diff options
-rw-r--r-- | ChangeLog | 2 | ||||
-rw-r--r-- | authfile.c | 4 | ||||
-rw-r--r-- | channels.c | 3 | ||||
-rw-r--r-- | entropy.c | 27 | ||||
-rw-r--r-- | rsa.c | 20 | ||||
-rw-r--r-- | session.c | 66 | ||||
-rw-r--r-- | ssh.c | 4 | ||||
-rw-r--r-- | version.h | 2 |
8 files changed, 57 insertions, 71 deletions
@@ -2,6 +2,8 @@ | |||
2 | - (djm) Fix SSH2 not terminating until all background tasks done problem. | 2 | - (djm) Fix SSH2 not terminating until all background tasks done problem. |
3 | - (djm) Another off-by-one fix from Pavel Kankovsky | 3 | - (djm) Another off-by-one fix from Pavel Kankovsky |
4 | <peak@argo.troja.mff.cuni.cz> | 4 | <peak@argo.troja.mff.cuni.cz> |
5 | - (djm) Clean up. Strip some unnecessary differences with OpenBSD's code, | ||
6 | tidy necessary differences. Use Markus' new debugN() in entropy.c | ||
5 | 7 | ||
6 | 20000926 | 8 | 20000926 |
7 | - (djm) Update X11-askpass to 1.0.2 in RPM spec file | 9 | - (djm) Update X11-askpass to 1.0.2 in RPM spec file |
diff --git a/authfile.c b/authfile.c index 66bdc0ef1..c8eac1892 100644 --- a/authfile.c +++ b/authfile.c | |||
@@ -479,9 +479,9 @@ load_private_key(const char *filename, const char *passphrase, Key *key, | |||
479 | if (fd < 0) | 479 | if (fd < 0) |
480 | return 0; | 480 | return 0; |
481 | 481 | ||
482 | /* check owner and modes. */ | 482 | /* check owner and modes */ |
483 | #ifdef HAVE_CYGWIN | 483 | #ifdef HAVE_CYGWIN |
484 | if (check_ntsec(filename)) | 484 | if (check_ntsec(filename)) |
485 | #endif | 485 | #endif |
486 | if (fstat(fd, &st) < 0 || | 486 | if (fstat(fd, &st) < 0 || |
487 | (st.st_uid != 0 && st.st_uid != getuid()) || | 487 | (st.st_uid != 0 && st.st_uid != getuid()) || |
diff --git a/channels.c b/channels.c index 287e16d10..43253b3a6 100644 --- a/channels.c +++ b/channels.c | |||
@@ -1763,7 +1763,8 @@ x11_create_display_inet(int screen_number, int x11_display_offset) | |||
1763 | error("socket: %.100s", strerror(errno)); | 1763 | error("socket: %.100s", strerror(errno)); |
1764 | return NULL; | 1764 | return NULL; |
1765 | } else { | 1765 | } else { |
1766 | debug("Socket family %d not supported [X11 disp create]", ai->ai_family); | 1766 | debug("x11_create_display_inet: Socket family %d not supported", |
1767 | ai->ai_family); | ||
1767 | continue; | 1768 | continue; |
1768 | } | 1769 | } |
1769 | } | 1770 | } |
@@ -35,15 +35,12 @@ | |||
35 | # include <floatingpoint.h> | 35 | # include <floatingpoint.h> |
36 | #endif /* HAVE_FLOATINGPOINT_H */ | 36 | #endif /* HAVE_FLOATINGPOINT_H */ |
37 | 37 | ||
38 | RCSID("$Id: entropy.c,v 1.19 2000/09/16 05:09:28 djm Exp $"); | 38 | RCSID("$Id: entropy.c,v 1.20 2000/09/29 01:12:36 djm Exp $"); |
39 | 39 | ||
40 | #ifndef offsetof | 40 | #ifndef offsetof |
41 | # define offsetof(type, member) ((size_t) &((type *)0)->member) | 41 | # define offsetof(type, member) ((size_t) &((type *)0)->member) |
42 | #endif | 42 | #endif |
43 | 43 | ||
44 | /* Print lots of detail */ | ||
45 | /* #define DEBUG_ENTROPY */ | ||
46 | |||
47 | /* Number of times to pass through command list gathering entropy */ | 44 | /* Number of times to pass through command list gathering entropy */ |
48 | #define NUM_ENTROPY_RUNS 1 | 45 | #define NUM_ENTROPY_RUNS 1 |
49 | 46 | ||
@@ -272,10 +269,8 @@ stir_from_programs(void) | |||
272 | /* Stir it in */ | 269 | /* Stir it in */ |
273 | RAND_add(hash, sizeof(hash), entropy_estimate); | 270 | RAND_add(hash, sizeof(hash), entropy_estimate); |
274 | 271 | ||
275 | #ifdef DEBUG_ENTROPY | 272 | debug3("Got %0.2f bytes of entropy from '%s'", entropy_estimate, |
276 | debug("Got %0.2f bytes of entropy from '%s'", entropy_estimate, | ||
277 | entropy_sources[c].cmdstring); | 273 | entropy_sources[c].cmdstring); |
278 | #endif | ||
279 | 274 | ||
280 | total_entropy_estimate += entropy_estimate; | 275 | total_entropy_estimate += entropy_estimate; |
281 | 276 | ||
@@ -285,10 +280,8 @@ stir_from_programs(void) | |||
285 | total_entropy_estimate += stir_rusage(RUSAGE_SELF, 0.1); | 280 | total_entropy_estimate += stir_rusage(RUSAGE_SELF, 0.1); |
286 | total_entropy_estimate += stir_rusage(RUSAGE_CHILDREN, 0.1); | 281 | total_entropy_estimate += stir_rusage(RUSAGE_CHILDREN, 0.1); |
287 | } else { | 282 | } else { |
288 | #ifdef DEBUG_ENTROPY | 283 | debug2("Command '%s' disabled (badness %d)", |
289 | debug("Command '%s' disabled (badness %d)", | ||
290 | entropy_sources[c].cmdstring, entropy_sources[c].badness); | 284 | entropy_sources[c].cmdstring, entropy_sources[c].badness); |
291 | #endif | ||
292 | 285 | ||
293 | if (entropy_sources[c].badness > 0) | 286 | if (entropy_sources[c].badness > 0) |
294 | entropy_sources[c].badness--; | 287 | entropy_sources[c].badness--; |
@@ -373,6 +366,8 @@ hash_output_from_command(entropy_source_t *src, char *hash) | |||
373 | int total_bytes_read; | 366 | int total_bytes_read; |
374 | SHA_CTX sha; | 367 | SHA_CTX sha; |
375 | 368 | ||
369 | debug3("Reading output from \'%s\'", src->cmdstring); | ||
370 | |||
376 | if (devnull == -1) { | 371 | if (devnull == -1) { |
377 | devnull = open("/dev/null", O_RDWR); | 372 | devnull = open("/dev/null", O_RDWR); |
378 | if (devnull == -1) | 373 | if (devnull == -1) |
@@ -470,12 +465,10 @@ hash_output_from_command(entropy_source_t *src, char *hash) | |||
470 | 465 | ||
471 | close(p[0]); | 466 | close(p[0]); |
472 | 467 | ||
473 | #ifdef DEBUG_ENTROPY | 468 | debug3("Time elapsed: %d msec", msec_elapsed); |
474 | debug("Time elapsed: %d msec", msec_elapsed); | ||
475 | #endif | ||
476 | 469 | ||
477 | if (waitpid(pid, &status, 0) == -1) { | 470 | if (waitpid(pid, &status, 0) == -1) { |
478 | debug("Couldn't wait for child '%s' completion: %s", src->cmdstring, | 471 | error("Couldn't wait for child '%s' completion: %s", src->cmdstring, |
479 | strerror(errno)); | 472 | strerror(errno)); |
480 | return(0.0); | 473 | return(0.0); |
481 | } | 474 | } |
@@ -486,7 +479,7 @@ hash_output_from_command(entropy_source_t *src, char *hash) | |||
486 | /* closing p[0] on timeout causes the entropy command to | 479 | /* closing p[0] on timeout causes the entropy command to |
487 | * SIGPIPE. Take whatever output we got, and mark this command | 480 | * SIGPIPE. Take whatever output we got, and mark this command |
488 | * as slow */ | 481 | * as slow */ |
489 | debug("Command '%s' timed out", src->cmdstring); | 482 | debug2("Command '%s' timed out", src->cmdstring); |
490 | src->sticky_badness *= 2; | 483 | src->sticky_badness *= 2; |
491 | src->badness = src->sticky_badness; | 484 | src->badness = src->sticky_badness; |
492 | return(total_bytes_read); | 485 | return(total_bytes_read); |
@@ -496,13 +489,13 @@ hash_output_from_command(entropy_source_t *src, char *hash) | |||
496 | if (WEXITSTATUS(status)==0) { | 489 | if (WEXITSTATUS(status)==0) { |
497 | return(total_bytes_read); | 490 | return(total_bytes_read); |
498 | } else { | 491 | } else { |
499 | debug("Command '%s' exit status was %d", src->cmdstring, | 492 | debug2("Command '%s' exit status was %d", src->cmdstring, |
500 | WEXITSTATUS(status)); | 493 | WEXITSTATUS(status)); |
501 | src->badness = src->sticky_badness = 128; | 494 | src->badness = src->sticky_badness = 128; |
502 | return (0.0); | 495 | return (0.0); |
503 | } | 496 | } |
504 | } else if (WIFSIGNALED(status)) { | 497 | } else if (WIFSIGNALED(status)) { |
505 | debug("Command '%s' returned on uncaught signal %d !", src->cmdstring, | 498 | debug2("Command '%s' returned on uncaught signal %d !", src->cmdstring, |
506 | status); | 499 | status); |
507 | src->badness = src->sticky_badness = 128; | 500 | src->badness = src->sticky_badness = 128; |
508 | return(0.0); | 501 | return(0.0); |
@@ -83,21 +83,6 @@ rsa_alive() | |||
83 | } | 83 | } |
84 | 84 | ||
85 | /* | 85 | /* |
86 | * Key generation progress meter callback | ||
87 | */ | ||
88 | void | ||
89 | keygen_progress(int p, int n, void *arg) | ||
90 | { | ||
91 | const char progress_chars[] = ".o+O?"; | ||
92 | |||
93 | if ((p < 0) || (p > (sizeof(progress_chars) - 2))) | ||
94 | p = sizeof(progress_chars) - 2; | ||
95 | |||
96 | putchar(progress_chars[p]); | ||
97 | fflush(stdout); | ||
98 | } | ||
99 | |||
100 | /* | ||
101 | * Generates RSA public and private keys. This initializes the data | 86 | * Generates RSA public and private keys. This initializes the data |
102 | * structures; they should be freed with rsa_clear_private_key and | 87 | * structures; they should be freed with rsa_clear_private_key and |
103 | * rsa_clear_public_key. | 88 | * rsa_clear_public_key. |
@@ -113,11 +98,8 @@ rsa_generate_key(RSA *prv, RSA *pub, unsigned int bits) | |||
113 | if (rsa_verbose) { | 98 | if (rsa_verbose) { |
114 | printf("Generating RSA keys: "); | 99 | printf("Generating RSA keys: "); |
115 | fflush(stdout); | 100 | fflush(stdout); |
116 | key = RSA_generate_key(bits, 35, keygen_progress, NULL); | ||
117 | printf("\n"); | ||
118 | } else { | ||
119 | key = RSA_generate_key(bits, 35, NULL, NULL); | ||
120 | } | 101 | } |
102 | key = RSA_generate_key(bits, 35, NULL, NULL); | ||
121 | if (key == NULL) | 103 | if (key == NULL) |
122 | fatal("rsa_generate_key: key generation failed."); | 104 | fatal("rsa_generate_key: key generation failed."); |
123 | 105 | ||
@@ -867,7 +867,7 @@ void do_pam_environment(char ***env, int *envsize) | |||
867 | strncpy(var_name, pam_env[i], equals - pam_env[i]); | 867 | strncpy(var_name, pam_env[i], equals - pam_env[i]); |
868 | strcpy(var_val, equals + 1); | 868 | strcpy(var_val, equals + 1); |
869 | 869 | ||
870 | debug("PAM environment: %s=%s", var_name, var_val); | 870 | debug3("PAM environment: %s=%s", var_name, var_val); |
871 | 871 | ||
872 | child_set_env(env, envsize, var_name, var_val); | 872 | child_set_env(env, envsize, var_name, var_val); |
873 | } | 873 | } |
@@ -875,6 +875,32 @@ void do_pam_environment(char ***env, int *envsize) | |||
875 | } | 875 | } |
876 | #endif /* USE_PAM */ | 876 | #endif /* USE_PAM */ |
877 | 877 | ||
878 | |||
879 | #ifdef HAVE_CYGWIN | ||
880 | void copy_environment(char ***env, int *envsize) | ||
881 | { | ||
882 | char *equals, var_name[512], var_val[512]; | ||
883 | int i; | ||
884 | |||
885 | for(i = 0; environ[i] != NULL; i++) { | ||
886 | if ((equals = strstr(environ[i], "=")) == NULL) | ||
887 | continue; | ||
888 | |||
889 | if (strlen(environ[i]) < (sizeof(var_name) - 1)) { | ||
890 | memset(var_name, '\0', sizeof(var_name)); | ||
891 | memset(var_val, '\0', sizeof(var_val)); | ||
892 | |||
893 | strncpy(var_name, environ[i], equals - environ[i]); | ||
894 | strcpy(var_val, equals + 1); | ||
895 | |||
896 | debug3("Copy environment: %s=%s", var_name, var_val); | ||
897 | |||
898 | child_set_env(env, envsize, var_name, var_val); | ||
899 | } | ||
900 | } | ||
901 | } | ||
902 | #endif | ||
903 | |||
878 | #if defined(HAVE_GETUSERATTR) | 904 | #if defined(HAVE_GETUSERATTR) |
879 | /* | 905 | /* |
880 | * AIX-specific login initialisation | 906 | * AIX-specific login initialisation |
@@ -1107,15 +1133,7 @@ do_child(const char *command, struct passwd * pw, const char *term, | |||
1107 | * The Windows environment contains some setting which are | 1133 | * The Windows environment contains some setting which are |
1108 | * important for a running system. They must not be dropped. | 1134 | * important for a running system. They must not be dropped. |
1109 | */ | 1135 | */ |
1110 | { | 1136 | copy_environment(&env, &envsize); |
1111 | char **ep; | ||
1112 | for (ep = environ; *ep; ++ep) { | ||
1113 | char *esp = strchr(*ep, '='); | ||
1114 | *esp = '\0'; | ||
1115 | child_set_env(&env, &envsize, *ep, esp + 1); | ||
1116 | *esp = '='; | ||
1117 | } | ||
1118 | } | ||
1119 | #endif | 1137 | #endif |
1120 | 1138 | ||
1121 | if (!options.use_login) { | 1139 | if (!options.use_login) { |
@@ -1126,8 +1144,8 @@ do_child(const char *command, struct passwd * pw, const char *term, | |||
1126 | #ifdef HAVE_LOGIN_CAP | 1144 | #ifdef HAVE_LOGIN_CAP |
1127 | (void) setusercontext(lc, pw, pw->pw_uid, LOGIN_SETPATH); | 1145 | (void) setusercontext(lc, pw, pw->pw_uid, LOGIN_SETPATH); |
1128 | child_set_env(&env, &envsize, "PATH", getenv("PATH")); | 1146 | child_set_env(&env, &envsize, "PATH", getenv("PATH")); |
1129 | #else | 1147 | #else /* HAVE_LOGIN_CAP */ |
1130 | #ifndef HAVE_CYGWIN | 1148 | # ifndef HAVE_CYGWIN |
1131 | /* | 1149 | /* |
1132 | * There's no standard path on Windows. The path contains | 1150 | * There's no standard path on Windows. The path contains |
1133 | * important components pointing to the system directories, | 1151 | * important components pointing to the system directories, |
@@ -1135,8 +1153,8 @@ do_child(const char *command, struct passwd * pw, const char *term, | |||
1135 | * remains intact here. | 1153 | * remains intact here. |
1136 | */ | 1154 | */ |
1137 | child_set_env(&env, &envsize, "PATH", _PATH_STDPATH); | 1155 | child_set_env(&env, &envsize, "PATH", _PATH_STDPATH); |
1138 | #endif | 1156 | # endif /* HAVE_CYGWIN */ |
1139 | #endif | 1157 | #endif /* HAVE_LOGIN_CAP */ |
1140 | 1158 | ||
1141 | snprintf(buf, sizeof buf, "%.200s/%.50s", | 1159 | snprintf(buf, sizeof buf, "%.200s/%.50s", |
1142 | _PATH_MAILDIR, pw->pw_name); | 1160 | _PATH_MAILDIR, pw->pw_name); |
@@ -1178,15 +1196,11 @@ do_child(const char *command, struct passwd * pw, const char *term, | |||
1178 | original_command); | 1196 | original_command); |
1179 | 1197 | ||
1180 | #ifdef _AIX | 1198 | #ifdef _AIX |
1181 | { | 1199 | if ((cp = getenv("AUTHSTATE")) != NULL) |
1182 | char *authstate,*krb5cc; | 1200 | child_set_env(&env, &envsize, "AUTHSTATE", cp); |
1183 | 1201 | if ((cp = getenv("KRB5CCNAME")) != NULL) | |
1184 | if ((authstate = getenv("AUTHSTATE")) != NULL) | 1202 | child_set_env(&env, &envsize, "KRB5CCNAME", cp); |
1185 | child_set_env(&env,&envsize,"AUTHSTATE",authstate); | 1203 | read_environment_file(&env, &envsize, "/etc/environment"); |
1186 | |||
1187 | if ((krb5cc = getenv("KRB5CCNAME")) != NULL) | ||
1188 | child_set_env(&env,&envsize,"KRB5CCNAME",krb5cc); | ||
1189 | } | ||
1190 | #endif | 1204 | #endif |
1191 | 1205 | ||
1192 | #ifdef KRB4 | 1206 | #ifdef KRB4 |
@@ -1203,8 +1217,6 @@ do_child(const char *command, struct passwd * pw, const char *term, | |||
1203 | do_pam_environment(&env, &envsize); | 1217 | do_pam_environment(&env, &envsize); |
1204 | #endif /* USE_PAM */ | 1218 | #endif /* USE_PAM */ |
1205 | 1219 | ||
1206 | read_environment_file(&env,&envsize,"/etc/environment"); | ||
1207 | |||
1208 | if (xauthfile) | 1220 | if (xauthfile) |
1209 | child_set_env(&env, &envsize, "XAUTHORITY", xauthfile); | 1221 | child_set_env(&env, &envsize, "XAUTHORITY", xauthfile); |
1210 | if (auth_get_socket_name() != NULL) | 1222 | if (auth_get_socket_name() != NULL) |
@@ -1313,13 +1325,11 @@ do_child(const char *command, struct passwd * pw, const char *term, | |||
1313 | "Running %.100s add %.100s %.100s %.100s\n", | 1325 | "Running %.100s add %.100s %.100s %.100s\n", |
1314 | options.xauth_location, display, | 1326 | options.xauth_location, display, |
1315 | auth_proto, auth_data); | 1327 | auth_proto, auth_data); |
1316 | #ifndef HAVE_CYGWIN | ||
1317 | if (screen != NULL) | 1328 | if (screen != NULL) |
1318 | fprintf(stderr, | 1329 | fprintf(stderr, |
1319 | "Adding %.*s/unix%s %s %s\n", | 1330 | "Adding %.*s/unix%s %s %s\n", |
1320 | (int)(screen-display), display, | 1331 | (int)(screen-display), display, |
1321 | screen, auth_proto, auth_data); | 1332 | screen, auth_proto, auth_data); |
1322 | #endif | ||
1323 | } | 1333 | } |
1324 | snprintf(cmd, sizeof cmd, "%s -q -", | 1334 | snprintf(cmd, sizeof cmd, "%s -q -", |
1325 | options.xauth_location); | 1335 | options.xauth_location); |
@@ -1327,12 +1337,10 @@ do_child(const char *command, struct passwd * pw, const char *term, | |||
1327 | if (f) { | 1337 | if (f) { |
1328 | fprintf(f, "add %s %s %s\n", display, | 1338 | fprintf(f, "add %s %s %s\n", display, |
1329 | auth_proto, auth_data); | 1339 | auth_proto, auth_data); |
1330 | #ifndef HAVE_CYGWIN | ||
1331 | if (screen != NULL) | 1340 | if (screen != NULL) |
1332 | fprintf(f, "add %.*s/unix%s %s %s\n", | 1341 | fprintf(f, "add %.*s/unix%s %s %s\n", |
1333 | (int)(screen-display), display, | 1342 | (int)(screen-display), display, |
1334 | screen, auth_proto, auth_data); | 1343 | screen, auth_proto, auth_data); |
1335 | #endif | ||
1336 | pclose(f); | 1344 | pclose(f); |
1337 | } else { | 1345 | } else { |
1338 | fprintf(stderr, "Could not run %s\n", | 1346 | fprintf(stderr, "Could not run %s\n", |
@@ -485,11 +485,11 @@ main(int ac, char **av) | |||
485 | if (!host) | 485 | if (!host) |
486 | usage(); | 486 | usage(); |
487 | 487 | ||
488 | SSLeay_add_all_algorithms(); | ||
489 | |||
488 | /* Initialize the command to execute on remote host. */ | 490 | /* Initialize the command to execute on remote host. */ |
489 | buffer_init(&command); | 491 | buffer_init(&command); |
490 | 492 | ||
491 | SSLeay_add_all_algorithms(); | ||
492 | |||
493 | /* | 493 | /* |
494 | * Save the command to execute on the remote host in a buffer. There | 494 | * Save the command to execute on the remote host in a buffer. There |
495 | * is no limit on the length of the command, except by the maximum | 495 | * is no limit on the length of the command, except by the maximum |
@@ -1 +1 @@ | |||
#define SSH_VERSION "OpenSSH_2.2.0p1" | #define SSH_VERSION "OpenSSH_2.2.0p2" | ||