summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog40
-rw-r--r--atomicio.c2
-rw-r--r--auth-skey.c4
-rw-r--r--canohost.c4
-rw-r--r--channels.c63
-rw-r--r--channels.h11
-rw-r--r--cipher.c39
-rw-r--r--clientloop.c18
-rw-r--r--compat.c7
-rw-r--r--scp.c8
-rw-r--r--serverloop.c6
-rw-r--r--session.c17
-rw-r--r--ssh.17
-rw-r--r--ssh.c12
-rw-r--r--sshconnect2.c15
-rw-r--r--util.c13
16 files changed, 177 insertions, 89 deletions
diff --git a/ChangeLog b/ChangeLog
index 914891bea..1bbfdcf09 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,6 +2,46 @@
2 - (djm) fix select hack in serverloop.c from Philippe WILLEM 2 - (djm) fix select hack in serverloop.c from Philippe WILLEM
3 <Philippe.WILLEM@urssaf.fr> 3 <Philippe.WILLEM@urssaf.fr>
4 - (djm) Fix mangled AIXAUTHENTICATE code 4 - (djm) Fix mangled AIXAUTHENTICATE code
5 - (djm) Sync with OpenBSD:
6 - markus@cvs.openbsd.org 2000/10/16 15:46:32
7 [ssh.1]
8 fixes from pekkas@netcore.fi
9 - markus@cvs.openbsd.org 2000/10/17 14:28:11
10 [atomicio.c]
11 return number of characters processed; ok deraadt@
12 - markus@cvs.openbsd.org 2000/10/18 12:04:02
13 [atomicio.c]
14 undo
15 - markus@cvs.openbsd.org 2000/10/18 12:23:02
16 [scp.c]
17 replace atomicio(read,...) with read(); ok deraadt@
18 - markus@cvs.openbsd.org 2000/10/18 12:42:00
19 [session.c]
20 restore old record login behaviour
21 - deraadt@cvs.openbsd.org 2000/10/19 10:41:13
22 [auth-skey.c]
23 fmt string problem in unused code
24 - provos@cvs.openbsd.org 2000/10/19 10:45:16
25 [sshconnect2.c]
26 don't reference freed memory. okay deraadt@
27 - markus@cvs.openbsd.org 2000/10/21 11:04:23
28 [canohost.c]
29 typo, eramore@era-t.ericsson.se; ok niels@
30 - markus@cvs.openbsd.org 2000/10/23 13:31:55
31 [cipher.c]
32 non-alignment dependent swap_bytes(); from
33 simonb@wasabisystems.com/netbsd
34 - markus@cvs.openbsd.org 2000/10/26 12:38:28
35 [compat.c]
36 add older vandyke products
37 - markus@cvs.openbsd.org 2000/10/27 01:32:19
38 [channels.c channels.h clientloop.c serverloop.c session.c]
39 [ssh.c util.c]
40 enable non-blocking IO on channels, and tty's (except for the
41 client ttys).
42 - markus@cvs.openbsd.org 2000/10/27 01:48:22
43 channels.c channels.h clientloop.c
44 deny agent/x11 forwarding unless requested; thanks to jwl@pobox.com
5 45
620001027 4620001027
7 - (djm) Increase REKEY_BYTES to 2^24 for arc4random 47 - (djm) Increase REKEY_BYTES to 2^24 for arc4random
diff --git a/atomicio.c b/atomicio.c
index f5b1812f5..29ff16c44 100644
--- a/atomicio.c
+++ b/atomicio.c
@@ -24,7 +24,7 @@
24 */ 24 */
25 25
26#include "includes.h" 26#include "includes.h"
27RCSID("$OpenBSD: atomicio.c,v 1.5 2000/09/07 20:27:49 deraadt Exp $"); 27RCSID("$OpenBSD: atomicio.c,v 1.7 2000/10/18 18:04:02 markus Exp $");
28 28
29#include "xmalloc.h" 29#include "xmalloc.h"
30#include "ssh.h" 30#include "ssh.h"
diff --git a/auth-skey.c b/auth-skey.c
index 1e3cec860..7088b790c 100644
--- a/auth-skey.c
+++ b/auth-skey.c
@@ -23,7 +23,7 @@
23 */ 23 */
24 24
25#include "includes.h" 25#include "includes.h"
26RCSID("$OpenBSD: auth-skey.c,v 1.8 2000/09/07 20:27:49 deraadt Exp $"); 26RCSID("$OpenBSD: auth-skey.c,v 1.9 2000/10/19 16:41:13 deraadt Exp $");
27 27
28#ifdef SKEY 28#ifdef SKEY
29#include "ssh.h" 29#include "ssh.h"
@@ -48,7 +48,7 @@ auth_skey_password(struct passwd * pw, const char *password)
48 skeyinfo = skey_fake_keyinfo(pw->pw_name); 48 skeyinfo = skey_fake_keyinfo(pw->pw_name);
49 } 49 }
50 if (skeyinfo != NULL) 50 if (skeyinfo != NULL)
51 packet_send_debug(skeyinfo); 51 packet_send_debug("%s", skeyinfo);
52 /* Try again. */ 52 /* Try again. */
53 return 0; 53 return 0;
54 } else if (skey_haskey(pw->pw_name) == 0 && 54 } else if (skey_haskey(pw->pw_name) == 0 &&
diff --git a/canohost.c b/canohost.c
index 98ce9744f..6d36dd11a 100644
--- a/canohost.c
+++ b/canohost.c
@@ -12,7 +12,7 @@
12 */ 12 */
13 13
14#include "includes.h" 14#include "includes.h"
15RCSID("$OpenBSD: canohost.c,v 1.15 2000/09/07 21:13:37 markus Exp $"); 15RCSID("$OpenBSD: canohost.c,v 1.16 2000/10/21 17:04:22 markus Exp $");
16 16
17#include "packet.h" 17#include "packet.h"
18#include "xmalloc.h" 18#include "xmalloc.h"
@@ -147,7 +147,7 @@ check_ip_options:
147 else 147 else
148 ipproto = IPPROTO_IP; 148 ipproto = IPPROTO_IP;
149 option_size = sizeof(options); 149 option_size = sizeof(options);
150 if (getsockopt(0, ipproto, IP_OPTIONS, (char *) options, 150 if (getsockopt(socket, ipproto, IP_OPTIONS, (char *) options,
151 &option_size) >= 0 && option_size != 0) { 151 &option_size) >= 0 && option_size != 0) {
152 cp = text; 152 cp = text;
153 /* Note: "text" buffer must be at least 3x as big as options. */ 153 /* Note: "text" buffer must be at least 3x as big as options. */
diff --git a/channels.c b/channels.c
index 96d8dc4b4..028c09e6a 100644
--- a/channels.c
+++ b/channels.c
@@ -40,7 +40,7 @@
40 */ 40 */
41 41
42#include "includes.h" 42#include "includes.h"
43RCSID("$OpenBSD: channels.c,v 1.70 2000/09/28 18:03:18 markus Exp $"); 43RCSID("$OpenBSD: channels.c,v 1.72 2000/10/27 07:48:22 markus Exp $");
44 44
45#include "ssh.h" 45#include "ssh.h"
46#include "packet.h" 46#include "packet.h"
@@ -174,7 +174,8 @@ channel_lookup(int id)
174 */ 174 */
175 175
176void 176void
177channel_register_fds(Channel *c, int rfd, int wfd, int efd, int extusage) 177channel_register_fds(Channel *c, int rfd, int wfd, int efd,
178 int extusage, int nonblock)
178{ 179{
179 /* Update the maximum file descriptor value. */ 180 /* Update the maximum file descriptor value. */
180 if (rfd > channel_max_fd_value) 181 if (rfd > channel_max_fd_value)
@@ -190,12 +191,16 @@ channel_register_fds(Channel *c, int rfd, int wfd, int efd, int extusage)
190 c->sock = (rfd == wfd) ? rfd : -1; 191 c->sock = (rfd == wfd) ? rfd : -1;
191 c->efd = efd; 192 c->efd = efd;
192 c->extended_usage = extusage; 193 c->extended_usage = extusage;
193 if (rfd != -1) 194
194 set_nonblock(rfd); 195 /* enable nonblocking mode */
195 if (wfd != -1) 196 if (nonblock) {
196 set_nonblock(wfd); 197 if (rfd != -1)
197 if (efd != -1) 198 set_nonblock(rfd);
198 set_nonblock(efd); 199 if (wfd != -1)
200 set_nonblock(wfd);
201 if (efd != -1)
202 set_nonblock(efd);
203 }
199} 204}
200 205
201/* 206/*
@@ -205,7 +210,7 @@ channel_register_fds(Channel *c, int rfd, int wfd, int efd, int extusage)
205 210
206int 211int
207channel_new(char *ctype, int type, int rfd, int wfd, int efd, 212channel_new(char *ctype, int type, int rfd, int wfd, int efd,
208 int window, int maxpack, int extusage, char *remote_name) 213 int window, int maxpack, int extusage, char *remote_name, int nonblock)
209{ 214{
210 int i, found; 215 int i, found;
211 Channel *c; 216 Channel *c;
@@ -245,7 +250,7 @@ channel_new(char *ctype, int type, int rfd, int wfd, int efd,
245 buffer_init(&c->output); 250 buffer_init(&c->output);
246 buffer_init(&c->extended); 251 buffer_init(&c->extended);
247 chan_init_iostates(c); 252 chan_init_iostates(c);
248 channel_register_fds(c, rfd, wfd, efd, extusage); 253 channel_register_fds(c, rfd, wfd, efd, extusage, nonblock);
249 c->self = found; 254 c->self = found;
250 c->type = type; 255 c->type = type;
251 c->ctype = ctype; 256 c->ctype = ctype;
@@ -269,7 +274,7 @@ channel_new(char *ctype, int type, int rfd, int wfd, int efd,
269int 274int
270channel_allocate(int type, int sock, char *remote_name) 275channel_allocate(int type, int sock, char *remote_name)
271{ 276{
272 return channel_new("", type, sock, sock, -1, 0, 0, 0, remote_name); 277 return channel_new("", type, sock, sock, -1, 0, 0, 0, remote_name, 1);
273} 278}
274 279
275 280
@@ -548,7 +553,7 @@ channel_post_x11_listener(Channel *c, fd_set * readset, fd_set * writeset)
548 newch = channel_new("x11", 553 newch = channel_new("x11",
549 SSH_CHANNEL_OPENING, newsock, newsock, -1, 554 SSH_CHANNEL_OPENING, newsock, newsock, -1,
550 c->local_window_max, c->local_maxpacket, 555 c->local_window_max, c->local_maxpacket,
551 0, xstrdup(buf)); 556 0, xstrdup(buf), 1);
552 if (compat20) { 557 if (compat20) {
553 packet_start(SSH2_MSG_CHANNEL_OPEN); 558 packet_start(SSH2_MSG_CHANNEL_OPEN);
554 packet_put_cstring("x11"); 559 packet_put_cstring("x11");
@@ -606,7 +611,7 @@ channel_post_port_listener(Channel *c, fd_set * readset, fd_set * writeset)
606 newch = channel_new("direct-tcpip", 611 newch = channel_new("direct-tcpip",
607 SSH_CHANNEL_OPENING, newsock, newsock, -1, 612 SSH_CHANNEL_OPENING, newsock, newsock, -1,
608 c->local_window_max, c->local_maxpacket, 613 c->local_window_max, c->local_maxpacket,
609 0, xstrdup(buf)); 614 0, xstrdup(buf), 1);
610 if (compat20) { 615 if (compat20) {
611 packet_start(SSH2_MSG_CHANNEL_OPEN); 616 packet_start(SSH2_MSG_CHANNEL_OPEN);
612 packet_put_cstring("direct-tcpip"); 617 packet_put_cstring("direct-tcpip");
@@ -1514,7 +1519,7 @@ channel_request_local_forwarding(u_short port, const char *host,
1514 "port listener", SSH_CHANNEL_PORT_LISTENER, 1519 "port listener", SSH_CHANNEL_PORT_LISTENER,
1515 sock, sock, -1, 1520 sock, sock, -1,
1516 CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 1521 CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT,
1517 0, xstrdup("port listener")); 1522 0, xstrdup("port listener"), 1);
1518 strlcpy(channels[ch].path, host, sizeof(channels[ch].path)); 1523 strlcpy(channels[ch].path, host, sizeof(channels[ch].path));
1519 channels[ch].host_port = host_port; 1524 channels[ch].host_port = host_port;
1520 channels[ch].listening_port = port; 1525 channels[ch].listening_port = port;
@@ -1859,7 +1864,7 @@ x11_create_display_inet(int screen_number, int x11_display_offset)
1859 (void) channel_new("x11 listener", 1864 (void) channel_new("x11 listener",
1860 SSH_CHANNEL_X11_LISTENER, sock, sock, -1, 1865 SSH_CHANNEL_X11_LISTENER, sock, sock, -1,
1861 CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT, 1866 CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT,
1862 0, xstrdup("X11 inet listener")); 1867 0, xstrdup("X11 inet listener"), 1);
1863 } 1868 }
1864 1869
1865 /* Return a suitable value for the DISPLAY environment variable. */ 1870 /* Return a suitable value for the DISPLAY environment variable. */
@@ -2045,6 +2050,28 @@ x11_input_open(int type, int plen, void *ctxt)
2045 } 2050 }
2046} 2051}
2047 2052
2053/* dummy protocol handler that denies SSH-1 requests (agent/x11) */
2054void
2055deny_input_open(int type, int plen, void *ctxt)
2056{
2057 int rchan = packet_get_int();
2058 switch(type){
2059 case SSH_SMSG_AGENT_OPEN:
2060 error("Warning: ssh server tried agent forwarding.");
2061 break;
2062 case SSH_SMSG_X11_OPEN:
2063 error("Warning: ssh server tried X11 forwarding.");
2064 break;
2065 default:
2066 error("deny_input_open: type %d plen %d", type, plen);
2067 break;
2068 }
2069 error("Warning: this is probably a break in attempt by a malicious server.");
2070 packet_start(SSH_MSG_CHANNEL_OPEN_FAILURE);
2071 packet_put_int(rchan);
2072 packet_send();
2073}
2074
2048/* 2075/*
2049 * Requests forwarding of X11 connections, generates fake authentication 2076 * Requests forwarding of X11 connections, generates fake authentication
2050 * data, and enables authentication spoofing. 2077 * data, and enables authentication spoofing.
@@ -2349,13 +2376,13 @@ channel_register_filter(int id, channel_filter_fn *fn)
2349} 2376}
2350 2377
2351void 2378void
2352channel_set_fds(int id, int rfd, int wfd, int efd, int extusage) 2379channel_set_fds(int id, int rfd, int wfd, int efd,
2380 int extusage, int nonblock)
2353{ 2381{
2354 Channel *c = channel_lookup(id); 2382 Channel *c = channel_lookup(id);
2355 if (c == NULL || c->type != SSH_CHANNEL_LARVAL) 2383 if (c == NULL || c->type != SSH_CHANNEL_LARVAL)
2356 fatal("channel_activate for non-larval channel %d.", id); 2384 fatal("channel_activate for non-larval channel %d.", id);
2357 2385 channel_register_fds(c, rfd, wfd, efd, extusage, nonblock);
2358 channel_register_fds(c, rfd, wfd, efd, extusage);
2359 c->type = SSH_CHANNEL_OPEN; 2386 c->type = SSH_CHANNEL_OPEN;
2360 /* XXX window size? */ 2387 /* XXX window size? */
2361 c->local_window = c->local_window_max = c->local_maxpacket * 2; 2388 c->local_window = c->local_window_max = c->local_maxpacket * 2;
diff --git a/channels.h b/channels.h
index a74f59261..00526860c 100644
--- a/channels.h
+++ b/channels.h
@@ -32,7 +32,7 @@
32 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 32 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
33 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 33 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
34 */ 34 */
35/* RCSID("$OpenBSD: channels.h,v 1.20 2000/09/21 11:25:33 markus Exp $"); */ 35/* RCSID("$OpenBSD: channels.h,v 1.22 2000/10/27 07:48:22 markus Exp $"); */
36 36
37#ifndef CHANNELS_H 37#ifndef CHANNELS_H
38#define CHANNELS_H 38#define CHANNELS_H
@@ -117,7 +117,6 @@ struct Channel {
117#define CHAN_X11_PACKET_DEFAULT (CHAN_X11_WINDOW_DEFAULT/2) 117#define CHAN_X11_PACKET_DEFAULT (CHAN_X11_WINDOW_DEFAULT/2)
118 118
119 119
120void channel_set_fds(int id, int rfd, int wfd, int efd, int extusage);
121void channel_open(int id); 120void channel_open(int id);
122void channel_request(int id, char *service, int wantconfirm); 121void channel_request(int id, char *service, int wantconfirm);
123void channel_request_start(int id, char *service, int wantconfirm); 122void channel_request_start(int id, char *service, int wantconfirm);
@@ -129,7 +128,13 @@ Channel *channel_lookup(int id);
129 128
130int 129int
131channel_new(char *ctype, int type, int rfd, int wfd, int efd, 130channel_new(char *ctype, int type, int rfd, int wfd, int efd,
132 int window, int maxpack, int extended_usage, char *remote_name); 131 int window, int maxpack, int extended_usage, char *remote_name,
132 int nonblock);
133void
134channel_set_fds(int id, int rfd, int wfd, int efd,
135 int extusage, int nonblock);
136
137void deny_input_open(int type, int plen, void *ctxt);
133 138
134void channel_input_channel_request(int type, int plen, void *ctxt); 139void channel_input_channel_request(int type, int plen, void *ctxt);
135void channel_input_close(int type, int plen, void *ctxt); 140void channel_input_close(int type, int plen, void *ctxt);
diff --git a/cipher.c b/cipher.c
index b9c1b28ab..65cde4732 100644
--- a/cipher.c
+++ b/cipher.c
@@ -35,7 +35,7 @@
35 */ 35 */
36 36
37#include "includes.h" 37#include "includes.h"
38RCSID("$OpenBSD: cipher.c,v 1.36 2000/10/14 10:01:15 markus Exp $"); 38RCSID("$OpenBSD: cipher.c,v 1.37 2000/10/23 19:31:54 markus Exp $");
39 39
40#include "ssh.h" 40#include "ssh.h"
41#include "xmalloc.h" 41#include "xmalloc.h"
@@ -218,28 +218,21 @@ blowfish_cbc_decrypt(CipherContext *cc, u_char *dest, const u_char *src,
218 * and after encryption/decryption. Thus the swap_bytes stuff (yuk). 218 * and after encryption/decryption. Thus the swap_bytes stuff (yuk).
219 */ 219 */
220static void 220static void
221swap_bytes(const unsigned char *src, unsigned char *dst_, int n) 221swap_bytes(const unsigned char *src, unsigned char *dst, int n)
222{ 222{
223 /* dst must be properly aligned. */ 223 char c[4];
224 u_int32_t *dst = (u_int32_t *) dst_; 224
225 union { 225 /* Process 4 bytes every lap. */
226 u_int32_t i; 226 for (n = n / 4; n > 0; n--) {
227 char c[4]; 227 c[3] = *src++;
228 } t; 228 c[2] = *src++;
229 229 c[1] = *src++;
230 /* Process 8 bytes every lap. */ 230 c[0] = *src++;
231 for (n = n / 8; n > 0; n--) { 231
232 t.c[3] = *src++; 232 *dst++ = c[0];
233 t.c[2] = *src++; 233 *dst++ = c[1];
234 t.c[1] = *src++; 234 *dst++ = c[2];
235 t.c[0] = *src++; 235 *dst++ = c[3];
236 *dst++ = t.i;
237
238 t.c[3] = *src++;
239 t.c[2] = *src++;
240 t.c[1] = *src++;
241 t.c[0] = *src++;
242 *dst++ = t.i;
243 } 236 }
244} 237}
245 238
diff --git a/clientloop.c b/clientloop.c
index 90a781ec4..bccb9be2f 100644
--- a/clientloop.c
+++ b/clientloop.c
@@ -59,7 +59,7 @@
59 */ 59 */
60 60
61#include "includes.h" 61#include "includes.h"
62RCSID("$OpenBSD: clientloop.c,v 1.37 2000/09/26 19:59:58 markus Exp $"); 62RCSID("$OpenBSD: clientloop.c,v 1.39 2000/10/27 07:48:22 markus Exp $");
63 63
64#include "xmalloc.h" 64#include "xmalloc.h"
65#include "ssh.h" 65#include "ssh.h"
@@ -75,6 +75,10 @@ RCSID("$OpenBSD: clientloop.c,v 1.37 2000/09/26 19:59:58 markus Exp $");
75#include "buffer.h" 75#include "buffer.h"
76#include "bufaux.h" 76#include "bufaux.h"
77 77
78
79/* import options */
80extern Options options;
81
78/* Flag indicating that stdin should be redirected from /dev/null. */ 82/* Flag indicating that stdin should be redirected from /dev/null. */
79extern int stdin_null_flag; 83extern int stdin_null_flag;
80 84
@@ -790,7 +794,6 @@ simple_escape_filter(Channel *c, char *buf, int len)
790int 794int
791client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id) 795client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id)
792{ 796{
793 extern Options options;
794 double start_time, total_time; 797 double start_time, total_time;
795 int len; 798 int len;
796 char buf[100]; 799 char buf[100];
@@ -1033,7 +1036,7 @@ client_input_channel_open(int type, int plen, void *ctxt)
1033 debug("client_input_channel_open: ctype %s rchan %d win %d max %d", 1036 debug("client_input_channel_open: ctype %s rchan %d win %d max %d",
1034 ctype, rchan, rwindow, rmaxpack); 1037 ctype, rchan, rwindow, rmaxpack);
1035 1038
1036 if (strcmp(ctype, "x11") == 0) { 1039 if (strcmp(ctype, "x11") == 0 && options.forward_x11) {
1037 int sock; 1040 int sock;
1038 char *originator; 1041 char *originator;
1039 int originator_port; 1042 int originator_port;
@@ -1052,7 +1055,7 @@ client_input_channel_open(int type, int plen, void *ctxt)
1052 if (sock >= 0) { 1055 if (sock >= 0) {
1053 id = channel_new("x11", SSH_CHANNEL_X11_OPEN, 1056 id = channel_new("x11", SSH_CHANNEL_X11_OPEN,
1054 sock, sock, -1, CHAN_X11_WINDOW_DEFAULT, 1057 sock, sock, -1, CHAN_X11_WINDOW_DEFAULT,
1055 CHAN_X11_PACKET_DEFAULT, 0, xstrdup("x11")); 1058 CHAN_X11_PACKET_DEFAULT, 0, xstrdup("x11"), 1);
1056 c = channel_lookup(id); 1059 c = channel_lookup(id);
1057 } 1060 }
1058 } 1061 }
@@ -1105,11 +1108,14 @@ client_init_dispatch_13()
1105 dispatch_set(SSH_MSG_CHANNEL_OPEN_CONFIRMATION, &channel_input_open_confirmation); 1108 dispatch_set(SSH_MSG_CHANNEL_OPEN_CONFIRMATION, &channel_input_open_confirmation);
1106 dispatch_set(SSH_MSG_CHANNEL_OPEN_FAILURE, &channel_input_open_failure); 1109 dispatch_set(SSH_MSG_CHANNEL_OPEN_FAILURE, &channel_input_open_failure);
1107 dispatch_set(SSH_MSG_PORT_OPEN, &channel_input_port_open); 1110 dispatch_set(SSH_MSG_PORT_OPEN, &channel_input_port_open);
1108 dispatch_set(SSH_SMSG_AGENT_OPEN, &auth_input_open_request);
1109 dispatch_set(SSH_SMSG_EXITSTATUS, &client_input_exit_status); 1111 dispatch_set(SSH_SMSG_EXITSTATUS, &client_input_exit_status);
1110 dispatch_set(SSH_SMSG_STDERR_DATA, &client_input_stderr_data); 1112 dispatch_set(SSH_SMSG_STDERR_DATA, &client_input_stderr_data);
1111 dispatch_set(SSH_SMSG_STDOUT_DATA, &client_input_stdout_data); 1113 dispatch_set(SSH_SMSG_STDOUT_DATA, &client_input_stdout_data);
1112 dispatch_set(SSH_SMSG_X11_OPEN, &x11_input_open); 1114
1115 dispatch_set(SSH_SMSG_AGENT_OPEN, options.forward_agent ?
1116 &auth_input_open_request : &deny_input_open);
1117 dispatch_set(SSH_SMSG_X11_OPEN, options.forward_x11 ?
1118 &x11_input_open : &deny_input_open);
1113} 1119}
1114void 1120void
1115client_init_dispatch_15() 1121client_init_dispatch_15()
diff --git a/compat.c b/compat.c
index 49bc0519a..a4e05ebf1 100644
--- a/compat.c
+++ b/compat.c
@@ -23,7 +23,7 @@
23 */ 23 */
24 24
25#include "includes.h" 25#include "includes.h"
26RCSID("$OpenBSD: compat.c,v 1.25 2000/10/14 12:16:56 markus Exp $"); 26RCSID("$OpenBSD: compat.c,v 1.26 2000/10/26 18:38:28 markus Exp $");
27 27
28#include "ssh.h" 28#include "ssh.h"
29#include "packet.h" 29#include "packet.h"
@@ -72,7 +72,10 @@ compat_datafellows(const char *version)
72 SSH_BUG_PUBKEYAUTH|SSH_BUG_X11FWD }, 72 SSH_BUG_PUBKEYAUTH|SSH_BUG_X11FWD },
73 { "^2\\.[23]\\.0 ", SSH_BUG_HMAC}, 73 { "^2\\.[23]\\.0 ", SSH_BUG_HMAC},
74 { "^2\\.[2-9]\\.", 0 }, 74 { "^2\\.[2-9]\\.", 0 },
75 { "^2\\.", SSH_BUG_HMAC}, /* XXX fallback */ 75 { "^2\\.4$", SSH_OLD_SESSIONID}, /* Van Dyke */
76 { "^3\\.0 SecureCRT", SSH_OLD_SESSIONID},
77 { "^1\\.7 SecureFX", SSH_OLD_SESSIONID},
78 { "^2\\.", SSH_BUG_HMAC}, /* XXX fallback */
76 { NULL, 0 } 79 { NULL, 0 }
77 }; 80 };
78 /* process table, return first match */ 81 /* process table, return first match */
diff --git a/scp.c b/scp.c
index 75e50ce25..86276d6de 100644
--- a/scp.c
+++ b/scp.c
@@ -75,7 +75,7 @@
75 */ 75 */
76 76
77#include "includes.h" 77#include "includes.h"
78RCSID("$OpenBSD: scp.c,v 1.42 2000/10/14 10:07:21 markus Exp $"); 78RCSID("$OpenBSD: scp.c,v 1.43 2000/10/18 18:23:02 markus Exp $");
79 79
80#include "ssh.h" 80#include "ssh.h"
81#include "xmalloc.h" 81#include "xmalloc.h"
@@ -838,8 +838,10 @@ bad: run_err("%s: %s", np, strerror(errno));
838 amt = size - i; 838 amt = size - i;
839 count += amt; 839 count += amt;
840 do { 840 do {
841 j = atomicio(read, remin, cp, amt); 841 j = read(remin, cp, amt);
842 if (j <= 0) { 842 if (j == -1 && (errno == EINTR || errno == EAGAIN)) {
843 continue;
844 } else if (j <= 0) {
843 run_err("%s", j ? strerror(errno) : 845 run_err("%s", j ? strerror(errno) :
844 "dropped connection"); 846 "dropped connection");
845 exit(1); 847 exit(1);
diff --git a/serverloop.c b/serverloop.c
index a9e478764..6a81806bb 100644
--- a/serverloop.c
+++ b/serverloop.c
@@ -35,6 +35,8 @@
35 */ 35 */
36 36
37#include "includes.h" 37#include "includes.h"
38RCSID("$OpenBSD: serverloop.c,v 1.34 2000/10/27 07:32:18 markus Exp $");
39
38#include "xmalloc.h" 40#include "xmalloc.h"
39#include "ssh.h" 41#include "ssh.h"
40#include "packet.h" 42#include "packet.h"
@@ -766,7 +768,7 @@ input_direct_tcpip(void)
766 return -1; 768 return -1;
767 return channel_new("direct-tcpip", SSH_CHANNEL_OPEN, 769 return channel_new("direct-tcpip", SSH_CHANNEL_OPEN,
768 sock, sock, -1, CHAN_TCP_WINDOW_DEFAULT, 770 sock, sock, -1, CHAN_TCP_WINDOW_DEFAULT,
769 CHAN_TCP_PACKET_DEFAULT, 0, xstrdup("direct-tcpip")); 771 CHAN_TCP_PACKET_DEFAULT, 0, xstrdup("direct-tcpip"), 1);
770} 772}
771 773
772void 774void
@@ -800,7 +802,7 @@ server_input_channel_open(int type, int plen, void *ctxt)
800 */ 802 */
801 id = channel_new(ctype, SSH_CHANNEL_LARVAL, 803 id = channel_new(ctype, SSH_CHANNEL_LARVAL,
802 -1, -1, -1, 0, CHAN_SES_PACKET_DEFAULT, 804 -1, -1, -1, 0, CHAN_SES_PACKET_DEFAULT,
803 0, xstrdup("server-session")); 805 0, xstrdup("server-session"), 1);
804 if (session_open(id) == 1) { 806 if (session_open(id) == 1) {
805 channel_register_callback(id, SSH2_MSG_CHANNEL_REQUEST, 807 channel_register_callback(id, SSH2_MSG_CHANNEL_REQUEST,
806 session_input_channel_req, (void *)0); 808 session_input_channel_req, (void *)0);
diff --git a/session.c b/session.c
index 4325ed3a4..4b58131a7 100644
--- a/session.c
+++ b/session.c
@@ -33,7 +33,7 @@
33 */ 33 */
34 34
35#include "includes.h" 35#include "includes.h"
36RCSID("$OpenBSD: session.c,v 1.40 2000/10/15 14:14:01 markus Exp $"); 36RCSID("$OpenBSD: session.c,v 1.42 2000/10/27 07:32:18 markus Exp $");
37 37
38#include "xmalloc.h" 38#include "xmalloc.h"
39#include "ssh.h" 39#include "ssh.h"
@@ -119,7 +119,7 @@ void session_pty_cleanup(Session *s);
119void session_proctitle(Session *s); 119void session_proctitle(Session *s);
120void do_exec_pty(Session *s, const char *command, struct passwd * pw); 120void do_exec_pty(Session *s, const char *command, struct passwd * pw);
121void do_exec_no_pty(Session *s, const char *command, struct passwd * pw); 121void do_exec_no_pty(Session *s, const char *command, struct passwd * pw);
122void do_login(Session *s); 122void do_login(Session *s, const char *command);
123 123
124void 124void
125do_child(const char *command, struct passwd * pw, const char *term, 125do_child(const char *command, struct passwd * pw, const char *term,
@@ -627,8 +627,8 @@ do_exec_pty(Session *s, const char *command, struct passwd * pw)
627 close(ttyfd); 627 close(ttyfd);
628 628
629 /* record login, etc. similar to login(1) */ 629 /* record login, etc. similar to login(1) */
630 if (command == NULL && !options.use_login) 630 if (!(options.use_login && command == NULL))
631 do_login(s); 631 do_login(s, command);
632 632
633 /* Do common processing for the child, such as execing the command. */ 633 /* Do common processing for the child, such as execing the command. */
634 do_child(command, pw, s->term, s->display, s->auth_proto, 634 do_child(command, pw, s->term, s->display, s->auth_proto,
@@ -684,7 +684,7 @@ get_remote_name_or_ip(void)
684 684
685/* administrative, login(1)-like work */ 685/* administrative, login(1)-like work */
686void 686void
687do_login(Session *s) 687do_login(Session *s, const char *command)
688{ 688{
689 FILE *f; 689 FILE *f;
690 char *time_string; 690 char *time_string;
@@ -731,7 +731,9 @@ do_login(Session *s)
731 } 731 }
732#endif 732#endif
733 733
734 /* Done if .hushlogin exists. */ 734 /* Done if .hushlogin exists or a command given. */
735 if (command != NULL)
736 return;
735 snprintf(buf, sizeof(buf), "%.200s/.hushlogin", pw->pw_dir); 737 snprintf(buf, sizeof(buf), "%.200s/.hushlogin", pw->pw_dir);
736#ifdef HAVE_LOGIN_CAP 738#ifdef HAVE_LOGIN_CAP
737 if (login_getcapbool(lc, "hushlogin", 0) || stat(buf, &st) >= 0) 739 if (login_getcapbool(lc, "hushlogin", 0) || stat(buf, &st) >= 0)
@@ -1778,7 +1780,8 @@ session_set_fds(Session *s, int fdin, int fdout, int fderr)
1778 fatal("no channel for session %d", s->self); 1780 fatal("no channel for session %d", s->self);
1779 channel_set_fds(s->chanid, 1781 channel_set_fds(s->chanid,
1780 fdout, fdin, fderr, 1782 fdout, fdin, fderr,
1781 fderr == -1 ? CHAN_EXTENDED_IGNORE : CHAN_EXTENDED_READ); 1783 fderr == -1 ? CHAN_EXTENDED_IGNORE : CHAN_EXTENDED_READ,
1784 1);
1782} 1785}
1783 1786
1784void 1787void
diff --git a/ssh.1 b/ssh.1
index dac24a43c..786df1843 100644
--- a/ssh.1
+++ b/ssh.1
@@ -34,6 +34,7 @@
34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36.\" 36.\"
37.\" $OpenBSD: ssh.1,v 1.64 2000/10/16 21:46:31 markus Exp $
37.Dd September 25, 1999 38.Dd September 25, 1999
38.Dt SSH 1 39.Dt SSH 1
39.Os 40.Os
@@ -367,7 +368,7 @@ It is believed to be secure.
367(triple-des) is an encrypt-decrypt-encrypt triple with three different keys. 368(triple-des) is an encrypt-decrypt-encrypt triple with three different keys.
368It is presumably more secure than the 369It is presumably more secure than the
369.Ar des 370.Ar des
370cipher which is no longer supported in 371cipher which is no longer fully supported in
371.Nm ssh . 372.Nm ssh .
372.Ar blowfish 373.Ar blowfish
373is a fast block cipher, it appears very secure and is much faster than 374is a fast block cipher, it appears very secure and is much faster than
@@ -628,9 +629,9 @@ If the option is set to
628the check will not be executed. 629the check will not be executed.
629.It Cm Cipher 630.It Cm Cipher
630Specifies the cipher to use for encrypting the session 631Specifies the cipher to use for encrypting the session
631in protocol version 1 632in protocol version 1.
632Currently, 633Currently,
633.Dq blowfish , 634.Dq blowfish
634and 635and
635.Dq 3des 636.Dq 3des
636are supported. 637are supported.
diff --git a/ssh.c b/ssh.c
index ed31007ad..429d571b2 100644
--- a/ssh.c
+++ b/ssh.c
@@ -39,7 +39,7 @@
39 */ 39 */
40 40
41#include "includes.h" 41#include "includes.h"
42RCSID("$OpenBSD: ssh.c,v 1.68 2000/10/11 20:27:24 markus Exp $"); 42RCSID("$OpenBSD: ssh.c,v 1.69 2000/10/27 07:32:19 markus Exp $");
43 43
44#include <openssl/evp.h> 44#include <openssl/evp.h>
45#include <openssl/dsa.h> 45#include <openssl/dsa.h>
@@ -1008,6 +1008,14 @@ ssh_session2(void)
1008 if (in < 0 || out < 0 || err < 0) 1008 if (in < 0 || out < 0 || err < 0)
1009 fatal("dup() in/out/err failed"); 1009 fatal("dup() in/out/err failed");
1010 1010
1011 /* enable nonblocking unless tty */
1012 if (!isatty(in))
1013 set_nonblock(in);
1014 if (!isatty(out))
1015 set_nonblock(out);
1016 if (!isatty(err))
1017 set_nonblock(err);
1018
1011 /* should be pre-session */ 1019 /* should be pre-session */
1012 init_local_fwd(); 1020 init_local_fwd();
1013 1021
@@ -1025,7 +1033,7 @@ ssh_session2(void)
1025 id = channel_new( 1033 id = channel_new(
1026 "session", SSH_CHANNEL_OPENING, in, out, err, 1034 "session", SSH_CHANNEL_OPENING, in, out, err,
1027 window, packetmax, CHAN_EXTENDED_WRITE, 1035 window, packetmax, CHAN_EXTENDED_WRITE,
1028 xstrdup("client-session")); 1036 xstrdup("client-session"), /*nonblock*/0);
1029 1037
1030 channel_open(id); 1038 channel_open(id);
1031 channel_register_callback(id, SSH2_MSG_CHANNEL_OPEN_CONFIRMATION, client_init, (void *)0); 1039 channel_register_callback(id, SSH2_MSG_CHANNEL_OPEN_CONFIRMATION, client_init, (void *)0);
diff --git a/sshconnect2.c b/sshconnect2.c
index 1f3b5a261..6ba23d445 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -23,7 +23,7 @@
23 */ 23 */
24 24
25#include "includes.h" 25#include "includes.h"
26RCSID("$OpenBSD: sshconnect2.c,v 1.26 2000/10/14 12:16:56 markus Exp $"); 26RCSID("$OpenBSD: sshconnect2.c,v 1.27 2000/10/19 16:45:16 provos Exp $");
27 27
28#include <openssl/bn.h> 28#include <openssl/bn.h>
29#include <openssl/rsa.h> 29#include <openssl/rsa.h>
@@ -979,7 +979,7 @@ authmethod_lookup(const char *name)
979Authmethod * 979Authmethod *
980authmethod_get(char *authlist) 980authmethod_get(char *authlist)
981{ 981{
982 char *name = NULL; 982 char *name = NULL, *authname_old;
983 Authmethod *method = NULL; 983 Authmethod *method = NULL;
984 984
985 /* Use a suitable default if we're passed a nil list. */ 985 /* Use a suitable default if we're passed a nil list. */
@@ -1013,16 +1013,17 @@ authmethod_get(char *authlist)
1013 method = NULL; 1013 method = NULL;
1014 } 1014 }
1015 1015
1016 if (authname_current != NULL) 1016 authname_old = authname_current;
1017 xfree(authname_current);
1018
1019 if (method != NULL) { 1017 if (method != NULL) {
1020 debug("next auth method to try is %s", name); 1018 debug("next auth method to try is %s", name);
1021 authname_current = xstrdup(name); 1019 authname_current = xstrdup(name);
1022 return method;
1023 } else { 1020 } else {
1024 debug("no more auth methods to try"); 1021 debug("no more auth methods to try");
1025 authname_current = NULL; 1022 authname_current = NULL;
1026 return NULL;
1027 } 1023 }
1024
1025 if (authname_old != NULL)
1026 xfree(authname_old);
1027
1028 return (method);
1028} 1029}
diff --git a/util.c b/util.c
index 71808f14d..1a591a6f0 100644
--- a/util.c
+++ b/util.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: util.c,v 1.5 2000/09/07 20:27:55 deraadt Exp $ */ 1/* $OpenBSD: util.c,v 1.6 2000/10/27 07:32:19 markus Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2000 Markus Friedl. All rights reserved. 4 * Copyright (c) 2000 Markus Friedl. All rights reserved.
@@ -25,7 +25,7 @@
25 */ 25 */
26 26
27#include "includes.h" 27#include "includes.h"
28RCSID("$OpenBSD: util.c,v 1.5 2000/09/07 20:27:55 deraadt Exp $"); 28RCSID("$OpenBSD: util.c,v 1.6 2000/10/27 07:32:19 markus Exp $");
29 29
30#include "ssh.h" 30#include "ssh.h"
31 31
@@ -48,18 +48,15 @@ void
48set_nonblock(int fd) 48set_nonblock(int fd)
49{ 49{
50 int val; 50 int val;
51 if (isatty(fd)) {
52 /* do not mess with tty's */
53 debug("no set_nonblock for tty fd %d", fd);
54 return;
55 }
56 val = fcntl(fd, F_GETFL, 0); 51 val = fcntl(fd, F_GETFL, 0);
57 if (val < 0) { 52 if (val < 0) {
58 error("fcntl(%d, F_GETFL, 0): %s", fd, strerror(errno)); 53 error("fcntl(%d, F_GETFL, 0): %s", fd, strerror(errno));
59 return; 54 return;
60 } 55 }
61 if (val & O_NONBLOCK) 56 if (val & O_NONBLOCK) {
57 debug("fd %d IS O_NONBLOCK", fd);
62 return; 58 return;
59 }
63 debug("fd %d setting O_NONBLOCK", fd); 60 debug("fd %d setting O_NONBLOCK", fd);
64 val |= O_NONBLOCK; 61 val |= O_NONBLOCK;
65 if (fcntl(fd, F_SETFL, val) == -1) 62 if (fcntl(fd, F_SETFL, val) == -1)