summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ChangeLog2
-rw-r--r--Makefile.in8
-rw-r--r--acconfig.h17
-rw-r--r--aclocal.m415
-rw-r--r--configure.in83
-rw-r--r--entropy.c207
-rw-r--r--log-server.c4
-rw-r--r--ssh.h5
-rw-r--r--ssh_prng_cmds.in50
9 files changed, 245 insertions, 146 deletions
diff --git a/ChangeLog b/ChangeLog
index 1c924fb2a..d7143d5d4 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -14,6 +14,8 @@
14 - unlink pid file, ok niels@ 14 - unlink pid file, ok niels@
15 [auth2.c] 15 [auth2.c]
16 - Add missing #ifdefs; ok - markus 16 - Add missing #ifdefs; ok - markus
17 - Add Andre Lucas' <andre.lucas@dial.pipex.com> patch to read entropy
18 gathering commands from a text file
17 - Release 2.0.0beta1 19 - Release 2.0.0beta1
18 20
1920000501 2120000501
diff --git a/Makefile.in b/Makefile.in
index d5e3fde6c..646201c04 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -29,6 +29,8 @@ INSTALL=@INSTALL@
29PERL=@PERL@ 29PERL=@PERL@
30LDFLAGS=-L. @LDFLAGS@ 30LDFLAGS=-L. @LDFLAGS@
31 31
32INSTALL_SSH_PRNG_CMDS=@INSTALL_SSH_PRNG_CMDS@
33
32TARGETS=ssh sshd ssh-add ssh-keygen ssh-agent scp $(EXTRA_TARGETS) 34TARGETS=ssh sshd ssh-add ssh-keygen ssh-agent scp $(EXTRA_TARGETS)
33 35
34LIBOBJS= atomicio.o authfd.o authfile.o bsd-bindresvport.o bsd-daemon.o bsd-misc.o bsd-mktemp.o bsd-rresvport.o bsd-setenv.o bsd-snprintf.o bsd-strlcat.o bsd-strlcpy.o bufaux.o buffer.o canohost.o channels.o cipher.o compat.o compress.o crc32.o deattack.o dispatch.o dsa.o fake-getaddrinfo.o fake-getnameinfo.o fingerprint.o hmac.o hostfile.o key.o kex.o log.o match.o mpaux.o nchan.o packet.o radix.o entropy.o readpass.o rsa.o tildexpand.o ttymodes.o uidswap.o uuencode.o xmalloc.o 36LIBOBJS= atomicio.o authfd.o authfile.o bsd-bindresvport.o bsd-daemon.o bsd-misc.o bsd-mktemp.o bsd-rresvport.o bsd-setenv.o bsd-snprintf.o bsd-strlcat.o bsd-strlcpy.o bufaux.o buffer.o canohost.o channels.o cipher.o compat.o compress.o crc32.o deattack.o dispatch.o dsa.o fake-getaddrinfo.o fake-getnameinfo.o fingerprint.o hmac.o hostfile.o key.o kex.o log.o match.o mpaux.o nchan.o packet.o radix.o entropy.o readpass.o rsa.o tildexpand.o ttymodes.o uidswap.o uuencode.o xmalloc.o
@@ -80,7 +82,7 @@ $(MANPAGES) $(CONFIGFILES)::
80 82
81clean: 83clean:
82 rm -f *.o *.a $(TARGETS) config.status config.cache config.log 84 rm -f *.o *.a $(TARGETS) config.status config.cache config.log
83 rm -f *.out core 85 rm -f *.out ssh_prng_cmds core
84 86
85distclean: clean 87distclean: clean
86 rm -f Makefile config.h core *~ 88 rm -f Makefile config.h core *~
@@ -125,6 +127,9 @@ install: manpages $(TARGETS)
125 $(INSTALL) -m 644 ssh_config.out $(DESTDIR)$(sysconfdir)/ssh_config; \ 127 $(INSTALL) -m 644 ssh_config.out $(DESTDIR)$(sysconfdir)/ssh_config; \
126 $(INSTALL) -m 644 sshd_config.out $(DESTDIR)$(sysconfdir)/sshd_config; \ 128 $(INSTALL) -m 644 sshd_config.out $(DESTDIR)$(sysconfdir)/sshd_config; \
127 fi 129 fi
130 if [ -f ssh_prng_cmds -a ! -z "$(INSTALL_SSH_PRNG_CMDS)" ]; then \
131 $(INSTALL) -m 644 ssh_prng_cmds $(DESTDIR)$(sysconfdir)/ssh_prng_cmds; \
132 fi
128 133
129host-key: ssh-keygen 134host-key: ssh-keygen
130 ./ssh-keygen -b 1024 -f $(sysconfdir)/ssh_host_key -N '' 135 ./ssh-keygen -b 1024 -f $(sysconfdir)/ssh_host_key -N ''
@@ -132,6 +137,7 @@ host-key: ssh-keygen
132uninstallall: uninstall 137uninstallall: uninstall
133 -rm -f $(DESTDIR)$(sysconfdir)/ssh_config 138 -rm -f $(DESTDIR)$(sysconfdir)/ssh_config
134 -rm -f $(DESTDIR)$(sysconfdir)/sshd_config 139 -rm -f $(DESTDIR)$(sysconfdir)/sshd_config
140 -rm -f $(DESTDIR)$(sysconfdir)/ssh_prng_cmds
135 -rmdir $(DESTDIR)$(sysconfdir) 141 -rmdir $(DESTDIR)$(sysconfdir)
136 -rmdir $(DESTDIR)$(bindir) 142 -rmdir $(DESTDIR)$(bindir)
137 -rmdir $(DESTDIR)$(sbindir) 143 -rmdir $(DESTDIR)$(sbindir)
diff --git a/acconfig.h b/acconfig.h
index d07fd4fe7..99e70d17b 100644
--- a/acconfig.h
+++ b/acconfig.h
@@ -153,23 +153,6 @@
153/* Detect IPv4 in IPv6 mapped addresses and treat as IPv4 */ 153/* Detect IPv4 in IPv6 mapped addresses and treat as IPv4 */
154#undef IPV4_IN_IPV6 154#undef IPV4_IN_IPV6
155 155
156/* Programs used in entropy collection */
157#undef PROG_LS
158#undef PROG_NETSTAT
159#undef PROG_ARP
160#undef PROG_IFCONFIG
161#undef PROG_PS
162#undef PROG_W
163#undef PROG_WHO
164#undef PROG_LAST
165#undef PROG_LASTLOG
166#undef PROG_DF
167#undef PROG_VMSTAT
168#undef PROG_UPTIME
169#undef PROG_IPCS
170#undef PROG_TAIL
171
172
173@BOTTOM@ 156@BOTTOM@
174 157
175/* ******************* Shouldn't need to edit below this line ************** */ 158/* ******************* Shouldn't need to edit below this line ************** */
diff --git a/aclocal.m4 b/aclocal.m4
new file mode 100644
index 000000000..65783346b
--- /dev/null
+++ b/aclocal.m4
@@ -0,0 +1,15 @@
1dnl $Id: aclocal.m4,v 1.1 2000/05/01 23:57:51 damien Exp $
2dnl
3dnl OpenSSH-specific autoconf macros
4dnl
5
6dnl AC_PATH_ENTROPY_PROG(variablename, command):
7dnl Tidiness function, sets 'undef' if not found, and does the AC_SUBST
8AC_DEFUN(AC_PATH_ENTROPY_PROG, [
9 AC_PATH_PROG([$1], [$2])
10 if test -z "[$]$1" ; then
11 $1="undef"
12 fi
13 AC_SUBST([$1])
14])
15
diff --git a/configure.in b/configure.in
index 8046fa3e1..be2a63df1 100644
--- a/configure.in
+++ b/configure.in
@@ -637,66 +637,31 @@ AC_ARG_WITH(egd-pool,
637 ] 637 ]
638) 638)
639 639
640# detect pathnames for entropy gathering commands, if we need them
641INSTALL_SSH_PRNG_CMDS=""
642rm -f prng_commands
640if test -z "$RANDOM_POOL" -a -z "$EGD_SOCKET" ; then 643if test -z "$RANDOM_POOL" -a -z "$EGD_SOCKET" ; then
641 # Use these commands to collect entropy 644 # Use these commands to collect entropy
642 AC_PATH_PROG(PROG_LS, ls) 645 AC_PATH_ENTROPY_PROG(PROG_LS, ls)
643 AC_PATH_PROG(PROG_NETSTAT, netstat) 646 AC_PATH_ENTROPY_PROG(PROG_NETSTAT, netstat)
644 AC_PATH_PROG(PROG_ARP, arp) 647 AC_PATH_ENTROPY_PROG(PROG_ARP, arp)
645 AC_PATH_PROG(PROG_IFCONFIG, ifconfig) 648 AC_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
646 AC_PATH_PROG(PROG_PS, ps) 649 AC_PATH_ENTROPY_PROG(PROG_PS, ps)
647 AC_PATH_PROG(PROG_W, w) 650 AC_PATH_ENTROPY_PROG(PROG_W, w)
648 AC_PATH_PROG(PROG_WHO, who) 651 AC_PATH_ENTROPY_PROG(PROG_WHO, who)
649 AC_PATH_PROG(PROG_LAST, last) 652 AC_PATH_ENTROPY_PROG(PROG_LAST, last)
650 AC_PATH_PROG(PROG_LASTLOG, lastlog) 653 AC_PATH_ENTROPY_PROG(PROG_LASTLOG, lastlog)
651 AC_PATH_PROG(PROG_DF, df) 654 AC_PATH_ENTROPY_PROG(PROG_DF, df)
652 AC_PATH_PROG(PROG_VMSTAT, vmstat) 655 AC_PATH_ENTROPY_PROG(PROG_VMSTAT, vmstat)
653 AC_PATH_PROG(PROG_UPTIME, uptime) 656 AC_PATH_ENTROPY_PROG(PROG_UPTIME, uptime)
654 AC_PATH_PROG(PROG_IPCS, ipcs) 657 AC_PATH_ENTROPY_PROG(PROG_IPCS, ipcs)
655 AC_PATH_PROG(PROG_TAIL, tail) 658 AC_PATH_ENTROPY_PROG(PROG_TAIL, tail)
656 AC_PATH_PROG(PROG_LS, ls) 659 AC_PATH_ENTROPY_PROG(PROG_LS, ls)
657 if test ! -z "$PROG_LS" ; then 660
658 AC_DEFINE_UNQUOTED(PROG_LS, "$PROG_LS") 661 INSTALL_SSH_PRNG_CMDS="yes"
659 fi
660 if test ! -z "$PROG_NETSTAT" ; then
661 AC_DEFINE_UNQUOTED(PROG_NETSTAT, "$PROG_NETSTAT")
662 fi
663 if test ! -z "$PROG_ARP" ; then
664 AC_DEFINE_UNQUOTED(PROG_ARP, "$PROG_ARP")
665 fi
666 if test ! -z "$PROG_IFCONFIG" ; then
667 AC_DEFINE_UNQUOTED(PROG_IFCONFIG, "$PROG_IFCONFIG")
668 fi
669 if test ! -z "$PROG_PS" ; then
670 AC_DEFINE_UNQUOTED(PROG_PS, "$PROG_PS")
671 fi
672 if test ! -z "$PROG_W" ; then
673 AC_DEFINE_UNQUOTED(PROG_W, "$PROG_W")
674 fi
675 if test ! -z "$PROG_WHO" ; then
676 AC_DEFINE_UNQUOTED(PROG_WHO, "$PROG_WHO")
677 fi
678 if test ! -z "$PROG_LAST" ; then
679 AC_DEFINE_UNQUOTED(PROG_LAST, "$PROG_LAST")
680 fi
681 if test ! -z "$PROG_LASTLOG" ; then
682 AC_DEFINE_UNQUOTED(PROG_LASTLOG, "$PROG_LASTLOG")
683 fi
684 if test ! -z "$PROG_DF" ; then
685 AC_DEFINE_UNQUOTED(PROG_DF, "$PROG_DF")
686 fi
687 if test ! -z "$PROG_VMSTAT" ; then
688 AC_DEFINE_UNQUOTED(PROG_VMSTAT, "$PROG_VMSTAT")
689 fi
690 if test ! -z "$PROG_UPTIME" ; then
691 AC_DEFINE_UNQUOTED(PROG_UPTIME, "$PROG_UPTIME")
692 fi
693 if test ! -z "$PROG_UPTIME" ; then
694 AC_DEFINE_UNQUOTED(PROG_UPTIME, "$PROG_UPTIME")
695 fi
696 if test ! -z "$PROG_TAIL" ; then
697 AC_DEFINE_UNQUOTED(PROG_TAIL, "$PROG_TAIL")
698 fi
699fi 662fi
663AC_SUBST(INSTALL_SSH_PRNG_CMDS)
664
700 665
701AC_ARG_WITH(catman, 666AC_ARG_WITH(catman,
702 [ --with-catman=man|cat Install preformatted manpages[no]], 667 [ --with-catman=man|cat Install preformatted manpages[no]],
@@ -932,4 +897,6 @@ if test ! -z "$blibpath" ; then
932 AC_MSG_WARN([Please check and edit -blibpath in LDFLAGS in Makefile]) 897 AC_MSG_WARN([Please check and edit -blibpath in LDFLAGS in Makefile])
933fi 898fi
934 899
935AC_OUTPUT(Makefile) 900AC_OUTPUT(Makefile ssh_prng_cmds)
901
902
diff --git a/entropy.c b/entropy.c
index 2766d90b6..9782e0f32 100644
--- a/entropy.c
+++ b/entropy.c
@@ -35,7 +35,7 @@
35#include <openssl/rand.h> 35#include <openssl/rand.h>
36#include <openssl/sha.h> 36#include <openssl/sha.h>
37 37
38RCSID("$Id: entropy.c,v 1.7 2000/05/01 14:03:56 damien Exp $"); 38RCSID("$Id: entropy.c,v 1.8 2000/05/01 23:56:41 damien Exp $");
39 39
40#ifdef EGD_SOCKET 40#ifdef EGD_SOCKET
41#ifndef offsetof 41#ifndef offsetof
@@ -111,8 +111,6 @@ void get_random_bytes(unsigned char *buf, int len)
111 * FIXME: proper entropy estimations. All current values are guesses 111 * FIXME: proper entropy estimations. All current values are guesses
112 * FIXME: (ATL) do estimates at compile time? 112 * FIXME: (ATL) do estimates at compile time?
113 * FIXME: More entropy sources 113 * FIXME: More entropy sources
114 * FIXME: (ATL) bring in entropy sources from file
115 * FIXME: (ATL) add heuristic to increase the timeout if needed
116 */ 114 */
117 115
118/* slow command timeouts (all in milliseconds) */ 116/* slow command timeouts (all in milliseconds) */
@@ -120,7 +118,8 @@ void get_random_bytes(unsigned char *buf, int len)
120static int entropy_timeout_current = ENTROPY_TIMEOUT_MSEC; 118static int entropy_timeout_current = ENTROPY_TIMEOUT_MSEC;
121 119
122static int prng_seed_loaded = 0; 120static int prng_seed_loaded = 0;
123static int prng_seed_saved = 0; 121static int prng_seed_saved = 0;
122static int prng_commands_loaded = 0;
124 123
125typedef struct 124typedef struct
126{ 125{
@@ -131,9 +130,9 @@ typedef struct
131 /* Increases by factor of two each timeout */ 130 /* Increases by factor of two each timeout */
132 unsigned int sticky_badness; 131 unsigned int sticky_badness;
133 /* Path to executable */ 132 /* Path to executable */
134 const char *path; 133 char *path;
135 /* argv to pass to executable */ 134 /* argv to pass to executable */
136 const char *args[5]; 135 char *args[5];
137} entropy_source_t; 136} entropy_source_t;
138 137
139double stir_from_system(void); 138double stir_from_system(void);
@@ -143,67 +142,10 @@ double stir_clock(double entropy_estimate);
143double stir_rusage(int who, double entropy_estimate); 142double stir_rusage(int who, double entropy_estimate);
144double hash_output_from_command(entropy_source_t *src, char *hash); 143double hash_output_from_command(entropy_source_t *src, char *hash);
145 144
146entropy_source_t entropy_sources[] = { 145/* this is initialised from a file, by prng_read_commands() */
147#ifdef PROG_LS 146entropy_source_t *entropy_sources = NULL;
148 { 0.002, 0, 1, PROG_LS, { "ls", "-alni", "/var/log", NULL } }, 147#define MIN_ENTROPY_SOURCES 16
149 { 0.002, 0, 1, PROG_LS, { "ls", "-alni", "/var/adm", NULL } }, 148
150 { 0.002, 0, 1, PROG_LS, { "ls", "-alni", "/var/mail", NULL } },
151 { 0.002, 0, 1, PROG_LS, { "ls", "-alni", "/var/spool/mail", NULL } },
152 { 0.002, 0, 1, PROG_LS, { "ls", "-alni", "/proc", NULL } },
153 { 0.002, 0, 1, PROG_LS, { "ls", "-alni", "/tmp", NULL } },
154#endif
155#ifdef PROG_NETSTAT
156 { 0.005, 0, 1, PROG_NETSTAT, { "netstat","-an", NULL, NULL } },
157 { 0.010, 0, 1, PROG_NETSTAT, { "netstat","-in", NULL, NULL } },
158 { 0.002, 0, 1, PROG_NETSTAT, { "netstat","-rn", NULL, NULL } },
159 { 0.002, 0, 1, PROG_NETSTAT, { "netstat","-s", NULL, NULL } },
160#endif
161#ifdef PROG_ARP
162 { 0.002, 0, 1, PROG_ARP, { "arp","-a","-n", NULL } },
163#endif
164#ifdef PROG_IFCONFIG
165 { 0.002, 0, 1, PROG_IFCONFIG, { "ifconfig", "-a", NULL, NULL } },
166#endif
167#ifdef PROG_PS
168 { 0.003, 0, 1, PROG_PS, { "ps", "laxww", NULL, NULL } },
169 { 0.003, 0, 1, PROG_PS, { "ps", "-al", NULL, NULL } },
170 { 0.003, 0, 1, PROG_PS, { "ps", "-efl", NULL, NULL } },
171#endif
172#ifdef PROG_W
173 { 0.005, 0, 1, PROG_W, { "w", NULL, NULL, NULL } },
174#endif
175#ifdef PROG_WHO
176 { 0.001, 0, 1, PROG_WHO, { "who","-i", NULL, NULL } },
177#endif
178#ifdef PROG_LAST
179 { 0.001, 0, 1, PROG_LAST, { "last", NULL, NULL, NULL } },
180#endif
181#ifdef PROG_LASTLOG
182 { 0.001, 0, 1, PROG_LASTLOG, { "lastlog", NULL, NULL, NULL } },
183#endif
184#ifdef PROG_DF
185 { 0.010, 0, 1, PROG_DF, { "df", NULL, NULL, NULL } },
186 { 0.010, 0, 1, PROG_DF, { "df", "-i", NULL, NULL } },
187#endif
188#ifdef PROG_VMSTAT
189 { 0.010, 0, 1, PROG_VMSTAT, { "vmstat", NULL, NULL, NULL } },
190#endif
191#ifdef PROG_UPTIME
192 { 0.001, 0, 1, PROG_UPTIME, { "uptime", NULL, NULL, NULL } },
193#endif
194#ifdef PROG_IPCS
195 { 0.001, 0, 1, PROG_IPCS, { "-a", NULL, NULL, NULL } },
196#endif
197#ifdef PROG_TAIL
198 { 0.001, 0, 1, PROG_TAIL, { "tail", "-200", "/var/log/messages", NULL, NULL } },
199 { 0.001, 0, 1, PROG_TAIL, { "tail", "-200", "/var/log/syslog", NULL, NULL } },
200 { 0.001, 0, 1, PROG_TAIL, { "tail", "-200", "/var/adm/messages", NULL, NULL } },
201 { 0.001, 0, 1, PROG_TAIL, { "tail", "-200", "/var/adm/syslog", NULL, NULL } },
202 { 0.001, 0, 1, PROG_TAIL, { "tail", "-200", "/var/log/maillog", NULL, NULL } },
203 { 0.001, 0, 1, PROG_TAIL, { "tail", "-200", "/var/adm/maillog", NULL, NULL } },
204#endif
205 { 0.000, 0, 0, NULL, { NULL, NULL, NULL, NULL, NULL } },
206};
207 149
208double 150double
209stir_from_system(void) 151stir_from_system(void)
@@ -597,6 +539,131 @@ prng_read_seedfile(void) {
597 RAND_add(&seed, sizeof(seed), 0.0); 539 RAND_add(&seed, sizeof(seed), 0.0);
598} 540}
599 541
542
543/*
544 * entropy command initialisation functions
545 */
546#define WHITESPACE " \t\n"
547
548int
549prng_read_commands(char *cmdfilename)
550{
551 FILE *f;
552 char line[1024];
553 char cmd[1024], path[256];
554 double est;
555 char *cp;
556 int linenum;
557 entropy_source_t *entcmd;
558 int num_cmds = 64;
559 int cur_cmd = 0;
560
561 f = fopen(cmdfilename, "r");
562 if (!f) {
563 fatal("couldn't read entropy commands file %.100s: %.100s",
564 cmdfilename, strerror(errno));
565 }
566
567 linenum = 0;
568
569 entcmd = (entropy_source_t *)xmalloc(num_cmds * sizeof(entropy_source_t));
570 memset(entcmd, '\0', num_cmds * sizeof(entropy_source_t));
571
572 while (fgets(line, sizeof(line), f)) {
573 linenum++;
574
575 /* skip leading whitespace, test for blank line or comment */
576 cp = line + strspn(line, WHITESPACE);
577 if ((*cp == 0) || (*cp == '#'))
578 continue; /* done with this line */
579
580 switch (*cp) {
581 int arg;
582 char *argv;
583
584 case '"':
585 /* first token, command args (incl. argv[0]) in double quotes */
586 cp = strtok(cp, "\"");
587 if (cp==NULL) {
588 error("missing or bad command string, %.100s line %d -- ignored",
589 cmdfilename, linenum);
590 continue;
591 }
592 strncpy(cmd, cp, sizeof(cmd));
593 /* second token, full command path */
594 if ((cp = strtok(NULL, WHITESPACE)) == NULL) {
595 error("missing command path, %.100s line %d -- ignored",
596 cmdfilename, linenum);
597 continue;
598 }
599 if (strncmp("undef", cp, 5)==0) /* did configure mark this as dead? */
600 continue;
601
602 strncpy(path, cp, sizeof(path));
603 /* third token, entropy rate estimate for this command */
604 if ( (cp = strtok(NULL, WHITESPACE)) == NULL) {
605 error("missing entropy estimate, %.100s line %d -- ignored",
606 cmdfilename, linenum);
607 continue;
608 }
609 est = strtod(cp, &argv);/* FIXME: (ATL) no error checking here */
610
611 /* end of line */
612 if ((cp = strtok(NULL, WHITESPACE)) != NULL) {
613 error("garbage at end of line %d in %.100s -- ignored",
614 linenum, cmdfilename);
615 continue;
616 }
617
618 /* split the command args */
619 cp = strtok(cmd, WHITESPACE);
620 arg = 0; argv = NULL;
621 do {
622 char *s = (char*)xmalloc(strlen(cp)+1);
623 strncpy(s, cp, strlen(cp)+1);
624 entcmd[cur_cmd].args[arg] = s;
625 arg++;
626 } while ((arg < 5) && (cp = strtok(NULL, WHITESPACE)));
627 if (strtok(NULL, WHITESPACE))
628 error("ignored extra command elements (max 5), %.100s line %d",
629 cmdfilename, linenum);
630
631 /* copy the command path and rate estimate */
632 entcmd[cur_cmd].path = (char *)xmalloc(strlen(path)+1);
633 strncpy(entcmd[cur_cmd].path, path, strlen(path)+1);
634 entcmd[cur_cmd].rate = est;
635 /* initialise other values */
636 entcmd[cur_cmd].sticky_badness = 1;
637
638 cur_cmd++;
639
640 /* If we've filled the array, reallocate it twice the size */
641 /* Do this now because even if this we're on the last command,
642 we need another slot to mark the last entry */
643 if (cur_cmd == num_cmds) {
644 num_cmds *= 2;
645 entcmd = xrealloc(entcmd, num_cmds * sizeof(entropy_source_t));
646 }
647 break;
648
649 default:
650 error("bad entropy command, %.100s line %d", cmdfilename,
651 linenum);
652 continue;
653 }
654 }
655
656 /* zero the last entry */
657 memset(&entcmd[cur_cmd], '\0', sizeof(entropy_source_t));
658 /* trim to size */
659 entropy_sources = xrealloc(entcmd, (cur_cmd+1) * sizeof(entropy_source_t));
660
661 debug("loaded %d entropy commands from %.100s", cur_cmd, cmdfilename);
662
663 return (cur_cmd >= MIN_ENTROPY_SOURCES);
664}
665
666
600#endif /* defined(EGD_SOCKET) || defined(RANDOM_POOL) */ 667#endif /* defined(EGD_SOCKET) || defined(RANDOM_POOL) */
601 668
602#if defined(EGD_SOCKET) || defined(RANDOM_POOL) 669#if defined(EGD_SOCKET) || defined(RANDOM_POOL)
@@ -634,6 +701,12 @@ prng_seed_cleanup(void *junk)
634void 701void
635seed_rng(void) 702seed_rng(void)
636{ 703{
704 if (!prng_commands_loaded) {
705 if (!prng_read_commands(SSH_PRNG_COMMAND_FILE))
706 fatal("PRNG initialisation failed -- exiting.");
707 prng_commands_loaded = 1;
708 }
709
637 debug("Seeding random number generator."); 710 debug("Seeding random number generator.");
638 debug("OpenSSL random status is now %i\n", RAND_status()); 711 debug("OpenSSL random status is now %i\n", RAND_status());
639 debug("%i bytes from system calls", (int)stir_from_system()); 712 debug("%i bytes from system calls", (int)stir_from_system());
diff --git a/log-server.c b/log-server.c
index 9070b6530..57c7b3715 100644
--- a/log-server.c
+++ b/log-server.c
@@ -15,7 +15,7 @@
15 */ 15 */
16 16
17#include "includes.h" 17#include "includes.h"
18RCSID("$Id: log-server.c,v 1.9 2000/04/16 01:18:43 damien Exp $"); 18RCSID("$Id: log-server.c,v 1.10 2000/05/01 23:56:42 damien Exp $");
19 19
20#include <syslog.h> 20#include <syslog.h>
21#include "packet.h" 21#include "packet.h"
@@ -25,7 +25,7 @@ RCSID("$Id: log-server.c,v 1.9 2000/04/16 01:18:43 damien Exp $");
25#ifdef HAVE___PROGNAME 25#ifdef HAVE___PROGNAME
26extern char *__progname; 26extern char *__progname;
27#else /* HAVE___PROGNAME */ 27#else /* HAVE___PROGNAME */
28const char *__progname = "sshd"; 28static const char *__progname = "sshd";
29#endif /* HAVE___PROGNAME */ 29#endif /* HAVE___PROGNAME */
30 30
31static LogLevel log_level = SYSLOG_LEVEL_INFO; 31static LogLevel log_level = SYSLOG_LEVEL_INFO;
diff --git a/ssh.h b/ssh.h
index 14e575ec9..b45350d12 100644
--- a/ssh.h
+++ b/ssh.h
@@ -13,7 +13,7 @@
13 * 13 *
14 */ 14 */
15 15
16/* RCSID("$Id: ssh.h,v 1.36 2000/04/29 23:30:46 damien Exp $"); */ 16/* RCSID("$Id: ssh.h,v 1.37 2000/05/01 23:56:42 damien Exp $"); */
17 17
18#ifndef SSH_H 18#ifndef SSH_H
19#define SSH_H 19#define SSH_H
@@ -129,6 +129,9 @@
129#ifndef SSH_PRNG_SEED_FILE 129#ifndef SSH_PRNG_SEED_FILE
130# define SSH_PRNG_SEED_FILE SSH_USER_DIR"/prng_seed" 130# define SSH_PRNG_SEED_FILE SSH_USER_DIR"/prng_seed"
131#endif /* SSH_PRNG_SEED_FILE */ 131#endif /* SSH_PRNG_SEED_FILE */
132#ifndef SSH_PRNG_COMMAND_FILE
133# define SSH_PRNG_COMMAND_FILE ETCDIR "/ssh_prng_cmds"
134#endif /* SSH_PRNG_COMMAND_FILE */
132 135
133/* 136/*
134 * Per-user file containing host keys of known hosts. This file need not be 137 * Per-user file containing host keys of known hosts. This file need not be
diff --git a/ssh_prng_cmds.in b/ssh_prng_cmds.in
new file mode 100644
index 000000000..16ecb30bb
--- /dev/null
+++ b/ssh_prng_cmds.in
@@ -0,0 +1,50 @@
1# entropy gathering commands
2
3# Format is: "program-name args" path rate
4
5# The "rate" represents the number of bits of usuable entropy per
6# byte of command output. Be conservative.
7
8"ls -alni /var/log" @PROG_LS@ 0.002
9"ls -alni /var/adm" @PROG_LS@ 0.002
10"ls -alni /var/mail" @PROG_LS@ 0.002
11"ls -alni /var/spool/mail" @PROG_LS@ 0.002
12"ls -alni /proc" @PROG_LS@ 0.002
13"ls -alni /tmp" @PROG_LS@ 0.002
14
15"netstat -an" @PROG_NETSTAT@ 0.005
16"netstat -in" @PROG_NETSTAT@ 0.010
17"netstat -rn" @PROG_NETSTAT@ 0.002
18"netstat -s" @PROG_NETSTAT@ 0.002
19
20"arp -a -n" @PROG_ARP@ 0.002
21
22"ifconfig -a" @PROG_IFCONFIG@ 0.002
23
24"ps laxww" @PROG_PS@ 0.003
25"ps -al" @PROG_PS@ 0.003
26"ps -efl" @PROG_PS@ 0.003
27
28"w" @PROG_W@ 0.005
29
30"who -i" @PROG_WHO@ 0.001
31
32"last" @PROG_LAST@ 0.001
33
34"lastlog" @PROG_LASTLOG@ 0.001
35
36"df" @PROG_DF@ 0.010
37"df -i" @PROG_DF@ 0.010
38
39"vmstat" @PROG_VMSTAT@ 0.010
40"uptime" @PROG_UPTIME@ 0.001
41
42"ipcs -a" @PROG_IPCS@ 0.001
43
44"tail -200 /var/log/messages" @PROG_TAIL@ 0.001
45"tail -200 /var/log/syslog" @PROG_TAIL@ 0.001
46"tail -200 /var/adm/messages" @PROG_TAIL@ 0.001
47"tail -200 /var/adm/syslog" @PROG_TAIL@ 0.001
48"tail -200 /var/adm/syslog/syslog.log" @PROG_TAIL@ 0.001
49"tail -200 /var/log/maillog" @PROG_TAIL@ 0.001
50"tail -200 /var/adm/maillog" @PROG_TAIL@ 0.001
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-01 09:58:57 +0000