diff options
-rw-r--r-- | ChangeLog | 30 | ||||
-rw-r--r-- | Makefile.in | 12 | ||||
-rw-r--r-- | README | 9 | ||||
-rw-r--r-- | TODO | 7 | ||||
-rw-r--r-- | config.h.in | 142 | ||||
-rw-r--r-- | configure.in | 17 | ||||
-rw-r--r-- | includes.h | 4 | ||||
-rw-r--r-- | openssh.spec | 23 | ||||
-rw-r--r-- | pty.c | 7 | ||||
-rw-r--r-- | rsa.c | 34 | ||||
-rw-r--r-- | ssh-add.c | 76 | ||||
-rw-r--r-- | ssh-agent.1 | 8 | ||||
-rwxr-xr-x | ssh-askpass | 38 | ||||
-rw-r--r-- | ssh-keygen.c | 4 | ||||
-rw-r--r-- | ssh.h | 8 | ||||
-rw-r--r-- | sshd.c | 85 |
16 files changed, 291 insertions, 213 deletions
@@ -1,3 +1,33 @@ | |||
1 | 19991108 | ||
2 | - Removed debian/ directory. This is now being maintained separately. | ||
3 | - Added symlinks for slogin in RPM spec file | ||
4 | - Fixed permissions on manpages in RPM spec file | ||
5 | - Added references to required libraries in README file | ||
6 | - Removed config.h.in from CVS | ||
7 | - Removed pwdb support (better pluggable auth is provided by glibc) | ||
8 | - Made PAM and requisite libdl optional | ||
9 | - Removed lots of unnecessary checks from autoconf | ||
10 | - Added support and autoconf test for openpty() function (Unix98 pty support) | ||
11 | - Fix for scp not finding ssh if not installed as /usr/bin/ssh | ||
12 | - Added TODO file | ||
13 | - Merged parts of Debian patch From Phil Hands <phil@hands.com>: | ||
14 | - Added ssh-askpass program | ||
15 | - Added ssh-askpass support to ssh-add.c | ||
16 | - Create symlinks for slogin on install | ||
17 | - Fix "distclean" target in makefile | ||
18 | - Added example for ssh-agent to manpage | ||
19 | - Added support for PAM_TEXT_INFO messages | ||
20 | - Disable internal /etc/nologin support if PAM enabled | ||
21 | - Merged latest OpenBSD CVS changes: | ||
22 | - [sshd.c] don't send fail-msg but disconnect if too many authentication | ||
23 | failures | ||
24 | - [sshd.c] replace assert() with error, fatal or packet_disconnect | ||
25 | - [sshd.c] remove unused argument. ok dugsong | ||
26 | - [sshd.c] typo | ||
27 | - [rsa.c] clear buffers used for encryption. ok: niels | ||
28 | - [rsa.c] replace assert() with error, fatal or packet_disconnect | ||
29 | - Fixed coredump after merge of OpenBSD rsa.c patch | ||
30 | |||
1 | 19991102 | 31 | 19991102 |
2 | - Merged change from OpenBSD CVS | 32 | - Merged change from OpenBSD CVS |
3 | - One-line cleanup in sshd.c | 33 | - One-line cleanup in sshd.c |
diff --git a/Makefile.in b/Makefile.in index 6217c5848..151131c6d 100644 --- a/Makefile.in +++ b/Makefile.in | |||
@@ -7,7 +7,7 @@ mandir=@mandir@ | |||
7 | 7 | ||
8 | CC=@CC@ | 8 | CC=@CC@ |
9 | OPT_FLAGS=-g | 9 | OPT_FLAGS=-g |
10 | CFLAGS=$(OPT_FLAGS) -Wall -DETCDIR=\"@sysconfdir@\" @DEFS@ | 10 | CFLAGS=$(OPT_FLAGS) -Wall -DETCDIR=\"@sysconfdir@\" -DSSH_PROGRAM=\"@bindir@/ssh\" @DEFS@ |
11 | TARGETS=libssh.a ssh sshd ssh-add ssh-keygen ssh-agent scp | 11 | TARGETS=libssh.a ssh sshd ssh-add ssh-keygen ssh-agent scp |
12 | LFLAGS=-L. | 12 | LFLAGS=-L. |
13 | LIBS=-lssh @LIBS@ | 13 | LIBS=-lssh @LIBS@ |
@@ -48,7 +48,7 @@ ssh-keygen: ssh-keygen.o log-client.o | |||
48 | 48 | ||
49 | clean: | 49 | clean: |
50 | rm -f *.o core $(TARGETS) config.status config.cache config.log | 50 | rm -f *.o core $(TARGETS) config.status config.cache config.log |
51 | 51 | ||
52 | install: | 52 | install: |
53 | install -d $(bindir) | 53 | install -d $(bindir) |
54 | install -d $(sbindir) | 54 | install -d $(sbindir) |
@@ -56,12 +56,15 @@ install: | |||
56 | install -d $(mandir)/man1 | 56 | install -d $(mandir)/man1 |
57 | install -d $(mandir)/man8 | 57 | install -d $(mandir)/man8 |
58 | install -s -c ssh $(bindir)/ssh | 58 | install -s -c ssh $(bindir)/ssh |
59 | ln -s ssh $(bindir)/slogin | ||
59 | install -s -c scp $(bindir)/scp | 60 | install -s -c scp $(bindir)/scp |
60 | install -s -c ssh-add $(bindir)/ssh-add | 61 | install -s -c ssh-add $(bindir)/ssh-add |
62 | install -m755 -c ssh-askpass $(libdir)/ssh/ssh-askpass | ||
61 | install -s -c ssh-agent $(bindir)/ssh-agent | 63 | install -s -c ssh-agent $(bindir)/ssh-agent |
62 | install -s -c ssh-keygen $(bindir)/ssh-keygen | 64 | install -s -c ssh-keygen $(bindir)/ssh-keygen |
63 | install -s -c sshd $(sbindir)/sshd | 65 | install -s -c sshd $(sbindir)/sshd |
64 | install -m644 -c ssh.1 $(mandir)/man1/ssh.1 | 66 | install -m644 -c ssh.1 $(mandir)/man1/ssh.1 |
67 | ln -s ssh.1 $(mandir)/man1/slogin.1 | ||
65 | install -m644 -c scp.1 $(mandir)/man1/scp.1 | 68 | install -m644 -c scp.1 $(mandir)/man1/scp.1 |
66 | install -m644 -c ssh-add.1 $(mandir)/man1/ssh-add.1 | 69 | install -m644 -c ssh-add.1 $(mandir)/man1/ssh-add.1 |
67 | install -m644 -c ssh-agent.1 $(mandir)/man1/ssh-agent.1 | 70 | install -m644 -c ssh-agent.1 $(mandir)/man1/ssh-agent.1 |
@@ -69,6 +72,9 @@ install: | |||
69 | install -m644 -c sshd.8 $(mandir)/man8/sshd.8 | 72 | install -m644 -c sshd.8 $(mandir)/man8/sshd.8 |
70 | 73 | ||
71 | distclean: clean | 74 | distclean: clean |
72 | rm -f Makefile config.h core configure *~ | 75 | rm -f Makefile config.h core *~ |
73 | 76 | ||
74 | mrproper: distclean | 77 | mrproper: distclean |
78 | |||
79 | veryclean: distclean | ||
80 | rm -f configure | ||
@@ -23,8 +23,8 @@ or abuse of this software. The code in strlcpy.c and mktemp.c is from | |||
23 | the OpenBSD project and has its own license (see source file for | 23 | the OpenBSD project and has its own license (see source file for |
24 | details). | 24 | details). |
25 | 25 | ||
26 | OpenSSH depends on Zlib, OpenSSL and PAM and optionally libpwdb. It now | 26 | OpenSSH depends on Zlib[1], OpenSSL[2] and optionally PAM[3]. |
27 | uses autoconf to build thanks to Dan Brosemer <odin@linuxfreak.com> | 27 | It now uses autoconf to build thanks to Dan Brosemer <odin@linuxfreak.com> |
28 | 28 | ||
29 | Damien Miller <djm@ibs.com.au> | 29 | Damien Miller <djm@ibs.com.au> |
30 | Internet Business Solutions | 30 | Internet Business Solutions |
@@ -51,3 +51,8 @@ is released under a X11-style license (see source file for details). | |||
51 | (A)RC4 code in rc4.[ch] is Copyright 1999 Damien Miller. It too is | 51 | (A)RC4 code in rc4.[ch] is Copyright 1999 Damien Miller. It too is |
52 | under a X11-style license (see source file for details). | 52 | under a X11-style license (see source file for details). |
53 | 53 | ||
54 | References - | ||
55 | |||
56 | [1] http://www.cdrom.com/pub/infozip/zlib/ | ||
57 | [2] http://www.openssl.org/ | ||
58 | [3] http://www.kernel.org/pub/linux/libs/pam/ | ||
@@ -0,0 +1,7 @@ | |||
1 | -- Replacement for setproctitle() | ||
2 | |||
3 | -- Improve PAM support (a pam_lastlog module will cause sshd to exit) | ||
4 | |||
5 | -- Better documentation | ||
6 | |||
7 | -- Port to other platforms | ||
diff --git a/config.h.in b/config.h.in deleted file mode 100644 index f106c04d6..000000000 --- a/config.h.in +++ /dev/null | |||
@@ -1,142 +0,0 @@ | |||
1 | /* config.h.in. Generated automatically from configure.in by autoheader. */ | ||
2 | |||
3 | /* Define to empty if the keyword does not work. */ | ||
4 | #undef const | ||
5 | |||
6 | /* Define to `int' if <sys/types.h> doesn't define. */ | ||
7 | #undef gid_t | ||
8 | |||
9 | /* Define if you don't have vprintf but do have _doprnt. */ | ||
10 | #undef HAVE_DOPRNT | ||
11 | |||
12 | /* Define if your struct stat has st_blksize. */ | ||
13 | #undef HAVE_ST_BLKSIZE | ||
14 | |||
15 | /* Define if you have <sys/wait.h> that is POSIX.1 compatible. */ | ||
16 | #undef HAVE_SYS_WAIT_H | ||
17 | |||
18 | /* Define if utime(file, NULL) sets file's timestamp to the present. */ | ||
19 | #undef HAVE_UTIME_NULL | ||
20 | |||
21 | /* Define if you have the vprintf function. */ | ||
22 | #undef HAVE_VPRINTF | ||
23 | |||
24 | /* Define as __inline if that's what the C compiler calls it. */ | ||
25 | #undef inline | ||
26 | |||
27 | /* Define to `int' if <sys/types.h> doesn't define. */ | ||
28 | #undef mode_t | ||
29 | |||
30 | /* Define to `long' if <sys/types.h> doesn't define. */ | ||
31 | #undef off_t | ||
32 | |||
33 | /* Define as the return type of signal handlers (int or void). */ | ||
34 | #undef RETSIGTYPE | ||
35 | |||
36 | /* Define to `unsigned' if <sys/types.h> doesn't define. */ | ||
37 | #undef size_t | ||
38 | |||
39 | /* Define if you have the ANSI C header files. */ | ||
40 | #undef STDC_HEADERS | ||
41 | |||
42 | /* Define if you can safely include both <sys/time.h> and <time.h>. */ | ||
43 | #undef TIME_WITH_SYS_TIME | ||
44 | |||
45 | /* Define to `int' if <sys/types.h> doesn't define. */ | ||
46 | #undef uid_t | ||
47 | |||
48 | /* Define if your ssl headers are included with #include <ssl/header.h> */ | ||
49 | #undef HAVE_SSL | ||
50 | |||
51 | /* Define if your ssl headers are included with #include <openssl/header.h> */ | ||
52 | #undef HAVE_OPENSSL | ||
53 | |||
54 | /* Define if you have the arc4random function. */ | ||
55 | #undef HAVE_ARC4RANDOM | ||
56 | |||
57 | /* Define if you have the gethostname function. */ | ||
58 | #undef HAVE_GETHOSTNAME | ||
59 | |||
60 | /* Define if you have the gettimeofday function. */ | ||
61 | #undef HAVE_GETTIMEOFDAY | ||
62 | |||
63 | /* Define if you have the mkdir function. */ | ||
64 | #undef HAVE_MKDIR | ||
65 | |||
66 | /* Define if you have the mkdtemp function. */ | ||
67 | #undef HAVE_MKDTEMP | ||
68 | |||
69 | /* Define if you have the rmdir function. */ | ||
70 | #undef HAVE_RMDIR | ||
71 | |||
72 | /* Define if you have the select function. */ | ||
73 | #undef HAVE_SELECT | ||
74 | |||
75 | /* Define if you have the setproctitle function. */ | ||
76 | #undef HAVE_SETPROCTITLE | ||
77 | |||
78 | /* Define if you have the socket function. */ | ||
79 | #undef HAVE_SOCKET | ||
80 | |||
81 | /* Define if you have the strerror function. */ | ||
82 | #undef HAVE_STRERROR | ||
83 | |||
84 | /* Define if you have the strlcpy function. */ | ||
85 | #undef HAVE_STRLCPY | ||
86 | |||
87 | /* Define if you have the strspn function. */ | ||
88 | #undef HAVE_STRSPN | ||
89 | |||
90 | /* Define if you have the strtol function. */ | ||
91 | #undef HAVE_STRTOL | ||
92 | |||
93 | /* Define if you have the <dirent.h> header file. */ | ||
94 | #undef HAVE_DIRENT_H | ||
95 | |||
96 | /* Define if you have the <fcntl.h> header file. */ | ||
97 | #undef HAVE_FCNTL_H | ||
98 | |||
99 | /* Define if you have the <ndir.h> header file. */ | ||
100 | #undef HAVE_NDIR_H | ||
101 | |||
102 | /* Define if you have the <paths.h> header file. */ | ||
103 | #undef HAVE_PATHS_H | ||
104 | |||
105 | /* Define if you have the <sys/dir.h> header file. */ | ||
106 | #undef HAVE_SYS_DIR_H | ||
107 | |||
108 | /* Define if you have the <sys/ioctl.h> header file. */ | ||
109 | #undef HAVE_SYS_IOCTL_H | ||
110 | |||
111 | /* Define if you have the <sys/ndir.h> header file. */ | ||
112 | #undef HAVE_SYS_NDIR_H | ||
113 | |||
114 | /* Define if you have the <sys/time.h> header file. */ | ||
115 | #undef HAVE_SYS_TIME_H | ||
116 | |||
117 | /* Define if you have the <syslog.h> header file. */ | ||
118 | #undef HAVE_SYSLOG_H | ||
119 | |||
120 | /* Define if you have the <unistd.h> header file. */ | ||
121 | #undef HAVE_UNISTD_H | ||
122 | |||
123 | /* Define if you have the crypto library (-lcrypto). */ | ||
124 | #undef HAVE_LIBCRYPTO | ||
125 | |||
126 | /* Define if you have the dl library (-ldl). */ | ||
127 | #undef HAVE_LIBDL | ||
128 | |||
129 | /* Define if you have the nsl library (-lnsl). */ | ||
130 | #undef HAVE_LIBNSL | ||
131 | |||
132 | /* Define if you have the pam library (-lpam). */ | ||
133 | #undef HAVE_LIBPAM | ||
134 | |||
135 | /* Define if you have the pwdb library (-lpwdb). */ | ||
136 | #undef HAVE_LIBPWDB | ||
137 | |||
138 | /* Define if you have the util library (-lutil). */ | ||
139 | #undef HAVE_LIBUTIL | ||
140 | |||
141 | /* Define if you have the z library (-lz). */ | ||
142 | #undef HAVE_LIBZ | ||
diff --git a/configure.in b/configure.in index b6038523b..8df3ffc76 100644 --- a/configure.in +++ b/configure.in | |||
@@ -16,12 +16,10 @@ dnl Replace `main' with a function in -lz: | |||
16 | AC_CHECK_LIB(z, deflate, ,AC_MSG_ERROR([*** zlib missing - please install first ***])) | 16 | AC_CHECK_LIB(z, deflate, ,AC_MSG_ERROR([*** zlib missing - please install first ***])) |
17 | dnl check for nsl | 17 | dnl check for nsl |
18 | AC_CHECK_LIB(nsl, yp_match, , ) | 18 | AC_CHECK_LIB(nsl, yp_match, , ) |
19 | dnl check for pwdb | ||
20 | AC_CHECK_LIB(pwdb, pwdb_new, , ) | ||
21 | dnl check for dl | 19 | dnl check for dl |
22 | AC_CHECK_LIB(dl, dlopen, ,AC_MSG_ERROR([*** libdl missing - please install first ***])) | 20 | AC_CHECK_LIB(dl, dlopen, , ) |
23 | dnl check for pam | 21 | dnl check for pam |
24 | AC_CHECK_LIB(pam, pam_authenticate, ,AC_MSG_ERROR([*** PAM missing - please install first ***])) | 22 | AC_CHECK_LIB(pam, pam_authenticate, , ) |
25 | 23 | ||
26 | dnl Check for stuff in path. | 24 | dnl Check for stuff in path. |
27 | AC_CHECK_PROG(AR, ar, ar) | 25 | AC_CHECK_PROG(AR, ar, ar) |
@@ -31,10 +29,7 @@ dnl Check for ssl headers | |||
31 | AC_CHECK_HEADER(openssl/bn.h, [AC_DEFINE(HAVE_OPENSSL)], [AC_CHECK_HEADER(ssl/bn.h, [AC_DEFINE(HAVE_SSL)], [AC_MSG_ERROR([*** ssl library missing - please install first ***])])]) | 29 | AC_CHECK_HEADER(openssl/bn.h, [AC_DEFINE(HAVE_OPENSSL)], [AC_CHECK_HEADER(ssl/bn.h, [AC_DEFINE(HAVE_SSL)], [AC_MSG_ERROR([*** ssl library missing - please install first ***])])]) |
32 | 30 | ||
33 | dnl Checks for header files. | 31 | dnl Checks for header files. |
34 | AC_HEADER_DIRENT | 32 | AC_CHECK_HEADERS(pty.h) |
35 | AC_HEADER_STDC | ||
36 | AC_HEADER_SYS_WAIT | ||
37 | AC_CHECK_HEADERS(fcntl.h paths.h sys/ioctl.h sys/time.h syslog.h unistd.h) | ||
38 | 33 | ||
39 | dnl Checks for typedefs, structures, and compiler characteristics. | 34 | dnl Checks for typedefs, structures, and compiler characteristics. |
40 | AC_C_CONST | 35 | AC_C_CONST |
@@ -48,10 +43,6 @@ AC_HEADER_TIME | |||
48 | 43 | ||
49 | dnl Checks for library functions. | 44 | dnl Checks for library functions. |
50 | AC_PROG_GCC_TRADITIONAL | 45 | AC_PROG_GCC_TRADITIONAL |
51 | AC_FUNC_MEMCMP | 46 | AC_CHECK_FUNCS(openpty strlcpy mkdtemp arc4random setproctitle) |
52 | AC_TYPE_SIGNAL | ||
53 | AC_FUNC_UTIME_NULL | ||
54 | AC_FUNC_VPRINTF | ||
55 | AC_CHECK_FUNCS(gethostname gettimeofday mkdir rmdir select socket strerror strspn strtol strlcpy mkdtemp arc4random setproctitle) | ||
56 | 47 | ||
57 | AC_OUTPUT(Makefile) | 48 | AC_OUTPUT(Makefile) |
diff --git a/includes.h b/includes.h index 609dd49b8..a1a6da6bd 100644 --- a/includes.h +++ b/includes.h | |||
@@ -67,10 +67,6 @@ static /**/const char *const rcsid[] = { (char *)rcsid, "\100(#)" msg } | |||
67 | #include <security/pam_appl.h> | 67 | #include <security/pam_appl.h> |
68 | #endif /* HAVE_PAM */ | 68 | #endif /* HAVE_PAM */ |
69 | 69 | ||
70 | #ifdef HAVE_LIBPWDB | ||
71 | #include <pwdb/pwdb_map.h> | ||
72 | #endif /* HAVE_PWDB */ | ||
73 | |||
74 | /* Define this to be the path of the xauth program. */ | 70 | /* Define this to be the path of the xauth program. */ |
75 | #ifndef XAUTH_PATH | 71 | #ifndef XAUTH_PATH |
76 | #define XAUTH_PATH "/usr/X11R6/bin/xauth" | 72 | #define XAUTH_PATH "/usr/X11R6/bin/xauth" |
diff --git a/openssh.spec b/openssh.spec index 4f50420ce..25b50491b 100644 --- a/openssh.spec +++ b/openssh.spec | |||
@@ -1,6 +1,6 @@ | |||
1 | Summary: OpenSSH free Secure Shell (SSH) implementation | 1 | Summary: OpenSSH free Secure Shell (SSH) implementation |
2 | Name: openssh | 2 | Name: openssh |
3 | Version: 1.2pre7 | 3 | Version: 1.2pre8 |
4 | Release: 1 | 4 | Release: 1 |
5 | Packager: Damien Miller <djm@ibs.com.au> | 5 | Packager: Damien Miller <djm@ibs.com.au> |
6 | Source0: openssh-%{version}-linux.tar.gz | 6 | Source0: openssh-%{version}-linux.tar.gz |
@@ -20,6 +20,9 @@ up to date in terms of security and features, as well as removing all | |||
20 | patented algorithms to seperate libraries (OpenSSL). | 20 | patented algorithms to seperate libraries (OpenSSL). |
21 | 21 | ||
22 | %changelog | 22 | %changelog |
23 | * Mon Nov 08 1999 Damien Miller <djm@ibs.com.au> | ||
24 | - Added links for slogin | ||
25 | - Fixed perms on manpages | ||
23 | * Sat Oct 30 1999 Damien Miller <djm@ibs.com.au> | 26 | * Sat Oct 30 1999 Damien Miller <djm@ibs.com.au> |
24 | - Renamed init script | 27 | - Renamed init script |
25 | * Fri Oct 29 1999 Damien Miller <djm@ibs.com.au> | 28 | * Fri Oct 29 1999 Damien Miller <djm@ibs.com.au> |
@@ -60,6 +63,7 @@ install -s -m755 scp $RPM_BUILD_ROOT/usr/bin | |||
60 | install -s -m755 ssh-agent $RPM_BUILD_ROOT/usr/bin | 63 | install -s -m755 ssh-agent $RPM_BUILD_ROOT/usr/bin |
61 | install -s -m755 ssh-add $RPM_BUILD_ROOT/usr/bin | 64 | install -s -m755 ssh-add $RPM_BUILD_ROOT/usr/bin |
62 | install -s -m755 ssh-keygen $RPM_BUILD_ROOT/usr/bin | 65 | install -s -m755 ssh-keygen $RPM_BUILD_ROOT/usr/bin |
66 | ln -s ssh $RPM_BUILD_ROOT/usr/bin/slogin | ||
63 | 67 | ||
64 | install -m644 sshd.8 $RPM_BUILD_ROOT/usr/man/man8 | 68 | install -m644 sshd.8 $RPM_BUILD_ROOT/usr/man/man8 |
65 | install -m644 ssh.1 $RPM_BUILD_ROOT/usr/man/man1 | 69 | install -m644 ssh.1 $RPM_BUILD_ROOT/usr/man/man1 |
@@ -67,6 +71,7 @@ install -m644 scp.1 $RPM_BUILD_ROOT/usr/man/man1 | |||
67 | install -m644 ssh-agent.1 $RPM_BUILD_ROOT/usr/man/man1 | 71 | install -m644 ssh-agent.1 $RPM_BUILD_ROOT/usr/man/man1 |
68 | install -m644 ssh-add.1 $RPM_BUILD_ROOT/usr/man/man1 | 72 | install -m644 ssh-add.1 $RPM_BUILD_ROOT/usr/man/man1 |
69 | install -m644 ssh-keygen.1 $RPM_BUILD_ROOT/usr/man/man1 | 73 | install -m644 ssh-keygen.1 $RPM_BUILD_ROOT/usr/man/man1 |
74 | ln -s ssh.1 $RPM_BUILD_ROOT/usr/bin/slogin.1 | ||
70 | 75 | ||
71 | %clean | 76 | %clean |
72 | rm -rf $RPM_BUILD_ROOT | 77 | rm -rf $RPM_BUILD_ROOT |
@@ -98,13 +103,15 @@ fi | |||
98 | %attr(0755,root,root) /usr/bin/ssh-keygen | 103 | %attr(0755,root,root) /usr/bin/ssh-keygen |
99 | %attr(0755,root,root) /usr/bin/ssh-add | 104 | %attr(0755,root,root) /usr/bin/ssh-add |
100 | %attr(0755,root,root) /usr/bin/scp | 105 | %attr(0755,root,root) /usr/bin/scp |
101 | 106 | %attr(0755,root,root) /usr/bin/slogin | |
102 | %attr(0755,root,root) /usr/man/man8/sshd.8 | 107 | |
103 | %attr(0755,root,root) /usr/man/man1/ssh.1 | 108 | %attr(0644,root,root) /usr/man/man8/sshd.8 |
104 | %attr(0755,root,root) /usr/man/man1/ssh-agent.1 | 109 | %attr(0644,root,root) /usr/man/man1/ssh.1 |
105 | %attr(0755,root,root) /usr/man/man1/ssh-keygen.1 | 110 | %attr(0644,root,root) /usr/man/man1/ssh-agent.1 |
106 | %attr(0755,root,root) /usr/man/man1/ssh-add.1 | 111 | %attr(0644,root,root) /usr/man/man1/ssh-keygen.1 |
107 | %attr(0755,root,root) /usr/man/man1/scp.1 | 112 | %attr(0644,root,root) /usr/man/man1/ssh-add.1 |
113 | %attr(0644,root,root) /usr/man/man1/scp.1 | ||
114 | %attr(0644,root,root) /usr/man/man1/slogin.1 | ||
108 | 115 | ||
109 | %attr(0600,root,root) %config /etc/ssh/sshd_config | 116 | %attr(0600,root,root) %config /etc/ssh/sshd_config |
110 | %attr(0600,root,root) %config /etc/pam.d/sshd | 117 | %attr(0600,root,root) %config /etc/pam.d/sshd |
@@ -14,7 +14,12 @@ Allocating a pseudo-terminal, and making it the controlling tty. | |||
14 | */ | 14 | */ |
15 | 15 | ||
16 | #include "includes.h" | 16 | #include "includes.h" |
17 | RCSID("$Id: pty.c,v 1.1 1999/10/27 03:42:44 damien Exp $"); | 17 | RCSID("$Id: pty.c,v 1.2 1999/11/08 04:30:59 damien Exp $"); |
18 | |||
19 | #ifdef HAVE_PTY_H | ||
20 | /* Unfortunate namespace collision */ | ||
21 | #include <pty.h> | ||
22 | #endif /* HAVE_PTY_H */ | ||
18 | 23 | ||
19 | #include "pty.h" | 24 | #include "pty.h" |
20 | #include "ssh.h" | 25 | #include "ssh.h" |
@@ -35,7 +35,7 @@ Description of the RSA algorithm can be found e.g. from the following sources: | |||
35 | */ | 35 | */ |
36 | 36 | ||
37 | #include "includes.h" | 37 | #include "includes.h" |
38 | RCSID("$Id: rsa.c,v 1.1 1999/10/27 03:42:44 damien Exp $"); | 38 | RCSID("$Id: rsa.c,v 1.2 1999/11/08 04:30:59 damien Exp $"); |
39 | 39 | ||
40 | #include "rsa.h" | 40 | #include "rsa.h" |
41 | #include "ssh.h" | 41 | #include "ssh.h" |
@@ -70,8 +70,8 @@ rsa_generate_key(RSA *prv, RSA *pub, unsigned int bits) | |||
70 | } | 70 | } |
71 | 71 | ||
72 | key = RSA_generate_key(bits, 35, NULL, NULL); | 72 | key = RSA_generate_key(bits, 35, NULL, NULL); |
73 | 73 | if (key == NULL) | |
74 | assert(key != NULL); | 74 | fatal("rsa_generate_key: key generation failed."); |
75 | 75 | ||
76 | /* Copy public key parameters */ | 76 | /* Copy public key parameters */ |
77 | pub->n = BN_new(); | 77 | pub->n = BN_new(); |
@@ -110,24 +110,28 @@ void | |||
110 | rsa_public_encrypt(BIGNUM *out, BIGNUM *in, RSA* key) | 110 | rsa_public_encrypt(BIGNUM *out, BIGNUM *in, RSA* key) |
111 | { | 111 | { |
112 | char *inbuf, *outbuf; | 112 | char *inbuf, *outbuf; |
113 | int in_len; | ||
114 | int out_len; | ||
113 | int len; | 115 | int len; |
114 | 116 | ||
115 | if (BN_num_bits(key->e) < 2 || !BN_is_odd(key->e)) | 117 | if (BN_num_bits(key->e) < 2 || !BN_is_odd(key->e)) |
116 | fatal("rsa_public_encrypt() exponent too small or not odd"); | 118 | fatal("rsa_public_encrypt() exponent too small or not odd"); |
117 | 119 | ||
118 | len = BN_num_bytes(key->n); | 120 | out_len = BN_num_bytes(key->n); |
119 | outbuf = xmalloc(len); | 121 | outbuf = xmalloc(out_len); |
120 | 122 | ||
121 | len = BN_num_bytes(in); | 123 | in_len = BN_num_bytes(in); |
122 | inbuf = xmalloc(len); | 124 | inbuf = xmalloc(in_len); |
123 | BN_bn2bin(in, inbuf); | 125 | BN_bn2bin(in, inbuf); |
124 | 126 | ||
125 | if ((len = RSA_public_encrypt(len, inbuf, outbuf, key, | 127 | if ((len = RSA_public_encrypt(in_len, inbuf, outbuf, key, |
126 | RSA_PKCS1_PADDING)) <= 0) | 128 | RSA_PKCS1_PADDING)) <= 0) |
127 | fatal("rsa_public_encrypt() failed"); | 129 | fatal("rsa_public_encrypt() failed"); |
128 | 130 | ||
129 | BN_bin2bn(outbuf, len, out); | 131 | BN_bin2bn(outbuf, len, out); |
130 | 132 | ||
133 | memset(outbuf, 0, out_len); | ||
134 | memset(inbuf, 0, in_len); | ||
131 | xfree(outbuf); | 135 | xfree(outbuf); |
132 | xfree(inbuf); | 136 | xfree(inbuf); |
133 | } | 137 | } |
@@ -136,21 +140,25 @@ void | |||
136 | rsa_private_decrypt(BIGNUM *out, BIGNUM *in, RSA *key) | 140 | rsa_private_decrypt(BIGNUM *out, BIGNUM *in, RSA *key) |
137 | { | 141 | { |
138 | char *inbuf, *outbuf; | 142 | char *inbuf, *outbuf; |
143 | int in_len; | ||
144 | int out_len; | ||
139 | int len; | 145 | int len; |
140 | 146 | ||
141 | len = BN_num_bytes(key->n); | 147 | out_len = BN_num_bytes(key->n); |
142 | outbuf = xmalloc(len); | 148 | outbuf = xmalloc(out_len); |
143 | 149 | ||
144 | len = BN_num_bytes(in); | 150 | in_len = BN_num_bytes(in); |
145 | inbuf = xmalloc(len); | 151 | inbuf = xmalloc(in_len); |
146 | BN_bn2bin(in, inbuf); | 152 | BN_bn2bin(in, inbuf); |
147 | 153 | ||
148 | if ((len = RSA_private_decrypt(len, inbuf, outbuf, key, | 154 | if ((len = RSA_private_decrypt(in_len, inbuf, outbuf, key, |
149 | RSA_SSLV23_PADDING)) <= 0) | 155 | RSA_SSLV23_PADDING)) <= 0) |
150 | fatal("rsa_private_decrypt() failed"); | 156 | fatal("rsa_private_decrypt() failed"); |
151 | 157 | ||
152 | BN_bin2bn(outbuf, len, out); | 158 | BN_bin2bn(outbuf, len, out); |
153 | 159 | ||
160 | memset(outbuf, 0, out_len); | ||
161 | memset(inbuf, 0, in_len); | ||
154 | xfree(outbuf); | 162 | xfree(outbuf); |
155 | xfree(inbuf); | 163 | xfree(inbuf); |
156 | } | 164 | } |
@@ -14,7 +14,7 @@ Adds an identity to the authentication server, or removes an identity. | |||
14 | */ | 14 | */ |
15 | 15 | ||
16 | #include "includes.h" | 16 | #include "includes.h" |
17 | RCSID("$Id: ssh-add.c,v 1.2 1999/10/28 05:23:30 damien Exp $"); | 17 | RCSID("$Id: ssh-add.c,v 1.3 1999/11/08 04:30:59 damien Exp $"); |
18 | 18 | ||
19 | #include "rsa.h" | 19 | #include "rsa.h" |
20 | #include "ssh.h" | 20 | #include "ssh.h" |
@@ -52,6 +52,7 @@ delete_all(AuthenticationConnection *ac) | |||
52 | fprintf(stderr, "Failed to remove all identitities.\n"); | 52 | fprintf(stderr, "Failed to remove all identitities.\n"); |
53 | } | 53 | } |
54 | 54 | ||
55 | #define BUFSIZE 1024 | ||
55 | void | 56 | void |
56 | add_file(AuthenticationConnection *ac, const char *filename) | 57 | add_file(AuthenticationConnection *ac, const char *filename) |
57 | { | 58 | { |
@@ -59,6 +60,11 @@ add_file(AuthenticationConnection *ac, const char *filename) | |||
59 | RSA *public_key; | 60 | RSA *public_key; |
60 | char *saved_comment, *comment, *pass; | 61 | char *saved_comment, *comment, *pass; |
61 | int first; | 62 | int first; |
63 | int pipes[2]; | ||
64 | char buf[BUFSIZE]; | ||
65 | int tmp; | ||
66 | pid_t child; | ||
67 | FILE *pipef; | ||
62 | 68 | ||
63 | key = RSA_new(); | 69 | key = RSA_new(); |
64 | public_key = RSA_new(); | 70 | public_key = RSA_new(); |
@@ -80,8 +86,72 @@ add_file(AuthenticationConnection *ac, const char *filename) | |||
80 | /* Ask for a passphrase. */ | 86 | /* Ask for a passphrase. */ |
81 | if (getenv("DISPLAY") && !isatty(fileno(stdin))) | 87 | if (getenv("DISPLAY") && !isatty(fileno(stdin))) |
82 | { | 88 | { |
83 | xfree(saved_comment); | 89 | if (pipe(pipes) ==-1) |
84 | return; | 90 | { |
91 | fprintf(stderr, "Creating pipes failed: %s\n", strerror(errno)); | ||
92 | exit(1); | ||
93 | } | ||
94 | if (fflush(NULL)==EOF) | ||
95 | { | ||
96 | fprintf(stderr, "Cannot flush buffers: %s\n", strerror(errno)); | ||
97 | exit(1); | ||
98 | } | ||
99 | switch (child=fork()) | ||
100 | { | ||
101 | case -1: | ||
102 | fprintf(stderr, "Cannot fork: %s\n", strerror(errno)); | ||
103 | exit(1); | ||
104 | case 0: | ||
105 | close(pipes[0]); | ||
106 | if (dup2(pipes[1], 1) ==-1) | ||
107 | { | ||
108 | fprintf(stderr, "dup2 failed: %s\n", strerror(errno)); | ||
109 | exit(1); | ||
110 | } | ||
111 | tmp=snprintf(buf, BUFSIZE, "Need passphrase for %s (%s)", | ||
112 | filename, saved_comment); | ||
113 | /* skip the prompt if it won't fit */ | ||
114 | if (tmp < 0 || tmp >= BUFSIZE) | ||
115 | tmp=execlp("/usr/lib/ssh/ssh-askpass", "ssh-askpass", 0); | ||
116 | else | ||
117 | tmp=execlp("/usr/lib/ssh/ssh-askpass", "ssh-askpass", buf, 0); | ||
118 | if (tmp==-1) | ||
119 | { | ||
120 | fprintf(stderr, "Executing ssh-askpass failed: %s\n", | ||
121 | strerror(errno)); | ||
122 | exit(1); | ||
123 | } | ||
124 | break; | ||
125 | default: | ||
126 | close(pipes[1]); | ||
127 | if ( (pipef=fdopen(pipes[0], "r")) ==NULL) | ||
128 | { | ||
129 | fprintf(stderr, "fdopen failed: %s\n", strerror(errno)); | ||
130 | exit(1); | ||
131 | } | ||
132 | if(fgets(buf, sizeof(buf), pipef)==NULL) | ||
133 | { | ||
134 | xfree(saved_comment); | ||
135 | return; | ||
136 | } | ||
137 | fclose(pipef); | ||
138 | if (strchr(buf, '\n')) | ||
139 | *strchr(buf, '\n') = 0; | ||
140 | pass = xstrdup(buf); | ||
141 | memset(buf, 0, sizeof(buf)); | ||
142 | if (waitpid(child, NULL, 0) ==-1) | ||
143 | { | ||
144 | fprintf(stderr, "Waiting for child failed: %s\n", | ||
145 | strerror(errno)); | ||
146 | exit(1); | ||
147 | } | ||
148 | if (strcmp(pass, "") == 0) | ||
149 | { | ||
150 | xfree(saved_comment); | ||
151 | xfree(pass); | ||
152 | return; | ||
153 | } | ||
154 | } | ||
85 | } | 155 | } |
86 | else | 156 | else |
87 | { | 157 | { |
diff --git a/ssh-agent.1 b/ssh-agent.1 index 8b9504fa5..3fef3a479 100644 --- a/ssh-agent.1 +++ b/ssh-agent.1 | |||
@@ -109,6 +109,14 @@ environment variable holds the agent's PID. | |||
109 | .Pp | 109 | .Pp |
110 | The agent exits automatically when the command given on the command | 110 | The agent exits automatically when the command given on the command |
111 | line terminates. | 111 | line terminates. |
112 | .Pp | ||
113 | Here's a trick that will allow you to start this up from your .bash_profile (just put it in as the first thing that happens): | ||
114 | .Sp | ||
115 | .Vb 1 | ||
116 | |||
117 | \& [ ! "$SSH_AGENT_PID" ] && exec ssh-agent -- bash --login | ||
118 | \& ssh-add | ||
119 | .Ve | ||
112 | .Sh FILES | 120 | .Sh FILES |
113 | .Bl -tag -width Ds | 121 | .Bl -tag -width Ds |
114 | .It Pa $HOME/.ssh/identity | 122 | .It Pa $HOME/.ssh/identity |
diff --git a/ssh-askpass b/ssh-askpass new file mode 100755 index 000000000..b1e23c514 --- /dev/null +++ b/ssh-askpass | |||
@@ -0,0 +1,38 @@ | |||
1 | #!/usr/bin/perl -w | ||
2 | |||
3 | # Written by Tommi Virtanen <tv@debian.org>. Consider it public domain. | ||
4 | |||
5 | use strict; | ||
6 | use Tk; | ||
7 | |||
8 | sub do_it($$;) { | ||
9 | my ($passphrase, $main) = @_; | ||
10 | print $passphrase->get(), "\n"; | ||
11 | $main->destroy(); | ||
12 | } | ||
13 | |||
14 | sub ask($;) { | ||
15 | my ($prompt)=@_; | ||
16 | my $main=MainWindow->new; | ||
17 | $main->Label(-text=>$prompt)->pack(-fill=>'x'); | ||
18 | my $passphrase=$main->Entry(-show=>'*')->pack(-fill=>'x'); | ||
19 | $passphrase->focus(); | ||
20 | my $buttons=$main->Frame; | ||
21 | $buttons->pack(-side=>'right'); | ||
22 | my $ok=$buttons->Button(-text=>'Ok', | ||
23 | -command=>sub {do_it $passphrase, $main} | ||
24 | )->pack(-side=>'left'); | ||
25 | my $cancel=$buttons->Button(-text=>'Cancel', -command=>[$main=>'destroy']) | ||
26 | ->pack(-side=>'right'); | ||
27 | $main->bind('Tk::Button', '<Return>' => 'invoke'); | ||
28 | $main->bind('<Return>', [$ok => 'invoke']); | ||
29 | $main->bind('<Escape>', [$cancel => 'invoke']); | ||
30 | $main->bind('<Visibility>' => [$main => 'grabGlobal']); | ||
31 | |||
32 | MainLoop; | ||
33 | } | ||
34 | |||
35 | ask ($#ARGV==0 | ||
36 | ? $ARGV[0] | ||
37 | : 'Please enter your authentication passphrase:'); | ||
38 | |||
diff --git a/ssh-keygen.c b/ssh-keygen.c index 2ba64e756..e2cb48fd9 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c | |||
@@ -14,7 +14,7 @@ Identity and host key generation and maintenance. | |||
14 | */ | 14 | */ |
15 | 15 | ||
16 | #include "includes.h" | 16 | #include "includes.h" |
17 | RCSID("$Id: ssh-keygen.c,v 1.1 1999/10/27 03:42:45 damien Exp $"); | 17 | RCSID("$Id: ssh-keygen.c,v 1.2 1999/11/08 04:30:59 damien Exp $"); |
18 | 18 | ||
19 | #include "rsa.h" | 19 | #include "rsa.h" |
20 | #include "ssh.h" | 20 | #include "ssh.h" |
@@ -117,7 +117,7 @@ do_change_passphrase(struct passwd *pw) | |||
117 | xfree(old_passphrase); | 117 | xfree(old_passphrase); |
118 | } | 118 | } |
119 | printf("Key has comment '%s'\n", comment); | 119 | printf("Key has comment '%s'\n", comment); |
120 | 120 | ||
121 | /* Ask the new passphrase (twice). */ | 121 | /* Ask the new passphrase (twice). */ |
122 | if (identity_new_passphrase) | 122 | if (identity_new_passphrase) |
123 | { | 123 | { |
@@ -13,7 +13,7 @@ Generic header file for ssh. | |||
13 | 13 | ||
14 | */ | 14 | */ |
15 | 15 | ||
16 | /* RCSID("$Id: ssh.h,v 1.5 1999/10/29 00:21:15 damien Exp $"); */ | 16 | /* RCSID("$Id: ssh.h,v 1.6 1999/11/08 04:30:59 damien Exp $"); */ |
17 | 17 | ||
18 | #ifndef SSH_H | 18 | #ifndef SSH_H |
19 | #define SSH_H | 19 | #define SSH_H |
@@ -85,7 +85,13 @@ only by root, whereas ssh_config should be world-readable. */ | |||
85 | #define SERVER_CONFIG_FILE ETCDIR "/sshd_config" | 85 | #define SERVER_CONFIG_FILE ETCDIR "/sshd_config" |
86 | #define HOST_CONFIG_FILE ETCDIR "/ssh_config" | 86 | #define HOST_CONFIG_FILE ETCDIR "/ssh_config" |
87 | 87 | ||
88 | #ifndef SSH_PROGRAM | ||
88 | #define SSH_PROGRAM "/usr/bin/ssh" | 89 | #define SSH_PROGRAM "/usr/bin/ssh" |
90 | #endif /* SSH_PROGRAM */ | ||
91 | |||
92 | #ifndef LOGIN_PROGRAM | ||
93 | #define LOGIN_PROGRAM "/usr/bin/login" | ||
94 | #endif /* LOGIN_PROGRAM */ | ||
89 | 95 | ||
90 | /* The process id of the daemon listening for connections is saved | 96 | /* The process id of the daemon listening for connections is saved |
91 | here to make it easier to kill the correct daemon when necessary. */ | 97 | here to make it easier to kill the correct daemon when necessary. */ |
@@ -18,7 +18,7 @@ agent connections. | |||
18 | */ | 18 | */ |
19 | 19 | ||
20 | #include "includes.h" | 20 | #include "includes.h" |
21 | RCSID("$Id: sshd.c,v 1.10 1999/11/02 08:05:02 damien Exp $"); | 21 | RCSID("$Id: sshd.c,v 1.11 1999/11/08 04:30:59 damien Exp $"); |
22 | 22 | ||
23 | #include "xmalloc.h" | 23 | #include "xmalloc.h" |
24 | #include "rsa.h" | 24 | #include "rsa.h" |
@@ -142,6 +142,7 @@ static struct pam_conv conv = { | |||
142 | }; | 142 | }; |
143 | struct pam_handle_t *pamh = NULL; | 143 | struct pam_handle_t *pamh = NULL; |
144 | const char *pampasswd = NULL; | 144 | const char *pampasswd = NULL; |
145 | char *pamconv_msg = NULL; | ||
145 | 146 | ||
146 | static int pamconv(int num_msg, const struct pam_message **msg, | 147 | static int pamconv(int num_msg, const struct pam_message **msg, |
147 | struct pam_response **resp, void *appdata_ptr) | 148 | struct pam_response **resp, void *appdata_ptr) |
@@ -171,6 +172,26 @@ static int pamconv(int num_msg, const struct pam_message **msg, | |||
171 | case PAM_TEXT_INFO: | 172 | case PAM_TEXT_INFO: |
172 | reply[count].resp_retcode = PAM_SUCCESS; | 173 | reply[count].resp_retcode = PAM_SUCCESS; |
173 | reply[count].resp = xstrdup(""); | 174 | reply[count].resp = xstrdup(""); |
175 | |||
176 | if (msg[count]->msg == NULL) break; | ||
177 | debug("Adding PAM message: %s", msg[count]->msg); | ||
178 | if (pamconv_msg == NULL) | ||
179 | { | ||
180 | pamconv_msg = malloc(strlen(msg[count]->msg) + 2); | ||
181 | |||
182 | if (pamconv_msg == NULL) | ||
183 | return PAM_CONV_ERR; | ||
184 | |||
185 | strncpy(pamconv_msg, msg[count]->msg, strlen(msg[count]->msg)); | ||
186 | pamconv_msg[strlen(msg[count]->msg)] = '\n'; | ||
187 | pamconv_msg[strlen(msg[count]->msg) + 1] = '\0'; | ||
188 | } else | ||
189 | { | ||
190 | pamconv_msg = realloc(pamconv_msg, strlen(pamconv_msg) + strlen(msg[count]->msg) + 2); | ||
191 | strncat(pamconv_msg, msg[count]->msg, strlen(msg[count]->msg)); | ||
192 | pamconv_msg[strlen(pamconv_msg)] = '\n'; | ||
193 | pamconv_msg[strlen(pamconv_msg) + 1] = '\0'; | ||
194 | } | ||
174 | break; | 195 | break; |
175 | 196 | ||
176 | case PAM_PROMPT_ECHO_ON: | 197 | case PAM_PROMPT_ECHO_ON: |
@@ -964,8 +985,14 @@ void do_connection(int privileged_port) | |||
964 | if (BN_cmp(sensitive_data.private_key->n, sensitive_data.host_key->n) > 0) | 985 | if (BN_cmp(sensitive_data.private_key->n, sensitive_data.host_key->n) > 0) |
965 | { | 986 | { |
966 | /* Private key has bigger modulus. */ | 987 | /* Private key has bigger modulus. */ |
967 | assert(BN_num_bits(sensitive_data.private_key->n) >= | 988 | if (BN_num_bits(sensitive_data.private_key->n) < |
968 | BN_num_bits(sensitive_data.host_key->n) + SSH_KEY_BITS_RESERVED); | 989 | BN_num_bits(sensitive_data.host_key->n) + SSH_KEY_BITS_RESERVED) { |
990 | fatal("do_connection: private_key %d < host_key %d + SSH_KEY_BITS_RESERVED %d", | ||
991 | BN_num_bits(sensitive_data.private_key->n), | ||
992 | BN_num_bits(sensitive_data.host_key->n), | ||
993 | SSH_KEY_BITS_RESERVED); | ||
994 | } | ||
995 | |||
969 | rsa_private_decrypt(session_key_int, session_key_int, | 996 | rsa_private_decrypt(session_key_int, session_key_int, |
970 | sensitive_data.private_key); | 997 | sensitive_data.private_key); |
971 | rsa_private_decrypt(session_key_int, session_key_int, | 998 | rsa_private_decrypt(session_key_int, session_key_int, |
@@ -974,9 +1001,13 @@ void do_connection(int privileged_port) | |||
974 | else | 1001 | else |
975 | { | 1002 | { |
976 | /* Host key has bigger modulus (or they are equal). */ | 1003 | /* Host key has bigger modulus (or they are equal). */ |
977 | assert(BN_num_bits(sensitive_data.host_key->n) >= | 1004 | if (BN_num_bits(sensitive_data.host_key->n) < |
978 | BN_num_bits(sensitive_data.private_key->n) + | 1005 | BN_num_bits(sensitive_data.private_key->n) + SSH_KEY_BITS_RESERVED) { |
979 | SSH_KEY_BITS_RESERVED); | 1006 | fatal("do_connection: host_key %d < private_key %d + SSH_KEY_BITS_RESERVED %d", |
1007 | BN_num_bits(sensitive_data.host_key->n), | ||
1008 | BN_num_bits(sensitive_data.private_key->n), | ||
1009 | SSH_KEY_BITS_RESERVED); | ||
1010 | } | ||
980 | rsa_private_decrypt(session_key_int, session_key_int, | 1011 | rsa_private_decrypt(session_key_int, session_key_int, |
981 | sensitive_data.host_key); | 1012 | sensitive_data.host_key); |
982 | rsa_private_decrypt(session_key_int, session_key_int, | 1013 | rsa_private_decrypt(session_key_int, session_key_int, |
@@ -994,7 +1025,10 @@ void do_connection(int privileged_port) | |||
994 | least significant 256 bits of the integer; the first byte of the | 1025 | least significant 256 bits of the integer; the first byte of the |
995 | key is in the highest bits. */ | 1026 | key is in the highest bits. */ |
996 | BN_mask_bits(session_key_int, sizeof(session_key) * 8); | 1027 | BN_mask_bits(session_key_int, sizeof(session_key) * 8); |
997 | assert(BN_num_bytes(session_key_int) == sizeof(session_key)); | 1028 | if (BN_num_bytes(session_key_int) != sizeof(session_key)){ |
1029 | fatal("do_connection: session_key_int %d != sizeof(session_key) %d", | ||
1030 | BN_num_bytes(session_key_int), sizeof(session_key)); | ||
1031 | } | ||
998 | BN_bn2bin(session_key_int, session_key); | 1032 | BN_bn2bin(session_key_int, session_key); |
999 | 1033 | ||
1000 | /* Xor the first 16 bytes of the session key with the session id. */ | 1034 | /* Xor the first 16 bytes of the session key with the session id. */ |
@@ -1243,7 +1277,7 @@ do_authentication(char *user, int privileged_port) | |||
1243 | int dlen; | 1277 | int dlen; |
1244 | char *token_string = packet_get_string(&dlen); | 1278 | char *token_string = packet_get_string(&dlen); |
1245 | packet_integrity_check(plen, 4 + dlen, type); | 1279 | packet_integrity_check(plen, 4 + dlen, type); |
1246 | if (!auth_afs_token(user, pw->pw_uid, token_string)) | 1280 | if (!auth_afs_token(pw, token_string)) |
1247 | debug("AFS token REFUSED for %s", user); | 1281 | debug("AFS token REFUSED for %s", user); |
1248 | xfree(token_string); | 1282 | xfree(token_string); |
1249 | continue; | 1283 | continue; |
@@ -1478,15 +1512,15 @@ do_authentication(char *user, int privileged_port) | |||
1478 | if (authenticated) | 1512 | if (authenticated) |
1479 | break; | 1513 | break; |
1480 | 1514 | ||
1481 | /* Send a message indicating that the authentication attempt failed. */ | ||
1482 | packet_start(SSH_SMSG_FAILURE); | ||
1483 | packet_send(); | ||
1484 | packet_write_wait(); | ||
1485 | |||
1486 | if (++authentication_failures >= MAX_AUTH_FAILURES) { | 1515 | if (++authentication_failures >= MAX_AUTH_FAILURES) { |
1487 | packet_disconnect("Too many authentication failures for %.100s from %.200s", | 1516 | packet_disconnect("Too many authentication failures for %.100s from %.200s", |
1488 | pw->pw_name, get_canonical_hostname()); | 1517 | pw->pw_name, get_canonical_hostname()); |
1489 | } | 1518 | } |
1519 | |||
1520 | /* Send a message indicating that the authentication attempt failed. */ | ||
1521 | packet_start(SSH_SMSG_FAILURE); | ||
1522 | packet_send(); | ||
1523 | packet_write_wait(); | ||
1490 | } | 1524 | } |
1491 | 1525 | ||
1492 | /* Check if the user is logging in as root and root logins are disallowed. */ | 1526 | /* Check if the user is logging in as root and root logins are disallowed. */ |
@@ -1556,16 +1590,16 @@ void eat_packets_and_disconnect(const char *user) | |||
1556 | packet_send_debug(skeyinfo); | 1590 | packet_send_debug(skeyinfo); |
1557 | } | 1591 | } |
1558 | #endif /* SKEY */ | 1592 | #endif /* SKEY */ |
1559 | /* Send failure. This should be indistinguishable from a failed | ||
1560 | authentication. */ | ||
1561 | packet_start(SSH_SMSG_FAILURE); | ||
1562 | packet_send(); | ||
1563 | packet_write_wait(); | ||
1564 | if (++authentication_failures >= MAX_AUTH_FAILURES) | 1593 | if (++authentication_failures >= MAX_AUTH_FAILURES) |
1565 | { | 1594 | { |
1566 | packet_disconnect("Too many authentication failures for %.100s from %.200s", | 1595 | packet_disconnect("Too many authentication failures for %.100s from %.200s", |
1567 | user, get_canonical_hostname()); | 1596 | user, get_canonical_hostname()); |
1568 | } | 1597 | } |
1598 | /* Send failure. This should be indistinguishable from a failed | ||
1599 | authentication. */ | ||
1600 | packet_start(SSH_SMSG_FAILURE); | ||
1601 | packet_send(); | ||
1602 | packet_write_wait(); | ||
1569 | } | 1603 | } |
1570 | /*NOTREACHED*/ | 1604 | /*NOTREACHED*/ |
1571 | abort(); | 1605 | abort(); |
@@ -2049,7 +2083,13 @@ void do_exec_pty(const char *command, int ptyfd, int ttyfd, | |||
2049 | /* Check if .hushlogin exists. */ | 2083 | /* Check if .hushlogin exists. */ |
2050 | snprintf(line, sizeof line, "%.200s/.hushlogin", pw->pw_dir); | 2084 | snprintf(line, sizeof line, "%.200s/.hushlogin", pw->pw_dir); |
2051 | quiet_login = stat(line, &st) >= 0; | 2085 | quiet_login = stat(line, &st) >= 0; |
2052 | 2086 | ||
2087 | #ifdef HAVE_LIBPAM | ||
2088 | /* output the results of the pamconv() */ | ||
2089 | if (!quiet_login && pamconv_msg != NULL) | ||
2090 | fprintf(stderr, pamconv_msg); | ||
2091 | #endif | ||
2092 | |||
2053 | /* If the user has logged in before, display the time of last login. | 2093 | /* If the user has logged in before, display the time of last login. |
2054 | However, don't display anything extra if a command has been | 2094 | However, don't display anything extra if a command has been |
2055 | specified (so that ssh can be used to execute commands on a remote | 2095 | specified (so that ssh can be used to execute commands on a remote |
@@ -2238,6 +2278,7 @@ void do_child(const char *command, struct passwd *pw, const char *term, | |||
2238 | struct stat st; | 2278 | struct stat st; |
2239 | char *argv[10]; | 2279 | char *argv[10]; |
2240 | 2280 | ||
2281 | #ifndef HAVE_LIBPAM /* pam_nologin handles this */ | ||
2241 | /* Check /etc/nologin. */ | 2282 | /* Check /etc/nologin. */ |
2242 | f = fopen("/etc/nologin", "r"); | 2283 | f = fopen("/etc/nologin", "r"); |
2243 | if (f) | 2284 | if (f) |
@@ -2248,6 +2289,7 @@ void do_child(const char *command, struct passwd *pw, const char *term, | |||
2248 | if (pw->pw_uid != 0) | 2289 | if (pw->pw_uid != 0) |
2249 | exit(254); | 2290 | exit(254); |
2250 | } | 2291 | } |
2292 | #endif | ||
2251 | 2293 | ||
2252 | /* Set uid, gid, and groups. */ | 2294 | /* Set uid, gid, and groups. */ |
2253 | /* Login(1) does this as well, and it needs uid 0 for the "-h" switch, | 2295 | /* Login(1) does this as well, and it needs uid 0 for the "-h" switch, |
@@ -2387,7 +2429,7 @@ void do_child(const char *command, struct passwd *pw, const char *term, | |||
2387 | if (auth_get_socket_name() != NULL) | 2429 | if (auth_get_socket_name() != NULL) |
2388 | child_set_env(&env, &envsize, SSH_AUTHSOCKET_ENV_NAME, | 2430 | child_set_env(&env, &envsize, SSH_AUTHSOCKET_ENV_NAME, |
2389 | auth_get_socket_name()); | 2431 | auth_get_socket_name()); |
2390 | 2432 | ||
2391 | /* Read $HOME/.ssh/environment. */ | 2433 | /* Read $HOME/.ssh/environment. */ |
2392 | if(!options.use_login) { | 2434 | if(!options.use_login) { |
2393 | snprintf(buf, sizeof buf, "%.200s/.ssh/environment", pw->pw_dir); | 2435 | snprintf(buf, sizeof buf, "%.200s/.ssh/environment", pw->pw_dir); |
@@ -2525,6 +2567,7 @@ void do_child(const char *command, struct passwd *pw, const char *term, | |||
2525 | } | 2567 | } |
2526 | } | 2568 | } |
2527 | } | 2569 | } |
2570 | |||
2528 | /* Start the shell. Set initial character to '-'. */ | 2571 | /* Start the shell. Set initial character to '-'. */ |
2529 | buf[0] = '-'; | 2572 | buf[0] = '-'; |
2530 | strncpy(buf + 1, cp, sizeof(buf) - 1); | 2573 | strncpy(buf + 1, cp, sizeof(buf) - 1); |
@@ -2540,7 +2583,7 @@ void do_child(const char *command, struct passwd *pw, const char *term, | |||
2540 | } else { | 2583 | } else { |
2541 | /* Launch login(1). */ | 2584 | /* Launch login(1). */ |
2542 | 2585 | ||
2543 | execl("/usr/bin/login", "login", "-h", get_remote_ipaddr(), "-p", "-f", "--", pw->pw_name, NULL); | 2586 | execl(LOGIN_PROGRAM, "login", "-h", get_remote_ipaddr(), "-p", "-f", "--", pw->pw_name, NULL); |
2544 | 2587 | ||
2545 | /* Login couldn't be executed, die. */ | 2588 | /* Login couldn't be executed, die. */ |
2546 | 2589 | ||