diff options
-rw-r--r-- | ChangeLog | 243 | ||||
-rw-r--r-- | Makefile.in | 20 | ||||
-rw-r--r-- | TODO | 2 | ||||
-rw-r--r-- | auth-options.c | 122 | ||||
-rw-r--r-- | auth-pam.c | 8 | ||||
-rw-r--r-- | auth-rh-rsa.c | 5 | ||||
-rw-r--r-- | auth-rhosts.c | 4 | ||||
-rw-r--r-- | auth.c | 4 | ||||
-rw-r--r-- | auth1.c | 12 | ||||
-rw-r--r-- | auth2.c | 13 | ||||
-rw-r--r-- | canohost.c | 199 | ||||
-rw-r--r-- | canohost.h | 11 | ||||
-rw-r--r-- | channels.c | 12 | ||||
-rw-r--r-- | contrib/caldera/openssh.spec | 4 | ||||
-rw-r--r-- | contrib/redhat/openssh.spec | 4 | ||||
-rw-r--r-- | contrib/suse/openssh.spec | 2 | ||||
-rw-r--r-- | scp.1 | 3 | ||||
-rw-r--r-- | servconf.c | 12 | ||||
-rw-r--r-- | servconf.h | 3 | ||||
-rw-r--r-- | session.c | 6 | ||||
-rw-r--r-- | sftp-client.c | 792 | ||||
-rw-r--r-- | sftp-client.h | 84 | ||||
-rw-r--r-- | sftp-common.c | 146 | ||||
-rw-r--r-- | sftp-common.h | 55 | ||||
-rw-r--r-- | sftp-int.c | 583 | ||||
-rw-r--r-- | sftp-int.h | 27 | ||||
-rw-r--r-- | sftp-server.c | 102 | ||||
-rw-r--r-- | sftp.1 | 156 | ||||
-rw-r--r-- | sftp.c | 222 | ||||
-rw-r--r-- | ssh.1 | 12 | ||||
-rw-r--r-- | ssh_config | 8 | ||||
-rw-r--r-- | sshconnect1.c | 8 | ||||
-rw-r--r-- | sshd.8 | 24 | ||||
-rw-r--r-- | sshd_config | 10 |
34 files changed, 2489 insertions, 429 deletions
@@ -2,9 +2,32 @@ | |||
2 | - (bal) I think this is the last of the bsd-*.h that don't belong. | 2 | - (bal) I think this is the last of the bsd-*.h that don't belong. |
3 | - (bal) Minor Makefile fix | 3 | - (bal) Minor Makefile fix |
4 | - (bal) openbsd-compat/Makefile minor fix. Ensure dependancies are done | 4 | - (bal) openbsd-compat/Makefile minor fix. Ensure dependancies are done |
5 | right. | 5 | right. |
6 | - (bal) Changed order of LIB="" in -with-skey due to library resolving. | 6 | - (bal) Changed order of LIB="" in -with-skey due to library resolving. |
7 | - (bal) next-posix.h changed to bsd-nextstep.h | 7 | - (bal) next-posix.h changed to bsd-nextstep.h |
8 | - (djm) OpenBSD CVS sync: | ||
9 | - markus@cvs.openbsd.org 2001/02/03 03:08:38 | ||
10 | [auth-options.c auth-rh-rsa.c auth-rhosts.c auth.c canohost.c] | ||
11 | [canohost.h servconf.c servconf.h session.c sshconnect1.c sshd.8] | ||
12 | [sshd_config] | ||
13 | make ReverseMappingCheck optional in sshd_config; ok djm@,dugsong@ | ||
14 | - markus@cvs.openbsd.org 2001/02/03 03:19:51 | ||
15 | [ssh.1 sshd.8 sshd_config] | ||
16 | Skey is now called ChallengeResponse | ||
17 | - markus@cvs.openbsd.org 2001/02/03 03:43:09 | ||
18 | [sshd.8] | ||
19 | use no-pty option in .ssh/authorized_keys* if you need a 8-bit clean | ||
20 | channel. note from Erik.Anggard@cygate.se (pr/1659) | ||
21 | - stevesk@cvs.openbsd.org 2001/02/03 10:03:06 | ||
22 | [ssh.1] | ||
23 | typos; ok markus@ | ||
24 | - djm@cvs.openbsd.org 2001/02/04 04:11:56 | ||
25 | [scp.1 sftp-server.c ssh.1 sshd.8 sftp-client.c sftp-client.h] | ||
26 | [sftp-common.c sftp-common.h sftp-int.c sftp-int.h sftp.1 sftp.c] | ||
27 | Basic interactive sftp client; ok theo@ | ||
28 | - (djm) Update RPM specs for new sftp binary | ||
29 | - (djm) Update several bits for new optional reverse lookup stuff. I | ||
30 | think I got them all. | ||
8 | 31 | ||
9 | 20010103 | 32 | 20010103 |
10 | - (bal) Cygwin clean up by Corinna Vinschen <vinschen@redhat.com> | 33 | - (bal) Cygwin clean up by Corinna Vinschen <vinschen@redhat.com> |
@@ -14,7 +37,7 @@ | |||
14 | platforms so builds fail. (NeXT being a well known one) | 37 | platforms so builds fail. (NeXT being a well known one) |
15 | 38 | ||
16 | 20010102 | 39 | 20010102 |
17 | - (bal) Makefile fix where sourcedir != builddir by Corinna Vinschen | 40 | - (bal) Makefile fix where sourcedir != builddir by Corinna Vinschen |
18 | <vinschen@redhat.com> | 41 | <vinschen@redhat.com> |
19 | - (bal) Makefile fix to use $(MAKE) instead of 'make' for platforms | 42 | - (bal) Makefile fix to use $(MAKE) instead of 'make' for platforms |
20 | that use 'gmake'. Patch by Tim Rice <tim@multitalents.net> | 43 | that use 'gmake'. Patch by Tim Rice <tim@multitalents.net> |
@@ -75,7 +98,7 @@ | |||
75 | ``StrictHostKeyChecking ask'' documentation and small cleanup. | 98 | ``StrictHostKeyChecking ask'' documentation and small cleanup. |
76 | ok markus@ | 99 | ok markus@ |
77 | - stevesk@cvs.openbsd.org 2001/01/28 20:43:25 | 100 | - stevesk@cvs.openbsd.org 2001/01/28 20:43:25 |
78 | [sshd.8] | 101 | [sshd.8] |
79 | spelling. ok markus@ | 102 | spelling. ok markus@ |
80 | - stevesk@cvs.openbsd.org 2001/01/28 20:53:21 | 103 | - stevesk@cvs.openbsd.org 2001/01/28 20:53:21 |
81 | [xmalloc.c] | 104 | [xmalloc.c] |
@@ -94,7 +117,7 @@ | |||
94 | - (bal) Minor auth2.c resync. Whitespace and moving of an #include. | 117 | - (bal) Minor auth2.c resync. Whitespace and moving of an #include. |
95 | 118 | ||
96 | 20010126 | 119 | 20010126 |
97 | - (bal) SSH_PROGRAM vs _PATH_SSH_PROGRAM fix pointed out by Roumen | 120 | - (bal) SSH_PROGRAM vs _PATH_SSH_PROGRAM fix pointed out by Roumen |
98 | Petrov <roumen.petrov@skalasoft.com> | 121 | Petrov <roumen.petrov@skalasoft.com> |
99 | - (bal) OpenBSD Sync | 122 | - (bal) OpenBSD Sync |
100 | - deraadt@cvs.openbsd.org 2001/01/25 8:06:33 | 123 | - deraadt@cvs.openbsd.org 2001/01/25 8:06:33 |
@@ -105,12 +128,12 @@ | |||
105 | - (djm) Sync bsd-* support files: | 128 | - (djm) Sync bsd-* support files: |
106 | - deraadt@cvs.openbsd.org 2000/01/26 03:43:20 | 129 | - deraadt@cvs.openbsd.org 2000/01/26 03:43:20 |
107 | [rresvport.c bindresvport.c] | 130 | [rresvport.c bindresvport.c] |
108 | new bindresvport() semantics that itojun, shin, jean-luc and i have | 131 | new bindresvport() semantics that itojun, shin, jean-luc and i have |
109 | agreed on, which will be happy for the future. bindresvport_sa() for | 132 | agreed on, which will be happy for the future. bindresvport_sa() for |
110 | sockaddr *, too. docs later.. | 133 | sockaddr *, too. docs later.. |
111 | - deraadt@cvs.openbsd.org 2000/01/24 02:24:21 | 134 | - deraadt@cvs.openbsd.org 2000/01/24 02:24:21 |
112 | [bindresvport.c] | 135 | [bindresvport.c] |
113 | in bindresvport(), if sin is non-NULL, example sin->sin_family for | 136 | in bindresvport(), if sin is non-NULL, example sin->sin_family for |
114 | the actual family being processed | 137 | the actual family being processed |
115 | - (djm) Mention PRNGd in documentation, it is nicer than EGD | 138 | - (djm) Mention PRNGd in documentation, it is nicer than EGD |
116 | - (djm) Automatically search for "well-known" EGD/PRNGd sockets in autoconf | 139 | - (djm) Automatically search for "well-known" EGD/PRNGd sockets in autoconf |
@@ -124,7 +147,7 @@ | |||
124 | - (bal) OpenBSD Resync | 147 | - (bal) OpenBSD Resync |
125 | - markus@cvs.openbsd.org 2001/01/23 10:45:10 | 148 | - markus@cvs.openbsd.org 2001/01/23 10:45:10 |
126 | [ssh.h] | 149 | [ssh.h] |
127 | nuke comment | 150 | nuke comment |
128 | - (bal) no 64bit support patch from Tim Rice <tim@multitalents.net> | 151 | - (bal) no 64bit support patch from Tim Rice <tim@multitalents.net> |
129 | - (bal) #ifdef around S_IFSOCK if platform does not support it. | 152 | - (bal) #ifdef around S_IFSOCK if platform does not support it. |
130 | patch by Tim Rice <tim@multitalents.net> | 153 | patch by Tim Rice <tim@multitalents.net> |
@@ -134,7 +157,7 @@ | |||
134 | 20010123 | 157 | 20010123 |
135 | - (bal) regexp.h typo in configure.in. Should have been regex.h | 158 | - (bal) regexp.h typo in configure.in. Should have been regex.h |
136 | - (bal) SSH_USER_DIR to _PATH_SSH_USER_DIR patch by stevesk@ | 159 | - (bal) SSH_USER_DIR to _PATH_SSH_USER_DIR patch by stevesk@ |
137 | - (bal) SSH_ASKPASS_DEFAULT to _PATH_SSH_ASKPASS_DEFAULT | 160 | - (bal) SSH_ASKPASS_DEFAULT to _PATH_SSH_ASKPASS_DEFAULT |
138 | - (bal) OpenBSD Resync | 161 | - (bal) OpenBSD Resync |
139 | - markus@cvs.openbsd.org 2001/01/22 8:15:00 | 162 | - markus@cvs.openbsd.org 2001/01/22 8:15:00 |
140 | [auth-krb4.c sshconnect1.c] | 163 | [auth-krb4.c sshconnect1.c] |
@@ -172,12 +195,12 @@ | |||
172 | fix typo; from stevesk@ | 195 | fix typo; from stevesk@ |
173 | - markus@cvs.openbsd.org 2001/01/19 16:50:58 | 196 | - markus@cvs.openbsd.org 2001/01/19 16:50:58 |
174 | [ssh-dss.c] | 197 | [ssh-dss.c] |
175 | clear and free digest, make consistent with other code (use dlen); from | 198 | clear and free digest, make consistent with other code (use dlen); from |
176 | stevesk@ | 199 | stevesk@ |
177 | - markus@cvs.openbsd.org 2001/01/20 15:55:20 GMT 2001 by markus | 200 | - markus@cvs.openbsd.org 2001/01/20 15:55:20 GMT 2001 by markus |
178 | [auth-options.c auth-options.h auth-rsa.c auth2.c] | 201 | [auth-options.c auth-options.h auth-rsa.c auth2.c] |
179 | pass the filename to auth_parse_options() | 202 | pass the filename to auth_parse_options() |
180 | - markus@cvs.openbsd.org 2001/01/20 17:59:40 GMT 2001 | 203 | - markus@cvs.openbsd.org 2001/01/20 17:59:40 GMT 2001 |
181 | [readconf.c] | 204 | [readconf.c] |
182 | fix SIGSEGV from -o ""; problem noted by jehsom@togetherweb.com | 205 | fix SIGSEGV from -o ""; problem noted by jehsom@togetherweb.com |
183 | - stevesk@cvs.openbsd.org 2001/01/20 18:20:29 | 206 | - stevesk@cvs.openbsd.org 2001/01/20 18:20:29 |
@@ -185,7 +208,7 @@ | |||
185 | dh_new_group() does not return NULL. ok markus@ | 208 | dh_new_group() does not return NULL. ok markus@ |
186 | - markus@cvs.openbsd.org 2001/01/20 21:33:42 | 209 | - markus@cvs.openbsd.org 2001/01/20 21:33:42 |
187 | [ssh-add.c] | 210 | [ssh-add.c] |
188 | do not loop forever if askpass does not exist; from | 211 | do not loop forever if askpass does not exist; from |
189 | andrew@pimlott.ne.mediaone.net | 212 | andrew@pimlott.ne.mediaone.net |
190 | - djm@cvs.openbsd.org 2001/01/20 23:00:56 | 213 | - djm@cvs.openbsd.org 2001/01/20 23:00:56 |
191 | [servconf.c] | 214 | [servconf.c] |
@@ -207,13 +230,13 @@ | |||
207 | match.c misc.c misc.h nchan.c packet.c pty.c radix.h readconf.c | 230 | match.c misc.c misc.h nchan.c packet.c pty.c radix.h readconf.c |
208 | readpass.c readpass.h rsa.c scp.c servconf.c serverloop.c serverloop.h | 231 | readpass.c readpass.h rsa.c scp.c servconf.c serverloop.c serverloop.h |
209 | session.c sftp-server.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c | 232 | session.c sftp-server.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c |
210 | ssh-keyscan.c ssh-rsa.c ssh.c ssh.h sshconnect.c sshconnect.h | 233 | ssh-keyscan.c ssh-rsa.c ssh.c ssh.h sshconnect.c sshconnect.h |
211 | sshconnect1.c sshconnect2.c sshd.c tildexpand.c tildexpand.h | 234 | sshconnect1.c sshconnect2.c sshd.c tildexpand.c tildexpand.h |
212 | ttysmodes.c uidswap.c xmalloc.c] | 235 | ttysmodes.c uidswap.c xmalloc.c] |
213 | split ssh.h and try to cleanup the #include mess. remove unnecessary | 236 | split ssh.h and try to cleanup the #include mess. remove unnecessary |
214 | #includes. rename util.[ch] -> misc.[ch] | 237 | #includes. rename util.[ch] -> misc.[ch] |
215 | - (bal) renamed 'PIDDIR' to '_PATH_SSH_PIDDIR' to match OpenBSD tree | 238 | - (bal) renamed 'PIDDIR' to '_PATH_SSH_PIDDIR' to match OpenBSD tree |
216 | - (bal) Moved #ifdef KRB4 in auth-krb4.c above the #include to resolve | 239 | - (bal) Moved #ifdef KRB4 in auth-krb4.c above the #include to resolve |
217 | conflict when compiling for non-kerb install | 240 | conflict when compiling for non-kerb install |
218 | - (bal) removed the #ifdef SKEY in auth1.c to match Markus' changes | 241 | - (bal) removed the #ifdef SKEY in auth1.c to match Markus' changes |
219 | on 1/19. | 242 | on 1/19. |
@@ -233,7 +256,7 @@ | |||
233 | - markus@cvs.openbsd.org 2001/01/18 16:20:21 | 256 | - markus@cvs.openbsd.org 2001/01/18 16:20:21 |
234 | [log-client.c log-server.c log.c readconf.c servconf.c ssh.1 ssh.h | 257 | [log-client.c log-server.c log.c readconf.c servconf.c ssh.1 ssh.h |
235 | sshd.8 sshd.c] | 258 | sshd.8 sshd.c] |
236 | log() is at pri=LOG_INFO, since LOG_NOTICE goes to /dev/console on many | 259 | log() is at pri=LOG_INFO, since LOG_NOTICE goes to /dev/console on many |
237 | systems | 260 | systems |
238 | - markus@cvs.openbsd.org 2001/01/18 16:59:59 | 261 | - markus@cvs.openbsd.org 2001/01/18 16:59:59 |
239 | [auth-passwd.c auth.c auth.h auth1.c auth2.c serverloop.c session.c | 262 | [auth-passwd.c auth.c auth.h auth1.c auth2.c serverloop.c session.c |
@@ -250,7 +273,7 @@ | |||
250 | to fix NULL pointer deref and fake authloop breakage in PAM code. | 273 | to fix NULL pointer deref and fake authloop breakage in PAM code. |
251 | - (bal) Updated contrib/cygwin/ by Corinna Vinschen <vinschen@redhat.com> | 274 | - (bal) Updated contrib/cygwin/ by Corinna Vinschen <vinschen@redhat.com> |
252 | - (bal) Minor cygwin patch to auth1.c. Suggested by djm. | 275 | - (bal) Minor cygwin patch to auth1.c. Suggested by djm. |
253 | 276 | ||
254 | 20010118 | 277 | 20010118 |
255 | - (bal) Super Sized OpenBSD Resync | 278 | - (bal) Super Sized OpenBSD Resync |
256 | - markus@cvs.openbsd.org 2001/01/11 22:14:20 GMT 2001 by markus | 279 | - markus@cvs.openbsd.org 2001/01/11 22:14:20 GMT 2001 by markus |
@@ -272,7 +295,7 @@ | |||
272 | [ssh-add.c] | 295 | [ssh-add.c] |
273 | typo, from stevesk@sweden.hp.com | 296 | typo, from stevesk@sweden.hp.com |
274 | - markus@cvs.openbsd.org 2001/01/13 18:32:50 | 297 | - markus@cvs.openbsd.org 2001/01/13 18:32:50 |
275 | [packet.c session.c ssh.c sshconnect.c sshd.c] | 298 | [packet.c session.c ssh.c sshconnect.c sshd.c] |
276 | split out keepalive from packet_interactive (from dale@accentre.com) | 299 | split out keepalive from packet_interactive (from dale@accentre.com) |
277 | set IPTOS_LOWDELAY TCP_NODELAY IPTOS_THROUGHPUT for ssh2, too. | 300 | set IPTOS_LOWDELAY TCP_NODELAY IPTOS_THROUGHPUT for ssh2, too. |
278 | - markus@cvs.openbsd.org 2001/01/13 18:36:45 | 301 | - markus@cvs.openbsd.org 2001/01/13 18:36:45 |
@@ -284,7 +307,7 @@ | |||
284 | - markus@cvs.openbsd.org 2001/01/13 18:43:31 | 307 | - markus@cvs.openbsd.org 2001/01/13 18:43:31 |
285 | [session.c] | 308 | [session.c] |
286 | Wall | 309 | Wall |
287 | - markus@cvs.openbsd.org 2001/01/13 19:14:08 | 310 | - markus@cvs.openbsd.org 2001/01/13 19:14:08 |
288 | [clientloop.h clientloop.c ssh.c] | 311 | [clientloop.h clientloop.c ssh.c] |
289 | move callback to headerfile | 312 | move callback to headerfile |
290 | - markus@cvs.openbsd.org 2001/01/15 21:40:10 | 313 | - markus@cvs.openbsd.org 2001/01/15 21:40:10 |
@@ -301,12 +324,12 @@ | |||
301 | readable long listing for sftp-server, ok deraadt@ | 324 | readable long listing for sftp-server, ok deraadt@ |
302 | - markus@cvs.openbsd.org 2001/01/16 19:20:06 | 325 | - markus@cvs.openbsd.org 2001/01/16 19:20:06 |
303 | [key.c ssh-rsa.c] | 326 | [key.c ssh-rsa.c] |
304 | make "ssh-rsa" key format for ssh2 confirm to the ietf-drafts; from | 327 | make "ssh-rsa" key format for ssh2 confirm to the ietf-drafts; from |
305 | galb@vandyke.com. note that you have to delete older ssh2-rsa keys, | 328 | galb@vandyke.com. note that you have to delete older ssh2-rsa keys, |
306 | since they are in the wrong format, too. they must be removed from | 329 | since they are in the wrong format, too. they must be removed from |
307 | .ssh/authorized_keys2 and .ssh/known_hosts2, etc. | 330 | .ssh/authorized_keys2 and .ssh/known_hosts2, etc. |
308 | (cd; grep -v ssh-rsa .ssh/authorized_keys2 > TMP && mv TMP | 331 | (cd; grep -v ssh-rsa .ssh/authorized_keys2 > TMP && mv TMP |
309 | .ssh/authorized_keys2) additionally, we now check that | 332 | .ssh/authorized_keys2) additionally, we now check that |
310 | BN_num_bits(rsa->n) >= 768. | 333 | BN_num_bits(rsa->n) >= 768. |
311 | - markus@cvs.openbsd.org 2001/01/16 20:54:27 | 334 | - markus@cvs.openbsd.org 2001/01/16 20:54:27 |
312 | [sftp-server.c] | 335 | [sftp-server.c] |
@@ -317,15 +340,15 @@ | |||
317 | - (bal) Added bsd-strmode.[ch] since some non-OpenBSD platforms may | 340 | - (bal) Added bsd-strmode.[ch] since some non-OpenBSD platforms may |
318 | be missing such feature. | 341 | be missing such feature. |
319 | 342 | ||
320 | 343 | ||
321 | 20010117 | 344 | 20010117 |
322 | - (djm) Only write random seed file at exit | 345 | - (djm) Only write random seed file at exit |
323 | - (djm) Make PAM support optional, enable with --with-pam | 346 | - (djm) Make PAM support optional, enable with --with-pam |
324 | - (djm) Try to use libcrypt on Linux, but link it after OpenSSL (which | 347 | - (djm) Try to use libcrypt on Linux, but link it after OpenSSL (which |
325 | provides a crypt() of its own) | 348 | provides a crypt() of its own) |
326 | - (djm) Avoid a warning in bsd-bindresvport.c | 349 | - (djm) Avoid a warning in bsd-bindresvport.c |
327 | - (djm) Try to avoid adding -I/usr/include to CPPFLAGS during SSL tests. This | 350 | - (djm) Try to avoid adding -I/usr/include to CPPFLAGS during SSL tests. This |
328 | can cause weird segfaults errors on Solaris | 351 | can cause weird segfaults errors on Solaris |
329 | - (djm) Avoid warning in PAM code by making read_passphrase arguments const | 352 | - (djm) Avoid warning in PAM code by making read_passphrase arguments const |
330 | - (djm) Add --with-pam to RPM spec files | 353 | - (djm) Add --with-pam to RPM spec files |
331 | 354 | ||
@@ -345,7 +368,7 @@ | |||
345 | [auth.c sshd.8] | 368 | [auth.c sshd.8] |
346 | support supplementary group in {Allow,Deny}Groups | 369 | support supplementary group in {Allow,Deny}Groups |
347 | from stevesk@pobox.com | 370 | from stevesk@pobox.com |
348 | 371 | ||
349 | 20010112 | 372 | 20010112 |
350 | - (bal) OpenBSD Sync | 373 | - (bal) OpenBSD Sync |
351 | - markus@cvs.openbsd.org 2001/01/10 22:56:22 | 374 | - markus@cvs.openbsd.org 2001/01/10 22:56:22 |
@@ -358,11 +381,11 @@ | |||
358 | use #defines from the draft | 381 | use #defines from the draft |
359 | move #definations to sftp.h | 382 | move #definations to sftp.h |
360 | more info: | 383 | more info: |
361 | http://www.ietf.org/internet-drafts/draft-ietf-secsh-filexfer-00.txt | 384 | http://www.ietf.org/internet-drafts/draft-ietf-secsh-filexfer-00.txt |
362 | - markus@cvs.openbsd.org 2001/01/10 19:43:20 | 385 | - markus@cvs.openbsd.org 2001/01/10 19:43:20 |
363 | [sshd.c] | 386 | [sshd.c] |
364 | XXX - generate_empheral_server_key() is not safe against races, | 387 | XXX - generate_empheral_server_key() is not safe against races, |
365 | because it calls log() | 388 | because it calls log() |
366 | - markus@cvs.openbsd.org 2001/01/09 21:19:50 | 389 | - markus@cvs.openbsd.org 2001/01/09 21:19:50 |
367 | [packet.c] | 390 | [packet.c] |
368 | allow TCP_NDELAY for ipv6; from netbsd via itojun@ | 391 | allow TCP_NDELAY for ipv6; from netbsd via itojun@ |
@@ -446,7 +469,7 @@ | |||
446 | [sshconnect2.c] | 469 | [sshconnect2.c] |
447 | handle SSH2_MSG_USERAUTH_BANNER; fixes bug when connecting to a server | 470 | handle SSH2_MSG_USERAUTH_BANNER; fixes bug when connecting to a server |
448 | that prints a banner (e.g. /etc/issue.net) | 471 | that prints a banner (e.g. /etc/issue.net) |
449 | 472 | ||
450 | 20010105 | 473 | 20010105 |
451 | - (bal) contrib/caldera/ provided by Tim Rice <tim@multitalents.net> | 474 | - (bal) contrib/caldera/ provided by Tim Rice <tim@multitalents.net> |
452 | - (bal) bsd-getcwd.c and bsd-setenv.c changed from bcopy() to memmove() | 475 | - (bal) bsd-getcwd.c and bsd-setenv.c changed from bcopy() to memmove() |
@@ -464,9 +487,9 @@ | |||
464 | log remote ip on disconnect; PR 1600 from jcs@rt.fm | 487 | log remote ip on disconnect; PR 1600 from jcs@rt.fm |
465 | - markus@cvs.openbsd.org 2001/01/02 20:50:56 | 488 | - markus@cvs.openbsd.org 2001/01/02 20:50:56 |
466 | [sshconnect.c] | 489 | [sshconnect.c] |
467 | strict_host_key_checking for host_status != HOST_CHANGED && | 490 | strict_host_key_checking for host_status != HOST_CHANGED && |
468 | ip_status == HOST_CHANGED | 491 | ip_status == HOST_CHANGED |
469 | - (bal) authfile.c: Synced CVS ID tag | 492 | - (bal) authfile.c: Synced CVS ID tag |
470 | - (bal) UnixWare 2.0 fixes by Tim Rice <tim@multitalents.net> | 493 | - (bal) UnixWare 2.0 fixes by Tim Rice <tim@multitalents.net> |
471 | - (bal) Disable sftp-server if no 64bit int support exists. Based on | 494 | - (bal) Disable sftp-server if no 64bit int support exists. Based on |
472 | patch by Tim Rice <tim@multitalents.net> | 495 | patch by Tim Rice <tim@multitalents.net> |
@@ -496,11 +519,11 @@ | |||
496 | - (bal) if no MAXHOSTNAMELEN is defined. Default to 64 character defination. | 519 | - (bal) if no MAXHOSTNAMELEN is defined. Default to 64 character defination. |
497 | Suggested by Christian Kurz <shorty@debian.org> | 520 | Suggested by Christian Kurz <shorty@debian.org> |
498 | - (bal) Add in '.c.o' section to Makefile.in to address make programs that | 521 | - (bal) Add in '.c.o' section to Makefile.in to address make programs that |
499 | don't honor CPPFLAGS by default. Suggested by Lutz Jaenicke | 522 | don't honor CPPFLAGS by default. Suggested by Lutz Jaenicke |
500 | <Lutz.Jaenicke@aet.TU-Cottbus.DE> | 523 | <Lutz.Jaenicke@aet.TU-Cottbus.DE> |
501 | 524 | ||
502 | 20001229 | 525 | 20001229 |
503 | - (bal) Fixed spelling of 'authorized_keys' in ssh-copy-id.1 by Christian | 526 | - (bal) Fixed spelling of 'authorized_keys' in ssh-copy-id.1 by Christian |
504 | Kurz <shorty@debian.org> | 527 | Kurz <shorty@debian.org> |
505 | - (bal) OpenBSD CVS Update | 528 | - (bal) OpenBSD CVS Update |
506 | - markus@cvs.openbsd.org 2000/12/28 14:25:51 | 529 | - markus@cvs.openbsd.org 2000/12/28 14:25:51 |
@@ -544,21 +567,21 @@ | |||
544 | bad reference to 'NeXT including it else were' on the #ifdef version. | 567 | bad reference to 'NeXT including it else were' on the #ifdef version. |
545 | 568 | ||
546 | 20001227 | 569 | 20001227 |
547 | - (bal) Typo in configure.in: entut?ent should be endut?ent. Suggested by | 570 | - (bal) Typo in configure.in: entut?ent should be endut?ent. Suggested by |
548 | Takumi Yamane <yamtak@b-session.com> | 571 | Takumi Yamane <yamtak@b-session.com> |
549 | - (bal) Checks for getrlimit(), sysconf(), and setdtablesize(). Patch | 572 | - (bal) Checks for getrlimit(), sysconf(), and setdtablesize(). Patch |
550 | by Corinna Vinschen <vinschen@redhat.com> | 573 | by Corinna Vinschen <vinschen@redhat.com> |
551 | - (djm) Fix catman-do target for non-bash | 574 | - (djm) Fix catman-do target for non-bash |
552 | - (bal) Typo in configure.in: entut?ent should be endut?ent. Suggested by | 575 | - (bal) Typo in configure.in: entut?ent should be endut?ent. Suggested by |
553 | Takumi Yamane <yamtak@b-session.com> | 576 | Takumi Yamane <yamtak@b-session.com> |
554 | - (bal) Checks for getrlimit(), sysconf(), and setdtablesize(). Patch | 577 | - (bal) Checks for getrlimit(), sysconf(), and setdtablesize(). Patch |
555 | by Corinna Vinschen <vinschen@redhat.com> | 578 | by Corinna Vinschen <vinschen@redhat.com> |
556 | - (djm) Fix catman-do target for non-bash | 579 | - (djm) Fix catman-do target for non-bash |
557 | - (bal) Fixed NeXT's lack of CPPFLAGS honoring. | 580 | - (bal) Fixed NeXT's lack of CPPFLAGS honoring. |
558 | - (bal) ssh-keyscan.c: NeXT (and older BSDs) don't support getrlimit() w/ | 581 | - (bal) ssh-keyscan.c: NeXT (and older BSDs) don't support getrlimit() w/ |
559 | 'RLIMIT_NOFILE' | 582 | 'RLIMIT_NOFILE' |
560 | - (djm) Remove *.Ylonen files. They are no longer in the OpenBSD tree, | 583 | - (djm) Remove *.Ylonen files. They are no longer in the OpenBSD tree, |
561 | the info in COPYING.Ylonen has been moved to the start of each | 584 | the info in COPYING.Ylonen has been moved to the start of each |
562 | SSH1-derived file and README.Ylonen is well out of date. | 585 | SSH1-derived file and README.Ylonen is well out of date. |
563 | 586 | ||
564 | 20001223 | 587 | 20001223 |
@@ -609,9 +632,9 @@ | |||
609 | - markus@cvs.openbsd.org 2000/12/17 02:33:40 | 632 | - markus@cvs.openbsd.org 2000/12/17 02:33:40 |
610 | [uidswap.c] | 633 | [uidswap.c] |
611 | typo; from wsanchez@apple.com | 634 | typo; from wsanchez@apple.com |
612 | 635 | ||
613 | 20001220 | 636 | 20001220 |
614 | - (djm) Workaround PAM inconsistencies between Solaris derived PAM code | 637 | - (djm) Workaround PAM inconsistencies between Solaris derived PAM code |
615 | and Linux-PAM. Based on report and fix from Andrew Morgan | 638 | and Linux-PAM. Based on report and fix from Andrew Morgan |
616 | <morgan@transmeta.com> | 639 | <morgan@transmeta.com> |
617 | 640 | ||
@@ -672,7 +695,7 @@ | |||
672 | - (stevesk) OpenBSD CVS update: | 695 | - (stevesk) OpenBSD CVS update: |
673 | - markus@cvs.openbsd.org 2000/12/12 15:30:02 | 696 | - markus@cvs.openbsd.org 2000/12/12 15:30:02 |
674 | [ssh-keyscan.c ssh.c sshd.c] | 697 | [ssh-keyscan.c ssh.c sshd.c] |
675 | consistently use __progname; from stevesk@pobox.com | 698 | consistently use __progname; from stevesk@pobox.com |
676 | 699 | ||
677 | 20001211 | 700 | 20001211 |
678 | - (bal) Applied patch to include ssh-keyscan into Redhat's package, and | 701 | - (bal) Applied patch to include ssh-keyscan into Redhat's package, and |
@@ -686,16 +709,16 @@ | |||
686 | 709 | ||
687 | 20001210 | 710 | 20001210 |
688 | - (bal) OpenBSD CVS updates | 711 | - (bal) OpenBSD CVS updates |
689 | - markus@cvs.openbsd.org 2000/12/09 13:41:51 | 712 | - markus@cvs.openbsd.org 2000/12/09 13:41:51 |
690 | [cipher.c cipher.h rijndael.c rijndael.h rijndael_boxes.h] | 713 | [cipher.c cipher.h rijndael.c rijndael.h rijndael_boxes.h] |
691 | undo rijndael changes | 714 | undo rijndael changes |
692 | - markus@cvs.openbsd.org 2000/12/09 13:48:31 | 715 | - markus@cvs.openbsd.org 2000/12/09 13:48:31 |
693 | [rijndael.c] | 716 | [rijndael.c] |
694 | fix byte order bug w/o introducing new implementation | 717 | fix byte order bug w/o introducing new implementation |
695 | - markus@cvs.openbsd.org 2000/12/09 14:08:27 | 718 | - markus@cvs.openbsd.org 2000/12/09 14:08:27 |
696 | [sftp-server.c] | 719 | [sftp-server.c] |
697 | "" -> "." for realpath; from vinschen@redhat.com | 720 | "" -> "." for realpath; from vinschen@redhat.com |
698 | - markus@cvs.openbsd.org 2000/12/09 14:06:54 | 721 | - markus@cvs.openbsd.org 2000/12/09 14:06:54 |
699 | [ssh-agent.c] | 722 | [ssh-agent.c] |
700 | extern int optind; from stevesk@sweden.hp.com | 723 | extern int optind; from stevesk@sweden.hp.com |
701 | - provos@cvs.openbsd.org 2000/12/09 23:51:11 | 724 | - provos@cvs.openbsd.org 2000/12/09 23:51:11 |
@@ -704,19 +727,19 @@ | |||
704 | 727 | ||
705 | 20001209 | 728 | 20001209 |
706 | - (bal) OpenBSD CVS updates: | 729 | - (bal) OpenBSD CVS updates: |
707 | - djm@cvs.openbsd.org 2000/12/07 4:24:59 | 730 | - djm@cvs.openbsd.org 2000/12/07 4:24:59 |
708 | [ssh.1] | 731 | [ssh.1] |
709 | Typo fix from Wilfredo Sanchez <wsanchez@apple.com>; ok theo | 732 | Typo fix from Wilfredo Sanchez <wsanchez@apple.com>; ok theo |
710 | 733 | ||
711 | 20001207 | 734 | 20001207 |
712 | - (bal) OpenBSD CVS updates: | 735 | - (bal) OpenBSD CVS updates: |
713 | - markus@cvs.openbsd.org 2000/12/06 22:58:14 | 736 | - markus@cvs.openbsd.org 2000/12/06 22:58:14 |
714 | [compat.c compat.h packet.c] | 737 | [compat.c compat.h packet.c] |
715 | disable debug messages for ssh.com/f-secure 2.0.1x, 2.1.0 | 738 | disable debug messages for ssh.com/f-secure 2.0.1x, 2.1.0 |
716 | - markus@cvs.openbsd.org 2000/12/06 23:10:39 | 739 | - markus@cvs.openbsd.org 2000/12/06 23:10:39 |
717 | [rijndael.c] | 740 | [rijndael.c] |
718 | unexpand(1) | 741 | unexpand(1) |
719 | - markus@cvs.openbsd.org 2000/12/06 23:05:43 | 742 | - markus@cvs.openbsd.org 2000/12/06 23:05:43 |
720 | [cipher.c cipher.h rijndael.c rijndael.h rijndael_boxes.h] | 743 | [cipher.c cipher.h rijndael.c rijndael.h rijndael_boxes.h] |
721 | new rijndael implementation. fixes endian bugs | 744 | new rijndael implementation. fixes endian bugs |
722 | 745 | ||
@@ -746,14 +769,14 @@ | |||
746 | 769 | ||
747 | 20001204 | 770 | 20001204 |
748 | - (bal) More C functions defined in NeXT that are unaccessable without | 771 | - (bal) More C functions defined in NeXT that are unaccessable without |
749 | defining -POSIX. | 772 | defining -POSIX. |
750 | - (bal) OpenBSD CVS updates: | 773 | - (bal) OpenBSD CVS updates: |
751 | - markus@cvs.openbsd.org 2000/12/03 11:29:04 | 774 | - markus@cvs.openbsd.org 2000/12/03 11:29:04 |
752 | [compat.c] | 775 | [compat.c] |
753 | remove fallback to SSH_BUG_HMAC now that the drafts are updated | 776 | remove fallback to SSH_BUG_HMAC now that the drafts are updated |
754 | - markus@cvs.openbsd.org 2000/12/03 11:27:55 | 777 | - markus@cvs.openbsd.org 2000/12/03 11:27:55 |
755 | [compat.c] | 778 | [compat.c] |
756 | correctly match "2.1.0.pl2 SSH" etc; from | 779 | correctly match "2.1.0.pl2 SSH" etc; from |
757 | pekkas@netcore.fi/bugzilla.redhat | 780 | pekkas@netcore.fi/bugzilla.redhat |
758 | - markus@cvs.openbsd.org 2000/12/03 11:15:03 | 781 | - markus@cvs.openbsd.org 2000/12/03 11:15:03 |
759 | [auth2.c compat.c compat.h sshconnect2.c] | 782 | [auth2.c compat.c compat.h sshconnect2.c] |
@@ -763,7 +786,7 @@ | |||
763 | - (bal) OpenBSD CVS updates: | 786 | - (bal) OpenBSD CVS updates: |
764 | - markus@cvs.openbsd.org 2000/11/30 22:54:31 | 787 | - markus@cvs.openbsd.org 2000/11/30 22:54:31 |
765 | [channels.c] | 788 | [channels.c] |
766 | debug->warn if tried to do -R style fwd w/o client requesting this; | 789 | debug->warn if tried to do -R style fwd w/o client requesting this; |
767 | ok neils@ | 790 | ok neils@ |
768 | - markus@cvs.openbsd.org 2000/11/29 20:39:17 | 791 | - markus@cvs.openbsd.org 2000/11/29 20:39:17 |
769 | [cipher.c] | 792 | [cipher.c] |
@@ -771,7 +794,7 @@ | |||
771 | - markus@cvs.openbsd.org 2000/11/30 18:33:05 | 794 | - markus@cvs.openbsd.org 2000/11/30 18:33:05 |
772 | [ssh-agent.c] | 795 | [ssh-agent.c] |
773 | agents must not dump core, ok niels@ | 796 | agents must not dump core, ok niels@ |
774 | - markus@cvs.openbsd.org 2000/11/30 07:04:02 | 797 | - markus@cvs.openbsd.org 2000/11/30 07:04:02 |
775 | [ssh.1] | 798 | [ssh.1] |
776 | T is for both protocols | 799 | T is for both protocols |
777 | - markus@cvs.openbsd.org 2000/12/01 00:00:51 | 800 | - markus@cvs.openbsd.org 2000/12/01 00:00:51 |
@@ -782,7 +805,7 @@ | |||
782 | check -T before isatty() | 805 | check -T before isatty() |
783 | - provos@cvs.openbsd.org 2000/11/29 13:51:27 | 806 | - provos@cvs.openbsd.org 2000/11/29 13:51:27 |
784 | [sshconnect.c] | 807 | [sshconnect.c] |
785 | show IP address and hostname when new key is encountered. okay markus@ | 808 | show IP address and hostname when new key is encountered. okay markus@ |
786 | - markus@cvs.openbsd.org 2000/11/30 22:53:35 | 809 | - markus@cvs.openbsd.org 2000/11/30 22:53:35 |
787 | [sshconnect.c] | 810 | [sshconnect.c] |
788 | disable agent/x11/port fwding if hostkey has changed; ok niels@ | 811 | disable agent/x11/port fwding if hostkey has changed; ok niels@ |
@@ -796,14 +819,14 @@ | |||
796 | 819 | ||
797 | 20001202 | 820 | 20001202 |
798 | - (bal) Backed out of part of Alain St-Denis' loginrec.c patch. | 821 | - (bal) Backed out of part of Alain St-Denis' loginrec.c patch. |
799 | - (bal) Irix need some sort of mansubdir, patch by Michael Stone | 822 | - (bal) Irix need some sort of mansubdir, patch by Michael Stone |
800 | <mstone@cs.loyola.edu> | 823 | <mstone@cs.loyola.edu> |
801 | 824 | ||
802 | 20001129 | 825 | 20001129 |
803 | - (djm) Back out all the serverloop.c hacks. sshd will now hang again | 826 | - (djm) Back out all the serverloop.c hacks. sshd will now hang again |
804 | if there are background children with open fds. | 827 | if there are background children with open fds. |
805 | - (djm) bsd-rresvport.c bzero -> memset | 828 | - (djm) bsd-rresvport.c bzero -> memset |
806 | - (djm) Don't fail in defines.h on absence of 64 bit types (we will | 829 | - (djm) Don't fail in defines.h on absence of 64 bit types (we will |
807 | still fail during compilation of sftp-server). | 830 | still fail during compilation of sftp-server). |
808 | - (djm) Fail if ar is not found during configure | 831 | - (djm) Fail if ar is not found during configure |
809 | - (djm) OpenBSD CVS updates: | 832 | - (djm) OpenBSD CVS updates: |
@@ -833,7 +856,7 @@ | |||
833 | - (bal) Merge OpenBSD changes: | 856 | - (bal) Merge OpenBSD changes: |
834 | - markus@cvs.openbsd.org 2000/11/15 22:31:36 | 857 | - markus@cvs.openbsd.org 2000/11/15 22:31:36 |
835 | [auth-options.c] | 858 | [auth-options.c] |
836 | case insensitive key options; from stevesk@sweeden.hp.com | 859 | case insensitive key options; from stevesk@sweeden.hp.com |
837 | - markus@cvs.openbsd.org 2000/11/16 17:55:43 | 860 | - markus@cvs.openbsd.org 2000/11/16 17:55:43 |
838 | [dh.c] | 861 | [dh.c] |
839 | do not use perror() in sshd, after child is forked() | 862 | do not use perror() in sshd, after child is forked() |
@@ -851,7 +874,7 @@ | |||
851 | do not reorder keys if a key is removed | 874 | do not reorder keys if a key is removed |
852 | - markus@cvs.openbsd.org 2000/11/15 19:58:08 | 875 | - markus@cvs.openbsd.org 2000/11/15 19:58:08 |
853 | [ssh.c] | 876 | [ssh.c] |
854 | just ignore non existing user keys | 877 | just ignore non existing user keys |
855 | - millert@cvs.openbsd.org 200/11/15 20:24:43 | 878 | - millert@cvs.openbsd.org 200/11/15 20:24:43 |
856 | [ssh-keygen.c] | 879 | [ssh-keygen.c] |
857 | Add missing \n at end of error message. | 880 | Add missing \n at end of error message. |
@@ -864,7 +887,7 @@ | |||
864 | 20001117 | 887 | 20001117 |
865 | - (bal) Changed from 'primes' to 'primes.out' for consistancy sake. It | 888 | - (bal) Changed from 'primes' to 'primes.out' for consistancy sake. It |
866 | has no affect the output. Patch by Corinna Vinschen <vinschen@redhat.com> | 889 | has no affect the output. Patch by Corinna Vinschen <vinschen@redhat.com> |
867 | - (stevesk) Reworked progname support. | 890 | - (stevesk) Reworked progname support. |
868 | - (bal) Misplaced #include "includes.h" in bsd-setproctitle.c. Patch by | 891 | - (bal) Misplaced #include "includes.h" in bsd-setproctitle.c. Patch by |
869 | Shinichi Maruyama <marya@st.jip.co.jp> | 892 | Shinichi Maruyama <marya@st.jip.co.jp> |
870 | 893 | ||
@@ -875,7 +898,7 @@ | |||
875 | <roth@feep.net> | 898 | <roth@feep.net> |
876 | 899 | ||
877 | 20001113 | 900 | 20001113 |
878 | - (djm) Add pointer to http://www.imasy.or.jp/~gotoh/connect.c to | 901 | - (djm) Add pointer to http://www.imasy.or.jp/~gotoh/connect.c to |
879 | contrib/README | 902 | contrib/README |
880 | - (djm) Merge OpenBSD changes: | 903 | - (djm) Merge OpenBSD changes: |
881 | - markus@cvs.openbsd.org 2000/11/06 16:04:56 | 904 | - markus@cvs.openbsd.org 2000/11/06 16:04:56 |
@@ -902,7 +925,7 @@ | |||
902 | [readconf.c readconf.h rsa.c rsa.h servconf.c servconf.h ssh-add.c] | 925 | [readconf.c readconf.h rsa.c rsa.h servconf.c servconf.h ssh-add.c] |
903 | [ssh-agent.c ssh-keygen.1 ssh-keygen.c ssh.1 ssh.c ssh_config] | 926 | [ssh-agent.c ssh-keygen.1 ssh-keygen.c ssh.1 ssh.c ssh_config] |
904 | [sshconnect1.c sshconnect2.c sshd.8 sshd.c sshd_config ssh-dss.c] | 927 | [sshconnect1.c sshconnect2.c sshd.8 sshd.c sshd_config ssh-dss.c] |
905 | [ssh-dss.h ssh-rsa.c ssh-rsa.h dsa.c dsa.h] | 928 | [ssh-dss.h ssh-rsa.c ssh-rsa.h dsa.c dsa.h] |
906 | add support for RSA to SSH2. please test. | 929 | add support for RSA to SSH2. please test. |
907 | there are now 3 types of keys: RSA1 is used by ssh-1 only, | 930 | there are now 3 types of keys: RSA1 is used by ssh-1 only, |
908 | RSA and DSA are used by SSH2. | 931 | RSA and DSA are used by SSH2. |
@@ -926,10 +949,10 @@ | |||
926 | - (djm) Added /etc/primes for kex DH group neg, fixup Makefile.in and | 949 | - (djm) Added /etc/primes for kex DH group neg, fixup Makefile.in and |
927 | packaging files | 950 | packaging files |
928 | - (djm) Fix new Makefile.in warnings | 951 | - (djm) Fix new Makefile.in warnings |
929 | - (djm) Fix vsprintf("%h") in bsd-snprintf.c, short int va_args are | 952 | - (djm) Fix vsprintf("%h") in bsd-snprintf.c, short int va_args are |
930 | promoted to type int. Report and fix from Dan Astoorian | 953 | promoted to type int. Report and fix from Dan Astoorian |
931 | <djast@cs.toronto.edu> | 954 | <djast@cs.toronto.edu> |
932 | - (djm) Hardwire sysconfdir in RPM spec files as some RPM versions get | 955 | - (djm) Hardwire sysconfdir in RPM spec files as some RPM versions get |
933 | it wrong. Report from Bennett Todd <bet@rahul.net> | 956 | it wrong. Report from Bennett Todd <bet@rahul.net> |
934 | 957 | ||
935 | 20001110 | 958 | 20001110 |
@@ -937,10 +960,10 @@ | |||
937 | - (bal) Changed from --with-skey to --with-skey=PATH in configure.in | 960 | - (bal) Changed from --with-skey to --with-skey=PATH in configure.in |
938 | - (bal) Added in check to verify S/Key library is being detected in | 961 | - (bal) Added in check to verify S/Key library is being detected in |
939 | configure.in | 962 | configure.in |
940 | - (bal) next-posix.h - added another prototype wrapped in POSIX ifdef/endif. | 963 | - (bal) next-posix.h - added another prototype wrapped in POSIX ifdef/endif. |
941 | Patch by Mark Miller <markm@swoon.net> | 964 | Patch by Mark Miller <markm@swoon.net> |
942 | - (bal) Added 'util.h' header to loginrec.c only if HAVE_UTIL_H is defined | 965 | - (bal) Added 'util.h' header to loginrec.c only if HAVE_UTIL_H is defined |
943 | to remove warnings under MacOS X. Patch by Mark Miller <markm@swoon.net> | 966 | to remove warnings under MacOS X. Patch by Mark Miller <markm@swoon.net> |
944 | - (bal) Fixed LDFLAG mispelling in configure.in for --with-afs | 967 | - (bal) Fixed LDFLAG mispelling in configure.in for --with-afs |
945 | 968 | ||
946 | 20001107 | 969 | 20001107 |
@@ -954,7 +977,7 @@ | |||
954 | 20001106 | 977 | 20001106 |
955 | - (djm) Use Jim's new 1.0.3 askpass in Redhat RPMs | 978 | - (djm) Use Jim's new 1.0.3 askpass in Redhat RPMs |
956 | - (djm) Manually fix up missed diff hunks (mainly RCS idents) | 979 | - (djm) Manually fix up missed diff hunks (mainly RCS idents) |
957 | - (djm) Remove UPGRADING document in favour of a link to the better | 980 | - (djm) Remove UPGRADING document in favour of a link to the better |
958 | maintained FAQ on www.openssh.com | 981 | maintained FAQ on www.openssh.com |
959 | - (djm) Fix multiple dependancy on gnome-libs from Pekka Savola | 982 | - (djm) Fix multiple dependancy on gnome-libs from Pekka Savola |
960 | <pekkas@netcore.fi> | 983 | <pekkas@netcore.fi> |
@@ -989,10 +1012,10 @@ | |||
989 | - (bal) next-posix.h - spelling and forgot a prototype | 1012 | - (bal) next-posix.h - spelling and forgot a prototype |
990 | 1013 | ||
991 | 20001028 | 1014 | 20001028 |
992 | - (djm) fix select hack in serverloop.c from Philippe WILLEM | 1015 | - (djm) fix select hack in serverloop.c from Philippe WILLEM |
993 | <Philippe.WILLEM@urssaf.fr> | 1016 | <Philippe.WILLEM@urssaf.fr> |
994 | - (djm) Fix mangled AIXAUTHENTICATE code | 1017 | - (djm) Fix mangled AIXAUTHENTICATE code |
995 | - (djm) authctxt->pw may be NULL. Fix from Markus Friedl | 1018 | - (djm) authctxt->pw may be NULL. Fix from Markus Friedl |
996 | <markus.friedl@informatik.uni-erlangen.de> | 1019 | <markus.friedl@informatik.uni-erlangen.de> |
997 | - (djm) Sync with OpenBSD: | 1020 | - (djm) Sync with OpenBSD: |
998 | - markus@cvs.openbsd.org 2000/10/16 15:46:32 | 1021 | - markus@cvs.openbsd.org 2000/10/16 15:46:32 |
@@ -1029,7 +1052,7 @@ | |||
1029 | - markus@cvs.openbsd.org 2000/10/27 01:32:19 | 1052 | - markus@cvs.openbsd.org 2000/10/27 01:32:19 |
1030 | [channels.c channels.h clientloop.c serverloop.c session.c] | 1053 | [channels.c channels.h clientloop.c serverloop.c session.c] |
1031 | [ssh.c util.c] | 1054 | [ssh.c util.c] |
1032 | enable non-blocking IO on channels, and tty's (except for the | 1055 | enable non-blocking IO on channels, and tty's (except for the |
1033 | client ttys). | 1056 | client ttys). |
1034 | 1057 | ||
1035 | 20001027 | 1058 | 20001027 |
@@ -1060,7 +1083,7 @@ | |||
1060 | supplied passphrase. Problem report from Lutz Jaenicke | 1083 | supplied passphrase. Problem report from Lutz Jaenicke |
1061 | <Lutz.Jaenicke@aet.TU-Cottbus.DE> | 1084 | <Lutz.Jaenicke@aet.TU-Cottbus.DE> |
1062 | - (bal) Changed from GNU rx to PCRE on suggestion from djm. | 1085 | - (bal) Changed from GNU rx to PCRE on suggestion from djm. |
1063 | - (bal) Integrated Sony NEWS-OS patches from NAKAJI Hirouyuki | 1086 | - (bal) Integrated Sony NEWS-OS patches from NAKAJI Hirouyuki |
1064 | <nakaji@tutrp.tut.ac.jp> | 1087 | <nakaji@tutrp.tut.ac.jp> |
1065 | 1088 | ||
1066 | 20001016 | 1089 | 20001016 |
@@ -1079,7 +1102,7 @@ | |||
1079 | AllowTcpForwarding; from naddy@ | 1102 | AllowTcpForwarding; from naddy@ |
1080 | - markus@cvs.openbsd.org 2000/10/14 06:16:56 | 1103 | - markus@cvs.openbsd.org 2000/10/14 06:16:56 |
1081 | [auth2.c compat.c compat.h sshconnect2.c version.h] | 1104 | [auth2.c compat.c compat.h sshconnect2.c version.h] |
1082 | OpenSSH_2.3; note that is is not complete, but the version number | 1105 | OpenSSH_2.3; note that is is not complete, but the version number |
1083 | needs to be changed for interoperability reasons | 1106 | needs to be changed for interoperability reasons |
1084 | - markus@cvs.openbsd.org 2000/10/14 06:19:45 | 1107 | - markus@cvs.openbsd.org 2000/10/14 06:19:45 |
1085 | [auth-rsa.c] | 1108 | [auth-rsa.c] |
@@ -1091,12 +1114,12 @@ | |||
1091 | - markus@cvs.openbsd.org 2000/10/15 08:18:31 | 1114 | - markus@cvs.openbsd.org 2000/10/15 08:18:31 |
1092 | [rijndael.c] | 1115 | [rijndael.c] |
1093 | typo | 1116 | typo |
1094 | - (djm) Copy manpages back over from OpenBSD - too tedious to wade | 1117 | - (djm) Copy manpages back over from OpenBSD - too tedious to wade |
1095 | through diffs | 1118 | through diffs |
1096 | - (djm) Added condrestart to Redhat init script. Patch from Pekka Savola | 1119 | - (djm) Added condrestart to Redhat init script. Patch from Pekka Savola |
1097 | <pekkas@netcore.fi> | 1120 | <pekkas@netcore.fi> |
1098 | - (djm) Update version in Redhat spec file | 1121 | - (djm) Update version in Redhat spec file |
1099 | - (djm) Merge some of Nalin Dahyabhai <nalin@redhat.com> changes from the | 1122 | - (djm) Merge some of Nalin Dahyabhai <nalin@redhat.com> changes from the |
1100 | Redhat 7.0 spec file | 1123 | Redhat 7.0 spec file |
1101 | - (djm) Make inability to read/write PRNG seedfile non-fatal | 1124 | - (djm) Make inability to read/write PRNG seedfile non-fatal |
1102 | 1125 | ||
@@ -1108,7 +1131,7 @@ | |||
1108 | - (bal) Add support for realpath and getcwd for platforms with broken | 1131 | - (bal) Add support for realpath and getcwd for platforms with broken |
1109 | or missing realpath implementations for sftp-server. | 1132 | or missing realpath implementations for sftp-server. |
1110 | - (bal) Corrected mistake in INSTALL in regards to GNU rx library | 1133 | - (bal) Corrected mistake in INSTALL in regards to GNU rx library |
1111 | - (bal) Add support for GNU rx library for those lacking regexp support | 1134 | - (bal) Add support for GNU rx library for those lacking regexp support |
1112 | - (djm) Don't accept PAM_PROMPT_ECHO_ON messages during initial auth | 1135 | - (djm) Don't accept PAM_PROMPT_ECHO_ON messages during initial auth |
1113 | - (djm) Revert SSH2 serverloop hack, will find a better way. | 1136 | - (djm) Revert SSH2 serverloop hack, will find a better way. |
1114 | - (djm) Add workaround for Linux 2.4's gratuitious errno change. Patch | 1137 | - (djm) Add workaround for Linux 2.4's gratuitious errno change. Patch |
@@ -1214,11 +1237,11 @@ | |||
1214 | 1237 | ||
1215 | 20000930 | 1238 | 20000930 |
1216 | - (djm) Irix ssh_prng_cmds path fix from Pekka Savola <pekkas@netcore.fi> | 1239 | - (djm) Irix ssh_prng_cmds path fix from Pekka Savola <pekkas@netcore.fi> |
1217 | - (djm) Support in bsd-snprintf.c for long long conversions from | 1240 | - (djm) Support in bsd-snprintf.c for long long conversions from |
1218 | Ben Lindstrom <mouring@pconline.com> | 1241 | Ben Lindstrom <mouring@pconline.com> |
1219 | - (djm) Cleanup NeXT support from Ben Lindstrom <mouring@pconline.com> | 1242 | - (djm) Cleanup NeXT support from Ben Lindstrom <mouring@pconline.com> |
1220 | - (djm) Ignore SIGPIPEs from serverloop to child. Fixes crashes with | 1243 | - (djm) Ignore SIGPIPEs from serverloop to child. Fixes crashes with |
1221 | very short lived X connections. Bug report from Tobias Oetiker | 1244 | very short lived X connections. Bug report from Tobias Oetiker |
1222 | <oetiker@ee.ethz.ch>. Fix from Markus Friedl <markus@cvs.openbsd.org> | 1245 | <oetiker@ee.ethz.ch>. Fix from Markus Friedl <markus@cvs.openbsd.org> |
1223 | - (djm) Add recent InitScripts as a RPM dependancy for openssh-server | 1246 | - (djm) Add recent InitScripts as a RPM dependancy for openssh-server |
1224 | patch from Pekka Savola <pekkas@netcore.fi> | 1247 | patch from Pekka Savola <pekkas@netcore.fi> |
@@ -1234,27 +1257,27 @@ | |||
1234 | - markus@cvs.openbsd.org 2000/09/28 12:03:18 | 1257 | - markus@cvs.openbsd.org 2000/09/28 12:03:18 |
1235 | [channels.c] | 1258 | [channels.c] |
1236 | debug -> debug2 cleanup | 1259 | debug -> debug2 cleanup |
1237 | - (djm) Irix strips "/dev/tty" from [uw]tmp entries (other systems only | 1260 | - (djm) Irix strips "/dev/tty" from [uw]tmp entries (other systems only |
1238 | strip "/dev/"). Fix loginrec.c based on patch from Alain St-Denis | 1261 | strip "/dev/"). Fix loginrec.c based on patch from Alain St-Denis |
1239 | <Alain.St-Denis@ec.gc.ca> | 1262 | <Alain.St-Denis@ec.gc.ca> |
1240 | - (djm) Fix 9 character passphrase failure with gnome-ssh-askpass. | 1263 | - (djm) Fix 9 character passphrase failure with gnome-ssh-askpass. |
1241 | Problem was caused by interrupted read in ssh-add. Report from Donald | 1264 | Problem was caused by interrupted read in ssh-add. Report from Donald |
1242 | J. Barry <don@astro.cornell.edu> | 1265 | J. Barry <don@astro.cornell.edu> |
1243 | 1266 | ||
1244 | 20000929 | 1267 | 20000929 |
1245 | - (djm) Fix SSH2 not terminating until all background tasks done problem. | 1268 | - (djm) Fix SSH2 not terminating until all background tasks done problem. |
1246 | - (djm) Another off-by-one fix from Pavel Kankovsky | 1269 | - (djm) Another off-by-one fix from Pavel Kankovsky |
1247 | <peak@argo.troja.mff.cuni.cz> | 1270 | <peak@argo.troja.mff.cuni.cz> |
1248 | - (djm) Clean up. Strip some unnecessary differences with OpenBSD's code, | 1271 | - (djm) Clean up. Strip some unnecessary differences with OpenBSD's code, |
1249 | tidy necessary differences. Use Markus' new debugN() in entropy.c | 1272 | tidy necessary differences. Use Markus' new debugN() in entropy.c |
1250 | - (djm) Merged big SCO portability patch from Tim Rice | 1273 | - (djm) Merged big SCO portability patch from Tim Rice |
1251 | <tim@multitalents.net> | 1274 | <tim@multitalents.net> |
1252 | 1275 | ||
1253 | 20000926 | 1276 | 20000926 |
1254 | - (djm) Update X11-askpass to 1.0.2 in RPM spec file | 1277 | - (djm) Update X11-askpass to 1.0.2 in RPM spec file |
1255 | - (djm) Define _REENTRANT to pickup strtok_r() on HP/UX | 1278 | - (djm) Define _REENTRANT to pickup strtok_r() on HP/UX |
1256 | - (djm) Security: fix off-by-one buffer overrun in fake-getnameinfo.c. | 1279 | - (djm) Security: fix off-by-one buffer overrun in fake-getnameinfo.c. |
1257 | Report and fix from Pavel Kankovsky <peak@argo.troja.mff.cuni.cz> | 1280 | Report and fix from Pavel Kankovsky <peak@argo.troja.mff.cuni.cz> |
1258 | 1281 | ||
1259 | 20000924 | 1282 | 20000924 |
1260 | - (djm) Merged cleanup patch from Mark Miller <markm@swoon.net> | 1283 | - (djm) Merged cleanup patch from Mark Miller <markm@swoon.net> |
@@ -1263,14 +1286,14 @@ | |||
1263 | <markm@swoon.net> | 1286 | <markm@swoon.net> |
1264 | 1287 | ||
1265 | 20000923 | 1288 | 20000923 |
1266 | - (djm) Fix address logging in utmp from Kevin Steves | 1289 | - (djm) Fix address logging in utmp from Kevin Steves |
1267 | <stevesk@sweden.hp.com> | 1290 | <stevesk@sweden.hp.com> |
1268 | - (djm) Redhat spec and manpage fixes from Pekka Savola <pekkas@netcore.fi> | 1291 | - (djm) Redhat spec and manpage fixes from Pekka Savola <pekkas@netcore.fi> |
1269 | - (djm) Seperate tests for int64_t and u_int64_t types | 1292 | - (djm) Seperate tests for int64_t and u_int64_t types |
1270 | - (djm) Tweak password expiry checking at suggestion of Kevin Steves | 1293 | - (djm) Tweak password expiry checking at suggestion of Kevin Steves |
1271 | <stevesk@sweden.hp.com> | 1294 | <stevesk@sweden.hp.com> |
1272 | - (djm) NeXT patch from Ben Lindstrom <mouring@pconline.com> | 1295 | - (djm) NeXT patch from Ben Lindstrom <mouring@pconline.com> |
1273 | - (djm) Use printf %lld instead of %qd in sftp-server.c. Fix from | 1296 | - (djm) Use printf %lld instead of %qd in sftp-server.c. Fix from |
1274 | Michael Stone <mstone@cs.loyola.edu> | 1297 | Michael Stone <mstone@cs.loyola.edu> |
1275 | - (djm) OpenBSD CVS sync: | 1298 | - (djm) OpenBSD CVS sync: |
1276 | - markus@cvs.openbsd.org 2000/09/17 09:38:59 | 1299 | - markus@cvs.openbsd.org 2000/09/17 09:38:59 |
@@ -1304,13 +1327,13 @@ | |||
1304 | <asminer@cs.iastate.edu> | 1327 | <asminer@cs.iastate.edu> |
1305 | 1328 | ||
1306 | 20000916 | 1329 | 20000916 |
1307 | - (djm) Fix SSL search order from Lutz Jaenicke | 1330 | - (djm) Fix SSL search order from Lutz Jaenicke |
1308 | <Lutz.Jaenicke@aet.TU-Cottbus.DE> | 1331 | <Lutz.Jaenicke@aet.TU-Cottbus.DE> |
1309 | - (djm) New SuSE spec from Corinna Vinschen <corinna@vinschen.de> | 1332 | - (djm) New SuSE spec from Corinna Vinschen <corinna@vinschen.de> |
1310 | - (djm) Update CygWin support from Corinna Vinschen <vinschen@cygnus.com> | 1333 | - (djm) Update CygWin support from Corinna Vinschen <vinschen@cygnus.com> |
1311 | - (djm) Use a real struct sockaddr inside the fake struct sockaddr_storage. | 1334 | - (djm) Use a real struct sockaddr inside the fake struct sockaddr_storage. |
1312 | Patch from Larry Jones <larry.jones@sdrc.com> | 1335 | Patch from Larry Jones <larry.jones@sdrc.com> |
1313 | - (djm) Add Steve VanDevender's <stevev@darkwing.uoregon.edu> PAM | 1336 | - (djm) Add Steve VanDevender's <stevev@darkwing.uoregon.edu> PAM |
1314 | password change patch. | 1337 | password change patch. |
1315 | - (djm) Bring licenses on my stuff in line with OpenBSD's | 1338 | - (djm) Bring licenses on my stuff in line with OpenBSD's |
1316 | - (djm) Cleanup auth-passwd.c and unify HP/UX authentication. Patch from | 1339 | - (djm) Cleanup auth-passwd.c and unify HP/UX authentication. Patch from |
@@ -1321,9 +1344,9 @@ | |||
1321 | - (djm) Update Redhat SPEC file accordingly | 1344 | - (djm) Update Redhat SPEC file accordingly |
1322 | - (djm) Add Kevin Steves <stevesk@sweden.hp.com> HP/UX contrib files | 1345 | - (djm) Add Kevin Steves <stevesk@sweden.hp.com> HP/UX contrib files |
1323 | - (djm) Add Charles Levert <charles@comm.polymtl.ca> getpgrp patch | 1346 | - (djm) Add Charles Levert <charles@comm.polymtl.ca> getpgrp patch |
1324 | - (djm) Fix password auth on HP/UX 10.20. Patch from Dirk De Wachter | 1347 | - (djm) Fix password auth on HP/UX 10.20. Patch from Dirk De Wachter |
1325 | <Dirk.DeWachter@rug.ac.be> | 1348 | <Dirk.DeWachter@rug.ac.be> |
1326 | - (djm) Fixprogs and entropy list fixes from Larry Jones | 1349 | - (djm) Fixprogs and entropy list fixes from Larry Jones |
1327 | <larry.jones@sdrc.com> | 1350 | <larry.jones@sdrc.com> |
1328 | - (djm) Fix for SuSE spec file from Takashi YOSHIDA | 1351 | - (djm) Fix for SuSE spec file from Takashi YOSHIDA |
1329 | <tyoshida@gemini.rc.kyushu-u.ac.jp> | 1352 | <tyoshida@gemini.rc.kyushu-u.ac.jp> |
@@ -1342,10 +1365,10 @@ | |||
1342 | prototype | 1365 | prototype |
1343 | - deraadt@cvs.openbsd.org 2000/09/07 14:27:56 | 1366 | - deraadt@cvs.openbsd.org 2000/09/07 14:27:56 |
1344 | [ALL] | 1367 | [ALL] |
1345 | cleanup copyright notices on all files. I have attempted to be | 1368 | cleanup copyright notices on all files. I have attempted to be |
1346 | accurate with the details. everything is now under Tatu's licence | 1369 | accurate with the details. everything is now under Tatu's licence |
1347 | (which I copied from his readme), and/or the core-sdi bsd-ish thing | 1370 | (which I copied from his readme), and/or the core-sdi bsd-ish thing |
1348 | for deattack, or various openbsd developers under a 2-term bsd | 1371 | for deattack, or various openbsd developers under a 2-term bsd |
1349 | licence. We're not changing any rules, just being accurate. | 1372 | licence. We're not changing any rules, just being accurate. |
1350 | - markus@cvs.openbsd.org 2000/09/07 14:40:30 | 1373 | - markus@cvs.openbsd.org 2000/09/07 14:40:30 |
1351 | [channels.c channels.h clientloop.c serverloop.c ssh.c] | 1374 | [channels.c channels.h clientloop.c serverloop.c ssh.c] |
@@ -1799,7 +1822,7 @@ | |||
1799 | - (djm) Added 'distprep' make target to simplify packaging | 1822 | - (djm) Added 'distprep' make target to simplify packaging |
1800 | - (djm) Added patch from Chris Adams <cmadams@hiwaay.net> to add OSF SIA | 1823 | - (djm) Added patch from Chris Adams <cmadams@hiwaay.net> to add OSF SIA |
1801 | support. Enable using "USE_SIA=1 ./configure [options]" | 1824 | support. Enable using "USE_SIA=1 ./configure [options]" |
1802 | 1825 | ||
1803 | 20000627 | 1826 | 20000627 |
1804 | - (djm) Fixes to login code - not setting li->uid, cleanups | 1827 | - (djm) Fixes to login code - not setting li->uid, cleanups |
1805 | - (djm) Formatting | 1828 | - (djm) Formatting |
@@ -1921,7 +1944,7 @@ | |||
1921 | - Don't try to retrieve lastlog from wtmp/wtmpx if DISABLE_LASTLOG is | 1944 | - Don't try to retrieve lastlog from wtmp/wtmpx if DISABLE_LASTLOG is |
1922 | def'd | 1945 | def'd |
1923 | - Set AIX to use preformatted manpages | 1946 | - Set AIX to use preformatted manpages |
1924 | 1947 | ||
1925 | 20000610 | 1948 | 20000610 |
1926 | - (djm) Minor doc tweaks | 1949 | - (djm) Minor doc tweaks |
1927 | - (djm) Fix for configure on bash2 from Jim Knoble <jmknoble@jmknoble.cx> | 1950 | - (djm) Fix for configure on bash2 from Jim Knoble <jmknoble@jmknoble.cx> |
@@ -1947,7 +1970,7 @@ | |||
1947 | teach protocol v2 to count login failures properly and also enable an | 1970 | teach protocol v2 to count login failures properly and also enable an |
1948 | explanation of why the password prompt comes up again like v1; this is NOT | 1971 | explanation of why the password prompt comes up again like v1; this is NOT |
1949 | crypto | 1972 | crypto |
1950 | - markus@cvs.openbsd.org | 1973 | - markus@cvs.openbsd.org |
1951 | [readconf.c readconf.h servconf.c servconf.h session.c ssh.1 ssh.c sshd.8] | 1974 | [readconf.c readconf.h servconf.c servconf.h session.c ssh.1 ssh.c sshd.8] |
1952 | xauth_location support; pr 1234 | 1975 | xauth_location support; pr 1234 |
1953 | [readconf.c sshconnect2.c] | 1976 | [readconf.c sshconnect2.c] |
@@ -1978,7 +2001,7 @@ | |||
1978 | - (andre) New login code | 2001 | - (andre) New login code |
1979 | - Remove bsd-login.[ch] and all the OpenBSD-derived code in login.c | 2002 | - Remove bsd-login.[ch] and all the OpenBSD-derived code in login.c |
1980 | - Add loginrec.[ch], logintest.c and autoconf code | 2003 | - Add loginrec.[ch], logintest.c and autoconf code |
1981 | 2004 | ||
1982 | 20000531 | 2005 | 20000531 |
1983 | - Cleanup of auth.c, login.c and fake-* | 2006 | - Cleanup of auth.c, login.c and fake-* |
1984 | - Cleanup of auth-pam.c, save and print "account expired" error messages | 2007 | - Cleanup of auth-pam.c, save and print "account expired" error messages |
@@ -2383,7 +2406,7 @@ | |||
2383 | no adjust after close | 2406 | no adjust after close |
2384 | - [sshd.c compat.c ] | 2407 | - [sshd.c compat.c ] |
2385 | interop w/ latest ssh.com windows client. | 2408 | interop w/ latest ssh.com windows client. |
2386 | 2409 | ||
2387 | 20000406 | 2410 | 20000406 |
2388 | - OpenBSD CVS update: | 2411 | - OpenBSD CVS update: |
2389 | - [channels.c] | 2412 | - [channels.c] |
@@ -2704,7 +2727,7 @@ | |||
2704 | - [readpass.c] | 2727 | - [readpass.c] |
2705 | instead of blocking SIGINT, catch it ourselves, so that we can clean | 2728 | instead of blocking SIGINT, catch it ourselves, so that we can clean |
2706 | the tty modes up and kill ourselves -- instead of our process group | 2729 | the tty modes up and kill ourselves -- instead of our process group |
2707 | leader (scp, cvs, ...) going away and leaving us in noecho mode. | 2730 | leader (scp, cvs, ...) going away and leaving us in noecho mode. |
2708 | people with cbreak shells never even noticed.. | 2731 | people with cbreak shells never even noticed.. |
2709 | - [ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8] | 2732 | - [ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8] |
2710 | ie. -> i.e., | 2733 | ie. -> i.e., |
@@ -2741,7 +2764,7 @@ | |||
2741 | 20000118 | 2764 | 20000118 |
2742 | - Fixed --with-pid-dir option | 2765 | - Fixed --with-pid-dir option |
2743 | - Makefile fix from Gary E. Miller <gem@rellim.com> | 2766 | - Makefile fix from Gary E. Miller <gem@rellim.com> |
2744 | - Compile fix for HPUX and Solaris from Andre Lucas | 2767 | - Compile fix for HPUX and Solaris from Andre Lucas |
2745 | <andre.lucas@dial.pipex.com> | 2768 | <andre.lucas@dial.pipex.com> |
2746 | 2769 | ||
2747 | 20000117 | 2770 | 20000117 |
@@ -2844,7 +2867,7 @@ | |||
2844 | 2867 | ||
2845 | 20000103 | 2868 | 20000103 |
2846 | - Add explicit make rules for files proccessed by fixpaths. | 2869 | - Add explicit make rules for files proccessed by fixpaths. |
2847 | - Fix "make install" in RPM spec files. Report from Tenkou N. Hattori | 2870 | - Fix "make install" in RPM spec files. Report from Tenkou N. Hattori |
2848 | <tnh@kondara.org> | 2871 | <tnh@kondara.org> |
2849 | - Removed "nullok" directive from default PAM configuration files. | 2872 | - Removed "nullok" directive from default PAM configuration files. |
2850 | Added information on enabling EmptyPasswords on openssh+PAM in | 2873 | Added information on enabling EmptyPasswords on openssh+PAM in |
@@ -3019,7 +3042,7 @@ | |||
3019 | - Use LDFLAGS correctly | 3042 | - Use LDFLAGS correctly |
3020 | - Fix SIGIO error in scp | 3043 | - Fix SIGIO error in scp |
3021 | - Simplify status line printing in scp | 3044 | - Simplify status line printing in scp |
3022 | - Added better test for inline functions compiler support from | 3045 | - Added better test for inline functions compiler support from |
3023 | Darren_Hall@progressive.com | 3046 | Darren_Hall@progressive.com |
3024 | 3047 | ||
3025 | 19991214 | 3048 | 19991214 |
@@ -3247,7 +3270,7 @@ | |||
3247 | print usage() everytime we get bad options | 3270 | print usage() everytime we get bad options |
3248 | - [ssh-keygen.c] overflow, djm@mindrot.org | 3271 | - [ssh-keygen.c] overflow, djm@mindrot.org |
3249 | - [sshd.c] fix sigchld race; cjc5@po.cwru.edu | 3272 | - [sshd.c] fix sigchld race; cjc5@po.cwru.edu |
3250 | 3273 | ||
3251 | 19991120 | 3274 | 19991120 |
3252 | - Merged more Solaris support from Marc G. Fournier | 3275 | - Merged more Solaris support from Marc G. Fournier |
3253 | <marc.fournier@acadiau.ca> | 3276 | <marc.fournier@acadiau.ca> |
diff --git a/Makefile.in b/Makefile.in index c3cd580ea..8ea71915a 100644 --- a/Makefile.in +++ b/Makefile.in | |||
@@ -33,9 +33,9 @@ SSH_MODE= @SSHMODE@ | |||
33 | 33 | ||
34 | INSTALL_SSH_PRNG_CMDS=@INSTALL_SSH_PRNG_CMDS@ | 34 | INSTALL_SSH_PRNG_CMDS=@INSTALL_SSH_PRNG_CMDS@ |
35 | 35 | ||
36 | @NO_SFTP@SFTP-SERVER=sftp-server$(EXEEXT) | 36 | @NO_SFTP@SFTP_PROGS=sftp-server$(EXEEXT) sftp$(EXEEXT) |
37 | 37 | ||
38 | TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-agent$(EXEEXT) scp$(EXEEXT) $(SFTP-SERVER) | 38 | TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-agent$(EXEEXT) scp$(EXEEXT) $(SFTP_PROGS) |
39 | 39 | ||
40 | LIBSSH_OBJS=atomicio.o authfd.o authfile.o bufaux.o buffer.o canohost.o channels.o cipher.o cli.o compat.o compress.o crc32.o deattack.o dispatch.o hmac.o hostfile.o key.o kex.o log.o match.o misc.o mpaux.o nchan.o packet.o radix.o rijndael.o entropy.o readpass.o rsa.o ssh-dss.o ssh-rsa.o tildexpand.o ttymodes.o uidswap.o uuencode.o xmalloc.o | 40 | LIBSSH_OBJS=atomicio.o authfd.o authfile.o bufaux.o buffer.o canohost.o channels.o cipher.o cli.o compat.o compress.o crc32.o deattack.o dispatch.o hmac.o hostfile.o key.o kex.o log.o match.o misc.o mpaux.o nchan.o packet.o radix.o rijndael.o entropy.o readpass.o rsa.o ssh-dss.o ssh-rsa.o tildexpand.o ttymodes.o uidswap.o uuencode.o xmalloc.o |
41 | 41 | ||
@@ -43,8 +43,8 @@ SSHOBJS= ssh.o sshconnect.o sshconnect1.o sshconnect2.o log-client.o readconf.o | |||
43 | 43 | ||
44 | SSHDOBJS= sshd.o auth.o auth1.o auth2.o auth-chall.o auth2-chall.o auth-rhosts.o auth-options.o auth-krb4.o auth-pam.o auth2-pam.o auth-passwd.o auth-rsa.o auth-rh-rsa.o dh.o pty.o log-server.o login.o loginrec.o servconf.o serverloop.o md5crypt.o session.o groupaccess.o | 44 | SSHDOBJS= sshd.o auth.o auth1.o auth2.o auth-chall.o auth2-chall.o auth-rhosts.o auth-options.o auth-krb4.o auth-pam.o auth2-pam.o auth-passwd.o auth-rsa.o auth-rh-rsa.o dh.o pty.o log-server.o login.o loginrec.o servconf.o serverloop.o md5crypt.o session.o groupaccess.o |
45 | 45 | ||
46 | TROFFMAN = scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 | 46 | TROFFMAN = scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 |
47 | CATMAN = scp.0 ssh-add.0 ssh-agent.0 ssh-keygen.0 ssh-keyscan.0 ssh.0 sshd.0 sftp-server.0 | 47 | CATMAN = scp.0 ssh-add.0 ssh-agent.0 ssh-keygen.0 ssh-keyscan.0 ssh.0 sshd.0 sftp-server.0 sftp.1 |
48 | MANPAGES = @MANTYPE@ | 48 | MANPAGES = @MANTYPE@ |
49 | 49 | ||
50 | CONFIGFILES=sshd_config ssh_config primes | 50 | CONFIGFILES=sshd_config ssh_config primes |
@@ -105,8 +105,12 @@ ssh-keygen$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keygen.o log-client.o | |||
105 | ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a log-client.o ssh-keyscan.o | 105 | ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a log-client.o ssh-keyscan.o |
106 | $(LD) -o $@ ssh-keyscan.o log-client.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) | 106 | $(LD) -o $@ ssh-keyscan.o log-client.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) |
107 | 107 | ||
108 | sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp-server.o log-server.o | 108 | sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp-server.o sftp-common.o log-server.o |
109 | $(LD) -o $@ sftp-server.o log-server.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) | 109 | $(LD) -o $@ sftp-server.o sftp-common.o log-server.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) |
110 | |||
111 | # XXX: need to -lssh twice here! | ||
112 | sftp$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-client.o sftp-int.o sftp-common.o log-client.o | ||
113 | $(LD) -o $@ sftp.o sftp-client.o sftp-common.o sftp-int.o log-client.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS) | ||
110 | 114 | ||
111 | # test driver for the loginrec code - not built by default | 115 | # test driver for the loginrec code - not built by default |
112 | logintest: logintest.o $(LIBCOMPAT) libssh.a log-client.o loginrec.o | 116 | logintest: logintest.o $(LIBCOMPAT) libssh.a log-client.o loginrec.o |
@@ -156,6 +160,7 @@ install-files: | |||
156 | $(INSTALL) -m 0755 -s ssh-keygen $(DESTDIR)$(bindir)/ssh-keygen | 160 | $(INSTALL) -m 0755 -s ssh-keygen $(DESTDIR)$(bindir)/ssh-keygen |
157 | $(INSTALL) -m 0775 -s ssh-keyscan $(DESTDIR)$(bindir)/ssh-keyscan | 161 | $(INSTALL) -m 0775 -s ssh-keyscan $(DESTDIR)$(bindir)/ssh-keyscan |
158 | $(INSTALL) -m 0755 -s sshd $(DESTDIR)$(sbindir)/sshd | 162 | $(INSTALL) -m 0755 -s sshd $(DESTDIR)$(sbindir)/sshd |
163 | @NO_SFTP@$$(INSTALL) -m 0755 -s sftp $(DESTDIR)$(bindir)/sftp | ||
159 | @NO_SFTP@$(INSTALL) -m 0755 -s sftp-server $(DESTDIR)$(libexecdir)/sftp-server | 164 | @NO_SFTP@$(INSTALL) -m 0755 -s sftp-server $(DESTDIR)$(libexecdir)/sftp-server |
160 | $(INSTALL) -m 644 ssh.[01].out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1 | 165 | $(INSTALL) -m 644 ssh.[01].out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1 |
161 | $(INSTALL) -m 644 scp.[01].out $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1 | 166 | $(INSTALL) -m 644 scp.[01].out $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1 |
@@ -164,6 +169,7 @@ install-files: | |||
164 | $(INSTALL) -m 644 ssh-keygen.[01].out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keygen.1 | 169 | $(INSTALL) -m 644 ssh-keygen.[01].out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keygen.1 |
165 | $(INSTALL) -m 644 ssh-keyscan.[01].out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keyscan.1 | 170 | $(INSTALL) -m 644 ssh-keyscan.[01].out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keyscan.1 |
166 | $(INSTALL) -m 644 sshd.[08].out $(DESTDIR)$(mandir)/$(mansubdir)8/sshd.8 | 171 | $(INSTALL) -m 644 sshd.[08].out $(DESTDIR)$(mandir)/$(mansubdir)8/sshd.8 |
172 | @NO_SFTP@$$(INSTALL) -m 644 sftp.[01].out $(DESTDIR)$(mandir)/$(mansubdir)1/sftp.1 | ||
167 | @NO_SFTP@$(INSTALL) -m 644 sftp-server.[08].out $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8 | 173 | @NO_SFTP@$(INSTALL) -m 644 sftp-server.[08].out $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8 |
168 | -rm -f $(DESTDIR)$(bindir)/slogin | 174 | -rm -f $(DESTDIR)$(bindir)/slogin |
169 | ln -s ssh$(EXEEXT) $(DESTDIR)$(bindir)/slogin | 175 | ln -s ssh$(EXEEXT) $(DESTDIR)$(bindir)/slogin |
@@ -241,6 +247,7 @@ uninstall: | |||
241 | -rm -f $(DESTDIR)$(bindir)/ssh-agent$(EXEEXT) | 247 | -rm -f $(DESTDIR)$(bindir)/ssh-agent$(EXEEXT) |
242 | -rm -f $(DESTDIR)$(bindir)/ssh-keygen$(EXEEXT) | 248 | -rm -f $(DESTDIR)$(bindir)/ssh-keygen$(EXEEXT) |
243 | -rm -f $(DESTDIR)$(bindir)/ssh-keyscan$(EXEEXT) | 249 | -rm -f $(DESTDIR)$(bindir)/ssh-keyscan$(EXEEXT) |
250 | -rm -f $(DESTDIR)$(bindir)/sftp$(EXEEXT) | ||
244 | -rm -f $(DESTDIR)$(sbindir)/sshd$(EXEEXT) | 251 | -rm -f $(DESTDIR)$(sbindir)/sshd$(EXEEXT) |
245 | -rm -r $(DESTDIR)$(libexecdir)/sftp-server$(EXEEXT) | 252 | -rm -r $(DESTDIR)$(libexecdir)/sftp-server$(EXEEXT) |
246 | -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1 | 253 | -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1 |
@@ -248,6 +255,7 @@ uninstall: | |||
248 | -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-add.1 | 255 | -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-add.1 |
249 | -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-agent.1 | 256 | -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-agent.1 |
250 | -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keygen.1 | 257 | -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keygen.1 |
258 | -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/sftp.1 | ||
251 | -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keyscan.1 | 259 | -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keyscan.1 |
252 | -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/sshd.8 | 260 | -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/sshd.8 |
253 | -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8 | 261 | -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8 |
@@ -1,4 +1,6 @@ | |||
1 | Programming: | 1 | Programming: |
2 | - Grep for 'XXX' comments and fix | ||
3 | |||
2 | - Replacement for setproctitle() - HP/UX support only currently | 4 | - Replacement for setproctitle() - HP/UX support only currently |
3 | 5 | ||
4 | - Improve PAM support (a pam_lastlog module will cause sshd to exit) | 6 | - Improve PAM support (a pam_lastlog module will cause sshd to exit) |
diff --git a/auth-options.c b/auth-options.c index 5457d9b14..04d2f085f 100644 --- a/auth-options.c +++ b/auth-options.c | |||
@@ -10,7 +10,7 @@ | |||
10 | */ | 10 | */ |
11 | 11 | ||
12 | #include "includes.h" | 12 | #include "includes.h" |
13 | RCSID("$OpenBSD: auth-options.c,v 1.11 2001/01/21 19:05:41 markus Exp $"); | 13 | RCSID("$OpenBSD: auth-options.c,v 1.12 2001/02/03 10:08:36 markus Exp $"); |
14 | 14 | ||
15 | #include "packet.h" | 15 | #include "packet.h" |
16 | #include "xmalloc.h" | 16 | #include "xmalloc.h" |
@@ -18,6 +18,7 @@ RCSID("$OpenBSD: auth-options.c,v 1.11 2001/01/21 19:05:41 markus Exp $"); | |||
18 | #include "log.h" | 18 | #include "log.h" |
19 | #include "canohost.h" | 19 | #include "canohost.h" |
20 | #include "auth-options.h" | 20 | #include "auth-options.h" |
21 | #include "servconf.h" | ||
21 | 22 | ||
22 | /* Flags set authorized_keys flags */ | 23 | /* Flags set authorized_keys flags */ |
23 | int no_port_forwarding_flag = 0; | 24 | int no_port_forwarding_flag = 0; |
@@ -31,6 +32,8 @@ char *forced_command = NULL; | |||
31 | /* "environment=" options. */ | 32 | /* "environment=" options. */ |
32 | struct envstring *custom_environment = NULL; | 33 | struct envstring *custom_environment = NULL; |
33 | 34 | ||
35 | extern ServerOptions options; | ||
36 | |||
34 | void | 37 | void |
35 | auth_clear_options(void) | 38 | auth_clear_options(void) |
36 | { | 39 | { |
@@ -55,61 +58,61 @@ auth_clear_options(void) | |||
55 | * side effect: sets key option flags | 58 | * side effect: sets key option flags |
56 | */ | 59 | */ |
57 | int | 60 | int |
58 | auth_parse_options(struct passwd *pw, char *options, char *file, u_long linenum) | 61 | auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) |
59 | { | 62 | { |
60 | const char *cp; | 63 | const char *cp; |
61 | if (!options) | 64 | if (!opts) |
62 | return 1; | 65 | return 1; |
63 | 66 | ||
64 | /* reset options */ | 67 | /* reset options */ |
65 | auth_clear_options(); | 68 | auth_clear_options(); |
66 | 69 | ||
67 | while (*options && *options != ' ' && *options != '\t') { | 70 | while (*opts && *opts != ' ' && *opts != '\t') { |
68 | cp = "no-port-forwarding"; | 71 | cp = "no-port-forwarding"; |
69 | if (strncasecmp(options, cp, strlen(cp)) == 0) { | 72 | if (strncasecmp(opts, cp, strlen(cp)) == 0) { |
70 | packet_send_debug("Port forwarding disabled."); | 73 | packet_send_debug("Port forwarding disabled."); |
71 | no_port_forwarding_flag = 1; | 74 | no_port_forwarding_flag = 1; |
72 | options += strlen(cp); | 75 | opts += strlen(cp); |
73 | goto next_option; | 76 | goto next_option; |
74 | } | 77 | } |
75 | cp = "no-agent-forwarding"; | 78 | cp = "no-agent-forwarding"; |
76 | if (strncasecmp(options, cp, strlen(cp)) == 0) { | 79 | if (strncasecmp(opts, cp, strlen(cp)) == 0) { |
77 | packet_send_debug("Agent forwarding disabled."); | 80 | packet_send_debug("Agent forwarding disabled."); |
78 | no_agent_forwarding_flag = 1; | 81 | no_agent_forwarding_flag = 1; |
79 | options += strlen(cp); | 82 | opts += strlen(cp); |
80 | goto next_option; | 83 | goto next_option; |
81 | } | 84 | } |
82 | cp = "no-X11-forwarding"; | 85 | cp = "no-X11-forwarding"; |
83 | if (strncasecmp(options, cp, strlen(cp)) == 0) { | 86 | if (strncasecmp(opts, cp, strlen(cp)) == 0) { |
84 | packet_send_debug("X11 forwarding disabled."); | 87 | packet_send_debug("X11 forwarding disabled."); |
85 | no_x11_forwarding_flag = 1; | 88 | no_x11_forwarding_flag = 1; |
86 | options += strlen(cp); | 89 | opts += strlen(cp); |
87 | goto next_option; | 90 | goto next_option; |
88 | } | 91 | } |
89 | cp = "no-pty"; | 92 | cp = "no-pty"; |
90 | if (strncasecmp(options, cp, strlen(cp)) == 0) { | 93 | if (strncasecmp(opts, cp, strlen(cp)) == 0) { |
91 | packet_send_debug("Pty allocation disabled."); | 94 | packet_send_debug("Pty allocation disabled."); |
92 | no_pty_flag = 1; | 95 | no_pty_flag = 1; |
93 | options += strlen(cp); | 96 | opts += strlen(cp); |
94 | goto next_option; | 97 | goto next_option; |
95 | } | 98 | } |
96 | cp = "command=\""; | 99 | cp = "command=\""; |
97 | if (strncasecmp(options, cp, strlen(cp)) == 0) { | 100 | if (strncasecmp(opts, cp, strlen(cp)) == 0) { |
98 | int i; | 101 | int i; |
99 | options += strlen(cp); | 102 | opts += strlen(cp); |
100 | forced_command = xmalloc(strlen(options) + 1); | 103 | forced_command = xmalloc(strlen(opts) + 1); |
101 | i = 0; | 104 | i = 0; |
102 | while (*options) { | 105 | while (*opts) { |
103 | if (*options == '"') | 106 | if (*opts == '"') |
104 | break; | 107 | break; |
105 | if (*options == '\\' && options[1] == '"') { | 108 | if (*opts == '\\' && opts[1] == '"') { |
106 | options += 2; | 109 | opts += 2; |
107 | forced_command[i++] = '"'; | 110 | forced_command[i++] = '"'; |
108 | continue; | 111 | continue; |
109 | } | 112 | } |
110 | forced_command[i++] = *options++; | 113 | forced_command[i++] = *opts++; |
111 | } | 114 | } |
112 | if (!*options) { | 115 | if (!*opts) { |
113 | debug("%.100s, line %lu: missing end quote", | 116 | debug("%.100s, line %lu: missing end quote", |
114 | file, linenum); | 117 | file, linenum); |
115 | packet_send_debug("%.100s, line %lu: missing end quote", | 118 | packet_send_debug("%.100s, line %lu: missing end quote", |
@@ -118,28 +121,28 @@ auth_parse_options(struct passwd *pw, char *options, char *file, u_long linenum) | |||
118 | } | 121 | } |
119 | forced_command[i] = 0; | 122 | forced_command[i] = 0; |
120 | packet_send_debug("Forced command: %.900s", forced_command); | 123 | packet_send_debug("Forced command: %.900s", forced_command); |
121 | options++; | 124 | opts++; |
122 | goto next_option; | 125 | goto next_option; |
123 | } | 126 | } |
124 | cp = "environment=\""; | 127 | cp = "environment=\""; |
125 | if (strncasecmp(options, cp, strlen(cp)) == 0) { | 128 | if (strncasecmp(opts, cp, strlen(cp)) == 0) { |
126 | int i; | 129 | int i; |
127 | char *s; | 130 | char *s; |
128 | struct envstring *new_envstring; | 131 | struct envstring *new_envstring; |
129 | options += strlen(cp); | 132 | opts += strlen(cp); |
130 | s = xmalloc(strlen(options) + 1); | 133 | s = xmalloc(strlen(opts) + 1); |
131 | i = 0; | 134 | i = 0; |
132 | while (*options) { | 135 | while (*opts) { |
133 | if (*options == '"') | 136 | if (*opts == '"') |
134 | break; | 137 | break; |
135 | if (*options == '\\' && options[1] == '"') { | 138 | if (*opts == '\\' && opts[1] == '"') { |
136 | options += 2; | 139 | opts += 2; |
137 | s[i++] = '"'; | 140 | s[i++] = '"'; |
138 | continue; | 141 | continue; |
139 | } | 142 | } |
140 | s[i++] = *options++; | 143 | s[i++] = *opts++; |
141 | } | 144 | } |
142 | if (!*options) { | 145 | if (!*opts) { |
143 | debug("%.100s, line %lu: missing end quote", | 146 | debug("%.100s, line %lu: missing end quote", |
144 | file, linenum); | 147 | file, linenum); |
145 | packet_send_debug("%.100s, line %lu: missing end quote", | 148 | packet_send_debug("%.100s, line %lu: missing end quote", |
@@ -149,7 +152,7 @@ auth_parse_options(struct passwd *pw, char *options, char *file, u_long linenum) | |||
149 | s[i] = 0; | 152 | s[i] = 0; |
150 | packet_send_debug("Adding to environment: %.900s", s); | 153 | packet_send_debug("Adding to environment: %.900s", s); |
151 | debug("Adding to environment: %.900s", s); | 154 | debug("Adding to environment: %.900s", s); |
152 | options++; | 155 | opts++; |
153 | new_envstring = xmalloc(sizeof(struct envstring)); | 156 | new_envstring = xmalloc(sizeof(struct envstring)); |
154 | new_envstring->s = s; | 157 | new_envstring->s = s; |
155 | new_envstring->next = custom_environment; | 158 | new_envstring->next = custom_environment; |
@@ -157,23 +160,26 @@ auth_parse_options(struct passwd *pw, char *options, char *file, u_long linenum) | |||
157 | goto next_option; | 160 | goto next_option; |
158 | } | 161 | } |
159 | cp = "from=\""; | 162 | cp = "from=\""; |
160 | if (strncasecmp(options, cp, strlen(cp)) == 0) { | 163 | if (strncasecmp(opts, cp, strlen(cp)) == 0) { |
161 | int mname, mip; | 164 | int mname, mip; |
162 | char *patterns = xmalloc(strlen(options) + 1); | 165 | const char *remote_ip = get_remote_ipaddr(); |
166 | const char *remote_host = get_canonical_hostname( | ||
167 | options.reverse_mapping_check); | ||
168 | char *patterns = xmalloc(strlen(opts) + 1); | ||
163 | int i; | 169 | int i; |
164 | options += strlen(cp); | 170 | opts += strlen(cp); |
165 | i = 0; | 171 | i = 0; |
166 | while (*options) { | 172 | while (*opts) { |
167 | if (*options == '"') | 173 | if (*opts == '"') |
168 | break; | 174 | break; |
169 | if (*options == '\\' && options[1] == '"') { | 175 | if (*opts == '\\' && opts[1] == '"') { |
170 | options += 2; | 176 | opts += 2; |
171 | patterns[i++] = '"'; | 177 | patterns[i++] = '"'; |
172 | continue; | 178 | continue; |
173 | } | 179 | } |
174 | patterns[i++] = *options++; | 180 | patterns[i++] = *opts++; |
175 | } | 181 | } |
176 | if (!*options) { | 182 | if (!*opts) { |
177 | debug("%.100s, line %lu: missing end quote", | 183 | debug("%.100s, line %lu: missing end quote", |
178 | file, linenum); | 184 | file, linenum); |
179 | packet_send_debug("%.100s, line %lu: missing end quote", | 185 | packet_send_debug("%.100s, line %lu: missing end quote", |
@@ -181,24 +187,26 @@ auth_parse_options(struct passwd *pw, char *options, char *file, u_long linenum) | |||
181 | continue; | 187 | continue; |
182 | } | 188 | } |
183 | patterns[i] = 0; | 189 | patterns[i] = 0; |
184 | options++; | 190 | opts++; |
185 | /* | 191 | /* |
186 | * Deny access if we get a negative | 192 | * Deny access if we get a negative |
187 | * match for the hostname or the ip | 193 | * match for the hostname or the ip |
188 | * or if we get not match at all | 194 | * or if we get not match at all |
189 | */ | 195 | */ |
190 | mname = match_hostname(get_canonical_hostname(), | 196 | mname = match_hostname(remote_host, patterns, |
191 | patterns, strlen(patterns)); | 197 | strlen(patterns)); |
192 | mip = match_hostname(get_remote_ipaddr(), | 198 | mip = match_hostname(remote_ip, patterns, |
193 | patterns, strlen(patterns)); | 199 | strlen(patterns)); |
194 | xfree(patterns); | 200 | xfree(patterns); |
195 | if (mname == -1 || mip == -1 || | 201 | if (mname == -1 || mip == -1 || |
196 | (mname != 1 && mip != 1)) { | 202 | (mname != 1 && mip != 1)) { |
197 | log("Authentication tried for %.100s with correct key but not from a permitted host (host=%.200s, ip=%.200s).", | 203 | log("Authentication tried for %.100s with " |
198 | pw->pw_name, get_canonical_hostname(), | 204 | "correct key but not from a permitted " |
199 | get_remote_ipaddr()); | 205 | "host (host=%.200s, ip=%.200s).", |
200 | packet_send_debug("Your host '%.200s' is not permitted to use this key for login.", | 206 | pw->pw_name, remote_host, remote_ip); |
201 | get_canonical_hostname()); | 207 | packet_send_debug("Your host '%.200s' is not " |
208 | "permitted to use this key for login.", | ||
209 | remote_host); | ||
202 | /* deny access */ | 210 | /* deny access */ |
203 | return 0; | 211 | return 0; |
204 | } | 212 | } |
@@ -210,13 +218,13 @@ next_option: | |||
210 | * Skip the comma, and move to the next option | 218 | * Skip the comma, and move to the next option |
211 | * (or break out if there are no more). | 219 | * (or break out if there are no more). |
212 | */ | 220 | */ |
213 | if (!*options) | 221 | if (!*opts) |
214 | fatal("Bugs in auth-options.c option processing."); | 222 | fatal("Bugs in auth-options.c option processing."); |
215 | if (*options == ' ' || *options == '\t') | 223 | if (*opts == ' ' || *opts == '\t') |
216 | break; /* End of options. */ | 224 | break; /* End of options. */ |
217 | if (*options != ',') | 225 | if (*opts != ',') |
218 | goto bad_option; | 226 | goto bad_option; |
219 | options++; | 227 | opts++; |
220 | /* Process the next option. */ | 228 | /* Process the next option. */ |
221 | } | 229 | } |
222 | /* grant access */ | 230 | /* grant access */ |
@@ -224,9 +232,9 @@ next_option: | |||
224 | 232 | ||
225 | bad_option: | 233 | bad_option: |
226 | log("Bad options in %.100s file, line %lu: %.50s", | 234 | log("Bad options in %.100s file, line %lu: %.50s", |
227 | file, linenum, options); | 235 | file, linenum, opts); |
228 | packet_send_debug("Bad options in %.100s file, line %lu: %.50s", | 236 | packet_send_debug("Bad options in %.100s file, line %lu: %.50s", |
229 | file, linenum, options); | 237 | file, linenum, opts); |
230 | /* deny access */ | 238 | /* deny access */ |
231 | return 0; | 239 | return 0; |
232 | } | 240 | } |
diff --git a/auth-pam.c b/auth-pam.c index 3d550b4dd..122896c7f 100644 --- a/auth-pam.c +++ b/auth-pam.c | |||
@@ -32,7 +32,7 @@ | |||
32 | #include "canohost.h" | 32 | #include "canohost.h" |
33 | #include "readpass.h" | 33 | #include "readpass.h" |
34 | 34 | ||
35 | RCSID("$Id: auth-pam.c,v 1.22 2001/01/22 05:34:40 mouring Exp $"); | 35 | RCSID("$Id: auth-pam.c,v 1.23 2001/02/04 12:20:19 djm Exp $"); |
36 | 36 | ||
37 | #define NEW_AUTHTOK_MSG \ | 37 | #define NEW_AUTHTOK_MSG \ |
38 | "Warning: Your password has expired, please change it now" | 38 | "Warning: Your password has expired, please change it now" |
@@ -211,10 +211,12 @@ int auth_pam_password(struct passwd *pw, const char *password) | |||
211 | int do_pam_account(char *username, char *remote_user) | 211 | int do_pam_account(char *username, char *remote_user) |
212 | { | 212 | { |
213 | int pam_retval; | 213 | int pam_retval; |
214 | extern ServerOptions options; | ||
214 | 215 | ||
215 | debug("PAM setting rhost to \"%.200s\"", get_canonical_hostname()); | 216 | debug("PAM setting rhost to \"%.200s\"", |
217 | get_canonical_hostname(options.reverse_mapping_check)); | ||
216 | pam_retval = pam_set_item(pamh, PAM_RHOST, | 218 | pam_retval = pam_set_item(pamh, PAM_RHOST, |
217 | get_canonical_hostname()); | 219 | get_canonical_hostname(options.reverse_mapping_check)); |
218 | if (pam_retval != PAM_SUCCESS) { | 220 | if (pam_retval != PAM_SUCCESS) { |
219 | fatal("PAM set rhost failed[%d]: %.200s", | 221 | fatal("PAM set rhost failed[%d]: %.200s", |
220 | pam_retval, PAM_STRERROR(pamh, pam_retval)); | 222 | pam_retval, PAM_STRERROR(pamh, pam_retval)); |
diff --git a/auth-rh-rsa.c b/auth-rh-rsa.c index 87d51549d..0edbdb5f3 100644 --- a/auth-rh-rsa.c +++ b/auth-rh-rsa.c | |||
@@ -13,7 +13,7 @@ | |||
13 | */ | 13 | */ |
14 | 14 | ||
15 | #include "includes.h" | 15 | #include "includes.h" |
16 | RCSID("$OpenBSD: auth-rh-rsa.c,v 1.21 2001/01/21 19:05:42 markus Exp $"); | 16 | RCSID("$OpenBSD: auth-rh-rsa.c,v 1.22 2001/02/03 10:08:36 markus Exp $"); |
17 | 17 | ||
18 | #include "packet.h" | 18 | #include "packet.h" |
19 | #include "xmalloc.h" | 19 | #include "xmalloc.h" |
@@ -49,7 +49,8 @@ auth_rhosts_rsa(struct passwd *pw, const char *client_user, RSA *client_host_key | |||
49 | if (!auth_rhosts(pw, client_user)) | 49 | if (!auth_rhosts(pw, client_user)) |
50 | return 0; | 50 | return 0; |
51 | 51 | ||
52 | canonical_hostname = get_canonical_hostname(); | 52 | canonical_hostname = get_canonical_hostname( |
53 | options.reverse_mapping_check); | ||
53 | 54 | ||
54 | debug("Rhosts RSA authentication: canonical host %.900s", canonical_hostname); | 55 | debug("Rhosts RSA authentication: canonical host %.900s", canonical_hostname); |
55 | 56 | ||
diff --git a/auth-rhosts.c b/auth-rhosts.c index 4f9ea886d..d8d10ffc9 100644 --- a/auth-rhosts.c +++ b/auth-rhosts.c | |||
@@ -14,7 +14,7 @@ | |||
14 | */ | 14 | */ |
15 | 15 | ||
16 | #include "includes.h" | 16 | #include "includes.h" |
17 | RCSID("$OpenBSD: auth-rhosts.c,v 1.19 2001/01/21 19:05:42 markus Exp $"); | 17 | RCSID("$OpenBSD: auth-rhosts.c,v 1.20 2001/02/03 10:08:36 markus Exp $"); |
18 | 18 | ||
19 | #include "packet.h" | 19 | #include "packet.h" |
20 | #include "xmalloc.h" | 20 | #include "xmalloc.h" |
@@ -183,7 +183,7 @@ auth_rhosts(struct passwd *pw, const char *client_user) | |||
183 | stat(_PATH_SSH_HOSTS_EQUIV, &st) < 0) | 183 | stat(_PATH_SSH_HOSTS_EQUIV, &st) < 0) |
184 | return 0; | 184 | return 0; |
185 | 185 | ||
186 | hostname = get_canonical_hostname(); | 186 | hostname = get_canonical_hostname(options.reverse_mapping_check); |
187 | ipaddr = get_remote_ipaddr(); | 187 | ipaddr = get_remote_ipaddr(); |
188 | 188 | ||
189 | /* If not logging in as superuser, try /etc/hosts.equiv and shosts.equiv. */ | 189 | /* If not logging in as superuser, try /etc/hosts.equiv and shosts.equiv. */ |
@@ -23,7 +23,7 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$OpenBSD: auth.c,v 1.14 2001/01/21 19:05:43 markus Exp $"); | 26 | RCSID("$OpenBSD: auth.c,v 1.15 2001/02/03 10:08:37 markus Exp $"); |
27 | 27 | ||
28 | #ifdef HAVE_LOGIN_H | 28 | #ifdef HAVE_LOGIN_H |
29 | #include <login.h> | 29 | #include <login.h> |
@@ -228,7 +228,7 @@ auth_root_allowed(void) | |||
228 | log("Root login accepted for forced command."); | 228 | log("Root login accepted for forced command."); |
229 | return 1; | 229 | return 1; |
230 | } else { | 230 | } else { |
231 | log("ROOT LOGIN REFUSED FROM %.200s", get_canonical_hostname()); | 231 | log("ROOT LOGIN REFUSED FROM %.200s", get_remote_ipaddr()); |
232 | return 0; | 232 | return 0; |
233 | } | 233 | } |
234 | } | 234 | } |
@@ -266,8 +266,8 @@ do_authloop(Authctxt *authctxt) | |||
266 | #elif defined(HAVE_OSF_SIA) | 266 | #elif defined(HAVE_OSF_SIA) |
267 | /* Do SIA auth with password */ | 267 | /* Do SIA auth with password */ |
268 | if (sia_validate_user(NULL, saved_argc, saved_argv, | 268 | if (sia_validate_user(NULL, saved_argc, saved_argv, |
269 | get_canonical_hostname(), pw->pw_name, NULL, 0, | 269 | get_canonical_hostname(options.reverse_mapping_check), |
270 | NULL, password) == SIASUCCESS) { | 270 | pw->pw_name, NULL, 0, NULL, password) == SIASUCCESS) { |
271 | authenticated = 1; | 271 | authenticated = 1; |
272 | } | 272 | } |
273 | #else /* !USE_PAM && !HAVE_OSF_SIA */ | 273 | #else /* !USE_PAM && !HAVE_OSF_SIA */ |
@@ -347,7 +347,9 @@ do_authloop(Authctxt *authctxt) | |||
347 | 347 | ||
348 | if (authctxt->failures++ > AUTH_FAIL_MAX) { | 348 | if (authctxt->failures++ > AUTH_FAIL_MAX) { |
349 | #ifdef WITH_AIXAUTHENTICATE | 349 | #ifdef WITH_AIXAUTHENTICATE |
350 | loginfailed(user,get_canonical_hostname(),"ssh"); | 350 | loginfailed(user, |
351 | get_canonical_hostname(options.reverse_mapping_check), | ||
352 | "ssh"); | ||
351 | #endif /* WITH_AIXAUTHENTICATE */ | 353 | #endif /* WITH_AIXAUTHENTICATE */ |
352 | packet_disconnect(AUTH_FAIL_MSG, authctxt->user); | 354 | packet_disconnect(AUTH_FAIL_MSG, authctxt->user); |
353 | } | 355 | } |
@@ -433,7 +435,9 @@ do_authentication() | |||
433 | 435 | ||
434 | #ifdef WITH_AIXAUTHENTICATE | 436 | #ifdef WITH_AIXAUTHENTICATE |
435 | /* We don't have a pty yet, so just label the line as "ssh" */ | 437 | /* We don't have a pty yet, so just label the line as "ssh" */ |
436 | if (loginsuccess(authctxt->user,get_canonical_hostname(),"ssh",&aixloginmsg) < 0) | 438 | if (loginsuccess(authctxt->user, |
439 | get_canonical_hostname(options.reverse_mapping_check), | ||
440 | "ssh", &aixloginmsg) < 0) | ||
437 | aixloginmsg = NULL; | 441 | aixloginmsg = NULL; |
438 | #endif /* WITH_AIXAUTHENTICATE */ | 442 | #endif /* WITH_AIXAUTHENTICATE */ |
439 | 443 | ||
@@ -310,7 +310,8 @@ userauth_reply(Authctxt *authctxt, int authenticated) | |||
310 | #ifdef WITH_AIXAUTHENTICATE | 310 | #ifdef WITH_AIXAUTHENTICATE |
311 | /* We don't have a pty yet, so just label the line as "ssh" */ | 311 | /* We don't have a pty yet, so just label the line as "ssh" */ |
312 | if (loginsuccess(authctxt->user?authctxt->user:"NOUSER", | 312 | if (loginsuccess(authctxt->user?authctxt->user:"NOUSER", |
313 | get_canonical_hostname(), "ssh", &aixloginmsg) < 0) | 313 | get_canonical_hostname(options.reverse_mapping_check), |
314 | "ssh", &aixloginmsg) < 0) | ||
314 | aixloginmsg = NULL; | 315 | aixloginmsg = NULL; |
315 | #endif /* WITH_AIXAUTHENTICATE */ | 316 | #endif /* WITH_AIXAUTHENTICATE */ |
316 | /* turn off userauth */ | 317 | /* turn off userauth */ |
@@ -354,8 +355,9 @@ userauth_none(Authctxt *authctxt) | |||
354 | return auth_pam_password(authctxt->pw, ""); | 355 | return auth_pam_password(authctxt->pw, ""); |
355 | #elif defined(HAVE_OSF_SIA) | 356 | #elif defined(HAVE_OSF_SIA) |
356 | return (sia_validate_user(NULL, saved_argc, saved_argv, | 357 | return (sia_validate_user(NULL, saved_argc, saved_argv, |
357 | get_canonical_hostname(), authctxt->user?authctxt->user:"NOUSER", | 358 | get_canonical_hostname(options.reverse_mapping_check), |
358 | NULL, 0, NULL, "") == SIASUCCESS); | 359 | authctxt->user?authctxt->user:"NOUSER", NULL, 0, |
360 | NULL, "") == SIASUCCESS); | ||
359 | #else /* !HAVE_OSF_SIA && !USE_PAM */ | 361 | #else /* !HAVE_OSF_SIA && !USE_PAM */ |
360 | return auth_password(authctxt->pw, ""); | 362 | return auth_password(authctxt->pw, ""); |
361 | #endif /* USE_PAM */ | 363 | #endif /* USE_PAM */ |
@@ -381,8 +383,9 @@ userauth_passwd(Authctxt *authctxt) | |||
381 | auth_pam_password(authctxt->pw, password) == 1) | 383 | auth_pam_password(authctxt->pw, password) == 1) |
382 | #elif defined(HAVE_OSF_SIA) | 384 | #elif defined(HAVE_OSF_SIA) |
383 | sia_validate_user(NULL, saved_argc, saved_argv, | 385 | sia_validate_user(NULL, saved_argc, saved_argv, |
384 | get_canonical_hostname(), authctxt->user?authctxt->user:"NOUSER", | 386 | get_canonical_hostname(options.reverse_mapping_check), |
385 | NULL, 0, NULL, password) == SIASUCCESS) | 387 | authctxt->user?authctxt->user:"NOUSER", NULL, 0, NULL, |
388 | password) == SIASUCCESS) | ||
386 | #else /* !USE_PAM && !HAVE_OSF_SIA */ | 389 | #else /* !USE_PAM && !HAVE_OSF_SIA */ |
387 | auth_password(authctxt->pw, password) == 1) | 390 | auth_password(authctxt->pw, password) == 1) |
388 | #endif /* USE_PAM */ | 391 | #endif /* USE_PAM */ |
diff --git a/canohost.c b/canohost.c index f3a659328..8253e9b6e 100644 --- a/canohost.c +++ b/canohost.c | |||
@@ -12,35 +12,35 @@ | |||
12 | */ | 12 | */ |
13 | 13 | ||
14 | #include "includes.h" | 14 | #include "includes.h" |
15 | RCSID("$OpenBSD: canohost.c,v 1.19 2001/01/29 19:42:33 markus Exp $"); | 15 | RCSID("$OpenBSD: canohost.c,v 1.20 2001/02/03 10:08:37 markus Exp $"); |
16 | 16 | ||
17 | #include "packet.h" | 17 | #include "packet.h" |
18 | #include "xmalloc.h" | 18 | #include "xmalloc.h" |
19 | #include "log.h" | 19 | #include "log.h" |
20 | 20 | ||
21 | void check_ip_options(int socket, char *ipaddr); | ||
22 | |||
21 | /* | 23 | /* |
22 | * Return the canonical name of the host at the other end of the socket. The | 24 | * Return the canonical name of the host at the other end of the socket. The |
23 | * caller should free the returned string with xfree. | 25 | * caller should free the returned string with xfree. |
24 | */ | 26 | */ |
25 | 27 | ||
26 | char * | 28 | char * |
27 | get_remote_hostname(int socket) | 29 | get_remote_hostname(int socket, int reverse_mapping_check) |
28 | { | 30 | { |
29 | struct sockaddr_storage from; | 31 | struct sockaddr_storage from; |
30 | int i; | 32 | int i; |
31 | socklen_t fromlen; | 33 | socklen_t fromlen; |
32 | struct addrinfo hints, *ai, *aitop; | 34 | struct addrinfo hints, *ai, *aitop; |
33 | char name[MAXHOSTNAMELEN]; | 35 | char name[NI_MAXHOST], ntop[NI_MAXHOST], ntop2[NI_MAXHOST]; |
34 | char ntop[NI_MAXHOST], ntop2[NI_MAXHOST]; | ||
35 | 36 | ||
36 | /* Get IP address of client. */ | 37 | /* Get IP address of client. */ |
37 | fromlen = sizeof(from); | 38 | fromlen = sizeof(from); |
38 | memset(&from, 0, sizeof(from)); | 39 | memset(&from, 0, sizeof(from)); |
39 | if (getpeername(socket, (struct sockaddr *) & from, &fromlen) < 0) { | 40 | if (getpeername(socket, (struct sockaddr *) &from, &fromlen) < 0) { |
40 | debug("getpeername failed: %.100s", strerror(errno)); | 41 | debug("getpeername failed: %.100s", strerror(errno)); |
41 | fatal_cleanup(); | 42 | fatal_cleanup(); |
42 | } | 43 | } |
43 | |||
44 | #ifdef IPV4_IN_IPV6 | 44 | #ifdef IPV4_IN_IPV6 |
45 | if (from.ss_family == AF_INET6) { | 45 | if (from.ss_family == AF_INET6) { |
46 | struct sockaddr_in6 *from6 = (struct sockaddr_in6 *)&from; | 46 | struct sockaddr_in6 *from6 = (struct sockaddr_in6 *)&from; |
@@ -63,6 +63,8 @@ get_remote_hostname(int socket) | |||
63 | } | 63 | } |
64 | } | 64 | } |
65 | #endif | 65 | #endif |
66 | if (from.ss_family == AF_INET) | ||
67 | check_ip_options(socket, ntop); | ||
66 | 68 | ||
67 | if (getnameinfo((struct sockaddr *)&from, fromlen, ntop, sizeof(ntop), | 69 | if (getnameinfo((struct sockaddr *)&from, fromlen, ntop, sizeof(ntop), |
68 | NULL, 0, NI_NUMERICHOST) != 0) | 70 | NULL, 0, NI_NUMERICHOST) != 0) |
@@ -70,120 +72,127 @@ get_remote_hostname(int socket) | |||
70 | 72 | ||
71 | /* Map the IP address to a host name. */ | 73 | /* Map the IP address to a host name. */ |
72 | if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name), | 74 | if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name), |
73 | NULL, 0, NI_NAMEREQD) == 0) { | 75 | NULL, 0, NI_NAMEREQD) != 0) { |
74 | /* Got host name. */ | 76 | /* Host name not found. Use ip address. */ |
75 | name[sizeof(name) - 1] = '\0'; | 77 | log("Could not reverse map address %.100s.", ntop); |
76 | /* | 78 | return xstrdup(ntop); |
77 | * Convert it to all lowercase (which is expected by the rest | ||
78 | * of this software). | ||
79 | */ | ||
80 | for (i = 0; name[i]; i++) | ||
81 | if (isupper(name[i])) | ||
82 | name[i] = tolower(name[i]); | ||
83 | |||
84 | /* | ||
85 | * Map it back to an IP address and check that the given | ||
86 | * address actually is an address of this host. This is | ||
87 | * necessary because anyone with access to a name server can | ||
88 | * define arbitrary names for an IP address. Mapping from | ||
89 | * name to IP address can be trusted better (but can still be | ||
90 | * fooled if the intruder has access to the name server of | ||
91 | * the domain). | ||
92 | */ | ||
93 | memset(&hints, 0, sizeof(hints)); | ||
94 | hints.ai_family = from.ss_family; | ||
95 | hints.ai_socktype = SOCK_STREAM; | ||
96 | if (getaddrinfo(name, NULL, &hints, &aitop) != 0) { | ||
97 | log("reverse mapping checking getaddrinfo for %.700s failed - POSSIBLE BREAKIN ATTEMPT!", name); | ||
98 | strlcpy(name, ntop, sizeof name); | ||
99 | goto check_ip_options; | ||
100 | } | ||
101 | /* Look for the address from the list of addresses. */ | ||
102 | for (ai = aitop; ai; ai = ai->ai_next) { | ||
103 | if (getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop2, | ||
104 | sizeof(ntop2), NULL, 0, NI_NUMERICHOST) == 0 && | ||
105 | (strcmp(ntop, ntop2) == 0)) | ||
106 | break; | ||
107 | } | ||
108 | freeaddrinfo(aitop); | ||
109 | /* If we reached the end of the list, the address was not there. */ | ||
110 | if (!ai) { | ||
111 | /* Address not found for the host name. */ | ||
112 | log("Address %.100s maps to %.600s, but this does not map back to the address - POSSIBLE BREAKIN ATTEMPT!", | ||
113 | ntop, name); | ||
114 | strlcpy(name, ntop, sizeof name); | ||
115 | goto check_ip_options; | ||
116 | } | ||
117 | /* Address was found for the host name. We accept the host name. */ | ||
118 | } else { | ||
119 | /* Host name not found. Use ascii representation of the address. */ | ||
120 | strlcpy(name, ntop, sizeof name); | ||
121 | log("Could not reverse map address %.100s.", name); | ||
122 | } | 79 | } |
123 | 80 | ||
124 | check_ip_options: | 81 | /* Got host name. */ |
82 | name[sizeof(name) - 1] = '\0'; | ||
83 | /* | ||
84 | * Convert it to all lowercase (which is expected by the rest | ||
85 | * of this software). | ||
86 | */ | ||
87 | for (i = 0; name[i]; i++) | ||
88 | if (isupper(name[i])) | ||
89 | name[i] = tolower(name[i]); | ||
125 | 90 | ||
91 | if (!reverse_mapping_check) | ||
92 | return xstrdup(name); | ||
126 | /* | 93 | /* |
127 | * If IP options are supported, make sure there are none (log and | 94 | * Map it back to an IP address and check that the given |
128 | * disconnect them if any are found). Basically we are worried about | 95 | * address actually is an address of this host. This is |
129 | * source routing; it can be used to pretend you are somebody | 96 | * necessary because anyone with access to a name server can |
130 | * (ip-address) you are not. That itself may be "almost acceptable" | 97 | * define arbitrary names for an IP address. Mapping from |
131 | * under certain circumstances, but rhosts autentication is useless | 98 | * name to IP address can be trusted better (but can still be |
132 | * if source routing is accepted. Notice also that if we just dropped | 99 | * fooled if the intruder has access to the name server of |
133 | * source routing here, the other side could use IP spoofing to do | 100 | * the domain). |
134 | * rest of the interaction and could still bypass security. So we | ||
135 | * exit here if we detect any IP options. | ||
136 | */ | 101 | */ |
137 | /* IP options -- IPv4 only */ | 102 | memset(&hints, 0, sizeof(hints)); |
138 | if (from.ss_family == AF_INET) { | 103 | hints.ai_family = from.ss_family; |
139 | u_char options[200], *ucp; | 104 | hints.ai_socktype = SOCK_STREAM; |
140 | char text[1024], *cp; | 105 | if (getaddrinfo(name, NULL, &hints, &aitop) != 0) { |
141 | socklen_t option_size; | 106 | log("reverse mapping checking getaddrinfo for %.700s " |
142 | int ipproto; | 107 | "failed - POSSIBLE BREAKIN ATTEMPT!", name); |
143 | struct protoent *ip; | 108 | return xstrdup(ntop); |
144 | 109 | } | |
145 | if ((ip = getprotobyname("ip")) != NULL) | 110 | /* Look for the address from the list of addresses. */ |
146 | ipproto = ip->p_proto; | 111 | for (ai = aitop; ai; ai = ai->ai_next) { |
147 | else | 112 | if (getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop2, |
148 | ipproto = IPPROTO_IP; | 113 | sizeof(ntop2), NULL, 0, NI_NUMERICHOST) == 0 && |
149 | option_size = sizeof(options); | 114 | (strcmp(ntop, ntop2) == 0)) |
150 | if (getsockopt(socket, ipproto, IP_OPTIONS, (char *) options, | 115 | break; |
151 | &option_size) >= 0 && option_size != 0) { | 116 | } |
152 | cp = text; | 117 | freeaddrinfo(aitop); |
153 | /* Note: "text" buffer must be at least 3x as big as options. */ | 118 | /* If we reached the end of the list, the address was not there. */ |
154 | for (ucp = options; option_size > 0; ucp++, option_size--, cp += 3) | 119 | if (!ai) { |
155 | sprintf(cp, " %2.2x", *ucp); | 120 | /* Address not found for the host name. */ |
156 | log("Connection from %.100s with IP options:%.800s", | 121 | log("Address %.100s maps to %.600s, but this does not " |
157 | ntop, text); | 122 | "map back to the address - POSSIBLE BREAKIN ATTEMPT!", |
158 | packet_disconnect("Connection from %.100s with IP options:%.800s", | 123 | ntop, name); |
159 | ntop, text); | 124 | return xstrdup(ntop); |
160 | } | ||
161 | } | 125 | } |
162 | |||
163 | return xstrdup(name); | 126 | return xstrdup(name); |
164 | } | 127 | } |
165 | 128 | ||
166 | /* | 129 | /* |
130 | * If IP options are supported, make sure there are none (log and | ||
131 | * disconnect them if any are found). Basically we are worried about | ||
132 | * source routing; it can be used to pretend you are somebody | ||
133 | * (ip-address) you are not. That itself may be "almost acceptable" | ||
134 | * under certain circumstances, but rhosts autentication is useless | ||
135 | * if source routing is accepted. Notice also that if we just dropped | ||
136 | * source routing here, the other side could use IP spoofing to do | ||
137 | * rest of the interaction and could still bypass security. So we | ||
138 | * exit here if we detect any IP options. | ||
139 | */ | ||
140 | /* IPv4 only */ | ||
141 | void | ||
142 | check_ip_options(int socket, char *ipaddr) | ||
143 | { | ||
144 | u_char options[200], *ucp; | ||
145 | char text[1024], *cp; | ||
146 | socklen_t option_size; | ||
147 | int ipproto; | ||
148 | struct protoent *ip; | ||
149 | |||
150 | if ((ip = getprotobyname("ip")) != NULL) | ||
151 | ipproto = ip->p_proto; | ||
152 | else | ||
153 | ipproto = IPPROTO_IP; | ||
154 | option_size = sizeof(options); | ||
155 | if (getsockopt(socket, ipproto, IP_OPTIONS, (void *)options, | ||
156 | &option_size) >= 0 && option_size != 0) { | ||
157 | cp = text; | ||
158 | /* Note: "text" buffer must be at least 3x as big as options. */ | ||
159 | for (ucp = options; option_size > 0; ucp++, option_size--, cp += 3) | ||
160 | sprintf(cp, " %2.2x", *ucp); | ||
161 | log("Connection from %.100s with IP options:%.800s", | ||
162 | ipaddr, text); | ||
163 | packet_disconnect("Connection from %.100s with IP options:%.800s", | ||
164 | ipaddr, text); | ||
165 | } | ||
166 | } | ||
167 | |||
168 | /* | ||
167 | * Return the canonical name of the host in the other side of the current | 169 | * Return the canonical name of the host in the other side of the current |
168 | * connection. The host name is cached, so it is efficient to call this | 170 | * connection. The host name is cached, so it is efficient to call this |
169 | * several times. | 171 | * several times. |
170 | */ | 172 | */ |
171 | 173 | ||
172 | const char * | 174 | const char * |
173 | get_canonical_hostname() | 175 | get_canonical_hostname(int reverse_mapping_check) |
174 | { | 176 | { |
175 | static char *canonical_host_name = NULL; | 177 | static char *canonical_host_name = NULL; |
178 | static int reverse_mapping_checked = 0; | ||
176 | 179 | ||
177 | /* Check if we have previously retrieved this same name. */ | 180 | /* Check if we have previously retrieved name with same option. */ |
178 | if (canonical_host_name != NULL) | 181 | if (canonical_host_name != NULL) { |
179 | return canonical_host_name; | 182 | if (reverse_mapping_checked != reverse_mapping_check) |
183 | xfree(canonical_host_name); | ||
184 | else | ||
185 | return canonical_host_name; | ||
186 | } | ||
180 | 187 | ||
181 | /* Get the real hostname if socket; otherwise return UNKNOWN. */ | 188 | /* Get the real hostname if socket; otherwise return UNKNOWN. */ |
182 | if (packet_connection_is_on_socket()) | 189 | if (packet_connection_is_on_socket()) |
183 | canonical_host_name = get_remote_hostname(packet_get_connection_in()); | 190 | canonical_host_name = get_remote_hostname( |
191 | packet_get_connection_in(), reverse_mapping_check); | ||
184 | else | 192 | else |
185 | canonical_host_name = xstrdup("UNKNOWN"); | 193 | canonical_host_name = xstrdup("UNKNOWN"); |
186 | 194 | ||
195 | reverse_mapping_checked = reverse_mapping_check; | ||
187 | return canonical_host_name; | 196 | return canonical_host_name; |
188 | } | 197 | } |
189 | 198 | ||
diff --git a/canohost.h b/canohost.h index 982ec5949..da60b3af9 100644 --- a/canohost.h +++ b/canohost.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: canohost.h,v 1.3 2001/01/29 19:42:35 markus Exp $ */ | 1 | /* $OpenBSD: canohost.h,v 1.4 2001/02/03 10:08:37 markus Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
@@ -11,22 +11,17 @@ | |||
11 | * incompatible with the protocol description in the RFC file, it must be | 11 | * incompatible with the protocol description in the RFC file, it must be |
12 | * called by a name other than "ssh" or "Secure Shell". | 12 | * called by a name other than "ssh" or "Secure Shell". |
13 | */ | 13 | */ |
14 | /* | ||
15 | * Returns the name of the machine at the other end of the socket. The | ||
16 | * returned string should be freed by the caller. | ||
17 | */ | ||
18 | char *get_remote_hostname(int socket); | ||
19 | 14 | ||
20 | /* | 15 | /* |
21 | * Return the canonical name of the host in the other side of the current | 16 | * Return the canonical name of the host in the other side of the current |
22 | * connection (as returned by packet_get_connection). The host name is | 17 | * connection (as returned by packet_get_connection). The host name is |
23 | * cached, so it is efficient to call this several times. | 18 | * cached, so it is efficient to call this several times. |
24 | */ | 19 | */ |
25 | const char *get_canonical_hostname(void); | 20 | const char *get_canonical_hostname(int reverse_mapping_check); |
26 | 21 | ||
27 | /* | 22 | /* |
28 | * Returns the IP-address of the remote host as a string. The returned | 23 | * Returns the IP-address of the remote host as a string. The returned |
29 | * string must not be freed. | 24 | * string is cached and must not be freed. |
30 | */ | 25 | */ |
31 | const char *get_remote_ipaddr(void); | 26 | const char *get_remote_ipaddr(void); |
32 | 27 | ||
diff --git a/channels.c b/channels.c index 82a2db05e..d343ac89e 100644 --- a/channels.c +++ b/channels.c | |||
@@ -40,7 +40,7 @@ | |||
40 | */ | 40 | */ |
41 | 41 | ||
42 | #include "includes.h" | 42 | #include "includes.h" |
43 | RCSID("$OpenBSD: channels.c,v 1.85 2001/01/29 19:42:35 markus Exp $"); | 43 | RCSID("$OpenBSD: channels.c,v 1.88 2001/02/01 21:58:08 markus Exp $"); |
44 | 44 | ||
45 | #include <openssl/rsa.h> | 45 | #include <openssl/rsa.h> |
46 | #include <openssl/dsa.h> | 46 | #include <openssl/dsa.h> |
@@ -600,7 +600,7 @@ channel_post_port_listener(Channel *c, fd_set * readset, fd_set * writeset) | |||
600 | struct sockaddr addr; | 600 | struct sockaddr addr; |
601 | int newsock, newch; | 601 | int newsock, newch; |
602 | socklen_t addrlen; | 602 | socklen_t addrlen; |
603 | char buf[1024], *remote_hostname, *rtype; | 603 | char buf[1024], *remote_ipaddr, *rtype; |
604 | int remote_port; | 604 | int remote_port; |
605 | 605 | ||
606 | rtype = (c->type == SSH_CHANNEL_RPORT_LISTENER) ? | 606 | rtype = (c->type == SSH_CHANNEL_RPORT_LISTENER) ? |
@@ -616,13 +616,13 @@ channel_post_port_listener(Channel *c, fd_set * readset, fd_set * writeset) | |||
616 | error("accept: %.100s", strerror(errno)); | 616 | error("accept: %.100s", strerror(errno)); |
617 | return; | 617 | return; |
618 | } | 618 | } |
619 | remote_hostname = get_remote_hostname(newsock); | 619 | remote_ipaddr = get_peer_ipaddr(newsock); |
620 | remote_port = get_peer_port(newsock); | 620 | remote_port = get_peer_port(newsock); |
621 | snprintf(buf, sizeof buf, | 621 | snprintf(buf, sizeof buf, |
622 | "listen port %d for %.100s port %d, " | 622 | "listen port %d for %.100s port %d, " |
623 | "connect from %.200s port %d", | 623 | "connect from %.200s port %d", |
624 | c->listening_port, c->path, c->host_port, | 624 | c->listening_port, c->path, c->host_port, |
625 | remote_hostname, remote_port); | 625 | remote_ipaddr, remote_port); |
626 | 626 | ||
627 | newch = channel_new(rtype, | 627 | newch = channel_new(rtype, |
628 | SSH_CHANNEL_OPENING, newsock, newsock, -1, | 628 | SSH_CHANNEL_OPENING, newsock, newsock, -1, |
@@ -644,7 +644,7 @@ channel_post_port_listener(Channel *c, fd_set * readset, fd_set * writeset) | |||
644 | packet_put_int(c->host_port); | 644 | packet_put_int(c->host_port); |
645 | } | 645 | } |
646 | /* originator host and port */ | 646 | /* originator host and port */ |
647 | packet_put_cstring(remote_hostname); | 647 | packet_put_cstring(remote_ipaddr); |
648 | packet_put_int(remote_port); | 648 | packet_put_int(remote_port); |
649 | packet_send(); | 649 | packet_send(); |
650 | } else { | 650 | } else { |
@@ -657,7 +657,7 @@ channel_post_port_listener(Channel *c, fd_set * readset, fd_set * writeset) | |||
657 | } | 657 | } |
658 | packet_send(); | 658 | packet_send(); |
659 | } | 659 | } |
660 | xfree(remote_hostname); | 660 | xfree(remote_ipaddr); |
661 | } | 661 | } |
662 | } | 662 | } |
663 | 663 | ||
diff --git a/contrib/caldera/openssh.spec b/contrib/caldera/openssh.spec index 557770d76..6bba4d36a 100644 --- a/contrib/caldera/openssh.spec +++ b/contrib/caldera/openssh.spec | |||
@@ -253,9 +253,13 @@ fi | |||
253 | %attr(4755,root,root) %{_bindir}/ssh | 253 | %attr(4755,root,root) %{_bindir}/ssh |
254 | %attr(0755,root,root) %{_bindir}/ssh-agent | 254 | %attr(0755,root,root) %{_bindir}/ssh-agent |
255 | %attr(0755,root,root) %{_bindir}/ssh-add | 255 | %attr(0755,root,root) %{_bindir}/ssh-add |
256 | %attr(0755,root,root) %{_bindir}/ssh-keyscan | ||
257 | %attr(0755,root,root) %{_bindir}/sftp | ||
256 | %attr(0644,root,root) %{_mandir}/man1/ssh.1* | 258 | %attr(0644,root,root) %{_mandir}/man1/ssh.1* |
257 | %attr(0644,root,root) %{_mandir}/man1/ssh-agent.1* | 259 | %attr(0644,root,root) %{_mandir}/man1/ssh-agent.1* |
258 | %attr(0644,root,root) %{_mandir}/man1/ssh-add.1* | 260 | %attr(0644,root,root) %{_mandir}/man1/ssh-add.1* |
261 | %attr(0644,root,root) %{_mandir}/man1/ssh-keyscan.1* | ||
262 | %attr(0644,root,root) %{_mandir}/man1/sftp.1* | ||
259 | %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh_config | 263 | %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh_config |
260 | %attr(-,root,root) %{_bindir}/slogin | 264 | %attr(-,root,root) %{_bindir}/slogin |
261 | %attr(-,root,root) %{_mandir}/man1/slogin.1* | 265 | %attr(-,root,root) %{_mandir}/man1/slogin.1* |
diff --git a/contrib/redhat/openssh.spec b/contrib/redhat/openssh.spec index 482306f8b..c6574a279 100644 --- a/contrib/redhat/openssh.spec +++ b/contrib/redhat/openssh.spec | |||
@@ -223,9 +223,13 @@ fi | |||
223 | %attr(4755,root,root) %{_bindir}/ssh | 223 | %attr(4755,root,root) %{_bindir}/ssh |
224 | %attr(0755,root,root) %{_bindir}/ssh-agent | 224 | %attr(0755,root,root) %{_bindir}/ssh-agent |
225 | %attr(0755,root,root) %{_bindir}/ssh-add | 225 | %attr(0755,root,root) %{_bindir}/ssh-add |
226 | %attr(0755,root,root) %{_bindir}/ssh-keyscan | ||
227 | %attr(0755,root,root) %{_bindir}/sftp | ||
226 | %attr(0644,root,root) %{_mandir}/man1/ssh.1* | 228 | %attr(0644,root,root) %{_mandir}/man1/ssh.1* |
227 | %attr(0644,root,root) %{_mandir}/man1/ssh-agent.1* | 229 | %attr(0644,root,root) %{_mandir}/man1/ssh-agent.1* |
228 | %attr(0644,root,root) %{_mandir}/man1/ssh-add.1* | 230 | %attr(0644,root,root) %{_mandir}/man1/ssh-add.1* |
231 | %attr(0644,root,root) %{_mandir}/man1/ssh-keyscan.1* | ||
232 | %attr(0644,root,root) %{_mandir}/man1/sftp.1* | ||
229 | %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh_config | 233 | %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh_config |
230 | %attr(-,root,root) %{_bindir}/slogin | 234 | %attr(-,root,root) %{_bindir}/slogin |
231 | %attr(-,root,root) %{_mandir}/man1/slogin.1* | 235 | %attr(-,root,root) %{_mandir}/man1/slogin.1* |
diff --git a/contrib/suse/openssh.spec b/contrib/suse/openssh.spec index b4cc2d92f..01ff204e0 100644 --- a/contrib/suse/openssh.spec +++ b/contrib/suse/openssh.spec | |||
@@ -180,6 +180,8 @@ fi | |||
180 | %attr(-,root,root) /usr/bin/slogin | 180 | %attr(-,root,root) /usr/bin/slogin |
181 | %attr(0755,root,root) /usr/bin/ssh-agent | 181 | %attr(0755,root,root) /usr/bin/ssh-agent |
182 | %attr(0755,root,root) /usr/bin/ssh-add | 182 | %attr(0755,root,root) /usr/bin/ssh-add |
183 | %attr(0755,root,root) /usr/bin/ssh-keyscan | ||
184 | %attr(0755,root,root) /usr/bin/sftp | ||
183 | %attr(0755,root,root) /usr/sbin/sshd | 185 | %attr(0755,root,root) /usr/sbin/sshd |
184 | %attr(-,root,root) /usr/sbin/rcsshd | 186 | %attr(-,root,root) /usr/sbin/rcsshd |
185 | %attr(0755,root,root) %dir /usr/lib/ssh | 187 | %attr(0755,root,root) %dir /usr/lib/ssh |
@@ -9,7 +9,7 @@ | |||
9 | .\" | 9 | .\" |
10 | .\" Created: Sun May 7 00:14:37 1995 ylo | 10 | .\" Created: Sun May 7 00:14:37 1995 ylo |
11 | .\" | 11 | .\" |
12 | .\" $OpenBSD: scp.1,v 1.13 2000/10/16 09:38:44 djm Exp $ | 12 | .\" $OpenBSD: scp.1,v 1.14 2001/02/04 11:11:53 djm Exp $ |
13 | .\" | 13 | .\" |
14 | .Dd September 25, 1999 | 14 | .Dd September 25, 1999 |
15 | .Dt SCP 1 | 15 | .Dt SCP 1 |
@@ -129,6 +129,7 @@ program in BSD source code from the Regents of the University of | |||
129 | California. | 129 | California. |
130 | .Sh SEE ALSO | 130 | .Sh SEE ALSO |
131 | .Xr rcp 1 , | 131 | .Xr rcp 1 , |
132 | .Xr sftp 1 , | ||
132 | .Xr ssh 1 , | 133 | .Xr ssh 1 , |
133 | .Xr ssh-add 1 , | 134 | .Xr ssh-add 1 , |
134 | .Xr ssh-agent 1 , | 135 | .Xr ssh-agent 1 , |
diff --git a/servconf.c b/servconf.c index 9f292b6a5..5fa41e028 100644 --- a/servconf.c +++ b/servconf.c | |||
@@ -10,7 +10,7 @@ | |||
10 | */ | 10 | */ |
11 | 11 | ||
12 | #include "includes.h" | 12 | #include "includes.h" |
13 | RCSID("$OpenBSD: servconf.c,v 1.63 2001/01/22 23:06:39 markus Exp $"); | 13 | RCSID("$OpenBSD: servconf.c,v 1.64 2001/02/03 10:08:37 markus Exp $"); |
14 | 14 | ||
15 | #ifdef KRB4 | 15 | #ifdef KRB4 |
16 | #include <krb.h> | 16 | #include <krb.h> |
@@ -92,6 +92,7 @@ initialize_server_options(ServerOptions *options) | |||
92 | options->max_startups_rate = -1; | 92 | options->max_startups_rate = -1; |
93 | options->max_startups = -1; | 93 | options->max_startups = -1; |
94 | options->banner = NULL; | 94 | options->banner = NULL; |
95 | options->reverse_mapping_check = -1; | ||
95 | } | 96 | } |
96 | 97 | ||
97 | void | 98 | void |
@@ -186,6 +187,8 @@ fill_default_server_options(ServerOptions *options) | |||
186 | options->max_startups_rate = 100; /* 100% */ | 187 | options->max_startups_rate = 100; /* 100% */ |
187 | if (options->max_startups_begin == -1) | 188 | if (options->max_startups_begin == -1) |
188 | options->max_startups_begin = options->max_startups; | 189 | options->max_startups_begin = options->max_startups; |
190 | if (options->reverse_mapping_check == -1) | ||
191 | options->reverse_mapping_check = 0; | ||
189 | } | 192 | } |
190 | 193 | ||
191 | /* Keyword tokens. */ | 194 | /* Keyword tokens. */ |
@@ -208,7 +211,7 @@ typedef enum { | |||
208 | sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, | 211 | sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, |
209 | sIgnoreUserKnownHosts, sCiphers, sProtocol, sPidFile, | 212 | sIgnoreUserKnownHosts, sCiphers, sProtocol, sPidFile, |
210 | sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups, | 213 | sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups, |
211 | sBanner | 214 | sBanner, sReverseMappingCheck |
212 | } ServerOpCodes; | 215 | } ServerOpCodes; |
213 | 216 | ||
214 | /* Textual representation of the tokens. */ | 217 | /* Textual representation of the tokens. */ |
@@ -268,6 +271,7 @@ static struct { | |||
268 | { "subsystem", sSubsystem }, | 271 | { "subsystem", sSubsystem }, |
269 | { "maxstartups", sMaxStartups }, | 272 | { "maxstartups", sMaxStartups }, |
270 | { "banner", sBanner }, | 273 | { "banner", sBanner }, |
274 | { "reversemappingcheck", sReverseMappingCheck }, | ||
271 | { NULL, 0 } | 275 | { NULL, 0 } |
272 | }; | 276 | }; |
273 | 277 | ||
@@ -577,6 +581,10 @@ parse_flag: | |||
577 | intptr = &options->gateway_ports; | 581 | intptr = &options->gateway_ports; |
578 | goto parse_flag; | 582 | goto parse_flag; |
579 | 583 | ||
584 | case sReverseMappingCheck: | ||
585 | intptr = &options->reverse_mapping_check; | ||
586 | goto parse_flag; | ||
587 | |||
580 | case sLogFacility: | 588 | case sLogFacility: |
581 | intptr = (int *) &options->log_facility; | 589 | intptr = (int *) &options->log_facility; |
582 | arg = strdelim(&cp); | 590 | arg = strdelim(&cp); |
diff --git a/servconf.h b/servconf.h index e31636701..e7abb94d8 100644 --- a/servconf.h +++ b/servconf.h | |||
@@ -11,7 +11,7 @@ | |||
11 | * called by a name other than "ssh" or "Secure Shell". | 11 | * called by a name other than "ssh" or "Secure Shell". |
12 | */ | 12 | */ |
13 | 13 | ||
14 | /* RCSID("$OpenBSD: servconf.h,v 1.35 2001/01/22 23:06:40 markus Exp $"); */ | 14 | /* RCSID("$OpenBSD: servconf.h,v 1.36 2001/02/03 10:08:37 markus Exp $"); */ |
15 | 15 | ||
16 | #ifndef SERVCONF_H | 16 | #ifndef SERVCONF_H |
17 | #define SERVCONF_H | 17 | #define SERVCONF_H |
@@ -102,6 +102,7 @@ typedef struct { | |||
102 | int max_startups_rate; | 102 | int max_startups_rate; |
103 | int max_startups; | 103 | int max_startups; |
104 | char *banner; /* SSH-2 banner message */ | 104 | char *banner; /* SSH-2 banner message */ |
105 | int reverse_mapping_check; /* cross-check ip and dns */ | ||
105 | 106 | ||
106 | } ServerOptions; | 107 | } ServerOptions; |
107 | /* | 108 | /* |
@@ -33,7 +33,7 @@ | |||
33 | */ | 33 | */ |
34 | 34 | ||
35 | #include "includes.h" | 35 | #include "includes.h" |
36 | RCSID("$OpenBSD: session.c,v 1.51 2001/01/21 19:05:56 markus Exp $"); | 36 | RCSID("$OpenBSD: session.c,v 1.52 2001/02/03 10:08:37 markus Exp $"); |
37 | 37 | ||
38 | #include "ssh.h" | 38 | #include "ssh.h" |
39 | #include "ssh1.h" | 39 | #include "ssh1.h" |
@@ -683,7 +683,7 @@ get_remote_name_or_ip(void) | |||
683 | { | 683 | { |
684 | static const char *remote = ""; | 684 | static const char *remote = ""; |
685 | if (utmp_len > 0) | 685 | if (utmp_len > 0) |
686 | remote = get_canonical_hostname(); | 686 | remote = get_canonical_hostname(options.reverse_mapping_check); |
687 | if (utmp_len == 0 || strlen(remote) > utmp_len) | 687 | if (utmp_len == 0 || strlen(remote) > utmp_len) |
688 | remote = get_remote_ipaddr(); | 688 | remote = get_remote_ipaddr(); |
689 | return remote; | 689 | return remote; |
@@ -1061,7 +1061,7 @@ do_child(const char *command, struct passwd * pw, const char *term, | |||
1061 | #ifdef HAVE_OSF_SIA | 1061 | #ifdef HAVE_OSF_SIA |
1062 | extern char **saved_argv; | 1062 | extern char **saved_argv; |
1063 | extern int saved_argc; | 1063 | extern int saved_argc; |
1064 | char *host = get_canonical_hostname (); | 1064 | char *host = get_canonical_hostname(options.reverse_mapping_check); |
1065 | 1065 | ||
1066 | if (sia_become_user(NULL, saved_argc, saved_argv, host, | 1066 | if (sia_become_user(NULL, saved_argc, saved_argv, host, |
1067 | pw->pw_name, ttyname, 0, NULL, NULL, SIA_BEU_SETLUID) != | 1067 | pw->pw_name, ttyname, 0, NULL, NULL, SIA_BEU_SETLUID) != |
diff --git a/sftp-client.c b/sftp-client.c new file mode 100644 index 000000000..458d7364a --- /dev/null +++ b/sftp-client.c | |||
@@ -0,0 +1,792 @@ | |||
1 | /* | ||
2 | * Copyright (c) 2001 Damien Miller. All rights reserved. | ||
3 | * | ||
4 | * Redistribution and use in source and binary forms, with or without | ||
5 | * modification, are permitted provided that the following conditions | ||
6 | * are met: | ||
7 | * 1. Redistributions of source code must retain the above copyright | ||
8 | * notice, this list of conditions and the following disclaimer. | ||
9 | * 2. Redistributions in binary form must reproduce the above copyright | ||
10 | * notice, this list of conditions and the following disclaimer in the | ||
11 | * documentation and/or other materials provided with the distribution. | ||
12 | * | ||
13 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | ||
14 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | ||
15 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | ||
16 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | ||
17 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
18 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | ||
19 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | ||
20 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | ||
21 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | ||
22 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | ||
23 | */ | ||
24 | |||
25 | /* XXX: memleaks */ | ||
26 | /* XXX: signed vs unsigned */ | ||
27 | /* XXX: redesign to allow concurrent overlapped operations */ | ||
28 | /* XXX: we use fatal too much, error may be more appropriate in places */ | ||
29 | /* XXX: copy between two remote sites */ | ||
30 | |||
31 | #include "includes.h" | ||
32 | RCSID("$OpenBSD: sftp-client.c,v 1.1 2001/02/04 11:11:54 djm Exp $"); | ||
33 | |||
34 | #include "ssh.h" | ||
35 | #include "buffer.h" | ||
36 | #include "bufaux.h" | ||
37 | #include "getput.h" | ||
38 | #include "xmalloc.h" | ||
39 | #include "log.h" | ||
40 | #include "atomicio.h" | ||
41 | #include "pathnames.h" | ||
42 | |||
43 | #include "sftp.h" | ||
44 | #include "sftp-common.h" | ||
45 | #include "sftp-client.h" | ||
46 | |||
47 | /* How much data to read/write at at time during copies */ | ||
48 | /* XXX: what should this be? */ | ||
49 | #define COPY_SIZE 8192 | ||
50 | |||
51 | void | ||
52 | send_msg(int fd, Buffer *m) | ||
53 | { | ||
54 | int mlen = buffer_len(m); | ||
55 | int len; | ||
56 | Buffer oqueue; | ||
57 | |||
58 | buffer_init(&oqueue); | ||
59 | buffer_put_int(&oqueue, mlen); | ||
60 | buffer_append(&oqueue, buffer_ptr(m), mlen); | ||
61 | buffer_consume(m, mlen); | ||
62 | |||
63 | len = atomicio(write, fd, buffer_ptr(&oqueue), buffer_len(&oqueue)); | ||
64 | if (len <= 0) | ||
65 | fatal("Couldn't send packet: %s", strerror(errno)); | ||
66 | |||
67 | buffer_free(&oqueue); | ||
68 | } | ||
69 | |||
70 | void | ||
71 | get_msg(int fd, Buffer *m) | ||
72 | { | ||
73 | u_int len, msg_len; | ||
74 | unsigned char buf[4096]; | ||
75 | |||
76 | len = atomicio(read, fd, buf, 4); | ||
77 | if (len != 4) | ||
78 | fatal("Couldn't read packet: %s", strerror(errno)); | ||
79 | |||
80 | msg_len = GET_32BIT(buf); | ||
81 | if (msg_len > 256 * 1024) | ||
82 | fatal("Received message too long %d", msg_len); | ||
83 | |||
84 | while (msg_len) { | ||
85 | len = atomicio(read, fd, buf, MIN(msg_len, sizeof(buf))); | ||
86 | if (len <= 0) | ||
87 | fatal("Couldn't read packet: %s", strerror(errno)); | ||
88 | |||
89 | msg_len -= len; | ||
90 | buffer_append(m, buf, len); | ||
91 | } | ||
92 | } | ||
93 | |||
94 | void | ||
95 | send_string_request(int fd, u_int id, u_int code, char *s, | ||
96 | u_int len) | ||
97 | { | ||
98 | Buffer msg; | ||
99 | |||
100 | buffer_init(&msg); | ||
101 | buffer_put_char(&msg, code); | ||
102 | buffer_put_int(&msg, id); | ||
103 | buffer_put_string(&msg, s, len); | ||
104 | send_msg(fd, &msg); | ||
105 | debug3("Sent message fd %d T:%d I:%d", fd, code, id); | ||
106 | buffer_free(&msg); | ||
107 | } | ||
108 | |||
109 | void | ||
110 | send_string_attrs_request(int fd, u_int id, u_int code, char *s, | ||
111 | u_int len, Attrib *a) | ||
112 | { | ||
113 | Buffer msg; | ||
114 | |||
115 | buffer_init(&msg); | ||
116 | buffer_put_char(&msg, code); | ||
117 | buffer_put_int(&msg, id); | ||
118 | buffer_put_string(&msg, s, len); | ||
119 | encode_attrib(&msg, a); | ||
120 | send_msg(fd, &msg); | ||
121 | debug3("Sent message fd %d T:%d I:%d", fd, code, id); | ||
122 | buffer_free(&msg); | ||
123 | } | ||
124 | |||
125 | u_int | ||
126 | get_status(int fd, int expected_id) | ||
127 | { | ||
128 | Buffer msg; | ||
129 | u_int type, id, status; | ||
130 | |||
131 | buffer_init(&msg); | ||
132 | get_msg(fd, &msg); | ||
133 | type = buffer_get_char(&msg); | ||
134 | id = buffer_get_int(&msg); | ||
135 | |||
136 | if (id != expected_id) | ||
137 | fatal("ID mismatch (%d != %d)", id, expected_id); | ||
138 | if (type != SSH2_FXP_STATUS) | ||
139 | fatal("Expected SSH2_FXP_STATUS(%d) packet, got %d", | ||
140 | SSH2_FXP_STATUS, type); | ||
141 | |||
142 | status = buffer_get_int(&msg); | ||
143 | buffer_free(&msg); | ||
144 | |||
145 | debug3("SSH2_FXP_STATUS %d", status); | ||
146 | |||
147 | return(status); | ||
148 | } | ||
149 | |||
150 | char * | ||
151 | get_handle(int fd, u_int expected_id, u_int *len) | ||
152 | { | ||
153 | Buffer msg; | ||
154 | u_int type, id; | ||
155 | char *handle; | ||
156 | |||
157 | buffer_init(&msg); | ||
158 | get_msg(fd, &msg); | ||
159 | type = buffer_get_char(&msg); | ||
160 | id = buffer_get_int(&msg); | ||
161 | |||
162 | if (id != expected_id) | ||
163 | fatal("ID mismatch (%d != %d)", id, expected_id); | ||
164 | if (type == SSH2_FXP_STATUS) { | ||
165 | int status = buffer_get_int(&msg); | ||
166 | |||
167 | error("Couldn't get handle: %s", fx2txt(status)); | ||
168 | return(NULL); | ||
169 | } else if (type != SSH2_FXP_HANDLE) | ||
170 | fatal("Expected SSH2_FXP_HANDLE(%d) packet, got %d", | ||
171 | SSH2_FXP_HANDLE, type); | ||
172 | |||
173 | handle = buffer_get_string(&msg, len); | ||
174 | buffer_free(&msg); | ||
175 | |||
176 | return(handle); | ||
177 | } | ||
178 | |||
179 | Attrib * | ||
180 | get_decode_stat(int fd, u_int expected_id) | ||
181 | { | ||
182 | Buffer msg; | ||
183 | u_int type, id; | ||
184 | Attrib *a; | ||
185 | |||
186 | buffer_init(&msg); | ||
187 | get_msg(fd, &msg); | ||
188 | |||
189 | type = buffer_get_char(&msg); | ||
190 | id = buffer_get_int(&msg); | ||
191 | |||
192 | debug3("Received stat reply T:%d I:%d", type, id); | ||
193 | if (id != expected_id) | ||
194 | fatal("ID mismatch (%d != %d)", id, expected_id); | ||
195 | if (type == SSH2_FXP_STATUS) { | ||
196 | int status = buffer_get_int(&msg); | ||
197 | |||
198 | error("Couldn't stat remote file: %s", fx2txt(status)); | ||
199 | return(NULL); | ||
200 | } else if (type != SSH2_FXP_ATTRS) { | ||
201 | fatal("Expected SSH2_FXP_ATTRS(%d) packet, got %d", | ||
202 | SSH2_FXP_ATTRS, type); | ||
203 | } | ||
204 | a = decode_attrib(&msg); | ||
205 | buffer_free(&msg); | ||
206 | |||
207 | return(a); | ||
208 | } | ||
209 | |||
210 | int | ||
211 | do_init(int fd_in, int fd_out) | ||
212 | { | ||
213 | int type, version; | ||
214 | Buffer msg; | ||
215 | |||
216 | buffer_init(&msg); | ||
217 | buffer_put_char(&msg, SSH2_FXP_INIT); | ||
218 | buffer_put_int(&msg, SSH2_FILEXFER_VERSION); | ||
219 | send_msg(fd_out, &msg); | ||
220 | |||
221 | buffer_clear(&msg); | ||
222 | |||
223 | get_msg(fd_in, &msg); | ||
224 | |||
225 | /* Expecting a VERSION reply */ | ||
226 | if ((type = buffer_get_char(&msg)) != SSH2_FXP_VERSION) { | ||
227 | error("Invalid packet back from SSH2_FXP_INIT (type %d)", | ||
228 | type); | ||
229 | buffer_free(&msg); | ||
230 | return(-1); | ||
231 | } | ||
232 | version = buffer_get_int(&msg); | ||
233 | |||
234 | debug2("Remote version: %d", version); | ||
235 | |||
236 | /* Check for extensions */ | ||
237 | while (buffer_len(&msg) > 0) { | ||
238 | char *name = buffer_get_string(&msg, NULL); | ||
239 | char *value = buffer_get_string(&msg, NULL); | ||
240 | |||
241 | debug2("Init extension: \"%s\"", name); | ||
242 | xfree(name); | ||
243 | xfree(value); | ||
244 | } | ||
245 | |||
246 | buffer_free(&msg); | ||
247 | return(0); | ||
248 | } | ||
249 | |||
250 | int | ||
251 | do_close(int fd_in, int fd_out, char *handle, u_int handle_len) | ||
252 | { | ||
253 | u_int id, status; | ||
254 | Buffer msg; | ||
255 | |||
256 | buffer_init(&msg); | ||
257 | |||
258 | id = arc4random(); | ||
259 | buffer_put_char(&msg, SSH2_FXP_CLOSE); | ||
260 | buffer_put_int(&msg, id); | ||
261 | buffer_put_string(&msg, handle, handle_len); | ||
262 | send_msg(fd_out, &msg); | ||
263 | debug3("Sent message SSH2_FXP_CLOSE I:%d", id); | ||
264 | |||
265 | status = get_status(fd_in, id); | ||
266 | if (status != SSH2_FX_OK) | ||
267 | error("Couldn't close file: %s", fx2txt(status)); | ||
268 | |||
269 | buffer_free(&msg); | ||
270 | |||
271 | return(status); | ||
272 | } | ||
273 | |||
274 | int | ||
275 | do_ls(int fd_in, int fd_out, char *path) | ||
276 | { | ||
277 | Buffer msg; | ||
278 | u_int type, id, handle_len, i, expected_id; | ||
279 | char *handle; | ||
280 | |||
281 | id = arc4random(); | ||
282 | |||
283 | buffer_init(&msg); | ||
284 | buffer_put_char(&msg, SSH2_FXP_OPENDIR); | ||
285 | buffer_put_int(&msg, id); | ||
286 | buffer_put_cstring(&msg, path); | ||
287 | send_msg(fd_out, &msg); | ||
288 | |||
289 | buffer_clear(&msg); | ||
290 | |||
291 | handle = get_handle(fd_in, id, &handle_len); | ||
292 | if (handle == NULL) | ||
293 | return(-1); | ||
294 | |||
295 | for(;;) { | ||
296 | int count; | ||
297 | |||
298 | expected_id = ++id; | ||
299 | |||
300 | debug3("Sending SSH2_FXP_READDIR I:%d", id); | ||
301 | |||
302 | buffer_clear(&msg); | ||
303 | buffer_put_char(&msg, SSH2_FXP_READDIR); | ||
304 | buffer_put_int(&msg, id); | ||
305 | buffer_put_string(&msg, handle, handle_len); | ||
306 | send_msg(fd_out, &msg); | ||
307 | |||
308 | buffer_clear(&msg); | ||
309 | |||
310 | get_msg(fd_in, &msg); | ||
311 | |||
312 | type = buffer_get_char(&msg); | ||
313 | id = buffer_get_int(&msg); | ||
314 | |||
315 | debug3("Received reply T:%d I:%d", type, id); | ||
316 | |||
317 | if (id != expected_id) | ||
318 | fatal("ID mismatch (%d != %d)", id, expected_id); | ||
319 | |||
320 | if (type == SSH2_FXP_STATUS) { | ||
321 | int status = buffer_get_int(&msg); | ||
322 | |||
323 | debug3("Received SSH2_FXP_STATUS %d", status); | ||
324 | |||
325 | if (status == SSH2_FX_EOF) { | ||
326 | break; | ||
327 | } else { | ||
328 | error("Couldn't read directory: %s", | ||
329 | fx2txt(status)); | ||
330 | do_close(fd_in, fd_out, handle, handle_len); | ||
331 | return(NULL); | ||
332 | } | ||
333 | } else if (type != SSH2_FXP_NAME) | ||
334 | fatal("Expected SSH2_FXP_NAME(%d) packet, got %d", | ||
335 | SSH2_FXP_NAME, type); | ||
336 | |||
337 | count = buffer_get_int(&msg); | ||
338 | debug3("Received %i SSH2_FXP_NAME responses", count); | ||
339 | for(i = 0; i < count; i++) { | ||
340 | char *filename, *longname; | ||
341 | Attrib *a; | ||
342 | |||
343 | filename = buffer_get_string(&msg, NULL); | ||
344 | longname = buffer_get_string(&msg, NULL); | ||
345 | a = decode_attrib(&msg); | ||
346 | |||
347 | printf("%s\n", longname); | ||
348 | |||
349 | xfree(filename); | ||
350 | xfree(longname); | ||
351 | } | ||
352 | } | ||
353 | |||
354 | buffer_free(&msg); | ||
355 | do_close(fd_in, fd_out, handle, handle_len); | ||
356 | xfree(handle); | ||
357 | |||
358 | return(0); | ||
359 | } | ||
360 | |||
361 | int | ||
362 | do_rm(int fd_in, int fd_out, char *path) | ||
363 | { | ||
364 | u_int status, id; | ||
365 | |||
366 | debug2("Sending SSH2_FXP_REMOVE \"%s\"", path); | ||
367 | |||
368 | id = arc4random(); | ||
369 | send_string_request(fd_out, id, SSH2_FXP_REMOVE, path, strlen(path)); | ||
370 | status = get_status(fd_in, id); | ||
371 | if (status != SSH2_FX_OK) | ||
372 | error("Couldn't delete file: %s", fx2txt(status)); | ||
373 | return(status); | ||
374 | } | ||
375 | |||
376 | int | ||
377 | do_mkdir(int fd_in, int fd_out, char *path, Attrib *a) | ||
378 | { | ||
379 | u_int status, id; | ||
380 | |||
381 | id = arc4random(); | ||
382 | send_string_attrs_request(fd_out, id, SSH2_FXP_MKDIR, path, | ||
383 | strlen(path), a); | ||
384 | |||
385 | status = get_status(fd_in, id); | ||
386 | if (status != SSH2_FX_OK) | ||
387 | error("Couldn't create directory: %s", fx2txt(status)); | ||
388 | |||
389 | return(status); | ||
390 | } | ||
391 | |||
392 | int | ||
393 | do_rmdir(int fd_in, int fd_out, char *path) | ||
394 | { | ||
395 | u_int status, id; | ||
396 | |||
397 | id = arc4random(); | ||
398 | send_string_request(fd_out, id, SSH2_FXP_RMDIR, path, strlen(path)); | ||
399 | |||
400 | status = get_status(fd_in, id); | ||
401 | if (status != SSH2_FX_OK) | ||
402 | error("Couldn't remove directory: %s", fx2txt(status)); | ||
403 | |||
404 | return(status); | ||
405 | } | ||
406 | |||
407 | Attrib * | ||
408 | do_stat(int fd_in, int fd_out, char *path) | ||
409 | { | ||
410 | u_int id; | ||
411 | |||
412 | id = arc4random(); | ||
413 | send_string_request(fd_out, id, SSH2_FXP_STAT, path, strlen(path)); | ||
414 | return(get_decode_stat(fd_in, id)); | ||
415 | } | ||
416 | |||
417 | Attrib * | ||
418 | do_lstat(int fd_in, int fd_out, char *path) | ||
419 | { | ||
420 | u_int id; | ||
421 | |||
422 | id = arc4random(); | ||
423 | send_string_request(fd_out, id, SSH2_FXP_LSTAT, path, strlen(path)); | ||
424 | return(get_decode_stat(fd_in, id)); | ||
425 | } | ||
426 | |||
427 | Attrib * | ||
428 | do_fstat(int fd_in, int fd_out, char *handle, | ||
429 | u_int handle_len) | ||
430 | { | ||
431 | u_int id; | ||
432 | |||
433 | id = arc4random(); | ||
434 | send_string_request(fd_out, id, SSH2_FXP_FSTAT, handle, handle_len); | ||
435 | return(get_decode_stat(fd_in, id)); | ||
436 | } | ||
437 | |||
438 | int | ||
439 | do_setstat(int fd_in, int fd_out, char *path, Attrib *a) | ||
440 | { | ||
441 | u_int status, id; | ||
442 | |||
443 | id = arc4random(); | ||
444 | send_string_attrs_request(fd_out, id, SSH2_FXP_SETSTAT, path, | ||
445 | strlen(path), a); | ||
446 | |||
447 | status = get_status(fd_in, id); | ||
448 | if (status != SSH2_FX_OK) | ||
449 | error("Couldn't setstat on \"%s\": %s", path, | ||
450 | fx2txt(status)); | ||
451 | |||
452 | return(status); | ||
453 | } | ||
454 | |||
455 | int | ||
456 | do_fsetstat(int fd_in, int fd_out, char *handle, u_int handle_len, | ||
457 | Attrib *a) | ||
458 | { | ||
459 | u_int status, id; | ||
460 | |||
461 | id = arc4random(); | ||
462 | send_string_attrs_request(fd_out, id, SSH2_FXP_FSETSTAT, handle, | ||
463 | handle_len, a); | ||
464 | |||
465 | status = get_status(fd_in, id); | ||
466 | if (status != SSH2_FX_OK) | ||
467 | error("Couldn't fsetstat: %s", fx2txt(status)); | ||
468 | |||
469 | return(status); | ||
470 | } | ||
471 | |||
472 | char * | ||
473 | do_realpath(int fd_in, int fd_out, char *path) | ||
474 | { | ||
475 | Buffer msg; | ||
476 | u_int type, expected_id, count, id; | ||
477 | char *filename, *longname; | ||
478 | Attrib *a; | ||
479 | |||
480 | expected_id = id = arc4random(); | ||
481 | send_string_request(fd_out, id, SSH2_FXP_REALPATH, path, | ||
482 | strlen(path)); | ||
483 | |||
484 | buffer_init(&msg); | ||
485 | |||
486 | get_msg(fd_in, &msg); | ||
487 | type = buffer_get_char(&msg); | ||
488 | id = buffer_get_int(&msg); | ||
489 | |||
490 | if (id != expected_id) | ||
491 | fatal("ID mismatch (%d != %d)", id, expected_id); | ||
492 | |||
493 | if (type == SSH2_FXP_STATUS) { | ||
494 | u_int status = buffer_get_int(&msg); | ||
495 | |||
496 | error("Couldn't canonicalise: %s", fx2txt(status)); | ||
497 | return(NULL); | ||
498 | } else if (type != SSH2_FXP_NAME) | ||
499 | fatal("Expected SSH2_FXP_NAME(%d) packet, got %d", | ||
500 | SSH2_FXP_NAME, type); | ||
501 | |||
502 | count = buffer_get_int(&msg); | ||
503 | if (count != 1) | ||
504 | fatal("Got multiple names (%d) from SSH_FXP_REALPATH", count); | ||
505 | |||
506 | filename = buffer_get_string(&msg, NULL); | ||
507 | longname = buffer_get_string(&msg, NULL); | ||
508 | a = decode_attrib(&msg); | ||
509 | |||
510 | debug3("SSH_FXP_REALPATH %s -> %s", path, filename); | ||
511 | |||
512 | xfree(longname); | ||
513 | |||
514 | buffer_free(&msg); | ||
515 | |||
516 | return(filename); | ||
517 | } | ||
518 | |||
519 | int | ||
520 | do_rename(int fd_in, int fd_out, char *oldpath, char *newpath) | ||
521 | { | ||
522 | Buffer msg; | ||
523 | u_int status, id; | ||
524 | |||
525 | buffer_init(&msg); | ||
526 | |||
527 | /* Send rename request */ | ||
528 | id = arc4random(); | ||
529 | buffer_put_char(&msg, SSH2_FXP_RENAME); | ||
530 | buffer_put_int(&msg, id); | ||
531 | buffer_put_cstring(&msg, oldpath); | ||
532 | buffer_put_cstring(&msg, newpath); | ||
533 | send_msg(fd_out, &msg); | ||
534 | debug3("Sent message SSH2_FXP_RENAME \"%s\" -> \"%s\"", oldpath, | ||
535 | newpath); | ||
536 | buffer_free(&msg); | ||
537 | |||
538 | status = get_status(fd_in, id); | ||
539 | if (status != SSH2_FX_OK) | ||
540 | error("Couldn't rename file \"%s\" to \"%s\": %s", oldpath, newpath, | ||
541 | fx2txt(status)); | ||
542 | |||
543 | return(status); | ||
544 | } | ||
545 | |||
546 | int | ||
547 | do_download(int fd_in, int fd_out, char *remote_path, char *local_path, | ||
548 | int pflag) | ||
549 | { | ||
550 | int local_fd; | ||
551 | u_int expected_id, handle_len, mode, type, id; | ||
552 | u_int64_t offset; | ||
553 | char *handle; | ||
554 | Buffer msg; | ||
555 | Attrib junk, *a; | ||
556 | |||
557 | a = do_stat(fd_in, fd_out, remote_path); | ||
558 | if (a == NULL) | ||
559 | return(-1); | ||
560 | |||
561 | /* XXX: should we preserve set[ug]id? */ | ||
562 | if (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) | ||
563 | mode = S_IWRITE | (a->perm & 0777); | ||
564 | else | ||
565 | mode = 0666; | ||
566 | |||
567 | local_fd = open(local_path, O_WRONLY | O_CREAT | O_TRUNC, mode); | ||
568 | if (local_fd == -1) { | ||
569 | error("Couldn't open local file \"%s\" for writing: %s", | ||
570 | local_path, strerror(errno)); | ||
571 | return(errno); | ||
572 | } | ||
573 | |||
574 | /* Override umask and utimes if asked */ | ||
575 | if (pflag && fchmod(local_fd, mode) == -1) | ||
576 | error("Couldn't set mode on \"%s\": %s", local_path, | ||
577 | strerror(errno)); | ||
578 | if (pflag && (a->flags & SSH2_FILEXFER_ATTR_ACMODTIME)) { | ||
579 | struct timeval tv; | ||
580 | |||
581 | tv.tv_sec = a->atime; | ||
582 | tv.tv_usec = a->mtime; | ||
583 | if (utimes(local_path, &tv) == -1) | ||
584 | error("Can't set times on \"%s\": %s", local_path, | ||
585 | strerror(errno)); | ||
586 | } | ||
587 | |||
588 | buffer_init(&msg); | ||
589 | |||
590 | /* Send open request */ | ||
591 | id = arc4random(); | ||
592 | buffer_put_char(&msg, SSH2_FXP_OPEN); | ||
593 | buffer_put_int(&msg, id); | ||
594 | buffer_put_cstring(&msg, remote_path); | ||
595 | buffer_put_int(&msg, SSH2_FXF_READ); | ||
596 | attrib_clear(&junk); /* Send empty attributes */ | ||
597 | encode_attrib(&msg, &junk); | ||
598 | send_msg(fd_out, &msg); | ||
599 | debug3("Sent message SSH2_FXP_OPEN I:%d P:%s", id, remote_path); | ||
600 | |||
601 | handle = get_handle(fd_in, id, &handle_len); | ||
602 | if (handle == NULL) { | ||
603 | buffer_free(&msg); | ||
604 | close(local_fd); | ||
605 | return(-1); | ||
606 | } | ||
607 | |||
608 | /* Read from remote and write to local */ | ||
609 | offset = 0; | ||
610 | for(;;) { | ||
611 | u_int len; | ||
612 | char *data; | ||
613 | |||
614 | expected_id = ++id; | ||
615 | |||
616 | buffer_clear(&msg); | ||
617 | buffer_put_char(&msg, SSH2_FXP_READ); | ||
618 | buffer_put_int(&msg, id); | ||
619 | buffer_put_string(&msg, handle, handle_len); | ||
620 | buffer_put_int64(&msg, offset); | ||
621 | buffer_put_int(&msg, COPY_SIZE); | ||
622 | send_msg(fd_out, &msg); | ||
623 | debug3("Sent message SSH2_FXP_READ I:%d O:%llu S:%u", | ||
624 | id, offset, COPY_SIZE); | ||
625 | |||
626 | buffer_clear(&msg); | ||
627 | |||
628 | get_msg(fd_in, &msg); | ||
629 | type = buffer_get_char(&msg); | ||
630 | id = buffer_get_int(&msg); | ||
631 | debug3("Received reply T:%d I:%d", type, id); | ||
632 | if (id != expected_id) | ||
633 | fatal("ID mismatch (%d != %d)", id, expected_id); | ||
634 | if (type == SSH2_FXP_STATUS) { | ||
635 | int status = buffer_get_int(&msg); | ||
636 | |||
637 | if (status == SSH2_FX_EOF) | ||
638 | break; | ||
639 | else { | ||
640 | error("Couldn't read from remote " | ||
641 | "file \"%s\" : %s", remote_path, | ||
642 | fx2txt(status)); | ||
643 | do_close(fd_in, fd_out, handle, handle_len); | ||
644 | xfree(handle); | ||
645 | close(local_fd); | ||
646 | buffer_free(&msg); | ||
647 | return(status); | ||
648 | } | ||
649 | } else if (type != SSH2_FXP_DATA) { | ||
650 | fatal("Expected SSH2_FXP_DATA(%d) packet, got %d", | ||
651 | SSH2_FXP_DATA, type); | ||
652 | } | ||
653 | |||
654 | data = buffer_get_string(&msg, &len); | ||
655 | if (len > COPY_SIZE) | ||
656 | fatal("Received more data than asked for %d > %d", | ||
657 | len, COPY_SIZE); | ||
658 | |||
659 | debug3("In read loop, got %d offset %lld", len, offset); | ||
660 | if (atomicio(write, local_fd, data, len) != len) { | ||
661 | error("Couldn't write to \"%s\": %s", local_path, | ||
662 | strerror(errno)); | ||
663 | do_close(fd_in, fd_out, handle, handle_len); | ||
664 | xfree(handle); | ||
665 | close(local_fd); | ||
666 | xfree(data); | ||
667 | buffer_free(&msg); | ||
668 | return(-1); | ||
669 | } | ||
670 | |||
671 | offset += len; | ||
672 | xfree(data); | ||
673 | } | ||
674 | xfree(handle); | ||
675 | buffer_free(&msg); | ||
676 | close(local_fd); | ||
677 | |||
678 | return(do_close(fd_in, fd_out, handle, handle_len)); | ||
679 | } | ||
680 | |||
681 | int | ||
682 | do_upload(int fd_in, int fd_out, char *local_path, char *remote_path, | ||
683 | int pflag) | ||
684 | { | ||
685 | int local_fd; | ||
686 | u_int handle_len, id; | ||
687 | u_int64_t offset; | ||
688 | char *handle; | ||
689 | Buffer msg; | ||
690 | struct stat sb; | ||
691 | Attrib a; | ||
692 | |||
693 | if ((local_fd = open(local_path, O_RDONLY, 0)) == -1) { | ||
694 | error("Couldn't open local file \"%s\" for reading: %s", | ||
695 | local_path, strerror(errno)); | ||
696 | return(-1); | ||
697 | } | ||
698 | if (fstat(local_fd, &sb) == -1) { | ||
699 | error("Couldn't fstat local file \"%s\": %s", | ||
700 | local_path, strerror(errno)); | ||
701 | close(local_fd); | ||
702 | return(-1); | ||
703 | } | ||
704 | stat_to_attrib(&sb, &a); | ||
705 | |||
706 | a.flags &= ~SSH2_FILEXFER_ATTR_SIZE; | ||
707 | a.flags &= ~SSH2_FILEXFER_ATTR_UIDGID; | ||
708 | a.perm &= 0777; | ||
709 | if (!pflag) | ||
710 | a.flags &= ~SSH2_FILEXFER_ATTR_ACMODTIME; | ||
711 | |||
712 | buffer_init(&msg); | ||
713 | |||
714 | /* Send open request */ | ||
715 | id = arc4random(); | ||
716 | buffer_put_char(&msg, SSH2_FXP_OPEN); | ||
717 | buffer_put_int(&msg, id); | ||
718 | buffer_put_cstring(&msg, remote_path); | ||
719 | buffer_put_int(&msg, SSH2_FXF_WRITE|SSH2_FXF_CREAT|SSH2_FXF_TRUNC); | ||
720 | encode_attrib(&msg, &a); | ||
721 | send_msg(fd_out, &msg); | ||
722 | debug3("Sent message SSH2_FXP_OPEN I:%d P:%s", id, remote_path); | ||
723 | |||
724 | buffer_clear(&msg); | ||
725 | |||
726 | handle = get_handle(fd_in, id, &handle_len); | ||
727 | if (handle == NULL) { | ||
728 | close(local_fd); | ||
729 | buffer_free(&msg); | ||
730 | return(-1); | ||
731 | } | ||
732 | |||
733 | /* Override umask and utimes if asked */ | ||
734 | if (pflag) | ||
735 | do_fsetstat(fd_in, fd_out, handle, handle_len, &a); | ||
736 | |||
737 | /* Read from local and write to remote */ | ||
738 | offset = 0; | ||
739 | for(;;) { | ||
740 | int len; | ||
741 | char data[COPY_SIZE]; | ||
742 | u_int status; | ||
743 | |||
744 | /* | ||
745 | * Can't use atomicio here because it returns 0 on EOF, thus losing | ||
746 | * the last block of the file | ||
747 | */ | ||
748 | do | ||
749 | len = read(local_fd, data, COPY_SIZE); | ||
750 | while ((len == -1) && (errno == EINTR || errno == EAGAIN)); | ||
751 | |||
752 | if (len == -1) | ||
753 | fatal("Couldn't read from \"%s\": %s", local_path, | ||
754 | strerror(errno)); | ||
755 | if (len == 0) | ||
756 | break; | ||
757 | |||
758 | buffer_clear(&msg); | ||
759 | buffer_put_char(&msg, SSH2_FXP_WRITE); | ||
760 | buffer_put_int(&msg, ++id); | ||
761 | buffer_put_string(&msg, handle, handle_len); | ||
762 | buffer_put_int64(&msg, offset); | ||
763 | buffer_put_string(&msg, data, len); | ||
764 | send_msg(fd_out, &msg); | ||
765 | debug3("Sent message SSH2_FXP_WRITE I:%d O:%llu S:%u", | ||
766 | id, offset, len); | ||
767 | |||
768 | status = get_status(fd_in, id); | ||
769 | if (status != SSH2_FX_OK) { | ||
770 | error("Couldn't write to remote file \"%s\": %s", | ||
771 | remote_path, fx2txt(status)); | ||
772 | do_close(fd_in, fd_out, handle, handle_len); | ||
773 | xfree(handle); | ||
774 | close(local_fd); | ||
775 | return(-1); | ||
776 | } | ||
777 | debug3("In write loop, got %d offset %lld", len, offset); | ||
778 | |||
779 | offset += len; | ||
780 | } | ||
781 | xfree(handle); | ||
782 | buffer_free(&msg); | ||
783 | |||
784 | if (close(local_fd) == -1) { | ||
785 | error("Couldn't close local file \"%s\": %s", local_path, | ||
786 | strerror(errno)); | ||
787 | do_close(fd_in, fd_out, handle, handle_len); | ||
788 | return(-1); | ||
789 | } | ||
790 | |||
791 | return(do_close(fd_in, fd_out, handle, handle_len)); | ||
792 | } | ||
diff --git a/sftp-client.h b/sftp-client.h new file mode 100644 index 000000000..838b46b0b --- /dev/null +++ b/sftp-client.h | |||
@@ -0,0 +1,84 @@ | |||
1 | /* $OpenBSD: sftp-client.h,v 1.1 2001/02/04 11:11:54 djm Exp $ */ | ||
2 | |||
3 | /* | ||
4 | * Copyright (c) 2001 Damien Miller. All rights reserved. | ||
5 | * | ||
6 | * Redistribution and use in source and binary forms, with or without | ||
7 | * modification, are permitted provided that the following conditions | ||
8 | * are met: | ||
9 | * 1. Redistributions of source code must retain the above copyright | ||
10 | * notice, this list of conditions and the following disclaimer. | ||
11 | * 2. Redistributions in binary form must reproduce the above copyright | ||
12 | * notice, this list of conditions and the following disclaimer in the | ||
13 | * documentation and/or other materials provided with the distribution. | ||
14 | * | ||
15 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | ||
16 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | ||
17 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | ||
18 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | ||
19 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
20 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | ||
21 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | ||
22 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | ||
23 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | ||
24 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | ||
25 | */ | ||
26 | |||
27 | /* Client side of SSH2 filexfer protocol */ | ||
28 | |||
29 | /* Initialiase a SSH filexfer connection */ | ||
30 | int do_init(int fd_in, int fd_out); | ||
31 | |||
32 | /* Close file referred to by 'handle' */ | ||
33 | int do_close(int fd_in, int fd_out, char *handle, u_int handle_len); | ||
34 | |||
35 | /* List contents of directory 'path' to stdout */ | ||
36 | int do_ls(int fd_in, int fd_out, char *path); | ||
37 | |||
38 | /* Delete file 'path' */ | ||
39 | int do_rm(int fd_in, int fd_out, char *path); | ||
40 | |||
41 | /* Create directory 'path' */ | ||
42 | int do_mkdir(int fd_in, int fd_out, char *path, Attrib *a); | ||
43 | |||
44 | /* Remove directory 'path' */ | ||
45 | int do_rmdir(int fd_in, int fd_out, char *path); | ||
46 | |||
47 | /* Get file attributes of 'path' (follows symlinks) */ | ||
48 | Attrib *do_stat(int fd_in, int fd_out, char *path); | ||
49 | |||
50 | /* Get file attributes of 'path' (does not follow symlinks) */ | ||
51 | Attrib *do_lstat(int fd_in, int fd_out, char *path); | ||
52 | |||
53 | /* Get file attributes of open file 'handle' */ | ||
54 | Attrib *do_fstat(int fd_in, int fd_out, char *handle, | ||
55 | u_int handle_len); | ||
56 | |||
57 | /* Set file attributes of 'path' */ | ||
58 | int do_setstat(int fd_in, int fd_out, char *path, Attrib *a); | ||
59 | |||
60 | /* Set file attributes of open file 'handle' */ | ||
61 | int do_fsetstat(int fd_in, int fd_out, char *handle, | ||
62 | u_int handle_len, Attrib *a); | ||
63 | |||
64 | /* Canonicalise 'path' - caller must free result */ | ||
65 | char *do_realpath(int fd_in, int fd_out, char *path); | ||
66 | |||
67 | /* Rename 'oldpath' to 'newpath' */ | ||
68 | int do_rename(int fd_in, int fd_out, char *oldpath, char *newpath); | ||
69 | |||
70 | /* XXX: add callbacks to do_download/do_upload so we can do progress meter */ | ||
71 | |||
72 | /* | ||
73 | * Download 'remote_path' to 'local_path'. Preserve permissions and times | ||
74 | * if 'pflag' is set | ||
75 | */ | ||
76 | int do_download(int fd_in, int fd_out, char *remote_path, char *local_path, | ||
77 | int pflag); | ||
78 | |||
79 | /* | ||
80 | * Upload 'local_path' to 'remote_path'. Preserve permissions and times | ||
81 | * if 'pflag' is set | ||
82 | */ | ||
83 | int do_upload(int fd_in, int fd_out, char *local_path, char *remote_path, | ||
84 | int pflag); | ||
diff --git a/sftp-common.c b/sftp-common.c new file mode 100644 index 000000000..aed9b339a --- /dev/null +++ b/sftp-common.c | |||
@@ -0,0 +1,146 @@ | |||
1 | /* | ||
2 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | ||
3 | * Copyright (c) 2001 Damien Miller. All rights reserved. | ||
4 | * | ||
5 | * Redistribution and use in source and binary forms, with or without | ||
6 | * modification, are permitted provided that the following conditions | ||
7 | * are met: | ||
8 | * 1. Redistributions of source code must retain the above copyright | ||
9 | * notice, this list of conditions and the following disclaimer. | ||
10 | * 2. Redistributions in binary form must reproduce the above copyright | ||
11 | * notice, this list of conditions and the following disclaimer in the | ||
12 | * documentation and/or other materials provided with the distribution. | ||
13 | * | ||
14 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | ||
15 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | ||
16 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | ||
17 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | ||
18 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
19 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | ||
20 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | ||
21 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | ||
22 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | ||
23 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | ||
24 | */ | ||
25 | |||
26 | #include "includes.h" | ||
27 | RCSID("$OpenBSD: sftp-common.c,v 1.1 2001/02/04 11:11:54 djm Exp $"); | ||
28 | |||
29 | #include "buffer.h" | ||
30 | #include "bufaux.h" | ||
31 | #include "getput.h" | ||
32 | #include "log.h" | ||
33 | #include "xmalloc.h" | ||
34 | |||
35 | #include "sftp.h" | ||
36 | #include "sftp-common.h" | ||
37 | |||
38 | void | ||
39 | attrib_clear(Attrib *a) | ||
40 | { | ||
41 | a->flags = 0; | ||
42 | a->size = 0; | ||
43 | a->uid = 0; | ||
44 | a->gid = 0; | ||
45 | a->perm = 0; | ||
46 | a->atime = 0; | ||
47 | a->mtime = 0; | ||
48 | } | ||
49 | |||
50 | void | ||
51 | stat_to_attrib(struct stat *st, Attrib *a) | ||
52 | { | ||
53 | attrib_clear(a); | ||
54 | a->flags = 0; | ||
55 | a->flags |= SSH2_FILEXFER_ATTR_SIZE; | ||
56 | a->size = st->st_size; | ||
57 | a->flags |= SSH2_FILEXFER_ATTR_UIDGID; | ||
58 | a->uid = st->st_uid; | ||
59 | a->gid = st->st_gid; | ||
60 | a->flags |= SSH2_FILEXFER_ATTR_PERMISSIONS; | ||
61 | a->perm = st->st_mode; | ||
62 | a->flags |= SSH2_FILEXFER_ATTR_ACMODTIME; | ||
63 | a->atime = st->st_atime; | ||
64 | a->mtime = st->st_mtime; | ||
65 | } | ||
66 | |||
67 | Attrib * | ||
68 | decode_attrib(Buffer *b) | ||
69 | { | ||
70 | static Attrib a; | ||
71 | attrib_clear(&a); | ||
72 | a.flags = buffer_get_int(b); | ||
73 | if (a.flags & SSH2_FILEXFER_ATTR_SIZE) | ||
74 | a.size = buffer_get_int64(b); | ||
75 | if (a.flags & SSH2_FILEXFER_ATTR_UIDGID) { | ||
76 | a.uid = buffer_get_int(b); | ||
77 | a.gid = buffer_get_int(b); | ||
78 | } | ||
79 | if (a.flags & SSH2_FILEXFER_ATTR_PERMISSIONS) | ||
80 | a.perm = buffer_get_int(b); | ||
81 | if (a.flags & SSH2_FILEXFER_ATTR_ACMODTIME) { | ||
82 | a.atime = buffer_get_int(b); | ||
83 | a.mtime = buffer_get_int(b); | ||
84 | } | ||
85 | /* vendor-specific extensions */ | ||
86 | if (a.flags & SSH2_FILEXFER_ATTR_EXTENDED) { | ||
87 | char *type, *data; | ||
88 | int i, count; | ||
89 | count = buffer_get_int(b); | ||
90 | for (i = 0; i < count; i++) { | ||
91 | type = buffer_get_string(b, NULL); | ||
92 | data = buffer_get_string(b, NULL); | ||
93 | debug3("Got file attribute \"%s\"", type); | ||
94 | xfree(type); | ||
95 | xfree(data); | ||
96 | } | ||
97 | } | ||
98 | return &a; | ||
99 | } | ||
100 | |||
101 | void | ||
102 | encode_attrib(Buffer *b, Attrib *a) | ||
103 | { | ||
104 | buffer_put_int(b, a->flags); | ||
105 | if (a->flags & SSH2_FILEXFER_ATTR_SIZE) | ||
106 | buffer_put_int64(b, a->size); | ||
107 | if (a->flags & SSH2_FILEXFER_ATTR_UIDGID) { | ||
108 | buffer_put_int(b, a->uid); | ||
109 | buffer_put_int(b, a->gid); | ||
110 | } | ||
111 | if (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) | ||
112 | buffer_put_int(b, a->perm); | ||
113 | if (a->flags & SSH2_FILEXFER_ATTR_ACMODTIME) { | ||
114 | buffer_put_int(b, a->atime); | ||
115 | buffer_put_int(b, a->mtime); | ||
116 | } | ||
117 | } | ||
118 | |||
119 | const char * | ||
120 | fx2txt(int status) | ||
121 | { | ||
122 | switch (status) { | ||
123 | case SSH2_FX_OK: | ||
124 | return("No Error"); | ||
125 | case SSH2_FX_EOF: | ||
126 | return("End of File"); | ||
127 | case SSH2_FX_NO_SUCH_FILE: | ||
128 | return("No Such File"); | ||
129 | case SSH2_FX_PERMISSION_DENIED: | ||
130 | return("Permission Denied"); | ||
131 | case SSH2_FX_FAILURE: | ||
132 | return("Failure"); | ||
133 | case SSH2_FX_BAD_MESSAGE: | ||
134 | return("Bad message"); | ||
135 | case SSH2_FX_NO_CONNECTION: | ||
136 | return("No connection"); | ||
137 | case SSH2_FX_CONNECTION_LOST: | ||
138 | return("Connection lost"); | ||
139 | case SSH2_FX_OP_UNSUPPORTED: | ||
140 | return("Operation unsupported"); | ||
141 | default: | ||
142 | return("Unknown status"); | ||
143 | }; | ||
144 | /* NOTREACHED */ | ||
145 | } | ||
146 | |||
diff --git a/sftp-common.h b/sftp-common.h new file mode 100644 index 000000000..6dc1a32f8 --- /dev/null +++ b/sftp-common.h | |||
@@ -0,0 +1,55 @@ | |||
1 | /* $OpenBSD: sftp-common.h,v 1.1 2001/02/04 11:11:54 djm Exp $ */ | ||
2 | |||
3 | /* | ||
4 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | ||
5 | * Copyright (c) 2001 Damien Miller. All rights reserved. | ||
6 | * | ||
7 | * Redistribution and use in source and binary forms, with or without | ||
8 | * modification, are permitted provided that the following conditions | ||
9 | * are met: | ||
10 | * 1. Redistributions of source code must retain the above copyright | ||
11 | * notice, this list of conditions and the following disclaimer. | ||
12 | * 2. Redistributions in binary form must reproduce the above copyright | ||
13 | * notice, this list of conditions and the following disclaimer in the | ||
14 | * documentation and/or other materials provided with the distribution. | ||
15 | * | ||
16 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | ||
17 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | ||
18 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | ||
19 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | ||
20 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
21 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | ||
22 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | ||
23 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | ||
24 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | ||
25 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | ||
26 | */ | ||
27 | |||
28 | typedef struct Attrib Attrib; | ||
29 | |||
30 | /* File attributes */ | ||
31 | struct Attrib { | ||
32 | u_int32_t flags; | ||
33 | u_int64_t size; | ||
34 | u_int32_t uid; | ||
35 | u_int32_t gid; | ||
36 | u_int32_t perm; | ||
37 | u_int32_t atime; | ||
38 | u_int32_t mtime; | ||
39 | }; | ||
40 | |||
41 | /* Clear contents of attributes structure */ | ||
42 | void attrib_clear(Attrib *a); | ||
43 | |||
44 | /* Convert from struct stat to filexfer attribs */ | ||
45 | void stat_to_attrib(struct stat *st, Attrib *a); | ||
46 | |||
47 | /* Decode attributes in buffer */ | ||
48 | Attrib *decode_attrib(Buffer *b); | ||
49 | |||
50 | /* Encode attributes to buffer */ | ||
51 | void encode_attrib(Buffer *b, Attrib *a); | ||
52 | |||
53 | /* Convert from SSH2_FX_ status to text error message */ | ||
54 | const char *fx2txt(int status); | ||
55 | |||
diff --git a/sftp-int.c b/sftp-int.c new file mode 100644 index 000000000..f050c098e --- /dev/null +++ b/sftp-int.c | |||
@@ -0,0 +1,583 @@ | |||
1 | /* | ||
2 | * Copyright (c) 2001 Damien Miller. All rights reserved. | ||
3 | * | ||
4 | * Redistribution and use in source and binary forms, with or without | ||
5 | * modification, are permitted provided that the following conditions | ||
6 | * are met: | ||
7 | * 1. Redistributions of source code must retain the above copyright | ||
8 | * notice, this list of conditions and the following disclaimer. | ||
9 | * 2. Redistributions in binary form must reproduce the above copyright | ||
10 | * notice, this list of conditions and the following disclaimer in the | ||
11 | * documentation and/or other materials provided with the distribution. | ||
12 | * | ||
13 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | ||
14 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | ||
15 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | ||
16 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | ||
17 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
18 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | ||
19 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | ||
20 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | ||
21 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | ||
22 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | ||
23 | */ | ||
24 | |||
25 | /* XXX: finish implementation of all commands */ | ||
26 | /* XXX: do fnmatch() instead of using raw pathname */ | ||
27 | /* XXX: recursive operations */ | ||
28 | |||
29 | #include "includes.h" | ||
30 | RCSID("$OpenBSD: sftp-int.c,v 1.1 2001/02/04 11:11:54 djm Exp $"); | ||
31 | |||
32 | #include "buffer.h" | ||
33 | #include "xmalloc.h" | ||
34 | #include "log.h" | ||
35 | #include "pathnames.h" | ||
36 | |||
37 | #include "sftp.h" | ||
38 | #include "sftp-common.h" | ||
39 | #include "sftp-client.h" | ||
40 | #include "sftp-int.h" | ||
41 | |||
42 | /* Seperators for interactive commands */ | ||
43 | #define WHITESPACE " \t\r\n" | ||
44 | |||
45 | /* Commands for interactive mode */ | ||
46 | #define I_CHDIR 1 | ||
47 | #define I_CHGRP 2 | ||
48 | #define I_CHMOD 3 | ||
49 | #define I_CHOWN 4 | ||
50 | #define I_GET 5 | ||
51 | #define I_HELP 6 | ||
52 | #define I_LCHDIR 7 | ||
53 | #define I_LLS 8 | ||
54 | #define I_LMKDIR 9 | ||
55 | #define I_LPWD 10 | ||
56 | #define I_LS 11 | ||
57 | #define I_LUMASK 12 | ||
58 | #define I_MKDIR 13 | ||
59 | #define I_PUT 14 | ||
60 | #define I_PWD 15 | ||
61 | #define I_QUIT 16 | ||
62 | #define I_RENAME 17 | ||
63 | #define I_RM 18 | ||
64 | #define I_RMDIR 19 | ||
65 | #define I_SHELL 20 | ||
66 | |||
67 | struct CMD { | ||
68 | const int n; | ||
69 | const char *c; | ||
70 | }; | ||
71 | |||
72 | const struct CMD cmds[] = { | ||
73 | { I_CHDIR, "CD" }, | ||
74 | { I_CHDIR, "CHDIR" }, | ||
75 | { I_CHDIR, "LCD" }, | ||
76 | { I_CHGRP, "CHGRP" }, | ||
77 | { I_CHMOD, "CHMOD" }, | ||
78 | { I_CHOWN, "CHOWN" }, | ||
79 | { I_HELP, "HELP" }, | ||
80 | { I_GET, "GET" }, | ||
81 | { I_LCHDIR, "LCHDIR" }, | ||
82 | { I_LLS, "LLS" }, | ||
83 | { I_LMKDIR, "LMKDIR" }, | ||
84 | { I_LPWD, "LPWD" }, | ||
85 | { I_LS, "LS" }, | ||
86 | { I_LUMASK, "LUMASK" }, | ||
87 | { I_MKDIR, "MKDIR" }, | ||
88 | { I_PUT, "PUT" }, | ||
89 | { I_PWD, "PWD" }, | ||
90 | { I_QUIT, "EXIT" }, | ||
91 | { I_QUIT, "QUIT" }, | ||
92 | { I_RENAME, "RENAME" }, | ||
93 | { I_RMDIR, "RMDIR" }, | ||
94 | { I_RM, "RM" }, | ||
95 | { I_SHELL, "!" }, | ||
96 | { -1, NULL} | ||
97 | }; | ||
98 | |||
99 | void | ||
100 | help(void) | ||
101 | { | ||
102 | printf("Available commands:\n"); | ||
103 | printf("CD path Change remote directory to 'path'\n"); | ||
104 | printf("LCD path Change local directory to 'path'\n"); | ||
105 | printf("CHGRP grp path Change group of file 'path' to 'grp'\n"); | ||
106 | printf("CHMOD mode path Change permissions of file 'path' to 'mode'\n"); | ||
107 | printf("CHOWN own path Change owner of file 'path' to 'own'\n"); | ||
108 | printf("HELP Display this help text\n"); | ||
109 | printf("GET remote-path [local-path] Download file\n"); | ||
110 | printf("LLS [ls options] [path] Display local directory listing\n"); | ||
111 | printf("LMKDIR path Create local directory\n"); | ||
112 | printf("LPWD Print local working directory\n"); | ||
113 | printf("LS [path] Display remote directory listing\n"); | ||
114 | printf("LUMASK umask Set local umask to 'umask'\n"); | ||
115 | printf("MKDIR path Create remote directory\n"); | ||
116 | printf("PUT local-path [remote-path] Upload file\n"); | ||
117 | printf("PWD Display remote working directory\n"); | ||
118 | printf("EXIT Quit sftp\n"); | ||
119 | printf("QUIT Quit sftp\n"); | ||
120 | printf("RENAME oldpath newpath Rename remote file\n"); | ||
121 | printf("RMDIR path Remove remote directory\n"); | ||
122 | printf("RM path Delete remote file\n"); | ||
123 | printf("!command Execute 'command' in local shell\n"); | ||
124 | printf("! Escape to local shell\n"); | ||
125 | } | ||
126 | |||
127 | void | ||
128 | local_do_shell(const char *args) | ||
129 | { | ||
130 | int ret, status; | ||
131 | char *shell; | ||
132 | pid_t pid; | ||
133 | |||
134 | if (!*args) | ||
135 | args = NULL; | ||
136 | |||
137 | if ((shell = getenv("SHELL")) == NULL) | ||
138 | shell = _PATH_BSHELL; | ||
139 | |||
140 | if ((pid = fork()) == -1) | ||
141 | fatal("Couldn't fork: %s", strerror(errno)); | ||
142 | |||
143 | if (pid == 0) { | ||
144 | /* XXX: child has pipe fds to ssh subproc open - issue? */ | ||
145 | if (args) { | ||
146 | debug3("Executing %s -c \"%s\"", shell, args); | ||
147 | ret = execl(shell, shell, "-c", args, NULL); | ||
148 | } else { | ||
149 | debug3("Executing %s", shell); | ||
150 | ret = execl(shell, shell, NULL); | ||
151 | } | ||
152 | fprintf(stderr, "Couldn't execute \"%s\": %s\n", shell, | ||
153 | strerror(errno)); | ||
154 | _exit(1); | ||
155 | } | ||
156 | if (waitpid(pid, &status, 0) == -1) | ||
157 | fatal("Couldn't wait for child: %s", strerror(errno)); | ||
158 | if (!WIFEXITED(status)) | ||
159 | error("Shell exited abormally"); | ||
160 | else if (WEXITSTATUS(status)) | ||
161 | error("Shell exited with status %d", WEXITSTATUS(status)); | ||
162 | } | ||
163 | |||
164 | void | ||
165 | local_do_ls(const char *args) | ||
166 | { | ||
167 | if (!args || !*args) | ||
168 | local_do_shell("ls"); | ||
169 | else { | ||
170 | char *buf = xmalloc(8 + strlen(args) + 1); | ||
171 | |||
172 | /* XXX: quoting - rip quoting code from ftp? */ | ||
173 | sprintf(buf, "/bin/ls %s", args); | ||
174 | local_do_shell(buf); | ||
175 | } | ||
176 | } | ||
177 | |||
178 | char * | ||
179 | make_absolute(char *p, char *pwd) | ||
180 | { | ||
181 | char buf[2048]; | ||
182 | |||
183 | /* Derelativise */ | ||
184 | if (p && p[0] != '/') { | ||
185 | snprintf(buf, sizeof(buf), "%s/%s", pwd, p); | ||
186 | xfree(p); | ||
187 | p = xstrdup(buf); | ||
188 | } | ||
189 | |||
190 | return(p); | ||
191 | } | ||
192 | |||
193 | int | ||
194 | parse_getput_flags(const char **cpp, int *pflag) | ||
195 | { | ||
196 | const char *cp = *cpp; | ||
197 | |||
198 | /* Check for flags */ | ||
199 | if (cp[0] == '-' && cp[1] && strchr(WHITESPACE, cp[2])) { | ||
200 | switch (*cp) { | ||
201 | case 'P': | ||
202 | *pflag = 1; | ||
203 | break; | ||
204 | default: | ||
205 | error("Invalid flag -%c", *cp); | ||
206 | return(-1); | ||
207 | } | ||
208 | cp += 2; | ||
209 | *cpp = cp + strspn(cp, WHITESPACE); | ||
210 | } | ||
211 | |||
212 | return(0); | ||
213 | } | ||
214 | |||
215 | int | ||
216 | get_pathname(const char **cpp, char **path) | ||
217 | { | ||
218 | const char *quot, *cp = *cpp; | ||
219 | int i; | ||
220 | |||
221 | cp += strspn(cp, WHITESPACE); | ||
222 | if (!*cp) { | ||
223 | *cpp = cp; | ||
224 | *path = NULL; | ||
225 | return(0); | ||
226 | } | ||
227 | |||
228 | /* Check for quoted filenames */ | ||
229 | if (*cp == '\"' || *cp == '\'') { | ||
230 | quot = cp++; | ||
231 | for(i = 0; cp[i] && cp[i] != *quot; i++) | ||
232 | ; | ||
233 | if (!cp[i]) { | ||
234 | error("Unterminated quote"); | ||
235 | *path = NULL; | ||
236 | return(-1); | ||
237 | } | ||
238 | if (i == 0) { | ||
239 | error("Empty quotes"); | ||
240 | *path = NULL; | ||
241 | return(-1); | ||
242 | } | ||
243 | *path = xmalloc(i + 1); | ||
244 | memcpy(*path, cp, i); | ||
245 | (*path)[i] = '\0'; | ||
246 | cp += i + 1; | ||
247 | *cpp = cp + strspn(cp, WHITESPACE); | ||
248 | return(0); | ||
249 | } | ||
250 | |||
251 | /* Read to end of filename */ | ||
252 | for(i = 0; cp[i] && cp[i] != ' '; i++) | ||
253 | ; | ||
254 | |||
255 | *path = xmalloc(i + 1); | ||
256 | memcpy(*path, cp, i); | ||
257 | (*path)[i] = '\0'; | ||
258 | cp += i; | ||
259 | *cpp = cp + strspn(cp, WHITESPACE); | ||
260 | |||
261 | return(0); | ||
262 | } | ||
263 | |||
264 | int | ||
265 | infer_path(const char *p, char **ifp) | ||
266 | { | ||
267 | char *cp; | ||
268 | |||
269 | debug("XXX: P = \"%s\"", p); | ||
270 | |||
271 | cp = strrchr(p, '/'); | ||
272 | |||
273 | if (cp == NULL) { | ||
274 | *ifp = xstrdup(p); | ||
275 | return(0); | ||
276 | } | ||
277 | |||
278 | if (!cp[1]) { | ||
279 | error("Invalid path"); | ||
280 | return(-1); | ||
281 | } | ||
282 | |||
283 | *ifp = xstrdup(cp + 1); | ||
284 | return(0); | ||
285 | } | ||
286 | |||
287 | int | ||
288 | parse_args(const char **cpp, int *pflag, unsigned long *n_arg, | ||
289 | char **path1, char **path2) | ||
290 | { | ||
291 | const char *cmd, *cp = *cpp; | ||
292 | int i, cmdnum; | ||
293 | |||
294 | /* Skip leading whitespace */ | ||
295 | cp = cp + strspn(cp, WHITESPACE); | ||
296 | |||
297 | /* Ignore blank lines */ | ||
298 | if (!*cp) | ||
299 | return(-1); | ||
300 | |||
301 | /* Figure out which command we have */ | ||
302 | for(i = 0; cmds[i].c; i++) { | ||
303 | int cmdlen = strlen(cmds[i].c); | ||
304 | |||
305 | /* Check for command followed by whitespace */ | ||
306 | if (!strncasecmp(cp, cmds[i].c, cmdlen) && | ||
307 | strchr(WHITESPACE, cp[cmdlen])) { | ||
308 | cp += cmdlen; | ||
309 | cp = cp + strspn(cp, WHITESPACE); | ||
310 | break; | ||
311 | } | ||
312 | } | ||
313 | cmdnum = cmds[i].n; | ||
314 | cmd = cmds[i].c; | ||
315 | |||
316 | /* Special case */ | ||
317 | if (*cp == '!') { | ||
318 | cp++; | ||
319 | cmdnum = I_SHELL; | ||
320 | } else if (cmdnum == -1) { | ||
321 | error("Invalid command."); | ||
322 | return(-1); | ||
323 | } | ||
324 | |||
325 | /* Get arguments and parse flags */ | ||
326 | *pflag = *n_arg = 0; | ||
327 | *path1 = *path2 = NULL; | ||
328 | switch (cmdnum) { | ||
329 | case I_GET: | ||
330 | case I_PUT: | ||
331 | if (parse_getput_flags(&cp, pflag)) | ||
332 | return(-1); | ||
333 | /* Get first pathname (mandatory) */ | ||
334 | if (get_pathname(&cp, path1)) | ||
335 | return(-1); | ||
336 | if (*path1 == NULL) { | ||
337 | error("You must specify at least one path after a " | ||
338 | "%s command.", cmd); | ||
339 | return(-1); | ||
340 | } | ||
341 | /* Try to get second pathname (optional) */ | ||
342 | if (get_pathname(&cp, path2)) | ||
343 | return(-1); | ||
344 | /* Otherwise try to guess it from first path */ | ||
345 | if (*path2 == NULL && infer_path(*path1, path2)) | ||
346 | return(-1); | ||
347 | break; | ||
348 | case I_RENAME: | ||
349 | /* Get first pathname (mandatory) */ | ||
350 | if (get_pathname(&cp, path1)) | ||
351 | return(-1); | ||
352 | if (get_pathname(&cp, path2)) | ||
353 | return(-1); | ||
354 | if (!*path1 || !*path2) { | ||
355 | error("You must specify two paths after a %s " | ||
356 | "command.", cmd); | ||
357 | return(-1); | ||
358 | } | ||
359 | break; | ||
360 | case I_RM: | ||
361 | case I_MKDIR: | ||
362 | case I_RMDIR: | ||
363 | case I_CHDIR: | ||
364 | case I_LCHDIR: | ||
365 | case I_LMKDIR: | ||
366 | /* Get pathname (mandatory) */ | ||
367 | if (get_pathname(&cp, path1)) | ||
368 | return(-1); | ||
369 | if (*path1 == NULL) { | ||
370 | error("You must specify a path after a %s command.", | ||
371 | cmd); | ||
372 | return(-1); | ||
373 | } | ||
374 | break; | ||
375 | case I_LS: | ||
376 | /* Path is optional */ | ||
377 | if (get_pathname(&cp, path1)) | ||
378 | return(-1); | ||
379 | break; | ||
380 | case I_LLS: | ||
381 | case I_SHELL: | ||
382 | /* Uses the rest of the line */ | ||
383 | break; | ||
384 | case I_LUMASK: | ||
385 | case I_CHMOD: | ||
386 | case I_CHOWN: | ||
387 | case I_CHGRP: | ||
388 | /* Get numeric arg (mandatory) */ | ||
389 | if (*cp < '0' && *cp > '9') { | ||
390 | error("You must supply a numeric argument " | ||
391 | "to the %s command.", cmd); | ||
392 | return(-1); | ||
393 | } | ||
394 | *n_arg = strtoul(cp, (char**)&cp, 0); | ||
395 | if (!*cp || !strchr(WHITESPACE, *cp)) { | ||
396 | error("You must supply a numeric argument " | ||
397 | "to the %s command.", cmd); | ||
398 | return(-1); | ||
399 | } | ||
400 | cp += strspn(cp, WHITESPACE); | ||
401 | |||
402 | /* Get pathname (mandatory) */ | ||
403 | if (get_pathname(&cp, path1)) | ||
404 | return(-1); | ||
405 | if (*path1 == NULL) { | ||
406 | error("You must specify a path after a %s command.", | ||
407 | cmd); | ||
408 | return(-1); | ||
409 | } | ||
410 | break; | ||
411 | case I_QUIT: | ||
412 | case I_PWD: | ||
413 | case I_LPWD: | ||
414 | case I_HELP: | ||
415 | break; | ||
416 | default: | ||
417 | fatal("Command not implemented"); | ||
418 | } | ||
419 | |||
420 | *cpp = cp; | ||
421 | |||
422 | return(cmdnum); | ||
423 | } | ||
424 | |||
425 | int | ||
426 | parse_dispatch_command(int in, int out, const char *cmd, char **pwd) | ||
427 | { | ||
428 | char *path1, *path2; | ||
429 | int pflag, cmdnum; | ||
430 | unsigned long n_arg; | ||
431 | Attrib a, *aa; | ||
432 | char path_buf[PATH_MAX]; | ||
433 | |||
434 | path1 = path2 = NULL; | ||
435 | cmdnum = parse_args(&cmd, &pflag, &n_arg, &path1, &path2); | ||
436 | |||
437 | /* Perform command */ | ||
438 | switch (cmdnum) { | ||
439 | case -1: | ||
440 | break; | ||
441 | case I_GET: | ||
442 | path1 = make_absolute(path1, *pwd); | ||
443 | do_download(in, out, path1, path2, pflag); | ||
444 | break; | ||
445 | case I_PUT: | ||
446 | path2 = make_absolute(path2, *pwd); | ||
447 | do_upload(in, out, path1, path2, pflag); | ||
448 | break; | ||
449 | case I_RENAME: | ||
450 | path1 = make_absolute(path1, *pwd); | ||
451 | path2 = make_absolute(path2, *pwd); | ||
452 | do_rename(in, out, path1, path2); | ||
453 | break; | ||
454 | case I_RM: | ||
455 | path1 = make_absolute(path1, *pwd); | ||
456 | do_rm(in, out, path1); | ||
457 | break; | ||
458 | case I_MKDIR: | ||
459 | path1 = make_absolute(path1, *pwd); | ||
460 | attrib_clear(&a); | ||
461 | a.flags |= SSH2_FILEXFER_ATTR_PERMISSIONS; | ||
462 | a.perm = 0777; | ||
463 | do_mkdir(in, out, path1, &a); | ||
464 | break; | ||
465 | case I_RMDIR: | ||
466 | path1 = make_absolute(path1, *pwd); | ||
467 | do_rmdir(in, out, path1); | ||
468 | break; | ||
469 | case I_CHDIR: | ||
470 | path1 = make_absolute(path1, *pwd); | ||
471 | xfree(*pwd); | ||
472 | *pwd = do_realpath(in, out, path1); | ||
473 | break; | ||
474 | case I_LS: | ||
475 | path1 = make_absolute(path1, *pwd); | ||
476 | do_ls(in, out, path1?path1:*pwd); | ||
477 | break; | ||
478 | case I_LCHDIR: | ||
479 | if (chdir(path1) == -1) | ||
480 | error("Couldn't change local directory to " | ||
481 | "\"%s\": %s", path1, strerror(errno)); | ||
482 | break; | ||
483 | case I_LMKDIR: | ||
484 | if (mkdir(path1, 0777) == -1) | ||
485 | error("Couldn't create local directory to " | ||
486 | "\"%s\": %s", path1, strerror(errno)); | ||
487 | break; | ||
488 | case I_LLS: | ||
489 | local_do_ls(cmd); | ||
490 | break; | ||
491 | case I_SHELL: | ||
492 | local_do_shell(cmd); | ||
493 | break; | ||
494 | case I_LUMASK: | ||
495 | umask(n_arg); | ||
496 | break; | ||
497 | case I_CHMOD: | ||
498 | path1 = make_absolute(path1, *pwd); | ||
499 | attrib_clear(&a); | ||
500 | a.flags |= SSH2_FILEXFER_ATTR_PERMISSIONS; | ||
501 | a.perm = n_arg; | ||
502 | do_setstat(in, out, path1, &a); | ||
503 | case I_CHOWN: | ||
504 | path1 = make_absolute(path1, *pwd); | ||
505 | aa = do_stat(in, out, path1); | ||
506 | if (!aa->flags & SSH2_FILEXFER_ATTR_UIDGID) { | ||
507 | error("Can't get current ownership of " | ||
508 | "remote file \"%s\"", path1); | ||
509 | break; | ||
510 | } | ||
511 | aa->uid = n_arg; | ||
512 | do_setstat(in, out, path1, aa); | ||
513 | break; | ||
514 | case I_CHGRP: | ||
515 | path1 = make_absolute(path1, *pwd); | ||
516 | aa = do_stat(in, out, path1); | ||
517 | if (!aa->flags & SSH2_FILEXFER_ATTR_UIDGID) { | ||
518 | error("Can't get current ownership of " | ||
519 | "remote file \"%s\"", path1); | ||
520 | break; | ||
521 | } | ||
522 | aa->gid = n_arg; | ||
523 | do_setstat(in, out, path1, aa); | ||
524 | break; | ||
525 | case I_PWD: | ||
526 | printf("Remote working directory: %s\n", *pwd); | ||
527 | break; | ||
528 | case I_LPWD: | ||
529 | if (!getcwd(path_buf, sizeof(path_buf))) | ||
530 | error("Couldn't get local cwd: %s\n", | ||
531 | strerror(errno)); | ||
532 | else | ||
533 | printf("Local working directory: %s\n", | ||
534 | path_buf); | ||
535 | break; | ||
536 | case I_QUIT: | ||
537 | return(-1); | ||
538 | case I_HELP: | ||
539 | help(); | ||
540 | break; | ||
541 | default: | ||
542 | fatal("%d is not implemented", cmdnum); | ||
543 | } | ||
544 | |||
545 | if (path1) | ||
546 | xfree(path1); | ||
547 | if (path2) | ||
548 | xfree(path2); | ||
549 | |||
550 | return(0); | ||
551 | } | ||
552 | |||
553 | void | ||
554 | interactive_loop(int fd_in, int fd_out) | ||
555 | { | ||
556 | char *pwd; | ||
557 | char cmd[2048]; | ||
558 | |||
559 | pwd = do_realpath(fd_in, fd_out, "."); | ||
560 | if (pwd == NULL) | ||
561 | fatal("Need cwd"); | ||
562 | |||
563 | setlinebuf(stdout); | ||
564 | setlinebuf(stdin); | ||
565 | |||
566 | for(;;) { | ||
567 | char *cp; | ||
568 | |||
569 | printf("sftp> "); | ||
570 | |||
571 | /* XXX: use libedit */ | ||
572 | if (fgets(cmd, sizeof(cmd), stdin) == NULL) { | ||
573 | printf("\n"); | ||
574 | break; | ||
575 | } | ||
576 | cp = strrchr(cmd, '\n'); | ||
577 | if (cp) | ||
578 | *cp = '\0'; | ||
579 | if (parse_dispatch_command(fd_in, fd_out, cmd, &pwd)) | ||
580 | break; | ||
581 | } | ||
582 | xfree(pwd); | ||
583 | } | ||
diff --git a/sftp-int.h b/sftp-int.h new file mode 100644 index 000000000..234d8003b --- /dev/null +++ b/sftp-int.h | |||
@@ -0,0 +1,27 @@ | |||
1 | /* $OpenBSD: sftp-int.h,v 1.1 2001/02/04 11:11:54 djm Exp $ */ | ||
2 | |||
3 | /* | ||
4 | * Copyright (c) 2001 Damien Miller. All rights reserved. | ||
5 | * | ||
6 | * Redistribution and use in source and binary forms, with or without | ||
7 | * modification, are permitted provided that the following conditions | ||
8 | * are met: | ||
9 | * 1. Redistributions of source code must retain the above copyright | ||
10 | * notice, this list of conditions and the following disclaimer. | ||
11 | * 2. Redistributions in binary form must reproduce the above copyright | ||
12 | * notice, this list of conditions and the following disclaimer in the | ||
13 | * documentation and/or other materials provided with the distribution. | ||
14 | * | ||
15 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | ||
16 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | ||
17 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | ||
18 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | ||
19 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
20 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | ||
21 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | ||
22 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | ||
23 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | ||
24 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | ||
25 | */ | ||
26 | |||
27 | void interactive_loop(int fd_in, int fd_out); | ||
diff --git a/sftp-server.c b/sftp-server.c index a3e11ce5b..0e0040094 100644 --- a/sftp-server.c +++ b/sftp-server.c | |||
@@ -22,7 +22,7 @@ | |||
22 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 22 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
23 | */ | 23 | */ |
24 | #include "includes.h" | 24 | #include "includes.h" |
25 | RCSID("$OpenBSD: sftp-server.c,v 1.14 2001/01/21 19:05:56 markus Exp $"); | 25 | RCSID("$OpenBSD: sftp-server.c,v 1.15 2001/02/04 11:11:54 djm Exp $"); |
26 | 26 | ||
27 | #include "buffer.h" | 27 | #include "buffer.h" |
28 | #include "bufaux.h" | 28 | #include "bufaux.h" |
@@ -31,6 +31,7 @@ RCSID("$OpenBSD: sftp-server.c,v 1.14 2001/01/21 19:05:56 markus Exp $"); | |||
31 | #include "xmalloc.h" | 31 | #include "xmalloc.h" |
32 | 32 | ||
33 | #include "sftp.h" | 33 | #include "sftp.h" |
34 | #include "sftp-common.h" | ||
34 | 35 | ||
35 | /* helper */ | 36 | /* helper */ |
36 | #define get_int64() buffer_get_int64(&iqueue); | 37 | #define get_int64() buffer_get_int64(&iqueue); |
@@ -50,22 +51,9 @@ Buffer oqueue; | |||
50 | 51 | ||
51 | /* portable attibutes, etc. */ | 52 | /* portable attibutes, etc. */ |
52 | 53 | ||
53 | typedef struct Attrib Attrib; | ||
54 | typedef struct Stat Stat; | 54 | typedef struct Stat Stat; |
55 | 55 | ||
56 | struct Attrib | 56 | struct Stat { |
57 | { | ||
58 | u_int32_t flags; | ||
59 | u_int64_t size; | ||
60 | u_int32_t uid; | ||
61 | u_int32_t gid; | ||
62 | u_int32_t perm; | ||
63 | u_int32_t atime; | ||
64 | u_int32_t mtime; | ||
65 | }; | ||
66 | |||
67 | struct Stat | ||
68 | { | ||
69 | char *name; | 57 | char *name; |
70 | char *long_name; | 58 | char *long_name; |
71 | Attrib attrib; | 59 | Attrib attrib; |
@@ -122,90 +110,6 @@ flags_from_portable(int pflags) | |||
122 | return flags; | 110 | return flags; |
123 | } | 111 | } |
124 | 112 | ||
125 | void | ||
126 | attrib_clear(Attrib *a) | ||
127 | { | ||
128 | a->flags = 0; | ||
129 | a->size = 0; | ||
130 | a->uid = 0; | ||
131 | a->gid = 0; | ||
132 | a->perm = 0; | ||
133 | a->atime = 0; | ||
134 | a->mtime = 0; | ||
135 | } | ||
136 | |||
137 | Attrib * | ||
138 | decode_attrib(Buffer *b) | ||
139 | { | ||
140 | static Attrib a; | ||
141 | attrib_clear(&a); | ||
142 | a.flags = buffer_get_int(b); | ||
143 | if (a.flags & SSH2_FILEXFER_ATTR_SIZE) { | ||
144 | a.size = buffer_get_int64(b); | ||
145 | } | ||
146 | if (a.flags & SSH2_FILEXFER_ATTR_UIDGID) { | ||
147 | a.uid = buffer_get_int(b); | ||
148 | a.gid = buffer_get_int(b); | ||
149 | } | ||
150 | if (a.flags & SSH2_FILEXFER_ATTR_PERMISSIONS) { | ||
151 | a.perm = buffer_get_int(b); | ||
152 | } | ||
153 | if (a.flags & SSH2_FILEXFER_ATTR_ACMODTIME) { | ||
154 | a.atime = buffer_get_int(b); | ||
155 | a.mtime = buffer_get_int(b); | ||
156 | } | ||
157 | /* vendor-specific extensions */ | ||
158 | if (a.flags & SSH2_FILEXFER_ATTR_EXTENDED) { | ||
159 | char *type, *data; | ||
160 | int i, count; | ||
161 | count = buffer_get_int(b); | ||
162 | for (i = 0; i < count; i++) { | ||
163 | type = buffer_get_string(b, NULL); | ||
164 | data = buffer_get_string(b, NULL); | ||
165 | xfree(type); | ||
166 | xfree(data); | ||
167 | } | ||
168 | } | ||
169 | return &a; | ||
170 | } | ||
171 | |||
172 | void | ||
173 | encode_attrib(Buffer *b, Attrib *a) | ||
174 | { | ||
175 | buffer_put_int(b, a->flags); | ||
176 | if (a->flags & SSH2_FILEXFER_ATTR_SIZE) { | ||
177 | buffer_put_int64(b, a->size); | ||
178 | } | ||
179 | if (a->flags & SSH2_FILEXFER_ATTR_UIDGID) { | ||
180 | buffer_put_int(b, a->uid); | ||
181 | buffer_put_int(b, a->gid); | ||
182 | } | ||
183 | if (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) { | ||
184 | buffer_put_int(b, a->perm); | ||
185 | } | ||
186 | if (a->flags & SSH2_FILEXFER_ATTR_ACMODTIME) { | ||
187 | buffer_put_int(b, a->atime); | ||
188 | buffer_put_int(b, a->mtime); | ||
189 | } | ||
190 | } | ||
191 | |||
192 | void | ||
193 | stat_to_attrib(struct stat *st, Attrib *a) | ||
194 | { | ||
195 | attrib_clear(a); | ||
196 | a->flags = 0; | ||
197 | a->flags |= SSH2_FILEXFER_ATTR_SIZE; | ||
198 | a->size = st->st_size; | ||
199 | a->flags |= SSH2_FILEXFER_ATTR_UIDGID; | ||
200 | a->uid = st->st_uid; | ||
201 | a->gid = st->st_gid; | ||
202 | a->flags |= SSH2_FILEXFER_ATTR_PERMISSIONS; | ||
203 | a->perm = st->st_mode; | ||
204 | a->flags |= SSH2_FILEXFER_ATTR_ACMODTIME; | ||
205 | a->atime = st->st_atime; | ||
206 | a->mtime = st->st_mtime; | ||
207 | } | ||
208 | |||
209 | Attrib * | 113 | Attrib * |
210 | get_attrib(void) | 114 | get_attrib(void) |
211 | { | 115 | { |
@@ -0,0 +1,156 @@ | |||
1 | .\" $OpenBSD: sftp.1,v 1.1 2001/02/04 11:11:54 djm Exp $ | ||
2 | .\" | ||
3 | .\" Copyright (c) 2001 Damien Miller. All rights reserved. | ||
4 | .\" | ||
5 | .\" Redistribution and use in source and binary forms, with or without | ||
6 | .\" modification, are permitted provided that the following conditions | ||
7 | .\" are met: | ||
8 | .\" 1. Redistributions of source code must retain the above copyright | ||
9 | .\" notice, this list of conditions and the following disclaimer. | ||
10 | .\" 2. Redistributions in binary form must reproduce the above copyright | ||
11 | .\" notice, this list of conditions and the following disclaimer in the | ||
12 | .\" documentation and/or other materials provided with the distribution. | ||
13 | .\" | ||
14 | .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | ||
15 | .\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | ||
16 | .\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | ||
17 | .\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | ||
18 | .\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
19 | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | ||
20 | .\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | ||
21 | .\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | ||
22 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | ||
23 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | ||
24 | .\" | ||
25 | .Dd Febuary 4, 2001 | ||
26 | .Dt SFTP 1 | ||
27 | .Os | ||
28 | .Sh NAME | ||
29 | .Nm sftp | ||
30 | .Nd Secure file tranfer program | ||
31 | .Sh SYNOPSIS | ||
32 | .Nm sftp | ||
33 | .Op Fl v Li | Fl C | ||
34 | .Op Fl o Ar ssh_option | ||
35 | .Op Ar hostname | user@hostname | ||
36 | .Sh DESCRIPTION | ||
37 | .Nm | ||
38 | is an interactive file transfer program, similar to | ||
39 | .Xr ftp 1 , | ||
40 | which performs all operations over an encrypted | ||
41 | .Xr ssh 1 | ||
42 | transport. | ||
43 | It may also use many features of ssh, such as public key authentication and | ||
44 | compression. | ||
45 | .Nm | ||
46 | connects and logs into the specified | ||
47 | .Ar hostname | ||
48 | then enters an interactive command mode. | ||
49 | .Pp | ||
50 | The options are as follows: | ||
51 | .Bl -tag -width Ds | ||
52 | .It Fl C | ||
53 | Enables compression (via ssh's | ||
54 | .Fl C | ||
55 | flag) | ||
56 | .It Fl v | ||
57 | Raise logging level. This option is also passed to ssh. | ||
58 | .It Fl o Ar ssh_option | ||
59 | Specify an option to be directly passed to | ||
60 | .Xr ssh 1 . | ||
61 | .El | ||
62 | .Sh INTERACTIVE COMMANDS | ||
63 | Once in interactive mode | ||
64 | .Nm , | ||
65 | understands a set of commands similar to those of | ||
66 | .Xr ftp 1 . | ||
67 | Commands are case insensitive. | ||
68 | .Bl -tag -width Ds | ||
69 | .It Ic CD Ar path | ||
70 | Change remote directory to | ||
71 | .Ar path | ||
72 | .It Ic LCD Ar path | ||
73 | Change local directory to | ||
74 | .Ar path | ||
75 | .It Ic CHGRP Ar grp Ar path | ||
76 | Change group of file | ||
77 | .Ar path to | ||
78 | .Ar grp . | ||
79 | .Ar grp | ||
80 | must be numeric. | ||
81 | .It Ic CHMOD Ar mode Ar path | ||
82 | Change permissions of file | ||
83 | .Ar path to | ||
84 | .Ar mode | ||
85 | .It Ic CHOWN Ar own Ar path | ||
86 | Change owner of file | ||
87 | .Ar path to | ||
88 | .Ar own . | ||
89 | .Ar own | ||
90 | must be a numeric UID. | ||
91 | .It Ic HELP | ||
92 | Display help text | ||
93 | .It Ic GET Ar remote-file Op Ar local-file | ||
94 | Retrieve the | ||
95 | .Ar remote-file | ||
96 | and store it on the local machine. | ||
97 | If the local | ||
98 | file name is not specified, it is given the same name it has on the | ||
99 | remote machine. | ||
100 | .It Ic LLS Op Ar ls-options Op Ar path | ||
101 | Display local directory listing of either | ||
102 | .Ar path | ||
103 | or current directory if | ||
104 | .Ar path | ||
105 | was not specified. | ||
106 | .It Ic LMKDIR Ar path | ||
107 | Create local directory specified by | ||
108 | .Ar path | ||
109 | .It Ic LPWD | ||
110 | Print local working directory | ||
111 | .It Ic LS Op Ar path | ||
112 | Display remote directory listing of either | ||
113 | .Ar path | ||
114 | or current directory, is | ||
115 | .Ar path not specified. | ||
116 | .It Ic LUMASK Ar umask | ||
117 | Set local umask to | ||
118 | .Ar umask | ||
119 | .It Ic MKDIR Ar path | ||
120 | Create remote directory specified by | ||
121 | .Ar path | ||
122 | .It Ic PUT local-file Op Ar remote-file | ||
123 | Upload | ||
124 | .Ar local-file | ||
125 | and store it on the remote machine. If the local file name is not specified, | ||
126 | it is given the same name it has on the local machine. | ||
127 | .It Ic PWD | ||
128 | Display remote working directory | ||
129 | .It Ic EXIT | ||
130 | Quit sftp | ||
131 | .It Ic QUIT | ||
132 | Quit sftp | ||
133 | .It Ic RENAME Ar oldpath Ar newpath | ||
134 | Rename remote file from | ||
135 | .Ar oldpath | ||
136 | to | ||
137 | .Ar newpath | ||
138 | .It Ic RMDIR Ar path | ||
139 | Remove remote directory specified by | ||
140 | .Ar path | ||
141 | .It Ic RM Ar path | ||
142 | Delete remote file specified by | ||
143 | .Ar path | ||
144 | .It Ic ! Ar command | ||
145 | Execute | ||
146 | .Ar command | ||
147 | in local shell | ||
148 | .It Ic ! | ||
149 | Escape to local shell | ||
150 | .Sh AUTHORS | ||
151 | Damien Miller <djm@mindrot.org> | ||
152 | .Sh SEE ALSO | ||
153 | .Xr ssh 1 , | ||
154 | .Xr ssh-add 1 , | ||
155 | .Xr ssh-keygen 1 , | ||
156 | .Xr sshd 8 | ||
@@ -0,0 +1,222 @@ | |||
1 | /* | ||
2 | * Copyright (c) 2001 Damien Miller. All rights reserved. | ||
3 | * | ||
4 | * Redistribution and use in source and binary forms, with or without | ||
5 | * modification, are permitted provided that the following conditions | ||
6 | * are met: | ||
7 | * 1. Redistributions of source code must retain the above copyright | ||
8 | * notice, this list of conditions and the following disclaimer. | ||
9 | * 2. Redistributions in binary form must reproduce the above copyright | ||
10 | * notice, this list of conditions and the following disclaimer in the | ||
11 | * documentation and/or other materials provided with the distribution. | ||
12 | * | ||
13 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | ||
14 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | ||
15 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | ||
16 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | ||
17 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
18 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | ||
19 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | ||
20 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | ||
21 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | ||
22 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | ||
23 | */ | ||
24 | |||
25 | #include "includes.h" | ||
26 | |||
27 | RCSID("$OpenBSD: sftp.c,v 1.1 2001/02/04 11:11:54 djm Exp $"); | ||
28 | |||
29 | /* XXX: commandline mode */ | ||
30 | /* XXX: copy between two remote hosts (commandline) */ | ||
31 | /* XXX: short-form remote directory listings (like 'ls -C') */ | ||
32 | |||
33 | #include "buffer.h" | ||
34 | #include "xmalloc.h" | ||
35 | #include "log.h" | ||
36 | #include "pathnames.h" | ||
37 | |||
38 | #include "sftp.h" | ||
39 | #include "sftp-common.h" | ||
40 | #include "sftp-client.h" | ||
41 | #include "sftp-int.h" | ||
42 | |||
43 | void | ||
44 | connect_to_server(char **args, int *in, int *out, pid_t *sshpid) | ||
45 | { | ||
46 | int c_in, c_out; | ||
47 | #ifdef USE_PIPES | ||
48 | int pin[2], pout[2]; | ||
49 | if ((pipe(pin) == -1) || (pipe(pout) == -1)) | ||
50 | fatal("pipe: %s", strerror(errno)); | ||
51 | *in = pin[0]; | ||
52 | *out = pout[1]; | ||
53 | c_in = pout[0]; | ||
54 | c_out = pin[1]; | ||
55 | #else /* USE_PIPES */ | ||
56 | int inout[2]; | ||
57 | if (socketpair(AF_UNIX, SOCK_STREAM, 0, inout) == -1) | ||
58 | fatal("socketpair: %s", strerror(errno)); | ||
59 | *in = *out = inout[0]; | ||
60 | c_in = c_out = inout[1]; | ||
61 | #endif /* USE_PIPES */ | ||
62 | |||
63 | if ((*sshpid = fork()) == -1) | ||
64 | fatal("fork: %s", strerror(errno)); | ||
65 | else if (*sshpid == 0) { | ||
66 | if ((dup2(c_in, STDIN_FILENO) == -1) || | ||
67 | (dup2(c_out, STDOUT_FILENO) == -1)) { | ||
68 | fprintf(stderr, "dup2: %s\n", strerror(errno)); | ||
69 | exit(1); | ||
70 | } | ||
71 | close(*in); | ||
72 | close(*out); | ||
73 | close(c_in); | ||
74 | close(c_out); | ||
75 | execv(_PATH_SSH_PROGRAM, args); | ||
76 | fprintf(stderr, "exec: %s", strerror(errno)); | ||
77 | exit(1); | ||
78 | } | ||
79 | |||
80 | close(c_in); | ||
81 | close(c_out); | ||
82 | } | ||
83 | |||
84 | char ** | ||
85 | make_ssh_args(char *add_arg) | ||
86 | { | ||
87 | static char **args = NULL; | ||
88 | static int nargs = 0; | ||
89 | char debug_buf[4096]; | ||
90 | int i; | ||
91 | |||
92 | /* Init args array */ | ||
93 | if (args == NULL) { | ||
94 | nargs = 4; | ||
95 | i = 0; | ||
96 | args = xmalloc(sizeof(*args) * nargs); | ||
97 | args[i++] = "ssh"; | ||
98 | args[i++] = "-oProtocol=2"; | ||
99 | args[i++] = "-s"; | ||
100 | args[i++] = NULL; | ||
101 | } | ||
102 | |||
103 | /* If asked to add args, then do so and return */ | ||
104 | if (add_arg) { | ||
105 | i = nargs++ - 1; | ||
106 | args = xrealloc(args, sizeof(*args) * nargs); | ||
107 | args[i++] = add_arg; | ||
108 | args[i++] = NULL; | ||
109 | return(NULL); | ||
110 | } | ||
111 | |||
112 | /* Otherwise finish up and return the arg array */ | ||
113 | make_ssh_args("sftp"); | ||
114 | |||
115 | /* XXX: overflow - doesn't grow debug_buf */ | ||
116 | debug_buf[0] = '\0'; | ||
117 | for(i = 0; args[i]; i++) { | ||
118 | if (i) | ||
119 | strlcat(debug_buf, " ", sizeof(debug_buf)); | ||
120 | |||
121 | strlcat(debug_buf, args[i], sizeof(debug_buf)); | ||
122 | } | ||
123 | debug("SSH args \"%s\"", debug_buf); | ||
124 | |||
125 | return(args); | ||
126 | } | ||
127 | |||
128 | void | ||
129 | usage(void) | ||
130 | { | ||
131 | fprintf(stderr, "usage: sftp [-vC] [-osshopt=value] [user@]host\n"); | ||
132 | exit(1); | ||
133 | } | ||
134 | |||
135 | int | ||
136 | main(int argc, char **argv) | ||
137 | { | ||
138 | int in, out, i, debug_level, compress_flag; | ||
139 | pid_t sshpid; | ||
140 | char *cp; | ||
141 | LogLevel ll; | ||
142 | |||
143 | debug_level = compress_flag = 0; | ||
144 | for(i = 1; i < argc && argv[i][0] == '-'; i++) { | ||
145 | if (!strcmp(argv[i], "-v")) | ||
146 | debug_level = MIN(3, debug_level + 1); | ||
147 | else if (!strcmp(argv[i], "-C")) | ||
148 | compress_flag = 1; | ||
149 | else if (!strncmp(argv[i], "-o", 2)) { | ||
150 | make_ssh_args(argv[i]); | ||
151 | } else { | ||
152 | fprintf(stderr, "Unknown option \"%s\"\n", argv[i]); | ||
153 | usage(); | ||
154 | } | ||
155 | } | ||
156 | |||
157 | if (i == argc || argc > (i + 1)) | ||
158 | usage(); | ||
159 | |||
160 | if ((cp = strchr(argv[i], '@')) == NULL) | ||
161 | cp = argv[i]; | ||
162 | else { | ||
163 | *cp = '\0'; | ||
164 | if (!argv[i][0]) { | ||
165 | fprintf(stderr, "Missing username\n"); | ||
166 | usage(); | ||
167 | } | ||
168 | make_ssh_args("-l"); | ||
169 | make_ssh_args(argv[i]); | ||
170 | cp++; | ||
171 | } | ||
172 | |||
173 | if (!*cp) { | ||
174 | fprintf(stderr, "Missing hostname\n"); | ||
175 | usage(); | ||
176 | } | ||
177 | |||
178 | /* Set up logging and debug '-d' arguments to ssh */ | ||
179 | ll = SYSLOG_LEVEL_INFO; | ||
180 | switch (debug_level) { | ||
181 | case 1: | ||
182 | ll = SYSLOG_LEVEL_DEBUG1; | ||
183 | make_ssh_args("-v"); | ||
184 | break; | ||
185 | case 2: | ||
186 | ll = SYSLOG_LEVEL_DEBUG2; | ||
187 | make_ssh_args("-v"); | ||
188 | make_ssh_args("-v"); | ||
189 | break; | ||
190 | case 3: | ||
191 | ll = SYSLOG_LEVEL_DEBUG3; | ||
192 | make_ssh_args("-v"); | ||
193 | make_ssh_args("-v"); | ||
194 | make_ssh_args("-v"); | ||
195 | break; | ||
196 | } | ||
197 | |||
198 | if (compress_flag) | ||
199 | make_ssh_args("-C"); | ||
200 | |||
201 | log_init(argv[0], ll, SYSLOG_FACILITY_USER, 1); | ||
202 | |||
203 | make_ssh_args(cp); | ||
204 | |||
205 | fprintf(stderr, "Connecting to %s...\n", cp); | ||
206 | |||
207 | connect_to_server(make_ssh_args(NULL), &in, &out, &sshpid); | ||
208 | |||
209 | do_init(in, out); | ||
210 | |||
211 | interactive_loop(in, out); | ||
212 | |||
213 | close(in); | ||
214 | close(out); | ||
215 | |||
216 | if (kill(sshpid, SIGHUP) == -1) | ||
217 | fatal("Couldn't terminate ssh process: %s", strerror(errno)); | ||
218 | |||
219 | /* XXX: wait? */ | ||
220 | |||
221 | exit(0); | ||
222 | } | ||
@@ -34,7 +34,7 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 36 | .\" |
37 | .\" $OpenBSD: ssh.1,v 1.80 2001/01/29 12:36:10 djm Exp $ | 37 | .\" $OpenBSD: ssh.1,v 1.83 2001/02/04 11:11:55 djm Exp $ |
38 | .Dd September 25, 1999 | 38 | .Dd September 25, 1999 |
39 | .Dt SSH 1 | 39 | .Dt SSH 1 |
40 | .Os | 40 | .Os |
@@ -753,8 +753,8 @@ Specifies a file to use instead of | |||
753 | .It Cm HostKeyAlias | 753 | .It Cm HostKeyAlias |
754 | Specifies an alias that should be used instead of the | 754 | Specifies an alias that should be used instead of the |
755 | real host name when looking up or saving the host key | 755 | real host name when looking up or saving the host key |
756 | the kown_hosts files. | 756 | in the known_hosts files. |
757 | This option is useful for tunneling ssh connection | 757 | This option is useful for tunneling ssh connections |
758 | or if you have multiple servers running on a single host. | 758 | or if you have multiple servers running on a single host. |
759 | .It Cm HostName | 759 | .It Cm HostName |
760 | Specifies the real host name to log into. | 760 | Specifies the real host name to log into. |
@@ -914,8 +914,9 @@ RSA authentication will only be | |||
914 | attempted if the identity file exists, or an authentication agent is | 914 | attempted if the identity file exists, or an authentication agent is |
915 | running. | 915 | running. |
916 | Note that this option applies to protocol version 1 only. | 916 | Note that this option applies to protocol version 1 only. |
917 | .It Cm SkeyAuthentication | 917 | .It Cm ChallengeResponseAuthentication |
918 | Specifies whether to use | 918 | Specifies whether to use challenge response authentication. |
919 | Currently there is only support for | ||
919 | .Xr skey 1 | 920 | .Xr skey 1 |
920 | authentication. | 921 | authentication. |
921 | The argument to this keyword must be | 922 | The argument to this keyword must be |
@@ -1270,6 +1271,7 @@ protocol versions 1.5 and 2.0. | |||
1270 | .Xr rlogin 1 , | 1271 | .Xr rlogin 1 , |
1271 | .Xr rsh 1 , | 1272 | .Xr rsh 1 , |
1272 | .Xr scp 1 , | 1273 | .Xr scp 1 , |
1274 | .Xr sftp 1 , | ||
1273 | .Xr ssh-add 1 , | 1275 | .Xr ssh-add 1 , |
1274 | .Xr ssh-agent 1 , | 1276 | .Xr ssh-agent 1 , |
1275 | .Xr ssh-keygen 1 , | 1277 | .Xr ssh-keygen 1 , |
diff --git a/ssh_config b/ssh_config index e7dabbf53..cfaf2313f 100644 --- a/ssh_config +++ b/ssh_config | |||
@@ -1,8 +1,8 @@ | |||
1 | # $OpenBSD: ssh_config,v 1.7 2001/01/29 01:58:18 niklas Exp $ | 1 | # $OpenBSD: ssh_config,v 1.8 2001/02/02 12:57:51 deraadt Exp $ |
2 | 2 | ||
3 | # This is ssh client systemwide configuration file. This file provides | 3 | # This is ssh client systemwide configuration file. See ssh(1) for more |
4 | # defaults for users, and the values can be changed in per-user configuration | 4 | # information. This file provides defaults for users, and the values can |
5 | # files or on the command line. | 5 | # be changed in per-user configuration files or on the command line. |
6 | 6 | ||
7 | # Configuration data is parsed as follows: | 7 | # Configuration data is parsed as follows: |
8 | # 1. command line options | 8 | # 1. command line options |
diff --git a/sshconnect1.c b/sshconnect1.c index e732806f3..80b769b47 100644 --- a/sshconnect1.c +++ b/sshconnect1.c | |||
@@ -13,7 +13,7 @@ | |||
13 | */ | 13 | */ |
14 | 14 | ||
15 | #include "includes.h" | 15 | #include "includes.h" |
16 | RCSID("$OpenBSD: sshconnect1.c,v 1.21 2001/01/29 19:47:31 markus Exp $"); | 16 | RCSID("$OpenBSD: sshconnect1.c,v 1.22 2001/02/03 10:08:37 markus Exp $"); |
17 | 17 | ||
18 | #include <openssl/bn.h> | 18 | #include <openssl/bn.h> |
19 | #include <openssl/evp.h> | 19 | #include <openssl/evp.h> |
@@ -399,11 +399,11 @@ try_kerberos_authentication() | |||
399 | if (stat(tkt_string(), &st) < 0) | 399 | if (stat(tkt_string(), &st) < 0) |
400 | return 0; | 400 | return 0; |
401 | 401 | ||
402 | strncpy(inst, (char *) krb_get_phost(get_canonical_hostname()), INST_SZ); | 402 | strncpy(inst, (char *) krb_get_phost(get_canonical_hostname(1)), INST_SZ); |
403 | 403 | ||
404 | realm = (char *) krb_realmofhost(get_canonical_hostname()); | 404 | realm = (char *) krb_realmofhost(get_canonical_hostname(1)); |
405 | if (!realm) { | 405 | if (!realm) { |
406 | debug("Kerberos V4: no realm for %s", get_canonical_hostname()); | 406 | debug("Kerberos V4: no realm for %s", get_canonical_hostname(1)); |
407 | return 0; | 407 | return 0; |
408 | } | 408 | } |
409 | /* This can really be anything. */ | 409 | /* This can really be anything. */ |
@@ -34,7 +34,7 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 36 | .\" |
37 | .\" $OpenBSD: sshd.8,v 1.86 2001/01/28 20:43:25 stevesk Exp $ | 37 | .\" $OpenBSD: sshd.8,v 1.90 2001/02/04 11:11:55 djm Exp $ |
38 | .Dd September 25, 1999 | 38 | .Dd September 25, 1999 |
39 | .Dt SSHD 8 | 39 | .Dt SSHD 8 |
40 | .Os | 40 | .Os |
@@ -593,6 +593,14 @@ The default is | |||
593 | .It Cm RandomSeed | 593 | .It Cm RandomSeed |
594 | Obsolete. | 594 | Obsolete. |
595 | Random number generation uses other techniques. | 595 | Random number generation uses other techniques. |
596 | .It Cm ReverseMappingCheck | ||
597 | Specifies whether | ||
598 | .Nm | ||
599 | should try to verify the remote host name and check that | ||
600 | the resolved host name for the remote IP address maps back to the | ||
601 | very same IP address. | ||
602 | The default is | ||
603 | .Dq no . | ||
596 | .It Cm RhostsAuthentication | 604 | .It Cm RhostsAuthentication |
597 | Specifies whether authentication using rhosts or /etc/hosts.equiv | 605 | Specifies whether authentication using rhosts or /etc/hosts.equiv |
598 | files is sufficient. | 606 | files is sufficient. |
@@ -616,15 +624,15 @@ Note that this option applies to protocol version 1 only. | |||
616 | .It Cm ServerKeyBits | 624 | .It Cm ServerKeyBits |
617 | Defines the number of bits in the server key. | 625 | Defines the number of bits in the server key. |
618 | The minimum value is 512, and the default is 768. | 626 | The minimum value is 512, and the default is 768. |
619 | .It Cm SkeyAuthentication | 627 | .It Cm ChallengeResponseAuthentication |
620 | Specifies whether | 628 | Specifies whether |
621 | .Xr skey 1 | 629 | challenge reponse |
622 | authentication is allowed. | 630 | authentication is allowed. |
631 | Currently there is only support for | ||
632 | .Xr skey 1 | ||
633 | authentication. | ||
623 | The default is | 634 | The default is |
624 | .Dq yes . | 635 | .Dq yes . |
625 | Note that s/key authentication is enabled only if | ||
626 | .Cm PasswordAuthentication | ||
627 | is allowed, too. | ||
628 | .It Cm StrictModes | 636 | .It Cm StrictModes |
629 | Specifies whether | 637 | Specifies whether |
630 | .Nm | 638 | .Nm |
@@ -797,6 +805,9 @@ authentication. | |||
797 | The command supplied by the user (if any) is ignored. | 805 | The command supplied by the user (if any) is ignored. |
798 | The command is run on a pty if the connection requests a pty; | 806 | The command is run on a pty if the connection requests a pty; |
799 | otherwise it is run without a tty. | 807 | otherwise it is run without a tty. |
808 | Note that if you want a 8-bit clean channel, | ||
809 | you must not request a pty or should specify | ||
810 | .Cm no-pty . | ||
800 | A quote may be included in the command by quoting it with a backslash. | 811 | A quote may be included in the command by quoting it with a backslash. |
801 | This option might be useful | 812 | This option might be useful |
802 | to restrict certain RSA keys to perform just a specific operation. | 813 | to restrict certain RSA keys to perform just a specific operation. |
@@ -1076,6 +1087,7 @@ Markus Friedl contributed the support for SSH | |||
1076 | protocol versions 1.5 and 2.0. | 1087 | protocol versions 1.5 and 2.0. |
1077 | .Sh SEE ALSO | 1088 | .Sh SEE ALSO |
1078 | .Xr scp 1 , | 1089 | .Xr scp 1 , |
1090 | .Xr sftp 1 , | ||
1079 | .Xr sftp-server 8 , | 1091 | .Xr sftp-server 8 , |
1080 | .Xr ssh 1 , | 1092 | .Xr ssh 1 , |
1081 | .Xr ssh-add 1 , | 1093 | .Xr ssh-add 1 , |
diff --git a/sshd_config b/sshd_config index 25c0ec3f7..9ba1789a4 100644 --- a/sshd_config +++ b/sshd_config | |||
@@ -1,6 +1,7 @@ | |||
1 | # $OpenBSD: sshd_config,v 1.27 2001/01/29 01:58:19 niklas Exp $ | 1 | # $OpenBSD: sshd_config,v 1.30 2001/02/03 10:19:51 markus Exp $ |
2 | 2 | ||
3 | # This is ssh server systemwide configuration file. | 3 | # This is the sshd server system-wide configuration file. See sshd(8) |
4 | # for more information. | ||
4 | 5 | ||
5 | Port 22 | 6 | Port 22 |
6 | #Protocol 2,1 | 7 | #Protocol 2,1 |
@@ -39,9 +40,9 @@ RSAAuthentication yes | |||
39 | # To disable tunneled clear text passwords, change to no here! | 40 | # To disable tunneled clear text passwords, change to no here! |
40 | PasswordAuthentication yes | 41 | PasswordAuthentication yes |
41 | PermitEmptyPasswords no | 42 | PermitEmptyPasswords no |
43 | |||
42 | # Uncomment to disable s/key passwords | 44 | # Uncomment to disable s/key passwords |
43 | #SkeyAuthentication no | 45 | #ChallengeResposeAuthentication no |
44 | #KbdInteractiveAuthentication yes | ||
45 | 46 | ||
46 | # To change Kerberos options | 47 | # To change Kerberos options |
47 | #KerberosAuthentication no | 48 | #KerberosAuthentication no |
@@ -59,3 +60,4 @@ PermitEmptyPasswords no | |||
59 | #Subsystem sftp /usr/libexec/sftp-server | 60 | #Subsystem sftp /usr/libexec/sftp-server |
60 | #MaxStartups 10:30:60 | 61 | #MaxStartups 10:30:60 |
61 | #Banner /etc/issue.net | 62 | #Banner /etc/issue.net |
63 | #ReverseMappingCheck yes | ||