: | |||
599 | } | 603 | } |
600 | 604 | ||
601 | /* Check that there is no garbage at end of line. */ | 605 | /* Check that there is no garbage at end of line. */ |
602 | if ((arg = strdelim(&s)) != NULL && *arg != '\0') | 606 | if ((arg = strdelim(&s)) != NULL && *arg != '\0') { |
603 | { | ||
604 | fatal("%.200s line %d: garbage at end of line; \"%.200s\".", | 607 | fatal("%.200s line %d: garbage at end of line; \"%.200s\".", |
605 | filename, linenum, arg); | 608 | filename, linenum, arg); |
606 | } | 609 | } |
@@ -782,27 +785,27 @@ fill_default_options(Options * options) | |||
782 | if (options->num_identity_files == 0) { | 785 | if (options->num_identity_files == 0) { |
783 | if (options->protocol & SSH_PROTO_1) { | 786 | if (options->protocol & SSH_PROTO_1) { |
784 | options->identity_files[options->num_identity_files] = | 787 | options->identity_files[options->num_identity_files] = |
785 | xmalloc(2 + strlen(SSH_CLIENT_IDENTITY) + 1); | 788 | xmalloc(2 + strlen(_PATH_SSH_CLIENT_IDENTITY) + 1); |
786 | sprintf(options->identity_files[options->num_identity_files++], | 789 | sprintf(options->identity_files[options->num_identity_files++], |
787 | "~/%.100s", SSH_CLIENT_IDENTITY); | 790 | "~/%.100s", _PATH_SSH_CLIENT_IDENTITY); |
788 | } | 791 | } |
789 | if (options->protocol & SSH_PROTO_2) { | 792 | if (options->protocol & SSH_PROTO_2) { |
790 | options->identity_files[options->num_identity_files] = | 793 | options->identity_files[options->num_identity_files] = |
791 | xmalloc(2 + strlen(SSH_CLIENT_ID_DSA) + 1); | 794 | xmalloc(2 + strlen(_PATH_SSH_CLIENT_ID_DSA) + 1); |
792 | sprintf(options->identity_files[options->num_identity_files++], | 795 | sprintf(options->identity_files[options->num_identity_files++], |
793 | "~/%.100s", SSH_CLIENT_ID_DSA); | 796 | "~/%.100s", _PATH_SSH_CLIENT_ID_DSA); |
794 | } | 797 | } |
795 | } | 798 | } |
796 | if (options->escape_char == -1) | 799 | if (options->escape_char == -1) |
797 | options->escape_char = '~'; | 800 | options->escape_char = '~'; |
798 | if (options->system_hostfile == NULL) | 801 | if (options->system_hostfile == NULL) |
799 | options->system_hostfile = SSH_SYSTEM_HOSTFILE; | 802 | options->system_hostfile = _PATH_SSH_SYSTEM_HOSTFILE; |
800 | if (options->user_hostfile == NULL) | 803 | if (options->user_hostfile == NULL) |
801 | options->user_hostfile = SSH_USER_HOSTFILE; | 804 | options->user_hostfile = _PATH_SSH_USER_HOSTFILE; |
802 | if (options->system_hostfile2 == NULL) | 805 | if (options->system_hostfile2 == NULL) |
803 | options->system_hostfile2 = SSH_SYSTEM_HOSTFILE2; | 806 | options->system_hostfile2 = _PATH_SSH_SYSTEM_HOSTFILE2; |
804 | if (options->user_hostfile2 == NULL) | 807 | if (options->user_hostfile2 == NULL) |
805 | options->user_hostfile2 = SSH_USER_HOSTFILE2; | 808 | options->user_hostfile2 = _PATH_SSH_USER_HOSTFILE2; |
806 | if (options->log_level == (LogLevel) - 1) | 809 | if (options->log_level == (LogLevel) - 1) |
807 | options->log_level = SYSLOG_LEVEL_INFO; | 810 | options->log_level = SYSLOG_LEVEL_INFO; |
808 | /* options->proxy_command should not be set by default */ | 811 | /* options->proxy_command should not be set by default */ |
diff --git a/readpass.c b/readpass.c index 64281edd6..fe158d549 100644 --- a/readpass.c +++ b/readpass.c | |||
@@ -32,10 +32,9 @@ | |||
32 | */ | 32 | */ |
33 | 33 | ||
34 | #include "includes.h" | 34 | #include "includes.h" |
35 | RCSID("$OpenBSD: readpass.c,v 1.12 2000/10/11 20:14:39 markus Exp $"); | 35 | RCSID("$OpenBSD: readpass.c,v 1.13 2001/01/21 19:05:54 markus Exp $"); |
36 | 36 | ||
37 | #include "xmalloc.h" | 37 | #include "xmalloc.h" |
38 | #include "ssh.h" | ||
39 | #include "cli.h" | 38 | #include "cli.h" |
40 | 39 | ||
41 | /* | 40 | /* |
diff --git a/readpass.h b/readpass.h new file mode 100644 index 000000000..fa64b4b34 --- /dev/null +++ b/readpass.h | |||
@@ -0,0 +1,18 @@ | |||
1 | /* | ||
2 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | ||
3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | ||
4 | * All rights reserved | ||
5 | * | ||
6 | * As far as I am concerned, the code I have written for this software | ||
7 | * can be used freely for any purpose. Any derived versions of this | ||
8 | * software must be clearly marked as such, and if the derived work is | ||
9 | * incompatible with the protocol description in the RFC file, it must be | ||
10 | * called by a name other than "ssh" or "Secure Shell". | ||
11 | */ | ||
12 | |||
13 | /* | ||
14 | * Reads a passphrase from /dev/tty with echo turned off. Returns the | ||
15 | * passphrase (allocated with xmalloc). Exits if EOF is encountered. If | ||
16 | * from_stdin is true, the passphrase will be read from stdin instead. | ||
17 | */ | ||
18 | char *read_passphrase(char *prompt, int from_stdin); | ||
@@ -60,10 +60,10 @@ | |||
60 | */ | 60 | */ |
61 | 61 | ||
62 | #include "includes.h" | 62 | #include "includes.h" |
63 | RCSID("$OpenBSD: rsa.c,v 1.18 2000/12/19 23:17:57 markus Exp $"); | 63 | RCSID("$OpenBSD: rsa.c,v 1.19 2001/01/21 19:05:54 markus Exp $"); |
64 | 64 | ||
65 | #include "rsa.h" | 65 | #include "rsa.h" |
66 | #include "ssh.h" | 66 | #include "log.h" |
67 | #include "xmalloc.h" | 67 | #include "xmalloc.h" |
68 | 68 | ||
69 | void | 69 | void |
@@ -75,14 +75,12 @@ | |||
75 | */ | 75 | */ |
76 | 76 | ||
77 | #include "includes.h" | 77 | #include "includes.h" |
78 | RCSID("$OpenBSD: scp.c,v 1.49 2001/01/13 18:03:07 markus Exp $"); | 78 | RCSID("$OpenBSD: scp.c,v 1.51 2001/01/21 19:05:55 markus Exp $"); |
79 | 79 | ||
80 | #include "ssh.h" | ||
81 | #include "xmalloc.h" | 80 | #include "xmalloc.h" |
82 | 81 | #include "atomicio.h" | |
83 | #ifndef _PATH_CP | 82 | #include "pathnames.h" |
84 | #define _PATH_CP "cp" | 83 | #include "log.h" |
85 | #endif | ||
86 | 84 | ||
87 | #ifdef HAVE___PROGNAME | 85 | #ifdef HAVE___PROGNAME |
88 | extern char *__progname; | 86 | extern char *__progname; |
@@ -130,7 +128,7 @@ int verbose_mode = 0; | |||
130 | int showprogress = 1; | 128 | int showprogress = 1; |
131 | 129 | ||
132 | /* This is the program to execute for the secured connection. ("ssh" or -S) */ | 130 | /* This is the program to execute for the secured connection. ("ssh" or -S) */ |
133 | char *ssh_program = SSH_PROGRAM; | 131 | char *ssh_program = _PATH_SSH_PROGRAM; |
134 | 132 | ||
135 | /* This is the list of arguments that scp passes to ssh */ | 133 | /* This is the list of arguments that scp passes to ssh */ |
136 | struct { | 134 | struct { |
diff --git a/servconf.c b/servconf.c index 801267b48..7dfd040c8 100644 --- a/servconf.c +++ b/servconf.c | |||
@@ -10,16 +10,32 @@ | |||
10 | */ | 10 | */ |
11 | 11 | ||
12 | #include "includes.h" | 12 | #include "includes.h" |
13 | RCSID("$OpenBSD: servconf.c,v 1.59 2001/01/19 12:45:26 markus Exp $"); | 13 | RCSID("$OpenBSD: servconf.c,v 1.62 2001/01/21 19:05:55 markus Exp $"); |
14 | |||
15 | #ifdef KRB4 | ||
16 | #include <krb.h> | ||
17 | #endif | ||
18 | #ifdef AFS | ||
19 | #include <kafs.h> | ||
20 | #endif | ||
14 | 21 | ||
15 | #include "ssh.h" | 22 | #include "ssh.h" |
23 | #include "log.h" | ||
16 | #include "servconf.h" | 24 | #include "servconf.h" |
17 | #include "xmalloc.h" | 25 | #include "xmalloc.h" |
18 | #include "compat.h" | 26 | #include "compat.h" |
27 | #include "pathnames.h" | ||
28 | #include "tildexpand.h" | ||
29 | #include "misc.h" | ||
30 | #include "cipher.h" | ||
31 | |||
19 | 32 | ||
20 | /* add listen address */ | 33 | /* add listen address */ |
21 | void add_listen_addr(ServerOptions *options, char *addr); | 34 | void add_listen_addr(ServerOptions *options, char *addr); |
22 | 35 | ||
36 | /* AF_UNSPEC or AF_INET or AF_INET6 */ | ||
37 | extern int IPv4or6; | ||
38 | |||
23 | /* Initializes the server options to their default values. */ | 39 | /* Initializes the server options to their default values. */ |
24 | 40 | ||
25 | void | 41 | void |
@@ -87,16 +103,16 @@ fill_default_server_options(ServerOptions *options) | |||
87 | if (options->num_host_key_files == 0) { | 103 | if (options->num_host_key_files == 0) { |
88 | /* fill default hostkeys for protocols */ | 104 | /* fill default hostkeys for protocols */ |
89 | if (options->protocol & SSH_PROTO_1) | 105 | if (options->protocol & SSH_PROTO_1) |
90 | options->host_key_files[options->num_host_key_files++] = HOST_KEY_FILE; | 106 | options->host_key_files[options->num_host_key_files++] = _PATH_HOST_KEY_FILE; |
91 | if (options->protocol & SSH_PROTO_2) | 107 | if (options->protocol & SSH_PROTO_2) |
92 | options->host_key_files[options->num_host_key_files++] = HOST_DSA_KEY_FILE; | 108 | options->host_key_files[options->num_host_key_files++] = _PATH_HOST_DSA_KEY_FILE; |
93 | } | 109 | } |
94 | if (options->num_ports == 0) | 110 | if (options->num_ports == 0) |
95 | options->ports[options->num_ports++] = SSH_DEFAULT_PORT; | 111 | options->ports[options->num_ports++] = SSH_DEFAULT_PORT; |
96 | if (options->listen_addrs == NULL) | 112 | if (options->listen_addrs == NULL) |
97 | add_listen_addr(options, NULL); | 113 | add_listen_addr(options, NULL); |
98 | if (options->pid_file == NULL) | 114 | if (options->pid_file == NULL) |
99 | options->pid_file = SSH_DAEMON_PID_FILE; | 115 | options->pid_file = _PATH_SSH_DAEMON_PID_FILE; |
100 | if (options->server_key_bits == -1) | 116 | if (options->server_key_bits == -1) |
101 | options->server_key_bits = 768; | 117 | options->server_key_bits = 768; |
102 | if (options->login_grace_time == -1) | 118 | if (options->login_grace_time == -1) |
@@ -281,7 +297,6 @@ parse_token(const char *cp, const char *filename, | |||
281 | void | 297 | void |
282 | add_listen_addr(ServerOptions *options, char *addr) | 298 | add_listen_addr(ServerOptions *options, char *addr) |
283 | { | 299 | { |
284 | extern int IPv4or6; | ||
285 | struct addrinfo hints, *ai, *aitop; | 300 | struct addrinfo hints, *ai, *aitop; |
286 | char strport[NI_MAXSERV]; | 301 | char strport[NI_MAXSERV]; |
287 | int gaierr; | 302 | int gaierr; |
@@ -332,7 +347,7 @@ read_server_config(ServerOptions *options, const char *filename) | |||
332 | /* Ignore leading whitespace */ | 347 | /* Ignore leading whitespace */ |
333 | if (*arg == '\0') | 348 | if (*arg == '\0') |
334 | arg = strdelim(&cp); | 349 | arg = strdelim(&cp); |
335 | if (!*arg || *arg == '#') | 350 | if (!arg || !*arg || *arg == '#') |
336 | continue; | 351 | continue; |
337 | intptr = NULL; | 352 | intptr = NULL; |
338 | charptr = NULL; | 353 | charptr = NULL; |
diff --git a/serverloop.c b/serverloop.c index 958c9661e..a7f8e72b5 100644 --- a/serverloop.c +++ b/serverloop.c | |||
@@ -35,22 +35,24 @@ | |||
35 | */ | 35 | */ |
36 | 36 | ||
37 | #include "includes.h" | 37 | #include "includes.h" |
38 | RCSID("$OpenBSD: serverloop.c,v 1.40 2001/01/18 17:00:00 markus Exp $"); | 38 | RCSID("$OpenBSD: serverloop.c,v 1.42 2001/01/21 19:05:55 markus Exp $"); |
39 | 39 | ||
40 | #include "xmalloc.h" | 40 | #include "xmalloc.h" |
41 | #include "ssh.h" | ||
42 | #include "packet.h" | 41 | #include "packet.h" |
43 | #include "buffer.h" | 42 | #include "buffer.h" |
43 | #include "log.h" | ||
44 | #include "servconf.h" | 44 | #include "servconf.h" |
45 | #include "pty.h" | 45 | #include "pty.h" |
46 | #include "channels.h" | 46 | #include "channels.h" |
47 | |||
48 | #include "compat.h" | 47 | #include "compat.h" |
48 | #include "ssh1.h" | ||
49 | #include "ssh2.h" | 49 | #include "ssh2.h" |
50 | #include "auth.h" | 50 | #include "auth.h" |
51 | #include "session.h" | 51 | #include "session.h" |
52 | #include "dispatch.h" | 52 | #include "dispatch.h" |
53 | #include "auth-options.h" | 53 | #include "auth-options.h" |
54 | #include "serverloop.h" | ||
55 | #include "misc.h" | ||
54 | 56 | ||
55 | extern ServerOptions options; | 57 | extern ServerOptions options; |
56 | 58 | ||
diff --git a/serverloop.h b/serverloop.h new file mode 100644 index 000000000..915bffeab --- /dev/null +++ b/serverloop.h | |||
@@ -0,0 +1,20 @@ | |||
1 | /* | ||
2 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | ||
3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | ||
4 | * All rights reserved | ||
5 | * | ||
6 | * As far as I am concerned, the code I have written for this software | ||
7 | * can be used freely for any purpose. Any derived versions of this | ||
8 | * software must be clearly marked as such, and if the derived work is | ||
9 | * incompatible with the protocol description in the RFC file, it must be | ||
10 | * called by a name other than "ssh" or "Secure Shell". | ||
11 | */ | ||
12 | /* | ||
13 | * Performs the interactive session. This handles data transmission between | ||
14 | * the client and the program. Note that the notion of stdin, stdout, and | ||
15 | * stderr in this function is sort of reversed: this function writes to stdin | ||
16 | * (of the child program), and reads from stdout and stderr (of the child | ||
17 | * program). | ||
18 | */ | ||
19 | void server_loop(pid_t pid, int fdin, int fdout, int fderr); | ||
20 | void server_loop2(void); | ||
@@ -33,24 +33,29 @@ | |||
33 | */ | 33 | */ |
34 | 34 | ||
35 | #include "includes.h" | 35 | #include "includes.h" |
36 | RCSID("$OpenBSD: session.c,v 1.49 2001/01/18 17:00:00 markus Exp $"); | 36 | RCSID("$OpenBSD: session.c,v 1.51 2001/01/21 19:05:56 markus Exp $"); |
37 | 37 | ||
38 | #include "xmalloc.h" | ||
39 | #include "ssh.h" | 38 | #include "ssh.h" |
39 | #include "ssh1.h" | ||
40 | #include "ssh2.h" | ||
41 | #include "xmalloc.h" | ||
40 | #include "pty.h" | 42 | #include "pty.h" |
41 | #include "packet.h" | 43 | #include "packet.h" |
42 | #include "buffer.h" | 44 | #include "buffer.h" |
43 | #include "mpaux.h" | 45 | #include "mpaux.h" |
44 | #include "servconf.h" | ||
45 | #include "uidswap.h" | 46 | #include "uidswap.h" |
46 | #include "compat.h" | 47 | #include "compat.h" |
47 | #include "channels.h" | 48 | #include "channels.h" |
48 | #include "nchan.h" | 49 | #include "nchan.h" |
49 | |||
50 | #include "bufaux.h" | 50 | #include "bufaux.h" |
51 | #include "ssh2.h" | ||
52 | #include "auth.h" | 51 | #include "auth.h" |
53 | #include "auth-options.h" | 52 | #include "auth-options.h" |
53 | #include "pathnames.h" | ||
54 | #include "log.h" | ||
55 | #include "servconf.h" | ||
56 | #include "login.h" | ||
57 | #include "serverloop.h" | ||
58 | #include "canohost.h" | ||
54 | 59 | ||
55 | #ifdef WITH_IRIX_PROJECT | 60 | #ifdef WITH_IRIX_PROJECT |
56 | #include <proj.h> | 61 | #include <proj.h> |
@@ -1333,28 +1338,28 @@ do_child(const char *command, struct passwd * pw, const char *term, | |||
1333 | * in this order). | 1338 | * in this order). |
1334 | */ | 1339 | */ |
1335 | if (!options.use_login) { | 1340 | if (!options.use_login) { |
1336 | if (stat(SSH_USER_RC, &st) >= 0) { | 1341 | if (stat(_PATH_SSH_USER_RC, &st) >= 0) { |
1337 | if (debug_flag) | 1342 | if (debug_flag) |
1338 | fprintf(stderr, "Running %s %s\n", _PATH_BSHELL, SSH_USER_RC); | 1343 | fprintf(stderr, "Running %s %s\n", _PATH_BSHELL, _PATH_SSH_USER_RC); |
1339 | 1344 | ||
1340 | f = popen(_PATH_BSHELL " " SSH_USER_RC, "w"); | 1345 | f = popen(_PATH_BSHELL " " _PATH_SSH_USER_RC, "w"); |
1341 | if (f) { | 1346 | if (f) { |
1342 | if (auth_proto != NULL && auth_data != NULL) | 1347 | if (auth_proto != NULL && auth_data != NULL) |
1343 | fprintf(f, "%s %s\n", auth_proto, auth_data); | 1348 | fprintf(f, "%s %s\n", auth_proto, auth_data); |
1344 | pclose(f); | 1349 | pclose(f); |
1345 | } else | 1350 | } else |
1346 | fprintf(stderr, "Could not run %s\n", SSH_USER_RC); | 1351 | fprintf(stderr, "Could not run %s\n", _PATH_SSH_USER_RC); |
1347 | } else if (stat(SSH_SYSTEM_RC, &st) >= 0) { | 1352 | } else if (stat(_PATH_SSH_SYSTEM_RC, &st) >= 0) { |
1348 | if (debug_flag) | 1353 | if (debug_flag) |
1349 | fprintf(stderr, "Running %s %s\n", _PATH_BSHELL, SSH_SYSTEM_RC); | 1354 | fprintf(stderr, "Running %s %s\n", _PATH_BSHELL, _PATH_SSH_SYSTEM_RC); |
1350 | 1355 | ||
1351 | f = popen(_PATH_BSHELL " " SSH_SYSTEM_RC, "w"); | 1356 | f = popen(_PATH_BSHELL " " _PATH_SSH_SYSTEM_RC, "w"); |
1352 | if (f) { | 1357 | if (f) { |
1353 | if (auth_proto != NULL && auth_data != NULL) | 1358 | if (auth_proto != NULL && auth_data != NULL) |
1354 | fprintf(f, "%s %s\n", auth_proto, auth_data); | 1359 | fprintf(f, "%s %s\n", auth_proto, auth_data); |
1355 | pclose(f); | 1360 | pclose(f); |
1356 | } else | 1361 | } else |
1357 | fprintf(stderr, "Could not run %s\n", SSH_SYSTEM_RC); | 1362 | fprintf(stderr, "Could not run %s\n", _PATH_SSH_SYSTEM_RC); |
1358 | } else if (options.xauth_location != NULL) { | 1363 | } else if (options.xauth_location != NULL) { |
1359 | /* Add authority data to .Xauthority if appropriate. */ | 1364 | /* Add authority data to .Xauthority if appropriate. */ |
1360 | if (auth_proto != NULL && auth_data != NULL) { | 1365 | if (auth_proto != NULL && auth_data != NULL) { |
diff --git a/sftp-server.c b/sftp-server.c index b99f087fa..b0a8d0d57 100644 --- a/sftp-server.c +++ b/sftp-server.c | |||
@@ -22,12 +22,12 @@ | |||
22 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 22 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
23 | */ | 23 | */ |
24 | #include "includes.h" | 24 | #include "includes.h" |
25 | RCSID("$OpenBSD: sftp-server.c,v 1.13 2001/01/16 20:54:27 markus Exp $"); | 25 | RCSID("$OpenBSD: sftp-server.c,v 1.14 2001/01/21 19:05:56 markus Exp $"); |
26 | 26 | ||
27 | #include "ssh.h" | ||
28 | #include "buffer.h" | 27 | #include "buffer.h" |
29 | #include "bufaux.h" | 28 | #include "bufaux.h" |
30 | #include "getput.h" | 29 | #include "getput.h" |
30 | #include "log.h" | ||
31 | #include "xmalloc.h" | 31 | #include "xmalloc.h" |
32 | 32 | ||
33 | #include "sftp.h" | 33 | #include "sftp.h" |
@@ -35,18 +35,19 @@ | |||
35 | */ | 35 | */ |
36 | 36 | ||
37 | #include "includes.h" | 37 | #include "includes.h" |
38 | RCSID("$OpenBSD: ssh-add.c,v 1.24 2001/01/13 18:14:13 markus Exp $"); | 38 | RCSID("$OpenBSD: ssh-add.c,v 1.27 2001/01/21 19:05:56 markus Exp $"); |
39 | 39 | ||
40 | #include <openssl/evp.h> | 40 | #include <openssl/evp.h> |
41 | #include <openssl/rsa.h> | ||
42 | #include <openssl/dsa.h> | ||
43 | 41 | ||
44 | #include "rsa.h" | ||
45 | #include "ssh.h" | 42 | #include "ssh.h" |
43 | #include "rsa.h" | ||
44 | #include "log.h" | ||
46 | #include "xmalloc.h" | 45 | #include "xmalloc.h" |
47 | #include "key.h" | 46 | #include "key.h" |
48 | #include "authfd.h" | 47 | #include "authfd.h" |
49 | #include "authfile.h" | 48 | #include "authfile.h" |
49 | #include "pathnames.h" | ||
50 | #include "readpass.h" | ||
50 | 51 | ||
51 | #ifdef HAVE___PROGNAME | 52 | #ifdef HAVE___PROGNAME |
52 | extern char *__progname; | 53 | extern char *__progname; |
@@ -103,6 +104,8 @@ ssh_askpass(char *askpass, char *msg) | |||
103 | int p[2], status; | 104 | int p[2], status; |
104 | char buf[1024]; | 105 | char buf[1024]; |
105 | 106 | ||
107 | if (fflush(stdout) != 0) | ||
108 | error("ssh_askpass: fflush: %s", strerror(errno)); | ||
106 | if (askpass == NULL) | 109 | if (askpass == NULL) |
107 | fatal("internal error: askpass undefined"); | 110 | fatal("internal error: askpass undefined"); |
108 | if (pipe(p) < 0) | 111 | if (pipe(p) < 0) |
@@ -117,9 +120,7 @@ ssh_askpass(char *askpass, char *msg) | |||
117 | fatal("ssh_askpass: exec(%s): %s", askpass, strerror(errno)); | 120 | fatal("ssh_askpass: exec(%s): %s", askpass, strerror(errno)); |
118 | } | 121 | } |
119 | close(p[1]); | 122 | close(p[1]); |
120 | buf[0] = '\0'; | 123 | len = read(p[0], buf, sizeof buf); |
121 | atomicio(read, p[0], buf, sizeof buf); | ||
122 | len = strlen(buf); | ||
123 | close(p[0]); | 124 | close(p[0]); |
124 | while (waitpid(pid, &status, 0) < 0) | 125 | while (waitpid(pid, &status, 0) < 0) |
125 | if (errno != EINTR) | 126 | if (errno != EINTR) |
@@ -166,7 +167,7 @@ add_file(AuthenticationConnection *ac, const char *filename) | |||
166 | if (getenv(SSH_ASKPASS_ENV)) | 167 | if (getenv(SSH_ASKPASS_ENV)) |
167 | askpass = getenv(SSH_ASKPASS_ENV); | 168 | askpass = getenv(SSH_ASKPASS_ENV); |
168 | else | 169 | else |
169 | askpass = SSH_ASKPASS_DEFAULT; | 170 | askpass = _PATH_SSH_ASKPASS_DEFAULT; |
170 | } | 171 | } |
171 | 172 | ||
172 | /* At first, try empty passphrase */ | 173 | /* At first, try empty passphrase */ |
@@ -291,7 +292,7 @@ main(int argc, char **argv) | |||
291 | ssh_close_authentication_connection(ac); | 292 | ssh_close_authentication_connection(ac); |
292 | exit(1); | 293 | exit(1); |
293 | } | 294 | } |
294 | snprintf(buf, sizeof buf, "%s/%s", pw->pw_dir, SSH_CLIENT_IDENTITY); | 295 | snprintf(buf, sizeof buf, "%s/%s", pw->pw_dir, _PATH_SSH_CLIENT_IDENTITY); |
295 | if (deleting) | 296 | if (deleting) |
296 | delete_file(ac, buf); | 297 | delete_file(ac, buf); |
297 | else | 298 | else |
diff --git a/ssh-agent.c b/ssh-agent.c index 55704e492..bc577e76a 100644 --- a/ssh-agent.c +++ b/ssh-agent.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-agent.c,v 1.45 2000/12/19 23:17:58 markus Exp $ */ | 1 | /* $OpenBSD: ssh-agent.c,v 1.47 2001/01/21 19:05:56 markus Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
@@ -37,7 +37,10 @@ | |||
37 | */ | 37 | */ |
38 | 38 | ||
39 | #include "includes.h" | 39 | #include "includes.h" |
40 | RCSID("$OpenBSD: ssh-agent.c,v 1.45 2000/12/19 23:17:58 markus Exp $"); | 40 | RCSID("$OpenBSD: ssh-agent.c,v 1.47 2001/01/21 19:05:56 markus Exp $"); |
41 | |||
42 | #include <openssl/evp.h> | ||
43 | #include <openssl/md5.h> | ||
41 | 44 | ||
42 | #include "ssh.h" | 45 | #include "ssh.h" |
43 | #include "rsa.h" | 46 | #include "rsa.h" |
@@ -47,15 +50,12 @@ RCSID("$OpenBSD: ssh-agent.c,v 1.45 2000/12/19 23:17:58 markus Exp $"); | |||
47 | #include "packet.h" | 50 | #include "packet.h" |
48 | #include "getput.h" | 51 | #include "getput.h" |
49 | #include "mpaux.h" | 52 | #include "mpaux.h" |
50 | |||
51 | #include <openssl/evp.h> | ||
52 | #include <openssl/md5.h> | ||
53 | #include <openssl/dsa.h> | ||
54 | #include <openssl/rsa.h> | ||
55 | #include "key.h" | 53 | #include "key.h" |
56 | #include "authfd.h" | 54 | #include "authfd.h" |
55 | #include "cipher.h" | ||
57 | #include "kex.h" | 56 | #include "kex.h" |
58 | #include "compat.h" | 57 | #include "compat.h" |
58 | #include "log.h" | ||
59 | 59 | ||
60 | typedef struct { | 60 | typedef struct { |
61 | int fd; | 61 | int fd; |
@@ -97,6 +97,8 @@ extern char *__progname; | |||
97 | char *__progname; | 97 | char *__progname; |
98 | #endif | 98 | #endif |
99 | 99 | ||
100 | int prepare_select(fd_set **, fd_set **, int *); | ||
101 | |||
100 | void | 102 | void |
101 | idtab_init(void) | 103 | idtab_init(void) |
102 | { | 104 | { |
@@ -293,7 +295,7 @@ process_remove_identity(SocketEntry *e, int version) | |||
293 | 295 | ||
294 | if (bits != key_size(key)) | 296 | if (bits != key_size(key)) |
295 | log("Warning: identity keysize mismatch: actual %d, announced %d", | 297 | log("Warning: identity keysize mismatch: actual %d, announced %d", |
296 | key_size(key), bits); | 298 | key_size(key), bits); |
297 | break; | 299 | break; |
298 | case 2: | 300 | case 2: |
299 | blob = buffer_get_string(&e->input, &blen); | 301 | blob = buffer_get_string(&e->input, &blen); |
@@ -388,7 +390,7 @@ process_add_identity(SocketEntry *e, int version) | |||
388 | switch (version) { | 390 | switch (version) { |
389 | case 1: | 391 | case 1: |
390 | k = key_new_private(KEY_RSA1); | 392 | k = key_new_private(KEY_RSA1); |
391 | buffer_get_int(&e->input); /* ignored */ | 393 | buffer_get_int(&e->input); /* ignored */ |
392 | buffer_get_bignum(&e->input, k->rsa->n); | 394 | buffer_get_bignum(&e->input, k->rsa->n); |
393 | buffer_get_bignum(&e->input, k->rsa->e); | 395 | buffer_get_bignum(&e->input, k->rsa->e); |
394 | buffer_get_bignum(&e->input, k->rsa->d); | 396 | buffer_get_bignum(&e->input, k->rsa->d); |
@@ -403,7 +405,7 @@ process_add_identity(SocketEntry *e, int version) | |||
403 | break; | 405 | break; |
404 | case 2: | 406 | case 2: |
405 | type_name = buffer_get_string(&e->input, NULL); | 407 | type_name = buffer_get_string(&e->input, NULL); |
406 | type = key_type_from_name(type_name); | 408 | type = key_type_from_name(type_name); |
407 | xfree(type_name); | 409 | xfree(type_name); |
408 | switch(type) { | 410 | switch(type) { |
409 | case KEY_DSA: | 411 | case KEY_DSA: |
@@ -556,17 +558,17 @@ new_socket(int type, int fd) | |||
556 | buffer_init(&sockets[old_alloc].output); | 558 | buffer_init(&sockets[old_alloc].output); |
557 | } | 559 | } |
558 | 560 | ||
559 | void | 561 | int |
560 | prepare_select(fd_set *readset, fd_set *writeset) | 562 | prepare_select(fd_set **fdrp, fd_set **fdwp, int *fdl) |
561 | { | 563 | { |
562 | u_int i; | 564 | u_int i, sz; |
563 | for (i = 0; i < sockets_alloc; i++) | 565 | int n = 0; |
566 | |||
567 | for (i = 0; i < sockets_alloc; i++) { | ||
564 | switch (sockets[i].type) { | 568 | switch (sockets[i].type) { |
565 | case AUTH_SOCKET: | 569 | case AUTH_SOCKET: |
566 | case AUTH_CONNECTION: | 570 | case AUTH_CONNECTION: |
567 | FD_SET(sockets[i].fd, readset); | 571 | n = MAX(n, sockets[i].fd); |
568 | if (buffer_len(&sockets[i].output) > 0) | ||
569 | FD_SET(sockets[i].fd, writeset); | ||
570 | break; | 572 | break; |
571 | case AUTH_UNUSED: | 573 | case AUTH_UNUSED: |
572 | break; | 574 | break; |
@@ -574,6 +576,34 @@ prepare_select(fd_set *readset, fd_set *writeset) | |||
574 | fatal("Unknown socket type %d", sockets[i].type); | 576 | fatal("Unknown socket type %d", sockets[i].type); |
575 | break; | 577 | break; |
576 | } | 578 | } |
579 | } | ||
580 | |||
581 | sz = howmany(n+1, NFDBITS) * sizeof(fd_mask); | ||
582 | if (*fdrp == NULL || n > *fdl) { | ||
583 | if (*fdrp) | ||
584 | free(*fdrp); | ||
585 | if (*fdwp) | ||
586 | free(*fdwp); | ||
587 | *fdrp = xmalloc(sz); | ||
588 | *fdwp = xmalloc(sz); | ||
589 | *fdl = n; | ||
590 | } | ||
591 | memset(*fdrp, 0, sz); | ||
592 | memset(*fdwp, 0, sz); | ||
593 | |||
594 | for (i = 0; i < sockets_alloc; i++) { | ||
595 | switch (sockets[i].type) { | ||
596 | case AUTH_SOCKET: | ||
597 | case AUTH_CONNECTION: | ||
598 | FD_SET(sockets[i].fd, *fdrp); | ||
599 | if (buffer_len(&sockets[i].output) > 0) | ||
600 | FD_SET(sockets[i].fd, *fdwp); | ||
601 | break; | ||
602 | default: | ||
603 | break; | ||
604 | } | ||
605 | } | ||
606 | return (1); | ||
577 | } | 607 | } |
578 | 608 | ||
579 | void | 609 | void |
@@ -592,7 +622,8 @@ after_select(fd_set *readset, fd_set *writeset) | |||
592 | case AUTH_SOCKET: | 622 | case AUTH_SOCKET: |
593 | if (FD_ISSET(sockets[i].fd, readset)) { | 623 | if (FD_ISSET(sockets[i].fd, readset)) { |
594 | slen = sizeof(sunaddr); | 624 | slen = sizeof(sunaddr); |
595 | sock = accept(sockets[i].fd, (struct sockaddr *) & sunaddr, &slen); | 625 | sock = accept(sockets[i].fd, |
626 | (struct sockaddr *) &sunaddr, &slen); | ||
596 | if (sock < 0) { | 627 | if (sock < 0) { |
597 | perror("accept from AUTH_SOCKET"); | 628 | perror("accept from AUTH_SOCKET"); |
598 | break; | 629 | break; |
@@ -603,8 +634,9 @@ after_select(fd_set *readset, fd_set *writeset) | |||
603 | case AUTH_CONNECTION: | 634 | case AUTH_CONNECTION: |
604 | if (buffer_len(&sockets[i].output) > 0 && | 635 | if (buffer_len(&sockets[i].output) > 0 && |
605 | FD_ISSET(sockets[i].fd, writeset)) { | 636 | FD_ISSET(sockets[i].fd, writeset)) { |
606 | len = write(sockets[i].fd, buffer_ptr(&sockets[i].output), | 637 | len = write(sockets[i].fd, |
607 | buffer_len(&sockets[i].output)); | 638 | buffer_ptr(&sockets[i].output), |
639 | buffer_len(&sockets[i].output)); | ||
608 | if (len <= 0) { | 640 | if (len <= 0) { |
609 | shutdown(sockets[i].fd, SHUT_RDWR); | 641 | shutdown(sockets[i].fd, SHUT_RDWR); |
610 | close(sockets[i].fd); | 642 | close(sockets[i].fd); |
@@ -637,12 +669,15 @@ after_select(fd_set *readset, fd_set *writeset) | |||
637 | void | 669 | void |
638 | check_parent_exists(int sig) | 670 | check_parent_exists(int sig) |
639 | { | 671 | { |
672 | int save_errno = errno; | ||
673 | |||
640 | if (parent_pid != -1 && kill(parent_pid, 0) < 0) { | 674 | if (parent_pid != -1 && kill(parent_pid, 0) < 0) { |
641 | /* printf("Parent has died - Authentication agent exiting.\n"); */ | 675 | /* printf("Parent has died - Authentication agent exiting.\n"); */ |
642 | exit(1); | 676 | exit(1); |
643 | } | 677 | } |
644 | signal(SIGALRM, check_parent_exists); | 678 | signal(SIGALRM, check_parent_exists); |
645 | alarm(10); | 679 | alarm(10); |
680 | errno = save_errno; | ||
646 | } | 681 | } |
647 | 682 | ||
648 | void | 683 | void |
@@ -664,14 +699,13 @@ usage() | |||
664 | { | 699 | { |
665 | fprintf(stderr, "ssh-agent version %s\n", SSH_VERSION); | 700 | fprintf(stderr, "ssh-agent version %s\n", SSH_VERSION); |
666 | fprintf(stderr, "Usage: %s [-c | -s] [-k] [command {args...]]\n", | 701 | fprintf(stderr, "Usage: %s [-c | -s] [-k] [command {args...]]\n", |
667 | __progname); | 702 | __progname); |
668 | exit(1); | 703 | exit(1); |
669 | } | 704 | } |
670 | 705 | ||
671 | int | 706 | int |
672 | main(int ac, char **av) | 707 | main(int ac, char **av) |
673 | { | 708 | { |
674 | fd_set readset, writeset; | ||
675 | int sock, c_flag = 0, k_flag = 0, s_flag = 0, ch; | 709 | int sock, c_flag = 0, k_flag = 0, s_flag = 0, ch; |
676 | struct sockaddr_un sunaddr; | 710 | struct sockaddr_un sunaddr; |
677 | #ifdef HAVE_SETRLIMIT | 711 | #ifdef HAVE_SETRLIMIT |
@@ -680,6 +714,7 @@ main(int ac, char **av) | |||
680 | pid_t pid; | 714 | pid_t pid; |
681 | char *shell, *format, *pidstr, pidstrbuf[1 + 3 * sizeof pid]; | 715 | char *shell, *format, *pidstr, pidstrbuf[1 + 3 * sizeof pid]; |
682 | extern int optind; | 716 | extern int optind; |
717 | fd_set *readsetp = NULL, *writesetp = NULL; | ||
683 | 718 | ||
684 | __progname = get_progname(av[0]); | 719 | __progname = get_progname(av[0]); |
685 | init_rng(); | 720 | init_rng(); |
@@ -722,14 +757,13 @@ main(int ac, char **av) | |||
722 | pidstr = getenv(SSH_AGENTPID_ENV_NAME); | 757 | pidstr = getenv(SSH_AGENTPID_ENV_NAME); |
723 | if (pidstr == NULL) { | 758 | if (pidstr == NULL) { |
724 | fprintf(stderr, "%s not set, cannot kill agent\n", | 759 | fprintf(stderr, "%s not set, cannot kill agent\n", |
725 | SSH_AGENTPID_ENV_NAME); | 760 | SSH_AGENTPID_ENV_NAME); |
726 | exit(1); | 761 | exit(1); |
727 | } | 762 | } |
728 | pid = atoi(pidstr); | 763 | pid = atoi(pidstr); |
729 | if (pid < 1) { /* XXX PID_MAX check too */ | 764 | if (pid < 1) { |
730 | /* Yes, PID_MAX check please */ | ||
731 | fprintf(stderr, "%s=\"%s\", which is not a good PID\n", | 765 | fprintf(stderr, "%s=\"%s\", which is not a good PID\n", |
732 | SSH_AGENTPID_ENV_NAME, pidstr); | 766 | SSH_AGENTPID_ENV_NAME, pidstr); |
733 | exit(1); | 767 | exit(1); |
734 | } | 768 | } |
735 | if (kill(pid, SIGTERM) == -1) { | 769 | if (kill(pid, SIGTERM) == -1) { |
@@ -751,7 +785,7 @@ main(int ac, char **av) | |||
751 | exit(1); | 785 | exit(1); |
752 | } | 786 | } |
753 | snprintf(socket_name, sizeof socket_name, "%s/agent.%d", socket_dir, | 787 | snprintf(socket_name, sizeof socket_name, "%s/agent.%d", socket_dir, |
754 | parent_pid); | 788 | parent_pid); |
755 | 789 | ||
756 | /* | 790 | /* |
757 | * Create socket early so it will exist before command gets run from | 791 | * Create socket early so it will exist before command gets run from |
@@ -773,6 +807,7 @@ main(int ac, char **av) | |||
773 | perror("listen"); | 807 | perror("listen"); |
774 | cleanup_exit(1); | 808 | cleanup_exit(1); |
775 | } | 809 | } |
810 | |||
776 | /* | 811 | /* |
777 | * Fork, and have the parent execute the command, if any, or present | 812 | * Fork, and have the parent execute the command, if any, or present |
778 | * the socket data. The child continues as the authentication agent. | 813 | * the socket data. The child continues as the authentication agent. |
@@ -788,9 +823,9 @@ main(int ac, char **av) | |||
788 | if (ac == 0) { | 823 | if (ac == 0) { |
789 | format = c_flag ? "setenv %s %s;\n" : "%s=%s; export %s;\n"; | 824 | format = c_flag ? "setenv %s %s;\n" : "%s=%s; export %s;\n"; |
790 | printf(format, SSH_AUTHSOCKET_ENV_NAME, socket_name, | 825 | printf(format, SSH_AUTHSOCKET_ENV_NAME, socket_name, |
791 | SSH_AUTHSOCKET_ENV_NAME); | 826 | SSH_AUTHSOCKET_ENV_NAME); |
792 | printf(format, SSH_AGENTPID_ENV_NAME, pidstrbuf, | 827 | printf(format, SSH_AGENTPID_ENV_NAME, pidstrbuf, |
793 | SSH_AGENTPID_ENV_NAME); | 828 | SSH_AGENTPID_ENV_NAME); |
794 | printf("echo Agent pid %d;\n", pid); | 829 | printf("echo Agent pid %d;\n", pid); |
795 | exit(0); | 830 | exit(0); |
796 | } | 831 | } |
@@ -834,15 +869,13 @@ main(int ac, char **av) | |||
834 | signal(SIGHUP, cleanup_exit); | 869 | signal(SIGHUP, cleanup_exit); |
835 | signal(SIGTERM, cleanup_exit); | 870 | signal(SIGTERM, cleanup_exit); |
836 | while (1) { | 871 | while (1) { |
837 | FD_ZERO(&readset); | 872 | prepare_select(&readsetp, &writesetp, &max_fd); |
838 | FD_ZERO(&writeset); | 873 | if (select(max_fd + 1, readsetp, writesetp, NULL, NULL) < 0) { |
839 | prepare_select(&readset, &writeset); | ||
840 | if (select(max_fd + 1, &readset, &writeset, NULL, NULL) < 0) { | ||
841 | if (errno == EINTR) | 874 | if (errno == EINTR) |
842 | continue; | 875 | continue; |
843 | exit(1); | 876 | exit(1); |
844 | } | 877 | } |
845 | after_select(&readset, &writeset); | 878 | after_select(readsetp, writesetp); |
846 | } | 879 | } |
847 | /* NOTREACHED */ | 880 | /* NOTREACHED */ |
848 | } | 881 | } |
@@ -23,19 +23,16 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$OpenBSD: ssh-dss.c,v 1.2 2000/12/19 23:17:58 markus Exp $"); | 26 | RCSID("$OpenBSD: ssh-dss.c,v 1.4 2001/01/21 19:05:57 markus Exp $"); |
27 | |||
28 | #include <openssl/bn.h> | ||
29 | #include <openssl/evp.h> | ||
27 | 30 | ||
28 | #include "ssh.h" | ||
29 | #include "xmalloc.h" | 31 | #include "xmalloc.h" |
30 | #include "buffer.h" | 32 | #include "buffer.h" |
31 | #include "bufaux.h" | 33 | #include "bufaux.h" |
32 | #include "compat.h" | 34 | #include "compat.h" |
33 | 35 | #include "log.h" | |
34 | #include <openssl/bn.h> | ||
35 | #include <openssl/rsa.h> | ||
36 | #include <openssl/dsa.h> | ||
37 | #include <openssl/evp.h> | ||
38 | |||
39 | #include "key.h" | 36 | #include "key.h" |
40 | 37 | ||
41 | #define INTBLOB_LEN 20 | 38 | #define INTBLOB_LEN 20 |
@@ -54,7 +51,7 @@ ssh_dss_sign( | |||
54 | EVP_MD_CTX md; | 51 | EVP_MD_CTX md; |
55 | u_int rlen; | 52 | u_int rlen; |
56 | u_int slen; | 53 | u_int slen; |
57 | u_int len; | 54 | u_int len, dlen; |
58 | u_char sigblob[SIGBLOB_LEN]; | 55 | u_char sigblob[SIGBLOB_LEN]; |
59 | Buffer b; | 56 | Buffer b; |
60 | 57 | ||
@@ -62,15 +59,18 @@ ssh_dss_sign( | |||
62 | error("ssh_dss_sign: no DSA key"); | 59 | error("ssh_dss_sign: no DSA key"); |
63 | return -1; | 60 | return -1; |
64 | } | 61 | } |
65 | digest = xmalloc(evp_md->md_size); | 62 | dlen = evp_md->md_size; |
63 | digest = xmalloc(dlen); | ||
66 | EVP_DigestInit(&md, evp_md); | 64 | EVP_DigestInit(&md, evp_md); |
67 | EVP_DigestUpdate(&md, data, datalen); | 65 | EVP_DigestUpdate(&md, data, datalen); |
68 | EVP_DigestFinal(&md, digest, NULL); | 66 | EVP_DigestFinal(&md, digest, NULL); |
69 | 67 | ||
70 | sig = DSA_do_sign(digest, evp_md->md_size, key->dsa); | 68 | sig = DSA_do_sign(digest, dlen, key->dsa); |
71 | if (sig == NULL) { | 69 | if (sig == NULL) { |
72 | fatal("ssh_dss_sign: cannot sign"); | 70 | fatal("ssh_dss_sign: cannot sign"); |
73 | } | 71 | } |
72 | memset(digest, 0, dlen); | ||
73 | xfree(digest); | ||
74 | 74 | ||
75 | rlen = BN_num_bytes(sig->r); | 75 | rlen = BN_num_bytes(sig->r); |
76 | slen = BN_num_bytes(sig->s); | 76 | slen = BN_num_bytes(sig->s); |
diff --git a/ssh-keygen.1 b/ssh-keygen.1 index f7b08c983..9a9fac035 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1 | |||
@@ -71,8 +71,6 @@ | |||
71 | .Nm ssh-keygen | 71 | .Nm ssh-keygen |
72 | .Fl l | 72 | .Fl l |
73 | .Op Fl f Ar input_keyfile | 73 | .Op Fl f Ar input_keyfile |
74 | .Nm ssh-keygen | ||
75 | .Fl R | ||
76 | .Sh DESCRIPTION | 74 | .Sh DESCRIPTION |
77 | .Nm | 75 | .Nm |
78 | generates and manages authentication keys for | 76 | generates and manages authentication keys for |
@@ -172,10 +170,6 @@ Provides the new comment. | |||
172 | Provides the new passphrase. | 170 | Provides the new passphrase. |
173 | .It Fl P Ar passphrase | 171 | .It Fl P Ar passphrase |
174 | Provides the (old) passphrase. | 172 | Provides the (old) passphrase. |
175 | .It Fl R | ||
176 | If RSA support is functional, immediately exits with code 0. If RSA | ||
177 | support is not functional, exits with code 1. This flag will be | ||
178 | removed once the RSA patent expires. | ||
179 | .It Fl x | 173 | .It Fl x |
180 | This option will read a private | 174 | This option will read a private |
181 | OpenSSH DSA format file and print a SSH2-compatible public key to stdout. | 175 | OpenSSH DSA format file and print a SSH2-compatible public key to stdout. |
diff --git a/ssh-keygen.c b/ssh-keygen.c index 5d9fa644e..9f519e596 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c | |||
@@ -12,22 +12,20 @@ | |||
12 | */ | 12 | */ |
13 | 13 | ||
14 | #include "includes.h" | 14 | #include "includes.h" |
15 | RCSID("$OpenBSD: ssh-keygen.c,v 1.39 2001/01/13 18:03:07 markus Exp $"); | 15 | RCSID("$OpenBSD: ssh-keygen.c,v 1.41 2001/01/21 19:05:57 markus Exp $"); |
16 | 16 | ||
17 | #include <openssl/evp.h> | 17 | #include <openssl/evp.h> |
18 | #include <openssl/pem.h> | 18 | #include <openssl/pem.h> |
19 | #include <openssl/rsa.h> | ||
20 | #include <openssl/dsa.h> | ||
21 | 19 | ||
22 | #include "ssh.h" | ||
23 | #include "xmalloc.h" | 20 | #include "xmalloc.h" |
24 | #include "key.h" | 21 | #include "key.h" |
25 | #include "rsa.h" | ||
26 | #include "authfile.h" | 22 | #include "authfile.h" |
27 | #include "uuencode.h" | 23 | #include "uuencode.h" |
28 | |||
29 | #include "buffer.h" | 24 | #include "buffer.h" |
30 | #include "bufaux.h" | 25 | #include "bufaux.h" |
26 | #include "pathnames.h" | ||
27 | #include "log.h" | ||
28 | #include "readpass.h" | ||
31 | 29 | ||
32 | /* Number of bits in the RSA/DSA key. This value can be changed on the command line. */ | 30 | /* Number of bits in the RSA/DSA key. This value can be changed on the command line. */ |
33 | int bits = 1024; | 31 | int bits = 1024; |
@@ -87,13 +85,13 @@ ask_filename(struct passwd *pw, const char *prompt) | |||
87 | 85 | ||
88 | switch (key_type_from_name(key_type_name)) { | 86 | switch (key_type_from_name(key_type_name)) { |
89 | case KEY_RSA1: | 87 | case KEY_RSA1: |
90 | name = SSH_CLIENT_IDENTITY; | 88 | name = _PATH_SSH_CLIENT_IDENTITY; |
91 | break; | 89 | break; |
92 | case KEY_DSA: | 90 | case KEY_DSA: |
93 | name = SSH_CLIENT_ID_DSA; | 91 | name = _PATH_SSH_CLIENT_ID_DSA; |
94 | break; | 92 | break; |
95 | case KEY_RSA: | 93 | case KEY_RSA: |
96 | name = SSH_CLIENT_ID_RSA; | 94 | name = _PATH_SSH_CLIENT_ID_RSA; |
97 | break; | 95 | break; |
98 | default: | 96 | default: |
99 | fprintf(stderr, "bad key type"); | 97 | fprintf(stderr, "bad key type"); |
@@ -757,7 +755,7 @@ main(int ac, char **av) | |||
757 | ask_filename(pw, "Enter file in which to save the key"); | 755 | ask_filename(pw, "Enter file in which to save the key"); |
758 | 756 | ||
759 | /* Create ~/.ssh directory if it doesn\'t already exist. */ | 757 | /* Create ~/.ssh directory if it doesn\'t already exist. */ |
760 | snprintf(dotsshdir, sizeof dotsshdir, "%s/%s", pw->pw_dir, SSH_USER_DIR); | 758 | snprintf(dotsshdir, sizeof dotsshdir, "%s/%s", pw->pw_dir, _PATH_SSH_USER_DIR); |
761 | if (strstr(identity_file, dotsshdir) != NULL && | 759 | if (strstr(identity_file, dotsshdir) != NULL && |
762 | stat(dotsshdir, &st) < 0) { | 760 | stat(dotsshdir, &st) < 0) { |
763 | if (mkdir(dotsshdir, 0700) < 0) | 761 | if (mkdir(dotsshdir, 0700) < 0) |
diff --git a/ssh-keyscan.c b/ssh-keyscan.c index 69b029b05..64ac551b5 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c | |||
@@ -8,7 +8,7 @@ | |||
8 | */ | 8 | */ |
9 | 9 | ||
10 | #include "includes.h" | 10 | #include "includes.h" |
11 | RCSID("$OpenBSD: ssh-keyscan.c,v 1.9 2001/01/13 18:12:47 markus Exp $"); | 11 | RCSID("$OpenBSD: ssh-keyscan.c,v 1.11 2001/01/21 19:05:57 markus Exp $"); |
12 | 12 | ||
13 | #if defined(HAVE_SYS_QUEUE_H) && !defined(HAVE_BOGUS_SYS_QUEUE_H) | 13 | #if defined(HAVE_SYS_QUEUE_H) && !defined(HAVE_BOGUS_SYS_QUEUE_H) |
14 | #include <sys/queue.h> | 14 | #include <sys/queue.h> |
@@ -18,14 +18,14 @@ RCSID("$OpenBSD: ssh-keyscan.c,v 1.9 2001/01/13 18:12:47 markus Exp $"); | |||
18 | #include <errno.h> | 18 | #include <errno.h> |
19 | 19 | ||
20 | #include <openssl/bn.h> | 20 | #include <openssl/bn.h> |
21 | #include <openssl/rsa.h> | ||
22 | #include <openssl/dsa.h> | ||
23 | 21 | ||
24 | #include "xmalloc.h" | 22 | #include "xmalloc.h" |
25 | #include "ssh.h" | 23 | #include "ssh.h" |
24 | #include "ssh1.h" | ||
26 | #include "key.h" | 25 | #include "key.h" |
27 | #include "buffer.h" | 26 | #include "buffer.h" |
28 | #include "bufaux.h" | 27 | #include "bufaux.h" |
28 | #include "log.h" | ||
29 | 29 | ||
30 | static int argno = 1; /* Number of argument currently being parsed */ | 30 | static int argno = 1; /* Number of argument currently being parsed */ |
31 | 31 | ||
@@ -23,18 +23,15 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$OpenBSD: ssh-rsa.c,v 1.4 2001/01/16 19:20:06 markus Exp $"); | 26 | RCSID("$OpenBSD: ssh-rsa.c,v 1.5 2001/01/21 19:05:58 markus Exp $"); |
27 | |||
28 | #include "ssh.h" | ||
29 | #include "xmalloc.h" | ||
30 | #include "buffer.h" | ||
31 | #include "bufaux.h" | ||
32 | 27 | ||
33 | #include <openssl/evp.h> | 28 | #include <openssl/evp.h> |
34 | #include <openssl/dsa.h> | ||
35 | #include <openssl/rsa.h> | ||
36 | #include <openssl/err.h> | 29 | #include <openssl/err.h> |
37 | 30 | ||
31 | #include "xmalloc.h" | ||
32 | #include "log.h" | ||
33 | #include "buffer.h" | ||
34 | #include "bufaux.h" | ||
38 | #include "key.h" | 35 | #include "key.h" |
39 | 36 | ||
40 | /* RSASSA-PKCS1-v1_5 (PKCS #1 v2.0 signature) with SHA1 */ | 37 | /* RSASSA-PKCS1-v1_5 (PKCS #1 v2.0 signature) with SHA1 */ |
@@ -39,27 +39,31 @@ | |||
39 | */ | 39 | */ |
40 | 40 | ||
41 | #include "includes.h" | 41 | #include "includes.h" |
42 | RCSID("$OpenBSD: ssh.c,v 1.82 2001/01/15 21:40:10 markus Exp $"); | 42 | RCSID("$OpenBSD: ssh.c,v 1.84 2001/01/21 19:05:58 markus Exp $"); |
43 | 43 | ||
44 | #include <openssl/evp.h> | 44 | #include <openssl/evp.h> |
45 | #include <openssl/dsa.h> | ||
46 | #include <openssl/rsa.h> | ||
47 | #include <openssl/err.h> | 45 | #include <openssl/err.h> |
48 | 46 | ||
49 | #include "xmalloc.h" | ||
50 | #include "ssh.h" | 47 | #include "ssh.h" |
48 | #include "ssh1.h" | ||
49 | #include "ssh2.h" | ||
50 | #include "compat.h" | ||
51 | #include "cipher.h" | ||
52 | #include "xmalloc.h" | ||
51 | #include "packet.h" | 53 | #include "packet.h" |
52 | #include "buffer.h" | 54 | #include "buffer.h" |
53 | #include "readconf.h" | ||
54 | #include "uidswap.h" | 55 | #include "uidswap.h" |
55 | |||
56 | #include "ssh2.h" | ||
57 | #include "compat.h" | ||
58 | #include "channels.h" | 56 | #include "channels.h" |
59 | #include "key.h" | 57 | #include "key.h" |
60 | #include "authfd.h" | 58 | #include "authfd.h" |
61 | #include "authfile.h" | 59 | #include "authfile.h" |
60 | #include "pathnames.h" | ||
62 | #include "clientloop.h" | 61 | #include "clientloop.h" |
62 | #include "log.h" | ||
63 | #include "readconf.h" | ||
64 | #include "sshconnect.h" | ||
65 | #include "tildexpand.h" | ||
66 | #include "misc.h" | ||
63 | 67 | ||
64 | #ifdef HAVE___PROGNAME | 68 | #ifdef HAVE___PROGNAME |
65 | extern char *__progname; | 69 | extern char *__progname; |
@@ -555,11 +559,11 @@ main(int ac, char **av) | |||
555 | log_init(av[0], options.log_level, SYSLOG_FACILITY_USER, 0); | 559 | log_init(av[0], options.log_level, SYSLOG_FACILITY_USER, 0); |
556 | 560 | ||
557 | /* Read per-user configuration file. */ | 561 | /* Read per-user configuration file. */ |
558 | snprintf(buf, sizeof buf, "%.100s/%.100s", pw->pw_dir, SSH_USER_CONFFILE); | 562 | snprintf(buf, sizeof buf, "%.100s/%.100s", pw->pw_dir, _PATH_SSH_USER_CONFFILE); |
559 | read_config_file(buf, host, &options); | 563 | read_config_file(buf, host, &options); |
560 | 564 | ||
561 | /* Read systemwide configuration file. */ | 565 | /* Read systemwide configuration file. */ |
562 | read_config_file(HOST_CONFIG_FILE, host, &options); | 566 | read_config_file(_PATH_HOST_CONFIG_FILE, host, &options); |
563 | 567 | ||
564 | /* Fill configuration defaults. */ | 568 | /* Fill configuration defaults. */ |
565 | fill_default_options(&options); | 569 | fill_default_options(&options); |
@@ -624,7 +628,7 @@ main(int ac, char **av) | |||
624 | host_private_key = RSA_new(); | 628 | host_private_key = RSA_new(); |
625 | k.type = KEY_RSA1; | 629 | k.type = KEY_RSA1; |
626 | k.rsa = host_private_key; | 630 | k.rsa = host_private_key; |
627 | if (load_private_key(HOST_KEY_FILE, "", &k, NULL)) | 631 | if (load_private_key(_PATH_HOST_KEY_FILE, "", &k, NULL)) |
628 | host_private_key_loaded = 1; | 632 | host_private_key_loaded = 1; |
629 | } | 633 | } |
630 | /* | 634 | /* |
@@ -648,7 +652,7 @@ main(int ac, char **av) | |||
648 | * Now that we are back to our own permissions, create ~/.ssh | 652 | * Now that we are back to our own permissions, create ~/.ssh |
649 | * directory if it doesn\'t already exist. | 653 | * directory if it doesn\'t already exist. |
650 | */ | 654 | */ |
651 | snprintf(buf, sizeof buf, "%.100s/%.100s", pw->pw_dir, SSH_USER_DIR); | 655 | snprintf(buf, sizeof buf, "%.100s/%.100s", pw->pw_dir, _PATH_SSH_USER_DIR); |
652 | if (stat(buf, &st) < 0) | 656 | if (stat(buf, &st) < 0) |
653 | if (mkdir(buf, 0700) < 0) | 657 | if (mkdir(buf, 0700) < 0) |
654 | error("Could not create directory '%.200s'.", buf); | 658 | error("Could not create directory '%.200s'.", buf); |
@@ -3,8 +3,6 @@ | |||
3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
4 | * All rights reserved | 4 | * All rights reserved |
5 | * | 5 | * |
6 | * Generic header file for ssh. | ||
7 | * | ||
8 | * As far as I am concerned, the code I have written for this software | 6 | * As far as I am concerned, the code I have written for this software |
9 | * can be used freely for any purpose. Any derived versions of this | 7 | * can be used freely for any purpose. Any derived versions of this |
10 | * software must be clearly marked as such, and if the derived work is | 8 | * software must be clearly marked as such, and if the derived work is |
@@ -12,7 +10,7 @@ | |||
12 | * called by a name other than "ssh" or "Secure Shell". | 10 | * called by a name other than "ssh" or "Secure Shell". |
13 | */ | 11 | */ |
14 | 12 | ||
15 | /* RCSID("$OpenBSD: ssh.h,v 1.59 2001/01/19 12:45:27 markus Exp $"); */ | 13 | /* RCSID("$OpenBSD: ssh.h,v 1.61 2001/01/21 19:05:59 markus Exp $"); */ |
16 | 14 | ||
17 | #ifndef SSH_H | 15 | #ifndef SSH_H |
18 | #define SSH_H | 16 | #define SSH_H |
@@ -26,8 +24,9 @@ | |||
26 | #ifdef HAVE_SYS_SELECT_H | 24 | #ifdef HAVE_SYS_SELECT_H |
27 | # include <sys/select.h> | 25 | # include <sys/select.h> |
28 | #endif | 26 | #endif |
29 | #include "rsa.h" | 27 | |
30 | #include "cipher.h" | 28 | //#include "rsa.h" |
29 | //#include "cipher.h" | ||
31 | 30 | ||
32 | /* Cipher used for encrypting authentication files. */ | 31 | /* Cipher used for encrypting authentication files. */ |
33 | #define SSH_AUTHFILE_CIPHER SSH_CIPHER_3DES | 32 | #define SSH_AUTHFILE_CIPHER SSH_CIPHER_3DES |
@@ -68,138 +67,21 @@ | |||
68 | # define SSHD_PAM_SERVICE "sshd" | 67 | # define SSHD_PAM_SERVICE "sshd" |
69 | #endif | 68 | #endif |
70 | 69 | ||
71 | #ifndef ETCDIR | ||
72 | #define ETCDIR "/etc" | ||
73 | #endif /* ETCDIR */ | ||
74 | |||
75 | #ifndef PIDDIR | ||
76 | #define PIDDIR "/var/run" | ||
77 | #endif /* PIDDIR */ | ||
78 | |||
79 | /* | ||
80 | * System-wide file containing host keys of known hosts. This file should be | ||
81 | * world-readable. | ||
82 | */ | ||
83 | #define SSH_SYSTEM_HOSTFILE ETCDIR "/ssh_known_hosts" | ||
84 | #define SSH_SYSTEM_HOSTFILE2 ETCDIR "/ssh_known_hosts2" | ||
85 | |||
86 | /* | ||
87 | * Of these, ssh_host_key must be readable only by root, whereas ssh_config | ||
88 | * should be world-readable. | ||
89 | */ | ||
90 | #define HOST_KEY_FILE ETCDIR "/ssh_host_key" | ||
91 | #define SERVER_CONFIG_FILE ETCDIR "/sshd_config" | ||
92 | #define HOST_CONFIG_FILE ETCDIR "/ssh_config" | ||
93 | #define HOST_DSA_KEY_FILE ETCDIR "/ssh_host_dsa_key" | ||
94 | #define DH_PRIMES ETCDIR "/primes" | ||
95 | |||
96 | #ifndef SSH_PROGRAM | ||
97 | #define SSH_PROGRAM "/usr/bin/ssh" | ||
98 | #endif /* SSH_PROGRAM */ | ||
99 | |||
100 | #ifndef LOGIN_PROGRAM | ||
101 | # ifdef LOGIN_PROGRAM_FALLBACK | ||
102 | # define LOGIN_PROGRAM LOGIN_PROGRAM_FALLBACK | ||
103 | # else | ||
104 | # define LOGIN_PROGRAM "/usr/bin/login" | ||
105 | # endif | ||
106 | #endif /* LOGIN_PROGRAM */ | ||
107 | |||
108 | #ifndef ASKPASS_PROGRAM | ||
109 | #define ASKPASS_PROGRAM "/usr/lib/ssh/ssh-askpass" | ||
110 | #endif /* ASKPASS_PROGRAM */ | ||
111 | |||
112 | /* | ||
113 | * The process id of the daemon listening for connections is saved here to | ||
114 | * make it easier to kill the correct daemon when necessary. | ||
115 | */ | ||
116 | #define SSH_DAEMON_PID_FILE PIDDIR "/sshd.pid" | ||
117 | |||
118 | /* | ||
119 | * The directory in user\'s home directory in which the files reside. The | ||
120 | * directory should be world-readable (though not all files are). | ||
121 | */ | ||
122 | #define SSH_USER_DIR ".ssh" | ||
123 | |||
124 | /* | ||
125 | * Relevant only when using builtin PRNG. | ||
126 | */ | ||
127 | #ifndef SSH_PRNG_SEED_FILE | ||
128 | # define SSH_PRNG_SEED_FILE SSH_USER_DIR"/prng_seed" | ||
129 | #endif /* SSH_PRNG_SEED_FILE */ | ||
130 | #ifndef SSH_PRNG_COMMAND_FILE | ||
131 | # define SSH_PRNG_COMMAND_FILE ETCDIR "/ssh_prng_cmds" | ||
132 | #endif /* SSH_PRNG_COMMAND_FILE */ | ||
133 | |||
134 | /* | ||
135 | * Per-user file containing host keys of known hosts. This file need not be | ||
136 | * readable by anyone except the user him/herself, though this does not | ||
137 | * contain anything particularly secret. | ||
138 | */ | ||
139 | #define SSH_USER_HOSTFILE "~/.ssh/known_hosts" | ||
140 | #define SSH_USER_HOSTFILE2 "~/.ssh/known_hosts2" | ||
141 | |||
142 | /* | ||
143 | * Name of the default file containing client-side authentication key. This | ||
144 | * file should only be readable by the user him/herself. | ||
145 | */ | ||
146 | #define SSH_CLIENT_IDENTITY ".ssh/identity" | ||
147 | #define SSH_CLIENT_ID_DSA ".ssh/id_dsa" | ||
148 | #define SSH_CLIENT_ID_RSA ".ssh/id_rsa" | ||
149 | |||
150 | /* | ||
151 | * Configuration file in user\'s home directory. This file need not be | ||
152 | * readable by anyone but the user him/herself, but does not contain anything | ||
153 | * particularly secret. If the user\'s home directory resides on an NFS | ||
154 | * volume where root is mapped to nobody, this may need to be world-readable. | ||
155 | */ | ||
156 | #define SSH_USER_CONFFILE ".ssh/config" | ||
157 | |||
158 | /* | ||
159 | * File containing a list of those rsa keys that permit logging in as this | ||
160 | * user. This file need not be readable by anyone but the user him/herself, | ||
161 | * but does not contain anything particularly secret. If the user\'s home | ||
162 | * directory resides on an NFS volume where root is mapped to nobody, this | ||
163 | * may need to be world-readable. (This file is read by the daemon which is | ||
164 | * running as root.) | ||
165 | */ | ||
166 | #define SSH_USER_PERMITTED_KEYS ".ssh/authorized_keys" | ||
167 | #define SSH_USER_PERMITTED_KEYS2 ".ssh/authorized_keys2" | ||
168 | |||
169 | /* | ||
170 | * Per-user and system-wide ssh "rc" files. These files are executed with | ||
171 | * /bin/sh before starting the shell or command if they exist. They will be | ||
172 | * passed "proto cookie" as arguments if X11 forwarding with spoofing is in | ||
173 | * use. xauth will be run if neither of these exists. | ||
174 | */ | ||
175 | #define SSH_USER_RC ".ssh/rc" | ||
176 | #define SSH_SYSTEM_RC ETCDIR "/sshrc" | ||
177 | |||
178 | /* | ||
179 | * Ssh-only version of /etc/hosts.equiv. Additionally, the daemon may use | ||
180 | * ~/.rhosts and /etc/hosts.equiv if rhosts authentication is enabled. | ||
181 | */ | ||
182 | #define SSH_HOSTS_EQUIV ETCDIR "/shosts.equiv" | ||
183 | |||
184 | /* | 70 | /* |
185 | * Name of the environment variable containing the pathname of the | 71 | * Name of the environment variable containing the pathname of the |
186 | * authentication socket. | 72 | * authentication socket. |
187 | */ | 73 | */ |
188 | #define SSH_AUTHSOCKET_ENV_NAME "SSH_AUTH_SOCK" | 74 | #define SSH_AGENTPID_ENV_NAME "SSH_AGENT_PID" |
189 | 75 | ||
190 | /* | 76 | /* |
191 | * Name of the environment variable containing the pathname of the | 77 | * Name of the environment variable containing the pathname of the |
192 | * authentication socket. | 78 | * authentication socket. |
193 | */ | 79 | */ |
194 | #define SSH_AGENTPID_ENV_NAME "SSH_AGENT_PID" | 80 | #define SSH_AUTHSOCKET_ENV_NAME "SSH_AUTH_SOCK" |
195 | 81 | ||
196 | /* | 82 | /* |
197 | * Default path to ssh-askpass used by ssh-add, | 83 | * Environment variable for overwriting the default location of askpass |
198 | * environment variable for overwriting the default location | ||
199 | */ | 84 | */ |
200 | #ifndef SSH_ASKPASS_DEFAULT | ||
201 | # define SSH_ASKPASS_DEFAULT "/usr/X11R6/bin/ssh-askpass" | ||
202 | #endif | ||
203 | #define SSH_ASKPASS_ENV "SSH_ASKPASS" | 85 | #define SSH_ASKPASS_ENV "SSH_ASKPASS" |
204 | 86 | ||
205 | /* | 87 | /* |
@@ -217,339 +99,4 @@ | |||
217 | /* Name of Kerberos service for SSH to use. */ | 99 | /* Name of Kerberos service for SSH to use. */ |
218 | #define KRB4_SERVICE_NAME "rcmd" | 100 | #define KRB4_SERVICE_NAME "rcmd" |
219 | 101 | ||
220 | /* | ||
221 | * Authentication methods. New types can be added, but old types should not | ||
222 | * be removed for compatibility. The maximum allowed value is 31. | ||
223 | */ | ||
224 | #define SSH_AUTH_RHOSTS 1 | ||
225 | #define SSH_AUTH_RSA 2 | ||
226 | #define SSH_AUTH_PASSWORD 3 | ||
227 | #define SSH_AUTH_RHOSTS_RSA 4 | ||
228 | #define SSH_AUTH_TIS 5 | ||
229 | #define SSH_AUTH_KERBEROS 6 | ||
230 | #define SSH_PASS_KERBEROS_TGT 7 | ||
231 | /* 8 to 15 are reserved */ | ||
232 | #define SSH_PASS_AFS_TOKEN 21 | ||
233 | |||
234 | /* Protocol flags. These are bit masks. */ | ||
235 | #define SSH_PROTOFLAG_SCREEN_NUMBER 1 /* X11 forwarding includes screen */ | ||
236 | #define SSH_PROTOFLAG_HOST_IN_FWD_OPEN 2 /* forwarding opens contain host */ | ||
237 | |||
238 | /* | ||
239 | * Definition of message types. New values can be added, but old values | ||
240 | * should not be removed or without careful consideration of the consequences | ||
241 | * for compatibility. The maximum value is 254; value 255 is reserved for | ||
242 | * future extension. | ||
243 | */ | ||
244 | /* Message name */ /* msg code */ /* arguments */ | ||
245 | #define SSH_MSG_NONE 0 /* no message */ | ||
246 | #define SSH_MSG_DISCONNECT 1 /* cause (string) */ | ||
247 | #define SSH_SMSG_PUBLIC_KEY 2 /* ck,msk,srvk,hostk */ | ||
248 | #define SSH_CMSG_SESSION_KEY 3 /* key (BIGNUM) */ | ||
249 | #define SSH_CMSG_USER 4 /* user (string) */ | ||
250 | #define SSH_CMSG_AUTH_RHOSTS 5 /* user (string) */ | ||
251 | #define SSH_CMSG_AUTH_RSA 6 /* modulus (BIGNUM) */ | ||
252 | #define SSH_SMSG_AUTH_RSA_CHALLENGE 7 /* int (BIGNUM) */ | ||
253 | #define SSH_CMSG_AUTH_RSA_RESPONSE 8 /* int (BIGNUM) */ | ||
254 | #define SSH_CMSG_AUTH_PASSWORD 9 /* pass (string) */ | ||
255 | #define SSH_CMSG_REQUEST_PTY 10 /* TERM, tty modes */ | ||
256 | #define SSH_CMSG_WINDOW_SIZE 11 /* row,col,xpix,ypix */ | ||
257 | #define SSH_CMSG_EXEC_SHELL 12 /* */ | ||
258 | #define SSH_CMSG_EXEC_CMD 13 /* cmd (string) */ | ||
259 | #define SSH_SMSG_SUCCESS 14 /* */ | ||
260 | #define SSH_SMSG_FAILURE 15 /* */ | ||
261 | #define SSH_CMSG_STDIN_DATA 16 /* data (string) */ | ||
262 | #define SSH_SMSG_STDOUT_DATA 17 /* data (string) */ | ||
263 | #define SSH_SMSG_STDERR_DATA 18 /* data (string) */ | ||
264 | #define SSH_CMSG_EOF 19 /* */ | ||
265 | #define SSH_SMSG_EXITSTATUS 20 /* status (int) */ | ||
266 | #define SSH_MSG_CHANNEL_OPEN_CONFIRMATION 21 /* channel (int) */ | ||
267 | #define SSH_MSG_CHANNEL_OPEN_FAILURE 22 /* channel (int) */ | ||
268 | #define SSH_MSG_CHANNEL_DATA 23 /* ch,data (int,str) */ | ||
269 | #define SSH_MSG_CHANNEL_CLOSE 24 /* channel (int) */ | ||
270 | #define SSH_MSG_CHANNEL_CLOSE_CONFIRMATION 25 /* channel (int) */ | ||
271 | /* SSH_CMSG_X11_REQUEST_FORWARDING 26 OBSOLETE */ | ||
272 | #define SSH_SMSG_X11_OPEN 27 /* channel (int) */ | ||
273 | #define SSH_CMSG_PORT_FORWARD_REQUEST 28 /* p,host,hp (i,s,i) */ | ||
274 | #define SSH_MSG_PORT_OPEN 29 /* ch,h,p (i,s,i) */ | ||
275 | #define SSH_CMSG_AGENT_REQUEST_FORWARDING 30 /* */ | ||
276 | #define SSH_SMSG_AGENT_OPEN 31 /* port (int) */ | ||
277 | #define SSH_MSG_IGNORE 32 /* string */ | ||
278 | #define SSH_CMSG_EXIT_CONFIRMATION 33 /* */ | ||
279 | #define SSH_CMSG_X11_REQUEST_FORWARDING 34 /* proto,data (s,s) */ | ||
280 | #define SSH_CMSG_AUTH_RHOSTS_RSA 35 /* user,mod (s,mpi) */ | ||
281 | #define SSH_MSG_DEBUG 36 /* string */ | ||
282 | #define SSH_CMSG_REQUEST_COMPRESSION 37 /* level 1-9 (int) */ | ||
283 | #define SSH_CMSG_MAX_PACKET_SIZE 38 /* size 4k-1024k (int) */ | ||
284 | #define SSH_CMSG_AUTH_TIS 39 /* we use this for s/key */ | ||
285 | #define SSH_SMSG_AUTH_TIS_CHALLENGE 40 /* challenge (string) */ | ||
286 | #define SSH_CMSG_AUTH_TIS_RESPONSE 41 /* response (string) */ | ||
287 | #define SSH_CMSG_AUTH_KERBEROS 42 /* (KTEXT) */ | ||
288 | #define SSH_SMSG_AUTH_KERBEROS_RESPONSE 43 /* (KTEXT) */ | ||
289 | #define SSH_CMSG_HAVE_KERBEROS_TGT 44 /* credentials (s) */ | ||
290 | #define SSH_CMSG_HAVE_AFS_TOKEN 65 /* token (s) */ | ||
291 | |||
292 | /*------------ definitions for login.c -------------*/ | ||
293 | |||
294 | /* | ||
295 | * Returns the time when the user last logged in. Returns 0 if the | ||
296 | * information is not available. This must be called before record_login. | ||
297 | * The host from which the user logged in is stored in buf. | ||
298 | */ | ||
299 | u_long | ||
300 | get_last_login_time(uid_t uid, const char *logname, | ||
301 | char *buf, u_int bufsize); | ||
302 | |||
303 | /* | ||
304 | * Records that the user has logged in. This does many things normally done | ||
305 | * by login(1). | ||
306 | */ | ||
307 | void | ||
308 | record_login(pid_t pid, const char *ttyname, const char *user, uid_t uid, | ||
309 | const char *host, struct sockaddr *addr); | ||
310 | |||
311 | /* | ||
312 | * Records that the user has logged out. This does many thigs normally done | ||
313 | * by login(1) or init. | ||
314 | */ | ||
315 | void record_logout(pid_t pid, const char *ttyname); | ||
316 | |||
317 | /*------------ definitions for sshconnect.c ----------*/ | ||
318 | |||
319 | /* | ||
320 | * Opens a TCP/IP connection to the remote server on the given host. If port | ||
321 | * is 0, the default port will be used. If anonymous is zero, a privileged | ||
322 | * port will be allocated to make the connection. This requires super-user | ||
323 | * privileges if anonymous is false. Connection_attempts specifies the | ||
324 | * maximum number of tries, one per second. This returns true on success, | ||
325 | * and zero on failure. If the connection is successful, this calls | ||
326 | * packet_set_connection for the connection. | ||
327 | */ | ||
328 | int | ||
329 | ssh_connect(const char *host, struct sockaddr_storage * hostaddr, | ||
330 | u_short port, int connection_attempts, | ||
331 | int anonymous, uid_t original_real_uid, | ||
332 | const char *proxy_command); | ||
333 | |||
334 | /* | ||
335 | * Starts a dialog with the server, and authenticates the current user on the | ||
336 | * server. This does not need any extra privileges. The basic connection to | ||
337 | * the server must already have been established before this is called. If | ||
338 | * login fails, this function prints an error and never returns. This | ||
339 | * initializes the random state, and leaves it initialized (it will also have | ||
340 | * references from the packet module). | ||
341 | */ | ||
342 | |||
343 | void | ||
344 | ssh_login(int host_key_valid, RSA * host_key, const char *host, | ||
345 | struct sockaddr * hostaddr, uid_t original_real_uid); | ||
346 | |||
347 | /*------------ Definitions for various authentication methods. -------*/ | ||
348 | |||
349 | /* | ||
350 | * Tries to authenticate the user using the .rhosts file. Returns true if | ||
351 | * authentication succeeds. If ignore_rhosts is non-zero, this will not | ||
352 | * consider .rhosts and .shosts (/etc/hosts.equiv will still be used). | ||
353 | */ | ||
354 | int auth_rhosts(struct passwd * pw, const char *client_user); | ||
355 | |||
356 | /* | ||
357 | * Tries to authenticate the user using the .rhosts file and the host using | ||
358 | * its host key. Returns true if authentication succeeds. | ||
359 | */ | ||
360 | int | ||
361 | auth_rhosts_rsa(struct passwd * pw, const char *client_user, RSA* client_host_key); | ||
362 | |||
363 | /* | ||
364 | * Tries to authenticate the user using password. Returns true if | ||
365 | * authentication succeeds. | ||
366 | */ | ||
367 | int auth_password(struct passwd * pw, const char *password); | ||
368 | |||
369 | /* | ||
370 | * Performs the RSA authentication dialog with the client. This returns 0 if | ||
371 | * the client could not be authenticated, and 1 if authentication was | ||
372 | * successful. This may exit if there is a serious protocol violation. | ||
373 | */ | ||
374 | int auth_rsa(struct passwd * pw, BIGNUM * client_n); | ||
375 | |||
376 | /* | ||
377 | * Parses an RSA key (number of bits, e, n) from a string. Moves the pointer | ||
378 | * over the key. Skips any whitespace at the beginning and at end. | ||
379 | */ | ||
380 | int auth_rsa_read_key(char **cpp, u_int *bitsp, BIGNUM * e, BIGNUM * n); | ||
381 | |||
382 | /* | ||
383 | * Returns the name of the machine at the other end of the socket. The | ||
384 | * returned string should be freed by the caller. | ||
385 | */ | ||
386 | char *get_remote_hostname(int socket); | ||
387 | |||
388 | /* | ||
389 | * Return the canonical name of the host in the other side of the current | ||
390 | * connection (as returned by packet_get_connection). The host name is | ||
391 | * cached, so it is efficient to call this several times. | ||
392 | */ | ||
393 | const char *get_canonical_hostname(void); | ||
394 | |||
395 | /* | ||
396 | * Returns the remote IP address as an ascii string. The value need not be | ||
397 | * freed by the caller. | ||
398 | */ | ||
399 | const char *get_remote_ipaddr(void); | ||
400 | |||
401 | /* Returns the port number of the peer of the socket. */ | ||
402 | int get_peer_port(int sock); | ||
403 | |||
404 | /* Returns the port number of the remote/local host. */ | ||
405 | int get_remote_port(void); | ||
406 | int get_local_port(void); | ||
407 | |||
408 | |||
409 | /* | ||
410 | * Performs the RSA authentication challenge-response dialog with the client, | ||
411 | * and returns true (non-zero) if the client gave the correct answer to our | ||
412 | * challenge; returns zero if the client gives a wrong answer. | ||
413 | */ | ||
414 | int auth_rsa_challenge_dialog(RSA *pk); | ||
415 | |||
416 | /* | ||
417 | * Reads a passphrase from /dev/tty with echo turned off. Returns the | ||
418 | * passphrase (allocated with xmalloc). Exits if EOF is encountered. If | ||
419 | * from_stdin is true, the passphrase will be read from stdin instead. | ||
420 | */ | ||
421 | char *read_passphrase(const char *prompt, int from_stdin); | ||
422 | |||
423 | |||
424 | /*------------ Definitions for logging. -----------------------*/ | ||
425 | |||
426 | /* Supported syslog facilities and levels. */ | ||
427 | typedef enum { | ||
428 | SYSLOG_FACILITY_DAEMON, | ||
429 | SYSLOG_FACILITY_USER, | ||
430 | SYSLOG_FACILITY_AUTH, | ||
431 | #ifdef LOG_AUTHPRIV | ||
432 | SYSLOG_FACILITY_AUTHPRIV, | ||
433 | #endif | ||
434 | SYSLOG_FACILITY_LOCAL0, | ||
435 | SYSLOG_FACILITY_LOCAL1, | ||
436 | SYSLOG_FACILITY_LOCAL2, | ||
437 | SYSLOG_FACILITY_LOCAL3, | ||
438 | SYSLOG_FACILITY_LOCAL4, | ||
439 | SYSLOG_FACILITY_LOCAL5, | ||
440 | SYSLOG_FACILITY_LOCAL6, | ||
441 | SYSLOG_FACILITY_LOCAL7 | ||
442 | } SyslogFacility; | ||
443 | |||
444 | typedef enum { | ||
445 | SYSLOG_LEVEL_QUIET, | ||
446 | SYSLOG_LEVEL_FATAL, | ||
447 | SYSLOG_LEVEL_ERROR, | ||
448 | SYSLOG_LEVEL_INFO, | ||
449 | SYSLOG_LEVEL_VERBOSE, | ||
450 | SYSLOG_LEVEL_DEBUG1, | ||
451 | SYSLOG_LEVEL_DEBUG2, | ||
452 | SYSLOG_LEVEL_DEBUG3 | ||
453 | } LogLevel; | ||
454 | /* Initializes logging. */ | ||
455 | void log_init(char *av0, LogLevel level, SyslogFacility facility, int on_stderr); | ||
456 | |||
457 | /* Logging implementation, depending on server or client */ | ||
458 | void do_log(LogLevel level, const char *fmt, va_list args); | ||
459 | |||
460 | /* name to facility/level */ | ||
461 | SyslogFacility log_facility_number(char *name); | ||
462 | LogLevel log_level_number(char *name); | ||
463 | |||
464 | /* Output a message to syslog or stderr */ | ||
465 | void fatal(const char *fmt,...) __attribute__((format(printf, 1, 2))); | ||
466 | void error(const char *fmt,...) __attribute__((format(printf, 1, 2))); | ||
467 | void log(const char *fmt,...) __attribute__((format(printf, 1, 2))); | ||
468 | void verbose(const char *fmt,...) __attribute__((format(printf, 1, 2))); | ||
469 | void debug(const char *fmt,...) __attribute__((format(printf, 1, 2))); | ||
470 | void debug2(const char *fmt,...) __attribute__((format(printf, 1, 2))); | ||
471 | void debug3(const char *fmt,...) __attribute__((format(printf, 1, 2))); | ||
472 | |||
473 | /* same as fatal() but w/o logging */ | ||
474 | void fatal_cleanup(void); | ||
475 | |||
476 | /* | ||
477 | * Registers a cleanup function to be called by fatal()/fatal_cleanup() | ||
478 | * before exiting. It is permissible to call fatal_remove_cleanup for the | ||
479 | * function itself from the function. | ||
480 | */ | ||
481 | void fatal_add_cleanup(void (*proc) (void *context), void *context); | ||
482 | |||
483 | /* Removes a cleanup function to be called at fatal(). */ | ||
484 | void fatal_remove_cleanup(void (*proc) (void *context), void *context); | ||
485 | |||
486 | /* ---- misc */ | ||
487 | |||
488 | /* | ||
489 | * Expands tildes in the file name. Returns data allocated by xmalloc. | ||
490 | * Warning: this calls getpw*. | ||
491 | */ | ||
492 | char *tilde_expand_filename(const char *filename, uid_t my_uid); | ||
493 | |||
494 | /* remove newline at end of string */ | ||
495 | char *chop(char *s); | ||
496 | |||
497 | /* return next token in configuration line */ | ||
498 | char *strdelim(char **s); | ||
499 | |||
500 | /* set filedescriptor to non-blocking */ | ||
501 | void set_nonblock(int fd); | ||
502 | |||
503 | /* | ||
504 | * Performs the interactive session. This handles data transmission between | ||
505 | * the client and the program. Note that the notion of stdin, stdout, and | ||
506 | * stderr in this function is sort of reversed: this function writes to stdin | ||
507 | * (of the child program), and reads from stdout and stderr (of the child | ||
508 | * program). | ||
509 | */ | ||
510 | void server_loop(pid_t pid, int fdin, int fdout, int fderr); | ||
511 | void server_loop2(void); | ||
512 | |||
513 | /* Client side main loop for the interactive session. */ | ||
514 | int client_loop(int have_pty, int escape_char, int id); | ||
515 | |||
516 | /* Linked list of custom environment strings (see auth-rsa.c). */ | ||
517 | struct envstring { | ||
518 | struct envstring *next; | ||
519 | char *s; | ||
520 | }; | ||
521 | |||
522 | /* | ||
523 | * Ensure all of data on socket comes through. f==read || f==write | ||
524 | */ | ||
525 | ssize_t atomicio(ssize_t (*f)(), int fd, void *s, size_t n); | ||
526 | |||
527 | #ifdef KRB4 | ||
528 | #include <krb.h> | ||
529 | /* | ||
530 | * Performs Kerberos v4 mutual authentication with the client. This returns 0 | ||
531 | * if the client could not be authenticated, and 1 if authentication was | ||
532 | * successful. This may exit if there is a serious protocol violation. | ||
533 | */ | ||
534 | int auth_krb4(const char *server_user, KTEXT auth, char **client); | ||
535 | int krb4_init(uid_t uid); | ||
536 | void krb4_cleanup_proc(void *ignore); | ||
537 | int auth_krb4_password(struct passwd * pw, const char *password); | ||
538 | |||
539 | #ifdef AFS | ||
540 | #include <kafs.h> | ||
541 | |||
542 | /* Accept passed Kerberos v4 ticket-granting ticket and AFS tokens. */ | ||
543 | int auth_kerberos_tgt(struct passwd * pw, const char *string); | ||
544 | int auth_afs_token(struct passwd * pw, const char *token_string); | ||
545 | |||
546 | int creds_to_radix(CREDENTIALS * creds, u_char *buf, size_t buflen); | ||
547 | int radix_to_creds(const char *buf, CREDENTIALS * creds); | ||
548 | #endif /* AFS */ | ||
549 | |||
550 | #endif /* KRB4 */ | ||
551 | |||
552 | /* AF_UNSPEC or AF_INET or AF_INET6 */ | ||
553 | extern int IPv4or6; | ||
554 | |||
555 | #endif /* SSH_H */ | 102 | #endif /* SSH_H */ |
@@ -0,0 +1,84 @@ | |||
1 | /* | ||
2 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | ||
3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | ||
4 | * All rights reserved | ||
5 | * | ||
6 | * As far as I am concerned, the code I have written for this software | ||
7 | * can be used freely for any purpose. Any derived versions of this | ||
8 | * software must be clearly marked as such, and if the derived work is | ||
9 | * incompatible with the protocol description in the RFC file, it must be | ||
10 | * called by a name other than "ssh" or "Secure Shell". | ||
11 | */ | ||
12 | |||
13 | /* | ||
14 | * Definition of message types. New values can be added, but old values | ||
15 | * should not be removed or without careful consideration of the consequences | ||
16 | * for compatibility. The maximum value is 254; value 255 is reserved for | ||
17 | * future extension. | ||
18 | */ | ||
19 | /* Message name */ /* msg code */ /* arguments */ | ||
20 | #define SSH_MSG_NONE 0 /* no message */ | ||
21 | #define SSH_MSG_DISCONNECT 1 /* cause (string) */ | ||
22 | #define SSH_SMSG_PUBLIC_KEY 2 /* ck,msk,srvk,hostk */ | ||
23 | #define SSH_CMSG_SESSION_KEY 3 /* key (BIGNUM) */ | ||
24 | #define SSH_CMSG_USER 4 /* user (string) */ | ||
25 | #define SSH_CMSG_AUTH_RHOSTS 5 /* user (string) */ | ||
26 | #define SSH_CMSG_AUTH_RSA 6 /* modulus (BIGNUM) */ | ||
27 | #define SSH_SMSG_AUTH_RSA_CHALLENGE 7 /* int (BIGNUM) */ | ||
28 | #define SSH_CMSG_AUTH_RSA_RESPONSE 8 /* int (BIGNUM) */ | ||
29 | #define SSH_CMSG_AUTH_PASSWORD 9 /* pass (string) */ | ||
30 | #define SSH_CMSG_REQUEST_PTY 10 /* TERM, tty modes */ | ||
31 | #define SSH_CMSG_WINDOW_SIZE 11 /* row,col,xpix,ypix */ | ||
32 | #define SSH_CMSG_EXEC_SHELL 12 /* */ | ||
33 | #define SSH_CMSG_EXEC_CMD 13 /* cmd (string) */ | ||
34 | #define SSH_SMSG_SUCCESS 14 /* */ | ||
35 | #define SSH_SMSG_FAILURE 15 /* */ | ||
36 | #define SSH_CMSG_STDIN_DATA 16 /* data (string) */ | ||
37 | #define SSH_SMSG_STDOUT_DATA 17 /* data (string) */ | ||
38 | #define SSH_SMSG_STDERR_DATA 18 /* data (string) */ | ||
39 | #define SSH_CMSG_EOF 19 /* */ | ||
40 | #define SSH_SMSG_EXITSTATUS 20 /* status (int) */ | ||
41 | #define SSH_MSG_CHANNEL_OPEN_CONFIRMATION 21 /* channel (int) */ | ||
42 | #define SSH_MSG_CHANNEL_OPEN_FAILURE 22 /* channel (int) */ | ||
43 | #define SSH_MSG_CHANNEL_DATA 23 /* ch,data (int,str) */ | ||
44 | #define SSH_MSG_CHANNEL_CLOSE 24 /* channel (int) */ | ||
45 | #define SSH_MSG_CHANNEL_CLOSE_CONFIRMATION 25 /* channel (int) */ | ||
46 | /* SSH_CMSG_X11_REQUEST_FORWARDING 26 OBSOLETE */ | ||
47 | #define SSH_SMSG_X11_OPEN 27 /* channel (int) */ | ||
48 | #define SSH_CMSG_PORT_FORWARD_REQUEST 28 /* p,host,hp (i,s,i) */ | ||
49 | #define SSH_MSG_PORT_OPEN 29 /* ch,h,p (i,s,i) */ | ||
50 | #define SSH_CMSG_AGENT_REQUEST_FORWARDING 30 /* */ | ||
51 | #define SSH_SMSG_AGENT_OPEN 31 /* port (int) */ | ||
52 | #define SSH_MSG_IGNORE 32 /* string */ | ||
53 | #define SSH_CMSG_EXIT_CONFIRMATION 33 /* */ | ||
54 | #define SSH_CMSG_X11_REQUEST_FORWARDING 34 /* proto,data (s,s) */ | ||
55 | #define SSH_CMSG_AUTH_RHOSTS_RSA 35 /* user,mod (s,mpi) */ | ||
56 | #define SSH_MSG_DEBUG 36 /* string */ | ||
57 | #define SSH_CMSG_REQUEST_COMPRESSION 37 /* level 1-9 (int) */ | ||
58 | #define SSH_CMSG_MAX_PACKET_SIZE 38 /* size 4k-1024k (int) */ | ||
59 | #define SSH_CMSG_AUTH_TIS 39 /* we use this for s/key */ | ||
60 | #define SSH_SMSG_AUTH_TIS_CHALLENGE 40 /* challenge (string) */ | ||
61 | #define SSH_CMSG_AUTH_TIS_RESPONSE 41 /* response (string) */ | ||
62 | #define SSH_CMSG_AUTH_KERBEROS 42 /* (KTEXT) */ | ||
63 | #define SSH_SMSG_AUTH_KERBEROS_RESPONSE 43 /* (KTEXT) */ | ||
64 | #define SSH_CMSG_HAVE_KERBEROS_TGT 44 /* credentials (s) */ | ||
65 | #define SSH_CMSG_HAVE_AFS_TOKEN 65 /* token (s) */ | ||
66 | |||
67 | /* | ||
68 | * Authentication methods. New types can be added, but old types should not | ||
69 | * be removed for compatibility. The maximum allowed value is 31. | ||
70 | */ | ||
71 | #define SSH_AUTH_RHOSTS 1 | ||
72 | #define SSH_AUTH_RSA 2 | ||
73 | #define SSH_AUTH_PASSWORD 3 | ||
74 | #define SSH_AUTH_RHOSTS_RSA 4 | ||
75 | #define SSH_AUTH_TIS 5 | ||
76 | #define SSH_AUTH_KERBEROS 6 | ||
77 | #define SSH_PASS_KERBEROS_TGT 7 | ||
78 | /* 8 to 15 are reserved */ | ||
79 | #define SSH_PASS_AFS_TOKEN 21 | ||
80 | |||
81 | /* Protocol flags. These are bit masks. */ | ||
82 | #define SSH_PROTOFLAG_SCREEN_NUMBER 1 /* X11 forwarding includes screen */ | ||
83 | #define SSH_PROTOFLAG_HOST_IN_FWD_OPEN 2 /* forwarding opens contain host */ | ||
84 | |||
diff --git a/sshconnect.c b/sshconnect.c index e40ba984c..0994126c0 100644 --- a/sshconnect.c +++ b/sshconnect.c | |||
@@ -13,23 +13,24 @@ | |||
13 | */ | 13 | */ |
14 | 14 | ||
15 | #include "includes.h" | 15 | #include "includes.h" |
16 | RCSID("$OpenBSD: sshconnect.c,v 1.90 2001/01/13 18:32:50 markus Exp $"); | 16 | RCSID("$OpenBSD: sshconnect.c,v 1.91 2001/01/21 19:05:59 markus Exp $"); |
17 | 17 | ||
18 | #include <openssl/bn.h> | 18 | #include <openssl/bn.h> |
19 | #include <openssl/dsa.h> | ||
20 | #include <openssl/rsa.h> | ||
21 | 19 | ||
20 | #include "ssh.h" | ||
22 | #include "xmalloc.h" | 21 | #include "xmalloc.h" |
23 | #include "rsa.h" | 22 | #include "rsa.h" |
24 | #include "ssh.h" | ||
25 | #include "buffer.h" | 23 | #include "buffer.h" |
26 | #include "packet.h" | 24 | #include "packet.h" |
27 | #include "uidswap.h" | 25 | #include "uidswap.h" |
28 | #include "compat.h" | 26 | #include "compat.h" |
29 | #include "readconf.h" | ||
30 | #include "key.h" | 27 | #include "key.h" |
31 | #include "sshconnect.h" | 28 | #include "sshconnect.h" |
32 | #include "hostfile.h" | 29 | #include "hostfile.h" |
30 | #include "log.h" | ||
31 | #include "readconf.h" | ||
32 | #include "atomicio.h" | ||
33 | #include "misc.h" | ||
33 | 34 | ||
34 | char *client_version_string = NULL; | 35 | char *client_version_string = NULL; |
35 | char *server_version_string = NULL; | 36 | char *server_version_string = NULL; |
@@ -37,6 +38,9 @@ char *server_version_string = NULL; | |||
37 | extern Options options; | 38 | extern Options options; |
38 | extern char *__progname; | 39 | extern char *__progname; |
39 | 40 | ||
41 | /* AF_UNSPEC or AF_INET or AF_INET6 */ | ||
42 | extern int IPv4or6; | ||
43 | |||
40 | /* | 44 | /* |
41 | * Connect to the given ssh server using a proxy command. | 45 | * Connect to the given ssh server using a proxy command. |
42 | */ | 46 | */ |
diff --git a/sshconnect.h b/sshconnect.h index 720004675..4e16f2d85 100644 --- a/sshconnect.h +++ b/sshconnect.h | |||
@@ -23,6 +23,34 @@ | |||
23 | */ | 23 | */ |
24 | #ifndef SSHCONNECT_H | 24 | #ifndef SSHCONNECT_H |
25 | #define SSHCONNECT_H | 25 | #define SSHCONNECT_H |
26 | /* | ||
27 | * Opens a TCP/IP connection to the remote server on the given host. If port | ||
28 | * is 0, the default port will be used. If anonymous is zero, a privileged | ||
29 | * port will be allocated to make the connection. This requires super-user | ||
30 | * privileges if anonymous is false. Connection_attempts specifies the | ||
31 | * maximum number of tries, one per second. This returns true on success, | ||
32 | * and zero on failure. If the connection is successful, this calls | ||
33 | * packet_set_connection for the connection. | ||
34 | */ | ||
35 | int | ||
36 | ssh_connect(const char *host, struct sockaddr_storage * hostaddr, | ||
37 | u_short port, int connection_attempts, | ||
38 | int anonymous, uid_t original_real_uid, | ||
39 | const char *proxy_command); | ||
40 | |||
41 | /* | ||
42 | * Starts a dialog with the server, and authenticates the current user on the | ||
43 | * server. This does not need any extra privileges. The basic connection to | ||
44 | * the server must already have been established before this is called. If | ||
45 | * login fails, this function prints an error and never returns. This | ||
46 | * initializes the random state, and leaves it initialized (it will also have | ||
47 | * references from the packet module). | ||
48 | */ | ||
49 | |||
50 | void | ||
51 | ssh_login(int host_key_valid, RSA * host_key, const char *host, | ||
52 | struct sockaddr * hostaddr, uid_t original_real_uid); | ||
53 | |||
26 | 54 | ||
27 | void | 55 | void |
28 | check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, | 56 | check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key, |
diff --git a/sshconnect1.c b/sshconnect1.c index b2d4e57bf..d0c0215ca 100644 --- a/sshconnect1.c +++ b/sshconnect1.c | |||
@@ -13,25 +13,36 @@ | |||
13 | */ | 13 | */ |
14 | 14 | ||
15 | #include "includes.h" | 15 | #include "includes.h" |
16 | RCSID("$OpenBSD: sshconnect1.c,v 1.16 2001/01/18 17:00:00 markus Exp $"); | 16 | RCSID("$OpenBSD: sshconnect1.c,v 1.18 2001/01/21 19:06:00 markus Exp $"); |
17 | 17 | ||
18 | #include <openssl/bn.h> | 18 | #include <openssl/bn.h> |
19 | #include <openssl/dsa.h> | ||
20 | #include <openssl/rsa.h> | ||
21 | #include <openssl/evp.h> | 19 | #include <openssl/evp.h> |
22 | 20 | ||
21 | #ifdef KRB4 | ||
22 | #include <krb.h> | ||
23 | #include "radix.h" | ||
24 | #endif | ||
25 | #ifdef AFS | ||
26 | #include <kafs.h> | ||
27 | #endif | ||
28 | |||
29 | #include "ssh.h" | ||
30 | #include "ssh1.h" | ||
23 | #include "xmalloc.h" | 31 | #include "xmalloc.h" |
24 | #include "rsa.h" | 32 | #include "rsa.h" |
25 | #include "ssh.h" | ||
26 | #include "buffer.h" | 33 | #include "buffer.h" |
27 | #include "packet.h" | 34 | #include "packet.h" |
28 | #include "mpaux.h" | 35 | #include "mpaux.h" |
29 | #include "uidswap.h" | 36 | #include "uidswap.h" |
37 | #include "log.h" | ||
30 | #include "readconf.h" | 38 | #include "readconf.h" |
31 | #include "key.h" | 39 | #include "key.h" |
32 | #include "authfd.h" | 40 | #include "authfd.h" |
33 | #include "sshconnect.h" | 41 | #include "sshconnect.h" |
34 | #include "authfile.h" | 42 | #include "authfile.h" |
43 | #include "readpass.h" | ||
44 | #include "cipher.h" | ||
45 | #include "canohost.h" | ||
35 | 46 | ||
36 | /* Session id for the current session. */ | 47 | /* Session id for the current session. */ |
37 | u_char session_id[16]; | 48 | u_char session_id[16]; |
diff --git a/sshconnect2.c b/sshconnect2.c index 8321c9eb7..6f41b987a 100644 --- a/sshconnect2.c +++ b/sshconnect2.c | |||
@@ -23,25 +23,23 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$OpenBSD: sshconnect2.c,v 1.35 2001/01/04 22:21:26 markus Exp $"); | 26 | RCSID("$OpenBSD: sshconnect2.c,v 1.37 2001/01/21 19:06:00 markus Exp $"); |
27 | 27 | ||
28 | #include <openssl/bn.h> | 28 | #include <openssl/bn.h> |
29 | #include <openssl/rsa.h> | ||
30 | #include <openssl/dsa.h> | ||
31 | #include <openssl/md5.h> | 29 | #include <openssl/md5.h> |
32 | #include <openssl/dh.h> | 30 | #include <openssl/dh.h> |
33 | #include <openssl/hmac.h> | 31 | #include <openssl/hmac.h> |
34 | 32 | ||
35 | #include "ssh.h" | 33 | #include "ssh.h" |
34 | #include "ssh2.h" | ||
36 | #include "xmalloc.h" | 35 | #include "xmalloc.h" |
37 | #include "rsa.h" | 36 | #include "rsa.h" |
38 | #include "buffer.h" | 37 | #include "buffer.h" |
39 | #include "packet.h" | 38 | #include "packet.h" |
40 | #include "uidswap.h" | 39 | #include "uidswap.h" |
41 | #include "compat.h" | 40 | #include "compat.h" |
42 | #include "readconf.h" | ||
43 | #include "bufaux.h" | 41 | #include "bufaux.h" |
44 | #include "ssh2.h" | 42 | #include "cipher.h" |
45 | #include "kex.h" | 43 | #include "kex.h" |
46 | #include "myproposal.h" | 44 | #include "myproposal.h" |
47 | #include "key.h" | 45 | #include "key.h" |
@@ -50,6 +48,9 @@ RCSID("$OpenBSD: sshconnect2.c,v 1.35 2001/01/04 22:21:26 markus Exp $"); | |||
50 | #include "cli.h" | 48 | #include "cli.h" |
51 | #include "dispatch.h" | 49 | #include "dispatch.h" |
52 | #include "authfd.h" | 50 | #include "authfd.h" |
51 | #include "log.h" | ||
52 | #include "readconf.h" | ||
53 | #include "readpass.h" | ||
53 | 54 | ||
54 | void ssh_dh1_client(Kex *, char *, struct sockaddr *, Buffer *, Buffer *); | 55 | void ssh_dh1_client(Kex *, char *, struct sockaddr *, Buffer *, Buffer *); |
55 | void ssh_dhgex_client(Kex *, char *, struct sockaddr *, Buffer *, Buffer *); | 56 | void ssh_dhgex_client(Kex *, char *, struct sockaddr *, Buffer *, Buffer *); |
@@ -332,8 +333,7 @@ ssh_dhgex_client(Kex *kex, char *host, struct sockaddr *hostaddr, | |||
332 | if ((g = BN_new()) == NULL) | 333 | if ((g = BN_new()) == NULL) |
333 | fatal("BN_new"); | 334 | fatal("BN_new"); |
334 | packet_get_bignum2(g, &dlen); | 335 | packet_get_bignum2(g, &dlen); |
335 | if ((dh = dh_new_group(g, p)) == NULL) | 336 | dh = dh_new_group(g, p); |
336 | fatal("dh_new_group"); | ||
337 | 337 | ||
338 | dh_gen_key(dh); | 338 | dh_gen_key(dh); |
339 | 339 | ||
@@ -34,7 +34,7 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 36 | .\" |
37 | .\" $OpenBSD: sshd.8,v 1.82 2001/01/18 16:20:22 markus Exp $ | 37 | .\" $OpenBSD: sshd.8,v 1.83 2001/01/19 16:48:14 markus Exp $ |
38 | .Dd September 25, 1999 | 38 | .Dd September 25, 1999 |
39 | .Dt SSHD 8 | 39 | .Dt SSHD 8 |
40 | .Os | 40 | .Os |
@@ -394,7 +394,7 @@ Specifies the file containing the private host keys (default | |||
394 | used by SSH protocol versions 1 and 2. | 394 | used by SSH protocol versions 1 and 2. |
395 | Note that | 395 | Note that |
396 | .Nm | 396 | .Nm |
397 | if this file is group/world-accessible. | 397 | will refuse to use a file if it is group/world-accessible. |
398 | It is possible to have multiple host key files. | 398 | It is possible to have multiple host key files. |
399 | .Dq rsa1 | 399 | .Dq rsa1 |
400 | keys are used for version 1 and | 400 | keys are used for version 1 and |
@@ -40,32 +40,36 @@ | |||
40 | */ | 40 | */ |
41 | 41 | ||
42 | #include "includes.h" | 42 | #include "includes.h" |
43 | RCSID("$OpenBSD: sshd.c,v 1.153 2001/01/19 12:45:27 markus Exp $"); | 43 | RCSID("$OpenBSD: sshd.c,v 1.155 2001/01/21 19:06:00 markus Exp $"); |
44 | 44 | ||
45 | #include <openssl/dh.h> | ||
46 | #include <openssl/bn.h> | ||
47 | #include <openssl/hmac.h> | ||
48 | |||
49 | #include "ssh.h" | ||
50 | #include "ssh1.h" | ||
51 | #include "ssh2.h" | ||
45 | #include "xmalloc.h" | 52 | #include "xmalloc.h" |
46 | #include "rsa.h" | 53 | #include "rsa.h" |
47 | #include "ssh.h" | ||
48 | #include "pty.h" | 54 | #include "pty.h" |
49 | #include "packet.h" | 55 | #include "packet.h" |
50 | #include "mpaux.h" | 56 | #include "mpaux.h" |
57 | #include "log.h" | ||
51 | #include "servconf.h" | 58 | #include "servconf.h" |
52 | #include "uidswap.h" | 59 | #include "uidswap.h" |
53 | #include "compat.h" | 60 | #include "compat.h" |
54 | #include "buffer.h" | 61 | #include "buffer.h" |
55 | 62 | #include "cipher.h" | |
56 | #include "ssh2.h" | ||
57 | #include <openssl/dh.h> | ||
58 | #include <openssl/bn.h> | ||
59 | #include <openssl/hmac.h> | ||
60 | #include "kex.h" | 63 | #include "kex.h" |
61 | #include <openssl/dsa.h> | ||
62 | #include <openssl/rsa.h> | ||
63 | #include "key.h" | 64 | #include "key.h" |
64 | #include "dh.h" | 65 | #include "dh.h" |
65 | |||
66 | #include "auth.h" | ||
67 | #include "myproposal.h" | 66 | #include "myproposal.h" |
68 | #include "authfile.h" | 67 | #include "authfile.h" |
68 | #include "pathnames.h" | ||
69 | #include "atomicio.h" | ||
70 | #include "canohost.h" | ||
71 | #include "auth.h" | ||
72 | #include "misc.h" | ||
69 | 73 | ||
70 | #ifdef LIBWRAP | 74 | #ifdef LIBWRAP |
71 | #include <tcpd.h> | 75 | #include <tcpd.h> |
@@ -88,7 +92,7 @@ char *__progname; | |||
88 | ServerOptions options; | 92 | ServerOptions options; |
89 | 93 | ||
90 | /* Name of the server configuration file. */ | 94 | /* Name of the server configuration file. */ |
91 | char *config_file_name = SERVER_CONFIG_FILE; | 95 | char *config_file_name = _PATH_SERVER_CONFIG_FILE; |
92 | 96 | ||
93 | /* | 97 | /* |
94 | * Flag indicating whether IPv4 or IPv6. This can be set on the command line. | 98 | * Flag indicating whether IPv4 or IPv6. This can be set on the command line. |
@@ -643,7 +647,7 @@ main(int ac, char **av) | |||
643 | fprintf(stderr, "sshd version %s\n", SSH_VERSION); | 647 | fprintf(stderr, "sshd version %s\n", SSH_VERSION); |
644 | fprintf(stderr, "Usage: %s [options]\n", __progname); | 648 | fprintf(stderr, "Usage: %s [options]\n", __progname); |
645 | fprintf(stderr, "Options:\n"); | 649 | fprintf(stderr, "Options:\n"); |
646 | fprintf(stderr, " -f file Configuration file (default %s)\n", SERVER_CONFIG_FILE); | 650 | fprintf(stderr, " -f file Configuration file (default %s)\n", _PATH_SERVER_CONFIG_FILE); |
647 | fprintf(stderr, " -d Debugging mode (multiple -d means more debugging)\n"); | 651 | fprintf(stderr, " -d Debugging mode (multiple -d means more debugging)\n"); |
648 | fprintf(stderr, " -i Started from inetd\n"); | 652 | fprintf(stderr, " -i Started from inetd\n"); |
649 | fprintf(stderr, " -D Do not fork into daemon mode\n"); | 653 | fprintf(stderr, " -D Do not fork into daemon mode\n"); |
@@ -653,7 +657,7 @@ main(int ac, char **av) | |||
653 | fprintf(stderr, " -g seconds Grace period for authentication (default: 600)\n"); | 657 | fprintf(stderr, " -g seconds Grace period for authentication (default: 600)\n"); |
654 | fprintf(stderr, " -b bits Size of server RSA key (default: 768 bits)\n"); | 658 | fprintf(stderr, " -b bits Size of server RSA key (default: 768 bits)\n"); |
655 | fprintf(stderr, " -h file File from which to read host key (default: %s)\n", | 659 | fprintf(stderr, " -h file File from which to read host key (default: %s)\n", |
656 | HOST_KEY_FILE); | 660 | _PATH_HOST_KEY_FILE); |
657 | fprintf(stderr, " -u len Maximum hostname length for utmp recording\n"); | 661 | fprintf(stderr, " -u len Maximum hostname length for utmp recording\n"); |
658 | fprintf(stderr, " -4 Use IPv4 only\n"); | 662 | fprintf(stderr, " -4 Use IPv4 only\n"); |
659 | fprintf(stderr, " -6 Use IPv6 only\n"); | 663 | fprintf(stderr, " -6 Use IPv6 only\n"); |
diff --git a/tildexpand.c b/tildexpand.c index b091d51ec..b72744683 100644 --- a/tildexpand.c +++ b/tildexpand.c | |||
@@ -11,10 +11,10 @@ | |||
11 | */ | 11 | */ |
12 | 12 | ||
13 | #include "includes.h" | 13 | #include "includes.h" |
14 | RCSID("$OpenBSD: tildexpand.c,v 1.9 2000/12/19 23:17:59 markus Exp $"); | 14 | RCSID("$OpenBSD: tildexpand.c,v 1.10 2001/01/21 19:06:01 markus Exp $"); |
15 | 15 | ||
16 | #include "xmalloc.h" | 16 | #include "xmalloc.h" |
17 | #include "ssh.h" | 17 | #include "log.h" |
18 | 18 | ||
19 | /* | 19 | /* |
20 | * Expands tildes in the file name. Returns data allocated by xmalloc. | 20 | * Expands tildes in the file name. Returns data allocated by xmalloc. |
diff --git a/tildexpand.h b/tildexpand.h new file mode 100644 index 000000000..fc9997736 --- /dev/null +++ b/tildexpand.h | |||
@@ -0,0 +1,17 @@ | |||
1 | /* | ||
2 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | ||
3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | ||
4 | * All rights reserved | ||
5 | * | ||
6 | * As far as I am concerned, the code I have written for this software | ||
7 | * can be used freely for any purpose. Any derived versions of this | ||
8 | * software must be clearly marked as such, and if the derived work is | ||
9 | * incompatible with the protocol description in the RFC file, it must be | ||
10 | * called by a name other than "ssh" or "Secure Shell". | ||
11 | */ | ||
12 | |||
13 | /* | ||
14 | * Expands tildes in the file name. Returns data allocated by xmalloc. | ||
15 | * Warning: this calls getpw*. | ||
16 | */ | ||
17 | char *tilde_expand_filename(const char *filename, uid_t my_uid); | ||
diff --git a/ttymodes.c b/ttymodes.c index a7a3e9301..2516e9310 100644 --- a/ttymodes.c +++ b/ttymodes.c | |||
@@ -15,10 +15,11 @@ | |||
15 | */ | 15 | */ |
16 | 16 | ||
17 | #include "includes.h" | 17 | #include "includes.h" |
18 | RCSID("$OpenBSD: ttymodes.c,v 1.8 2000/09/07 20:27:55 deraadt Exp $"); | 18 | RCSID("$OpenBSD: ttymodes.c,v 1.10 2001/01/21 19:06:01 markus Exp $"); |
19 | 19 | ||
20 | #include "packet.h" | 20 | #include "packet.h" |
21 | #include "ssh.h" | 21 | #include "log.h" |
22 | #include "ssh1.h" | ||
22 | 23 | ||
23 | #define TTY_OP_END 0 | 24 | #define TTY_OP_END 0 |
24 | #define TTY_OP_ISPEED 192 /* int follows */ | 25 | #define TTY_OP_ISPEED 192 /* int follows */ |
@@ -12,9 +12,9 @@ | |||
12 | */ | 12 | */ |
13 | 13 | ||
14 | #include "includes.h" | 14 | #include "includes.h" |
15 | RCSID("$OpenBSD: uidswap.c,v 1.12 2000/12/29 10:48:56 markus Exp $"); | 15 | RCSID("$OpenBSD: uidswap.c,v 1.13 2001/01/21 19:06:01 markus Exp $"); |
16 | 16 | ||
17 | #include "ssh.h" | 17 | #include "log.h" |
18 | #include "uidswap.h" | 18 | #include "uidswap.h" |
19 | 19 | ||
20 | /* | 20 | /* |
@@ -13,9 +13,10 @@ | |||
13 | */ | 13 | */ |
14 | 14 | ||
15 | #include "includes.h" | 15 | #include "includes.h" |
16 | RCSID("$OpenBSD: xmalloc.c,v 1.8 2000/09/07 20:27:55 deraadt Exp $"); | 16 | RCSID("$OpenBSD: xmalloc.c,v 1.9 2001/01/21 19:06:02 markus Exp $"); |
17 | 17 | ||
18 | #include "ssh.h" | 18 | #include "xmalloc.h" |
19 | #include "log.h" | ||
19 | 20 | ||
20 | void * | 21 | void * |
21 | xmalloc(size_t size) | 22 | xmalloc(size_t size) |