diff options
-rw-r--r-- | ChangeLog | 40 | ||||
-rw-r--r-- | atomicio.c | 2 | ||||
-rw-r--r-- | auth-skey.c | 4 | ||||
-rw-r--r-- | canohost.c | 4 | ||||
-rw-r--r-- | channels.c | 63 | ||||
-rw-r--r-- | channels.h | 11 | ||||
-rw-r--r-- | cipher.c | 39 | ||||
-rw-r--r-- | clientloop.c | 18 | ||||
-rw-r--r-- | compat.c | 7 | ||||
-rw-r--r-- | scp.c | 8 | ||||
-rw-r--r-- | serverloop.c | 6 | ||||
-rw-r--r-- | session.c | 17 | ||||
-rw-r--r-- | ssh.1 | 7 | ||||
-rw-r--r-- | ssh.c | 12 | ||||
-rw-r--r-- | sshconnect2.c | 15 | ||||
-rw-r--r-- | util.c | 13 |
16 files changed, 177 insertions, 89 deletions
@@ -2,6 +2,46 @@ | |||
2 | - (djm) fix select hack in serverloop.c from Philippe WILLEM | 2 | - (djm) fix select hack in serverloop.c from Philippe WILLEM |
3 | <Philippe.WILLEM@urssaf.fr> | 3 | <Philippe.WILLEM@urssaf.fr> |
4 | - (djm) Fix mangled AIXAUTHENTICATE code | 4 | - (djm) Fix mangled AIXAUTHENTICATE code |
5 | - (djm) Sync with OpenBSD: | ||
6 | - markus@cvs.openbsd.org 2000/10/16 15:46:32 | ||
7 | [ssh.1] | ||
8 | fixes from pekkas@netcore.fi | ||
9 | - markus@cvs.openbsd.org 2000/10/17 14:28:11 | ||
10 | [atomicio.c] | ||
11 | return number of characters processed; ok deraadt@ | ||
12 | - markus@cvs.openbsd.org 2000/10/18 12:04:02 | ||
13 | [atomicio.c] | ||
14 | undo | ||
15 | - markus@cvs.openbsd.org 2000/10/18 12:23:02 | ||
16 | [scp.c] | ||
17 | replace atomicio(read,...) with read(); ok deraadt@ | ||
18 | - markus@cvs.openbsd.org 2000/10/18 12:42:00 | ||
19 | [session.c] | ||
20 | restore old record login behaviour | ||
21 | - deraadt@cvs.openbsd.org 2000/10/19 10:41:13 | ||
22 | [auth-skey.c] | ||
23 | fmt string problem in unused code | ||
24 | - provos@cvs.openbsd.org 2000/10/19 10:45:16 | ||
25 | [sshconnect2.c] | ||
26 | don't reference freed memory. okay deraadt@ | ||
27 | - markus@cvs.openbsd.org 2000/10/21 11:04:23 | ||
28 | [canohost.c] | ||
29 | typo, eramore@era-t.ericsson.se; ok niels@ | ||
30 | - markus@cvs.openbsd.org 2000/10/23 13:31:55 | ||
31 | [cipher.c] | ||
32 | non-alignment dependent swap_bytes(); from | ||
33 | simonb@wasabisystems.com/netbsd | ||
34 | - markus@cvs.openbsd.org 2000/10/26 12:38:28 | ||
35 | [compat.c] | ||
36 | add older vandyke products | ||
37 | - markus@cvs.openbsd.org 2000/10/27 01:32:19 | ||
38 | [channels.c channels.h clientloop.c serverloop.c session.c] | ||
39 | [ssh.c util.c] | ||
40 | enable non-blocking IO on channels, and tty's (except for the | ||
41 | client ttys). | ||
42 | - markus@cvs.openbsd.org 2000/10/27 01:48:22 | ||
43 | channels.c channels.h clientloop.c | ||
44 | deny agent/x11 forwarding unless requested; thanks to jwl@pobox.com | ||
5 | 45 | ||
6 | 20001027 | 46 | 20001027 |
7 | - (djm) Increase REKEY_BYTES to 2^24 for arc4random | 47 | - (djm) Increase REKEY_BYTES to 2^24 for arc4random |
diff --git a/atomicio.c b/atomicio.c index f5b1812f5..29ff16c44 100644 --- a/atomicio.c +++ b/atomicio.c | |||
@@ -24,7 +24,7 @@ | |||
24 | */ | 24 | */ |
25 | 25 | ||
26 | #include "includes.h" | 26 | #include "includes.h" |
27 | RCSID("$OpenBSD: atomicio.c,v 1.5 2000/09/07 20:27:49 deraadt Exp $"); | 27 | RCSID("$OpenBSD: atomicio.c,v 1.7 2000/10/18 18:04:02 markus Exp $"); |
28 | 28 | ||
29 | #include "xmalloc.h" | 29 | #include "xmalloc.h" |
30 | #include "ssh.h" | 30 | #include "ssh.h" |
diff --git a/auth-skey.c b/auth-skey.c index 1e3cec860..7088b790c 100644 --- a/auth-skey.c +++ b/auth-skey.c | |||
@@ -23,7 +23,7 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$OpenBSD: auth-skey.c,v 1.8 2000/09/07 20:27:49 deraadt Exp $"); | 26 | RCSID("$OpenBSD: auth-skey.c,v 1.9 2000/10/19 16:41:13 deraadt Exp $"); |
27 | 27 | ||
28 | #ifdef SKEY | 28 | #ifdef SKEY |
29 | #include "ssh.h" | 29 | #include "ssh.h" |
@@ -48,7 +48,7 @@ auth_skey_password(struct passwd * pw, const char *password) | |||
48 | skeyinfo = skey_fake_keyinfo(pw->pw_name); | 48 | skeyinfo = skey_fake_keyinfo(pw->pw_name); |
49 | } | 49 | } |
50 | if (skeyinfo != NULL) | 50 | if (skeyinfo != NULL) |
51 | packet_send_debug(skeyinfo); | 51 | packet_send_debug("%s", skeyinfo); |
52 | /* Try again. */ | 52 | /* Try again. */ |
53 | return 0; | 53 | return 0; |
54 | } else if (skey_haskey(pw->pw_name) == 0 && | 54 | } else if (skey_haskey(pw->pw_name) == 0 && |
diff --git a/canohost.c b/canohost.c index 98ce9744f..6d36dd11a 100644 --- a/canohost.c +++ b/canohost.c | |||
@@ -12,7 +12,7 @@ | |||
12 | */ | 12 | */ |
13 | 13 | ||
14 | #include "includes.h" | 14 | #include "includes.h" |
15 | RCSID("$OpenBSD: canohost.c,v 1.15 2000/09/07 21:13:37 markus Exp $"); | 15 | RCSID("$OpenBSD: canohost.c,v 1.16 2000/10/21 17:04:22 markus Exp $"); |
16 | 16 | ||
17 | #include "packet.h" | 17 | #include "packet.h" |
18 | #include "xmalloc.h" | 18 | #include "xmalloc.h" |
@@ -147,7 +147,7 @@ check_ip_options: | |||
147 | else | 147 | else |
148 | ipproto = IPPROTO_IP; | 148 | ipproto = IPPROTO_IP; |
149 | option_size = sizeof(options); | 149 | option_size = sizeof(options); |
150 | if (getsockopt(0, ipproto, IP_OPTIONS, (char *) options, | 150 | if (getsockopt(socket, ipproto, IP_OPTIONS, (char *) options, |
151 | &option_size) >= 0 && option_size != 0) { | 151 | &option_size) >= 0 && option_size != 0) { |
152 | cp = text; | 152 | cp = text; |
153 | /* Note: "text" buffer must be at least 3x as big as options. */ | 153 | /* Note: "text" buffer must be at least 3x as big as options. */ |
diff --git a/channels.c b/channels.c index 96d8dc4b4..028c09e6a 100644 --- a/channels.c +++ b/channels.c | |||
@@ -40,7 +40,7 @@ | |||
40 | */ | 40 | */ |
41 | 41 | ||
42 | #include "includes.h" | 42 | #include "includes.h" |
43 | RCSID("$OpenBSD: channels.c,v 1.70 2000/09/28 18:03:18 markus Exp $"); | 43 | RCSID("$OpenBSD: channels.c,v 1.72 2000/10/27 07:48:22 markus Exp $"); |
44 | 44 | ||
45 | #include "ssh.h" | 45 | #include "ssh.h" |
46 | #include "packet.h" | 46 | #include "packet.h" |
@@ -174,7 +174,8 @@ channel_lookup(int id) | |||
174 | */ | 174 | */ |
175 | 175 | ||
176 | void | 176 | void |
177 | channel_register_fds(Channel *c, int rfd, int wfd, int efd, int extusage) | 177 | channel_register_fds(Channel *c, int rfd, int wfd, int efd, |
178 | int extusage, int nonblock) | ||
178 | { | 179 | { |
179 | /* Update the maximum file descriptor value. */ | 180 | /* Update the maximum file descriptor value. */ |
180 | if (rfd > channel_max_fd_value) | 181 | if (rfd > channel_max_fd_value) |
@@ -190,12 +191,16 @@ channel_register_fds(Channel *c, int rfd, int wfd, int efd, int extusage) | |||
190 | c->sock = (rfd == wfd) ? rfd : -1; | 191 | c->sock = (rfd == wfd) ? rfd : -1; |
191 | c->efd = efd; | 192 | c->efd = efd; |
192 | c->extended_usage = extusage; | 193 | c->extended_usage = extusage; |
193 | if (rfd != -1) | 194 | |
194 | set_nonblock(rfd); | 195 | /* enable nonblocking mode */ |
195 | if (wfd != -1) | 196 | if (nonblock) { |
196 | set_nonblock(wfd); | 197 | if (rfd != -1) |
197 | if (efd != -1) | 198 | set_nonblock(rfd); |
198 | set_nonblock(efd); | 199 | if (wfd != -1) |
200 | set_nonblock(wfd); | ||
201 | if (efd != -1) | ||
202 | set_nonblock(efd); | ||
203 | } | ||
199 | } | 204 | } |
200 | 205 | ||
201 | /* | 206 | /* |
@@ -205,7 +210,7 @@ channel_register_fds(Channel *c, int rfd, int wfd, int efd, int extusage) | |||
205 | 210 | ||
206 | int | 211 | int |
207 | channel_new(char *ctype, int type, int rfd, int wfd, int efd, | 212 | channel_new(char *ctype, int type, int rfd, int wfd, int efd, |
208 | int window, int maxpack, int extusage, char *remote_name) | 213 | int window, int maxpack, int extusage, char *remote_name, int nonblock) |
209 | { | 214 | { |
210 | int i, found; | 215 | int i, found; |
211 | Channel *c; | 216 | Channel *c; |
@@ -245,7 +250,7 @@ channel_new(char *ctype, int type, int rfd, int wfd, int efd, | |||
245 | buffer_init(&c->output); | 250 | buffer_init(&c->output); |
246 | buffer_init(&c->extended); | 251 | buffer_init(&c->extended); |
247 | chan_init_iostates(c); | 252 | chan_init_iostates(c); |
248 | channel_register_fds(c, rfd, wfd, efd, extusage); | 253 | channel_register_fds(c, rfd, wfd, efd, extusage, nonblock); |
249 | c->self = found; | 254 | c->self = found; |
250 | c->type = type; | 255 | c->type = type; |
251 | c->ctype = ctype; | 256 | c->ctype = ctype; |
@@ -269,7 +274,7 @@ channel_new(char *ctype, int type, int rfd, int wfd, int efd, | |||
269 | int | 274 | int |
270 | channel_allocate(int type, int sock, char *remote_name) | 275 | channel_allocate(int type, int sock, char *remote_name) |
271 | { | 276 | { |
272 | return channel_new("", type, sock, sock, -1, 0, 0, 0, remote_name); | 277 | return channel_new("", type, sock, sock, -1, 0, 0, 0, remote_name, 1); |
273 | } | 278 | } |
274 | 279 | ||
275 | 280 | ||
@@ -548,7 +553,7 @@ channel_post_x11_listener(Channel *c, fd_set * readset, fd_set * writeset) | |||
548 | newch = channel_new("x11", | 553 | newch = channel_new("x11", |
549 | SSH_CHANNEL_OPENING, newsock, newsock, -1, | 554 | SSH_CHANNEL_OPENING, newsock, newsock, -1, |
550 | c->local_window_max, c->local_maxpacket, | 555 | c->local_window_max, c->local_maxpacket, |
551 | 0, xstrdup(buf)); | 556 | 0, xstrdup(buf), 1); |
552 | if (compat20) { | 557 | if (compat20) { |
553 | packet_start(SSH2_MSG_CHANNEL_OPEN); | 558 | packet_start(SSH2_MSG_CHANNEL_OPEN); |
554 | packet_put_cstring("x11"); | 559 | packet_put_cstring("x11"); |
@@ -606,7 +611,7 @@ channel_post_port_listener(Channel *c, fd_set * readset, fd_set * writeset) | |||
606 | newch = channel_new("direct-tcpip", | 611 | newch = channel_new("direct-tcpip", |
607 | SSH_CHANNEL_OPENING, newsock, newsock, -1, | 612 | SSH_CHANNEL_OPENING, newsock, newsock, -1, |
608 | c->local_window_max, c->local_maxpacket, | 613 | c->local_window_max, c->local_maxpacket, |
609 | 0, xstrdup(buf)); | 614 | 0, xstrdup(buf), 1); |
610 | if (compat20) { | 615 | if (compat20) { |
611 | packet_start(SSH2_MSG_CHANNEL_OPEN); | 616 | packet_start(SSH2_MSG_CHANNEL_OPEN); |
612 | packet_put_cstring("direct-tcpip"); | 617 | packet_put_cstring("direct-tcpip"); |
@@ -1514,7 +1519,7 @@ channel_request_local_forwarding(u_short port, const char *host, | |||
1514 | "port listener", SSH_CHANNEL_PORT_LISTENER, | 1519 | "port listener", SSH_CHANNEL_PORT_LISTENER, |
1515 | sock, sock, -1, | 1520 | sock, sock, -1, |
1516 | CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, | 1521 | CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, |
1517 | 0, xstrdup("port listener")); | 1522 | 0, xstrdup("port listener"), 1); |
1518 | strlcpy(channels[ch].path, host, sizeof(channels[ch].path)); | 1523 | strlcpy(channels[ch].path, host, sizeof(channels[ch].path)); |
1519 | channels[ch].host_port = host_port; | 1524 | channels[ch].host_port = host_port; |
1520 | channels[ch].listening_port = port; | 1525 | channels[ch].listening_port = port; |
@@ -1859,7 +1864,7 @@ x11_create_display_inet(int screen_number, int x11_display_offset) | |||
1859 | (void) channel_new("x11 listener", | 1864 | (void) channel_new("x11 listener", |
1860 | SSH_CHANNEL_X11_LISTENER, sock, sock, -1, | 1865 | SSH_CHANNEL_X11_LISTENER, sock, sock, -1, |
1861 | CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT, | 1866 | CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT, |
1862 | 0, xstrdup("X11 inet listener")); | 1867 | 0, xstrdup("X11 inet listener"), 1); |
1863 | } | 1868 | } |
1864 | 1869 | ||
1865 | /* Return a suitable value for the DISPLAY environment variable. */ | 1870 | /* Return a suitable value for the DISPLAY environment variable. */ |
@@ -2045,6 +2050,28 @@ x11_input_open(int type, int plen, void *ctxt) | |||
2045 | } | 2050 | } |
2046 | } | 2051 | } |
2047 | 2052 | ||
2053 | /* dummy protocol handler that denies SSH-1 requests (agent/x11) */ | ||
2054 | void | ||
2055 | deny_input_open(int type, int plen, void *ctxt) | ||
2056 | { | ||
2057 | int rchan = packet_get_int(); | ||
2058 | switch(type){ | ||
2059 | case SSH_SMSG_AGENT_OPEN: | ||
2060 | error("Warning: ssh server tried agent forwarding."); | ||
2061 | break; | ||
2062 | case SSH_SMSG_X11_OPEN: | ||
2063 | error("Warning: ssh server tried X11 forwarding."); | ||
2064 | break; | ||
2065 | default: | ||
2066 | error("deny_input_open: type %d plen %d", type, plen); | ||
2067 | break; | ||
2068 | } | ||
2069 | error("Warning: this is probably a break in attempt by a malicious server."); | ||
2070 | packet_start(SSH_MSG_CHANNEL_OPEN_FAILURE); | ||
2071 | packet_put_int(rchan); | ||
2072 | packet_send(); | ||
2073 | } | ||
2074 | |||
2048 | /* | 2075 | /* |
2049 | * Requests forwarding of X11 connections, generates fake authentication | 2076 | * Requests forwarding of X11 connections, generates fake authentication |
2050 | * data, and enables authentication spoofing. | 2077 | * data, and enables authentication spoofing. |
@@ -2349,13 +2376,13 @@ channel_register_filter(int id, channel_filter_fn *fn) | |||
2349 | } | 2376 | } |
2350 | 2377 | ||
2351 | void | 2378 | void |
2352 | channel_set_fds(int id, int rfd, int wfd, int efd, int extusage) | 2379 | channel_set_fds(int id, int rfd, int wfd, int efd, |
2380 | int extusage, int nonblock) | ||
2353 | { | 2381 | { |
2354 | Channel *c = channel_lookup(id); | 2382 | Channel *c = channel_lookup(id); |
2355 | if (c == NULL || c->type != SSH_CHANNEL_LARVAL) | 2383 | if (c == NULL || c->type != SSH_CHANNEL_LARVAL) |
2356 | fatal("channel_activate for non-larval channel %d.", id); | 2384 | fatal("channel_activate for non-larval channel %d.", id); |
2357 | 2385 | channel_register_fds(c, rfd, wfd, efd, extusage, nonblock); | |
2358 | channel_register_fds(c, rfd, wfd, efd, extusage); | ||
2359 | c->type = SSH_CHANNEL_OPEN; | 2386 | c->type = SSH_CHANNEL_OPEN; |
2360 | /* XXX window size? */ | 2387 | /* XXX window size? */ |
2361 | c->local_window = c->local_window_max = c->local_maxpacket * 2; | 2388 | c->local_window = c->local_window_max = c->local_maxpacket * 2; |
diff --git a/channels.h b/channels.h index a74f59261..00526860c 100644 --- a/channels.h +++ b/channels.h | |||
@@ -32,7 +32,7 @@ | |||
32 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 32 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
33 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 33 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
34 | */ | 34 | */ |
35 | /* RCSID("$OpenBSD: channels.h,v 1.20 2000/09/21 11:25:33 markus Exp $"); */ | 35 | /* RCSID("$OpenBSD: channels.h,v 1.22 2000/10/27 07:48:22 markus Exp $"); */ |
36 | 36 | ||
37 | #ifndef CHANNELS_H | 37 | #ifndef CHANNELS_H |
38 | #define CHANNELS_H | 38 | #define CHANNELS_H |
@@ -117,7 +117,6 @@ struct Channel { | |||
117 | #define CHAN_X11_PACKET_DEFAULT (CHAN_X11_WINDOW_DEFAULT/2) | 117 | #define CHAN_X11_PACKET_DEFAULT (CHAN_X11_WINDOW_DEFAULT/2) |
118 | 118 | ||
119 | 119 | ||
120 | void channel_set_fds(int id, int rfd, int wfd, int efd, int extusage); | ||
121 | void channel_open(int id); | 120 | void channel_open(int id); |
122 | void channel_request(int id, char *service, int wantconfirm); | 121 | void channel_request(int id, char *service, int wantconfirm); |
123 | void channel_request_start(int id, char *service, int wantconfirm); | 122 | void channel_request_start(int id, char *service, int wantconfirm); |
@@ -129,7 +128,13 @@ Channel *channel_lookup(int id); | |||
129 | 128 | ||
130 | int | 129 | int |
131 | channel_new(char *ctype, int type, int rfd, int wfd, int efd, | 130 | channel_new(char *ctype, int type, int rfd, int wfd, int efd, |
132 | int window, int maxpack, int extended_usage, char *remote_name); | 131 | int window, int maxpack, int extended_usage, char *remote_name, |
132 | int nonblock); | ||
133 | void | ||
134 | channel_set_fds(int id, int rfd, int wfd, int efd, | ||
135 | int extusage, int nonblock); | ||
136 | |||
137 | void deny_input_open(int type, int plen, void *ctxt); | ||
133 | 138 | ||
134 | void channel_input_channel_request(int type, int plen, void *ctxt); | 139 | void channel_input_channel_request(int type, int plen, void *ctxt); |
135 | void channel_input_close(int type, int plen, void *ctxt); | 140 | void channel_input_close(int type, int plen, void *ctxt); |
@@ -35,7 +35,7 @@ | |||
35 | */ | 35 | */ |
36 | 36 | ||
37 | #include "includes.h" | 37 | #include "includes.h" |
38 | RCSID("$OpenBSD: cipher.c,v 1.36 2000/10/14 10:01:15 markus Exp $"); | 38 | RCSID("$OpenBSD: cipher.c,v 1.37 2000/10/23 19:31:54 markus Exp $"); |
39 | 39 | ||
40 | #include "ssh.h" | 40 | #include "ssh.h" |
41 | #include "xmalloc.h" | 41 | #include "xmalloc.h" |
@@ -218,28 +218,21 @@ blowfish_cbc_decrypt(CipherContext *cc, u_char *dest, const u_char *src, | |||
218 | * and after encryption/decryption. Thus the swap_bytes stuff (yuk). | 218 | * and after encryption/decryption. Thus the swap_bytes stuff (yuk). |
219 | */ | 219 | */ |
220 | static void | 220 | static void |
221 | swap_bytes(const unsigned char *src, unsigned char *dst_, int n) | 221 | swap_bytes(const unsigned char *src, unsigned char *dst, int n) |
222 | { | 222 | { |
223 | /* dst must be properly aligned. */ | 223 | char c[4]; |
224 | u_int32_t *dst = (u_int32_t *) dst_; | 224 | |
225 | union { | 225 | /* Process 4 bytes every lap. */ |
226 | u_int32_t i; | 226 | for (n = n / 4; n > 0; n--) { |
227 | char c[4]; | 227 | c[3] = *src++; |
228 | } t; | 228 | c[2] = *src++; |
229 | 229 | c[1] = *src++; | |
230 | /* Process 8 bytes every lap. */ | 230 | c[0] = *src++; |
231 | for (n = n / 8; n > 0; n--) { | 231 | |
232 | t.c[3] = *src++; | 232 | *dst++ = c[0]; |
233 | t.c[2] = *src++; | 233 | *dst++ = c[1]; |
234 | t.c[1] = *src++; | 234 | *dst++ = c[2]; |
235 | t.c[0] = *src++; | 235 | *dst++ = c[3]; |
236 | *dst++ = t.i; | ||
237 | |||
238 | t.c[3] = *src++; | ||
239 | t.c[2] = *src++; | ||
240 | t.c[1] = *src++; | ||
241 | t.c[0] = *src++; | ||
242 | *dst++ = t.i; | ||
243 | } | 236 | } |
244 | } | 237 | } |
245 | 238 | ||
diff --git a/clientloop.c b/clientloop.c index 90a781ec4..bccb9be2f 100644 --- a/clientloop.c +++ b/clientloop.c | |||
@@ -59,7 +59,7 @@ | |||
59 | */ | 59 | */ |
60 | 60 | ||
61 | #include "includes.h" | 61 | #include "includes.h" |
62 | RCSID("$OpenBSD: clientloop.c,v 1.37 2000/09/26 19:59:58 markus Exp $"); | 62 | RCSID("$OpenBSD: clientloop.c,v 1.39 2000/10/27 07:48:22 markus Exp $"); |
63 | 63 | ||
64 | #include "xmalloc.h" | 64 | #include "xmalloc.h" |
65 | #include "ssh.h" | 65 | #include "ssh.h" |
@@ -75,6 +75,10 @@ RCSID("$OpenBSD: clientloop.c,v 1.37 2000/09/26 19:59:58 markus Exp $"); | |||
75 | #include "buffer.h" | 75 | #include "buffer.h" |
76 | #include "bufaux.h" | 76 | #include "bufaux.h" |
77 | 77 | ||
78 | |||
79 | /* import options */ | ||
80 | extern Options options; | ||
81 | |||
78 | /* Flag indicating that stdin should be redirected from /dev/null. */ | 82 | /* Flag indicating that stdin should be redirected from /dev/null. */ |
79 | extern int stdin_null_flag; | 83 | extern int stdin_null_flag; |
80 | 84 | ||
@@ -790,7 +794,6 @@ simple_escape_filter(Channel *c, char *buf, int len) | |||
790 | int | 794 | int |
791 | client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id) | 795 | client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id) |
792 | { | 796 | { |
793 | extern Options options; | ||
794 | double start_time, total_time; | 797 | double start_time, total_time; |
795 | int len; | 798 | int len; |
796 | char buf[100]; | 799 | char buf[100]; |
@@ -1033,7 +1036,7 @@ client_input_channel_open(int type, int plen, void *ctxt) | |||
1033 | debug("client_input_channel_open: ctype %s rchan %d win %d max %d", | 1036 | debug("client_input_channel_open: ctype %s rchan %d win %d max %d", |
1034 | ctype, rchan, rwindow, rmaxpack); | 1037 | ctype, rchan, rwindow, rmaxpack); |
1035 | 1038 | ||
1036 | if (strcmp(ctype, "x11") == 0) { | 1039 | if (strcmp(ctype, "x11") == 0 && options.forward_x11) { |
1037 | int sock; | 1040 | int sock; |
1038 | char *originator; | 1041 | char *originator; |
1039 | int originator_port; | 1042 | int originator_port; |
@@ -1052,7 +1055,7 @@ client_input_channel_open(int type, int plen, void *ctxt) | |||
1052 | if (sock >= 0) { | 1055 | if (sock >= 0) { |
1053 | id = channel_new("x11", SSH_CHANNEL_X11_OPEN, | 1056 | id = channel_new("x11", SSH_CHANNEL_X11_OPEN, |
1054 | sock, sock, -1, CHAN_X11_WINDOW_DEFAULT, | 1057 | sock, sock, -1, CHAN_X11_WINDOW_DEFAULT, |
1055 | CHAN_X11_PACKET_DEFAULT, 0, xstrdup("x11")); | 1058 | CHAN_X11_PACKET_DEFAULT, 0, xstrdup("x11"), 1); |
1056 | c = channel_lookup(id); | 1059 | c = channel_lookup(id); |
1057 | } | 1060 | } |
1058 | } | 1061 | } |
@@ -1105,11 +1108,14 @@ client_init_dispatch_13() | |||
1105 | dispatch_set(SSH_MSG_CHANNEL_OPEN_CONFIRMATION, &channel_input_open_confirmation); | 1108 | dispatch_set(SSH_MSG_CHANNEL_OPEN_CONFIRMATION, &channel_input_open_confirmation); |
1106 | dispatch_set(SSH_MSG_CHANNEL_OPEN_FAILURE, &channel_input_open_failure); | 1109 | dispatch_set(SSH_MSG_CHANNEL_OPEN_FAILURE, &channel_input_open_failure); |
1107 | dispatch_set(SSH_MSG_PORT_OPEN, &channel_input_port_open); | 1110 | dispatch_set(SSH_MSG_PORT_OPEN, &channel_input_port_open); |
1108 | dispatch_set(SSH_SMSG_AGENT_OPEN, &auth_input_open_request); | ||
1109 | dispatch_set(SSH_SMSG_EXITSTATUS, &client_input_exit_status); | 1111 | dispatch_set(SSH_SMSG_EXITSTATUS, &client_input_exit_status); |
1110 | dispatch_set(SSH_SMSG_STDERR_DATA, &client_input_stderr_data); | 1112 | dispatch_set(SSH_SMSG_STDERR_DATA, &client_input_stderr_data); |
1111 | dispatch_set(SSH_SMSG_STDOUT_DATA, &client_input_stdout_data); | 1113 | dispatch_set(SSH_SMSG_STDOUT_DATA, &client_input_stdout_data); |
1112 | dispatch_set(SSH_SMSG_X11_OPEN, &x11_input_open); | 1114 | |
1115 | dispatch_set(SSH_SMSG_AGENT_OPEN, options.forward_agent ? | ||
1116 | &auth_input_open_request : &deny_input_open); | ||
1117 | dispatch_set(SSH_SMSG_X11_OPEN, options.forward_x11 ? | ||
1118 | &x11_input_open : &deny_input_open); | ||
1113 | } | 1119 | } |
1114 | void | 1120 | void |
1115 | client_init_dispatch_15() | 1121 | client_init_dispatch_15() |
@@ -23,7 +23,7 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$OpenBSD: compat.c,v 1.25 2000/10/14 12:16:56 markus Exp $"); | 26 | RCSID("$OpenBSD: compat.c,v 1.26 2000/10/26 18:38:28 markus Exp $"); |
27 | 27 | ||
28 | #include "ssh.h" | 28 | #include "ssh.h" |
29 | #include "packet.h" | 29 | #include "packet.h" |
@@ -72,7 +72,10 @@ compat_datafellows(const char *version) | |||
72 | SSH_BUG_PUBKEYAUTH|SSH_BUG_X11FWD }, | 72 | SSH_BUG_PUBKEYAUTH|SSH_BUG_X11FWD }, |
73 | { "^2\\.[23]\\.0 ", SSH_BUG_HMAC}, | 73 | { "^2\\.[23]\\.0 ", SSH_BUG_HMAC}, |
74 | { "^2\\.[2-9]\\.", 0 }, | 74 | { "^2\\.[2-9]\\.", 0 }, |
75 | { "^2\\.", SSH_BUG_HMAC}, /* XXX fallback */ | 75 | { "^2\\.4$", SSH_OLD_SESSIONID}, /* Van Dyke */ |
76 | { "^3\\.0 SecureCRT", SSH_OLD_SESSIONID}, | ||
77 | { "^1\\.7 SecureFX", SSH_OLD_SESSIONID}, | ||
78 | { "^2\\.", SSH_BUG_HMAC}, /* XXX fallback */ | ||
76 | { NULL, 0 } | 79 | { NULL, 0 } |
77 | }; | 80 | }; |
78 | /* process table, return first match */ | 81 | /* process table, return first match */ |
@@ -75,7 +75,7 @@ | |||
75 | */ | 75 | */ |
76 | 76 | ||
77 | #include "includes.h" | 77 | #include "includes.h" |
78 | RCSID("$OpenBSD: scp.c,v 1.42 2000/10/14 10:07:21 markus Exp $"); | 78 | RCSID("$OpenBSD: scp.c,v 1.43 2000/10/18 18:23:02 markus Exp $"); |
79 | 79 | ||
80 | #include "ssh.h" | 80 | #include "ssh.h" |
81 | #include "xmalloc.h" | 81 | #include "xmalloc.h" |
@@ -838,8 +838,10 @@ bad: run_err("%s: %s", np, strerror(errno)); | |||
838 | amt = size - i; | 838 | amt = size - i; |
839 | count += amt; | 839 | count += amt; |
840 | do { | 840 | do { |
841 | j = atomicio(read, remin, cp, amt); | 841 | j = read(remin, cp, amt); |
842 | if (j <= 0) { | 842 | if (j == -1 && (errno == EINTR || errno == EAGAIN)) { |
843 | continue; | ||
844 | } else if (j <= 0) { | ||
843 | run_err("%s", j ? strerror(errno) : | 845 | run_err("%s", j ? strerror(errno) : |
844 | "dropped connection"); | 846 | "dropped connection"); |
845 | exit(1); | 847 | exit(1); |
diff --git a/serverloop.c b/serverloop.c index a9e478764..6a81806bb 100644 --- a/serverloop.c +++ b/serverloop.c | |||
@@ -35,6 +35,8 @@ | |||
35 | */ | 35 | */ |
36 | 36 | ||
37 | #include "includes.h" | 37 | #include "includes.h" |
38 | RCSID("$OpenBSD: serverloop.c,v 1.34 2000/10/27 07:32:18 markus Exp $"); | ||
39 | |||
38 | #include "xmalloc.h" | 40 | #include "xmalloc.h" |
39 | #include "ssh.h" | 41 | #include "ssh.h" |
40 | #include "packet.h" | 42 | #include "packet.h" |
@@ -766,7 +768,7 @@ input_direct_tcpip(void) | |||
766 | return -1; | 768 | return -1; |
767 | return channel_new("direct-tcpip", SSH_CHANNEL_OPEN, | 769 | return channel_new("direct-tcpip", SSH_CHANNEL_OPEN, |
768 | sock, sock, -1, CHAN_TCP_WINDOW_DEFAULT, | 770 | sock, sock, -1, CHAN_TCP_WINDOW_DEFAULT, |
769 | CHAN_TCP_PACKET_DEFAULT, 0, xstrdup("direct-tcpip")); | 771 | CHAN_TCP_PACKET_DEFAULT, 0, xstrdup("direct-tcpip"), 1); |
770 | } | 772 | } |
771 | 773 | ||
772 | void | 774 | void |
@@ -800,7 +802,7 @@ server_input_channel_open(int type, int plen, void *ctxt) | |||
800 | */ | 802 | */ |
801 | id = channel_new(ctype, SSH_CHANNEL_LARVAL, | 803 | id = channel_new(ctype, SSH_CHANNEL_LARVAL, |
802 | -1, -1, -1, 0, CHAN_SES_PACKET_DEFAULT, | 804 | -1, -1, -1, 0, CHAN_SES_PACKET_DEFAULT, |
803 | 0, xstrdup("server-session")); | 805 | 0, xstrdup("server-session"), 1); |
804 | if (session_open(id) == 1) { | 806 | if (session_open(id) == 1) { |
805 | channel_register_callback(id, SSH2_MSG_CHANNEL_REQUEST, | 807 | channel_register_callback(id, SSH2_MSG_CHANNEL_REQUEST, |
806 | session_input_channel_req, (void *)0); | 808 | session_input_channel_req, (void *)0); |
@@ -33,7 +33,7 @@ | |||
33 | */ | 33 | */ |
34 | 34 | ||
35 | #include "includes.h" | 35 | #include "includes.h" |
36 | RCSID("$OpenBSD: session.c,v 1.40 2000/10/15 14:14:01 markus Exp $"); | 36 | RCSID("$OpenBSD: session.c,v 1.42 2000/10/27 07:32:18 markus Exp $"); |
37 | 37 | ||
38 | #include "xmalloc.h" | 38 | #include "xmalloc.h" |
39 | #include "ssh.h" | 39 | #include "ssh.h" |
@@ -119,7 +119,7 @@ void session_pty_cleanup(Session *s); | |||
119 | void session_proctitle(Session *s); | 119 | void session_proctitle(Session *s); |
120 | void do_exec_pty(Session *s, const char *command, struct passwd * pw); | 120 | void do_exec_pty(Session *s, const char *command, struct passwd * pw); |
121 | void do_exec_no_pty(Session *s, const char *command, struct passwd * pw); | 121 | void do_exec_no_pty(Session *s, const char *command, struct passwd * pw); |
122 | void do_login(Session *s); | 122 | void do_login(Session *s, const char *command); |
123 | 123 | ||
124 | void | 124 | void |
125 | do_child(const char *command, struct passwd * pw, const char *term, | 125 | do_child(const char *command, struct passwd * pw, const char *term, |
@@ -627,8 +627,8 @@ do_exec_pty(Session *s, const char *command, struct passwd * pw) | |||
627 | close(ttyfd); | 627 | close(ttyfd); |
628 | 628 | ||
629 | /* record login, etc. similar to login(1) */ | 629 | /* record login, etc. similar to login(1) */ |
630 | if (command == NULL && !options.use_login) | 630 | if (!(options.use_login && command == NULL)) |
631 | do_login(s); | 631 | do_login(s, command); |
632 | 632 | ||
633 | /* Do common processing for the child, such as execing the command. */ | 633 | /* Do common processing for the child, such as execing the command. */ |
634 | do_child(command, pw, s->term, s->display, s->auth_proto, | 634 | do_child(command, pw, s->term, s->display, s->auth_proto, |
@@ -684,7 +684,7 @@ get_remote_name_or_ip(void) | |||
684 | 684 | ||
685 | /* administrative, login(1)-like work */ | 685 | /* administrative, login(1)-like work */ |
686 | void | 686 | void |
687 | do_login(Session *s) | 687 | do_login(Session *s, const char *command) |
688 | { | 688 | { |
689 | FILE *f; | 689 | FILE *f; |
690 | char *time_string; | 690 | char *time_string; |
@@ -731,7 +731,9 @@ do_login(Session *s) | |||
731 | } | 731 | } |
732 | #endif | 732 | #endif |
733 | 733 | ||
734 | /* Done if .hushlogin exists. */ | 734 | /* Done if .hushlogin exists or a command given. */ |
735 | if (command != NULL) | ||
736 | return; | ||
735 | snprintf(buf, sizeof(buf), "%.200s/.hushlogin", pw->pw_dir); | 737 | snprintf(buf, sizeof(buf), "%.200s/.hushlogin", pw->pw_dir); |
736 | #ifdef HAVE_LOGIN_CAP | 738 | #ifdef HAVE_LOGIN_CAP |
737 | if (login_getcapbool(lc, "hushlogin", 0) || stat(buf, &st) >= 0) | 739 | if (login_getcapbool(lc, "hushlogin", 0) || stat(buf, &st) >= 0) |
@@ -1778,7 +1780,8 @@ session_set_fds(Session *s, int fdin, int fdout, int fderr) | |||
1778 | fatal("no channel for session %d", s->self); | 1780 | fatal("no channel for session %d", s->self); |
1779 | channel_set_fds(s->chanid, | 1781 | channel_set_fds(s->chanid, |
1780 | fdout, fdin, fderr, | 1782 | fdout, fdin, fderr, |
1781 | fderr == -1 ? CHAN_EXTENDED_IGNORE : CHAN_EXTENDED_READ); | 1783 | fderr == -1 ? CHAN_EXTENDED_IGNORE : CHAN_EXTENDED_READ, |
1784 | 1); | ||
1782 | } | 1785 | } |
1783 | 1786 | ||
1784 | void | 1787 | void |
@@ -34,6 +34,7 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 36 | .\" |
37 | .\" $OpenBSD: ssh.1,v 1.64 2000/10/16 21:46:31 markus Exp $ | ||
37 | .Dd September 25, 1999 | 38 | .Dd September 25, 1999 |
38 | .Dt SSH 1 | 39 | .Dt SSH 1 |
39 | .Os | 40 | .Os |
@@ -367,7 +368,7 @@ It is believed to be secure. | |||
367 | (triple-des) is an encrypt-decrypt-encrypt triple with three different keys. | 368 | (triple-des) is an encrypt-decrypt-encrypt triple with three different keys. |
368 | It is presumably more secure than the | 369 | It is presumably more secure than the |
369 | .Ar des | 370 | .Ar des |
370 | cipher which is no longer supported in | 371 | cipher which is no longer fully supported in |
371 | .Nm ssh . | 372 | .Nm ssh . |
372 | .Ar blowfish | 373 | .Ar blowfish |
373 | is a fast block cipher, it appears very secure and is much faster than | 374 | is a fast block cipher, it appears very secure and is much faster than |
@@ -628,9 +629,9 @@ If the option is set to | |||
628 | the check will not be executed. | 629 | the check will not be executed. |
629 | .It Cm Cipher | 630 | .It Cm Cipher |
630 | Specifies the cipher to use for encrypting the session | 631 | Specifies the cipher to use for encrypting the session |
631 | in protocol version 1 | 632 | in protocol version 1. |
632 | Currently, | 633 | Currently, |
633 | .Dq blowfish , | 634 | .Dq blowfish |
634 | and | 635 | and |
635 | .Dq 3des | 636 | .Dq 3des |
636 | are supported. | 637 | are supported. |
@@ -39,7 +39,7 @@ | |||
39 | */ | 39 | */ |
40 | 40 | ||
41 | #include "includes.h" | 41 | #include "includes.h" |
42 | RCSID("$OpenBSD: ssh.c,v 1.68 2000/10/11 20:27:24 markus Exp $"); | 42 | RCSID("$OpenBSD: ssh.c,v 1.69 2000/10/27 07:32:19 markus Exp $"); |
43 | 43 | ||
44 | #include <openssl/evp.h> | 44 | #include <openssl/evp.h> |
45 | #include <openssl/dsa.h> | 45 | #include <openssl/dsa.h> |
@@ -1008,6 +1008,14 @@ ssh_session2(void) | |||
1008 | if (in < 0 || out < 0 || err < 0) | 1008 | if (in < 0 || out < 0 || err < 0) |
1009 | fatal("dup() in/out/err failed"); | 1009 | fatal("dup() in/out/err failed"); |
1010 | 1010 | ||
1011 | /* enable nonblocking unless tty */ | ||
1012 | if (!isatty(in)) | ||
1013 | set_nonblock(in); | ||
1014 | if (!isatty(out)) | ||
1015 | set_nonblock(out); | ||
1016 | if (!isatty(err)) | ||
1017 | set_nonblock(err); | ||
1018 | |||
1011 | /* should be pre-session */ | 1019 | /* should be pre-session */ |
1012 | init_local_fwd(); | 1020 | init_local_fwd(); |
1013 | 1021 | ||
@@ -1025,7 +1033,7 @@ ssh_session2(void) | |||
1025 | id = channel_new( | 1033 | id = channel_new( |
1026 | "session", SSH_CHANNEL_OPENING, in, out, err, | 1034 | "session", SSH_CHANNEL_OPENING, in, out, err, |
1027 | window, packetmax, CHAN_EXTENDED_WRITE, | 1035 | window, packetmax, CHAN_EXTENDED_WRITE, |
1028 | xstrdup("client-session")); | 1036 | xstrdup("client-session"), /*nonblock*/0); |
1029 | 1037 | ||
1030 | channel_open(id); | 1038 | channel_open(id); |
1031 | channel_register_callback(id, SSH2_MSG_CHANNEL_OPEN_CONFIRMATION, client_init, (void *)0); | 1039 | channel_register_callback(id, SSH2_MSG_CHANNEL_OPEN_CONFIRMATION, client_init, (void *)0); |
diff --git a/sshconnect2.c b/sshconnect2.c index 1f3b5a261..6ba23d445 100644 --- a/sshconnect2.c +++ b/sshconnect2.c | |||
@@ -23,7 +23,7 @@ | |||
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include "includes.h" | 25 | #include "includes.h" |
26 | RCSID("$OpenBSD: sshconnect2.c,v 1.26 2000/10/14 12:16:56 markus Exp $"); | 26 | RCSID("$OpenBSD: sshconnect2.c,v 1.27 2000/10/19 16:45:16 provos Exp $"); |
27 | 27 | ||
28 | #include <openssl/bn.h> | 28 | #include <openssl/bn.h> |
29 | #include <openssl/rsa.h> | 29 | #include <openssl/rsa.h> |
@@ -979,7 +979,7 @@ authmethod_lookup(const char *name) | |||
979 | Authmethod * | 979 | Authmethod * |
980 | authmethod_get(char *authlist) | 980 | authmethod_get(char *authlist) |
981 | { | 981 | { |
982 | char *name = NULL; | 982 | char *name = NULL, *authname_old; |
983 | Authmethod *method = NULL; | 983 | Authmethod *method = NULL; |
984 | 984 | ||
985 | /* Use a suitable default if we're passed a nil list. */ | 985 | /* Use a suitable default if we're passed a nil list. */ |
@@ -1013,16 +1013,17 @@ authmethod_get(char *authlist) | |||
1013 | method = NULL; | 1013 | method = NULL; |
1014 | } | 1014 | } |
1015 | 1015 | ||
1016 | if (authname_current != NULL) | 1016 | authname_old = authname_current; |
1017 | xfree(authname_current); | ||
1018 | |||
1019 | if (method != NULL) { | 1017 | if (method != NULL) { |
1020 | debug("next auth method to try is %s", name); | 1018 | debug("next auth method to try is %s", name); |
1021 | authname_current = xstrdup(name); | 1019 | authname_current = xstrdup(name); |
1022 | return method; | ||
1023 | } else { | 1020 | } else { |
1024 | debug("no more auth methods to try"); | 1021 | debug("no more auth methods to try"); |
1025 | authname_current = NULL; | 1022 | authname_current = NULL; |
1026 | return NULL; | ||
1027 | } | 1023 | } |
1024 | |||
1025 | if (authname_old != NULL) | ||
1026 | xfree(authname_old); | ||
1027 | |||
1028 | return (method); | ||
1028 | } | 1029 | } |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: util.c,v 1.5 2000/09/07 20:27:55 deraadt Exp $ */ | 1 | /* $OpenBSD: util.c,v 1.6 2000/10/27 07:32:19 markus Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
@@ -25,7 +25,7 @@ | |||
25 | */ | 25 | */ |
26 | 26 | ||
27 | #include "includes.h" | 27 | #include "includes.h" |
28 | RCSID("$OpenBSD: util.c,v 1.5 2000/09/07 20:27:55 deraadt Exp $"); | 28 | RCSID("$OpenBSD: util.c,v 1.6 2000/10/27 07:32:19 markus Exp $"); |
29 | 29 | ||
30 | #include "ssh.h" | 30 | #include "ssh.h" |
31 | 31 | ||
@@ -48,18 +48,15 @@ void | |||
48 | set_nonblock(int fd) | 48 | set_nonblock(int fd) |
49 | { | 49 | { |
50 | int val; | 50 | int val; |
51 | if (isatty(fd)) { | ||
52 | /* do not mess with tty's */ | ||
53 | debug("no set_nonblock for tty fd %d", fd); | ||
54 | return; | ||
55 | } | ||
56 | val = fcntl(fd, F_GETFL, 0); | 51 | val = fcntl(fd, F_GETFL, 0); |
57 | if (val < 0) { | 52 | if (val < 0) { |
58 | error("fcntl(%d, F_GETFL, 0): %s", fd, strerror(errno)); | 53 | error("fcntl(%d, F_GETFL, 0): %s", fd, strerror(errno)); |
59 | return; | 54 | return; |
60 | } | 55 | } |
61 | if (val & O_NONBLOCK) | 56 | if (val & O_NONBLOCK) { |
57 | debug("fd %d IS O_NONBLOCK", fd); | ||
62 | return; | 58 | return; |
59 | } | ||
63 | debug("fd %d setting O_NONBLOCK", fd); | 60 | debug("fd %d setting O_NONBLOCK", fd); |
64 | val |= O_NONBLOCK; | 61 | val |= O_NONBLOCK; |
65 | if (fcntl(fd, F_SETFL, val) == -1) | 62 | if (fcntl(fd, F_SETFL, val) == -1) |